From eb43c2400a34a4ab77be4f75ba7536baecda3bef Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Alejandro=20L=C3=B3pez?= Date: Wed, 10 May 2023 17:29:07 +0200 Subject: [PATCH 001/280] FILE WATCH: Callback not executed on link or relative path MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit When the watched file was a symbolic link or was a relative path, the calback was not executed because the filename comparison was wrongly considering the files to be different. The solution is to normalize the filenames before comparing them. This cannot be easily done at setup because the file could not exist at that moment. The test was adapted to check this situation. Resolves: https://github.com/SSSD/sssd/issues/6718 Reviewed-by: Alexey Tikhonov Reviewed-by: Pavel Březina (cherry picked from commit b2a4ff2aa67707c226c5835c1fcac042fce1cae3) --- src/tests/file_watch-tests.c | 83 ++++++++++++++++++++++++++---------- src/util/file_watch.c | 26 +++++++++-- 2 files changed, 83 insertions(+), 26 deletions(-) diff --git a/src/tests/file_watch-tests.c b/src/tests/file_watch-tests.c index 3ca5b44f955..3e1aea6cece 100644 --- a/src/tests/file_watch-tests.c +++ b/src/tests/file_watch-tests.c @@ -36,11 +36,19 @@ #include "util/file_watch.h" #include "tests/common.h" -#define FW_DIR TEST_DIR "/file-watch" -#define WATCHED_FILE_INOTIFY FW_DIR "/watched_file_inotify" -#define WATCHED_FILE_POLL FW_DIR "/watched_file_poll" -#define WATCHED_EXISTING_FILE_INOTIFY FW_DIR "/watched_file_inotify.exists" -#define WATCHED_EXISTING_FILE_POLL FW_DIR "/watched_file_poll.exists" +#define FW_NAME "/file-watch-test-dir" +#define FILE_INOTIFY_NAME "watched_file_inotify" +#define FILE_POLL_NAME "watched_file_poll" +#define FW_DIR TEST_DIR FW_NAME +#define EXISTING_FILE_INOTIFY_NAME FILE_INOTIFY_NAME ".exists" +#define EXISTING_FILE_POLL_NAME FILE_POLL_NAME ".exists" +#define WATCHED_FILE_INOTIFY FW_DIR "/.." FW_NAME "/" FILE_INOTIFY_NAME +#define WATCHED_FILE_POLL FW_DIR "/.." FW_NAME "/" FILE_POLL_NAME +#define WATCHED_EXISTING_FILE_INOTIFY FW_DIR "/.." FW_NAME "/" EXISTING_FILE_INOTIFY_NAME +#define WATCHED_EXISTING_FILE_POLL FW_DIR "/.." FW_NAME "/" EXISTING_FILE_POLL_NAME +#define WATCHED_EXISTING_LINK_INOTIFY FW_DIR "/" EXISTING_FILE_INOTIFY_NAME ".link" +#define WATCHED_EXISTING_LINK_POLL FW_DIR "/" EXISTING_FILE_POLL_NAME ".link" +#define UNWATCHED_FILE FW_DIR "/unwatched_file" static TALLOC_CTX *test_mem_ctx; @@ -50,34 +58,51 @@ struct fn_arg { int counter; }; -static void setup_file_watch(void) +static void remove_files(void) { - test_mem_ctx = talloc_new(NULL); - mkdir(FW_DIR, 0700); unlink(WATCHED_FILE_INOTIFY); unlink(WATCHED_FILE_POLL); + unlink(WATCHED_EXISTING_LINK_INOTIFY); + unlink(WATCHED_EXISTING_LINK_POLL); unlink(WATCHED_EXISTING_FILE_INOTIFY); unlink(WATCHED_EXISTING_FILE_POLL); + unlink(UNWATCHED_FILE); } +static void setup_file_watch(void) +{ + DEBUG(SSSDBG_TRACE_ALL, "==========================================\n"); + test_mem_ctx = talloc_new(NULL); + mkdir(FW_DIR, 0700); + remove_files(); +} static void teardown_file_watch(void) { - unlink(WATCHED_FILE_INOTIFY); - unlink(WATCHED_FILE_POLL); - unlink(WATCHED_EXISTING_FILE_INOTIFY); - unlink(WATCHED_EXISTING_FILE_POLL); talloc_free(test_mem_ctx); + remove_files(); + rmdir(FW_DIR); } static void callback(const char *filename, void *arg) { - DEBUG(SSSDBG_TRACE_FUNC, "Callback invoked\n"); + static char received[PATH_MAX + 1]; + static char expected[PATH_MAX + 1]; + char *res; struct fn_arg *data = (struct fn_arg *) arg; + DEBUG(SSSDBG_TRACE_FUNC, "Callback invoked\n"); + ck_assert_msg(data != NULL, "Callback received NULL argument"); - ck_assert_msg(strcmp(filename, data->filename) == 0, + + res = realpath(data->filename, expected); + ck_assert_msg(res != NULL, "Failed to normalize the expected filename"); + + res = realpath(filename, received); + ck_assert_msg(res != NULL, "Failed to normalize the received filename"); + + ck_assert_msg(strcmp(expected, received) == 0, "Wrong filename in the callback."); data->counter++; } @@ -88,7 +113,7 @@ static void modify_file(const char *filename) int fd; int res; - DEBUG(SSSDBG_TRACE_FUNC, "File modified\n"); + DEBUG(SSSDBG_TRACE_FUNC, "Modifying file %s\n", filename); fd = open(filename, O_WRONLY | O_CREAT | O_APPEND, S_IRUSR | S_IWUSR); ck_assert_msg(fd != -1, "Failed to open the file."); @@ -119,11 +144,14 @@ static void test_file_watch_no_file(bool use_inotify) arg.filename = filename; arg.counter = 0; + DEBUG(SSSDBG_TRACE_ALL, "Watching file %s\n", filename); ctx = fw_watch_file(test_mem_ctx, ev, filename, use_inotify, callback, &arg); ck_assert_msg(ctx != NULL, "Failed to watch a file."); ck_assert_msg(arg.counter == 0, "Unexpected callback invocation."); - // At this point the file doesn't exist, we will create it. + // At this point the file doesn't exist. We create the watched and an + // unwatched file + modify_file(UNWATCHED_FILE); modify_file(filename); if (use_inotify) { res = tevent_loop_once(ev); @@ -152,26 +180,35 @@ static void test_file_watch_with_file(bool use_inotify) { struct file_watch_ctx *ctx; struct tevent_context *ev; + const char *filepath; const char *filename; + const char *linkpath; struct fn_arg arg; int res; if (use_inotify) { - filename = WATCHED_EXISTING_FILE_INOTIFY; + filename = EXISTING_FILE_INOTIFY_NAME; + filepath = WATCHED_EXISTING_FILE_INOTIFY; + linkpath = WATCHED_EXISTING_LINK_INOTIFY; } else { - filename = WATCHED_EXISTING_FILE_POLL; + filename = EXISTING_FILE_POLL_NAME; + filepath = WATCHED_EXISTING_FILE_POLL; + linkpath = WATCHED_EXISTING_LINK_POLL; } - modify_file(filename); + modify_file(filepath); + res = symlink(filename, linkpath); + ck_assert_msg(res == 0, "Failed create the symbolic link"); ev = tevent_context_init(test_mem_ctx); ck_assert_msg(ev != NULL, "Failed to create the tevent context."); - arg.filename = filename; + arg.filename = linkpath; arg.counter = 0; // File already exists - ctx = fw_watch_file(test_mem_ctx, ev, filename, use_inotify, callback, &arg); - ck_assert_msg(ctx != NULL, "Failed to watch a file."); + DEBUG(SSSDBG_TRACE_ALL, "Watching link %s\n", linkpath); + ctx = fw_watch_file(test_mem_ctx, ev, linkpath, use_inotify, callback, &arg); + ck_assert_msg(ctx != NULL, "Failed to watch a link."); ck_assert_msg(arg.counter >= 1, "Callback not invoked at start up."); ck_assert_msg(arg.counter <= 1, "Callback invoked too many times at start up."); @@ -179,7 +216,7 @@ static void test_file_watch_with_file(bool use_inotify) if (!use_inotify) { sleep(2); // Detection by polling is based on the file's modification time. } - modify_file(filename); + modify_file(filepath); if (use_inotify) { res = tevent_loop_once(ev); ck_assert_msg(res == 0, "tevent_loop_once() failed."); diff --git a/src/util/file_watch.c b/src/util/file_watch.c index b994e41163a..d19fdccd608 100644 --- a/src/util/file_watch.c +++ b/src/util/file_watch.c @@ -121,7 +121,10 @@ static int watched_file_inotify_cb(const char *filename, uint32_t flags, void *pvt) { + static char received[PATH_MAX + 1]; + static char expected[PATH_MAX + 1]; struct file_watch_ctx *fw_ctx; + char *res; DEBUG(SSSDBG_TRACE_LIBS, "Received inotify notification for %s\n", filename); @@ -131,15 +134,32 @@ static int watched_file_inotify_cb(const char *filename, return EINVAL; } - if (strcmp(fw_ctx->filename, filename) == 0) { - if (access(fw_ctx->filename, F_OK) == 0) { - fw_ctx->cb(fw_ctx->filename, fw_ctx->cb_arg); + res = realpath(fw_ctx->filename, expected); + if (res == NULL) { + DEBUG(SSSDBG_TRACE_LIBS, + "Normalization failed for expected %s. Skipping the callback.\n", + fw_ctx->filename); + goto done; + } + + res = realpath(filename, received); + if (res == NULL) { + DEBUG(SSSDBG_TRACE_LIBS, + "Normalization failed for received %s. Skipping the callback.\n", + filename); + goto done; + } + + if (strcmp(expected, received) == 0) { + if (access(received, F_OK) == 0) { + fw_ctx->cb(received, fw_ctx->cb_arg); } else { DEBUG(SSSDBG_TRACE_LIBS, "File %s is missing. Skipping the callback.\n", filename); } } +done: return EOK; } From 0c6f4926e084787a5958217a3d68124edff46a90 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Alejandro=20L=C3=B3pez?= Date: Wed, 10 May 2023 17:36:33 +0200 Subject: [PATCH 002/280] TESTS: Fix doble slash comments MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Use /* */ instead of //. Reviewed-by: Alexey Tikhonov Reviewed-by: Pavel Březina (cherry picked from commit 90c5490723e82bdf633900f67a424b53cd50112f) --- src/tests/file_watch-tests.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/src/tests/file_watch-tests.c b/src/tests/file_watch-tests.c index 3e1aea6cece..30409a3f7c7 100644 --- a/src/tests/file_watch-tests.c +++ b/src/tests/file_watch-tests.c @@ -149,8 +149,8 @@ static void test_file_watch_no_file(bool use_inotify) ck_assert_msg(ctx != NULL, "Failed to watch a file."); ck_assert_msg(arg.counter == 0, "Unexpected callback invocation."); - // At this point the file doesn't exist. We create the watched and an - // unwatched file + /* At this point the file doesn't exist. We create the watched and an + unwatched file */ modify_file(UNWATCHED_FILE); modify_file(filename); if (use_inotify) { @@ -162,7 +162,7 @@ static void test_file_watch_no_file(bool use_inotify) ck_assert_msg(arg.counter >= 1, "Callback not invoked on creation."); ck_assert_msg(arg.counter <= 1, "Callback invoked too many times on creation."); - // Now just modify the file + /* Now just modify the file */ modify_file(filename); if (use_inotify) { res = tevent_loop_once(ev); @@ -205,16 +205,16 @@ static void test_file_watch_with_file(bool use_inotify) arg.filename = linkpath; arg.counter = 0; - // File already exists + /* File already exists */ DEBUG(SSSDBG_TRACE_ALL, "Watching link %s\n", linkpath); ctx = fw_watch_file(test_mem_ctx, ev, linkpath, use_inotify, callback, &arg); ck_assert_msg(ctx != NULL, "Failed to watch a link."); ck_assert_msg(arg.counter >= 1, "Callback not invoked at start up."); ck_assert_msg(arg.counter <= 1, "Callback invoked too many times at start up."); - // Now just modify the file + /* Now just modify the file */ if (!use_inotify) { - sleep(2); // Detection by polling is based on the file's modification time. + sleep(2); /* Detection by polling is based on the file's modification time. */ } modify_file(filepath); if (use_inotify) { From d104c01f1b3198779addee8178b10b047e64deb9 Mon Sep 17 00:00:00 2001 From: Sumit Bose Date: Wed, 10 May 2023 10:27:08 +0200 Subject: [PATCH 003/280] sysdb: fix string comparison when checking for overrides When checking if the input group-name is the original name from AD or an overwritten one the comparison is currently done case sensitive. Since AD handles names case-insensitive and hence SSSD should do this as well this comparison might cause issues. The patch replace the case sensitive comparison with a comparison with respects the case_sensitive of the domain the object is coming from. Resolves: https://github.com/SSSD/sssd/issues/6720 Reviewed-by: Alexey Tikhonov Reviewed-by: Iker Pedrosa (cherry picked from commit 01d02794e02f051ea9a78cd63b30384de3e7c9b0) --- src/db/sysdb_search.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/db/sysdb_search.c b/src/db/sysdb_search.c index 7efd570e784..e4c53b85355 100644 --- a/src/db/sysdb_search.c +++ b/src/db/sysdb_search.c @@ -1225,7 +1225,9 @@ int sysdb_getgrnam(TALLOC_CTX *mem_ctx, res->msgs[0], ORIGINALAD_PREFIX SYSDB_NAME, NULL); if (originalad_sanitized_name != NULL - && strcmp(originalad_sanitized_name, sanitized_name) != 0) { + && !sss_string_equal(domain->case_sensitive, + originalad_sanitized_name, + sanitized_name)) { fmt_filter = SYSDB_GRNAM_FILTER; base_dn = sysdb_group_base_dn(tmp_ctx, domain); res = NULL; From 425d88fa76a05f501bba52f1d49acefc45ded14a Mon Sep 17 00:00:00 2001 From: Iker Pedrosa Date: Thu, 27 Apr 2023 15:50:25 +0200 Subject: [PATCH 004/280] passkey: write mapping data to file MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Iker Pedrosa Reviewed-by: Andre Boscatto Reviewed-by: Justin Stephenson Reviewed-by: Pavel Březina (cherry picked from commit 906a677c959f4a28dd95775b0d9399dd9e48f1e0) --- src/passkey_child/passkey_child.h | 16 +++++ src/passkey_child/passkey_child_common.c | 4 ++ src/passkey_child/passkey_child_credentials.c | 71 +++++++++++++++++++ src/tests/cmocka/test_passkey_child.c | 1 + 4 files changed, 92 insertions(+) diff --git a/src/passkey_child/passkey_child.h b/src/passkey_child/passkey_child.h index 9a62d4d0b38..185e7e63af7 100644 --- a/src/passkey_child/passkey_child.h +++ b/src/passkey_child/passkey_child.h @@ -63,6 +63,7 @@ struct passkey_data { fido_opt_t user_verification; enum credential_type cred_type; unsigned char *user_id; + char *mapping_file; bool quiet; bool debug_libfido2; }; @@ -240,6 +241,21 @@ errno_t print_credentials(const struct passkey_data *data, const fido_cred_t *const cred); +/** + * @brief Print passkey credentials + * + * @param[in] data passkey data + * @param[in] b64_cred_id Credential ID in b64 + * @param[in] pem_key Public key in PEM format + * + * @return 0 if the credentials were printed properly, + * another value on error. + */ +errno_t +print_credentials_to_file(const struct passkey_data *data, + const char *b64_cred_id, + const char *pem_key); + /** * @brief Format libfido2's es256 data structure to EVP_PKEY * diff --git a/src/passkey_child/passkey_child_common.c b/src/passkey_child/passkey_child_common.c index 89f376bd691..000a7ee34d7 100644 --- a/src/passkey_child/passkey_child_common.c +++ b/src/passkey_child/passkey_child_common.c @@ -154,6 +154,7 @@ parse_arguments(TALLOC_CTX *mem_ctx, int argc, const char *argv[], data->user_verification = FIDO_OPT_OMIT; data->cred_type = CRED_SERVER_SIDE; data->user_id = NULL; + data->mapping_file = NULL; data->quiet = false; data->debug_libfido2 = false; @@ -194,6 +195,8 @@ parse_arguments(TALLOC_CTX *mem_ctx, int argc, const char *argv[], _("Require user-verification"), "true|false"}, {"cred-type", 0, POPT_ARG_STRING, &cred_type, 0, _("Credential type"), "server-side|discoverable"}, + {"output-file", 0, POPT_ARG_STRING, &data->mapping_file, 0, + _("Write key mapping data to file"), NULL}, {"quiet", 0, POPT_ARG_NONE, NULL, 'q', _("Supress prompts"), NULL}, {"debug-libfido2", 0, POPT_ARG_NONE, NULL, 'd', @@ -368,6 +371,7 @@ check_arguments(const struct passkey_data *data) data->user_verification); DEBUG(SSSDBG_TRACE_FUNC, "cred_type: %d\n", data->cred_type); + DEBUG(SSSDBG_TRACE_FUNC, "Mapping file: %s\n", data->mapping_file); DEBUG(SSSDBG_TRACE_FUNC, "debug_libfido2: %d\n", data->debug_libfido2); if (data->action == ACTION_NONE) { diff --git a/src/passkey_child/passkey_child_credentials.c b/src/passkey_child/passkey_child_credentials.c index 4088c2122ce..e27afb411bb 100644 --- a/src/passkey_child/passkey_child_credentials.c +++ b/src/passkey_child/passkey_child_credentials.c @@ -22,6 +22,7 @@ along with this program. If not, see . */ +#include #include #include @@ -403,9 +404,79 @@ print_credentials(const struct passkey_data *data, } PRINT("passkey:%s,%s\n", b64_cred_id, pem_key); + if (data->mapping_file != NULL) { + print_credentials_to_file(data, b64_cred_id, pem_key); + } + ret = EOK; + +done: + talloc_free(tmp_ctx); + + return ret; +} + +errno_t +print_credentials_to_file(const struct passkey_data *data, + const char *b64_cred_id, + const char *pem_key) +{ + TALLOC_CTX *tmp_ctx = NULL; + char *mapping_data = NULL; + int mapping_data_len = 0; + int fd = -1; + ssize_t written = 0; + errno_t ret; + + tmp_ctx = talloc_new(NULL); + if (tmp_ctx == NULL) { + ret = ENOMEM; + goto done; + } + + mapping_data = talloc_asprintf(tmp_ctx, "passkey:%s,%s", + b64_cred_id, pem_key); + if (mapping_data == NULL) { + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_asprintf failed.\n"); + ret = ENOMEM; + goto done; + } + mapping_data_len = strlen(mapping_data); + + fd = open(data->mapping_file, O_WRONLY|O_CREAT, 0640); + if (fd == -1) { + ret = errno; + DEBUG(SSSDBG_OP_FAILURE, + "open() failed [%d][%s]\n", ret, strerror(ret)); + ret = EIO; + goto done; + } + + errno = 0; + written = sss_atomic_write_s(fd, mapping_data, mapping_data_len); + if (written == -1) { + ret = errno; + DEBUG(SSSDBG_OP_FAILURE, + "Write failed [%d][%s].\n", ret, strerror(ret)); + goto done; + } + + if (written != mapping_data_len) { + DEBUG(SSSDBG_OP_FAILURE, + "Write error, wrote [%zd] bytes, expected [%d]\n", + written, mapping_data_len); + ret = EIO; + goto done; + } + ret = EOK; done: + if (fd != -1) { + if (close(fd) == -1) { + DEBUG(SSSDBG_OP_FAILURE, + "Close failed [%s].\n", strerror(errno)); + } + } talloc_free(tmp_ctx); return ret; diff --git a/src/tests/cmocka/test_passkey_child.c b/src/tests/cmocka/test_passkey_child.c index cab566ea3a3..187b3c49ead 100644 --- a/src/tests/cmocka/test_passkey_child.c +++ b/src/tests/cmocka/test_passkey_child.c @@ -880,6 +880,7 @@ void test_register_key_integration(void **state) data.type = COSE_ES256; data.user_verification = FIDO_OPT_FALSE; data.cred_type = CRED_SERVER_SIDE; + data.mapping_file = NULL; data.quiet = false; will_return(__wrap_fido_dev_info_manifest, FIDO_OK); will_return(__wrap_fido_dev_info_manifest, 1); From 15dd35454628116dd541d287d142ea561f4f1140 Mon Sep 17 00:00:00 2001 From: Alexey Tikhonov Date: Tue, 16 May 2023 15:22:04 +0200 Subject: [PATCH 005/280] MAN: fix issue with multithread build MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit When 'make' runs using multiple threads it can build several man pages in parallel, executing the same '.5.xml.5:' rule. This can result in a race condition where multiple threads access the same 'sssd_user_name.include' file. To avoid this make 'sssd_user_name.include' file a rule dependency. But "Suffix rules cannot have any prerequisites of their own", and suffix rules are obsolete anyway, so change it to pattern rules. Reviewed-by: Alejandro López Reviewed-by: Iker Pedrosa Reviewed-by: Justin Stephenson (cherry picked from commit df8472ccb20e0b77573b5c3e8cc25803bc7b0022) --- src/man/Makefile.am | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/src/man/Makefile.am b/src/man/Makefile.am index ee44dff97d1..1e51aebfdb2 100644 --- a/src/man/Makefile.am +++ b/src/man/Makefile.am @@ -117,23 +117,23 @@ man_MANS += sssd-files.5 endif # BUILD_FILES_PROVIDER endif -SUFFIXES = .1.xml .1 .3.xml .3 .5.xml .5 .8.xml .8 -.1.xml.1: +$(builddir)/src/man/sssd_user_name.include: + @mkdir -p $(builddir)/src/man + @echo -n $(SSSD_USER) > $(builddir)/src/man/sssd_user_name.include + +%.1: %.1.xml $(XMLLINT) $(XMLLINT_FLAGS) $< $(XSLTPROC) -o $@ $(XSLTPROC_FLAGS) $(DOCBOOK_XSLT) $< -.3.xml.3: +%.3: %.3.xml $(XMLLINT) $(XMLLINT_FLAGS) $< $(XSLTPROC) -o $@ $(XSLTPROC_FLAGS) $(DOCBOOK_XSLT) $< -.5.xml.5: - @mkdir -p $(builddir)/src/man - @echo -n $(SSSD_USER) > $(builddir)/src/man/sssd_user_name.include +%.5: %.5.xml $(builddir)/src/man/sssd_user_name.include $(XMLLINT) --path "$(srcdir)/src/man:$(builddir)/src/man" $(XMLLINT_FLAGS) $< $(XSLTPROC) --path "$(srcdir)/src/man:$(builddir)/src/man" -o $@ $(XSLTPROC_FLAGS) $(DOCBOOK_XSLT) $< - @rm -f $(builddir)/src/man/sssd_user_name.include -.8.xml.8: +%.8: %.8.xml $(XMLLINT) $(XMLLINT_FLAGS) $< $(XSLTPROC) -o $@ $(XSLTPROC_FLAGS) $(DOCBOOK_XSLT) $< @@ -215,6 +215,7 @@ clean-local: done rm -f $(man_MANS) rm -f man.stamp + rm -f $(builddir)/src/man/sssd_user_name.include else @@ -224,6 +225,7 @@ man.stamp: $(XML_DOC) clean-local: rm -f $(man_MANS) rm -f man.stamp + rm -f $(builddir)/src/man/sssd_user_name.include endif From 6d06081809153d78ef00b787b04fa3cefce772fe Mon Sep 17 00:00:00 2001 From: Madhuri Upadhye Date: Thu, 18 May 2023 20:31:23 +0530 Subject: [PATCH 006/280] Tests: Gating fixes for RHEL8.9 and RHEL9.3 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Following three minor changes are: for test_config_validation.py, 1. 'sssctl config-check' returning retuncode as a 1 when we dont have sssd.conf file. 2. Change the 'sssctl' command which only check the non-default snippet directory with option -s. for test_offline.py, 3. Add extra restart of sssd to get offline log message using journalctl command. for test_ssh_ 4. Replace pexpect_ssh to auth_from_client method to login the user. Signed-off-by: Madhuri Upadhye Reviewed-by: Jakub Vávra Reviewed-by: Shridhar Gadekar (cherry picked from commit 2965db1cce2d9c79e58626834f96f0283d26cfff) --- src/tests/multihost/alltests/test_config_validation.py | 6 ++---- src/tests/multihost/alltests/test_offline.py | 1 + .../multihost/alltests/test_ssh_authorizedkeys.py | 10 ++-------- 3 files changed, 5 insertions(+), 12 deletions(-) diff --git a/src/tests/multihost/alltests/test_config_validation.py b/src/tests/multihost/alltests/test_config_validation.py index bada3652031..95f2ea99bb8 100644 --- a/src/tests/multihost/alltests/test_config_validation.py +++ b/src/tests/multihost/alltests/test_config_validation.py @@ -432,9 +432,8 @@ def test_0022_fatalerror(self, multihost, backupsssdconf): multihost.client[0].run_command(rm_cmd, raiseonerr=False) sssctl_cmd = 'sssctl config-check' cmd = multihost.client[0].run_command(sssctl_cmd, raiseonerr=False) - assert cmd.returncode == 0 log = re.compile(r'sssd.conf\sdoes\snot\sexist') - assert log.search(cmd.stdout_text) + assert cmd.returncode == 1 and log.search(cmd.stdout_text) @pytest.mark.tier1 def test_0023_checkldaphostobjectdomain(self, multihost, backupsssdconf): @@ -618,8 +617,7 @@ def test_0031_bz1723273(self, multihost, backupsssdconf): existing snippet directory :id: 3d30164f-b80b-4594-883d-1783d9337031 """ - sssctl_cmd = 'sssctl config-check -c /tmp/test/sssd.conf -s ' \ - '/tmp/does/not/exists' + sssctl_cmd = 'sssctl config-check -s /tmp/does/not/exists' sssctl_check = multihost.client[0].run_command(sssctl_cmd, raiseonerr=False) result = sssctl_check.stdout_text.strip() diff --git a/src/tests/multihost/alltests/test_offline.py b/src/tests/multihost/alltests/test_offline.py index 7697c6d486e..f07832a009b 100644 --- a/src/tests/multihost/alltests/test_offline.py +++ b/src/tests/multihost/alltests/test_offline.py @@ -48,6 +48,7 @@ def test_0001_bz1416150(self, multihost, backupsssdconf): get_date = multihost.client[0].run_command(date, raiseonerr=False) date_org = get_date.stdout_text date = '"' + date_org[0:19] + '"' + multihost.client[0].service_sssd('restart') # Check server status in syslog syslog = 'journalctl --since %s -xeu sssd' % date time.sleep(80) diff --git a/src/tests/multihost/alltests/test_ssh_authorizedkeys.py b/src/tests/multihost/alltests/test_ssh_authorizedkeys.py index 5e1eafb5cc9..a2ff4de8944 100644 --- a/src/tests/multihost/alltests/test_ssh_authorizedkeys.py +++ b/src/tests/multihost/alltests/test_ssh_authorizedkeys.py @@ -32,14 +32,8 @@ def test_0001_bz1137013(self, multihost, create_ssh_keys): tools = sssdTools(multihost.client[0]) domain_name = tools.get_domain_section_name() user = 'foo1@%s' % domain_name - client = pexpect_ssh(multihost.client[0].sys_hostname, user, - 'Secret123', debug=False) - try: - client.login() - except SSHLoginException: - pytest.fail("%s failed to login" % user) - else: - client.logout() + ssh = tools.auth_from_client(user, 'Secret123') == 3 + assert ssh, f"Ssh failed for user {user}!" domain_log = '/var/log/sssd/sssd_%s.log' % domain_name log = multihost.client[0].get_file_contents(domain_log).decode('utf-8') msg = 'Adding sshPublicKey' From 60806f59339a0b1f52f1ca03972630577338aa77 Mon Sep 17 00:00:00 2001 From: Shridhar Gadekar Date: Fri, 19 May 2023 21:40:10 +0530 Subject: [PATCH 007/280] Tests: move unstable default_debug to tier2 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit moved default debug level tests to tier2 Reviewed-by: Jakub Vávra (cherry picked from commit 535a8c6a749a96e23510a26eceb5953b99f41cde) --- src/tests/multihost/alltests/test_default_debug_level.py | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/src/tests/multihost/alltests/test_default_debug_level.py b/src/tests/multihost/alltests/test_default_debug_level.py index 84913c8df3d..30dfe5b8cfe 100644 --- a/src/tests/multihost/alltests/test_default_debug_level.py +++ b/src/tests/multihost/alltests/test_default_debug_level.py @@ -18,9 +18,9 @@ @pytest.mark.usefixtures('setup_sssd', 'create_posix_usersgroups') @pytest.mark.defaultdebuglevel -@pytest.mark.tier1_4 class TestDefaultDebugLevel(object): """ Check sssd default debug level """ + @pytest.mark.tier1_4 def test_0001_check_default_debug_level(self, multihost, backupsssdconf): """ :title: default debug logs: Check default debug level when sssd start @@ -62,6 +62,7 @@ def test_0001_check_default_debug_level(self, multihost, backupsssdconf): debug_str1 = pattern2.search(log_single_line) assert debug_str1.group() == '(0x3f7c0)' + @pytest.mark.tier1_4 def test_0002_check_default_level_with_auth(self, multihost, backupsssdconf): """ @@ -110,6 +111,7 @@ def test_0002_check_default_level_with_auth(self, multihost, print("after auth:", alog_size.stdout_text) assert alog_size.stdout_text == blog_size.stdout_text + @pytest.mark.tier2 def test_0003_bz1893159(self, multihost, backupsssdconf): """ :title: default debug logs: Check that messages with levels 0 and 1 @@ -149,6 +151,7 @@ def test_0003_bz1893159(self, multihost, backupsssdconf): if not find1.search(log_str) and not find2.search(log_str): assert False + @pytest.mark.tier1_4 def test_0004_bz1893159(self, multihost, backupsssdconf): """ :title: default debug logs: Check default level 2 @@ -177,6 +180,7 @@ def test_0004_bz1893159(self, multihost, backupsssdconf): find = re.compile(r'.0x0040.') assert find.search(log_str) + @pytest.mark.tier1_4 def test_0005_bz1915319(self, multihost, backupsssdconf): """ :title: default debug logs: Check SBUS code should not trigger failure @@ -206,6 +210,7 @@ def test_0005_bz1915319(self, multihost, backupsssdconf): assert not find.search(log_str) @staticmethod + @pytest.mark.tier2 def test_bz785908(multihost, backupsssdconf): """ :title: ldap search base dose not fully limit the group search base bz785908 @@ -306,6 +311,7 @@ def test_bz785908(multihost, backupsssdconf): assert group in cmd @staticmethod + @pytest.mark.tier1_4 def test_bz785898(multihost, backupsssdconf): """ :title: Enable midway cache refresh by default bz785898 From de75ff3c415dc4e2ae8b0704fed776eaa738c5bd Mon Sep 17 00:00:00 2001 From: aborah Date: Tue, 16 May 2023 15:14:15 +0530 Subject: [PATCH 008/280] Tests: Fix gating tests for 9.3 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit It fixes test from tire1_2 that is failling in gating 1. src/tests/multihost/alltests/test_automount.py there is issue with autofs email thead: [CRASH] prep Package: autofs-1:5.1.7-36.el9 2. src/tests/multihost/alltests/test_automount_from_bash.py test did not rised error as last cd - command was successful, so i have remove cd - part(/folder1/folder2/projects does not exists) 3. src/tests/multihost/alltests/test_ldap_password_policy.py password provied was wrong. 4. src/tests/multihost/alltests/test_backtrace.py --- need to modify this test as per current log format Reviewed-by: Jakub Vávra Reviewed-by: Shridhar Gadekar (cherry picked from commit 2096f45527d4513ae52547fafd383bd2542d7f79) --- src/tests/multihost/alltests/test_automount.py | 13 ++++++++++++- .../multihost/alltests/test_automount_from_bash.py | 2 +- src/tests/multihost/alltests/test_backtrace.py | 2 +- .../multihost/alltests/test_ldap_password_policy.py | 2 +- 4 files changed, 15 insertions(+), 4 deletions(-) diff --git a/src/tests/multihost/alltests/test_automount.py b/src/tests/multihost/alltests/test_automount.py index 3d00301d113..523e4797648 100644 --- a/src/tests/multihost/alltests/test_automount.py +++ b/src/tests/multihost/alltests/test_automount.py @@ -17,6 +17,16 @@ JOURNALCTL_CMD = "journalctl -x -n 50 --no-pager" +def restart_autofs(multihost): + for _ in range(1, 20): + cmd = multihost.client[0].run_command("systemctl restart autofs", raiseonerr=False).returncode + if cmd == 0: + break + time.sleep(10) + else: + raise Exception("autofs restart failed too many times") + + @pytest.mark.usefixtures("setup_sssd", "create_posix_usersgroups", "enable_autofs_schema", "enable_autofs_service") @pytest.mark.automount @@ -276,7 +286,8 @@ def test_two_automount_maps(self, multihost, "rm -rf /var/log/sssd/* ; " "rm -rf /var/lib/sss/db/* ; " "systemctl start sssd") - multihost.client[0].run_command("systemctl restart autofs") + time.sleep(10) + restart_autofs(multihost) multihost.client[0].run_command("automount -m") multihost.master[0].run_command("touch /export1/export1") multihost.master[0].run_command("touch /export2/export2") diff --git a/src/tests/multihost/alltests/test_automount_from_bash.py b/src/tests/multihost/alltests/test_automount_from_bash.py index b7fe7614132..913b66a1586 100644 --- a/src/tests/multihost/alltests/test_automount_from_bash.py +++ b/src/tests/multihost/alltests/test_automount_from_bash.py @@ -665,7 +665,7 @@ def test_change_key_map(multihost, backupsssdconf, ldap_autofs): client.run_command("service autofs restart") time.sleep(10) with pytest.raises(subprocess.CalledProcessError): - client.run_command("cd /folder1/folder2/projects;cd -") + client.run_command("ls -d /folder1/folder2/projects") find_logs(multihost, log_sssd, f"Searching for automount map entries with base [ou=mount,{ds_suffix}]") # Adding the deleted direct map user_dn = f'cn=/folder1/folder2/projects,nisMapName=auto.direct,ou=mount,{ds_suffix}' diff --git a/src/tests/multihost/alltests/test_backtrace.py b/src/tests/multihost/alltests/test_backtrace.py index e578d946400..d72caceeeb1 100644 --- a/src/tests/multihost/alltests/test_backtrace.py +++ b/src/tests/multihost/alltests/test_backtrace.py @@ -103,7 +103,7 @@ def test_0001_bz2021196(self, multihost, backupsssdconf): decode('utf-8') print(f'\n{logfile}\n+===++++++===+\n{log_str2}\n') # Check the backtrace is dumped first time and no backtrace is skipped - assert pattern.search(log_str1) and not pattern2.search(log_str1) + assert len(pattern.findall(log_str1)) == len(pattern2.findall(log_str1)) == 1 # Check there is no new backtrace with the same issue and repeative # backtrace is skipped assert pattern2.search(log_str2) and not pattern.search(log_str2) diff --git a/src/tests/multihost/alltests/test_ldap_password_policy.py b/src/tests/multihost/alltests/test_ldap_password_policy.py index c32632fef06..7b42e22d36f 100644 --- a/src/tests/multihost/alltests/test_ldap_password_policy.py +++ b/src/tests/multihost/alltests/test_ldap_password_policy.py @@ -181,7 +181,7 @@ def test_maxage(multihost, backupsssdconf, common_sssd_setup): find_logs(multihost, file_ssd, "Password expired user must set a new password") ldap_modify_ds(multihost, ldap.MOD_REPLACE, cn_config, 'passwordExp', [b'off']) time.sleep(3) - assert tools.auth_client_ssh_password('ppuser1', 'NewPass_123') + assert tools.auth_client_ssh_password('ppuser1', 'Secret123') ldap_modify_ds(multihost, ldap.MOD_REPLACE, user_dn, 'userPassword', [b'Secret123']) @staticmethod From 33f10c4a5d99d2d3b57c2ecae709916e1a1d0397 Mon Sep 17 00:00:00 2001 From: Dan Lavu Date: Thu, 27 Apr 2023 15:21:09 -0400 Subject: [PATCH 009/280] Updating ad_multihost test MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * fixing raiseonerr=False to disjoin function * cleaned up code since the line limit has increased * added AD from forest1 to resolv.conf and /etc/hosts * updating test case documentation to clarify the test Signed-off-by: Dan Lavu Reviewed-by: Jakub Vávra Reviewed-by: Madhuri Upadhye Reviewed-by: Scott Poore (cherry picked from commit 69f93bf817706acb7830428fd81d78dc207468c0) --- src/tests/multihost/admultidomain/conftest.py | 9 +- .../admultidomain/test_multidomain.py | 2 - .../admultidomain/test_multiforest.py | 116 ++++++++---------- 3 files changed, 55 insertions(+), 72 deletions(-) diff --git a/src/tests/multihost/admultidomain/conftest.py b/src/tests/multihost/admultidomain/conftest.py index e001c6740c7..2d007b4113b 100644 --- a/src/tests/multihost/admultidomain/conftest.py +++ b/src/tests/multihost/admultidomain/conftest.py @@ -52,8 +52,9 @@ def adjoin(session_multihost, request): ad_host = session_multihost.ad[0].sys_hostname client_ad = sssdTools(session_multihost.client[0], session_multihost.ad[0]) client_ad.update_resolv_conf(session_multihost.ad[0]) + client_ad.update_resolv_conf(session_multihost.ad[len(session_multihost.ad)-1]) client_ad.systemsssdauth(ad_realm, ad_host) - client_ad.disjoin_ad() + client_ad.disjoin_ad(raiseonerr=False) # Make sure system is disjoined from AD client_ad.create_kdcinfo(ad_realm, ad_ip) kinit = f'kinit Administrator@{ad_realm}' ad_password = session_multihost.ad[0].ssh_password @@ -71,7 +72,7 @@ def _join(membersw=None): def adleave(): """ Disjoin AD """ - client_ad.disjoin_ad() + client_ad.disjoin_ad(raiseonerr=False) remove_keytab = 'rm -f /etc/krb5.keytab' kdestroy_cmd = 'kdestroy -A' session_multihost.client[0].run_command(kdestroy_cmd) @@ -98,7 +99,7 @@ def adchildjoin(session_multihost, request): ad_realm = session_multihost.ad[1].realm ad_ip = session_multihost.ad[1].ip client_ad = sssdTools(session_multihost.client[0], session_multihost.ad[1]) - client_ad.disjoin_ad() + client_ad.disjoin_ad(raiseonerr=False) client_ad.create_kdcinfo(ad_realm, ad_ip) kinit = "kinit Administrator@%s" % ad_realm ad_password = session_multihost.ad[1].ssh_password @@ -116,7 +117,7 @@ def _join(membersw=None): def adleave(): """ Disjoin AD """ - client_ad.disjoin_ad() + client_ad.disjoin_ad(raiseonerr=False) remove_keytab = 'rm -f /etc/krb5.keytab' kdestroy_cmd = 'kdestroy -A' session_multihost.client[0].run_command(kdestroy_cmd) diff --git a/src/tests/multihost/admultidomain/test_multidomain.py b/src/tests/multihost/admultidomain/test_multidomain.py index e5f69b31760..1506033e8a2 100644 --- a/src/tests/multihost/admultidomain/test_multidomain.py +++ b/src/tests/multihost/admultidomain/test_multidomain.py @@ -7,7 +7,6 @@ @pytest.mark.admultidomain class TestADMultiDomain(object): - @staticmethod def test_0001_bz2013297(multihost, newhostname, adchildjoin): """ :title: IDM-SSSD-TC: ad_provider: forests: disabled root ad domain @@ -99,7 +98,6 @@ def test_0001_bz2013297(multihost, newhostname, adchildjoin): assert getent_root_user2.returncode == 2 assert getent_child_user2.returncode == 0 - @staticmethod def test_0002_bz2018432(multihost, newhostname, adjoin): """ :title: IDM-SSSD-TC: ad_provider: forests: based SSSD adds more AD diff --git a/src/tests/multihost/admultidomain/test_multiforest.py b/src/tests/multihost/admultidomain/test_multiforest.py index b9a9e7e280c..84406e4ac09 100644 --- a/src/tests/multihost/admultidomain/test_multiforest.py +++ b/src/tests/multihost/admultidomain/test_multiforest.py @@ -10,62 +10,58 @@ @pytest.mark.admultiforest class TestADMultiForest(object): - @staticmethod def test_0001_multiforest(multihost, newhostname, adjoin): """ - :title: IDM-SSSD-TC: ad_provider: admultiforest - :id: + :title: IDM-SSSD-TC: ad_provider: admultiforest : Authentication against two forests + :id: 900f2467-1aca-430c-bbaa-b22d30a829ad :setup: 1. Configure two domain controllers in different forests 2. Join client to the first domain 3. Update sssd.conf for second domain 4. Update krb5.conf for second domain - 5. Create krb principal and update sssd.conf + 5. Create krb principal and keytab for second domain in the second forest and update sssd.conf :steps: - 1. Lookup user in the first domain - 2. Lookup user in the second domain + 1. Lookup user in the root domain of the first forest + 2. Lookup user in the root domain fo the second forest :expectedresults: - 1. User is found in the first domain - 2. User is found in the second domain + 1. User is found in the root domain in the first forest + 2. User is found in the root domain in the second forest :customerscenario: True """ adjoin(membersw='adcli') ad_domain = multihost.ad[0].domainname ad_server = multihost.ad[0].hostname - # This must be the last AD server in the metadata file - ad1_domain = multihost.ad[len(multihost.ad) - 1].domainname + # The second forest domain must be the last entry in the metadata file + ad1_ip = multihost.ad[len(multihost.ad)-1].ip + ad1_domain = multihost.ad[len(multihost.ad)-1].domainname ad1_domain_upper = str.upper(ad1_domain) - ad1_server = multihost.ad[len(multihost.ad) - 1].hostname - ad1_password = multihost.ad[len(multihost.ad) - 1].ssh_password + ad1_server = multihost.ad[len(multihost.ad)-1].hostname + ad1_password = multihost.ad[len(multihost.ad)-1].ssh_password - get_keytab = f'adcli join --host-keytab=/etc/krb5.keytab-domain1 ' \ - f'{ad1_domain}' - change_context = 'chcon -t krb5_keytab_t /etc/krb5.keytab-domain1' - backup_krb5 = 'cp -rf /etc/krb5.conf /etc/krb5.conf.bak' - restore_krb5 = 'mv /etc/krb5.conf.bak /etc/krb5.conf ; ' \ - 'restorecon -Rv /etc/krb5.conf' - cleanup_krb5 = 'rm -rf /etc/krb5.keytab-domain1' - edit_krb5_conf = f'sed -i "/domain_realm/a .{ad1_domain} ' \ - f'= {ad1_domain_upper}" /etc/krb5.conf' - edit1_krb5_conf = f'sed -i "/domain_realm/a {ad1_domain} ' \ - f'= {ad1_domain_upper}" /etc/krb5.conf' + hosts = multihost.client[0].get_file_contents('/etc/hosts', encoding='utf-8') + hosts_new = hosts + f'{ad1_ip} {ad1_server}' + multihost.client[0].put_file_contents('/etc/hosts.bak', hosts) + multihost.client[0].put_file_contents('/etc/hosts', hosts_new) + get_keytab = f'adcli join -v -K /etc/krb5-domain1.keytab -D {ad1_domain} -S {ad1_server} --stdin-password' + change_context = 'chcon -t krb5_keytab_t /etc/krb5-domain1.keytab' + cleanup_krb5 = 'rm -rf /etc/krb5-domain1.keytab' + krb5 = multihost.client[0].get_file_contents('/etc/krb5.conf', encoding='utf-8') + substr = 'domain_realm]\n' + new_lines = f"{ad1_domain} = {ad1_domain_upper}\n.{ad1_domain} = {ad1_domain_upper}\n" + krb5_new = krb5.replace(substr, substr + new_lines) try: - multihost.client[0].run_command(get_keytab, - stdin_text=ad1_password) + multihost.client[0].run_command(get_keytab, stdin_text=ad1_password) except subprocess.CalledProcessError: pytest.fail("adcli join failed") - multihost.client[0].run_command(backup_krb5, raiseonerr=False) - multihost.client[0].run_command(edit_krb5_conf, raiseonerr=False) - multihost.client[0].run_command(edit1_krb5_conf, raiseonerr=False) - multihost.client[0].run_command(change_context, raiseonerr=False) + multihost.client[0].put_file_contents('/etc/krb5.conf', krb5_new) + multihost.client[0].run_command(change_context) # Configure sssd multihost.client[0].service_sssd('stop') client = sssdTools(multihost.client[0], multihost.ad[0]) client.backup_sssd_conf() - client.sssd_conf("sssd", { - 'domains': f'{ad_domain}, {ad1_domain}'}, action='update') + client.sssd_conf("sssd", {'domains': f'{ad_domain}, {ad1_domain}'}, action='update') domain_params = { 'ad_domain': f'{ad_domain}', 'dns_discovery_domain': f'{ad_domain}', @@ -74,8 +70,7 @@ def test_0001_multiforest(multihost, newhostname, adjoin): 'use_fully_qualified_names': 'True', 'cache_credentials': 'True', 'dyndns_update': 'True'} - client.sssd_conf( - f'domain/{ad_domain}', domain_params, action='update') + client.sssd_conf(f'domain/{ad_domain}', domain_params, action='update') domain1_params = { 'ad_domain': f'{ad1_domain}', 'ad_server': f'{ad1_server}', @@ -85,49 +80,38 @@ def test_0001_multiforest(multihost, newhostname, adjoin): 'cache_credentials': 'True', 'realmd_tags': 'manages-system joined-with-samba', 'dyndns_update': 'False', - 'krb5_keytab': '/etc/krb5.keytab-domain1', - 'ldap_krb5_keytab': '/etc/krb5.keytab-domain1', + 'krb5_keytab': '/etc/krb5-domain1.keytab', + 'ldap_krb5_keytab': '/etc/krb5-domain1.keytab', 'id_provider': 'ad', 'access_provider': 'ad', 'timeout': '3600', 'krb5_store_password_if_offline': 'True', 'default_shell': '/bin/bash', 'ldap_id_mapping': 'True'} - client.sssd_conf( - f'domain/{ad1_domain}', domain1_params, action='update') + client.sssd_conf(f'domain/{ad1_domain}', domain1_params, action='update') client.clear_sssd_cache() multihost.client[0].service_sssd('start') - time.sleep(10) # Search for the user in same forest and domain - getent_domain_user1 = multihost.client[0].run_command( - f'getent passwd user1@{ad_domain}', raiseonerr=False) - getent_domain_user2 = multihost.client[0].run_command( - f'getent passwd user2@{ad_domain}', raiseonerr=False) - id_domain_user1 = multihost.client[0].run_command( - f'id user1@{ad_domain}', raiseonerr=False) - id_domain_user2 = multihost.client[0].run_command( - f'id user2@{ad_domain}', raiseonerr=False) + getent_domain_user1 = multihost.client[0].run_command(f'getent passwd user1@{ad_domain}', raiseonerr=False) + getent_domain_user2 = multihost.client[0].run_command(f'getent passwd user2@{ad_domain}', raiseonerr=False) + id_domain_user1 = multihost.client[0].run_command(f'id user1@{ad_domain}', raiseonerr=False) + id_domain_user2 = multihost.client[0].run_command(f'id user2@{ad_domain}', raiseonerr=False) # Search for the user in a different forest and domain - getent_domain1_user1 = multihost.client[0].run_command( - f'getent passwd user1@{ad1_domain}', raiseonerr=False) - getent_domain1_user2 = multihost.client[0].run_command( - f'getent passwd user2@{ad1_domain}', raiseonerr=False) - id_domain1_user1 = multihost.client[0].run_command( - f'id user1@{ad1_domain}', raiseonerr=False) - id_domain1_user2 = multihost.client[0].run_command( - f'id user2@{ad1_domain}', raiseonerr=False) + getent_domain1_user1 = multihost.client[0].run_command(f'getent passwd user1@{ad1_domain}', raiseonerr=False) + getent_domain1_user2 = multihost.client[0].run_command(f'getent passwd user2@{ad1_domain}', raiseonerr=False) + id_domain1_user1 = multihost.client[0].run_command(f'id user1@{ad1_domain}', raiseonerr=False) + id_domain1_user2 = multihost.client[0].run_command(f'id user2@{ad1_domain}', raiseonerr=False) - multihost.client[0].run_command(restore_krb5, raiseonerr=False) - multihost.client[0].run_command(cleanup_krb5, raiseonerr=False) + multihost.client[0].put_file_contents('/etc/hosts', hosts) + multihost.client[0].put_file_contents('/etc/krb5.conf', krb5) + multihost.client[0].run_command(cleanup_krb5) client.restore_sssd_conf() - client.clear_sssd_cache() - # Evaluate test results - assert getent_domain_user1.returncode == 0 - assert getent_domain_user2.returncode == 0 - assert id_domain_user1.returncode == 0 - assert id_domain_user2.returncode == 0 - assert getent_domain1_user1.returncode == 0 - assert getent_domain1_user2.returncode == 0 - assert id_domain1_user1.returncode == 0 - assert id_domain1_user2.returncode == 0 + assert getent_domain_user1.returncode == 0, f"Could not find user1 {getent_domain_user1}!" + assert getent_domain_user2.returncode == 0, f"Could not find user1 {getent_domain_user2}!" + assert id_domain_user1.returncode == 0, f"Could not find user1 {id_domain1_user1}!" + assert id_domain_user2.returncode == 0, f"Could not find user2 {id_domain_user2}!" + assert getent_domain1_user1.returncode == 0, f"Could not find user1 {getent_domain1_user1}!" + assert getent_domain1_user2.returncode == 0, f"Could not find user2 {getent_domain1_user2}!" + assert id_domain1_user1.returncode == 0, f"Could not find user1 {id_domain1_user1}!" + assert id_domain1_user2.returncode == 0, f"Could not find user2 {id_domain1_user2}!" From 270f0ba011de6265df925ebdb8ce489cba64cb60 Mon Sep 17 00:00:00 2001 From: Justin Stephenson Date: Wed, 24 May 2023 14:03:30 -0400 Subject: [PATCH 010/280] Passkey: Adjust IPA passkey config error log level IPA passkey configuration may not be retrieved if IPA does not contain passkey support. Lower the error level of log messages associated with this failure. Reviewed-by: Alexey Tikhonov Reviewed-by: Iker Pedrosa (cherry picked from commit fe751c316c631240311fba62409f2b6a38be0d50) --- src/providers/ipa/ipa_config.c | 4 ++-- src/providers/ipa/ipa_subdomains.c | 2 +- src/providers/ipa/ipa_subdomains_passkey.c | 4 ++-- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/src/providers/ipa/ipa_config.c b/src/providers/ipa/ipa_config.c index 46bc9caeab9..23f0c5847ae 100644 --- a/src/providers/ipa/ipa_config.c +++ b/src/providers/ipa/ipa_config.c @@ -132,8 +132,8 @@ static void ipa_get_config_done(struct tevent_req *subreq) } if (reply_count != 1) { - DEBUG(SSSDBG_OP_FAILURE, "Unexpected number of results, expected 1, " - "got %zu.\n", reply_count); + DEBUG(SSSDBG_MINOR_FAILURE, "Unexpected number of results, expected 1, " + "got %zu.\n", reply_count); ret = EINVAL; goto done; } diff --git a/src/providers/ipa/ipa_subdomains.c b/src/providers/ipa/ipa_subdomains.c index fb2d8304c1a..61ebfc2aa01 100644 --- a/src/providers/ipa/ipa_subdomains.c +++ b/src/providers/ipa/ipa_subdomains.c @@ -2786,7 +2786,7 @@ static void ipa_subdomains_refresh_passkey_done(struct tevent_req *subreq) ret = ipa_subdomains_passkey_recv(subreq); talloc_zfree(subreq); if (ret != EOK) { - DEBUG(SSSDBG_CRIT_FAILURE, "Unable to get passkey configuration " + DEBUG(SSSDBG_MINOR_FAILURE, "Unable to get passkey configuration " "[%d]: %s\n", ret, sss_strerror(ret)); /* Not good, but let's try to continue with other server side options */ } diff --git a/src/providers/ipa/ipa_subdomains_passkey.c b/src/providers/ipa/ipa_subdomains_passkey.c index e5ea1fbd52d..d5dd2757a55 100644 --- a/src/providers/ipa/ipa_subdomains_passkey.c +++ b/src/providers/ipa/ipa_subdomains_passkey.c @@ -94,8 +94,8 @@ void ipa_subdomains_passkey_done(struct tevent_req *subreq) ret = ipa_get_config_recv(subreq, state, &config); talloc_zfree(subreq); if (ret != EOK) { - DEBUG(SSSDBG_OP_FAILURE, "Unable to get data from LDAP [%d]: %s\n", - ret, sss_strerror(ret)); + DEBUG(SSSDBG_MINOR_FAILURE, "Unable to get data from LDAP [%d]: %s\n", + ret, sss_strerror(ret)); goto done; } From 16275d9b4697d6c2763818e25181f6243d697926 Mon Sep 17 00:00:00 2001 From: Justin Stephenson Date: Wed, 24 May 2023 14:09:43 -0400 Subject: [PATCH 011/280] IPA: Log missing IPA config data on default level Reviewed-by: Alexey Tikhonov Reviewed-by: Iker Pedrosa (cherry picked from commit fa326be9cb29d97d6000e783b02656f60f7f8fb2) --- src/providers/ipa/ipa_auth.c | 2 ++ src/providers/ipa/ipa_selinux.c | 2 +- src/providers/ipa/ipa_subdomains.c | 6 ++++-- 3 files changed, 7 insertions(+), 3 deletions(-) diff --git a/src/providers/ipa/ipa_auth.c b/src/providers/ipa/ipa_auth.c index 1c49e4d4eec..1d61a1052aa 100644 --- a/src/providers/ipa/ipa_auth.c +++ b/src/providers/ipa/ipa_auth.c @@ -140,6 +140,8 @@ static void get_password_migration_flag_done(struct tevent_req *subreq) ret = ipa_get_config_recv(subreq, state, &reply); talloc_zfree(subreq); if (ret) { + DEBUG(SSSDBG_IMPORTANT_INFO, "Unable to retrieve migration flag " + "from IPA server"); goto done; } diff --git a/src/providers/ipa/ipa_selinux.c b/src/providers/ipa/ipa_selinux.c index d133bfa8bbd..16a8d7b39b3 100644 --- a/src/providers/ipa/ipa_selinux.c +++ b/src/providers/ipa/ipa_selinux.c @@ -1149,7 +1149,7 @@ static void ipa_get_selinux_config_done(struct tevent_req *subreq) ret = ipa_get_config_recv(subreq, state, &state->defaults); talloc_free(subreq); if (ret != EOK) { - DEBUG(SSSDBG_OP_FAILURE, "Could not get IPA config\n"); + DEBUG(SSSDBG_IMPORTANT_INFO, "Could not get IPA config\n"); goto done; } diff --git a/src/providers/ipa/ipa_subdomains.c b/src/providers/ipa/ipa_subdomains.c index 61ebfc2aa01..34cedc03622 100644 --- a/src/providers/ipa/ipa_subdomains.c +++ b/src/providers/ipa/ipa_subdomains.c @@ -1947,7 +1947,7 @@ static void ipa_domain_resolution_order_done(struct tevent_req *subreq) ret = ipa_get_config_recv(subreq, state, &config); talloc_zfree(subreq); if (ret != EOK) { - DEBUG(SSSDBG_OP_FAILURE, + DEBUG(SSSDBG_IMPORTANT_INFO, "Failed to get the domains' resolution order configuration " "from the server [%d]: %s\n", ret, sss_strerror(ret)); @@ -1958,7 +1958,7 @@ static void ipa_domain_resolution_order_done(struct tevent_req *subreq) ret = sysdb_attrs_get_string(config, IPA_DOMAIN_RESOLUTION_ORDER, &domain_resolution_order); if (ret != EOK && ret != ENOENT) { - DEBUG(SSSDBG_OP_FAILURE, + DEBUG(SSSDBG_IMPORTANT_INFO, "Failed to get the domains' resolution order configuration " "value [%d]: %s\n", ret, sss_strerror(ret)); @@ -2789,6 +2789,8 @@ static void ipa_subdomains_refresh_passkey_done(struct tevent_req *subreq) DEBUG(SSSDBG_MINOR_FAILURE, "Unable to get passkey configuration " "[%d]: %s\n", ret, sss_strerror(ret)); /* Not good, but let's try to continue with other server side options */ + DEBUG(SSSDBG_IMPORTANT_INFO, "Passkey feature is not configured " + "on IPA server"); } subreq = ipa_subdomains_master_send(state, state->ev, state->sd_ctx, From e5dfa2a8c3cdb4db8749ae1b37cec8185070bc69 Mon Sep 17 00:00:00 2001 From: Sumit Bose Date: Tue, 23 May 2023 12:36:28 +0200 Subject: [PATCH 012/280] AD: add missing AD_AT_DOMAIN_NAME for sub-domain search Reviewed-by: Iker Pedrosa Reviewed-by: Justin Stephenson (cherry picked from commit 39b6337f32b76842be65802b0b0aa86050c8aa95) --- src/providers/ad/ad_subdomains.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/providers/ad/ad_subdomains.c b/src/providers/ad/ad_subdomains.c index db7f1c3c710..a8d1892cc6e 100644 --- a/src/providers/ad/ad_subdomains.c +++ b/src/providers/ad/ad_subdomains.c @@ -1216,7 +1216,7 @@ static void ad_get_slave_domain_connect_done(struct tevent_req *subreq) int dp_error; errno_t ret; const char *attrs[] = { AD_AT_FLATNAME, AD_AT_TRUST_PARTNER, - AD_AT_SID, AD_AT_TRUST_TYPE, + AD_AT_SID, AD_AT_TRUST_TYPE, AD_AT_DOMAIN_NAME, AD_AT_TRUST_ATTRS, AD_AT_TRUST_DIRECTION, NULL }; req = tevent_req_callback_data(subreq, struct tevent_req); From 2466310e8911c8c301e3ceeb65f7d43294bb924a Mon Sep 17 00:00:00 2001 From: Jakub Vavra Date: Wed, 24 May 2023 07:26:13 +0200 Subject: [PATCH 013/280] Tests: Modify expiring/expired password test for RHEL 8. Reviewed-by: Anuj Borah --- src/tests/multihost/ipa/test_misc.py | 20 ++++++++++++++++---- 1 file changed, 16 insertions(+), 4 deletions(-) diff --git a/src/tests/multihost/ipa/test_misc.py b/src/tests/multihost/ipa/test_misc.py index 44f66d37bbd..d1e179d364f 100644 --- a/src/tests/multihost/ipa/test_misc.py +++ b/src/tests/multihost/ipa/test_misc.py @@ -610,10 +610,16 @@ def test_ssh_expiration_warning(multihost, reset_password, hbac_sshd_rule, client.clear_sssd_cache() # Run ssh - cmd = 'su - foobar1@testrealm.test -c " ssh -v ' \ + # This one does not work RHEL 8 + # cmd = 'su - foobar1@testrealm.test -c " ssh -v ' \ + # '-o StrictHostKeychecking=no -o UserKnownHostsFile=/dev/null ' \ + # '-o GSSAPIAuthentication=no -o PasswordAuthentication=no ' \ + # '-l foobar1@testrealm.test localhost \'whoami\' " 2>&1' + + cmd = 'sudo -u foobar1@testrealm.test ssh -v ' \ '-o StrictHostKeychecking=no -o UserKnownHostsFile=/dev/null ' \ '-o GSSAPIAuthentication=no -o PasswordAuthentication=no ' \ - '-l foobar1@testrealm.test localhost \'whoami\' " 2>&1' + '-l foobar1@testrealm.test localhost <<< whoami 2>&1' ssh_cmd = multihost.client[0].run_command(cmd, raiseonerr=False) @@ -705,10 +711,16 @@ def test_ssh_expired_warning(multihost, reset_password, hbac_sshd_rule, client.clear_sssd_cache() # Run ssh - cmd = 'su - foobar1@testrealm.test -c " ssh -v ' \ + # This one does not work RHEL 8 + # cmd = 'su - foobar1@testrealm.test -c " ssh -v ' \ + # '-o StrictHostKeychecking=no -o UserKnownHostsFile=/dev/null ' \ + # '-o GSSAPIAuthentication=no -o PasswordAuthentication=no ' \ + # '-l foobar1@testrealm.test localhost \'whoami\' " 2>&1' + + cmd = 'sudo -u foobar1@testrealm.test ssh -v ' \ '-o StrictHostKeychecking=no -o UserKnownHostsFile=/dev/null ' \ '-o GSSAPIAuthentication=no -o PasswordAuthentication=no ' \ - '-l foobar1@testrealm.test localhost \'whoami\' " 2>&1' + '-l foobar1@testrealm.test localhost <<< whoami 2>&1' ssh_cmd = multihost.client[0].run_command(cmd, raiseonerr=False) From 4d2cf0b62bbf0386755550bfad684cf36b36eccd Mon Sep 17 00:00:00 2001 From: Sumit Bose Date: Mon, 22 May 2023 21:41:35 +0200 Subject: [PATCH 014/280] krb5: make sure sockets are closed on timeouts MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit If krb5_child runs into a timeout the backend currently does not close the I/O sockets because handle_child_done() is not called when the timeout handlers are acting. To make sure the signal handler can close the sockets the 'in_use' member of struct child_io_fds is set to 'false'. Resolves: https://github.com/SSSD/sssd/issues/6744 Reviewed-by: Alejandro López Reviewed-by: Alexey Tikhonov (cherry picked from commit 455611952f90ed0cefaff1e840623ea14ac06be1) --- src/providers/krb5/krb5_child_handler.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/src/providers/krb5/krb5_child_handler.c b/src/providers/krb5/krb5_child_handler.c index 2559d25223b..54088e4d605 100644 --- a/src/providers/krb5/krb5_child_handler.c +++ b/src/providers/krb5/krb5_child_handler.c @@ -281,6 +281,9 @@ static void krb5_child_timeout(struct tevent_context *ev, return; } + /* No I/O expected anymore, make sure sockets are closed properly */ + state->io->in_use = false; + DEBUG(SSSDBG_IMPORTANT_INFO, "Timeout for child [%d] reached. In case KDC is distant or network " "is slow you may consider increasing value of krb5_auth_timeout.\n", @@ -512,6 +515,9 @@ static void child_keep_alive_timeout(struct tevent_context *ev, DEBUG(SSSDBG_IMPORTANT_INFO, "Keep alive timeout for child [%d] reached.\n", io->pid); + /* No I/O expected anymore, make sure sockets are closed properly */ + io->in_use = false; + krb5_child_terminate(io->pid); } From a74d42dfae6e28ecb8679b3bfb2e62e91fa4e9e3 Mon Sep 17 00:00:00 2001 From: Shridhar Gadekar Date: Tue, 23 May 2023 00:52:47 +0530 Subject: [PATCH 015/280] Tests: fix default debug level for typo MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit modified docstrings Reviewed-by: Jakub Vávra Reviewed-by: Madhuri Upadhye (cherry picked from commit 11eef225c452982877ff26b7984d0351de41da87) --- .../alltests/test_default_debug_level.py | 54 ++++++++++++++----- 1 file changed, 40 insertions(+), 14 deletions(-) diff --git a/src/tests/multihost/alltests/test_default_debug_level.py b/src/tests/multihost/alltests/test_default_debug_level.py index 30dfe5b8cfe..5fdbf441d5d 100644 --- a/src/tests/multihost/alltests/test_default_debug_level.py +++ b/src/tests/multihost/alltests/test_default_debug_level.py @@ -156,28 +156,54 @@ def test_0004_bz1893159(self, multihost, backupsssdconf): """ :title: default debug logs: Check default level 2 :id: d44d5883-fc52-418d-b407-3ac63f7104d8 + :bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1893159 + :setup: + 1. Remove debug_level option from sssd.conf + 2. Set domains = typo_domain (non existing) in [sssd] section + 3. Start sssd after clearing cache and logs :steps: - 1. Remove debug_level from sssd.conf - 2. Start sssd after clearing cache and logs - 3. Kill pid of sssd with signal SIGUSR2 - 4. Check logs + 1. Check sssd.log contains log related to 'SSSD cannot load config' :expectedresults: - 1. sssd should use default debug level with no level defined - 2. Succeeds - 3. sssd process is killed - 4. logs of level of 0x0040 are in the log file + 1. /var/log/sssd/sssd.log contains 'SSSD couldn't load configuration' log + """ + section = f"domain/{ds_instance_name}" + domain_params = {'debug_level': ''} + tools = sssdTools(multihost.client[0]) + tools.sssd_conf(section, domain_params, action='delete') + tools.sssd_conf('sssd', {'domains': 'some'}, action='update') + multihost.client[0].service_sssd('stop') + tools.remove_sss_cache('/var/log/sssd') + multihost.client[0].run_command('systemctl start sssd', raiseonerr=False) + log = '/var/log/sssd/sssd.log' + log_str = multihost.client[0].get_file_contents(log).decode('utf-8') + pattern = re.compile(r'SSSD couldn\'t load the configuration database') + assert pattern.search(log_str) + + @pytest.mark.tier1_4 + def test_bz1893159(self, multihost, backupsssdconf): + """ + :title: default debug logs: default log level logs in sssd.log + :id: 8f9c8c47-a1f6-4ec0-b979-202d8d6dc6c3 + :bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1893159 + :setup: + 1. Remove debug_level option from sssd.conf + 2. Set ldap_uri to a non-existing ldap-server + 3. Start sssd after clearing cache and logs + :steps: + 1. Check logs + :expectedresults: + 1. Domain Logs should contain a log related to 'going offline' """ section = f"domain/{ds_instance_name}" domain_params = {'debug_level': ''} tools = sssdTools(multihost.client[0]) tools.sssd_conf(section, domain_params, action='delete') + tools.sssd_conf(section, {'ldap_uri': 'ldap://typo'} , action='update') tools.clear_sssd_cache() - cmd_kill = 'kill -SIGUSR2 $(pidof sssd)' - multihost.client[0].run_command(cmd_kill, raiseonerr=False) - logfilename = 'sssd' - log = f'/var/log/sssd/{logfilename}.log' + log = f'/var/log/sssd/sssd_{ds_instance_name}.log' log_str = multihost.client[0].get_file_contents(log).decode('utf-8') - find = re.compile(r'.0x0040.') + find = re.compile(r'Failed to connect, going offline') + #check what is logged at default debug_level(2) assert find.search(log_str) @pytest.mark.tier1_4 @@ -225,7 +251,7 @@ def test_bz785908(multihost, backupsssdconf): :steps: 1. Runs command getent -s sss group to query the SSSD cache and save the results to a file. 2. Cleans up the LDAP server by deleting the previously created user and group entries, - and finally search for log messages containing the strings "Group111" and "Group22". + and finally search for log messages containing the strings "Group111" and "Group22". :expectedresults: 1. Query the SSSD cache and save the results to a file Should succeed 2. Log messages should containing the strings From 58855b712a74b3c7cff3b9dc5daaf4f8b384fa02 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Alejandro=20L=C3=B3pez?= Date: Wed, 24 May 2023 12:02:12 +0200 Subject: [PATCH 016/280] SYSDB: Make enum sysdb_obj_type public MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Make enum sysdb_obj_type usable outside of sysdb_ops.c. Reviewed-by: Sumit Bose Reviewed-by: Tomáš Halman (cherry picked from commit 1d69fdb73e5cbaf9789fbb153fa2bc55644e5ec1) --- src/db/sysdb.h | 6 ++++++ src/db/sysdb_ops.c | 6 ------ 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/src/db/sysdb.h b/src/db/sysdb.h index 9cc84270b4b..1a78f739b7c 100644 --- a/src/db/sysdb.h +++ b/src/db/sysdb.h @@ -387,6 +387,12 @@ enum sysdb_index_actions { SYSDB_IDX_LIST }; +enum sysdb_obj_type { + SYSDB_UNKNOWN = 0, + SYSDB_USER, + SYSDB_GROUP +}; + /* These attributes are stored in the timestamp cache */ extern const char *sysdb_ts_cache_attrs[]; diff --git a/src/db/sysdb_ops.c b/src/db/sysdb_ops.c index 108603722b6..d11d8d956b0 100644 --- a/src/db/sysdb_ops.c +++ b/src/db/sysdb_ops.c @@ -406,12 +406,6 @@ int sysdb_search_entry_by_sid_str(TALLOC_CTX *mem_ctx, /* =Search-User-by-[UID/SID/NAME]============================================= */ -enum sysdb_obj_type { - SYSDB_UNKNOWN = 0, - SYSDB_USER, - SYSDB_GROUP -}; - static errno_t cleanup_dn_filter(TALLOC_CTX *mem_ctx, struct ldb_result *ts_res, const char *object_class, From 3eb4c4a7e146e949e65d60e2912e7e4c834db6b1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Alejandro=20L=C3=B3pez?= Date: Wed, 12 Apr 2023 17:30:38 +0200 Subject: [PATCH 017/280] IPA: Use a more specific filter when searching for BE_REQ_USER_AND_GROUP MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The previous filter for overrides would sometimes find more than one entry because it was looking for a uidNumber or gidNumber: (&(objectClass=ipaOverrideAnchor)(|(uidNumber=XXXX)(gidNumber=XXXX))) The new filter looks for a specific user override or a specific group override: (|(&(objectClass=ipaUserOverride)(uidNumber=XXXX)) (&(objectClass=ipaGroupOverride)(gidNumber=XXXX))) This filter could return two override entries (one for a group and one for a user). That case must be taken into consideration and discard the user override in favor of the group override. Reviewed-by: Sumit Bose Reviewed-by: Tomáš Halman (cherry picked from commit 99d0ab82e98a8f1e3cab23d871f36b9d890e034c) --- src/db/sysdb.h | 1 + src/providers/ipa/ipa_common.h | 1 + src/providers/ipa/ipa_opts.c | 1 + src/providers/ipa/ipa_views.c | 131 +++++++++++++++++++++++++++++++-- 4 files changed, 129 insertions(+), 5 deletions(-) diff --git a/src/db/sysdb.h b/src/db/sysdb.h index 1a78f739b7c..2f20692ccfa 100644 --- a/src/db/sysdb.h +++ b/src/db/sysdb.h @@ -136,6 +136,7 @@ #define SYSDB_DN_FOR_MEMBER_HASH_TABLE "dnForMemberHashTable" #define SYSDB_ORIG_DN "originalDN" +#define SYSDB_ORIG_OBJECTCLASS "originalObjectClass" #define SYSDB_ORIG_MODSTAMP "originalModifyTimestamp" #define SYSDB_ORIG_MEMBEROF "originalMemberOf" #define SYSDB_ORIG_MEMBER "orig_member" diff --git a/src/providers/ipa/ipa_common.h b/src/providers/ipa/ipa_common.h index ff2bccd1314..82b9622bde9 100644 --- a/src/providers/ipa/ipa_common.h +++ b/src/providers/ipa/ipa_common.h @@ -134,6 +134,7 @@ enum ipa_override_attrs { IPA_AT_OVERRIDE_GROUP_GID_NUMBER, IPA_AT_OVERRIDE_USER_SSH_PUBLIC_KEY, IPA_AT_OVERRIDE_USER_CERT, + IPA_AT_OVERRIDE_OBJECTCLASS, IPA_OPTS_OVERRIDE }; diff --git a/src/providers/ipa/ipa_opts.c b/src/providers/ipa/ipa_opts.c index cd3968026a9..97cddb1d70d 100644 --- a/src/providers/ipa/ipa_opts.c +++ b/src/providers/ipa/ipa_opts.c @@ -323,6 +323,7 @@ struct sdap_attr_map ipa_override_map[] = { { "ldap_group_gid_number", "gidNumber", SYSDB_GIDNUM, NULL }, { "ldap_user_ssh_public_key", "ipaSshPubKey", SYSDB_SSH_PUBKEY, NULL }, { "ldap_user_certificate", "userCertificate;binary", SYSDB_USER_CERT, NULL }, + { "", "objectClass", SYSDB_ORIG_OBJECTCLASS, NULL }, /* We don't want this to be configurable */ SDAP_ATTR_MAP_TERMINATOR }; diff --git a/src/providers/ipa/ipa_views.c b/src/providers/ipa/ipa_views.c index 50243098ae5..3e58949e140 100644 --- a/src/providers/ipa/ipa_views.c +++ b/src/providers/ipa/ipa_views.c @@ -27,6 +27,114 @@ #include "util/cert.h" #include "providers/ldap/sdap_async.h" #include "providers/ipa/ipa_id.h" +#include "db/sysdb.h" + +#define MAX_USER_AND_GROUP_REPLIES 2 + +static errno_t get_user_or_group(TALLOC_CTX *mem_ctx, + struct ipa_options *ipa_opts, + struct sysdb_attrs *attrs, + enum sysdb_obj_type *_what_is) +{ + errno_t ret; + const char **values; + const char **value; + bool is_user = false; + bool is_group = false; + const char *ov_user_name = ipa_opts->override_map[IPA_OC_OVERRIDE_USER].name; + const char *ov_group_name = ipa_opts->override_map[IPA_OC_OVERRIDE_GROUP].name; + + ret = sysdb_attrs_get_string_array(attrs, SYSDB_ORIG_OBJECTCLASS, mem_ctx, &values); + if (ret != EOK) { + DEBUG(SSSDBG_OP_FAILURE, "Failed to retrieve attribute [%s].\n", + SYSDB_ORIG_OBJECTCLASS); + return ret; + } + + /* We assume an entry can be a user or a group override but not both. + * So we leave as soon as we identify one of them. */ + if (values != NULL) { + for (value = values; *value != NULL; value++) { + if (strcasecmp(*value, ov_user_name) == 0) { + is_user = true; + break; + } else if (strcasecmp(*value, ov_group_name) == 0) { + is_group = true; + break; + } + } + talloc_free(values); + } + + /* We also assume it must be necessarily a user or a group. */ + if (!is_user && !is_group) { + DEBUG(SSSDBG_OP_FAILURE, "Unexpected override found.\n"); + return EINVAL; + } + + if (_what_is != NULL) { + *_what_is = is_user ? SYSDB_USER : SYSDB_GROUP; + } + + return EOK; +} + +/* Verify there are exactly 1 user and 1 group override. Any other combination + * is wrong. Then keep only the group override. */ +static errno_t check_and_filter_user_and_group(struct ipa_options *ipa_opts, + struct sysdb_attrs **reply, + size_t *reply_count) +{ + errno_t ret; + TALLOC_CTX *tmp_ctx; + enum sysdb_obj_type entry_is[MAX_USER_AND_GROUP_REPLIES]; + int i; + + if (*reply_count != MAX_USER_AND_GROUP_REPLIES) { + DEBUG(SSSDBG_TRACE_INTERNAL, "Expected %i replies but got %lu\n", + MAX_USER_AND_GROUP_REPLIES, *reply_count); + return EINVAL; + } + + tmp_ctx = talloc_new(NULL); + if (tmp_ctx == NULL) { + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to allocate memory.\n"); + return ENOMEM; + } + + for (i = 0; i < MAX_USER_AND_GROUP_REPLIES; i++) { + ret = get_user_or_group(tmp_ctx, ipa_opts, reply[i], &entry_is[i]); + if (ret != EOK) { + goto done; + } + } + + if (entry_is[0] == SYSDB_USER && entry_is[1] == SYSDB_USER) { + DEBUG(SSSDBG_CRIT_FAILURE, "Found 2 user overrides.\n"); + ret = EINVAL; + goto done; + } else if (entry_is[0] == SYSDB_GROUP && entry_is[1] == SYSDB_GROUP) { + DEBUG(SSSDBG_CRIT_FAILURE, "Found 2 group overrides.\n"); + ret = EINVAL; + goto done; + } + + /* We have one user and one group override. Keep only the group override. */ + DEBUG(SSSDBG_TRACE_INTERNAL, "Keeping only the group override.\n"); + if (entry_is[0] == SYSDB_USER) { + talloc_free(reply[0]); + reply[0] = reply[1]; + } else { + talloc_free(reply[1]); + } + reply[1] = NULL; + *reply_count = 1; + +done: + talloc_free(tmp_ctx); + + return ret; +} static errno_t dp_id_data_to_override_filter(TALLOC_CTX *mem_ctx, struct ipa_options *ipa_opts, @@ -73,10 +181,12 @@ static errno_t dp_id_data_to_override_filter(TALLOC_CTX *mem_ctx, break; case BE_REQ_USER_AND_GROUP: - filter = talloc_asprintf(mem_ctx, "(&(objectClass=%s)(|(%s=%s)(%s=%s)))", - ipa_opts->override_map[IPA_OC_OVERRIDE].name, + filter = talloc_asprintf(mem_ctx, + "(|(&(objectClass=%s)(%s=%s))(&(objectClass=%s)(%s=%s)))", + ipa_opts->override_map[IPA_OC_OVERRIDE_USER].name, ipa_opts->override_map[IPA_AT_OVERRIDE_USER_NAME].name, - ar->filter_value, + sanitized_name, + ipa_opts->override_map[IPA_OC_OVERRIDE_GROUP].name, ipa_opts->override_map[IPA_AT_OVERRIDE_GROUP_NAME].name, sanitized_name); break; @@ -115,10 +225,11 @@ static errno_t dp_id_data_to_override_filter(TALLOC_CTX *mem_ctx, case BE_REQ_USER_AND_GROUP: filter = talloc_asprintf(mem_ctx, - "(&(objectClass=%s)(|(%s=%"PRIu32")(%s=%"PRIu32")))", - ipa_opts->override_map[IPA_OC_OVERRIDE].name, + "(|(&(objectClass=%s)(%s=%"PRIu32"))(&(objectClass=%s)(%s=%"PRIu32")))", + ipa_opts->override_map[IPA_OC_OVERRIDE_USER].name, ipa_opts->override_map[IPA_AT_OVERRIDE_UID_NUMBER].name, id, + ipa_opts->override_map[IPA_OC_OVERRIDE_GROUP].name, ipa_opts->override_map[IPA_AT_OVERRIDE_GROUP_GID_NUMBER].name, id); break; @@ -456,6 +567,16 @@ static void ipa_get_ad_override_done(struct tevent_req *subreq) state->dp_error = DP_ERR_OK; tevent_req_done(req); return; + } else if (reply_count == MAX_USER_AND_GROUP_REPLIES && + (state->ar->entry_type & BE_REQ_TYPE_MASK) == BE_REQ_USER_AND_GROUP) { + DEBUG(SSSDBG_TRACE_ALL, + "Found two overrides with BE_REQ_USER_AND_GROUP filter [%s].\n", + state->filter); + ret = check_and_filter_user_and_group(state->ipa_options, reply, + &reply_count); + if (ret != EOK) { + goto fail; + } } else if (reply_count > 1) { DEBUG(SSSDBG_CRIT_FAILURE, "Found [%zu] overrides with filter [%s], expected only 1.\n", From 0192c1c8f21edc5966cde2c5a7a79268f7249368 Mon Sep 17 00:00:00 2001 From: Jakub Vavra Date: Tue, 23 May 2023 10:25:38 +0200 Subject: [PATCH 018/280] Tests: Add conditional skip for simple ifp test. Reviewed-by: Madhuri Upadhye (cherry picked from commit 469905bfabdda66555bd179eb7b6ac7b3cd875d1) --- src/tests/multihost/basic/test_ifp.py | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/src/tests/multihost/basic/test_ifp.py b/src/tests/multihost/basic/test_ifp.py index 81737645a2a..a8cf24b9f6c 100644 --- a/src/tests/multihost/basic/test_ifp.py +++ b/src/tests/multihost/basic/test_ifp.py @@ -6,6 +6,7 @@ :upstream: yes :status: approved """ +import pytest class TestInfoPipe(object): @@ -18,6 +19,11 @@ def test_ifp_extra_attributes_property(self, multihost): :id: 23b8c7e8-df4b-47ef-b38e-0503040e1d67 see e.g. https://github.com/SSSD/sssd/issues/4891 """ + # Note that this test needs dbus-tools package that + # is not implicitly installed here. + check_ifp = "libsss_simpleifp" in multihost.master[0].run_command("rpm -qa").stdout_text + if not check_ifp: + pytest.skip("libsss_simpleifp is not present, skipping test.") dbus_send_cmd = \ """ dbus-send --print-reply --system \ From 6239f50f64f7884ad35ecbf01dfb26241671374a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Alejandro=20L=C3=B3pez?= Date: Tue, 30 May 2023 16:49:06 +0200 Subject: [PATCH 019/280] PAM: Fix a possible segmentation fault Calls to add_expired_warning(struct pam_data *pd, long exp_time) must provide a non-NULL pd. In one of the cases this function is called without checking that pd is not NULL. We here fix that. Reviewed-by: Alexey Tikhonov Reviewed-by: Sumit Bose (cherry picked from commit 7f28816479c694ff95939e3becfbcd43423a5744) --- src/providers/ldap/ldap_auth.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/src/providers/ldap/ldap_auth.c b/src/providers/ldap/ldap_auth.c index fbc829e5d38..8ec4d3af5a6 100644 --- a/src/providers/ldap/ldap_auth.c +++ b/src/providers/ldap/ldap_auth.c @@ -164,9 +164,11 @@ static errno_t check_pwexpire_shadow(struct spwd *spwd, time_t now, if (spwd->sp_max != -1 && password_age > spwd->sp_max) { DEBUG(SSSDBG_CONF_SETTINGS, "Password expired.\n"); - ret = add_expired_warning(pd, 0); - if (ret != EOK) { - DEBUG(SSSDBG_CRIT_FAILURE, "add_expired_warning failed.\n"); + if (pd != NULL) { + ret = add_expired_warning(pd, 0); + if (ret != EOK) { + DEBUG(SSSDBG_CRIT_FAILURE, "add_expired_warning failed.\n"); + } } return ERR_PASSWORD_EXPIRED; } From f63a54c3d89866949810d5bcdb09bf2edd3ced02 Mon Sep 17 00:00:00 2001 From: Sumit Bose Date: Wed, 29 Mar 2023 12:58:37 +0200 Subject: [PATCH 020/280] fail_over: protect against a segmentation fault MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit A missing server name in struct fo_server will cause a segmentation fault. Currently it is unclear why the server name is missing at this point. To avoid the segmentation fault it is checked before if the server name is missing. Additionally the state of some internal structures is added to the debug logs to help debugging why the server name is missing. Resolves: https://github.com/SSSD/sssd/issues/6659 Reviewed-by: Alejandro López Reviewed-by: Alexey Tikhonov (cherry picked from commit 8a8869994745429b3f5535a5d0b91f1d0b2fa723) --- src/providers/data_provider_fo.c | 14 +++++++++ src/providers/fail_over.c | 53 ++++++++++++++++++++++++++++++++ src/providers/fail_over.h | 3 ++ 3 files changed, 70 insertions(+) diff --git a/src/providers/data_provider_fo.c b/src/providers/data_provider_fo.c index eca5f2f8e5b..b0aed54e97b 100644 --- a/src/providers/data_provider_fo.c +++ b/src/providers/data_provider_fo.c @@ -594,6 +594,14 @@ static void be_resolve_server_done(struct tevent_req *subreq) tevent_req_error(req, ret); } +static void dump_be_svc_data(const struct be_svc_data *svc) +{ + DEBUG(SSSDBG_OP_FAILURE, "be_svc_data: name=[%s] last_good_srv=[%s] " + "last_good_port=[%d] last_status_change=[%"SPRItime"]\n", + svc->name, svc->last_good_srv, svc->last_good_port, + svc->last_status_change); +} + errno_t be_resolve_server_process(struct tevent_req *subreq, struct be_resolve_server_state *state, struct tevent_req **new_subreq) @@ -681,6 +689,12 @@ errno_t be_resolve_server_process(struct tevent_req *subreq, fo_get_server_str_name(state->srv), ipaddr, srvaddr->addr_list[0]->ttl); } + } else { + DEBUG(SSSDBG_CRIT_FAILURE, "Missing server name.\n"); + dump_be_svc_data(state->svc); + dump_fo_server(state->srv); + dump_fo_server_list(state->srv); + return ENOENT; } srv_status_change = fo_get_server_hostname_last_change(state->srv); diff --git a/src/providers/fail_over.c b/src/providers/fail_over.c index 9cb26838c9e..7cb64244877 100644 --- a/src/providers/fail_over.c +++ b/src/providers/fail_over.c @@ -200,6 +200,59 @@ str_srv_data_status(enum srv_lookup_status status) return "unknown SRV lookup status"; } +static void dump_srv_data(const struct srv_data *srv_data) +{ + if (srv_data == NULL) { + DEBUG(SSSDBG_OP_FAILURE, "srv_data is NULL\n"); + return; + } + + DEBUG(SSSDBG_OP_FAILURE, "srv_data: dns_domain [%s] discovery_domain [%s] " + "sssd_domain [%s] proto [%s] srv [%s] " + "srv_lookup_status [%s] ttl [%d] " + "last_status_change [%"SPRItime"]\n", + srv_data->dns_domain == NULL ? "dns_domain is NULL" + : srv_data->dns_domain, + srv_data->discovery_domain == NULL ? "discovery_domain is NULL" + : srv_data->discovery_domain, + srv_data->sssd_domain == NULL ? "sssd_domain is NULL" + : srv_data->sssd_domain, + srv_data->proto == NULL ? "proto is NULL" + : srv_data->proto, + srv_data->srv == NULL ? "srv is NULL" + : srv_data->srv, + str_srv_data_status(srv_data->srv_lookup_status), + srv_data->ttl, srv_data->last_status_change.tv_sec); +} + +void dump_fo_server(const struct fo_server *srv) +{ + DEBUG(SSSDBG_OP_FAILURE, "fo_server: primary [%s] port [%d] " + "port_status [%s] common->name [%s].\n", + srv->primary ? "true" : "false", srv->port, + str_port_status(srv->port_status), + srv->common == NULL ? "common is NULL" + : (srv->common->name == NULL + ? "common->name is NULL" + : srv->common->name)); + dump_srv_data(srv->srv_data); +} + +void dump_fo_server_list(const struct fo_server *srv) +{ + const struct fo_server *s; + + s = srv; + while (s->prev != NULL) { + s = s->prev; + } + + while (s != NULL) { + dump_fo_server(s); + s = s->next; + } +} + static const char * str_server_status(enum server_status status) { diff --git a/src/providers/fail_over.h b/src/providers/fail_over.h index 92a0456b565..36021ad6ffb 100644 --- a/src/providers/fail_over.h +++ b/src/providers/fail_over.h @@ -88,6 +88,9 @@ struct fo_options { enum restrict_family family_order; }; +void dump_fo_server(const struct fo_server *srv); +void dump_fo_server_list(const struct fo_server *srv); + /* * Create a new fail over context based on options passed in the * opts parameter From b9a0b4245331109379d4d1d7301a6f4f2d9b4a75 Mon Sep 17 00:00:00 2001 From: aborah Date: Wed, 10 May 2023 14:40:07 +0530 Subject: [PATCH 021/280] Tests: Netgroups do not honor entry cache nowait percentage MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit https://gitlab.cee.redhat.com/sssd/sssd-qe/-/blob/RHEL8.8/client/ldap_provider/ldap_id_ldap_auth/bugzilla-automation.sh#L280 Reviewed-by: Jakub Vávra Reviewed-by: Shridhar Gadekar (cherry picked from commit 75ae9e87a264b17dac45f798fb7b4ba7057fc494) --- src/tests/multihost/alltests/test_misc.py | 95 ++++++++++++++++++++++- 1 file changed, 94 insertions(+), 1 deletion(-) diff --git a/src/tests/multihost/alltests/test_misc.py b/src/tests/multihost/alltests/test_misc.py index 33d64d16ce3..95fc2728fc6 100644 --- a/src/tests/multihost/alltests/test_misc.py +++ b/src/tests/multihost/alltests/test_misc.py @@ -13,9 +13,19 @@ import subprocess import pytest from sssd.testlib.common.expect import pexpect_ssh +from datetime import datetime as D_T from sssd.testlib.common.exceptions import SSHLoginException from sssd.testlib.common.utils import sssdTools, LdapOperations -from constants import ds_instance_name, ds_suffix +from constants import ds_instance_name, ds_suffix, ds_rootdn, ds_rootpw + + +def find_logs(multihost, log_name, string_name): + """This function will find strings in a log file + log_name: Absolute path of log where the search will happen. + string_name: String to search in the log file. + """ + log_str = multihost.client[0].get_file_contents(log_name).decode('utf-8') + return string_name in log_str @pytest.mark.usefixtures('setup_sssd', 'create_posix_usersgroups') @@ -532,3 +542,86 @@ def test_0009_dbus_method_find_usrby_attr(multihost, backupsssdconf, ldap_posix_ assert cmd2.stdout_text.strip('\n') in cmd.stdout_text, 'dbus is not fetching expected users' cmd1 = multihost.client[0].run_command(f'id -u {usr}@{domain_name}', raiseonerr=False) assert cmd1.stdout_text.strip('\n') not in cmd.stdout_text, 'dbus is fetching unwanted user' + + @staticmethod + @pytest.mark.tier1_4 + def test_bz822236(multihost, backupsssdconf): + """ + :title: Netgroups do not honor entry cache nowait percentage + :id: dda33ba4-ef10-11ed-a27d-845cf3eff344 + :bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=822236 + :setup: + 1. Retrieve the name of the network interface that is currently connected using + the 'nmcli' command, and saves it to the 'intf' variable. + 2. Sets up an LDAP connection to the LDAP server using the LdapOperations class. + 3. Creates a new organizational unit named "Netgroup" under the base DN + specified in the 'ds_suffix' variable. + 4. Creates a new LDAP entry for a netgroup named "netgrp_nowait" + under the "Netgroup" organizational unit. + 5. Use the sssdTools class to update the configuration file for the + 'nss' and 'domain/example1' sections of the SSSD service. + 7. Clear the SSSD cache using the 'clear_sssd_cache' method of the sssdTools class. + 8. Delete the contents of the '/var/log/sssd/sssd_nss.log' file + 9. Add a 50ms delay to the network interface using the 'tc' command. + :steps: + 1. Measures the response time for the 'getent netgroup netgrp_nowait' + command and saves it to the 'res_time' variable. + 2. Run a loop that repeats the 'getent netgroup netgrp_nowait' command 4 times + and checks if the response time is less than to the initial response time. + 3. Wait for 15 seconds before deleting the contents of the '/var/log/sssd/sssd_nss.log' file again. + 4. Remove the network delay added in step 9 using the 'tc' command. + :expectedresults: + 1. res_time variable will have the response time + 2. Response time is less than to the initial response time + 3. Wait for 15 seconds + 4. Network delay should be removed + """ + client = multihost.client[0] + log_nss = '/var/log/sssd/sssd_nss.log' + ldap_uri = 'ldap://%s' % (multihost.master[0].sys_hostname) + ldap_inst = LdapOperations(ldap_uri, ds_rootdn, ds_rootpw) + ldap_inst.org_unit("Netgroup", ds_suffix) + user_dn = f'cn=netgrp_nowait,ou=Netgroup,{ds_suffix}' + user_info = {'cn': 'netgrp_nowait'.encode('utf-8'), + 'objectClass': ['nisNetgroup'.encode('utf-8'), + 'top'.encode('utf-8')], + 'nisNetgroupTriple': '(host1,kau10,example.com)'.encode('utf-8')} + ldap_inst.add_entry(user_info, user_dn) + tools = sssdTools(multihost.client[0]) + tools.sssd_conf("nss", {'filter_groups': 'root', + 'filter_users': 'root', + 'debug_level': '9', + 'entry_cache_nowait_percentage': '50'}, action='update') + tools.sssd_conf("domain/example1", + {'entry_cache_timeout': '30', + 'ldap_netgroup_search_base': f"ou=Netgroup,{ds_suffix}"}, action='update') + tools.clear_sssd_cache() + client.run_command(f"> {log_nss}") + intf = [s for s in client.run_command("nmcli").stdout_text.split('\n') + if re.search(r'\b' + "connected to" + r'\b', s)][0].split(":")[0] + client.run_command(f"tc qdisc add dev {intf} root netem delay 50ms") + start = D_T.now() + client.run_command("getent netgroup netgrp_nowait") + end = D_T.now() + res_time = end - start + time.sleep(16) + time_diff = [] + find_logs_results = [] + for _ in range(4): + start = D_T.now() + client.run_command("getent netgroup netgrp_nowait") + end = D_T.now() + loop_response = end - start + time_diff.append(loop_response < res_time) + time.sleep(3) + find_logs_results.append(find_logs(multihost, + log_nss, + "Performing midpoint cache " + "update of [netgrp_nowait@example1]")) + client.run_command(f"> {log_nss}") + time.sleep(15) + client.run_command(f"tc qdisc del dev {intf} root") + ldap_inst.del_dn(user_dn) + ldap_inst.del_dn(f"ou=Netgroup,{ds_suffix}") + assert all(find_logs_results), "Searched string not found in the logs" + assert all(time_diff), "Test failed as the cache response time is higher." From 74c6fefe1f13d2b138d9d2979f958aae8114c396 Mon Sep 17 00:00:00 2001 From: Shridhar Gadekar Date: Wed, 7 Jun 2023 23:44:02 +0530 Subject: [PATCH 022/280] Tests: move test_access_control.py to tier2 Tests moved to tier2, tests are failing to parse the logs. gating is blocked. same testsuite is available in bash Reviewed-by: Dan Lavu (cherry picked from commit 587cd8dc2004adfd6c6aab4ef928ef2d89ae3f94) --- src/tests/multihost/ad/test_access_control.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/tests/multihost/ad/test_access_control.py b/src/tests/multihost/ad/test_access_control.py index 5c033dd32f3..9d283974980 100644 --- a/src/tests/multihost/ad/test_access_control.py +++ b/src/tests/multihost/ad/test_access_control.py @@ -48,7 +48,7 @@ def ssh_login(multihost, username): @pytest.mark.usefixtures('joinad') @pytest.mark.ad_access_control -@pytest.mark.tier1_4 +@pytest.mark.tier2 class TestAccessControl(object): """ Test cases for BZ: 1268902 :setup: From 6125efe1f15ca23f2eb367965ca331f1f693cfc6 Mon Sep 17 00:00:00 2001 From: Shridhar Gadekar Date: Tue, 6 Jun 2023 17:15:41 +0530 Subject: [PATCH 023/280] Tests: Adding c-ares markers for related tests MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit removing flaky ones Reviewed-by: Jakub Vávra (cherry picked from commit 27dd3f508b23ae61c757cce6c5b9ca303d7aaf09) --- src/tests/multihost/ad/pytest.ini | 1 + src/tests/multihost/ad/test_adparameters_ported.py | 8 ++++++++ src/tests/multihost/ad/test_dyndns.py | 1 + src/tests/multihost/adsites/test_adsites.py | 4 ++++ 4 files changed, 14 insertions(+) diff --git a/src/tests/multihost/ad/pytest.ini b/src/tests/multihost/ad/pytest.ini index f85b738f2c6..8a055f3cd78 100644 --- a/src/tests/multihost/ad/pytest.ini +++ b/src/tests/multihost/ad/pytest.ini @@ -5,6 +5,7 @@ markers = adloginattr: Tests for AD login attributes admisc: Miscellaneous bugzilla automations for AD automount: Automount test cases with maps stored in AD schema + c_ares: Tests for C-ares library cifs: Cifs test cases converted: Tests that are already converted to the new framework. ad_access_control: Test for AD Access Control diff --git a/src/tests/multihost/ad/test_adparameters_ported.py b/src/tests/multihost/ad/test_adparameters_ported.py index b8234682d4a..a6a6fa42afe 100644 --- a/src/tests/multihost/ad/test_adparameters_ported.py +++ b/src/tests/multihost/ad/test_adparameters_ported.py @@ -749,6 +749,7 @@ def test_0008_ad_parameters_homedir_override_both( @staticmethod @pytest.mark.tier1_2 + @pytest.mark.c_ares def test_0009_ad_parameters_ldap_sasl_full( multihost, create_aduser_group): """ @@ -833,6 +834,7 @@ def test_0009_ad_parameters_ldap_sasl_full( @staticmethod @pytest.mark.tier2 + @pytest.mark.c_ares def test_0010_ad_parameters_ldap_sasl_short( multihost, create_aduser_group): """ @@ -919,6 +921,7 @@ def test_0010_ad_parameters_ldap_sasl_short( @staticmethod @pytest.mark.tier1_2 + @pytest.mark.c_ares def test_0011_ad_parameters_server_resolvable( multihost, adjoin, create_aduser_group): """ @@ -998,6 +1001,7 @@ def test_0011_ad_parameters_server_resolvable( @staticmethod @pytest.mark.tier2 + @pytest.mark.c_ares def test_0012_ad_parameters_server_unresolvable( multihost, adjoin, create_aduser_group): """ @@ -1051,6 +1055,7 @@ def test_0012_ad_parameters_server_unresolvable( @staticmethod @pytest.mark.tier1_2 + @pytest.mark.c_ares def test_0013_ad_parameters_server_srv_record( multihost, adjoin, create_aduser_group): """ @@ -1110,6 +1115,7 @@ def test_0013_ad_parameters_server_srv_record( @staticmethod @pytest.mark.tier1_2 + @pytest.mark.c_ares def test_0014_ad_parameters_server_blank( multihost, adjoin, create_aduser_group): """ @@ -1257,6 +1263,7 @@ def test_0015_ad_parameters_ad_hostname_machine( @staticmethod @pytest.mark.tier1_2 + @pytest.mark.c_ares def test_0016_ad_parameters_ad_hostname_valid( multihost, adjoin, create_aduser_group): """ @@ -2045,6 +2052,7 @@ def test_0025_ad_parameters_empty_group(multihost, adjoin): @staticmethod @pytest.mark.tier2 + @pytest.mark.c_ares def test_0026_ad_parameters_dns_failover( multihost, adjoin, create_plain_aduser_group): """ diff --git a/src/tests/multihost/ad/test_dyndns.py b/src/tests/multihost/ad/test_dyndns.py index ba288b33695..3338aef6141 100644 --- a/src/tests/multihost/ad/test_dyndns.py +++ b/src/tests/multihost/ad/test_dyndns.py @@ -98,6 +98,7 @@ def remove_interface(): @pytest.mark.usefixtures("reverse_zone", "disable_dns_forwarders", "change_client_hostname") @pytest.mark.dyndns @pytest.mark.tier2 +@pytest.mark.c_ares class TestDynDns(object): @staticmethod diff --git a/src/tests/multihost/adsites/test_adsites.py b/src/tests/multihost/adsites/test_adsites.py index 0f1337e89bc..ef2eb68a77c 100644 --- a/src/tests/multihost/adsites/test_adsites.py +++ b/src/tests/multihost/adsites/test_adsites.py @@ -16,6 +16,7 @@ class Testadsites(object): 3. Create secondary site, move second domain controller to second site """ @pytest.mark.adsites + @pytest.mark.c_ares def test_001_ad_startup_discovery(self, multihost, adjoin): """ @Title: IDM-SSSD-TC: ad_startup_discovery @@ -69,6 +70,7 @@ def test_001_ad_startup_discovery(self, multihost, adjoin): assert check_discovery.returncode == 0 @pytest.mark.adsites + @pytest.mark.c_ares def test_002_ad_startup_discovery_one_server_unreachable(self, multihost, adjoin): """ @@ -137,6 +139,7 @@ def test_002_ad_startup_discovery_one_server_unreachable(self, multihost, multihost.client[0].run_command(fw_remove, raiseonerr=True) @pytest.mark.adsites + @pytest.mark.c_ares def test_003_ad_startup_discovery_two_different_sites(self, multihost, adjoin, create_site): """ @@ -189,6 +192,7 @@ def test_003_ad_startup_discovery_two_different_sites(self, multihost, assert check_discovery.returncode == 0 @pytest.mark.adsites + @pytest.mark.c_ares def test_004_ad_startup_discovery_one_server_unreachable(self, multihost, adjoin, From d9749ba1fca60d3e5262fd8952b62484969e38bd Mon Sep 17 00:00:00 2001 From: Alexey Tikhonov Date: Wed, 7 Jun 2023 21:20:43 +0200 Subject: [PATCH 024/280] RESPONDER: avoid log backtrace in case access denined MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Resolves: https://github.com/SSSD/sssd/issues/6442 Reviewed-by: Sumit Bose Reviewed-by: Tomáš Halman (cherry picked from commit 076a1136ab8650d962c5a462cbed82bd96ba176a) --- src/responder/common/responder.h | 2 +- src/responder/common/responder_common.c | 12 ++++++++---- 2 files changed, 9 insertions(+), 5 deletions(-) diff --git a/src/responder/common/responder.h b/src/responder/common/responder.h index 317e93ea691..5f04d25eec2 100644 --- a/src/responder/common/responder.h +++ b/src/responder/common/responder.h @@ -372,7 +372,7 @@ errno_t csv_string_to_uid_array(TALLOC_CTX *mem_ctx, const char *csv_string, uid_t client_euid(struct cli_creds *creds); errno_t check_allowed_uids(uid_t uid, size_t allowed_uids_count, - uid_t *allowed_uids); + const uid_t *allowed_uids); struct tevent_req * sss_parse_inp_send(TALLOC_CTX *mem_ctx, diff --git a/src/responder/common/responder_common.c b/src/responder/common/responder_common.c index 62177ccf67a..ac0e72790c0 100644 --- a/src/responder/common/responder_common.c +++ b/src/responder/common/responder_common.c @@ -174,7 +174,7 @@ uid_t client_euid(struct cli_creds *creds) } errno_t check_allowed_uids(uid_t uid, size_t allowed_uids_count, - uid_t *allowed_uids) + const uid_t *allowed_uids) { size_t c; @@ -519,6 +519,7 @@ static void accept_fd_handler(struct tevent_context *ev, struct tevent_fd *fde, uint16_t flags, void *ptr) { + static uid_t last_violator_uid = (uid_t)-1; /* accept and attach new event handler */ struct accept_fd_ctx *accept_ctx = talloc_get_type(ptr, struct accept_fd_ctx); @@ -593,9 +594,12 @@ static void accept_fd_handler(struct tevent_context *ev, rctx->allowed_uids); if (ret != EOK) { if (ret == EACCES) { - DEBUG(SSSDBG_CRIT_FAILURE, - "Access denied for uid [%"SPRIuid"].\n", - client_euid(cctx->creds)); + if (client_euid(cctx->creds) != last_violator_uid) { + last_violator_uid = client_euid(cctx->creds); + DEBUG(SSSDBG_IMPORTANT_INFO, + "Access denied for uid [%"SPRIuid"].\n", + last_violator_uid); + } } else { DEBUG(SSSDBG_OP_FAILURE, "check_allowed_uids failed.\n"); } From 640f41588cbe00c9f0d4e4bdfa16ac5337484b2e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pavel=20B=C5=99ezina?= Date: Tue, 23 May 2023 12:21:44 +0200 Subject: [PATCH 025/280] ipa: correctly remove missing attributes on netgroup update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit When a netgroup is updated, previously it did not remove the missing attributes. This caused an issue especially when a member was removed. Resolves: https://github.com/SSSD/sssd/issues/6652 Reviewed-by: Alejandro López Reviewed-by: Iker Pedrosa (cherry picked from commit b033b0dda972e885f63234aa81dca317c8234c2c) --- src/db/sysdb.c | 9 ++ src/db/sysdb.h | 1 + src/providers/ipa/ipa_netgroups.c | 35 +++++++- src/tests/system/tests/test_netgroups.py | 108 +++++++++++++++++++++++ 4 files changed, 151 insertions(+), 2 deletions(-) create mode 100644 src/tests/system/tests/test_netgroups.py diff --git a/src/db/sysdb.c b/src/db/sysdb.c index 649e79fcac6..1faa11b16e0 100644 --- a/src/db/sysdb.c +++ b/src/db/sysdb.c @@ -523,6 +523,15 @@ static int sysdb_attrs_add_val_int(struct sysdb_attrs *attrs, return EOK; } + +int sysdb_attrs_add_empty(struct sysdb_attrs *attrs, const char *name) +{ + struct ldb_message_element *el; + + /* Calling this will create the element if it does not exist. */ + return sysdb_attrs_get_el_ext(attrs, name, true, &el); +} + int sysdb_attrs_add_val(struct sysdb_attrs *attrs, const char *name, const struct ldb_val *val) { diff --git a/src/db/sysdb.h b/src/db/sysdb.h index 2f20692ccfa..887a9630e72 100644 --- a/src/db/sysdb.h +++ b/src/db/sysdb.h @@ -398,6 +398,7 @@ enum sysdb_obj_type { extern const char *sysdb_ts_cache_attrs[]; /* values are copied in the structure, allocated on "attrs" */ +int sysdb_attrs_add_empty(struct sysdb_attrs *attrs, const char *name); int sysdb_attrs_add_val(struct sysdb_attrs *attrs, const char *name, const struct ldb_val *val); int sysdb_attrs_add_val_safe(struct sysdb_attrs *attrs, diff --git a/src/providers/ipa/ipa_netgroups.c b/src/providers/ipa/ipa_netgroups.c index 52d90af4ff1..57f11a50796 100644 --- a/src/providers/ipa/ipa_netgroups.c +++ b/src/providers/ipa/ipa_netgroups.c @@ -70,7 +70,10 @@ static errno_t ipa_save_netgroup(TALLOC_CTX *mem_ctx, struct ldb_message_element *el; struct sysdb_attrs *netgroup_attrs; const char *name = NULL; + char **missing; + int missing_index; int ret; + int i; size_t c; ret = sysdb_attrs_get_el(attrs, @@ -90,6 +93,23 @@ static errno_t ipa_save_netgroup(TALLOC_CTX *mem_ctx, goto fail; } + missing = talloc_zero_array(netgroup_attrs, char *, attrs->num + 1); + if (missing == NULL) { + ret = ENOMEM; + goto fail; + } + + for (i = 0, missing_index = 0; i < attrs->num; i++) { + if (attrs->a[i].num_values == 0) { + missing[missing_index] = talloc_strdup(missing, attrs->a[i].name); + if (missing[missing_index] == NULL) { + ret = ENOMEM; + goto fail; + } + missing_index++; + } + } + ret = sysdb_attrs_get_el(attrs, SYSDB_ORIG_DN, &el); if (ret) { goto fail; @@ -138,7 +158,6 @@ static errno_t ipa_save_netgroup(TALLOC_CTX *mem_ctx, if (el->num_values == 0) { DEBUG(SSSDBG_TRACE_LIBS, "No original members for netgroup [%s]\n", name); - } else { DEBUG(SSSDBG_TRACE_LIBS, "Adding original members to netgroup [%s]\n", name); @@ -173,7 +192,7 @@ static errno_t ipa_save_netgroup(TALLOC_CTX *mem_ctx, DEBUG(SSSDBG_TRACE_FUNC, "Storing info for netgroup %s\n", name); - ret = sysdb_add_netgroup(dom, name, NULL, netgroup_attrs, NULL, + ret = sysdb_add_netgroup(dom, name, NULL, netgroup_attrs, missing, dom->netgroup_timeout, 0); if (ret) goto fail; @@ -866,6 +885,18 @@ static int ipa_netgr_process_all(struct ipa_get_netgroups_state *state) hash_iterate(state->new_netgroups, extract_netgroups, state); for (i = 0; i < state->netgroups_count; i++) { + /* Make sure these attributes always exist, so we can remove them if + * there are no members. */ + ret = sysdb_attrs_add_empty(state->netgroups[i], SYSDB_NETGROUP_MEMBER); + if (ret != EOK) { + goto done; + } + + ret = sysdb_attrs_add_empty(state->netgroups[i], SYSDB_NETGROUP_TRIPLE); + if (ret != EOK) { + goto done; + } + /* load all its member netgroups, translate */ DEBUG(SSSDBG_TRACE_INTERNAL, "Extracting netgroup members of netgroup %d\n", i); ret = sysdb_attrs_get_string_array(state->netgroups[i], diff --git a/src/tests/system/tests/test_netgroups.py b/src/tests/system/tests/test_netgroups.py new file mode 100644 index 00000000000..6b6bc8e8b88 --- /dev/null +++ b/src/tests/system/tests/test_netgroups.py @@ -0,0 +1,108 @@ +""" +Netgroup tests. + +:requirement: netgroup +""" + +from __future__ import annotations + +import pytest +from sssd_test_framework.roles.client import Client +from sssd_test_framework.roles.generic import GenericProvider +from sssd_test_framework.topology import KnownTopologyGroup + + +@pytest.mark.tier(1) +@pytest.mark.ticket(gh=6652, bz=2162552) +@pytest.mark.topology(KnownTopologyGroup.AnyProvider) +def test_netgroups__add_remove_netgroup_triple(client: Client, provider: GenericProvider): + """ + :title: Netgroup triple is correctly removed from cached record + :setup: + 1. Create local user "user-1" + 2. Create netgroup "ng-1" + 3. Add "(-,user-1,)" triple to the netgroup + 4. Start SSSD + :steps: + 1. Run "getent netgroup ng-1" + 2. Remove "(-,user-1,)" triple from "ng-1" + 3. Invalidate netgroup in cache "sssctl cache-expire -n ng-1" + 4. Run "getent netgroup ng-1" + :expectedresults: + 1. "(-,user-1,)" is present in the netgroup + 2. Triple was removed from the netgroup + 3. Cached record was invalidated + 4. "(-,user-1,)" is not present in the netgroup + :customerscenario: True + """ + user = provider.user("user-1").add() + ng = provider.netgroup("ng-1").add().add_member(user=user) + + client.sssd.start() + + result = client.tools.getent.netgroup("ng-1") + assert result is not None + assert result.name == "ng-1" + assert len(result.members) == 1 + assert "(-, user-1)" in result.members + + ng.remove_member(user=user) + client.sssctl.cache_expire(netgroups=True) + + result = client.tools.getent.netgroup("ng-1") + assert result is not None + assert result.name == "ng-1" + assert len(result.members) == 0 + + +@pytest.mark.tier(1) +@pytest.mark.ticket(gh=6652, bz=2162552) +@pytest.mark.topology(KnownTopologyGroup.AnyProvider) +def test_netgroups__add_remove_netgroup_member(client: Client, provider: GenericProvider): + """ + :title: Netgroup member is correctly removed from cached record + :setup: + 1. Create local user "user-1" + 2. Create local user "user-2" + 3. Create netgroup "ng-1" + 4. Create netgroup "ng-2" + 5. Add "(-,user-1,)" triple to the netgroup "ng-1" + 6. Add "(-,user-2,)" triple to the netgroup "ng-2" + 7. Add "ng-1" as a member to "ng-2" + 8. Start SSSD + :steps: + 1. Run "getent netgroup ng-2" + 2. Remove "ng-1" from "ng-2" + 3. Invalidate netgroup "ng-2" in cache "sssctl cache-expire -n ng-2" + 4. Run "getent netgroup ng-2" + :expectedresults: + 1. "(-,user-1,)", "(-,user-2,)" is present in the netgroup + 2. Netgroup member was removed from the netgroup + 3. Cached record was invalidated + 4. "(-,user-1,)" is not present in the netgroup, only "(-,user-2,)" + :customerscenario: True + """ + u1 = provider.user("user-1").add() + u2 = provider.user("user-2").add() + + ng1 = provider.netgroup("ng-1").add().add_member(user=u1) + ng2 = provider.netgroup("ng-2").add().add_member(user=u2, ng=ng1) + + client.sssd.start() + + result = client.tools.getent.netgroup("ng-2") + assert result is not None + assert result.name == "ng-2" + assert len(result.members) == 2 + assert "(-, user-1)" in result.members + assert "(-, user-2)" in result.members + + ng2.remove_member(ng=ng1) + client.sssctl.cache_expire(netgroups=True) + + result = client.tools.getent.netgroup("ng-2") + assert result is not None + assert result.name == "ng-2" + assert len(result.members) == 1 + assert "(-, user-1)" not in result.members + assert "(-, user-2)" in result.members From 4b0683bda61a7e9c260ce73d47b62d6741f83482 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Alejandro=20L=C3=B3pez?= Date: Thu, 8 Jun 2023 17:37:51 +0200 Subject: [PATCH 026/280] AD: The shortcut must be used equally on _send() and _done() The conditions to use the shortcut in sdap_ad_tokengroups_initgroups_send() were modified without also changing sdap_ad_tokengroups_initgroups_done(). To avoid future problems like this, and because the condition is becoming more complex to evaluate, we evaluate the condition in the _send() function and keep the result in the state, for the _done() function to use it. Reviewed-by: Alexey Tikhonov Reviewed-by: Sumit Bose (cherry picked from commit dc9466e7371b98bc972ae2b3521f163f31a59a84) --- src/providers/ldap/sdap_async_initgroups_ad.c | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) diff --git a/src/providers/ldap/sdap_async_initgroups_ad.c b/src/providers/ldap/sdap_async_initgroups_ad.c index f5c88e2fbec..efd83d2dac8 100644 --- a/src/providers/ldap/sdap_async_initgroups_ad.c +++ b/src/providers/ldap/sdap_async_initgroups_ad.c @@ -1568,6 +1568,7 @@ errno_t sdap_ad_get_domain_local_groups_recv(struct tevent_req *req) struct sdap_ad_tokengroups_initgroups_state { bool use_id_mapping; + bool use_shortcut; struct sss_domain_info *domain; }; @@ -1591,7 +1592,6 @@ sdap_ad_tokengroups_initgroups_send(TALLOC_CTX *mem_ctx, struct tevent_req *req = NULL; struct tevent_req *subreq = NULL; errno_t ret; - bool use_shortcut; char **param = NULL; req = tevent_req_create(mem_ctx, &state, @@ -1613,14 +1613,14 @@ sdap_ad_tokengroups_initgroups_send(TALLOC_CTX *mem_ctx, * to avoid having to transfer and retain members when the fake * tokengroups object without name is replaced by the full group object */ - use_shortcut = false; + state->use_shortcut = false; if (state->use_id_mapping && !IS_SUBDOMAIN(state->domain) && !state->domain->ignore_group_members) { ret = confdb_get_param(id_ctx->be->cdb, mem_ctx, id_ctx->be->conf_path, CONFDB_NSS_FILTER_GROUPS, ¶m); if (ret == EOK) { - use_shortcut = (param == NULL || param[0] == NULL); + state->use_shortcut = (param == NULL || param[0] == NULL); talloc_free(param); } else { DEBUG(SSSDBG_MINOR_FAILURE, "Failed to access %s: %i (%s)\n", @@ -1628,7 +1628,7 @@ sdap_ad_tokengroups_initgroups_send(TALLOC_CTX *mem_ctx, /* Continue without using the shortcut. Safest option. */ } } - if (use_shortcut) { + if (state->use_shortcut) { subreq = sdap_ad_tokengroups_initgr_mapping_send(state, ev, opts, sysdb, domain, sh, name, orig_dn, @@ -1659,9 +1659,7 @@ static void sdap_ad_tokengroups_initgroups_done(struct tevent_req *subreq) req = tevent_req_callback_data(subreq, struct tevent_req); state = tevent_req_data(req, struct sdap_ad_tokengroups_initgroups_state); - if (state->use_id_mapping - && !IS_SUBDOMAIN(state->domain) - && state->domain->ignore_group_members == false) { + if (state->use_shortcut) { ret = sdap_ad_tokengroups_initgr_mapping_recv(subreq); } else { ret = sdap_ad_tokengroups_initgr_posix_recv(subreq); From e4e8e3444b5f476212cfd49d6f83af90d7b889f5 Mon Sep 17 00:00:00 2001 From: Madhuri Upadhye Date: Tue, 13 Jun 2023 15:12:30 +0530 Subject: [PATCH 027/280] Tests: Add package for tc command MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Adding package iproute-tc to get tc command. Signed-off-by: Madhuri Upadhye Reviewed-by: Jakub Vávra Reviewed-by: Shridhar Gadekar (cherry picked from commit 9c50b8ec14f0e167c937446a64213ef59eaa96ef) --- src/tests/multihost/sssd/testlib/common/utils.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/tests/multihost/sssd/testlib/common/utils.py b/src/tests/multihost/sssd/testlib/common/utils.py index a473f7f3748..de09c331a48 100644 --- a/src/tests/multihost/sssd/testlib/common/utils.py +++ b/src/tests/multihost/sssd/testlib/common/utils.py @@ -81,7 +81,7 @@ def client_install_pkgs(self): 'samba-winbind-clients autofs nfs-utils authconfig '\ 'authselect cifs-utils openldap-clients firewalld '\ 'tcpdump wireshark-cli expect rsyslog gcc gcc-c++ pam-devel '\ - 'tdb-tools libkcapi-hmaccalc strace' + 'tdb-tools libkcapi-hmaccalc strace iproute-tc' sssd_pkgs = 'sssd sssd-tools sssd-proxy sssd-winbind-idmap '\ 'libsss_autofs sssd-kcm sssd-dbus' extra_pkg = ' nss-pam-ldapd krb5-pkinit' From 02b158ff728eba7125625dcebbd53286f78bede0 Mon Sep 17 00:00:00 2001 From: Shridhar Gadekar Date: Tue, 13 Jun 2023 15:02:39 +0530 Subject: [PATCH 028/280] Test: dropping unstable dyndns tests Dropping unstable dyndns tests from c-ares gating (cherry picked from commit 6efb2779b79b86121f50852416e3ae63feac31a0) --- src/tests/multihost/ad/test_dyndns.py | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/src/tests/multihost/ad/test_dyndns.py b/src/tests/multihost/ad/test_dyndns.py index 3338aef6141..ab6e080c0f3 100644 --- a/src/tests/multihost/ad/test_dyndns.py +++ b/src/tests/multihost/ad/test_dyndns.py @@ -102,6 +102,7 @@ def remove_interface(): class TestDynDns(object): @staticmethod + @pytest.mark.c_ares def test_0001_verify_with_default_setting(multihost, adjoin): """ :title: IDM-SSSD-TC: ad_provider: dyndns: verify with default settings @@ -127,6 +128,7 @@ def test_0001_verify_with_default_setting(multihost, adjoin): assert dns.find_ptr(hostname, ip) @staticmethod + @pytest.mark.c_ares def test_0002_verify_when_dyndns_update_set_to_false(multihost, adjoin): """ :title: IDM-SSSD-TC: ad_provider: dyndns: verify when dyndns update set to false @@ -157,6 +159,7 @@ def test_0002_verify_when_dyndns_update_set_to_false(multihost, adjoin): assert dns.find_ptr(hostname, ip) is not True @staticmethod + @pytest.mark.c_ares def test_0003_verify_with_dyndns_ttl_functionality(multihost, adjoin): """ :title: IDM-SSSD-TC: ad_provider: dyndns: verify with dyndns ttl functionality @@ -228,6 +231,7 @@ def test_0004_check_dyndns_iface_with_existing_interfaces( assert ip not in dns.print_zone(domain) @staticmethod + @pytest.mark.c_ares def test_0005_check_dyndns_iface_with_non_existing_interfaces(multihost, adjoin): """ :title: IDM-SSSD-TC: ad_provider: dyndns: check dyndns iface with non-existing interfaces @@ -259,6 +263,7 @@ def test_0005_check_dyndns_iface_with_non_existing_interfaces(multihost, adjoin) assert dns.find_ptr(hostname, ip) is not True @staticmethod + @pytest.mark.c_ares def test_0006_check_with_dyndns_refresh_interval(multihost, adjoin, extra_network, extra_interface): """ :title: IDM-SSSD-TC: ad_provider: dyndns: check with dyndns refresh interval @@ -312,6 +317,7 @@ def test_0006_check_with_dyndns_refresh_interval(multihost, adjoin, extra_networ assert dns.find_ptr(hostname, extra_ip_after_refresh) @staticmethod + @pytest.mark.c_ares def test_0007_set_dyndns_update_ptr_false_ptr_records_are_absent(multihost, adjoin): """ :title: IDM-SSSD-TC: ad_provider: dyndns: set dyndns update ptr false ptr records are absent @@ -350,6 +356,7 @@ def test_0007_set_dyndns_update_ptr_false_ptr_records_are_absent(multihost, adjo assert dns.find_ptr(hostname, ip) is not True @staticmethod + @pytest.mark.c_ares def test_0008_set_dyndns_update_ptr_to_false_ptr_records_are_present( multihost, adjoin, extra_interface, extra_network): """ @@ -408,6 +415,7 @@ def test_0008_set_dyndns_update_ptr_to_false_ptr_records_are_present( assert dns.find_ptr(hostname, new_ip) is not True @staticmethod + @pytest.mark.c_ares def test_0009_check_with_dyndns_force_tcp(multihost, adjoin): """ :title: IDM-SSSD-TC: ad_provider: dyndns: check with dyndns force tcp @@ -457,6 +465,7 @@ def test_0009_check_with_dyndns_force_tcp(multihost, adjoin): assert dns.find_ptr(hostname, ip) @staticmethod + @pytest.mark.c_ares def test_0010_check_with_combination_of_addresses( multihost, adjoin, extra_interface, extra_network): """ @@ -497,6 +506,7 @@ def test_0010_check_with_combination_of_addresses( assert dns.find_ptr(hostname, ip) is not True @staticmethod + @pytest.mark.c_ares def test_0011_verify_use_after_free_in_dyndns_code_bz1132361(multihost, adjoin): """ :title: IDM-SSSD-TC: ad_provider: dyndns: verify use after free in dyndns code bz1132361 From bb64f2cd297b2b3467df8b45d418b81e9f933640 Mon Sep 17 00:00:00 2001 From: aborah Date: Tue, 13 Jun 2023 18:24:44 +0530 Subject: [PATCH 029/280] Tests: Skip test_0001_bz2021196 The test is unstable on other architectures so it is skipped for now. Reviewed-by: Madhuri Upadhye (cherry picked from commit d14be798bdebcc3587769c2406ee025340cf5162) --- src/tests/multihost/alltests/test_backtrace.py | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/tests/multihost/alltests/test_backtrace.py b/src/tests/multihost/alltests/test_backtrace.py index d72caceeeb1..d4468b36a85 100644 --- a/src/tests/multihost/alltests/test_backtrace.py +++ b/src/tests/multihost/alltests/test_backtrace.py @@ -72,6 +72,10 @@ def test_0001_bz2021196(self, multihost, backupsssdconf): 7. Should fail as expected 8. Should have string 'skipping repetitive backtrace' """ + arch = multihost.client[0].run_command( + 'uname -m', raiseonerr=False).stdout_text + if 'x86_64' not in arch: + pytest.skip("Test is unstable on architectures other than x86_64.") bad_url(multihost) tools = sssdTools(multihost.client[0]) section = f"domain/{ds_instance_name}" From 58a007de85da1e0522f58b120f8542821247891b Mon Sep 17 00:00:00 2001 From: Jakub Vavra Date: Tue, 13 Jun 2023 13:19:10 +0200 Subject: [PATCH 030/280] Tests: Skip test_0016_ad_parameters_ad_hostname_valid on other architectures. The test is unstable on other architectures so it is skipped for now. Reordered the asserts so we can seed if the connection to AD works as looking for log message has a lower priority. Reviewed-by: Madhuri Upadhye (cherry picked from commit 3e3d098646f7cae90857f9a92348aff14fd65429) --- .../multihost/ad/test_adparameters_ported.py | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) diff --git a/src/tests/multihost/ad/test_adparameters_ported.py b/src/tests/multihost/ad/test_adparameters_ported.py index a6a6fa42afe..0f8ea417fdc 100644 --- a/src/tests/multihost/ad/test_adparameters_ported.py +++ b/src/tests/multihost/ad/test_adparameters_ported.py @@ -1202,7 +1202,7 @@ def test_0015_ad_parameters_ad_hostname_machine( arch = multihost.client[0].run_command( 'uname -m', raiseonerr=False).stdout_text if 'x86_64' not in arch: - pytest.skip("Test is unstable on architectures other than x68_64.") + pytest.skip("Test is unstable on architectures other than x86_64.") adjoin(membersw='adcli') client = sssdTools(multihost.client[0], multihost.ad[0]) @@ -1256,10 +1256,11 @@ def test_0015_ad_parameters_ad_hostname_machine( f'hostname {old_hostname}', raiseonerr=False) # Evaluate test results - assert "Setting ad_hostname to [host1.kautest.com]" in log_str - assert f"Will look for host1.kautest.com@{ad_realm}" in log_str assert usr_cmd.returncode == 0, f"User {aduser} was not found." assert su_result, "The su command failed!" + assert "Setting ad_hostname to [host1.kautest.com]" in log_str + assert f"Will look for host1.kautest.com@{ad_realm}" in log_str + @staticmethod @pytest.mark.tier1_2 @@ -1293,6 +1294,10 @@ def test_0016_ad_parameters_ad_hostname_valid( 1. Remove AD user. :customerscenario: False """ + arch = multihost.client[0].run_command( + 'uname -m', raiseonerr=False).stdout_text + if 'x86_64' not in arch: + pytest.skip("Test is unstable on architectures other than x86_64.") adjoin(membersw='adcli') client = sssdTools(multihost.client[0], multihost.ad[0]) @@ -1341,13 +1346,13 @@ def test_0016_ad_parameters_ad_hostname_valid( multihost.client[0].run_command( f'hostname {old_hostname}', raiseonerr=False) # Evaluate test results + assert usr_cmd.returncode == 0, f"User {aduser} was not found." + assert grp_cmd.returncode == 0, f"Group {adgroup} was not found!" + assert su_result, "The su command failed!" assert f"Option ad_hostname has value {old_hostname}" in log_str assert f"Setting ad_hostname to [{old_hostname}]" not in log_str assert f"Will look for {old_hostname}@{ad_realm}" in log_str assert f"Trying to find principal {old_hostname}@{ad_realm}" in log_str - assert usr_cmd.returncode == 0, f"User {aduser} was not found." - assert grp_cmd.returncode == 0, f"Group {adgroup} was not found!" - assert su_result, "The su command failed!" @staticmethod @pytest.mark.tier2 From 19fecbf17db0774cc290f1e8cf4517b438d1663c Mon Sep 17 00:00:00 2001 From: Jakub Vavra Date: Thu, 15 Jun 2023 11:03:06 +0200 Subject: [PATCH 031/280] Tests: Improve stability of test_0004_bz2110091 Reviewed-by: Shridhar Gadekar (cherry picked from commit 54903c0e38f534bd48f890658b55c626431dd6d5) --- src/tests/multihost/ad/test_ad_misc.py | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/src/tests/multihost/ad/test_ad_misc.py b/src/tests/multihost/ad/test_ad_misc.py index 279d08a7e25..b00bc465ba4 100644 --- a/src/tests/multihost/ad/test_ad_misc.py +++ b/src/tests/multihost/ad/test_ad_misc.py @@ -317,8 +317,17 @@ def test_0004_bz2110091(multihost, adjoin, create_aduser_group): client.sssd_conf(dom_section, sssd_params) client.clear_sssd_cache() multihost.client[0].run_command('systemctl reboot', raiseonerr=False) - time.sleep(50) - dom_log = multihost.client[0].get_file_contents(f'/var/log/sssd/sssd_{domainname}.log').decode('utf-8') + time.sleep(30) + # Reboot takes a long time in some cases so we try multiple times. + for _ in range(1, 10): + try: + dom_log = multihost.client[0].get_file_contents(f'/var/log/sssd/sssd_{domainname}.log').decode('utf-8') + break + except OSError: + time.sleep(30) + else: + # There is no need to fail here as the assertion will fail anyway. + dom_log = "Could not pull the log file!" log1 = re.compile(r'Destroying.the.old.c-ares.channel', re.IGNORECASE) log2 = re.compile(r'\[recreate_ares_channel.*Initializing.new.c-ares.channel', re.IGNORECASE) assert log1.search(dom_log), 'Destroying the old c-ares related log missing' From 05bc18ce989eeee587b79327057232f7bbd4eb0c Mon Sep 17 00:00:00 2001 From: aborah Date: Wed, 31 May 2023 21:38:08 +0530 Subject: [PATCH 032/280] Tests: Add ssh module that is fast, reliable, accurate MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sssd tests seems to be failing with current ssh module without any reason. Reviewed-by: Jakub Vávra Reviewed-by: Scott Poore (cherry picked from commit 34dba5a3836a121a6485ec71ffc7234cd5ec24c0) --- src/tests/multihost/requirements.txt | 1 + .../sssd/testlib/common/ssh2_python.py | 89 +++++++++++++++++++ 2 files changed, 90 insertions(+) create mode 100644 src/tests/multihost/sssd/testlib/common/ssh2_python.py diff --git a/src/tests/multihost/requirements.txt b/src/tests/multihost/requirements.txt index 46d0c79825d..c5f8139a767 100644 --- a/src/tests/multihost/requirements.txt +++ b/src/tests/multihost/requirements.txt @@ -4,3 +4,4 @@ pytest_multihost python-ldap PyYAML pymmh3 +ssh2-python diff --git a/src/tests/multihost/sssd/testlib/common/ssh2_python.py b/src/tests/multihost/sssd/testlib/common/ssh2_python.py new file mode 100644 index 00000000000..ca21cf28d48 --- /dev/null +++ b/src/tests/multihost/sssd/testlib/common/ssh2_python.py @@ -0,0 +1,89 @@ +import socket +from ssh2.session import Session + + +class SSHClient: + """ ssh2 methods """ + def __init__(self, hostname, username, password): + """Initialize defaults""" + self.hostname = hostname + self.username = username + self.password = password + self.session = None + + def connect(self): + """login to host""" + sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) + sock.connect((self.hostname, 22)) + session = Session() + session.handshake(sock) + session.userauth_password(self.username, self.password) + self.session = session + + def execute_command(self, command): + """Run Non interactive Commands""" + channel = self.session.open_session() + channel.execute(command) + size, data = channel.read() + output = "" + while size > 0: + output += data.decode() + size, data = channel.read() + channel.close() + return output + + def close(self): + """Logout of ssh session""" + if self.session: + self.session.disconnect() + + +def check_login(hostname, user, password): + """This function will check user login + user: Name of the user. + hostname: Name of the machine where user will login. + password: User password. + """ + ssh = SSHClient(hostname, user, password) + ssh.connect() + ssh.close() + + +def check_login_client(multihost, user, password): + """This function will check user login + user: Name of the user. + password: User password. + """ + hostname = multihost.client[0].ip + ssh = SSHClient(hostname, user, password) + ssh.connect() + ssh.close() + + +def run_command(hostname, user, password, command): + """This function will execute command + user: Name of the user. + hostname: Name of the machine where user will login. + password: User password. + command: User command + """ + ssh = SSHClient(hostname, user, password) + ssh.connect() + result = ssh.execute_command(command) + ssh.close() + return result + + +def run_command_client(multihost, user, password, command): + """This function will execute command + user: Name of the user. + hostname: Name of the machine where user will login. + password: User password. + command: User command + """ + hostname = multihost.client[0].ip + ssh = SSHClient(hostname, user, password) + ssh.connect() + result = ssh.execute_command(command) + ssh.close() + return result From 895d194f3869ee7fa633fca51163afd2cea513c7 Mon Sep 17 00:00:00 2001 From: Sumit Bose Date: Wed, 7 Jun 2023 17:00:33 +0200 Subject: [PATCH 033/280] ldap: return failure if there are no grace logins left MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit If a user's password is expired while changing the LDAP password SSSD tries to change the password even if the initial bind of the user failed due to exhausted grace logins. With this patch the change password request will be aborted if the bind fails indicating that there are no grace logins left. Resolves: https://github.com/SSSD/sssd/issues/6768 Reviewed-by: Iker Pedrosa Reviewed-by: Pavel Březina (cherry picked from commit d99aa97dae7236fd056e21ea3d48997edf1b9823) --- src/providers/ldap/sdap_async_connection.c | 26 +++++++++++++++++----- 1 file changed, 21 insertions(+), 5 deletions(-) diff --git a/src/providers/ldap/sdap_async_connection.c b/src/providers/ldap/sdap_async_connection.c index e78662495dc..e8638725c78 100644 --- a/src/providers/ldap/sdap_async_connection.c +++ b/src/providers/ldap/sdap_async_connection.c @@ -860,15 +860,31 @@ static void simple_bind_done(struct sdap_op *op, } } else if (result == LDAP_INVALID_CREDENTIALS && pp_error == PP_passwordExpired) { + /* According to + * https://www.ietf.org/archive/id/draft-behera-ldap-password-policy-11.txt + * section 8.1.2.3.2. this condition means "No Remaining + * Grace Authentications". */ DEBUG(SSSDBG_TRACE_LIBS, - "Password expired user must set a new password.\n"); - ret = ERR_PASSWORD_EXPIRED; + "Password expired, grace logins exhausted.\n"); + ret = ERR_AUTH_FAILED; } } else if (strcmp(response_controls[c]->ldctl_oid, LDAP_CONTROL_PWEXPIRED) == 0) { - DEBUG(SSSDBG_TRACE_LIBS, - "Password expired user must set a new password.\n"); - ret = ERR_PASSWORD_EXPIRED; + /* I haven't found a proper documentation of this control only + * the Red Hat Directory Server documentation has a short + * description in the section "Understanding Password + * Expiration Controls", e.g. + * https://access.redhat.com/documentation/en-us/red_hat_directory_server/11/html/administration_guide/understanding_password_expiration_controls + */ + if (result == LDAP_INVALID_CREDENTIALS) { + DEBUG(SSSDBG_TRACE_LIBS, + "Password expired, grace logins exhausted.\n"); + ret = ERR_AUTH_FAILED; + } else { + DEBUG(SSSDBG_TRACE_LIBS, + "Password expired, user must set a new password.\n"); + ret = ERR_PASSWORD_EXPIRED; + } } else if (strcmp(response_controls[c]->ldctl_oid, LDAP_CONTROL_PWEXPIRING) == 0) { /* ignore controls with suspiciously long values */ From 5008f0f9286e6c07fb8cbf4e6c021b74d712a28c Mon Sep 17 00:00:00 2001 From: Sumit Bose Date: Wed, 7 Jun 2023 10:45:59 +0200 Subject: [PATCH 034/280] ad: use sAMAccountName to lookup hosts To determine which GPOs apply to the host running SSSD the full DN of the host object in AD is needed. To fine this object we use the NetBIOS name of the host which is stored in AD in the sAMAccountName attribute. Using other attributes, e.g. if ldap_user_name is set to a different attribute, will most probably cause a failure since those attributes are not managed as expected for host object. As a result sAMAccountName should be hardcoded here to avoid issues. Resolves: https://github.com/SSSD/sssd/issues/6766 Reviewed-by: Iker Pedrosa Reviewed-by: Justin Stephenson (cherry picked from commit 67c11c2ebae843f7ddd6b857efa2e1f6449986f3) --- src/providers/ad/ad_gpo.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/providers/ad/ad_gpo.c b/src/providers/ad/ad_gpo.c index 4b7bbf18200..44e9cbb2735 100644 --- a/src/providers/ad/ad_gpo.c +++ b/src/providers/ad/ad_gpo.c @@ -59,6 +59,7 @@ #define AD_AT_DN "distinguishedName" #define AD_AT_UAC "userAccountControl" +#define AD_AT_SAMACCOUNTNAME "sAMAccountName" #define AD_AT_CONFIG_NC "configurationNamingContext" #define AD_AT_GPLINK "gPLink" #define AD_AT_GPOPTIONS "gpOptions" @@ -2061,7 +2062,7 @@ ad_gpo_connect_done(struct tevent_req *subreq) filter = talloc_asprintf(state, "(&(objectclass=%s)(%s=%s))", state->opts->user_map[SDAP_OC_USER].name, - state->opts->user_map[SDAP_AT_USER_NAME].name, + AD_AT_SAMACCOUNTNAME, sam_account_name); if (filter == NULL) { ret = ENOMEM; From 5711bb2536fd413e81d4b9c59947000a1d2ba5d8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pavel=20B=C5=99ezina?= Date: Thu, 1 Jun 2023 13:09:15 +0200 Subject: [PATCH 035/280] cache_req: remove unused field cache_behavior from state MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This field is not used anywhere. Instead, we use value from struct cache_req. Reviewed-by: Alexey Tikhonov Reviewed-by: Tomáš Halman (cherry picked from commit 8b014bf1592454520ef6d113be9a5f1fd02e1285) --- src/responder/common/cache_req/cache_req.c | 1 - 1 file changed, 1 deletion(-) diff --git a/src/responder/common/cache_req/cache_req.c b/src/responder/common/cache_req/cache_req.c index 258dc1da507..b3b520492c3 100644 --- a/src/responder/common/cache_req/cache_req.c +++ b/src/responder/common/cache_req/cache_req.c @@ -702,7 +702,6 @@ struct cache_req_search_domains_state { bool check_next; bool dp_success; bool first_iteration; - enum cache_req_behavior cache_behavior; }; static errno_t cache_req_search_domains_next(struct tevent_req *req); From bc5fe9eb031cf188ba8a04f2340df735acadfb07 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pavel=20B=C5=99ezina?= Date: Thu, 1 Jun 2023 13:34:37 +0200 Subject: [PATCH 036/280] cache_req: fix propagation of offline status with cache_first = true MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit During the first iteration where the provider was not yet contacted, we set state->dp_success to false and if the record was not found we returned ERR_OFFLINE instead of ENOENT which causes the cache_req to continue and search the provider. Resolves: https://github.com/SSSD/sssd/issues/6739 Reviewed-by: Alexey Tikhonov Reviewed-by: Tomáš Halman (cherry picked from commit 32f578229d38766b208f33130e28317ca69001d2) --- src/responder/common/cache_req/cache_req.c | 38 +++- src/tests/system/tests/test_autofs.py | 204 +++++++++++++++++++++ 2 files changed, 236 insertions(+), 6 deletions(-) create mode 100644 src/tests/system/tests/test_autofs.py diff --git a/src/responder/common/cache_req/cache_req.c b/src/responder/common/cache_req/cache_req.c index b3b520492c3..b8275953261 100644 --- a/src/responder/common/cache_req/cache_req.c +++ b/src/responder/common/cache_req/cache_req.c @@ -712,6 +712,26 @@ static void cache_req_search_domains_locate_done(struct tevent_req *subreq); static void cache_req_search_domains_done(struct tevent_req *subreq); +static bool +cache_req_dp_contacted(struct cache_req_search_domains_state *state) +{ + switch (state->cr->cache_behavior) { + case CACHE_REQ_CACHE_FIRST: + if (state->first_iteration) { + /* This is the first iteration so provider was bypassed. */ + return false; + } + + /* This is the second iteration so the provider was contacted. */ + return true; + case CACHE_REQ_BYPASS_PROVIDER: + return false; + default: + /* Other schemas talks to provider immediately. */ + return true; + } +} + struct tevent_req * cache_req_search_domains_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, @@ -867,7 +887,7 @@ static errno_t cache_req_search_domains_next(struct tevent_req *req) * requests succeeded because only then we can be sure that it does * not exist- */ - if (state->dp_success) { + if (cache_req_dp_contacted(state) && state->dp_success) { cache_req_global_ncache_add(cr); } @@ -971,8 +991,10 @@ static void cache_req_search_domains_done(struct tevent_req *subreq) ret = cache_req_search_recv(state, subreq, &result, &dp_success); talloc_zfree(subreq); - /* Remember if any DP request fails. */ - state->dp_success = !dp_success ? false : state->dp_success; + /* Remember if any DP request fails, if DP was contacted. */ + if (cache_req_dp_contacted(state)) { + state->dp_success = !dp_success ? false : state->dp_success; + } switch (ret) { case EOK: @@ -984,7 +1006,9 @@ static void cache_req_search_domains_done(struct tevent_req *subreq) case ERR_ID_OUTSIDE_RANGE: case ENOENT: if (state->check_next == false) { - if (state->cr->data->propogate_offline_status && !state->dp_success) { + if (cache_req_dp_contacted(state) + && !state->dp_success + && state->cr->data->propogate_offline_status) { /* Not found and data provider request failed so we were * unable to fetch the data. */ ret = ERR_OFFLINE; @@ -1019,8 +1043,10 @@ static void cache_req_search_domains_done(struct tevent_req *subreq) case EAGAIN: break; default: - if (ret == ENOENT && state->cr->data->propogate_offline_status - && !state->dp_success) { + if (cache_req_dp_contacted(state) + && ret == ENOENT + && !state->dp_success + && state->cr->data->propogate_offline_status) { /* Not found and data provider request failed so we were * unable to fetch the data. */ ret = ERR_OFFLINE; diff --git a/src/tests/system/tests/test_autofs.py b/src/tests/system/tests/test_autofs.py new file mode 100644 index 00000000000..efe112231a3 --- /dev/null +++ b/src/tests/system/tests/test_autofs.py @@ -0,0 +1,204 @@ +""" +Autofs tests. + +:requirement: Ldap Provider - automount +""" + +from __future__ import annotations + +import pytest +from sssd_test_framework.roles.client import Client +from sssd_test_framework.roles.generic import GenericProvider +from sssd_test_framework.roles.nfs import NFS +from sssd_test_framework.topology import KnownTopologyGroup + + +@pytest.mark.ticket(gh=6739) +@pytest.mark.parametrize("cache_first", [False, True]) +@pytest.mark.topology(KnownTopologyGroup.AnyProvider) +def test_autofs__cache_first(client: Client, nfs: NFS, provider: GenericProvider, cache_first: bool): + """ + :title: Autofs works correctly with any cache_first value + :setup: + 1. Create NFS export + 2. Create auto.master map + 3. Create auto.export map + 4. Add /export (auto.export) key to auto.master + 5. Add "NFS export" key as "export" to auto.export + 6. Enable autofs responder + 7. Set [autofs]/cache_first = $cache_first + 8. Start SSSD + 9. Reload autofs daemon + :steps: + 1. Access /export/export + 2. Dump automount maps "automount -m" + :expectedresults: + 1. Directory can be accessed and it is correctly mounted to the NFS share + 2. /export contains auto.export map and "export" key + :customerscenario: False + """ + nfs_export = nfs.export("export").add() + auto_master = provider.automount.map("auto.master").add() + auto_export = provider.automount.map("auto.export").add() + auto_master.key("/export").add(info=auto_export) + key = auto_export.key("export").add(info=nfs_export) + + # Start SSSD + client.sssd.common.autofs() + client.sssd.autofs["cache_first"] = str(cache_first) + client.sssd.start() + + # Reload automounter in order fetch updated maps + client.automount.reload() + + # Check that we can mount the exported directory + assert client.automount.mount("/export/export", nfs_export) + + # Check that the maps are correctly fetched + assert client.automount.dumpmaps() == { + "/export": {"map": "auto.export", "keys": [str(key)]}, + } + + +@pytest.mark.topology(KnownTopologyGroup.AnyProvider) +def test_autofs__propagate_offline__single_domain(client: Client, provider: GenericProvider): + """ + :title: Autofs propagates offline status if a domain is offline + :setup: + 1. Block LDAP port on the provider + 2. Enable autofs responder + 3. Start SSSD + 4. Reload autofs daemon + :steps: + 1. Read autofs responder logs + :expectedresults: + 1. cache_req returns "SSSD is offline" when data provider is offline for auto.master search + :customerscenario: False + """ + # Render the provider offline + provider.firewall.drop(389) + + # Start SSSD + client.sssd.common.autofs() + client.sssd.start() + + # Reload automounter in order fetch updated maps + client.automount.reload() + + # Check that offline status was returned from cache req + log = client.fs.read(client.sssd.logs.autofs).splitlines() + offline_status_propagated = False + for index, line in enumerate(log): + if "cache_req_process_result" in line and "Finished: Error" in line and "SSSD is offline" in line: + if "Object [auto.master] was not found in cache" in log[index - 1]: + offline_status_propagated = True + break + + assert offline_status_propagated + + +@pytest.mark.topology(KnownTopologyGroup.AnyProvider) +def test_autofs__propagate_offline__multi_domain(client: Client): + """ + :title: Autofs propagates offline status if a domain is offline in multi domain environment + :setup: + 1. Create two fake LDAP domains that will be offline (the provider is online but does not have autofs maps) + 2. Enable autofs responder + 3. Start SSSD + 4. Reload autofs daemon + :steps: + 1. Read autofs responder logs + :expectedresults: + 1. cache_req returns "SSSD is offline" when data provider is offline for auto.master search + :customerscenario: False + """ + # Create fake domains, these will be offline + client.sssd.dom("fake1").update( + enabled="true", + id_provider="ldap", + ldap_uri="ldap://fake1.test", + ) + + client.sssd.dom("fake2").update( + enabled="true", + id_provider="ldap", + ldap_uri="ldap://fake2.test", + ) + + # Start SSSD + client.sssd.common.autofs() + client.sssd.start() + + # Reload automounter in order fetch updated maps + client.automount.reload() + + # Check that offline status was returned from cache req + log = client.fs.read(client.sssd.logs.autofs).splitlines() + offline_status_propagated = False + for index, line in enumerate(log): + if "cache_req_process_result" in line and "Finished: Error" in line and "SSSD is offline" in line: + if "Object [auto.master] was not found in cache" in log[index - 1]: + offline_status_propagated = True + break + + assert offline_status_propagated + + +@pytest.mark.topology(KnownTopologyGroup.AnyProvider) +def test_autofs__offline_domains(client: Client, nfs: NFS, provider: GenericProvider): + """ + :title: Autofs works if some domain is offline in multi domain environment + :setup: + 1. Create NFS export + 2. Create auto.master map + 3. Create auto.export map + 4. Add /export (auto.export) key to auto.master + 5. Add "NFS export" key as "export" to auto.export + 6. Create two fake LDAP domains that will be offline (the provider is online) + 7. Enable autofs responder + 8. Start SSSD + 9. Reload autofs daemon + :steps: + 1. Access /export/export + 2. Dump automount maps "automount -m" + :expectedresults: + 1. Directory can be accessed and it is correctly mounted to the NFS share + 2. /export contains auto.export map and "export" key + :customerscenario: False + """ + + # Create autofs maps + nfs_export = nfs.export("export").add() + auto_master = provider.automount.map("auto.master").add() + auto_export = provider.automount.map("auto.export").add() + auto_master.key("/export").add(info=auto_export) + key = auto_export.key("export").add(info=nfs_export) + + # Create fake domains, these will be offline + client.sssd.dom("fake1").update( + enabled="true", + id_provider="ldap", + ldap_uri="ldap://fake1.test", + ) + + client.sssd.dom("fake2").update( + enabled="true", + id_provider="ldap", + ldap_uri="ldap://fake2.test", + ) + + # Start SSSD + client.sssd.sssd["domain_resolution_order"] = f"fake1, fake2, {client.sssd.default_domain}" + client.sssd.common.autofs() + client.sssd.start() + + # Reload automounter in order fetch updated maps + client.automount.reload() + + # Check that we can mount the exported directory + assert client.automount.mount("/export/export", nfs_export) + + # Check that the maps are correctly fetched + assert client.automount.dumpmaps() == { + "/export": {"map": "auto.export", "keys": [str(key)]}, + } From d3c3408e0ef1df13c8c4d7fb6dc394fdb9a0886c Mon Sep 17 00:00:00 2001 From: Alexey Tikhonov Date: Sat, 10 Jun 2023 16:28:23 +0200 Subject: [PATCH 037/280] SYSDB: in case (ignore_group_members == true) group is actually complete MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Example workflow: - SSSD client is enrolled into AD domain (Token-Groups are enabled) - `id $user` is executed - initgroups() is called for this user - during processing of initgroups() sssd_be obtains a list of group SIDs user is a member of, and then partially resolves those groups and adds it to the local cache as "incomplete" (i.e. 'expired') - as a next step `id` calls getgrnam() for every group in initgroups() list - since groups are saved into the cache as "incomplete" (technically - "expired") this again results in LDAP search of this group. But if `ignore_group_members = true` this search doesn't provide new information. "Incomplete" groups could be used instead. Reviewed-by: Pavel Březina Reviewed-by: Sumit Bose (cherry picked from commit 2fd5374fdf78bc7330bd9e6f3b86bec86bdf592b) --- src/db/sysdb_ops.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/db/sysdb_ops.c b/src/db/sysdb_ops.c index d11d8d956b0..7a3c002130f 100644 --- a/src/db/sysdb_ops.c +++ b/src/db/sysdb_ops.c @@ -2307,8 +2307,10 @@ int sysdb_add_incomplete_group(struct sss_domain_info *domain, ret = sysdb_attrs_add_time_t(attrs, SYSDB_LAST_UPDATE, now); if (ret) goto done; + /* in case (ignore_group_members == true) group is actually complete */ ret = sysdb_attrs_add_time_t(attrs, SYSDB_CACHE_EXPIRE, - now-1); + domain->ignore_group_members ? + (now + domain->group_timeout) : (now-1)); if (ret) goto done; ret = sysdb_attrs_add_bool(attrs, SYSDB_POSIX, posix); From 50922242888b5f4d5b41f9c3549df45dc975dad1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Alejandro=20L=C3=B3pez?= Date: Wed, 31 May 2023 11:23:41 +0200 Subject: [PATCH 038/280] TEST: Fix pam-srv-tests to correctly treat the test name Test suite pam-srv-tests accepts a test name as the last argument to just run that test. However, this was failing because a pointer to the name is retrieved but the poptContext is freed immediately after, making pointer invalid. The poptContext is now released after using the pointer. Reviewed-by: Iker Pedrosa Reviewed-by: Sumit Bose (cherry picked from commit ca7c9f6066d150c1a88bda6bda2843f244e5289d) --- src/tests/cmocka/test_pam_srv.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/src/tests/cmocka/test_pam_srv.c b/src/tests/cmocka/test_pam_srv.c index e90a8bbb0e7..05b6790b655 100644 --- a/src/tests/cmocka/test_pam_srv.c +++ b/src/tests/cmocka/test_pam_srv.c @@ -4418,6 +4418,7 @@ int main(int argc, const char *argv[]) { poptContext pc; int opt; + int res; const char *single = NULL; struct poptOption long_options[] = { POPT_AUTOHELP @@ -4682,8 +4683,6 @@ int main(int argc, const char *argv[]) return 1; } - poptFreeContext(pc); - DEBUG_CLI_INIT(debug_level); /* Even though normally the tests should clean up after themselves @@ -4691,7 +4690,8 @@ int main(int argc, const char *argv[]) tests_set_cwd(); test_dom_suite_cleanup(TESTS_PATH, TEST_CONF_DB, TEST_DOM_NAME); - return sss_cmocka_run_group_tests(tests, sizeof(tests)/sizeof(tests[0]), - single); - + res = sss_cmocka_run_group_tests(tests, sizeof(tests)/sizeof(tests[0]), + single); + poptFreeContext(pc); + return res; } From 228183bf4a9ea93d6f6a97801646887a0491a944 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Alejandro=20L=C3=B3pez?= Date: Wed, 31 May 2023 13:53:03 +0200 Subject: [PATCH 039/280] IPA: Do not try to add duplicate values to the LDAP attributes When using extra attributes, an attribute could be listed twice and SSSD will try to add it twice to the cache. To handle this situation, each instance will be added to a single attribute with multiple values, but duplicated values will be dropped. This is done by calling `sysdb_attrs_add_val_safe()` instead of `sysdb_attrs_add_val()`. Reviewed-by: Iker Pedrosa Reviewed-by: Sumit Bose (cherry picked from commit dc508f032904f008714418509a13f79a17660659) --- src/providers/ipa/ipa_s2n_exop.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/providers/ipa/ipa_s2n_exop.c b/src/providers/ipa/ipa_s2n_exop.c index 616757e2d51..ca835f0aa40 100644 --- a/src/providers/ipa/ipa_s2n_exop.c +++ b/src/providers/ipa/ipa_s2n_exop.c @@ -663,7 +663,7 @@ static errno_t get_extra_attrs(BerElement *ber, struct resp_attrs *resp_attrs) v.length = values[c]->bv_len; } - ret = sysdb_attrs_add_val(resp_attrs->sysdb_attrs, name, &v); + ret = sysdb_attrs_add_val_safe(resp_attrs->sysdb_attrs, name, &v); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, "sysdb_attrs_add_val failed.\n"); ldap_memfree(name); From 42cf3c41c566cfca61397139cad079dd6d1e151c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Alejandro=20L=C3=B3pez?= Date: Tue, 6 Jun 2023 17:27:31 +0200 Subject: [PATCH 040/280] UTIL: New function string_in_list_size() Similar to string_in_list() but instead of taking a NULL-terminated list it take a list and its size. Reviewed-by: Iker Pedrosa Reviewed-by: Sumit Bose (cherry picked from commit 1b45f29f459f13173af99e75b4bb43ed945680aa) --- src/tests/util-tests.c | 45 +++++++++++++++++++++++++++++++++++++++++- src/util/util.h | 3 +++ src/util/util_ext.c | 21 ++++++++++++++++++++ 3 files changed, 68 insertions(+), 1 deletion(-) diff --git a/src/tests/util-tests.c b/src/tests/util-tests.c index 7f3a0d1bda5..d0a1c6e57a4 100644 --- a/src/tests/util-tests.c +++ b/src/tests/util-tests.c @@ -105,7 +105,7 @@ START_TEST(test_string_in_list) ck_assert_msg(!is_in, "String is in empty list."); is_in = string_in_list("ABC", list, false); - ck_assert_msg(is_in, "String is not list."); + ck_assert_msg(is_in, "String is not in list."); is_in = string_in_list("abc", list, false); ck_assert_msg(is_in, "String is not case in-sensitive list."); @@ -119,6 +119,48 @@ START_TEST(test_string_in_list) } END_TEST +START_TEST(test_string_in_list_size) +{ + bool is_in; + const char *empty_list[] = {}; + size_t empty_list_size = 0; + const char *list[] = {discard_const("ABC"), + discard_const("DEF"), + discard_const("GHI")}; + size_t list_size = sizeof(list) / sizeof(list[0]); + + is_in = string_in_list_size(NULL, NULL, 0, false); + ck_assert_msg(!is_in, "NULL string is in NULL list."); + + is_in = string_in_list_size(NULL, empty_list, empty_list_size, false); + ck_assert_msg(!is_in, "NULL string is in empty list."); + + is_in = string_in_list_size(NULL, list, list_size, false); + ck_assert_msg(!is_in, "NULL string is in list."); + + is_in = string_in_list_size("ABC", NULL, 0, false); + ck_assert_msg(!is_in, "String is in NULL list."); + + is_in = string_in_list_size("ABC", empty_list, empty_list_size, false); + ck_assert_msg(!is_in, "String is in empty list."); + + is_in = string_in_list_size("ABC", list, list_size, false); + ck_assert_msg(is_in, "String is not in list."); + + is_in = string_in_list_size("abc", list, list_size, false); + ck_assert_msg(is_in, "String is not case in-sensitive list."); + + is_in = string_in_list_size("abc", list, list_size, true); + ck_assert_msg(!is_in, "Wrong string found in case sensitive list."); + + is_in = string_in_list_size("123", list, list_size, false); + ck_assert_msg(!is_in, "Wrong string found in list."); + + is_in = string_in_list_size("GHI", list, list_size - 1, false); + ck_assert_msg(!is_in, "Size limit not respected."); +} +END_TEST + START_TEST(test_parse_args) { struct pa_testcase { @@ -1121,6 +1163,7 @@ Suite *util_suite(void) tcase_add_test (tc_util, test_parse_args); tcase_add_test (tc_util, test_add_string_to_list); tcase_add_test (tc_util, test_string_in_list); + tcase_add_test (tc_util, test_string_in_list_size); tcase_add_test (tc_util, test_split_on_separator); tcase_add_test (tc_util, test_check_ipv4_addr); tcase_add_test (tc_util, test_check_ipv6_addr); diff --git a/src/util/util.h b/src/util/util.h index 68302bb725d..c7994f1ff13 100644 --- a/src/util/util.h +++ b/src/util/util.h @@ -532,6 +532,9 @@ errno_t del_string_from_list(const char *string, bool string_in_list(const char *string, char **list, bool case_sensitive); +bool string_in_list_size(const char *string, const char **list, size_t size, + bool case_sensitive); + int domain_to_basedn(TALLOC_CTX *memctx, const char *domain, char **basedn); bool is_host_in_domain(const char *host, const char *domain); diff --git a/src/util/util_ext.c b/src/util/util_ext.c index 3ce03712358..c9839a907c5 100644 --- a/src/util/util_ext.c +++ b/src/util/util_ext.c @@ -147,6 +147,27 @@ bool string_in_list(const char *string, char **list, bool case_sensitive) return false; } +bool string_in_list_size(const char *string, const char **list, size_t size, + bool case_sensitive) +{ + size_t c; + int(*compare)(const char *s1, const char *s2); + + if (string == NULL || list == NULL || size == 0) { + return false; + } + + compare = case_sensitive ? strcmp : strcasecmp; + + for (c = 0; c < size; c++) { + if (compare(string, list[c]) == 0) { + return true; + } + } + + return false; +} + errno_t sss_filter_sanitize_ex(TALLOC_CTX *mem_ctx, const char *input, char **sanitized, From 010e61ffa0da1d58470cea9d5c506a117755bf62 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Alejandro=20L=C3=B3pez?= Date: Wed, 7 Jun 2023 11:12:46 +0200 Subject: [PATCH 041/280] UTIL: add_strings_lists() becomes add_strings_lists_ex() Old function add_strings_lists() copies any duplicate value. New function add_strings_lists_ex() take an argument to decide whether to discard duplicate values. add_strings_lists() is now a wrapper on add_strings_lists_ex(). Both function now take a const char *** instead of char ** as output parameter. An existing test was adapted and an new one added. Reviewed-by: Iker Pedrosa Reviewed-by: Sumit Bose (cherry picked from commit 2b8fed59140e32f7a8fa9bafe9e84b8db96d1ae5) --- src/providers/ipa/ipa_sudo_conversion.c | 2 +- src/responder/ifp/ifp_cache.c | 3 +- src/tests/cmocka/test_utils.c | 119 +++++++++++++++++++++++- src/util/util.c | 55 +++++++---- src/util/util.h | 22 ++++- 5 files changed, 177 insertions(+), 24 deletions(-) diff --git a/src/providers/ipa/ipa_sudo_conversion.c b/src/providers/ipa/ipa_sudo_conversion.c index 543f71a7b63..220d937b6fb 100644 --- a/src/providers/ipa/ipa_sudo_conversion.c +++ b/src/providers/ipa/ipa_sudo_conversion.c @@ -1082,7 +1082,7 @@ combine_cmdgroups(TALLOC_CTX *mem_ctx, } ret = add_strings_lists(mem_ctx, values, cmdgroup->expanded, - false, discard_const(&values)); + false, &values); if (ret != EOK) { talloc_free(tmp_ctx); return NULL; diff --git a/src/responder/ifp/ifp_cache.c b/src/responder/ifp/ifp_cache.c index 27681d094de..a4dd393aac2 100644 --- a/src/responder/ifp/ifp_cache.c +++ b/src/responder/ifp/ifp_cache.c @@ -173,8 +173,7 @@ ifp_cache_list_domains(TALLOC_CTX *mem_ctx, goto done; } - ret = add_strings_lists(tmp_ctx, paths, tmp_paths, true, - discard_const(&paths)); + ret = add_strings_lists(tmp_ctx, paths, tmp_paths, true, &paths); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, "Unable to build object list " "[%d]: %s\n", ret, sss_strerror(ret)); diff --git a/src/tests/cmocka/test_utils.c b/src/tests/cmocka/test_utils.c index 104dc0af43c..760e7130723 100644 --- a/src/tests/cmocka/test_utils.c +++ b/src/tests/cmocka/test_utils.c @@ -1536,11 +1536,14 @@ static int teardown_leak_tests(void **state) return 0; } +/* add_strings_list() is an alias for add_strings_list_ex() that allows for + * duplicate values. + */ void test_add_strings_lists(void **state) { - const char *l1[] = {"a", "b", "c", NULL}; - const char *l2[] = {"1", "2", "3", NULL}; - char **res; + const char *l1[] = {"a", "b", "c", "b", NULL}; + const char *l2[] = {"1", "2", "3", "2", NULL}; + const char **res; int ret; size_t c; size_t d; @@ -1631,6 +1634,113 @@ void test_add_strings_lists(void **state) talloc_free(res); } +/* add_strings_list_ex(skip_dups=false) was tested by add_string_list(). + * We now test add_strings_list_ex(skip_dups=true). + */ +void test_add_strings_lists_ex(void **state) +{ + /* Set duplicate values at the end of the array to simplify the comparison */ + const char *l1[] = {"a", "b", "c", "b", NULL}; + const char *l2[] = {"1", "2", "3", "2", NULL}; + const char *r1[sizeof(l1) / sizeof(*l1) - 1]; + const char *r2[sizeof(l2) / sizeof(*l2) - 1]; + const char **res; + int ret; + size_t c; + size_t d; + + /* The expected results must have the same pointers */ + memcpy(r1, l1, sizeof(r1) - sizeof(*r1)); + r1[sizeof(r1) / sizeof(*r1) - 1] = NULL; + memcpy(r2, l2, sizeof(r2) - sizeof(*r2)); + r2[sizeof(r2) / sizeof(*r2) - 1] = NULL; + + ret = add_strings_lists_ex(global_talloc_context, NULL, NULL, true, true, &res); + assert_int_equal(ret, EOK); + assert_non_null(res); + assert_null(res[0]); + talloc_free(res); + + ret = add_strings_lists_ex(global_talloc_context, NULL, NULL, false, true, &res); + assert_int_equal(ret, EOK); + assert_non_null(res); + assert_null(res[0]); + talloc_free(res); + + ret = add_strings_lists_ex(global_talloc_context, l1, NULL, false, true, &res); + assert_int_equal(ret, EOK); + assert_non_null(res); + for (c = 0; r1[c] != NULL; c++) { + /* 'copy_strings' is 'false', pointers must be equal */ + assert_int_equal(memcmp(&r1[c], &res[c], sizeof(char *)), 0); + } + assert_null(res[c]); + talloc_free(res); + + ret = add_strings_lists_ex(global_talloc_context, l1, NULL, true, true, &res); + assert_int_equal(ret, EOK); + assert_non_null(res); + for (c = 0; r1[c] != NULL; c++) { + /* 'copy_strings' is 'true', pointers must be different, but strings + * must be equal */ + assert_int_not_equal(memcmp(&r1[c], &res[c], sizeof(char *)), 0); + assert_string_equal(r1[c], res[c]); + } + assert_null(res[c]); + talloc_free(res); + + ret = add_strings_lists_ex(global_talloc_context, NULL, l1, false, true, &res); + assert_int_equal(ret, EOK); + assert_non_null(res); + for (c = 0; r1[c] != NULL; c++) { + /* 'copy_strings' is 'false', pointers must be equal */ + assert_int_equal(memcmp(&r1[c], &res[c], sizeof(char *)), 0); + } + assert_null(res[c]); + talloc_free(res); + + ret = add_strings_lists_ex(global_talloc_context, NULL, l1, true, true, &res); + assert_int_equal(ret, EOK); + assert_non_null(res); + for (c = 0; r1[c] != NULL; c++) { + /* 'copy_strings' is 'true', pointers must be different, but strings + * must be equal */ + assert_int_not_equal(memcmp(&r1[c], &res[c], sizeof(char *)), 0); + assert_string_equal(r1[c], res[c]); + } + assert_null(res[c]); + talloc_free(res); + + ret = add_strings_lists_ex(global_talloc_context, l1, l2, false, true, &res); + assert_int_equal(ret, EOK); + assert_non_null(res); + for (c = 0; r1[c] != NULL; c++) { + /* 'copy_strings' is 'false', pointers must be equal */ + assert_int_equal(memcmp(&r1[c], &res[c], sizeof(char *)), 0); + } + for (d = 0; r2[d] != NULL; d++) { + assert_int_equal(memcmp(&r2[d], &res[c+d], sizeof(char *)), 0); + } + assert_null(res[c+d]); + talloc_free(res); + + ret = add_strings_lists_ex(global_talloc_context, l1, l2, true, true, &res); + assert_int_equal(ret, EOK); + assert_non_null(res); + for (c = 0; r1[c] != NULL; c++) { + /* 'copy_strings' is 'true', pointers must be different, but strings + * must be equal */ + assert_int_not_equal(memcmp(&r1[c], &res[c], sizeof(char *)), 0); + assert_string_equal(r1[c], res[c]); + } + for (d = 0; r2[d] != NULL; d++) { + assert_int_not_equal(memcmp(&r2[d], &res[c+d], sizeof(char *)), 0); + assert_string_equal(r2[d], res[c+d]); + } + assert_null(res[c+d]); + talloc_free(res); +} + void test_sss_write_krb5_conf_snippet(void **state) { int ret; @@ -2331,6 +2441,9 @@ int main(int argc, const char *argv[]) cmocka_unit_test_setup_teardown(test_add_strings_lists, setup_leak_tests, teardown_leak_tests), + cmocka_unit_test_setup_teardown(test_add_strings_lists_ex, + setup_leak_tests, + teardown_leak_tests), cmocka_unit_test(test_sss_write_krb5_conf_snippet), cmocka_unit_test(test_get_hidden_path), cmocka_unit_test_setup_teardown(test_sss_unique_file, diff --git a/src/util/util.c b/src/util/util.c index 1ed526ec3ab..6546b6027c4 100644 --- a/src/util/util.c +++ b/src/util/util.c @@ -674,14 +674,17 @@ const char * const * get_known_services(void) return svc; } -errno_t add_strings_lists(TALLOC_CTX *mem_ctx, const char **l1, const char **l2, - bool copy_strings, char ***_new_list) +errno_t add_strings_lists_ex(TALLOC_CTX *mem_ctx, + const char **l1, const char **l2, + bool copy_strings, bool skip_dups, + const char ***_new_list) { size_t c; + size_t n; size_t l1_count = 0; size_t l2_count = 0; size_t new_count = 0; - char **new; + const char **new; int ret; if (l1 != NULL) { @@ -694,29 +697,49 @@ errno_t add_strings_lists(TALLOC_CTX *mem_ctx, const char **l1, const char **l2, new_count = l1_count + l2_count; - new = talloc_array(mem_ctx, char *, new_count + 1); + new = talloc_zero_array(mem_ctx, const char *, new_count + 1); if (new == NULL) { DEBUG(SSSDBG_OP_FAILURE, "talloc_array failed.\n"); return ENOMEM; } - new [new_count] = NULL; - if (copy_strings) { + if (copy_strings || skip_dups) { + n = 0; for(c = 0; c < l1_count; c++) { - new[c] = talloc_strdup(new, l1[c]); - if (new[c] == NULL) { - DEBUG(SSSDBG_OP_FAILURE, "talloc_strdup failed.\n"); - ret = ENOMEM; - goto done; + if (skip_dups) { + if (string_in_list_size(l1[c], new, n, false)) { + continue; + } + } + if (copy_strings) { + new[n] = talloc_strdup(new, l1[c]); + if (new[n] == NULL) { + DEBUG(SSSDBG_OP_FAILURE, "talloc_strdup failed.\n"); + ret = ENOMEM; + goto done; + } + } else { + new[n] = discard_const(l1[c]); } + n++; } for(c = 0; c < l2_count; c++) { - new[l1_count + c] = talloc_strdup(new, l2[c]); - if (new[l1_count + c] == NULL) { - DEBUG(SSSDBG_OP_FAILURE, "talloc_strdup failed.\n"); - ret = ENOMEM; - goto done; + if (skip_dups) { + if (string_in_list_size(l2[c], new, n, false)) { + continue; + } + } + if (copy_strings) { + new[n] = talloc_strdup(new, l2[c]); + if (new[n] == NULL) { + DEBUG(SSSDBG_OP_FAILURE, "talloc_strdup failed.\n"); + ret = ENOMEM; + goto done; + } + } else { + new[n] = discard_const(l2[c]); } + n++; } } else { if (l1 != NULL) { diff --git a/src/util/util.h b/src/util/util.h index c7994f1ff13..11dc40d572a 100644 --- a/src/util/util.h +++ b/src/util/util.h @@ -434,12 +434,30 @@ bool is_dbus_activated(void); * @param[in] copy_strings If set to 'true' the list items will be copied * otherwise only the pointers to the items are * copied. + * @param[in] skip_dups Whether the function should skip duplicate values. * @param[out] new_list New NULL-terminated list of strings. Must be freed * with talloc_free() by the caller. If copy_strings * is 'true' the new elements will be freed as well. */ -errno_t add_strings_lists(TALLOC_CTX *mem_ctx, const char **l1, const char **l2, - bool copy_strings, char ***_new_list); +errno_t add_strings_lists_ex(TALLOC_CTX *mem_ctx, + const char **l1, const char **l2, + bool copy_strings, bool skip_dups, + const char ***_new_list); + +/** + * @overload errno_t add_strings_lists_ex(TALLOC_CTX *mem_ctx, + * const char **l1, const char **l2, + * bool copy_strings, bool skip_dups, + * const char ***_new_list) + */ +static inline errno_t add_strings_lists(TALLOC_CTX *mem_ctx, + const char **l1, const char **l2, + bool copy_strings, + const char ***_new_list) +{ + return add_strings_lists_ex(mem_ctx, l1, l2, copy_strings, false, _new_list); +} + /** * @brief set file descriptor as nonblocking From bfc88dc3c637eb5ceaba5345f779d560ff9c81c8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Alejandro=20L=C3=B3pez?= Date: Wed, 7 Jun 2023 11:39:55 +0200 Subject: [PATCH 042/280] RESPONDER: attr_in_list() is replaced by string_in_list_size() Both functions do the same thing, so it is useless to have them both. attr_in_list() has, however, a more descriptive name for its use in this module, so we'll keep it as an inlined wrapper. Reviewed-by: Iker Pedrosa Reviewed-by: Sumit Bose (cherry picked from commit de258f011b9c6fc97e9157435cd2845be1c5d0e0) --- src/responder/common/responder_utils.c | 10 +--------- 1 file changed, 1 insertion(+), 9 deletions(-) diff --git a/src/responder/common/responder_utils.c b/src/responder/common/responder_utils.c index 8e5dcc017e0..6d630a06773 100644 --- a/src/responder/common/responder_utils.c +++ b/src/responder/common/responder_utils.c @@ -30,15 +30,7 @@ static inline bool attr_in_list(const char **list, size_t nlist, const char *str) { - size_t i; - - for (i = 0; i < nlist; i++) { - if (strcasecmp(list[i], str) == 0) { - break; - } - } - - return (i < nlist) ? true : false; + return string_in_list_size(str, list, nlist, false); } const char **parse_attr_list_ex(TALLOC_CTX *mem_ctx, const char *conf_str, From 355b0c2e89606a0db1697b232743f50a2e60ee57 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Alejandro=20L=C3=B3pez?= Date: Thu, 8 Jun 2023 13:23:53 +0200 Subject: [PATCH 043/280] IPA: Do not duplicate the entry attributes. The extra attributes are concatenated to other required attributes for some operations. In some cases the attribute list ends up having duplicate attributes, either because accidentally the user added it twice to the ldap_user_extra_attrs list, or one or more of those attributes are also in the required list. Removing the duplicates each time the lists are concatenated increases the concatenation time. And this is done every time. So we try to concatenate the attribute lists at start up, filtering duplicates, and use that list. To do that, we consider the two cases where the list concatenation is done. In one of the cases, the added attributes are a subset of the other list. So we factorized this list to add the common attributes to the list at start up. Only the non-common attributes are added while serving a request. The complete list is now stored in the `full_attribute_list` field. An existing test suite was adapted to this new situation as it now needs to initialize the new field. Reviewed-by: Iker Pedrosa Reviewed-by: Sumit Bose (cherry picked from commit b50415978d2f0fad3291d86e0a5340be7ab90528) --- src/responder/common/responder_utils.c | 10 ++++++ src/responder/nss/nss_cmd.c | 41 +++++++----------------- src/responder/nss/nss_private.h | 1 + src/responder/nss/nss_protocol_sid.c | 44 ++++++-------------------- src/responder/nss/nsssrv.c | 24 ++++++++++++++ src/tests/cmocka/test_nss_srv.c | 31 +++++++++++++++++- 6 files changed, 87 insertions(+), 64 deletions(-) diff --git a/src/responder/common/responder_utils.c b/src/responder/common/responder_utils.c index 6d630a06773..47aeace8beb 100644 --- a/src/responder/common/responder_utils.c +++ b/src/responder/common/responder_utils.c @@ -110,6 +110,11 @@ const char **parse_attr_list_ex(TALLOC_CTX *mem_ctx, const char *conf_str, continue; } + /* If the attribute is already in the list, skip it */ + if (attr_in_list(list, li, allow[i])) { + continue; + } + list[li] = talloc_strdup(list, allow[i]); if (list[li] == NULL) { goto done; @@ -128,6 +133,11 @@ const char **parse_attr_list_ex(TALLOC_CTX *mem_ctx, const char *conf_str, continue; } + /* If the attribute is already in the list, skip it */ + if (attr_in_list(list, li, defaults[i])) { + continue; + } + list[li] = talloc_strdup(list, defaults[i]); if (list[li] == NULL) { goto done; diff --git a/src/responder/nss/nss_cmd.c b/src/responder/nss/nss_cmd.c index 477920452a3..dd801139bd7 100644 --- a/src/responder/nss/nss_cmd.c +++ b/src/responder/nss/nss_cmd.c @@ -1209,38 +1209,21 @@ static errno_t sss_nss_cmd_getorigbyname_common(struct cli_ctx *cli_ctx, errno_t ret; struct sss_nss_ctx *nss_ctx; const char **attrs; - static const char *defattrs[] = { SYSDB_NAME, SYSDB_OBJECTCATEGORY, - SYSDB_SID_STR, - ORIGINALAD_PREFIX SYSDB_NAME, - ORIGINALAD_PREFIX SYSDB_UIDNUM, - ORIGINALAD_PREFIX SYSDB_GIDNUM, - ORIGINALAD_PREFIX SYSDB_GECOS, - ORIGINALAD_PREFIX SYSDB_HOMEDIR, - ORIGINALAD_PREFIX SYSDB_SHELL, - SYSDB_UPN, - SYSDB_DEFAULT_OVERRIDE_NAME, - SYSDB_AD_ACCOUNT_EXPIRES, - SYSDB_AD_USER_ACCOUNT_CONTROL, - SYSDB_SSH_PUBKEY, - SYSDB_USER_CERT, - SYSDB_USER_EMAIL, - SYSDB_ORIG_DN, - SYSDB_ORIG_MEMBEROF, - SYSDB_DEFAULT_ATTRS, NULL }; + static const char *cache_attrs[] = { SYSDB_NAME, + SYSDB_OBJECTCATEGORY, + SYSDB_SID_STR, + SYSDB_DEFAULT_ATTRS, + NULL }; nss_ctx = talloc_get_type(cli_ctx->rctx->pvt_ctx, struct sss_nss_ctx); - if (nss_ctx->extra_attributes != NULL) { - ret = add_strings_lists(cli_ctx, defattrs, nss_ctx->extra_attributes, - false, discard_const(&attrs)); - if (ret != EOK) { - DEBUG(SSSDBG_OP_FAILURE, - "Unable to concatenate attributes [%d]: %s\n", - ret, sss_strerror(ret)); - return ENOMEM; - } - } else { - attrs = defattrs; + ret = add_strings_lists_ex(cli_ctx, cache_attrs, nss_ctx->full_attribute_list, + false, true, &attrs); + if (ret != EOK) { + DEBUG(SSSDBG_OP_FAILURE, + "Unable to concatenate attributes [%d]: %s\n", + ret, sss_strerror(ret)); + return ENOMEM; } return sss_nss_getby_name(cli_ctx, false, type, attrs, diff --git a/src/responder/nss/nss_private.h b/src/responder/nss/nss_private.h index 0e16c51266d..e2f5a3e5a58 100644 --- a/src/responder/nss/nss_private.h +++ b/src/responder/nss/nss_private.h @@ -78,6 +78,7 @@ struct sss_nss_ctx { char *fallback_homedir; char *homedir_substr; const char **extra_attributes; + const char **full_attribute_list; /* Enumeration. */ struct sss_nss_enum_ctx *pwent; diff --git a/src/responder/nss/nss_protocol_sid.c b/src/responder/nss/nss_protocol_sid.c index 089b0488c8b..69d61bb609a 100644 --- a/src/responder/nss/nss_protocol_sid.c +++ b/src/responder/nss/nss_protocol_sid.c @@ -331,11 +331,11 @@ sss_nss_protocol_fill_orig(struct sss_nss_ctx *nss_ctx, { TALLOC_CTX *tmp_ctx; struct ldb_message *msg = result->msgs[0]; - const char **extra_attrs = NULL; + const char **full_attrs = NULL; enum sss_id_type id_type; struct sized_string *keys; struct sized_string *vals; - size_t extra_attrs_count = 0; + size_t full_attrs_count = 0; size_t array_size; size_t sum; size_t found; @@ -344,23 +344,6 @@ sss_nss_protocol_fill_orig(struct sss_nss_ctx *nss_ctx, size_t body_len; uint8_t *body; errno_t ret; - const char *orig_attrs[] = { SYSDB_SID_STR, - ORIGINALAD_PREFIX SYSDB_NAME, - ORIGINALAD_PREFIX SYSDB_UIDNUM, - ORIGINALAD_PREFIX SYSDB_GIDNUM, - ORIGINALAD_PREFIX SYSDB_HOMEDIR, - ORIGINALAD_PREFIX SYSDB_GECOS, - ORIGINALAD_PREFIX SYSDB_SHELL, - SYSDB_UPN, - SYSDB_DEFAULT_OVERRIDE_NAME, - SYSDB_AD_ACCOUNT_EXPIRES, - SYSDB_AD_USER_ACCOUNT_CONTROL, - SYSDB_SSH_PUBKEY, - SYSDB_USER_CERT, - SYSDB_USER_EMAIL, - SYSDB_ORIG_DN, - SYSDB_ORIG_MEMBEROF, - NULL }; if (result->count != 1) { DEBUG(SSSDBG_OP_FAILURE, @@ -379,14 +362,14 @@ sss_nss_protocol_fill_orig(struct sss_nss_ctx *nss_ctx, return ret; } - if (nss_ctx->extra_attributes != NULL) { - extra_attrs = nss_ctx->extra_attributes; - for (extra_attrs_count = 0; - extra_attrs[extra_attrs_count] != NULL; - extra_attrs_count++); + if (nss_ctx->full_attribute_list != NULL) { + full_attrs = nss_ctx->full_attribute_list; + for (full_attrs_count = 0; + full_attrs[full_attrs_count] != NULL; + full_attrs_count++); } - array_size = sizeof(orig_attrs) + extra_attrs_count; + array_size = full_attrs_count; keys = talloc_array(tmp_ctx, struct sized_string, array_size); vals = talloc_array(tmp_ctx, struct sized_string, array_size); if (keys == NULL || vals == NULL) { @@ -398,15 +381,8 @@ sss_nss_protocol_fill_orig(struct sss_nss_ctx *nss_ctx, sum = 0; found = 0; - ret = process_attr_list(tmp_ctx, msg, orig_attrs, &keys, &vals, - &array_size, &sum, &found); - if (ret != EOK) { - DEBUG(SSSDBG_OP_FAILURE, "process_attr_list failed.\n"); - goto done; - } - - if (extra_attrs_count != 0) { - ret = process_attr_list(tmp_ctx, msg, extra_attrs, &keys, &vals, + if (full_attrs_count != 0) { + ret = process_attr_list(tmp_ctx, msg, full_attrs, &keys, &vals, &array_size, &sum, &found); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, "process_attr_list failed.\n"); diff --git a/src/responder/nss/nsssrv.c b/src/responder/nss/nsssrv.c index 9f645bf848a..4673a64ca47 100644 --- a/src/responder/nss/nsssrv.c +++ b/src/responder/nss/nsssrv.c @@ -175,6 +175,23 @@ static int sss_nss_get_config(struct sss_nss_ctx *nctx, { int ret; char *tmp_str; + static const char *orig_attrs[] = { SYSDB_SID_STR, + ORIGINALAD_PREFIX SYSDB_NAME, + ORIGINALAD_PREFIX SYSDB_UIDNUM, + ORIGINALAD_PREFIX SYSDB_GIDNUM, + ORIGINALAD_PREFIX SYSDB_HOMEDIR, + ORIGINALAD_PREFIX SYSDB_GECOS, + ORIGINALAD_PREFIX SYSDB_SHELL, + SYSDB_UPN, + SYSDB_DEFAULT_OVERRIDE_NAME, + SYSDB_AD_ACCOUNT_EXPIRES, + SYSDB_AD_USER_ACCOUNT_CONTROL, + SYSDB_SSH_PUBKEY, + SYSDB_USER_CERT, + SYSDB_USER_EMAIL, + SYSDB_ORIG_DN, + SYSDB_ORIG_MEMBEROF, + NULL }; ret = confdb_get_int(cdb, CONFDB_NSS_CONF_ENTRY, CONFDB_NSS_ENUM_CACHE_TIMEOUT, 120, @@ -243,6 +260,13 @@ static int sss_nss_get_config(struct sss_nss_ctx *nctx, } } + ret = add_strings_lists_ex(nctx, nctx->extra_attributes, orig_attrs, false, + true, &nctx->full_attribute_list); + if (ret != EOK) { + ret = ENOMEM; + goto done; + } + ret = 0; done: return ret; diff --git a/src/tests/cmocka/test_nss_srv.c b/src/tests/cmocka/test_nss_srv.c index 7925aa2f0a8..c17a4973faf 100644 --- a/src/tests/cmocka/test_nss_srv.c +++ b/src/tests/cmocka/test_nss_srv.c @@ -35,6 +35,7 @@ #include "util/util_sss_idmap.h" #include "util/crypto/sss_crypto.h" #include "util/sss_endian.h" +#include "db/sysdb.h" #include "db/sysdb_iphosts.h" #include "db/sysdb_ipnetworks.h" @@ -57,7 +58,31 @@ struct sss_nss_test_ctx { int ncache_hits; }; -const char *global_extra_attrs[] = {"phone", "mobile", NULL}; +#define EXTRA_ATTRS "phone", "mobile" + +/* This list comes from nsssrv.c:sss_nss_get_config() and must be kept aligned */ +#define ORIG_ATTRS SYSDB_SID_STR, \ + ORIGINALAD_PREFIX SYSDB_NAME, \ + ORIGINALAD_PREFIX SYSDB_UIDNUM, \ + ORIGINALAD_PREFIX SYSDB_GIDNUM, \ + ORIGINALAD_PREFIX SYSDB_HOMEDIR, \ + ORIGINALAD_PREFIX SYSDB_GECOS, \ + ORIGINALAD_PREFIX SYSDB_SHELL, \ + SYSDB_UPN, \ + SYSDB_DEFAULT_OVERRIDE_NAME, \ + SYSDB_AD_ACCOUNT_EXPIRES, \ + SYSDB_AD_USER_ACCOUNT_CONTROL, \ + SYSDB_SSH_PUBKEY, \ + SYSDB_USER_CERT, \ + SYSDB_USER_EMAIL, \ + SYSDB_ORIG_DN, \ + SYSDB_ORIG_MEMBEROF + + +const char *global_extra_attrs[] = { EXTRA_ATTRS, NULL }; +const char *global_orig_attrs[] = { ORIG_ATTRS, NULL }; +const char *global_full_attrs[] = { ORIG_ATTRS, EXTRA_ATTRS, NULL }; + struct sss_nss_test_ctx *sss_nss_test_ctx; @@ -1457,6 +1482,8 @@ void test_sss_nss_setup(struct sss_test_conf_param params[], /* do after previous setup as the former nulls protocol_ctx */ sss_nss_test_ctx->cctx->protocol_ctx = mock_prctx(sss_nss_test_ctx->cctx); assert_non_null(sss_nss_test_ctx->cctx->protocol_ctx); + + sss_nss_test_ctx->nctx->full_attribute_list = global_orig_attrs; } struct group getgrnam_no_members = { @@ -3643,6 +3670,8 @@ static int sss_nss_test_setup_extra_attr(void **state) test_sss_nss_setup(params, state); sss_nss_test_ctx->nctx->extra_attributes = global_extra_attrs; + sss_nss_test_ctx->nctx->full_attribute_list = global_full_attrs; + return 0; } From aa06159484fe90a8a142dca3dcbcab77ef77b62e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=EA=B9=80=EC=9D=B8=EC=88=98?= Date: Fri, 2 Jun 2023 00:09:52 +0000 Subject: [PATCH 044/280] po: update translations (Korean) currently translated at 100.0% (714 of 714 strings) Translation: SSSD/SSSD-2-9 Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-2-9/ko/ --- po/ko.po | 34 ++++++++++++++-------------------- 1 file changed, 14 insertions(+), 20 deletions(-) diff --git a/po/ko.po b/po/ko.po index 2c17938aa04..b4d37d9d265 100644 --- a/po/ko.po +++ b/po/ko.po @@ -11,16 +11,16 @@ msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" "POT-Creation-Date: 2023-05-05 10:11+0200\n" -"PO-Revision-Date: 2022-12-12 14:09+0000\n" +"PO-Revision-Date: 2023-06-02 05:50+0000\n" "Last-Translator: 김인수 \n" "Language-Team: Korean \n" +"sssd-2-9/ko/>\n" "Language: ko\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=1; plural=0;\n" -"X-Generator: Weblate 4.14.2\n" +"X-Generator: Weblate 4.17\n" #: src/config/SSSDConfig/sssdoptions.py:20 #: src/config/SSSDConfig/sssdoptions.py:21 @@ -167,9 +167,8 @@ msgid "Enable or disable core dumps for all SSSD processes." msgstr "SSSD 프로세서를 위한 코어 덤프 활성화 또는 비활성화." #: src/config/SSSDConfig/sssdoptions.py:58 -#, fuzzy msgid "Tune passkey verification behavior" -msgstr "인증 확인을 조정합니다" +msgstr "패스키 확인 동작을 조정합니다" #: src/config/SSSDConfig/sssdoptions.py:61 msgid "Enumeration cache timeout length (seconds)" @@ -386,18 +385,16 @@ msgstr "" "목록" #: src/config/SSSDConfig/sssdoptions.py:117 -#, fuzzy msgid "Allow passkey device authentication." -msgstr "인증서 기반/스마트 카드 인증을 허용합니다." +msgstr "패스키 장치 인증을 허용합니다." #: src/config/SSSDConfig/sssdoptions.py:118 -#, fuzzy msgid "How many seconds will pam_sss wait for passkey_child to finish" -msgstr "p11_child가 완료될 때까지 pam_ss가 몇 초 동안 대기합니까" +msgstr "passkey_child가 완료될 때까지 pam_sss가 몇 초 동안 대기합니까" #: src/config/SSSDConfig/sssdoptions.py:119 msgid "Enable debugging in the libfido2 library" -msgstr "" +msgstr "libfido2 라이브러리에서 디버깅 활성화" #: src/config/SSSDConfig/sssdoptions.py:122 msgid "Whether to evaluate the time-based attributes in sudo rules" @@ -1511,9 +1508,8 @@ msgid "attribute containing the email address of the user" msgstr "사용자의 이메일 주소를 포함하는 속성" #: src/config/SSSDConfig/sssdoptions.py:449 -#, fuzzy msgid "attribute containing the passkey mapping data of the user" -msgstr "사용자의 이메일 주소를 포함하는 속성" +msgstr "사용자의 패스키 대응 자료를 포함하는 속성" #: src/config/SSSDConfig/sssdoptions.py:450 msgid "A list of extra attributes to download along with the user entry" @@ -2065,7 +2061,7 @@ msgstr "서버 메시지: " #: src/sss_client/pam_sss.c:71 msgid "Enter PIN:" -msgstr "" +msgstr "PIN 입력:" #: src/sss_client/pam_sss.c:314 msgid "Passwords do not match" @@ -2094,9 +2090,9 @@ msgid "Your password will expire in %1$d %2$s." msgstr "암호는 %1$d %2$s에 만료됩니다." #: src/sss_client/pam_sss.c:627 -#, fuzzy, c-format +#, c-format msgid "Your password has expired." -msgstr "암호는 %1$d %2$s에 만료됩니다." +msgstr "당신의 비밀번호가 만료되었습니다." #: src/sss_client/pam_sss.c:678 msgid "Authentication is denied until: " @@ -2157,7 +2153,7 @@ msgstr "두 번째 요인: " #: src/sss_client/pam_sss.c:2547 msgid "Insert your passkey device, then press ENTER." -msgstr "" +msgstr "자신의 패스키 장치를 넣고, 그런 후에 Enter를 눌러주세요." #: src/sss_client/pam_sss.c:2551 src/sss_client/pam_sss.c:2554 msgid "Password: " @@ -2508,9 +2504,8 @@ msgid "Passkey related tools:" msgstr "Passkey와 연관된 도구:" #: src/tools/sssctl/sssctl.c:348 -#, fuzzy msgid "Perform passkey registration" -msgstr "passkey와 연관된 동작을 수행합니다" +msgstr "패스키 등록을 수행합니다" #: src/tools/sssctl/sssctl_cache.c:31 #, c-format @@ -2688,9 +2683,8 @@ msgid "Error while reading configuration directory.\n" msgstr "설정 디렉토리를 읽는 도중 오류가 발생했습니다.\n" #: src/tools/sssctl/sssctl_config.c:147 -#, fuzzy msgid "There is no configuration.\n" -msgstr "%s에서 구성을 로드하지 못했습니다.\n" +msgstr "구성이 없습니다.\n" #: src/tools/sssctl/sssctl_config.c:157 msgid "Failed to run validators" From abce376cee1a59fbeb8d7b99528c9bbd5434eac6 Mon Sep 17 00:00:00 2001 From: Yuri Chornoivan Date: Thu, 1 Jun 2023 16:37:52 +0000 Subject: [PATCH 045/280] po: update translations (Ukrainian) currently translated at 100.0% (714 of 714 strings) Translation: SSSD/SSSD-2-9 Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-2-9/uk/ --- po/uk.po | 34 ++++++++++++++-------------------- 1 file changed, 14 insertions(+), 20 deletions(-) diff --git a/po/uk.po b/po/uk.po index f3acacd499f..b3295f09f83 100644 --- a/po/uk.po +++ b/po/uk.po @@ -16,17 +16,17 @@ msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" "POT-Creation-Date: 2023-05-05 10:11+0200\n" -"PO-Revision-Date: 2022-12-12 14:09+0000\n" +"PO-Revision-Date: 2023-06-02 05:50+0000\n" "Last-Translator: Yuri Chornoivan \n" "Language-Team: Ukrainian \n" +"sssd-2-9/uk/>\n" "Language: uk\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=3; plural=n%10==1 && n%100!=11 ? 0 : n%10>=2 && " "n%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2;\n" -"X-Generator: Weblate 4.14.2\n" +"X-Generator: Weblate 4.17\n" #: src/config/SSSDConfig/sssdoptions.py:20 #: src/config/SSSDConfig/sssdoptions.py:21 @@ -178,9 +178,8 @@ msgid "Enable or disable core dumps for all SSSD processes." msgstr "Увімкнути або вимкнути дампи ядра для усіх процесів SSSD." #: src/config/SSSDConfig/sssdoptions.py:58 -#, fuzzy msgid "Tune passkey verification behavior" -msgstr "Скоригувати перевірку сертифікатів" +msgstr "Скоригувати поведінку при перевірці пароля" #: src/config/SSSDConfig/sssdoptions.py:61 msgid "Enumeration cache timeout length (seconds)" @@ -430,20 +429,18 @@ msgstr "" "примусово встановлено доступ PAM із розпізнаванням GSSAPI" #: src/config/SSSDConfig/sssdoptions.py:117 -#, fuzzy msgid "Allow passkey device authentication." -msgstr "Дозволити розпізнавання за сертифікатом або смарткарткою." +msgstr "Дозволити розпізнавання за допомогою пристрою пароля." #: src/config/SSSDConfig/sssdoptions.py:118 -#, fuzzy msgid "How many seconds will pam_sss wait for passkey_child to finish" msgstr "" "Час у секундах, протягом якого pam_sss очікуватиме на завершення роботи " -"p11_child" +"passkey_child" #: src/config/SSSDConfig/sssdoptions.py:119 msgid "Enable debugging in the libfido2 library" -msgstr "" +msgstr "Увімкнути діагностику у бібліотеці libfido2" #: src/config/SSSDConfig/sssdoptions.py:122 msgid "Whether to evaluate the time-based attributes in sudo rules" @@ -1648,9 +1645,8 @@ msgid "attribute containing the email address of the user" msgstr "атрибут, що містить адресу електронної пошти користувача" #: src/config/SSSDConfig/sssdoptions.py:449 -#, fuzzy msgid "attribute containing the passkey mapping data of the user" -msgstr "атрибут, що містить адресу електронної пошти користувача" +msgstr "атрибут, що містить дані прив'язки ключа користувача" #: src/config/SSSDConfig/sssdoptions.py:450 msgid "A list of extra attributes to download along with the user entry" @@ -2227,7 +2223,7 @@ msgstr "Повідомлення сервера: " #: src/sss_client/pam_sss.c:71 msgid "Enter PIN:" -msgstr "" +msgstr "Введіть PIN:" #: src/sss_client/pam_sss.c:314 msgid "Passwords do not match" @@ -2256,9 +2252,9 @@ msgid "Your password will expire in %1$d %2$s." msgstr "Строк дії вашого пароля завершиться за %1$d %2$s." #: src/sss_client/pam_sss.c:627 -#, fuzzy, c-format +#, c-format msgid "Your password has expired." -msgstr "Строк дії вашого пароля завершиться за %1$d %2$s." +msgstr "Строк дії вашого пароля вичерпано." #: src/sss_client/pam_sss.c:678 msgid "Authentication is denied until: " @@ -2321,7 +2317,7 @@ msgstr "Другий фактор: " #: src/sss_client/pam_sss.c:2547 msgid "Insert your passkey device, then press ENTER." -msgstr "" +msgstr "Вставте ваш пристрій ключа і натисніть клавішу ENTER." #: src/sss_client/pam_sss.c:2551 src/sss_client/pam_sss.c:2554 msgid "Password: " @@ -2673,9 +2669,8 @@ msgid "Passkey related tools:" msgstr "Пов'язані із ключем інструменти:" #: src/tools/sssctl/sssctl.c:348 -#, fuzzy msgid "Perform passkey registration" -msgstr "Виконати пов'язані із ключем дії" +msgstr "Виконати реєстрацію ключа" #: src/tools/sssctl/sssctl_cache.c:31 #, c-format @@ -2858,9 +2853,8 @@ msgid "Error while reading configuration directory.\n" msgstr "Помилка під час спроби прочитати каталог налаштувань.\n" #: src/tools/sssctl/sssctl_config.c:147 -#, fuzzy msgid "There is no configuration.\n" -msgstr "Не вдалося завантажити налаштування з %s.\n" +msgstr "Немає налаштувань.\n" #: src/tools/sssctl/sssctl_config.c:157 msgid "Failed to run validators" From a94f39f0c4e6642a9f96428c75c7a3b4c7415835 Mon Sep 17 00:00:00 2001 From: Temuri Doghonadze Date: Sat, 3 Jun 2023 03:51:23 +0000 Subject: [PATCH 046/280] po: update translations (Georgian) currently translated at 8.1% (58 of 714 strings) Translation: SSSD/SSSD-2-9 Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-2-9/ka/ --- po/ka.po | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/po/ka.po b/po/ka.po index ff8fa46a9ed..110a0092673 100644 --- a/po/ka.po +++ b/po/ka.po @@ -7,16 +7,16 @@ msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" "POT-Creation-Date: 2023-05-05 10:11+0200\n" -"PO-Revision-Date: 2023-02-25 10:20+0000\n" +"PO-Revision-Date: 2023-06-04 04:20+0000\n" "Last-Translator: Temuri Doghonadze \n" "Language-Team: Georgian \n" +"sssd-2-9/ka/>\n" "Language: ka\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=2; plural=n != 1;\n" -"X-Generator: Weblate 4.15.2\n" +"X-Generator: Weblate 4.17\n" #: src/config/SSSDConfig/sssdoptions.py:20 #: src/config/SSSDConfig/sssdoptions.py:21 @@ -2043,7 +2043,7 @@ msgstr "" #: src/sss_client/pam_sss.c:816 src/sss_client/pam_sss.c:829 msgid "Password change failed. " -msgstr "" +msgstr "პაროლის შეცვლის შეცდომა. " #: src/sss_client/pam_sss.c:1797 #, c-format @@ -2829,7 +2829,7 @@ msgstr "" #: src/tools/sssctl/sssctl_logs.c:51 msgid "\n" -msgstr "" +msgstr "\n" #: src/tools/sssctl/sssctl_logs.c:215 msgid "SSSD is not running.\n" From 8e80798d505efd02082b0ad32259fc18668f85ee Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=EA=B9=80=EC=9D=B8=EC=88=98?= Date: Fri, 2 Jun 2023 18:11:33 +0000 Subject: [PATCH 047/280] po: update translations (Korean) currently translated at 100.0% (714 of 714 strings) Translation: SSSD/SSSD-2-9 Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-2-9/ko/ --- po/ko.po | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/po/ko.po b/po/ko.po index b4d37d9d265..eec03bd7604 100644 --- a/po/ko.po +++ b/po/ko.po @@ -11,7 +11,7 @@ msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" "POT-Creation-Date: 2023-05-05 10:11+0200\n" -"PO-Revision-Date: 2023-06-02 05:50+0000\n" +"PO-Revision-Date: 2023-06-04 04:20+0000\n" "Last-Translator: 김인수 \n" "Language-Team: Korean \n" @@ -1513,7 +1513,7 @@ msgstr "사용자의 패스키 대응 자료를 포함하는 속성" #: src/config/SSSDConfig/sssdoptions.py:450 msgid "A list of extra attributes to download along with the user entry" -msgstr "사용자 항목과 함께 다운로드할 추가 속성 목록" +msgstr "사용자 항목과 함께 내려받기 하려는 추가 속성의 목록" #: src/config/SSSDConfig/sssdoptions.py:452 msgid "Base DN for group lookups" From d37d72f0e15ae9fa57c0136f00986828677d60c4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Kemal=20Oktay=20Akto=C4=9Fan?= Date: Fri, 2 Jun 2023 13:07:03 +0000 Subject: [PATCH 048/280] po: update translations (Turkish) currently translated at 98.7% (705 of 714 strings) Translation: SSSD/SSSD-2-9 Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-2-9/tr/ --- po/tr.po | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/po/tr.po b/po/tr.po index eadc09fa674..ad5ff4a13b8 100644 --- a/po/tr.po +++ b/po/tr.po @@ -11,16 +11,16 @@ msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" "POT-Creation-Date: 2023-05-05 10:11+0200\n" -"PO-Revision-Date: 2023-04-13 13:20+0000\n" +"PO-Revision-Date: 2023-06-04 04:20+0000\n" "Last-Translator: Kemal Oktay Aktoğan \n" "Language-Team: Turkish \n" +"sssd-2-9/tr/>\n" "Language: tr\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=2; plural=(n>1);\n" -"X-Generator: Weblate 4.15.2\n" +"X-Generator: Weblate 4.17\n" #: src/config/SSSDConfig/sssdoptions.py:20 #: src/config/SSSDConfig/sssdoptions.py:21 @@ -419,9 +419,8 @@ msgstr "" ": çiftlerinin listesi" #: src/config/SSSDConfig/sssdoptions.py:117 -#, fuzzy msgid "Allow passkey device authentication." -msgstr "Sertifika tabanlı/Akıllı kart kimlik doğrulamasına izin ver." +msgstr "Geçiş anahtarı cihaz kimlik doğrulamasına izin ver." #: src/config/SSSDConfig/sssdoptions.py:118 #, fuzzy From f0d8f9364eb02302b651d3debdf050cc94b47b54 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Piotr=20Dr=C4=85g?= Date: Sun, 4 Jun 2023 13:13:05 +0000 Subject: [PATCH 049/280] po: update translations (Polish) currently translated at 100.0% (714 of 714 strings) Translation: SSSD/SSSD-2-9 Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-2-9/pl/ --- po/pl.po | 33 ++++++++++++++------------------- 1 file changed, 14 insertions(+), 19 deletions(-) diff --git a/po/pl.po b/po/pl.po index 826f4b842a8..ba4f05329d3 100644 --- a/po/pl.po +++ b/po/pl.po @@ -16,17 +16,17 @@ msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" "POT-Creation-Date: 2023-05-05 10:11+0200\n" -"PO-Revision-Date: 2022-12-12 12:44+0000\n" +"PO-Revision-Date: 2023-06-05 13:20+0000\n" "Last-Translator: Piotr Drąg \n" "Language-Team: Polish \n" +"sssd-2-9/pl/>\n" "Language: pl\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=3; plural=n==1 ? 0 : n%10>=2 && n%10<=4 && (n%100<10 " "|| n%100>=20) ? 1 : 2;\n" -"X-Generator: Weblate 4.14.2\n" +"X-Generator: Weblate 4.17\n" #: src/config/SSSDConfig/sssdoptions.py:20 #: src/config/SSSDConfig/sssdoptions.py:21 @@ -182,9 +182,8 @@ msgid "Enable or disable core dumps for all SSSD processes." msgstr "Włącza lub wyłącza zrzuty core dla wszystkich procesów SSSD." #: src/config/SSSDConfig/sssdoptions.py:58 -#, fuzzy msgid "Tune passkey verification behavior" -msgstr "Dostraja sprawdzanie poprawności certyfikatów" +msgstr "Dostraja zachowanie sprawdzania poprawności haseł-kluczy" #: src/config/SSSDConfig/sssdoptions.py:61 msgid "Enumeration cache timeout length (seconds)" @@ -418,18 +417,16 @@ msgstr "" "wymuszone dla dostępu PAM za pomocą uwierzytelniania GSSAPI" #: src/config/SSSDConfig/sssdoptions.py:117 -#, fuzzy msgid "Allow passkey device authentication." -msgstr "Zezwala na uwierzytelnianie za pomocą certyfikatów/smartcard." +msgstr "Zezwala na uwierzytelnianie za pomocą urządzenia hasła-klucza." #: src/config/SSSDConfig/sssdoptions.py:118 -#, fuzzy msgid "How many seconds will pam_sss wait for passkey_child to finish" -msgstr "Ile sekund pam_sss ma oczekiwać na ukończenie p11_child" +msgstr "Ile sekund pam_sss ma oczekiwać na ukończenie passkey_child" #: src/config/SSSDConfig/sssdoptions.py:119 msgid "Enable debugging in the libfido2 library" -msgstr "" +msgstr "Włącza debugowanie w bibliotece libfido2" #: src/config/SSSDConfig/sssdoptions.py:122 msgid "Whether to evaluate the time-based attributes in sudo rules" @@ -1601,9 +1598,8 @@ msgid "attribute containing the email address of the user" msgstr "atrybut zawierający adres e-mail użytkownika" #: src/config/SSSDConfig/sssdoptions.py:449 -#, fuzzy msgid "attribute containing the passkey mapping data of the user" -msgstr "atrybut zawierający adres e-mail użytkownika" +msgstr "atrybut zawierający dane mapowania hasła-klucza użytkownika" #: src/config/SSSDConfig/sssdoptions.py:450 msgid "A list of extra attributes to download along with the user entry" @@ -2161,7 +2157,7 @@ msgstr "Komunikat serwera: " #: src/sss_client/pam_sss.c:71 msgid "Enter PIN:" -msgstr "" +msgstr "Proszę podać kod PIN:" #: src/sss_client/pam_sss.c:314 msgid "Passwords do not match" @@ -2190,9 +2186,9 @@ msgid "Your password will expire in %1$d %2$s." msgstr "Hasło wygaśnie za %1$d %2$s." #: src/sss_client/pam_sss.c:627 -#, fuzzy, c-format +#, c-format msgid "Your password has expired." -msgstr "Hasło wygaśnie za %1$d %2$s." +msgstr "Hasło wygasło." #: src/sss_client/pam_sss.c:678 msgid "Authentication is denied until: " @@ -2257,6 +2253,7 @@ msgstr "Drugi czynnik: " #: src/sss_client/pam_sss.c:2547 msgid "Insert your passkey device, then press ENTER." msgstr "" +"Proszę włożyć urządzenie hasła-klucza, a następnie nacisnąć klawisz Enter." #: src/sss_client/pam_sss.c:2551 src/sss_client/pam_sss.c:2554 msgid "Password: " @@ -2609,9 +2606,8 @@ msgid "Passkey related tools:" msgstr "Narzędzia związane z hasłami-kluczami:" #: src/tools/sssctl/sssctl.c:348 -#, fuzzy msgid "Perform passkey registration" -msgstr "Wykonuje działania związane z hasłami-kluczami" +msgstr "Wykonuje rejestrację hasłem-kluczem" #: src/tools/sssctl/sssctl_cache.c:31 #, c-format @@ -2792,9 +2788,8 @@ msgid "Error while reading configuration directory.\n" msgstr "Błąd podczas odczytywania katalogu konfiguracji.\n" #: src/tools/sssctl/sssctl_config.c:147 -#, fuzzy msgid "There is no configuration.\n" -msgstr "Wczytanie konfiguracji z %s się nie powiodło.\n" +msgstr "Nie ma konfiguracji.\n" #: src/tools/sssctl/sssctl_config.c:157 msgid "Failed to run validators" From 8d3acd3b92913323c4a2f7db41b5b1e721789556 Mon Sep 17 00:00:00 2001 From: Elena Mishina Date: Mon, 5 Jun 2023 19:49:38 +0000 Subject: [PATCH 050/280] po: update translations (Russian) currently translated at 100.0% (714 of 714 strings) Translation: SSSD/SSSD-2-9 Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-2-9/ru/ --- po/ru.po | 34 ++++++++++++++-------------------- 1 file changed, 14 insertions(+), 20 deletions(-) diff --git a/po/ru.po b/po/ru.po index f210c923f1f..9eac9e828c6 100644 --- a/po/ru.po +++ b/po/ru.po @@ -13,17 +13,17 @@ msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" "POT-Creation-Date: 2023-05-05 10:11+0200\n" -"PO-Revision-Date: 2022-12-14 19:20+0000\n" +"PO-Revision-Date: 2023-06-06 20:20+0000\n" "Last-Translator: Elena Mishina \n" "Language-Team: Russian \n" +"sssd-2-9/ru/>\n" "Language: ru\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=3; plural=n%10==1 && n%100!=11 ? 0 : n%10>=2 && " "n%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2;\n" -"X-Generator: Weblate 4.14.2\n" +"X-Generator: Weblate 4.17\n" #: src/config/SSSDConfig/sssdoptions.py:20 #: src/config/SSSDConfig/sssdoptions.py:21 @@ -173,9 +173,8 @@ msgid "Enable or disable core dumps for all SSSD processes." msgstr "Включить или отключить дампы памяти для всех процессов SSSD." #: src/config/SSSDConfig/sssdoptions.py:58 -#, fuzzy msgid "Tune passkey verification behavior" -msgstr "Настроить проверку сертификатов" +msgstr "Настроить проверку ключа доступа" #: src/config/SSSDConfig/sssdoptions.py:61 msgid "Enumeration cache timeout length (seconds)" @@ -433,20 +432,18 @@ msgstr "" "GSSAPI" #: src/config/SSSDConfig/sssdoptions.py:117 -#, fuzzy msgid "Allow passkey device authentication." -msgstr "Разрешить проверку подлинности на основе сертификата или смарт-карты." +msgstr "Разрешить проверку подлинности на основе ключа доступа." #: src/config/SSSDConfig/sssdoptions.py:118 -#, fuzzy msgid "How many seconds will pam_sss wait for passkey_child to finish" msgstr "" "Разрешённое количество секунд, в течение которого pam_sss ожидает завершения " -"работы p11_child" +"работы passkey_child" #: src/config/SSSDConfig/sssdoptions.py:119 msgid "Enable debugging in the libfido2 library" -msgstr "" +msgstr "Включить отладку в библиотеке libfido2" #: src/config/SSSDConfig/sssdoptions.py:122 msgid "Whether to evaluate the time-based attributes in sudo rules" @@ -1634,9 +1631,8 @@ msgid "attribute containing the email address of the user" msgstr "Атрибут, который содержит адрес электронной почты пользователя" #: src/config/SSSDConfig/sssdoptions.py:449 -#, fuzzy msgid "attribute containing the passkey mapping data of the user" -msgstr "Атрибут, который содержит адрес электронной почты пользователя" +msgstr "атрибут, содержащий данные сопоставления ключа доступа пользователя" #: src/config/SSSDConfig/sssdoptions.py:450 msgid "A list of extra attributes to download along with the user entry" @@ -2206,7 +2202,7 @@ msgstr "Сообщение сервера: " #: src/sss_client/pam_sss.c:71 msgid "Enter PIN:" -msgstr "" +msgstr "Введите PIN:" #: src/sss_client/pam_sss.c:314 msgid "Passwords do not match" @@ -2235,9 +2231,9 @@ msgid "Your password will expire in %1$d %2$s." msgstr "Срок действия пароля истекает через %1$d %2$s." #: src/sss_client/pam_sss.c:627 -#, fuzzy, c-format +#, c-format msgid "Your password has expired." -msgstr "Срок действия пароля истекает через %1$d %2$s." +msgstr "Срок действия пароля истёк." #: src/sss_client/pam_sss.c:678 msgid "Authentication is denied until: " @@ -2300,7 +2296,7 @@ msgstr "Второй фактор: " #: src/sss_client/pam_sss.c:2547 msgid "Insert your passkey device, then press ENTER." -msgstr "" +msgstr "Вставьте устройство с ключом доступа и нажмите ENTER." #: src/sss_client/pam_sss.c:2551 src/sss_client/pam_sss.c:2554 msgid "Password: " @@ -2653,9 +2649,8 @@ msgid "Passkey related tools:" msgstr "Инструменты, связанные с ключом:" #: src/tools/sssctl/sssctl.c:348 -#, fuzzy msgid "Perform passkey registration" -msgstr "Выполнить связанные с ключом действия" +msgstr "Зарегистрировать ключ доступа" #: src/tools/sssctl/sssctl_cache.c:31 #, c-format @@ -2837,9 +2832,8 @@ msgid "Error while reading configuration directory.\n" msgstr "Ошибка при чтении каталога конфигурации.\n" #: src/tools/sssctl/sssctl_config.c:147 -#, fuzzy msgid "There is no configuration.\n" -msgstr "Не удалось загрузить конфигурацию из %s.\n" +msgstr "Нет никакой конфигурации.\n" #: src/tools/sssctl/sssctl_config.c:157 msgid "Failed to run validators" From d95212b26cd3ad014090cb34900ee5235b53b04e Mon Sep 17 00:00:00 2001 From: Ludek Janda Date: Fri, 9 Jun 2023 11:59:20 +0000 Subject: [PATCH 051/280] po: update translations (French) currently translated at 100.0% (714 of 714 strings) Translation: SSSD/SSSD-2-9 Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-2-9/fr/ --- po/fr.po | 37 ++++++++++++++++--------------------- 1 file changed, 16 insertions(+), 21 deletions(-) diff --git a/po/fr.po b/po/fr.po index 1c900250038..5edba0beafb 100644 --- a/po/fr.po +++ b/po/fr.po @@ -19,16 +19,16 @@ msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" "POT-Creation-Date: 2023-05-05 10:11+0200\n" -"PO-Revision-Date: 2023-03-21 09:20+0000\n" -"Last-Translator: grimst \n" +"PO-Revision-Date: 2023-06-10 12:20+0000\n" +"Last-Translator: Ludek Janda \n" "Language-Team: French \n" +"sssd-2-9/fr/>\n" "Language: fr\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=2; plural=n > 1;\n" -"X-Generator: Weblate 4.15.2\n" +"X-Generator: Weblate 4.17\n" #: src/config/SSSDConfig/sssdoptions.py:20 #: src/config/SSSDConfig/sssdoptions.py:21 @@ -184,9 +184,8 @@ msgstr "" "Activer ou désactiver les vidages de noyau pour tous les processus SSSD." #: src/config/SSSDConfig/sssdoptions.py:58 -#, fuzzy msgid "Tune passkey verification behavior" -msgstr "Régler la vérification du certificat" +msgstr "Ajustez le comportement de la vérification de la clé de sécurité" #: src/config/SSSDConfig/sssdoptions.py:61 msgid "Enumeration cache timeout length (seconds)" @@ -435,18 +434,17 @@ msgstr "" "appliquées pour l'accès PAM avec authentification GSSAPI" #: src/config/SSSDConfig/sssdoptions.py:117 -#, fuzzy msgid "Allow passkey device authentication." -msgstr "Autoriser l'authentification par certificat/carte à puce." +msgstr "Autoriser l'authentification des périphériques par mot de passe." #: src/config/SSSDConfig/sssdoptions.py:118 -#, fuzzy msgid "How many seconds will pam_sss wait for passkey_child to finish" -msgstr "Combien de secondes pam_sss attendra-t-il la fin de p11_child" +msgstr "" +"Combien de secondes pam_sss attendra-t-il que passkey_child ait terminé ?" #: src/config/SSSDConfig/sssdoptions.py:119 msgid "Enable debugging in the libfido2 library" -msgstr "" +msgstr "Activer le débogage dans la bibliothèque libfido2" #: src/config/SSSDConfig/sssdoptions.py:122 msgid "Whether to evaluate the time-based attributes in sudo rules" @@ -1658,9 +1656,8 @@ msgid "attribute containing the email address of the user" msgstr "attribut contenant l’adresse email de l'utilisateur" #: src/config/SSSDConfig/sssdoptions.py:449 -#, fuzzy msgid "attribute containing the passkey mapping data of the user" -msgstr "attribut contenant l’adresse email de l'utilisateur" +msgstr "attribut contenant les données de mappage de la clé de l'utilisateur" #: src/config/SSSDConfig/sssdoptions.py:450 msgid "A list of extra attributes to download along with the user entry" @@ -2231,7 +2228,7 @@ msgstr "Message du serveur : " #: src/sss_client/pam_sss.c:71 msgid "Enter PIN:" -msgstr "" +msgstr "Saisissez le code PIN :" #: src/sss_client/pam_sss.c:314 msgid "Passwords do not match" @@ -2262,9 +2259,9 @@ msgid "Your password will expire in %1$d %2$s." msgstr "Votre mot de passe expirera dans %1$d %2$s." #: src/sss_client/pam_sss.c:627 -#, fuzzy, c-format +#, c-format msgid "Your password has expired." -msgstr "Votre mot de passe expirera dans %1$d %2$s." +msgstr "Votre mot de passe a expiré." #: src/sss_client/pam_sss.c:678 msgid "Authentication is denied until: " @@ -2327,7 +2324,7 @@ msgstr "Second facteur : " #: src/sss_client/pam_sss.c:2547 msgid "Insert your passkey device, then press ENTER." -msgstr "" +msgstr "Insérez votre passe-partout, puis appuyez sur la touche ENTER." #: src/sss_client/pam_sss.c:2551 src/sss_client/pam_sss.c:2554 msgid "Password: " @@ -2684,9 +2681,8 @@ msgid "Passkey related tools:" msgstr "Outils liés à la clé d’accès :" #: src/tools/sssctl/sssctl.c:348 -#, fuzzy msgid "Perform passkey registration" -msgstr "Effectuer des opérations liées à la clé d’accès" +msgstr "Effectuer l'enregistrement de la clé d'accès" #: src/tools/sssctl/sssctl_cache.c:31 #, c-format @@ -2868,9 +2864,8 @@ msgid "Error while reading configuration directory.\n" msgstr "Erreur lors de la lecture du répertoire de configuration.\n" #: src/tools/sssctl/sssctl_config.c:147 -#, fuzzy msgid "There is no configuration.\n" -msgstr "Impossible de charger la configuration à partir de %s.\n" +msgstr "Il n'y a pas de configuration.\n" #: src/tools/sssctl/sssctl_config.c:157 msgid "Failed to run validators" From 4f469c0b5ca4483bfe1e7529dd884835769b071d Mon Sep 17 00:00:00 2001 From: Ludek Janda Date: Fri, 9 Jun 2023 12:00:00 +0000 Subject: [PATCH 052/280] po: update translations (Japanese) currently translated at 100.0% (714 of 714 strings) Translation: SSSD/SSSD-2-9 Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-2-9/ja/ --- po/ja.po | 44 +++++++++++++++++++------------------------- 1 file changed, 19 insertions(+), 25 deletions(-) diff --git a/po/ja.po b/po/ja.po index c8649e5e17c..7651aa71e4d 100644 --- a/po/ja.po +++ b/po/ja.po @@ -15,16 +15,16 @@ msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" "POT-Creation-Date: 2023-05-05 10:11+0200\n" -"PO-Revision-Date: 2023-03-02 09:20+0000\n" +"PO-Revision-Date: 2023-06-10 12:20+0000\n" "Last-Translator: Ludek Janda \n" "Language-Team: Japanese \n" +"sssd-2-9/ja/>\n" "Language: ja\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=1; plural=0;\n" -"X-Generator: Weblate 4.15.2\n" +"X-Generator: Weblate 4.17\n" #: src/config/SSSDConfig/sssdoptions.py:20 #: src/config/SSSDConfig/sssdoptions.py:21 @@ -172,9 +172,8 @@ msgid "Enable or disable core dumps for all SSSD processes." msgstr "すべての SSSD プロセスのコアダンプを有効または無効にします。" #: src/config/SSSDConfig/sssdoptions.py:58 -#, fuzzy msgid "Tune passkey verification behavior" -msgstr "証明書検証の調整" +msgstr "パスキー検証の動作をチューニングする" #: src/config/SSSDConfig/sssdoptions.py:61 msgid "Enumeration cache timeout length (seconds)" @@ -397,18 +396,16 @@ msgstr "" " のリスト" #: src/config/SSSDConfig/sssdoptions.py:117 -#, fuzzy msgid "Allow passkey device authentication." -msgstr "証明書ベースまたはスマートカードによる認証を許可します。" +msgstr "パスキーデバイス認証を許可します。" #: src/config/SSSDConfig/sssdoptions.py:118 -#, fuzzy msgid "How many seconds will pam_sss wait for passkey_child to finish" -msgstr "p11_child が完了するまでに pam_sss が待つ秒数" +msgstr "pam_sss が passkey_child の終了を待機する秒数" #: src/config/SSSDConfig/sssdoptions.py:119 msgid "Enable debugging in the libfido2 library" -msgstr "" +msgstr "lifido2 ライブラリーでデバッグを有効にする" #: src/config/SSSDConfig/sssdoptions.py:122 msgid "Whether to evaluate the time-based attributes in sudo rules" @@ -1538,9 +1535,8 @@ msgid "attribute containing the email address of the user" msgstr "ユーザーの電子メールアドレスを含む属性" #: src/config/SSSDConfig/sssdoptions.py:449 -#, fuzzy msgid "attribute containing the passkey mapping data of the user" -msgstr "ユーザーの電子メールアドレスを含む属性" +msgstr "ユーザーのパスキーマッピングデータを含む属性" #: src/config/SSSDConfig/sssdoptions.py:450 msgid "A list of extra attributes to download along with the user entry" @@ -2094,7 +2090,7 @@ msgstr "サーバーのメッセージ: " #: src/sss_client/pam_sss.c:71 msgid "Enter PIN:" -msgstr "" +msgstr "PIN の入力:" #: src/sss_client/pam_sss.c:314 msgid "Passwords do not match" @@ -2123,9 +2119,9 @@ msgid "Your password will expire in %1$d %2$s." msgstr "あなたのパスワードは %1$d %2$s に期限切れになります。" #: src/sss_client/pam_sss.c:627 -#, fuzzy, c-format +#, c-format msgid "Your password has expired." -msgstr "あなたのパスワードは %1$d %2$s に期限切れになります。" +msgstr "パスワードの有効期限が切れています。" #: src/sss_client/pam_sss.c:678 msgid "Authentication is denied until: " @@ -2187,7 +2183,7 @@ msgstr "2 番目の要素: " #: src/sss_client/pam_sss.c:2547 msgid "Insert your passkey device, then press ENTER." -msgstr "" +msgstr "パスキーデバイスを挿入し、ENTER キーを押します。" #: src/sss_client/pam_sss.c:2551 src/sss_client/pam_sss.c:2554 msgid "Password: " @@ -2539,9 +2535,8 @@ msgid "Passkey related tools:" msgstr "パスキー関連のツール:" #: src/tools/sssctl/sssctl.c:348 -#, fuzzy msgid "Perform passkey registration" -msgstr "パスキー関連の操作を実行します" +msgstr "パスキー登録の実行" #: src/tools/sssctl/sssctl_cache.c:31 #, c-format @@ -2723,9 +2718,8 @@ msgid "Error while reading configuration directory.\n" msgstr "設定ディレクトリーの読み込み中にエラーが発生しました。\n" #: src/tools/sssctl/sssctl_config.c:147 -#, fuzzy msgid "There is no configuration.\n" -msgstr "%s からの設定の読み込みに失敗しました。\n" +msgstr "設定はありません。\n" #: src/tools/sssctl/sssctl_config.c:157 msgid "Failed to run validators" @@ -3044,7 +3038,7 @@ msgstr "IFP サービスをターゲットに設定" #: src/tools/sssctl/sssctl_logs.c:552 msgid "Specify debug level you want to set" -msgstr "設定したいデバッグレベルを指定します" +msgstr "設定するデバッグレベルを指定します" #: src/tools/sssctl/sssctl_logs.c:600 msgid "ERROR: Tevent chain ID support missing, log analyzer is unsupported.\n" @@ -3082,17 +3076,17 @@ msgstr "SSSD nss ユーザー検索の結果:\n" #: src/tools/sssctl/sssctl_user_checks.c:195 #, c-format msgid " - user name: %s\n" -msgstr " - user name: %s\n" +msgstr " - ユーザー名: %s\n" #: src/tools/sssctl/sssctl_user_checks.c:196 #, c-format msgid " - user id: %d\n" -msgstr " - user id: %d\n" +msgstr " - ユーザー id: %d\n" #: src/tools/sssctl/sssctl_user_checks.c:197 #, c-format msgid " - group id: %d\n" -msgstr " - group id: %d\n" +msgstr " - グループ id: %d\n" #: src/tools/sssctl/sssctl_user_checks.c:198 #, c-format @@ -3102,7 +3096,7 @@ msgstr " - gecos: %s\n" #: src/tools/sssctl/sssctl_user_checks.c:199 #, c-format msgid " - home directory: %s\n" -msgstr " - home directory: %s\n" +msgstr " - ホームディレクトリー: %s\n" #: src/tools/sssctl/sssctl_user_checks.c:200 #, c-format From c40d183cdf7fbec20d8a12dcf5f70744a8d98390 Mon Sep 17 00:00:00 2001 From: Ludek Janda Date: Fri, 9 Jun 2023 11:58:30 +0000 Subject: [PATCH 053/280] po: update translations (Chinese (Simplified) (zh_CN)) currently translated at 100.0% (714 of 714 strings) Translation: SSSD/SSSD-2-9 Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-2-9/zh_CN/ --- po/zh_CN.po | 34 ++++++++++++++-------------------- 1 file changed, 14 insertions(+), 20 deletions(-) diff --git a/po/zh_CN.po b/po/zh_CN.po index c12dfc823d0..bcea633faac 100644 --- a/po/zh_CN.po +++ b/po/zh_CN.po @@ -14,16 +14,16 @@ msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" "POT-Creation-Date: 2023-05-05 10:11+0200\n" -"PO-Revision-Date: 2023-03-02 09:20+0000\n" +"PO-Revision-Date: 2023-06-10 12:20+0000\n" "Last-Translator: Ludek Janda \n" "Language-Team: Chinese (Simplified) \n" +"projects/sssd/sssd-2-9/zh_CN/>\n" "Language: zh_CN\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=1; plural=0;\n" -"X-Generator: Weblate 4.15.2\n" +"X-Generator: Weblate 4.17\n" #: src/config/SSSDConfig/sssdoptions.py:20 #: src/config/SSSDConfig/sssdoptions.py:21 @@ -164,9 +164,8 @@ msgid "Enable or disable core dumps for all SSSD processes." msgstr "为所有 SSSD 进程启用或禁用内核转储。" #: src/config/SSSDConfig/sssdoptions.py:58 -#, fuzzy msgid "Tune passkey verification behavior" -msgstr "调整证书验证" +msgstr "调整密码验证行为" #: src/config/SSSDConfig/sssdoptions.py:61 msgid "Enumeration cache timeout length (seconds)" @@ -384,18 +383,16 @@ msgstr "" "验证进行 PAM 访问" #: src/config/SSSDConfig/sssdoptions.py:117 -#, fuzzy msgid "Allow passkey device authentication." -msgstr "允许基于证书/智能卡的身份验证。" +msgstr "允许使用通行密钥设备认证。" #: src/config/SSSDConfig/sssdoptions.py:118 -#, fuzzy msgid "How many seconds will pam_sss wait for passkey_child to finish" -msgstr "pam_sss 等待 p11_child 完成的时间(以秒为单位)" +msgstr "pam_sss 等待 passkey_child 完成的时间" #: src/config/SSSDConfig/sssdoptions.py:119 msgid "Enable debugging in the libfido2 library" -msgstr "" +msgstr "在 libfido2 库中启用调试功能" #: src/config/SSSDConfig/sssdoptions.py:122 msgid "Whether to evaluate the time-based attributes in sudo rules" @@ -1489,9 +1486,8 @@ msgid "attribute containing the email address of the user" msgstr "包含用户电子邮件地址的属性" #: src/config/SSSDConfig/sssdoptions.py:449 -#, fuzzy msgid "attribute containing the passkey mapping data of the user" -msgstr "包含用户电子邮件地址的属性" +msgstr "包含用户的通行密钥映射数据的属性" #: src/config/SSSDConfig/sssdoptions.py:450 msgid "A list of extra attributes to download along with the user entry" @@ -2038,7 +2034,7 @@ msgstr "服务器消息: " #: src/sss_client/pam_sss.c:71 msgid "Enter PIN:" -msgstr "" +msgstr "输入 PIN:" #: src/sss_client/pam_sss.c:314 msgid "Passwords do not match" @@ -2067,9 +2063,9 @@ msgid "Your password will expire in %1$d %2$s." msgstr "您的密码将于 %1$d %2$s 过期。" #: src/sss_client/pam_sss.c:627 -#, fuzzy, c-format +#, c-format msgid "Your password has expired." -msgstr "您的密码将于 %1$d %2$s 过期。" +msgstr "您的密码已经过期。" #: src/sss_client/pam_sss.c:678 msgid "Authentication is denied until: " @@ -2129,7 +2125,7 @@ msgstr "第二因素: " #: src/sss_client/pam_sss.c:2547 msgid "Insert your passkey device, then press ENTER." -msgstr "" +msgstr "插入您的通行密钥设备,然后按回车键。" #: src/sss_client/pam_sss.c:2551 src/sss_client/pam_sss.c:2554 msgid "Password: " @@ -2478,9 +2474,8 @@ msgid "Passkey related tools:" msgstr "与 Passkey 相关的工具:" #: src/tools/sssctl/sssctl.c:348 -#, fuzzy msgid "Perform passkey registration" -msgstr "执行与 passkey 相关的操作" +msgstr "执行通行密钥登记" #: src/tools/sssctl/sssctl_cache.c:31 #, c-format @@ -2656,9 +2651,8 @@ msgid "Error while reading configuration directory.\n" msgstr "读取配置目录时出错。\n" #: src/tools/sssctl/sssctl_config.c:147 -#, fuzzy msgid "There is no configuration.\n" -msgstr "从 %s 加载配置失败。\n" +msgstr "没有任何配置。\n" #: src/tools/sssctl/sssctl_config.c:157 msgid "Failed to run validators" From 7f6c10dcedd6ba898734aca8d4e64c69abf68e0d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pavel=20B=C5=99ezina?= Date: Fri, 23 Jun 2023 14:54:07 +0200 Subject: [PATCH 054/280] pot: update pot files --- src/man/po/sssd-docs.pot | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/man/po/sssd-docs.pot b/src/man/po/sssd-docs.pot index 19368c3aa67..f9e07cba149 100644 --- a/src/man/po/sssd-docs.pot +++ b/src/man/po/sssd-docs.pot @@ -8,7 +8,7 @@ msgid "" msgstr "" "Project-Id-Version: sssd-docs 2.9.0\n" "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" -"POT-Creation-Date: 2023-05-05 10:09+0200\n" +"POT-Creation-Date: 2023-06-23 14:53+0200\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME \n" "Language-Team: LANGUAGE \n" From 256e013a855830408fc3a192f241f79a55bb2647 Mon Sep 17 00:00:00 2001 From: Madhuri Upadhye Date: Mon, 8 May 2023 20:53:49 +0530 Subject: [PATCH 055/280] Test: Test search filter specific user override or a specific group override MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Add automation of BZ2096183. verifies: #6671 Signed-off-by: Madhuri Upadhye Reviewed-by: Alejandro López Reviewed-by: Jakub Vávra (cherry picked from commit 377ec31a8cab5ecf33c216583e552ea5684157dc) --- src/tests/multihost/ipa/test_adtrust.py | 78 +++++++++++++++++++++++++ 1 file changed, 78 insertions(+) diff --git a/src/tests/multihost/ipa/test_adtrust.py b/src/tests/multihost/ipa/test_adtrust.py index 3ad80964c1f..5350aff73f4 100644 --- a/src/tests/multihost/ipa/test_adtrust.py +++ b/src/tests/multihost/ipa/test_adtrust.py @@ -731,3 +731,81 @@ def test_skip_members_in_view_search(multihost): assert f"group1@{domain}" in lookup_id_client.stdout_text, f"group1 name was not resolved" \ f" on ipa-client." assert f"admins" in lookup_id_client.stdout_text, "admins name was not resolved on ipa-client." + + @staticmethod + def test_search_filter_for_override_usrgrp(multihost, create_aduser_group): + """ + :title: BE_REQ_USER_AND_GROUP LDAP search filter can inadvertently catch multiple overrides + :id: 932f1177-2375-46a6-8920-9f06d8874881 + :customerscenario: true + :bugzilla: + https://bugzilla.redhat.com/show_bug.cgi?id=2096183 + :description: The new filter looks for a specific user override or a specific + group override:(|(&(objectClass=ipaUserOverride)(uidNumber=XXXX)) + (&(objectClass=ipaGroupOverride)(gidNumber=XXXX))). + :setup: + 1. Create user and group (group1) on AD. + 2. Make AD user member of group1. + :steps: + 1. Add a group override to the 'default trust view' with gid number and group name. + 2. Add a user override to the 'default trust view' view with same gid number + which was created in step 1. + 3. Lookup sid-by-id with pysss_nss_idmap using python. + 4. Lookup for the group and again run step 3. + 5. Check the log message from domain log + :expectedresults: + 1. Group added in 'default trust view' with gid number and group name. + 2. User added in 'default trust view' with same gid number which was created in step 1. + 3. Successfully lookup sid-by-id with pyss_nss_idmap using python. + 4. Group lookup command succeeds, successfully ran step 3 again. + 5. Got expected log messages from domain log. + """ + (aduser, adgroup) = create_aduser_group + run_id_int = random.randint(9999, 999999) + domain = multihost.ad[0].domainname + + ipa_client = sssdTools(multihost.client[0]) + ipa_master = sssdTools(multihost.master[0]) + + add_grp_override = f'ipa idoverridegroup-add "default trust view" {adgroup}@{domain} ' \ + f'--group-name "borci{run_id_int}" --gid={run_id_int}' + multihost.master[0].run_command(add_grp_override, raiseonerr=False) + + add_user_override = f'ipa idoverrideuser-add "default trust view" {aduser}@{domain} ' \ + f'--login ferko{run_id_int} --uid=50001 --gidnumber={run_id_int}' + multihost.master[0].run_command(add_user_override, raiseonerr=False) + + domain_params = {'debug_level': '9'} + domain_name = ipa_client.get_domain_section_name() + ipa_client.sssd_conf(f'domain/{domain_name}', domain_params) + + ipa_master.clear_sssd_cache() + ipa_client.clear_sssd_cache() + time.sleep(5) + + # Lookup sid-by-id with pysss_nss_idmap using python + python_cmd = f'''python3 -c "import pysss_nss_idmap; print (pysss_nss_idmap.getsidbyid('{run_id_int}'))"''' + multihost.client[0].run_command(python_cmd, raiseonerr=False) + + group_lookup = f'getent group {adgroup}@{domain}' + check_gr_lookup = multihost.client[0].run_command(group_lookup, raiseonerr=False) + + multihost.client[0].run_command(python_cmd, raiseonerr=False) + + # Updated log message from sssd domain log + log_message = f'Found override for object with filter' + + # Download sssd log + log_file = multihost.client[0].get_file_contents(f"/var/log/sssd/sssd_{domain_name}.log").decode('utf-8') + + # Teardown the setup + cmd_to_delete = [f"ipa idoverridegroup-del 'default trust view' {adgroup}@{domain}", + f"ipa idoverrideuser-del 'default trust view' {aduser}@{domain}"] + for cmd in cmd_to_delete: + multihost.master[0].run_command(cmd, raiseonerr=False) + + # Test result Evaluations + assert check_gr_lookup.returncode == 0, f"group {adgroup} was not found." + assert f"borci{run_id_int}@{domain}" in check_gr_lookup.stdout_text, "Group name was not resolved." + assert f"ferko{run_id_int}@{domain}" in check_gr_lookup.stdout_text, "Group name was not resolved." + assert log_message in log_file From 301e5b3899a1a25af9c6a0d34728f2576992fc9b Mon Sep 17 00:00:00 2001 From: Madhuri Upadhye Date: Thu, 8 Jun 2023 12:15:38 +0530 Subject: [PATCH 056/280] Tests: When adding attributes ldap_user_extra_attrs with mail value in sssd.conf the cross-forest query stop working MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit When adding attributes ldap_user_extra_attrs with mail value in sssd.conf the cross-forest query stop working Automation of BZ2170720 Verifies: #6759 Signed-off-by: Madhuri Upadhye Reviewed-by: Alejandro López Reviewed-by: Jakub Vávra (cherry picked from commit 57499ff6571a8ca3d8bf2b7d19ec6b14100504c0) --- src/tests/multihost/ipa/test_adtrust.py | 47 +++++++++++++++++++++++++ 1 file changed, 47 insertions(+) diff --git a/src/tests/multihost/ipa/test_adtrust.py b/src/tests/multihost/ipa/test_adtrust.py index 5350aff73f4..36791aed88c 100644 --- a/src/tests/multihost/ipa/test_adtrust.py +++ b/src/tests/multihost/ipa/test_adtrust.py @@ -809,3 +809,50 @@ def test_search_filter_for_override_usrgrp(multihost, create_aduser_group): assert f"borci{run_id_int}@{domain}" in check_gr_lookup.stdout_text, "Group name was not resolved." assert f"ferko{run_id_int}@{domain}" in check_gr_lookup.stdout_text, "Group name was not resolved." assert log_message in log_file + + @staticmethod + def test_ldap_user_extra_attrs(multihost, create_aduser_group): + """ + :title: When adding attributes ldap_user_extra_attrs with mail value in sssd.conf + the cross-forest query stop working + :id: abc60b52-224d-4ac3-bbae-195cb0c563a0 + :customerscenario: true + :bugzilla: + https://bugzilla.redhat.com/show_bug.cgi?id=2170720 + :description: When adding attributes ldap_user_extra_attrs in sssd.conf + with the cross-forest, id command failed on client side. + working. + :setup: + 1. Create user and group on AD. + :steps: + 1. Add ldap_user_extra_attrs in domain section with mail in client and master. + 2. Add user_attributes in nss section with mail in client and master. + 3. Clear sssd cache from client and master. + 4. Check id lookup of the user. + :expectedresults: + 1. Successfully add parameter in domain section of client and master. + 2. Successfully add user_attributes in nss section of client and master. + 3. Cleared the cache of client and master. + 4. User lookup command succeeds. + """ + client = sssdTools(multihost.client[0], multihost.ad[0]) + master = sssdTools(multihost.master[0]) + domain = multihost.ad[0].domainname + + (aduser, adgroup) = create_aduser_group + section = client.get_domain_section_name() + + for role in [client, master]: + domain_params = {'ldap_user_extra_attrs': f'mail, lastname:sn, firstname:givenname'} + nss_params = {'user_attributes': '+mail, +firstname, +lastname'} + role.sssd_conf(f'domain/{section}', domain_params) + role.sssd_conf('nss', nss_params) + role.clear_sssd_cache() + + # Test evaluation + id_lookup = f'id {aduser}@{domain}' + check_id = multihost.client[0].run_command(id_lookup, raiseonerr=False) + + assert check_id.returncode == 0, f'{aduser} id is not successful' + assert f"{aduser}@{domain}" in check_id.stdout_text, "User name was not resolved." + assert f"{adgroup}@{domain}" in check_id.stdout_text, "Group name was not resolved." From dc8d649bc1a79886a22a059f2618d985ab8c7931 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pavel=20B=C5=99ezina?= Date: Fri, 23 Jun 2023 15:26:13 +0200 Subject: [PATCH 057/280] Release sssd-2.9.1 --- version.m4 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/version.m4 b/version.m4 index 1a557b45c63..d970b4a1318 100644 --- a/version.m4 +++ b/version.m4 @@ -1,5 +1,5 @@ # Primary version number -m4_define([VERSION_NUMBER], [2.9.0]) +m4_define([VERSION_NUMBER], [2.9.1]) # If the PRERELEASE_VERSION_NUMBER is set, we'll append # it to the release tag when creating an RPM or SRPM From b8ff5f1c908182cd170019b836cec5bf0092e5a5 Mon Sep 17 00:00:00 2001 From: Shridhar Gadekar Date: Tue, 27 Jun 2023 00:07:59 +0530 Subject: [PATCH 058/280] Test: gating sssd after crash Using new authentication module for ssh login instead of existing one Reviewed-by: Anuj Borah (cherry picked from commit 0171bcb0663093b4d66774bf18404b76eaab9a85) --- src/tests/multihost/alltests/test_misc.py | 37 ++++------------------- 1 file changed, 6 insertions(+), 31 deletions(-) diff --git a/src/tests/multihost/alltests/test_misc.py b/src/tests/multihost/alltests/test_misc.py index 95fc2728fc6..45da9718a5e 100644 --- a/src/tests/multihost/alltests/test_misc.py +++ b/src/tests/multihost/alltests/test_misc.py @@ -15,6 +15,7 @@ from sssd.testlib.common.expect import pexpect_ssh from datetime import datetime as D_T from sssd.testlib.common.exceptions import SSHLoginException +from sssd.testlib.common.ssh2_python import check_login_client from sssd.testlib.common.utils import sssdTools, LdapOperations from constants import ds_instance_name, ds_suffix, ds_rootdn, ds_rootpw @@ -133,41 +134,15 @@ def test_0003_sssd_crashes_after_update(self, multihost, client.sssd_conf(f'domain/{domain_name}', domain_params) client.sssd_conf("sssd", {'enable_files_domain': 'true'}, action='update') multihost.client[0].service_sssd('restart') - user = 'foo1@%s' % domain_name - client = pexpect_ssh(multihost.client[0].sys_hostname, user, - 'Secret1234', debug=False) - with pytest.raises(SSHLoginException): - client.login(login_timeout=10, - sync_multiplier=1, auto_prompt_reset=False) + user = f'foo1@{domain_name}' + check_login_client(multihost, user, "Secret123") time.sleep(2) - client = pexpect_ssh(multihost.client[0].sys_hostname, user, - 'Secret123', debug=False) - try: - client.login(login_timeout=30, - sync_multiplier=5, auto_prompt_reset=False) - except SSHLoginException: - pytest.fail("%s failed to login" % user) - else: - client.logout() - for _ in range(3): - client = pexpect_ssh(multihost.client[0].sys_hostname, user, - 'Secret1234', debug=False) - with pytest.raises(SSHLoginException): - client.login(login_timeout=10, - sync_multiplier=1, auto_prompt_reset=False) + check_login_client(multihost, user, "Secret123") time.sleep(2) - client = pexpect_ssh(multihost.client[0].sys_hostname, user, - 'Secret123', debug=False) - try: - client.login(login_timeout=30, - sync_multiplier=5, auto_prompt_reset=False) - except SSHLoginException: - pytest.fail("%s failed to login" % user) - else: - client.logout() + check_login_client(multihost, user, "Secret123") time.sleep(2) - cmd_id = 'id %s' % user + cmd_id = f'id {user}' cmd = multihost.client[0].run_command(cmd_id) if "no such user" in cmd.stdout_text: status = "FAIL" From a871398943b47f8fccb83d96c12ec2a45634e424 Mon Sep 17 00:00:00 2001 From: aborah Date: Mon, 26 Jun 2023 13:09:17 +0530 Subject: [PATCH 059/280] Tests: Fix alltest tier1_3 tests with new ssh module Fix alltest tier1_3 tests with new ssh module Reviewed-by: Shridhar Gadekar (cherry picked from commit 56741208742e54228570057eb0b85927f1f7edb8) --- .../alltests/test_ldap_password_policy.py | 2 +- .../multihost/alltests/test_proxy_rfc2307.py | 117 +++--------------- 2 files changed, 16 insertions(+), 103 deletions(-) diff --git a/src/tests/multihost/alltests/test_ldap_password_policy.py b/src/tests/multihost/alltests/test_ldap_password_policy.py index 7b42e22d36f..b24edc60185 100644 --- a/src/tests/multihost/alltests/test_ldap_password_policy.py +++ b/src/tests/multihost/alltests/test_ldap_password_policy.py @@ -172,7 +172,7 @@ def test_maxage(multihost, backupsssdconf, common_sssd_setup): ldap_modify_ds(multihost, ldap.MOD_REPLACE, user_dn, 'userPassword', [b'Secret123']) client.run_command('> /var/log/secure') tools.clear_sssd_cache() - client.run_command('sh /tmp/change_user_password_while_expired.sh') + client.run_command('sh /tmp/change_user_password_while_expired.sh', raiseonerr=False) time.sleep(3) file_scure = '/var/log/secure' file_ssd = f'/var/log/sssd/sssd_{ds_instance_name}.log' diff --git a/src/tests/multihost/alltests/test_proxy_rfc2307.py b/src/tests/multihost/alltests/test_proxy_rfc2307.py index dbcdfbbb88f..dec329d8ad4 100644 --- a/src/tests/multihost/alltests/test_proxy_rfc2307.py +++ b/src/tests/multihost/alltests/test_proxy_rfc2307.py @@ -10,8 +10,7 @@ import subprocess import time from sssd.testlib.common.utils import sssdTools, LdapOperations -from sssd.testlib.common.exceptions import SSHLoginException -from sssd.testlib.common.expect import pexpect_ssh +from sssd.testlib.common.ssh2_python import check_login_client from constants import ds_suffix, ds_instance_name @@ -136,16 +135,8 @@ def test_lookup_user_group(self, multihost, backupsssdconf): "getent group User_CS1_grp1_Alias | grep User_CS1_grp1", "getent group User_CS1_grp1_Alias | grep User_CS1"]: execute_cmd(multihost, i) - client_hostip = multihost.client[0].ip for user in ['User_CS1', 'User_CS1_Alias']: - client = pexpect_ssh(client_hostip, user, 'Secret123', debug=False) - try: - client.login(login_timeout=30, sync_multiplier=5, - auto_prompt_reset=False) - except SSHLoginException: - pytest.fail("%s failed to login" % user) - else: - client.logout() + check_login_client(multihost, user, "Secret123") for i in ["getent passwd user_cs1", "getent passwd user_cs1_alias", "getent group user_cs1_grp1", @@ -198,11 +189,8 @@ def test_simple_deny_groups_user_cs1_grp1(self, multihost, backupsssdconf): "id User_CS1", "> /var/log/secure"]: execute_cmd(multihost, i) - client_hostip = multihost.client[0].ip - client = pexpect_ssh(client_hostip, "User_CS1", 'Secret123', debug=False) with pytest.raises(Exception): - client.login(login_timeout=10, sync_multiplier=1, - auto_prompt_reset=False) + check_login_client(multihost, "User_CS1", "Secret123") time.sleep(3) execute_cmd(multihost, 'cat /var/log/secure | grep -i "Access denied for user User_CS1"') @@ -227,15 +215,7 @@ def test_simple_deny_groups_user_cs_grp1(self, multihost, backupsssdconf): tools.clear_sssd_cache() for i in ["getent passwd User_CS1", "id User_CS1"]: execute_cmd(multihost, i) - client_hostip = multihost.client[0].ip - client = pexpect_ssh(client_hostip, "User_CS1", 'Secret123', debug=False) - try: - client.login(login_timeout=30, sync_multiplier=5, - auto_prompt_reset=False) - except SSHLoginException: - pytest.fail("%s failed to login" % "User_CS1") - else: - client.logout() + check_login_client(multihost, "User_CS1", "Secret123") def test_simple_deny_users_user_CS1(self, multihost, backupsssdconf): """ @@ -260,11 +240,8 @@ def test_simple_deny_users_user_CS1(self, multihost, backupsssdconf): "id User_CS1", "> /var/log/secure"]: execute_cmd(multihost, i) - client_hostip = multihost.client[0].ip - client = pexpect_ssh(client_hostip, "User_CS1", 'Secret123', debug=False) with pytest.raises(Exception): - client.login(login_timeout=10, sync_multiplier=1, - auto_prompt_reset=False) + check_login_client(multihost, "User_CS1", "Secret123") time.sleep(3) execute_cmd(multihost, 'cat /var/log/secure | grep -i "Access denied for user User_CS1"') @@ -286,15 +263,7 @@ def test_simple_deny_users_user_cs1(self, multihost, backupsssdconf): 'simple_deny_users': 'user_cs1'} tools.sssd_conf('domain/' + domain_name, domain_params) tools.clear_sssd_cache() - client_hostip = multihost.client[0].ip - client = pexpect_ssh(client_hostip, "User_CS1", 'Secret123', debug=False) - try: - client.login(login_timeout=30, sync_multiplier=5, - auto_prompt_reset=False) - except SSHLoginException: - pytest.fail("%s failed to login" % "User_CS1") - else: - client.logout() + check_login_client(multihost, "User_CS1", "Secret123") def test_bz1007381(self, multihost, backupsssdconf): """ @@ -441,15 +410,7 @@ def test_fully_qualified_names(self, multihost, backupsssdconf): "getent group User_CS1_grp1@example1", "id User_CS1@example1"]: execute_cmd(multihost, command) - client_hostip = multihost.client[0].ip - client = pexpect_ssh(client_hostip, "User_CS1@example1", 'Secret123', debug=False) - try: - client.login(login_timeout=30, sync_multiplier=5, - auto_prompt_reset=False) - except SSHLoginException: - pytest.fail("%s failed to login" % "User_CS1@example1") - else: - client.logout() + check_login_client(multihost, "User_CS1@example1", "Secret123") def test_min_id_max_id(self, multihost, backupsssdconf): """ @@ -518,16 +479,8 @@ def test_case_sensitive_false_lookup_user_group(self, multihost, backupsssdconf) "id User_cs1 | grep user_cs1_grp1", "id user_cs1_Alias | grep user_cs1_grp1"]: execute_cmd(multihost, command) - client_hostip = multihost.client[0].ip for user in ['user_cs1', 'user_cs1_alias']: - client = pexpect_ssh(client_hostip, user, 'Secret123', debug=False) - try: - client.login(login_timeout=30, sync_multiplier=5, - auto_prompt_reset=False) - except SSHLoginException: - pytest.fail("%s failed to login" % user) - else: - client.logout() + check_login_client(multihost, user, "Secret123") def test_case_sensitive_false_deny_users_user_cs1(self, multihost, backupsssdconf): """ @@ -543,7 +496,6 @@ def test_case_sensitive_false_deny_users_user_cs1(self, multihost, backupsssdcon sssd_params = {'domains': ds_instance_name} tools.sssd_conf('sssd', sssd_params) domain_name = tools.get_domain_section_name() - client_hostip = multihost.client[0].ip domain_params = {'case_sensitive': 'false', 'access_provider': 'simple', 'simple_deny_users': 'user_cs1'} @@ -551,24 +503,15 @@ def test_case_sensitive_false_deny_users_user_cs1(self, multihost, backupsssdcon tools.clear_sssd_cache() for user in ['User_cs1', 'user_cs1_alias']: execute_cmd(multihost, "> /var/log/secure") - client = pexpect_ssh(client_hostip, user, 'Secret123', debug=False) with pytest.raises(Exception): - client.login(login_timeout=10, sync_multiplier=1, - auto_prompt_reset=False) + check_login_client(multihost, user, "Secret123") time.sleep(3) execute_cmd(multihost, f'cat /var/log/secure | grep "Access denied for user {user}"') execute_cmd(multihost, "> /var/log/secure") execute_cmd(multihost, "sed -i 's/user_cs1/user_cs1_alias/' /etc/sssd/sssd.conf") tools.clear_sssd_cache() for user in ['user_cs1', 'user_cs1_alias']: - client = pexpect_ssh(client_hostip, user, 'Secret123', debug=False) - try: - client.login(login_timeout=30, sync_multiplier=5, - auto_prompt_reset=False) - except SSHLoginException: - pytest.fail("%s failed to login" % user) - else: - client.logout() + check_login_client(multihost, user, "Secret123") def test_case_sensitive_false_deny_groups_user_cs1_grp1(self, multihost, backupsssdconf): """ @@ -580,7 +523,6 @@ def test_case_sensitive_false_deny_groups_user_cs1_grp1(self, multihost, backups 1. Should succeed """ config_sssd(multihost) - client_hostip = multihost.client[0].ip tools = sssdTools(multihost.client[0]) sssd_params = {'domains': ds_instance_name} tools.sssd_conf('sssd', sssd_params) @@ -593,24 +535,15 @@ def test_case_sensitive_false_deny_groups_user_cs1_grp1(self, multihost, backups tools.clear_sssd_cache() for user in ['User_cs1', 'user_cs1_alias']: execute_cmd(multihost, "> /var/log/secure") - client = pexpect_ssh(client_hostip, user, 'Secret123', debug=False) with pytest.raises(Exception): - client.login(login_timeout=10, sync_multiplier=1, - auto_prompt_reset=False) + check_login_client(multihost, user, "Secret123") time.sleep(3) execute_cmd(multihost, f'cat /var/log/secure | grep -i "Access denied for user {user}"') execute_cmd(multihost, "> /var/log/secure") execute_cmd(multihost, "sed -i 's/user_cs1_grp1/user_cs1_grp1_alias/' /etc/sssd/sssd.conf") tools.clear_sssd_cache() for user in ['user_cs1', 'user_cs1_alias']: - client = pexpect_ssh(client_hostip, user, 'Secret123', debug=False) - try: - client.login(login_timeout=30, sync_multiplier=5, - auto_prompt_reset=False) - except SSHLoginException: - pytest.fail("%s failed to login" % user) - else: - client.logout() + check_login_client(multihost, user, "Secret123") def test_outgoing_ldaps(self, multihost, backupsssdconf): """ @@ -638,32 +571,12 @@ def test_outgoing_ldaps(self, multihost, backupsssdconf): domain_params = {'access_provider': 'simple', 'cache_credentials': "true"} tools.sssd_conf('domain/' + domain_name, domain_params) tools.clear_sssd_cache() - client_hostip = multihost.client[0].ip - client = pexpect_ssh(client_hostip, "User_CS1", 'Secret123', debug=False) - try: - client.login(login_timeout=30, sync_multiplier=5, - auto_prompt_reset=False) - except SSHLoginException: - pytest.fail("%s failed to login" % "User_CS1") - else: - client.logout() + check_login_client(multihost, "User_CS1", "Secret123") # block master server multihost.client[0].run_command('iptables -A OUTPUT -p tcp --match multiport --dport 389,636') time.sleep(5) - client = pexpect_ssh(client_hostip, "User_CS1", 'Secret123', debug=False) - try: - client.login(login_timeout=30, sync_multiplier=5, auto_prompt_reset=False) - except SSHLoginException: - pytest.fail("%s failed to login" % "User_CS1") - else: - client.logout() + check_login_client(multihost, "User_CS1", "Secret123") # unblock master server multihost.client[0].run_command("iptables -D OUTPUT -p tcp --match multiport --dport 389,636") time.sleep(5) - client = pexpect_ssh(client_hostip, "User_CS1", 'Secret123', debug=False) - try: - client.login(login_timeout=30, sync_multiplier=5, auto_prompt_reset=False) - except SSHLoginException: - pytest.fail("%s failed to login" % "User_CS1") - else: - client.logout() + check_login_client(multihost, "User_CS1", "Secret123") From 7eef9162d36de11a2ebfe7e0fbdaf2482731f598 Mon Sep 17 00:00:00 2001 From: aborah Date: Mon, 26 Jun 2023 10:26:13 +0530 Subject: [PATCH 060/280] Tests: Fix IPA tire1_2 tests MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Fix IPA tire1_2 tests Reviewed-by: Jakub Vávra (cherry picked from commit 7f94e5ca48a16270b0748d87719a807ab85c2ef0) --- src/tests/multihost/ipa/test_misc.py | 52 ++++------------------------ 1 file changed, 6 insertions(+), 46 deletions(-) diff --git a/src/tests/multihost/ipa/test_misc.py b/src/tests/multihost/ipa/test_misc.py index d1e179d364f..a495e0ed170 100644 --- a/src/tests/multihost/ipa/test_misc.py +++ b/src/tests/multihost/ipa/test_misc.py @@ -16,6 +16,7 @@ import pytest from sssd.testlib.common.utils import sssdTools from sssd.testlib.common.exceptions import SSSDException +from sssd.testlib.common.ssh2_python import run_command_client @pytest.mark.usefixtures('default_ipa_users', 'reset_password') @@ -330,22 +331,10 @@ def test_authentication_indicators(multihost, backupsssdconf): multihost.client[0].run_command( f'su -l {user} -c "ipa sudorule-add-user testrule2 --users admin"', raiseonerr=False) - ssh_error = "" - ssh = pexpect.pxssh.pxssh( - options={"StrictHostKeyChecking": "no", - "UserKnownHostsFile": "/dev/null"}, timeout=600) - ssh.force_password = True - try: - ssh.login(multihost.client[0].ip, user, test_password) - ssh.sendline('sudo -l') - ssh.prompt(timeout=600) - ssh.logout() - except pexpect.pxssh.ExceptionPxssh: - ssh_error += "Could not login via ssh first time." - + run_command_client(multihost, user, test_password, "sudo -l") + time.sleep(3) search = multihost.client[0].run_command( 'fgrep gssapi_ /var/log/sssd/sssd_pam.log | tail -10') - domain_params = {'pam_gssapi_services': 'sudo, sudo-i', 'pam_gssapi_indicators_map': 'sudo-i:hardened'} client.sssd_conf('pam', domain_params) @@ -354,18 +343,7 @@ def test_authentication_indicators(multihost, backupsssdconf): multihost.client[0].run_command( f'su -l {user} -c "kinit admin"', stdin_text=test_password, raiseonerr=False) - - ssh = pexpect.pxssh.pxssh(options={"StrictHostKeyChecking": "no", - "UserKnownHostsFile": "/dev/null"}, - timeout=600) - ssh.force_password = True - try: - ssh.login(multihost.client[0].ip, user, test_password) - ssh.sendline('sudo -l') - ssh.prompt(timeout=600) - ssh.logout() - except pexpect.pxssh.ExceptionPxssh: - ssh_error += "\nCould not login via ssh second time." + run_command_client(multihost, user, test_password, "sudo -l") multihost.client[0].run_command( f'su -l {user} -c "klist"', raiseonerr=False) @@ -379,8 +357,6 @@ def test_authentication_indicators(multihost, backupsssdconf): 'cp -vf /etc/pam.d/sudo-i_indicators /etc/pam.d/sudo-i') search2 = multihost.client[0].run_command( 'fgrep gssapi_ /var/log/sssd/sssd_pam.log | tail -10') - - assert not ssh_error, ssh_error assert 'indicators: 0' in search.stdout_text assert 'indicators: 2' in search2.stdout_text @@ -443,24 +419,8 @@ def test_pass_krb5cname_to_pam(multihost, multihost.client[0].run_command( f'su -l {user} -c "sudo -S -l"', stdin_text=test_password, raiseonerr=False) - file_name = 'domain_list_' + str(time.time()) - ssh_error = "" - ssh = pexpect.pxssh.pxssh( - options={"StrictHostKeyChecking": "no", - "UserKnownHostsFile": "/dev/null"}, timeout=600) - ssh.force_password = True - try: - ssh.login(multihost.client[0].ip, user, test_password) - ssh.sendline(f'sudo -S /usr/sbin/sssctl domain-list > ' - f'/tmp/{file_name}') - ssh.expect(".*:", timeout=10) - ssh.sendline(test_password) - ssh.prompt(timeout=60) - ssh.logout() - except pexpect.pxssh.ExceptionPxssh: - ssh_error += "Could not login via ssh." - result = multihost.client[0].run_command(f"cat /tmp/{file_name}" - ).stdout_text + result = run_command_client(multihost, user, test_password, + 'echo -e "Secret123" | sudo -S /usr/sbin/sssctl domain-list') assert domain_name in result @staticmethod From 4e7cfe17e7a6a57d13c306907250890c8b77885a Mon Sep 17 00:00:00 2001 From: Alexey Tikhonov Date: Thu, 15 Jun 2023 12:05:03 +0200 Subject: [PATCH 061/280] BUILD: Accept krb5 1.21 for building the PAC plugin MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Reviewed-by: Alejandro López Reviewed-by: Sumit Bose (cherry picked from commit 74d0f4538deb766592079b1abca0d949d6dea105) Reviewed-by: Sumit Bose --- src/external/pac_responder.m4 | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/external/pac_responder.m4 b/src/external/pac_responder.m4 index 3cbe3c9cfba..90727185b57 100644 --- a/src/external/pac_responder.m4 +++ b/src/external/pac_responder.m4 @@ -22,7 +22,8 @@ then Kerberos\ 5\ release\ 1.17* | \ Kerberos\ 5\ release\ 1.18* | \ Kerberos\ 5\ release\ 1.19* | \ - Kerberos\ 5\ release\ 1.20*) + Kerberos\ 5\ release\ 1.20* | \ + Kerberos\ 5\ release\ 1.21*) krb5_version_ok=yes AC_MSG_RESULT([yes]) ;; From f16e570838d1c6cd30b5883f364b0f437c314b1f Mon Sep 17 00:00:00 2001 From: Sumit Bose Date: Fri, 9 Jun 2023 12:31:39 +0200 Subject: [PATCH 062/280] watchdog: add arm_watchdog() and disarm_watchdog() calls MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Those two new calls can be used if there are requests stuck by e.g. waiting on replies where there is no other way to handle the timeout and get the system back into a stable state. They should be only used as a last resort. Resolves: https://github.com/SSSD/sssd/issues/6803 Reviewed-by: Alexey Tikhonov Reviewed-by: Pavel Březina (cherry picked from commit 75f2b35ad3b9256de905d05c5108400d35688554) --- src/util/util.h | 12 ++++++++++++ src/util/util_watchdog.c | 28 ++++++++++++++++++++++++++-- 2 files changed, 38 insertions(+), 2 deletions(-) diff --git a/src/util/util.h b/src/util/util.h index 11dc40d572a..02fd5323780 100644 --- a/src/util/util.h +++ b/src/util/util.h @@ -791,6 +791,18 @@ int setup_watchdog(struct tevent_context *ev, int interval); void teardown_watchdog(void); int get_watchdog_ticks(void); +/* The arm_watchdog() and disarm_watchdog() calls will disable and re-enable + * the watchdog reset, respectively. This means that after arm_watchdog() is + * called the watchdog will not be resetted anymore and it will kill the + * process if disarm_watchdog() wasn't called before. + * Those calls should only be used when there is no other way to handle + * waiting request and recover into a stable state. + * Those calls cannot be nested, i.e. after calling arm_watchdog() it should + * not be called a second time in a different request because then + * disarm_watchdog() will disable the watchdog coverage for both. */ +void arm_watchdog(void); +void disarm_watchdog(void); + /* from files.c */ int sss_remove_tree(const char *root); int sss_remove_subtree(const char *root); diff --git a/src/util/util_watchdog.c b/src/util/util_watchdog.c index b1534e499c0..abafd94b91e 100644 --- a/src/util/util_watchdog.c +++ b/src/util/util_watchdog.c @@ -40,6 +40,7 @@ struct watchdog_ctx { time_t timestamp; struct tevent_fd *tfd; int pipefd[2]; + bool armed; /* if 'true' ticks counter will not be reset */ } watchdog_ctx; static void watchdog_detect_timeshift(void) @@ -89,8 +90,13 @@ static void watchdog_event_handler(struct tevent_context *ev, struct timeval current_time, void *private_data) { - /* first thing reset the watchdog ticks */ - watchdog_reset(); + if (!watchdog_ctx.armed) { + /* first thing reset the watchdog ticks */ + watchdog_reset(); + } else { + DEBUG(SSSDBG_IMPORTANT_INFO, + "Watchdog armed, process might be terminated soon.\n"); + } /* then set a new watchodg event */ watchdog_ctx.te = tevent_add_timer(ev, ev, @@ -197,6 +203,7 @@ int setup_watchdog(struct tevent_context *ev, int interval) watchdog_ctx.ev = ev; watchdog_ctx.input_interval = interval; watchdog_ctx.timestamp = time(NULL); + watchdog_ctx.armed = false; ret = pipe(watchdog_ctx.pipefd); if (ret == -1) { @@ -264,3 +271,20 @@ int get_watchdog_ticks(void) { return __sync_add_and_fetch(&watchdog_ctx.ticks, 0); } + +void arm_watchdog(void) +{ + if (watchdog_ctx.armed) { + DEBUG(SSSDBG_CRIT_FAILURE, + "arm_watchdog() is called although the watchdog is already armed. " + "This indicates a programming error and should be avoided because " + "it will most probably not work as expected.\n"); + } + + watchdog_ctx.armed = true; +} + +void disarm_watchdog(void) +{ + watchdog_ctx.armed = false; +} From 27987c791bc452f53696a3a33f0d607ab040e78d Mon Sep 17 00:00:00 2001 From: Sumit Bose Date: Fri, 9 Jun 2023 13:01:47 +0200 Subject: [PATCH 063/280] sbus: arm watchdog for sbus_connect_init_send() MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit There seem to be conditions where the reply in the sbus_call_DBus_Hello_send() request gets lost and the backend cannot properly initialize its sbus/DBus server. Since the backend cannot be connected by the frontends in this state the best way to recover would be a restart. Since the event-loop is active in this state, e.g. waiting for the reply, the watchdog will not consider the process as hung and will not restart the process. To make the watchdog handle this case arm_watchdog() and disarm_watchdog() are called before and after the request, respectively. Resolves: https://github.com/SSSD/sssd/issues/6803 Reviewed-by: Alexey Tikhonov Reviewed-by: Pavel Březina (cherry picked from commit cca9361d92501e0be34d264d370fe897a0c970af) --- Makefile.am | 1 - src/sbus/connection/sbus_connection_connect.c | 4 ++++ 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/Makefile.am b/Makefile.am index e780e8a146f..23c63ec1ea8 100644 --- a/Makefile.am +++ b/Makefile.am @@ -4672,7 +4672,6 @@ krb5_child_LDADD = \ $(CLIENT_LIBS) \ $(SYSTEMD_LOGIN_LIBS) \ $(JANSSON_LIBS) \ - libsss_sbus.la \ $(NULL) ldap_child_SOURCES = \ diff --git a/src/sbus/connection/sbus_connection_connect.c b/src/sbus/connection/sbus_connection_connect.c index 45a0fa49102..edc090e156f 100644 --- a/src/sbus/connection/sbus_connection_connect.c +++ b/src/sbus/connection/sbus_connection_connect.c @@ -67,6 +67,8 @@ sbus_connect_init_send(TALLOC_CTX *mem_ctx, tevent_req_set_callback(subreq, sbus_connect_init_hello_done, req); + arm_watchdog(); + return req; } @@ -111,6 +113,8 @@ static void sbus_connect_init_done(struct tevent_req *subreq) uint32_t res; errno_t ret; + disarm_watchdog(); + req = tevent_req_callback_data(subreq, struct tevent_req); ret = sbus_call_DBus_RequestName_recv(subreq, &res); From e574144759e973ea1d007e30a978f261ece9e579 Mon Sep 17 00:00:00 2001 From: aborah Date: Wed, 28 Jun 2023 11:46:12 +0530 Subject: [PATCH 064/280] Tests: Update test_ldap_password_policy.py::test_maxage as per the new sssd change Update test_ldap_password_policy.py::test_maxage as per the new sssd change Reviewed-by: Shridhar Gadekar (cherry picked from commit 5e86af8a30d1270dccc194f64c6c61229b21abf6) --- .../alltests/test_ldap_password_policy.py | 42 +++++++++---------- 1 file changed, 20 insertions(+), 22 deletions(-) diff --git a/src/tests/multihost/alltests/test_ldap_password_policy.py b/src/tests/multihost/alltests/test_ldap_password_policy.py index b24edc60185..8d56ed79cfd 100644 --- a/src/tests/multihost/alltests/test_ldap_password_policy.py +++ b/src/tests/multihost/alltests/test_ldap_password_policy.py @@ -9,8 +9,10 @@ import pytest import ldap import os +import subprocess from sssd.testlib.common.utils import sssdTools, LdapOperations from constants import ds_instance_name, ds_rootpw, ds_rootdn +from sssd.testlib.common.ssh2_python import check_login_client def find_logs(multihost, log_name, string_name): @@ -102,8 +104,7 @@ def test_bz748856(multihost, backupsssdconf, common_sssd_setup): 3. clear secure log 4. clear sssd logs and cache :steps: - 1. The user is able to authenticate using SSH password by asserting the - output of the tools.auth_client_ssh_password() function. + 1. The user is able to authenticate using SSH password by check_login_client function. 2. Searches for specific log messages in two log files (/var/log/secure and /var/log/sssd/sssd_{ds_instance_name}.log) using the find_logs() function, and raises an assertion error if @@ -125,7 +126,7 @@ def test_bz748856(multihost, backupsssdconf, common_sssd_setup): ldap_modify_ds(multihost, ldap.MOD_REPLACE, user_dn, 'userPassword', [b'Secret123']) client.run_command('> /var/log/secure') tools.clear_sssd_cache() - assert tools.auth_client_ssh_password('ppuser1', 'Secret123') + check_login_client(multihost, 'ppuser1', 'Secret123') time.sleep(3) file_scure = '/var/log/secure' file_ssd = f'/var/log/sssd/sssd_{ds_instance_name}.log' @@ -154,15 +155,10 @@ def test_maxage(multihost, backupsssdconf, common_sssd_setup): the expected log messages have been generated. 3. Sets the passwordExp configuration in the cn=config section of the 389-ds directory server to off using the ldap_modify_ds() function. - 4. Tests that the user is able to authenticate using SSH password by calling - the tools.auth_client_ssh_password() function with the new password (NewPass_123). - 5. Sets the user's password back to the original password (Secret123) using the ldap_modify_ds() function. :expectedresults: - 1. User should be able to reset expired password + 1. User should not be able to reset expired password 2. Corresponding logs should be generated 3. PasswordExp configuration in the cn=config section should success - 4. Authenticate using SSH password by user should success - 5. Changing user's password back to the original password should success """ client = multihost.client[0] tools = sssdTools(multihost.client[0]) @@ -172,17 +168,21 @@ def test_maxage(multihost, backupsssdconf, common_sssd_setup): ldap_modify_ds(multihost, ldap.MOD_REPLACE, user_dn, 'userPassword', [b'Secret123']) client.run_command('> /var/log/secure') tools.clear_sssd_cache() - client.run_command('sh /tmp/change_user_password_while_expired.sh', raiseonerr=False) + with pytest.raises(subprocess.CalledProcessError): + client.run_command('sh /tmp/change_user_password_while_expired.sh') time.sleep(3) file_scure = '/var/log/secure' file_ssd = f'/var/log/sssd/sssd_{ds_instance_name}.log' - find_logs(multihost, file_scure, "Password expired. Change your password now.") + log_str = multihost.client[0].get_file_contents(file_scure).decode('utf-8') + assert "Password expired. Change your password now." in log_str or \ + "Failed password for ppuser1" in log_str find_logs(multihost, file_ssd, "Server returned control [1.3.6.1.4.1.42.2.27.8.5.1]") - find_logs(multihost, file_ssd, "Password expired user must set a new password") + log_str = multihost.client[0].get_file_contents(file_ssd).decode('utf-8') + assert "Password expired user must set a new password" in log_str or \ + "Password expired, grace logins exhausted." in log_str ldap_modify_ds(multihost, ldap.MOD_REPLACE, cn_config, 'passwordExp', [b'off']) time.sleep(3) - assert tools.auth_client_ssh_password('ppuser1', 'Secret123') - ldap_modify_ds(multihost, ldap.MOD_REPLACE, user_dn, 'userPassword', [b'Secret123']) + check_login_client(multihost, 'ppuser1', 'Secret123') @staticmethod def test_bz954323(multihost, backupsssdconf, common_sssd_setup): @@ -196,7 +196,7 @@ def test_bz954323(multihost, backupsssdconf, common_sssd_setup): 3. Expire a user password ( by setting password Expiration Time) 4. Clear the secure log :steps: - 1. Calling tools.auth_client_ssh_password to authenticate + 1. Calling check_login_client to authenticate the user 'ppuser1' with a password on the client. 2. Calling find_logs to search for a specific message in a log file on the server. 3. Repeating steps 1-2 two more times, with different log search messages each time. @@ -209,21 +209,20 @@ def test_bz954323(multihost, backupsssdconf, common_sssd_setup): 4. Configuration settings should changed to modified earlier """ client = multihost.client[0] - tools = sssdTools(multihost.client[0]) cn_config = 'cn=config' ldap_modify_ds(multihost, ldap.MOD_REPLACE, cn_config, 'passwordExp', [b'on']) ldap_modify_ds(multihost, ldap.MOD_ADD, cn_config, 'passwordGraceLimit', [b'3']) client.run_command("> /var/log/secure") time.sleep(3) - assert tools.auth_client_ssh_password('ppuser1', 'Secret123') + check_login_client(multihost, 'ppuser1', 'Secret123') time.sleep(3) find_logs(multihost, "/var/log/secure", "You have 2 grace login(s) remaining") client.run_command("> /var/log/secure") - assert tools.auth_client_ssh_password('ppuser1', 'Secret123') + check_login_client(multihost, 'ppuser1', 'Secret123') time.sleep(3) find_logs(multihost, "/var/log/secure", "You have 1 grace login(s) remaining") client.run_command("> /var/log/secure") - assert tools.auth_client_ssh_password('ppuser1', 'Secret123') + check_login_client(multihost, 'ppuser1', 'Secret123') time.sleep(3) find_logs(multihost, "/var/log/secure", "You have 0 grace login(s) remaining") for element, value in [('passwordGraceLimit', []), @@ -244,7 +243,7 @@ def test_bz1146198_bz1144011(multihost, backupsssdconf, common_sssd_setup): :steps: 1. Run a script to simulate an expired password. 2. Calling find_logs to search for specific messages in log files on the server. - 3. Calling tools.auth_client_ssh_password to authenticate the user with a new password. + 3. Calling check_login_client to authenticate the user with a new password. 4. Calling ldap_modify_ds three times to delete some configuration settings related to password expiration for the directory :expectedresults: @@ -254,7 +253,6 @@ def test_bz1146198_bz1144011(multihost, backupsssdconf, common_sssd_setup): 4. New setting related to password change should success """ client = multihost.client[0] - tools = sssdTools(multihost.client[0]) cn_config = 'cn=config' ldap_modify_ds(multihost, ldap.MOD_ADD, cn_config, 'passwordMustChange', [b'on']) user_dn = 'uid=ppuser1,ou=People,dc=example,dc=test' @@ -267,7 +265,7 @@ def test_bz1146198_bz1144011(multihost, backupsssdconf, common_sssd_setup): find_logs(multihost, f'/var/log/sssd/sssd_{ds_instance_name}.log', "Password was reset. User must set a new password") time.sleep(3) - assert tools.auth_client_ssh_password('ppuser1', 'NewPass_123') + check_login_client(multihost, 'ppuser1', 'NewPass_123') for element, value in [('passwordMustChange', []), ('passwordWarning', []), ('passwordExp', [b'on'])]: From 140692c1dd11998cc2bf6f3309199602114325a0 Mon Sep 17 00:00:00 2001 From: aborah Date: Tue, 11 Jul 2023 18:52:09 +0530 Subject: [PATCH 065/280] Tests: Fix test_0002_bz1928648 with new ssh module Fix test_0002_bz1928648 with new ssh module Reviewed-by: Shridhar Gadekar (cherry picked from commit 2487c99c8d56d01cfc3832360d94e7309694521c) --- src/tests/multihost/alltests/test_offline.py | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-) diff --git a/src/tests/multihost/alltests/test_offline.py b/src/tests/multihost/alltests/test_offline.py index f07832a009b..9243bf8bf34 100644 --- a/src/tests/multihost/alltests/test_offline.py +++ b/src/tests/multihost/alltests/test_offline.py @@ -10,7 +10,7 @@ import time import pytest from sssd.testlib.common.utils import sssdTools -from sssd.testlib.common.expect import pexpect_ssh +from sssd.testlib.common.ssh2_python import check_login_client from constants import ds_instance_name @@ -101,13 +101,9 @@ def test_0002_bz1928648(self, multihost, backupsssdconf): f' -j DROP') assert block_ip.returncode == 0 user = 'foo1@example1' - client_hostname = multihost.client[0].sys_hostname - client = pexpect_ssh(client_hostname, user, 'Secret123', - debug=False) + time.sleep(5) with pytest.raises(Exception): - client.login(login_timeout=5, - sync_multiplier=1, - auto_prompt_reset=False) + check_login_client(multihost, user, 'Secret123') multihost.client[0].run_command(f"iptables " f"-D OUTPUT -d " f"{hostname} -j DROP") From a1e773df0ebd1b6ebb7c8b2872f71354820c8a88 Mon Sep 17 00:00:00 2001 From: aborah Date: Wed, 12 Jul 2023 15:29:09 +0530 Subject: [PATCH 066/280] Tests: Update tier1 test cases with new ssh module Update tier1 test cases with new ssh module Reviewed-by: Shridhar Gadekar (cherry picked from commit 66908221b51cb4c78a201db72e67ec1e341ef94e) --- .../multihost/alltests/test_ldap_extra_attrs.py | 15 +++++---------- src/tests/multihost/alltests/test_proxy.py | 15 ++++++--------- .../multihost/alltests/test_ssh_authorizedkeys.py | 6 ++---- 3 files changed, 13 insertions(+), 23 deletions(-) diff --git a/src/tests/multihost/alltests/test_ldap_extra_attrs.py b/src/tests/multihost/alltests/test_ldap_extra_attrs.py index b0a95b5e7a6..1415b28a567 100644 --- a/src/tests/multihost/alltests/test_ldap_extra_attrs.py +++ b/src/tests/multihost/alltests/test_ldap_extra_attrs.py @@ -13,7 +13,7 @@ import time from sssd.testlib.common.utils import sssdTools from constants import ds_instance_name -from pexpect import pxssh +from sssd.testlib.common.ssh2_python import SSHClient @pytest.mark.usefixtures('setup_sssd', 'create_posix_usersgroups') @@ -238,16 +238,11 @@ def test_bz847043(multihost, backupsssdconf): client.run_command('gcc -lpthread /tmp/sssd_client_hang.c' ' -o /tmp/client-hang') client.run_command("chown foo1 /tmp/client-hang") - ssh = pxssh.pxssh(options={"StrictHostKeyChecking": "no", - "UserKnownHostsFile": "/dev/null"}) - ssh.force_password = True + ssh = SSHClient(multihost.client[0].sys_hostname, 'foo1', 'Secret123') try: - ssh.login(multihost.client[0].sys_hostname, 'foo1', 'Secret123') - ssh.sendline("cd /tmp") - ssh.prompt(timeout=5) - ssh.sendline('./client-hang > output') - ssh.prompt(timeout=5) - except pxssh.ExceptionPxssh: + ssh.connect() + ssh.execute_command('cd /tmp; ./client-hang > output') + except Exception: pytest.fail("Ssh login failed.") time.sleep(2) log_str = multihost.client[0].get_file_contents("/tmp/output").decode('utf-8') diff --git a/src/tests/multihost/alltests/test_proxy.py b/src/tests/multihost/alltests/test_proxy.py index e9b59b672a4..4aa0452a4e8 100644 --- a/src/tests/multihost/alltests/test_proxy.py +++ b/src/tests/multihost/alltests/test_proxy.py @@ -12,11 +12,9 @@ import time from string import Template import pytest - from constants import ds_suffix -from sssd.testlib.common.expect import pexpect_ssh +from sssd.testlib.common.ssh2_python import SSHClient from sssd.testlib.common.utils import sssdTools -from sssd.testlib.common.exceptions import SSHLoginException @pytest.mark.usefixtures('setup_sssd_krb', 'create_host_keytab', @@ -61,19 +59,18 @@ def test_0001_1724717(self, multihost): cat = 'cat /etc/sssd/sssd.conf' multihost.client[0].run_command(cat) multihost.client[0].service_sssd('start') - client = pexpect_ssh(multihost.client[0].sys_hostname, user, - 'Secret123', debug=False) + client = SSHClient(multihost.client[0].sys_hostname, user, 'Secret123') try: - client.login() - except SSHLoginException: + client.connect() + except Exception: multihost.client[0].run_command(del_user) multihost.client[0].run_command(restore) pytest.fail("%s failed to login" % user) else: id_cmd = 'id %s' % user - (ret1, ret) = client.command(id_cmd) + ret1 = client.execute_command(id_cmd) assert "no such user" not in ret1 - client.logout() + client.close() # On fedora after user logs out it takes time # for systemd process running as user to get stopped, hence # adding sleep diff --git a/src/tests/multihost/alltests/test_ssh_authorizedkeys.py b/src/tests/multihost/alltests/test_ssh_authorizedkeys.py index a2ff4de8944..640a099b495 100644 --- a/src/tests/multihost/alltests/test_ssh_authorizedkeys.py +++ b/src/tests/multihost/alltests/test_ssh_authorizedkeys.py @@ -10,8 +10,7 @@ import pytest import re from sssd.testlib.common.utils import sssdTools -from sssd.testlib.common.expect import pexpect_ssh -from sssd.testlib.common.exceptions import SSHLoginException +from sssd.testlib.common.ssh2_python import check_login_client @pytest.mark.usefixtures('setup_sssd', 'create_posix_usersgroups', @@ -32,8 +31,7 @@ def test_0001_bz1137013(self, multihost, create_ssh_keys): tools = sssdTools(multihost.client[0]) domain_name = tools.get_domain_section_name() user = 'foo1@%s' % domain_name - ssh = tools.auth_from_client(user, 'Secret123') == 3 - assert ssh, f"Ssh failed for user {user}!" + check_login_client(multihost, user, 'Secret123') domain_log = '/var/log/sssd/sssd_%s.log' % domain_name log = multihost.client[0].get_file_contents(domain_log).decode('utf-8') msg = 'Adding sshPublicKey' From ddfc5e52b1186d7a074eb6d29d8017c2298f9ec7 Mon Sep 17 00:00:00 2001 From: aborah Date: Wed, 12 Jul 2023 17:38:03 +0530 Subject: [PATCH 067/280] Tests: Backport of https://github.com/SSSD/sssd/pull/6818 Backport of https://github.com/SSSD/sssd/pull/6818 Reviewed-by: Shridhar Gadekar --- .../multihost/alltests/test_backtrace.py | 7 +- src/tests/multihost/alltests/test_kcm.py | 7 +- src/tests/multihost/alltests/test_krb5.py | 17 +-- src/tests/multihost/alltests/test_krb_fips.py | 115 +++++------------- src/tests/multihost/alltests/test_misc.py | 15 +-- .../alltests/test_ns_account_lock.py | 51 ++++---- .../multihost/alltests/test_sssctl_local.py | 1 - src/tests/multihost/alltests/test_sudo.py | 39 ++---- 8 files changed, 77 insertions(+), 175 deletions(-) diff --git a/src/tests/multihost/alltests/test_backtrace.py b/src/tests/multihost/alltests/test_backtrace.py index d4468b36a85..c73df663a7a 100644 --- a/src/tests/multihost/alltests/test_backtrace.py +++ b/src/tests/multihost/alltests/test_backtrace.py @@ -13,7 +13,7 @@ import time import pytest from sssd.testlib.common.utils import sssdTools -from sssd.testlib.common.expect import pexpect_ssh +from sssd.testlib.common.ssh2_python import check_login_client from constants import ds_instance_name @@ -34,10 +34,7 @@ def no_fallback_dir(multihost): tools.clear_sssd_cache() user = f'foo1@{ds_instance_name}' # Authenticate user - client = pexpect_ssh(multihost.client[0].sys_hostname, user, - 'Secret123', debug=False) - client.login(login_timeout=30, sync_multiplier=5, - auto_prompt_reset=False) + check_login_client(multihost, user, 'Secret123') @pytest.mark.usefixtures('setup_sssd', 'create_posix_usersgroups') diff --git a/src/tests/multihost/alltests/test_kcm.py b/src/tests/multihost/alltests/test_kcm.py index 7023969ac22..1abf07d94ec 100644 --- a/src/tests/multihost/alltests/test_kcm.py +++ b/src/tests/multihost/alltests/test_kcm.py @@ -11,7 +11,7 @@ import re import pytest import time -from sssd.testlib.common.expect import pexpect_ssh +from sssd.testlib.common.ssh2_python import check_login_client from sssd.testlib.common.utils import sssdTools from constants import ds_instance_name @@ -36,10 +36,7 @@ def test_client_timeout(self, multihost, backupsssdconf): client.sssd_conf('kcm', domain_params) multihost.client[0].service_sssd('restart') user = 'foo1@example1' - client = pexpect_ssh(multihost.client[0].sys_hostname, user, - 'Secret123', debug=False) - client.login(login_timeout=30, sync_multiplier=5, - auto_prompt_reset=False) + check_login_client(multihost, user, 'Secret123') sssdTools(multihost.client[0]).clear_sssd_cache() multihost.client[0].run_command("systemctl restart sssd-kcm") multihost.client[0].run_command("> /var/log/sssd/sssd_kcm.log") diff --git a/src/tests/multihost/alltests/test_krb5.py b/src/tests/multihost/alltests/test_krb5.py index 85a97348400..d7f291ca79a 100644 --- a/src/tests/multihost/alltests/test_krb5.py +++ b/src/tests/multihost/alltests/test_krb5.py @@ -7,8 +7,7 @@ from __future__ import print_function import pytest from sssd.testlib.common.utils import sssdTools -from sssd.testlib.common.expect import pexpect_ssh -from sssd.testlib.common.exceptions import SSHLoginException +from sssd.testlib.common.ssh2_python import check_login_client @pytest.mark.usefixtures('setup_sssd_krb', 'create_posix_usersgroups') @@ -45,26 +44,16 @@ def test_0001_krb5_not_working_based_on_k5login(self, client_tool.sssd_conf('domain/example1', dmain_delete, action='delete') multihost.client[0].service_sssd('start') user = 'user5000' - client_hostname = multihost.client[0].sys_hostname multihost.client[0].run_command(f'touch /home/{user}/.k5login') multihost.client[0].run_command(f'chown {user} /home/{user}/.k5login') multihost.client[0].run_command(f'chgrp {user} /home/{user}/.k5login') multihost.client[0].run_command(f'chmod 664 /home/{user}/.k5login') multihost.client[0].service_sssd('restart') - client = pexpect_ssh(client_hostname, user, 'Secret123', debug=False) with pytest.raises(Exception): - client.login(login_timeout=10, sync_multiplier=1, - auto_prompt_reset=False) + check_login_client(multihost, user, 'Secret123') multihost.client[0].run_command(f'rm -vf /home/{user}/.k5login') multihost.client[0].service_sssd('restart') - client = pexpect_ssh(client_hostname, user, 'Secret123', debug=False) - try: - client.login(login_timeout=30, sync_multiplier=5, - auto_prompt_reset=False) - except SSHLoginException: - pytest.fail("%s failed to login" % user) - else: - client.logout() + check_login_client(multihost, user, 'Secret123') multihost.client[0].run_command('authselect select sssd') @pytest.mark.tier1_2 diff --git a/src/tests/multihost/alltests/test_krb_fips.py b/src/tests/multihost/alltests/test_krb_fips.py index 30f7a46cee8..3aa122fbd40 100644 --- a/src/tests/multihost/alltests/test_krb_fips.py +++ b/src/tests/multihost/alltests/test_krb_fips.py @@ -11,12 +11,10 @@ import re import pytest import ldap -from pexpect import pxssh from constants import ds_suffix, krb_realm -from sssd.testlib.common.expect import pexpect_ssh +from sssd.testlib.common.ssh2_python import check_login_client, SSHClient from sssd.testlib.common.utils import sssdTools from sssd.testlib.common.utils import LdapOperations -from sssd.testlib.common.exceptions import SSHLoginException from sssd.testlib.common.libkrb5 import krb5srv @@ -71,14 +69,7 @@ def test_fips_login(multihost): tools = sssdTools(multihost.client[0]) domain_name = tools.get_domain_section_name() user = 'foo1@%s' % domain_name - client = pexpect_ssh(multihost.client[0].sys_hostname, user, - 'Secret123', debug=False) - try: - client.login() - except SSHLoginException: - pytest.fail("%s failed to login" % user) - else: - client.logout() + check_login_client(multihost, user, 'Secret123') @staticmethod @pytest.mark.tier1_2 @@ -100,27 +91,16 @@ def test_kcm_not_store_tgt(multihost, backupsssdconf): multihost.client[0].service_sssd('restart') multihost.client[0].run_command("systemctl " "restart sssd-kcm") - - ssh = pxssh.pxssh(options={"StrictHostKeyChecking": "no", - "UserKnownHostsFile": "/dev/null"}) - ssh.force_password = True + ssh = SSHClient(multihost.client[0].sys_hostname, 'foo3', 'Secret123') try: - ssh.login(multihost.client[0].sys_hostname, 'foo3', 'Secret123') - ssh.sendline('kdestroy -A -q') - ssh.prompt(timeout=5) - ssh.sendline('kinit foo3') - ssh.expect('Password for .*:', timeout=10) - ssh.sendline('Secret123') - ssh.prompt(timeout=5) - ssh.sendline('klist') - ssh.prompt(timeout=5) - klist = str(ssh.before) - ssh.sendline(f'ssh -v -o StrictHostKeyChecking=no -K -l foo3 ' - f'{multihost.client[0].sys_hostname} klist') - ssh.prompt(timeout=30) - ssh_output = str(ssh.before) - ssh.logout() - except pxssh.ExceptionPxssh: + ssh.connect() + ssh.execute_command('kdestroy -A -q') + ssh.execute_command('echo -e "Secret123" | kinit foo3') + klist = ssh.execute_command('klist') + ssh_output = ssh.execute_command(f'ssh -v -o StrictHostKeyChecking=no ' + f'-K -l foo3 {multihost.client[0].sys_hostname} klist') + ssh.close() + except Exception: pytest.fail("Ssh login failed.") assert 'KCM:14583103' in klist, "kinit did not work!" @@ -139,33 +119,19 @@ def test_child_logs_after_receiving_hup(multihost): tools = sssdTools(multihost.client[0]) domain_name = tools.get_domain_section_name() user = 'foo1@%s' % domain_name - client = pexpect_ssh(multihost.client[0].sys_hostname, user, - 'Secret123', debug=False) - try: - client.login() - except SSHLoginException: - pytest.fail("%s failed to login" % user) - else: - client.logout() + check_login_client(multihost, user, 'Secret123') time.sleep(2) ps_cmd = "mv /var/log/sssd/krb5_child.log " \ "/var/log/sssd/krb5_child.log.old" - cmd = multihost.client[0].run_command(ps_cmd) + multihost.client[0].run_command(ps_cmd) ps_cmd = "pgrep sssd" cmd = multihost.client[0].run_command(ps_cmd) sssd_pid = cmd.stdout_text.split('\n')[0] ps_cmd = f"/bin/kill -HUP {sssd_pid}" - cmd = multihost.client[0].run_command(ps_cmd) - client = pexpect_ssh(multihost.client[0].sys_hostname, user, - 'Secret123', debug=False) - try: - client.login() - except SSHLoginException: - pytest.fail("%s failed to login" % user) - else: - client.logout() + multihost.client[0].run_command(ps_cmd) + check_login_client(multihost, user, 'Secret123') time.sleep(2) - cmd = multihost.client[0].run_command(ps_cmd) + multihost.client[0].run_command(ps_cmd) for file in ['krb5_child.log', 'krb5_child.log.old']: ps_cmd = f"ls -l /var/log/sssd/{file}" cmd = multihost.client[0].run_command(ps_cmd) @@ -194,14 +160,7 @@ def test_sssd_not_check_gss_spengo(multihost, backupsssdconf): client.sssd_conf('domain/example1', domain_params) client.clear_sssd_cache() user = 'foo1@%s' % domain_name - client = pexpect_ssh(multihost.client[0].sys_hostname, user, - 'Secret123', debug=False) - try: - client.login() - except SSHLoginException: - pytest.fail("%s failed to login" % user) - else: - client.logout() + check_login_client(multihost, user, 'Secret123') ps_grep = "grep GSS /var/log/sssd/*.log" cmd = multihost.client[0].run_command(ps_grep) err_msg = "SPNEGO cannot find mechanisms to negotiate" @@ -221,18 +180,15 @@ def test_fips_as_req(multihost): tcpdump_cmd = 'tcpdump -s0 host %s -w %s' % (ldap_host, pcapfile) multihost.client[0].run_command(tcpdump_cmd, bg=True) pkill = 'pkill tcpdump' - client = pexpect_ssh(multihost.client[0].sys_hostname, user, - 'Secret123', debug=False) try: - client.login() - except SSHLoginException: + check_login_client(multihost, user, 'Secret123') + except Exception: multihost.client[0].run_command(pkill) tshark_cmd = "tshark -r %s -V -2 -R 'kerberos.ENCTYPE'" % pcapfile - cmd = multihost.client[0].run_command(tshark_cmd, raiseonerr=False) + multihost.client[0].run_command(tshark_cmd, raiseonerr=False) pytest.fail("%s failed to login" % user) else: time.sleep(5) - client.logout() multihost.client[0].run_command(pkill) # check as_req tshark_cmd = "tshark -r %s -V -2 -R 'kerberos.ENCTYPE'" % pcapfile @@ -261,11 +217,9 @@ def test_fips_as_rep(multihost): f' -w {pcapfile}' multihost.client[0].run_command(tcpdump_cmd, bg=True) pkill = 'pkill tcpdump' - client = pexpect_ssh(multihost.client[0].sys_hostname, user, - 'Secret123', debug=False) try: - client.login() - except SSHLoginException: + check_login_client(multihost, user, 'Secret123') + except Exception: multihost.client[0].run_command(pkill) print("SSH Login failed") tshark_cmd = "tshark -r %s -V -2 -R"\ @@ -274,7 +228,6 @@ def test_fips_as_rep(multihost): pytest.fail("%s failed to login" % user) else: time.sleep(5) - client.logout() multihost.client[0].run_command(pkill) # check as_rep tshark_cmd = "tshark -r %s -V -2 -R"\ @@ -328,15 +281,13 @@ def test_login_fips_weak_crypto(multihost): tcpdump_cmd = 'tcpdump -s0 host %s -w %s' % (ldap_host, pcapfile) multihost.client[0].run_command(tcpdump_cmd, bg=True) pkill = 'pkill tcpdump' - client = pexpect_ssh(multihost.client[0].sys_hostname, user, - 'Secret123', debug=False) try: - client.login() - except SSHLoginException: + check_login_client(multihost, user, 'Secret123') + except Exception: multihost.client[0].run_command(pkill) tshark_cmd = "tshark -r %s -V -2 -R"\ " 'kerberos.msg_type == 30'" % pcapfile - cmd = multihost.client[0].run_command(tshark_cmd, raiseonerr=False) + multihost.client[0].run_command(tshark_cmd, raiseonerr=False) journalctl_cmd = 'journalctl --no-pager -n 150' cmd = multihost.client[0].run_command(journalctl_cmd) check = re.compile(r'KDC has no support for encryption type') @@ -365,20 +316,18 @@ def test_ldap_gssapi(multihost): tcpdump_cmd = 'tcpdump -s0 host %s -w %s' % (ldap_host, pcapfile) multihost.client[0].run_command(tcpdump_cmd, bg=True) pkill = 'pkill tcpdump' - client = pexpect_ssh(multihost.client[0].sys_hostname, user, - 'Secret123', debug=False) + client = SSHClient(multihost.client[0].sys_hostname, user, 'Secret123') try: - client.login() - except SSHLoginException: + client.connect() + except Exception: multihost.client[0].run_command(pkill) pytest.fail("%s failed to login" % user) else: ldapsearch = 'ldapsearch -Y GSSAPI -H ldap://%s' % ldap_host - client.command(ldapsearch) - client.logout() - multihost.client[0].run_command(pkill) - tshark_cmd = "tshark -r %s -V -2 -R"\ - " 'kerberos.msg_type == 13'" % pcapfile + client.execute_command(ldapsearch) + client.close() + multihost.client[0].run_command(pkill, raiseonerr=False) + tshark_cmd = "tshark -r %s -V -2 -R 'kerberos.msg_type == 13'" % pcapfile multihost.client[0].run_command(tshark_cmd, raiseonerr=False) rm_pcap_file = 'rm -f %s' % pcapfile multihost.client[0].run_command(rm_pcap_file) diff --git a/src/tests/multihost/alltests/test_misc.py b/src/tests/multihost/alltests/test_misc.py index 45da9718a5e..0484698d27c 100644 --- a/src/tests/multihost/alltests/test_misc.py +++ b/src/tests/multihost/alltests/test_misc.py @@ -12,12 +12,11 @@ import time import subprocess import pytest -from sssd.testlib.common.expect import pexpect_ssh +import textwrap from datetime import datetime as D_T -from sssd.testlib.common.exceptions import SSHLoginException -from sssd.testlib.common.ssh2_python import check_login_client from sssd.testlib.common.utils import sssdTools, LdapOperations from constants import ds_instance_name, ds_suffix, ds_rootdn, ds_rootpw +from sssd.testlib.common.ssh2_python import check_login_client def find_logs(multihost, log_name, string_name): @@ -432,15 +431,7 @@ def test_0008_1636002(multihost, backupsssdconf): # Try ssh after socket activation is configured # Result does not matter we just need to trigger the PAM stack - ssh_client = pexpect_ssh( - multihost.client[0].sys_hostname, user, 'Secret123', debug=False) - try: - ssh_client.login( - login_timeout=30, sync_multiplier=5, auto_prompt_reset=False) - except SSHLoginException: - pass - else: - ssh_client.logout() + check_login_client(multihost, user, 'Secret123') # Print pam log for debug purposes multihost.client[0].run_command( diff --git a/src/tests/multihost/alltests/test_ns_account_lock.py b/src/tests/multihost/alltests/test_ns_account_lock.py index 0110d5a8aea..1666e2341bd 100644 --- a/src/tests/multihost/alltests/test_ns_account_lock.py +++ b/src/tests/multihost/alltests/test_ns_account_lock.py @@ -13,6 +13,7 @@ import pytest from sssd.testlib.common.utils import LdapOperations from sssd.testlib.common.utils import sssdTools +from sssd.testlib.common.ssh2_python import check_login_client def execute_cmd(multihost, command): @@ -103,7 +104,6 @@ def test_user_inactivated_locked(multihost): 3. Should succeed """ clean_sys(multihost) - client = sssdTools(multihost.client[0]) assert "foo1@example1" in \ execute_cmd(multihost, "getent -s sss passwd" " foo1@example1").stdout_text @@ -112,17 +112,16 @@ def test_user_inactivated_locked(multihost): "ldapusers@example1").stdout_text manage_user_roles(multihost, "uid=foo1", "lock", "account") - ssh0 = client.auth_from_client("foo1@example1", 'Secret123') == 3 + with pytest.raises(Exception): + check_login_client(multihost, "foo1@example1", 'Secret123') time.sleep(3) lock_check(multihost, "foo1") # User is activated or unlocked clean_sys(multihost) manage_user_roles(multihost, "uid=foo1", "unlock", "account") - ssh1 = client.auth_from_client("foo1@example1", 'Secret123') == 3 + check_login_client(multihost, "foo1@example1", 'Secret123') time.sleep(3) unlock_check(multihost, "foo1") - assert not ssh0, "Ssh passed instead of failing!" - assert ssh1, "Ssh failed instead of passing!" @staticmethod def test_inactive_managed_roles(multihost): @@ -146,7 +145,8 @@ def test_inactive_managed_roles(multihost): ds_rootdn = 'cn=Directory Manager' ds_rootpw = 'Secret123' manage_user_roles(multihost, "cn=managed", "lock", "role") - ssh0 = client.auth_from_client("foo1@example1", 'Secret123') == 3 + with pytest.raises(Exception): + check_login_client(multihost, "foo1@example1", 'Secret123') time.sleep(3) lock_check(multihost, "foo1") # User added to the above inactive managed role @@ -157,7 +157,8 @@ def test_inactive_managed_roles(multihost): add_member = [(ldap.MOD_ADD, 'nsRoleDN', role_dn.encode('utf-8'))] (ret, _) = ldap_inst.modify_ldap(user_dn, add_member) assert ret == 'Success' - ssh1 = client.auth_from_client("foo2@example1", 'Secret123') == 3 + with pytest.raises(Exception): + check_login_client(multihost, "foo2@example1", 'Secret123') time.sleep(3) lock_check(multihost, "foo2") # User removed from the above inactive managed role @@ -168,19 +169,15 @@ def test_inactive_managed_roles(multihost): add_member = [(ldap.MOD_DELETE, 'nsRoleDN', role_dn.encode('utf-8'))] (ret, _) = ldap_inst.modify_ldap(user_dn, add_member) assert ret == 'Success' - ssh2 = client.auth_from_client("foo2@example1", 'Secret123') == 3 + check_login_client(multihost, "foo2@example1", 'Secret123') time.sleep(3) unlock_check(multihost, "foo2") # Activate managed role clean_sys(multihost) manage_user_roles(multihost, "cn=managed", "unlock", "role") - ssh3 = client.auth_from_client("foo1@example1", 'Secret123') == 3 + check_login_client(multihost, "foo1@example1", 'Secret123') time.sleep(3) unlock_check(multihost, "foo1") - assert not ssh0, "Ssh passed instead of failing for foo1!" - assert not ssh1, "Ssh passed instead of failing for foo2!" - assert ssh2, "Ssh failed for foo2!" - assert ssh3, "Ssh failed for foo1!" @staticmethod def test_inactivated_filtered_roles(multihost): @@ -210,13 +207,15 @@ def test_inactivated_filtered_roles(multihost): (ret, _) = ldap_inst.modify_ldap(user_dn, add_member) assert ret == 'Success' manage_user_roles(multihost, "cn=filtered", "lock", "role") - ssh0 = client.auth_from_client("foo3@example1", 'Secret123') == 3 + with pytest.raises(Exception): + check_login_client(multihost, "foo3@example1", 'Secret123') time.sleep(3) lock_check(multihost, "foo3") # User added to the above inactive filtered role clean_sys(multihost) - ssh1 = client.auth_from_client("foo4@example1", 'Secret123') == 3 + with pytest.raises(Exception): + check_login_client(multihost, "foo4@example1", 'Secret123') time.sleep(3) lock_check(multihost, "foo4") @@ -228,19 +227,15 @@ def test_inactivated_filtered_roles(multihost): add_member = [(ldap.MOD_DELETE, 'o', role_dn.encode('utf-8'))] (ret, _) = ldap_inst.modify_ldap(user_dn, add_member) assert ret == 'Success' - ssh2 = client.auth_from_client("foo3@example1", 'Secret123') == 3 + check_login_client(multihost, "foo3@example1", 'Secret123') time.sleep(3) unlock_check(multihost, "foo3") # Activate filtered role clean_sys(multihost) manage_user_roles(multihost, "cn=filtered", "unlock", "role") - ssh3 = client.auth_from_client("foo4@example1", 'Secret123') == 3 + check_login_client(multihost, "foo4@example1", 'Secret123') time.sleep(3) unlock_check(multihost, "foo4") - assert not ssh0, "Ssh passed instead of failing!" - assert not ssh1, "Ssh passed instead of failing!" - assert ssh2, "Ssh failed for foo3!" - assert ssh3, "Ssh failed for foo4!" @staticmethod def test_nested_role_inactivated(multihost): @@ -276,11 +271,13 @@ def test_nested_role_inactivated(multihost): user_dn = 'cn=nested,ou=People,dc=example,dc=test' (_, _) = ldap_inst.add_entry(user_info, user_dn) manage_user_roles(multihost, "cn=nested", "lock", "role") - ssh0 = client.auth_from_client("foo1@example1", 'Secret123') == 3 + with pytest.raises(Exception): + check_login_client(multihost, "foo1@example1", 'Secret123') time.sleep(3) lock_check(multihost, "foo1") - ssh1 = client.auth_from_client("foo4@example1", 'Secret123') == 3 + with pytest.raises(Exception): + check_login_client(multihost, "foo4@example1", 'Secret123') time.sleep(3) lock_check(multihost, "foo4") @@ -288,12 +285,8 @@ def test_nested_role_inactivated(multihost): clean_sys(multihost) ldap_inst = LdapOperations(ldap_uri, ds_rootdn, ds_rootpw) manage_user_roles(multihost, "cn=nested", "unlock", "role") - ssh2 = client.auth_from_client("foo1@example1", 'Secret123') == 3 - ssh3 = client.auth_from_client("foo4@example1", 'Secret123') == 3 + check_login_client(multihost, "foo1@example1", 'Secret123') + check_login_client(multihost, "foo4@example1", 'Secret123') time.sleep(3) unlock_check(multihost, "foo1") unlock_check(multihost, "foo4") - assert not ssh0, "Ssh passed instead of failing!" - assert not ssh1, "Ssh passed instead of failing!" - assert ssh2, "Ssh failed for foo3!" - assert ssh3, "Ssh failed for foo4!" diff --git a/src/tests/multihost/alltests/test_sssctl_local.py b/src/tests/multihost/alltests/test_sssctl_local.py index 8af8fc2c8ae..bd322e46cbf 100644 --- a/src/tests/multihost/alltests/test_sssctl_local.py +++ b/src/tests/multihost/alltests/test_sssctl_local.py @@ -9,7 +9,6 @@ from __future__ import print_function import pytest from sssd.testlib.common.utils import sssdTools -from sssd.testlib.common.paths import SSSD_DEFAULT_CONF from sssd.testlib.common.exceptions import SSSDException diff --git a/src/tests/multihost/alltests/test_sudo.py b/src/tests/multihost/alltests/test_sudo.py index 4f58f4dda16..b4350ae23a8 100644 --- a/src/tests/multihost/alltests/test_sudo.py +++ b/src/tests/multihost/alltests/test_sudo.py @@ -9,7 +9,7 @@ import time import re import pytest -from pexpect import pxssh +from sssd.testlib.common.ssh2_python import SSHClient from sssd.testlib.common.utils import sssdTools from constants import ds_instance_name, ds_suffix @@ -55,19 +55,14 @@ def test_bz1294670(multihost, localusers): add_rule2 = "echo 'Defaults:%s !requiretty'"\ " >> /etc/sudoers.d/%s" % (user, user) multihost.client[0].run_command(add_rule2) - - ssh = pxssh.pxssh(options={"StrictHostKeyChecking": "no", - "UserKnownHostsFile": "/dev/null"}) - ssh.force_password = True + ssh = SSHClient(multihost.client[0].sys_hostname, user, 'Secret123') try: - ssh.login(multihost.client[0].sys_hostname, user, 'Secret123') + ssh.connect() for _ in range(1, 10): - ssh.sendline('sudo fdisk -l') - ssh.prompt(timeout=5) - ssh.sendline('sudo ls -l /usr/sbin/') - ssh.prompt(timeout=5) - ssh.logout() - except pxssh.ExceptionPxssh: + ssh.execute_command('sudo fdisk -l') + ssh.execute_command('sudo ls -l /usr/sbin/') + ssh.close() + except Exception: pytest.fail(f"Authentication Failed as user {user}") pkill = 'pkill tcpdump' multihost.client[0].run_command(pkill) @@ -105,21 +100,13 @@ def test_timed_sudoers_entry(multihost, timed_sudoers): sssd_params = {'services': 'nss, pam, sudo'} tools.sssd_conf(section, sssd_params, action='update') multihost.client[0].service_sssd('start') - - ssh = pxssh.pxssh(options={"StrictHostKeyChecking": "no", - "UserKnownHostsFile": "/dev/null"}) - ssh.force_password = True + ssh = SSHClient(multihost.client[0].sys_hostname, 'foo1@example.test', 'Secret123') try: - ssh.login(multihost.client[0].sys_hostname, - 'foo1@example.test', 'Secret123') - ssh.sendline('id') - ssh.prompt(timeout=5) - id_out = str(ssh.before) - ssh.sendline('sudo -l') - ssh.prompt(timeout=5) - sudo_out = str(ssh.before) - ssh.logout() - except pxssh.ExceptionPxssh: + ssh.connect() + id_out = ssh.execute_command('id') + sudo_out = ssh.execute_command('sudo -l') + ssh.close() + except Exception: pytest.fail("Failed to login via ssh.") assert 'foo1' in id_out, "id command did not work." assert 'NOTBEFORE=' in sudo_out or 'NOTAFTER=' in sudo_out,\ From 7a6358294059c5c26967ab69a965ed328f0ed652 Mon Sep 17 00:00:00 2001 From: aborah Date: Thu, 13 Jul 2023 12:38:19 +0530 Subject: [PATCH 068/280] Tests: Fix test_0008_1636002 Fix test_0008_1636002 Reviewed-by: Shridhar Gadekar --- src/tests/multihost/alltests/test_misc.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/tests/multihost/alltests/test_misc.py b/src/tests/multihost/alltests/test_misc.py index 0484698d27c..676b9678939 100644 --- a/src/tests/multihost/alltests/test_misc.py +++ b/src/tests/multihost/alltests/test_misc.py @@ -431,7 +431,8 @@ def test_0008_1636002(multihost, backupsssdconf): # Try ssh after socket activation is configured # Result does not matter we just need to trigger the PAM stack - check_login_client(multihost, user, 'Secret123') + with pytest.raises(Exception): + check_login_client(multihost, user, 'Secret123') # Print pam log for debug purposes multihost.client[0].run_command( From e6fbd1cb4d4594a68c7bca14ee79a0b2758e08f2 Mon Sep 17 00:00:00 2001 From: Alexey Tikhonov Date: Tue, 11 Jul 2023 10:33:56 +0200 Subject: [PATCH 069/280] SPEC: sync with Fedora spec file MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bringing https://src.fedoraproject.org/rpms/sssd/c/d3ba8fb11abeefd2f817d58507e5ea3bdada2222 upstream Reviewed-by: Iker Pedrosa Reviewed-by: Tomáš Halman (cherry picked from commit e91a90cf052c382f9d3b0ac5ddee749c50ee6f36) --- contrib/sssd.spec.in | 1 + 1 file changed, 1 insertion(+) diff --git a/contrib/sssd.spec.in b/contrib/sssd.spec.in index c0486d2525c..831c5dc9eff 100644 --- a/contrib/sssd.spec.in +++ b/contrib/sssd.spec.in @@ -144,6 +144,7 @@ BuildRequires: pcre2-devel BuildRequires: pkgconfig BuildRequires: popt-devel BuildRequires: python3-devel +BuildRequires: (python3-setuptools if python3 >= 3.12) BuildRequires: samba-devel # required for idmap_sss.so BuildRequires: samba-winbind From 15d7d34b20219e2fd45c43881088f5d542e9603e Mon Sep 17 00:00:00 2001 From: Sumit Bose Date: Tue, 4 Jul 2023 18:56:35 +0200 Subject: [PATCH 070/280] sssct: allow cert-show and cert-eval-rule as non-root MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The cert-show and cert-eval-rule sub-commands do not need root access and do not require SSSD to be configured on the host. Resolves: https://github.com/SSSD/sssd/issues/6802 Reviewed-by: Alejandro López Reviewed-by: Alexey Tikhonov (cherry picked from commit 8466f0e4d0c6cd2b98d2789970847b9adc01d7d4) --- src/tools/sssctl/sssctl.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/tools/sssctl/sssctl.c b/src/tools/sssctl/sssctl.c index 855260aedd2..04c41aa9af4 100644 --- a/src/tools/sssctl/sssctl.c +++ b/src/tools/sssctl/sssctl.c @@ -340,9 +340,9 @@ int main(int argc, const char **argv) SSS_TOOL_COMMAND_FLAGS("config-check", "Perform static analysis of SSSD configuration", 0, sssctl_config_check, SSS_TOOL_FLAG_SKIP_CMD_INIT), #endif SSS_TOOL_DELIMITER("Certificate related tools:"), - SSS_TOOL_COMMAND("cert-show", "Print information about the certificate", 0, sssctl_cert_show), + SSS_TOOL_COMMAND_FLAGS("cert-show", "Print information about the certificate", 0, sssctl_cert_show, SSS_TOOL_FLAG_SKIP_CMD_INIT|SSS_TOOL_FLAG_SKIP_ROOT_CHECK), SSS_TOOL_COMMAND("cert-map", "Show users mapped to the certificate", 0, sssctl_cert_map), - SSS_TOOL_COMMAND("cert-eval-rule", "Check mapping and matching rule with a certificate", 0, sssctl_cert_eval_rule), + SSS_TOOL_COMMAND_FLAGS("cert-eval-rule", "Check mapping and matching rule with a certificate", 0, sssctl_cert_eval_rule, SSS_TOOL_FLAG_SKIP_CMD_INIT|SSS_TOOL_FLAG_SKIP_ROOT_CHECK), #ifdef BUILD_PASSKEY SSS_TOOL_DELIMITER("Passkey related tools:"), SSS_TOOL_COMMAND_FLAGS("passkey-register", "Perform passkey registration", 0, sssctl_passkey_register, SSS_TOOL_FLAG_SKIP_CMD_INIT|SSS_TOOL_FLAG_SKIP_ROOT_CHECK), From 11afa7a6ef7e15f1e98c7145ad5c80bbdfc520e2 Mon Sep 17 00:00:00 2001 From: Sumit Bose Date: Tue, 4 Jul 2023 19:06:27 +0200 Subject: [PATCH 071/280] certmap: fix partial string comparison MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit If the formatting option of the certificate digest/hash function contained and additional specifier separated with a '_' the comparison of the provided digest name and the available ones was incomplete, the last character was ignored and the comparison was successful if even if there was only a partial match. Resolves: https://github.com/SSSD/sssd/issues/6802 Reviewed-by: Alejandro López Reviewed-by: Alexey Tikhonov (cherry picked from commit 0817ca3b366f51510705ab77d7900c0b65b7d2fc) --- src/lib/certmap/sss_certmap_ldap_mapping.c | 9 ++++++++- src/tests/cmocka/test_certmap.c | 22 ++++++++++++++++++++++ 2 files changed, 30 insertions(+), 1 deletion(-) diff --git a/src/lib/certmap/sss_certmap_ldap_mapping.c b/src/lib/certmap/sss_certmap_ldap_mapping.c index 2f16837a147..354b0310b18 100644 --- a/src/lib/certmap/sss_certmap_ldap_mapping.c +++ b/src/lib/certmap/sss_certmap_ldap_mapping.c @@ -228,14 +228,21 @@ int check_digest_conversion(const char *inp, const char **digest_list, bool colon = false; bool reverse = false; char *c; + size_t len = 0; sep = strchr(inp, '_'); + if (sep != NULL) { + len = sep - inp; + } for (d = 0; digest_list[d] != NULL; d++) { if (sep == NULL) { cmp = strcasecmp(digest_list[d], inp); } else { - cmp = strncasecmp(digest_list[d], inp, (sep - inp -1)); + if (strlen(digest_list[d]) != len) { + continue; + } + cmp = strncasecmp(digest_list[d], inp, len); } if (cmp == 0) { diff --git a/src/tests/cmocka/test_certmap.c b/src/tests/cmocka/test_certmap.c index da312beaf95..a15984d60b9 100644 --- a/src/tests/cmocka/test_certmap.c +++ b/src/tests/cmocka/test_certmap.c @@ -2183,6 +2183,28 @@ static void test_sss_certmap_ldapu1_cert(void **state) assert_non_null(ctx); assert_null(ctx->prio_list); + /* cert!sha */ + ret = sss_certmap_add_rule(ctx, 91, + "KRB5:.*", + "LDAP:rule91={cert!sha}", NULL); + assert_int_equal(ret, EINVAL); + + ret = sss_certmap_add_rule(ctx, 91, + "KRB5:.*", + "LDAPU1:rule91={cert!sha}", NULL); + assert_int_equal(ret, EINVAL); + + /* cert!sha_u */ + ret = sss_certmap_add_rule(ctx, 90, + "KRB5:.*", + "LDAP:rule90={cert!sha_u}", NULL); + assert_int_equal(ret, EINVAL); + + ret = sss_certmap_add_rule(ctx, 99, + "KRB5:.*", + "LDAPU1:rule90={cert!sha_u}", NULL); + assert_int_equal(ret, EINVAL); + /* cert!sha555 */ ret = sss_certmap_add_rule(ctx, 89, "KRB5:.*", From aedef959a7f7571611b63fa496faab43a350a81b Mon Sep 17 00:00:00 2001 From: Sumit Bose Date: Mon, 10 Jul 2023 22:21:06 +0200 Subject: [PATCH 072/280] test: fix linking issue MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Reviewed-by: Alejandro López Reviewed-by: Alexey Tikhonov (cherry picked from commit 2bc426fa731f02e7a2307287ad122ac532e3589e) --- Makefile.am | 2 ++ 1 file changed, 2 insertions(+) diff --git a/Makefile.am b/Makefile.am index 23c63ec1ea8..11c9a0df2ad 100644 --- a/Makefile.am +++ b/Makefile.am @@ -2512,6 +2512,7 @@ test_sbus_message_LDADD = \ libsss_debug.la \ libsss_test_common.la \ libsss_sbus.la \ + $(SSSD_INTERNAL_LTLIBS) \ $(NULL) test_sbus_opath_SOURCES = \ @@ -2525,6 +2526,7 @@ test_sbus_opath_LDADD = \ libsss_debug.la \ libsss_test_common.la \ libsss_sbus.la \ + $(SSSD_INTERNAL_LTLIBS) \ $(NULL) if HAVE_CMOCKA From 89ff25496db7363ced4630fa4ab2b0e5e7148677 Mon Sep 17 00:00:00 2001 From: Madhuri Upadhye Date: Thu, 29 Jun 2023 14:35:46 +0530 Subject: [PATCH 073/280] Tests: Minor fix in test_adtrust MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit correct the variable name. Signed-off-by: Madhuri Upadhye Reviewed-by: Pavel Březina Reviewed-by: Tomáš Halman (cherry picked from commit ac5480af39c68f711292c4a6b6f9e16c1273eea8) --- src/tests/multihost/ipa/test_adtrust.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/tests/multihost/ipa/test_adtrust.py b/src/tests/multihost/ipa/test_adtrust.py index 36791aed88c..49607e8e9b4 100644 --- a/src/tests/multihost/ipa/test_adtrust.py +++ b/src/tests/multihost/ipa/test_adtrust.py @@ -171,7 +171,7 @@ def test_adusrname_beginning_with_at_rate_sign(multihost): assert ad_user not in cmd.stdout_text,\ f"{ad_user} information is fetched" assert cmd1.returncode != 0, 'User information returned' - assert ad_grp not in cmd1.stdout_text,\ + assert ad_group not in cmd1.stdout_text,\ f"{ad_user} is not available in {ad_user} information" @staticmethod From c26b6b5ad48e49f49e437c2f500fcb187d1c62fe Mon Sep 17 00:00:00 2001 From: Patrik Rosecky Date: Thu, 4 May 2023 10:53:18 +0200 Subject: [PATCH 074/280] Tests: converted multihost/test_config.py MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Reviewed-by: Jakub Vávra Reviewed-by: Pavel Březina (cherry picked from commit 0f911c10d6ae16cba0b189bd16827f4b0fa674fa) --- src/tests/multihost/basic/test_config.py | 7 +- src/tests/system/tests/test_config.py | 166 +++++++++++++++++++++++ 2 files changed, 172 insertions(+), 1 deletion(-) create mode 100644 src/tests/system/tests/test_config.py diff --git a/src/tests/multihost/basic/test_config.py b/src/tests/multihost/basic/test_config.py index 00a82204cb6..8d4847b9e5f 100644 --- a/src/tests/multihost/basic/test_config.py +++ b/src/tests/multihost/basic/test_config.py @@ -7,7 +7,8 @@ :status: approved """ -from utils_config import set_param, remove_section +import pytest +from utils_config import remove_section, set_param class TestSSSDConfig(object): @@ -25,6 +26,7 @@ def _assert_config_value(self, multihost, section, key, value): check_str = '%s: %s' % (key, value) assert check_str in cmd.stdout_text + @pytest.mark.converted('test_config.py', 'test_config__change_config_while_sssd_running') def test_sssd_genconf_sssd_running(self, multihost): """ :title: config: sssd --genconf is able to re-generate @@ -41,6 +43,7 @@ def test_sssd_genconf_sssd_running(self, multihost): set_param(multihost, 'pam', 'debug_level', '9') + @pytest.mark.converted('test_config.py', 'test_config__genconf_particular_section') def test_sssd_genconf_section_only(self, multihost): """ :title: config: sssd --genconf-section only @@ -65,6 +68,7 @@ def test_sssd_genconf_section_only(self, multihost): set_param(multihost, 'nss', 'debug_level', '9') set_param(multihost, 'pam', 'debug_level', '9') + @pytest.mark.converted('test_config.py', 'test_config__add_remove_section') def test_sssd_genconf_add_remove_section(self, multihost): """ :title: config: sssd --genconf-section can not only modify @@ -96,6 +100,7 @@ def test_sssd_genconf_add_remove_section(self, multihost): self._assert_config_value(multihost, 'pam', 'debug_level', '9') self._assert_config_value(multihost, 'nss', 'debug_level', '9') + @pytest.mark.converted('test_config.py', 'test_config__genconf_no_such_section') def test_sssd_genconf_no_such_section(self, multihost): """ :title: config: Referencing a non-existant section must not fail diff --git a/src/tests/system/tests/test_config.py b/src/tests/system/tests/test_config.py new file mode 100644 index 00000000000..80d4557b944 --- /dev/null +++ b/src/tests/system/tests/test_config.py @@ -0,0 +1,166 @@ +""" +SSSD Configuration-related Test Cases + +:requirement: IDM-SSSD-REQ: Configuration merging +""" + +from __future__ import annotations + +import pytest +from sssd_test_framework.roles.client import Client +from sssd_test_framework.topology import KnownTopologyGroup + + +@pytest.mark.topology(KnownTopologyGroup.AnyProvider) +def test_config__change_config_while_sssd_running(client: Client): + """ + :title: Re-generate config while SSSD is running + :setup: + 1. In pam domain set "debug_level" to 9 + 2. Start SSSD + :steps: + 1. Check that "debug_level" in pam domain is 9 + 2. Change "debug_level" in pam to 1 + 3. Apply config changes + 4. Call "sssd --genconf" + 5. Check that "debug_level" in pam is 1 + :expectedresults: + 1. "debug_level" is set to 9 + 2. "debug_level" is changed successfully + 3. Changes are apllied successfully + 4. "sssd --genconf" is called successfully + 5. "debug_level" is set to 1 + :customerscenario: False + """ + client.sssd.pam["debug_level"] = "9" + client.sssd.start() + + result = client.ldb.search("/var/lib/sss/db/config.ldb", "cn=pam,cn=config") + assert result["cn=pam,cn=config"]["debug_level"] == ["9"] + + client.sssd.pam["debug_level"] = "1" + client.sssd.config_apply() + client.sssd.genconf() + + result = client.ldb.search("/var/lib/sss/db/config.ldb", "cn=pam,cn=config") + assert result["cn=pam,cn=config"]["debug_level"] == ["1"] + + +@pytest.mark.topology(KnownTopologyGroup.AnyProvider) +def test_config__genconf_particular_section(client: Client): + """ + :title: Re-generate only particular section in config while SSSD is running + :setup: + 1. In pam domain set "debug_level" to 9 + 2. In nss domain set "debug_level" to 9 + 3. Start SSSD + :steps: + 1. Check that "debug_level" in pam domain is 9 + 2. Check that "debug_level" in nss domain is 9 + 3. Change "debug_level" in pam and in nss to 1 + 4. Apply config changes + 5. Call "sssd --genconf-section==pam" + 6. Check that "debug_level" in pam is 1 + 7. Check that "debug_level" in nss remained 9 + :expectedresults: + 1. "debug_level" is set to 9 + 2. "debug_level" is set to 9 + 3. "debug_level" is changed successfully + 4. Changes are apllied successfully + 5. "sssd --genconf-section==pam" is called successfully + 6. "debug_level" in pam is 1 + 7. "debug_level" in nss remains 9 + :customerscenario: False + """ + client.sssd.pam["debug_level"] = "9" + client.sssd.nss["debug_level"] = "9" + client.sssd.start() + + result = client.ldb.search("/var/lib/sss/db/config.ldb") + assert result["cn=pam,cn=config"]["debug_level"] == ["9"] + assert result["cn=nss,cn=config"]["debug_level"] == ["9"] + + client.sssd.pam["debug_level"] = "1" + client.sssd.nss["debug_level"] = "1" + client.sssd.config_apply() + + client.sssd.genconf("pam") + + result = client.ldb.search("/var/lib/sss/db/config.ldb") + assert result["cn=pam,cn=config"]["debug_level"] == ["1"] + assert result["cn=nss,cn=config"]["debug_level"] == ["9"] + + +@pytest.mark.topology(KnownTopologyGroup.AnyProvider) +def test_config__add_remove_section(client: Client): + """ + :title: Add and remove new section to config file + with --genconf-section while SSSD is running + :setup: + 1. In pam domain set "debug_level" to 9 + 2. In nss domain set "debug_level" to 9 + 3. Start SSSD + :steps: + 1. Check that "debug_level" in pam and nss is 9 + 2. Add new section to config with key, value pair set + 3. Apply config changes + 4. Call "sssd --genconf-section==$newSection" + 5. Check that the new section is properly set + 6. Remove new section + 7. Call "sssd --genconf-section==$newSection" + 8. Check that the new section was deleted + 9. Check that "debug_level" in pam and nss is 9 + :expectedresults: + 1. "debug_level" is set to 9 in both domains + 2. Added successfully + 4. Changes are apllied successfully + 5. "sssd --genconf-section==$newSection" is called successfully + 6. New section is removed successfully + 7. "sssd --genconf-section==$newSection" is called successfully + 8. New section was deleted correctly + 9. "debug_level" in pam and nss remained 9 + :customerscenario: False + """ + client.sssd.pam["debug_level"] = "9" + client.sssd.nss["debug_level"] = "9" + client.sssd.start() + + result = client.ldb.search("/var/lib/sss/db/config.ldb") + assert result["cn=pam,cn=config"]["debug_level"] == ["9"] + assert result["cn=nss,cn=config"]["debug_level"] == ["9"] + + client.sssd.config["new_section"] = {"key": "value"} + client.sssd.config_apply(check_config=False) + client.sssd.genconf("new_section") + + result = client.ldb.search("/var/lib/sss/db/config.ldb", "cn=new_section,cn=config") + assert result["cn=new_section,cn=config"]["key"] == ["value"] + + del client.sssd.config["new_section"] + + client.sssd.config_apply() + client.sssd.genconf("new_section") + + result = client.ldb.search("/var/lib/sss/db/config.ldb") + assert result["cn=pam,cn=config"]["debug_level"] == ["9"] + assert result["cn=nss,cn=config"]["debug_level"] == ["9"] + with pytest.raises(KeyError): + assert result["cn=new_section,cn=config"]["key"] != ["value"] + + +@pytest.mark.topology(KnownTopologyGroup.AnyProvider) +def test_config__genconf_no_such_section(client: Client): + """ + :title: genconf-section with nonexisting section did not fail + :setup: + 1. Start SSSD + :steps: + 1. Call 'sssd --genconf-section=$nonexistingSection' + :expectedresults: + 1. Call did not fail + :customerscenario: False + """ + client.sssd.start() + result = client.sssd.genconf("nonexistingSection") + assert result.rc == 0 + assert not result.stderr From d8c18e114757547e535f9c28dfc39bd07cc8cba1 Mon Sep 17 00:00:00 2001 From: aborah Date: Fri, 14 Jul 2023 13:24:22 +0530 Subject: [PATCH 075/280] Tests: Fix test_maxage Fix test_maxage Reviewed-by: Shridhar Gadekar (cherry picked from commit 34ef9c5f3e90d5c50c7ac5161c39daa2840c92f2) --- .../alltests/test_ldap_password_policy.py | 3 +- .../alltests/test_proxy_rfc2307bis.py | 78 +++---------------- 2 files changed, 12 insertions(+), 69 deletions(-) diff --git a/src/tests/multihost/alltests/test_ldap_password_policy.py b/src/tests/multihost/alltests/test_ldap_password_policy.py index 8d56ed79cfd..d7c6d0a873b 100644 --- a/src/tests/multihost/alltests/test_ldap_password_policy.py +++ b/src/tests/multihost/alltests/test_ldap_password_policy.py @@ -168,8 +168,7 @@ def test_maxage(multihost, backupsssdconf, common_sssd_setup): ldap_modify_ds(multihost, ldap.MOD_REPLACE, user_dn, 'userPassword', [b'Secret123']) client.run_command('> /var/log/secure') tools.clear_sssd_cache() - with pytest.raises(subprocess.CalledProcessError): - client.run_command('sh /tmp/change_user_password_while_expired.sh') + client.run_command('sh /tmp/change_user_password_while_expired.sh', raiseonerr=False) time.sleep(3) file_scure = '/var/log/secure' file_ssd = f'/var/log/sssd/sssd_{ds_instance_name}.log' diff --git a/src/tests/multihost/alltests/test_proxy_rfc2307bis.py b/src/tests/multihost/alltests/test_proxy_rfc2307bis.py index f7119b75c28..06e687ec9d8 100644 --- a/src/tests/multihost/alltests/test_proxy_rfc2307bis.py +++ b/src/tests/multihost/alltests/test_proxy_rfc2307bis.py @@ -10,8 +10,7 @@ import subprocess import time from sssd.testlib.common.utils import sssdTools, LdapOperations -from sssd.testlib.common.exceptions import SSHLoginException -from sssd.testlib.common.expect import pexpect_ssh +from sssd.testlib.common.ssh2_python import check_login_client from constants import ds_suffix, ds_instance_name @@ -133,16 +132,8 @@ def test_lookup_user_group_netgroup(self, multihost, backupsssdconf): "getent group User_CS2_grp1_Alias | grep User_CS2_grp1", "getent group User_CS2_grp1_Alias | grep User_CS2"]: execute_cmd(multihost, i) - client_hostip = multihost.client[0].ip for user in ['User_CS2', 'User_CS2_Alias']: - client = pexpect_ssh(client_hostip, user, 'Secret123', debug=False) - try: - client.login(login_timeout=30, sync_multiplier=5, - auto_prompt_reset=False) - except SSHLoginException: - pytest.fail("%s failed to login" % user) - else: - client.logout() + check_login_client(multihost, user, 'Secret123') for i in ["getent passwd user_cs2", "getent passwd user_cs2_alias", "getent group user_cs2_grp1", @@ -175,15 +166,7 @@ def test_allow_groups_User_CS2_grp1(self, multihost, backupsssdconf): tools.clear_sssd_cache() for i in ["getent group User_CS2_grp1", "id User_CS2"]: execute_cmd(multihost, i) - client_hostip = multihost.client[0].ip - client = pexpect_ssh(client_hostip, "User_CS2", 'Secret123', debug=False) - try: - client.login(login_timeout=30, sync_multiplier=5, - auto_prompt_reset=False) - except SSHLoginException: - pytest.fail("%s failed to login" % "User_CS1") - else: - client.logout() + check_login_client(multihost, "User_CS2", 'Secret123') def test_allow_groups_user_cs2_grp1(self, multihost, backupsssdconf): """ @@ -213,11 +196,8 @@ def test_allow_groups_user_cs2_grp1(self, multihost, backupsssdconf): "id User_CS2", "> /var/log/secure"]: execute_cmd(multihost, i) - client_hostip = multihost.client[0].ip - client = pexpect_ssh(client_hostip, "User_CS2", 'Secret123', debug=False) with pytest.raises(Exception): - client.login(login_timeout=10, sync_multiplier=1, - auto_prompt_reset=False) + check_login_client(multihost, "User_CS2", 'Secret123') time.sleep(3) execute_cmd(multihost, 'cat /var/log/secure | grep "Access denied for user User_CS2"') @@ -246,15 +226,7 @@ def test_allow_groups_User_CS2(self, multihost, backupsssdconf): tools.clear_sssd_cache() for i in ["getent passwd User_CS2", "id User_CS2"]: execute_cmd(multihost, i) - client_hostip = multihost.client[0].ip - client = pexpect_ssh(client_hostip, "User_CS2", 'Secret123', debug=False) - try: - client.login(login_timeout=30, sync_multiplier=5, - auto_prompt_reset=False) - except SSHLoginException: - pytest.fail("%s failed to login" % "User_CS1") - else: - client.logout() + check_login_client(multihost, "User_CS2", 'Secret123') def test_allow_groups_user_cs2(self, multihost, backupsssdconf): """ @@ -284,11 +256,8 @@ def test_allow_groups_user_cs2(self, multihost, backupsssdconf): "id User_CS2", "> /var/log/secure"]: execute_cmd(multihost, i) - client_hostip = multihost.client[0].ip - client = pexpect_ssh(client_hostip, "User_CS2", 'Secret123', debug=False) with pytest.raises(Exception): - client.login(login_timeout=10, sync_multiplier=1, - auto_prompt_reset=False) + check_login_client(multihost, "User_CS2", 'Secret123') time.sleep(3) execute_cmd(multihost, 'cat /var/log/secure | grep "Access denied for user User_CS2"') @@ -329,14 +298,7 @@ def test_case_sensitive(self, multihost, backupsssdconf): execute_cmd(multihost, i) client_hostip = multihost.client[0].ip for user in ['user_cs2', 'user_cs2_alias']: - client = pexpect_ssh(client_hostip, user, 'Secret123', debug=False) - try: - client.login(login_timeout=30, sync_multiplier=5, - auto_prompt_reset=False) - except SSHLoginException: - pytest.fail("%s failed to login" % user) - else: - client.logout() + check_login_client(multihost, user, 'Secret123') def test_simple_deny_users_user_cs2(self, multihost, backupsssdconf): """ @@ -364,24 +326,15 @@ def test_simple_deny_users_user_cs2(self, multihost, backupsssdconf): tools.clear_sssd_cache() for user in ['User_cs2', 'user_cs2_alias']: execute_cmd(multihost, "> /var/log/secure") - client = pexpect_ssh(client_hostip, user, 'Secret123', debug=False) with pytest.raises(Exception): - client.login(login_timeout=10, sync_multiplier=1, - auto_prompt_reset=False) + check_login_client(multihost, user, 'Secret123') time.sleep(3) execute_cmd(multihost, f'cat /var/log/secure | grep "Access denied for user {user}"') execute_cmd(multihost, "> /var/log/secure") execute_cmd(multihost, "sed -i 's/user_cs2/user_cs2_alias/' /etc/sssd/sssd.conf") tools.clear_sssd_cache() for user in ['user_cs2_alias', 'User_cs2']: - client = pexpect_ssh(client_hostip, user, 'Secret123', debug=False) - try: - client.login(login_timeout=30, sync_multiplier=5, - auto_prompt_reset=False) - except SSHLoginException: - pytest.fail("%s failed to login" % user) - else: - client.logout() + check_login_client(multihost, user, 'Secret123') def test_simple_deny_groups_user_cs2_grp1(self, multihost, backupsssdconf): """ @@ -409,21 +362,12 @@ def test_simple_deny_groups_user_cs2_grp1(self, multihost, backupsssdconf): tools.clear_sssd_cache() for user in ['User_cs2', 'user_cs2_alias']: execute_cmd(multihost, "> /var/log/secure") - client = pexpect_ssh(client_hostip, user, 'Secret123', debug=False) with pytest.raises(Exception): - client.login(login_timeout=10, sync_multiplier=1, - auto_prompt_reset=False) + check_login_client(multihost, user, 'Secret123') time.sleep(3) execute_cmd(multihost, f'cat /var/log/secure | grep "Access denied for user {user}"') execute_cmd(multihost, "> /var/log/secure") execute_cmd(multihost, "sed -i 's/user_cs2_grp1/user_cs2_grp1_alias/' /etc/sssd/sssd.conf") tools.clear_sssd_cache() for user in ['user_cs2_alias', 'User_cs2']: - client = pexpect_ssh(client_hostip, user, 'Secret123', debug=False) - try: - client.login(login_timeout=30, sync_multiplier=5, - auto_prompt_reset=False) - except SSHLoginException: - pytest.fail("%s failed to login" % user) - else: - client.logout() + check_login_client(multihost, user, 'Secret123') From 5bd218b441d4adb9a7ce74a7e0a909c3b29b2c6e Mon Sep 17 00:00:00 2001 From: Iker Pedrosa Date: Tue, 27 Jun 2023 15:54:55 +0200 Subject: [PATCH 076/280] test: basic tests for ldap_user_extra_attrs MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Conversion of test_0001_bz1362023(), test_0002_givenmail() and test_0037_ad_parameters_extra_attrs_mail() in a system test using the new framework. Signed-off-by: Iker Pedrosa Reviewed-by: Dan Lavu Reviewed-by: Pavel Březina (cherry picked from commit 40e0592df3939f0e231d77d50ec2d11eb373ed7c) --- .../multihost/ad/test_adparameters_ported.py | 1 + .../alltests/test_ldap_extra_attrs.py | 2 + .../system/tests/test_ldap_extra_attrs.py | 43 +++++++++++++++++++ 3 files changed, 46 insertions(+) create mode 100644 src/tests/system/tests/test_ldap_extra_attrs.py diff --git a/src/tests/multihost/ad/test_adparameters_ported.py b/src/tests/multihost/ad/test_adparameters_ported.py index 0f8ea417fdc..cc7bb5677b3 100644 --- a/src/tests/multihost/ad/test_adparameters_ported.py +++ b/src/tests/multihost/ad/test_adparameters_ported.py @@ -2938,6 +2938,7 @@ def test_0036_ad_parameters_renewal_leaks_descriptors(multihost, adjoin): @staticmethod @pytest.mark.tier1_2 + @pytest.mark.converted('test_ldap_extra_attrs.py', 'test_ldap_extra_attrs__filled') def test_0037_ad_parameters_extra_attrs_mail(multihost, adjoin): """ :title: IDM-SSSD-TC: ad_provider: ad_parameters: SSSD fails to start diff --git a/src/tests/multihost/alltests/test_ldap_extra_attrs.py b/src/tests/multihost/alltests/test_ldap_extra_attrs.py index 1415b28a567..e2d32da2891 100644 --- a/src/tests/multihost/alltests/test_ldap_extra_attrs.py +++ b/src/tests/multihost/alltests/test_ldap_extra_attrs.py @@ -23,6 +23,7 @@ class TestLdapExtraAttrs(object): This is test case class for ldap ldap_extra_attr suite """ @pytest.mark.tier1 + @pytest.mark.converted('test_ldap_extra_attrs.py', 'test_ldap_extra_attrs__filled') def test_0001_bz1362023(self, multihost): """ :title: IDM-SSSD-TC: ldap_extra_attrs: SSSD fails to start @@ -46,6 +47,7 @@ def test_0001_bz1362023(self, multihost): assert start == 0 @pytest.mark.tier1 + @pytest.mark.converted('test_ldap_extra_attrs.py', 'test_ldap_extra_attrs__filled') def test_0002_givenmail(self, multihost): """ :title: IDM-SSSD-TC: ldap_extra_attrs: Verify the entry of option diff --git a/src/tests/system/tests/test_ldap_extra_attrs.py b/src/tests/system/tests/test_ldap_extra_attrs.py new file mode 100644 index 00000000000..47589d32199 --- /dev/null +++ b/src/tests/system/tests/test_ldap_extra_attrs.py @@ -0,0 +1,43 @@ +""" +ldap_user_extra_attrs tests. + +:requirement: ldap_extra_attrs +""" + +from __future__ import annotations + +import pytest +from sssd_test_framework.roles.client import Client +from sssd_test_framework.roles.generic import GenericProvider +from sssd_test_framework.topology import KnownTopologyGroup + + +@pytest.mark.tier(1) +@pytest.mark.ticket(gh=4153, bz=1362023) +@pytest.mark.topology(KnownTopologyGroup.AnyProvider) +@pytest.mark.parametrize("attrs", ["mail, firstname:givenname, lastname:sn", "given_email:mail"]) +def test_ldap_extra_attrs__filled(client: Client, provider: GenericProvider, attrs: str): + """ + :title: SSSD starts correctly when ldap_user_extra_attrs is filled + :setup: + 1. Create new user "tuser" + 2. Add "given_email:mail" to ldap_user_extra_attrs + :steps: + 1. Start SSSD + 2. Run "getent passwd tuser" + :expectedresults: + 1. SSSD starts successfully + 2. "tuser" is present in the passwd db + :customerscenario: False + """ + provider.user("tuser").add() + client.sssd.domain["ldap_user_extra_attrs"] = attrs + + try: + client.sssd.start() + except Exception as e: + pytest.fail(f"Exception shouldn't be raised but we got {type(e)}: str(e)") + + result = client.tools.getent.passwd("tuser") + assert result is not None + assert result.name == "tuser" From 752e0026f2c6636d9a1f37edce277a3f970878ac Mon Sep 17 00:00:00 2001 From: Madhuri Upadhye Date: Thu, 11 May 2023 15:52:08 +0530 Subject: [PATCH 077/280] Test: Check case-insensitive while checking with group lookup for a overrideuser MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Added automation for following bugs: https://bugzilla.redhat.com/show_bug.cgi?id=2192708 https://bugzilla.redhat.com/show_bug.cgi?id=2196838 https://bugzilla.redhat.com/show_bug.cgi?id=2196816 https://bugzilla.redhat.com/show_bug.cgi?id=2196839 verify: #6721 Signed-off-by: Madhuri Upadhye Reviewed-by: Jakub Vávra Reviewed-by: Sumit Bose (cherry picked from commit ea34b805b346774462a18378b015c70b30c64199) --- src/tests/multihost/ipa/test_adtrust.py | 62 +++++++++++++++++++++++++ 1 file changed, 62 insertions(+) diff --git a/src/tests/multihost/ipa/test_adtrust.py b/src/tests/multihost/ipa/test_adtrust.py index 49607e8e9b4..4478d52ccc5 100644 --- a/src/tests/multihost/ipa/test_adtrust.py +++ b/src/tests/multihost/ipa/test_adtrust.py @@ -856,3 +856,65 @@ def test_ldap_user_extra_attrs(multihost, create_aduser_group): assert check_id.returncode == 0, f'{aduser} id is not successful' assert f"{aduser}@{domain}" in check_id.stdout_text, "User name was not resolved." assert f"{adgroup}@{domain}" in check_id.stdout_text, "Group name was not resolved." + + @staticmethod + def test_s2n_get_request(multihost): + """ + :title: User lookup on IPA client fails with 's2n get_fqlist request failed' + :id: fae73dd7-5a18-4aa4-a39f-a20a2f66b1c9 + :customerscenario: true + :bugzilla: + https://bugzilla.redhat.com/show_bug.cgi?id=2192708 + https://bugzilla.redhat.com/show_bug.cgi?id=2196838 + https://bugzilla.redhat.com/show_bug.cgi?id=2196816 + https://bugzilla.redhat.com/show_bug.cgi?id=2196839 + :description: When checking if the input group-name of an autogenerated + user-private-group is the original name from AD or an overwritten one the + comparison is currently done case sensitive. + Since AD handles names case-insensitive and hence SSSD should do this as + well to make sure that e.g. mixed-case names like Administrator can be + match reliable. + :setup: + 1. Add an Administrator user override to the 'default trust view' with sshpubkey. + :steps: + 1. Check group lookup for Administrator user using mixed chars upper/lower cases. + :expectedresults: + 1. Successfully group lookup the administrator user using mixed chars cases. + """ + domain = multihost.ad[0].domainname + + ipa_client = sssdTools(multihost.client[0]) + ipa_master = sssdTools(multihost.master[0]) + + ssh_key = f"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCiOfcg3WRL6z+6XWSAw4mT7q7aE7rj1KmhaM6U5" \ + f"fmbN5QnEfCAMp8qbSbBLsjY0F501ZNpcAgeefDv3oNYL62sfac8OzWf5eXZlKJQYYILi8dv8i8HoJ" \ + f"BT9+n81Y5w1UVbmRNX9n2lqqxdfhiL2iIsbzJ1KGmIw6JlmbeRtcgGRQzt0M+Ggftl6Kr97obEWo1" \ + f"l9E5QWvkliecPXWJVTBUpM+Gr2CWhqLtNf5VALjYilX3jfC2355hIR8R8UsnkbWbjNksj7nruUQP9" \ + f"goHcbJ6vbyzka3v/2aRC5eIa7b8NE8vwRbrtp5CV9QNbx/GiTY6T50CJE0lyEwmlLHKUmovt " \ + f"Administrator@{domain}" + + # Add override user with ssh pub key + add_user_override = f"ipa idoverrideuser-add 'Default Trust View' Administrator@{domain} " \ + f"--sshpubkey='{ssh_key}'" + multihost.master[0].run_command(add_user_override, raiseonerr=False) + + ipa_master.clear_sssd_cache() + ipa_client.clear_sssd_cache() + time.sleep(5) + + # check lookup of group + group_lookup1 = f'getent group administrator@{domain}' + check_gr_lookup1 = multihost.client[0].run_command(group_lookup1, raiseonerr=False) + + group_lookup2 = f'getent group adMiniStraTor@{domain}' + check_gr_lookup2 = multihost.client[0].run_command(group_lookup2, raiseonerr=False) + + # Delete an Administrator User ID override + cmd_to_delete = f"ipa idoverrideuser-del 'default trust view' administrator@{domain}" + multihost.master[0].run_command(cmd_to_delete, raiseonerr=False) + + # Test result Evaluations + assert check_gr_lookup1.returncode == 0 and check_gr_lookup2.returncode == 0, \ + f"group lookup was not resolved." + assert f"administrator@{domain}" in check_gr_lookup1.stdout_text, "Group name was not resolved." + assert f"administrator@{domain}" in check_gr_lookup2.stdout_text, "Group name was not resolved." From 84e0aac45f184d74cad7022883f0480ba377498c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pavel=20B=C5=99ezina?= Date: Mon, 17 Jul 2023 16:17:29 +0200 Subject: [PATCH 078/280] ci: move to new centos8 buildroot repository url CentOS8 buildroot repo location has changed. https://lists.centos.org/pipermail/centos-devel/2023-March/142831.html Reviewed-by: Alexey Tikhonov Reviewed-by: Iker Pedrosa (cherry picked from commit b9bb35c1affb8b0178a844955623211e99bbd457) --- .github/workflows/copr_build.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/copr_build.yml b/.github/workflows/copr_build.yml index 04473e8fa6f..023d6aee360 100644 --- a/.github/workflows/copr_build.yml +++ b/.github/workflows/copr_build.yml @@ -96,7 +96,7 @@ jobs: run: | # CentOS Stream 8 copr-cli --config "$coprcfg" edit-chroot \ - --repos 'https://koji.mbox.centos.org/kojifiles/repos/dist-c8-stream-build/latest/$basearch/' \ + --repos 'https://kojihub.stream.centos.org/kojifiles/repos/c8s-build/latest/$basearch' \ --modules idm:DL1 \ $COPR_ACCOUNT/$COPR_PROJECT/centos-stream-8-x86_64 From 2f4a3fa891cd9fc013d9e4214aed6fd1e7d14273 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pavel=20B=C5=99ezina?= Date: Mon, 17 Jul 2023 16:18:56 +0200 Subject: [PATCH 079/280] ci: run workflows on sssd-2-9 Reviewed-by: Alexey Tikhonov Reviewed-by: Iker Pedrosa (cherry picked from commit 5c72905ec97a30abe3e5568c56d010279cc25548) --- .github/workflows/analyze-target.yml | 2 +- .github/workflows/ci.yml | 4 ++-- .github/workflows/copr_build.yml | 2 +- .github/workflows/copr_cleanup.yml | 2 +- .github/workflows/static-code-analysis.yml | 4 ++-- 5 files changed, 7 insertions(+), 7 deletions(-) diff --git a/.github/workflows/analyze-target.yml b/.github/workflows/analyze-target.yml index c9ee7e0e058..f2d913df8ef 100644 --- a/.github/workflows/analyze-target.yml +++ b/.github/workflows/analyze-target.yml @@ -1,7 +1,7 @@ name: "Analyze (target)" on: pull_request_target: - branches: [master, sssd-2-7, sssd-2-8] + branches: [master, sssd-2-7, sssd-2-8, sssd-2-9] concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number }} cancel-in-progress: true diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index e558e0f6cfe..14ca517e923 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -1,9 +1,9 @@ name: "ci" on: push: - branches: [master, sssd-2-7, sssd-2-8] + branches: [master, sssd-2-7, sssd-2-8, sssd-2-9] pull_request: - branches: [master, sssd-2-7, sssd-2-8] + branches: [master, sssd-2-7, sssd-2-8, sssd-2-9] concurrency: group: ${{ github.workflow }}-${{ github.ref }} cancel-in-progress: true diff --git a/.github/workflows/copr_build.yml b/.github/workflows/copr_build.yml index 023d6aee360..b4bee2a3ce0 100644 --- a/.github/workflows/copr_build.yml +++ b/.github/workflows/copr_build.yml @@ -21,7 +21,7 @@ name: copr on: pull_request_target: - branches: [master, sssd-2-7, sssd-2-8] + branches: [master, sssd-2-7, sssd-2-8, sssd-2-9] types: [opened, synchronize, reopened] concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number }} diff --git a/.github/workflows/copr_cleanup.yml b/.github/workflows/copr_cleanup.yml index 6e52b8aaadb..e4ffb0c3263 100644 --- a/.github/workflows/copr_cleanup.yml +++ b/.github/workflows/copr_cleanup.yml @@ -1,7 +1,7 @@ name: copr cleanup on: pull_request_target: - branches: [master, sssd-2-7, sssd-2-8] + branches: [master, sssd-2-7, sssd-2-8, sssd-2-9] types: [closed] concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number }} diff --git a/.github/workflows/static-code-analysis.yml b/.github/workflows/static-code-analysis.yml index c9b8f7911fc..4937a663557 100644 --- a/.github/workflows/static-code-analysis.yml +++ b/.github/workflows/static-code-analysis.yml @@ -1,9 +1,9 @@ name: "Static code analysis" on: push: - branches: [master, sssd-2-7, sssd-2-8] + branches: [master, sssd-2-7, sssd-2-8, sssd-2-9] pull_request: - branches: [master, sssd-2-7, sssd-2-8] + branches: [master, sssd-2-7, sssd-2-8, sssd-2-9] schedule: # Everyday at midnight - cron: '0 0 * * *' From 65abf0579000b18f319f57e9412b0ee4cc2b24cb Mon Sep 17 00:00:00 2001 From: aborah Date: Thu, 20 Jul 2023 19:07:47 +0530 Subject: [PATCH 080/280] Tests: Fix KCM::test_client_timeout Fix KCM::test_client_timeout Reviewed-by: Shridhar Gadekar (cherry picked from commit 755c2157e372d6dbbdc94ba94777eaa426f2d2c4) --- src/tests/multihost/alltests/test_kcm.py | 1 - 1 file changed, 1 deletion(-) diff --git a/src/tests/multihost/alltests/test_kcm.py b/src/tests/multihost/alltests/test_kcm.py index 1abf07d94ec..cbc5f666708 100644 --- a/src/tests/multihost/alltests/test_kcm.py +++ b/src/tests/multihost/alltests/test_kcm.py @@ -43,7 +43,6 @@ def test_client_timeout(self, multihost, backupsssdconf): start_time = time.time() multihost.client[0].run_command("kinit foo1 <&- & ") end_time = time.time() - client.logout() assert end_time - start_time >= 300 grep_cmd = multihost.client[0].run_command("grep" " 'Terminated" From 0b9bc877b5f0c97dbac5995c7114d11c62d42c4b Mon Sep 17 00:00:00 2001 From: aborah Date: Tue, 18 Jul 2023 14:08:29 +0530 Subject: [PATCH 081/280] Tests: Update sssh module for tier 1_3, 1_4 and 2 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Update sssh module for tier 1_3, 1_4 and 2 Reviewed-by: Jakub Vávra Reviewed-by: Shridhar Gadekar (cherry picked from commit 4b83a68e31aaac8a84462aec00250ea61aed14b1) --- .../multihost/alltests/test_cache_testing.py | 13 +- .../alltests/test_default_debug_level.py | 8 +- src/tests/multihost/alltests/test_failover.py | 9 +- .../alltests/test_krb_access_provider.py | 79 +++++------ .../alltests/test_krb_fast_principal.py | 133 ++++++++++++------ .../multihost/alltests/test_misc_proxy.py | 19 +-- .../multihost/alltests/test_multidomain.py | 13 +- .../alltests/test_password_policy.py | 5 +- .../alltests/test_proxy_provider_krb_auth.py | 35 +++-- src/tests/multihost/alltests/test_rfc2307.py | 19 +-- .../alltests/test_sssctl_analyzer.py | 55 ++------ .../sssd/testlib/common/ssh2_python.py | 16 +++ 12 files changed, 202 insertions(+), 202 deletions(-) diff --git a/src/tests/multihost/alltests/test_cache_testing.py b/src/tests/multihost/alltests/test_cache_testing.py index 650dcbc16a4..771a5e18e20 100644 --- a/src/tests/multihost/alltests/test_cache_testing.py +++ b/src/tests/multihost/alltests/test_cache_testing.py @@ -11,6 +11,7 @@ import time from constants import ds_instance_name from sssd.testlib.common.utils import sssdTools +from sssd.testlib.common.ssh2_python import check_login_client_bool @pytest.fixture(scope='class') @@ -163,8 +164,7 @@ def test_0005_Expire_User_Entries_ans_Run_User_Auth(multihost): """ invalidate_cache = "sss_cache -E" cmd = multihost.client[0].run_command(invalidate_cache, raiseonerr=False) - client = sssdTools(multihost.client[0]) - ssh = client.auth_from_client('foo1', 'Secret123') + ssh = check_login_client_bool(multihost, 'foo1', 'Secret123') ldb_cmd = f"ldbsearch -H /var/lib/sss/db/cache_{ds_instance_name}.ldb \ -b 'name=foo1@{ds_instance_name},cn=users,cn={ds_instance_name},cn=sysdb' > /tmp/file_ldb" ldb_cmd2 = f"ldbsearch -H /var/lib/sss/db/timestamps_{ds_instance_name}.ldb \ @@ -173,8 +173,8 @@ def test_0005_Expire_User_Entries_ans_Run_User_Auth(multihost): cmd2 = multihost.client[0].run_command(ldb_cmd2, raiseonerr=False) cmd1_output = multihost.client[0].get_file_contents('/tmp/file_ldb').decode('utf-8') cmd2_output = multihost.client[0].get_file_contents('/tmp/file_ldb2').decode('utf-8') + assert ssh, 'foo1 user is unable to login' assert cmd.returncode == 0, f'{invalidate_cache} did not execute successfully' - assert ssh == 3, "User foo1 failed to log In" assert cmd1.returncode == 0, f'{ldb_cmd} did not execute successfully' assert "dataExpireTimestamp: 1\n" in cmd1_output, "dataExpireTimestamp not found in /tmp/file_ldb" assert cmd2.returncode == 0, f'{ldb_cmd2} did not execute successfully' @@ -445,11 +445,10 @@ def test_0013_Modify_User_Attribute(multihost): user = 'uid=foo1,ou=People,dc=example,dc=test' content = f'''dn: {user}\nchangetype: modify\nreplace: loginShell\nloginShell: /bin/sh\n''' - multihost.client[0].put_file_contents("changes.ldif", content) - ldap_cmd = f'ldapmodify -x -H ldap://{multihost.master[0].sys_hostname} \ - -D "cn=Directory Manager" -w "Secret123" -f changes.ldif' + multihost.client[0].put_file_contents("/tmp/changes.ldif", content) + ldap_cmd = f'ldapmodify -x -H ldap://{multihost.master[0].sys_hostname}' \ + f' -D "cn=Directory Manager" -w "Secret123" -f /tmp/changes.ldif' cmd2 = multihost.client[0].run_command(ldap_cmd, raiseonerr=False) - client.get_getent_passwd('foo1') ldb_cmd = f"ldbsearch -H /var/lib/sss/db/cache_{ds_instance_name}.ldb \ diff --git a/src/tests/multihost/alltests/test_default_debug_level.py b/src/tests/multihost/alltests/test_default_debug_level.py index 5fdbf441d5d..a03f237f0f9 100644 --- a/src/tests/multihost/alltests/test_default_debug_level.py +++ b/src/tests/multihost/alltests/test_default_debug_level.py @@ -12,7 +12,7 @@ import time import pytest from sssd.testlib.common.utils import sssdTools, LdapOperations -from sssd.testlib.common.expect import pexpect_ssh +from sssd.testlib.common.ssh2_python import check_login_client_bool from constants import ds_instance_name, ds_suffix, ds_rootpw, ds_rootdn @@ -102,13 +102,11 @@ def test_0002_check_default_level_with_auth(self, multihost, print("before auth:", blog_size.stdout_text) user = f'foo1@{ds_instance_name}' # Authenticate user - client = pexpect_ssh(multihost.client[0].sys_hostname, user, - 'Secret123', debug=False) - client.login(login_timeout=30, sync_multiplier=5, - auto_prompt_reset=False) + ssh = check_login_client_bool(multihost, user, 'Secret123') alog_size = multihost.client[0].run_command(check_log_size, raiseonerr=False) print("after auth:", alog_size.stdout_text) + assert ssh, f'{user} is not able to login' assert alog_size.stdout_text == blog_size.stdout_text @pytest.mark.tier2 diff --git a/src/tests/multihost/alltests/test_failover.py b/src/tests/multihost/alltests/test_failover.py index 3a931712bb2..2d5d7774539 100644 --- a/src/tests/multihost/alltests/test_failover.py +++ b/src/tests/multihost/alltests/test_failover.py @@ -9,6 +9,7 @@ import pytest from sssd.testlib.common.utils import sssdTools from constants import ds_instance_name +from sssd.testlib.common.ssh2_python import check_login_client_bool @pytest.mark.usefixtures('multipleds_failover', @@ -75,10 +76,10 @@ def test_0002_login(multihost): tools.remove_sss_cache('/var/lib/sss/db') multihost.client[0].service_sssd('start') # login as user - ssh = tools.auth_from_client(user, 'Secret123') == 3 - assert ssh, "Authentication failed!" + ssh = check_login_client_bool(multihost, user, 'Secret123') start_ds1 = 'systemctl start dirsrv@example' cmd = multihost.master[0].run_command(start_ds1, raiseonerr=False) + assert ssh, f'{user} is not able to login.' assert cmd.returncode == 0 @staticmethod @@ -98,8 +99,8 @@ def test_0003_stopsecondds(multihost): multihost.client[0].service_sssd('start') user = 'foo3@%s' % ds_instance_name # login as user - ssh = tools.auth_from_client(user, 'Secret123') == 3 - assert ssh, "Authentication failed!" + ssh = check_login_client_bool(multihost, user, 'Secret123') start_ds1 = 'systemctl start dirsrv@example' cmd = multihost.master[0].run_command(start_ds1, raiseonerr=False) + assert ssh, f'{user} is not able to login.' assert cmd.returncode == 0 diff --git a/src/tests/multihost/alltests/test_krb_access_provider.py b/src/tests/multihost/alltests/test_krb_access_provider.py index 022cad4bb34..575782bfbac 100644 --- a/src/tests/multihost/alltests/test_krb_access_provider.py +++ b/src/tests/multihost/alltests/test_krb_access_provider.py @@ -7,9 +7,11 @@ :status: approved """ import pytest +import time from constants import ds_instance_name -from sssd.testlib.common.expect import pexpect_ssh from sssd.testlib.common.utils import sssdTools +from sssd.testlib.common.ssh2_python import check_login_client, \ + check_login_client_bool, run_command_client, SSHClient @pytest.fixture(scope='class') @@ -78,20 +80,16 @@ def test_0001_k5login_empty(multihost): multihost.client[0].run_command("truncate -s 0 /var/log/secure", raiseonerr=False) client = sssdTools(multihost.client[0]) client.clear_sssd_cache() - - users = ['foo3', 'foo4'] - ssh = client.auth_from_client(users[0], 'Secret123') - ssh2 = client.auth_from_client(users[1], 'Secret123') + with pytest.raises(Exception): + check_login_client(multihost, "foo3", "Secret123") + ssh = check_login_client_bool(multihost, "foo4", "Secret123") + time.sleep(3) secure_log_str = multihost.client[0].get_file_contents("/var/log/secure").decode('utf-8') - file = f'/var/log/sssd/sssd_{ds_instance_name}.log' sssd_log_str = multihost.client[0].get_file_contents(file).decode('utf-8') multihost.client[0].run_command("truncate -s 0 /home/foo3/.k5login", raiseonerr=False) - - assert ssh == 10, "foo3 successfully logged In" - assert ssh2 == 3, "foo4 failed to log In" - + assert ssh, 'foo4 is not able to login.' assert "pam_sss(sshd:auth): authentication success" in secure_log_str, \ "authentication success not found in /var/log/secure" assert "pam_sss(sshd:account): Access denied for user foo3" in secure_log_str, \ @@ -137,17 +135,16 @@ def test_0002_k5login_user3(multihost): for command in cmds: cmd = multihost.client[0].run_command(command, raiseonerr=False) - user = 'foo3' - ssh = client.auth_from_client(user, 'Secret123') - + ssh = check_login_client_bool(multihost, "foo3", "Secret123") + time.sleep(3) secure_log_str = multihost.client[0].get_file_contents("/var/log/secure").decode('utf-8') file = f'/var/log/sssd/sssd_{ds_instance_name}.log' sssd_log_str = multihost.client[0].get_file_contents(file).decode('utf-8') multihost.client[0].run_command("truncate -s 0 /home/foo3/.k5login", raiseonerr=False) + assert ssh, 'foo3 is not able to login.' assert cmd.returncode == 0, f"{command} did not execute successfully" - assert ssh == 3, "foo3 failed to log in" assert "pam_sss(sshd:auth): authentication success" in secure_log_str, \ "authentication success not found in /var/log/secure" assert "Accepted password for foo3" in secure_log_str, \ @@ -185,22 +182,21 @@ def test_0003_k5login_user3_with_user4(multihost): for command in echo_cmds: cmd = multihost.client[0].run_command(command, raiseonerr=False) - user = 'foo3' - ssh_output = client.auth_from_client(user, 'Secret123') - + ssh = check_login_client_bool(multihost, "foo3", "Secret123") client_hostname = multihost.client[0].sys_hostname - ssh = pexpect_ssh(client_hostname, 'foo4', 'Secret123', debug=False) - ssh.login(login_timeout=10, sync_multiplier=1, auto_prompt_reset=False) - ssh.command(f"ssh -o StrictHostKeyChecking=no -o PasswordAuthentication=no foo3@{client_hostname}\ - 'id > /tmp/accessProvider_id_krb5_003.out 2>&1' ") - ssh.logout() - + try: + run_command_client(multihost, "foo4", "Secret123", + f"ssh -o StrictHostKeyChecking=no -o " + f"PasswordAuthentication=no foo3@{client_hostname} " + f"id > /tmp/accessProvider_id_krb5_003.out 2>&1") + except Exception: + pytest.fail("Error in connection via ssh as foo4") + finally: + multihost.client[0].run_command("truncate -s 0 /home/foo3/.k5login", raiseonerr=False) logfile = multihost.client[0].get_file_contents("/tmp/accessProvider_id_krb5_003.out").decode('utf-8') - - multihost.client[0].run_command("truncate -s 0 /home/foo3/.k5login", raiseonerr=False) multihost.client[0].run_command("rm -rf /tmp/accessProvider_id_krb5_003.out", raiseonerr=False) + assert ssh, 'foo3 is not able to login.' assert cmd.returncode == 0, f"{command} did not execute successfully" - assert ssh_output == 3, "foo3 failed to log in" assert "foo3" in logfile, "foo3 not found in /tmp/accessProvider_id_krb5_003.out" @staticmethod @@ -236,28 +232,29 @@ def test_0004_k5login_user4_with_deleted_user3(multihost): for command in echo_cmds: cmd1 = multihost.client[0].run_command(command, raiseonerr=False) - user = 'foo3' - ssh_output = client.auth_from_client(user, 'Secret123') + ssh1 = check_login_client_bool(multihost, "foo3", "Secret123") ldap_cmd = f'ldapdelete -x -H ldap://{multihost.master[0].sys_hostname} \ -D "cn=Directory Manager" -w "Secret123" uid=foo3,ou=People,dc=example,dc=test' - cmd2 = multihost.client[0].run_command(ldap_cmd, raiseonerr=False) - + time.sleep(10) client_hostname = multihost.client[0].sys_hostname - ssh = pexpect_ssh(client_hostname, 'foo4', 'Secret123', debug=False) - ssh.login(login_timeout=10, sync_multiplier=1, auto_prompt_reset=False) - ssh.command("id > /tmp/accessProvider_id_krb5_004.out 2>&1 ") - ssh.command(f"ssh -o StrictHostKeyChecking=no -o PasswordAuthentication=no foo3@{client_hostname}\ - 'id > /tmp/accessProvider_id_krb5_004.out 2>&1' ") - ssh.logout() - + try: + ssh = SSHClient(client_hostname, "foo4", "Secret123") + ssh.connect() + ssh.execute_command("id > /tmp/accessProvider_id_krb5_004.out 2>&1") + ssh.execute_command(f"ssh -o StrictHostKeyChecking=no -o " + f"PasswordAuthentication=no foo3@{client_hostname} id >> " + f"/tmp/accessProvider_id_krb5_004.out 2>&1") + ssh.close() + except Exception: + pytest.fail("Error in connection via ssh as foo4") + finally: + multihost.client[0].run_command("truncate -s 0 /home/foo3/.k5login", raiseonerr=False) logfile = multihost.client[0].get_file_contents("/tmp/accessProvider_id_krb5_004.out").decode('utf-8') - - multihost.client[0].run_command("truncate -s 0 /home/foo3/.k5login", raiseonerr=False) multihost.client[0].run_command("rm -rf /tmp/accessProvider_id_krb5_004.out", raiseonerr=False) + assert ssh1, 'foo1 is not able to login.' assert cmd1.returncode == 0, f'{command} did not execute successfully' assert cmd2.returncode == 0, f'{ldap_cmd} did not execute successfully' - assert ssh_output == 3, "foo3 failed to log in" - assert "foo3" not in logfile, "foo3 not found in /tmp/accessProvider_id_krb5_004.out" + assert "foo3" not in logfile, "foo3 found in /tmp/accessProvider_id_krb5_004.out" assert "foo4" in logfile, "foo4 not found in /tmp/accessProvider_id_krb5_004.out" diff --git a/src/tests/multihost/alltests/test_krb_fast_principal.py b/src/tests/multihost/alltests/test_krb_fast_principal.py index df8c6398447..4749d0cdc9d 100644 --- a/src/tests/multihost/alltests/test_krb_fast_principal.py +++ b/src/tests/multihost/alltests/test_krb_fast_principal.py @@ -8,10 +8,53 @@ """ import pytest +import time from constants import ds_instance_name +from sssd.testlib.common.ssh2_python import check_login_client_bool, check_login_client from sssd.testlib.common.utils import sssdTools +@pytest.fixture(scope='class') +def create_keytab(multihost, request): + """ + Configure keytab for this test + """ + client_hostname = multihost.client[0].sys_hostname + master_hostname = multihost.master[0].sys_hostname + multihost.master[0].run_command("cp -vfr /opt /tmp/") + multihost.client[0].run_command("cp -vfr /opt /tmp/") + multihost.client[0].run_command("cp -vf /etc/krb5.keytab /etc/krb5.keytab_anuj") + multihost.master[0].run_command("rm -vf /opt/*") + multihost.client[0].run_command("rm -vf /opt/*") + for command in [f'kadmin.local -q "addprinc -randkey ldap/{master_hostname}@EXAMPLE.TEST"', + f'kadmin.local -q "ktadd -k /etc/krb5.keytab ldap/{master_hostname}@EXAMPLE.TEST"', + f'kadmin.local -q "addprinc -randkey host/{client_hostname}@EXAMPLE.TEST"', + f'kadmin.local -q "ktadd -k /opt/sssd_client_invalid.keytab host/{client_hostname}@EXAMPLE.TEST"', + f'kadmin.local -q "ktadd -k /opt/sssd_client_valid.keytab host/{client_hostname}@EXAMPLE.TEST"', + 'kadmin.local -q "addprinc -randkey host/invalidhost.redhat.com@EXAMPLE.TEST"', + 'kadmin.local -q "ktadd -k /opt/invalid.keytab host/invalidhost.redhat.com@EXAMPLE.TEST"', + 'kadmin.local -q "delprinc -force host/invalidhost.redhat.com@EXAMPLE.TEST"', + 'chmod 777 /etc/krb5.keytab', + 'restorecon -v /etc/krb5.keytab']: + multihost.master[0].run_command(command, raiseonerr=False) + file_content = multihost.master[0].get_file_contents("/opt/sssd_client_valid.keytab") + multihost.client[0].put_file_contents("/etc/krb5.keytab", file_content) + multihost.client[0].run_command("restorecon -v /etc/krb5.keytab") + + def restore(): + """ Restore configuration """ + multihost.master[0].run_command("rm -vf /opt/*") + multihost.master[0].run_command("cp -vfr /tmp/opt/* /opt") + multihost.master[0].run_command("rm -vfr /tmp/opt") + multihost.client[0].run_command("rm -vf /opt/*", raiseonerr=False) + multihost.client[0].run_command("cp -vfr /tmp/opt/* /opt", raiseonerr=False) + multihost.client[0].run_command("rm -vfr /tmp/opt", raiseonerr=False) + multihost.client[0].run_command("cp -vf /etc/krb5.keytab_anuj /etc/krb5.keytab") + multihost.client[0].run_command("restorecon -v /etc/krb5.keytab") + + request.addfinalizer(restore) + + def krb5_fast_setup(client, krb5_use_fast, krb5_fast_principal, **krb5_validate): """ To Customize domain parameters for Test Cases :client: This will contain client host configuration @@ -38,9 +81,9 @@ def krb5_fast_setup(client, krb5_use_fast, krb5_fast_principal, **krb5_validate) @pytest.fixture(scope='class') -def custom_setup(session_multihost, setup_sssd_krb, create_posix_usersgroups, krb_connection_timeout): +def custom_setup(multihost, setup_sssd_krb, create_posix_usersgroups, krb_connection_timeout): """ Added neccessary sssd domain parameters """ - tools = sssdTools(session_multihost.client[0]) + tools = sssdTools(multihost.client[0]) sssd_params = {'services': "nss, pam", 'config_file_version': 2} tools.sssd_conf('sssd', sssd_params) @@ -54,7 +97,7 @@ def custom_setup(session_multihost, setup_sssd_krb, create_posix_usersgroups, kr @pytest.mark.tier2 @pytest.mark.krbfastprincipal -@pytest.mark.usefixtures('custom_setup') +@pytest.mark.usefixtures('custom_setup', 'create_keytab') class TestKrbFastPrincipal(): """ This is test case class for krb_fast_principal suite @@ -73,24 +116,24 @@ def test_0001_valid_principal(multihost, backupsssdconf): 1. Set the values of krb5_use_fast and krb5_fast_principal in sssd.conf \ and restart sssd. :steps: - 1. Authenticate the user foo3 from the client + 1. Authenticate the user foo1 from the client 2. Check the krb5_child log for expected messages. :expectedresults: - 1. User foo3 should be able to successfully login + 1. User foo1 should be able to successfully login 2. Krb5_child Log contains the expected lines: Trying to find principal host/$Client@EXAMPLE.TEST in keytab Principal matched to the sample (host/$Client@EXAMPLE.TEST) """ krb5_fast_setup(multihost.client[0], 'demand', f'host/{multihost.client[0].sys_hostname}') - client = sssdTools(multihost.client[0]) - ssh = client.auth_from_client('foo3', 'Secret123') + ssh = check_login_client_bool(multihost, "foo1", "Secret123") + time.sleep(3) file = '/var/log/sssd/krb5_child.log' krb5_child_log = multihost.client[0].get_file_contents(file).decode('utf-8') - assert ssh == 3, "foo3 failed to log In" + assert ssh, 'foo1 is not able to login.' assert f"Trying to find principal host/{multihost.client[0].sys_hostname}@EXAMPLE.TEST in keytab" \ - in krb5_child_log, f"principal host/{multihost.client[0].sys_hostname}@EXAMPLE.TEST not found in keytab" + in krb5_child_log, f"principal host/{multihost.client[0].sys_hostname}@EXAMPLE.TEST not found in keytab" assert f"Principal matched to the sample (host/{multihost.client[0].sys_hostname}@EXAMPLE.TEST)" \ - in krb5_child_log, "Principals did not match" + in krb5_child_log, "Principals did not match" @staticmethod def test_0002_invalid_principal(multihost, backupsssdconf): @@ -101,20 +144,20 @@ def test_0002_invalid_principal(multihost, backupsssdconf): 1. Set the values of krb5_use_fast and krb5_fast_principal in sssd.conf \ and restart sssd. :steps: - 1. Authenticate the user foo3 from the client + 1. Authenticate the user foo1 from the client 2. Check the krb5_child log for expected messages. :expectedresults: - 1. User foo3 should not be able to successfully login + 1. User foo1 should not be able to successfully login 2. Krb5_child Log contains the expected lines: Trying to find principal invalid@EXAMPLE.TEST in keytab No principal matching invalid@EXAMPLE.TEST found in keytab """ krb5_fast_setup(multihost.client[0], 'try', 'invalid') - client = sssdTools(multihost.client[0]) - ssh = client.auth_from_client('foo3', 'Secret123') + with pytest.raises(Exception): + check_login_client(multihost, "foo1", "Secret123") file = '/var/log/sssd/krb5_child.log' + time.sleep(3) krb5_child_log = multihost.client[0].get_file_contents(file).decode('utf-8') - assert ssh == 10, "foo3 successfully logged In" assert "Trying to find principal invalid@EXAMPLE.TEST in keytab" in krb5_child_log, \ "principal invalid@EXAMPLE.TEST not found in keytab" assert "No principal matching invalid@EXAMPLE.TEST found in keytab" in krb5_child_log, \ @@ -129,19 +172,19 @@ def test_0003_principal_at_test_test(multihost, backupsssdconf): 1. Set the values of krb5_use_fast and krb5_fast_principal in sssd.conf \ and restart sssd. :steps: - 1. Authenticate the user foo3 from the client + 1. Authenticate the user foo1 from the client 2. Check the krb5_child log for expected messages. :expectedresults: - 1. User foo3 should not be able to successfully login + 1. User foo1 should not be able to successfully login 2. Krb5_child Log contains the expected lines: Trying to find principal principal@TEST.TEST in keytab """ krb5_fast_setup(multihost.client[0], 'demand', 'principal@TEST.TEST') - client = sssdTools(multihost.client[0]) - ssh = client.auth_from_client('foo3', 'Secret123') + with pytest.raises(Exception): + check_login_client(multihost, "foo1", "Secret123") + time.sleep(3) file = '/var/log/sssd/krb5_child.log' krb5_child_log = multihost.client[0].get_file_contents(file).decode('utf-8') - assert ssh == 10, "foo3 successfully logged In" assert "Trying to find principal principal@TEST.TEST in keytab" in krb5_child_log, \ "principal principal@TEST.TEST not found in keytab" @@ -154,19 +197,19 @@ def test_0004_null_principal(multihost, backupsssdconf): 1. Set the values of krb5_use_fast and krb5_fast_principal in sssd.conf \ and restart sssd. :steps: - 1. Authenticate the user foo3 from the client + 1. Authenticate the user foo1 from the client 2. Check the krb5_child log for expected messages. :expectedresults: - 1. User foo3 should be able to successfully login + 1. User foo1 should be able to successfully login 2. Krb5_child Log contains the expected lines: Trying to find principal (null)@EXAMPLE.TEST in keytab """ krb5_fast_setup(multihost.client[0], 'demand', '') - client = sssdTools(multihost.client[0]) - ssh = client.auth_from_client('foo3', 'Secret123') + ssh = check_login_client_bool(multihost, "foo1", "Secret123") + time.sleep(3) file = '/var/log/sssd/krb5_child.log' krb5_child_log = multihost.client[0].get_file_contents(file).decode('utf-8') - assert ssh == 3, "foo3 failed to log In" + assert ssh, 'foo1 is not able to login.' assert "Trying to find principal (null)@EXAMPLE.TEST in keytab" in krb5_child_log, \ "principal (null)@EXAMPLE.TEST not found in keytab" @@ -180,10 +223,10 @@ def test_0005_valid_principal_and_krb5_validate_true(multihost, backupsssdconf): 1. Set the values of krb5_use_fast and krb5_fast_principal and set krb5_validate to true \ in sssd.conf and restart sssd. :steps: - 1. Authenticate the user foo3 from the client + 1. Authenticate the user foo1 from the client 2. Check the krb5_child log for expected messages. :expectedresults: - 1. User foo3 should be able to successfully login + 1. User foo1 should be able to successfully login 2. Krb5_child Log contains the expected lines: Trying to find principal host/$Client@EXAMPLE.TEST in keytab Principal matched to the sample (host/$Client@EXAMPLE.TEST) @@ -191,11 +234,11 @@ def test_0005_valid_principal_and_krb5_validate_true(multihost, backupsssdconf): """ krb5_fast_setup(multihost.client[0], 'demand', f'host/{multihost.client[0].sys_hostname}', krb5_validate='true') - client = sssdTools(multihost.client[0]) - ssh = client.auth_from_client('foo3', 'Secret123') + ssh = check_login_client_bool(multihost, "foo1", "Secret123") + time.sleep(3) file = '/var/log/sssd/krb5_child.log' krb5_child_log = multihost.client[0].get_file_contents(file).decode('utf-8') - assert ssh == 3, "foo3 failed to log In" + assert ssh, 'foo1 is not able to login.' assert f"Trying to find principal host/{multihost.client[0].sys_hostname}@EXAMPLE.TEST in keytab"\ in krb5_child_log, f"principal host/{multihost.client[0].sys_hostname}@EXAMPLE.TEST not found in keytab" assert f"Principal matched to the sample (host/{multihost.client[0].sys_hostname}@EXAMPLE.TEST)" \ @@ -213,20 +256,20 @@ def test_0006_invalid_principal_and_krb5_validate_true(multihost, backupsssdconf 1. Set the values of krb5_use_fast and krb5_fast_principal and set krb5_validate to true \ in sssd.conf and restart sssd. :steps: - 1. Authenticate the user foo3 from the client + 1. Authenticate the user foo1 from the client 2. Check the krb5_child log for expected messages. :expectedresults: - 1. User foo3 should not be able to successfully login + 1. User foo1 should not be able to successfully login 2. Krb5_child Log contains the expected lines: Trying to find principal invalid@EXAMPLE.TEST in keytab No principal matching invalid@EXAMPLE.TEST found in keytab """ krb5_fast_setup(multihost.client[0], 'try', 'invalid', krb5_validate='true') - client = sssdTools(multihost.client[0]) - ssh = client.auth_from_client('foo3', 'Secret123') + with pytest.raises(Exception): + check_login_client(multihost, "foo1", "Secret123") file = '/var/log/sssd/krb5_child.log' + time.sleep(3) krb5_child_log = multihost.client[0].get_file_contents(file).decode('utf-8') - assert ssh == 10, "foo3 successfully logged In" assert "Trying to find principal invalid@EXAMPLE.TEST in keytab" in krb5_child_log, \ "principal invalid@EXAMPLE.TEST not found in keytab" assert "No principal matching invalid@EXAMPLE.TEST found in keytab" in krb5_child_log, \ @@ -242,19 +285,19 @@ def test_0007_principal_at_test_test_and_krb5_validate_true(multihost, backupsss 1. Set the values of krb5_use_fast and krb5_fast_principal and set krb5_validate to true \ in sssd.conf and restart sssd. :steps: - 1. Authenticate the user foo3 from the client + 1. Authenticate the user foo1 from the client 2. Check the krb5_child log for expected messages. :expectedresults: - 1. User foo3 should not be able to successfully login + 1. User foo1 should not be able to successfully login 2. Krb5_child Log contains the expected lines: Trying to find principal principal@TEST.TEST in keytab """ krb5_fast_setup(multihost.client[0], 'demand', 'principal@TEST.TEST', krb5_validate='true') - client = sssdTools(multihost.client[0]) - ssh = client.auth_from_client('foo3', 'Secret123') + with pytest.raises(Exception): + check_login_client(multihost, "foo1", "Secret123") + time.sleep(3) file = '/var/log/sssd/krb5_child.log' krb5_child_log = multihost.client[0].get_file_contents(file).decode('utf-8') - assert ssh == 10, "foo3 successfully logged In" assert "Trying to find principal principal@TEST.TEST in keytab" in krb5_child_log, \ "principal principal@TEST.TEST not found in keytab" @@ -268,19 +311,19 @@ def test_0008_null_principal_and_krb5_validate_true(multihost, backupsssdconf): 1. Set the values of krb5_use_fast and krb5_fast_principal and set krb5_validate to true \ in sssd.conf and restart sssd. :steps: - 1. Authenticate the user foo3 from the client + 1. Authenticate the user foo1 from the client 2. Check the krb5_child log for expected messages. :expectedresults: - 1. User foo3 should be able to successfully login + 1. User foo1 should be able to successfully login 2. Krb5_child Log contains the expected lines: Trying to find principal (null)@EXAMPLE.TEST in keytab """ krb5_fast_setup(multihost.client[0], 'demand', '', krb5_validate='true') - client = sssdTools(multihost.client[0]) - ssh = client.auth_from_client('foo3', 'Secret123') + ssh = check_login_client_bool(multihost, "foo1", "Secret123") file = '/var/log/sssd/krb5_child.log' + time.sleep(3) krb5_child_log = multihost.client[0].get_file_contents(file).decode('utf-8') - assert ssh == 3, "foo3 failed to log In" + assert ssh, 'foo1 is not able to login.' assert "Trying to find principal (null)@EXAMPLE.TEST in keytab" in krb5_child_log, \ "principal (null)@EXAMPLE.TEST not found in keytab" assert f"TGT verified using key for [host/{multihost.client[0].sys_hostname}@EXAMPLE.TEST]"\ diff --git a/src/tests/multihost/alltests/test_misc_proxy.py b/src/tests/multihost/alltests/test_misc_proxy.py index f5f59b1795c..289260d857a 100644 --- a/src/tests/multihost/alltests/test_misc_proxy.py +++ b/src/tests/multihost/alltests/test_misc_proxy.py @@ -14,8 +14,7 @@ import ldap from sssd.testlib.common.utils import sssdTools, LdapOperations from sssd.testlib.common.libkrb5 import krb5srv -from sssd.testlib.common.expect import pexpect_ssh -from sssd.testlib.common.exceptions import SSHLoginException +from sssd.testlib.common.ssh2_python import check_login_client_bool, check_login_client def execute_cmd(multihost, command): @@ -319,7 +318,7 @@ def test_bz647816(multihost, backupsssdconf): tools.sssd_conf('domain/' + domain_name, domain_params) tools.clear_sssd_cache() for _ in range(12): - tools.auth_from_client("foo1@example1", "Secret123") + check_login_client(multihost, "foo1@example1", "Secret123") with pytest.raises(subprocess.CalledProcessError): execute_cmd(multihost, "grep 'All available child slots are full, " "queuing request' /var/log/sssd/*") @@ -429,10 +428,10 @@ def test_0002_bz1209483(multihost, backupsssdconf): tools.sssd_conf('domain/' + domain_name, domain_params) tools.clear_sssd_cache() getent = execute_cmd(multihost, "getent passwd -s sss foo2") - ssh_res = tools.auth_from_client("foo2", "Secret123") == 3 + ssh = check_login_client_bool(multihost, "foo2", "Secret123") execute_cmd(multihost, "userdel -rf foo2") + assert ssh, 'foo2 is not able to login.' assert "foo2:*:2001:2001::/home/foo2:/bin/bash" in getent.stdout_text - assert ssh_res, "Ssh for user foo2 failed." @staticmethod @pytest.mark.tier2 @@ -469,16 +468,8 @@ def test_bz1368467(multihost, backupsssdconf, create_350_posix_users): # sssd runs out of available child slots and starts # queuing requests in proxy mode execute_cmd(multihost, "systemctl start nslcd.service") - client_hostip = multihost.client[0].ip for i in range(1, 351): - try: - client = pexpect_ssh(client_hostip, f"doo{i}", 'Secret123', debug=False) - client.login(login_timeout=30, sync_multiplier=5, - auto_prompt_reset=False) - except SSHLoginException: - pytest.fail(f"doo{i} failed to login") - else: - client.logout() + check_login_client(multihost, f"doo{i}", 'Secret123') with pytest.raises(subprocess.CalledProcessError): execute_cmd(multihost, "grep 'All available child slots are full, " "queuing request' /var/log/sssd/*") diff --git a/src/tests/multihost/alltests/test_multidomain.py b/src/tests/multihost/alltests/test_multidomain.py index 4c4b2aa3053..179583e84f8 100644 --- a/src/tests/multihost/alltests/test_multidomain.py +++ b/src/tests/multihost/alltests/test_multidomain.py @@ -11,6 +11,7 @@ import datetime import pytest from sssd.testlib.common.utils import sssdTools +from sssd.testlib.common.ssh2_python import check_login_client @pytest.mark.usefixtures('posix_users_multidomain', 'sssdproxyldap', @@ -81,8 +82,7 @@ def test_0003_proxyldap2(multihost, multidomain_sssd): else: assert getent.returncode == 0 for user in ['puser11@proxy', 'quser10']: - ssh = tools.auth_from_client(user, 'Secret123') == 3 - assert ssh, f"Ssh failed for user {user}!" + check_login_client(multihost, user, 'Secret123') @staticmethod @pytest.mark.tier2 @@ -107,8 +107,7 @@ def test_0004_proxyldap2(multihost, multidomain_sssd): else: assert getent.returncode == 0 for user in ['puser11', 'quser11@ldap2']: - ssh = tools.auth_from_client(user, 'Secret123') == 3 - assert ssh, f"Ssh failed for user {user}!" + check_login_client(multihost, user, 'Secret123') @pytest.mark.tier2 def test_0005_proxyldap2(self, multihost, multidomain_sssd): @@ -443,8 +442,7 @@ def test_0022_ldapldap(multihost, multidomain_sssd): for dom in range(2): for idx in range(5): user = '%suser%d@ldap%d' % (suffix[dom], idx, dom + 1) - ssh = tools.auth_from_client(user, 'Secret123') == 3 - assert ssh, f"Ssh failed for user {user}!" + check_login_client(multihost, user, 'Secret123') pamlogfile = '/var/log/sssd/sssd_pam.log' find1 = re.compile(r'\[puser0\@ldap1\]') find2 = re.compile(r'\[quser0\@ldap2\]') @@ -486,8 +484,7 @@ def test_0023_ldapldap(multihost, multidomain_sssd): print("start time = ", starttime) user = '%suser1@ldap%d' % (suffix[dom], dom + 1) print("user =", user) - ssh = client_tools.auth_from_client(user, 'Secret123') == 3 - assert ssh, f"Ssh failed for user {user}!" + check_login_client(multihost, user, 'Secret123') t2 = datetime.datetime.now() endtime = t2.second print("end time = ", endtime) diff --git a/src/tests/multihost/alltests/test_password_policy.py b/src/tests/multihost/alltests/test_password_policy.py index e5b5c952801..3d9ef2b6d4d 100644 --- a/src/tests/multihost/alltests/test_password_policy.py +++ b/src/tests/multihost/alltests/test_password_policy.py @@ -12,6 +12,7 @@ import pytest from constants import ds_instance_name from sssd.testlib.common.utils import sssdTools +from sssd.testlib.common.ssh2_python import check_login_client_bool @pytest.mark.usefixtures('setup_sssd', 'create_posix_usersgroups', @@ -47,14 +48,14 @@ def test_0001_changeuserpass(multihost): 'bumblebee@123') assert change_pass == 3 # Verify the login of user with updated password - ssh = tools.auth_from_client(user, 'bumblebee@123') == 3 - assert ssh, "Authentication failed!" + ssh = check_login_client_bool(multihost, user, 'bumblebee@123') # Revert back the password to old one change_pass_old = tools.change_user_password(user, 'bumblebee@123', 'bumblebee@123', 'Secret123', 'Secret123') + assert ssh, f'{user} is not able to login.' assert change_pass_old == 3 @staticmethod diff --git a/src/tests/multihost/alltests/test_proxy_provider_krb_auth.py b/src/tests/multihost/alltests/test_proxy_provider_krb_auth.py index de53e82cd4d..0192eeabdec 100644 --- a/src/tests/multihost/alltests/test_proxy_provider_krb_auth.py +++ b/src/tests/multihost/alltests/test_proxy_provider_krb_auth.py @@ -9,6 +9,7 @@ from __future__ import print_function import pytest from sssd.testlib.common.utils import sssdTools +from sssd.testlib.common.ssh2_python import check_login_client_bool, check_login_client def execute_cmd(multihost, command): @@ -43,8 +44,8 @@ def test_proxy_lookup(multihost): # proxy lookup and kerberos auth tools = sssdTools(multihost.client[0]) tools.clear_sssd_cache() - ssh1 = tools.auth_from_client("foo2@example1", 'Secret123') == 3 - assert ssh1, "Ssh failed instead of passing!" + ssh = check_login_client_bool(multihost, "foo2@example1", 'Secret123') + assert ssh, 'foo2@example1 is not able to login.' assert "home/foo2:/bin/bash" in execute_cmd(multihost, "getent -s " "ldap passwd " @@ -91,22 +92,26 @@ def test_server_access(multihost): """ tools = sssdTools(multihost.client[0]) tools.clear_sssd_cache() - ssh0 = tools.auth_from_client("foo2@example1", 'Secret123') == 3 + ssh = check_login_client_bool(multihost, "foo2@example1", 'Secret123') # block_server_access execute_cmd(multihost, "systemctl start firewalld") execute_cmd(multihost, f"firewall-cmd --direct " f"--add-rule ipv4 filter " f"OUTPUT 0 -d {multihost.master[0].ip} " f"-j DROP") - - ssh1 = tools.auth_from_client("foo2@example1", 'Secret123') == 3 - - # unblock_server_access - execute_cmd(multihost, "firewall-cmd --reload") - execute_cmd(multihost, "systemctl stop firewalld") - tools.clear_sssd_cache() - ssh2 = tools.auth_from_client("foo2@example1", 'Secret123') == 3 - - assert ssh0, "Ssh failed instead of passing!" - assert not ssh1, "Ssh passed instead of failing!" - assert ssh2, "Ssh failed instead of passing!" + try: + with pytest.raises(Exception): + check_login_client(multihost, "foo2@example1", 'Secret123') + # unblock_server_access + execute_cmd(multihost, "firewall-cmd --reload") + execute_cmd(multihost, "systemctl stop firewalld") + tools.clear_sssd_cache() + ssh2 = check_login_client_bool(multihost, "foo2@example1", 'Secret123') + assert ssh, 'foo2@example1 is not able to login.' + assert ssh2, 'foo2@example1 is not able to login.' + except Exception: + # unblock_server_access + execute_cmd(multihost, "firewall-cmd --reload") + execute_cmd(multihost, "systemctl stop firewalld") + tools.clear_sssd_cache() + pytest.fail("foo2@example1 was able to login") diff --git a/src/tests/multihost/alltests/test_rfc2307.py b/src/tests/multihost/alltests/test_rfc2307.py index ab52d6e4554..a4f92aa0857 100644 --- a/src/tests/multihost/alltests/test_rfc2307.py +++ b/src/tests/multihost/alltests/test_rfc2307.py @@ -11,8 +11,8 @@ from sssd.testlib.common.libkrb5 import krb5srv from sssd.testlib.common.utils import sssdTools, LdapOperations from constants import ds_suffix, ds_rootdn, ds_rootpw -from sssd.testlib.common.exceptions import SSHLoginException, LdapException -from sssd.testlib.common.expect import pexpect_ssh +from sssd.testlib.common.exceptions import LdapException +from sssd.testlib.common.ssh2_python import run_command_client def usr_grp(multihost, obj_info, type): @@ -85,18 +85,9 @@ def test_0001_bz1362023(self, multihost, backupsssdconf): tools = sssdTools(multihost.client[0]) domain_name = tools.get_domain_section_name() tools.clear_sssd_cache() - user = f'\\ tuser@{domain_name}' - client = pexpect_ssh(multihost.client[0].sys_hostname, user, - 'Secret123', debug=False) - try: - client.login() - except SSHLoginException: - pytest.fail(f'{user} failed to login') - else: - id_cmd = f'id {user}' - cmd = client.command(id_cmd) - assert 'uid=34583100' in cmd[0] - client.logout() + user = f' tuser@{domain_name}' + id_cmd = run_command_client(multihost, user, "Secret123", 'id') + assert 'uid=34583100' in id_cmd user = f'tuser@{domain_name}' cmd = multihost.client[0].run_command(f'id {user}', raiseonerr=False) assert cmd.returncode != 0 diff --git a/src/tests/multihost/alltests/test_sssctl_analyzer.py b/src/tests/multihost/alltests/test_sssctl_analyzer.py index d5b2946a66c..487f97bed7b 100644 --- a/src/tests/multihost/alltests/test_sssctl_analyzer.py +++ b/src/tests/multihost/alltests/test_sssctl_analyzer.py @@ -9,8 +9,7 @@ import pytest import re from sssd.testlib.common.utils import sssdTools -from sssd.testlib.common.expect import pexpect_ssh -from sssd.testlib.common.exceptions import SSHLoginException +from sssd.testlib.common.ssh2_python import check_login_client from constants import ds_instance_name @@ -120,16 +119,7 @@ def test_analyze_diff_log_location(self, multihost, backupsssdconf): user = f'foo1@{ds_instance_name}' i_cmd = f'id {user}' multihost.client[0].run_command(i_cmd, raiseonerr=False) - client_hostname = multihost.client[0].sys_hostname - client = pexpect_ssh(client_hostname, user, 'Secret123', - debug=False) - try: - client.login(login_timeout=30, sync_multiplier=5, - auto_prompt_reset=False) - except SSHLoginException: - pytest.fail(f'{user} failed to login') - else: - client.logout() + check_login_client(multihost, user, 'Secret123') cp_cmd = 'cp -r /var/log/sssd /tmp/' multihost.client[0].run_command(cp_cmd, raiseonerr=False) multihost.client[0].service_sssd('stop') @@ -179,16 +169,7 @@ def test_analyze_pam_logs(self, multihost, backupsssdconf): tools.sssd_conf(sec_op, sssd_params, action='update') multihost.client[0].service_sssd('start') user = f'foo1@{ds_instance_name}' - client_hostname = multihost.client[0].sys_hostname - client = pexpect_ssh(client_hostname, user, 'Secret123', - debug=False) - try: - client.login(login_timeout=30, sync_multiplier=5, - auto_prompt_reset=False) - except SSHLoginException: - pytest.fail(f"{user} failed to login") - else: - client.logout() + check_login_client(multihost, user, 'Secret123') _, stdout = analyze(multihost, 'show 1 --pam') assert 'CID #1' in stdout pam_cmds = ['SSS_PAM_AUTHENTICATE', 'SSS_PAM_ACCT_MGMT', @@ -225,16 +206,7 @@ def test_analyze_tevent_id(self, multihost, backupsssdconf): i_cmd = f'id foo1@{ds_instance_name}' multihost.client[0].run_command(i_cmd, raiseonerr=False) user = f'foo1@{ds_instance_name}' - client_hostname = multihost.client[0].sys_hostname - client = pexpect_ssh(client_hostname, user, 'Secret123', - debug=False) - try: - client.login(login_timeout=30, sync_multiplier=5, - auto_prompt_reset=False) - except SSHLoginException: - pytest.fail(f"{user} failed to login") - else: - client.logout() + check_login_client(multihost, user, 'Secret123') _, stdout = analyze(multihost, 'show 1 --pam') assert all(ptn in stdout for ptn in ['RID#', user]) @@ -269,32 +241,21 @@ def test_analyze_parse_child_logs(self, multihost, backupsssdconf): tools.sssd_conf(sec_op, sssd_params, action='update') tools.clear_sssd_cache() user = f'foo1@{ds_instance_name}' - client_hostname = multihost.client[0].sys_hostname - client = pexpect_ssh(client_hostname, user, 'Secret123', - debug=False) try: - client.login(login_timeout=30, sync_multiplier=5, - auto_prompt_reset=False) - except SSHLoginException: + check_login_client(multihost, user, 'Secret123') + except Exception: _, stdout = analyze(multihost, 'show --pam --child 1') assert 'Preauthentication failed' in stdout pytest.fail(f"{user} failed to login") - else: - client.logout() _, stdout = analyze(multihost, 'show --pam --child 1') err = 'sss_child_krb5_trace_cb' assert all(ptn in stdout for ptn in [err, user]) tools.clear_sssd_cache() - client = pexpect_ssh(client_hostname, user, 'NOSecret123', - debug=False) try: - client.login(login_timeout=30, sync_multiplier=5, - auto_prompt_reset=False) - except SSHLoginException: + check_login_client(multihost, user, 'Secret123') + except Exception: _, stdout = analyze(multihost, 'show --pam --child 1') assert re.findall(r"RID#[0-9]*] Received error code", stdout) - else: - pytest.fail(f"{user} sucessful to login") @staticmethod def test_non_root_privileged(multihost, localusers): diff --git a/src/tests/multihost/sssd/testlib/common/ssh2_python.py b/src/tests/multihost/sssd/testlib/common/ssh2_python.py index ca21cf28d48..ba08055ab96 100644 --- a/src/tests/multihost/sssd/testlib/common/ssh2_python.py +++ b/src/tests/multihost/sssd/testlib/common/ssh2_python.py @@ -1,4 +1,5 @@ import socket +import ssh2 from ssh2.session import Session @@ -60,6 +61,21 @@ def check_login_client(multihost, user, password): ssh.close() +def check_login_client_bool(multihost, user, password): + """This function will check user login + user: Name of the user. + password: User password. + """ + try: + hostname = multihost.client[0].ip + ssh = SSHClient(hostname, user, password) + ssh.connect() + ssh.close() + return True + except ssh2.exceptions.AuthenticationError: + return False + + def run_command(hostname, user, password, command): """This function will execute command user: Name of the user. From 473e2b4c073414d38a1cf9dd75afd5624ed93608 Mon Sep 17 00:00:00 2001 From: aborah Date: Fri, 21 Jul 2023 18:41:27 +0530 Subject: [PATCH 082/280] Tests: Add sleep time to test_bz785908 Add sleep time to test_bz785908 Reviewed-by: Shridhar Gadekar (cherry picked from commit 763106ff582511d4f6f9c49ea84a2ac1e202303f) --- src/tests/multihost/alltests/test_default_debug_level.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/tests/multihost/alltests/test_default_debug_level.py b/src/tests/multihost/alltests/test_default_debug_level.py index a03f237f0f9..616d67c4477 100644 --- a/src/tests/multihost/alltests/test_default_debug_level.py +++ b/src/tests/multihost/alltests/test_default_debug_level.py @@ -321,7 +321,7 @@ def test_bz785908(multihost, backupsssdconf): 'ldap_schema': 'rfc2307bis', 'ldap_group_object_class': "groupOfNames"}, action='update') tools.clear_sssd_cache() - time.sleep(3) + time.sleep(20) cmd = client.run_command("getent -s sss group").stdout_text for dn_dn in [f'uid=tempuser2,{ds_suffix}', f'uid=tempuser3,{ds_suffix}', From e26215d66afee7fdde0c70b572b279d49f68ed9f Mon Sep 17 00:00:00 2001 From: Madhuri Upadhye Date: Fri, 21 Jul 2023 15:32:59 +0530 Subject: [PATCH 083/280] Tests: Package download MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Add python3-libsss_nss_idmap package from utils.py Signed-off-by: Madhuri Upadhye Reviewed-by: Jakub Vávra (cherry picked from commit 6bed4b7bc14835114e4b0823164ea70a8d69b252) --- src/tests/multihost/sssd/testlib/common/utils.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/tests/multihost/sssd/testlib/common/utils.py b/src/tests/multihost/sssd/testlib/common/utils.py index de09c331a48..38d9833d755 100644 --- a/src/tests/multihost/sssd/testlib/common/utils.py +++ b/src/tests/multihost/sssd/testlib/common/utils.py @@ -81,7 +81,7 @@ def client_install_pkgs(self): 'samba-winbind-clients autofs nfs-utils authconfig '\ 'authselect cifs-utils openldap-clients firewalld '\ 'tcpdump wireshark-cli expect rsyslog gcc gcc-c++ pam-devel '\ - 'tdb-tools libkcapi-hmaccalc strace iproute-tc' + 'tdb-tools libkcapi-hmaccalc strace iproute-tc python3-libsss_nss_idmap ' sssd_pkgs = 'sssd sssd-tools sssd-proxy sssd-winbind-idmap '\ 'libsss_autofs sssd-kcm sssd-dbus' extra_pkg = ' nss-pam-ldapd krb5-pkinit' From fd80b421c7f37f9a938c0be5ba3541a4aca1b867 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pavel=20B=C5=99ezina?= Date: Tue, 16 May 2023 13:33:01 +0200 Subject: [PATCH 084/280] tests: add pytest-importance plugin to system tests MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This plugin adds @pytest.mark.importance("low|medium|high|critical") and --importance=xyz cli option. Default importance is medium. Reviewed-by: Jakub Vávra Reviewed-by: Tomáš Halman (cherry picked from commit 43dd400dc109e962e7621d4b4045d918d4d9dfb1) --- src/tests/system/conftest.py | 1 + src/tests/system/requirements.txt | 1 + 2 files changed, 2 insertions(+) diff --git a/src/tests/system/conftest.py b/src/tests/system/conftest.py index 623dc938e42..83286142617 100644 --- a/src/tests/system/conftest.py +++ b/src/tests/system/conftest.py @@ -7,6 +7,7 @@ # Load additional plugins pytest_plugins = ( + "pytest_importance", "pytest_mh", "pytest_ticket", "pytest_tier", diff --git a/src/tests/system/requirements.txt b/src/tests/system/requirements.txt index 91229f4896d..928d010ccbd 100644 --- a/src/tests/system/requirements.txt +++ b/src/tests/system/requirements.txt @@ -1,4 +1,5 @@ pytest +git+https://github.com/next-actions/pytest-importance git+https://github.com/next-actions/pytest-mh git+https://github.com/next-actions/pytest-ticket git+https://github.com/next-actions/pytest-tier From bb46f317685e26ddd8f832b5118b283850738bbe Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pavel=20B=C5=99ezina?= Date: Tue, 16 May 2023 13:55:12 +0200 Subject: [PATCH 085/280] tests: add pytest-output plugin to system tests MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This plugin validates test metadata and generates Polarion import XMLs. To generate the XMLs, call pytest with: ``` --polarion-config=./polarion.yaml --output-polarion-testcase=testcase.xml --output-polarion-testrun=testrun.xml ``` Reviewed-by: Jakub Vávra Reviewed-by: Tomáš Halman (cherry picked from commit d3fd983be4358ddde0af58c96a38f561a56b2a25) --- src/tests/system/polarion.yaml | 35 +++++++++++++++++++++++++++++++ src/tests/system/requirements.txt | 1 + 2 files changed, 36 insertions(+) create mode 100644 src/tests/system/polarion.yaml diff --git a/src/tests/system/polarion.yaml b/src/tests/system/polarion.yaml new file mode 100644 index 00000000000..75b1ccb96e9 --- /dev/null +++ b/src/tests/system/polarion.yaml @@ -0,0 +1,35 @@ +testcase: + required: + title: + transform: + pattern: "^(.*)$" + replace: "IDM-SSSD-TC: \\1" + validate: "IDM-SSSD-TC: (.+)" + setup: + format: pre + steps: + expectedresults: + customerscenario: + caseimportance: + requirement: + optional: + id: + default: "idm-sssd-tc::{{ item.id }}" + caseautomation: + default: "automated" + casecomponent: + default: "sssd" + status: + default: "approved" + subsystemteam: + default: "sst_idm_sssd" + upstream: + default: "yes" + automation_script: + default: "{{ tests_url }}/{{ item.location.file }}#L{{ item.location.line }}" + testtype: + default: "functional" + caselevel: + default: "system" + teardown: + format: pre diff --git a/src/tests/system/requirements.txt b/src/tests/system/requirements.txt index 928d010ccbd..5210bc23cb1 100644 --- a/src/tests/system/requirements.txt +++ b/src/tests/system/requirements.txt @@ -3,4 +3,5 @@ git+https://github.com/next-actions/pytest-importance git+https://github.com/next-actions/pytest-mh git+https://github.com/next-actions/pytest-ticket git+https://github.com/next-actions/pytest-tier +git+https://github.com/next-actions/pytest-output git+https://github.com/SSSD/sssd-test-framework From b9d3ad10609e9c12b1507c1f62fec7fe81465b28 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pavel=20B=C5=99ezina?= Date: Thu, 1 Jun 2023 14:20:05 +0200 Subject: [PATCH 086/280] tests: add requirements to system tests MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Reviewed-by: Jakub Vávra Reviewed-by: Tomáš Halman (cherry picked from commit 50df528cc9b8eddf24034d289e754e3fa3d7f5f5) --- src/tests/system/tests/test_kcm.py | 6 ++++++ src/tests/system/tests/test_shadow.py | 6 ++++++ src/tests/system/tests/test_sssctl.py | 8 ++++++-- src/tests/system/tests/test_sudo.py | 6 ++++++ 4 files changed, 24 insertions(+), 2 deletions(-) diff --git a/src/tests/system/tests/test_kcm.py b/src/tests/system/tests/test_kcm.py index af20b0bc5e6..9c00c1b0ac7 100644 --- a/src/tests/system/tests/test_kcm.py +++ b/src/tests/system/tests/test_kcm.py @@ -1,3 +1,9 @@ +""" +KCM responder tests. + +:requirement: IDM-SSSD-REQ :: SSSD KCM as default Kerberos CCACHE provider +""" + from __future__ import annotations import time diff --git a/src/tests/system/tests/test_shadow.py b/src/tests/system/tests/test_shadow.py index 7117e48c4ab..91f905996aa 100644 --- a/src/tests/system/tests/test_shadow.py +++ b/src/tests/system/tests/test_shadow.py @@ -1,3 +1,9 @@ +""" +LDAP Shadow attributes tests. + +:requirement: IDM-SSSD-REQ : LDAP Provider +""" + from __future__ import annotations import pytest diff --git a/src/tests/system/tests/test_sssctl.py b/src/tests/system/tests/test_sssctl.py index 80fe47e5192..d19331b89f2 100644 --- a/src/tests/system/tests/test_sssctl.py +++ b/src/tests/system/tests/test_sssctl.py @@ -1,3 +1,9 @@ +""" +SSSCTL tests. + +:requirement: IDM-SSSD-REQ: Status utility +""" + from __future__ import annotations import pytest @@ -20,7 +26,6 @@ def test_sssctl__check_id_provider(client: Client): 1. Successfully remove id_provider from domain section. 2. Successfully get the error message. :customerscenario: False - :bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2100789 """ # create sssd.conf and start the sssd, with deafult configuration with a LDAP server. client.sssd.start() @@ -49,7 +54,6 @@ def test_sssctl__check_invalid_id_provider(client: Client): 1. Successfully remove id_provider from domain section. 2. Successfully get the error message. :customerscenario: False - :bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2100789 """ # create sssd.conf and start the sssd, with deafult configuration with a LDAP server. client.sssd.start() diff --git a/src/tests/system/tests/test_sudo.py b/src/tests/system/tests/test_sudo.py index 92ebffa1f60..f57845be10e 100644 --- a/src/tests/system/tests/test_sudo.py +++ b/src/tests/system/tests/test_sudo.py @@ -1,3 +1,9 @@ +""" +SUDO responder tests. + +:requirement: sudo +""" + from __future__ import annotations import re From cc99fdd8355d4b89afb44e7d9885b84dd1bcee94 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pavel=20B=C5=99ezina?= Date: Thu, 1 Jun 2023 14:23:06 +0200 Subject: [PATCH 087/280] tests: drop tier from system tests MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit It is replaced by importance marker, which defaults to medium. Reviewed-by: Jakub Vávra Reviewed-by: Tomáš Halman (cherry picked from commit 03e39e1969a923889f8179ac34f94a0e0436c9e0) --- src/tests/system/conftest.py | 1 - src/tests/system/tests/test_kcm.py | 6 ------ src/tests/system/tests/test_ldap_extra_attrs.py | 1 - src/tests/system/tests/test_netgroups.py | 2 -- src/tests/system/tests/test_shadow.py | 1 - src/tests/system/tests/test_sssctl.py | 2 -- src/tests/system/tests/test_sudo.py | 14 ++------------ 7 files changed, 2 insertions(+), 25 deletions(-) diff --git a/src/tests/system/conftest.py b/src/tests/system/conftest.py index 83286142617..1c94ceec4d0 100644 --- a/src/tests/system/conftest.py +++ b/src/tests/system/conftest.py @@ -10,7 +10,6 @@ "pytest_importance", "pytest_mh", "pytest_ticket", - "pytest_tier", "sssd_test_framework.fixtures", ) diff --git a/src/tests/system/tests/test_kcm.py b/src/tests/system/tests/test_kcm.py index 9c00c1b0ac7..aa7b61608c5 100644 --- a/src/tests/system/tests/test_kcm.py +++ b/src/tests/system/tests/test_kcm.py @@ -14,7 +14,6 @@ from sssd_test_framework.topology import KnownTopology -@pytest.mark.tier(0) @pytest.mark.topology(KnownTopology.Client) @pytest.mark.parametrize("ccache_storage", ["memory", "secdb"]) def test_kcm__kinit_overwrite(client: Client, kdc: KDC, ccache_storage: str): @@ -61,7 +60,6 @@ def test_kcm__kinit_overwrite(client: Client, kdc: KDC, ccache_storage: str): assert krb.cache_count() == 1 -@pytest.mark.tier(0) @pytest.mark.topology(KnownTopology.Client) @pytest.mark.parametrize("ccache_storage", ["memory", "secdb"]) def test_kcm__kinit_collection(client: Client, kdc: KDC, ccache_storage: str): @@ -151,7 +149,6 @@ def test_kcm__kinit_collection(client: Client, kdc: KDC, ccache_storage: str): assert krb.cache_count() == 0 -@pytest.mark.tier(0) @pytest.mark.topology(KnownTopology.Client) @pytest.mark.parametrize("ccache_storage", ["memory", "secdb"]) def test_kcm__kswitch(client: Client, kdc: KDC, ccache_storage: str): @@ -220,7 +217,6 @@ def test_kcm__kswitch(client: Client, kdc: KDC, ccache_storage: str): assert krb.has_tickets("bob", kdc.realm, [kdc.tgt, kdc.qualify("host/bob")]) -@pytest.mark.tier(0) @pytest.mark.topology(KnownTopology.Client) @pytest.mark.parametrize("ccache_storage", ["memory", "secdb"]) def test_kcm__subsidiaries(client: Client, kdc: KDC, ccache_storage: str): @@ -296,7 +292,6 @@ def test_kcm__subsidiaries(client: Client, kdc: KDC, ccache_storage: str): assert principals[kdc.qualify("bob")] == expected[kdc.qualify("bob")] -@pytest.mark.tier(0) @pytest.mark.topology(KnownTopology.Client) @pytest.mark.parametrize("ccache_storage", ["memory", "secdb"]) def test_kcm__kdestroy_nocache(client: Client, kdc: KDC, ccache_storage: str): @@ -331,7 +326,6 @@ def test_kcm__kdestroy_nocache(client: Client, kdc: KDC, ccache_storage: str): assert False, f"kdestroy raised an error: {e}" -@pytest.mark.tier(0) @pytest.mark.topology(KnownTopology.Client) def test_kcm__tgt_renewal(client: Client, kdc: KDC): """ diff --git a/src/tests/system/tests/test_ldap_extra_attrs.py b/src/tests/system/tests/test_ldap_extra_attrs.py index 47589d32199..7f1e2778000 100644 --- a/src/tests/system/tests/test_ldap_extra_attrs.py +++ b/src/tests/system/tests/test_ldap_extra_attrs.py @@ -12,7 +12,6 @@ from sssd_test_framework.topology import KnownTopologyGroup -@pytest.mark.tier(1) @pytest.mark.ticket(gh=4153, bz=1362023) @pytest.mark.topology(KnownTopologyGroup.AnyProvider) @pytest.mark.parametrize("attrs", ["mail, firstname:givenname, lastname:sn", "given_email:mail"]) diff --git a/src/tests/system/tests/test_netgroups.py b/src/tests/system/tests/test_netgroups.py index 6b6bc8e8b88..9d874f1828f 100644 --- a/src/tests/system/tests/test_netgroups.py +++ b/src/tests/system/tests/test_netgroups.py @@ -12,7 +12,6 @@ from sssd_test_framework.topology import KnownTopologyGroup -@pytest.mark.tier(1) @pytest.mark.ticket(gh=6652, bz=2162552) @pytest.mark.topology(KnownTopologyGroup.AnyProvider) def test_netgroups__add_remove_netgroup_triple(client: Client, provider: GenericProvider): @@ -55,7 +54,6 @@ def test_netgroups__add_remove_netgroup_triple(client: Client, provider: Generic assert len(result.members) == 0 -@pytest.mark.tier(1) @pytest.mark.ticket(gh=6652, bz=2162552) @pytest.mark.topology(KnownTopologyGroup.AnyProvider) def test_netgroups__add_remove_netgroup_member(client: Client, provider: GenericProvider): diff --git a/src/tests/system/tests/test_shadow.py b/src/tests/system/tests/test_shadow.py index 91f905996aa..0bccc3cfdb6 100644 --- a/src/tests/system/tests/test_shadow.py +++ b/src/tests/system/tests/test_shadow.py @@ -12,7 +12,6 @@ from sssd_test_framework.topology import KnownTopology -@pytest.mark.tier(0) @pytest.mark.ticket(bz=1507035) @pytest.mark.topology(KnownTopology.LDAP) @pytest.mark.parametrize("method", ["su", "ssh"]) diff --git a/src/tests/system/tests/test_sssctl.py b/src/tests/system/tests/test_sssctl.py index d19331b89f2..4383ee99cc8 100644 --- a/src/tests/system/tests/test_sssctl.py +++ b/src/tests/system/tests/test_sssctl.py @@ -11,7 +11,6 @@ from sssd_test_framework.topology import KnownTopology -@pytest.mark.tier(0) @pytest.mark.ticket(bz=2100789) @pytest.mark.topology(KnownTopology.LDAP) def test_sssctl__check_id_provider(client: Client): @@ -39,7 +38,6 @@ def test_sssctl__check_id_provider(client: Client): assert "[rule/sssd_checks]: Attribute 'id_provider' is missing in section 'domain/test'." in output.stdout_lines[1] -@pytest.mark.tier(0) @pytest.mark.ticket(bz=2100789) @pytest.mark.topology(KnownTopology.LDAP) def test_sssctl__check_invalid_id_provider(client: Client): diff --git a/src/tests/system/tests/test_sudo.py b/src/tests/system/tests/test_sudo.py index f57845be10e..f32205d1ef7 100644 --- a/src/tests/system/tests/test_sudo.py +++ b/src/tests/system/tests/test_sudo.py @@ -19,7 +19,6 @@ from sssd_test_framework.topology import KnownTopology, KnownTopologyGroup -@pytest.mark.tier(0) @pytest.mark.topology(KnownTopologyGroup.AnyProvider) def test_sudo__user_allowed(client: Client, provider: GenericProvider): """ @@ -56,7 +55,6 @@ def test_sudo__user_allowed(client: Client, provider: GenericProvider): assert not client.auth.sudo.run("user-2", "Secret123", command="/bin/ls /root") -@pytest.mark.tier(0) @pytest.mark.topology(KnownTopology.AD) @pytest.mark.topology(KnownTopology.LDAP) @pytest.mark.topology(KnownTopology.Samba) @@ -102,7 +100,6 @@ def test_sudo__duplicate_sudo_user(client: Client, provider: GenericProvider): assert not client.auth.sudo.run("user-4", "Secret123", command="/bin/ls /root") -@pytest.mark.tier(0) @pytest.mark.ticket(bz=1380436, gh=4236) @pytest.mark.topology(KnownTopologyGroup.AnyProvider) def test_sudo__case_sensitive_false(client: Client, provider: GenericProvider): @@ -149,7 +146,6 @@ def test_sudo__case_sensitive_false(client: Client, provider: GenericProvider): assert client.auth.sudo.run("USER-1", "Secret123", command="/bin/more /root/test") -@pytest.mark.tier(0) @pytest.mark.topology(KnownTopologyGroup.AnyProvider) def test_sudo__rules_refresh(client: Client, provider: GenericProvider): """ @@ -185,7 +181,6 @@ def test_sudo__rules_refresh(client: Client, provider: GenericProvider): assert client.auth.sudo.list("user-1", "Secret123", expected=["(root) /bin/less"]) -@pytest.mark.tier(0) @pytest.mark.ticket(bz=1372440, gh=4236) @pytest.mark.contains_workaround_for(gh=4483) @pytest.mark.topology(KnownTopologyGroup.AnyProvider) @@ -222,7 +217,6 @@ def test_sudo__sudo_user_is_group(client: Client, provider: GenericProvider): assert client.auth.sudo.run("user-1", "Secret123", command="/bin/ls /root") -@pytest.mark.tier(0) @pytest.mark.ticket(bz=1826272, gh=5119) @pytest.mark.topology(KnownTopologyGroup.AnyAD) def test_sudo__sudo_user_is_nonposix_group(client: Client, provider: GenericADProvider): @@ -255,7 +249,6 @@ def test_sudo__sudo_user_is_nonposix_group(client: Client, provider: GenericADPr assert client.auth.sudo.run("user-1", "Secret123", command="/bin/ls /root") -@pytest.mark.tier(0) @pytest.mark.ticket(bz=1910131) @pytest.mark.topology(KnownTopologyGroup.AnyProvider) def test_sudo__runasuser_shortname(client: Client, provider: GenericADProvider): @@ -283,7 +276,6 @@ def test_sudo__runasuser_shortname(client: Client, provider: GenericADProvider): assert client.auth.sudo.list("user-1", "Secret123", expected=["(user-2) /bin/ls"]) -@pytest.mark.tier(0) @pytest.mark.topology(KnownTopology.AD) @pytest.mark.topology(KnownTopology.LDAP) @pytest.mark.topology(KnownTopology.Samba) @@ -316,7 +308,6 @@ def test_sudo__runasuser_fqn(client: Client, provider: GenericProvider): assert client.auth.sudo.list("user-1", "Secret123", expected=["(user-2) /bin/ls"]) -@pytest.mark.tier(0) @pytest.mark.topology(KnownTopology.LDAP) def test_sudo__sudonotbefore_shorttime(client: Client, provider: LDAP): """ @@ -372,7 +363,7 @@ def fulltime(t: datetime) -> str: @pytest.mark.slow(seconds=15) -@pytest.mark.tier(2) +@pytest.mark.importance("low") @pytest.mark.ticket(bz=1925514, gh=5609) @pytest.mark.topology(KnownTopologyGroup.AnyProvider) def test_sudo__refresh_random_offset(client: Client): @@ -413,7 +404,7 @@ def test_sudo__refresh_random_offset(client: Client): @pytest.mark.slow(seconds=10) -@pytest.mark.tier(2) +@pytest.mark.importance("low") @pytest.mark.ticket(bz=1925505, gh=5604) @pytest.mark.topology(KnownTopologyGroup.AnyProvider) @pytest.mark.parametrize(["full_interval", "smart_interval"], [(2, 1), (3, 2)]) @@ -480,7 +471,6 @@ def is_smart_skipped(line: str) -> bool: is_skipped = True -@pytest.mark.tier(0) @pytest.mark.ticket(bz=1294670, gh=3969) @pytest.mark.topology(KnownTopologyGroup.AnyProvider) def test_sudo__local_users_negative_cache(client: Client, provider: LDAP): From df727cbb3c8aa2607f5de8ea30b77bee2c5b0669 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pavel=20B=C5=99ezina?= Date: Wed, 19 Jul 2023 13:30:53 +0200 Subject: [PATCH 088/280] tests: fix doctring in test_config__add_remove_section MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Number of steps did not match number of expected results. Reviewed-by: Jakub Vávra Reviewed-by: Tomáš Halman (cherry picked from commit f8848028afef03f68e4893b48002b2c5c1579921) --- src/tests/system/tests/test_config.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/tests/system/tests/test_config.py b/src/tests/system/tests/test_config.py index 80d4557b944..080be6911ed 100644 --- a/src/tests/system/tests/test_config.py +++ b/src/tests/system/tests/test_config.py @@ -113,7 +113,8 @@ def test_config__add_remove_section(client: Client): :expectedresults: 1. "debug_level" is set to 9 in both domains 2. Added successfully - 4. Changes are apllied successfully + 3. New configuration was written + 4. Changes are applied successfully 5. "sssd --genconf-section==$newSection" is called successfully 6. New section is removed successfully 7. "sssd --genconf-section==$newSection" is called successfully From 71876d6c8d87fc5f43f25c396f0e4dbf7918f564 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pavel=20B=C5=99ezina?= Date: Tue, 16 May 2023 13:57:19 +0200 Subject: [PATCH 089/280] ci: generate polarion xmls from system tests MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Reviewed-by: Jakub Vávra Reviewed-by: Tomáš Halman (cherry picked from commit f3793fc7ca28fb8fdf2b6d8f21d00bdf7c5100a4) --- .github/workflows/ci.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 14ca517e923..ba1f9902a44 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -345,12 +345,16 @@ jobs: run: | set -ex -o pipefail + mkdir -p $GITHUB_WORKSPACE/artifacts source .venv/bin/activate pytest \ --color=yes \ --mh-config=./mhc.yaml \ --mh-log-path=$GITHUB_WORKSPACE/mh.log \ --mh-artifacts-dir=$GITHUB_WORKSPACE/artifacts \ + --polarion-config=./polarion.yaml \ + --output-polarion-testcase=$GITHUB_WORKSPACE/artifacts/testcase.xml \ + --output-polarion-testrun=$GITHUB_WORKSPACE/artifacts/testrun.xml \ -vvv . |& tee $GITHUB_WORKSPACE/pytest.log - name: Upload artifacts From 13373ea3ca670c49648797e2897e96b296586436 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pavel=20B=C5=99ezina?= Date: Wed, 19 Jul 2023 13:33:26 +0200 Subject: [PATCH 090/280] ci: run system test in collect only mode first MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This will quickly catch issues in Polarion metadata/docstring without waiting for the test run to finish. Reviewed-by: Jakub Vávra Reviewed-by: Tomáš Halman (cherry picked from commit 1d268bc197eb142264a62c1221fcc3bd8a5ed212) --- .github/workflows/ci.yml | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index ba1f9902a44..95b0732116c 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -339,6 +339,24 @@ jobs: run: | yq -i 'del(.domains[0].hosts.[] | select(.role == "ad"))' mhc.yaml + - name: Check polarion metadata + shell: bash + working-directory: ./sssd/src/tests/system + run: | + # Run pytest in collect only mode to quickly catch issues in Polarion metadata. + set -ex -o pipefail + + mkdir -p $GITHUB_WORKSPACE/artifacts + source .venv/bin/activate + pytest \ + --color=yes \ + --mh-config=./mhc.yaml \ + --mh-log-path=$GITHUB_WORKSPACE/mh.log \ + --mh-artifacts-dir=$GITHUB_WORKSPACE/artifacts \ + --polarion-config=./polarion.yaml \ + --output-polarion-testcase=$GITHUB_WORKSPACE/artifacts/testcase.xml \ + --collect-only . |& tee $GITHUB_WORKSPACE/pytest-collect.log + - name: Run tests shell: bash working-directory: ./sssd/src/tests/system @@ -370,6 +388,7 @@ jobs: build.log install.log pytest.log + pytest-collect.log result: name: All tests are successful From 8c1b5c472eb700dfd579e16145d8bc1cdcaa0ea0 Mon Sep 17 00:00:00 2001 From: Iker Pedrosa Date: Mon, 29 May 2023 16:29:33 +0200 Subject: [PATCH 091/280] man: clarify passkey PIN prompt If user_verification is enabled, then the PIN will always be requested. Signed-off-by: Iker Pedrosa (cherry picked from commit b87c5a6f11f8a584c10a3eb4b74b6084f259182e) Reviewed-by: Iker Pedrosa Reviewed-by: Sumit Bose (cherry picked from commit bfab4907535742128d7140ba1ad858565f70fe3a) --- src/man/sssd.conf.5.xml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/man/sssd.conf.5.xml b/src/man/sssd.conf.5.xml index 69551f5d74e..5c56088f501 100644 --- a/src/man/sssd.conf.5.xml +++ b/src/man/sssd.conf.5.xml @@ -743,7 +743,8 @@ Enable or disable the user verification (i.e. PIN, fingerprint) - during authentication. + during authentication. If enabled, the + PIN will always be requested. The default is that the key settings From b8b75abebca6234f210b6d19ccabfb4eb36e217c Mon Sep 17 00:00:00 2001 From: Justin Stephenson Date: Fri, 21 Apr 2023 08:33:59 -0400 Subject: [PATCH 092/280] Change "non_kerberos" to "local" authentication This is more clear, and aligns with smartcard authentication verbiage. Reviewed-by: Iker Pedrosa Reviewed-by: Sumit Bose (cherry picked from commit f3f7a4ce11a91f723d4f729858ebb946fdd6c5e2) --- src/responder/pam/pamsrv_cmd.c | 10 +++++----- src/responder/pam/pamsrv_passkey.c | 6 +++--- src/responder/pam/pamsrv_passkey.h | 2 +- 3 files changed, 9 insertions(+), 9 deletions(-) diff --git a/src/responder/pam/pamsrv_cmd.c b/src/responder/pam/pamsrv_cmd.c index 171b8f1ab46..ffcb12d2009 100644 --- a/src/responder/pam/pamsrv_cmd.c +++ b/src/responder/pam/pamsrv_cmd.c @@ -1349,7 +1349,7 @@ void pam_reply(struct pam_auth_req *preq) } if (may_do_passkey_auth(pctx, pd) && !pk_preauth_done && preq->passkey_data_exists) { - ret = passkey_non_kerberos(cctx, cctx->ev, pctx, preq, pd); + ret = passkey_local(cctx, cctx->ev, pctx, preq, pd); pam_check_user_done(preq, ret); return; } @@ -1806,7 +1806,7 @@ static int pam_forwarder(struct cli_ctx *cctx, int pam_cmd) goto done; } - /* This is set to false inside passkey_non_kerberos() if no passkey data is found. + /* This is set to false inside passkey_local() if no passkey data is found. * It is checked in pam_reply() to avoid an endless loop */ preq->passkey_data_exists = true; @@ -1817,7 +1817,7 @@ static int pam_forwarder(struct cli_ctx *cctx, int pam_cmd) goto done; } else if ((sss_authtok_get_type(pd->authtok) == SSS_AUTHTOK_TYPE_PASSKEY) || (sss_authtok_get_type(pd->authtok) == SSS_AUTHTOK_TYPE_EMPTY)) { - ret = passkey_non_kerberos(cctx, cctx->ev, pctx, preq, pd); + ret = passkey_local(cctx, cctx->ev, pctx, preq, pd); goto done; } } @@ -2220,7 +2220,7 @@ static void pam_forwarder_cb(struct tevent_req *req) goto done; } - /* This is set to false inside passkey_non_kerberos() if no passkey data is found. + /* This is set to false inside passkey_local() if no passkey data is found. * It is checked in pam_reply() to avoid an endless loop */ preq->passkey_data_exists = true; @@ -2231,7 +2231,7 @@ static void pam_forwarder_cb(struct tevent_req *req) goto done; } else if ((sss_authtok_get_type(pd->authtok) == SSS_AUTHTOK_TYPE_PASSKEY) || (sss_authtok_get_type(pd->authtok) == SSS_AUTHTOK_TYPE_EMPTY)) { - ret = passkey_non_kerberos(cctx, cctx->ev, pctx, preq, pd); + ret = passkey_local(cctx, cctx->ev, pctx, preq, pd); goto done; } } diff --git a/src/responder/pam/pamsrv_passkey.c b/src/responder/pam/pamsrv_passkey.c index d884a767034..f1d5733e35b 100644 --- a/src/responder/pam/pamsrv_passkey.c +++ b/src/responder/pam/pamsrv_passkey.c @@ -85,7 +85,7 @@ struct passkey_get_mapping_state { struct cache_req_result *result; }; -errno_t passkey_non_kerberos(TALLOC_CTX *mem_ctx, +errno_t passkey_local(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct pam_ctx *pam_ctx, struct pam_auth_req *preq, @@ -256,7 +256,7 @@ errno_t read_passkey_conf_verification(TALLOC_CTX *mem_ctx, return ret; } -static errno_t passkey_non_kerberos_verification(TALLOC_CTX *mem_ctx, +static errno_t passkey_local_verification(TALLOC_CTX *mem_ctx, struct passkey_ctx *pctx, struct confdb_ctx *cdb, struct sysdb_ctx *sysdb, @@ -514,7 +514,7 @@ void pam_passkey_get_user_done(struct tevent_req *req) goto done; } - ret = passkey_non_kerberos_verification(pctx, pctx, pctx->pam_ctx->rctx->cdb, + ret = passkey_local_verification(pctx, pctx, pctx->pam_ctx->rctx->cdb, result->domain->sysdb, result->domain->dns_name, pk_data, &verification, &debug_libfido2); if (ret != EOK) { diff --git a/src/responder/pam/pamsrv_passkey.h b/src/responder/pam/pamsrv_passkey.h index e799d951f28..6b0d62071f5 100644 --- a/src/responder/pam/pamsrv_passkey.h +++ b/src/responder/pam/pamsrv_passkey.h @@ -35,7 +35,7 @@ enum passkey_user_verification { PAM_PASSKEY_VERIFICATION_INVALID }; -errno_t passkey_non_kerberos(TALLOC_CTX *mem_ctx, +errno_t passkey_local(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct pam_ctx *pam_ctx, struct pam_auth_req *preq, From 5b575fcb62c1e0ea98905fb5e942d437f7ef8646 Mon Sep 17 00:00:00 2001 From: Justin Stephenson Date: Fri, 21 Apr 2023 09:42:20 -0400 Subject: [PATCH 093/280] Add local auth policy local authentication methods policy - Some backends (i.e. LDAP, proxy provider) only support a password base authentication, while others can handle PKINIT based Smartcard authentication (AD, IPA), two-factor authentication (IPA), or other methods against a central instance. By default in such cases authentication is only performed with the methods supported by the backend. To allow more convenient or secure authentication methods which are supported by SSSD, but not by the backend in cases where a central authentication is not strictly required the `local_auth_policy` option is added. Ignore local auth policy when id_provider = files. Reviewed-by: Iker Pedrosa Reviewed-by: Sumit Bose (cherry picked from commit d019132bd44e25b841e0917c034140be67de9a77) --- src/confdb/confdb.h | 1 + src/config/SSSDConfig/sssdoptions.py | 1 + src/config/SSSDConfigTest.py | 6 +- src/config/cfg_rules.ini | 1 + src/config/etc/sssd.api.conf | 1 + src/db/sysdb.h | 4 + src/man/sssd.conf.5.xml | 45 +++ src/responder/pam/pam_prompting_config.c | 53 +-- src/responder/pam/pamsrv.h | 9 + src/responder/pam/pamsrv_cmd.c | 409 ++++++++++++++++++++++- src/tests/cmocka/test_pam_srv.c | 39 ++- src/tests/intg/test_pam_responder.py | 2 + src/util/util.h | 9 + 13 files changed, 525 insertions(+), 55 deletions(-) diff --git a/src/confdb/confdb.h b/src/confdb/confdb.h index 9c69e8921ff..23b4be814be 100644 --- a/src/confdb/confdb.h +++ b/src/confdb/confdb.h @@ -272,6 +272,7 @@ #define CONFDB_DOMAIN_TYPE_POSIX "posix" #define CONFDB_DOMAIN_TYPE_APP "application" #define CONFDB_DOMAIN_INHERIT_FROM "inherit_from" +#define CONFDB_DOMAIN_LOCAL_AUTH_POLICY "local_auth_policy" /* Proxy Provider */ #define CONFDB_PROXY_LIBNAME "proxy_lib_name" diff --git a/src/config/SSSDConfig/sssdoptions.py b/src/config/SSSDConfig/sssdoptions.py index 22eea89180b..0d75e6d822d 100644 --- a/src/config/SSSDConfig/sssdoptions.py +++ b/src/config/SSSDConfig/sssdoptions.py @@ -223,6 +223,7 @@ def __init__(self): 'should be saved this value determines the minimal length ' 'the first authentication factor (long term password) must ' 'have to be saved as SHA512 hash into the cache.'), + 'local_auth_policy': _('Local authentication methods policy '), # [provider/ipa] 'ipa_domain': _('IPA domain'), diff --git a/src/config/SSSDConfigTest.py b/src/config/SSSDConfigTest.py index 92b3de1cfe6..b160be2b128 100755 --- a/src/config/SSSDConfigTest.py +++ b/src/config/SSSDConfigTest.py @@ -621,7 +621,8 @@ def testListOptions(self): 'pam_gssapi_check_upn', 'pam_gssapi_indicators_map', 'refresh_expired_interval', - 'refresh_expired_interval_offset'] + 'refresh_expired_interval_offset', + 'local_auth_policy'] self.assertTrue(type(options) == dict, "Options should be a dictionary") @@ -981,7 +982,8 @@ def testRemoveProvider(self): 'refresh_expired_interval', 'refresh_expired_interval_offset', 'dyndns_refresh_interval', - 'dyndns_refresh_interval_offset'] + 'dyndns_refresh_interval_offset', + 'local_auth_policy'] self.assertTrue(type(options) == dict, "Options should be a dictionary") diff --git a/src/config/cfg_rules.ini b/src/config/cfg_rules.ini index 3f2b61c26df..61cbdafaade 100644 --- a/src/config/cfg_rules.ini +++ b/src/config/cfg_rules.ini @@ -425,6 +425,7 @@ option = auto_private_groups option = pam_gssapi_services option = pam_gssapi_check_upn option = pam_gssapi_indicators_map +option = local_auth_policy #Entry cache timeouts option = entry_cache_user_timeout diff --git a/src/config/etc/sssd.api.conf b/src/config/etc/sssd.api.conf index 606adf1da2f..5ae6aab1905 100644 --- a/src/config/etc/sssd.api.conf +++ b/src/config/etc/sssd.api.conf @@ -192,6 +192,7 @@ auto_private_groups = str, None, false pam_gssapi_services = str, None, false pam_gssapi_check_upn = bool, None, false pam_gssapi_indicators_map = str, None, false +local_auth_policy = str, None, false #Entry cache timeouts entry_cache_user_timeout = int, None, false diff --git a/src/db/sysdb.h b/src/db/sysdb.h index 887a9630e72..55c6437f2de 100644 --- a/src/db/sysdb.h +++ b/src/db/sysdb.h @@ -161,6 +161,10 @@ #define SYSDB_USER_PASSKEY "userPasskey" +/* Local auth types */ +#define SYSDB_LOCAL_SMARTCARD_AUTH "localSmartcardAuth" +#define SYSDB_LOCAL_PASSKEY_AUTH "localPasskeyAuth" + #define SYSDB_SUBDOMAIN_REALM "realmName" #define SYSDB_SUBDOMAIN_FLAT "flatName" #define SYSDB_SUBDOMAIN_DNS "dnsName" diff --git a/src/man/sssd.conf.5.xml b/src/man/sssd.conf.5.xml index 5c56088f501..b74b9d1f444 100644 --- a/src/man/sssd.conf.5.xml +++ b/src/man/sssd.conf.5.xml @@ -3978,6 +3978,51 @@ subdomain_inherit = ldap_purge_cache_timeout + + local_auth_policy (string) + + + Local authentication methods policy. Some backends + (i.e. LDAP, proxy provider) only support a password + based authentication, while others can handle PKINIT + based Smartcard authentication (AD, IPA), + two-factor authentication (IPA), or other methods + against a central instance. By default in such cases + authentication is only performed with the methods + supported by the backend. + + + There are three possible values for this option: + match, only, enable. match is + used to match offline and online states for Kerberos + methods. only ignores the online methods + and only offer the local ones. enable allows explicitly + defining the methods for local authentication. As an + example, enable:passkey, only enables + passkey for local authentication. Multiple enable values + should be comma-separated, such as + enable:passkey, enable:smartcard + + + The following configuration example allows local users + to authenticate locally using any enabled method + (i.e. smartcard, passkey). + +[domain/shadowutils] +id_provider = proxy +proxy_lib_name = files +auth_provider = none +local_auth_policy = only + + + + This option is ignored for the files provider + + + Default: match + + + auto_private_groups (string) diff --git a/src/responder/pam/pam_prompting_config.c b/src/responder/pam/pam_prompting_config.c index 6e7fcd5db6c..7d0362fbbf5 100644 --- a/src/responder/pam/pam_prompting_config.c +++ b/src/responder/pam/pam_prompting_config.c @@ -215,58 +215,23 @@ static errno_t pam_set_prompting_options(struct confdb_ctx *cdb, errno_t pam_eval_prompting_config(struct pam_ctx *pctx, struct pam_data *pd) { int ret; - struct response_data *resp; - bool password_auth = false; - bool otp_auth = false; - bool cert_auth = false; - bool passkey_auth = false; struct prompt_config **pc_list = NULL; int resp_len; uint8_t *resp_data = NULL; + struct pam_resp_auth_type types; if (pctx->num_prompting_config_sections == 0) { DEBUG(SSSDBG_TRACE_ALL, "No prompting configuration found.\n"); return EOK; } - resp = pd->resp_list; - while (resp != NULL) { - switch (resp->type) { - case SSS_PAM_OTP_INFO: - otp_auth = true; - break; - case SSS_PAM_CERT_INFO: - cert_auth = true; - break; - case SSS_PAM_PASSKEY_INFO: - case SSS_PAM_PASSKEY_KRB_INFO: - passkey_auth = true; - break; - case SSS_PASSWORD_PROMPTING: - password_auth = true; - break; - case SSS_CERT_AUTH_PROMPTING: - /* currently not used */ - break; - default: - break; - } - resp = resp->next; - } - - if (!password_auth && !otp_auth && !cert_auth) { - /* If the backend cannot determine which authentication types are - * available the default would be to prompt for a password. */ - password_auth = true; + ret = pam_get_auth_types(pd, &types); + if (ret != EOK) { + DEBUG(SSSDBG_OP_FAILURE, "Failed to get authentication types\n"); + goto done; } - DEBUG(SSSDBG_TRACE_ALL, "Authentication types for user [%s] and service " - "[%s]:%s%s%s%s\n", pd->user, pd->service, - password_auth ? " password": "", - otp_auth ? " two-factor" : "", - passkey_auth ? " passkey" : "", - cert_auth ? " smartcard" : ""); - if (passkey_auth) { + if (types.passkey_auth) { ret = pam_set_prompting_options(pctx->rctx->cdb, pd->service, pctx->prompting_config_sections, pctx->num_prompting_config_sections, @@ -280,7 +245,7 @@ errno_t pam_eval_prompting_config(struct pam_ctx *pctx, struct pam_data *pd) } } - if (cert_auth) { + if (types.cert_auth) { /* If certificate based authentication is possilbe, i.e. a Smartcard * or similar with the mapped certificate is available we currently * prefer this authentication type unconditionally. If other types @@ -292,7 +257,7 @@ errno_t pam_eval_prompting_config(struct pam_ctx *pctx, struct pam_data *pd) } /* If OTP and password auth are possible we currently prefer OTP. */ - if (otp_auth) { + if (types.otp_auth) { ret = pam_set_prompting_options(pctx->rctx->cdb, pd->service, pctx->prompting_config_sections, pctx->num_prompting_config_sections, @@ -306,7 +271,7 @@ errno_t pam_eval_prompting_config(struct pam_ctx *pctx, struct pam_data *pd) } } - if (password_auth) { + if (types.password_auth) { ret = pam_set_prompting_options(pctx->rctx->cdb, pd->service, pctx->prompting_config_sections, pctx->num_prompting_config_sections, diff --git a/src/responder/pam/pamsrv.h b/src/responder/pam/pamsrv.h index 22502da012d..7013a8edd66 100644 --- a/src/responder/pam/pamsrv.h +++ b/src/responder/pam/pamsrv.h @@ -99,6 +99,13 @@ struct pam_auth_req { uint32_t client_id_num; }; +struct pam_resp_auth_type { + bool password_auth; + bool otp_auth; + bool cert_auth; + bool passkey_auth; +}; + struct sss_cmd_table *get_pam_cmds(void); errno_t @@ -153,6 +160,8 @@ errno_t filter_responses(struct pam_ctx *pctx, struct response_data *resp_list, struct pam_data *pd); +errno_t pam_get_auth_types(struct pam_data *pd, + struct pam_resp_auth_type *_auth_types); errno_t pam_eval_prompting_config(struct pam_ctx *pctx, struct pam_data *pd); enum pam_initgroups_scheme pam_initgroups_string_to_enum(const char *str); diff --git a/src/responder/pam/pamsrv_cmd.c b/src/responder/pam/pamsrv_cmd.c index ffcb12d2009..e4c63822ac0 100644 --- a/src/responder/pam/pamsrv_cmd.c +++ b/src/responder/pam/pamsrv_cmd.c @@ -20,7 +20,10 @@ along with this program. If not, see . */ +#define _GNU_SOURCE + #include +#include #include "util/util.h" #include "util/auth_utils.h" #include "util/find_uid.h" @@ -492,6 +495,98 @@ static int pam_parse_in_data(struct pam_data *pd, return EOK; } +static errno_t +pam_get_local_auth_policy(struct sss_domain_info *domain, + const char *name, + bool *_sc_allow, + bool *_passkey_allow) +{ + TALLOC_CTX *tmp_ctx = NULL; + const char *attrs[] = { SYSDB_LOCAL_SMARTCARD_AUTH, SYSDB_LOCAL_PASSKEY_AUTH, NULL }; + struct ldb_message *ldb_msg; + bool sc_allow = false; + bool passkey_allow = false; + errno_t ret; + + if (name == NULL || *name == '\0') { + DEBUG(SSSDBG_CRIT_FAILURE, "Missing user name.\n"); + ret = EINVAL; + goto done; + } + + if (domain->sysdb == NULL) { + DEBUG(SSSDBG_CRIT_FAILURE, "Missing sysdb db context.\n"); + ret = EINVAL; + goto done; + } + + tmp_ctx = talloc_new(NULL); + if (tmp_ctx == NULL) { + ret = ENOMEM; + goto done; + } + + ret = sysdb_search_user_by_name(tmp_ctx, domain, name, attrs, &ldb_msg); + if (ret != EOK) { + DEBUG(SSSDBG_CRIT_FAILURE, + "sysdb_search_user_by_name failed [%d][%s].\n", + ret, strerror(ret)); + goto done; + } + + sc_allow = ldb_msg_find_attr_as_bool(ldb_msg, SYSDB_LOCAL_SMARTCARD_AUTH, + false); + + passkey_allow = ldb_msg_find_attr_as_bool(ldb_msg, SYSDB_LOCAL_PASSKEY_AUTH, + true); + + ret = EOK; + +done: + if (ret == EOK) { + *_sc_allow = sc_allow; + *_passkey_allow = passkey_allow; + } + + talloc_free(tmp_ctx); + return ret; +} +static errno_t set_local_auth_type(struct pam_auth_req *preq, + bool sc_allow, + bool passkey_allow) +{ + struct sysdb_attrs *attrs; + errno_t ret; + + attrs = sysdb_new_attrs(preq); + if (!attrs) { + ret = ENOMEM; + goto fail; + } + + ret = sysdb_attrs_add_bool(attrs, SYSDB_LOCAL_SMARTCARD_AUTH, sc_allow); + if (ret != EOK) { + goto fail; + } + + ret = sysdb_attrs_add_bool(attrs, SYSDB_LOCAL_PASSKEY_AUTH, passkey_allow); + if (ret != EOK) { + goto fail; + } + + ret = sysdb_set_user_attr(preq->domain, preq->pd->user, attrs, + SYSDB_MOD_REP); + if (ret != EOK) { + DEBUG(SSSDBG_OP_FAILURE, "set_local_auth_type failed.\n"); + preq->pd->pam_status = PAM_SYSTEM_ERR; + goto fail; + } + + return EOK; + +fail: + return ret; +} /*=Save-Last-Login-State===================================================*/ static errno_t set_last_login(struct pam_auth_req *preq) @@ -746,6 +841,213 @@ errno_t filter_responses(struct pam_ctx *pctx, return ret; } +static void do_not_send_cert_info(struct pam_data *pd) +{ + struct response_data *resp; + + resp = pd->resp_list; + while (resp != NULL) { + switch (resp->type) { + case SSS_PAM_CERT_INFO: + case SSS_PAM_CERT_INFO_WITH_HINT: + resp->do_not_send_to_client = true; + break; + default: + break; + } + resp = resp->next; + } +} + +errno_t pam_get_auth_types(struct pam_data *pd, + struct pam_resp_auth_type *_auth_types) +{ + int ret; + struct response_data *resp; + struct pam_resp_auth_type types = {0}; + bool found_cert_info = false; + + resp = pd->resp_list; + while (resp != NULL) { + switch (resp->type) { + case SSS_PAM_OTP_INFO: + types.otp_auth = true; + break; + case SSS_PAM_CERT_INFO: + case SSS_PAM_CERT_INFO_WITH_HINT: + found_cert_info = true; + break; + case SSS_PAM_PASSKEY_INFO: + case SSS_PAM_PASSKEY_KRB_INFO: + types.passkey_auth = true; + break; + case SSS_PASSWORD_PROMPTING: + types.password_auth = true; + break; + case SSS_CERT_AUTH_PROMPTING: + types.cert_auth = true; + break; + default: + break; + } + resp = resp->next; + } + + if (!types.password_auth && !types.otp_auth && !types.cert_auth && !types.passkey_auth) { + /* If the backend cannot determine which authentication types are + * available the default would be to prompt for a password. */ + types.password_auth = true; + } + + if (found_cert_info && !types.cert_auth) { + do_not_send_cert_info(pd); + } + + DEBUG(SSSDBG_TRACE_ALL, "Authentication types for user [%s] and service " + "[%s]:%s%s%s%s\n", pd->user, pd->service, + types.password_auth ? " password": "", + types.otp_auth ? " two-factor" : "", + types.passkey_auth ? " passkey" : "", + types.cert_auth ? " smartcard" : ""); + + ret = EOK; + + *_auth_types = types; + + return ret; +} + +static errno_t pam_eval_local_auth_policy(TALLOC_CTX *mem_ctx, + struct pam_ctx *pctx, + struct pam_data *pd, + struct pam_auth_req *preq, + bool *_sc_allow, + bool *_passkey_allow, + char **_local_policy) { + + TALLOC_CTX *tmp_ctx; + errno_t ret; + const char *domain_cdb; + char *local_policy = NULL; + bool sc_allow = false; + bool passkey_allow = false; + struct pam_resp_auth_type auth_types; + char **opts; + size_t c; + + tmp_ctx = talloc_new(NULL); + if (tmp_ctx == NULL) { + return ENOMEM; + } + + /* Check local auth policy */ + domain_cdb = talloc_asprintf(tmp_ctx, CONFDB_DOMAIN_PATH_TMPL, preq->domain->name); + if (domain_cdb == NULL) { + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_asprintf failed.\n"); + ret = ENOMEM; + goto done; + } + + ret = confdb_get_string(pctx->rctx->cdb, tmp_ctx, domain_cdb, + CONFDB_DOMAIN_LOCAL_AUTH_POLICY, + "match", &local_policy); + if (ret != EOK) { + DEBUG(SSSDBG_FATAL_FAILURE, "Failed to get the confdb local_auth_policy\n"); + return ret; + } + + /* "only" ignores online methods and allows all local ones */ + if (strcasecmp(local_policy, "only") == 0) { + sc_allow = true; + passkey_allow = true; + /* Match what the KDC supports and provides */ + } else if (strcasecmp(local_policy, "match") == 0) { + /* Don't overwrite the local auth type when offline */ + if (pd->pam_status == PAM_SUCCESS && pd->cmd == SSS_PAM_PREAUTH && + !is_domain_provider(preq->domain, "ldap")) { + ret = pam_get_auth_types(pd, &auth_types); + if (ret != EOK) { + DEBUG(SSSDBG_OP_FAILURE, "Failed to get authentication types\n"); + goto done; + } + + if (auth_types.cert_auth) { + sc_allow = true; + } else if (auth_types.passkey_auth) { + passkey_allow = true; + } + + /* Store the local auth types, in case we go offline */ + if (!auth_types.password_auth) { + ret = set_local_auth_type(preq, sc_allow, passkey_allow); + if (ret != EOK) { + DEBUG(SSSDBG_FATAL_FAILURE, + "Failed to evaluate local auth policy\n"); + goto done; + } + } + } + + /* Read the latest auth types */ + ret = pam_get_local_auth_policy(preq->domain, preq->pd->user, + &sc_allow, &passkey_allow); + if (ret != EOK) { + DEBUG(SSSDBG_FATAL_FAILURE, + "Failed to get PAM local auth policy\n"); + goto done; + } + /* Check for enable */ + } else { + ret = split_on_separator(tmp_ctx, local_policy, ',', true, true, &opts, + NULL); + if (ret != EOK) { + DEBUG(SSSDBG_OP_FAILURE, "split_on_separator failed [%d], %s.\n", + ret, sss_strerror(ret)); + goto done; + } + + for (c = 0; opts[c] != NULL; c++) { + if (strcasestr(opts[c], "passkey") != NULL) { + passkey_allow = strstr(opts[c], "enable") ? true : false; + } else if (strcasestr(opts[c], "smartcard") != NULL) { + sc_allow = strstr(opts[c], "enable") ? true : false; + } else { + DEBUG(SSSDBG_MINOR_FAILURE, + "Unexpected local auth policy option [%s], " \ + "skipping.\n", opts[c]); + } + } + + /* if passkey is enabled but local Smartcard authentication is not but + * possible, the cert info data has to be remove as well if only local + * Smartcard authentication is possible. If Smartcard authentication + * is possible on the server side we have to keep it because the + * 'enable' option should only add local methods but not reject remote + * ones. */ + if (!sc_allow) { + /* We do not need the auth_types here but the call will remove + * the cert info data if the server does not support Smartcard + * authentication. */ + ret = pam_get_auth_types(pd, &auth_types); + if (ret != EOK) { + DEBUG(SSSDBG_OP_FAILURE, + "Failed to get authentication types\n"); + goto done; + } + } + } + + *_sc_allow = sc_allow; + *_passkey_allow = passkey_allow; + *_local_policy = talloc_steal(mem_ctx, local_policy); + + ret = EOK; + +done: + talloc_free(tmp_ctx); + return ret; +} + static void pam_reply_delay(struct tevent_context *ev, struct tevent_timer *te, struct timeval tv, void *pvt) { @@ -1108,6 +1410,7 @@ void pam_reply(struct pam_auth_req *preq) struct timeval tv; struct tevent_timer *te; struct pam_data *pd; + char *local_policy = NULL; struct pam_ctx *pctx; uint32_t user_info_type; time_t exp_date = -1; @@ -1116,6 +1419,8 @@ void pam_reply(struct pam_auth_req *preq) char* pam_account_locked_message; int pam_verbosity; bool pk_preauth_done = false; + bool local_sc_auth_allow = false; + bool local_passkey_auth_allow = false; pd = preq->pd; cctx = preq->cctx; @@ -1136,6 +1441,34 @@ void pam_reply(struct pam_auth_req *preq) "this result might be changed during processing\n", pd->pam_status, pam_strerror(NULL, pd->pam_status)); + if (preq->domain != NULL && preq->domain->name != NULL) { + ret = pam_eval_local_auth_policy(cctx, pctx, pd, preq, + &local_sc_auth_allow, + &local_passkey_auth_allow, + &local_policy); + if (ret != EOK) { + DEBUG(SSSDBG_FATAL_FAILURE, + "Failed to evaluate local auth policy\n"); + goto done; + } + } + + /* Ignore local_auth_policy for the files provider, allow local + * smartcard auth (default behavior prior to local_auth_policy) */ + if (is_domain_provider(preq->domain, "files")) { + local_sc_auth_allow = true; + /* For the ldap auth provider we currently only support + * password based authentication */ + } else if (is_domain_provider(preq->domain, "ldap") && local_policy != NULL + && strcasecmp(local_policy, "match") == 0) { + local_passkey_auth_allow = false; + local_sc_auth_allow = false; + } + + DEBUG(SSSDBG_TRACE_FUNC, "Local auth policy allowed: smartcard [%s], passkey [%s]\n", + local_sc_auth_allow ? "True" : "False", + local_passkey_auth_allow ? "True" : "False"); + if (pd->cmd == SSS_PAM_AUTHENTICATE && !preq->cert_auth_local && (pd->pam_status == PAM_AUTHINFO_UNAVAIL @@ -1152,10 +1485,15 @@ void pam_reply(struct pam_auth_req *preq) DEBUG(SSSDBG_IMPORTANT_INFO, "Backend cannot handle Smartcard authentication, " "trying local Smartcard authentication.\n"); - preq->cert_auth_local = true; - ret = check_cert(cctx, cctx->ev, pctx, preq, pd); - pam_check_user_done(preq, ret); - return; + if (local_sc_auth_allow) { + preq->cert_auth_local = true; + ret = check_cert(cctx, cctx->ev, pctx, preq, pd); + pam_check_user_done(preq, ret); + return; + } else { + DEBUG(SSSDBG_IMPORTANT_INFO, + "Local smartcard auth not allowed by local_auth_policy"); + } } if (pd->pam_status == PAM_AUTHINFO_UNAVAIL || preq->use_cached_auth) { @@ -1348,7 +1686,10 @@ void pam_reply(struct pam_auth_req *preq) goto done; } - if (may_do_passkey_auth(pctx, pd) && !pk_preauth_done && preq->passkey_data_exists) { + if (may_do_passkey_auth(pctx, pd) + && !pk_preauth_done + && preq->passkey_data_exists + && local_passkey_auth_allow) { ret = passkey_local(cctx, cctx->ev, pctx, preq, pd); pam_check_user_done(preq, ret); return; @@ -2680,14 +3021,23 @@ errno_t passkey_kerberos(struct pam_ctx *pctx, static void pam_dom_forwarder(struct pam_auth_req *preq) { + TALLOC_CTX *tmp_ctx = NULL; int ret; struct pam_ctx *pctx = talloc_get_type(preq->cctx->rctx->pvt_ctx, struct pam_ctx); const char *cert_user; struct ldb_result *cert_user_objs; + bool sc_auth; + bool passkey_auth; size_t c; + char *local_policy = NULL; bool found = false; + tmp_ctx = talloc_new(NULL); + if (tmp_ctx == NULL) { + return; + } + if (!preq->pd->domain) { preq->pd->domain = preq->domain->name; } @@ -2723,6 +3073,23 @@ static void pam_dom_forwarder(struct pam_auth_req *preq) return; } + /* Skip online auth when local auth policy = only */ + if (may_do_cert_auth(pctx, preq->pd) || may_do_passkey_auth(pctx, preq->pd)) { + if (preq->domain->name != NULL) { + ret = pam_eval_local_auth_policy(preq->cctx, pctx, preq->pd, preq, + &sc_auth, + &passkey_auth, + &local_policy); + if (ret != EOK) { + DEBUG(SSSDBG_FATAL_FAILURE, + "Failed to evaluate local auth policy\n"); + preq->pd->pam_status = PAM_AUTH_ERR; + pam_reply(preq); + return; + } + } + } + if (may_do_cert_auth(pctx, preq->pd) && preq->cert_list != NULL) { /* Check if user matches certificate user */ found = false; @@ -2786,6 +3153,22 @@ static void pam_dom_forwarder(struct pam_auth_req *preq) } if (found) { + if (local_policy != NULL && strcasecmp(local_policy, "only") == 0) { + talloc_free(tmp_ctx); + DEBUG(SSSDBG_IMPORTANT_INFO, "Local auth only set, skipping online auth\n"); + if (preq->pd->cmd == SSS_PAM_PREAUTH) { + preq->pd->pam_status = PAM_SUCCESS; + } else if (preq->pd->cmd == SSS_PAM_AUTHENTICATE + && IS_SC_AUTHTOK(preq->pd->authtok) + && preq->cert_auth_local) { + preq->pd->pam_status = PAM_SUCCESS; + preq->callback = pam_reply; + } + + pam_reply(preq); + return; + } + /* We are done if we do not have to call the backend */ if (preq->pd->cmd == SSS_PAM_AUTHENTICATE && preq->cert_auth_local) { @@ -2809,10 +3192,26 @@ static void pam_dom_forwarder(struct pam_auth_req *preq) } } + if (local_policy != NULL && strcasecmp(local_policy, "only") == 0) { + talloc_free(tmp_ctx); + DEBUG(SSSDBG_IMPORTANT_INFO, "Local auth only set, skipping online auth\n"); + if (preq->pd->cmd == SSS_PAM_PREAUTH) { + preq->pd->pam_status = PAM_SUCCESS; + } else if (preq->pd->cmd == SSS_PAM_AUTHENTICATE && IS_SC_AUTHTOK(preq->pd->authtok)) { + /* Trigger offline smartcardcard autheitcation */ + preq->pd->pam_status = PAM_AUTHINFO_UNAVAIL; + } + + pam_reply(preq); + return; + } + preq->callback = pam_reply; ret = pam_dp_send_req(preq); DEBUG(SSSDBG_CONF_SETTINGS, "pam_dp_send_req returned %d\n", ret); + talloc_free(tmp_ctx); + if (ret != EOK) { preq->pd->pam_status = PAM_SYSTEM_ERR; pam_reply(preq); diff --git a/src/tests/cmocka/test_pam_srv.c b/src/tests/cmocka/test_pam_srv.c index 05b6790b655..6c60a5aca6a 100644 --- a/src/tests/cmocka/test_pam_srv.c +++ b/src/tests/cmocka/test_pam_srv.c @@ -315,6 +315,35 @@ static int pam_test_setup(void **state) { "enumerate", "false" }, { "cache_credentials", "true" }, { "entry_cache_timeout", "300" }, + { "local_auth_policy", "enable:smartcard" }, /* Needed to allow local sc auth */ + { NULL, NULL }, /* Sentinel */ + }; + + struct sss_test_conf_param pam_params[] = { + { CONFDB_PAM_P11_URI, "pkcs11:manufacturer=SoftHSM%20project" }, + { "p11_child_timeout", "30" }, + { "pam_cert_verification", NULL }, + { NULL, NULL }, /* Sentinel */ + }; + + struct sss_test_conf_param monitor_params[] = { + { "certificate_verification", "no_ocsp"}, + { NULL, NULL }, /* Sentinel */ + }; + + test_pam_setup(dom_params, pam_params, monitor_params, state); + + pam_test_setup_common(); + return 0; +} + +static int pam_test_setup_passkey(void **state) +{ + struct sss_test_conf_param dom_params[] = { + { "enumerate", "false" }, + { "cache_credentials", "true" }, + { "entry_cache_timeout", "300" }, + { "local_auth_policy", "enable:passkey" }, /* Needed to allow local passkey auth */ { NULL, NULL }, /* Sentinel */ }; @@ -342,6 +371,7 @@ static int pam_test_setup_no_verification(void **state) struct sss_test_conf_param dom_params[] = { { "enumerate", "false" }, { "cache_credentials", "true" }, + { "local_auth_policy", "enable:smartcard" }, /* Needed to allow local sc auth */ { NULL, NULL }, /* Sentinel */ }; @@ -387,6 +417,7 @@ static int pam_cached_test_setup(void **state) { "enumerate", "false" }, { "cache_credentials", "true" }, { "cached_auth_timeout", CACHED_AUTH_TIMEOUT_STR }, + { "local_auth_policy", "enable:smartcard" }, /* Needed to allow local sc auth */ { NULL, NULL }, /* Sentinel */ }; @@ -4592,13 +4623,13 @@ int main(int argc, const char *argv[]) pam_test_setup, pam_test_teardown), #ifdef BUILD_PASSKEY cmocka_unit_test_setup_teardown(test_pam_passkey_preauth_no_passkey, - pam_test_setup, pam_test_teardown), + pam_test_setup_passkey, pam_test_teardown), cmocka_unit_test_setup_teardown(test_pam_passkey_preauth_found, - pam_test_setup, pam_test_teardown), + pam_test_setup_passkey, pam_test_teardown), cmocka_unit_test_setup_teardown(test_pam_passkey_auth, - pam_test_setup, pam_test_teardown), + pam_test_setup_passkey, pam_test_teardown), cmocka_unit_test_setup_teardown(test_pam_passkey_auth_send, - pam_test_setup, pam_test_teardown), + pam_test_setup_passkey, pam_test_teardown), cmocka_unit_test_setup_teardown(test_pam_prompting_passkey_interactive, pam_test_setup_passkey_interactive_prompt, pam_test_teardown), cmocka_unit_test_setup_teardown(test_pam_prompting_passkey_interactive_and_touch, diff --git a/src/tests/intg/test_pam_responder.py b/src/tests/intg/test_pam_responder.py index e97701871ba..c64ad903236 100644 --- a/src/tests/intg/test_pam_responder.py +++ b/src/tests/intg/test_pam_responder.py @@ -146,6 +146,7 @@ def format_pam_cert_auth_conf(config): debug_level = 10 id_provider = files fallback_to_nss = False + local_auth_policy = enable:smartcard [certmap/auth_only/user1] matchrule = .*CN=SSSD test cert 0001.* @@ -180,6 +181,7 @@ def format_pam_cert_auth_conf_name_format(config): debug_level = 10 id_provider = files fallback_to_nss = False + local_auth_policy = enable:smartcard [certmap/auth_only/user1] matchrule = .*CN=SSSD test cert 0001.* diff --git a/src/util/util.h b/src/util/util.h index 02fd5323780..e0e122cee38 100644 --- a/src/util/util.h +++ b/src/util/util.h @@ -680,6 +680,15 @@ errno_t get_dom_names(TALLOC_CTX *mem_ctx, char ***_dom_names, int *_dom_names_count); +__attribute__((always_inline)) +static inline bool is_domain_provider(struct sss_domain_info *domain, + const char *provider) +{ + return domain != NULL && + domain->provider != NULL && + strcasecmp(domain->provider, provider) == 0; +} + /* Returns true if the provider used for the passed domain is the "files" * one. Otherwise returns false. */ __attribute__((always_inline)) From 16f12efd9806dd903c6d03d9f48dba9a34a7e9d5 Mon Sep 17 00:00:00 2001 From: Justin Stephenson Date: Thu, 29 Jun 2023 08:49:32 -0400 Subject: [PATCH 094/280] PAM: Fail empty password in passkey fallback We can assume in this fallback chain that an empty password is not allowed. Reviewed-by: Iker Pedrosa Reviewed-by: Sumit Bose (cherry picked from commit 43d89dd2d9d9c86ecd487067a6bbdf1fbf1513bb) --- src/sss_client/pam_sss.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/src/sss_client/pam_sss.c b/src/sss_client/pam_sss.c index 4590fb008d6..957213afb5f 100644 --- a/src/sss_client/pam_sss.c +++ b/src/sss_client/pam_sss.c @@ -2549,6 +2549,11 @@ static int get_authtok_for_authentication(pam_handle_t *pamh, /* Fallback to password auth if no PIN was entered */ if (ret == EIO) { ret = prompt_password(pamh, pi, _("Password: ")); + if (pi->pam_authtok_size == 0) { + D(("Empty password failure")); + pi->passkey_prompt_pin = NULL; + return PAM_AUTHTOK_ERR; + } } } else { ret = prompt_password(pamh, pi, _("Password: ")); From 9cecdc1bd2bbcd3ece2cded0a9777816874c8c39 Mon Sep 17 00:00:00 2001 From: Patrik Rosecky Date: Tue, 25 Apr 2023 13:27:45 +0200 Subject: [PATCH 095/280] Tests: convert intg/test_memory_cache.py to system tests MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Reviewed-by: Jakub Vávra Reviewed-by: Pavel Březina (cherry picked from commit 01853a10f5495b2d1ae77b60f714ed077a947940) --- src/tests/intg/test_memory_cache.py | 47 +- src/tests/system/tests/test_memory_cache.py | 1568 +++++++++++++++++++ 2 files changed, 1614 insertions(+), 1 deletion(-) create mode 100644 src/tests/system/tests/test_memory_cache.py diff --git a/src/tests/intg/test_memory_cache.py b/src/tests/intg/test_memory_cache.py index c2afa1483a7..b30c9024919 100644 --- a/src/tests/intg/test_memory_cache.py +++ b/src/tests/intg/test_memory_cache.py @@ -358,6 +358,8 @@ def zero_timeout_rfc2307(request, ldap_conn): return None +@pytest.mark.converted('test_id.py', 'test_id__getpwuid') +@pytest.mark.converted('test_id.py', 'test_id__getpwnam') def test_getpwnam(ldap_conn, sanity_rfc2307): ent.assert_passwd_by_name( 'user1', @@ -441,12 +443,15 @@ def test_getpwnam(ldap_conn, sanity_rfc2307): gecos='1023', shell='/bin/bash')) +@pytest.mark.converted('test_memory_cache.py', 'test_memory_cache__getpwnam') def test_getpwnam_with_mc(ldap_conn, sanity_rfc2307): test_getpwnam(ldap_conn, sanity_rfc2307) stop_sssd() test_getpwnam(ldap_conn, sanity_rfc2307) +@pytest.mark.converted('test_id.py', 'test_id__getgrgid') +@pytest.mark.converted('test_id.py', 'test_id__getgrnam') def test_getgrnam_simple(ldap_conn, sanity_rfc2307): ent.assert_group_by_name("group1", dict(name="group1", gid=2001)) ent.assert_group_by_gid(2001, dict(name="group1", gid=2001)) @@ -467,18 +472,21 @@ def test_getgrnam_simple(ldap_conn, sanity_rfc2307): ent.assert_group_by_gid(2020, dict(name="group2x", gid=2020)) +@pytest.mark.converted('test_memory_cache.py', 'test_memory_cache__getgrnam') def test_getgrnam_simple_with_mc(ldap_conn, sanity_rfc2307): test_getgrnam_simple(ldap_conn, sanity_rfc2307) stop_sssd() test_getgrnam_simple(ldap_conn, sanity_rfc2307) +@pytest.mark.converted('test_memory_cache.py', 'test_memory_cache__disabled_passwd_getgrnam') def test_getgrnam_simple_disabled_pwd_mc(ldap_conn, disable_pwd_mc_rfc2307): test_getgrnam_simple(ldap_conn, disable_pwd_mc_rfc2307) stop_sssd() test_getgrnam_simple(ldap_conn, disable_pwd_mc_rfc2307) +@pytest.mark.converted('test_memory_cache.py', 'test_memory_cache__disabled_intitgroups_getgrnam') def test_getgrnam_simple_disabled_intitgr_mc(ldap_conn, disable_initgr_mc_rfc2307): test_getgrnam_simple(ldap_conn, disable_initgr_mc_rfc2307) @@ -486,6 +494,8 @@ def test_getgrnam_simple_disabled_intitgr_mc(ldap_conn, test_getgrnam_simple(ldap_conn, disable_initgr_mc_rfc2307) +@pytest.mark.converted('test_id.py', 'test_id__membership_by_group_id') +@pytest.mark.converted('test_id.py', 'test_id__membership_by_group_name') def test_getgrnam_membership(ldap_conn, sanity_rfc2307): ent.assert_group_by_name( "group1", @@ -530,6 +540,8 @@ def test_getgrnam_membership(ldap_conn, sanity_rfc2307): dict(mem=ent.contains_only("user21", "user22", "user23"))) +@pytest.mark.converted('test_memory_cache.py', 'test_memory_cache__membership_by_group_id') +@pytest.mark.converted('test_memory_cache.py', 'test_memory_cache__membership_by_group_name') def test_getgrnam_membership_with_mc(ldap_conn, sanity_rfc2307): test_getgrnam_membership(ldap_conn, sanity_rfc2307) stop_sssd() @@ -548,6 +560,7 @@ def assert_user_gids_equal(user, expected_gids): ) +@pytest.mark.converted('test_id.py', 'test_id__initgroups') def test_initgroups(ldap_conn, sanity_rfc2307): assert_user_gids_equal('user1', [2000, 2001]) assert_user_gids_equal('user2', [2000, 2002]) @@ -562,12 +575,15 @@ def test_initgroups(ldap_conn, sanity_rfc2307): assert_user_gids_equal('user23', [2020, 2003]) +@pytest.mark.converted('test_memory_cache.py', 'test_memory_cache__user_gids') def test_initgroups_with_mc(ldap_conn, sanity_rfc2307): test_initgroups(ldap_conn, sanity_rfc2307) stop_sssd() test_initgroups(ldap_conn, sanity_rfc2307) +@pytest.mark.converted('test_memory_cache.py', 'test_memory_cache__getpwnam_fully_qualified_names') +@pytest.mark.converted('test_id.py', 'test_id__getpwnam_fully_qualified_names') def test_initgroups_fqname_with_mc(ldap_conn, fqname_rfc2307): assert_user_gids_equal('user1@LDAP', [2000, 2001]) stop_sssd() @@ -609,6 +625,10 @@ def assert_stored_last_initgroups(user1_case1, user1_case2, user1_case_last, assert_initgroups_equal(user1_case_last, primary_gid, expected_gids) +@pytest.mark.converted('test_id.py', 'test_id__fq_names_case_insensitive') +@pytest.mark.converted('test_id.py', 'test_id__case_insensitive') +@pytest.mark.converted('test_memory_cache.py', 'test_memory_cache__fq_names_case_insensitive') +@pytest.mark.converted('test_memory_cache.py', 'test_memory_cache__case_insensitive') def test_initgroups_case_insensitive_with_mc1(ldap_conn, fqname_case_insensitive_rfc2307): user1_case1 = 'User1@LDAP' @@ -621,6 +641,10 @@ def test_initgroups_case_insensitive_with_mc1(ldap_conn, primary_gid, expected_gids) +@pytest.mark.converted('test_id.py', 'test_id__fq_names_case_insensitive') +@pytest.mark.converted('test_id.py', 'test_id__case_insensitive') +@pytest.mark.converted('test_memory_cache.py', 'test_memory_cache__fq_names_case_insensitive') +@pytest.mark.converted('test_memory_cache.py', 'test_memory_cache__case_insensitive') def test_initgroups_case_insensitive_with_mc2(ldap_conn, fqname_case_insensitive_rfc2307): user1_case1 = 'usEr1@LDAP' @@ -633,6 +657,10 @@ def test_initgroups_case_insensitive_with_mc2(ldap_conn, primary_gid, expected_gids) +@pytest.mark.converted('test_id.py', 'test_id__fq_names_case_insensitive') +@pytest.mark.converted('test_id.py', 'test_id__case_insensitive') +@pytest.mark.converted('test_memory_cache.py', 'test_memory_cache__fq_names_case_insensitive') +@pytest.mark.converted('test_memory_cache.py', 'test_memory_cache__case_insensitive') def test_initgroups_case_insensitive_with_mc3(ldap_conn, fqname_case_insensitive_rfc2307): user1_case1 = 'uSer1@LDAP' @@ -673,6 +701,7 @@ def run_simple_test_with_initgroups(): assert_initgroups_equal("user1", 2001, [2000, 2001]) +@pytest.mark.converted('test_memory_cache.py', 'test_memory_cache__invalidatation_of_gids_after_initgroups') def test_invalidation_of_gids_after_initgroups(ldap_conn, sanity_rfc2307): # the sssd cache was empty and not all user's group were @@ -712,6 +741,7 @@ def test_invalidation_of_gids_after_initgroups(ldap_conn, sanity_rfc2307): grp.getgrgid(gid) +@pytest.mark.converted('test_memory_cache.py', 'test_memory_cache__initgroups_without_change_in_membership') def test_initgroups_without_change_in_membership(ldap_conn, sanity_rfc2307): # the sssd cache was empty and not all user's group were @@ -778,6 +808,7 @@ def assert_missing_mc_records_for_user1(): "User user1, errno:%d" % err +@pytest.mark.converted('test_memory_cache.py', 'test_memory_cache__invalidate_user_before_stop') def test_invalidate_user_before_stop(ldap_conn, sanity_rfc2307): # initialize cache with full ID (res, errno, _) = sssd_id.get_user_groups("user1") @@ -791,6 +822,7 @@ def test_invalidate_user_before_stop(ldap_conn, sanity_rfc2307): assert_missing_mc_records_for_user1() +@pytest.mark.converted('test_memory_cache.py', 'test_memory_cache__invalidate_user_after_stop') def test_invalidate_user_after_stop(ldap_conn, sanity_rfc2307): # initialize cache with full ID (res, errno, _) = sssd_id.get_user_groups("user1") @@ -804,6 +836,7 @@ def test_invalidate_user_after_stop(ldap_conn, sanity_rfc2307): assert_missing_mc_records_for_user1() +@pytest.mark.converted('test_memory_cache.py', 'test_memory_cache__invalidate_users_before_stop') def test_invalidate_users_before_stop(ldap_conn, sanity_rfc2307): # initialize cache with full ID (res, errno, _) = sssd_id.get_user_groups("user1") @@ -817,6 +850,7 @@ def test_invalidate_users_before_stop(ldap_conn, sanity_rfc2307): assert_missing_mc_records_for_user1() +@pytest.mark.converted('test_memory_cache.py', 'test_memory_cache__invalidate_users_after_stop') def test_invalidate_users_after_stop(ldap_conn, sanity_rfc2307): # initialize cache with full ID (res, errno, _) = sssd_id.get_user_groups("user1") @@ -830,6 +864,7 @@ def test_invalidate_users_after_stop(ldap_conn, sanity_rfc2307): assert_missing_mc_records_for_user1() +@pytest.mark.converted('test_memory_cache.py', 'test_memory_cache__invalidate_group_before_stop') def test_invalidate_group_before_stop(ldap_conn, sanity_rfc2307): # initialize cache with full ID (res, errno, _) = sssd_id.get_user_groups("user1") @@ -843,6 +878,7 @@ def test_invalidate_group_before_stop(ldap_conn, sanity_rfc2307): assert_missing_mc_records_for_user1() +@pytest.mark.converted('test_memory_cache.py', 'test_memory_cache__invalidate_group_after_stop') def test_invalidate_group_after_stop(ldap_conn, sanity_rfc2307): # initialize cache with full ID (res, errno, _) = sssd_id.get_user_groups("user1") @@ -856,6 +892,7 @@ def test_invalidate_group_after_stop(ldap_conn, sanity_rfc2307): assert_missing_mc_records_for_user1() +@pytest.mark.converted('test_memory_cache.py', 'test_memory_cache__invalidate_groups_before_stop') def test_invalidate_groups_before_stop(ldap_conn, sanity_rfc2307): # initialize cache with full ID (res, errno, _) = sssd_id.get_user_groups("user1") @@ -869,6 +906,7 @@ def test_invalidate_groups_before_stop(ldap_conn, sanity_rfc2307): assert_missing_mc_records_for_user1() +@pytest.mark.converted('test_memory_cache.py', 'test_memory_cache__invalidate_groups_after_stop') def test_invalidate_groups_after_stop(ldap_conn, sanity_rfc2307): # initialize cache with full ID (res, errno, _) = sssd_id.get_user_groups("user1") @@ -881,7 +919,7 @@ def test_invalidate_groups_after_stop(ldap_conn, sanity_rfc2307): assert_missing_mc_records_for_user1() - +@pytest.mark.converted('test_memory_cache.py', 'test_memory_cache__invalidate_everything_before_stop') def test_invalidate_everything_before_stop(ldap_conn, sanity_rfc2307): # initialize cache with full ID (res, errno, _) = sssd_id.get_user_groups("user1") @@ -895,6 +933,7 @@ def test_invalidate_everything_before_stop(ldap_conn, sanity_rfc2307): assert_missing_mc_records_for_user1() +@pytest.mark.converted('test_memory_cache.py', 'test_memory_cache__invalidate_everything_after_stop') def test_invalidate_everything_after_stop(ldap_conn, sanity_rfc2307): # initialize cache with full ID (res, errno, _) = sssd_id.get_user_groups("user1") @@ -984,6 +1023,7 @@ def test_colliding_hashes(ldap_conn, sanity_rfc2307): gecos='5001', shell='/bin/bash')) +@pytest.mark.converted('test_memory_cache.py', 'test_memory_cache__removed_cache_without_invalidation') def test_removed_mc(ldap_conn, sanity_rfc2307): """ Regression test for ticket: @@ -1020,6 +1060,7 @@ def test_removed_mc(ldap_conn, sanity_rfc2307): grp.getgrgid(2001) +@pytest.mark.converted('test_memory_cache.py', 'test_memory_cache__memcache_timeout_zero') def test_mc_zero_timeout(ldap_conn, zero_timeout_rfc2307): """ Test that the memory cache is not created at all with memcache_timeout=0 @@ -1053,6 +1094,7 @@ def test_mc_zero_timeout(ldap_conn, zero_timeout_rfc2307): grp.getgrgid(2001) +@pytest.mark.converted('test_memory_cache.py', 'test_memory_cache__disabled_cache') def test_disabled_mc(ldap_conn, disable_memcache_rfc2307): ent.assert_passwd_by_name( 'user1', @@ -1086,6 +1128,7 @@ def test_disabled_mc(ldap_conn, disable_memcache_rfc2307): (res, errno, gids) = sssd_id.get_user_gids('user1') +@pytest.mark.converted('test_memory_cache.py', 'test_memory_cache__disabled_passwd_getpwnam') def test_disabled_passwd_mc(ldap_conn, disable_pwd_mc_rfc2307): ent.assert_passwd_by_name( 'user1', @@ -1112,6 +1155,7 @@ def test_disabled_passwd_mc(ldap_conn, disable_pwd_mc_rfc2307): (res, errno, gids) = sssd_id.get_user_gids('user1') +@pytest.mark.converted('test_memory_cache.py', 'test_memory_cache__disabled_group') def test_disabled_group_mc(ldap_conn, disable_grp_mc_rfc2307): ent.assert_passwd_by_name( 'user1', @@ -1147,6 +1191,7 @@ def test_disabled_group_mc(ldap_conn, disable_grp_mc_rfc2307): assert_user_gids_equal('user1', [2000, 2001]) +@pytest.mark.converted('test_memory_cache.py', 'test_memory_cache__disabled_intitgroups_getpwnam') def test_disabled_initgr_mc(ldap_conn, disable_initgr_mc_rfc2307): # Even if initgroups is disabled, passwd should work ent.assert_passwd_by_name( diff --git a/src/tests/system/tests/test_memory_cache.py b/src/tests/system/tests/test_memory_cache.py new file mode 100644 index 00000000000..768266bd049 --- /dev/null +++ b/src/tests/system/tests/test_memory_cache.py @@ -0,0 +1,1568 @@ +""" +SSSD Memory cache-related Test Cases + +:requirement: IDM-SSSD-REQ: Client side performance improvements +""" + +from __future__ import annotations + +import pytest +from sssd_test_framework.roles.client import Client +from sssd_test_framework.roles.generic import GenericProvider +from sssd_test_framework.topology import KnownTopologyGroup + + +@pytest.mark.topology(KnownTopologyGroup.AnyProvider) +def test_memory_cache__getpwnam(client: Client, provider: GenericProvider): + """ + :title: Lookup user by name uses memory cache when SSSD is stopped + :setup: + 1. Add 'user1', 'user2' and 'user3' to SSSD + 2. Start SSSD + :steps: + 1. Find 'user1', 'user2' and 'user3' with id(name) + 2. Check that results have correct names + 3. Stop SSSD + 4. Find 'user1', 'user2' and 'user3' with id(name) + 5. Check that results have correct names + :expectedresults: + 1. Users are found + 2. Users have correct names + 3. SSSD is stopped + 4. Users are found + 5. Users have correct names + :customerscenario: False + """ + + def check(users): + for user in users: + result = client.tools.id(user) + assert result is not None, f"User {user} was not found using id" + assert result.user.name == user, f"Username {result.user.name} is incorrect, {user} expected" + + users = ["user1", "user2", "user3"] + for user in users: + provider.user(user).add() + + client.sssd.start() + + check(users) + client.sssd.stop() + check(users) + + +@pytest.mark.topology(KnownTopologyGroup.AnyProvider) +def test_memory_cache__getgrnam(client: Client, provider: GenericProvider): + """ + :title: Lookup group by groupname uses memory cache when SSSD is stopped + :setup: + 1. Add 'group1', 'group2' and 'group3' to SSSD + 2. Start SSSD + :steps: + 1. Find 'group1', 'group2' and 'group3' with getent.group(name) + 2. Check that groups have correct names + 3. Stop SSSD + 4. Find 'group1', 'group2' and 'group3' with getent.group(name) + 5. Check that groups have correct names + :expectedresults: + 1. Groups are found + 2. Groups have correct names + 3. SSSD is stopped + 4. Groups are found + 5. Groups have correct names + :customerscenario: False + """ + + def check(groups): + for group in groups: + result = client.tools.getent.group(group) + assert result is not None, f"Group {group} was not found using getent" + assert result.name == group, f"Groupname {result.name} is incorrect, {group} expected" + + groups = ["group1", "group2", "group3"] + for group in groups: + provider.group(group).add() + + client.sssd.start() + + check(groups) + client.sssd.stop() + check(groups) + + +@pytest.mark.topology(KnownTopologyGroup.AnyProvider) +def test_memory_cache__disabled_passwd_getgrnam(client: Client, provider: GenericProvider): + """ + :title: Lookup group by groupname uses memory cache when SSSD is stopped and 'memcache_size_passwd' = 0 + :setup: + 1. Add 'group1', 'group2' and 'group3' to SSSD + 2. In SSSD nss change 'memcache_size_passwd' to '0' + 3. Start SSSD + :steps: + 1. Find 'group1', 'group2' and 'group3' with getent.group(name) + 2. Check that groups have correct names + 3. Stop SSSD + 4. Find 'group1', 'group2' and 'group3' with getent.group(name) + 5. Check that groups have correct names + :expectedresults: + 1. Groups are found + 2. Groups have correct names + 3. SSSD is stopped + 4. Groups are found + 5. Groups have correct names + :customerscenario: False + """ + + def check(groups): + for group in groups: + result = client.tools.getent.group(group) + assert result is not None, f"Group {group} was not found using getent" + assert result.name == group, f"Groupname {result.name} is incorrect, {group} expected" + + groups = ["group1", "group2", "group3"] + for group in groups: + provider.group(group).add() + + client.sssd.nss["memcache_size_passwd"] = "0" + client.sssd.start() + + check(groups) + client.sssd.stop() + check(groups) + + +@pytest.mark.topology(KnownTopologyGroup.AnyProvider) +def test_memory_cache__disabled_passwd_getpwnam(client: Client, provider: GenericProvider): + """ + :title: Lookup user by name when SSSD is stopped and 'memcache_size_passwd' = 0 + uses memory cache therefore user is not found + :setup: + 1. Add users to SSSD + 2. Set users uids and gids + 3. In SSSD nss change 'memcache_size_passwd' to '0' + 4. Start SSSD + :steps: + 1. Find 'user1', 'user2' and 'user3' with id(name) + 2. Check that users have correct names + 3. Stop SSSD + 4. Find users with id(name) + 5. Find users with id(uid) + :expectedresults: + 1. Users are found + 2. Users have correct names + 3. SSSD is stopped + 4. Users are not found + 5. Users are not found + :customerscenario: False + """ + ids = [("user1", 10001), ("user2", 10002), ("user3", 10003)] + for user, id in ids: + provider.user(user).add(uid=id, gid=id + 500) + + client.sssd.nss["memcache_size_passwd"] = "0" + client.sssd.domain["ldap_id_mapping"] = "false" + client.sssd.start() + + for user, id in ids: + result = client.tools.id(user) + assert result is not None, f"User {user} was not found using id" + assert result.user.name == user, f"Username {result.user.name} is incorrect, {user} expected" + assert result.user.id == id, f"User id {result.user.id} is incorrect, {id} expected" + + client.sssd.stop() + + for user, id in ids: + assert client.tools.id(user) is None, f"User {user} was found which is not expected" + assert client.tools.id(id) is None, f"User with id {id} was found which is not expected" + + +@pytest.mark.topology(KnownTopologyGroup.AnyProvider) +def test_memory_cache__disabled_intitgroups_getgrnam(client: Client, provider: GenericProvider): + """ + :title: Lookup group by groupname when SSSD is stopped and 'memcache_size_initgroups' = 0 uses memory cache + :setup: + 1. Add 'group1', 'group2' and 'group3' to SSSD + 2. In SSSD nss change 'memcache_size_initgroups' to '0' + 3. Start SSSD + :steps: + 1. Find 'group1', 'group2' and 'group3' with getent.group(name) + 2. Check that groups have correct names + 3. Stop SSSD + 4. Find 'group1', 'group2' and 'group3' with getent.group(name) + 5. Check that groups have correct names + :expectedresults: + 1. Groups are found + 2. Groups have correct names + 3. SSSD is stopped + 4. Groups are found + 5. Groups have correct names + :customerscenario: False + """ + + def check(groups): + for group in groups: + result = client.tools.getent.group(group) + assert result is not None, f"Group {group} was not found using getent" + assert result.name == group, f"Groupname {result.name} is incorrect, {group} expected" + + groups = ["group1", "group2", "group3"] + for group in groups: + provider.group(group).add() + + client.sssd.nss["memcache_size_initgroups"] = "0" + client.sssd.start() + + check(groups) + client.sssd.stop() + check(groups) + + +@pytest.mark.topology(KnownTopologyGroup.AnyProvider) +def test_memory_cache__disabled_intitgroups_getpwnam(client: Client, provider: GenericProvider): + """ + :title: Lookup user by name and id when SSSD is stopped and 'memcache_size_initgroups' = 0 uses memory cache + :setup: + 1. Add users to SSSD + 2. Set users uids and ids + 3. In SSSD nss change 'memcache_size_initgroups' to '0' + 4. Start SSSD + :steps: + 1. Find 'user1', 'user2' and 'user3' with id(name) + 2. Check that users have correct names and uids + 3. Stop SSSD + 4. Find 'user1', 'user2' and 'user3' with id(name) + 5. Check that users have correct names and uids + 6. Find 'user1', 'user2' and 'user3' with id(uid) + 7. Check that users have correct names and uids + :expectedresults: + 1. Users are found + 2. Users have correct names and uids + 3. SSSD is stopped + 4. Users are found + 5. Users have correct names and uids + 6. Users are found + 7. Users have correct names and uids + :customerscenario: False + """ + + def check(ids): + for name, id in ids: + result = client.tools.id(name) + assert result is not None, f"User {name} was not found using id" + assert result.user.name == name, f"Username {result.user.name} is incorrect, {user} expected" + assert result.user.id == id, f"User id {result.user.id} is incorrect, {id} expected" + + result = client.tools.id(id) + assert result is not None, f"User with id {id} was not found using id" + assert result.user.name == name, f"Username {result.user.name} is incorrect, {user} expected" + assert result.user.id == id, f"User id {result.user.id} is incorrect, {id} expected" + + ids = [("user1", 10001), ("user2", 10002), ("user3", 10003)] + for user, id in ids: + provider.user(user).add(uid=id, gid=id + 500) + + client.sssd.nss["memcache_size_initgroups"] = "0" + client.sssd.domain["ldap_id_mapping"] = "false" + client.sssd.start() + + check(ids) + client.sssd.stop() + check(ids) + + +@pytest.mark.topology(KnownTopologyGroup.AnyProvider) +def test_memory_cache__disabled_group(client: Client, provider: GenericProvider): + """ + :title: Lookup user by name and id when SSSD is stopped and 'memcache_size_group' = 0 uses memory cache, + but lookup groups is not possible + :setup: + 1. Add users to SSSD + 2. Set users uids and gids + 3. Add groups to SSSD + 4. Set groups gids + 5. Add users to groups + 6. In SSSD nss change 'memcache_size_group' to '0' + 7. Start SSSD + :steps: + 1. Find 'user1', 'user2' and 'user3' with id(name) + 2. Check that users have correct names + 3. Find 'group1' and 'group2' by getent.group(gid) + 4. Check that groups have correct gids and members + 5. Stop SSSD + 6. Find 'user1', 'user2' and 'user3' with id(name) + 7. Check that users have correct names + 8. Find 'group1' and 'group2' by getent.group(name) + 9. Find 'group1' and 'group2' by getent.group(gid) + :expectedresults: + 1. Users are found + 2. Users have correct names + 3. Groups are found + 4. Groups have correct gids and members + 5. SSSD is stopped + 6. Users are found + 7. Users have correct names + 8. Groups are not found + 9. Groups are not found + :customerscenario: False + """ + + def check(users): + for user in users: + rUser = client.tools.id(user) + assert rUser is not None, f"User {rUser} was not found using id" + assert rUser.user.name == user, f"Username {rUser.user.name} is incorrect, {user} expected" + + u1 = provider.user("user1").add(uid=10001, gid=19001) + u2 = provider.user("user2").add(uid=10002, gid=19002) + u3 = provider.user("user3").add(uid=10003, gid=19003) + + provider.group("group1").add(gid=1111).add_member(u1) + provider.group("group2").add(gid=2222).add_members([u1, u2, u3]) + + client.sssd.nss["memcache_size_group"] = "0" + client.sssd.domain["ldap_id_mapping"] = "false" + client.sssd.start() + + users = ["user1", "user2", "user3"] + check(users) + + for group, members in [(1111, ["user1"]), (2222, ["user1", "user2", "user3"])]: + result = client.tools.getent.group(group) + assert result is not None, f"Group {group} was not found using getent" + assert result.gid == group, f"Group gid {result.gid} is incorrect, {group} expected" + assert result.members == members, f"Group {group} members did not match the expected ones" + + client.sssd.stop() + + check(users) + + assert client.tools.id("group1") is None, "Group group1 was found which is not expected" + assert client.tools.id("group2") is None, "Group group2 was found which is not expected" + assert client.tools.id(1111) is None, "Group with gid 1111 was found which is not expected" + assert client.tools.id(2222) is None, "Group with gid 2222 was found which is not expected" + + +@pytest.mark.topology(KnownTopologyGroup.AnyProvider) +def test_memory_cache__disabled_cache(client: Client, provider: GenericProvider): + """ + :title: Lookup user and group when SSSD is stopped and whole cache disabled + uses memory cache and therefore it is not possible + :setup: + 1. Add users to SSSD + 2. Set users uids + 3. Add groups to SSSD + 4. Set groups gids + 5. Add users to groups + 6. In SSSD nss change 'memcache_size_passwd' to '0' + 7. In SSSD nss change 'memcache_size_group' to '0' + 8. In SSSD nss change 'memcache_size_initgroups' to '0' + 9. Start SSSD + :steps: + 1. Find 'user1', 'user2' and 'user3' with id(name) + 2. Check that users have correct names + 3. Find 'group1' and 'group2' by getent.group(name) + 4. Check that groups have correct names and members + 5. Stop SSSD + 6. Find 'user1', 'user2' and 'user3' with id(name) + 7. Find 'user1', 'user2' and 'user3' with id(uid) + 8. Find 'group1' and 'group2' by getent.group(name) + 9. Find 'group1' and 'group2' by getent.group(gid) + :expectedresults: + 1. Users are found + 2. Users have correct names + 3. Groups are found + 4. Groups have correct names and members + 5. SSSD is stopped + 6. Users are not found + 7. Users are not found + 8. Groups are not found + 9. Groups are not found + :customerscenario: False + """ + u1 = provider.user("user1").add(uid=10001, gid=19001) + u2 = provider.user("user2").add(uid=10002, gid=19002) + u3 = provider.user("user3").add(uid=10003, gid=19003) + + provider.group("group1").add(gid=1111).add_member(u1) + provider.group("group2").add(gid=2222).add_members([u1, u2, u3]) + + client.sssd.nss["memcache_size_passwd"] = "0" + client.sssd.nss["memcache_size_group"] = "0" + client.sssd.nss["memcache_size_initgroups"] = "0" + client.sssd.domain["ldap_id_mapping"] = "false" + client.sssd.start() + + for user in ["user1", "user2", "user3"]: + result = client.tools.id(user) + assert result is not None, f"User {user} was not found using id" + assert result.user.name == user, f"Username {result.user.name} is incorrect, {user} expected" + + for group, members in [("group1", ["user1"]), ("group2", ["user1", "user2", "user3"])]: + gresult = client.tools.getent.group(group) + assert gresult is not None, f"Group {group} was not found using id" + assert gresult.name == group, f"Groupname {gresult.name} is incorrect, {group} expected" + assert gresult.members == members, f"Group {group} members did not match the expected ones" + + client.sssd.stop() + + for user in ["user1", "user2", "user3"]: + assert client.tools.id(user) is None, f"User {user} was found which is not expected" + + for id in [10001, 10002, 10003]: + assert client.tools.id(id) is None, f"User with id {id} was found which is not expected" + + assert client.tools.getent.group("group1") is None, "Group group1 was found which is not expected" + assert client.tools.getent.group("group2") is None, "Group group2 was found which is not expected" + assert client.tools.getent.group(1111) is None, "Group with gid 1111 was found which is not expected" + assert client.tools.getent.group(2222) is None, "Group with gid 2222 was found which is not expected" + + +@pytest.mark.topology(KnownTopologyGroup.AnyProvider) +def test_memory_cache__membership_by_group_name(client: Client, provider: GenericProvider): + """ + :title: Lookup user by name and test membership by name use memory cache when SSSD is stopped + :setup: + 1. Add 'user1', 'user2' and 'user3' to SSSD + 2. Add 'group1' and 'group2' to SSSD + 3. Add users to groups + 4. Start SSSD + :steps: + 1. Find 'user1', 'user2' and 'user3' with id(name) + 2. Check that users are members of correct groups + 3. Stop SSSD + 4. Find 'user1', 'user2' and 'user3' with id(name) + 5. Check that users are members of correct groups + :expectedresults: + 1. Users are found + 2. Users are members of correct groups + 3. SSSD is stopped + 4. Users are found + 5. Users are members of correct groups + :customerscenario: False + """ + + def check(): + result = client.tools.id("user1") + assert result is not None, "User user1 was not found using id" + assert result.memberof(["group1", "group2"]), "User user1 is member of incorrect groups" + + result = client.tools.id("user2") + assert result is not None, "User user2 was not found using id" + assert result.memberof(["group2"]), "User user2 is member of incorrect groups" + + result = client.tools.id("user3") + assert result is not None, "User user3 was not found using id" + assert result.memberof(["group2"]), "User user3 is member of incorrect groups" + + u1 = provider.user("user1").add() + u2 = provider.user("user2").add() + u3 = provider.user("user3").add() + + provider.group("group1").add().add_member(u1) + provider.group("group2").add().add_members([u1, u2, u3]) + + client.sssd.start() + + check() + client.sssd.stop() + check() + + +@pytest.mark.topology(KnownTopologyGroup.AnyProvider) +def test_memory_cache__membership_by_group_id(client: Client, provider: GenericProvider): + """ + :title: Lookup user by name and test membership by gid use memory cache when SSSD is stopped + :setup: + 1. Add 'user1', 'user2' and 'user3' to SSSD + 2. Add 'group1', 'group2' and 'group3' to SSSD + 3. Set group gids + 4. Add users to groups + 5. Start SSSD + :steps: + 1. Find 'user1', 'user2' and 'user3' with id(name) + 2. Check that users are members of correct groups + 3. Stop SSSD + 4. Find 'user1', 'user2' and 'user3' with id(name) + 5. Check that users are members of correct groups + :expectedresults: + 1. Users are found + 2. Users are members of correct groups + 3. SSSD is stopped + 4. Users are found + 5. Users are members of correct groups + :customerscenario: False + """ + + def check(): + result = client.tools.id("user1") + assert result is not None, "User user1 was not found using id" + assert result.memberof([1001, 1002]), "User user1 is member of incorrect groups" + + result = client.tools.id("user2") + assert result is not None, "User user2 was not found using id" + assert result.memberof([1002]), "User user2 is member of incorrect groups" + + result = client.tools.id("user3") + assert result is not None, "User user3 was not found using id" + assert result.memberof([1002]), "User user3 is member of incorrect groups" + + u1 = provider.user("user1").add(uid=11001, gid=19001) + u2 = provider.user("user2").add(uid=11002, gid=19002) + u3 = provider.user("user3").add(uid=11003, gid=19003) + + provider.group("group1").add(gid=1001).add_member(u1) + provider.group("group2").add(gid=1002).add_members([u1, u2, u3]) + provider.group("group3").add(gid=1003) + + client.sssd.domain["ldap_id_mapping"] = "false" + client.sssd.start() + + check() + client.sssd.stop() + check() + + +@pytest.mark.topology(KnownTopologyGroup.AnyProvider) +def test_memory_cache__user_gids(client: Client, provider: GenericProvider): + """ + :title: Lookup user by id and test membership by gid use memory cache when SSSD is stopped + :setup: + 1. Add 'user1', 'user2' and 'user3' to SSSD + 2. Set users uids and gids + 3. Add 'group1' and 'group2' to SSSD + 4. Set groups gids + 5. Add users to groups + 6. Start SSSD + :steps: + 1. Find users by id(uid) + 2. Check that users are members of correct groups + 3. Stop SSSD + 4. Find users by id(uid) + 5. Check that users are members of correct groups + :expectedresults: + 1. Users are found + 2. Users are members of correct groups + 3. SSSD is stopped + 4. Users are found + 5. Users are members of correct groups + :customerscenario: False + """ + + def check(): + result = client.tools.id(2001) + assert result is not None, "User with id 2001 was not found using id" + assert result.memberof([101, 1001, 1002]), "User with id 2001 is member of incorrect groups" + + result = client.tools.id(2002) + assert result is not None, "User with id 2002 was not found using id" + assert result.memberof([102, 1002]), "User with id 2002 is member of incorrect groups" + + result = client.tools.id(2003) + assert result is not None, "User with id 2003 was not found using id" + assert result.memberof([103, 1002]), "User with id 2003 is member of incorrect groups" + + u1 = provider.user("user1").add(uid=2001, gid=101) + u2 = provider.user("user2").add(uid=2002, gid=102) + u3 = provider.user("user3").add(uid=2003, gid=103) + + provider.group("group1").add(gid=1001).add_member(u1) + provider.group("group2").add(gid=1002).add_members([u1, u2, u3]) + + client.sssd.domain["ldap_id_mapping"] = "false" + client.sssd.start() + + check() + client.sssd.stop() + check() + + +@pytest.mark.topology(KnownTopologyGroup.AnyProvider) +def test_memory_cache__getpwnam_fully_qualified_names(client: Client, provider: GenericProvider): + """ + :title: Lookup user by full name when 'use_fully_qualified_names' is 'true' + uses memory cache when sssd is stopped + :setup: + 1. Add 'user1' and 'user2' to SSSD + 2. In SSSD domain change 'use_fully_qualified_names' to 'true' + 3. Start SSSD + :steps: + 1. Find 'user1' and 'user2' with id(name) + 2. Find 'user1' and 'user2' with id(name@domain) + 3. Check that users have correct full names + 4. Stop SSSD + 5. Find 'user1' and 'user2' with id(name) + 6. Find 'user1' and 'user2' with id(name@domain) + 7. Check that users have correct full names + :expectedresults: + 1. Users are not found + 2. Users are found + 3. Users have correct full names + 4. SSSD is stopped + 5. Users are not found + 6. Users are found + 7. Users have correct full names + :customerscenario: False + """ + + def check(): + assert client.tools.id("user1") is None, "User user1 should not be found without fully qualified name" + assert client.tools.id("user2") is None, "User user2 should not be found without fully qualified name" + + result = client.tools.id("user1@test") + assert result is not None, "User user1@test was not found using id" + assert result.user.name == "user1@test", f"User {result.user.name} has incorrect name, user1@test expected" + + result = client.tools.id("user2@test") + assert result is not None, "User user2@test was not found using id" + assert result.user.name == "user2@test", f"User {result.user.name} has incorrect name, user2@test expected" + + provider.user("user1").add() + provider.user("user2").add() + + client.sssd.domain["use_fully_qualified_names"] = "true" + client.sssd.start() + + check() + client.sssd.stop() + check() + + +@pytest.mark.topology(KnownTopologyGroup.AnyProvider) +def test_memory_cache__case_insensitive(client: Client, provider: GenericProvider): + """ + :title: Lookup user by case insensitive name when 'case_sensitive' is 'false' + uses memory cache when SSSD is stopped + :setup: + 1. Add 'user1' to SSSD + 2. Set user gid and uid + 3. Add groups to SSSD + 4. Set group gid + 5. Add member to the groups + 6. In SSSD domain change 'case_sensitive' to 'false' + 7. Start SSSD + :steps: + 1. Find users with getent.initgroups(name), where name is in random lower and upper case format + 2. Check that usernames are correct + 3. Check that user is member of correct groups + 4. Stop SSSD + 5. Find user with getent.initgroups(name), where name is last name used when resolving user + 6. Check that username is correct + 7. Check that user is member of correct groups + 8. Find users with getent.initgroups(name), where names are previously used names + :expectedresults: + 1. Users are found + 2. Users have correct names + 3. User is member of correct groups + 4. SSSD is stopped + 5. User is found + 6. User has correct name + 7. User is member of correct groups + 8. Users are not found + :customerscenario: False + """ + u1 = provider.user("user1").add(uid=10001, gid=2001) + provider.group("group1").add(gid=10010).add_member(u1) + provider.group("group2").add(gid=10011).add_member(u1) + provider.group("group3").add(gid=10012).add_member(u1) + + client.sssd.domain["case_sensitive"] = "false" + client.sssd.domain["ldap_id_mapping"] = "false" + client.sssd.start() + + for name in ["uSer1", "useR1", "USER1", "user1", "uSER1"]: + result = client.tools.getent.initgroups(name) + assert result.name == name, f"Username {result.name} is not correct, {name} expected" + assert result.memberof([10010, 10011, 10012]), f"User {result.name} is member of wrong groups" + + client.sssd.stop() + + result = client.tools.getent.initgroups("uSER1") + assert result.name == "uSER1", f"Username {result.name} is not correct, uSER1 expected" + assert result.memberof([10010, 10011, 10012]), f"User {result.name} is member of wrong groups" + + # Only last version of name is stored in cache + # That is why initgroups call returns no secondary groups + assert client.tools.getent.initgroups("uSer1").groups == [], "User uSer1 should not be found in cache" + assert client.tools.getent.initgroups("useR1").groups == [], "User useR1 should not be found in cache" + assert client.tools.getent.initgroups("USER1").groups == [], "User USER1 should not be found in cache" + assert client.tools.getent.initgroups("user1").groups == [], "User user1 should not be found in cache" + + +@pytest.mark.topology(KnownTopologyGroup.AnyProvider) +def test_memory_cache__fq_names_case_insensitive(client: Client, provider: GenericProvider): + """ + :title: Lookup user by case insensitive fully qualified name when 'case_sensitive' is 'false' + and 'use_fully_qualified_names' is 'true' uses memory cache when SSSD is stopped + :setup: + 1. Add user to SSSD + 2. Add groups to SSSD + 3. Set groups gids + 4. Add members to the groups + 5. In SSSD domain change 'use_fully_qualified_names' to 'true' + 6. In SSSD domain change 'case_sensitive' to 'false' + 7. Start SSSD + :steps: + 1. Find user with names without domain + 2. Find user with getent.initgroups(name@domain), where name is in random lower and upper case format + 3. Check that user is members of correct groups + 4. Stop SSSD + 5. Find user with getent.initgroups(name@domain), where same name as in 2. + 6. Check that user is member of correct groups + 7. Find users with names, that should not be found + :expectedresults: + 1. User is not found + 2. User is found + 3. User is member of correct groups + 4. SSSD is stopped + 5. User is found + 6. User is member of correct groups + 7. Users are not found + :customerscenario: False + """ + u1 = provider.user("user1").add(gid=19001, uid=11001) + + provider.group("group1").add(gid=20001).add_member(u1) + provider.group("group2").add(gid=20002).add_member(u1) + provider.group("group3").add(gid=20003).add_member(u1) + + client.sssd.domain["use_fully_qualified_names"] = "true" + client.sssd.domain["case_sensitive"] = "false" + client.sssd.domain["ldap_id_mapping"] = "false" + client.sssd.start() + + assert client.tools.getent.initgroups("uSer1").groups == [], "User uSer1 should be found only with fq name" + assert client.tools.getent.initgroups("user1").groups == [], "User user1 should be found only with fq name" + + result = client.tools.getent.initgroups("uSer1@test") + assert result.memberof([20001, 20002, 20003]), "User uSer1@test is member of incorrect groups" + + client.sssd.stop() + + result = client.tools.getent.initgroups("uSer1@test") + assert result.memberof([20001, 20002, 20003]), "User uSer1@test is member of incorrect groups" + + assert client.tools.getent.initgroups("user1@test").groups == [], "User user1@test should not be found in cache" + assert client.tools.getent.initgroups("user1").groups == [], "User user1 should be found only with fq name" + assert client.tools.getent.initgroups("uSer1").groups == [], "User uSer1 should be found only with fq name" + + +@pytest.mark.topology(KnownTopologyGroup.AnyProvider) +def test_memory_cache__invalidation_of_gids_after_initgroups(client: Client, provider: GenericProvider): + """ + :title: Invalidate groups after initgroups call when SSSD is stopped + :setup: + 1. Add 'user1' to SSSD + 2. Set user uid and gid + 3. Add groups to SSSD + 4. Set groups gids + 5. Add members to the groups + 6. Start SSSD + :steps: + 1. Check that "user1" has correct attributes + 2. Check that groups have correct attributes + 3. Check that "user1" has correct initgroups + 4. Stop SSSD + 5. Check that "group2" has correct attributes + 6. Check that "user1" has correct initgroups + 7. All "user1" initgroups should be invalidated and not found + :expectedresults: + 1. User has correct attributes + 2. Groups have correct attributes + 3. User has correct initgroups + 4. SSSD is stopped + 5. Group has correct attributes + 6. User has correct attributes + 7. Groups are not found + :customerscenario: False + """ + + def check_user_passwd(): + for user in ("user1", 10001): + result = client.tools.getent.passwd(user) + assert result is not None, f"User {user} was not found using getent" + assert result.uid == 10001, f"User id {result.uid} is incorrect, expected 10001" + assert result.name == "user1", f"Username {result.name} is incorrect, expected user1" + + def check_initgroups(): + result = client.tools.getent.initgroups("user1") + assert result.name == "user1", f"Username {result.name} is incorrect, user1 expected" + assert result.memberof([12345]), "User user1 is member of incorrect groups" + + def check_group(name, gid): + for group in (name, gid): + gresult = client.tools.getent.group(group) + assert gresult is not None, f"Group {group} was not found using getent" + assert gresult.name == name, f"Groupname {gresult.name} is incorrect, {name} expected" + assert gresult.gid == gid, f"Group gid {gresult.gid} is incorrect, {gid} expected" + + u1 = provider.user("user1").add(uid=10001, gid=19001) + + provider.group("group1").add(gid=12345).add_member(u1) + provider.group("group1_").add(gid=123450).add_member(u1) + provider.group("group2").add(gid=22222) + + client.sssd.domain["ldap_id_mapping"] = "false" + client.sssd.start() + + check_user_passwd() + + check_group("group1", 12345) + check_group("group2", 22222) + + check_initgroups() + + client.sssd.stop() + + check_user_passwd() + check_group("group2", 22222) + + check_initgroups() + + assert client.tools.getent.group(12345) is None, "Group with gid 12345 was found which is not expected" + assert client.tools.getent.group(123450) is None, "Group with gid 123450 was found which is not expected" + assert client.tools.getent.group("group1") is None, "Group group1 was found which is not expected" + assert client.tools.getent.group("group1_") is None, "Group group1_ was found which is not expected" + + +@pytest.mark.topology(KnownTopologyGroup.AnyProvider) +def test_memory_cache__initgroups_without_change_in_membership(client: Client, provider: GenericProvider): + """ + :title: Invalidated cache, after refresh and stopped SSSD, has everything loaded in memory + :setup: + 1. Add 'user1' to SSSD + 2. Set user gid and uid + 3. Add 'group1' to SSSD + 4. Set group gid + 5. Add members to the group + 6. Start SSSD + :steps: + 1. Find user with id(name) and id(uid) + 2. Check that user is member of correct groups + 3. Find group with getent.group(name) and getent.group(gid) + 4. Check that the group have correct name and gid + 5. Invalidate whole cache + 6. Find user with id(name) and id(uid) + 7. Check that user is member of correct groups + 8. Find group with getent.group(name) and getent.group(gid) + 9. Check that the group have correct name and gid + 10. Stop SSSD + 11. Find user with id(name) and id(uid) + 12. Check that user is member of correct groups + 13. Find group with getent.group(name) and getent.group(gid) + 14. Check that the group have correct name and gid + :expectedresults: + 1. User is found + 2. User is member of correct groups + 3. Group is found + 4. Group has correct name and gid + 5. Cache is invalidated + 6. User is found + 7. User is member of correct groups + 8. Group is found + 9. Group has correct name and gid + 10. SSSD is stopped + 11. User is found + 12. User is member of correct groups + 13. Group is found + 14. Group has correct name and gid + :customerscenario: False + """ + + def check(): + result = client.tools.id("user1") + assert result is not None, "User user1 was not found using id" + assert result.memberof([111, 12345]), "User user1 is member of incorrect groups" + + result = client.tools.id(10001) + assert result is not None, "User with id 10001 was not found using id" + assert result.memberof([111, 12345]), "User with id 10001 is member of incorrect groups" + + gresult = client.tools.getent.group("group1") + assert gresult is not None, "Group group1 was not found using getent" + assert gresult.gid == 12345, f"Group gid {gresult.gid} is incorrect, 12345 expected" + + gresult = client.tools.getent.group(12345) + assert gresult is not None, "Group with gid 12345 was not found using getent" + assert gresult.name == "group1", f"Groupname {gresult.name} is incorrect, group1 expected" + + gresult = client.tools.getent.group("group2") + assert gresult is not None, "Group group2 was not found using getent" + assert gresult.gid == 222222, f"Group gid {gresult.gid} is incorrect, 222222 expected" + + gresult = client.tools.getent.group(222222) + assert gresult is not None, "Group with gid 222222 was not found using getent" + assert gresult.name == "group2", f"Groupname {gresult.name} is incorrect, group2 expected" + + result = client.tools.getent.initgroups("user1") + assert result.memberof([12345, 123450]), "User user1 is member of incorrect groups" + + u1 = provider.user("user1").add(uid=10001, gid=111) + provider.group("group1").add(gid=12345).add_member(u1) + provider.group("group1_").add(gid=123450).add_member(u1) + provider.group("group2").add(gid=222222) + + client.sssd.domain["ldap_id_mapping"] = "false" + client.sssd.start() + + check() + client.sssctl.cache_expire(everything=True) + check() + client.sssd.stop() + check() + + +@pytest.mark.topology(KnownTopologyGroup.AnyProvider) +def test_memory_cache__invalidate_user_before_stop(client: Client, provider: GenericProvider): + """ + :title: Invalidate user cache before SSSD is stopped + :setup: + 1. Add 'user1' and 'user2' to SSSD + 2. Set users gids and uids + 3. Add 'group1' and 'group2' to SSSD + 4. Set groups gids + 5. Add members to the groups + 6. Start SSSD + :steps: + 1. Find user with id(name) + 2. Check that user has correct id + 3. Check that user is member of correct groups + 4. Invalidate cache for 'user1' + 5. Stop SSSD + 6. Find user by id(name) and id(uid) + 7. Find the user's groups by getent.group(name) and getent.group(uid) + :expectedresults: + 1. User is found + 2. User has correct id + 3. User is member of correct groups + 4. Cache is invalidated + 5. SSSD is stopped + 6. User is not found + 7. Group is not found + :customerscenario: False + """ + u1 = provider.user("user1").add(uid=123456, gid=110011) + u2 = provider.user("user2").add(uid=220022, gid=222222) + + provider.group("group1").add(gid=101010).add_member(u1) + provider.group("group2").add(gid=202020).add_members([u1, u2]) + + client.sssd.domain["ldap_id_mapping"] = "false" + client.sssd.start() + + result = client.tools.id("user1") + assert result is not None, "User user1 was not found using id" + assert result.user.id == 123456, f"User id {result.user.id} is incorrect, 123456 expected" + assert result.memberof([110011, 101010, 202020]), "User user1 is member of incorrect groups" + + client.sssctl.cache_expire(user="user1") + client.sssd.stop() + + assert client.tools.id("user1") is None, "User user1 was found which is not expected" + assert client.tools.id(123456) is None, "User with id 123456 was found which is not expected" + assert client.tools.getent.group("group1") is None, "Group group1 was found which is not expected" + assert client.tools.getent.group(110011) is None, "Group with gid 110011 was found which is not expected" + assert client.tools.getent.group("group2") is None, "Group group2 was found which is not expected" + assert client.tools.getent.group(202020) is None, "Group with gid 202020 was found which is not expected" + + +@pytest.mark.topology(KnownTopologyGroup.AnyProvider) +def test_memory_cache__invalidate_user_after_stop(client: Client, provider: GenericProvider): + """ + :title: Invalidate user cache after SSSD is stopped + :setup: + 1. Add 'user1' and 'user2' to SSSD + 2. Set users gids and uids + 3. Add 'group1' and 'group2' to SSSD + 4. Set groups gids + 5. Add members to the groups + 6. Start SSSD + :steps: + 1. Find user with id(name) + 2. Check that user has correct id + 3. Check that user is member of correct groups + 4. Stop SSSD + 5. Invalidate cache for 'user1' + 6. Find user by id(name) and id(uid) + 7. Find the user's groups by getent.group(name) and getent.group(uid) + :expectedresults: + 1. User is found + 2. User has correct id + 3. User is member of correct groups + 4. SSSD is stopped + 5. Cache is invalidated + 6. User is not found + 7. Group is not found + :customerscenario: False + """ + u1 = provider.user("user1").add(uid=123456, gid=110011) + u2 = provider.user("user2").add(uid=220022, gid=222222) + + provider.group("group1").add(gid=101010).add_member(u1) + provider.group("group2").add(gid=202020).add_members([u1, u2]) + + client.sssd.domain["ldap_id_mapping"] = "false" + client.sssd.start() + + result = client.tools.id("user1") + assert result is not None, "User user1 was not found using id" + assert result.user.id == 123456, f"User id {result.user.id} is incorrect, 123456 expected" + assert result.memberof([110011, 101010, 202020]), "User user1 is member of incorrect groups" + + client.sssd.stop() + client.sssctl.cache_expire(user="user1") + + assert client.tools.id("user1") is None, "User user1 was found which is not expected" + assert client.tools.id(123456) is None, "User with id 123456 was found which is not expected" + assert client.tools.getent.group("group1") is None, "Group group1 was found which is not expected" + assert client.tools.getent.group(110011) is None, "Group with gid 110011 was found which is not expected" + assert client.tools.getent.group("group2") is None, "Group group2 was found which is not expected" + assert client.tools.getent.group(202020) is None, "Group with gid 202020 was found which is not expected" + + +@pytest.mark.topology(KnownTopologyGroup.AnyProvider) +def test_memory_cache__invalidate_users_before_stop(client: Client, provider: GenericProvider): + """ + :title: Invalidate users cache before SSSD is stopped + :setup: + 1. Add 'user1' and 'user2' to SSSD + 2. Set users gids and uids + 3. Add 'group1' and 'group2' to SSSD + 4. Set groups gids + 5. Add members to the groups + 6. Start SSSD + :steps: + 1. Find users with id(name) + 2. Check that users have correct ids + 3. Check that users are members of correct groups + 4. Invalidate cache for all users + 5. Stop SSSD + 6. Find users by id(name) and id(uid) + 7. Find the groups of users by getent.group(name) and getent.group(uid) + :expectedresults: + 1. Users are found + 2. Users have correct ids + 3. Users are members of correct groups + 4. Cache is invalidated + 5. SSSD is stopped + 6. Users are not found + 7. Groups are not found + :customerscenario: False + """ + u1 = provider.user("user1").add(uid=123456, gid=110011) + u2 = provider.user("user2").add(uid=220022, gid=222222) + + provider.group("group1").add(gid=101010).add_member(u1) + provider.group("group2").add(gid=202020).add_members([u1, u2]) + + client.sssd.domain["ldap_id_mapping"] = "false" + client.sssd.start() + + result = client.tools.id("user1") + assert result is not None, "User user1 was not found using id" + assert result.user.id == 123456, f"User id {result.user.id} is incorrect, 123456 expected" + assert result.memberof([110011, 101010, 202020]), "User user1 is member of incorrect groups" + + result = client.tools.id("user2") + assert result is not None, "User user2 was not found using id" + assert result.user.id == 220022, f"User id {result.user.id} is incorrect, 220022 expected" + assert result.memberof([222222, 202020]), "User user2 is member of incorrect groups" + + client.sssctl.cache_expire(users=True) + client.sssd.stop() + + assert client.tools.id("user1") is None, "User user1 was found which is not expected" + assert client.tools.id(123456) is None, "User with id 123456 was found which is not expected" + assert client.tools.getent.group("group1") is None, "Group group1 was found which is not expected" + assert client.tools.getent.group(110011) is None, "Group with gid 110011 was found which is not expected" + assert client.tools.getent.group("group2") is None, "Group group2 was found which is not expected" + assert client.tools.getent.group(202020) is None, "Group with gid 202020 was found which is not expected" + assert client.tools.id("user2") is None, "User user2 was found which is not expected" + assert client.tools.id(220022) is None, "User with id 220022 was found which is not expected" + assert client.tools.getent.group(222222) is None, "Group with gid 222222 was found which is not expected" + + +@pytest.mark.topology(KnownTopologyGroup.AnyProvider) +def test_memory_cache__invalidate_users_after_stop(client: Client, provider: GenericProvider): + """ + :title: Invalidate users cache after SSSD is stopped + :setup: + 1. Add 'user1' and 'user2' to SSSD + 2. Set users gids and uids + 3. Add 'group1' and 'group2' to SSSD + 4. Set groups gids + 5. Add members to the groups + 6. Start SSSD + :steps: + 1. Find users with id(name) + 2. Check that users have correct ids + 3. Check that users are members of correct groups + 4. Stop SSSD + 5. Invalidate cache for all users + 6. Find users by id(name) and id(uid) + 7. Find the groups of users by getent.group(name) and getent.group(uid) + :expectedresults: + 1. Users are found + 2. Users have correct ids + 3. Users are members of correct groups + 4. SSSD is stopped + 5. Cache is invalidated + 6. Users are not found + 7. Groups are not found + :customerscenario: False + """ + u1 = provider.user("user1").add(uid=123456, gid=110011) + u2 = provider.user("user2").add(uid=220022, gid=222222) + + provider.group("group1").add(gid=101010).add_member(u1) + provider.group("group2").add(gid=202020).add_members([u1, u2]) + + client.sssd.domain["ldap_id_mapping"] = "false" + client.sssd.start() + + result = client.tools.id("user1") + assert result is not None, "User user1 was not found using id" + assert result.user.id == 123456, f"User id {result.user.id} is incorrect, 123456 expected" + assert result.memberof([110011, 101010, 202020]), "User user1 is member of incorrect groups" + + result = client.tools.id("user2") + assert result is not None, "User user2 was not found using id" + assert result.user.id == 220022, f"User id {result.user.id} is incorrect, 220022 expected" + assert result.memberof([222222, 202020]), "User user2 is member of incorrect groups" + + client.sssd.stop() + client.sssctl.cache_expire(users=True) + + assert client.tools.id("user1") is None, "User user1 was found which is not expected" + assert client.tools.id(123456) is None, "User with id 123456 was found which is not expected" + assert client.tools.getent.group("group1") is None, "Group group1 was found which is not expected" + assert client.tools.getent.group(110011) is None, "Group with gid 110011 was found which is not expected" + assert client.tools.getent.group("group2") is None, "Group group2 was found which is not expected" + assert client.tools.getent.group(202020) is None, "Group with gid 202020 was found which is not expected" + assert client.tools.id("user2") is None, "User user2 was found which is not expected" + assert client.tools.id(220022) is None, "User with id 220022 was found which is not expected" + assert client.tools.getent.group(222222) is None, "Group with gid 222222 was found which is not expected" + + +@pytest.mark.topology(KnownTopologyGroup.AnyProvider) +def test_memory_cache__invalidate_group_before_stop(client: Client, provider: GenericProvider): + """ + :title: Invalidate group cache before SSSD is stopped + :setup: + 1. Add 'group1' to SSSD + 2. Set group gid + 3. Start SSSD + :steps: + 1. Find the 'group1' getent.group(name) + 2. Check that group has correct id + 3. Check that group has correct name + 4. Invalidate cache for 'group1' + 5. Stop SSSD + 6. Find the 'group1' getent.group(name) and getent.group(uid) + :expectedresults: + 1. Group is found + 2. Group has correct id + 3. Group has correct name + 4. Cache is invalidated + 5. SSSD is stopped + 6. Group is not found + :customerscenario: False + """ + provider.group("group1").add(gid=101010) + + client.sssd.domain["ldap_id_mapping"] = "false" + client.sssd.start() + + result = client.tools.getent.group("group1") + assert result is not None, "Group group1 was not found using getent" + assert result.name == "group1", f"Groupname {result.name} is incorrect, group1 expected" + assert result.gid == 101010, f"Group gid {result.gid} is incorrect, 101010 expected" + + client.sssctl.cache_expire(group="group1") + client.sssd.stop() + + assert client.tools.getent.group("group1") is None, "Group group1 was found which is not expected" + assert client.tools.getent.group(110011) is None, "Group with gid 110011 was found which is not expected" + + +@pytest.mark.topology(KnownTopologyGroup.AnyProvider) +def test_memory_cache__invalidate_group_after_stop(client: Client, provider: GenericProvider): + """ + :title: Invalidate group cache after SSSD is stopped + :setup: + 1. Add 'group1' to SSSD + 2. Set group gid + 3. Start SSSD + :steps: + 1. Find the 'group1' getent.group(name) + 2. Check that group has correct id + 3. Check that group has correct name + 4. Stop SSSD + 5. Invalidate cache for 'group1' + 6. Find the 'group1' getent.group(name) and getent.group(uid) + :expectedresults: + 1. Group is found + 2. Group has correct id + 3. Group has correct name + 6. SSSD is stopped + 5. Cache is invalidated + 6. Group is not found + :customerscenario: False + """ + provider.group("group1").add(gid=101010) + + client.sssd.domain["ldap_id_mapping"] = "false" + client.sssd.start() + + result = client.tools.getent.group("group1") + assert result is not None, "Group group1 was not found using getent" + assert result.name == "group1", f"Groupname {result.name} is incorrect, group1 expected" + assert result.gid == 101010, f"Group gid {result.gid} is incorrect, 101010 expected" + + client.sssd.stop() + client.sssctl.cache_expire(group="group1") + + assert client.tools.getent.group("group1") is None, "Group group1 was found which is not expected" + assert client.tools.getent.group(110011) is None, "Group with gid 110011 was found which is not expected" + + +@pytest.mark.topology(KnownTopologyGroup.AnyProvider) +def test_memory_cache__invalidate_groups_before_stop(client: Client, provider: GenericProvider): + """ + :title: Invalidate groups cache before SSSD is stopped + :setup: + 1. Add 'group1' and 'group2' to SSSD + 2. Set groups gids + 3. Start SSSD + :steps: + 1. Find groups with getent.group(name) + 2. Check that groups have correct gids + 3. Invalidate cache for all groups + 4. Stop SSSD + 5. Find 'group1' and 'group2' with getent.group(name) and getent.group(gid) + :expectedresults: + 1. Groups are found + 2. Groups have correct gids + 3. Cache is invalidated + 4. SSSD is stopped + 5. Groups are not found + :customerscenario: False + """ + provider.group("group1").add(gid=101010) + provider.group("group2").add(gid=202020) + + client.sssd.domain["ldap_id_mapping"] = "false" + client.sssd.start() + + result = client.tools.getent.group("group1") + assert result is not None, "Group group1 was not found using getent" + assert result.gid == 101010, f"Group gid {result.gid} is incorrect, 101010 expected" + + result = client.tools.getent.group("group2") + assert result is not None, "Group group2 was not found using getent" + assert result.gid == 202020, f"Group gid {result.gid} is incorrect, 202020 expected" + + client.sssctl.cache_expire(groups=True) + client.sssd.stop() + + assert client.tools.getent.group("group1") is None, "Group group1 was found which is not expected" + assert client.tools.getent.group(110011) is None, "Group with gid 110011 was found which is not expected" + assert client.tools.getent.group("group2") is None, "Group group2 was found which is not expected" + assert client.tools.getent.group(202020) is None, "Group with gid 202020 was found which is not expected" + + +@pytest.mark.topology(KnownTopologyGroup.AnyProvider) +def test_memory_cache__invalidate_groups_after_stop(client: Client, provider: GenericProvider): + """ + :title: Invalidate groups cache after SSSD is stopped + :setup: + 1. Add 'group1' and 'group2' to SSSD + 2. Set groups gids + 3. Start SSSD + :steps: + 1. Find groups with getent.group(name) + 2. Check that groups have correct gids + 3. Stop SSSD + 4. Invalidate cache for all groups + 5. Find 'group1' and 'group2' with getent.group(name) and getent.group(gid) + :expectedresults: + 1. Groups are found + 2. Groups have correct gids + 3. SSSD is stopped + 4. Cache is invalidated + 5. Groups are not found + :customerscenario: False + """ + provider.group("group1").add(gid=101010) + provider.group("group2").add(gid=202020) + + client.sssd.domain["ldap_id_mapping"] = "false" + client.sssd.start() + + result = client.tools.getent.group("group1") + assert result is not None, "Group group1 was not found using getent" + assert result.gid == 101010, f"Group gid {result.gid} is incorrect, 101010 expected" + + result = client.tools.getent.group("group2") + assert result is not None, "Group group2 was not found using getent" + assert result.gid == 202020, f"Group gid {result.gid} is incorrect, 202020 expected" + + client.sssd.stop() + client.sssctl.cache_expire(groups=True) + + assert client.tools.getent.group("group1") is None, "Group group1 was found which is not expected" + assert client.tools.getent.group(110011) is None, "Group with gid 110011 was found which is not expected" + assert client.tools.getent.group("group2") is None, "Group group2 was found which is not expected" + assert client.tools.getent.group(202020) is None, "Group with gid 202020 was found which is not expected" + + +@pytest.mark.topology(KnownTopologyGroup.AnyProvider) +def test_memory_cache__invalidate_everything_before_stop(client: Client, provider: GenericProvider): + """ + :title: Invalidate all parts of cache before SSSD is stopped + :setup: + 1. Add 'user1' and 'user2' to SSSD + 2. Set users uids and gids + 3. Add 'group1' and 'group2' to SSSD + 4. Set groups gids + 5. Add members to the groups + 6. Start SSSD + :steps: + 1. Find users with id(name) + 2. Check that users have correct uids + 3. Find groups with getent.group(name) + 4. Check that groups have correct gids + 5. Invalidate all parts of cache + 6. Stop SSSD + 7. Find 'user1' and 'user2' with id(name) and id(uid) + 8. Find 'group1' and 'group2' with getent.group(name) and getent.group(gid) + :expectedresults: + 1. Users are found + 2. Users have correct uids + 3. Groups are found + 4. Groups have correct gids + 5. Cache is invalidated + 6. SSSD is stopped + 7. Users are not found + 8. Groups are not found + :customerscenario: False + """ + u1 = provider.user("user1").add(uid=123456, gid=110011) + u2 = provider.user("user2").add(uid=220022, gid=222222) + + provider.group("group1").add(gid=101010).add_member(u1) + provider.group("group2").add(gid=202020).add_members([u1, u2]) + + client.sssd.domain["ldap_id_mapping"] = "false" + client.sssd.start() + + result = client.tools.id("user1") + assert result is not None, "User user1 was not found using id" + assert result.user.id == 123456, f"User id {result.user.id} is incorrect, 123456 expected" + + result = client.tools.id("user2") + assert result is not None, "User user2 was not found using id" + assert result.user.id == 220022, f"User id {result.user.id} is incorrect, 220022 expected" + + gresult = client.tools.getent.group("group1") + assert gresult is not None, "Group group1 was not found using getent" + assert gresult.gid == 101010, f"Group gid {gresult.gid} is incorrect, 101010 expected" + + gresult = client.tools.getent.group("group2") + assert gresult is not None, "Group group2 was not found using getent" + assert gresult.gid == 202020, f"Group gid {gresult.gid} is incorrect, 202020 expected" + + client.sssctl.cache_expire(everything=True) + client.sssd.stop() + + assert client.tools.id("user1") is None, "User user1 was found which is not expected" + assert client.tools.id(123456) is None, "User with id 123456 was found which is not expected" + assert client.tools.id("user2") is None, "User user2 was found which is not expected" + assert client.tools.id(220022) is None, "User with id 220022 was found which is not expected" + assert client.tools.getent.group("group1") is None, "Group group1 was found which is not expected" + assert client.tools.getent.group(110011) is None, "Group with gid 110011 was found which is not expected" + assert client.tools.getent.group("group2") is None, "Group group2 was found which is not expected" + assert client.tools.getent.group(202020) is None, "Group with gid 202020 was found which is not expected" + + +@pytest.mark.topology(KnownTopologyGroup.AnyProvider) +def test_memory_cache__invalidate_everything_after_stop(client: Client, provider: GenericProvider): + """ + :title: Invalidate all parts of cache after SSSD is stopped + :setup: + 1. Add 'user1' and 'user2' to SSSD + 2. Set users uids and gids + 3. Add 'group1' and 'group2' to SSSD + 4. Set groups gids + 5. Add members to the groups + 6. Start SSSD + :steps: + 1. Find users with id(name) + 2. Check that users have correct uids + 3. Find groups with getent.group(name) + 4. Check that groups have correct gids + 5. Stop SSSD + 6. Invalidate all parts of cache + 7. Find 'user1' and 'user2' with id(name) and id(uid) + 8. Find 'group1' and 'group2' with getent.group(name) and getent.group(gid) + :expectedresults: + 1. Users are found + 2. Users have correct uids + 3. Groups are found + 4. Groups have correct gids + 5. SSSD is stopped + 6. Cache is invalidated + 7. Users are not found + 8. Groups are not found + :customerscenario: False + """ + u1 = provider.user("user1").add(uid=123456, gid=110011) + u2 = provider.user("user2").add(uid=220022, gid=222222) + + provider.group("group1").add(gid=101010).add_member(u1) + provider.group("group2").add(gid=202020).add_members([u1, u2]) + + client.sssd.domain["ldap_id_mapping"] = "false" + client.sssd.start() + + result = client.tools.id("user1") + assert result is not None, "User user1 was not found using id" + assert result.user.id == 123456, f"User id {result.user.id} is incorrect, 123456 expected" + + result = client.tools.id("user2") + assert result is not None, "User user2 was not found using id" + assert result.user.id == 220022, f"User id {result.user.id} is incorrect, 220022 expected" + + gresult = client.tools.getent.group("group1") + assert gresult is not None, "Group group1 was not found using getent" + assert gresult.gid == 101010, f"Group gid {gresult.gid} is incorrect, 101010 expected" + + gresult = client.tools.getent.group("group2") + assert gresult is not None, "Group group2 was not found using getent" + assert gresult.gid == 202020, f"Group gid {gresult.gid} is incorrect, 202020 expected" + + client.sssd.stop() + client.sssctl.cache_expire(everything=True) + + assert client.tools.id("user1") is None, "User user1 was found which is not expected" + assert client.tools.id(123456) is None, "User with id 123456 was found which is not expected" + assert client.tools.id("user2") is None, "User user2 was found which is not expected" + assert client.tools.id(220022) is None, "User with id 220022 was found which is not expected" + assert client.tools.getent.group("group1") is None, "Group group1 was found which is not expected" + assert client.tools.getent.group(110011) is None, "Group with gid 110011 was found which is not expected" + assert client.tools.getent.group("group2") is None, "Group group2 was found which is not expected" + assert client.tools.getent.group(202020) is None, "Group with gid 202020 was found which is not expected" + + +@pytest.mark.topology(KnownTopologyGroup.AnyProvider) +def test_memory_cache__memcache_timeout_zero(client: Client, provider: GenericProvider): + """ + :title: Cache is not created at all when 'memcache_timeout' set to '0' + :setup: + 1. Add 'user1' to SSSD + 2. Set user uid + 3. Add 'group1' to SSSD + 4. Set group gid + 5. In SSSD nss change 'memcache_timeout' set to '0' + 6. Start SSSD + :steps: + 1. Check that cache is not created + 2. Find user with id(name) + 3. Check that user has correct uid + 4. Find group with getent.group(name) + 5. Check that group has correct gid + 6. Stop SSSD + 7. Find user with id(name) and id(uid) + 8. Find group with getent.group(name) and getent.group(gid) + :expectedresults: + 1. Cache is not created + 2. User is found + 3. User has correct uid + 4. Group is found + 5. Group has correct gid + 6. Stop SSSD + 7. User is not found + 8. Group is not found + :customerscenario: False + """ + provider.user("user1").add(uid=123456, gid=19001) + provider.group("group1").add(gid=10001) + + client.sssd.nss["memcache_timeout"] = "0" + client.sssd.domain["ldap_id_mapping"] = "false" + client.sssd.start() + + r = client.host.ssh.exec(["ls", "/var/lib/sss/mc"]) + assert r.stdout == "", "Cache directory is not empty" + assert r.stderr == "", "Ls command failed" + + result = client.tools.id("user1") + assert result is not None, "User user1 was not found using user1" + assert result.user.id == 123456, f"User id {result.user.id} is incorrect, 123456 expected" + + gresult = client.tools.getent.group("group1") + assert gresult is not None, "Group group1 is not found using getent" + assert gresult.gid == 10001, f"Group gid {gresult.gid} is incorrect, 10001 expected" + + client.sssd.stop() + + assert client.tools.id("user1") is None, "User user1 was found which is not expected" + assert client.tools.id(123456) is None, "User with id 123456 was found which is not expected" + assert client.tools.getent.group("group1") is None, "Group group1 was found which is not expected" + assert client.tools.getent.group(10001) is None, "Group with gid 10001 was found which is not expected" + + +@pytest.mark.topology(KnownTopologyGroup.AnyProvider) +def test_memory_cache__removed_cache_without_invalidation(client: Client, provider: GenericProvider): + """ + :title: SSSD is stopped, cache removed then users and groups cannot be lookedup + :setup: + 1. Add 'user1' to SSSD + 2. Set user uid and gid + 3. Add 'group1' to SSSD + 4. Set group gid + 5. Start SSSD + :steps: + 1. Find user with id(name) + 2. Check that user has correct uid + 3. Find group with getent.group(name) + 4. Check that group has correct gid + 5. Stop SSSD + 6. Remove cache files + 7. Find user with id(name) and id(uid) + 8. Find group with getent.group(name) and getent.group(gid) + :expectedresults: + 1. User is found + 2. User has correct uid + 3. Group is found + 4. Group has correct gid + 5. SSSD is stopped + 6. Cache files are removed + 7. User is not found + 8. Group is not found + :customerscenario: True + """ + provider.user("user1").add(uid=123456, gid=19001) + provider.group("group1").add(gid=10001) + + client.sssd.domain["ldap_id_mapping"] = "false" + client.sssd.start() + + result = client.tools.id("user1") + assert result is not None, "User user1 is not found using id" + assert result.user.id == 123456, f"User id {result.user.id} is incorrect, 123456 expected" + + gresult = client.tools.getent.group("group1") + assert gresult is not None, "Group group1 is not found using getent" + assert gresult.gid == 10001, f"Group gid {gresult.gid} is incorrect, 10001 expected" + + client.sssd.stop() + + r = client.host.ssh.exec(["ls", "/var/lib/sss/mc"]) + for file in r.stdout.split(): + check = client.host.ssh.exec(["rm", f"/var/lib/sss/mc/{file}"]) + assert check.rc == 0, "Cache file was not removed successfully" + + assert client.tools.id("user1") is None, "User user1 was found which is not expected" + assert client.tools.id(123456) is None, "User with id 123456 was found which is not expected" + assert client.tools.getent.group("group1") is None, "Group group1 was found which is not expected" + assert client.tools.getent.group(10001) is None, "Group with gid 10001 was found which is not expected" From 3734714f81f7f40385a33e07615a38247c7f3da7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pavel=20B=C5=99ezina?= Date: Tue, 25 Jul 2023 12:48:40 +0200 Subject: [PATCH 096/280] tests: fix doctring in test_memory_cache__invalidate_group_after_stop (cherry picked from commit 7f3431a77fd45eab8bc001cc006027e484294ca3) --- src/tests/system/tests/test_memory_cache.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/tests/system/tests/test_memory_cache.py b/src/tests/system/tests/test_memory_cache.py index 768266bd049..c426f4d02c1 100644 --- a/src/tests/system/tests/test_memory_cache.py +++ b/src/tests/system/tests/test_memory_cache.py @@ -1203,7 +1203,7 @@ def test_memory_cache__invalidate_group_after_stop(client: Client, provider: Gen 1. Group is found 2. Group has correct id 3. Group has correct name - 6. SSSD is stopped + 4. SSSD is stopped 5. Cache is invalidated 6. Group is not found :customerscenario: False From e8bd99ef98a3cbed803e9fc71efbe5fc202418e5 Mon Sep 17 00:00:00 2001 From: Madhuri Upadhye Date: Tue, 25 Jul 2023 16:09:13 +0530 Subject: [PATCH 097/280] Tests: Add package for IPA tests MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Add python3-libsss_nss_idmap package in common lib of ipa Signed-off-by: Madhuri Upadhye Reviewed-by: Jakub Vávra (cherry picked from commit e3dd7cf472f9766f76c2ac449e856061ac587cb8) --- src/tests/multihost/sssd/testlib/ipa/utils.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/tests/multihost/sssd/testlib/ipa/utils.py b/src/tests/multihost/sssd/testlib/ipa/utils.py index 084138cf869..a131f9f8eef 100644 --- a/src/tests/multihost/sssd/testlib/ipa/utils.py +++ b/src/tests/multihost/sssd/testlib/ipa/utils.py @@ -17,7 +17,7 @@ def __init__(self, Host): def install_common_pkgs(self): """ Install common required packages """ - pkgs = 'ldb-tools tcpdump wireshark-cli expect' + pkgs = 'ldb-tools tcpdump wireshark-cli expect python3-libsss_nss_idmap' if '8.' in self.multihost.distro: enable_idm1 = "dnf -y module reset idm" self.multihost.run_command(enable_idm1) From fe6be47d91b61da518d974899e0a78057d9f45e1 Mon Sep 17 00:00:00 2001 From: Patrik Rosecky Date: Mon, 3 Jul 2023 14:12:29 +0200 Subject: [PATCH 098/280] tests: multihost/basic/sssctl_config_check.py converted MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Reviewed-by: Iker Pedrosa Reviewed-by: Jakub Vávra (cherry picked from commit 5ced015701038bf1d28b91be78ac6d0582871b7c) --- .../basic/test_sssctl_config_check.py | 5 + .../system/tests/test_sssctl_config_check.py | 91 +++++++++++++++++++ 2 files changed, 96 insertions(+) create mode 100644 src/tests/system/tests/test_sssctl_config_check.py diff --git a/src/tests/multihost/basic/test_sssctl_config_check.py b/src/tests/multihost/basic/test_sssctl_config_check.py index f003a8d1967..f70967e6056 100644 --- a/src/tests/multihost/basic/test_sssctl_config_check.py +++ b/src/tests/multihost/basic/test_sssctl_config_check.py @@ -9,8 +9,11 @@ import re +import pytest + class TestSssctlConfigCheck(object): + @pytest.mark.converted('test_sssctl_config_check.py', 'test_sssctl_config_check__typo_option_name') def test_verify_typo_option_name(self, multihost): """ :title: sssctl: Verify typos in option name (not value) @@ -41,6 +44,7 @@ def test_verify_typo_option_name(self, multihost): multihost.master[0].run_command(['/bin/cp', '-a', cfgput, cfgget], raiseonerr=False) + @pytest.mark.converted('test_sssctl_config_check.py', 'test_sssctl_config_check__typo_domain_name') def test_verify_typo_domain_name(self, multihost): """ :title: sssctl: Verify typos in domain name of configuration file @@ -70,6 +74,7 @@ def test_verify_typo_domain_name(self, multihost): multihost.master[0].run_command(['/bin/cp', '-a', cfgput, cfgget], raiseonerr=False) + @pytest.mark.converted('test_sssctl_config_check.py', 'test_sssctl_config_check__misplaced_option') def test_misplaced_option(self, multihost): """ :title: sssctl: Verify misplace options in default configuration file diff --git a/src/tests/system/tests/test_sssctl_config_check.py b/src/tests/system/tests/test_sssctl_config_check.py new file mode 100644 index 00000000000..14b3cfe2736 --- /dev/null +++ b/src/tests/system/tests/test_sssctl_config_check.py @@ -0,0 +1,91 @@ +""" +sssctl config-check Test Cases + +:requirement: IDM-SSSD-REQ: Status utility +""" + +from __future__ import annotations + +import re + +import pytest +from pytest_mh.ssh import SSHProcessError +from sssd_test_framework.roles.client import Client +from sssd_test_framework.topology import KnownTopology + + +@pytest.mark.topology(KnownTopology.Client) +def test_sssctl_config_check__typo_option_name(client: Client): + """ + :title: sssctl config-check detects mistyped option name + :setup: + 1. Add wrong_option to domain section + 2. Start SSSD, without config check + :steps: + 1. Call sssctl config-check + 2. Check error message + :expectedresults: + 1. config-check detects an error in config + 2. Error message is properly set + :customerscenario: False + """ + client.sssd.common.local() + client.sssd.dom("test")["wrong_option"] = "true" + + client.sssd.start(check_config=False) + + result = client.sssctl.config_check() + assert result.rc != 0, "Config-check did not detect misconfigured config" + + pattern = re.compile(r"Attribute 'wrong_option' is not allowed.*") + assert pattern.search(result.stdout), "Wrong error message was returned" + + +@pytest.mark.topology(KnownTopology.Client) +def test_sssctl_config_check__typo_domain_name(client: Client): + """ + :title: sssctl config-check detects mistyped domain name + :setup: + 1. Create mistyped domain ("domain/") + 2. Start SSSD + :steps: + 1. Call sssctl config-check, implicitly + 2. Check error message + :expectedresults: + 1. config-check detects an error in config + 2. Error message is properly set + :customerscenario: False + """ + client.sssd.dom("")["debug_level"] = "9" + + with pytest.raises(SSHProcessError) as ex: + client.sssd.start(raise_on_error=True, check_config=True) + + assert ex.match(r"Section \[domain\/\] is not allowed. Check for typos.*"), "Wrong error message was returned" + + +@pytest.mark.topology(KnownTopology.Client) +def test_sssctl_config_check__misplaced_option(client: Client): + """ + :title: sssctl config-check detects misplaced option + :setup: + 1. In domain set "services" to "nss, pam" + 2. Start SSSD, without config check + :steps: + 1. Call sssctl config-check + 2. Check error message + :expectedresults: + 1. config-check detects an error in config + 2. Error message is properly set + :customerscenario: False + """ + client.sssd.common.local() + client.sssd.dom("test")["services"] = "nss, pam" + + client.sssd.start(check_config=False) + + result = client.sssctl.config_check() + assert result.rc != 0, "Config-check did not detect misconfigured config" + + pattern = re.compile(r".Attribute 'services' is not allowed in section .*") + assert pattern.search(result.stdout), "Wrong error message was returned" From be42e37b459345179dc095bb63a887e49a0a5104 Mon Sep 17 00:00:00 2001 From: Patrik Rosecky Date: Thu, 27 Apr 2023 11:09:48 +0200 Subject: [PATCH 099/280] Tests: converted intg/test_memory_cache to test_id MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Reviewed-by: Jakub Vávra Reviewed-by: Pavel Březina (cherry picked from commit 28aeb13a284dd4521452a2e18d040338147f265c) --- src/tests/system/tests/test_id.py | 466 ++++++++++++++++++++++++++++++ 1 file changed, 466 insertions(+) create mode 100644 src/tests/system/tests/test_id.py diff --git a/src/tests/system/tests/test_id.py b/src/tests/system/tests/test_id.py new file mode 100644 index 00000000000..dc759ef17fe --- /dev/null +++ b/src/tests/system/tests/test_id.py @@ -0,0 +1,466 @@ +""" +SSSD Client identification + +:requirement: IDM-SSSD-REQ: Client side performance improvements +""" + +from __future__ import annotations + +import pytest +from sssd_test_framework.roles.client import Client +from sssd_test_framework.roles.generic import GenericProvider +from sssd_test_framework.topology import KnownTopologyGroup + + +@pytest.mark.topology(KnownTopologyGroup.AnyProvider) +def test_id__getpwnam(client: Client, provider: GenericProvider): + """ + :title: Resolve user by name with id + :setup: + 1. Add 'user1', 'user2' and 'user3' to SSSD + 2. Set users uids and gids + 3. Start SSSD + :steps: + 1. Find 'user1', 'user2' and 'user3' with id(name) + 2. Check that results have correct names + 3. Check that results have correct ids + :expectedresults: + 1. Users are found + 2. Users have correct names + 3. Users have correct ids + :customerscenario: False + """ + ids = [("user1", 10001), ("user2", 10002), ("user3", 10003)] + for user, id in ids: + provider.user(user).add(uid=id, gid=id + 500) + + client.sssd.domain["ldap_id_mapping"] = "false" + client.sssd.start() + + for name, uid in ids: + result = client.tools.id(name) + assert result is not None, f"User {name} was not found using id" + assert result.user.name == name, f"Username {result.user.name} is incorrect, {name} expected" + assert result.user.id == uid, f"User id {result.user.id} is incorrect, {uid} expected" + + +@pytest.mark.topology(KnownTopologyGroup.AnyProvider) +def test_id__getpwuid(client: Client, provider: GenericProvider): + """ + :title: Resolve user by uid with id + :setup: + 1. Add 'user1', 'user2' and 'user3' to SSSD + 2. Set users uids and gids + 3. Start SSSD + :steps: + 1. Find 'user1', 'user2' and 'user3' with id(uid) + 2. Check that users have correct names + 3. Check that users have correct ids + :expectedresults: + 1. Users are found + 2. Users have correct names + 3. Users have correct ids + :customerscenario: False + """ + ids = [("user1", 10001), ("user2", 10002), ("user3", 10003)] + for user, id in ids: + provider.user(user).add(uid=id, gid=id + 500) + + client.sssd.domain["ldap_id_mapping"] = "false" + client.sssd.start() + + for name, uid in ids: + result = client.tools.id(uid) + assert result is not None, f"User with uid {uid} was not found using id" + assert result.user.name == name, f"Username {result.user.name} is incorrect, {name} expected" + assert result.user.id == uid, f"User id {result.user.id} is incorrect, {uid} expected" + + +@pytest.mark.topology(KnownTopologyGroup.AnyProvider) +def test_id__getgrnam(client: Client, provider: GenericProvider): + """ + :title: Resolve group by name with getent.group + :setup: + 1. Add 'group1', 'group2' and 'group3' to SSSD + 2. Set groups gids + 3. Start SSSD + :steps: + 1. Find 'group1', 'group2' and 'group3' with getent.group(name) + 2. Check that groups have correct names + 3. Check that groups have correct gids + :expectedresults: + 1. Groups are found + 2. Groups have correct names + 3. Groups have correct gids + :customerscenario: False + """ + ids = [("group1", 10001), ("group2", 10002), ("group3", 10003)] + for group, id in ids: + provider.group(group).add(gid=id) + + client.sssd.domain["ldap_id_mapping"] = "false" + client.sssd.start() + + for name, gid in ids: + result = client.tools.getent.group(name) + assert result is not None, f"Group {name} was not found using getent" + assert result.name == name, f"Groupname {result.name} is incorrect, {name} expected" + assert result.gid == gid, f"Group gid {result.gid} is incorrect, {gid} expected" + + +@pytest.mark.topology(KnownTopologyGroup.AnyProvider) +def test_id__getgrgid(client: Client, provider: GenericProvider): + """ + :title: Resolve group with by gid with getent.group + :setup: + 1. Add 'group1', 'group2' and 'group3' to SSSD + 2. Set groups gids + 3. Start SSSD + :steps: + 1. Find 'group1', 'group2' and 'group3' with getent.group(gid) + 2. Check that users have correct names + 3. Check that users have correct gids + :expectedresults: + 1. Groups are found + 2. Groups have correct names + 3. Groups have correct gids + :customerscenario: False + """ + ids = [("group1", 10001), ("group2", 10002), ("group3", 10003)] + for group, id in ids: + provider.group(group).add(gid=id) + + client.sssd.domain["ldap_id_mapping"] = "false" + client.sssd.start() + + for name, gid in ids: + result = client.tools.getent.group(gid) + assert result is not None, f"Group with gid {gid} was not found using getent" + assert result.name == name, f"Groupname {result.name} is incorrect, {name} expected" + assert result.gid == gid, f"Group gid {result.gid} is incorrect, {gid} expected" + + +@pytest.mark.topology(KnownTopologyGroup.AnyProvider) +def test_id__getent_passwd(client: Client, provider: GenericProvider): + """ + :title: Resolve user with getent.passwd + :setup: + 1. Add 'user1', 'user2' and 'user3' to SSSD + 2. Set users uids and gids + 3. Add 'group1', 'group2' and 'group3' to SSSD + 4. Add users to groups + 5. Start SSSD + :steps: + 1. Find 'user1', 'user2' and 'user3' with getent.passwd(name) + 2. Find 'user1', 'user2' and 'user3' with getent.passwd(uid) + 3. Check that users have correct names + 4. Check that users have correct ids + :expectedresults: + 1. Users are found + 2. Users are found + 3. Users have correct names + 4. Users have correct ids + :customerscenario: False + """ + ids = [("user1", 10001), ("user2", 10002), ("user3", 10003)] + for user, id in ids: + provider.user(user).add(uid=id, gid=id + 500) + + client.sssd.domain["ldap_id_mapping"] = "false" + client.sssd.start() + + for name, uid in ids: + result = client.tools.getent.passwd(name) + assert result is not None, f"User {name} was not found using getent" + assert result.name == name, f"Username {result.name} is incorrect, {name} expected" + assert result.uid == uid, f"User id {result.uid} is incorrect, {uid} expected" + + result = client.tools.getent.passwd(uid) + assert result is not None, f"User with uid {uid} was not found using getent" + assert result.name == name, f"Username {result.name} is incorrect, {name} expected" + assert result.uid == uid, f"User id {result.uid} is incorrect, {uid} expected" + + +@pytest.mark.topology(KnownTopologyGroup.AnyProvider) +def test_id__getent_group(client: Client, provider: GenericProvider): + """ + :title: Resolve user with getent.group + :setup: + 1. Add 'group1', 'group2' and 'group3' to SSSD + 2. Set groups gids + 3. Start SSSD + :steps: + 1. Find 'group1', 'group2' and 'group3' with getent.group(name) + 2. Find 'group1', 'group2' and 'group3' with getent.group(gid) + 3. Check that groups have correct names + 4. Check that groups have correct gids + :expectedresults: + 1. Groups are found + 2. Groups are found + 3. Groups have correct names + 4. Groups have correct gids + :customerscenario: False + """ + groups = [("group1", 10001), ("group2", 10002), ("group3", 10003)] + for group, id in groups: + provider.group(group).add(gid=id) + + client.sssd.domain["ldap_id_mapping"] = "false" + client.sssd.start() + + for group, id in groups: + result = client.tools.getent.group(group) + assert result is not None, f"Group {group} was not found using getent" + assert result.name == group, f"Groupname {result.name} is incorrect, {group} expected" + assert result.gid == id, f"Group gid {result.gid} is incorrect, {id} expected" + + result = client.tools.getent.group(id) + assert result is not None, f"Group with gid {id} was not found using getent" + assert result.name == group, f"Groupname {result.name} is incorrect, {group} expected" + assert result.gid == id, f"Group gid {result.gid} is incorrect, {id} expected" + + +@pytest.mark.topology(KnownTopologyGroup.AnyProvider) +def test_id__membership_by_group_name(client: Client, provider: GenericProvider): + """ + :title: Check membership of user by group name with id + :setup: + 1. Add 'user1', 'user2' and 'user3' to SSSD + 2. Add 'group1' to SSSD + 3. Add members to group + 4. Start SSSD + :steps: + 1. Find 'user1', 'user2' and 'user3' with id(name) + 2. Check that users are members of correct group using memberof([name]) + :expectedresults: + 1. Users are found + 2. Users are members of correct group + :customerscenario: False + """ + users = [("user1", "group1"), ("user2", "group1"), ("user3", "group1")] + u1 = provider.user("user1").add() + u2 = provider.user("user2").add() + u3 = provider.user("user3").add() + + provider.group("group1").add().add_members([u1, u2, u3]) + + client.sssd.start() + + for name, groups in users: + result = client.tools.id(name) + assert result is not None, f"User {name} was not found using id" + assert result.memberof(groups), f"User {name} is member of wrong groups" + + +@pytest.mark.topology(KnownTopologyGroup.AnyProvider) +def test_id__membership_by_group_id(client: Client, provider: GenericProvider): + """ + :title: Check membership of user by gid with id + :setup: + 1. Add 'user1', 'user2' and 'user3' to SSSD + 2. Add 'group1' to SSSD + 3. Add members to group + 4. Start SSSD + :steps: + 1. Find 'user1', 'user2' and 'user3' with id(name) + 2. Check that users are members of correct groups using memberof(gid) + :expectedresults: + 1. Users are found + 2. Users are members of correct group + :customerscenario: False + """ + users = [("user1", 1001), ("user2", 1001), ("user3", 1001)] + u1 = provider.user("user1").add(uid=10001, gid=19001) + u2 = provider.user("user2").add(uid=10002, gid=19002) + u3 = provider.user("user3").add(uid=10003, gid=19003) + + provider.group("group1").add(gid=1001).add_members([u1, u2, u3]) + + client.sssd.domain["ldap_id_mapping"] = "false" + client.sssd.start() + + for name, gids in users: + result = client.tools.id(name) + assert result is not None, f"User {name} was not found using id" + assert result.memberof(gids), f"User {name} is member of wrong groups" + + +@pytest.mark.topology(KnownTopologyGroup.AnyProvider) +def test_id__initgroups(client: Client, provider: GenericProvider): + """ + :title: Check initgroups of user + :setup: + 1. Add users to SSSD + 2. Add groups to SSSD + 3. Set groups gids + 4. Add members to groups + 5. Start SSSD + :steps: + 1. Find users with getent.initgroups(name) + 2. Check that user has correct name + 3. Check that user has correct initgroups + :expectedresults: + 1. Users are found + 2. User has correct names + 3. User has correct initgroups + :customerscenario: False + """ + users = ["user1", "user2", "user3"] + u1 = provider.user("user1").add(uid=10001, gid=19001) + u2 = provider.user("user2").add(uid=10002, gid=19002) + u3 = provider.user("user3").add(uid=10003, gid=19003) + + provider.group("group1").add(gid=10001).add_members([u1, u2, u3]) + provider.group("group2").add(gid=10002).add_members([u1, u2, u3]) + provider.group("group3").add(gid=10003).add_members([u1, u2, u3]) + + client.sssd.domain["ldap_id_mapping"] = "false" + client.sssd.start() + + for name in users: + result = client.tools.getent.initgroups(name) + assert result.name == name, f"Username {result.name} is incorrect, {name} expected" + assert result.memberof([10001, 10002, 10003]), f"User {name} is member of wrong groups" + + +@pytest.mark.topology(KnownTopologyGroup.AnyProvider) +def test_id__getpwnam_fully_qualified_names(client: Client, provider: GenericProvider): + """ + :title: Resolve user when 'use_fully_qualified_names' is 'true' + :setup: + 1. Add 'user1' and 'user2' to SSSD + 2. Set users uids and gids + 3. In SSSD domain change 'use_fully_qualified_names' to 'true' + 4. Start SSSD + :steps: + 1. Find 'user1' and 'user2' with id(name) + 2. Find 'user1' and 'user2' with id(name@domain) + 3. Check that users have correct full names + 4. Check that users have correct ids + :expectedresults: + 1. Users are not found + 2. Users are found + 3. Users have correct full names + 4. Users have correct ids + :customerscenario: False + """ + provider.user("user1").add(uid=10001, gid=19001) + provider.user("user2").add(uid=10002, gid=19002) + + client.sssd.domain["use_fully_qualified_names"] = "true" + client.sssd.domain["ldap_id_mapping"] = "false" + client.sssd.start() + + assert client.tools.id("user1") is None, "User user1 should be found only with fq name" + assert client.tools.id("user2") is None, "User user2 should be found only with fq name" + + result = client.tools.id("user1@test") + assert result is not None, "User user1@test was not found using id" + assert result.user.name == "user1@test", f"Username {result.user.name} is incorrect, user1@test expected" + assert result.user.id == 10001, f"User id {result.user.id} is incorrect, 10001 expected" + + result = client.tools.id("user2@test") + assert result is not None, "User user2@test was not found using id" + assert result.user.name == "user2@test", f"Username {result.user.name} is incorrect, user2@test expected" + assert result.user.id == 10002, f"User id {result.user.id} is incorrect, 10002 expected" + + +@pytest.mark.topology(KnownTopologyGroup.AnyProvider) +def test_id__case_insensitive(client: Client, provider: GenericProvider): + """ + :title: Search user with case insensitive name when 'case_sensitive' is 'false' + :setup: + 1. Add 'user1', 'user2' and 'user3' to SSSD + 2. Set users uids + 3. In SSSD domain change 'case_sensitive' to 'false' + 4. Start SSSD + :steps: + 1. Find users with id(name), where name is in random lower and upper case format + 2. Check that usernames are correctly set + 3. Check that users have correct ids + :expectedresults: + 1. Users are found + 2. Users have correct names + 3. Users have correct ids + :customerscenario: False + """ + provider.user("user1").add(uid=10001, gid=19001) + provider.user("user2").add(uid=10002, gid=19002) + provider.user("user3").add(uid=10003, gid=19003) + + client.sssd.domain["case_sensitive"] = "false" + client.sssd.domain["ldap_id_mapping"] = "false" + client.sssd.start() + + for name, uid in [ + ("uSer1", 10001), + ("user1", 10001), + ("uSER1", 10001), + ("USEr2", 10002), + ("uSEr2", 10002), + ("usER2", 10002), + ("USer3", 10003), + ("uSer3", 10003), + ("USER3", 10003), + ]: + result = client.tools.id(name) + assert result is not None, f"User {name} was not found using id" + assert result.user.name == name.lower(), f"Username {result.user.name} is incorrect, {name.lower()} expected" + assert result.user.id == uid, f"User id {result.user.id} is incorrect, {uid} expected" + + +@pytest.mark.topology(KnownTopologyGroup.AnyProvider) +def test_id__fq_names_case_insensitive(client: Client, provider: GenericProvider): + """ + :title: Search user with fq case insensitive name when + 'case_sensitive' is 'false' and 'use_fully_qualified_names' is 'true' + :setup: + 1. Add 'user1', 'user2' and 'user3' to SSSD + 2. Set users gids and uids + 3. Add 'group1', 'group2' and 'group3' to SSSD + 4. Set groups gids + 5. Add members to the groups + 6. In SSSD domain change 'use_fully_qualified_names' to 'true' + 7. In SSSD domain change 'case_sensitive' to 'false' + 8. Start SSSD + :steps: + 1. Find users with id(name) + 2. Find users with id(name@domain) - name is in random lower and upper case format + 3. Check that users have correct groups + :expectedresults: + 1. Users are not found + 2. Users are found + 3. Users are members of correct groups + :customerscenario: False + """ + u1 = provider.user("user1").add(gid=101, uid=10001) + u2 = provider.user("user2").add(gid=102, uid=10002) + u3 = provider.user("user3").add(gid=103, uid=10003) + + provider.group("group1").add(gid=1001).add_members([u1]) + provider.group("group2").add(gid=1002).add_members([u1, u2]) + provider.group("group3").add(gid=1003).add_members([u1, u2, u3]) + + client.sssd.domain["use_fully_qualified_names"] = "true" + client.sssd.domain["case_sensitive"] = "false" + client.sssd.domain["ldap_id_mapping"] = "false" + client.sssd.start() + + assert client.tools.id("user1") is None, "User user1 should be found only with fq name" + assert client.tools.id("user2") is None, "User user2 should be found only with fq name" + assert client.tools.id("user3") is None, "User user3 should be found only with fq name" + + for name in ["User1@TesT", "UseR1@TesT", "UsER1@TesT"]: + result = client.tools.id(name) + assert result is not None, f"User {name} was not found using id" + assert result.memberof([101, 1001, 1002, 1003]), f"User {name} is member of wrong groups" + + for name in ["uSer2@TeST", "user2@TEsT", "uSER2@tesT"]: + result = client.tools.id(name) + assert result is not None, f"User {name} was not found using id" + assert result.memberof([102, 1002, 1003]), f"User {name} is member of wrong groups" + + for name in ["USer3@TeST", "uSer3@TeST", "USER3@Test"]: + result = client.tools.id(name) + assert result is not None, f"User {name} was not found using id" + assert result.memberof([103, 1003]), f"User {name} is member of wrong groups" From 7fbb9a0d49a55c16250a966904a2fc45de3e8a5e Mon Sep 17 00:00:00 2001 From: Andre Boscatto Date: Tue, 25 Jul 2023 22:17:56 +0000 Subject: [PATCH 100/280] mans: fix typo in ldap_idmap_autorid_compat MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Resolves: https://github.com/SSSD/sssd/issues/5198 Reviewed-by: Justin Stephenson Reviewed-by: Pavel Březina (cherry picked from commit 4d1711178dc5c7e5fcef62a49e8a6e861ed68b5b) --- src/man/include/ldap_id_mapping.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/man/include/ldap_id_mapping.xml b/src/man/include/ldap_id_mapping.xml index 3f869c50d17..25cb6e5c25f 100644 --- a/src/man/include/ldap_id_mapping.xml +++ b/src/man/include/ldap_id_mapping.xml @@ -234,7 +234,7 @@ ldap_schema = ad When this option is configured, domains will be allocated starting with slice zero and increasing - monatomically with each additional domain. + monotonically with each additional domain. NOTE: This algorithm is non-deterministic (it From 8335284962bba3ba5d565ed6fc360ffe697b0603 Mon Sep 17 00:00:00 2001 From: Patrik Rosecky Date: Thu, 1 Jun 2023 09:23:54 +0200 Subject: [PATCH 101/280] tests: converted multihost/basic/test_ldap.py MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Reviewed-by: Jakub Vávra Reviewed-by: Pavel Březina (cherry picked from commit fe61c459a9c91a46c013384831b777cd2c0b90b5) --- src/tests/multihost/basic/test_ldap.py | 2 + src/tests/system/tests/test_ldap.py | 52 ++++++++++++++++++++++++++ 2 files changed, 54 insertions(+) create mode 100644 src/tests/system/tests/test_ldap.py diff --git a/src/tests/multihost/basic/test_ldap.py b/src/tests/multihost/basic/test_ldap.py index 2ea483b8d82..ceb0d54fbc8 100644 --- a/src/tests/multihost/basic/test_ldap.py +++ b/src/tests/multihost/basic/test_ldap.py @@ -90,6 +90,7 @@ def _change_test_reset_password(multihost): client.change_user_password( user, 'Secret1234', 'Secret1234', 'Secret123', 'Secret123') + @pytest.mark.converted('test_ldap.py', 'test_ldap__change_password') @staticmethod def test_ldap_chpass_extop(multihost): """ @@ -99,6 +100,7 @@ def test_ldap_chpass_extop(multihost): """ TestLDAPChpass._change_test_reset_password(multihost) + @pytest.mark.converted('test_ldap.py', 'test_ldap__change_password') @staticmethod @pytest.mark.usefixtures("set_ldap_auth_provider", "set_ldap_pwmodify_mode_ldap_modify") diff --git a/src/tests/system/tests/test_ldap.py b/src/tests/system/tests/test_ldap.py new file mode 100644 index 00000000000..00f7522e728 --- /dev/null +++ b/src/tests/system/tests/test_ldap.py @@ -0,0 +1,52 @@ +""" +SSSD LDAP provider tests + +:requirement: IDM-SSSD-REQ : LDAP Provider +""" + +from __future__ import annotations + +import pytest +from sssd_test_framework.roles.client import Client +from sssd_test_framework.roles.ldap import LDAP +from sssd_test_framework.topology import KnownTopology + + +@pytest.mark.parametrize("modify_mode", ["exop", "ldap_modify"]) +@pytest.mark.topology(KnownTopology.LDAP) +def test_ldap__change_password(client: Client, ldap: LDAP, modify_mode: str): + """ + :title: Change password with "ldap_pwmodify_mode" set to @modify_mode + :setup: + 1. Add user to SSSD, set his password + 2. Allow user to change his password + 3. Set "ldap_pwmodify_mode" + 4. Start SSSD + :steps: + 1. Authenticate user with old password + 2. Change password of user to new password + 3. Authenticate user with new password + 4. Authenticate user with old password + :expectedresults: + 1. User is authenticated + 2. Password is changed successfully + 3. User is authenticated + 4. User is not authenticated + :customerscenario: False + """ + user = "user1" + old_pass = "Secret123" + new_pass = "New_password123" + + ldap.user(user).add(password=old_pass) + ldap.aci.add('(targetattr="userpassword")(version 3.0; acl "pwp test"; allow (all) userdn="ldap:///self";)') + + client.sssd.domain["ldap_pwmodify_mode"] = modify_mode + client.sssd.start() + + assert client.auth.ssh.password(user, old_pass), "Authentication with old correct password failed" + + assert client.auth.passwd.password(user, old_pass, new_pass), "Password change was not successful" + + assert client.auth.ssh.password(user, new_pass), "Authentication with new correct password failed" + assert not client.auth.ssh.password(user, old_pass), "Authentication with old incorrect password did not fail" From 0b5d3abd86f1d34378042830cdb9c510783e1337 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pavel=20B=C5=99ezina?= Date: Tue, 1 Aug 2023 14:42:30 +0200 Subject: [PATCH 102/280] readme: remove github actions badges These badges stopped working due to breaking changes in the badge provider: https://github.com/badges/shields/issues/8671 I don't think we really use them and we did not even update from sssd-2-7 branch to a newer one or with latest ci changes. Also it is simple to see the green tick or red cross in github web ui so these badges are redundant. Covscan result is kept since you would need to check it on different page. Reviewed-by: Iker Pedrosa Reviewed-by: Justin Stephenson (cherry picked from commit dd21de8433fa54f9cd5ca38227426986d9570e55) --- README.md | 4 ---- 1 file changed, 4 deletions(-) diff --git a/README.md b/README.md index e5e704526c5..0a4fd086e8f 100644 --- a/README.md +++ b/README.md @@ -1,8 +1,4 @@ -[![master :: CI Status](https://img.shields.io/github/workflow/status/SSSD/sssd/ci/master?label=master%20%3A%3A%20ci)](https://github.com/SSSD/sssd/actions/workflows/ci.yml?query=branch%3Amaster) -[![master :: Analyzers](https://img.shields.io/github/workflow/status/SSSD/sssd/Static%20code%20analysis/master?label=master%20%3A%3A%20analyze)](https://github.com/SSSD/sssd/actions/workflows/static-code-analysis.yml?query=branch%3Amaster) [![Coverity Scan](https://img.shields.io/coverity/scan/sssd-sssd?label=master%20::%20coverity)](https://scan.coverity.com/projects/sssd-sssd) -[![sssd-2-7 :: CI Status](https://img.shields.io/github/workflow/status/SSSD/sssd/ci/master?label=sssd-2-7%20%3A%3A%20ci)](https://github.com/SSSD/sssd/actions/workflows/ci.yml?query=branch%3Asssd-2-7) -[![sssd-2-7 :: Analyzers](https://img.shields.io/github/workflow/status/SSSD/sssd/Static%20code%20analysis/sssd-2-7?label=sssd-2-7%20%3A%3A%20analyze)](https://github.com/SSSD/sssd/actions/workflows/static-code-analysis.yml?query=branch%3Asssd-2-7) # SSSD - System Security Services Daemon From f79ce5348a6cecd5512707b76eb66d80f14165dc Mon Sep 17 00:00:00 2001 From: Iker Pedrosa Date: Thu, 18 May 2023 15:16:34 +0200 Subject: [PATCH 103/280] passkey: fix two covscan issues MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Fixes following covscan issues: ``` Error: CLANG_WARNING: sssd-2.9.0/src/krb5_plugin/passkey/passkey_utils.c:562:5: warning[unix.Malloc]: Potential leak of memory pointed to by 'data' # 560| } # 561| # 562|-> json_decref(jroot); # 563| return message; # 564| } Error: UNREACHABLE (CWE-561): sssd-2.9.0/src/responder/pam/pamsrv_passkey.c:1039: unreachable: This code cannot be reached: "if (!pctx->passkey_auth) { ...". # 1037| #endif # 1038| # 1039|-> if (!pctx->passkey_auth) { # 1040| return false; # 1041| } ``` Resolves: https://github.com/SSSD/sssd/issues/6733 Signed-off-by: Iker Pedrosa Reviewed-by: Justin Stephenson Reviewed-by: Pavel Březina Reviewed-by: Sumit Bose Reviewed-by: Alexey Tikhonov Reviewed-by: Justin Stephenson --- src/krb5_plugin/passkey/passkey_utils.c | 6 ++---- src/responder/pam/pamsrv_passkey.c | 4 ++-- 2 files changed, 4 insertions(+), 6 deletions(-) diff --git a/src/krb5_plugin/passkey/passkey_utils.c b/src/krb5_plugin/passkey/passkey_utils.c index 3d84862ebf5..0fd22fb1757 100644 --- a/src/krb5_plugin/passkey/passkey_utils.c +++ b/src/krb5_plugin/passkey/passkey_utils.c @@ -535,7 +535,7 @@ sss_passkey_prefix_json_data(enum sss_passkey_phase phase, json_error_t jret; json_t *jroot; struct sss_passkey_message *message; - void *data; + struct sss_passkey_reply *data; if (json_str == NULL) { return NULL; @@ -553,9 +553,7 @@ sss_passkey_prefix_json_data(enum sss_passkey_phase phase, } message = sss_passkey_message_init(phase, state, data); - if (message == NULL && phase == SSS_PASSKEY_PHASE_CHALLENGE) { - sss_passkey_challenge_free(data); - } else if (message == NULL && phase == SSS_PASSKEY_PHASE_REPLY) { + if (message == NULL) { sss_passkey_reply_free(data); } diff --git a/src/responder/pam/pamsrv_passkey.c b/src/responder/pam/pamsrv_passkey.c index f1d5733e35b..36c1b085228 100644 --- a/src/responder/pam/pamsrv_passkey.c +++ b/src/responder/pam/pamsrv_passkey.c @@ -1034,8 +1034,7 @@ bool may_do_passkey_auth(struct pam_ctx *pctx, #ifndef BUILD_PASSKEY DEBUG(SSSDBG_TRACE_FUNC, "Passkey auth not possible, SSSD built without passkey support!\n"); return false; -#endif - +#else if (!pctx->passkey_auth) { return false; } @@ -1049,4 +1048,5 @@ bool may_do_passkey_auth(struct pam_ctx *pctx, } return true; +#endif /* BUILD_PASSKEY */ } From aba98a49b55d794e37f098221b25dfe87b6f552f Mon Sep 17 00:00:00 2001 From: Iker Pedrosa Date: Wed, 24 May 2023 17:02:49 +0200 Subject: [PATCH 104/280] passkey: rename function MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Rename `sss_passkey_prefix_json_data()` to `sss_passkey_message_from_reply_json()`. Signed-off-by: Iker Pedrosa Reviewed-by: Justin Stephenson Reviewed-by: Pavel Březina Reviewed-by: Sumit Bose Reviewed-by: Alexey Tikhonov Reviewed-by: Justin Stephenson --- src/krb5_plugin/passkey/passkey.h | 6 +++--- src/krb5_plugin/passkey/passkey_utils.c | 6 +++--- src/providers/krb5/krb5_child.c | 2 +- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/src/krb5_plugin/passkey/passkey.h b/src/krb5_plugin/passkey/passkey.h index 7c2d7f3a73a..4c143b48db8 100644 --- a/src/krb5_plugin/passkey/passkey.h +++ b/src/krb5_plugin/passkey/passkey.h @@ -81,9 +81,9 @@ void sss_passkey_message_free(struct sss_passkey_message *message); struct sss_passkey_message * -sss_passkey_prefix_json_data(enum sss_passkey_phase phase, - const char *state, - const char *json_str); +sss_passkey_message_from_reply_json(enum sss_passkey_phase phase, + const char *state, + const char *json_str); char * sss_passkey_message_encode(const struct sss_passkey_message *data); diff --git a/src/krb5_plugin/passkey/passkey_utils.c b/src/krb5_plugin/passkey/passkey_utils.c index 0fd22fb1757..3e777aedc68 100644 --- a/src/krb5_plugin/passkey/passkey_utils.c +++ b/src/krb5_plugin/passkey/passkey_utils.c @@ -528,9 +528,9 @@ sss_passkey_message_to_json(const struct sss_passkey_message *message) } struct sss_passkey_message * -sss_passkey_prefix_json_data(enum sss_passkey_phase phase, - const char *state, - const char *json_str) +sss_passkey_message_from_reply_json(enum sss_passkey_phase phase, + const char *state, + const char *json_str) { json_error_t jret; json_t *jroot; diff --git a/src/providers/krb5/krb5_child.c b/src/providers/krb5/krb5_child.c index ae2c23aa98b..f69cd6d54a8 100644 --- a/src/providers/krb5/krb5_child.c +++ b/src/providers/krb5/krb5_child.c @@ -1051,7 +1051,7 @@ static krb5_error_code answer_passkey(krb5_context kctx, phase = SSS_PASSKEY_PHASE_REPLY; state = SSSD_PASSKEY_REPLY_STATE; - reply_msg = sss_passkey_prefix_json_data(phase, state, reply); + reply_msg = sss_passkey_message_from_reply_json(phase, state, reply); if (reply_msg == NULL) { DEBUG(SSSDBG_OP_FAILURE, "Unable to prefix passkey message\n"); kerr = EINVAL; From 9c9a8dee265975536b7d6e8687bb20d9ae94b7d9 Mon Sep 17 00:00:00 2001 From: Alexey Tikhonov Date: Sat, 12 Aug 2023 13:44:15 +0200 Subject: [PATCH 105/280] MAN: only mention 'files' provider if its support is built Reviewed-by: Iker Pedrosa Reviewed-by: Justin Stephenson (cherry picked from commit 16d3308b4b938a782b43e50b8041e02b8c683e9a) --- src/man/sssd.conf.5.xml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/man/sssd.conf.5.xml b/src/man/sssd.conf.5.xml index b74b9d1f444..ba8ac7551c1 100644 --- a/src/man/sssd.conf.5.xml +++ b/src/man/sssd.conf.5.xml @@ -4015,8 +4015,8 @@ auth_provider = none local_auth_policy = only - - This option is ignored for the files provider + + This option is ignored for the files provider. Default: match From e19570ef6113c405c38735448d5b1880fb064e22 Mon Sep 17 00:00:00 2001 From: Alexey Tikhonov Date: Mon, 19 Jun 2023 20:56:14 +0200 Subject: [PATCH 106/280] KRB5: avoid another attempt to free 'cc' in 'done:' section if first attempt failed. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Reviewed-by: Alejandro López Reviewed-by: Tomáš Halman (cherry picked from commit f6bbd591d636e4309ec37659f825b0f9c53d4b6b) Reviewed-by: Tomáš Halman --- src/providers/krb5/krb5_ccache.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/providers/krb5/krb5_ccache.c b/src/providers/krb5/krb5_ccache.c index 5b80fec52c8..72c3a23de35 100644 --- a/src/providers/krb5/krb5_ccache.c +++ b/src/providers/krb5/krb5_ccache.c @@ -637,12 +637,12 @@ errno_t get_ccache_file_data(const char *ccache_file, const char *client_name, krb5_free_cred_contents(ctx, &cred); kerr = krb5_cc_close(ctx, cc); + cc = NULL; if (kerr != 0) { KRB5_DEBUG(SSSDBG_OP_FAILURE, ctx, kerr); DEBUG(SSSDBG_CRIT_FAILURE, "krb5_cc_close failed.\n"); goto done; } - cc = NULL; kerr = 0; From e124370f57eb9fec359421991271056c4a52a39e Mon Sep 17 00:00:00 2001 From: Alexey Tikhonov Date: Mon, 19 Jun 2023 21:29:40 +0200 Subject: [PATCH 107/280] KRB5: use proper function to deallocate mem MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Reviewed-by: Alejandro López Reviewed-by: Tomáš Halman (cherry picked from commit ff5096bb766765e45aaad156285a603a21aa1bc8) Reviewed-by: Tomáš Halman --- src/providers/krb5/krb5_ccache.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/providers/krb5/krb5_ccache.c b/src/providers/krb5/krb5_ccache.c index 72c3a23de35..20d932e535c 100644 --- a/src/providers/krb5/krb5_ccache.c +++ b/src/providers/krb5/krb5_ccache.c @@ -781,7 +781,7 @@ krb5_error_code copy_ccache_into_memory(TALLOC_CTX *mem_ctx, krb5_context kctx, talloc_free(mem_name); } - free(ccache_name); + krb5_free_string(kctx, ccache_name); krb5_free_principal(kctx, princ); if (krb5_cc_close(kctx, ccache) != 0) { From f745621e839487d9f15e52d7204634a8dd7460e7 Mon Sep 17 00:00:00 2001 From: Alexey Tikhonov Date: Mon, 19 Jun 2023 21:46:08 +0200 Subject: [PATCH 108/280] KRB5: avoid FORWARD_NULL MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Reviewed-by: Alejandro López Reviewed-by: Tomáš Halman (cherry picked from commit 7f308c6fe01408fa6beb48b9f7627068968da771) Reviewed-by: Tomáš Halman --- src/providers/krb5/krb5_ccache.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/providers/krb5/krb5_ccache.c b/src/providers/krb5/krb5_ccache.c index 20d932e535c..88f75a8d824 100644 --- a/src/providers/krb5/krb5_ccache.c +++ b/src/providers/krb5/krb5_ccache.c @@ -788,7 +788,7 @@ krb5_error_code copy_ccache_into_memory(TALLOC_CTX *mem_ctx, krb5_context kctx, DEBUG(SSSDBG_OP_FAILURE, "krb5_cc_close failed.\n"); } - if (krb5_cc_close(kctx, mem_ccache) != 0) { + if ((mem_ccache != NULL) && (krb5_cc_close(kctx, mem_ccache) != 0)) { DEBUG(SSSDBG_OP_FAILURE, "krb5_cc_close failed.\n"); } From b9fa1af6ee005c802adfd3fdd8d8525f299487da Mon Sep 17 00:00:00 2001 From: Alexey Tikhonov Date: Mon, 19 Jun 2023 21:53:28 +0200 Subject: [PATCH 109/280] KRB5: fix memory leak MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Reviewed-by: Alejandro López Reviewed-by: Tomáš Halman (cherry picked from commit b69ff375a2b185219bae91c48aa7bfb3138b98f2) Reviewed-by: Tomáš Halman --- src/providers/krb5/krb5_child.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/providers/krb5/krb5_child.c b/src/providers/krb5/krb5_child.c index f69cd6d54a8..774b47e3a25 100644 --- a/src/providers/krb5/krb5_child.c +++ b/src/providers/krb5/krb5_child.c @@ -1400,6 +1400,9 @@ static krb5_error_code create_ccache(char *ccname, krb5_creds *creds) /* FIXME: should we krb5_cc_destroy in case of error? */ krb5_cc_close(kctx, kcc); } + + krb5_free_context(kctx); + return kerr; } From 2ed6aa8d4a1012a645af1264073f5a1a7c9ce332 Mon Sep 17 00:00:00 2001 From: Alexey Tikhonov Date: Mon, 19 Jun 2023 21:56:13 +0200 Subject: [PATCH 110/280] KRB5: fix memory leak MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Reviewed-by: Alejandro López Reviewed-by: Tomáš Halman (cherry picked from commit 75822701770179582c344960603cce8bd54a7890) Reviewed-by: Tomáš Halman --- src/providers/krb5/krb5_child.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/providers/krb5/krb5_child.c b/src/providers/krb5/krb5_child.c index 774b47e3a25..158831198be 100644 --- a/src/providers/krb5/krb5_child.c +++ b/src/providers/krb5/krb5_child.c @@ -1854,6 +1854,7 @@ static krb5_error_code validate_tgt(struct krb5_req *kr) if (kerr != 0) { DEBUG(SSSDBG_CRIT_FAILURE, "error reading keytab [%s], " \ "not verifying TGT.\n", kr->keytab); + krb5_kt_close(kr->ctx, keytab); return kerr; } From afbf087d14fd47d385a5f84b994263c999f6226c Mon Sep 17 00:00:00 2001 From: Alexey Tikhonov Date: Mon, 19 Jun 2023 22:03:43 +0200 Subject: [PATCH 111/280] KRB5: avoid RESOURCE_LEAK MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Reviewed-by: Alejandro López Reviewed-by: Tomáš Halman (cherry picked from commit a83be8fb51172d4e1a282a0a078d81ee93afdcb5) Reviewed-by: Tomáš Halman --- src/providers/krb5/krb5_child.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/providers/krb5/krb5_child.c b/src/providers/krb5/krb5_child.c index 158831198be..a3d83b4c8c1 100644 --- a/src/providers/krb5/krb5_child.c +++ b/src/providers/krb5/krb5_child.c @@ -1869,6 +1869,7 @@ static krb5_error_code validate_tgt(struct krb5_req *kr) &validation_princ); if (kerr != 0) { DEBUG(SSSDBG_CRIT_FAILURE, "krb5_copy_principal failed.\n"); + krb5_kt_end_seq_get(kr->ctx, keytab, &cursor); goto done; } From 996affcf6e1bc92998d7cf54a5588463eb22a0c6 Mon Sep 17 00:00:00 2001 From: Alexey Tikhonov Date: Tue, 20 Jun 2023 16:48:07 +0200 Subject: [PATCH 112/280] KRB5: fixed RESOURCE_LEAK MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Reviewed-by: Alejandro López Reviewed-by: Tomáš Halman (cherry picked from commit 01f0d067f1e4ba8ec3710f515d21631a53c9c9ef) Reviewed-by: Tomáš Halman --- src/providers/krb5/krb5_keytab.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/providers/krb5/krb5_keytab.c b/src/providers/krb5/krb5_keytab.c index e70408b9b94..db383d411dd 100644 --- a/src/providers/krb5/krb5_keytab.c +++ b/src/providers/krb5/krb5_keytab.c @@ -214,6 +214,9 @@ krb5_error_code copy_keytab_into_memory(TALLOC_CTX *mem_ctx, krb5_context kctx, if (kerr != 0) { talloc_free(mem_name); + if ((mem_keytab != NULL) && krb5_kt_close(kctx, mem_keytab) != 0) { + DEBUG(SSSDBG_MINOR_FAILURE, "krb5_kt_close failed.\n"); + } } if (tmp_mem_keytab != NULL && krb5_kt_close(kctx, tmp_mem_keytab) != 0) { From 4d12836767f649cb743e4681f8f86eda18bad754 Mon Sep 17 00:00:00 2001 From: Alexey Tikhonov Date: Tue, 20 Jun 2023 17:22:07 +0200 Subject: [PATCH 113/280] LDAP: fixed RESOURCE_LEAK MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Reviewed-by: Alejandro López Reviewed-by: Tomáš Halman (cherry picked from commit fd7da517ddd0e220f081ad9e7b5d7fcb0cae39b7) Reviewed-by: Tomáš Halman --- src/providers/ldap/ldap_child.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/providers/ldap/ldap_child.c b/src/providers/ldap/ldap_child.c index 4818240d4c9..6ad2fb63af5 100644 --- a/src/providers/ldap/ldap_child.c +++ b/src/providers/ldap/ldap_child.c @@ -212,6 +212,7 @@ static int lc_verify_keytab_ex(const char *principal, DEBUG(SSSDBG_FATAL_FAILURE, "Could not parse keytab entry\n"); sss_log(SSS_LOG_ERR, "Could not parse keytab entry\n"); + krb5_kt_end_seq_get(context, keytab, &cursor); return EIO; } From f7f9f6e5f7cd5cd80617ca69416e7c28c53487b6 Mon Sep 17 00:00:00 2001 From: Alexey Tikhonov Date: Tue, 20 Jun 2023 17:41:36 +0200 Subject: [PATCH 114/280] LDAP: fixed leak of `kprinc` MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Reviewed-by: Alejandro López Reviewed-by: Tomáš Halman (cherry picked from commit eca00ef4719c44c4e68ead3346a16229b6471d13) Reviewed-by: Tomáš Halman --- src/providers/ldap/ldap_child.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/src/providers/ldap/ldap_child.c b/src/providers/ldap/ldap_child.c index 6ad2fb63af5..6c167d239e7 100644 --- a/src/providers/ldap/ldap_child.c +++ b/src/providers/ldap/ldap_child.c @@ -367,12 +367,6 @@ static krb5_error_code ldap_child_get_tgt_sync(TALLOC_CTX *memctx, } DEBUG(SSSDBG_CONF_SETTINGS, "Principal name is: [%s]\n", full_princ); - krberr = krb5_parse_name(context, full_princ, &kprinc); - if (krberr != 0) { - DEBUG(SSSDBG_OP_FAILURE, "krb5_parse_name() failed: %d\n", krberr); - goto done; - } - if (keytab_name) { krberr = krb5_kt_resolve(context, keytab_name, &keytab); } else { @@ -447,8 +441,14 @@ static krb5_error_code ldap_child_get_tgt_sync(TALLOC_CTX *memctx, goto done; } + krberr = krb5_parse_name(context, full_princ, &kprinc); + if (krberr != 0) { + DEBUG(SSSDBG_OP_FAILURE, "krb5_parse_name() failed: %d\n", krberr); + goto done; + } krberr = krb5_get_init_creds_keytab(context, &my_creds, kprinc, keytab, 0, NULL, options); + krb5_free_principal(context, kprinc); if (krberr != 0) { DEBUG(SSSDBG_OP_FAILURE, "krb5_get_init_creds_keytab() failed: %d\n", krberr); From 50e2fd2428283cf41a12a3789b146b59306eb8c7 Mon Sep 17 00:00:00 2001 From: Alexey Tikhonov Date: Tue, 20 Jun 2023 18:04:51 +0200 Subject: [PATCH 115/280] UTILS: fixed USE_AFTER_FREE MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Reviewed-by: Alejandro López Reviewed-by: Tomáš Halman (cherry picked from commit d02533caca667b51f29fa02ee9ed48c8b3896c69) Reviewed-by: Tomáš Halman --- src/util/sss_krb5.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/util/sss_krb5.c b/src/util/sss_krb5.c index 6c4a908b74b..3f57e5b268f 100644 --- a/src/util/sss_krb5.c +++ b/src/util/sss_krb5.c @@ -279,8 +279,8 @@ errno_t select_principal_from_keytab(TALLOC_CTX *mem_ctx, (error_message ? error_message : sss_strerror(ret))); } if (keytab) krb5_kt_close(krb_ctx, keytab); - if (krb_ctx) krb5_free_context(krb_ctx); if (client_princ) krb5_free_principal(krb_ctx, client_princ); + if (krb_ctx) krb5_free_context(krb_ctx); talloc_free(tmp_ctx); return ret; } From 4b2dbc2da28b6c21c87e21e0f6267e20fe5c5a3a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fran=C3=A7ois=20Cami?= Date: Tue, 4 Jul 2023 20:25:39 +0200 Subject: [PATCH 116/280] Fix typo: found => find MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Fix typo in error message: "waitpid did not found" => "waitpid did not find" Signed-off-by: François Cami Reviewed-by: Andre Boscatto Reviewed-by: Justin Stephenson (cherry picked from commit 0368c368ad4d05a6e8e1b9b16fe78c8d3c24c978) Reviewed-by: Justin Stephenson --- src/providers/proxy/proxy_auth.c | 2 +- src/util/child_common.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/providers/proxy/proxy_auth.c b/src/providers/proxy/proxy_auth.c index c35aa907507..94451a7ffab 100644 --- a/src/providers/proxy/proxy_auth.c +++ b/src/providers/proxy/proxy_auth.c @@ -454,7 +454,7 @@ static void proxy_child_sig_handler(struct tevent_context *ev, "waitpid failed [%d][%s].\n", ret, strerror(ret)); } else if (ret == 0) { DEBUG(SSSDBG_CRIT_FAILURE, - "waitpid did not found a child with changed status.\n"); + "waitpid did not find a child with changed status.\n"); } else { if (WIFEXITED(child_status)) { DEBUG(SSSDBG_CONF_SETTINGS, diff --git a/src/util/child_common.c b/src/util/child_common.c index 10af560782a..6f950614f08 100644 --- a/src/util/child_common.c +++ b/src/util/child_common.c @@ -638,7 +638,7 @@ static void child_sig_handler(struct tevent_context *ev, "waitpid failed [%d][%s].\n", err, strerror(err)); } else if (ret == 0) { DEBUG(SSSDBG_CRIT_FAILURE, - "waitpid did not found a child with changed status.\n"); + "waitpid did not find a child with changed status.\n"); } else { if (WIFEXITED(child_ctx->child_status)) { if (WEXITSTATUS(child_ctx->child_status) != 0) { From d479b28d5d361aea275ef7a0a9b4392df7282d69 Mon Sep 17 00:00:00 2001 From: Alexey Tikhonov Date: Mon, 7 Aug 2023 18:51:54 +0200 Subject: [PATCH 117/280] UTILS: swap order of seteuid()/setegid() MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Otherwise it fails with: ``` 6906 16:40:32.455571 setresuid(-1, 996, -1) = 0 6906 16:40:32.455590 setresgid(-1, 993, -1) = -1 EPERM (Operation not permitted) ``` Reviewed-by: Alejandro López Reviewed-by: Iker Pedrosa (cherry picked from commit fcfffb5cf14ddd2ff28873e2274bca226441b40b) Reviewed-by: Iker Pedrosa --- src/util/usertools.c | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/src/util/usertools.c b/src/util/usertools.c index 40c14103296..8084760a03e 100644 --- a/src/util/usertools.c +++ b/src/util/usertools.c @@ -860,16 +860,17 @@ void sss_set_sssd_user_eid(void) if (geteuid() == 0) { sss_sssd_user_uid_and_gid(&uid, &gid); - if (seteuid(uid) != EOK) { - DEBUG(SSSDBG_MINOR_FAILURE, - "Failed to set euid to %"SPRIuid": %s\n", - uid, sss_strerror(errno)); - } + if (setegid(gid) != EOK) { - DEBUG(SSSDBG_MINOR_FAILURE, + DEBUG(SSSDBG_IMPORTANT_INFO, "Failed to set egid to %"SPRIgid": %s\n", gid, sss_strerror(errno)); } + if (seteuid(uid) != EOK) { + DEBUG(SSSDBG_IMPORTANT_INFO, + "Failed to set euid to %"SPRIuid": %s\n", + uid, sss_strerror(errno)); + } } } @@ -877,12 +878,12 @@ void sss_restore_sssd_user_eid(void) { if (getuid() == 0) { if (seteuid(getuid()) != EOK) { - DEBUG(SSSDBG_MINOR_FAILURE, + DEBUG(SSSDBG_IMPORTANT_INFO, "Failed to restore euid: %s\n", sss_strerror(errno)); } if (setegid(getgid()) != EOK) { - DEBUG(SSSDBG_MINOR_FAILURE, + DEBUG(SSSDBG_IMPORTANT_INFO, "Failed to restore egid: %s\n", sss_strerror(errno)); } From 358e6d1820885364dae489fa312aae1718d0586b Mon Sep 17 00:00:00 2001 From: Alexey Tikhonov Date: Wed, 9 Aug 2023 16:23:50 +0200 Subject: [PATCH 118/280] SBUS: warn loudly if bus denies access MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Reviewed-by: Alejandro López Reviewed-by: Justin Stephenson (cherry picked from commit 9380c8eff6c4abccb4ac9484a2d0eb3d5427546c) Reviewed-by: Justin Stephenson --- src/sbus/connection/sbus_dbus.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/src/sbus/connection/sbus_dbus.c b/src/sbus/connection/sbus_dbus.c index e30c873712b..69b18bc42c0 100644 --- a/src/sbus/connection/sbus_dbus.c +++ b/src/sbus/connection/sbus_dbus.c @@ -42,8 +42,14 @@ sbus_dbus_request_name(DBusConnection *dbus_conn, const char *name) dbret = dbus_bus_request_name(dbus_conn, name, flags, &dbus_error); if (dbret == -1) { - DEBUG(SSSDBG_CRIT_FAILURE, "Unable to request name on the " - "system bus [%s]: %s\n", dbus_error.name, dbus_error.message); + DEBUG(SSSDBG_CRIT_FAILURE, "Unable to request name '%s' on the system" + " bus [%s]: %s\n", name, dbus_error.name, dbus_error.message); + if (dbus_error_has_name(&dbus_error, DBUS_ERROR_ACCESS_DENIED)) { + DEBUG(SSSDBG_FATAL_FAILURE, + "Access denied - check dbus service configuration.\n"); + sss_log(SSS_LOG_CRIT, "SSSD dbus service can't acquire bus name" + " - check dbus service configuration."); + } ret = EIO; goto done; } else if (dbret != DBUS_REQUEST_NAME_REPLY_PRIMARY_OWNER) { From 1c417bafc556a6a5a1a7cef9d19583dfce1a5e78 Mon Sep 17 00:00:00 2001 From: Alexey Tikhonov Date: Wed, 9 Aug 2023 19:56:10 +0200 Subject: [PATCH 119/280] IFP: add a comment to 'org.freedesktop.sssd.infopipe.service' to avoid potential confusion MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Reviewed-by: Alejandro López Reviewed-by: Justin Stephenson (cherry picked from commit d91c944c9f481ee1c78acab686d06452cbe9b81a) Reviewed-by: Justin Stephenson --- Makefile.am | 3 +++ src/responder/ifp/org.freedesktop.sssd.infopipe.service.in | 1 + 2 files changed, 4 insertions(+) diff --git a/Makefile.am b/Makefile.am index 11c9a0df2ad..a3952ce78d2 100644 --- a/Makefile.am +++ b/Makefile.am @@ -90,6 +90,7 @@ sssdkcmdatadir = $(datadir)/sssd-kcm deskprofilepath = $(sss_statedir)/deskprofile if HAVE_SYSTEMD_UNIT +ifp_dbus_exec_comment = \# If system is configured to use systemd ifp service ("SystemdService=") then "Exec=" and "User=" options are not used ifp_exec_cmd = $(sssdlibexecdir)/sssd_ifp --uid 0 --gid 0 --dbus-activated ifp_systemdservice = SystemdService=sssd-ifp.service ifp_restart = Restart=on-failure @@ -105,6 +106,7 @@ if SSSD_NON_ROOT_USER additional_caps = CAP_DAC_OVERRIDE endif else +ifp_dbus_exec_comment = \# "sss_signal" is used to force SSSD monitor to trigger "sssd_ifp" reconnection to dbus ifp_exec_cmd = $(sssdlibexecdir)/sss_signal ifp_systemdservice = ifp_restart = @@ -1746,6 +1748,7 @@ EXTRA_DIST += \ ifp_edit_cmd = $(edit_cmd) \ -e 's|@ifp_exec_cmd[@]|$(ifp_exec_cmd)|g' \ + -e 's|@ifp_dbus_exec_comment[@]|$(ifp_dbus_exec_comment)|g' \ -e 's|@ifp_systemdservice[@]|$(ifp_systemdservice)|g' \ -e 's|@ifp_restart[@]|$(ifp_restart)|g' diff --git a/src/responder/ifp/org.freedesktop.sssd.infopipe.service.in b/src/responder/ifp/org.freedesktop.sssd.infopipe.service.in index ee77f41bd56..ca06cb185c2 100644 --- a/src/responder/ifp/org.freedesktop.sssd.infopipe.service.in +++ b/src/responder/ifp/org.freedesktop.sssd.infopipe.service.in @@ -1,5 +1,6 @@ [D-BUS Service] Name=org.freedesktop.sssd.infopipe +@ifp_dbus_exec_comment@ Exec=@ifp_exec_cmd@ User=root @ifp_systemdservice@ From e57b8e775087cc6d154cb59193374be028c1d96f Mon Sep 17 00:00:00 2001 From: Justin Stephenson Date: Fri, 21 Jul 2023 16:24:54 -0400 Subject: [PATCH 120/280] Passkey: Warning display for fallback MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Warn the user before and after login that Kerberos ticket may not have been granted. Reviewed-by: Iker Pedrosa Reviewed-by: Tomáš Halman (cherry picked from commit 348c8f535b7b63cda07f45274fdfe4cdb033490b) --- src/responder/pam/pamsrv_cmd.c | 12 ++++++++++++ src/responder/pam/pamsrv_passkey.c | 2 ++ src/sss_client/pam_sss.c | 28 ++++++++++++++++++++++++++++ src/sss_client/sss_cli.h | 3 +++ src/util/sss_pam_data.h | 1 + 5 files changed, 46 insertions(+) diff --git a/src/responder/pam/pamsrv_cmd.c b/src/responder/pam/pamsrv_cmd.c index e4c63822ac0..94cbf13e8d1 100644 --- a/src/responder/pam/pamsrv_cmd.c +++ b/src/responder/pam/pamsrv_cmd.c @@ -1623,6 +1623,18 @@ void pam_reply(struct pam_auth_req *preq) goto done; } + /* Passkey auth user notification if no TGT is granted */ + if (pd->cmd == SSS_PAM_AUTHENTICATE && + pd->pam_status == PAM_SUCCESS && + preq->pd->passkey_local_done) { + user_info_type = SSS_PAM_USER_INFO_NO_KRB_TGT; + pam_add_response(pd, SSS_PAM_USER_INFO, + sizeof(uint32_t), (const uint8_t *) &user_info_type); + DEBUG(SSSDBG_IMPORTANT_INFO, + "User [%s] logged in with local passkey authentication, single " + "sign on ticket is not obtained.\n", pd->user); + } + /* Account expiration warning is printed for sshd. If pam_verbosity * is equal or above PAM_VERBOSITY_INFO then all services are informed * about account expiration. diff --git a/src/responder/pam/pamsrv_passkey.c b/src/responder/pam/pamsrv_passkey.c index 36c1b085228..eb62db03d78 100644 --- a/src/responder/pam/pamsrv_passkey.c +++ b/src/responder/pam/pamsrv_passkey.c @@ -438,6 +438,8 @@ void pam_forwarder_passkey_cb(struct tevent_req *req) goto done; } + preq->pd->passkey_local_done = true; + DEBUG(SSSDBG_TRACE_FUNC, "passkey child finished with status [%d]\n", child_status); preq->pd->pam_status = PAM_SUCCESS; pam_reply(preq); diff --git a/src/sss_client/pam_sss.c b/src/sss_client/pam_sss.c index 957213afb5f..2cc43c3ff77 100644 --- a/src/sss_client/pam_sss.c +++ b/src/sss_client/pam_sss.c @@ -68,6 +68,7 @@ #define EXP_ACC_MSG _("Permission denied. ") #define SRV_MSG _("Server message: ") +#define PASSKEY_LOCAL_AUTH_MSG _("Kerberos TGT will not be granted upon login, user experience will be affected.") #define PASSKEY_DEFAULT_PIN_MSG _("Enter PIN:") #define DEBUG_MGS_LEN 1024 @@ -736,6 +737,24 @@ static int user_info_pin_locked(pam_handle_t *pamh) return PAM_SUCCESS; } +static int user_info_no_krb_tgt(pam_handle_t *pamh) +{ + int ret; + + ret = do_pam_conversation(pamh, PAM_TEXT_INFO, + _("No Kerberos TGT granted as " + "the server does not support this method. " + "Your single-sign on(SSO) experience will " + "be affected."), + NULL, NULL); + if (ret != PAM_SUCCESS) { + D(("do_pam_conversation failed.")); + return PAM_SYSTEM_ERR; + } + + return PAM_SUCCESS; +} + static int user_info_account_expired(pam_handle_t *pamh, size_t buflen, uint8_t *buf) { @@ -889,6 +908,9 @@ static int eval_user_info_response(pam_handle_t *pamh, size_t buflen, case SSS_PAM_USER_INFO_ACCOUNT_EXPIRED: ret = user_info_account_expired(pamh, buflen, buf); break; + case SSS_PAM_USER_INFO_NO_KRB_TGT: + ret = user_info_no_krb_tgt(pamh); + break; default: D(("Unknown user info type [%d]", type)); ret = PAM_SYSTEM_ERR; @@ -1846,6 +1868,12 @@ static int prompt_passkey(pam_handle_t *pamh, struct pam_items *pi, } kerberos_preauth = pi->passkey_key != NULL ? true : false; + if (!kerberos_preauth) { + m[msg_idx].msg_style = PAM_TEXT_INFO; + m[msg_idx].msg = PASSKEY_LOCAL_AUTH_MSG; + msg_idx++; + } + if ((strcasecmp(pi->passkey_prompt_pin, "false")) == 0) { prompt_pin = false; } else { diff --git a/src/sss_client/sss_cli.h b/src/sss_client/sss_cli.h index dd36e215890..4614612b679 100644 --- a/src/sss_client/sss_cli.h +++ b/src/sss_client/sss_cli.h @@ -637,6 +637,9 @@ enum user_info_type { * specified length. */ SSS_PAM_USER_INFO_PIN_LOCKED, /**< Tell the user that the PIN is locked */ + SSS_PAM_USER_INFO_NO_KRB_TGT, /**< Tell the user that Kerberos local/offline + auth was performed, therefore no TGT + is granted */ }; /** * @} diff --git a/src/util/sss_pam_data.h b/src/util/sss_pam_data.h index d80ab311951..e9b90a8a4e5 100644 --- a/src/util/sss_pam_data.h +++ b/src/util/sss_pam_data.h @@ -74,6 +74,7 @@ struct pam_data { #ifdef USE_KEYRING key_serial_t key_serial; #endif + bool passkey_local_done; }; /** From ccbeb647ca35b57c9cc02535c37a3e17c81c62be Mon Sep 17 00:00:00 2001 From: Justin Stephenson Date: Tue, 15 Aug 2023 16:27:39 -0400 Subject: [PATCH 121/280] Makefile: Respect `BUILD_PASSKEY` conditional Reviewed-by: Alexey Tikhonov Reviewed-by: Iker Pedrosa (cherry picked from commit a20dadc7ec9b21687356d1b0b0218db89f438c67) --- Makefile.am | 11 ++++++++--- src/providers/krb5/krb5_child.c | 5 +++++ 2 files changed, 13 insertions(+), 3 deletions(-) diff --git a/Makefile.am b/Makefile.am index a3952ce78d2..066f5d94eef 100644 --- a/Makefile.am +++ b/Makefile.am @@ -1319,7 +1319,9 @@ endif if BUILD_SYSTEMTAP libsss_util_la_LIBADD += stap_generated_probes.lo endif +if BUILD_PASSKEY libsss_util_la_SOURCES += src/db/sysdb_passkey_user_verification.c +endif # BUILD_PASSKEY libsss_util_la_LDFLAGS = -avoid-version pkglib_LTLIBRARIES += libsss_semanage.la @@ -2621,7 +2623,6 @@ pam_srv_tests_SOURCES = \ src/responder/pam/pamsrv_cmd.c \ src/responder/pam/pamsrv_p11.c \ src/responder/pam/pamsrv_gssapi.c \ - src/responder/pam/pamsrv_passkey.c \ src/responder/pam/pam_helpers.c \ src/responder/pam/pamsrv_dp.c \ src/responder/pam/pam_prompting_config.c \ @@ -2655,6 +2656,9 @@ pam_srv_tests_LDADD = \ libsss_iface.la \ libsss_sbus.la \ $(NULL) +if BUILD_PASSKEY + pam_srv_tests_SOURCES += src/responder/pam/pamsrv_passkey.c +endif # BUILD_PASSKEY EXTRA_ssh_srv_tests_DEPENDENCIES = \ $(ldblib_LTLIBRARIES) \ @@ -4578,7 +4582,6 @@ endif libsss_ipa_la_SOURCES += \ src/providers/ipa/ipa_subdomains_passkey.c - libsss_ad_la_SOURCES = \ src/providers/ad/ad_opts.c \ src/providers/ad/ad_common.c \ @@ -4660,8 +4663,10 @@ krb5_child_SOURCES = \ src/sss_client/common.c \ src/krb5_plugin/common/utils.c \ src/krb5_plugin/idp/idp_utils.c \ - src/krb5_plugin/passkey/passkey_utils.c \ $(NULL) +if BUILD_PASSKEY + krb5_child_SOURCES += src/krb5_plugin/passkey/passkey_utils.c +endif # BUILD_PASSKEY krb5_child_CFLAGS = \ $(AM_CFLAGS) \ $(POPT_CFLAGS) \ diff --git a/src/providers/krb5/krb5_child.c b/src/providers/krb5/krb5_child.c index a3d83b4c8c1..7e43042bff7 100644 --- a/src/providers/krb5/krb5_child.c +++ b/src/providers/krb5/krb5_child.c @@ -999,6 +999,10 @@ static krb5_error_code answer_passkey(krb5_context kctx, struct krb5_req *kr, krb5_responder_context rctx) { +#ifndef BUILD_PASSKEY + DEBUG(SSSDBG_TRACE_FUNC, "Passkey auth not possible, SSSD built without passkey support!\n"); + return EINVAL; +#else enum sss_authtok_type type; struct sss_passkey_message *msg; struct sss_passkey_message *reply_msg = NULL; @@ -1090,6 +1094,7 @@ static krb5_error_code answer_passkey(krb5_context kctx, } return kerr; +#endif /* BUILD_PASSKEY */ } static krb5_error_code sss_krb5_responder(krb5_context ctx, From 1508225a3c99ce97954986cc24668b43f3391b3d Mon Sep 17 00:00:00 2001 From: Justin Stephenson Date: Mon, 14 Aug 2023 14:42:51 -0400 Subject: [PATCH 122/280] pam: Conditionalize passkey code Reviewed-by: Alexey Tikhonov Reviewed-by: Iker Pedrosa (cherry picked from commit eadee9a2a8f0dfe4f22c460537d6c87c493fa622) --- Makefile.am | 4 +- src/responder/pam/pamsrv_cmd.c | 364 +---------------------------- src/responder/pam/pamsrv_passkey.c | 351 ++++++++++++++++++++++++++++ src/responder/pam/pamsrv_passkey.h | 8 + 4 files changed, 372 insertions(+), 355 deletions(-) diff --git a/Makefile.am b/Makefile.am index 066f5d94eef..273ac1c5231 100644 --- a/Makefile.am +++ b/Makefile.am @@ -1564,8 +1564,10 @@ sssd_pam_SOURCES = \ src/responder/pam/pam_prompting_config.c \ src/sss_client/pam_sss_prompt_config.c \ src/responder/pam/pam_helpers.c \ - src/responder/pam/pamsrv_passkey.c \ $(SSSD_RESPONDER_OBJ) +if BUILD_PASSKEY + sssd_pam_SOURCES += src/responder/pam/pamsrv_passkey.c +endif sssd_pam_CFLAGS = \ $(AM_CFLAGS) \ $(GSSAPI_KRB5_CFLAGS) \ diff --git a/src/responder/pam/pamsrv_cmd.c b/src/responder/pam/pamsrv_cmd.c index 94cbf13e8d1..eed283f4e9d 100644 --- a/src/responder/pam/pamsrv_cmd.c +++ b/src/responder/pam/pamsrv_cmd.c @@ -53,12 +53,6 @@ struct pam_initgroup_enum_str { const char *option; }; -struct pam_passkey_table_data { - hash_table_t *table; - char *key; - struct pk_child_user_data *data; -}; - struct pam_initgroup_enum_str pam_initgroup_enum_str[] = { { PAM_INITGR_NEVER, "never" }, { PAM_INITGR_NO_SESSION, "no_session" }, @@ -108,10 +102,6 @@ static errno_t check_cert(TALLOC_CTX *mctx, struct pam_auth_req *preq, struct pam_data *pd); -errno_t passkey_kerberos(struct pam_ctx *pctx, - struct pam_data *pd, - struct pam_auth_req *preq); - int pam_check_user_done(struct pam_auth_req *preq, int ret); static errno_t pack_user_info_msg(TALLOC_CTX *mem_ctx, @@ -1173,229 +1163,6 @@ static int pam_reply_sr_export_shell(struct pam_auth_req *preq, return ret; } -errno_t decode_pam_passkey_msg(TALLOC_CTX *mem_ctx, - uint8_t *buf, - size_t len, - struct pk_child_user_data **_data) -{ - - size_t p = 0; - size_t pctr = 0; - errno_t ret; - size_t offset; - struct pk_child_user_data *data = NULL; - TALLOC_CTX *tmp_ctx; - - tmp_ctx = talloc_new(NULL); - if (tmp_ctx == NULL) { - return ENOMEM; - } - - data = talloc_zero(tmp_ctx, struct pk_child_user_data); - if (data == NULL) { - DEBUG(SSSDBG_OP_FAILURE, "Failed to talloc passkey data.\n"); - ret = ENOMEM; - goto done; - } - - data->user_verification = talloc_strdup(data, (char *) &buf[p]); - if (data->user_verification == NULL) { - DEBUG(SSSDBG_OP_FAILURE, "Failed to strdup passkey prompt.\n"); - ret = ENOMEM; - goto done; - } - - offset = strlen(data->user_verification) + 1; - if (offset >= len) { - DEBUG(SSSDBG_OP_FAILURE, "passkey prompt offset failure.\n"); - ret = EIO; - goto done; - } - - data->crypto_challenge = talloc_strdup(data, (char *) &buf[p + offset]); - if (data->crypto_challenge == NULL) { - DEBUG(SSSDBG_OP_FAILURE, "Failed to strdup passkey challenge.\n"); - ret = ENOMEM; - goto done; - } - - offset += strlen(data->crypto_challenge) + 1; - if (offset >= len) { - DEBUG(SSSDBG_OP_FAILURE, "passkey challenge offset failure.\n"); - ret = EIO; - goto done; - } - - - data->domain = talloc_strdup(data, (char *) &buf[p] + offset); - if (data->domain == NULL) { - DEBUG(SSSDBG_OP_FAILURE, "Failed to strdup passkey domain.\n"); - ret = ENOMEM; - goto done; - } - - offset += strlen(data->domain) + 1; - if (offset >= len) { - DEBUG(SSSDBG_OP_FAILURE, "passkey domain offset failure.\n"); - ret = EIO; - goto done; - } - - SAFEALIGN_COPY_UINT32(&data->num_credentials, &buf[p + offset], &pctr); - size_t list_sz = (size_t) data->num_credentials; - - offset += sizeof(uint32_t); - - data->key_handles = talloc_zero_array(data, const char *, list_sz); - - for (int i = 0; i < list_sz; i++) { - data->key_handles[i] = talloc_strdup(data->key_handles, (char *) &buf[p + offset]); - if (data->key_handles[i] == NULL) { - DEBUG(SSSDBG_OP_FAILURE, "Failed to strdup passkey list.\n"); - ret = ENOMEM; - goto done; - } - - offset += strlen(data->key_handles[i]) + 1; - } - - *_data = talloc_steal(mem_ctx, data); - - ret = EOK; -done: - talloc_free(tmp_ctx); - return ret; -} - - -errno_t save_passkey_data(TALLOC_CTX *mem_ctx, - struct pam_ctx *pctx, - struct pk_child_user_data *data, - struct pam_auth_req *preq) -{ - char *pk_key; - errno_t ret; - TALLOC_CTX *tmp_ctx; - - tmp_ctx = talloc_new(NULL); - if (tmp_ctx == NULL) { - return ENOMEM; - } - - /* Passkey data (pk_table_data) is stolen onto client ctx, it will - * be freed when the client closes, and the sss_ptr_hash interface - * takes care of automatically removing it from the hash table then */ - pctx->pk_table_data = talloc_zero(tmp_ctx, struct pam_passkey_table_data); - if (pctx->pk_table_data == NULL) { - return ENOMEM; - } - - if (pctx->pk_table_data->table == NULL) { - pctx->pk_table_data->table = sss_ptr_hash_create(pctx->pk_table_data, - NULL, NULL); - if (pctx->pk_table_data->table == NULL) { - ret = ENOMEM; - goto done; - } - } - - pk_key = talloc_asprintf(tmp_ctx, "%s", data->crypto_challenge); - if (pk_key == NULL) { - ret = ENOMEM; - goto done; - } - - pctx->pk_table_data->key = talloc_strdup(pctx->pk_table_data, pk_key); - if (pctx->pk_table_data->key == NULL) { - ret = ENOMEM; - goto done; - } - - ret = sss_ptr_hash_add(pctx->pk_table_data->table, pk_key, data, - struct pk_child_user_data); - if (ret == EEXIST) { - DEBUG(SSSDBG_TRACE_FUNC, "pk_table key [%s] already exists\n", - pk_key); - goto done; - } else if (ret != EOK) { - DEBUG(SSSDBG_OP_FAILURE, "Unable to add pk data to hash table " - "[%d]: %s\n", ret, sss_strerror(ret)); - goto done; - } - - talloc_steal(mem_ctx, pctx->pk_table_data); - pctx->pk_table_data->data = talloc_steal(mem_ctx, data); - - ret = EOK; - -done: - talloc_free(tmp_ctx); - - return ret; -} - -errno_t pam_eval_passkey_response(struct pam_ctx *pctx, - struct pam_data *pd, - struct pam_auth_req *preq, - bool *_pk_preauth_done) -{ - struct response_data *pk_resp; - struct pk_child_user_data *pk_data; - errno_t ret; - TALLOC_CTX *tmp_ctx; - - tmp_ctx = talloc_new(NULL); - if (tmp_ctx == NULL) { - return ENOMEM; - } - - pk_resp = pd->resp_list; - - while (pk_resp != NULL) { - switch (pk_resp->type) { - case SSS_PAM_PASSKEY_KRB_INFO: - if (!pctx->passkey_auth) { - /* Passkey auth is disabled. To avoid passkey prompts appearing, - * don't send SSS_PAM_PASSKEY_KRB_INFO to the client and - * add a dummy response to fallback to normal auth */ - pk_resp->do_not_send_to_client = true; - ret = pam_add_response(pd, SSS_OTP, 0, NULL); - if (ret != EOK) { - DEBUG(SSSDBG_CRIT_FAILURE, "pam_add_response failed.\n"); - goto done; - } - break; - } - ret = decode_pam_passkey_msg(tmp_ctx, pk_resp->data, pk_resp->len, &pk_data); - if (ret != EOK) { - DEBUG(SSSDBG_OP_FAILURE, "Failed to decode passkey msg\n"); - ret = EIO; - goto done; - } - - ret = save_passkey_data(preq->cctx, pctx, pk_data, preq); - if (ret != EOK) { - DEBUG(SSSDBG_OP_FAILURE, "Failed to save passkey msg\n"); - ret = EIO; - goto done; - } - break; - /* Passkey non-kerberos preauth has already run */ - case SSS_PAM_PASSKEY_INFO: - *_pk_preauth_done = true; - default: - break; - } - pk_resp = pk_resp->next; - } - - ret = EOK; -done: - talloc_free(tmp_ctx); - - return ret; -} - void pam_reply(struct pam_auth_req *preq) { struct cli_ctx *cctx; @@ -1692,6 +1459,7 @@ void pam_reply(struct pam_auth_req *preq) "using defaults.\n"); } +#ifdef BUILD_PASSKEY ret = pam_eval_passkey_response(pctx, pd, preq, &pk_preauth_done); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, "Failed to eval passkey response\n"); @@ -1706,6 +1474,7 @@ void pam_reply(struct pam_auth_req *preq) pam_check_user_done(preq, ret); return; } +#endif /* BUILD_PASSKEY */ } /* @@ -2163,6 +1932,7 @@ static int pam_forwarder(struct cli_ctx *cctx, int pam_cmd) * It is checked in pam_reply() to avoid an endless loop */ preq->passkey_data_exists = true; +#ifdef BUILD_PASSKEY if ((pd->cmd == SSS_PAM_AUTHENTICATE)) { if (may_do_passkey_auth(pctx, pd)) { if (sss_authtok_get_type(pd->authtok) == SSS_AUTHTOK_TYPE_PASSKEY_KRB) { @@ -2175,6 +1945,7 @@ static int pam_forwarder(struct cli_ctx *cctx, int pam_cmd) } } } +#endif /* BUILD_PASSKEY */ ret = pam_check_user_search(preq); @@ -2573,6 +2344,7 @@ static void pam_forwarder_cb(struct tevent_req *req) goto done; } +#ifdef BUILD_PASSKEY /* This is set to false inside passkey_local() if no passkey data is found. * It is checked in pam_reply() to avoid an endless loop */ preq->passkey_data_exists = true; @@ -2589,6 +2361,7 @@ static void pam_forwarder_cb(struct tevent_req *req) } } } +#endif /* BUILD_PASSKEY */ ret = pam_check_user_search(preq); @@ -2910,127 +2683,6 @@ static bool pam_can_user_cache_auth(struct sss_domain_info *domain, return result; } -void passkey_kerberos_cb(struct tevent_req *req) -{ - struct pam_auth_req *preq = tevent_req_callback_data(req, - struct pam_auth_req); - errno_t ret = EOK; - int child_status; - - ret = pam_passkey_auth_recv(req, &child_status); - talloc_free(req); - if (ret != EOK) { - DEBUG(SSSDBG_OP_FAILURE, "PAM passkey auth failed [%d]: %s\n", - ret, sss_strerror(ret)); - goto done; - } - - DEBUG(SSSDBG_TRACE_FUNC, "passkey child finished with status [%d]\n", child_status); - - pam_check_user_search(preq); - -done: - pam_check_user_done(preq, ret); -} - -errno_t passkey_kerberos(struct pam_ctx *pctx, - struct pam_data *pd, - struct pam_auth_req *preq) -{ - errno_t ret; - const char *prompt; - const char *key; - const char *pin; - size_t pin_len; - struct pk_child_user_data *data; - struct tevent_req *req; - int timeout; - char *verify_opts; - bool debug_libfido2; - enum passkey_user_verification verification; - - ret = sss_authtok_get_passkey(preq, preq->pd->authtok, - &prompt, &key, &pin, &pin_len); - if (ret != EOK) { - DEBUG(SSSDBG_OP_FAILURE, - "Failure to get passkey authtok\n"); - return EIO; - } - - if (prompt == NULL || key == NULL) { - DEBUG(SSSDBG_OP_FAILURE, - "Passkey prompt and key are missing or invalid.\n"); - return EIO; - } - - data = sss_ptr_hash_lookup(pctx->pk_table_data->table, key, - struct pk_child_user_data); - if (data == NULL) { - DEBUG(SSSDBG_OP_FAILURE, - "Failed to lookup passkey authtok\n"); - return EIO; - } - - ret = confdb_get_int(pctx->rctx->cdb, CONFDB_PAM_CONF_ENTRY, - CONFDB_PAM_PASSKEY_CHILD_TIMEOUT, PASSKEY_CHILD_TIMEOUT_DEFAULT, - &timeout); - if (ret != EOK) { - DEBUG(SSSDBG_OP_FAILURE, - "Failed to read passkey_child_timeout from confdb: [%d]: %s\n", - ret, sss_strerror(ret)); - goto done; - } - - ret = confdb_get_string(pctx->rctx->cdb, preq, CONFDB_MONITOR_CONF_ENTRY, - CONFDB_MONITOR_PASSKEY_VERIFICATION, NULL, - &verify_opts); - if (ret != EOK) { - DEBUG(SSSDBG_OP_FAILURE, - "Failed to read '"CONFDB_MONITOR_PASSKEY_VERIFICATION"' from confdb: [%d]: %s\n", - ret, sss_strerror(ret)); - goto done; - } - - /* Always use verification sent from passkey krb5 plugin */ - ret = read_passkey_conf_verification(preq, verify_opts, NULL); - if (ret != EOK) { - DEBUG(SSSDBG_MINOR_FAILURE, "Unable to parse passkey verificaton options.\n"); - } - - if (strcasecmp(data->user_verification, "false") == 0) { - verification = PAM_PASSKEY_VERIFICATION_OFF; - } else { - verification = PAM_PASSKEY_VERIFICATION_ON; - } - - ret = confdb_get_bool(pctx->rctx->cdb, CONFDB_PAM_CONF_ENTRY, - CONFDB_PAM_PASSKEY_DEBUG_LIBFIDO2, false, - &debug_libfido2); - if (ret != EOK) { - DEBUG(SSSDBG_OP_FAILURE, - "Failed to read '"CONFDB_PAM_PASSKEY_DEBUG_LIBFIDO2"' from confdb: [%d]: %s\n", - ret, sss_strerror(ret)); - goto done; - } - - req = pam_passkey_auth_send(preq->cctx, preq->cctx->ev, timeout, debug_libfido2, - verification, pd, data, true); - if (req == NULL) { - DEBUG(SSSDBG_OP_FAILURE, "passkey auth send failed [%d]: [%s]\n", - ret, sss_strerror(ret)); - goto done; - } - - tevent_req_set_callback(req, passkey_kerberos_cb, preq); - - ret = EAGAIN; - -done: - - return ret; - -} - static void pam_dom_forwarder(struct pam_auth_req *preq) { TALLOC_CTX *tmp_ctx = NULL; @@ -3086,7 +2738,11 @@ static void pam_dom_forwarder(struct pam_auth_req *preq) } /* Skip online auth when local auth policy = only */ +#ifdef BUILD_PASSKEY if (may_do_cert_auth(pctx, preq->pd) || may_do_passkey_auth(pctx, preq->pd)) { +#else + if (may_do_cert_auth(pctx, preq->pd)) { +#endif /* BUILD_PASSKEY */ if (preq->domain->name != NULL) { ret = pam_eval_local_auth_policy(preq->cctx, pctx, preq->pd, preq, &sc_auth, diff --git a/src/responder/pam/pamsrv_passkey.c b/src/responder/pam/pamsrv_passkey.c index eb62db03d78..57cba845ae1 100644 --- a/src/responder/pam/pamsrv_passkey.c +++ b/src/responder/pam/pamsrv_passkey.c @@ -32,6 +32,12 @@ struct pam_passkey_verification_enum_str { const char *option; }; +struct pam_passkey_table_data { + hash_table_t *table; + char *key; + struct pk_child_user_data *data; +}; + struct pam_passkey_verification_enum_str pam_passkey_verification_enum_str[] = { { PAM_PASSKEY_VERIFICATION_ON, "on" }, { PAM_PASSKEY_VERIFICATION_OFF, "off" }, @@ -85,6 +91,128 @@ struct passkey_get_mapping_state { struct cache_req_result *result; }; +void passkey_kerberos_cb(struct tevent_req *req) +{ + struct pam_auth_req *preq = tevent_req_callback_data(req, + struct pam_auth_req); + errno_t ret = EOK; + int child_status; + + ret = pam_passkey_auth_recv(req, &child_status); + talloc_free(req); + if (ret != EOK) { + DEBUG(SSSDBG_OP_FAILURE, "PAM passkey auth failed [%d]: %s\n", + ret, sss_strerror(ret)); + goto done; + } + + DEBUG(SSSDBG_TRACE_FUNC, "passkey child finished with status [%d]\n", child_status); + + pam_check_user_search(preq); + +done: + pam_check_user_done(preq, ret); +} + +errno_t passkey_kerberos(struct pam_ctx *pctx, + struct pam_data *pd, + struct pam_auth_req *preq) +{ + errno_t ret; + const char *prompt; + const char *key; + const char *pin; + size_t pin_len; + struct pk_child_user_data *data; + struct tevent_req *req; + int timeout; + char *verify_opts; + bool debug_libfido2; + enum passkey_user_verification verification; + + ret = sss_authtok_get_passkey(preq, preq->pd->authtok, + &prompt, &key, &pin, &pin_len); + if (ret != EOK) { + DEBUG(SSSDBG_OP_FAILURE, + "Failure to get passkey authtok\n"); + return EIO; + } + + if (prompt == NULL || key == NULL) { + DEBUG(SSSDBG_OP_FAILURE, + "Passkey prompt and key are missing or invalid.\n"); + return EIO; + } + + data = sss_ptr_hash_lookup(pctx->pk_table_data->table, key, + struct pk_child_user_data); + if (data == NULL) { + DEBUG(SSSDBG_OP_FAILURE, + "Failed to lookup passkey authtok\n"); + return EIO; + } + + ret = confdb_get_int(pctx->rctx->cdb, CONFDB_PAM_CONF_ENTRY, + CONFDB_PAM_PASSKEY_CHILD_TIMEOUT, PASSKEY_CHILD_TIMEOUT_DEFAULT, + &timeout); + if (ret != EOK) { + DEBUG(SSSDBG_OP_FAILURE, + "Failed to read passkey_child_timeout from confdb: [%d]: %s\n", + ret, sss_strerror(ret)); + goto done; + } + + ret = confdb_get_string(pctx->rctx->cdb, preq, CONFDB_MONITOR_CONF_ENTRY, + CONFDB_MONITOR_PASSKEY_VERIFICATION, NULL, + &verify_opts); + if (ret != EOK) { + DEBUG(SSSDBG_OP_FAILURE, + "Failed to read '"CONFDB_MONITOR_PASSKEY_VERIFICATION"' from confdb: [%d]: %s\n", + ret, sss_strerror(ret)); + goto done; + } + + /* Always use verification sent from passkey krb5 plugin */ + ret = read_passkey_conf_verification(preq, verify_opts, NULL); + if (ret != EOK) { + DEBUG(SSSDBG_MINOR_FAILURE, "Unable to parse passkey verificaton options.\n"); + } + + if (strcasecmp(data->user_verification, "false") == 0) { + verification = PAM_PASSKEY_VERIFICATION_OFF; + } else { + verification = PAM_PASSKEY_VERIFICATION_ON; + } + + ret = confdb_get_bool(pctx->rctx->cdb, CONFDB_PAM_CONF_ENTRY, + CONFDB_PAM_PASSKEY_DEBUG_LIBFIDO2, false, + &debug_libfido2); + if (ret != EOK) { + DEBUG(SSSDBG_OP_FAILURE, + "Failed to read '"CONFDB_PAM_PASSKEY_DEBUG_LIBFIDO2"' from confdb: [%d]: %s\n", + ret, sss_strerror(ret)); + goto done; + } + + req = pam_passkey_auth_send(preq->cctx, preq->cctx->ev, timeout, debug_libfido2, + verification, pd, data, true); + if (req == NULL) { + DEBUG(SSSDBG_OP_FAILURE, "passkey auth send failed [%d]: [%s]\n", + ret, sss_strerror(ret)); + goto done; + } + + tevent_req_set_callback(req, passkey_kerberos_cb, preq); + + ret = EAGAIN; + +done: + + return ret; + +} + + errno_t passkey_local(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct pam_ctx *pam_ctx, @@ -996,6 +1124,229 @@ errno_t pam_passkey_auth_recv(struct tevent_req *req, return EOK; } +errno_t decode_pam_passkey_msg(TALLOC_CTX *mem_ctx, + uint8_t *buf, + size_t len, + struct pk_child_user_data **_data) +{ + + size_t p = 0; + size_t pctr = 0; + errno_t ret; + size_t offset; + struct pk_child_user_data *data = NULL; + TALLOC_CTX *tmp_ctx; + + tmp_ctx = talloc_new(NULL); + if (tmp_ctx == NULL) { + return ENOMEM; + } + + data = talloc_zero(tmp_ctx, struct pk_child_user_data); + if (data == NULL) { + DEBUG(SSSDBG_OP_FAILURE, "Failed to talloc passkey data.\n"); + ret = ENOMEM; + goto done; + } + + data->user_verification = talloc_strdup(data, (char *) &buf[p]); + if (data->user_verification == NULL) { + DEBUG(SSSDBG_OP_FAILURE, "Failed to strdup passkey prompt.\n"); + ret = ENOMEM; + goto done; + } + + offset = strlen(data->user_verification) + 1; + if (offset >= len) { + DEBUG(SSSDBG_OP_FAILURE, "passkey prompt offset failure.\n"); + ret = EIO; + goto done; + } + + data->crypto_challenge = talloc_strdup(data, (char *) &buf[p + offset]); + if (data->crypto_challenge == NULL) { + DEBUG(SSSDBG_OP_FAILURE, "Failed to strdup passkey challenge.\n"); + ret = ENOMEM; + goto done; + } + + offset += strlen(data->crypto_challenge) + 1; + if (offset >= len) { + DEBUG(SSSDBG_OP_FAILURE, "passkey challenge offset failure.\n"); + ret = EIO; + goto done; + } + + + data->domain = talloc_strdup(data, (char *) &buf[p] + offset); + if (data->domain == NULL) { + DEBUG(SSSDBG_OP_FAILURE, "Failed to strdup passkey domain.\n"); + ret = ENOMEM; + goto done; + } + + offset += strlen(data->domain) + 1; + if (offset >= len) { + DEBUG(SSSDBG_OP_FAILURE, "passkey domain offset failure.\n"); + ret = EIO; + goto done; + } + + SAFEALIGN_COPY_UINT32(&data->num_credentials, &buf[p + offset], &pctr); + size_t list_sz = (size_t) data->num_credentials; + + offset += sizeof(uint32_t); + + data->key_handles = talloc_zero_array(data, const char *, list_sz); + + for (int i = 0; i < list_sz; i++) { + data->key_handles[i] = talloc_strdup(data->key_handles, (char *) &buf[p + offset]); + if (data->key_handles[i] == NULL) { + DEBUG(SSSDBG_OP_FAILURE, "Failed to strdup passkey list.\n"); + ret = ENOMEM; + goto done; + } + + offset += strlen(data->key_handles[i]) + 1; + } + + *_data = talloc_steal(mem_ctx, data); + + ret = EOK; +done: + talloc_free(tmp_ctx); + return ret; +} + +errno_t save_passkey_data(TALLOC_CTX *mem_ctx, + struct pam_ctx *pctx, + struct pk_child_user_data *data, + struct pam_auth_req *preq) +{ + char *pk_key; + errno_t ret; + TALLOC_CTX *tmp_ctx; + + tmp_ctx = talloc_new(NULL); + if (tmp_ctx == NULL) { + return ENOMEM; + } + + /* Passkey data (pk_table_data) is stolen onto client ctx, it will + * be freed when the client closes, and the sss_ptr_hash interface + * takes care of automatically removing it from the hash table then */ + pctx->pk_table_data = talloc_zero(tmp_ctx, struct pam_passkey_table_data); + if (pctx->pk_table_data == NULL) { + return ENOMEM; + } + + if (pctx->pk_table_data->table == NULL) { + pctx->pk_table_data->table = sss_ptr_hash_create(pctx->pk_table_data, + NULL, NULL); + if (pctx->pk_table_data->table == NULL) { + ret = ENOMEM; + goto done; + } + } + + pk_key = talloc_asprintf(tmp_ctx, "%s", data->crypto_challenge); + if (pk_key == NULL) { + ret = ENOMEM; + goto done; + } + + pctx->pk_table_data->key = talloc_strdup(pctx->pk_table_data, pk_key); + if (pctx->pk_table_data->key == NULL) { + ret = ENOMEM; + goto done; + } + + ret = sss_ptr_hash_add(pctx->pk_table_data->table, pk_key, data, + struct pk_child_user_data); + if (ret == EEXIST) { + DEBUG(SSSDBG_TRACE_FUNC, "pk_table key [%s] already exists\n", + pk_key); + goto done; + } else if (ret != EOK) { + DEBUG(SSSDBG_OP_FAILURE, "Unable to add pk data to hash table " + "[%d]: %s\n", ret, sss_strerror(ret)); + goto done; + } + + talloc_steal(mem_ctx, pctx->pk_table_data); + pctx->pk_table_data->data = talloc_steal(mem_ctx, data); + + ret = EOK; + +done: + talloc_free(tmp_ctx); + + return ret; +} + +errno_t pam_eval_passkey_response(struct pam_ctx *pctx, + struct pam_data *pd, + struct pam_auth_req *preq, + bool *_pk_preauth_done) +{ + struct response_data *pk_resp; + struct pk_child_user_data *pk_data; + errno_t ret; + TALLOC_CTX *tmp_ctx; + + tmp_ctx = talloc_new(NULL); + if (tmp_ctx == NULL) { + return ENOMEM; + } + + pk_resp = pd->resp_list; + + while (pk_resp != NULL) { + switch (pk_resp->type) { + case SSS_PAM_PASSKEY_KRB_INFO: + if (!pctx->passkey_auth) { + /* Passkey auth is disabled. To avoid passkey prompts appearing, + * don't send SSS_PAM_PASSKEY_KRB_INFO to the client and + * add a dummy response to fallback to normal auth */ + pk_resp->do_not_send_to_client = true; + ret = pam_add_response(pd, SSS_OTP, 0, NULL); + if (ret != EOK) { + DEBUG(SSSDBG_CRIT_FAILURE, "pam_add_response failed.\n"); + goto done; + } + break; + } + ret = decode_pam_passkey_msg(tmp_ctx, pk_resp->data, pk_resp->len, &pk_data); + if (ret != EOK) { + DEBUG(SSSDBG_OP_FAILURE, "Failed to decode passkey msg\n"); + ret = EIO; + goto done; + } + + ret = save_passkey_data(preq->cctx, pctx, pk_data, preq); + if (ret != EOK) { + DEBUG(SSSDBG_OP_FAILURE, "Failed to save passkey msg\n"); + ret = EIO; + goto done; + } + break; + /* Passkey non-kerberos preauth has already run */ + case SSS_PAM_PASSKEY_INFO: + *_pk_preauth_done = true; + default: + break; + } + pk_resp = pk_resp->next; + } + + ret = EOK; +done: + talloc_free(tmp_ctx); + + return ret; +} + + static void pam_passkey_auth_done(int child_status, struct tevent_signal *sige, diff --git a/src/responder/pam/pamsrv_passkey.h b/src/responder/pam/pamsrv_passkey.h index 6b0d62071f5..7c5a532e91a 100644 --- a/src/responder/pam/pamsrv_passkey.h +++ b/src/responder/pam/pamsrv_passkey.h @@ -23,6 +23,7 @@ #include #include "util/util.h" +#include "util/sss_ptr_hash.h" #include "responder/common/responder.h" #include "responder/common/cache_req/cache_req.h" #include "responder/pam/pamsrv.h" @@ -40,6 +41,9 @@ errno_t passkey_local(TALLOC_CTX *mem_ctx, struct pam_ctx *pam_ctx, struct pam_auth_req *preq, struct pam_data *pd); +errno_t passkey_kerberos(struct pam_ctx *pctx, + struct pam_data *pd, + struct pam_auth_req *preq); struct pk_child_user_data { /* Both Kerberos and non-kerberos */ @@ -69,6 +73,10 @@ struct tevent_req *pam_passkey_auth_send(TALLOC_CTX *mem_ctx, bool kerberos_pa); errno_t pam_passkey_auth_recv(struct tevent_req *req, int *child_status); +errno_t pam_eval_passkey_response(struct pam_ctx *pctx, + struct pam_data *pd, + struct pam_auth_req *preq, + bool *_pk_preauth_done); bool may_do_passkey_auth(struct pam_ctx *pctx, struct pam_data *pd); From f72763ab91f8e1a5f23d622f79392c15a4cd874d Mon Sep 17 00:00:00 2001 From: Justin Stephenson Date: Tue, 15 Aug 2023 13:33:03 -0400 Subject: [PATCH 123/280] ipa: Add `BUILD_PASSKEY` conditional for passkey codepath Reviewed-by: Alexey Tikhonov Reviewed-by: Iker Pedrosa (cherry picked from commit 7cf9a1ff0e876ea0970a3f0b3c389b87be834b4f) --- Makefile.am | 2 ++ src/providers/ipa/ipa_subdomains.c | 4 ++++ 2 files changed, 6 insertions(+) diff --git a/Makefile.am b/Makefile.am index 273ac1c5231..c68461675f0 100644 --- a/Makefile.am +++ b/Makefile.am @@ -4581,8 +4581,10 @@ if BUILD_SSH libsss_ipa_la_SOURCES += src/providers/ipa/ipa_hostid.c endif +if BUILD_PASSKEY libsss_ipa_la_SOURCES += \ src/providers/ipa/ipa_subdomains_passkey.c +endif # BUILD_PASSKEY libsss_ad_la_SOURCES = \ src/providers/ad/ad_opts.c \ diff --git a/src/providers/ipa/ipa_subdomains.c b/src/providers/ipa/ipa_subdomains.c index 34cedc03622..e19343a77d2 100644 --- a/src/providers/ipa/ipa_subdomains.c +++ b/src/providers/ipa/ipa_subdomains.c @@ -30,7 +30,9 @@ #include "providers/ipa/ipa_id.h" #include "providers/ipa/ipa_opts.h" #include "providers/ipa/ipa_config.h" +#ifdef BUILD_PASSKEY #include "providers/ipa/ipa_subdomains_passkey.h" +#endif /* BUILD_PASSKEY */ #include @@ -2762,6 +2764,7 @@ static void ipa_subdomains_refresh_certmap_done(struct tevent_req *subreq) /* Not good, but let's try to continue with other server side options */ } +#ifdef BUILD_PASSKEY subreq = ipa_subdomains_passkey_send(state, state->ev, state->sd_ctx, sdap_id_op_handle(state->sdap_op)); if (subreq == NULL) { @@ -2792,6 +2795,7 @@ static void ipa_subdomains_refresh_passkey_done(struct tevent_req *subreq) DEBUG(SSSDBG_IMPORTANT_INFO, "Passkey feature is not configured " "on IPA server"); } +#endif /* BUILD_PASSKEY */ subreq = ipa_subdomains_master_send(state, state->ev, state->sd_ctx, sdap_id_op_handle(state->sdap_op)); From d0359db138aaf9a7f364be2179c5f65e4fa2c953 Mon Sep 17 00:00:00 2001 From: Justin Stephenson Date: Mon, 14 Aug 2023 16:18:48 -0400 Subject: [PATCH 124/280] pam: Remove unneeded passkey verification call Reviewed-by: Alexey Tikhonov Reviewed-by: Iker Pedrosa (cherry picked from commit 12762d629a9e001d159b14c84ae0bf8e5c5c5280) --- src/responder/pam/pamsrv_passkey.c | 5 ----- 1 file changed, 5 deletions(-) diff --git a/src/responder/pam/pamsrv_passkey.c b/src/responder/pam/pamsrv_passkey.c index 57cba845ae1..48e408ebcf1 100644 --- a/src/responder/pam/pamsrv_passkey.c +++ b/src/responder/pam/pamsrv_passkey.c @@ -173,11 +173,6 @@ errno_t passkey_kerberos(struct pam_ctx *pctx, } /* Always use verification sent from passkey krb5 plugin */ - ret = read_passkey_conf_verification(preq, verify_opts, NULL); - if (ret != EOK) { - DEBUG(SSSDBG_MINOR_FAILURE, "Unable to parse passkey verificaton options.\n"); - } - if (strcasecmp(data->user_verification, "false") == 0) { verification = PAM_PASSKEY_VERIFICATION_OFF; } else { From 19b43cc06c78e793e98aafa28cc2c34e0a51146f Mon Sep 17 00:00:00 2001 From: Justin Stephenson Date: Tue, 15 Aug 2023 09:15:08 -0400 Subject: [PATCH 125/280] CI: Add Fedora 40+ to install CI scripts Reviewed-by: Alexey Tikhonov Reviewed-by: Iker Pedrosa (cherry picked from commit bec58bf451a3b810100cf6bf4b477b40375e49d2) --- contrib/ci/configure.sh | 3 ++- contrib/ci/deps.sh | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/contrib/ci/configure.sh b/contrib/ci/configure.sh index 949adc366f3..e6641d5172c 100644 --- a/contrib/ci/configure.sh +++ b/contrib/ci/configure.sh @@ -66,7 +66,8 @@ if [[ "$DISTRO_BRANCH" == -debian-* ]]; then ) fi -if [[ "$DISTRO_BRANCH" == -redhat-fedora-3[2-9]* || +if [[ "$DISTRO_BRANCH" == -redhat-fedora-4[0-9]* || + "$DISTRO_BRANCH" == -redhat-fedora-3[2-9]* || "$DISTRO_BRANCH" == -redhat-centos*-9*- || "$DISTRO_BRANCH" == -redhat-redhatenterprise*-9.*- ]]; then CONFIGURE_ARG_LIST+=( diff --git a/contrib/ci/deps.sh b/contrib/ci/deps.sh index e5dd2b0ca93..c49ddb51e5f 100644 --- a/contrib/ci/deps.sh +++ b/contrib/ci/deps.sh @@ -59,7 +59,8 @@ if [[ "$DISTRO_BRANCH" == -redhat-* ]]; then ) fi - if [[ "$DISTRO_BRANCH" == -redhat-fedora-3[1-9]* || + if [[ "$DISTRO_BRANCH" == -redhat-fedora-4[0-9]* || + "$DISTRO_BRANCH" == -redhat-fedora-3[1-9]* || "$DISTRO_BRANCH" == -redhat-redhatenterprise*-8.*- || "$DISTRO_BRANCH" == -redhat-redhatenterprise*-9.*- || "$DISTRO_BRANCH" == -redhat-centos*-8*- || From 3d22dcad75300b621335c3b429e4bb9d91ad54bc Mon Sep 17 00:00:00 2001 From: Alexey Tikhonov Date: Tue, 22 Aug 2023 13:13:47 +0200 Subject: [PATCH 126/280] PROXY: missing `proxy_resolver_lib_name` isn't an error MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Reviewed-by: Alejandro López Reviewed-by: Tomáš Halman (cherry picked from commit 7f7cfc92c8106e08960c5afba63279147ece0a14) --- src/providers/proxy/proxy_init.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/providers/proxy/proxy_init.c b/src/providers/proxy/proxy_init.c index 8931ccc5369..a0919a1c835 100644 --- a/src/providers/proxy/proxy_init.c +++ b/src/providers/proxy/proxy_init.c @@ -123,7 +123,7 @@ static errno_t proxy_resolver_conf(TALLOC_CTX *mem_ctx, ret, sss_strerror(ret)); goto done; } else if (libname == NULL) { - DEBUG(SSSDBG_CRIT_FAILURE, "No resolver library name given\n"); + DEBUG(SSSDBG_CONF_SETTINGS, "No resolver library name given\n"); ret = ENOENT; goto done; } From 78fba725ce3ad68bed29789efdb4326cd57e231a Mon Sep 17 00:00:00 2001 From: Alexey Tikhonov Date: Tue, 22 Aug 2023 12:58:34 +0200 Subject: [PATCH 127/280] =?UTF-8?q?Fix=20compilation=20warning=20```=20../?= =?UTF-8?q?src/responder/pam/pamsrv=5Fcmd.c:=20In=20function=20=E2=80=98pa?= =?UTF-8?q?m=5Freply=E2=80=99:=20../src/responder/pam/pamsrv=5Fcmd.c:1188:?= =?UTF-8?q?10:=20warning:=20unused=20variable=20=E2=80=98pk=5Fpreauth=5Fdo?= =?UTF-8?q?ne=E2=80=99=20[-Wunused-variable]=201188=20|=20bool=20pk=5Fprea?= =?UTF-8?q?uth=5Fdone=20=3D=20false;=20```=20in=20case=20SSSD=20is=20built?= =?UTF-8?q?=20without=20'passkey'=20support.?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Reviewed-by: Justin Stephenson (cherry picked from commit 8079d93ffcd778daf7b381e4032a363e52126f79) --- src/responder/pam/pamsrv_cmd.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/responder/pam/pamsrv_cmd.c b/src/responder/pam/pamsrv_cmd.c index eed283f4e9d..80ba76b32cb 100644 --- a/src/responder/pam/pamsrv_cmd.c +++ b/src/responder/pam/pamsrv_cmd.c @@ -1185,9 +1185,11 @@ void pam_reply(struct pam_auth_req *preq) char* pam_account_expired_message; char* pam_account_locked_message; int pam_verbosity; - bool pk_preauth_done = false; bool local_sc_auth_allow = false; bool local_passkey_auth_allow = false; +#ifdef BUILD_PASSKEY + bool pk_preauth_done = false; +#endif /* BUILD_PASSKEY */ pd = preq->pd; cctx = preq->cctx; From cb86a5ce91d96b160afd0973eb422ea9060de2c8 Mon Sep 17 00:00:00 2001 From: Alexey Tikhonov Date: Wed, 23 Aug 2023 15:59:59 +0200 Subject: [PATCH 128/280] DP: ENOTSUP isn't a fatal failure for target c-tor MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Reviewed-by: Alejandro López Reviewed-by: Tomáš Halman (cherry picked from commit 9fe559402277515c1138fed0ef1f7d06a3deee0a) --- src/providers/data_provider/dp_targets.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/src/providers/data_provider/dp_targets.c b/src/providers/data_provider/dp_targets.c index 4289666200d..75cb47d8ae2 100644 --- a/src/providers/data_provider/dp_targets.c +++ b/src/providers/data_provider/dp_targets.c @@ -184,8 +184,10 @@ static errno_t dp_target_run_constructor(struct dp_target *target, ret = fn(target, be_ctx, target->module->module_data, target->methods); if (ret != EOK) { - DEBUG(SSSDBG_FATAL_FAILURE, "Target [%s] constructor failed " - "[%d]: %s\n", target->name, ret, sss_strerror(ret)); + if (ret != ENOTSUP) { + DEBUG(SSSDBG_FATAL_FAILURE, "Target [%s] constructor failed " + "[%d]: %s\n", target->name, ret, sss_strerror(ret)); + } goto done; } } else { From d08af4bd640af06f8ac6ed1759544ab97517884b Mon Sep 17 00:00:00 2001 From: wangcheng Date: Wed, 23 Aug 2023 10:41:10 +0800 Subject: [PATCH 129/280] IPA: Change sysdb_attrs_add_val to sysdb_attrs_add_val_safe in debug output The pervious commit(dc508f032904f008714418509a13f79a17660659) modified the function `sysdb_attrs_add_val` to `sysdb_attrs_add_val_safe`, but did not modify the debug output information synchronously. Reviewed-by: Alexey Tikhonov Reviewed-by: Iker Pedrosa (cherry picked from commit 01131ba7cea3600dfb54dc163ba1df71eb815931) --- src/providers/ipa/ipa_s2n_exop.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/providers/ipa/ipa_s2n_exop.c b/src/providers/ipa/ipa_s2n_exop.c index ca835f0aa40..ec944d91f4f 100644 --- a/src/providers/ipa/ipa_s2n_exop.c +++ b/src/providers/ipa/ipa_s2n_exop.c @@ -665,7 +665,7 @@ static errno_t get_extra_attrs(BerElement *ber, struct resp_attrs *resp_attrs) ret = sysdb_attrs_add_val_safe(resp_attrs->sysdb_attrs, name, &v); if (ret != EOK) { - DEBUG(SSSDBG_OP_FAILURE, "sysdb_attrs_add_val failed.\n"); + DEBUG(SSSDBG_OP_FAILURE, "sysdb_attrs_add_val_safe failed.\n"); ldap_memfree(name); ber_bvecfree(values); return ret; From 9c4ac1bddf77634634df21dd548b11d3ca62aad7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pavel=20B=C5=99ezina?= Date: Fri, 4 Aug 2023 12:19:49 +0200 Subject: [PATCH 130/280] mc: recover from invalid memory cache size If we access the mmap file outside its boundaries a SIGBUS is raised. We can now safely recover if the file has unexpected size. Reviewed-by: Alexey Tikhonov Reviewed-by: Sumit Bose (cherry picked from commit 641e5f73d3bd5b3d32cafd551013d3bfd2a52732) --- src/responder/nss/nsssrv_mmap_cache.c | 86 +++++++++++++++++---- src/sss_client/nss_mc_common.c | 42 +++++++--- src/tests/system/tests/test_memory_cache.py | 36 ++++++++- 3 files changed, 135 insertions(+), 29 deletions(-) diff --git a/src/responder/nss/nsssrv_mmap_cache.c b/src/responder/nss/nsssrv_mmap_cache.c index 12c29965969..bd814f3bc78 100644 --- a/src/responder/nss/nsssrv_mmap_cache.c +++ b/src/responder/nss/nsssrv_mmap_cache.c @@ -722,6 +722,57 @@ static errno_t sss_mmap_cache_invalidate(struct sss_mc_ctx *mcc, return EOK; } +static errno_t sss_mmap_cache_validate_or_reinit(struct sss_mc_ctx **_mcc) +{ + struct sss_mc_ctx *mcc = *_mcc; + struct stat fdstat; + bool reinit = false; + errno_t ret; + + /* No mcc initialized? Memory cache may be disabled. */ + if (mcc == NULL || mcc->fd < 0) { + ret = EINVAL; + reinit = false; + goto done; + } + + if (fstat(mcc->fd, &fdstat) == -1) { + ret = errno; + DEBUG(SSSDBG_CRIT_FAILURE, + "Unable to stat memory cache [file=%s, fd=%d] [%d]: %s\n", + mcc->file, mcc->fd, ret, sss_strerror(ret)); + reinit = true; + goto done; + } + + if (fdstat.st_nlink == 0) { + DEBUG(SSSDBG_CRIT_FAILURE, "Memory cache file was removed\n"); + ret = ENOENT; + reinit = true; + goto done; + } + + if (fdstat.st_size != mcc->mmap_size) { + DEBUG(SSSDBG_CRIT_FAILURE, + "Memory cache is corrupted, invalid size [file=%s, fd=%d, " + "expected_size=%zu, real_size=%zu]\n", + mcc->file, mcc->fd, mcc->mmap_size, fdstat.st_size); + ret = EINVAL; + reinit = true; + goto done; + } + + ret = EOK; + reinit = false; + +done: + if (reinit) { + return sss_mmap_cache_reinit(talloc_parent(mcc), -1, -1, -1, -1, _mcc); + } + + return ret; +} + /*************************************************************************** * passwd map ***************************************************************************/ @@ -744,9 +795,9 @@ errno_t sss_mmap_cache_pw_store(struct sss_mc_ctx **_mcc, size_t pos; int ret; - if (mcc == NULL) { - /* cache not initialized? */ - return EINVAL; + ret = sss_mmap_cache_validate_or_reinit(&mcc); + if (ret != EOK) { + return ret; } ret = snprintf(uidstr, 11, "%ld", (long)uid); @@ -815,9 +866,9 @@ errno_t sss_mmap_cache_pw_invalidate_uid(struct sss_mc_ctx *mcc, uid_t uid) char *uidstr; errno_t ret; - if (mcc == NULL) { - /* cache not initialized? */ - return EINVAL; + ret = sss_mmap_cache_validate_or_reinit(&mcc); + if (ret != EOK) { + return ret; } uidstr = talloc_asprintf(NULL, "%ld", (long)uid); @@ -886,9 +937,9 @@ int sss_mmap_cache_gr_store(struct sss_mc_ctx **_mcc, size_t pos; int ret; - if (mcc == NULL) { - /* cache not initialized? */ - return EINVAL; + ret = sss_mmap_cache_validate_or_reinit(&mcc); + if (ret != EOK) { + return ret; } ret = snprintf(gidstr, 11, "%ld", (long)gid); @@ -953,9 +1004,9 @@ errno_t sss_mmap_cache_gr_invalidate_gid(struct sss_mc_ctx *mcc, gid_t gid) char *gidstr; errno_t ret; - if (mcc == NULL) { - /* cache not initialized? */ - return EINVAL; + ret = sss_mmap_cache_validate_or_reinit(&mcc); + if (ret != EOK) { + return ret; } gidstr = talloc_asprintf(NULL, "%ld", (long)gid); @@ -1018,9 +1069,9 @@ errno_t sss_mmap_cache_initgr_store(struct sss_mc_ctx **_mcc, size_t pos; int ret; - if (mcc == NULL) { - /* cache not initialized? */ - return EINVAL; + ret = sss_mmap_cache_validate_or_reinit(&mcc); + if (ret != EOK) { + return ret; } /* array of gids + name + unique_name */ @@ -1087,8 +1138,9 @@ errno_t sss_mmap_cache_sid_store(struct sss_mc_ctx **_mcc, size_t rec_len; int ret; - if (mcc == NULL) { - return EINVAL; + ret = sss_mmap_cache_validate_or_reinit(&mcc); + if (ret != EOK) { + return ret; } ret = snprintf(idkey, sizeof(idkey), "%d-%ld", diff --git a/src/sss_client/nss_mc_common.c b/src/sss_client/nss_mc_common.c index 3128861bf3a..e227c0bae36 100644 --- a/src/sss_client/nss_mc_common.c +++ b/src/sss_client/nss_mc_common.c @@ -69,13 +69,43 @@ static void sss_mt_unlock(struct sss_cli_mc_ctx *ctx) #endif } +static errno_t sss_nss_mc_validate(struct sss_cli_mc_ctx *ctx) +{ + struct stat fdstat; + + /* No mc ctx initialized?*/ + if (ctx == NULL || ctx->fd < 0) { + return EINVAL; + } + + if (fstat(ctx->fd, &fdstat) == -1) { + return errno; + } + + /* Memcache was removed. */ + if (fdstat.st_nlink == 0) { + return ENOENT; + } + + /* Invalid size. */ + if (fdstat.st_size != ctx->mmap_size) { + return ERANGE; + } + + return EOK; +} + errno_t sss_nss_check_header(struct sss_cli_mc_ctx *ctx) { struct sss_mc_header h; bool copy_ok; int count; int ret; - struct stat fdstat; + + ret = sss_nss_mc_validate(ctx); + if (ret != EOK) { + return ret; + } /* retry barrier protected reading max 5 times then give up */ for (count = 5; count > 0; count--) { @@ -115,16 +145,6 @@ errno_t sss_nss_check_header(struct sss_cli_mc_ctx *ctx) } } - ret = fstat(ctx->fd, &fdstat); - if (ret == -1) { - return EIO; - } - - if (fdstat.st_nlink == 0) { - /* memory cache was removed; we need to reinitialize it. */ - return EINVAL; - } - return 0; } diff --git a/src/tests/system/tests/test_memory_cache.py b/src/tests/system/tests/test_memory_cache.py index c426f4d02c1..3099d6af0e1 100644 --- a/src/tests/system/tests/test_memory_cache.py +++ b/src/tests/system/tests/test_memory_cache.py @@ -9,7 +9,8 @@ import pytest from sssd_test_framework.roles.client import Client from sssd_test_framework.roles.generic import GenericProvider -from sssd_test_framework.topology import KnownTopologyGroup +from sssd_test_framework.roles.ldap import LDAP +from sssd_test_framework.topology import KnownTopology, KnownTopologyGroup @pytest.mark.topology(KnownTopologyGroup.AnyProvider) @@ -1566,3 +1567,36 @@ def test_memory_cache__removed_cache_without_invalidation(client: Client, provid assert client.tools.id(123456) is None, "User with id 123456 was found which is not expected" assert client.tools.getent.group("group1") is None, "Group group1 was found which is not expected" assert client.tools.getent.group(10001) is None, "Group with gid 10001 was found which is not expected" + + +@pytest.mark.topology(KnownTopology.LDAP) +@pytest.mark.ticket(bz=2226021) +def test_memory_cache__truncate__nosigbus(client: Client, ldap: LDAP): + """ + :title: Accessing truncated in-memory cache file does not cause SIGBUS + :setup: + 1. Add 'user-1' to SSSD + 2. Start SSSD + :steps: + 1. Find 'user-1' so it is stored in in-memory cache + 2. Truncate /var/lib/sss/mc/passwd + 3. Check that 'user-1' can be correctly resolved + :expectedresults: + 1. User is found + 2. Size of /var/lib/sss/mc/passwd is 0 + 3. User can be found again and there is no crash + :customerscenario: True + """ + ldap.user("user-1").add() + + client.sssd.start() + + result = client.tools.id("user-1") + assert result is not None, "User was not found" + assert result.user.name == "user-1" + + client.fs.truncate("/var/lib/sss/mc/passwd") + + result = client.tools.id("user-1") + assert result is not None, "User was not found" + assert result.user.name == "user-1" From 0919c92171da309c16a23360978fc6127322fb7d Mon Sep 17 00:00:00 2001 From: Justin Stephenson Date: Wed, 23 Aug 2023 15:15:26 -0400 Subject: [PATCH 131/280] Proxy: Avoid ldb_modify failed error MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Resolves the sysdb errors returned in the proxy provider logs when proxy_fast_alias is True. This extraneous memset call would overwrite the previously returned pwd buffer, therefore an attempt was made to update the user's SYSDB_PWD with an empty value causing the error. Reviewed-by: Alexey Tikhonov Reviewed-by: Tomáš Halman (cherry picked from commit eebb43def9e93c039203993c67148bfdc72c18ad) --- src/providers/proxy/proxy_id.c | 1 - 1 file changed, 1 deletion(-) diff --git a/src/providers/proxy/proxy_id.c b/src/providers/proxy/proxy_id.c index db6bbb2f0f0..9e7722eb001 100644 --- a/src/providers/proxy/proxy_id.c +++ b/src/providers/proxy/proxy_id.c @@ -1418,7 +1418,6 @@ static int get_initgr(TALLOC_CTX *mem_ctx, } uid = pwd->pw_uid; - memset(buffer, 0, buflen); /* Canonicalize the username in case it was actually an alias */ if (ctx->fast_alias == true) { From e71a3539244bd6b422182ac0c6ce9c246643d72c Mon Sep 17 00:00:00 2001 From: Justin Stephenson Date: Mon, 21 Aug 2023 14:18:51 -0400 Subject: [PATCH 132/280] Passkey: Add child timeout handler If passkey auth times out, the SIGCHLD handler needs to be destroyed otherwise the SIGCHLD handler tries to access the tevent_req which was already freed from the timeout. Resolves: https://github.com/SSSD/sssd/issues/6889 Reviewed-by: Iker Pedrosa Reviewed-by: Sumit Bose (cherry picked from commit b516f1e4f2442a18fb4a873e6431ac7a28873dc7) --- src/responder/pam/pamsrv_passkey.c | 27 +++++++++++++++++++++++---- src/util/util_errors.c | 1 + src/util/util_errors.h | 1 + 3 files changed, 25 insertions(+), 4 deletions(-) diff --git a/src/responder/pam/pamsrv_passkey.c b/src/responder/pam/pamsrv_passkey.c index 48e408ebcf1..da509677331 100644 --- a/src/responder/pam/pamsrv_passkey.c +++ b/src/responder/pam/pamsrv_passkey.c @@ -701,6 +701,7 @@ void pam_passkey_get_user_done(struct tevent_req *req) struct pam_passkey_auth_send_state { struct pam_data *pd; struct tevent_context *ev; + struct tevent_timer *timeout_handler; struct sss_child_ctx_old *child_ctx; struct child_io_fds *io; const char *logfile; @@ -993,6 +994,24 @@ pam_passkey_auth_send(TALLOC_CTX *mem_ctx, return req; } +static void +passkey_child_timeout(struct tevent_context *ev, + struct tevent_timer *te, + struct timeval tv, void *pvt) +{ + struct tevent_req *req = + talloc_get_type(pvt, struct tevent_req); + struct pam_passkey_auth_send_state *state = + tevent_req_data(req, struct pam_passkey_auth_send_state); + + DEBUG(SSSDBG_CRIT_FAILURE, "Timeout reached for passkey child, " + "consider increasing passkey_child_timeout\n"); + child_handler_destroy(state->child_ctx); + state->child_ctx = NULL; + state->child_status = ETIMEDOUT; + tevent_req_error(req, ERR_PASSKEY_CHILD_TIMEOUT); +} + static errno_t passkey_child_exec(struct tevent_req *req) { struct pam_passkey_auth_send_state *state; @@ -1003,7 +1022,6 @@ static errno_t passkey_child_exec(struct tevent_req *req) uint8_t *write_buf = NULL; size_t write_buf_len = 0; struct timeval tv; - bool endtime; int ret; state = tevent_req_data(req, struct pam_passkey_auth_send_state); @@ -1043,7 +1061,7 @@ static errno_t passkey_child_exec(struct tevent_req *req) /* Set up SIGCHLD handler */ if (state->kerberos_pa) { - ret = child_handler_setup(state->ev, child_pid, NULL, NULL, NULL); + ret = child_handler_setup(state->ev, child_pid, NULL, req, &state->child_ctx); } else { ret = child_handler_setup(state->ev, child_pid, pam_passkey_auth_done, req, @@ -1059,8 +1077,9 @@ static errno_t passkey_child_exec(struct tevent_req *req) /* Set up timeout handler */ tv = tevent_timeval_current_ofs(state->timeout, 0); - endtime = tevent_req_set_endtime(req, state->ev, tv); - if (endtime == false) { + state->timeout_handler = tevent_add_timer(state->ev, req, tv, + passkey_child_timeout, req); + if (state->timeout_handler == NULL) { ret = ERR_PASSKEY_CHILD; goto done; } diff --git a/src/util/util_errors.c b/src/util/util_errors.c index d6568a96b3b..a9e7cf7fdb6 100644 --- a/src/util/util_errors.c +++ b/src/util/util_errors.c @@ -93,6 +93,7 @@ struct err_string error_to_str[] = { { "p11_child timeout" }, /* ERR_P11_CHILD_TIMEOUT */ { "PIN locked" }, /* ERR_P11_PIN_LOCKED */ { "passkey_child failed" }, /* ERR_PASSKEY_CHILD */ + { "passkey_child timeout" }, /* ERR_PASSKEY_CHILD_TIMEOUT */ { "Address family not supported" }, /* ERR_ADDR_FAMILY_NOT_SUPPORTED */ { "Message sender is the bus" }, /* ERR_SBUS_SENDER_BUS */ { "Subdomain is inactive" }, /* ERR_SUBDOM_INACTIVE */ diff --git a/src/util/util_errors.h b/src/util/util_errors.h index 394ed2ab682..c3558a2d059 100644 --- a/src/util/util_errors.h +++ b/src/util/util_errors.h @@ -114,6 +114,7 @@ enum sssd_errors { ERR_P11_CHILD_TIMEOUT, ERR_P11_PIN_LOCKED, ERR_PASSKEY_CHILD, + ERR_PASSKEY_CHILD_TIMEOUT, ERR_ADDR_FAMILY_NOT_SUPPORTED, ERR_SBUS_SENDER_BUS, ERR_SUBDOM_INACTIVE, From e2cb4d555b49ed442934651b5e6063202a98516b Mon Sep 17 00:00:00 2001 From: Patrik Rosecky Date: Thu, 27 Jul 2023 08:33:59 +0200 Subject: [PATCH 133/280] Tests: sssctl_config_check: test for incorrectly set value MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Reviewed-by: Madhuri Upadhye Reviewed-by: Tomáš Halman (cherry picked from commit e32f899a12a8e5c8ee9919a77c0fbe6a0e30b039) --- .../system/tests/test_sssctl_config_check.py | 26 +++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/src/tests/system/tests/test_sssctl_config_check.py b/src/tests/system/tests/test_sssctl_config_check.py index 14b3cfe2736..ee594a6b089 100644 --- a/src/tests/system/tests/test_sssctl_config_check.py +++ b/src/tests/system/tests/test_sssctl_config_check.py @@ -89,3 +89,29 @@ def test_sssctl_config_check__misplaced_option(client: Client): pattern = re.compile(r".Attribute 'services' is not allowed in section .*") assert pattern.search(result.stdout), "Wrong error message was returned" + + +@pytest.mark.topology(KnownTopology.Client) +def test_sssctl_config_check__typo_option_value(client: Client): + """ + :title: sssctl config-check detects incorrect value + :setup: + 1. In local domain set "id_provider" to wrong value + 2. Apply config without config check + :steps: + 1. Call sssctl config-check + 2. Check error message + :expectedresults: + 1. config-check detects an error in config + 2. Error message is properly set + :customerscenario: False + """ + client.sssd.common.local() + client.sssd.dom("local")["id_provider"] = "wrong value" + client.sssd.config_apply(check_config=False) + + result = client.sssctl.config_check() + assert result.rc != 0, "Config-check did not detect misconfigured config" + assert ( + "Attribute 'id_provider' in section 'domain/local' has an invalid value: wrong value" in result.stdout_lines[1] + ) From d935fa6bc7b92781c0d031327a9551224aab8909 Mon Sep 17 00:00:00 2001 From: Alexey Tikhonov Date: Tue, 29 Aug 2023 18:29:54 +0200 Subject: [PATCH 134/280] UTILS: include name of the file that failed perform_checks() in the debug log MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Reviewed-by: Alejandro López Reviewed-by: Tomáš Halman (cherry picked from commit 7d14e529c6ec4d059ae9b3bf9f0576d6d561ca18) --- src/util/check_file.c | 23 ++++++++++++++--------- 1 file changed, 14 insertions(+), 9 deletions(-) diff --git a/src/util/check_file.c b/src/util/check_file.c index 27edcfa8b2a..2203a41c328 100644 --- a/src/util/check_file.c +++ b/src/util/check_file.c @@ -28,7 +28,8 @@ #include "util/util.h" -static errno_t perform_checks(struct stat *stat_buf, +static errno_t perform_checks(const char *filename, + struct stat *stat_buf, uid_t uid, gid_t gid, mode_t mode, mode_t mask); @@ -53,15 +54,16 @@ errno_t check_file(const char *filename, } if (ret == -1) { ret = errno; - DEBUG(SSSDBG_TRACE_FUNC, "lstat for [%s] failed: [%d][%s].\n", + DEBUG(SSSDBG_TRACE_FUNC, "lstat for '%s' failed: [%d][%s].\n", filename, ret, strerror(ret)); return ret; } - return perform_checks(stat_buf, uid, gid, mode, mask); + return perform_checks(filename, stat_buf, uid, gid, mode, mask); } -static errno_t perform_checks(struct stat *stat_buf, +static errno_t perform_checks(const char *filename, + struct stat *stat_buf, uid_t uid, gid_t gid, mode_t mode, mode_t mask) { @@ -74,25 +76,28 @@ static errno_t perform_checks(struct stat *stat_buf, } if ((mode & S_IFMT) != (st_mode & S_IFMT)) { - DEBUG(SSSDBG_TRACE_LIBS, "File is not the right type.\n"); + DEBUG(SSSDBG_TRACE_LIBS, "File '%s' is not of the right type.\n", + filename); return EINVAL; } if ((st_mode & ALLPERMS) != (mode & ALLPERMS)) { DEBUG(SSSDBG_TRACE_LIBS, - "File has the wrong (bit masked) mode [%.7o], " - "expected [%.7o].\n", + "File '%s' has the wrong (bit masked) mode [%.7o], " + "expected [%.7o].\n", filename, (st_mode & ALLPERMS), (mode & ALLPERMS)); return EINVAL; } if (uid != (uid_t)(-1) && stat_buf->st_uid != uid) { - DEBUG(SSSDBG_TRACE_LIBS, "File must be owned by uid [%d].\n", uid); + DEBUG(SSSDBG_TRACE_LIBS, "File '%s' must be owned by uid [%d].\n", + filename, uid); return EINVAL; } if (gid != (gid_t)(-1) && stat_buf->st_gid != gid) { - DEBUG(SSSDBG_TRACE_LIBS, "File must be owned by gid [%d].\n", gid); + DEBUG(SSSDBG_TRACE_LIBS, "File '%s' must be owned by gid [%d].\n", + filename, gid); return EINVAL; } From ee8f50f274566d060a2a7ae2d41ee7e78e82ccef Mon Sep 17 00:00:00 2001 From: Dan Lavu Date: Fri, 21 Apr 2023 19:15:08 -0400 Subject: [PATCH 135/280] TESTS: Porting sss_override test suite MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Reviewed-by: Pavel Březina Reviewed-by: Scott Poore (cherry picked from commit 24a08aca85cd5dd703edb2a6193b391bfad52cd9) --- src/tests/system/tests/test_sss_override.py | 267 ++++++++++++++++++++ 1 file changed, 267 insertions(+) create mode 100644 src/tests/system/tests/test_sss_override.py diff --git a/src/tests/system/tests/test_sss_override.py b/src/tests/system/tests/test_sss_override.py new file mode 100644 index 00000000000..1f65403cfb0 --- /dev/null +++ b/src/tests/system/tests/test_sss_override.py @@ -0,0 +1,267 @@ +from __future__ import annotations + +import pytest +from sssd_test_framework.roles.client import Client +from sssd_test_framework.roles.generic import GenericProvider +from sssd_test_framework.topology import KnownTopology + + +@pytest.mark.importance("high") +@pytest.mark.topology(KnownTopology.LDAP) +@pytest.mark.topology(KnownTopology.AD) +@pytest.mark.topology(KnownTopology.Samba) +def test_sss_overrides__overriding_username_and_posix_attributes(client: Client, provider: GenericProvider): + """ + :title: Locally overriding the name and POSIX attributes of a user + :setup: + 1. Create POSIX user "user1" with standard POSIX attributes defined + 2. Start SSSD + :steps: + 1. Create local override for "user1" and name it "o-user1" + 2. Restart SSSD, this is necessary to enable local overrides + 3. Authenticate as "user1", the short and fully qualified name + 4. Authenticate as "o-user1", the short and fully qualified name + 5. Query the user "user1" and then override the POSIX attributes + 6. Query the username "user1", and local override name, "o-user1" + :expectedresults: + 1. Local override is created for "user1" + 2. SSSD has restarted successfully + 3. Authentication successful for both short and fully qualified name + 4. Authentication successful for both short and fully qualified name + 5. POSIX attributes for local override has been changed + 6. The name and overriden name is found and POSIX attributes are updated + :customerscenario: False + :requirement: IDM-SSSD-TC: ldap_provider: local_overrides: simple user override + """ + provider.user("user1").add( + uid=999011, gid=999011, home="/home/user1", gecos="user", shell="/bin/bash", password="Secret123" + ) + + client.sssd.domain["ldap_id_mapping"] = "False" + client.sssd.start() + + client.sss_override.user("user1").add(name="o-user1") + + client.sssd.restart() + + assert client.auth.ssh.password("user1", "Secret123") + assert client.auth.ssh.password(f"user1@{client.sssd.default_domain}", "Secret123") + assert client.auth.ssh.password("o-user1", "Secret123") + assert client.auth.ssh.password(f"o-user1@{client.sssd.default_domain}", "Secret123") + + result = client.tools.getent.passwd("o-user1") + + assert result is not None + assert result.uid == 999011 + assert result.gid == 999011 + + client.sss_override.user("user1").add(name="o-user1", uid=999999, gid=888888, home="/home/o-user1") + + result = client.tools.getent.passwd("user1") + assert result is not None + assert result.uid == 999999 + assert result.gid == 888888 + assert result.home == "/home/o-user1" + + result = client.tools.getent.passwd("o-user1") + assert result is not None + assert result.uid == 999999 + assert result.gid == 888888 + assert result.home == "/home/o-user1" + + +@pytest.mark.importance("high") +@pytest.mark.topology(KnownTopology.LDAP) +@pytest.mark.topology(KnownTopology.AD) +@pytest.mark.topology(KnownTopology.Samba) +def test_sss_overrides__overriding_group_name_and_gid(client: Client, provider: GenericProvider): + """ + :title: Locally overriding the name and GID of a group + :setup: + 1. Create group "group1" with posix attributes defined + 2. Start SSSD + :steps: + 1. Create local override "group1" and name it "o-group1" + 2. Restart SSSD, this is necessary to enable local overrides + 3. Query groups by the local override name + 4. Override the GID for the group "group1" + 5. Query groups by the override name + :expectedresults: + 1. Group local override is created + 2. SSSD has restarted successfully + 3. Group is found by the overriden name "o-group1" + 4. Local override POSIX attribute updated + 5. Group is found by the overriden name "o-group1" and GID changed + :customerscenario: False + :requirement: IDM-SSSD-TC: ldap_provider: local_overrides: simple group override + """ + provider.group("group1").add(gid=999999) + client.sssd.domain["ldap_id_mapping"] = "False" + client.sssd.start() + + group = client.sss_override.group("group1") + + group.add(name="o-group1") + + client.sssd.restart() + + result = client.tools.getent.group("group1") + assert result is not None + assert result.gid == 999999 + assert client.tools.getent.group("o-group1") + + group.add(name="o-group1", gid=888888) + + assert client.tools.getent.group("group1") + assert client.tools.getent.group("o-group1") + + +@pytest.mark.importance("high") +@pytest.mark.topology(KnownTopology.LDAP) +@pytest.mark.topology(KnownTopology.AD) +@pytest.mark.topology(KnownTopology.Samba) +def test_sss_overrides__root_uid_gid_cannot_be_used(client: Client, provider: GenericProvider): + """ + :title: Root user UID/GID cannot be overridden + :setup: + 1. Create POSIX user "user1" with standard POSIX attributes defined + 2. Start SSSD + :steps: + 1. Create local override "root" for user1 and set UID/GID to 0 + 2. Restart SSSD, this is necessary to enable local overrides + 3. Query the root user + 4. Query the root user and use sss as the service + 5. Query the POSIX user that is overridden to the root user + :expectedresults: + 1. Local override is created + 2. SSSD has restarted successfully + 3. The root user UID/GID has not been modified + 4. The override has no UID/GID attribute + 5. The POSIX user UID/GID has not been changed + :customerscenario: False + :requirement: IDM-SSSD-TC: ldap_provider: local_overrides: root user override + """ + provider.user("user1").add( + uid=999011, gid=999011, home="/home/user1", gecos="user", shell="/bin/bash", password="Secret123" + ) + client.sssd.domain["ldap_id_mapping"] = "False" + client.sssd.start() + + client.sss_override.user("user1").add(name="root", uid=0, gid=0) + + client.sssd.restart() + + result = client.tools.getent.passwd("root") + assert result is not None + assert result.uid == 0 + assert result.gid == 0 + + result = client.tools.getent.passwd("root", service="sss") + assert result is None + + result = client.tools.getent.passwd("user1") + assert result is not None + + +@pytest.mark.importance("high") +@pytest.mark.topology(KnownTopology.LDAP) +@pytest.mark.topology(KnownTopology.AD) +@pytest.mark.topology(KnownTopology.Samba) +def test_sss_overrides__export_then_import_user_and_group_override_data(client: Client, provider: GenericProvider): + """ + :title: Export and import the user and group local override data + :setup: + 1. Create posix user "user1" with posix attributes defined + 2. Start SSSD + :steps: + 1. Override user "user1" to "o-user1" + 2. Restart SSSD, this is necessary to enable local overrides + 3. Override group "group1" to "o-group1" + 4. Export user and group local overrides data to a file + 5. Delete overrides + 6. Restart SSSD + 7. Import user and group local overrides data + 8. Restart SSSD + 9. Search for user and group local overrides + :expectedresults: + 1. User local override has been created + 2. SSSD has been restarted successfully + 3. Group local override has been created + 4. Local overrides user and group data is exported to a file + 5. Local overrides are deleted + 6. SSSD has restarted successfully + 7. User and group local override data has been imported from the export + 8. SSSD has restarted successfully + 9. User and group local overrides are found + :customerscenario: False + :requirement: IDM-SSSD-TC: ldap_provider: local_overrides: import export user override + """ + provider.user("user1").add( + uid=999011, gid=999011, home="/home/user1", gecos="user", shell="/bin/bash", password="Secret123" + ) + provider.group("group1").add(gid=999999) + client.sssd.start() + + user = client.sss_override.user("user1") + group = client.sss_override.group("group1") + override = client.sss_override + + user.add(name="o-user1") + client.sssd.restart() + group.add(name="o-group1") + + # local_override.export_data(users=None) exports all user data + override.export_data() + user.delete() + group.delete() + + client.sssd.restart() + assert not client.sss_override.user("user1").get() + assert not client.sss_override.group("group1").get() + client.sss_override.import_data() + client.sssd.restart() + + assert client.sss_override.user("user1").get(["name"]) == {"name": ["o-user1"]} + assert client.sss_override.group("group1").get(["name"]) == {"name": ["o-group1"]} + + +@pytest.mark.importance("high") +@pytest.mark.ticket(bz=1254184) +@pytest.mark.topology(KnownTopology.LDAP) +@pytest.mark.topology(KnownTopology.AD) +@pytest.mark.topology(KnownTopology.Samba) +def test_sss_overrides__use_fully_qualified_names_is_true(client: Client, provider: GenericProvider): + """ + :title: Overriding user when use_fully_qualified_names is true + :setup: + 1. Create posix user "user1" with posix attributes defined + 2. Edit SSSD configuration and set "use_fully_qualified_names" = True + 3. Start SSSD + :steps: + 1. Override "user1" to "o-user1" + 2. Restart SSSD, this is necessary to enable local overrides + 3. Authenticate as "user1", only the fully qualified name + 4. Authenticate as "o-user1", only the fully qualified name + :expectedresults: + 1. User local override is created + 2. SSSD has restarted successfully + 3. Authentication successful + 4. Authentication successful + :customerscenario: False + :requirement: IDM-SSSD-TC: ldap_provider: local_overrides: regression 2757 override + :bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1254184 + """ + provider.user("user1").add( + uid=999011, gid=999011, home="/home/user1", gecos="user", shell="/bin/bash", password="Secret123" + ) + client.sssd.domain["use_fully_qualified_names"] = "True" + client.sssd.start() + + client.sss_override.user(f"user1@{client.sssd.default_domain}").add(name="o-user1") + + client.sssd.restart() + + assert client.auth.ssh.password("user1", "Secret123") is False + assert client.auth.ssh.password("o-user1", "Secret123") is False + assert client.auth.ssh.password(f"user1@{client.sssd.default_domain}", "Secret123") + assert client.auth.ssh.password(f"o-user1@{client.sssd.default_domain}", "Secret123") From 2a3a132c6469610024e86245efb567b84604bda3 Mon Sep 17 00:00:00 2001 From: Justin Stephenson Date: Thu, 31 Aug 2023 13:40:27 -0400 Subject: [PATCH 136/280] Passkey: Conditional fixes MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Reviewed-by: Alexey Tikhonov Reviewed-by: Pavel Březina (cherry picked from commit 053b6e14cea245f59704bbdc7acd30596c6d76f1) --- src/providers/ipa/ipa_subdomains.c | 2 + src/providers/krb5/krb5_child.c | 170 +++++++++++++++-------------- 2 files changed, 92 insertions(+), 80 deletions(-) diff --git a/src/providers/ipa/ipa_subdomains.c b/src/providers/ipa/ipa_subdomains.c index e19343a77d2..51ff30c38a3 100644 --- a/src/providers/ipa/ipa_subdomains.c +++ b/src/providers/ipa/ipa_subdomains.c @@ -2610,7 +2610,9 @@ static errno_t ipa_subdomains_refresh_retry(struct tevent_req *req); static void ipa_subdomains_refresh_connect_done(struct tevent_req *subreq); static void ipa_subdomains_refresh_ranges_done(struct tevent_req *subreq); static void ipa_subdomains_refresh_certmap_done(struct tevent_req *subreq); +#ifdef BUILD_PASSKEY static void ipa_subdomains_refresh_passkey_done(struct tevent_req *subreq); +#endif /* BUILD_PASSKEY */ static void ipa_subdomains_refresh_master_done(struct tevent_req *subreq); static void ipa_subdomains_refresh_slave_done(struct tevent_req *subreq); static void ipa_subdomains_refresh_view_name_done(struct tevent_req *subreq); diff --git a/src/providers/krb5/krb5_child.c b/src/providers/krb5/krb5_child.c index 7e43042bff7..710fd756763 100644 --- a/src/providers/krb5/krb5_child.c +++ b/src/providers/krb5/krb5_child.c @@ -40,15 +40,20 @@ #include "util/sss_chain_id.h" #include "util/sss_ptr_hash.h" #include "src/util/util_errors.h" -#include "responder/pam/pamsrv_passkey.h" #include "providers/backend.h" #include "providers/krb5/krb5_auth.h" #include "providers/krb5/krb5_utils.h" #include "krb5_plugin/idp/idp.h" +#ifdef BUILD_PASSKEY +#include "responder/pam/pamsrv_passkey.h" #include "krb5_plugin/passkey/passkey.h" +#endif /* BUILD_PASSKEY */ #include "sss_cli.h" #define SSSD_KRB5_CHANGEPW_PRINCIPAL "kadmin/changepw" +#ifndef BUILD_PASSKEY +#define SSSD_PASSKEY_QUESTION "passkey" +#endif /* BUILD_PASSKEY */ typedef krb5_error_code (*k5_init_creds_password_fn_t)(krb5_context context, krb5_creds *creds, @@ -122,7 +127,9 @@ static krb5_context krb5_error_ctx; static errno_t k5c_attach_otp_info_msg(struct krb5_req *kr); static errno_t k5c_attach_oauth2_info_msg(struct krb5_req *kr, struct sss_idp_oauth2 *data); +#ifdef BUILD_PASSKEY static errno_t k5c_attach_passkey_msg(struct krb5_req *kr, struct sss_passkey_challenge *data); +#endif /* BUILD_PASSKEY */ static errno_t k5c_attach_keep_alive_msg(struct krb5_req *kr); static errno_t k5c_recv_data(struct krb5_req *kr, int fd, uint32_t *offline); static errno_t k5c_send_data(struct krb5_req *kr, int fd, errno_t error); @@ -937,6 +944,87 @@ static krb5_error_code answer_idp_oauth2(krb5_context kctx, return kerr; } +#ifdef BUILD_PASSKEY +static errno_t k5c_attach_passkey_msg(struct krb5_req *kr, + struct sss_passkey_challenge *data) +{ + uint8_t *msg; + const char *user_verification; + int i; + size_t msg_len = 0; + size_t domain_len = 0; + size_t crypto_len = 0; + size_t num_creds = 0; + size_t cred_len = 0; + size_t verification_len = 0; + size_t idx = 0; + errno_t ret; + + if (data->domain == NULL || data->credential_id_list == NULL + || data->cryptographic_challenge == NULL) { + DEBUG(SSSDBG_CRIT_FAILURE, + "Empty passkey domain, credential id list, or cryptographic " + "challenge\n"); + return EINVAL; + } + + user_verification = data->user_verification == 0 ? "false" : "true"; + verification_len = strlen(user_verification) + 1; + msg_len += verification_len; + + crypto_len = strlen(data->cryptographic_challenge) + 1; + msg_len += crypto_len; + + domain_len = strlen(data->domain) + 1; + msg_len += domain_len; + + /* credentials list size */ + msg_len += sizeof(uint32_t); + + for (i = 0; data->credential_id_list[i] != NULL; i++) { + msg_len += (strlen(data->credential_id_list[i]) + 1); + } + num_creds = i; + + msg = talloc_zero_size(kr, msg_len); + if (msg == NULL) { + DEBUG(SSSDBG_OP_FAILURE, "talloc_size failed.\n"); + return ENOMEM; + } + + /* To avoid sending extraneous data back and forth to pam_sss, + * (and reduce boilerplate memcpy code) only the user + * verification and cryptographic challenge are retrieved in pam_sss. + * + * The remaining passkey data (domain, creds list, num_creds) + * is sent to the PAM responder and stored in a hash table. The + * challenge is used as a unique key of the hash table. The pam_sss + * reply includes the challenge which is used to lookup the passkey + * data in the PAM responder, ensuring it matches the originating + * request */ + memcpy(msg + idx, user_verification, verification_len); + idx += verification_len; + + memcpy(msg + idx, data->cryptographic_challenge, crypto_len); + idx += crypto_len; + + memcpy(msg + idx, data->domain, domain_len); + idx += domain_len; + + SAFEALIGN_COPY_UINT32(msg + idx, &num_creds, &idx); + + for (i = 0; data->credential_id_list[i] != NULL; i++) { + cred_len = strlen(data->credential_id_list[i]) + 1; + memcpy(msg + idx, data->credential_id_list[i], cred_len); + idx += cred_len; + } + + ret = pam_add_response(kr->pd, SSS_PAM_PASSKEY_KRB_INFO, msg_len, msg); + talloc_zfree(msg); + + return ret; +} + static krb5_error_code passkey_preauth(struct krb5_req *kr, struct sss_passkey_challenge *passkey) { @@ -994,6 +1082,7 @@ static krb5_error_code passkey_preauth(struct krb5_req *kr, talloc_free(tmpkr); return ret; } +#endif /* BUILD_PASSKEY */ static krb5_error_code answer_passkey(krb5_context kctx, struct krb5_req *kr, @@ -1564,85 +1653,6 @@ static errno_t k5c_attach_oauth2_info_msg(struct krb5_req *kr, return ret; } -static errno_t k5c_attach_passkey_msg(struct krb5_req *kr, - struct sss_passkey_challenge *data) -{ - uint8_t *msg; - const char *user_verification; - int i; - size_t msg_len = 0; - size_t domain_len = 0; - size_t crypto_len = 0; - size_t num_creds = 0; - size_t cred_len = 0; - size_t verification_len = 0; - size_t idx = 0; - errno_t ret; - - if (data->domain == NULL || data->credential_id_list == NULL - || data->cryptographic_challenge == NULL) { - DEBUG(SSSDBG_CRIT_FAILURE, - "Empty passkey domain, credential id list, or cryptographic " - "challenge\n"); - return EINVAL; - } - - user_verification = data->user_verification == 0 ? "false" : "true"; - verification_len = strlen(user_verification) + 1; - msg_len += verification_len; - - crypto_len = strlen(data->cryptographic_challenge) + 1; - msg_len += crypto_len; - - domain_len = strlen(data->domain) + 1; - msg_len += domain_len; - - /* credentials list size */ - msg_len += sizeof(uint32_t); - - for (i = 0; data->credential_id_list[i] != NULL; i++) { - msg_len += (strlen(data->credential_id_list[i]) + 1); - } - num_creds = i; - - msg = talloc_zero_size(kr, msg_len); - if (msg == NULL) { - DEBUG(SSSDBG_OP_FAILURE, "talloc_size failed.\n"); - return ENOMEM; - } - - /* To avoid sending extraneous data back and forth to pam_sss, - * (and reduce boilerplate memcpy code) only the user - * verification and cryptographic challenge are retrieved in pam_sss. - * - * The remaining passkey data (domain, creds list, num_creds) - * is sent to the PAM responder and stored in a hash table. The - * challenge is used as a unique key of the hash table. The pam_sss - * reply includes the challenge which is used to lookup the passkey - * data in the PAM responder, ensuring it matches the originating - * request */ - memcpy(msg + idx, user_verification, verification_len); - idx += verification_len; - - memcpy(msg + idx, data->cryptographic_challenge, crypto_len); - idx += crypto_len; - - memcpy(msg + idx, data->domain, domain_len); - idx += domain_len; - - SAFEALIGN_COPY_UINT32(msg + idx, &num_creds, &idx); - - for (i = 0; data->credential_id_list[i] != NULL; i++) { - cred_len = strlen(data->credential_id_list[i]) + 1; - memcpy(msg + idx, data->credential_id_list[i], cred_len); - idx += cred_len; - } - - ret = pam_add_response(kr->pd, SSS_PAM_PASSKEY_KRB_INFO, msg_len, msg); - talloc_zfree(msg); - - return ret; -} static errno_t k5c_attach_keep_alive_msg(struct krb5_req *kr) { From 45ed619e3198059c363ca0d00fb04a603f0046d3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pavel=20B=C5=99ezina?= Date: Mon, 4 Sep 2023 14:12:58 +0200 Subject: [PATCH 137/280] sss_iface: do not add cli_id to chain key Otherwise we only chain identical requests from the same client which effectively renders chaining not functional. Resolves: https://github.com/SSSD/sssd/issues/6911 Reviewed-by: Alexey Tikhonov Reviewed-by: Justin Stephenson (cherry picked from commit 1e5dfc187c7659cca567d2f7d5592e72794ef13c) --- src/sss_iface/sbus_sss_client_async.c | 12 +++---- src/sss_iface/sbus_sss_interface.h | 24 ++++++------- src/sss_iface/sbus_sss_keygens.c | 50 +++++++++++++-------------- src/sss_iface/sbus_sss_keygens.h | 10 +++--- src/sss_iface/sss_iface.xml | 12 +++---- 5 files changed, 54 insertions(+), 54 deletions(-) diff --git a/src/sss_iface/sbus_sss_client_async.c b/src/sss_iface/sbus_sss_client_async.c index 042d1b7b34f..5ca925283a3 100644 --- a/src/sss_iface/sbus_sss_client_async.c +++ b/src/sss_iface/sbus_sss_client_async.c @@ -1861,7 +1861,7 @@ sbus_call_dp_autofs_Enumerate_send const char * arg_mapname, uint32_t arg_cli_id) { - return sbus_method_in_usu_out__send(mem_ctx, conn, _sbus_sss_key_usu_0_1_2, + return sbus_method_in_usu_out__send(mem_ctx, conn, _sbus_sss_key_usu_0_1, busname, object_path, "sssd.DataProvider.Autofs", "Enumerate", arg_dp_flags, arg_mapname, arg_cli_id); } @@ -1883,7 +1883,7 @@ sbus_call_dp_autofs_GetEntry_send const char * arg_entryname, uint32_t arg_cli_id) { - return sbus_method_in_ussu_out__send(mem_ctx, conn, _sbus_sss_key_ussu_0_1_2_3, + return sbus_method_in_ussu_out__send(mem_ctx, conn, _sbus_sss_key_ussu_0_1_2, busname, object_path, "sssd.DataProvider.Autofs", "GetEntry", arg_dp_flags, arg_mapname, arg_entryname, arg_cli_id); } @@ -1904,7 +1904,7 @@ sbus_call_dp_autofs_GetMap_send const char * arg_mapname, uint32_t arg_cli_id) { - return sbus_method_in_usu_out__send(mem_ctx, conn, _sbus_sss_key_usu_0_1_2, + return sbus_method_in_usu_out__send(mem_ctx, conn, _sbus_sss_key_usu_0_1, busname, object_path, "sssd.DataProvider.Autofs", "GetMap", arg_dp_flags, arg_mapname, arg_cli_id); } @@ -2142,7 +2142,7 @@ sbus_call_dp_dp_getAccountDomain_send const char * arg_filter, uint32_t arg_cli_id) { - return sbus_method_in_uusu_out_qus_send(mem_ctx, conn, _sbus_sss_key_uusu_0_1_2_3, + return sbus_method_in_uusu_out_qus_send(mem_ctx, conn, _sbus_sss_key_uusu_0_1_2, busname, object_path, "sssd.dataprovider", "getAccountDomain", arg_dp_flags, arg_entry_type, arg_filter, arg_cli_id); } @@ -2170,7 +2170,7 @@ sbus_call_dp_dp_getAccountInfo_send const char * arg_extra, uint32_t arg_cli_id) { - return sbus_method_in_uusssu_out_qus_send(mem_ctx, conn, _sbus_sss_key_uusssu_0_1_2_3_4_5, + return sbus_method_in_uusssu_out_qus_send(mem_ctx, conn, _sbus_sss_key_uusssu_0_1_2_3_4, busname, object_path, "sssd.dataprovider", "getAccountInfo", arg_dp_flags, arg_entry_type, arg_filter, arg_domain, arg_extra, arg_cli_id); } @@ -2267,7 +2267,7 @@ sbus_call_dp_dp_resolverHandler_send const char * arg_filter_value, uint32_t arg_cli_id) { - return sbus_method_in_uuusu_out_qus_send(mem_ctx, conn, _sbus_sss_key_uuusu_0_1_2_3_4, + return sbus_method_in_uuusu_out_qus_send(mem_ctx, conn, _sbus_sss_key_uuusu_0_1_2_3, busname, object_path, "sssd.dataprovider", "resolverHandler", arg_dp_flags, arg_entry_type, arg_filter_type, arg_filter_value, arg_cli_id); } diff --git a/src/sss_iface/sbus_sss_interface.h b/src/sss_iface/sbus_sss_interface.h index fc86c71d908..5b4d1c362a1 100644 --- a/src/sss_iface/sbus_sss_interface.h +++ b/src/sss_iface/sbus_sss_interface.h @@ -166,7 +166,7 @@ &_sbus_sss_args_sssd_DataProvider_Autofs_Enumerate, \ NULL, \ _sbus_sss_invoke_in_usu_out__send, \ - _sbus_sss_key_usu_0_1_2, \ + _sbus_sss_key_usu_0_1, \ (handler), (data)); \ }) @@ -177,7 +177,7 @@ &_sbus_sss_args_sssd_DataProvider_Autofs_Enumerate, \ NULL, \ _sbus_sss_invoke_in_usu_out__send, \ - _sbus_sss_key_usu_0_1_2, \ + _sbus_sss_key_usu_0_1, \ (handler_send), (handler_recv), (data)); \ }) @@ -188,7 +188,7 @@ &_sbus_sss_args_sssd_DataProvider_Autofs_GetEntry, \ NULL, \ _sbus_sss_invoke_in_ussu_out__send, \ - _sbus_sss_key_ussu_0_1_2_3, \ + _sbus_sss_key_ussu_0_1_2, \ (handler), (data)); \ }) @@ -199,7 +199,7 @@ &_sbus_sss_args_sssd_DataProvider_Autofs_GetEntry, \ NULL, \ _sbus_sss_invoke_in_ussu_out__send, \ - _sbus_sss_key_ussu_0_1_2_3, \ + _sbus_sss_key_ussu_0_1_2, \ (handler_send), (handler_recv), (data)); \ }) @@ -210,7 +210,7 @@ &_sbus_sss_args_sssd_DataProvider_Autofs_GetMap, \ NULL, \ _sbus_sss_invoke_in_usu_out__send, \ - _sbus_sss_key_usu_0_1_2, \ + _sbus_sss_key_usu_0_1, \ (handler), (data)); \ }) @@ -221,7 +221,7 @@ &_sbus_sss_args_sssd_DataProvider_Autofs_GetMap, \ NULL, \ _sbus_sss_invoke_in_usu_out__send, \ - _sbus_sss_key_usu_0_1_2, \ + _sbus_sss_key_usu_0_1, \ (handler_send), (handler_recv), (data)); \ }) @@ -522,7 +522,7 @@ &_sbus_sss_args_sssd_dataprovider_getAccountDomain, \ NULL, \ _sbus_sss_invoke_in_uusu_out_qus_send, \ - _sbus_sss_key_uusu_0_1_2_3, \ + _sbus_sss_key_uusu_0_1_2, \ (handler), (data)); \ }) @@ -533,7 +533,7 @@ &_sbus_sss_args_sssd_dataprovider_getAccountDomain, \ NULL, \ _sbus_sss_invoke_in_uusu_out_qus_send, \ - _sbus_sss_key_uusu_0_1_2_3, \ + _sbus_sss_key_uusu_0_1_2, \ (handler_send), (handler_recv), (data)); \ }) @@ -544,7 +544,7 @@ &_sbus_sss_args_sssd_dataprovider_getAccountInfo, \ NULL, \ _sbus_sss_invoke_in_uusssu_out_qus_send, \ - _sbus_sss_key_uusssu_0_1_2_3_4_5, \ + _sbus_sss_key_uusssu_0_1_2_3_4, \ (handler), (data)); \ }) @@ -555,7 +555,7 @@ &_sbus_sss_args_sssd_dataprovider_getAccountInfo, \ NULL, \ _sbus_sss_invoke_in_uusssu_out_qus_send, \ - _sbus_sss_key_uusssu_0_1_2_3_4_5, \ + _sbus_sss_key_uusssu_0_1_2_3_4, \ (handler_send), (handler_recv), (data)); \ }) @@ -632,7 +632,7 @@ &_sbus_sss_args_sssd_dataprovider_resolverHandler, \ NULL, \ _sbus_sss_invoke_in_uuusu_out_qus_send, \ - _sbus_sss_key_uuusu_0_1_2_3_4, \ + _sbus_sss_key_uuusu_0_1_2_3, \ (handler), (data)); \ }) @@ -643,7 +643,7 @@ &_sbus_sss_args_sssd_dataprovider_resolverHandler, \ NULL, \ _sbus_sss_invoke_in_uuusu_out_qus_send, \ - _sbus_sss_key_uuusu_0_1_2_3_4, \ + _sbus_sss_key_uuusu_0_1_2_3, \ (handler_send), (handler_recv), (data)); \ }) diff --git a/src/sss_iface/sbus_sss_keygens.c b/src/sss_iface/sbus_sss_keygens.c index 1bffc1360fc..0bded60f839 100644 --- a/src/sss_iface/sbus_sss_keygens.c +++ b/src/sss_iface/sbus_sss_keygens.c @@ -90,86 +90,86 @@ _sbus_sss_key_ussu_0_1 } const char * -_sbus_sss_key_ussu_0_1_2_3 +_sbus_sss_key_ussu_0_1_2 (TALLOC_CTX *mem_ctx, struct sbus_request *sbus_req, struct _sbus_sss_invoker_args_ussu *args) { if (sbus_req->sender == NULL) { - return talloc_asprintf(mem_ctx, "-:%u:%s.%s:%s:%" PRIu32 ":%s:%s:%" PRIu32 "", + return talloc_asprintf(mem_ctx, "-:%u:%s.%s:%s:%" PRIu32 ":%s:%s", sbus_req->type, sbus_req->interface, sbus_req->member, - sbus_req->path, args->arg0, args->arg1, args->arg2, args->arg3); + sbus_req->path, args->arg0, args->arg1, args->arg2); } - return talloc_asprintf(mem_ctx, "%"PRIi64":%u:%s.%s:%s:%" PRIu32 ":%s:%s:%" PRIu32 "", + return talloc_asprintf(mem_ctx, "%"PRIi64":%u:%s.%s:%s:%" PRIu32 ":%s:%s", sbus_req->sender->uid, sbus_req->type, sbus_req->interface, sbus_req->member, - sbus_req->path, args->arg0, args->arg1, args->arg2, args->arg3); + sbus_req->path, args->arg0, args->arg1, args->arg2); } const char * -_sbus_sss_key_usu_0_1_2 +_sbus_sss_key_usu_0_1 (TALLOC_CTX *mem_ctx, struct sbus_request *sbus_req, struct _sbus_sss_invoker_args_usu *args) { if (sbus_req->sender == NULL) { - return talloc_asprintf(mem_ctx, "-:%u:%s.%s:%s:%" PRIu32 ":%s:%" PRIu32 "", + return talloc_asprintf(mem_ctx, "-:%u:%s.%s:%s:%" PRIu32 ":%s", sbus_req->type, sbus_req->interface, sbus_req->member, - sbus_req->path, args->arg0, args->arg1, args->arg2); + sbus_req->path, args->arg0, args->arg1); } - return talloc_asprintf(mem_ctx, "%"PRIi64":%u:%s.%s:%s:%" PRIu32 ":%s:%" PRIu32 "", + return talloc_asprintf(mem_ctx, "%"PRIi64":%u:%s.%s:%s:%" PRIu32 ":%s", sbus_req->sender->uid, sbus_req->type, sbus_req->interface, sbus_req->member, - sbus_req->path, args->arg0, args->arg1, args->arg2); + sbus_req->path, args->arg0, args->arg1); } const char * -_sbus_sss_key_uusssu_0_1_2_3_4_5 +_sbus_sss_key_uusssu_0_1_2_3_4 (TALLOC_CTX *mem_ctx, struct sbus_request *sbus_req, struct _sbus_sss_invoker_args_uusssu *args) { if (sbus_req->sender == NULL) { - return talloc_asprintf(mem_ctx, "-:%u:%s.%s:%s:%" PRIu32 ":%" PRIu32 ":%s:%s:%s:%" PRIu32 "", + return talloc_asprintf(mem_ctx, "-:%u:%s.%s:%s:%" PRIu32 ":%" PRIu32 ":%s:%s:%s", sbus_req->type, sbus_req->interface, sbus_req->member, - sbus_req->path, args->arg0, args->arg1, args->arg2, args->arg3, args->arg4, args->arg5); + sbus_req->path, args->arg0, args->arg1, args->arg2, args->arg3, args->arg4); } - return talloc_asprintf(mem_ctx, "%"PRIi64":%u:%s.%s:%s:%" PRIu32 ":%" PRIu32 ":%s:%s:%s:%" PRIu32 "", + return talloc_asprintf(mem_ctx, "%"PRIi64":%u:%s.%s:%s:%" PRIu32 ":%" PRIu32 ":%s:%s:%s", sbus_req->sender->uid, sbus_req->type, sbus_req->interface, sbus_req->member, - sbus_req->path, args->arg0, args->arg1, args->arg2, args->arg3, args->arg4, args->arg5); + sbus_req->path, args->arg0, args->arg1, args->arg2, args->arg3, args->arg4); } const char * -_sbus_sss_key_uusu_0_1_2_3 +_sbus_sss_key_uusu_0_1_2 (TALLOC_CTX *mem_ctx, struct sbus_request *sbus_req, struct _sbus_sss_invoker_args_uusu *args) { if (sbus_req->sender == NULL) { - return talloc_asprintf(mem_ctx, "-:%u:%s.%s:%s:%" PRIu32 ":%" PRIu32 ":%s:%" PRIu32 "", + return talloc_asprintf(mem_ctx, "-:%u:%s.%s:%s:%" PRIu32 ":%" PRIu32 ":%s", sbus_req->type, sbus_req->interface, sbus_req->member, - sbus_req->path, args->arg0, args->arg1, args->arg2, args->arg3); + sbus_req->path, args->arg0, args->arg1, args->arg2); } - return talloc_asprintf(mem_ctx, "%"PRIi64":%u:%s.%s:%s:%" PRIu32 ":%" PRIu32 ":%s:%" PRIu32 "", + return talloc_asprintf(mem_ctx, "%"PRIi64":%u:%s.%s:%s:%" PRIu32 ":%" PRIu32 ":%s", sbus_req->sender->uid, sbus_req->type, sbus_req->interface, sbus_req->member, - sbus_req->path, args->arg0, args->arg1, args->arg2, args->arg3); + sbus_req->path, args->arg0, args->arg1, args->arg2); } const char * -_sbus_sss_key_uuusu_0_1_2_3_4 +_sbus_sss_key_uuusu_0_1_2_3 (TALLOC_CTX *mem_ctx, struct sbus_request *sbus_req, struct _sbus_sss_invoker_args_uuusu *args) { if (sbus_req->sender == NULL) { - return talloc_asprintf(mem_ctx, "-:%u:%s.%s:%s:%" PRIu32 ":%" PRIu32 ":%" PRIu32 ":%s:%" PRIu32 "", + return talloc_asprintf(mem_ctx, "-:%u:%s.%s:%s:%" PRIu32 ":%" PRIu32 ":%" PRIu32 ":%s", sbus_req->type, sbus_req->interface, sbus_req->member, - sbus_req->path, args->arg0, args->arg1, args->arg2, args->arg3, args->arg4); + sbus_req->path, args->arg0, args->arg1, args->arg2, args->arg3); } - return talloc_asprintf(mem_ctx, "%"PRIi64":%u:%s.%s:%s:%" PRIu32 ":%" PRIu32 ":%" PRIu32 ":%s:%" PRIu32 "", + return talloc_asprintf(mem_ctx, "%"PRIi64":%u:%s.%s:%s:%" PRIu32 ":%" PRIu32 ":%" PRIu32 ":%s", sbus_req->sender->uid, sbus_req->type, sbus_req->interface, sbus_req->member, - sbus_req->path, args->arg0, args->arg1, args->arg2, args->arg3, args->arg4); + sbus_req->path, args->arg0, args->arg1, args->arg2, args->arg3); } diff --git a/src/sss_iface/sbus_sss_keygens.h b/src/sss_iface/sbus_sss_keygens.h index 8f09b46de55..7e42c2c53f7 100644 --- a/src/sss_iface/sbus_sss_keygens.h +++ b/src/sss_iface/sbus_sss_keygens.h @@ -49,31 +49,31 @@ _sbus_sss_key_ussu_0_1 struct _sbus_sss_invoker_args_ussu *args); const char * -_sbus_sss_key_ussu_0_1_2_3 +_sbus_sss_key_ussu_0_1_2 (TALLOC_CTX *mem_ctx, struct sbus_request *sbus_req, struct _sbus_sss_invoker_args_ussu *args); const char * -_sbus_sss_key_usu_0_1_2 +_sbus_sss_key_usu_0_1 (TALLOC_CTX *mem_ctx, struct sbus_request *sbus_req, struct _sbus_sss_invoker_args_usu *args); const char * -_sbus_sss_key_uusssu_0_1_2_3_4_5 +_sbus_sss_key_uusssu_0_1_2_3_4 (TALLOC_CTX *mem_ctx, struct sbus_request *sbus_req, struct _sbus_sss_invoker_args_uusssu *args); const char * -_sbus_sss_key_uusu_0_1_2_3 +_sbus_sss_key_uusu_0_1_2 (TALLOC_CTX *mem_ctx, struct sbus_request *sbus_req, struct _sbus_sss_invoker_args_uusu *args); const char * -_sbus_sss_key_uuusu_0_1_2_3_4 +_sbus_sss_key_uuusu_0_1_2_3 (TALLOC_CTX *mem_ctx, struct sbus_request *sbus_req, struct _sbus_sss_invoker_args_uuusu *args); diff --git a/src/sss_iface/sss_iface.xml b/src/sss_iface/sss_iface.xml index 6709c4e48a0..82c65aa0b84 100644 --- a/src/sss_iface/sss_iface.xml +++ b/src/sss_iface/sss_iface.xml @@ -91,18 +91,18 @@ - + - + - + @@ -133,7 +133,7 @@ - + @@ -150,7 +150,7 @@ - + @@ -159,7 +159,7 @@ - + From 9d6ab77c2ca99346328c26d98c4f6c55cd24a82a Mon Sep 17 00:00:00 2001 From: Weblate Date: Thu, 31 Aug 2023 12:52:12 +0200 Subject: [PATCH 138/280] po: update translations (Swedish) currently translated at 100.0% (714 of 714 strings) Translation: SSSD/SSSD-2-9 Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-2-9/sv/ po: update translations (Korean) currently translated at 100.0% (714 of 714 strings) Translation: SSSD/SSSD-2-9 Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-2-9/ko/ po: update translations (Chinese (Simplified) (zh_CN)) currently translated at 100.0% (714 of 714 strings) Translation: SSSD/SSSD-2-9 Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-2-9/zh_CN/ po: update translations (Korean) currently translated at 100.0% (714 of 714 strings) Translation: SSSD/SSSD-2-9 Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-2-9/ko/ po: update translations (Korean) currently translated at 100.0% (714 of 714 strings) Translation: SSSD/SSSD-2-9 Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-2-9/ko/ po: update translations (Korean) currently translated at 100.0% (714 of 714 strings) Translation: SSSD/SSSD-2-9 Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-2-9/ko/ --- po/ko.po | 26 +++++++++++++------------- po/sv.po | 34 ++++++++++++++-------------------- po/zh_CN.po | 16 ++++++++-------- 3 files changed, 35 insertions(+), 41 deletions(-) diff --git a/po/ko.po b/po/ko.po index eec03bd7604..021532789c9 100644 --- a/po/ko.po +++ b/po/ko.po @@ -11,7 +11,7 @@ msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" "POT-Creation-Date: 2023-05-05 10:11+0200\n" -"PO-Revision-Date: 2023-06-04 04:20+0000\n" +"PO-Revision-Date: 2023-08-06 18:21+0000\n" "Last-Translator: 김인수 \n" "Language-Team: Korean \n" @@ -20,7 +20,7 @@ msgstr "" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=1; plural=0;\n" -"X-Generator: Weblate 4.17\n" +"X-Generator: Weblate 4.18.2\n" #: src/config/SSSDConfig/sssdoptions.py:20 #: src/config/SSSDConfig/sssdoptions.py:21 @@ -628,16 +628,16 @@ msgstr "클라이언트의 DNS 항목을 자동으로 최신화 할지 여부" #: src/config/SSSDConfig/sssdoptions.py:201 #: src/config/SSSDConfig/sssdoptions.py:233 msgid "The TTL to apply to the client's DNS entry after updating it" -msgstr "업데이트 후 클라이언트의 DNS 항목에 적용할 TTL" +msgstr "최신화 후 클라이언트의 DNS 항목에 적용 하려는 TTL" #: src/config/SSSDConfig/sssdoptions.py:202 #: src/config/SSSDConfig/sssdoptions.py:234 msgid "The interface whose IP should be used for dynamic DNS updates" -msgstr "동적 DNS 업데이트에 IP를 사용해야 하는 인터페이스" +msgstr "동적 DNS 최신화에 IP를 사용해야 하는 연결장치" #: src/config/SSSDConfig/sssdoptions.py:203 msgid "How often to periodically update the client's DNS entry" -msgstr "클라이언트의 DNS 항목을 주기적으로 업데이트하는 빈도" +msgstr "클라이언트의 DNS 항목을 주기적으로 최신화하는 빈도" #: src/config/SSSDConfig/sssdoptions.py:204 msgid "Maximum period deviation when updating the client's DNS entry" @@ -645,7 +645,7 @@ msgstr "클라이언트의 DNS 항목을 최신화 할 때 최대 주기 편차" #: src/config/SSSDConfig/sssdoptions.py:205 msgid "Whether the provider should explicitly update the PTR record as well" -msgstr "공급자가 PTR 레코드도 명시적으로 업데이트해야 하는지 여부" +msgstr "공급자가 PTR 레코드도 명시적으로 최신화해야 하는지 여부" #: src/config/SSSDConfig/sssdoptions.py:206 msgid "Whether the nsupdate utility should default to using TCP" @@ -653,11 +653,11 @@ msgstr "nsupdate 유틸리티가 기본적으로 TCP를 사용하도록 할지 #: src/config/SSSDConfig/sssdoptions.py:207 msgid "What kind of authentication should be used to perform the DNS update" -msgstr "DNS 업데이트를 수행하기 위해 어떤 종류의 인증을 사용해야 하는지" +msgstr "DNS 최신화를 수행하기 위해 어떤 종류의 인증을 사용해야 하는지" #: src/config/SSSDConfig/sssdoptions.py:208 msgid "Override the DNS server used to perform the DNS update" -msgstr "DNS 업데이트를 수행하는 데 사용되는 DNS 서버 재정의" +msgstr "DNS 최신화를 수행하는 데 사용되는 DNS 서버 재정의" #: src/config/SSSDConfig/sssdoptions.py:209 msgid "Control enumeration of trusted domains" @@ -763,7 +763,7 @@ msgstr "거짓으로 설정하면, PAM에서 제공한 호스트 인수가 무 #: src/config/SSSDConfig/sssdoptions.py:240 msgid "The automounter location this IPA client is using" -msgstr "이와같은 IPA 클라이언트가 사용 중인 오토마운터 위치" +msgstr "이와 같은 IPA 클라이언트가 사용 중인 오토마운터 위치" #: src/config/SSSDConfig/sssdoptions.py:241 msgid "Search base for object containing info about IPA domain" @@ -1050,7 +1050,7 @@ msgstr "시스템 계정 갱신 작업 조정 옵션" #: src/config/SSSDConfig/sssdoptions.py:318 msgid "Whether to update the machine account password in the Samba database" -msgstr "Samba 데이터베이스에서 시스템 계정 암호를 업데이트할지 여부" +msgstr "삼바 데이터베이스에서 시스템 계정 비밀번호를 최신화 할지 여부" #: src/config/SSSDConfig/sssdoptions.py:320 msgid "Use LDAPS port for LDAP and Global Catalog requests" @@ -1324,7 +1324,7 @@ msgstr "열거 요청을 대기할 시간" #: src/config/SSSDConfig/sssdoptions.py:403 msgid "Length of time between enumeration updates" -msgstr "열거 업데이트 사이의 시간" +msgstr "열거된 최신화 사이의 시간" #: src/config/SSSDConfig/sssdoptions.py:404 msgid "Maximum period deviation between enumeration updates" @@ -2157,7 +2157,7 @@ msgstr "자신의 패스키 장치를 넣고, 그런 후에 Enter를 눌러주 #: src/sss_client/pam_sss.c:2551 src/sss_client/pam_sss.c:2554 msgid "Password: " -msgstr "암호: " +msgstr "비밀번호: " #: src/sss_client/pam_sss.c:2706 src/sss_client/pam_sss.c:2709 msgid "First Factor (Current Password): " @@ -2708,7 +2708,7 @@ msgstr "사용된 구성 스니펫 파일: %zu\n" #: src/tools/sssctl/sssctl_data.c:91 #, c-format msgid "Unable to create backup directory [%d]: %s" -msgstr "백업 디렉토리를 만들 수 없습니다 [%d]: %s" +msgstr "백업 디렉토리 [%d]를 생성 할 수 없음: %s" #: src/tools/sssctl/sssctl_data.c:97 msgid "SSSD backup of local data already exists, override?" diff --git a/po/sv.po b/po/sv.po index 0973299ac90..6900cc39b9c 100644 --- a/po/sv.po +++ b/po/sv.po @@ -14,16 +14,16 @@ msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" "POT-Creation-Date: 2023-05-05 10:11+0200\n" -"PO-Revision-Date: 2023-02-12 16:20+0000\n" +"PO-Revision-Date: 2023-08-30 14:21+0000\n" "Last-Translator: Göran Uddeborg \n" "Language-Team: Swedish \n" +"sssd-2-9/sv/>\n" "Language: sv\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=2; plural=n != 1;\n" -"X-Generator: Weblate 4.15.2\n" +"X-Generator: Weblate 4.18.2\n" #: src/config/SSSDConfig/sssdoptions.py:20 #: src/config/SSSDConfig/sssdoptions.py:21 @@ -174,9 +174,8 @@ msgid "Enable or disable core dumps for all SSSD processes." msgstr "Aktivera eller avaktivera kärndumpar för alla SSSD-processer." #: src/config/SSSDConfig/sssdoptions.py:58 -#, fuzzy msgid "Tune passkey verification behavior" -msgstr "Trimma certifikatverifikation" +msgstr "Trimma lösennyckelns verifikationsbeteende" #: src/config/SSSDConfig/sssdoptions.py:61 msgid "Enumeration cache timeout length (seconds)" @@ -404,18 +403,16 @@ msgstr "" "för PAM-åtkomst med GSSAPI-autentisering" #: src/config/SSSDConfig/sssdoptions.py:117 -#, fuzzy msgid "Allow passkey device authentication." -msgstr "Tillåt certifikatbaserad/smartkortsautentisering." +msgstr "Tillåt autentisering med lösennyckelsenhet." #: src/config/SSSDConfig/sssdoptions.py:118 -#, fuzzy msgid "How many seconds will pam_sss wait for passkey_child to finish" -msgstr "Hur många sekunder kommer pam_sss vänta på p11_child att avsluta" +msgstr "Hur många sekunder kommer pam_sss vänta på passkey_child att avsluta" #: src/config/SSSDConfig/sssdoptions.py:119 msgid "Enable debugging in the libfido2 library" -msgstr "" +msgstr "Aktivera felsökning i biblioteket libfido2" #: src/config/SSSDConfig/sssdoptions.py:122 msgid "Whether to evaluate the time-based attributes in sudo rules" @@ -1571,9 +1568,8 @@ msgid "attribute containing the email address of the user" msgstr "attribut som innehåller e-postadresser till användaren" #: src/config/SSSDConfig/sssdoptions.py:449 -#, fuzzy msgid "attribute containing the passkey mapping data of the user" -msgstr "attribut som innehåller e-postadresser till användaren" +msgstr "attribut som innehåller avbildningsdata för lösennyckel för användaren" #: src/config/SSSDConfig/sssdoptions.py:450 msgid "A list of extra attributes to download along with the user entry" @@ -2133,7 +2129,7 @@ msgstr "Servermeddelande: " #: src/sss_client/pam_sss.c:71 msgid "Enter PIN:" -msgstr "" +msgstr "Ange PIN:" #: src/sss_client/pam_sss.c:314 msgid "Passwords do not match" @@ -2162,9 +2158,9 @@ msgid "Your password will expire in %1$d %2$s." msgstr "Ditt lösenordet kommer gå ut om %1$d %2$s." #: src/sss_client/pam_sss.c:627 -#, fuzzy, c-format +#, c-format msgid "Your password has expired." -msgstr "Ditt lösenordet kommer gå ut om %1$d %2$s." +msgstr "Ditt lösenordet har gått ut." #: src/sss_client/pam_sss.c:678 msgid "Authentication is denied until: " @@ -2226,7 +2222,7 @@ msgstr "Andra faktorn: " #: src/sss_client/pam_sss.c:2547 msgid "Insert your passkey device, then press ENTER." -msgstr "" +msgstr "Sätt in en lösennyckelsenhet, tryck sedan ENTER." #: src/sss_client/pam_sss.c:2551 src/sss_client/pam_sss.c:2554 msgid "Password: " @@ -2577,9 +2573,8 @@ msgid "Passkey related tools:" msgstr "Lösennyckelrelaterade verktyg:" #: src/tools/sssctl/sssctl.c:348 -#, fuzzy msgid "Perform passkey registration" -msgstr "Utför lösennyckelrelaterade åtgärder" +msgstr "Utför lösennyckelsregistrering" #: src/tools/sssctl/sssctl_cache.c:31 #, c-format @@ -2761,9 +2756,8 @@ msgid "Error while reading configuration directory.\n" msgstr "Fel när konfigurationskatalogen lästes.\n" #: src/tools/sssctl/sssctl_config.c:147 -#, fuzzy msgid "There is no configuration.\n" -msgstr "Misslyckades att läsa konfigurationen från %s.\n" +msgstr "Det finns ingen konfiguration.\n" #: src/tools/sssctl/sssctl_config.c:157 msgid "Failed to run validators" diff --git a/po/zh_CN.po b/po/zh_CN.po index bcea633faac..3a17ef454a8 100644 --- a/po/zh_CN.po +++ b/po/zh_CN.po @@ -14,8 +14,8 @@ msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" "POT-Creation-Date: 2023-05-05 10:11+0200\n" -"PO-Revision-Date: 2023-06-10 12:20+0000\n" -"Last-Translator: Ludek Janda \n" +"PO-Revision-Date: 2023-07-24 17:20+0000\n" +"Last-Translator: Funda Wang \n" "Language-Team: Chinese (Simplified) \n" "Language: zh_CN\n" @@ -23,7 +23,7 @@ msgstr "" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=1; plural=0;\n" -"X-Generator: Weblate 4.17\n" +"X-Generator: Weblate 4.18.2\n" #: src/config/SSSDConfig/sssdoptions.py:20 #: src/config/SSSDConfig/sssdoptions.py:21 @@ -323,11 +323,11 @@ msgstr "即使不受信任的用户也可以访问的域列表。" #: src/config/SSSDConfig/sssdoptions.py:102 msgid "Message printed when user account is expired." -msgstr "当用户帐户过期时显示的消息。" +msgstr "当用户账户过期时显示的消息。" #: src/config/SSSDConfig/sssdoptions.py:103 msgid "Message printed when user account is locked." -msgstr "当用户帐户被锁住时显示的消息。" +msgstr "当用户账户被锁住时显示的消息。" #: src/config/SSSDConfig/sssdoptions.py:104 msgid "Allow certificate based/Smartcard authentication." @@ -1024,11 +1024,11 @@ msgstr "客户要使用的特定站点" #: src/config/SSSDConfig/sssdoptions.py:315 msgid "" "Maximum age in days before the machine account password should be renewed" -msgstr "机器帐户密码需要续订的最长期限(天)" +msgstr "机器账户密码需要续订的最长期限(天)" #: src/config/SSSDConfig/sssdoptions.py:317 msgid "Option for tuning the machine account renewal task" -msgstr "用于调整机器帐户续订任务的选项" +msgstr "用于调整机器账户续订任务的选项" #: src/config/SSSDConfig/sssdoptions.py:318 msgid "Whether to update the machine account password in the Samba database" @@ -1647,7 +1647,7 @@ msgstr "评估密码有效期的策略" #: src/config/SSSDConfig/sssdoptions.py:500 msgid "Which attributes shall be used to evaluate if an account is expired" -msgstr "应使用哪些属性来评估帐户是否过期" +msgstr "应使用哪些属性来评估账户是否过期" #: src/config/SSSDConfig/sssdoptions.py:504 msgid "URI of an LDAP server where password changes are allowed" From c84689d7cd347003746fdc7be1210167bde3e5b2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pavel=20B=C5=99ezina?= Date: Thu, 7 Sep 2023 11:48:05 +0200 Subject: [PATCH 139/280] pot: update pot files --- po/bg.po | 670 ++++++++--------- po/ca.po | 670 ++++++++--------- po/cs.po | 670 ++++++++--------- po/de.po | 670 ++++++++--------- po/es.po | 670 ++++++++--------- po/eu.po | 670 ++++++++--------- po/fi.po | 670 ++++++++--------- po/fr.po | 670 ++++++++--------- po/hu.po | 670 ++++++++--------- po/id.po | 670 ++++++++--------- po/it.po | 670 ++++++++--------- po/ja.po | 670 ++++++++--------- po/ka.po | 670 ++++++++--------- po/ko.po | 670 ++++++++--------- po/nb.po | 670 ++++++++--------- po/nl.po | 670 ++++++++--------- po/pl.po | 670 ++++++++--------- po/pt.po | 670 ++++++++--------- po/pt_BR.po | 670 ++++++++--------- po/ru.po | 670 ++++++++--------- po/sssd.pot | 670 ++++++++--------- po/sv.po | 670 ++++++++--------- po/tg.po | 670 ++++++++--------- po/tr.po | 670 ++++++++--------- po/uk.po | 670 ++++++++--------- po/zh_CN.po | 670 ++++++++--------- po/zh_TW.po | 670 ++++++++--------- src/man/po/br.po | 1453 +++++++++++++++++++------------------ src/man/po/ca.po | 1463 +++++++++++++++++++------------------ src/man/po/cs.po | 1453 +++++++++++++++++++------------------ src/man/po/de.po | 1459 +++++++++++++++++++------------------ src/man/po/es.po | 1459 +++++++++++++++++++------------------ src/man/po/eu.po | 1449 +++++++++++++++++++------------------ src/man/po/fi.po | 1453 +++++++++++++++++++------------------ src/man/po/fr.po | 1459 +++++++++++++++++++------------------ src/man/po/ja.po | 1459 +++++++++++++++++++------------------ src/man/po/lv.po | 1451 +++++++++++++++++++------------------ src/man/po/nl.po | 1453 +++++++++++++++++++------------------ src/man/po/pt.po | 1453 +++++++++++++++++++------------------ src/man/po/pt_BR.po | 1449 +++++++++++++++++++------------------ src/man/po/ru.po | 1472 ++++++++++++++++++++------------------ src/man/po/sssd-docs.pot | 1451 +++++++++++++++++++------------------ src/man/po/sv.po | 1472 ++++++++++++++++++++------------------ src/man/po/tg.po | 1451 +++++++++++++++++++------------------ src/man/po/uk.po | 1472 ++++++++++++++++++++------------------ src/man/po/zh_CN.po | 1451 +++++++++++++++++++------------------ 46 files changed, 23697 insertions(+), 22075 deletions(-) diff --git a/po/bg.po b/po/bg.po index 9effeb1a04d..4511eeb6062 100644 --- a/po/bg.po +++ b/po/bg.po @@ -8,7 +8,7 @@ msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" -"POT-Creation-Date: 2023-05-05 10:11+0200\n" +"POT-Creation-Date: 2023-09-07 11:48+0200\n" "PO-Revision-Date: 2014-12-14 11:44-0500\n" "Last-Translator: Copied by Zanata \n" "Language-Team: Bulgarian (http://www.transifex.com/projects/p/sssd/language/" @@ -594,12 +594,12 @@ msgid "Whether to automatically update the client's DNS entry" msgstr "" #: src/config/SSSDConfig/sssdoptions.py:201 -#: src/config/SSSDConfig/sssdoptions.py:233 +#: src/config/SSSDConfig/sssdoptions.py:234 msgid "The TTL to apply to the client's DNS entry after updating it" msgstr "" #: src/config/SSSDConfig/sssdoptions.py:202 -#: src/config/SSSDConfig/sssdoptions.py:234 +#: src/config/SSSDConfig/sssdoptions.py:235 msgid "The interface whose IP should be used for dynamic DNS updates" msgstr "Интерфейсът, чийто IP да се ползва за динамични DNS обновявания" @@ -683,1163 +683,1167 @@ msgid "" "(long term password) must have to be saved as SHA512 hash into the cache." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:228 +#: src/config/SSSDConfig/sssdoptions.py:226 +msgid "Local authentication methods policy " +msgstr "" + +#: src/config/SSSDConfig/sssdoptions.py:229 msgid "IPA domain" msgstr "IPA домейн" -#: src/config/SSSDConfig/sssdoptions.py:229 +#: src/config/SSSDConfig/sssdoptions.py:230 msgid "IPA server address" msgstr "Адрес на IPA сървър" -#: src/config/SSSDConfig/sssdoptions.py:230 +#: src/config/SSSDConfig/sssdoptions.py:231 msgid "Address of backup IPA server" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:231 +#: src/config/SSSDConfig/sssdoptions.py:232 msgid "IPA client hostname" msgstr "Име на хост на IPA клиент" -#: src/config/SSSDConfig/sssdoptions.py:232 +#: src/config/SSSDConfig/sssdoptions.py:233 msgid "Whether to automatically update the client's DNS entry in FreeIPA" msgstr "Дали автоматично да се обновява клиентския DNS запис във FreeIPA" -#: src/config/SSSDConfig/sssdoptions.py:235 +#: src/config/SSSDConfig/sssdoptions.py:236 msgid "Search base for HBAC related objects" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:236 +#: src/config/SSSDConfig/sssdoptions.py:237 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:237 +#: src/config/SSSDConfig/sssdoptions.py:238 msgid "" "The amount of time in seconds between lookups of the SELinux maps against " "the IPA server" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:239 +#: src/config/SSSDConfig/sssdoptions.py:240 msgid "If set to false, host argument given by PAM will be ignored" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:240 +#: src/config/SSSDConfig/sssdoptions.py:241 msgid "The automounter location this IPA client is using" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:241 +#: src/config/SSSDConfig/sssdoptions.py:242 msgid "Search base for object containing info about IPA domain" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:242 +#: src/config/SSSDConfig/sssdoptions.py:243 msgid "Search base for objects containing info about ID ranges" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:243 -#: src/config/SSSDConfig/sssdoptions.py:299 +#: src/config/SSSDConfig/sssdoptions.py:244 +#: src/config/SSSDConfig/sssdoptions.py:300 msgid "Enable DNS sites - location based service discovery" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:244 +#: src/config/SSSDConfig/sssdoptions.py:245 msgid "Search base for view containers" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:245 +#: src/config/SSSDConfig/sssdoptions.py:246 msgid "Objectclass for view containers" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:246 +#: src/config/SSSDConfig/sssdoptions.py:247 msgid "Attribute with the name of the view" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:247 +#: src/config/SSSDConfig/sssdoptions.py:248 msgid "Objectclass for override objects" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:248 +#: src/config/SSSDConfig/sssdoptions.py:249 msgid "Attribute with the reference to the original object" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:249 +#: src/config/SSSDConfig/sssdoptions.py:250 msgid "Objectclass for user override objects" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:250 +#: src/config/SSSDConfig/sssdoptions.py:251 msgid "Objectclass for group override objects" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:251 +#: src/config/SSSDConfig/sssdoptions.py:252 msgid "Search base for Desktop Profile related objects" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:252 +#: src/config/SSSDConfig/sssdoptions.py:253 msgid "" "The amount of time in seconds between lookups of the Desktop Profile rules " "against the IPA server" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:254 +#: src/config/SSSDConfig/sssdoptions.py:255 msgid "" "The amount of time in minutes between lookups of Desktop Profiles rules " "against the IPA server when the last request did not find any rule" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:257 +#: src/config/SSSDConfig/sssdoptions.py:258 msgid "Search base for SUBID ranges" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:258 -#: src/config/SSSDConfig/sssdoptions.py:501 +#: src/config/SSSDConfig/sssdoptions.py:259 +#: src/config/SSSDConfig/sssdoptions.py:502 msgid "Which rules should be used to evaluate access control" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:259 +#: src/config/SSSDConfig/sssdoptions.py:260 msgid "The LDAP attribute that contains FQDN of the host." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:260 -#: src/config/SSSDConfig/sssdoptions.py:283 +#: src/config/SSSDConfig/sssdoptions.py:261 +#: src/config/SSSDConfig/sssdoptions.py:284 msgid "The object class of a host entry in LDAP." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:261 +#: src/config/SSSDConfig/sssdoptions.py:262 msgid "Use the given string as search base for host objects." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:262 +#: src/config/SSSDConfig/sssdoptions.py:263 msgid "The LDAP attribute that contains the host's SSH public keys." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:263 +#: src/config/SSSDConfig/sssdoptions.py:264 msgid "The LDAP attribute that contains NIS domain name of the netgroup." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:264 +#: src/config/SSSDConfig/sssdoptions.py:265 msgid "The LDAP attribute that contains the names of the netgroup's members." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:265 +#: src/config/SSSDConfig/sssdoptions.py:266 msgid "" "The LDAP attribute that lists FQDNs of hosts and host groups that are " "members of the netgroup." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:267 +#: src/config/SSSDConfig/sssdoptions.py:268 msgid "" "The LDAP attribute that lists hosts and host groups that are direct members " "of the netgroup." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:269 +#: src/config/SSSDConfig/sssdoptions.py:270 msgid "The LDAP attribute that lists netgroup's memberships." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:270 +#: src/config/SSSDConfig/sssdoptions.py:271 msgid "" "The LDAP attribute that lists system users and groups that are direct " "members of the netgroup." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:272 +#: src/config/SSSDConfig/sssdoptions.py:273 msgid "The LDAP attribute that corresponds to the netgroup name." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:273 +#: src/config/SSSDConfig/sssdoptions.py:274 msgid "The object class of a netgroup entry in LDAP." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:274 +#: src/config/SSSDConfig/sssdoptions.py:275 msgid "" "The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:275 +#: src/config/SSSDConfig/sssdoptions.py:276 msgid "" "The LDAP attribute that contains whether or not is user map enabled for " "usage." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:277 +#: src/config/SSSDConfig/sssdoptions.py:278 msgid "The LDAP attribute that contains host category such as 'all'." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:278 +#: src/config/SSSDConfig/sssdoptions.py:279 msgid "" "The LDAP attribute that contains all hosts / hostgroups this rule match " "against." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:280 +#: src/config/SSSDConfig/sssdoptions.py:281 msgid "" "The LDAP attribute that contains all users / groups this rule match against." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:282 +#: src/config/SSSDConfig/sssdoptions.py:283 msgid "The LDAP attribute that contains the name of SELinux usermap." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:284 +#: src/config/SSSDConfig/sssdoptions.py:285 msgid "" "The LDAP attribute that contains DN of HBAC rule which can be used for " "matching instead of memberUser and memberHost." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:286 +#: src/config/SSSDConfig/sssdoptions.py:287 msgid "The LDAP attribute that contains SELinux user string itself." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:287 +#: src/config/SSSDConfig/sssdoptions.py:288 msgid "The LDAP attribute that contains user category such as 'all'." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:288 +#: src/config/SSSDConfig/sssdoptions.py:289 msgid "The LDAP attribute that contains unique ID of the user map." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:289 +#: src/config/SSSDConfig/sssdoptions.py:290 msgid "" "The option denotes that the SSSD is running on IPA server and should perform " "lookups of users and groups from trusted domains differently." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:291 +#: src/config/SSSDConfig/sssdoptions.py:292 msgid "Use the given string as search base for trusted domains." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:294 +#: src/config/SSSDConfig/sssdoptions.py:295 msgid "Active Directory domain" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:295 +#: src/config/SSSDConfig/sssdoptions.py:296 msgid "Enabled Active Directory domains" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:296 +#: src/config/SSSDConfig/sssdoptions.py:297 msgid "Active Directory server address" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:297 +#: src/config/SSSDConfig/sssdoptions.py:298 msgid "Active Directory backup server address" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:298 +#: src/config/SSSDConfig/sssdoptions.py:299 msgid "Active Directory client hostname" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:300 -#: src/config/SSSDConfig/sssdoptions.py:499 +#: src/config/SSSDConfig/sssdoptions.py:301 +#: src/config/SSSDConfig/sssdoptions.py:500 msgid "LDAP filter to determine access privileges" msgstr "LDAP филтър за определяне права на достъп" -#: src/config/SSSDConfig/sssdoptions.py:301 +#: src/config/SSSDConfig/sssdoptions.py:302 msgid "Whether to use the Global Catalog for lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:302 +#: src/config/SSSDConfig/sssdoptions.py:303 msgid "Operation mode for GPO-based access control" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:303 +#: src/config/SSSDConfig/sssdoptions.py:304 msgid "" "The amount of time between lookups of the GPO policy files against the AD " "server" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:304 +#: src/config/SSSDConfig/sssdoptions.py:305 msgid "" "PAM service names that map to the GPO (Deny)InteractiveLogonRight policy " "settings" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:306 +#: src/config/SSSDConfig/sssdoptions.py:307 msgid "" "PAM service names that map to the GPO (Deny)RemoteInteractiveLogonRight " "policy settings" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:308 +#: src/config/SSSDConfig/sssdoptions.py:309 msgid "" "PAM service names that map to the GPO (Deny)NetworkLogonRight policy settings" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:309 +#: src/config/SSSDConfig/sssdoptions.py:310 msgid "" "PAM service names that map to the GPO (Deny)BatchLogonRight policy settings" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:310 +#: src/config/SSSDConfig/sssdoptions.py:311 msgid "" "PAM service names that map to the GPO (Deny)ServiceLogonRight policy settings" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:311 +#: src/config/SSSDConfig/sssdoptions.py:312 msgid "PAM service names for which GPO-based access is always granted" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:312 +#: src/config/SSSDConfig/sssdoptions.py:313 msgid "PAM service names for which GPO-based access is always denied" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:313 +#: src/config/SSSDConfig/sssdoptions.py:314 msgid "" "Default logon right (or permit/deny) to use for unmapped PAM service names" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:314 +#: src/config/SSSDConfig/sssdoptions.py:315 msgid "a particular site to be used by the client" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:315 +#: src/config/SSSDConfig/sssdoptions.py:316 msgid "" "Maximum age in days before the machine account password should be renewed" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:317 +#: src/config/SSSDConfig/sssdoptions.py:318 msgid "Option for tuning the machine account renewal task" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:318 +#: src/config/SSSDConfig/sssdoptions.py:319 msgid "Whether to update the machine account password in the Samba database" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:320 +#: src/config/SSSDConfig/sssdoptions.py:321 msgid "Use LDAPS port for LDAP and Global Catalog requests" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:321 +#: src/config/SSSDConfig/sssdoptions.py:322 msgid "Do not filter domain local groups from other domains" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:324 #: src/config/SSSDConfig/sssdoptions.py:325 +#: src/config/SSSDConfig/sssdoptions.py:326 msgid "Kerberos server address" msgstr "Адрес на Kerberos сървър" -#: src/config/SSSDConfig/sssdoptions.py:326 +#: src/config/SSSDConfig/sssdoptions.py:327 msgid "Kerberos backup server address" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:327 +#: src/config/SSSDConfig/sssdoptions.py:328 msgid "Kerberos realm" msgstr "Kerberos област" -#: src/config/SSSDConfig/sssdoptions.py:328 +#: src/config/SSSDConfig/sssdoptions.py:329 msgid "Authentication timeout" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:329 +#: src/config/SSSDConfig/sssdoptions.py:330 msgid "Whether to create kdcinfo files" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:330 +#: src/config/SSSDConfig/sssdoptions.py:331 msgid "Where to drop krb5 config snippets" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:333 +#: src/config/SSSDConfig/sssdoptions.py:334 msgid "Directory to store credential caches" msgstr "Директория за съхранение на кеша за данни за удостоверяване" -#: src/config/SSSDConfig/sssdoptions.py:334 +#: src/config/SSSDConfig/sssdoptions.py:335 msgid "Location of the user's credential cache" msgstr "Местоположение на кеша за данни за удостоверяване на потребители" -#: src/config/SSSDConfig/sssdoptions.py:335 +#: src/config/SSSDConfig/sssdoptions.py:336 msgid "Location of the keytab to validate credentials" msgstr "Местоположение на keytab за валидиране на данните за удостоверяване" -#: src/config/SSSDConfig/sssdoptions.py:336 +#: src/config/SSSDConfig/sssdoptions.py:337 msgid "Enable credential validation" msgstr "Разреши проверката на данните за удостоверяване" -#: src/config/SSSDConfig/sssdoptions.py:337 +#: src/config/SSSDConfig/sssdoptions.py:338 msgid "Store password if offline for later online authentication" msgstr "Записва паролата ако е офлайн за по-късно удостоверяване" -#: src/config/SSSDConfig/sssdoptions.py:338 +#: src/config/SSSDConfig/sssdoptions.py:339 msgid "Renewable lifetime of the TGT" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:339 +#: src/config/SSSDConfig/sssdoptions.py:340 msgid "Lifetime of the TGT" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:340 +#: src/config/SSSDConfig/sssdoptions.py:341 msgid "Time between two checks for renewal" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:341 +#: src/config/SSSDConfig/sssdoptions.py:342 msgid "Enables FAST" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:342 +#: src/config/SSSDConfig/sssdoptions.py:343 msgid "Selects the principal to use for FAST" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:343 +#: src/config/SSSDConfig/sssdoptions.py:344 msgid "Use anonymous PKINIT to request FAST credentials" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:344 +#: src/config/SSSDConfig/sssdoptions.py:345 msgid "Enables principal canonicalization" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:345 +#: src/config/SSSDConfig/sssdoptions.py:346 msgid "Enables enterprise principals" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:346 +#: src/config/SSSDConfig/sssdoptions.py:347 msgid "Enables using of subdomains realms for authentication" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:347 +#: src/config/SSSDConfig/sssdoptions.py:348 msgid "A mapping from user names to Kerberos principal names" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:350 #: src/config/SSSDConfig/sssdoptions.py:351 +#: src/config/SSSDConfig/sssdoptions.py:352 msgid "Server where the change password service is running if not on the KDC" msgstr "Сървърът, на който работи услугата за смяна на парола ако не е на KDC" -#: src/config/SSSDConfig/sssdoptions.py:354 +#: src/config/SSSDConfig/sssdoptions.py:355 msgid "ldap_uri, The URI of the LDAP server" msgstr "ldap_uri, URI на LDAP сървъра" -#: src/config/SSSDConfig/sssdoptions.py:355 +#: src/config/SSSDConfig/sssdoptions.py:356 msgid "ldap_backup_uri, The URI of the LDAP server" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:356 +#: src/config/SSSDConfig/sssdoptions.py:357 msgid "The default base DN" msgstr "Базовият DN по подразбиране" -#: src/config/SSSDConfig/sssdoptions.py:357 +#: src/config/SSSDConfig/sssdoptions.py:358 msgid "The Schema Type in use on the LDAP server, rfc2307" msgstr "Използваният тип схема на LDAP сървъра, rfc2307" -#: src/config/SSSDConfig/sssdoptions.py:358 +#: src/config/SSSDConfig/sssdoptions.py:359 msgid "Mode used to change user password" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:359 +#: src/config/SSSDConfig/sssdoptions.py:360 msgid "The default bind DN" msgstr "Подразбиращият се bind DN" -#: src/config/SSSDConfig/sssdoptions.py:360 +#: src/config/SSSDConfig/sssdoptions.py:361 msgid "The type of the authentication token of the default bind DN" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:361 +#: src/config/SSSDConfig/sssdoptions.py:362 msgid "The authentication token of the default bind DN" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:362 +#: src/config/SSSDConfig/sssdoptions.py:363 msgid "Length of time to attempt connection" msgstr "Продължителност на опитите за свързване" -#: src/config/SSSDConfig/sssdoptions.py:363 +#: src/config/SSSDConfig/sssdoptions.py:364 msgid "Length of time to attempt synchronous LDAP operations" msgstr "Продължителност на опитите за синхронни LDAP операции" -#: src/config/SSSDConfig/sssdoptions.py:364 +#: src/config/SSSDConfig/sssdoptions.py:365 msgid "Length of time between attempts to reconnect while offline" msgstr "Продължителност на времето между опитите за връзка докато е офлайн" -#: src/config/SSSDConfig/sssdoptions.py:365 +#: src/config/SSSDConfig/sssdoptions.py:366 msgid "Use only the upper case for realm names" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:366 +#: src/config/SSSDConfig/sssdoptions.py:367 msgid "File that contains CA certificates" msgstr "Файл, съдържащ CA сертификати" -#: src/config/SSSDConfig/sssdoptions.py:367 +#: src/config/SSSDConfig/sssdoptions.py:368 msgid "Path to CA certificate directory" msgstr "Път до директорията на CA сертификат" -#: src/config/SSSDConfig/sssdoptions.py:368 +#: src/config/SSSDConfig/sssdoptions.py:369 msgid "File that contains the client certificate" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:369 +#: src/config/SSSDConfig/sssdoptions.py:370 msgid "File that contains the client key" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:370 +#: src/config/SSSDConfig/sssdoptions.py:371 msgid "List of possible ciphers suites" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:371 +#: src/config/SSSDConfig/sssdoptions.py:372 msgid "Require TLS certificate verification" msgstr "Изисква TLS проверка на сертификат" -#: src/config/SSSDConfig/sssdoptions.py:372 +#: src/config/SSSDConfig/sssdoptions.py:373 msgid "Specify the sasl mechanism to use" msgstr "Задава за използване механизма sasl" -#: src/config/SSSDConfig/sssdoptions.py:373 +#: src/config/SSSDConfig/sssdoptions.py:374 msgid "Specify the sasl authorization id to use" msgstr "Задаване на sasl authorization id за употреба" -#: src/config/SSSDConfig/sssdoptions.py:374 +#: src/config/SSSDConfig/sssdoptions.py:375 msgid "Specify the sasl authorization realm to use" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:375 +#: src/config/SSSDConfig/sssdoptions.py:376 msgid "Specify the minimal SSF for LDAP sasl authorization" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:376 +#: src/config/SSSDConfig/sssdoptions.py:377 msgid "Specify the maximal SSF for LDAP sasl authorization" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:377 +#: src/config/SSSDConfig/sssdoptions.py:378 msgid "Kerberos service keytab" msgstr "keytab на Kerberos услуга" -#: src/config/SSSDConfig/sssdoptions.py:378 +#: src/config/SSSDConfig/sssdoptions.py:379 msgid "Use Kerberos auth for LDAP connection" msgstr "Ползвай Kerberos auth за LDAP връзка" -#: src/config/SSSDConfig/sssdoptions.py:379 +#: src/config/SSSDConfig/sssdoptions.py:380 msgid "Follow LDAP referrals" msgstr "Следвай LDAP референциите" -#: src/config/SSSDConfig/sssdoptions.py:380 +#: src/config/SSSDConfig/sssdoptions.py:381 msgid "Lifetime of TGT for LDAP connection" msgstr "Продължителност на живот на TGT за LDAP връзка" -#: src/config/SSSDConfig/sssdoptions.py:381 +#: src/config/SSSDConfig/sssdoptions.py:382 msgid "How to dereference aliases" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:382 +#: src/config/SSSDConfig/sssdoptions.py:383 msgid "Service name for DNS service lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:383 +#: src/config/SSSDConfig/sssdoptions.py:384 msgid "The number of records to retrieve in a single LDAP query" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:384 +#: src/config/SSSDConfig/sssdoptions.py:385 msgid "The number of members that must be missing to trigger a full deref" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:385 +#: src/config/SSSDConfig/sssdoptions.py:386 msgid "Ignore unreadable LDAP references" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:386 +#: src/config/SSSDConfig/sssdoptions.py:387 msgid "" "Whether the LDAP library should perform a reverse lookup to canonicalize the " "host name during a SASL bind" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:388 +#: src/config/SSSDConfig/sssdoptions.py:389 msgid "" "Allows to retain local users as members of an LDAP group for servers that " "use the RFC2307 schema." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:391 +#: src/config/SSSDConfig/sssdoptions.py:392 msgid "entryUSN attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:392 +#: src/config/SSSDConfig/sssdoptions.py:393 msgid "lastUSN attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:394 +#: src/config/SSSDConfig/sssdoptions.py:395 msgid "How long to retain a connection to the LDAP server before disconnecting" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:397 +#: src/config/SSSDConfig/sssdoptions.py:398 msgid "Disable the LDAP paging control" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:398 +#: src/config/SSSDConfig/sssdoptions.py:399 msgid "Disable Active Directory range retrieval" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:401 +#: src/config/SSSDConfig/sssdoptions.py:402 msgid "Length of time to wait for a search request" msgstr "Продължителност на време за изчакване на заявка за търсене" -#: src/config/SSSDConfig/sssdoptions.py:402 +#: src/config/SSSDConfig/sssdoptions.py:403 msgid "Length of time to wait for a enumeration request" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:403 +#: src/config/SSSDConfig/sssdoptions.py:404 msgid "Length of time between enumeration updates" msgstr "Продължителност на време между актуализации на изброяване" -#: src/config/SSSDConfig/sssdoptions.py:404 +#: src/config/SSSDConfig/sssdoptions.py:405 #, fuzzy msgid "Maximum period deviation between enumeration updates" msgstr "Продължителност на време между актуализации на изброяване" -#: src/config/SSSDConfig/sssdoptions.py:405 +#: src/config/SSSDConfig/sssdoptions.py:406 msgid "Length of time between cache cleanups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:406 +#: src/config/SSSDConfig/sssdoptions.py:407 msgid "Maximum time deviation between cache cleanups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:407 +#: src/config/SSSDConfig/sssdoptions.py:408 msgid "Require TLS for ID lookups" msgstr "Изисква TLS за ИД справките" -#: src/config/SSSDConfig/sssdoptions.py:408 +#: src/config/SSSDConfig/sssdoptions.py:409 msgid "Use ID-mapping of objectSID instead of pre-set IDs" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:409 +#: src/config/SSSDConfig/sssdoptions.py:410 msgid "Base DN for user lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:410 +#: src/config/SSSDConfig/sssdoptions.py:411 msgid "Scope of user lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:411 +#: src/config/SSSDConfig/sssdoptions.py:412 msgid "Filter for user lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:412 +#: src/config/SSSDConfig/sssdoptions.py:413 msgid "Objectclass for users" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:413 +#: src/config/SSSDConfig/sssdoptions.py:414 msgid "Username attribute" msgstr "атрибут Потребителско име" -#: src/config/SSSDConfig/sssdoptions.py:414 +#: src/config/SSSDConfig/sssdoptions.py:415 msgid "UID attribute" msgstr "атрибут UID" -#: src/config/SSSDConfig/sssdoptions.py:415 +#: src/config/SSSDConfig/sssdoptions.py:416 msgid "Primary GID attribute" msgstr "атрибут Първичен GID" -#: src/config/SSSDConfig/sssdoptions.py:416 +#: src/config/SSSDConfig/sssdoptions.py:417 msgid "GECOS attribute" msgstr "атрибут GECOS" -#: src/config/SSSDConfig/sssdoptions.py:417 +#: src/config/SSSDConfig/sssdoptions.py:418 msgid "Home directory attribute" msgstr "атрибут Домашна директория" -#: src/config/SSSDConfig/sssdoptions.py:418 +#: src/config/SSSDConfig/sssdoptions.py:419 msgid "Shell attribute" msgstr "атрибут Команден интерпретатор" -#: src/config/SSSDConfig/sssdoptions.py:419 +#: src/config/SSSDConfig/sssdoptions.py:420 msgid "UUID attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:420 -#: src/config/SSSDConfig/sssdoptions.py:459 +#: src/config/SSSDConfig/sssdoptions.py:421 +#: src/config/SSSDConfig/sssdoptions.py:460 msgid "objectSID attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:421 +#: src/config/SSSDConfig/sssdoptions.py:422 msgid "Active Directory primary group attribute for ID-mapping" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:422 +#: src/config/SSSDConfig/sssdoptions.py:423 msgid "User principal attribute (for Kerberos)" msgstr "атрибут User principal (за Kerberos)" -#: src/config/SSSDConfig/sssdoptions.py:423 +#: src/config/SSSDConfig/sssdoptions.py:424 msgid "Full Name" msgstr "Пълно име" -#: src/config/SSSDConfig/sssdoptions.py:424 +#: src/config/SSSDConfig/sssdoptions.py:425 msgid "memberOf attribute" msgstr "атрибут членНа" -#: src/config/SSSDConfig/sssdoptions.py:425 +#: src/config/SSSDConfig/sssdoptions.py:426 msgid "Modification time attribute" msgstr "атрибут Момент на промяна" -#: src/config/SSSDConfig/sssdoptions.py:426 +#: src/config/SSSDConfig/sssdoptions.py:427 msgid "shadowLastChange attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:427 +#: src/config/SSSDConfig/sssdoptions.py:428 msgid "shadowMin attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:428 +#: src/config/SSSDConfig/sssdoptions.py:429 msgid "shadowMax attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:429 +#: src/config/SSSDConfig/sssdoptions.py:430 msgid "shadowWarning attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:430 +#: src/config/SSSDConfig/sssdoptions.py:431 msgid "shadowInactive attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:431 +#: src/config/SSSDConfig/sssdoptions.py:432 msgid "shadowExpire attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:432 +#: src/config/SSSDConfig/sssdoptions.py:433 msgid "shadowFlag attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:433 +#: src/config/SSSDConfig/sssdoptions.py:434 msgid "Attribute listing authorized PAM services" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:434 +#: src/config/SSSDConfig/sssdoptions.py:435 msgid "Attribute listing authorized server hosts" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:435 +#: src/config/SSSDConfig/sssdoptions.py:436 msgid "Attribute listing authorized server rhosts" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:436 +#: src/config/SSSDConfig/sssdoptions.py:437 msgid "krbLastPwdChange attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:437 +#: src/config/SSSDConfig/sssdoptions.py:438 msgid "krbPasswordExpiration attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:438 +#: src/config/SSSDConfig/sssdoptions.py:439 msgid "Attribute indicating that server side password policies are active" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:439 +#: src/config/SSSDConfig/sssdoptions.py:440 msgid "accountExpires attribute of AD" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:440 +#: src/config/SSSDConfig/sssdoptions.py:441 msgid "userAccountControl attribute of AD" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:441 +#: src/config/SSSDConfig/sssdoptions.py:442 msgid "nsAccountLock attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:442 +#: src/config/SSSDConfig/sssdoptions.py:443 msgid "loginDisabled attribute of NDS" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:443 +#: src/config/SSSDConfig/sssdoptions.py:444 msgid "loginExpirationTime attribute of NDS" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:444 +#: src/config/SSSDConfig/sssdoptions.py:445 msgid "loginAllowedTimeMap attribute of NDS" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:445 +#: src/config/SSSDConfig/sssdoptions.py:446 msgid "SSH public key attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:446 +#: src/config/SSSDConfig/sssdoptions.py:447 msgid "attribute listing allowed authentication types for a user" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:447 +#: src/config/SSSDConfig/sssdoptions.py:448 msgid "attribute containing the X509 certificate of the user" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:448 +#: src/config/SSSDConfig/sssdoptions.py:449 msgid "attribute containing the email address of the user" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:449 +#: src/config/SSSDConfig/sssdoptions.py:450 msgid "attribute containing the passkey mapping data of the user" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:450 +#: src/config/SSSDConfig/sssdoptions.py:451 msgid "A list of extra attributes to download along with the user entry" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:452 +#: src/config/SSSDConfig/sssdoptions.py:453 msgid "Base DN for group lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:453 +#: src/config/SSSDConfig/sssdoptions.py:454 msgid "Objectclass for groups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:454 +#: src/config/SSSDConfig/sssdoptions.py:455 msgid "Group name" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:455 +#: src/config/SSSDConfig/sssdoptions.py:456 msgid "Group password" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:456 +#: src/config/SSSDConfig/sssdoptions.py:457 msgid "GID attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:457 +#: src/config/SSSDConfig/sssdoptions.py:458 msgid "Group member attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:458 +#: src/config/SSSDConfig/sssdoptions.py:459 msgid "Group UUID attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:460 +#: src/config/SSSDConfig/sssdoptions.py:461 msgid "Modification time attribute for groups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:461 +#: src/config/SSSDConfig/sssdoptions.py:462 msgid "Type of the group and other flags" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:462 +#: src/config/SSSDConfig/sssdoptions.py:463 msgid "The LDAP group external member attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:463 +#: src/config/SSSDConfig/sssdoptions.py:464 msgid "Maximum nesting level SSSD will follow" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:464 +#: src/config/SSSDConfig/sssdoptions.py:465 msgid "Filter for group lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:465 +#: src/config/SSSDConfig/sssdoptions.py:466 msgid "Scope of group lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:467 +#: src/config/SSSDConfig/sssdoptions.py:468 msgid "Base DN for netgroup lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:468 +#: src/config/SSSDConfig/sssdoptions.py:469 msgid "Objectclass for netgroups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:469 +#: src/config/SSSDConfig/sssdoptions.py:470 msgid "Netgroup name" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:470 +#: src/config/SSSDConfig/sssdoptions.py:471 msgid "Netgroups members attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:471 +#: src/config/SSSDConfig/sssdoptions.py:472 msgid "Netgroup triple attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:472 +#: src/config/SSSDConfig/sssdoptions.py:473 msgid "Modification time attribute for netgroups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:474 +#: src/config/SSSDConfig/sssdoptions.py:475 msgid "Base DN for service lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:475 +#: src/config/SSSDConfig/sssdoptions.py:476 msgid "Objectclass for services" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:476 +#: src/config/SSSDConfig/sssdoptions.py:477 msgid "Service name attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:477 +#: src/config/SSSDConfig/sssdoptions.py:478 msgid "Service port attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:478 +#: src/config/SSSDConfig/sssdoptions.py:479 msgid "Service protocol attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:480 +#: src/config/SSSDConfig/sssdoptions.py:481 msgid "Lower bound for ID-mapping" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:481 +#: src/config/SSSDConfig/sssdoptions.py:482 msgid "Upper bound for ID-mapping" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:482 +#: src/config/SSSDConfig/sssdoptions.py:483 msgid "Number of IDs for each slice when ID-mapping" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:483 +#: src/config/SSSDConfig/sssdoptions.py:484 msgid "Use autorid-compatible algorithm for ID-mapping" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:484 +#: src/config/SSSDConfig/sssdoptions.py:485 msgid "Name of the default domain for ID-mapping" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:485 +#: src/config/SSSDConfig/sssdoptions.py:486 msgid "SID of the default domain for ID-mapping" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:486 +#: src/config/SSSDConfig/sssdoptions.py:487 msgid "Number of secondary slices" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:488 +#: src/config/SSSDConfig/sssdoptions.py:489 msgid "Whether to use Token-Groups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:489 +#: src/config/SSSDConfig/sssdoptions.py:490 msgid "Set lower boundary for allowed IDs from the LDAP server" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:490 +#: src/config/SSSDConfig/sssdoptions.py:491 msgid "Set upper boundary for allowed IDs from the LDAP server" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:491 +#: src/config/SSSDConfig/sssdoptions.py:492 msgid "DN for ppolicy queries" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:492 +#: src/config/SSSDConfig/sssdoptions.py:493 msgid "How many maximum entries to fetch during a wildcard request" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:493 +#: src/config/SSSDConfig/sssdoptions.py:494 msgid "Set libldap debug level" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:496 +#: src/config/SSSDConfig/sssdoptions.py:497 msgid "Policy to evaluate the password expiration" msgstr "Политика за определяне срок на валидност на парола" -#: src/config/SSSDConfig/sssdoptions.py:500 +#: src/config/SSSDConfig/sssdoptions.py:501 msgid "Which attributes shall be used to evaluate if an account is expired" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:504 +#: src/config/SSSDConfig/sssdoptions.py:505 msgid "URI of an LDAP server where password changes are allowed" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:505 +#: src/config/SSSDConfig/sssdoptions.py:506 msgid "URI of a backup LDAP server where password changes are allowed" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:506 +#: src/config/SSSDConfig/sssdoptions.py:507 msgid "DNS service name for LDAP password change server" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:507 +#: src/config/SSSDConfig/sssdoptions.py:508 msgid "" "Whether to update the ldap_user_shadow_last_change attribute after a " "password change" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:511 +#: src/config/SSSDConfig/sssdoptions.py:512 msgid "Base DN for sudo rules lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:512 +#: src/config/SSSDConfig/sssdoptions.py:513 msgid "Automatic full refresh period" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:513 +#: src/config/SSSDConfig/sssdoptions.py:514 msgid "Automatic smart refresh period" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:514 +#: src/config/SSSDConfig/sssdoptions.py:515 msgid "Smart and full refresh random offset" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:515 +#: src/config/SSSDConfig/sssdoptions.py:516 msgid "Whether to filter rules by hostname, IP addresses and network" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:516 +#: src/config/SSSDConfig/sssdoptions.py:517 msgid "" "Hostnames and/or fully qualified domain names of this machine to filter sudo " "rules" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:517 +#: src/config/SSSDConfig/sssdoptions.py:518 msgid "IPv4 or IPv6 addresses or network of this machine to filter sudo rules" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:518 +#: src/config/SSSDConfig/sssdoptions.py:519 msgid "Whether to include rules that contains netgroup in host attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:519 +#: src/config/SSSDConfig/sssdoptions.py:520 msgid "" "Whether to include rules that contains regular expression in host attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:520 +#: src/config/SSSDConfig/sssdoptions.py:521 msgid "Object class for sudo rules" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:521 +#: src/config/SSSDConfig/sssdoptions.py:522 msgid "Name of attribute that is used as object class for sudo rules" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:522 +#: src/config/SSSDConfig/sssdoptions.py:523 msgid "Sudo rule name" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:523 +#: src/config/SSSDConfig/sssdoptions.py:524 msgid "Sudo rule command attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:524 +#: src/config/SSSDConfig/sssdoptions.py:525 msgid "Sudo rule host attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:525 +#: src/config/SSSDConfig/sssdoptions.py:526 msgid "Sudo rule user attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:526 +#: src/config/SSSDConfig/sssdoptions.py:527 msgid "Sudo rule option attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:527 +#: src/config/SSSDConfig/sssdoptions.py:528 msgid "Sudo rule runas attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:528 +#: src/config/SSSDConfig/sssdoptions.py:529 msgid "Sudo rule runasuser attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:529 +#: src/config/SSSDConfig/sssdoptions.py:530 msgid "Sudo rule runasgroup attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:530 +#: src/config/SSSDConfig/sssdoptions.py:531 msgid "Sudo rule notbefore attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:531 +#: src/config/SSSDConfig/sssdoptions.py:532 msgid "Sudo rule notafter attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:532 +#: src/config/SSSDConfig/sssdoptions.py:533 msgid "Sudo rule order attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:535 +#: src/config/SSSDConfig/sssdoptions.py:536 msgid "Object class for automounter maps" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:536 +#: src/config/SSSDConfig/sssdoptions.py:537 msgid "Automounter map name attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:537 +#: src/config/SSSDConfig/sssdoptions.py:538 msgid "Object class for automounter map entries" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:538 +#: src/config/SSSDConfig/sssdoptions.py:539 msgid "Automounter map entry key attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:539 +#: src/config/SSSDConfig/sssdoptions.py:540 msgid "Automounter map entry value attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:540 +#: src/config/SSSDConfig/sssdoptions.py:541 msgid "Base DN for automounter map lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:541 +#: src/config/SSSDConfig/sssdoptions.py:542 msgid "The name of the automount master map in LDAP." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:544 +#: src/config/SSSDConfig/sssdoptions.py:545 msgid "Base DN for IP hosts lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:545 +#: src/config/SSSDConfig/sssdoptions.py:546 msgid "Object class for IP hosts" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:546 +#: src/config/SSSDConfig/sssdoptions.py:547 msgid "IP host name attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:547 +#: src/config/SSSDConfig/sssdoptions.py:548 msgid "IP host number (address) attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:548 +#: src/config/SSSDConfig/sssdoptions.py:549 msgid "IP host entryUSN attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:549 +#: src/config/SSSDConfig/sssdoptions.py:550 msgid "Base DN for IP networks lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:550 +#: src/config/SSSDConfig/sssdoptions.py:551 msgid "Object class for IP networks" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:551 +#: src/config/SSSDConfig/sssdoptions.py:552 msgid "IP network name attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:552 +#: src/config/SSSDConfig/sssdoptions.py:553 msgid "IP network number (address) attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:553 +#: src/config/SSSDConfig/sssdoptions.py:554 msgid "IP network entryUSN attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:556 +#: src/config/SSSDConfig/sssdoptions.py:557 msgid "Comma separated list of allowed users" msgstr "Списък разрешени потребители, разделени със запетая" -#: src/config/SSSDConfig/sssdoptions.py:557 +#: src/config/SSSDConfig/sssdoptions.py:558 msgid "Comma separated list of prohibited users" msgstr "Списък забранени потребители, разделени със запетая" -#: src/config/SSSDConfig/sssdoptions.py:558 +#: src/config/SSSDConfig/sssdoptions.py:559 msgid "" "Comma separated list of groups that are allowed to log in. This applies only " "to groups within this SSSD domain. Local groups are not evaluated." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:560 +#: src/config/SSSDConfig/sssdoptions.py:561 msgid "" "Comma separated list of groups that are explicitly denied access. This " "applies only to groups within this SSSD domain. Local groups are not " "evaluated." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:564 +#: src/config/SSSDConfig/sssdoptions.py:565 msgid "The number of preforked proxy children." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:567 +#: src/config/SSSDConfig/sssdoptions.py:568 msgid "The name of the NSS library to use" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:568 +#: src/config/SSSDConfig/sssdoptions.py:569 msgid "The name of the NSS library to use for hosts and networks lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:569 +#: src/config/SSSDConfig/sssdoptions.py:570 msgid "Whether to look up canonical group name from cache if possible" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:572 +#: src/config/SSSDConfig/sssdoptions.py:573 msgid "PAM stack to use" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:575 +#: src/config/SSSDConfig/sssdoptions.py:576 msgid "Path of passwd file sources." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:576 +#: src/config/SSSDConfig/sssdoptions.py:577 msgid "Path of group file sources." msgstr "" @@ -1888,67 +1892,67 @@ msgstr "" msgid "SSSD is already running\n" msgstr "" -#: src/providers/krb5/krb5_child.c:4007 src/providers/ldap/ldap_child.c:641 +#: src/providers/krb5/krb5_child.c:4027 src/providers/ldap/ldap_child.c:642 msgid "Allow core dumps" msgstr "" -#: src/providers/krb5/krb5_child.c:4009 src/providers/ldap/ldap_child.c:643 +#: src/providers/krb5/krb5_child.c:4029 src/providers/ldap/ldap_child.c:644 msgid "An open file descriptor for the debug logs" msgstr "" -#: src/providers/krb5/krb5_child.c:4012 +#: src/providers/krb5/krb5_child.c:4032 msgid "The user to create FAST ccache as" msgstr "" -#: src/providers/krb5/krb5_child.c:4014 +#: src/providers/krb5/krb5_child.c:4034 msgid "The group to create FAST ccache as" msgstr "" -#: src/providers/krb5/krb5_child.c:4016 +#: src/providers/krb5/krb5_child.c:4036 msgid "Use anonymous PKINIT to request FAST armor ticket" msgstr "" -#: src/providers/krb5/krb5_child.c:4018 +#: src/providers/krb5/krb5_child.c:4038 msgid "Kerberos realm to use" msgstr "" -#: src/providers/krb5/krb5_child.c:4020 +#: src/providers/krb5/krb5_child.c:4040 msgid "Requested lifetime of the ticket" msgstr "" -#: src/providers/krb5/krb5_child.c:4022 +#: src/providers/krb5/krb5_child.c:4042 msgid "Requested renewable lifetime of the ticket" msgstr "" -#: src/providers/krb5/krb5_child.c:4024 +#: src/providers/krb5/krb5_child.c:4044 msgid "FAST options ('never', 'try', 'demand')" msgstr "" -#: src/providers/krb5/krb5_child.c:4027 +#: src/providers/krb5/krb5_child.c:4047 msgid "Specifies the server principal to use for FAST" msgstr "" -#: src/providers/krb5/krb5_child.c:4029 +#: src/providers/krb5/krb5_child.c:4049 msgid "Requests canonicalization of the principal name" msgstr "" -#: src/providers/krb5/krb5_child.c:4031 +#: src/providers/krb5/krb5_child.c:4051 msgid "Use custom version of krb5_get_init_creds_password" msgstr "" -#: src/providers/krb5/krb5_child.c:4033 +#: src/providers/krb5/krb5_child.c:4053 msgid "Tevent chain ID used for logging purposes" msgstr "" -#: src/providers/krb5/krb5_child.c:4035 +#: src/providers/krb5/krb5_child.c:4055 msgid "Check PAC flags" msgstr "" -#: src/providers/krb5/krb5_child.c:4079 src/providers/ldap/ldap_child.c:669 +#: src/providers/krb5/krb5_child.c:4099 src/providers/ldap/ldap_child.c:670 msgid "talloc_asprintf failed.\n" msgstr "" -#: src/providers/krb5/krb5_child.c:4089 src/providers/ldap/ldap_child.c:678 +#: src/providers/krb5/krb5_child.c:4109 src/providers/ldap/ldap_child.c:679 msgid "set_debug_file_from_fd failed.\n" msgstr "" @@ -1992,119 +1996,131 @@ msgstr "Неочаквана грешка при търсене на описа msgid "Permission denied. " msgstr "" -#: src/sss_client/pam_sss.c:70 src/sss_client/pam_sss.c:819 -#: src/sss_client/pam_sss.c:830 +#: src/sss_client/pam_sss.c:70 src/sss_client/pam_sss.c:838 +#: src/sss_client/pam_sss.c:849 msgid "Server message: " msgstr "Съобщение от сървъра:" #: src/sss_client/pam_sss.c:71 +msgid "" +"Kerberos TGT will not be granted upon login, user experience will be " +"affected." +msgstr "" + +#: src/sss_client/pam_sss.c:72 msgid "Enter PIN:" msgstr "" -#: src/sss_client/pam_sss.c:314 +#: src/sss_client/pam_sss.c:315 msgid "Passwords do not match" msgstr "Паролите не съвпадат" -#: src/sss_client/pam_sss.c:502 +#: src/sss_client/pam_sss.c:503 msgid "Password reset by root is not supported." msgstr "Промяна на паролата от root не се поддържа." -#: src/sss_client/pam_sss.c:543 +#: src/sss_client/pam_sss.c:544 msgid "Authenticated with cached credentials" msgstr "Удостоверен с кеширани идентификационни данни" -#: src/sss_client/pam_sss.c:544 +#: src/sss_client/pam_sss.c:545 msgid ", your cached password will expire at: " msgstr ", кешираната парола ще изтече на: " -#: src/sss_client/pam_sss.c:574 +#: src/sss_client/pam_sss.c:575 #, c-format msgid "Your password has expired. You have %1$d grace login(s) remaining." msgstr "" -#: src/sss_client/pam_sss.c:624 +#: src/sss_client/pam_sss.c:625 #, c-format msgid "Your password will expire in %1$d %2$s." msgstr "" -#: src/sss_client/pam_sss.c:627 +#: src/sss_client/pam_sss.c:628 #, fuzzy, c-format msgid "Your password has expired." msgstr ", кешираната парола ще изтече на: " -#: src/sss_client/pam_sss.c:678 +#: src/sss_client/pam_sss.c:679 msgid "Authentication is denied until: " msgstr "Удостоверяването е забранено до: " -#: src/sss_client/pam_sss.c:699 +#: src/sss_client/pam_sss.c:700 msgid "System is offline, password change not possible" msgstr "Системата е офлайн, промяна на паролата не е възможна" -#: src/sss_client/pam_sss.c:714 +#: src/sss_client/pam_sss.c:715 msgid "" "After changing the OTP password, you need to log out and back in order to " "acquire a ticket" msgstr "" -#: src/sss_client/pam_sss.c:729 +#: src/sss_client/pam_sss.c:730 msgid "PIN locked" msgstr "" -#: src/sss_client/pam_sss.c:816 src/sss_client/pam_sss.c:829 +#: src/sss_client/pam_sss.c:745 +msgid "" +"No Kerberos TGT granted as the server does not support this method. Your " +"single-sign on(SSO) experience will be affected." +msgstr "" + +#: src/sss_client/pam_sss.c:835 src/sss_client/pam_sss.c:848 msgid "Password change failed. " msgstr "Промяната на паролата не успя." -#: src/sss_client/pam_sss.c:1797 +#: src/sss_client/pam_sss.c:1819 #, c-format msgid "Authenticate at %1$s and press ENTER." msgstr "" -#: src/sss_client/pam_sss.c:1800 +#: src/sss_client/pam_sss.c:1822 #, c-format msgid "Authenticate with PIN %1$s at %2$s and press ENTER." msgstr "" -#: src/sss_client/pam_sss.c:2153 +#: src/sss_client/pam_sss.c:2181 msgid "Please (re)insert (different) Smartcard" msgstr "" -#: src/sss_client/pam_sss.c:2352 +#: src/sss_client/pam_sss.c:2380 msgid "New Password: " msgstr "Нова парола:" -#: src/sss_client/pam_sss.c:2353 +#: src/sss_client/pam_sss.c:2381 msgid "Reenter new Password: " msgstr "Отново новата парола:" -#: src/sss_client/pam_sss.c:2523 src/sss_client/pam_sss.c:2526 +#: src/sss_client/pam_sss.c:2551 src/sss_client/pam_sss.c:2554 msgid "First Factor: " msgstr "" -#: src/sss_client/pam_sss.c:2524 src/sss_client/pam_sss.c:2707 +#: src/sss_client/pam_sss.c:2552 src/sss_client/pam_sss.c:2740 msgid "Second Factor (optional): " msgstr "" -#: src/sss_client/pam_sss.c:2527 src/sss_client/pam_sss.c:2710 +#: src/sss_client/pam_sss.c:2555 src/sss_client/pam_sss.c:2743 msgid "Second Factor: " msgstr "" -#: src/sss_client/pam_sss.c:2547 +#: src/sss_client/pam_sss.c:2575 msgid "Insert your passkey device, then press ENTER." msgstr "" -#: src/sss_client/pam_sss.c:2551 src/sss_client/pam_sss.c:2554 +#: src/sss_client/pam_sss.c:2579 src/sss_client/pam_sss.c:2587 msgid "Password: " msgstr "Парола:" -#: src/sss_client/pam_sss.c:2706 src/sss_client/pam_sss.c:2709 +#: src/sss_client/pam_sss.c:2739 src/sss_client/pam_sss.c:2742 msgid "First Factor (Current Password): " msgstr "" -#: src/sss_client/pam_sss.c:2713 +#: src/sss_client/pam_sss.c:2746 msgid "Current Password: " msgstr "Текуща парола:" -#: src/sss_client/pam_sss.c:3070 +#: src/sss_client/pam_sss.c:3103 msgid "Password expired. Change your password now." msgstr "Паролата Ви е остаряла. Сменете я сега." diff --git a/po/ca.po b/po/ca.po index ceb4adf3ca3..49569cb5065 100644 --- a/po/ca.po +++ b/po/ca.po @@ -14,7 +14,7 @@ msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" -"POT-Creation-Date: 2023-05-05 10:11+0200\n" +"POT-Creation-Date: 2023-09-07 11:48+0200\n" "PO-Revision-Date: 2017-10-15 03:02-0400\n" "Last-Translator: Robert Antoni Buj Gelonch \n" "Language-Team: Catalan (http://www.transifex.com/projects/p/sssd/language/" @@ -644,12 +644,12 @@ msgid "Whether to automatically update the client's DNS entry" msgstr "Si s'actualitza automàticament l'entrada DNS del client" #: src/config/SSSDConfig/sssdoptions.py:201 -#: src/config/SSSDConfig/sssdoptions.py:233 +#: src/config/SSSDConfig/sssdoptions.py:234 msgid "The TTL to apply to the client's DNS entry after updating it" msgstr "El TTL per aplicar a l'entrada DNS del client després d'actualitzar-ho" #: src/config/SSSDConfig/sssdoptions.py:202 -#: src/config/SSSDConfig/sssdoptions.py:234 +#: src/config/SSSDConfig/sssdoptions.py:235 msgid "The interface whose IP should be used for dynamic DNS updates" msgstr "" "La interfície amb la IP que s'hauria d'utilitzar per a les actualitzacions " @@ -738,37 +738,41 @@ msgid "" "(long term password) must have to be saved as SHA512 hash into the cache." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:228 +#: src/config/SSSDConfig/sssdoptions.py:226 +msgid "Local authentication methods policy " +msgstr "" + +#: src/config/SSSDConfig/sssdoptions.py:229 msgid "IPA domain" msgstr "Domini IPA" -#: src/config/SSSDConfig/sssdoptions.py:229 +#: src/config/SSSDConfig/sssdoptions.py:230 msgid "IPA server address" msgstr "Adreça del servidor IPA" -#: src/config/SSSDConfig/sssdoptions.py:230 +#: src/config/SSSDConfig/sssdoptions.py:231 msgid "Address of backup IPA server" msgstr "Adreça del servidor IPA de reserva " -#: src/config/SSSDConfig/sssdoptions.py:231 +#: src/config/SSSDConfig/sssdoptions.py:232 msgid "IPA client hostname" msgstr "Nom d'amfitrió del client IPA" -#: src/config/SSSDConfig/sssdoptions.py:232 +#: src/config/SSSDConfig/sssdoptions.py:233 msgid "Whether to automatically update the client's DNS entry in FreeIPA" msgstr "Si s'actualitza automàticament l'entrada DNS del client a FreeIPA" -#: src/config/SSSDConfig/sssdoptions.py:235 +#: src/config/SSSDConfig/sssdoptions.py:236 msgid "Search base for HBAC related objects" msgstr "Base de cerca per als objectes relacionats amb HBAC" -#: src/config/SSSDConfig/sssdoptions.py:236 +#: src/config/SSSDConfig/sssdoptions.py:237 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server" msgstr "" "Quantitat de temps entre recerques de les regles HBAC contra el servidor IPA" -#: src/config/SSSDConfig/sssdoptions.py:237 +#: src/config/SSSDConfig/sssdoptions.py:238 msgid "" "The amount of time in seconds between lookups of the SELinux maps against " "the IPA server" @@ -776,237 +780,237 @@ msgstr "" "Quantitat de temps en segons entre recerques de les assignacions SELinux " "contra el servidor IPA" -#: src/config/SSSDConfig/sssdoptions.py:239 +#: src/config/SSSDConfig/sssdoptions.py:240 msgid "If set to false, host argument given by PAM will be ignored" msgstr "" "Si s'estableix a fals, s'ignorarà l'argument de l'amfitrió proporcionat amb " "PAM" -#: src/config/SSSDConfig/sssdoptions.py:240 +#: src/config/SSSDConfig/sssdoptions.py:241 msgid "The automounter location this IPA client is using" msgstr "" "La ubicació de l'eina de muntatge automàtic que aquest client IPA està " "utilitzant" -#: src/config/SSSDConfig/sssdoptions.py:241 +#: src/config/SSSDConfig/sssdoptions.py:242 msgid "Search base for object containing info about IPA domain" msgstr "" "Base de cerca per a l'objecte que conté la informació sobre el domini de " "l'IPA" -#: src/config/SSSDConfig/sssdoptions.py:242 +#: src/config/SSSDConfig/sssdoptions.py:243 msgid "Search base for objects containing info about ID ranges" msgstr "" "Base de cerca per als objectes que contenen informació sobre els intervals " "d'id." -#: src/config/SSSDConfig/sssdoptions.py:243 -#: src/config/SSSDConfig/sssdoptions.py:299 +#: src/config/SSSDConfig/sssdoptions.py:244 +#: src/config/SSSDConfig/sssdoptions.py:300 msgid "Enable DNS sites - location based service discovery" msgstr "" "Habilita els llocs DNS - el descobriment del servei es basa en la ubicació" -#: src/config/SSSDConfig/sssdoptions.py:244 +#: src/config/SSSDConfig/sssdoptions.py:245 msgid "Search base for view containers" msgstr "Base de cerca per als contenidors de la vista" -#: src/config/SSSDConfig/sssdoptions.py:245 +#: src/config/SSSDConfig/sssdoptions.py:246 msgid "Objectclass for view containers" msgstr "Objectclass per als contenidors de la vista" -#: src/config/SSSDConfig/sssdoptions.py:246 +#: src/config/SSSDConfig/sssdoptions.py:247 msgid "Attribute with the name of the view" msgstr "L'atribut amb el nom de la vista" -#: src/config/SSSDConfig/sssdoptions.py:247 +#: src/config/SSSDConfig/sssdoptions.py:248 msgid "Objectclass for override objects" msgstr "Objectclass per substituir els objectes" -#: src/config/SSSDConfig/sssdoptions.py:248 +#: src/config/SSSDConfig/sssdoptions.py:249 msgid "Attribute with the reference to the original object" msgstr "L'atribut amb la referència a l'objecte original" -#: src/config/SSSDConfig/sssdoptions.py:249 +#: src/config/SSSDConfig/sssdoptions.py:250 msgid "Objectclass for user override objects" msgstr "Objectclass per als objectes de substitució d'usuari" -#: src/config/SSSDConfig/sssdoptions.py:250 +#: src/config/SSSDConfig/sssdoptions.py:251 msgid "Objectclass for group override objects" msgstr "Objectclass per als objectes de substitució de grup" -#: src/config/SSSDConfig/sssdoptions.py:251 +#: src/config/SSSDConfig/sssdoptions.py:252 msgid "Search base for Desktop Profile related objects" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:252 +#: src/config/SSSDConfig/sssdoptions.py:253 msgid "" "The amount of time in seconds between lookups of the Desktop Profile rules " "against the IPA server" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:254 +#: src/config/SSSDConfig/sssdoptions.py:255 msgid "" "The amount of time in minutes between lookups of Desktop Profiles rules " "against the IPA server when the last request did not find any rule" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:257 +#: src/config/SSSDConfig/sssdoptions.py:258 #, fuzzy msgid "Search base for SUBID ranges" msgstr "Base de cerca per als contenidors de la vista" -#: src/config/SSSDConfig/sssdoptions.py:258 -#: src/config/SSSDConfig/sssdoptions.py:501 +#: src/config/SSSDConfig/sssdoptions.py:259 +#: src/config/SSSDConfig/sssdoptions.py:502 msgid "Which rules should be used to evaluate access control" msgstr "Quines regles s'haurien d'utilitzar per avaluar el control d'accés" -#: src/config/SSSDConfig/sssdoptions.py:259 +#: src/config/SSSDConfig/sssdoptions.py:260 msgid "The LDAP attribute that contains FQDN of the host." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:260 -#: src/config/SSSDConfig/sssdoptions.py:283 +#: src/config/SSSDConfig/sssdoptions.py:261 +#: src/config/SSSDConfig/sssdoptions.py:284 msgid "The object class of a host entry in LDAP." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:261 +#: src/config/SSSDConfig/sssdoptions.py:262 msgid "Use the given string as search base for host objects." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:262 +#: src/config/SSSDConfig/sssdoptions.py:263 msgid "The LDAP attribute that contains the host's SSH public keys." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:263 +#: src/config/SSSDConfig/sssdoptions.py:264 msgid "The LDAP attribute that contains NIS domain name of the netgroup." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:264 +#: src/config/SSSDConfig/sssdoptions.py:265 msgid "The LDAP attribute that contains the names of the netgroup's members." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:265 +#: src/config/SSSDConfig/sssdoptions.py:266 msgid "" "The LDAP attribute that lists FQDNs of hosts and host groups that are " "members of the netgroup." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:267 +#: src/config/SSSDConfig/sssdoptions.py:268 msgid "" "The LDAP attribute that lists hosts and host groups that are direct members " "of the netgroup." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:269 +#: src/config/SSSDConfig/sssdoptions.py:270 msgid "The LDAP attribute that lists netgroup's memberships." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:270 +#: src/config/SSSDConfig/sssdoptions.py:271 msgid "" "The LDAP attribute that lists system users and groups that are direct " "members of the netgroup." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:272 +#: src/config/SSSDConfig/sssdoptions.py:273 msgid "The LDAP attribute that corresponds to the netgroup name." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:273 +#: src/config/SSSDConfig/sssdoptions.py:274 msgid "The object class of a netgroup entry in LDAP." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:274 +#: src/config/SSSDConfig/sssdoptions.py:275 msgid "" "The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:275 +#: src/config/SSSDConfig/sssdoptions.py:276 msgid "" "The LDAP attribute that contains whether or not is user map enabled for " "usage." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:277 +#: src/config/SSSDConfig/sssdoptions.py:278 msgid "The LDAP attribute that contains host category such as 'all'." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:278 +#: src/config/SSSDConfig/sssdoptions.py:279 msgid "" "The LDAP attribute that contains all hosts / hostgroups this rule match " "against." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:280 +#: src/config/SSSDConfig/sssdoptions.py:281 msgid "" "The LDAP attribute that contains all users / groups this rule match against." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:282 +#: src/config/SSSDConfig/sssdoptions.py:283 msgid "The LDAP attribute that contains the name of SELinux usermap." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:284 +#: src/config/SSSDConfig/sssdoptions.py:285 msgid "" "The LDAP attribute that contains DN of HBAC rule which can be used for " "matching instead of memberUser and memberHost." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:286 +#: src/config/SSSDConfig/sssdoptions.py:287 msgid "The LDAP attribute that contains SELinux user string itself." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:287 +#: src/config/SSSDConfig/sssdoptions.py:288 msgid "The LDAP attribute that contains user category such as 'all'." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:288 +#: src/config/SSSDConfig/sssdoptions.py:289 msgid "The LDAP attribute that contains unique ID of the user map." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:289 +#: src/config/SSSDConfig/sssdoptions.py:290 msgid "" "The option denotes that the SSSD is running on IPA server and should perform " "lookups of users and groups from trusted domains differently." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:291 +#: src/config/SSSDConfig/sssdoptions.py:292 msgid "Use the given string as search base for trusted domains." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:294 +#: src/config/SSSDConfig/sssdoptions.py:295 msgid "Active Directory domain" msgstr "Domini Active Directory" -#: src/config/SSSDConfig/sssdoptions.py:295 +#: src/config/SSSDConfig/sssdoptions.py:296 msgid "Enabled Active Directory domains" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:296 +#: src/config/SSSDConfig/sssdoptions.py:297 msgid "Active Directory server address" msgstr "Adreça del servidor de l'Active Directory" -#: src/config/SSSDConfig/sssdoptions.py:297 +#: src/config/SSSDConfig/sssdoptions.py:298 msgid "Active Directory backup server address" msgstr "Adreça del servidor de l'Active Directory de reserva" -#: src/config/SSSDConfig/sssdoptions.py:298 +#: src/config/SSSDConfig/sssdoptions.py:299 msgid "Active Directory client hostname" msgstr "Nom d'amfitrió del client d'Active Directory" -#: src/config/SSSDConfig/sssdoptions.py:300 -#: src/config/SSSDConfig/sssdoptions.py:499 +#: src/config/SSSDConfig/sssdoptions.py:301 +#: src/config/SSSDConfig/sssdoptions.py:500 msgid "LDAP filter to determine access privileges" msgstr "Filtre LDAP per determinar els privilegis d'accés" -#: src/config/SSSDConfig/sssdoptions.py:301 +#: src/config/SSSDConfig/sssdoptions.py:302 msgid "Whether to use the Global Catalog for lookups" msgstr "Si s'utilitza el catàleg global per a les recerques" -#: src/config/SSSDConfig/sssdoptions.py:302 +#: src/config/SSSDConfig/sssdoptions.py:303 msgid "Operation mode for GPO-based access control" msgstr "Mode d'operació per al control d'accés basat en GPO" -#: src/config/SSSDConfig/sssdoptions.py:303 +#: src/config/SSSDConfig/sssdoptions.py:304 msgid "" "The amount of time between lookups of the GPO policy files against the AD " "server" @@ -1014,7 +1018,7 @@ msgstr "" "Quantitat de temps entre recerques de fitxers de polítiques GPO contra el " "servidor d'AD" -#: src/config/SSSDConfig/sssdoptions.py:304 +#: src/config/SSSDConfig/sssdoptions.py:305 msgid "" "PAM service names that map to the GPO (Deny)InteractiveLogonRight policy " "settings" @@ -1022,7 +1026,7 @@ msgstr "" "Noms dels serveis del PAM que s'assignen als ajusts de les polítiques " "(Deny)InteractiveLogonRight del GPO" -#: src/config/SSSDConfig/sssdoptions.py:306 +#: src/config/SSSDConfig/sssdoptions.py:307 msgid "" "PAM service names that map to the GPO (Deny)RemoteInteractiveLogonRight " "policy settings" @@ -1030,297 +1034,297 @@ msgstr "" "Noms dels serveis del PAM que s'assignen als ajusts de les polítiques " "(Deny)RemoteInteractiveLogonRight del GPO" -#: src/config/SSSDConfig/sssdoptions.py:308 +#: src/config/SSSDConfig/sssdoptions.py:309 msgid "" "PAM service names that map to the GPO (Deny)NetworkLogonRight policy settings" msgstr "" "Noms dels serveis del PAM que s'assignen als ajusts de les polítiques " "(Deny)NetworkLogonRight del GPO" -#: src/config/SSSDConfig/sssdoptions.py:309 +#: src/config/SSSDConfig/sssdoptions.py:310 msgid "" "PAM service names that map to the GPO (Deny)BatchLogonRight policy settings" msgstr "" "Noms dels serveis del PAM que s'assignen als ajusts de les polítiques " "(Deny)BatchLogonRight del GPO" -#: src/config/SSSDConfig/sssdoptions.py:310 +#: src/config/SSSDConfig/sssdoptions.py:311 msgid "" "PAM service names that map to the GPO (Deny)ServiceLogonRight policy settings" msgstr "" "Noms dels serveis del PAM que s'assignen als ajusts de les polítiques " "(Deny)ServiceLogonRight del GPO" -#: src/config/SSSDConfig/sssdoptions.py:311 +#: src/config/SSSDConfig/sssdoptions.py:312 msgid "PAM service names for which GPO-based access is always granted" msgstr "" "Noms dels serveis del PAM als quals sempre se'ls garanteix l'accés basat en " "GPO" -#: src/config/SSSDConfig/sssdoptions.py:312 +#: src/config/SSSDConfig/sssdoptions.py:313 msgid "PAM service names for which GPO-based access is always denied" msgstr "" "Noms dels serveis del PAM als quals sempre se'ls denega l'accés basat en GPO" -#: src/config/SSSDConfig/sssdoptions.py:313 +#: src/config/SSSDConfig/sssdoptions.py:314 msgid "" "Default logon right (or permit/deny) to use for unmapped PAM service names" msgstr "" "Dret (permet o denega) predeterminat de l'inici de sessió a utilitzar per " "als noms dels serveis del PAM sense assignar" -#: src/config/SSSDConfig/sssdoptions.py:314 +#: src/config/SSSDConfig/sssdoptions.py:315 msgid "a particular site to be used by the client" msgstr "un lloc determinat per utilitzar amb el client" -#: src/config/SSSDConfig/sssdoptions.py:315 +#: src/config/SSSDConfig/sssdoptions.py:316 msgid "" "Maximum age in days before the machine account password should be renewed" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:317 +#: src/config/SSSDConfig/sssdoptions.py:318 msgid "Option for tuning the machine account renewal task" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:318 +#: src/config/SSSDConfig/sssdoptions.py:319 msgid "Whether to update the machine account password in the Samba database" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:320 +#: src/config/SSSDConfig/sssdoptions.py:321 msgid "Use LDAPS port for LDAP and Global Catalog requests" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:321 +#: src/config/SSSDConfig/sssdoptions.py:322 msgid "Do not filter domain local groups from other domains" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:324 #: src/config/SSSDConfig/sssdoptions.py:325 +#: src/config/SSSDConfig/sssdoptions.py:326 msgid "Kerberos server address" msgstr "Adreça del servidor Kerberos" -#: src/config/SSSDConfig/sssdoptions.py:326 +#: src/config/SSSDConfig/sssdoptions.py:327 msgid "Kerberos backup server address" msgstr "Adreça del servidor Kerberos de reserva" -#: src/config/SSSDConfig/sssdoptions.py:327 +#: src/config/SSSDConfig/sssdoptions.py:328 msgid "Kerberos realm" msgstr "Reialme Kerberos" -#: src/config/SSSDConfig/sssdoptions.py:328 +#: src/config/SSSDConfig/sssdoptions.py:329 msgid "Authentication timeout" msgstr "Temps d'expiració de l'autenticació" -#: src/config/SSSDConfig/sssdoptions.py:329 +#: src/config/SSSDConfig/sssdoptions.py:330 msgid "Whether to create kdcinfo files" msgstr "Si es creen els fitxers kdcinfo" -#: src/config/SSSDConfig/sssdoptions.py:330 +#: src/config/SSSDConfig/sssdoptions.py:331 msgid "Where to drop krb5 config snippets" msgstr "Si es rebutgen les parts de la configuració del krb5" -#: src/config/SSSDConfig/sssdoptions.py:333 +#: src/config/SSSDConfig/sssdoptions.py:334 msgid "Directory to store credential caches" msgstr "Directori per emmagatzemar la memòria cau de les credencials" -#: src/config/SSSDConfig/sssdoptions.py:334 +#: src/config/SSSDConfig/sssdoptions.py:335 msgid "Location of the user's credential cache" msgstr "Ubicació de la memòria cau de les credencials de l'usuari" -#: src/config/SSSDConfig/sssdoptions.py:335 +#: src/config/SSSDConfig/sssdoptions.py:336 msgid "Location of the keytab to validate credentials" msgstr "Ubicació de la clau per validar les credencials" -#: src/config/SSSDConfig/sssdoptions.py:336 +#: src/config/SSSDConfig/sssdoptions.py:337 msgid "Enable credential validation" msgstr "Habilita la validació de credencials" -#: src/config/SSSDConfig/sssdoptions.py:337 +#: src/config/SSSDConfig/sssdoptions.py:338 msgid "Store password if offline for later online authentication" msgstr "" "Emmagatzema la contrasenya si s'està desconnectat per a l'autenticació " "posterior amb connexió" -#: src/config/SSSDConfig/sssdoptions.py:338 +#: src/config/SSSDConfig/sssdoptions.py:339 msgid "Renewable lifetime of the TGT" msgstr "Temps de vida renovable del TGT" -#: src/config/SSSDConfig/sssdoptions.py:339 +#: src/config/SSSDConfig/sssdoptions.py:340 msgid "Lifetime of the TGT" msgstr "Temps de vida del TGT" -#: src/config/SSSDConfig/sssdoptions.py:340 +#: src/config/SSSDConfig/sssdoptions.py:341 msgid "Time between two checks for renewal" msgstr "Temps entre les dues comprovacions per a la renovació" -#: src/config/SSSDConfig/sssdoptions.py:341 +#: src/config/SSSDConfig/sssdoptions.py:342 msgid "Enables FAST" msgstr "Habilita FAST" -#: src/config/SSSDConfig/sssdoptions.py:342 +#: src/config/SSSDConfig/sssdoptions.py:343 msgid "Selects the principal to use for FAST" msgstr "Selecciona el principal per utilitzar amb FAST" -#: src/config/SSSDConfig/sssdoptions.py:343 +#: src/config/SSSDConfig/sssdoptions.py:344 msgid "Use anonymous PKINIT to request FAST credentials" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:344 +#: src/config/SSSDConfig/sssdoptions.py:345 msgid "Enables principal canonicalization" msgstr "Habilita la canonització del principal" -#: src/config/SSSDConfig/sssdoptions.py:345 +#: src/config/SSSDConfig/sssdoptions.py:346 msgid "Enables enterprise principals" msgstr "Habilita els principals empresarials" -#: src/config/SSSDConfig/sssdoptions.py:346 +#: src/config/SSSDConfig/sssdoptions.py:347 msgid "Enables using of subdomains realms for authentication" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:347 +#: src/config/SSSDConfig/sssdoptions.py:348 msgid "A mapping from user names to Kerberos principal names" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:350 #: src/config/SSSDConfig/sssdoptions.py:351 +#: src/config/SSSDConfig/sssdoptions.py:352 msgid "Server where the change password service is running if not on the KDC" msgstr "" "Servidor on es troba el servei de canvi de contrasenya si no està al KDC" -#: src/config/SSSDConfig/sssdoptions.py:354 +#: src/config/SSSDConfig/sssdoptions.py:355 msgid "ldap_uri, The URI of the LDAP server" msgstr "ldap_uri, L'URI del servidor LDAP" -#: src/config/SSSDConfig/sssdoptions.py:355 +#: src/config/SSSDConfig/sssdoptions.py:356 msgid "ldap_backup_uri, The URI of the LDAP server" msgstr "ldap_backup_uri, L'URI del servidor LDAP" -#: src/config/SSSDConfig/sssdoptions.py:356 +#: src/config/SSSDConfig/sssdoptions.py:357 msgid "The default base DN" msgstr "El DN base per defecte" -#: src/config/SSSDConfig/sssdoptions.py:357 +#: src/config/SSSDConfig/sssdoptions.py:358 msgid "The Schema Type in use on the LDAP server, rfc2307" msgstr "El tipus d'esquema en ús al servidor LDAP, rfc2307" -#: src/config/SSSDConfig/sssdoptions.py:358 +#: src/config/SSSDConfig/sssdoptions.py:359 msgid "Mode used to change user password" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:359 +#: src/config/SSSDConfig/sssdoptions.py:360 msgid "The default bind DN" msgstr "El DN de creació del vincle per defecte" -#: src/config/SSSDConfig/sssdoptions.py:360 +#: src/config/SSSDConfig/sssdoptions.py:361 msgid "The type of the authentication token of the default bind DN" msgstr "" "El tipus del testimoni d'autenticació del DN de creació del vincle per " "defecte" -#: src/config/SSSDConfig/sssdoptions.py:361 +#: src/config/SSSDConfig/sssdoptions.py:362 msgid "The authentication token of the default bind DN" msgstr "El testimoni d'autenticació del DN de creació del vincle per defecte" -#: src/config/SSSDConfig/sssdoptions.py:362 +#: src/config/SSSDConfig/sssdoptions.py:363 msgid "Length of time to attempt connection" msgstr "Període de temps per intentar una connexió" -#: src/config/SSSDConfig/sssdoptions.py:363 +#: src/config/SSSDConfig/sssdoptions.py:364 msgid "Length of time to attempt synchronous LDAP operations" msgstr "Període de temps per intentar operacions LDAP asíncrones" -#: src/config/SSSDConfig/sssdoptions.py:364 +#: src/config/SSSDConfig/sssdoptions.py:365 msgid "Length of time between attempts to reconnect while offline" msgstr "" "Període de temps entre els intents per tornar a connectar mentre s'està " "desconnectat" -#: src/config/SSSDConfig/sssdoptions.py:365 +#: src/config/SSSDConfig/sssdoptions.py:366 msgid "Use only the upper case for realm names" msgstr "Utilitza només majúscules pels noms de reialme" -#: src/config/SSSDConfig/sssdoptions.py:366 +#: src/config/SSSDConfig/sssdoptions.py:367 msgid "File that contains CA certificates" msgstr "Fitxer que conté els certificats de l'AC" -#: src/config/SSSDConfig/sssdoptions.py:367 +#: src/config/SSSDConfig/sssdoptions.py:368 msgid "Path to CA certificate directory" msgstr "Camí al directori del certificat de l'AC" -#: src/config/SSSDConfig/sssdoptions.py:368 +#: src/config/SSSDConfig/sssdoptions.py:369 msgid "File that contains the client certificate" msgstr "Fitxer que conté el certificat de client" -#: src/config/SSSDConfig/sssdoptions.py:369 +#: src/config/SSSDConfig/sssdoptions.py:370 msgid "File that contains the client key" msgstr "Fitxer que conté la clau de client" -#: src/config/SSSDConfig/sssdoptions.py:370 +#: src/config/SSSDConfig/sssdoptions.py:371 msgid "List of possible ciphers suites" msgstr "Llista de paquets de xifrat possibles" -#: src/config/SSSDConfig/sssdoptions.py:371 +#: src/config/SSSDConfig/sssdoptions.py:372 msgid "Require TLS certificate verification" msgstr "Requereix verificació de certificat TLS" -#: src/config/SSSDConfig/sssdoptions.py:372 +#: src/config/SSSDConfig/sssdoptions.py:373 msgid "Specify the sasl mechanism to use" msgstr "Especifica el mecanisme SASL a utilitzar" -#: src/config/SSSDConfig/sssdoptions.py:373 +#: src/config/SSSDConfig/sssdoptions.py:374 msgid "Specify the sasl authorization id to use" msgstr "Especifica l'id. d'autorització SASL a utilitzar" -#: src/config/SSSDConfig/sssdoptions.py:374 +#: src/config/SSSDConfig/sssdoptions.py:375 msgid "Specify the sasl authorization realm to use" msgstr "Especifica el reialme d'autorització SASL a utilitzar" -#: src/config/SSSDConfig/sssdoptions.py:375 +#: src/config/SSSDConfig/sssdoptions.py:376 msgid "Specify the minimal SSF for LDAP sasl authorization" msgstr "Especifica el SSF mínim per a l'autorització SASL de LDAP" -#: src/config/SSSDConfig/sssdoptions.py:376 +#: src/config/SSSDConfig/sssdoptions.py:377 msgid "Specify the maximal SSF for LDAP sasl authorization" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:377 +#: src/config/SSSDConfig/sssdoptions.py:378 msgid "Kerberos service keytab" msgstr "Taula de claus del servei del Kerberos" -#: src/config/SSSDConfig/sssdoptions.py:378 +#: src/config/SSSDConfig/sssdoptions.py:379 msgid "Use Kerberos auth for LDAP connection" msgstr "Utilitza l'autenticació Kerberos per a la connexió LDAP" -#: src/config/SSSDConfig/sssdoptions.py:379 +#: src/config/SSSDConfig/sssdoptions.py:380 msgid "Follow LDAP referrals" msgstr "Segueix les referències LDAP" -#: src/config/SSSDConfig/sssdoptions.py:380 +#: src/config/SSSDConfig/sssdoptions.py:381 msgid "Lifetime of TGT for LDAP connection" msgstr "Temps de vida del TGT per la connexió LDAP" -#: src/config/SSSDConfig/sssdoptions.py:381 +#: src/config/SSSDConfig/sssdoptions.py:382 msgid "How to dereference aliases" msgstr "Com desreferenciar els àlies" -#: src/config/SSSDConfig/sssdoptions.py:382 +#: src/config/SSSDConfig/sssdoptions.py:383 msgid "Service name for DNS service lookups" msgstr "Nom del servei per a la recerca del servei del DNS" -#: src/config/SSSDConfig/sssdoptions.py:383 +#: src/config/SSSDConfig/sssdoptions.py:384 msgid "The number of records to retrieve in a single LDAP query" msgstr "El nombre de registres a recuperar en una sola consulta LDAP" -#: src/config/SSSDConfig/sssdoptions.py:384 +#: src/config/SSSDConfig/sssdoptions.py:385 msgid "The number of members that must be missing to trigger a full deref" msgstr "" "El nombre de membres que han de faltar per activar una de-referència completa" -#: src/config/SSSDConfig/sssdoptions.py:385 +#: src/config/SSSDConfig/sssdoptions.py:386 msgid "Ignore unreadable LDAP references" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:386 +#: src/config/SSSDConfig/sssdoptions.py:387 msgid "" "Whether the LDAP library should perform a reverse lookup to canonicalize the " "host name during a SASL bind" @@ -1328,413 +1332,413 @@ msgstr "" "Si la biblioteca LDAP hauria de realitzar una recerca inversa per canonitzar " "el nom d'amfitrió durant la creació del vincle SASL" -#: src/config/SSSDConfig/sssdoptions.py:388 +#: src/config/SSSDConfig/sssdoptions.py:389 msgid "" "Allows to retain local users as members of an LDAP group for servers that " "use the RFC2307 schema." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:391 +#: src/config/SSSDConfig/sssdoptions.py:392 msgid "entryUSN attribute" msgstr "L'atribut entryUSN" -#: src/config/SSSDConfig/sssdoptions.py:392 +#: src/config/SSSDConfig/sssdoptions.py:393 msgid "lastUSN attribute" msgstr "L'atribut lastUSN" -#: src/config/SSSDConfig/sssdoptions.py:394 +#: src/config/SSSDConfig/sssdoptions.py:395 msgid "How long to retain a connection to the LDAP server before disconnecting" msgstr "" "Quant de temps s'ha de retenir una connexió al servidor LDAP abans de " "desconnectar" -#: src/config/SSSDConfig/sssdoptions.py:397 +#: src/config/SSSDConfig/sssdoptions.py:398 msgid "Disable the LDAP paging control" msgstr "Inhabilita el control de paginació LDAP" -#: src/config/SSSDConfig/sssdoptions.py:398 +#: src/config/SSSDConfig/sssdoptions.py:399 msgid "Disable Active Directory range retrieval" msgstr "Inhabilita la recuperació de l'interval de l'Active Directory" -#: src/config/SSSDConfig/sssdoptions.py:401 +#: src/config/SSSDConfig/sssdoptions.py:402 msgid "Length of time to wait for a search request" msgstr "Període de temps per esperar una petició de cerca" -#: src/config/SSSDConfig/sssdoptions.py:402 +#: src/config/SSSDConfig/sssdoptions.py:403 msgid "Length of time to wait for a enumeration request" msgstr "Període de temps per esperar una petició d'enumeració" -#: src/config/SSSDConfig/sssdoptions.py:403 +#: src/config/SSSDConfig/sssdoptions.py:404 msgid "Length of time between enumeration updates" msgstr "Període de temps entre les actualitzacions de les enumeracions" -#: src/config/SSSDConfig/sssdoptions.py:404 +#: src/config/SSSDConfig/sssdoptions.py:405 #, fuzzy msgid "Maximum period deviation between enumeration updates" msgstr "Període de temps entre les actualitzacions de les enumeracions" -#: src/config/SSSDConfig/sssdoptions.py:405 +#: src/config/SSSDConfig/sssdoptions.py:406 msgid "Length of time between cache cleanups" msgstr "Període de temps entre les neteges de la memòria cau" -#: src/config/SSSDConfig/sssdoptions.py:406 +#: src/config/SSSDConfig/sssdoptions.py:407 #, fuzzy msgid "Maximum time deviation between cache cleanups" msgstr "Període de temps entre les neteges de la memòria cau" -#: src/config/SSSDConfig/sssdoptions.py:407 +#: src/config/SSSDConfig/sssdoptions.py:408 msgid "Require TLS for ID lookups" msgstr "Requereix TLS per a la recerca d'id." -#: src/config/SSSDConfig/sssdoptions.py:408 +#: src/config/SSSDConfig/sssdoptions.py:409 msgid "Use ID-mapping of objectSID instead of pre-set IDs" msgstr "" "Utilitza l'assignació dels id. de l'objectSID en lloc dels id. pre-establerts" -#: src/config/SSSDConfig/sssdoptions.py:409 +#: src/config/SSSDConfig/sssdoptions.py:410 msgid "Base DN for user lookups" msgstr "DN base per a la recerca de l'usuari" -#: src/config/SSSDConfig/sssdoptions.py:410 +#: src/config/SSSDConfig/sssdoptions.py:411 msgid "Scope of user lookups" msgstr "Abast de la recerca de l'usuari" -#: src/config/SSSDConfig/sssdoptions.py:411 +#: src/config/SSSDConfig/sssdoptions.py:412 msgid "Filter for user lookups" msgstr "Filtre per a la recerca de l'usuari" -#: src/config/SSSDConfig/sssdoptions.py:412 +#: src/config/SSSDConfig/sssdoptions.py:413 msgid "Objectclass for users" msgstr "Objectclass per als usuaris" -#: src/config/SSSDConfig/sssdoptions.py:413 +#: src/config/SSSDConfig/sssdoptions.py:414 msgid "Username attribute" msgstr "L'atribut nom d'usuari" -#: src/config/SSSDConfig/sssdoptions.py:414 +#: src/config/SSSDConfig/sssdoptions.py:415 msgid "UID attribute" msgstr "L'atribut UID" -#: src/config/SSSDConfig/sssdoptions.py:415 +#: src/config/SSSDConfig/sssdoptions.py:416 msgid "Primary GID attribute" msgstr "L'atribut GID primari" -#: src/config/SSSDConfig/sssdoptions.py:416 +#: src/config/SSSDConfig/sssdoptions.py:417 msgid "GECOS attribute" msgstr "L'atribut GECOS" -#: src/config/SSSDConfig/sssdoptions.py:417 +#: src/config/SSSDConfig/sssdoptions.py:418 msgid "Home directory attribute" msgstr "L'atribut directori inicial" -#: src/config/SSSDConfig/sssdoptions.py:418 +#: src/config/SSSDConfig/sssdoptions.py:419 msgid "Shell attribute" msgstr "L'atribut shell" -#: src/config/SSSDConfig/sssdoptions.py:419 +#: src/config/SSSDConfig/sssdoptions.py:420 msgid "UUID attribute" msgstr "L'atribut UUID" -#: src/config/SSSDConfig/sssdoptions.py:420 -#: src/config/SSSDConfig/sssdoptions.py:459 +#: src/config/SSSDConfig/sssdoptions.py:421 +#: src/config/SSSDConfig/sssdoptions.py:460 msgid "objectSID attribute" msgstr "L'atribut objectSID" -#: src/config/SSSDConfig/sssdoptions.py:421 +#: src/config/SSSDConfig/sssdoptions.py:422 msgid "Active Directory primary group attribute for ID-mapping" msgstr "L'atribut grup primari de l'Active Directory per a l'assignació d'id." -#: src/config/SSSDConfig/sssdoptions.py:422 +#: src/config/SSSDConfig/sssdoptions.py:423 msgid "User principal attribute (for Kerberos)" msgstr "L'atribut usuari principal (per a Kerberos)" -#: src/config/SSSDConfig/sssdoptions.py:423 +#: src/config/SSSDConfig/sssdoptions.py:424 msgid "Full Name" msgstr "Nom complet" -#: src/config/SSSDConfig/sssdoptions.py:424 +#: src/config/SSSDConfig/sssdoptions.py:425 msgid "memberOf attribute" msgstr "L'atribut memberOf" -#: src/config/SSSDConfig/sssdoptions.py:425 +#: src/config/SSSDConfig/sssdoptions.py:426 msgid "Modification time attribute" msgstr "L'atribut data de modificació" -#: src/config/SSSDConfig/sssdoptions.py:426 +#: src/config/SSSDConfig/sssdoptions.py:427 msgid "shadowLastChange attribute" msgstr "L'atribut shadowLastChange" -#: src/config/SSSDConfig/sssdoptions.py:427 +#: src/config/SSSDConfig/sssdoptions.py:428 msgid "shadowMin attribute" msgstr "L'atribut shadowMin" -#: src/config/SSSDConfig/sssdoptions.py:428 +#: src/config/SSSDConfig/sssdoptions.py:429 msgid "shadowMax attribute" msgstr "L'atribut shadowMax" -#: src/config/SSSDConfig/sssdoptions.py:429 +#: src/config/SSSDConfig/sssdoptions.py:430 msgid "shadowWarning attribute" msgstr "L'atribut shadowWarning" -#: src/config/SSSDConfig/sssdoptions.py:430 +#: src/config/SSSDConfig/sssdoptions.py:431 msgid "shadowInactive attribute" msgstr "L'atribut shadowInactive" -#: src/config/SSSDConfig/sssdoptions.py:431 +#: src/config/SSSDConfig/sssdoptions.py:432 msgid "shadowExpire attribute" msgstr "L'atribut shadowExpire" -#: src/config/SSSDConfig/sssdoptions.py:432 +#: src/config/SSSDConfig/sssdoptions.py:433 msgid "shadowFlag attribute" msgstr "L'atribut shadowFlag" -#: src/config/SSSDConfig/sssdoptions.py:433 +#: src/config/SSSDConfig/sssdoptions.py:434 msgid "Attribute listing authorized PAM services" msgstr "L'atribut que llista els serveis PAM autoritzats" -#: src/config/SSSDConfig/sssdoptions.py:434 +#: src/config/SSSDConfig/sssdoptions.py:435 msgid "Attribute listing authorized server hosts" msgstr "L'atribut que llista els amfitrions dels servidors autoritzats" -#: src/config/SSSDConfig/sssdoptions.py:435 +#: src/config/SSSDConfig/sssdoptions.py:436 msgid "Attribute listing authorized server rhosts" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:436 +#: src/config/SSSDConfig/sssdoptions.py:437 msgid "krbLastPwdChange attribute" msgstr "L'atribut krbLastPwdChange" -#: src/config/SSSDConfig/sssdoptions.py:437 +#: src/config/SSSDConfig/sssdoptions.py:438 msgid "krbPasswordExpiration attribute" msgstr "L'atribut krbPasswordExpiration" -#: src/config/SSSDConfig/sssdoptions.py:438 +#: src/config/SSSDConfig/sssdoptions.py:439 msgid "Attribute indicating that server side password policies are active" msgstr "" "L'atribut que indica l'activació de les polítiques de contrasenya de servidor" -#: src/config/SSSDConfig/sssdoptions.py:439 +#: src/config/SSSDConfig/sssdoptions.py:440 msgid "accountExpires attribute of AD" msgstr "L'atribut accountExpires de l'AD" -#: src/config/SSSDConfig/sssdoptions.py:440 +#: src/config/SSSDConfig/sssdoptions.py:441 msgid "userAccountControl attribute of AD" msgstr "L'atribut userAccountControl de l'AD" -#: src/config/SSSDConfig/sssdoptions.py:441 +#: src/config/SSSDConfig/sssdoptions.py:442 msgid "nsAccountLock attribute" msgstr "L'atribut nsAccountLock" -#: src/config/SSSDConfig/sssdoptions.py:442 +#: src/config/SSSDConfig/sssdoptions.py:443 msgid "loginDisabled attribute of NDS" msgstr "L'atribut loginDisabled del NDS" -#: src/config/SSSDConfig/sssdoptions.py:443 +#: src/config/SSSDConfig/sssdoptions.py:444 msgid "loginExpirationTime attribute of NDS" msgstr "L'atribut loginExpirationTime del NDS" -#: src/config/SSSDConfig/sssdoptions.py:444 +#: src/config/SSSDConfig/sssdoptions.py:445 msgid "loginAllowedTimeMap attribute of NDS" msgstr "L'atribut loginAllowedTimeMap del NDS" -#: src/config/SSSDConfig/sssdoptions.py:445 +#: src/config/SSSDConfig/sssdoptions.py:446 msgid "SSH public key attribute" msgstr "L'atribut clau pública SSH" -#: src/config/SSSDConfig/sssdoptions.py:446 +#: src/config/SSSDConfig/sssdoptions.py:447 msgid "attribute listing allowed authentication types for a user" msgstr "atribut que llista els tipus permesos d'autenticació per a un usuari" -#: src/config/SSSDConfig/sssdoptions.py:447 +#: src/config/SSSDConfig/sssdoptions.py:448 msgid "attribute containing the X509 certificate of the user" msgstr "atribut que conté el certificat X509 de l'usuari" -#: src/config/SSSDConfig/sssdoptions.py:448 +#: src/config/SSSDConfig/sssdoptions.py:449 msgid "attribute containing the email address of the user" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:449 +#: src/config/SSSDConfig/sssdoptions.py:450 #, fuzzy msgid "attribute containing the passkey mapping data of the user" msgstr "atribut que conté el certificat X509 de l'usuari" -#: src/config/SSSDConfig/sssdoptions.py:450 +#: src/config/SSSDConfig/sssdoptions.py:451 msgid "A list of extra attributes to download along with the user entry" msgstr "" "Una llista dels atributs extres per baixar juntament amb l'entrada de " "l'usuari" -#: src/config/SSSDConfig/sssdoptions.py:452 +#: src/config/SSSDConfig/sssdoptions.py:453 msgid "Base DN for group lookups" msgstr "DN base per a la recerca del grup" -#: src/config/SSSDConfig/sssdoptions.py:453 +#: src/config/SSSDConfig/sssdoptions.py:454 msgid "Objectclass for groups" msgstr "L'objectclass per als grups" -#: src/config/SSSDConfig/sssdoptions.py:454 +#: src/config/SSSDConfig/sssdoptions.py:455 msgid "Group name" msgstr "Nom del grup" -#: src/config/SSSDConfig/sssdoptions.py:455 +#: src/config/SSSDConfig/sssdoptions.py:456 msgid "Group password" msgstr "Contrasenya del grup" -#: src/config/SSSDConfig/sssdoptions.py:456 +#: src/config/SSSDConfig/sssdoptions.py:457 msgid "GID attribute" msgstr "L'atribut GID" -#: src/config/SSSDConfig/sssdoptions.py:457 +#: src/config/SSSDConfig/sssdoptions.py:458 msgid "Group member attribute" msgstr "L'atribut membre del grup" -#: src/config/SSSDConfig/sssdoptions.py:458 +#: src/config/SSSDConfig/sssdoptions.py:459 msgid "Group UUID attribute" msgstr "L'atribut UUID del grup" -#: src/config/SSSDConfig/sssdoptions.py:460 +#: src/config/SSSDConfig/sssdoptions.py:461 msgid "Modification time attribute for groups" msgstr "L'atribut data de modificació per als grups" -#: src/config/SSSDConfig/sssdoptions.py:461 +#: src/config/SSSDConfig/sssdoptions.py:462 msgid "Type of the group and other flags" msgstr "Tipus del grup i altres senyals" -#: src/config/SSSDConfig/sssdoptions.py:462 +#: src/config/SSSDConfig/sssdoptions.py:463 msgid "The LDAP group external member attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:463 +#: src/config/SSSDConfig/sssdoptions.py:464 msgid "Maximum nesting level SSSD will follow" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:464 +#: src/config/SSSDConfig/sssdoptions.py:465 msgid "Filter for group lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:465 +#: src/config/SSSDConfig/sssdoptions.py:466 msgid "Scope of group lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:467 +#: src/config/SSSDConfig/sssdoptions.py:468 msgid "Base DN for netgroup lookups" msgstr "DN base per a la recerca del grup de xarxa" -#: src/config/SSSDConfig/sssdoptions.py:468 +#: src/config/SSSDConfig/sssdoptions.py:469 msgid "Objectclass for netgroups" msgstr "L'objectclass per als grups de xarxa" -#: src/config/SSSDConfig/sssdoptions.py:469 +#: src/config/SSSDConfig/sssdoptions.py:470 msgid "Netgroup name" msgstr "Nom de grup de xarxa" -#: src/config/SSSDConfig/sssdoptions.py:470 +#: src/config/SSSDConfig/sssdoptions.py:471 msgid "Netgroups members attribute" msgstr "L'atribut membres del grup de xarxa" -#: src/config/SSSDConfig/sssdoptions.py:471 +#: src/config/SSSDConfig/sssdoptions.py:472 msgid "Netgroup triple attribute" msgstr "L'atribut triple del grup de xarxa" -#: src/config/SSSDConfig/sssdoptions.py:472 +#: src/config/SSSDConfig/sssdoptions.py:473 msgid "Modification time attribute for netgroups" msgstr "L'atribut data de modificació per als grups de xarxa" -#: src/config/SSSDConfig/sssdoptions.py:474 +#: src/config/SSSDConfig/sssdoptions.py:475 msgid "Base DN for service lookups" msgstr "DN base per a la recerca del servei" -#: src/config/SSSDConfig/sssdoptions.py:475 +#: src/config/SSSDConfig/sssdoptions.py:476 msgid "Objectclass for services" msgstr "Objectclass per als serveis" -#: src/config/SSSDConfig/sssdoptions.py:476 +#: src/config/SSSDConfig/sssdoptions.py:477 msgid "Service name attribute" msgstr "L'atribut nom del servei" -#: src/config/SSSDConfig/sssdoptions.py:477 +#: src/config/SSSDConfig/sssdoptions.py:478 msgid "Service port attribute" msgstr "L'atribut port del servei" -#: src/config/SSSDConfig/sssdoptions.py:478 +#: src/config/SSSDConfig/sssdoptions.py:479 msgid "Service protocol attribute" msgstr "L'atribut protocol del servei" -#: src/config/SSSDConfig/sssdoptions.py:480 +#: src/config/SSSDConfig/sssdoptions.py:481 msgid "Lower bound for ID-mapping" msgstr "Límit inferior per a l'assignació d'id." -#: src/config/SSSDConfig/sssdoptions.py:481 +#: src/config/SSSDConfig/sssdoptions.py:482 msgid "Upper bound for ID-mapping" msgstr "Límit superior per a l'assignació d'id." -#: src/config/SSSDConfig/sssdoptions.py:482 +#: src/config/SSSDConfig/sssdoptions.py:483 msgid "Number of IDs for each slice when ID-mapping" msgstr "Nombres d'id. per cada porció en l'assignació d'id." -#: src/config/SSSDConfig/sssdoptions.py:483 +#: src/config/SSSDConfig/sssdoptions.py:484 msgid "Use autorid-compatible algorithm for ID-mapping" msgstr "Utilitza l'algoritme compatible d'autorid per a l'assignació d'id." -#: src/config/SSSDConfig/sssdoptions.py:484 +#: src/config/SSSDConfig/sssdoptions.py:485 msgid "Name of the default domain for ID-mapping" msgstr "Nom del domini per defecte per a l'assignació d'id." -#: src/config/SSSDConfig/sssdoptions.py:485 +#: src/config/SSSDConfig/sssdoptions.py:486 msgid "SID of the default domain for ID-mapping" msgstr "SID del domini per defecte per a l'assignació d'id." -#: src/config/SSSDConfig/sssdoptions.py:486 +#: src/config/SSSDConfig/sssdoptions.py:487 msgid "Number of secondary slices" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:488 +#: src/config/SSSDConfig/sssdoptions.py:489 msgid "Whether to use Token-Groups" msgstr "Si s'utilitzen els grups amb testimonis" -#: src/config/SSSDConfig/sssdoptions.py:489 +#: src/config/SSSDConfig/sssdoptions.py:490 msgid "Set lower boundary for allowed IDs from the LDAP server" msgstr "Estableix el límit inferior per als id. permesos del servidor LDAP" -#: src/config/SSSDConfig/sssdoptions.py:490 +#: src/config/SSSDConfig/sssdoptions.py:491 msgid "Set upper boundary for allowed IDs from the LDAP server" msgstr "Estableix el límit superior per als id. permesos del servidor LDAP" -#: src/config/SSSDConfig/sssdoptions.py:491 +#: src/config/SSSDConfig/sssdoptions.py:492 msgid "DN for ppolicy queries" msgstr "DN per a les consultes ppolicy" -#: src/config/SSSDConfig/sssdoptions.py:492 +#: src/config/SSSDConfig/sssdoptions.py:493 msgid "How many maximum entries to fetch during a wildcard request" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:493 +#: src/config/SSSDConfig/sssdoptions.py:494 msgid "Set libldap debug level" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:496 +#: src/config/SSSDConfig/sssdoptions.py:497 msgid "Policy to evaluate the password expiration" msgstr "Política per avaluar el venciment de la contrasenya" -#: src/config/SSSDConfig/sssdoptions.py:500 +#: src/config/SSSDConfig/sssdoptions.py:501 msgid "Which attributes shall be used to evaluate if an account is expired" msgstr "" "Quins atributs s'haurien d'utilitzar per avaluar si el compte ha vençut" -#: src/config/SSSDConfig/sssdoptions.py:504 +#: src/config/SSSDConfig/sssdoptions.py:505 msgid "URI of an LDAP server where password changes are allowed" msgstr "URI d'un servidor LDAP on es permeten els canvis de contrasenya" -#: src/config/SSSDConfig/sssdoptions.py:505 +#: src/config/SSSDConfig/sssdoptions.py:506 msgid "URI of a backup LDAP server where password changes are allowed" msgstr "" "URI d'un servidor LDAP de reserva on es permeten els canvis de contrasenya" -#: src/config/SSSDConfig/sssdoptions.py:506 +#: src/config/SSSDConfig/sssdoptions.py:507 msgid "DNS service name for LDAP password change server" msgstr "Nom del servei DNS pel servidor LDAP de canvi de contrasenyes" -#: src/config/SSSDConfig/sssdoptions.py:507 +#: src/config/SSSDConfig/sssdoptions.py:508 msgid "" "Whether to update the ldap_user_shadow_last_change attribute after a " "password change" @@ -1742,27 +1746,27 @@ msgstr "" "Si s'actualitza l'atribut ldap_user_shadow_last_change després d'un canvi de " "contrasenya" -#: src/config/SSSDConfig/sssdoptions.py:511 +#: src/config/SSSDConfig/sssdoptions.py:512 msgid "Base DN for sudo rules lookups" msgstr "DN base per a la recerca de les regles sudo" -#: src/config/SSSDConfig/sssdoptions.py:512 +#: src/config/SSSDConfig/sssdoptions.py:513 msgid "Automatic full refresh period" msgstr "Període d'actualització automàtica completa" -#: src/config/SSSDConfig/sssdoptions.py:513 +#: src/config/SSSDConfig/sssdoptions.py:514 msgid "Automatic smart refresh period" msgstr "Període d'actualització automàtica intel·ligent" -#: src/config/SSSDConfig/sssdoptions.py:514 +#: src/config/SSSDConfig/sssdoptions.py:515 msgid "Smart and full refresh random offset" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:515 +#: src/config/SSSDConfig/sssdoptions.py:516 msgid "Whether to filter rules by hostname, IP addresses and network" msgstr "Si es filtren les regles per nom d'amfitrió, adreça IP i xarxa" -#: src/config/SSSDConfig/sssdoptions.py:516 +#: src/config/SSSDConfig/sssdoptions.py:517 msgid "" "Hostnames and/or fully qualified domain names of this machine to filter sudo " "rules" @@ -1770,196 +1774,196 @@ msgstr "" "Noms d'amfitrió i/o noms de domini plenament qualificat d'aquesta màquina " "per filtrar les regles de sudo" -#: src/config/SSSDConfig/sssdoptions.py:517 +#: src/config/SSSDConfig/sssdoptions.py:518 msgid "IPv4 or IPv6 addresses or network of this machine to filter sudo rules" msgstr "" "Adreces IPv4 o IPv6 o xarxa d'aquesta màquina per filtrar regles de sudo" -#: src/config/SSSDConfig/sssdoptions.py:518 +#: src/config/SSSDConfig/sssdoptions.py:519 msgid "Whether to include rules that contains netgroup in host attribute" msgstr "" "Si s'inclouen les regles que contenen el grup de xarxa a l'atribut de " "l'amfitrió" -#: src/config/SSSDConfig/sssdoptions.py:519 +#: src/config/SSSDConfig/sssdoptions.py:520 msgid "" "Whether to include rules that contains regular expression in host attribute" msgstr "" "Si s'inclouen les regles que contenen expressions regulars a l'atribut de " "l'amfitrió" -#: src/config/SSSDConfig/sssdoptions.py:520 +#: src/config/SSSDConfig/sssdoptions.py:521 msgid "Object class for sudo rules" msgstr "Objectclass de les regles sudo" -#: src/config/SSSDConfig/sssdoptions.py:521 +#: src/config/SSSDConfig/sssdoptions.py:522 msgid "Name of attribute that is used as object class for sudo rules" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:522 +#: src/config/SSSDConfig/sssdoptions.py:523 msgid "Sudo rule name" msgstr "Nom de la regla sudo" -#: src/config/SSSDConfig/sssdoptions.py:523 +#: src/config/SSSDConfig/sssdoptions.py:524 msgid "Sudo rule command attribute" msgstr "Attribut command de la regla sudo" -#: src/config/SSSDConfig/sssdoptions.py:524 +#: src/config/SSSDConfig/sssdoptions.py:525 msgid "Sudo rule host attribute" msgstr "L'atribut host de la regla sudo" -#: src/config/SSSDConfig/sssdoptions.py:525 +#: src/config/SSSDConfig/sssdoptions.py:526 msgid "Sudo rule user attribute" msgstr "L'atribut user de la regla sudo" -#: src/config/SSSDConfig/sssdoptions.py:526 +#: src/config/SSSDConfig/sssdoptions.py:527 msgid "Sudo rule option attribute" msgstr "L'atribut option de la regla sudo" -#: src/config/SSSDConfig/sssdoptions.py:527 +#: src/config/SSSDConfig/sssdoptions.py:528 msgid "Sudo rule runas attribute" msgstr "L'atribut runas de la regla sudo" -#: src/config/SSSDConfig/sssdoptions.py:528 +#: src/config/SSSDConfig/sssdoptions.py:529 msgid "Sudo rule runasuser attribute" msgstr "L'atribut runasuser de la regla sudo" -#: src/config/SSSDConfig/sssdoptions.py:529 +#: src/config/SSSDConfig/sssdoptions.py:530 msgid "Sudo rule runasgroup attribute" msgstr "L'atribut runasgroup de la regla sudo" -#: src/config/SSSDConfig/sssdoptions.py:530 +#: src/config/SSSDConfig/sssdoptions.py:531 msgid "Sudo rule notbefore attribute" msgstr "L'atribut notbefore de la regla sudo" -#: src/config/SSSDConfig/sssdoptions.py:531 +#: src/config/SSSDConfig/sssdoptions.py:532 msgid "Sudo rule notafter attribute" msgstr "L'atribut notafter de la regla sudo" -#: src/config/SSSDConfig/sssdoptions.py:532 +#: src/config/SSSDConfig/sssdoptions.py:533 msgid "Sudo rule order attribute" msgstr "L'atribut order de la regla sudo" -#: src/config/SSSDConfig/sssdoptions.py:535 +#: src/config/SSSDConfig/sssdoptions.py:536 msgid "Object class for automounter maps" msgstr "Objectclass per a les assignacions de l'eina de muntatge automàtic" -#: src/config/SSSDConfig/sssdoptions.py:536 +#: src/config/SSSDConfig/sssdoptions.py:537 msgid "Automounter map name attribute" msgstr "L'atribut nom de l'assignació de l'eina de muntatge automàtic" -#: src/config/SSSDConfig/sssdoptions.py:537 +#: src/config/SSSDConfig/sssdoptions.py:538 msgid "Object class for automounter map entries" msgstr "" "Objectclass per a les entrades de les assignacions de l'eina de muntatge " "automàtic" -#: src/config/SSSDConfig/sssdoptions.py:538 +#: src/config/SSSDConfig/sssdoptions.py:539 msgid "Automounter map entry key attribute" msgstr "" "L'atribut clau d'entrada de l'assignació de l'eina de muntatge automàtic" -#: src/config/SSSDConfig/sssdoptions.py:539 +#: src/config/SSSDConfig/sssdoptions.py:540 msgid "Automounter map entry value attribute" msgstr "" "L'atribut valor de l'entrada de l'assignació l'eina de muntatge automàtic" -#: src/config/SSSDConfig/sssdoptions.py:540 +#: src/config/SSSDConfig/sssdoptions.py:541 msgid "Base DN for automounter map lookups" msgstr "" "DN base per a la recerca de l'assignació de l'eina de muntatge automàtic" -#: src/config/SSSDConfig/sssdoptions.py:541 +#: src/config/SSSDConfig/sssdoptions.py:542 msgid "The name of the automount master map in LDAP." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:544 +#: src/config/SSSDConfig/sssdoptions.py:545 msgid "Base DN for IP hosts lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:545 +#: src/config/SSSDConfig/sssdoptions.py:546 msgid "Object class for IP hosts" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:546 +#: src/config/SSSDConfig/sssdoptions.py:547 msgid "IP host name attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:547 +#: src/config/SSSDConfig/sssdoptions.py:548 msgid "IP host number (address) attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:548 +#: src/config/SSSDConfig/sssdoptions.py:549 msgid "IP host entryUSN attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:549 +#: src/config/SSSDConfig/sssdoptions.py:550 msgid "Base DN for IP networks lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:550 +#: src/config/SSSDConfig/sssdoptions.py:551 msgid "Object class for IP networks" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:551 +#: src/config/SSSDConfig/sssdoptions.py:552 msgid "IP network name attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:552 +#: src/config/SSSDConfig/sssdoptions.py:553 msgid "IP network number (address) attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:553 +#: src/config/SSSDConfig/sssdoptions.py:554 msgid "IP network entryUSN attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:556 +#: src/config/SSSDConfig/sssdoptions.py:557 msgid "Comma separated list of allowed users" msgstr "Llista separada per comes dels usuaris autoritzats" -#: src/config/SSSDConfig/sssdoptions.py:557 +#: src/config/SSSDConfig/sssdoptions.py:558 msgid "Comma separated list of prohibited users" msgstr "Llista separada per comes dels usuaris no autoritzats" -#: src/config/SSSDConfig/sssdoptions.py:558 +#: src/config/SSSDConfig/sssdoptions.py:559 msgid "" "Comma separated list of groups that are allowed to log in. This applies only " "to groups within this SSSD domain. Local groups are not evaluated." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:560 +#: src/config/SSSDConfig/sssdoptions.py:561 msgid "" "Comma separated list of groups that are explicitly denied access. This " "applies only to groups within this SSSD domain. Local groups are not " "evaluated." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:564 +#: src/config/SSSDConfig/sssdoptions.py:565 msgid "The number of preforked proxy children." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:567 +#: src/config/SSSDConfig/sssdoptions.py:568 msgid "The name of the NSS library to use" msgstr "El nom de la biblioteca NSS a utilitzar" -#: src/config/SSSDConfig/sssdoptions.py:568 +#: src/config/SSSDConfig/sssdoptions.py:569 msgid "The name of the NSS library to use for hosts and networks lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:569 +#: src/config/SSSDConfig/sssdoptions.py:570 msgid "Whether to look up canonical group name from cache if possible" msgstr "" "Si se cerca el nom del grup canònic des de la memòria cau, si és possible" -#: src/config/SSSDConfig/sssdoptions.py:572 +#: src/config/SSSDConfig/sssdoptions.py:573 msgid "PAM stack to use" msgstr "Pila PAM a utilitzar" -#: src/config/SSSDConfig/sssdoptions.py:575 +#: src/config/SSSDConfig/sssdoptions.py:576 msgid "Path of passwd file sources." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:576 +#: src/config/SSSDConfig/sssdoptions.py:577 msgid "Path of group file sources." msgstr "" @@ -2008,67 +2012,67 @@ msgstr "" msgid "SSSD is already running\n" msgstr "" -#: src/providers/krb5/krb5_child.c:4007 src/providers/ldap/ldap_child.c:641 +#: src/providers/krb5/krb5_child.c:4027 src/providers/ldap/ldap_child.c:642 msgid "Allow core dumps" msgstr "" -#: src/providers/krb5/krb5_child.c:4009 src/providers/ldap/ldap_child.c:643 +#: src/providers/krb5/krb5_child.c:4029 src/providers/ldap/ldap_child.c:644 msgid "An open file descriptor for the debug logs" msgstr "Un descriptor de fitxer obert pels registres de depuració" -#: src/providers/krb5/krb5_child.c:4012 +#: src/providers/krb5/krb5_child.c:4032 msgid "The user to create FAST ccache as" msgstr "L'usuari amb què es crea la ccache FAST" -#: src/providers/krb5/krb5_child.c:4014 +#: src/providers/krb5/krb5_child.c:4034 msgid "The group to create FAST ccache as" msgstr "El grup amb què es crea la ccache FAST" -#: src/providers/krb5/krb5_child.c:4016 +#: src/providers/krb5/krb5_child.c:4036 msgid "Use anonymous PKINIT to request FAST armor ticket" msgstr "" -#: src/providers/krb5/krb5_child.c:4018 +#: src/providers/krb5/krb5_child.c:4038 msgid "Kerberos realm to use" msgstr "" -#: src/providers/krb5/krb5_child.c:4020 +#: src/providers/krb5/krb5_child.c:4040 msgid "Requested lifetime of the ticket" msgstr "" -#: src/providers/krb5/krb5_child.c:4022 +#: src/providers/krb5/krb5_child.c:4042 msgid "Requested renewable lifetime of the ticket" msgstr "" -#: src/providers/krb5/krb5_child.c:4024 +#: src/providers/krb5/krb5_child.c:4044 msgid "FAST options ('never', 'try', 'demand')" msgstr "" -#: src/providers/krb5/krb5_child.c:4027 +#: src/providers/krb5/krb5_child.c:4047 msgid "Specifies the server principal to use for FAST" msgstr "" -#: src/providers/krb5/krb5_child.c:4029 +#: src/providers/krb5/krb5_child.c:4049 msgid "Requests canonicalization of the principal name" msgstr "" -#: src/providers/krb5/krb5_child.c:4031 +#: src/providers/krb5/krb5_child.c:4051 msgid "Use custom version of krb5_get_init_creds_password" msgstr "" -#: src/providers/krb5/krb5_child.c:4033 +#: src/providers/krb5/krb5_child.c:4053 msgid "Tevent chain ID used for logging purposes" msgstr "" -#: src/providers/krb5/krb5_child.c:4035 +#: src/providers/krb5/krb5_child.c:4055 msgid "Check PAC flags" msgstr "" -#: src/providers/krb5/krb5_child.c:4079 src/providers/ldap/ldap_child.c:669 +#: src/providers/krb5/krb5_child.c:4099 src/providers/ldap/ldap_child.c:670 msgid "talloc_asprintf failed.\n" msgstr "" -#: src/providers/krb5/krb5_child.c:4089 src/providers/ldap/ldap_child.c:678 +#: src/providers/krb5/krb5_child.c:4109 src/providers/ldap/ldap_child.c:679 msgid "set_debug_file_from_fd failed.\n" msgstr "" @@ -2112,57 +2116,63 @@ msgstr "Error inesperat en cercar una descripció de l'error" msgid "Permission denied. " msgstr "Permís denegat." -#: src/sss_client/pam_sss.c:70 src/sss_client/pam_sss.c:819 -#: src/sss_client/pam_sss.c:830 +#: src/sss_client/pam_sss.c:70 src/sss_client/pam_sss.c:838 +#: src/sss_client/pam_sss.c:849 msgid "Server message: " msgstr "Missatge del servidor: " #: src/sss_client/pam_sss.c:71 +msgid "" +"Kerberos TGT will not be granted upon login, user experience will be " +"affected." +msgstr "" + +#: src/sss_client/pam_sss.c:72 msgid "Enter PIN:" msgstr "" -#: src/sss_client/pam_sss.c:314 +#: src/sss_client/pam_sss.c:315 msgid "Passwords do not match" msgstr "Les contrasenyes no coincideixen" -#: src/sss_client/pam_sss.c:502 +#: src/sss_client/pam_sss.c:503 msgid "Password reset by root is not supported." msgstr "No s'admet el restabliment de la contrasenya pel root." -#: src/sss_client/pam_sss.c:543 +#: src/sss_client/pam_sss.c:544 msgid "Authenticated with cached credentials" msgstr "S'ha autenticat amb credencials de la memòria cau" -#: src/sss_client/pam_sss.c:544 +#: src/sss_client/pam_sss.c:545 msgid ", your cached password will expire at: " msgstr ", la vostra contrasenya en memòria cau vencerà el: " -#: src/sss_client/pam_sss.c:574 +#: src/sss_client/pam_sss.c:575 #, c-format msgid "Your password has expired. You have %1$d grace login(s) remaining." msgstr "" "La vostra contrasenya ha vençut. Teniu %1$d inicis de sessió restants de " "cortesia." -#: src/sss_client/pam_sss.c:624 +#: src/sss_client/pam_sss.c:625 #, c-format msgid "Your password will expire in %1$d %2$s." msgstr "La vostra contrasenya vencerà en %1$d %2$s." -#: src/sss_client/pam_sss.c:627 +#: src/sss_client/pam_sss.c:628 #, fuzzy, c-format msgid "Your password has expired." msgstr "La vostra contrasenya vencerà en %1$d %2$s." -#: src/sss_client/pam_sss.c:678 +#: src/sss_client/pam_sss.c:679 msgid "Authentication is denied until: " msgstr "S'ha denegat l'autenticació fins: " -#: src/sss_client/pam_sss.c:699 +#: src/sss_client/pam_sss.c:700 msgid "System is offline, password change not possible" msgstr "El sistema està desconnectat, el canvi de contrasenya no és possible" -#: src/sss_client/pam_sss.c:714 +#: src/sss_client/pam_sss.c:715 msgid "" "After changing the OTP password, you need to log out and back in order to " "acquire a ticket" @@ -2170,65 +2180,71 @@ msgstr "" "Després de canviar la contrasenya OTP, heu de tancar la sessió i tornar-la a " "iniciar per tal d'adquirir un tiquet" -#: src/sss_client/pam_sss.c:729 +#: src/sss_client/pam_sss.c:730 msgid "PIN locked" msgstr "" -#: src/sss_client/pam_sss.c:816 src/sss_client/pam_sss.c:829 +#: src/sss_client/pam_sss.c:745 +msgid "" +"No Kerberos TGT granted as the server does not support this method. Your " +"single-sign on(SSO) experience will be affected." +msgstr "" + +#: src/sss_client/pam_sss.c:835 src/sss_client/pam_sss.c:848 msgid "Password change failed. " msgstr "Ha fallat el canvi de contrasenya." -#: src/sss_client/pam_sss.c:1797 +#: src/sss_client/pam_sss.c:1819 #, c-format msgid "Authenticate at %1$s and press ENTER." msgstr "" -#: src/sss_client/pam_sss.c:1800 +#: src/sss_client/pam_sss.c:1822 #, c-format msgid "Authenticate with PIN %1$s at %2$s and press ENTER." msgstr "" -#: src/sss_client/pam_sss.c:2153 +#: src/sss_client/pam_sss.c:2181 msgid "Please (re)insert (different) Smartcard" msgstr "" -#: src/sss_client/pam_sss.c:2352 +#: src/sss_client/pam_sss.c:2380 msgid "New Password: " msgstr "Nova contrasenya: " -#: src/sss_client/pam_sss.c:2353 +#: src/sss_client/pam_sss.c:2381 msgid "Reenter new Password: " msgstr "Torneu a introduir la nova contrasenya: " -#: src/sss_client/pam_sss.c:2523 src/sss_client/pam_sss.c:2526 +#: src/sss_client/pam_sss.c:2551 src/sss_client/pam_sss.c:2554 msgid "First Factor: " msgstr "Primer factor:" -#: src/sss_client/pam_sss.c:2524 src/sss_client/pam_sss.c:2707 +#: src/sss_client/pam_sss.c:2552 src/sss_client/pam_sss.c:2740 msgid "Second Factor (optional): " msgstr "" -#: src/sss_client/pam_sss.c:2527 src/sss_client/pam_sss.c:2710 +#: src/sss_client/pam_sss.c:2555 src/sss_client/pam_sss.c:2743 msgid "Second Factor: " msgstr "Segon factor:" -#: src/sss_client/pam_sss.c:2547 +#: src/sss_client/pam_sss.c:2575 msgid "Insert your passkey device, then press ENTER." msgstr "" -#: src/sss_client/pam_sss.c:2551 src/sss_client/pam_sss.c:2554 +#: src/sss_client/pam_sss.c:2579 src/sss_client/pam_sss.c:2587 msgid "Password: " msgstr "Contrasenya: " -#: src/sss_client/pam_sss.c:2706 src/sss_client/pam_sss.c:2709 +#: src/sss_client/pam_sss.c:2739 src/sss_client/pam_sss.c:2742 msgid "First Factor (Current Password): " msgstr "" -#: src/sss_client/pam_sss.c:2713 +#: src/sss_client/pam_sss.c:2746 msgid "Current Password: " msgstr "Contrasenya actual: " -#: src/sss_client/pam_sss.c:3070 +#: src/sss_client/pam_sss.c:3103 msgid "Password expired. Change your password now." msgstr "La contrasenya ha vençut. Canvieu ara la vostra contrasenya." diff --git a/po/cs.po b/po/cs.po index 18776669686..d68396f9c8a 100644 --- a/po/cs.po +++ b/po/cs.po @@ -6,7 +6,7 @@ msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" -"POT-Creation-Date: 2023-05-05 10:11+0200\n" +"POT-Creation-Date: 2023-09-07 11:48+0200\n" "PO-Revision-Date: 2023-04-08 20:20+0000\n" "Last-Translator: Pavel Borecki \n" "Language-Team: Czech , je třeba, aby bylo root\n" msgid "SSSD is already running\n" msgstr "SSSD už je spuštěné\n" -#: src/providers/krb5/krb5_child.c:4007 src/providers/ldap/ldap_child.c:641 +#: src/providers/krb5/krb5_child.c:4027 src/providers/ldap/ldap_child.c:642 msgid "Allow core dumps" msgstr "Povolit diagnostické zapisování obsahu paměti" -#: src/providers/krb5/krb5_child.c:4009 src/providers/ldap/ldap_child.c:643 +#: src/providers/krb5/krb5_child.c:4029 src/providers/ldap/ldap_child.c:644 msgid "An open file descriptor for the debug logs" msgstr "Otevřený popisovač souboru pro záznam ladících informací" -#: src/providers/krb5/krb5_child.c:4012 +#: src/providers/krb5/krb5_child.c:4032 msgid "The user to create FAST ccache as" msgstr "Uživatel pod kterým vytvořit FAST ccache" -#: src/providers/krb5/krb5_child.c:4014 +#: src/providers/krb5/krb5_child.c:4034 msgid "The group to create FAST ccache as" msgstr "Skupina pod kterou vytvořit FAST ccache" -#: src/providers/krb5/krb5_child.c:4016 +#: src/providers/krb5/krb5_child.c:4036 msgid "Use anonymous PKINIT to request FAST armor ticket" msgstr "K vyžádání FAST chráněného tiketu použít anonymní PKINIT" -#: src/providers/krb5/krb5_child.c:4018 +#: src/providers/krb5/krb5_child.c:4038 msgid "Kerberos realm to use" msgstr "Kerberos oblast (realm) kterou použít" -#: src/providers/krb5/krb5_child.c:4020 +#: src/providers/krb5/krb5_child.c:4040 msgid "Requested lifetime of the ticket" msgstr "Požadovaná životnost lístku" -#: src/providers/krb5/krb5_child.c:4022 +#: src/providers/krb5/krb5_child.c:4042 msgid "Requested renewable lifetime of the ticket" msgstr "Požadovaná obnovitelná životnosti lístku" -#: src/providers/krb5/krb5_child.c:4024 +#: src/providers/krb5/krb5_child.c:4044 msgid "FAST options ('never', 'try', 'demand')" msgstr "FAST volby („never“, „try“, „demand“)" -#: src/providers/krb5/krb5_child.c:4027 +#: src/providers/krb5/krb5_child.c:4047 msgid "Specifies the server principal to use for FAST" msgstr "Určuje principal serveru které použít pro FAST" -#: src/providers/krb5/krb5_child.c:4029 +#: src/providers/krb5/krb5_child.c:4049 msgid "Requests canonicalization of the principal name" msgstr "Požaduje kanonizaci názvu principalu" -#: src/providers/krb5/krb5_child.c:4031 +#: src/providers/krb5/krb5_child.c:4051 msgid "Use custom version of krb5_get_init_creds_password" msgstr "Použít uživatelsky určenou verzi krb5_get_init_creds_password" -#: src/providers/krb5/krb5_child.c:4033 +#: src/providers/krb5/krb5_child.c:4053 msgid "Tevent chain ID used for logging purposes" msgstr "Identifikátor Tevent řetězce použitého pro účely přihlašování se" -#: src/providers/krb5/krb5_child.c:4035 +#: src/providers/krb5/krb5_child.c:4055 msgid "Check PAC flags" msgstr "Zkontrolovat PAC příznaky" -#: src/providers/krb5/krb5_child.c:4079 src/providers/ldap/ldap_child.c:669 +#: src/providers/krb5/krb5_child.c:4099 src/providers/ldap/ldap_child.c:670 msgid "talloc_asprintf failed.\n" msgstr "talloc_asprintf se nezdařilo.\n" -#: src/providers/krb5/krb5_child.c:4089 src/providers/ldap/ldap_child.c:678 +#: src/providers/krb5/krb5_child.c:4109 src/providers/ldap/ldap_child.c:679 msgid "set_debug_file_from_fd failed.\n" msgstr "set_debug_file_from_fd se nezdařilo.\n" @@ -2144,124 +2148,136 @@ msgstr "Neočekávaná chyba při hledání popisu chyby" msgid "Permission denied. " msgstr "Přístup odepřen. " -#: src/sss_client/pam_sss.c:70 src/sss_client/pam_sss.c:819 -#: src/sss_client/pam_sss.c:830 +#: src/sss_client/pam_sss.c:70 src/sss_client/pam_sss.c:838 +#: src/sss_client/pam_sss.c:849 msgid "Server message: " msgstr "Zpráva ze serveru: " #: src/sss_client/pam_sss.c:71 +msgid "" +"Kerberos TGT will not be granted upon login, user experience will be " +"affected." +msgstr "" + +#: src/sss_client/pam_sss.c:72 msgid "Enter PIN:" msgstr "" # auto translated by TM merge from project: FreeIPA, version: ipa-4-5, DocId: # po/ipa -#: src/sss_client/pam_sss.c:314 +#: src/sss_client/pam_sss.c:315 msgid "Passwords do not match" msgstr "Zadání hesla se neshodují" -#: src/sss_client/pam_sss.c:502 +#: src/sss_client/pam_sss.c:503 msgid "Password reset by root is not supported." msgstr "Reset hesla správcem není podporován." -#: src/sss_client/pam_sss.c:543 +#: src/sss_client/pam_sss.c:544 msgid "Authenticated with cached credentials" msgstr "Přihlášeni přihlašovacími údaji z mezipaměti" -#: src/sss_client/pam_sss.c:544 +#: src/sss_client/pam_sss.c:545 msgid ", your cached password will expire at: " msgstr ", platnost mezipaměti hesel skončí v: " -#: src/sss_client/pam_sss.c:574 +#: src/sss_client/pam_sss.c:575 #, c-format msgid "Your password has expired. You have %1$d grace login(s) remaining." msgstr "Platnost vašeho hesla skončila. Zbývá vám %1$d přihlášení." -#: src/sss_client/pam_sss.c:624 +#: src/sss_client/pam_sss.c:625 #, c-format msgid "Your password will expire in %1$d %2$s." msgstr "Platnost vašeho hesla skončí v %1$d %2$s." -#: src/sss_client/pam_sss.c:627 +#: src/sss_client/pam_sss.c:628 #, fuzzy, c-format msgid "Your password has expired." msgstr "Platnost vašeho hesla skončí v %1$d %2$s." -#: src/sss_client/pam_sss.c:678 +#: src/sss_client/pam_sss.c:679 msgid "Authentication is denied until: " msgstr "Ověření odepřeno do: " -#: src/sss_client/pam_sss.c:699 +#: src/sss_client/pam_sss.c:700 msgid "System is offline, password change not possible" msgstr "Systém není dostupný, změna hesla není možná" -#: src/sss_client/pam_sss.c:714 +#: src/sss_client/pam_sss.c:715 msgid "" "After changing the OTP password, you need to log out and back in order to " "acquire a ticket" msgstr "" "Po změně OTP hesla, je třeba se odhlásit/přihlásit aby byl získán lístek" -#: src/sss_client/pam_sss.c:729 +#: src/sss_client/pam_sss.c:730 msgid "PIN locked" msgstr "Uzamčeno PIN" -#: src/sss_client/pam_sss.c:816 src/sss_client/pam_sss.c:829 +#: src/sss_client/pam_sss.c:745 +msgid "" +"No Kerberos TGT granted as the server does not support this method. Your " +"single-sign on(SSO) experience will be affected." +msgstr "" + +#: src/sss_client/pam_sss.c:835 src/sss_client/pam_sss.c:848 msgid "Password change failed. " msgstr "Změna hesla se nezdařila. " -#: src/sss_client/pam_sss.c:1797 +#: src/sss_client/pam_sss.c:1819 #, c-format msgid "Authenticate at %1$s and press ENTER." msgstr "Ověřit na %1$s a stisknout ENTER." -#: src/sss_client/pam_sss.c:1800 +#: src/sss_client/pam_sss.c:1822 #, c-format msgid "Authenticate with PIN %1$s at %2$s and press ENTER." msgstr "Ověřte se PIN kódem %1$s na %2$s a stiskněte Enter." -#: src/sss_client/pam_sss.c:2153 +#: src/sss_client/pam_sss.c:2181 msgid "Please (re)insert (different) Smartcard" msgstr "(Znovu) vložte (jinou?) Smartcard kartu" -#: src/sss_client/pam_sss.c:2352 +#: src/sss_client/pam_sss.c:2380 msgid "New Password: " msgstr "Nové heslo: " -#: src/sss_client/pam_sss.c:2353 +#: src/sss_client/pam_sss.c:2381 msgid "Reenter new Password: " msgstr "Zopakování nového hesla: " -#: src/sss_client/pam_sss.c:2523 src/sss_client/pam_sss.c:2526 +#: src/sss_client/pam_sss.c:2551 src/sss_client/pam_sss.c:2554 msgid "First Factor: " msgstr "Hlavní faktor: " -#: src/sss_client/pam_sss.c:2524 src/sss_client/pam_sss.c:2707 +#: src/sss_client/pam_sss.c:2552 src/sss_client/pam_sss.c:2740 msgid "Second Factor (optional): " msgstr "Druhý faktor (volitelné): " -#: src/sss_client/pam_sss.c:2527 src/sss_client/pam_sss.c:2710 +#: src/sss_client/pam_sss.c:2555 src/sss_client/pam_sss.c:2743 msgid "Second Factor: " msgstr "Druhý faktor: " -#: src/sss_client/pam_sss.c:2547 +#: src/sss_client/pam_sss.c:2575 msgid "Insert your passkey device, then press ENTER." msgstr "" # auto translated by TM merge from project: anaconda, version: f25, DocId: # main -#: src/sss_client/pam_sss.c:2551 src/sss_client/pam_sss.c:2554 +#: src/sss_client/pam_sss.c:2579 src/sss_client/pam_sss.c:2587 msgid "Password: " msgstr "Heslo: " -#: src/sss_client/pam_sss.c:2706 src/sss_client/pam_sss.c:2709 +#: src/sss_client/pam_sss.c:2739 src/sss_client/pam_sss.c:2742 msgid "First Factor (Current Password): " msgstr "Hlavní faktor (stávající heslo): " -#: src/sss_client/pam_sss.c:2713 +#: src/sss_client/pam_sss.c:2746 msgid "Current Password: " msgstr "Stávající heslo: " -#: src/sss_client/pam_sss.c:3070 +#: src/sss_client/pam_sss.c:3103 msgid "Password expired. Change your password now." msgstr "Platnost hesla skončila. Změňte si ho." diff --git a/po/de.po b/po/de.po index c5baf4ae669..b646d599583 100644 --- a/po/de.po +++ b/po/de.po @@ -13,7 +13,7 @@ msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" -"POT-Creation-Date: 2023-05-05 10:11+0200\n" +"POT-Creation-Date: 2023-09-07 11:48+0200\n" "PO-Revision-Date: 2022-07-01 09:40+0000\n" "Last-Translator: Joachim Philipp \n" "Language-Team: German \n" "Language-Team: Spanish , debe ser root\n" msgid "SSSD is already running\n" msgstr "SSSD ya está corriendo\n" -#: src/providers/krb5/krb5_child.c:4007 src/providers/ldap/ldap_child.c:641 +#: src/providers/krb5/krb5_child.c:4027 src/providers/ldap/ldap_child.c:642 msgid "Allow core dumps" msgstr "" -#: src/providers/krb5/krb5_child.c:4009 src/providers/ldap/ldap_child.c:643 +#: src/providers/krb5/krb5_child.c:4029 src/providers/ldap/ldap_child.c:644 msgid "An open file descriptor for the debug logs" msgstr "Un arhivo abierto de descriptor para los registros de depuración" -#: src/providers/krb5/krb5_child.c:4012 +#: src/providers/krb5/krb5_child.c:4032 msgid "The user to create FAST ccache as" msgstr "El usuario para crear FAST ccache como" -#: src/providers/krb5/krb5_child.c:4014 +#: src/providers/krb5/krb5_child.c:4034 msgid "The group to create FAST ccache as" msgstr "El grupo para crear FAST ccache como" -#: src/providers/krb5/krb5_child.c:4016 +#: src/providers/krb5/krb5_child.c:4036 msgid "Use anonymous PKINIT to request FAST armor ticket" msgstr "" -#: src/providers/krb5/krb5_child.c:4018 +#: src/providers/krb5/krb5_child.c:4038 msgid "Kerberos realm to use" msgstr "Reino Kerberos a usar" -#: src/providers/krb5/krb5_child.c:4020 +#: src/providers/krb5/krb5_child.c:4040 msgid "Requested lifetime of the ticket" msgstr "Tiempo de vida pedido del ticket" -#: src/providers/krb5/krb5_child.c:4022 +#: src/providers/krb5/krb5_child.c:4042 msgid "Requested renewable lifetime of the ticket" msgstr "Teimpo de vida renovable pedido del ticket" -#: src/providers/krb5/krb5_child.c:4024 +#: src/providers/krb5/krb5_child.c:4044 msgid "FAST options ('never', 'try', 'demand')" msgstr "Opciones FAST ('never', 'try', 'demand')" -#: src/providers/krb5/krb5_child.c:4027 +#: src/providers/krb5/krb5_child.c:4047 msgid "Specifies the server principal to use for FAST" msgstr "Especifica el servidor principal a usar por FAST" -#: src/providers/krb5/krb5_child.c:4029 +#: src/providers/krb5/krb5_child.c:4049 msgid "Requests canonicalization of the principal name" msgstr "Solicita la canonización del nombre principal" -#: src/providers/krb5/krb5_child.c:4031 +#: src/providers/krb5/krb5_child.c:4051 msgid "Use custom version of krb5_get_init_creds_password" msgstr "Usar versión personal de krb5_get_init_creds_password" -#: src/providers/krb5/krb5_child.c:4033 +#: src/providers/krb5/krb5_child.c:4053 msgid "Tevent chain ID used for logging purposes" msgstr "" -#: src/providers/krb5/krb5_child.c:4035 +#: src/providers/krb5/krb5_child.c:4055 msgid "Check PAC flags" msgstr "" -#: src/providers/krb5/krb5_child.c:4079 src/providers/ldap/ldap_child.c:669 +#: src/providers/krb5/krb5_child.c:4099 src/providers/ldap/ldap_child.c:670 msgid "talloc_asprintf failed.\n" msgstr "talloc_asprintf falló.\n" -#: src/providers/krb5/krb5_child.c:4089 src/providers/ldap/ldap_child.c:678 +#: src/providers/krb5/krb5_child.c:4109 src/providers/ldap/ldap_child.c:679 msgid "set_debug_file_from_fd failed.\n" msgstr "set_debug_file_from_fd falló.\n" @@ -2209,55 +2213,61 @@ msgstr "" msgid "Permission denied. " msgstr "Permiso denegado." -#: src/sss_client/pam_sss.c:70 src/sss_client/pam_sss.c:819 -#: src/sss_client/pam_sss.c:830 +#: src/sss_client/pam_sss.c:70 src/sss_client/pam_sss.c:838 +#: src/sss_client/pam_sss.c:849 msgid "Server message: " msgstr "Mensaje del servidor:" #: src/sss_client/pam_sss.c:71 +msgid "" +"Kerberos TGT will not be granted upon login, user experience will be " +"affected." +msgstr "" + +#: src/sss_client/pam_sss.c:72 msgid "Enter PIN:" msgstr "" -#: src/sss_client/pam_sss.c:314 +#: src/sss_client/pam_sss.c:315 msgid "Passwords do not match" msgstr "Las contraseñas no coinciden" -#: src/sss_client/pam_sss.c:502 +#: src/sss_client/pam_sss.c:503 msgid "Password reset by root is not supported." msgstr "No existe soporte para reseteado de la contraseña por el usuario root." -#: src/sss_client/pam_sss.c:543 +#: src/sss_client/pam_sss.c:544 msgid "Authenticated with cached credentials" msgstr "Autenticado mediante credenciales cacheada" -#: src/sss_client/pam_sss.c:544 +#: src/sss_client/pam_sss.c:545 msgid ", your cached password will expire at: " msgstr ", su contraseña cacheada vencerá el:" -#: src/sss_client/pam_sss.c:574 +#: src/sss_client/pam_sss.c:575 #, c-format msgid "Your password has expired. You have %1$d grace login(s) remaining." msgstr "Su contraseña ha expirado. Usted tiene %1$d accesos restantes." -#: src/sss_client/pam_sss.c:624 +#: src/sss_client/pam_sss.c:625 #, c-format msgid "Your password will expire in %1$d %2$s." msgstr "Su contraseña expirará en %1$d %2$s." -#: src/sss_client/pam_sss.c:627 +#: src/sss_client/pam_sss.c:628 #, fuzzy, c-format msgid "Your password has expired." msgstr "Su contraseña expirará en %1$d %2$s." -#: src/sss_client/pam_sss.c:678 +#: src/sss_client/pam_sss.c:679 msgid "Authentication is denied until: " msgstr "La autenticación ha sido denegada hasta:" -#: src/sss_client/pam_sss.c:699 +#: src/sss_client/pam_sss.c:700 msgid "System is offline, password change not possible" msgstr "El sistema está fuera de línea, no se puede cambiar la contraseña" -#: src/sss_client/pam_sss.c:714 +#: src/sss_client/pam_sss.c:715 msgid "" "After changing the OTP password, you need to log out and back in order to " "acquire a ticket" @@ -2265,65 +2275,71 @@ msgstr "" "Después de cambiar la contraseña OTP, usted debe salir y volver a entrar con " "el objetivo de fijarla" -#: src/sss_client/pam_sss.c:729 +#: src/sss_client/pam_sss.c:730 msgid "PIN locked" msgstr "" -#: src/sss_client/pam_sss.c:816 src/sss_client/pam_sss.c:829 +#: src/sss_client/pam_sss.c:745 +msgid "" +"No Kerberos TGT granted as the server does not support this method. Your " +"single-sign on(SSO) experience will be affected." +msgstr "" + +#: src/sss_client/pam_sss.c:835 src/sss_client/pam_sss.c:848 msgid "Password change failed. " msgstr "Falló el cambio de contraseña." -#: src/sss_client/pam_sss.c:1797 +#: src/sss_client/pam_sss.c:1819 #, c-format msgid "Authenticate at %1$s and press ENTER." msgstr "" -#: src/sss_client/pam_sss.c:1800 +#: src/sss_client/pam_sss.c:1822 #, c-format msgid "Authenticate with PIN %1$s at %2$s and press ENTER." msgstr "" -#: src/sss_client/pam_sss.c:2153 +#: src/sss_client/pam_sss.c:2181 msgid "Please (re)insert (different) Smartcard" msgstr "" -#: src/sss_client/pam_sss.c:2352 +#: src/sss_client/pam_sss.c:2380 msgid "New Password: " msgstr "Nueva contraseña: " -#: src/sss_client/pam_sss.c:2353 +#: src/sss_client/pam_sss.c:2381 msgid "Reenter new Password: " msgstr "Reingrese la contraseña nueva:" -#: src/sss_client/pam_sss.c:2523 src/sss_client/pam_sss.c:2526 +#: src/sss_client/pam_sss.c:2551 src/sss_client/pam_sss.c:2554 msgid "First Factor: " msgstr "Primer Factor: " -#: src/sss_client/pam_sss.c:2524 src/sss_client/pam_sss.c:2707 +#: src/sss_client/pam_sss.c:2552 src/sss_client/pam_sss.c:2740 msgid "Second Factor (optional): " msgstr "Segundo Factor (opcional): " -#: src/sss_client/pam_sss.c:2527 src/sss_client/pam_sss.c:2710 +#: src/sss_client/pam_sss.c:2555 src/sss_client/pam_sss.c:2743 msgid "Second Factor: " msgstr "Segundo Factor:" -#: src/sss_client/pam_sss.c:2547 +#: src/sss_client/pam_sss.c:2575 msgid "Insert your passkey device, then press ENTER." msgstr "" -#: src/sss_client/pam_sss.c:2551 src/sss_client/pam_sss.c:2554 +#: src/sss_client/pam_sss.c:2579 src/sss_client/pam_sss.c:2587 msgid "Password: " msgstr "Contraseña: " -#: src/sss_client/pam_sss.c:2706 src/sss_client/pam_sss.c:2709 +#: src/sss_client/pam_sss.c:2739 src/sss_client/pam_sss.c:2742 msgid "First Factor (Current Password): " msgstr "Primer Factor (Contraseña Actual): " -#: src/sss_client/pam_sss.c:2713 +#: src/sss_client/pam_sss.c:2746 msgid "Current Password: " msgstr "Contraseña actual: " -#: src/sss_client/pam_sss.c:3070 +#: src/sss_client/pam_sss.c:3103 msgid "Password expired. Change your password now." msgstr "La contraseña ha expirado. Modifíquela en este preciso momento." diff --git a/po/eu.po b/po/eu.po index 5c0e22d6652..733a1b3425b 100644 --- a/po/eu.po +++ b/po/eu.po @@ -8,7 +8,7 @@ msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" -"POT-Creation-Date: 2023-05-05 10:11+0200\n" +"POT-Creation-Date: 2023-09-07 11:48+0200\n" "PO-Revision-Date: 2014-12-14 11:45-0500\n" "Last-Translator: Copied by Zanata \n" "Language-Team: Basque (http://www.transifex.com/projects/p/sssd/language/" @@ -588,12 +588,12 @@ msgid "Whether to automatically update the client's DNS entry" msgstr "" #: src/config/SSSDConfig/sssdoptions.py:201 -#: src/config/SSSDConfig/sssdoptions.py:233 +#: src/config/SSSDConfig/sssdoptions.py:234 msgid "The TTL to apply to the client's DNS entry after updating it" msgstr "" #: src/config/SSSDConfig/sssdoptions.py:202 -#: src/config/SSSDConfig/sssdoptions.py:234 +#: src/config/SSSDConfig/sssdoptions.py:235 msgid "The interface whose IP should be used for dynamic DNS updates" msgstr "" @@ -677,1162 +677,1166 @@ msgid "" "(long term password) must have to be saved as SHA512 hash into the cache." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:228 +#: src/config/SSSDConfig/sssdoptions.py:226 +msgid "Local authentication methods policy " +msgstr "" + +#: src/config/SSSDConfig/sssdoptions.py:229 msgid "IPA domain" msgstr "IPA domeinua" -#: src/config/SSSDConfig/sssdoptions.py:229 +#: src/config/SSSDConfig/sssdoptions.py:230 msgid "IPA server address" msgstr "IPA zerbitzariaren helbidea" -#: src/config/SSSDConfig/sssdoptions.py:230 +#: src/config/SSSDConfig/sssdoptions.py:231 msgid "Address of backup IPA server" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:231 +#: src/config/SSSDConfig/sssdoptions.py:232 msgid "IPA client hostname" msgstr "IPA bezeroaren ostalari-izena" -#: src/config/SSSDConfig/sssdoptions.py:232 +#: src/config/SSSDConfig/sssdoptions.py:233 msgid "Whether to automatically update the client's DNS entry in FreeIPA" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:235 +#: src/config/SSSDConfig/sssdoptions.py:236 msgid "Search base for HBAC related objects" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:236 +#: src/config/SSSDConfig/sssdoptions.py:237 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:237 +#: src/config/SSSDConfig/sssdoptions.py:238 msgid "" "The amount of time in seconds between lookups of the SELinux maps against " "the IPA server" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:239 +#: src/config/SSSDConfig/sssdoptions.py:240 msgid "If set to false, host argument given by PAM will be ignored" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:240 +#: src/config/SSSDConfig/sssdoptions.py:241 msgid "The automounter location this IPA client is using" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:241 +#: src/config/SSSDConfig/sssdoptions.py:242 msgid "Search base for object containing info about IPA domain" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:242 +#: src/config/SSSDConfig/sssdoptions.py:243 msgid "Search base for objects containing info about ID ranges" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:243 -#: src/config/SSSDConfig/sssdoptions.py:299 +#: src/config/SSSDConfig/sssdoptions.py:244 +#: src/config/SSSDConfig/sssdoptions.py:300 msgid "Enable DNS sites - location based service discovery" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:244 +#: src/config/SSSDConfig/sssdoptions.py:245 msgid "Search base for view containers" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:245 +#: src/config/SSSDConfig/sssdoptions.py:246 msgid "Objectclass for view containers" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:246 +#: src/config/SSSDConfig/sssdoptions.py:247 msgid "Attribute with the name of the view" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:247 +#: src/config/SSSDConfig/sssdoptions.py:248 msgid "Objectclass for override objects" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:248 +#: src/config/SSSDConfig/sssdoptions.py:249 msgid "Attribute with the reference to the original object" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:249 +#: src/config/SSSDConfig/sssdoptions.py:250 msgid "Objectclass for user override objects" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:250 +#: src/config/SSSDConfig/sssdoptions.py:251 msgid "Objectclass for group override objects" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:251 +#: src/config/SSSDConfig/sssdoptions.py:252 msgid "Search base for Desktop Profile related objects" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:252 +#: src/config/SSSDConfig/sssdoptions.py:253 msgid "" "The amount of time in seconds between lookups of the Desktop Profile rules " "against the IPA server" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:254 +#: src/config/SSSDConfig/sssdoptions.py:255 msgid "" "The amount of time in minutes between lookups of Desktop Profiles rules " "against the IPA server when the last request did not find any rule" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:257 +#: src/config/SSSDConfig/sssdoptions.py:258 msgid "Search base for SUBID ranges" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:258 -#: src/config/SSSDConfig/sssdoptions.py:501 +#: src/config/SSSDConfig/sssdoptions.py:259 +#: src/config/SSSDConfig/sssdoptions.py:502 msgid "Which rules should be used to evaluate access control" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:259 +#: src/config/SSSDConfig/sssdoptions.py:260 msgid "The LDAP attribute that contains FQDN of the host." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:260 -#: src/config/SSSDConfig/sssdoptions.py:283 +#: src/config/SSSDConfig/sssdoptions.py:261 +#: src/config/SSSDConfig/sssdoptions.py:284 msgid "The object class of a host entry in LDAP." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:261 +#: src/config/SSSDConfig/sssdoptions.py:262 msgid "Use the given string as search base for host objects." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:262 +#: src/config/SSSDConfig/sssdoptions.py:263 msgid "The LDAP attribute that contains the host's SSH public keys." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:263 +#: src/config/SSSDConfig/sssdoptions.py:264 msgid "The LDAP attribute that contains NIS domain name of the netgroup." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:264 +#: src/config/SSSDConfig/sssdoptions.py:265 msgid "The LDAP attribute that contains the names of the netgroup's members." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:265 +#: src/config/SSSDConfig/sssdoptions.py:266 msgid "" "The LDAP attribute that lists FQDNs of hosts and host groups that are " "members of the netgroup." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:267 +#: src/config/SSSDConfig/sssdoptions.py:268 msgid "" "The LDAP attribute that lists hosts and host groups that are direct members " "of the netgroup." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:269 +#: src/config/SSSDConfig/sssdoptions.py:270 msgid "The LDAP attribute that lists netgroup's memberships." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:270 +#: src/config/SSSDConfig/sssdoptions.py:271 msgid "" "The LDAP attribute that lists system users and groups that are direct " "members of the netgroup." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:272 +#: src/config/SSSDConfig/sssdoptions.py:273 msgid "The LDAP attribute that corresponds to the netgroup name." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:273 +#: src/config/SSSDConfig/sssdoptions.py:274 msgid "The object class of a netgroup entry in LDAP." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:274 +#: src/config/SSSDConfig/sssdoptions.py:275 msgid "" "The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:275 +#: src/config/SSSDConfig/sssdoptions.py:276 msgid "" "The LDAP attribute that contains whether or not is user map enabled for " "usage." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:277 +#: src/config/SSSDConfig/sssdoptions.py:278 msgid "The LDAP attribute that contains host category such as 'all'." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:278 +#: src/config/SSSDConfig/sssdoptions.py:279 msgid "" "The LDAP attribute that contains all hosts / hostgroups this rule match " "against." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:280 +#: src/config/SSSDConfig/sssdoptions.py:281 msgid "" "The LDAP attribute that contains all users / groups this rule match against." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:282 +#: src/config/SSSDConfig/sssdoptions.py:283 msgid "The LDAP attribute that contains the name of SELinux usermap." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:284 +#: src/config/SSSDConfig/sssdoptions.py:285 msgid "" "The LDAP attribute that contains DN of HBAC rule which can be used for " "matching instead of memberUser and memberHost." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:286 +#: src/config/SSSDConfig/sssdoptions.py:287 msgid "The LDAP attribute that contains SELinux user string itself." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:287 +#: src/config/SSSDConfig/sssdoptions.py:288 msgid "The LDAP attribute that contains user category such as 'all'." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:288 +#: src/config/SSSDConfig/sssdoptions.py:289 msgid "The LDAP attribute that contains unique ID of the user map." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:289 +#: src/config/SSSDConfig/sssdoptions.py:290 msgid "" "The option denotes that the SSSD is running on IPA server and should perform " "lookups of users and groups from trusted domains differently." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:291 +#: src/config/SSSDConfig/sssdoptions.py:292 msgid "Use the given string as search base for trusted domains." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:294 +#: src/config/SSSDConfig/sssdoptions.py:295 msgid "Active Directory domain" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:295 +#: src/config/SSSDConfig/sssdoptions.py:296 msgid "Enabled Active Directory domains" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:296 +#: src/config/SSSDConfig/sssdoptions.py:297 msgid "Active Directory server address" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:297 +#: src/config/SSSDConfig/sssdoptions.py:298 msgid "Active Directory backup server address" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:298 +#: src/config/SSSDConfig/sssdoptions.py:299 msgid "Active Directory client hostname" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:300 -#: src/config/SSSDConfig/sssdoptions.py:499 +#: src/config/SSSDConfig/sssdoptions.py:301 +#: src/config/SSSDConfig/sssdoptions.py:500 msgid "LDAP filter to determine access privileges" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:301 +#: src/config/SSSDConfig/sssdoptions.py:302 msgid "Whether to use the Global Catalog for lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:302 +#: src/config/SSSDConfig/sssdoptions.py:303 msgid "Operation mode for GPO-based access control" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:303 +#: src/config/SSSDConfig/sssdoptions.py:304 msgid "" "The amount of time between lookups of the GPO policy files against the AD " "server" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:304 +#: src/config/SSSDConfig/sssdoptions.py:305 msgid "" "PAM service names that map to the GPO (Deny)InteractiveLogonRight policy " "settings" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:306 +#: src/config/SSSDConfig/sssdoptions.py:307 msgid "" "PAM service names that map to the GPO (Deny)RemoteInteractiveLogonRight " "policy settings" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:308 +#: src/config/SSSDConfig/sssdoptions.py:309 msgid "" "PAM service names that map to the GPO (Deny)NetworkLogonRight policy settings" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:309 +#: src/config/SSSDConfig/sssdoptions.py:310 msgid "" "PAM service names that map to the GPO (Deny)BatchLogonRight policy settings" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:310 +#: src/config/SSSDConfig/sssdoptions.py:311 msgid "" "PAM service names that map to the GPO (Deny)ServiceLogonRight policy settings" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:311 +#: src/config/SSSDConfig/sssdoptions.py:312 msgid "PAM service names for which GPO-based access is always granted" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:312 +#: src/config/SSSDConfig/sssdoptions.py:313 msgid "PAM service names for which GPO-based access is always denied" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:313 +#: src/config/SSSDConfig/sssdoptions.py:314 msgid "" "Default logon right (or permit/deny) to use for unmapped PAM service names" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:314 +#: src/config/SSSDConfig/sssdoptions.py:315 msgid "a particular site to be used by the client" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:315 +#: src/config/SSSDConfig/sssdoptions.py:316 msgid "" "Maximum age in days before the machine account password should be renewed" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:317 +#: src/config/SSSDConfig/sssdoptions.py:318 msgid "Option for tuning the machine account renewal task" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:318 +#: src/config/SSSDConfig/sssdoptions.py:319 msgid "Whether to update the machine account password in the Samba database" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:320 +#: src/config/SSSDConfig/sssdoptions.py:321 msgid "Use LDAPS port for LDAP and Global Catalog requests" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:321 +#: src/config/SSSDConfig/sssdoptions.py:322 msgid "Do not filter domain local groups from other domains" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:324 #: src/config/SSSDConfig/sssdoptions.py:325 +#: src/config/SSSDConfig/sssdoptions.py:326 msgid "Kerberos server address" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:326 +#: src/config/SSSDConfig/sssdoptions.py:327 msgid "Kerberos backup server address" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:327 +#: src/config/SSSDConfig/sssdoptions.py:328 msgid "Kerberos realm" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:328 +#: src/config/SSSDConfig/sssdoptions.py:329 msgid "Authentication timeout" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:329 +#: src/config/SSSDConfig/sssdoptions.py:330 msgid "Whether to create kdcinfo files" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:330 +#: src/config/SSSDConfig/sssdoptions.py:331 msgid "Where to drop krb5 config snippets" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:333 +#: src/config/SSSDConfig/sssdoptions.py:334 msgid "Directory to store credential caches" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:334 +#: src/config/SSSDConfig/sssdoptions.py:335 msgid "Location of the user's credential cache" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:335 +#: src/config/SSSDConfig/sssdoptions.py:336 msgid "Location of the keytab to validate credentials" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:336 +#: src/config/SSSDConfig/sssdoptions.py:337 msgid "Enable credential validation" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:337 +#: src/config/SSSDConfig/sssdoptions.py:338 msgid "Store password if offline for later online authentication" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:338 +#: src/config/SSSDConfig/sssdoptions.py:339 msgid "Renewable lifetime of the TGT" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:339 +#: src/config/SSSDConfig/sssdoptions.py:340 msgid "Lifetime of the TGT" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:340 +#: src/config/SSSDConfig/sssdoptions.py:341 msgid "Time between two checks for renewal" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:341 +#: src/config/SSSDConfig/sssdoptions.py:342 msgid "Enables FAST" msgstr "FAST gaitzen du" -#: src/config/SSSDConfig/sssdoptions.py:342 +#: src/config/SSSDConfig/sssdoptions.py:343 msgid "Selects the principal to use for FAST" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:343 +#: src/config/SSSDConfig/sssdoptions.py:344 msgid "Use anonymous PKINIT to request FAST credentials" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:344 +#: src/config/SSSDConfig/sssdoptions.py:345 msgid "Enables principal canonicalization" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:345 +#: src/config/SSSDConfig/sssdoptions.py:346 msgid "Enables enterprise principals" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:346 +#: src/config/SSSDConfig/sssdoptions.py:347 msgid "Enables using of subdomains realms for authentication" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:347 +#: src/config/SSSDConfig/sssdoptions.py:348 msgid "A mapping from user names to Kerberos principal names" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:350 #: src/config/SSSDConfig/sssdoptions.py:351 +#: src/config/SSSDConfig/sssdoptions.py:352 msgid "Server where the change password service is running if not on the KDC" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:354 +#: src/config/SSSDConfig/sssdoptions.py:355 msgid "ldap_uri, The URI of the LDAP server" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:355 +#: src/config/SSSDConfig/sssdoptions.py:356 msgid "ldap_backup_uri, The URI of the LDAP server" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:356 +#: src/config/SSSDConfig/sssdoptions.py:357 msgid "The default base DN" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:357 +#: src/config/SSSDConfig/sssdoptions.py:358 msgid "The Schema Type in use on the LDAP server, rfc2307" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:358 +#: src/config/SSSDConfig/sssdoptions.py:359 msgid "Mode used to change user password" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:359 +#: src/config/SSSDConfig/sssdoptions.py:360 msgid "The default bind DN" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:360 +#: src/config/SSSDConfig/sssdoptions.py:361 msgid "The type of the authentication token of the default bind DN" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:361 +#: src/config/SSSDConfig/sssdoptions.py:362 msgid "The authentication token of the default bind DN" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:362 +#: src/config/SSSDConfig/sssdoptions.py:363 msgid "Length of time to attempt connection" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:363 +#: src/config/SSSDConfig/sssdoptions.py:364 msgid "Length of time to attempt synchronous LDAP operations" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:364 +#: src/config/SSSDConfig/sssdoptions.py:365 msgid "Length of time between attempts to reconnect while offline" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:365 +#: src/config/SSSDConfig/sssdoptions.py:366 msgid "Use only the upper case for realm names" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:366 +#: src/config/SSSDConfig/sssdoptions.py:367 msgid "File that contains CA certificates" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:367 +#: src/config/SSSDConfig/sssdoptions.py:368 msgid "Path to CA certificate directory" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:368 +#: src/config/SSSDConfig/sssdoptions.py:369 msgid "File that contains the client certificate" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:369 +#: src/config/SSSDConfig/sssdoptions.py:370 msgid "File that contains the client key" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:370 +#: src/config/SSSDConfig/sssdoptions.py:371 msgid "List of possible ciphers suites" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:371 +#: src/config/SSSDConfig/sssdoptions.py:372 msgid "Require TLS certificate verification" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:372 +#: src/config/SSSDConfig/sssdoptions.py:373 msgid "Specify the sasl mechanism to use" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:373 +#: src/config/SSSDConfig/sssdoptions.py:374 msgid "Specify the sasl authorization id to use" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:374 +#: src/config/SSSDConfig/sssdoptions.py:375 msgid "Specify the sasl authorization realm to use" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:375 +#: src/config/SSSDConfig/sssdoptions.py:376 msgid "Specify the minimal SSF for LDAP sasl authorization" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:376 +#: src/config/SSSDConfig/sssdoptions.py:377 msgid "Specify the maximal SSF for LDAP sasl authorization" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:377 +#: src/config/SSSDConfig/sssdoptions.py:378 msgid "Kerberos service keytab" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:378 +#: src/config/SSSDConfig/sssdoptions.py:379 msgid "Use Kerberos auth for LDAP connection" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:379 +#: src/config/SSSDConfig/sssdoptions.py:380 msgid "Follow LDAP referrals" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:380 +#: src/config/SSSDConfig/sssdoptions.py:381 msgid "Lifetime of TGT for LDAP connection" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:381 +#: src/config/SSSDConfig/sssdoptions.py:382 msgid "How to dereference aliases" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:382 +#: src/config/SSSDConfig/sssdoptions.py:383 msgid "Service name for DNS service lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:383 +#: src/config/SSSDConfig/sssdoptions.py:384 msgid "The number of records to retrieve in a single LDAP query" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:384 +#: src/config/SSSDConfig/sssdoptions.py:385 msgid "The number of members that must be missing to trigger a full deref" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:385 +#: src/config/SSSDConfig/sssdoptions.py:386 msgid "Ignore unreadable LDAP references" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:386 +#: src/config/SSSDConfig/sssdoptions.py:387 msgid "" "Whether the LDAP library should perform a reverse lookup to canonicalize the " "host name during a SASL bind" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:388 +#: src/config/SSSDConfig/sssdoptions.py:389 msgid "" "Allows to retain local users as members of an LDAP group for servers that " "use the RFC2307 schema." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:391 +#: src/config/SSSDConfig/sssdoptions.py:392 msgid "entryUSN attribute" msgstr "entryUSN atributua" -#: src/config/SSSDConfig/sssdoptions.py:392 +#: src/config/SSSDConfig/sssdoptions.py:393 msgid "lastUSN attribute" msgstr "lastUSN atributua" -#: src/config/SSSDConfig/sssdoptions.py:394 +#: src/config/SSSDConfig/sssdoptions.py:395 msgid "How long to retain a connection to the LDAP server before disconnecting" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:397 +#: src/config/SSSDConfig/sssdoptions.py:398 msgid "Disable the LDAP paging control" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:398 +#: src/config/SSSDConfig/sssdoptions.py:399 msgid "Disable Active Directory range retrieval" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:401 +#: src/config/SSSDConfig/sssdoptions.py:402 msgid "Length of time to wait for a search request" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:402 +#: src/config/SSSDConfig/sssdoptions.py:403 msgid "Length of time to wait for a enumeration request" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:403 +#: src/config/SSSDConfig/sssdoptions.py:404 msgid "Length of time between enumeration updates" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:404 +#: src/config/SSSDConfig/sssdoptions.py:405 msgid "Maximum period deviation between enumeration updates" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:405 +#: src/config/SSSDConfig/sssdoptions.py:406 msgid "Length of time between cache cleanups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:406 +#: src/config/SSSDConfig/sssdoptions.py:407 msgid "Maximum time deviation between cache cleanups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:407 +#: src/config/SSSDConfig/sssdoptions.py:408 msgid "Require TLS for ID lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:408 +#: src/config/SSSDConfig/sssdoptions.py:409 msgid "Use ID-mapping of objectSID instead of pre-set IDs" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:409 +#: src/config/SSSDConfig/sssdoptions.py:410 msgid "Base DN for user lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:410 +#: src/config/SSSDConfig/sssdoptions.py:411 msgid "Scope of user lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:411 +#: src/config/SSSDConfig/sssdoptions.py:412 msgid "Filter for user lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:412 +#: src/config/SSSDConfig/sssdoptions.py:413 msgid "Objectclass for users" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:413 +#: src/config/SSSDConfig/sssdoptions.py:414 msgid "Username attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:414 +#: src/config/SSSDConfig/sssdoptions.py:415 msgid "UID attribute" msgstr "UID atributua" -#: src/config/SSSDConfig/sssdoptions.py:415 +#: src/config/SSSDConfig/sssdoptions.py:416 msgid "Primary GID attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:416 +#: src/config/SSSDConfig/sssdoptions.py:417 msgid "GECOS attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:417 +#: src/config/SSSDConfig/sssdoptions.py:418 msgid "Home directory attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:418 +#: src/config/SSSDConfig/sssdoptions.py:419 msgid "Shell attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:419 +#: src/config/SSSDConfig/sssdoptions.py:420 msgid "UUID attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:420 -#: src/config/SSSDConfig/sssdoptions.py:459 +#: src/config/SSSDConfig/sssdoptions.py:421 +#: src/config/SSSDConfig/sssdoptions.py:460 msgid "objectSID attribute" msgstr "objectSID atributua" -#: src/config/SSSDConfig/sssdoptions.py:421 +#: src/config/SSSDConfig/sssdoptions.py:422 msgid "Active Directory primary group attribute for ID-mapping" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:422 +#: src/config/SSSDConfig/sssdoptions.py:423 msgid "User principal attribute (for Kerberos)" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:423 +#: src/config/SSSDConfig/sssdoptions.py:424 msgid "Full Name" msgstr "Izen osoa" -#: src/config/SSSDConfig/sssdoptions.py:424 +#: src/config/SSSDConfig/sssdoptions.py:425 msgid "memberOf attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:425 +#: src/config/SSSDConfig/sssdoptions.py:426 msgid "Modification time attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:426 +#: src/config/SSSDConfig/sssdoptions.py:427 msgid "shadowLastChange attribute" msgstr "shadowLastChange atributua" -#: src/config/SSSDConfig/sssdoptions.py:427 +#: src/config/SSSDConfig/sssdoptions.py:428 msgid "shadowMin attribute" msgstr "shadowMin atributua" -#: src/config/SSSDConfig/sssdoptions.py:428 +#: src/config/SSSDConfig/sssdoptions.py:429 msgid "shadowMax attribute" msgstr "shadowMax atributua" -#: src/config/SSSDConfig/sssdoptions.py:429 +#: src/config/SSSDConfig/sssdoptions.py:430 msgid "shadowWarning attribute" msgstr "shadowWarning atributua" -#: src/config/SSSDConfig/sssdoptions.py:430 +#: src/config/SSSDConfig/sssdoptions.py:431 msgid "shadowInactive attribute" msgstr "shadowInactive atributua" -#: src/config/SSSDConfig/sssdoptions.py:431 +#: src/config/SSSDConfig/sssdoptions.py:432 msgid "shadowExpire attribute" msgstr "shadowExpire atributua" -#: src/config/SSSDConfig/sssdoptions.py:432 +#: src/config/SSSDConfig/sssdoptions.py:433 msgid "shadowFlag attribute" msgstr "shadowFlag atributua" -#: src/config/SSSDConfig/sssdoptions.py:433 +#: src/config/SSSDConfig/sssdoptions.py:434 msgid "Attribute listing authorized PAM services" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:434 +#: src/config/SSSDConfig/sssdoptions.py:435 msgid "Attribute listing authorized server hosts" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:435 +#: src/config/SSSDConfig/sssdoptions.py:436 msgid "Attribute listing authorized server rhosts" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:436 +#: src/config/SSSDConfig/sssdoptions.py:437 msgid "krbLastPwdChange attribute" msgstr "krbLastPwdChange atributua" -#: src/config/SSSDConfig/sssdoptions.py:437 +#: src/config/SSSDConfig/sssdoptions.py:438 msgid "krbPasswordExpiration attribute" msgstr "krbPasswordExpiration atributua" -#: src/config/SSSDConfig/sssdoptions.py:438 +#: src/config/SSSDConfig/sssdoptions.py:439 msgid "Attribute indicating that server side password policies are active" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:439 +#: src/config/SSSDConfig/sssdoptions.py:440 msgid "accountExpires attribute of AD" msgstr "ADren accountExpires atributua" -#: src/config/SSSDConfig/sssdoptions.py:440 +#: src/config/SSSDConfig/sssdoptions.py:441 msgid "userAccountControl attribute of AD" msgstr "ADren userAccountControl atributua" -#: src/config/SSSDConfig/sssdoptions.py:441 +#: src/config/SSSDConfig/sssdoptions.py:442 msgid "nsAccountLock attribute" msgstr "nsAccountLock atributua" -#: src/config/SSSDConfig/sssdoptions.py:442 +#: src/config/SSSDConfig/sssdoptions.py:443 msgid "loginDisabled attribute of NDS" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:443 +#: src/config/SSSDConfig/sssdoptions.py:444 msgid "loginExpirationTime attribute of NDS" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:444 +#: src/config/SSSDConfig/sssdoptions.py:445 msgid "loginAllowedTimeMap attribute of NDS" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:445 +#: src/config/SSSDConfig/sssdoptions.py:446 msgid "SSH public key attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:446 +#: src/config/SSSDConfig/sssdoptions.py:447 msgid "attribute listing allowed authentication types for a user" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:447 +#: src/config/SSSDConfig/sssdoptions.py:448 msgid "attribute containing the X509 certificate of the user" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:448 +#: src/config/SSSDConfig/sssdoptions.py:449 msgid "attribute containing the email address of the user" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:449 +#: src/config/SSSDConfig/sssdoptions.py:450 msgid "attribute containing the passkey mapping data of the user" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:450 +#: src/config/SSSDConfig/sssdoptions.py:451 msgid "A list of extra attributes to download along with the user entry" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:452 +#: src/config/SSSDConfig/sssdoptions.py:453 msgid "Base DN for group lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:453 +#: src/config/SSSDConfig/sssdoptions.py:454 msgid "Objectclass for groups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:454 +#: src/config/SSSDConfig/sssdoptions.py:455 msgid "Group name" msgstr "Talde-izena" -#: src/config/SSSDConfig/sssdoptions.py:455 +#: src/config/SSSDConfig/sssdoptions.py:456 msgid "Group password" msgstr "Taldearen pasahitza" -#: src/config/SSSDConfig/sssdoptions.py:456 +#: src/config/SSSDConfig/sssdoptions.py:457 msgid "GID attribute" msgstr "GID atributua" -#: src/config/SSSDConfig/sssdoptions.py:457 +#: src/config/SSSDConfig/sssdoptions.py:458 msgid "Group member attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:458 +#: src/config/SSSDConfig/sssdoptions.py:459 msgid "Group UUID attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:460 +#: src/config/SSSDConfig/sssdoptions.py:461 msgid "Modification time attribute for groups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:461 +#: src/config/SSSDConfig/sssdoptions.py:462 msgid "Type of the group and other flags" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:462 +#: src/config/SSSDConfig/sssdoptions.py:463 msgid "The LDAP group external member attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:463 +#: src/config/SSSDConfig/sssdoptions.py:464 msgid "Maximum nesting level SSSD will follow" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:464 +#: src/config/SSSDConfig/sssdoptions.py:465 msgid "Filter for group lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:465 +#: src/config/SSSDConfig/sssdoptions.py:466 msgid "Scope of group lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:467 +#: src/config/SSSDConfig/sssdoptions.py:468 msgid "Base DN for netgroup lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:468 +#: src/config/SSSDConfig/sssdoptions.py:469 msgid "Objectclass for netgroups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:469 +#: src/config/SSSDConfig/sssdoptions.py:470 msgid "Netgroup name" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:470 +#: src/config/SSSDConfig/sssdoptions.py:471 msgid "Netgroups members attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:471 +#: src/config/SSSDConfig/sssdoptions.py:472 msgid "Netgroup triple attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:472 +#: src/config/SSSDConfig/sssdoptions.py:473 msgid "Modification time attribute for netgroups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:474 +#: src/config/SSSDConfig/sssdoptions.py:475 msgid "Base DN for service lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:475 +#: src/config/SSSDConfig/sssdoptions.py:476 msgid "Objectclass for services" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:476 +#: src/config/SSSDConfig/sssdoptions.py:477 msgid "Service name attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:477 +#: src/config/SSSDConfig/sssdoptions.py:478 msgid "Service port attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:478 +#: src/config/SSSDConfig/sssdoptions.py:479 msgid "Service protocol attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:480 +#: src/config/SSSDConfig/sssdoptions.py:481 msgid "Lower bound for ID-mapping" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:481 +#: src/config/SSSDConfig/sssdoptions.py:482 msgid "Upper bound for ID-mapping" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:482 +#: src/config/SSSDConfig/sssdoptions.py:483 msgid "Number of IDs for each slice when ID-mapping" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:483 +#: src/config/SSSDConfig/sssdoptions.py:484 msgid "Use autorid-compatible algorithm for ID-mapping" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:484 +#: src/config/SSSDConfig/sssdoptions.py:485 msgid "Name of the default domain for ID-mapping" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:485 +#: src/config/SSSDConfig/sssdoptions.py:486 msgid "SID of the default domain for ID-mapping" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:486 +#: src/config/SSSDConfig/sssdoptions.py:487 msgid "Number of secondary slices" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:488 +#: src/config/SSSDConfig/sssdoptions.py:489 msgid "Whether to use Token-Groups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:489 +#: src/config/SSSDConfig/sssdoptions.py:490 msgid "Set lower boundary for allowed IDs from the LDAP server" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:490 +#: src/config/SSSDConfig/sssdoptions.py:491 msgid "Set upper boundary for allowed IDs from the LDAP server" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:491 +#: src/config/SSSDConfig/sssdoptions.py:492 msgid "DN for ppolicy queries" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:492 +#: src/config/SSSDConfig/sssdoptions.py:493 msgid "How many maximum entries to fetch during a wildcard request" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:493 +#: src/config/SSSDConfig/sssdoptions.py:494 msgid "Set libldap debug level" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:496 +#: src/config/SSSDConfig/sssdoptions.py:497 msgid "Policy to evaluate the password expiration" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:500 +#: src/config/SSSDConfig/sssdoptions.py:501 msgid "Which attributes shall be used to evaluate if an account is expired" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:504 +#: src/config/SSSDConfig/sssdoptions.py:505 msgid "URI of an LDAP server where password changes are allowed" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:505 +#: src/config/SSSDConfig/sssdoptions.py:506 msgid "URI of a backup LDAP server where password changes are allowed" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:506 +#: src/config/SSSDConfig/sssdoptions.py:507 msgid "DNS service name for LDAP password change server" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:507 +#: src/config/SSSDConfig/sssdoptions.py:508 msgid "" "Whether to update the ldap_user_shadow_last_change attribute after a " "password change" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:511 +#: src/config/SSSDConfig/sssdoptions.py:512 msgid "Base DN for sudo rules lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:512 +#: src/config/SSSDConfig/sssdoptions.py:513 msgid "Automatic full refresh period" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:513 +#: src/config/SSSDConfig/sssdoptions.py:514 msgid "Automatic smart refresh period" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:514 +#: src/config/SSSDConfig/sssdoptions.py:515 msgid "Smart and full refresh random offset" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:515 +#: src/config/SSSDConfig/sssdoptions.py:516 msgid "Whether to filter rules by hostname, IP addresses and network" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:516 +#: src/config/SSSDConfig/sssdoptions.py:517 msgid "" "Hostnames and/or fully qualified domain names of this machine to filter sudo " "rules" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:517 +#: src/config/SSSDConfig/sssdoptions.py:518 msgid "IPv4 or IPv6 addresses or network of this machine to filter sudo rules" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:518 +#: src/config/SSSDConfig/sssdoptions.py:519 msgid "Whether to include rules that contains netgroup in host attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:519 +#: src/config/SSSDConfig/sssdoptions.py:520 msgid "" "Whether to include rules that contains regular expression in host attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:520 +#: src/config/SSSDConfig/sssdoptions.py:521 msgid "Object class for sudo rules" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:521 +#: src/config/SSSDConfig/sssdoptions.py:522 msgid "Name of attribute that is used as object class for sudo rules" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:522 +#: src/config/SSSDConfig/sssdoptions.py:523 msgid "Sudo rule name" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:523 +#: src/config/SSSDConfig/sssdoptions.py:524 msgid "Sudo rule command attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:524 +#: src/config/SSSDConfig/sssdoptions.py:525 msgid "Sudo rule host attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:525 +#: src/config/SSSDConfig/sssdoptions.py:526 msgid "Sudo rule user attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:526 +#: src/config/SSSDConfig/sssdoptions.py:527 msgid "Sudo rule option attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:527 +#: src/config/SSSDConfig/sssdoptions.py:528 msgid "Sudo rule runas attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:528 +#: src/config/SSSDConfig/sssdoptions.py:529 msgid "Sudo rule runasuser attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:529 +#: src/config/SSSDConfig/sssdoptions.py:530 msgid "Sudo rule runasgroup attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:530 +#: src/config/SSSDConfig/sssdoptions.py:531 msgid "Sudo rule notbefore attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:531 +#: src/config/SSSDConfig/sssdoptions.py:532 msgid "Sudo rule notafter attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:532 +#: src/config/SSSDConfig/sssdoptions.py:533 msgid "Sudo rule order attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:535 +#: src/config/SSSDConfig/sssdoptions.py:536 msgid "Object class for automounter maps" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:536 +#: src/config/SSSDConfig/sssdoptions.py:537 msgid "Automounter map name attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:537 +#: src/config/SSSDConfig/sssdoptions.py:538 msgid "Object class for automounter map entries" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:538 +#: src/config/SSSDConfig/sssdoptions.py:539 msgid "Automounter map entry key attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:539 +#: src/config/SSSDConfig/sssdoptions.py:540 msgid "Automounter map entry value attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:540 +#: src/config/SSSDConfig/sssdoptions.py:541 msgid "Base DN for automounter map lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:541 +#: src/config/SSSDConfig/sssdoptions.py:542 msgid "The name of the automount master map in LDAP." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:544 +#: src/config/SSSDConfig/sssdoptions.py:545 msgid "Base DN for IP hosts lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:545 +#: src/config/SSSDConfig/sssdoptions.py:546 msgid "Object class for IP hosts" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:546 +#: src/config/SSSDConfig/sssdoptions.py:547 msgid "IP host name attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:547 +#: src/config/SSSDConfig/sssdoptions.py:548 msgid "IP host number (address) attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:548 +#: src/config/SSSDConfig/sssdoptions.py:549 msgid "IP host entryUSN attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:549 +#: src/config/SSSDConfig/sssdoptions.py:550 msgid "Base DN for IP networks lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:550 +#: src/config/SSSDConfig/sssdoptions.py:551 msgid "Object class for IP networks" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:551 +#: src/config/SSSDConfig/sssdoptions.py:552 msgid "IP network name attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:552 +#: src/config/SSSDConfig/sssdoptions.py:553 msgid "IP network number (address) attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:553 +#: src/config/SSSDConfig/sssdoptions.py:554 msgid "IP network entryUSN attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:556 +#: src/config/SSSDConfig/sssdoptions.py:557 msgid "Comma separated list of allowed users" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:557 +#: src/config/SSSDConfig/sssdoptions.py:558 msgid "Comma separated list of prohibited users" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:558 +#: src/config/SSSDConfig/sssdoptions.py:559 msgid "" "Comma separated list of groups that are allowed to log in. This applies only " "to groups within this SSSD domain. Local groups are not evaluated." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:560 +#: src/config/SSSDConfig/sssdoptions.py:561 msgid "" "Comma separated list of groups that are explicitly denied access. This " "applies only to groups within this SSSD domain. Local groups are not " "evaluated." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:564 +#: src/config/SSSDConfig/sssdoptions.py:565 msgid "The number of preforked proxy children." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:567 +#: src/config/SSSDConfig/sssdoptions.py:568 msgid "The name of the NSS library to use" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:568 +#: src/config/SSSDConfig/sssdoptions.py:569 msgid "The name of the NSS library to use for hosts and networks lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:569 +#: src/config/SSSDConfig/sssdoptions.py:570 msgid "Whether to look up canonical group name from cache if possible" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:572 +#: src/config/SSSDConfig/sssdoptions.py:573 msgid "PAM stack to use" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:575 +#: src/config/SSSDConfig/sssdoptions.py:576 msgid "Path of passwd file sources." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:576 +#: src/config/SSSDConfig/sssdoptions.py:577 msgid "Path of group file sources." msgstr "" @@ -1881,67 +1885,67 @@ msgstr "" msgid "SSSD is already running\n" msgstr "" -#: src/providers/krb5/krb5_child.c:4007 src/providers/ldap/ldap_child.c:641 +#: src/providers/krb5/krb5_child.c:4027 src/providers/ldap/ldap_child.c:642 msgid "Allow core dumps" msgstr "" -#: src/providers/krb5/krb5_child.c:4009 src/providers/ldap/ldap_child.c:643 +#: src/providers/krb5/krb5_child.c:4029 src/providers/ldap/ldap_child.c:644 msgid "An open file descriptor for the debug logs" msgstr "" -#: src/providers/krb5/krb5_child.c:4012 +#: src/providers/krb5/krb5_child.c:4032 msgid "The user to create FAST ccache as" msgstr "" -#: src/providers/krb5/krb5_child.c:4014 +#: src/providers/krb5/krb5_child.c:4034 msgid "The group to create FAST ccache as" msgstr "" -#: src/providers/krb5/krb5_child.c:4016 +#: src/providers/krb5/krb5_child.c:4036 msgid "Use anonymous PKINIT to request FAST armor ticket" msgstr "" -#: src/providers/krb5/krb5_child.c:4018 +#: src/providers/krb5/krb5_child.c:4038 msgid "Kerberos realm to use" msgstr "" -#: src/providers/krb5/krb5_child.c:4020 +#: src/providers/krb5/krb5_child.c:4040 msgid "Requested lifetime of the ticket" msgstr "" -#: src/providers/krb5/krb5_child.c:4022 +#: src/providers/krb5/krb5_child.c:4042 msgid "Requested renewable lifetime of the ticket" msgstr "" -#: src/providers/krb5/krb5_child.c:4024 +#: src/providers/krb5/krb5_child.c:4044 msgid "FAST options ('never', 'try', 'demand')" msgstr "" -#: src/providers/krb5/krb5_child.c:4027 +#: src/providers/krb5/krb5_child.c:4047 msgid "Specifies the server principal to use for FAST" msgstr "" -#: src/providers/krb5/krb5_child.c:4029 +#: src/providers/krb5/krb5_child.c:4049 msgid "Requests canonicalization of the principal name" msgstr "" -#: src/providers/krb5/krb5_child.c:4031 +#: src/providers/krb5/krb5_child.c:4051 msgid "Use custom version of krb5_get_init_creds_password" msgstr "" -#: src/providers/krb5/krb5_child.c:4033 +#: src/providers/krb5/krb5_child.c:4053 msgid "Tevent chain ID used for logging purposes" msgstr "" -#: src/providers/krb5/krb5_child.c:4035 +#: src/providers/krb5/krb5_child.c:4055 msgid "Check PAC flags" msgstr "" -#: src/providers/krb5/krb5_child.c:4079 src/providers/ldap/ldap_child.c:669 +#: src/providers/krb5/krb5_child.c:4099 src/providers/ldap/ldap_child.c:670 msgid "talloc_asprintf failed.\n" msgstr "" -#: src/providers/krb5/krb5_child.c:4089 src/providers/ldap/ldap_child.c:678 +#: src/providers/krb5/krb5_child.c:4109 src/providers/ldap/ldap_child.c:679 msgid "set_debug_file_from_fd failed.\n" msgstr "" @@ -1985,119 +1989,131 @@ msgstr "" msgid "Permission denied. " msgstr "" -#: src/sss_client/pam_sss.c:70 src/sss_client/pam_sss.c:819 -#: src/sss_client/pam_sss.c:830 +#: src/sss_client/pam_sss.c:70 src/sss_client/pam_sss.c:838 +#: src/sss_client/pam_sss.c:849 msgid "Server message: " msgstr "" #: src/sss_client/pam_sss.c:71 +msgid "" +"Kerberos TGT will not be granted upon login, user experience will be " +"affected." +msgstr "" + +#: src/sss_client/pam_sss.c:72 msgid "Enter PIN:" msgstr "" -#: src/sss_client/pam_sss.c:314 +#: src/sss_client/pam_sss.c:315 msgid "Passwords do not match" msgstr "" -#: src/sss_client/pam_sss.c:502 +#: src/sss_client/pam_sss.c:503 msgid "Password reset by root is not supported." msgstr "" -#: src/sss_client/pam_sss.c:543 +#: src/sss_client/pam_sss.c:544 msgid "Authenticated with cached credentials" msgstr "" -#: src/sss_client/pam_sss.c:544 +#: src/sss_client/pam_sss.c:545 msgid ", your cached password will expire at: " msgstr "" -#: src/sss_client/pam_sss.c:574 +#: src/sss_client/pam_sss.c:575 #, c-format msgid "Your password has expired. You have %1$d grace login(s) remaining." msgstr "" -#: src/sss_client/pam_sss.c:624 +#: src/sss_client/pam_sss.c:625 #, c-format msgid "Your password will expire in %1$d %2$s." msgstr "" -#: src/sss_client/pam_sss.c:627 +#: src/sss_client/pam_sss.c:628 #, fuzzy, c-format msgid "Your password has expired." msgstr "Huts egin du pasahitza aldatzeak. " -#: src/sss_client/pam_sss.c:678 +#: src/sss_client/pam_sss.c:679 msgid "Authentication is denied until: " msgstr "" -#: src/sss_client/pam_sss.c:699 +#: src/sss_client/pam_sss.c:700 msgid "System is offline, password change not possible" msgstr "" -#: src/sss_client/pam_sss.c:714 +#: src/sss_client/pam_sss.c:715 msgid "" "After changing the OTP password, you need to log out and back in order to " "acquire a ticket" msgstr "" -#: src/sss_client/pam_sss.c:729 +#: src/sss_client/pam_sss.c:730 msgid "PIN locked" msgstr "" -#: src/sss_client/pam_sss.c:816 src/sss_client/pam_sss.c:829 +#: src/sss_client/pam_sss.c:745 +msgid "" +"No Kerberos TGT granted as the server does not support this method. Your " +"single-sign on(SSO) experience will be affected." +msgstr "" + +#: src/sss_client/pam_sss.c:835 src/sss_client/pam_sss.c:848 msgid "Password change failed. " msgstr "Huts egin du pasahitza aldatzeak. " -#: src/sss_client/pam_sss.c:1797 +#: src/sss_client/pam_sss.c:1819 #, c-format msgid "Authenticate at %1$s and press ENTER." msgstr "" -#: src/sss_client/pam_sss.c:1800 +#: src/sss_client/pam_sss.c:1822 #, c-format msgid "Authenticate with PIN %1$s at %2$s and press ENTER." msgstr "" -#: src/sss_client/pam_sss.c:2153 +#: src/sss_client/pam_sss.c:2181 msgid "Please (re)insert (different) Smartcard" msgstr "" -#: src/sss_client/pam_sss.c:2352 +#: src/sss_client/pam_sss.c:2380 msgid "New Password: " msgstr "Pasahitz berria: " -#: src/sss_client/pam_sss.c:2353 +#: src/sss_client/pam_sss.c:2381 msgid "Reenter new Password: " msgstr "Berriz sartu pasahitz berria: " -#: src/sss_client/pam_sss.c:2523 src/sss_client/pam_sss.c:2526 +#: src/sss_client/pam_sss.c:2551 src/sss_client/pam_sss.c:2554 msgid "First Factor: " msgstr "" -#: src/sss_client/pam_sss.c:2524 src/sss_client/pam_sss.c:2707 +#: src/sss_client/pam_sss.c:2552 src/sss_client/pam_sss.c:2740 msgid "Second Factor (optional): " msgstr "" -#: src/sss_client/pam_sss.c:2527 src/sss_client/pam_sss.c:2710 +#: src/sss_client/pam_sss.c:2555 src/sss_client/pam_sss.c:2743 msgid "Second Factor: " msgstr "" -#: src/sss_client/pam_sss.c:2547 +#: src/sss_client/pam_sss.c:2575 msgid "Insert your passkey device, then press ENTER." msgstr "" -#: src/sss_client/pam_sss.c:2551 src/sss_client/pam_sss.c:2554 +#: src/sss_client/pam_sss.c:2579 src/sss_client/pam_sss.c:2587 msgid "Password: " msgstr "Pasahitza: " -#: src/sss_client/pam_sss.c:2706 src/sss_client/pam_sss.c:2709 +#: src/sss_client/pam_sss.c:2739 src/sss_client/pam_sss.c:2742 msgid "First Factor (Current Password): " msgstr "" -#: src/sss_client/pam_sss.c:2713 +#: src/sss_client/pam_sss.c:2746 msgid "Current Password: " msgstr "Uneko pasahitza: " -#: src/sss_client/pam_sss.c:3070 +#: src/sss_client/pam_sss.c:3103 msgid "Password expired. Change your password now." msgstr "Pasahitza iraungita. Aldatu zure pasahitza orain." diff --git a/po/fi.po b/po/fi.po index 6abcf5590e7..915d95dffcd 100644 --- a/po/fi.po +++ b/po/fi.po @@ -6,7 +6,7 @@ msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" -"POT-Creation-Date: 2023-05-05 10:11+0200\n" +"POT-Creation-Date: 2023-09-07 11:48+0200\n" "PO-Revision-Date: 2023-02-26 20:20+0000\n" "Last-Translator: Jan Kuparinen \n" "Language-Team: Finnish \n" "Language-Team: French , doit être superutilisateur (root)\n" msgid "SSSD is already running\n" msgstr "SSSD est déjà en cours d'exécution\n" -#: src/providers/krb5/krb5_child.c:4007 src/providers/ldap/ldap_child.c:641 +#: src/providers/krb5/krb5_child.c:4027 src/providers/ldap/ldap_child.c:642 msgid "Allow core dumps" msgstr "Autoriser les vidages de noyau" -#: src/providers/krb5/krb5_child.c:4009 src/providers/ldap/ldap_child.c:643 +#: src/providers/krb5/krb5_child.c:4029 src/providers/ldap/ldap_child.c:644 msgid "An open file descriptor for the debug logs" msgstr "Un descripteur de fichier ouvert pour les journaux de débogage" -#: src/providers/krb5/krb5_child.c:4012 +#: src/providers/krb5/krb5_child.c:4032 msgid "The user to create FAST ccache as" msgstr "L'utilisateur à utiliser pour la création du ccache FAST" -#: src/providers/krb5/krb5_child.c:4014 +#: src/providers/krb5/krb5_child.c:4034 msgid "The group to create FAST ccache as" msgstr "Le groupe à utiliser pour la création du ccache FAST" -#: src/providers/krb5/krb5_child.c:4016 +#: src/providers/krb5/krb5_child.c:4036 msgid "Use anonymous PKINIT to request FAST armor ticket" msgstr "Utilisez le PKINIT anonyme pour obtenir un ticket FAST armor" -#: src/providers/krb5/krb5_child.c:4018 +#: src/providers/krb5/krb5_child.c:4038 msgid "Kerberos realm to use" msgstr "Domaine Kerberos à utiliser" -#: src/providers/krb5/krb5_child.c:4020 +#: src/providers/krb5/krb5_child.c:4040 msgid "Requested lifetime of the ticket" msgstr "Demande de renouvellement à vie du billet" -#: src/providers/krb5/krb5_child.c:4022 +#: src/providers/krb5/krb5_child.c:4042 msgid "Requested renewable lifetime of the ticket" msgstr "Demande de renouvellement à vie du billet" -#: src/providers/krb5/krb5_child.c:4024 +#: src/providers/krb5/krb5_child.c:4044 msgid "FAST options ('never', 'try', 'demand')" msgstr "Options FAST ('never', 'try', 'demand')" -#: src/providers/krb5/krb5_child.c:4027 +#: src/providers/krb5/krb5_child.c:4047 msgid "Specifies the server principal to use for FAST" msgstr "Spécifie le principal de serveur afin d'utiliser FAST" -#: src/providers/krb5/krb5_child.c:4029 +#: src/providers/krb5/krb5_child.c:4049 msgid "Requests canonicalization of the principal name" msgstr "Demande la canonisation du nom principal" -#: src/providers/krb5/krb5_child.c:4031 +#: src/providers/krb5/krb5_child.c:4051 msgid "Use custom version of krb5_get_init_creds_password" msgstr "Utiliser la version personnalisée de krb5_get_init_creds_password" -#: src/providers/krb5/krb5_child.c:4033 +#: src/providers/krb5/krb5_child.c:4053 msgid "Tevent chain ID used for logging purposes" msgstr "ID de chaîne Tevent utilisé à des fins de journalisation" -#: src/providers/krb5/krb5_child.c:4035 +#: src/providers/krb5/krb5_child.c:4055 msgid "Check PAC flags" msgstr "Vérifier les indicateurs PAC" -#: src/providers/krb5/krb5_child.c:4079 src/providers/ldap/ldap_child.c:669 +#: src/providers/krb5/krb5_child.c:4099 src/providers/ldap/ldap_child.c:670 msgid "talloc_asprintf failed.\n" msgstr "Échec de talloc_asprintf.\n" -#: src/providers/krb5/krb5_child.c:4089 src/providers/ldap/ldap_child.c:678 +#: src/providers/krb5/krb5_child.c:4109 src/providers/ldap/ldap_child.c:679 msgid "set_debug_file_from_fd failed.\n" msgstr "Échec de set_debug_file_from_fd.\n" @@ -2221,58 +2225,64 @@ msgstr "Erreur inattendue lors de la recherche de la description de l'erreur" msgid "Permission denied. " msgstr "Accès refusé. " -#: src/sss_client/pam_sss.c:70 src/sss_client/pam_sss.c:819 -#: src/sss_client/pam_sss.c:830 +#: src/sss_client/pam_sss.c:70 src/sss_client/pam_sss.c:838 +#: src/sss_client/pam_sss.c:849 msgid "Server message: " msgstr "Message du serveur : " #: src/sss_client/pam_sss.c:71 +msgid "" +"Kerberos TGT will not be granted upon login, user experience will be " +"affected." +msgstr "" + +#: src/sss_client/pam_sss.c:72 msgid "Enter PIN:" msgstr "Saisissez le code PIN :" -#: src/sss_client/pam_sss.c:314 +#: src/sss_client/pam_sss.c:315 msgid "Passwords do not match" msgstr "Les mots de passe ne correspondent pas" -#: src/sss_client/pam_sss.c:502 +#: src/sss_client/pam_sss.c:503 msgid "Password reset by root is not supported." msgstr "" "La réinitialisation du mot de passe par root n'est pas prise en charge." -#: src/sss_client/pam_sss.c:543 +#: src/sss_client/pam_sss.c:544 msgid "Authenticated with cached credentials" msgstr "Authentifié avec les crédits mis en cache" -#: src/sss_client/pam_sss.c:544 +#: src/sss_client/pam_sss.c:545 msgid ", your cached password will expire at: " msgstr ", votre mot de passe en cache expirera à : " -#: src/sss_client/pam_sss.c:574 +#: src/sss_client/pam_sss.c:575 #, c-format msgid "Your password has expired. You have %1$d grace login(s) remaining." msgstr "" "Votre mot de passe a expiré. Il vous reste %1$d connexion(s) autorisée(s)." -#: src/sss_client/pam_sss.c:624 +#: src/sss_client/pam_sss.c:625 #, c-format msgid "Your password will expire in %1$d %2$s." msgstr "Votre mot de passe expirera dans %1$d %2$s." -#: src/sss_client/pam_sss.c:627 +#: src/sss_client/pam_sss.c:628 #, c-format msgid "Your password has expired." msgstr "Votre mot de passe a expiré." -#: src/sss_client/pam_sss.c:678 +#: src/sss_client/pam_sss.c:679 msgid "Authentication is denied until: " msgstr "L'authentification est refusée jusque : " -#: src/sss_client/pam_sss.c:699 +#: src/sss_client/pam_sss.c:700 msgid "System is offline, password change not possible" msgstr "" "Le système est hors-ligne, les modifications du mot de passe sont impossibles" -#: src/sss_client/pam_sss.c:714 +#: src/sss_client/pam_sss.c:715 msgid "" "After changing the OTP password, you need to log out and back in order to " "acquire a ticket" @@ -2280,65 +2290,71 @@ msgstr "" "Après avoir modifié le mot de passe OTP, vous devez vous déconnecter et vous " "reconnecter afin d'acquérir un ticket" -#: src/sss_client/pam_sss.c:729 +#: src/sss_client/pam_sss.c:730 msgid "PIN locked" msgstr "PIN verrouillé" -#: src/sss_client/pam_sss.c:816 src/sss_client/pam_sss.c:829 +#: src/sss_client/pam_sss.c:745 +msgid "" +"No Kerberos TGT granted as the server does not support this method. Your " +"single-sign on(SSO) experience will be affected." +msgstr "" + +#: src/sss_client/pam_sss.c:835 src/sss_client/pam_sss.c:848 msgid "Password change failed. " msgstr "Échec du changement de mot de passe. " -#: src/sss_client/pam_sss.c:1797 +#: src/sss_client/pam_sss.c:1819 #, c-format msgid "Authenticate at %1$s and press ENTER." msgstr "Authentifiez-vous sur %1$s et appuyez sur ENTRÉE." -#: src/sss_client/pam_sss.c:1800 +#: src/sss_client/pam_sss.c:1822 #, c-format msgid "Authenticate with PIN %1$s at %2$s and press ENTER." msgstr "Authentifiez-vous avec le PIN %1$s à %2$s et appuyez sur ENTRÉE." -#: src/sss_client/pam_sss.c:2153 +#: src/sss_client/pam_sss.c:2181 msgid "Please (re)insert (different) Smartcard" msgstr "Veuillez (ré)insérer une carte à puce (différente)" -#: src/sss_client/pam_sss.c:2352 +#: src/sss_client/pam_sss.c:2380 msgid "New Password: " msgstr "Nouveau mot de passe : " -#: src/sss_client/pam_sss.c:2353 +#: src/sss_client/pam_sss.c:2381 msgid "Reenter new Password: " msgstr "Retaper le nouveau mot de passe : " -#: src/sss_client/pam_sss.c:2523 src/sss_client/pam_sss.c:2526 +#: src/sss_client/pam_sss.c:2551 src/sss_client/pam_sss.c:2554 msgid "First Factor: " msgstr "Premier facteur : " -#: src/sss_client/pam_sss.c:2524 src/sss_client/pam_sss.c:2707 +#: src/sss_client/pam_sss.c:2552 src/sss_client/pam_sss.c:2740 msgid "Second Factor (optional): " msgstr "Deuxième facteur (facultatif) : " -#: src/sss_client/pam_sss.c:2527 src/sss_client/pam_sss.c:2710 +#: src/sss_client/pam_sss.c:2555 src/sss_client/pam_sss.c:2743 msgid "Second Factor: " msgstr "Second facteur : " -#: src/sss_client/pam_sss.c:2547 +#: src/sss_client/pam_sss.c:2575 msgid "Insert your passkey device, then press ENTER." msgstr "Insérez votre passe-partout, puis appuyez sur la touche ENTER." -#: src/sss_client/pam_sss.c:2551 src/sss_client/pam_sss.c:2554 +#: src/sss_client/pam_sss.c:2579 src/sss_client/pam_sss.c:2587 msgid "Password: " msgstr "Mot de passe : " -#: src/sss_client/pam_sss.c:2706 src/sss_client/pam_sss.c:2709 +#: src/sss_client/pam_sss.c:2739 src/sss_client/pam_sss.c:2742 msgid "First Factor (Current Password): " msgstr "Premier facteur (mot de passe actuel) : " -#: src/sss_client/pam_sss.c:2713 +#: src/sss_client/pam_sss.c:2746 msgid "Current Password: " msgstr "Mot de passe actuel : " -#: src/sss_client/pam_sss.c:3070 +#: src/sss_client/pam_sss.c:3103 msgid "Password expired. Change your password now." msgstr "Mot de passe expiré. Changez votre mot de passe maintenant." diff --git a/po/hu.po b/po/hu.po index 34d8c1cbf16..b6fc2458c68 100644 --- a/po/hu.po +++ b/po/hu.po @@ -10,7 +10,7 @@ msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" -"POT-Creation-Date: 2023-05-05 10:11+0200\n" +"POT-Creation-Date: 2023-09-07 11:48+0200\n" "PO-Revision-Date: 2014-12-14 11:45-0500\n" "Last-Translator: Copied by Zanata \n" "Language-Team: Hungarian (http://www.transifex.com/projects/p/sssd/language/" @@ -591,12 +591,12 @@ msgid "Whether to automatically update the client's DNS entry" msgstr "" #: src/config/SSSDConfig/sssdoptions.py:201 -#: src/config/SSSDConfig/sssdoptions.py:233 +#: src/config/SSSDConfig/sssdoptions.py:234 msgid "The TTL to apply to the client's DNS entry after updating it" msgstr "" #: src/config/SSSDConfig/sssdoptions.py:202 -#: src/config/SSSDConfig/sssdoptions.py:234 +#: src/config/SSSDConfig/sssdoptions.py:235 msgid "The interface whose IP should be used for dynamic DNS updates" msgstr "" @@ -680,1162 +680,1166 @@ msgid "" "(long term password) must have to be saved as SHA512 hash into the cache." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:228 +#: src/config/SSSDConfig/sssdoptions.py:226 +msgid "Local authentication methods policy " +msgstr "" + +#: src/config/SSSDConfig/sssdoptions.py:229 msgid "IPA domain" msgstr "IPA-tartomány" -#: src/config/SSSDConfig/sssdoptions.py:229 +#: src/config/SSSDConfig/sssdoptions.py:230 msgid "IPA server address" msgstr "IPA kiszolgáló címe" -#: src/config/SSSDConfig/sssdoptions.py:230 +#: src/config/SSSDConfig/sssdoptions.py:231 msgid "Address of backup IPA server" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:231 +#: src/config/SSSDConfig/sssdoptions.py:232 msgid "IPA client hostname" msgstr "IPA kliens hosztneve" -#: src/config/SSSDConfig/sssdoptions.py:232 +#: src/config/SSSDConfig/sssdoptions.py:233 msgid "Whether to automatically update the client's DNS entry in FreeIPA" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:235 +#: src/config/SSSDConfig/sssdoptions.py:236 msgid "Search base for HBAC related objects" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:236 +#: src/config/SSSDConfig/sssdoptions.py:237 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:237 +#: src/config/SSSDConfig/sssdoptions.py:238 msgid "" "The amount of time in seconds between lookups of the SELinux maps against " "the IPA server" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:239 +#: src/config/SSSDConfig/sssdoptions.py:240 msgid "If set to false, host argument given by PAM will be ignored" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:240 +#: src/config/SSSDConfig/sssdoptions.py:241 msgid "The automounter location this IPA client is using" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:241 +#: src/config/SSSDConfig/sssdoptions.py:242 msgid "Search base for object containing info about IPA domain" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:242 +#: src/config/SSSDConfig/sssdoptions.py:243 msgid "Search base for objects containing info about ID ranges" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:243 -#: src/config/SSSDConfig/sssdoptions.py:299 +#: src/config/SSSDConfig/sssdoptions.py:244 +#: src/config/SSSDConfig/sssdoptions.py:300 msgid "Enable DNS sites - location based service discovery" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:244 +#: src/config/SSSDConfig/sssdoptions.py:245 msgid "Search base for view containers" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:245 +#: src/config/SSSDConfig/sssdoptions.py:246 msgid "Objectclass for view containers" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:246 +#: src/config/SSSDConfig/sssdoptions.py:247 msgid "Attribute with the name of the view" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:247 +#: src/config/SSSDConfig/sssdoptions.py:248 msgid "Objectclass for override objects" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:248 +#: src/config/SSSDConfig/sssdoptions.py:249 msgid "Attribute with the reference to the original object" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:249 +#: src/config/SSSDConfig/sssdoptions.py:250 msgid "Objectclass for user override objects" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:250 +#: src/config/SSSDConfig/sssdoptions.py:251 msgid "Objectclass for group override objects" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:251 +#: src/config/SSSDConfig/sssdoptions.py:252 msgid "Search base for Desktop Profile related objects" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:252 +#: src/config/SSSDConfig/sssdoptions.py:253 msgid "" "The amount of time in seconds between lookups of the Desktop Profile rules " "against the IPA server" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:254 +#: src/config/SSSDConfig/sssdoptions.py:255 msgid "" "The amount of time in minutes between lookups of Desktop Profiles rules " "against the IPA server when the last request did not find any rule" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:257 +#: src/config/SSSDConfig/sssdoptions.py:258 msgid "Search base for SUBID ranges" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:258 -#: src/config/SSSDConfig/sssdoptions.py:501 +#: src/config/SSSDConfig/sssdoptions.py:259 +#: src/config/SSSDConfig/sssdoptions.py:502 msgid "Which rules should be used to evaluate access control" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:259 +#: src/config/SSSDConfig/sssdoptions.py:260 msgid "The LDAP attribute that contains FQDN of the host." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:260 -#: src/config/SSSDConfig/sssdoptions.py:283 +#: src/config/SSSDConfig/sssdoptions.py:261 +#: src/config/SSSDConfig/sssdoptions.py:284 msgid "The object class of a host entry in LDAP." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:261 +#: src/config/SSSDConfig/sssdoptions.py:262 msgid "Use the given string as search base for host objects." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:262 +#: src/config/SSSDConfig/sssdoptions.py:263 msgid "The LDAP attribute that contains the host's SSH public keys." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:263 +#: src/config/SSSDConfig/sssdoptions.py:264 msgid "The LDAP attribute that contains NIS domain name of the netgroup." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:264 +#: src/config/SSSDConfig/sssdoptions.py:265 msgid "The LDAP attribute that contains the names of the netgroup's members." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:265 +#: src/config/SSSDConfig/sssdoptions.py:266 msgid "" "The LDAP attribute that lists FQDNs of hosts and host groups that are " "members of the netgroup." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:267 +#: src/config/SSSDConfig/sssdoptions.py:268 msgid "" "The LDAP attribute that lists hosts and host groups that are direct members " "of the netgroup." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:269 +#: src/config/SSSDConfig/sssdoptions.py:270 msgid "The LDAP attribute that lists netgroup's memberships." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:270 +#: src/config/SSSDConfig/sssdoptions.py:271 msgid "" "The LDAP attribute that lists system users and groups that are direct " "members of the netgroup." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:272 +#: src/config/SSSDConfig/sssdoptions.py:273 msgid "The LDAP attribute that corresponds to the netgroup name." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:273 +#: src/config/SSSDConfig/sssdoptions.py:274 msgid "The object class of a netgroup entry in LDAP." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:274 +#: src/config/SSSDConfig/sssdoptions.py:275 msgid "" "The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:275 +#: src/config/SSSDConfig/sssdoptions.py:276 msgid "" "The LDAP attribute that contains whether or not is user map enabled for " "usage." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:277 +#: src/config/SSSDConfig/sssdoptions.py:278 msgid "The LDAP attribute that contains host category such as 'all'." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:278 +#: src/config/SSSDConfig/sssdoptions.py:279 msgid "" "The LDAP attribute that contains all hosts / hostgroups this rule match " "against." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:280 +#: src/config/SSSDConfig/sssdoptions.py:281 msgid "" "The LDAP attribute that contains all users / groups this rule match against." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:282 +#: src/config/SSSDConfig/sssdoptions.py:283 msgid "The LDAP attribute that contains the name of SELinux usermap." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:284 +#: src/config/SSSDConfig/sssdoptions.py:285 msgid "" "The LDAP attribute that contains DN of HBAC rule which can be used for " "matching instead of memberUser and memberHost." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:286 +#: src/config/SSSDConfig/sssdoptions.py:287 msgid "The LDAP attribute that contains SELinux user string itself." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:287 +#: src/config/SSSDConfig/sssdoptions.py:288 msgid "The LDAP attribute that contains user category such as 'all'." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:288 +#: src/config/SSSDConfig/sssdoptions.py:289 msgid "The LDAP attribute that contains unique ID of the user map." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:289 +#: src/config/SSSDConfig/sssdoptions.py:290 msgid "" "The option denotes that the SSSD is running on IPA server and should perform " "lookups of users and groups from trusted domains differently." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:291 +#: src/config/SSSDConfig/sssdoptions.py:292 msgid "Use the given string as search base for trusted domains." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:294 +#: src/config/SSSDConfig/sssdoptions.py:295 msgid "Active Directory domain" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:295 +#: src/config/SSSDConfig/sssdoptions.py:296 msgid "Enabled Active Directory domains" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:296 +#: src/config/SSSDConfig/sssdoptions.py:297 msgid "Active Directory server address" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:297 +#: src/config/SSSDConfig/sssdoptions.py:298 msgid "Active Directory backup server address" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:298 +#: src/config/SSSDConfig/sssdoptions.py:299 msgid "Active Directory client hostname" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:300 -#: src/config/SSSDConfig/sssdoptions.py:499 +#: src/config/SSSDConfig/sssdoptions.py:301 +#: src/config/SSSDConfig/sssdoptions.py:500 msgid "LDAP filter to determine access privileges" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:301 +#: src/config/SSSDConfig/sssdoptions.py:302 msgid "Whether to use the Global Catalog for lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:302 +#: src/config/SSSDConfig/sssdoptions.py:303 msgid "Operation mode for GPO-based access control" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:303 +#: src/config/SSSDConfig/sssdoptions.py:304 msgid "" "The amount of time between lookups of the GPO policy files against the AD " "server" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:304 +#: src/config/SSSDConfig/sssdoptions.py:305 msgid "" "PAM service names that map to the GPO (Deny)InteractiveLogonRight policy " "settings" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:306 +#: src/config/SSSDConfig/sssdoptions.py:307 msgid "" "PAM service names that map to the GPO (Deny)RemoteInteractiveLogonRight " "policy settings" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:308 +#: src/config/SSSDConfig/sssdoptions.py:309 msgid "" "PAM service names that map to the GPO (Deny)NetworkLogonRight policy settings" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:309 +#: src/config/SSSDConfig/sssdoptions.py:310 msgid "" "PAM service names that map to the GPO (Deny)BatchLogonRight policy settings" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:310 +#: src/config/SSSDConfig/sssdoptions.py:311 msgid "" "PAM service names that map to the GPO (Deny)ServiceLogonRight policy settings" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:311 +#: src/config/SSSDConfig/sssdoptions.py:312 msgid "PAM service names for which GPO-based access is always granted" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:312 +#: src/config/SSSDConfig/sssdoptions.py:313 msgid "PAM service names for which GPO-based access is always denied" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:313 +#: src/config/SSSDConfig/sssdoptions.py:314 msgid "" "Default logon right (or permit/deny) to use for unmapped PAM service names" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:314 +#: src/config/SSSDConfig/sssdoptions.py:315 msgid "a particular site to be used by the client" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:315 +#: src/config/SSSDConfig/sssdoptions.py:316 msgid "" "Maximum age in days before the machine account password should be renewed" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:317 +#: src/config/SSSDConfig/sssdoptions.py:318 msgid "Option for tuning the machine account renewal task" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:318 +#: src/config/SSSDConfig/sssdoptions.py:319 msgid "Whether to update the machine account password in the Samba database" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:320 +#: src/config/SSSDConfig/sssdoptions.py:321 msgid "Use LDAPS port for LDAP and Global Catalog requests" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:321 +#: src/config/SSSDConfig/sssdoptions.py:322 msgid "Do not filter domain local groups from other domains" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:324 #: src/config/SSSDConfig/sssdoptions.py:325 +#: src/config/SSSDConfig/sssdoptions.py:326 msgid "Kerberos server address" msgstr "Kerberos-kiszolgáló címe" -#: src/config/SSSDConfig/sssdoptions.py:326 +#: src/config/SSSDConfig/sssdoptions.py:327 msgid "Kerberos backup server address" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:327 +#: src/config/SSSDConfig/sssdoptions.py:328 msgid "Kerberos realm" msgstr "Kerberos-tartomány" -#: src/config/SSSDConfig/sssdoptions.py:328 +#: src/config/SSSDConfig/sssdoptions.py:329 msgid "Authentication timeout" msgstr "Időtúllépés azonosításkor" -#: src/config/SSSDConfig/sssdoptions.py:329 +#: src/config/SSSDConfig/sssdoptions.py:330 msgid "Whether to create kdcinfo files" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:330 +#: src/config/SSSDConfig/sssdoptions.py:331 msgid "Where to drop krb5 config snippets" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:333 +#: src/config/SSSDConfig/sssdoptions.py:334 msgid "Directory to store credential caches" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:334 +#: src/config/SSSDConfig/sssdoptions.py:335 msgid "Location of the user's credential cache" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:335 +#: src/config/SSSDConfig/sssdoptions.py:336 msgid "Location of the keytab to validate credentials" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:336 +#: src/config/SSSDConfig/sssdoptions.py:337 msgid "Enable credential validation" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:337 +#: src/config/SSSDConfig/sssdoptions.py:338 msgid "Store password if offline for later online authentication" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:338 +#: src/config/SSSDConfig/sssdoptions.py:339 msgid "Renewable lifetime of the TGT" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:339 +#: src/config/SSSDConfig/sssdoptions.py:340 msgid "Lifetime of the TGT" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:340 +#: src/config/SSSDConfig/sssdoptions.py:341 msgid "Time between two checks for renewal" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:341 +#: src/config/SSSDConfig/sssdoptions.py:342 msgid "Enables FAST" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:342 +#: src/config/SSSDConfig/sssdoptions.py:343 msgid "Selects the principal to use for FAST" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:343 +#: src/config/SSSDConfig/sssdoptions.py:344 msgid "Use anonymous PKINIT to request FAST credentials" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:344 +#: src/config/SSSDConfig/sssdoptions.py:345 msgid "Enables principal canonicalization" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:345 +#: src/config/SSSDConfig/sssdoptions.py:346 msgid "Enables enterprise principals" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:346 +#: src/config/SSSDConfig/sssdoptions.py:347 msgid "Enables using of subdomains realms for authentication" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:347 +#: src/config/SSSDConfig/sssdoptions.py:348 msgid "A mapping from user names to Kerberos principal names" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:350 #: src/config/SSSDConfig/sssdoptions.py:351 +#: src/config/SSSDConfig/sssdoptions.py:352 msgid "Server where the change password service is running if not on the KDC" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:354 +#: src/config/SSSDConfig/sssdoptions.py:355 msgid "ldap_uri, The URI of the LDAP server" msgstr "ldap_uri, az LDAP szerver URI-ja" -#: src/config/SSSDConfig/sssdoptions.py:355 +#: src/config/SSSDConfig/sssdoptions.py:356 msgid "ldap_backup_uri, The URI of the LDAP server" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:356 +#: src/config/SSSDConfig/sssdoptions.py:357 msgid "The default base DN" msgstr "Alapértelmezett LDAP alap-DN-je" -#: src/config/SSSDConfig/sssdoptions.py:357 +#: src/config/SSSDConfig/sssdoptions.py:358 msgid "The Schema Type in use on the LDAP server, rfc2307" msgstr "Az LDAP szerveren használt séma-típus, rfc2307" -#: src/config/SSSDConfig/sssdoptions.py:358 +#: src/config/SSSDConfig/sssdoptions.py:359 msgid "Mode used to change user password" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:359 +#: src/config/SSSDConfig/sssdoptions.py:360 msgid "The default bind DN" msgstr "Az alapértelmezett bind DN" -#: src/config/SSSDConfig/sssdoptions.py:360 +#: src/config/SSSDConfig/sssdoptions.py:361 msgid "The type of the authentication token of the default bind DN" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:361 +#: src/config/SSSDConfig/sssdoptions.py:362 msgid "The authentication token of the default bind DN" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:362 +#: src/config/SSSDConfig/sssdoptions.py:363 msgid "Length of time to attempt connection" msgstr "A kapcsolódási próbálkozás időtartama" -#: src/config/SSSDConfig/sssdoptions.py:363 +#: src/config/SSSDConfig/sssdoptions.py:364 msgid "Length of time to attempt synchronous LDAP operations" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:364 +#: src/config/SSSDConfig/sssdoptions.py:365 msgid "Length of time between attempts to reconnect while offline" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:365 +#: src/config/SSSDConfig/sssdoptions.py:366 msgid "Use only the upper case for realm names" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:366 +#: src/config/SSSDConfig/sssdoptions.py:367 msgid "File that contains CA certificates" msgstr "A CA tanusítványokat tartalmazó fájl" -#: src/config/SSSDConfig/sssdoptions.py:367 +#: src/config/SSSDConfig/sssdoptions.py:368 msgid "Path to CA certificate directory" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:368 +#: src/config/SSSDConfig/sssdoptions.py:369 msgid "File that contains the client certificate" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:369 +#: src/config/SSSDConfig/sssdoptions.py:370 msgid "File that contains the client key" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:370 +#: src/config/SSSDConfig/sssdoptions.py:371 msgid "List of possible ciphers suites" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:371 +#: src/config/SSSDConfig/sssdoptions.py:372 msgid "Require TLS certificate verification" msgstr "TLS tanusítvány ellenőrzése" -#: src/config/SSSDConfig/sssdoptions.py:372 +#: src/config/SSSDConfig/sssdoptions.py:373 msgid "Specify the sasl mechanism to use" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:373 +#: src/config/SSSDConfig/sssdoptions.py:374 msgid "Specify the sasl authorization id to use" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:374 +#: src/config/SSSDConfig/sssdoptions.py:375 msgid "Specify the sasl authorization realm to use" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:375 +#: src/config/SSSDConfig/sssdoptions.py:376 msgid "Specify the minimal SSF for LDAP sasl authorization" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:376 +#: src/config/SSSDConfig/sssdoptions.py:377 msgid "Specify the maximal SSF for LDAP sasl authorization" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:377 +#: src/config/SSSDConfig/sssdoptions.py:378 msgid "Kerberos service keytab" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:378 +#: src/config/SSSDConfig/sssdoptions.py:379 msgid "Use Kerberos auth for LDAP connection" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:379 +#: src/config/SSSDConfig/sssdoptions.py:380 msgid "Follow LDAP referrals" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:380 +#: src/config/SSSDConfig/sssdoptions.py:381 msgid "Lifetime of TGT for LDAP connection" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:381 +#: src/config/SSSDConfig/sssdoptions.py:382 msgid "How to dereference aliases" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:382 +#: src/config/SSSDConfig/sssdoptions.py:383 msgid "Service name for DNS service lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:383 +#: src/config/SSSDConfig/sssdoptions.py:384 msgid "The number of records to retrieve in a single LDAP query" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:384 +#: src/config/SSSDConfig/sssdoptions.py:385 msgid "The number of members that must be missing to trigger a full deref" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:385 +#: src/config/SSSDConfig/sssdoptions.py:386 msgid "Ignore unreadable LDAP references" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:386 +#: src/config/SSSDConfig/sssdoptions.py:387 msgid "" "Whether the LDAP library should perform a reverse lookup to canonicalize the " "host name during a SASL bind" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:388 +#: src/config/SSSDConfig/sssdoptions.py:389 msgid "" "Allows to retain local users as members of an LDAP group for servers that " "use the RFC2307 schema." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:391 +#: src/config/SSSDConfig/sssdoptions.py:392 msgid "entryUSN attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:392 +#: src/config/SSSDConfig/sssdoptions.py:393 msgid "lastUSN attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:394 +#: src/config/SSSDConfig/sssdoptions.py:395 msgid "How long to retain a connection to the LDAP server before disconnecting" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:397 +#: src/config/SSSDConfig/sssdoptions.py:398 msgid "Disable the LDAP paging control" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:398 +#: src/config/SSSDConfig/sssdoptions.py:399 msgid "Disable Active Directory range retrieval" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:401 +#: src/config/SSSDConfig/sssdoptions.py:402 msgid "Length of time to wait for a search request" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:402 +#: src/config/SSSDConfig/sssdoptions.py:403 msgid "Length of time to wait for a enumeration request" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:403 +#: src/config/SSSDConfig/sssdoptions.py:404 msgid "Length of time between enumeration updates" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:404 +#: src/config/SSSDConfig/sssdoptions.py:405 msgid "Maximum period deviation between enumeration updates" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:405 +#: src/config/SSSDConfig/sssdoptions.py:406 msgid "Length of time between cache cleanups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:406 +#: src/config/SSSDConfig/sssdoptions.py:407 msgid "Maximum time deviation between cache cleanups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:407 +#: src/config/SSSDConfig/sssdoptions.py:408 msgid "Require TLS for ID lookups" msgstr "TLS megkövetelése ID keresésekor" -#: src/config/SSSDConfig/sssdoptions.py:408 +#: src/config/SSSDConfig/sssdoptions.py:409 msgid "Use ID-mapping of objectSID instead of pre-set IDs" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:409 +#: src/config/SSSDConfig/sssdoptions.py:410 msgid "Base DN for user lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:410 +#: src/config/SSSDConfig/sssdoptions.py:411 msgid "Scope of user lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:411 +#: src/config/SSSDConfig/sssdoptions.py:412 msgid "Filter for user lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:412 +#: src/config/SSSDConfig/sssdoptions.py:413 msgid "Objectclass for users" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:413 +#: src/config/SSSDConfig/sssdoptions.py:414 msgid "Username attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:414 +#: src/config/SSSDConfig/sssdoptions.py:415 msgid "UID attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:415 +#: src/config/SSSDConfig/sssdoptions.py:416 msgid "Primary GID attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:416 +#: src/config/SSSDConfig/sssdoptions.py:417 msgid "GECOS attribute" msgstr "GECOS attribútum" -#: src/config/SSSDConfig/sssdoptions.py:417 +#: src/config/SSSDConfig/sssdoptions.py:418 msgid "Home directory attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:418 +#: src/config/SSSDConfig/sssdoptions.py:419 msgid "Shell attribute" msgstr "Shell attribútum" -#: src/config/SSSDConfig/sssdoptions.py:419 +#: src/config/SSSDConfig/sssdoptions.py:420 msgid "UUID attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:420 -#: src/config/SSSDConfig/sssdoptions.py:459 +#: src/config/SSSDConfig/sssdoptions.py:421 +#: src/config/SSSDConfig/sssdoptions.py:460 msgid "objectSID attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:421 +#: src/config/SSSDConfig/sssdoptions.py:422 msgid "Active Directory primary group attribute for ID-mapping" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:422 +#: src/config/SSSDConfig/sssdoptions.py:423 msgid "User principal attribute (for Kerberos)" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:423 +#: src/config/SSSDConfig/sssdoptions.py:424 msgid "Full Name" msgstr "Teljes név" -#: src/config/SSSDConfig/sssdoptions.py:424 +#: src/config/SSSDConfig/sssdoptions.py:425 msgid "memberOf attribute" msgstr "memberOf attribútum" -#: src/config/SSSDConfig/sssdoptions.py:425 +#: src/config/SSSDConfig/sssdoptions.py:426 msgid "Modification time attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:426 +#: src/config/SSSDConfig/sssdoptions.py:427 msgid "shadowLastChange attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:427 +#: src/config/SSSDConfig/sssdoptions.py:428 msgid "shadowMin attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:428 +#: src/config/SSSDConfig/sssdoptions.py:429 msgid "shadowMax attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:429 +#: src/config/SSSDConfig/sssdoptions.py:430 msgid "shadowWarning attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:430 +#: src/config/SSSDConfig/sssdoptions.py:431 msgid "shadowInactive attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:431 +#: src/config/SSSDConfig/sssdoptions.py:432 msgid "shadowExpire attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:432 +#: src/config/SSSDConfig/sssdoptions.py:433 msgid "shadowFlag attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:433 +#: src/config/SSSDConfig/sssdoptions.py:434 msgid "Attribute listing authorized PAM services" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:434 +#: src/config/SSSDConfig/sssdoptions.py:435 msgid "Attribute listing authorized server hosts" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:435 +#: src/config/SSSDConfig/sssdoptions.py:436 msgid "Attribute listing authorized server rhosts" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:436 +#: src/config/SSSDConfig/sssdoptions.py:437 msgid "krbLastPwdChange attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:437 +#: src/config/SSSDConfig/sssdoptions.py:438 msgid "krbPasswordExpiration attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:438 +#: src/config/SSSDConfig/sssdoptions.py:439 msgid "Attribute indicating that server side password policies are active" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:439 +#: src/config/SSSDConfig/sssdoptions.py:440 msgid "accountExpires attribute of AD" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:440 +#: src/config/SSSDConfig/sssdoptions.py:441 msgid "userAccountControl attribute of AD" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:441 +#: src/config/SSSDConfig/sssdoptions.py:442 msgid "nsAccountLock attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:442 +#: src/config/SSSDConfig/sssdoptions.py:443 msgid "loginDisabled attribute of NDS" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:443 +#: src/config/SSSDConfig/sssdoptions.py:444 msgid "loginExpirationTime attribute of NDS" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:444 +#: src/config/SSSDConfig/sssdoptions.py:445 msgid "loginAllowedTimeMap attribute of NDS" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:445 +#: src/config/SSSDConfig/sssdoptions.py:446 msgid "SSH public key attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:446 +#: src/config/SSSDConfig/sssdoptions.py:447 msgid "attribute listing allowed authentication types for a user" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:447 +#: src/config/SSSDConfig/sssdoptions.py:448 msgid "attribute containing the X509 certificate of the user" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:448 +#: src/config/SSSDConfig/sssdoptions.py:449 msgid "attribute containing the email address of the user" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:449 +#: src/config/SSSDConfig/sssdoptions.py:450 msgid "attribute containing the passkey mapping data of the user" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:450 +#: src/config/SSSDConfig/sssdoptions.py:451 msgid "A list of extra attributes to download along with the user entry" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:452 +#: src/config/SSSDConfig/sssdoptions.py:453 msgid "Base DN for group lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:453 +#: src/config/SSSDConfig/sssdoptions.py:454 msgid "Objectclass for groups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:454 +#: src/config/SSSDConfig/sssdoptions.py:455 msgid "Group name" msgstr "Csoport neve" -#: src/config/SSSDConfig/sssdoptions.py:455 +#: src/config/SSSDConfig/sssdoptions.py:456 msgid "Group password" msgstr "Csoport jelszava" -#: src/config/SSSDConfig/sssdoptions.py:456 +#: src/config/SSSDConfig/sssdoptions.py:457 msgid "GID attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:457 +#: src/config/SSSDConfig/sssdoptions.py:458 msgid "Group member attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:458 +#: src/config/SSSDConfig/sssdoptions.py:459 msgid "Group UUID attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:460 +#: src/config/SSSDConfig/sssdoptions.py:461 msgid "Modification time attribute for groups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:461 +#: src/config/SSSDConfig/sssdoptions.py:462 msgid "Type of the group and other flags" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:462 +#: src/config/SSSDConfig/sssdoptions.py:463 msgid "The LDAP group external member attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:463 +#: src/config/SSSDConfig/sssdoptions.py:464 msgid "Maximum nesting level SSSD will follow" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:464 +#: src/config/SSSDConfig/sssdoptions.py:465 msgid "Filter for group lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:465 +#: src/config/SSSDConfig/sssdoptions.py:466 msgid "Scope of group lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:467 +#: src/config/SSSDConfig/sssdoptions.py:468 msgid "Base DN for netgroup lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:468 +#: src/config/SSSDConfig/sssdoptions.py:469 msgid "Objectclass for netgroups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:469 +#: src/config/SSSDConfig/sssdoptions.py:470 msgid "Netgroup name" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:470 +#: src/config/SSSDConfig/sssdoptions.py:471 msgid "Netgroups members attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:471 +#: src/config/SSSDConfig/sssdoptions.py:472 msgid "Netgroup triple attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:472 +#: src/config/SSSDConfig/sssdoptions.py:473 msgid "Modification time attribute for netgroups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:474 +#: src/config/SSSDConfig/sssdoptions.py:475 msgid "Base DN for service lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:475 +#: src/config/SSSDConfig/sssdoptions.py:476 msgid "Objectclass for services" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:476 +#: src/config/SSSDConfig/sssdoptions.py:477 msgid "Service name attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:477 +#: src/config/SSSDConfig/sssdoptions.py:478 msgid "Service port attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:478 +#: src/config/SSSDConfig/sssdoptions.py:479 msgid "Service protocol attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:480 +#: src/config/SSSDConfig/sssdoptions.py:481 msgid "Lower bound for ID-mapping" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:481 +#: src/config/SSSDConfig/sssdoptions.py:482 msgid "Upper bound for ID-mapping" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:482 +#: src/config/SSSDConfig/sssdoptions.py:483 msgid "Number of IDs for each slice when ID-mapping" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:483 +#: src/config/SSSDConfig/sssdoptions.py:484 msgid "Use autorid-compatible algorithm for ID-mapping" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:484 +#: src/config/SSSDConfig/sssdoptions.py:485 msgid "Name of the default domain for ID-mapping" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:485 +#: src/config/SSSDConfig/sssdoptions.py:486 msgid "SID of the default domain for ID-mapping" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:486 +#: src/config/SSSDConfig/sssdoptions.py:487 msgid "Number of secondary slices" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:488 +#: src/config/SSSDConfig/sssdoptions.py:489 msgid "Whether to use Token-Groups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:489 +#: src/config/SSSDConfig/sssdoptions.py:490 msgid "Set lower boundary for allowed IDs from the LDAP server" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:490 +#: src/config/SSSDConfig/sssdoptions.py:491 msgid "Set upper boundary for allowed IDs from the LDAP server" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:491 +#: src/config/SSSDConfig/sssdoptions.py:492 msgid "DN for ppolicy queries" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:492 +#: src/config/SSSDConfig/sssdoptions.py:493 msgid "How many maximum entries to fetch during a wildcard request" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:493 +#: src/config/SSSDConfig/sssdoptions.py:494 msgid "Set libldap debug level" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:496 +#: src/config/SSSDConfig/sssdoptions.py:497 msgid "Policy to evaluate the password expiration" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:500 +#: src/config/SSSDConfig/sssdoptions.py:501 msgid "Which attributes shall be used to evaluate if an account is expired" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:504 +#: src/config/SSSDConfig/sssdoptions.py:505 msgid "URI of an LDAP server where password changes are allowed" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:505 +#: src/config/SSSDConfig/sssdoptions.py:506 msgid "URI of a backup LDAP server where password changes are allowed" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:506 +#: src/config/SSSDConfig/sssdoptions.py:507 msgid "DNS service name for LDAP password change server" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:507 +#: src/config/SSSDConfig/sssdoptions.py:508 msgid "" "Whether to update the ldap_user_shadow_last_change attribute after a " "password change" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:511 +#: src/config/SSSDConfig/sssdoptions.py:512 msgid "Base DN for sudo rules lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:512 +#: src/config/SSSDConfig/sssdoptions.py:513 msgid "Automatic full refresh period" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:513 +#: src/config/SSSDConfig/sssdoptions.py:514 msgid "Automatic smart refresh period" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:514 +#: src/config/SSSDConfig/sssdoptions.py:515 msgid "Smart and full refresh random offset" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:515 +#: src/config/SSSDConfig/sssdoptions.py:516 msgid "Whether to filter rules by hostname, IP addresses and network" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:516 +#: src/config/SSSDConfig/sssdoptions.py:517 msgid "" "Hostnames and/or fully qualified domain names of this machine to filter sudo " "rules" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:517 +#: src/config/SSSDConfig/sssdoptions.py:518 msgid "IPv4 or IPv6 addresses or network of this machine to filter sudo rules" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:518 +#: src/config/SSSDConfig/sssdoptions.py:519 msgid "Whether to include rules that contains netgroup in host attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:519 +#: src/config/SSSDConfig/sssdoptions.py:520 msgid "" "Whether to include rules that contains regular expression in host attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:520 +#: src/config/SSSDConfig/sssdoptions.py:521 msgid "Object class for sudo rules" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:521 +#: src/config/SSSDConfig/sssdoptions.py:522 msgid "Name of attribute that is used as object class for sudo rules" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:522 +#: src/config/SSSDConfig/sssdoptions.py:523 msgid "Sudo rule name" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:523 +#: src/config/SSSDConfig/sssdoptions.py:524 msgid "Sudo rule command attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:524 +#: src/config/SSSDConfig/sssdoptions.py:525 msgid "Sudo rule host attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:525 +#: src/config/SSSDConfig/sssdoptions.py:526 msgid "Sudo rule user attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:526 +#: src/config/SSSDConfig/sssdoptions.py:527 msgid "Sudo rule option attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:527 +#: src/config/SSSDConfig/sssdoptions.py:528 msgid "Sudo rule runas attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:528 +#: src/config/SSSDConfig/sssdoptions.py:529 msgid "Sudo rule runasuser attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:529 +#: src/config/SSSDConfig/sssdoptions.py:530 msgid "Sudo rule runasgroup attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:530 +#: src/config/SSSDConfig/sssdoptions.py:531 msgid "Sudo rule notbefore attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:531 +#: src/config/SSSDConfig/sssdoptions.py:532 msgid "Sudo rule notafter attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:532 +#: src/config/SSSDConfig/sssdoptions.py:533 msgid "Sudo rule order attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:535 +#: src/config/SSSDConfig/sssdoptions.py:536 msgid "Object class for automounter maps" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:536 +#: src/config/SSSDConfig/sssdoptions.py:537 msgid "Automounter map name attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:537 +#: src/config/SSSDConfig/sssdoptions.py:538 msgid "Object class for automounter map entries" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:538 +#: src/config/SSSDConfig/sssdoptions.py:539 msgid "Automounter map entry key attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:539 +#: src/config/SSSDConfig/sssdoptions.py:540 msgid "Automounter map entry value attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:540 +#: src/config/SSSDConfig/sssdoptions.py:541 msgid "Base DN for automounter map lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:541 +#: src/config/SSSDConfig/sssdoptions.py:542 msgid "The name of the automount master map in LDAP." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:544 +#: src/config/SSSDConfig/sssdoptions.py:545 msgid "Base DN for IP hosts lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:545 +#: src/config/SSSDConfig/sssdoptions.py:546 msgid "Object class for IP hosts" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:546 +#: src/config/SSSDConfig/sssdoptions.py:547 msgid "IP host name attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:547 +#: src/config/SSSDConfig/sssdoptions.py:548 msgid "IP host number (address) attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:548 +#: src/config/SSSDConfig/sssdoptions.py:549 msgid "IP host entryUSN attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:549 +#: src/config/SSSDConfig/sssdoptions.py:550 msgid "Base DN for IP networks lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:550 +#: src/config/SSSDConfig/sssdoptions.py:551 msgid "Object class for IP networks" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:551 +#: src/config/SSSDConfig/sssdoptions.py:552 msgid "IP network name attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:552 +#: src/config/SSSDConfig/sssdoptions.py:553 msgid "IP network number (address) attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:553 +#: src/config/SSSDConfig/sssdoptions.py:554 msgid "IP network entryUSN attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:556 +#: src/config/SSSDConfig/sssdoptions.py:557 msgid "Comma separated list of allowed users" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:557 +#: src/config/SSSDConfig/sssdoptions.py:558 msgid "Comma separated list of prohibited users" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:558 +#: src/config/SSSDConfig/sssdoptions.py:559 msgid "" "Comma separated list of groups that are allowed to log in. This applies only " "to groups within this SSSD domain. Local groups are not evaluated." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:560 +#: src/config/SSSDConfig/sssdoptions.py:561 msgid "" "Comma separated list of groups that are explicitly denied access. This " "applies only to groups within this SSSD domain. Local groups are not " "evaluated." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:564 +#: src/config/SSSDConfig/sssdoptions.py:565 msgid "The number of preforked proxy children." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:567 +#: src/config/SSSDConfig/sssdoptions.py:568 msgid "The name of the NSS library to use" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:568 +#: src/config/SSSDConfig/sssdoptions.py:569 msgid "The name of the NSS library to use for hosts and networks lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:569 +#: src/config/SSSDConfig/sssdoptions.py:570 msgid "Whether to look up canonical group name from cache if possible" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:572 +#: src/config/SSSDConfig/sssdoptions.py:573 msgid "PAM stack to use" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:575 +#: src/config/SSSDConfig/sssdoptions.py:576 msgid "Path of passwd file sources." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:576 +#: src/config/SSSDConfig/sssdoptions.py:577 msgid "Path of group file sources." msgstr "" @@ -1884,67 +1888,67 @@ msgstr "" msgid "SSSD is already running\n" msgstr "" -#: src/providers/krb5/krb5_child.c:4007 src/providers/ldap/ldap_child.c:641 +#: src/providers/krb5/krb5_child.c:4027 src/providers/ldap/ldap_child.c:642 msgid "Allow core dumps" msgstr "" -#: src/providers/krb5/krb5_child.c:4009 src/providers/ldap/ldap_child.c:643 +#: src/providers/krb5/krb5_child.c:4029 src/providers/ldap/ldap_child.c:644 msgid "An open file descriptor for the debug logs" msgstr "" -#: src/providers/krb5/krb5_child.c:4012 +#: src/providers/krb5/krb5_child.c:4032 msgid "The user to create FAST ccache as" msgstr "" -#: src/providers/krb5/krb5_child.c:4014 +#: src/providers/krb5/krb5_child.c:4034 msgid "The group to create FAST ccache as" msgstr "" -#: src/providers/krb5/krb5_child.c:4016 +#: src/providers/krb5/krb5_child.c:4036 msgid "Use anonymous PKINIT to request FAST armor ticket" msgstr "" -#: src/providers/krb5/krb5_child.c:4018 +#: src/providers/krb5/krb5_child.c:4038 msgid "Kerberos realm to use" msgstr "" -#: src/providers/krb5/krb5_child.c:4020 +#: src/providers/krb5/krb5_child.c:4040 msgid "Requested lifetime of the ticket" msgstr "" -#: src/providers/krb5/krb5_child.c:4022 +#: src/providers/krb5/krb5_child.c:4042 msgid "Requested renewable lifetime of the ticket" msgstr "" -#: src/providers/krb5/krb5_child.c:4024 +#: src/providers/krb5/krb5_child.c:4044 msgid "FAST options ('never', 'try', 'demand')" msgstr "" -#: src/providers/krb5/krb5_child.c:4027 +#: src/providers/krb5/krb5_child.c:4047 msgid "Specifies the server principal to use for FAST" msgstr "" -#: src/providers/krb5/krb5_child.c:4029 +#: src/providers/krb5/krb5_child.c:4049 msgid "Requests canonicalization of the principal name" msgstr "" -#: src/providers/krb5/krb5_child.c:4031 +#: src/providers/krb5/krb5_child.c:4051 msgid "Use custom version of krb5_get_init_creds_password" msgstr "" -#: src/providers/krb5/krb5_child.c:4033 +#: src/providers/krb5/krb5_child.c:4053 msgid "Tevent chain ID used for logging purposes" msgstr "" -#: src/providers/krb5/krb5_child.c:4035 +#: src/providers/krb5/krb5_child.c:4055 msgid "Check PAC flags" msgstr "" -#: src/providers/krb5/krb5_child.c:4079 src/providers/ldap/ldap_child.c:669 +#: src/providers/krb5/krb5_child.c:4099 src/providers/ldap/ldap_child.c:670 msgid "talloc_asprintf failed.\n" msgstr "" -#: src/providers/krb5/krb5_child.c:4089 src/providers/ldap/ldap_child.c:678 +#: src/providers/krb5/krb5_child.c:4109 src/providers/ldap/ldap_child.c:679 msgid "set_debug_file_from_fd failed.\n" msgstr "" @@ -1988,119 +1992,131 @@ msgstr "" msgid "Permission denied. " msgstr "" -#: src/sss_client/pam_sss.c:70 src/sss_client/pam_sss.c:819 -#: src/sss_client/pam_sss.c:830 +#: src/sss_client/pam_sss.c:70 src/sss_client/pam_sss.c:838 +#: src/sss_client/pam_sss.c:849 msgid "Server message: " msgstr "Szerver üzenete:" #: src/sss_client/pam_sss.c:71 +msgid "" +"Kerberos TGT will not be granted upon login, user experience will be " +"affected." +msgstr "" + +#: src/sss_client/pam_sss.c:72 msgid "Enter PIN:" msgstr "" -#: src/sss_client/pam_sss.c:314 +#: src/sss_client/pam_sss.c:315 msgid "Passwords do not match" msgstr "A jelszavak nem egyeznek" -#: src/sss_client/pam_sss.c:502 +#: src/sss_client/pam_sss.c:503 msgid "Password reset by root is not supported." msgstr "A jelszó root általi visszaállítása nem támogatott." -#: src/sss_client/pam_sss.c:543 +#: src/sss_client/pam_sss.c:544 msgid "Authenticated with cached credentials" msgstr "Azonosítva gyorsítótárazott adatbázisból" -#: src/sss_client/pam_sss.c:544 +#: src/sss_client/pam_sss.c:545 msgid ", your cached password will expire at: " msgstr ", a gyorsítótárazott jelszó lejár ekkor: " -#: src/sss_client/pam_sss.c:574 +#: src/sss_client/pam_sss.c:575 #, c-format msgid "Your password has expired. You have %1$d grace login(s) remaining." msgstr "" -#: src/sss_client/pam_sss.c:624 +#: src/sss_client/pam_sss.c:625 #, c-format msgid "Your password will expire in %1$d %2$s." msgstr "" -#: src/sss_client/pam_sss.c:627 +#: src/sss_client/pam_sss.c:628 #, fuzzy, c-format msgid "Your password has expired." msgstr ", a gyorsítótárazott jelszó lejár ekkor: " -#: src/sss_client/pam_sss.c:678 +#: src/sss_client/pam_sss.c:679 msgid "Authentication is denied until: " msgstr "A bejelentkezés tiltott eddig:" -#: src/sss_client/pam_sss.c:699 +#: src/sss_client/pam_sss.c:700 msgid "System is offline, password change not possible" msgstr "A rendszer nem érhető el, a jelszó megváltoztatása nem lehetséges" -#: src/sss_client/pam_sss.c:714 +#: src/sss_client/pam_sss.c:715 msgid "" "After changing the OTP password, you need to log out and back in order to " "acquire a ticket" msgstr "" -#: src/sss_client/pam_sss.c:729 +#: src/sss_client/pam_sss.c:730 msgid "PIN locked" msgstr "" -#: src/sss_client/pam_sss.c:816 src/sss_client/pam_sss.c:829 +#: src/sss_client/pam_sss.c:745 +msgid "" +"No Kerberos TGT granted as the server does not support this method. Your " +"single-sign on(SSO) experience will be affected." +msgstr "" + +#: src/sss_client/pam_sss.c:835 src/sss_client/pam_sss.c:848 msgid "Password change failed. " msgstr "A jelszó megváltoztatása nem sikerült." -#: src/sss_client/pam_sss.c:1797 +#: src/sss_client/pam_sss.c:1819 #, c-format msgid "Authenticate at %1$s and press ENTER." msgstr "" -#: src/sss_client/pam_sss.c:1800 +#: src/sss_client/pam_sss.c:1822 #, c-format msgid "Authenticate with PIN %1$s at %2$s and press ENTER." msgstr "" -#: src/sss_client/pam_sss.c:2153 +#: src/sss_client/pam_sss.c:2181 msgid "Please (re)insert (different) Smartcard" msgstr "" -#: src/sss_client/pam_sss.c:2352 +#: src/sss_client/pam_sss.c:2380 msgid "New Password: " msgstr "Új jelszó:" -#: src/sss_client/pam_sss.c:2353 +#: src/sss_client/pam_sss.c:2381 msgid "Reenter new Password: " msgstr "Jelszó mégegyszer: " -#: src/sss_client/pam_sss.c:2523 src/sss_client/pam_sss.c:2526 +#: src/sss_client/pam_sss.c:2551 src/sss_client/pam_sss.c:2554 msgid "First Factor: " msgstr "" -#: src/sss_client/pam_sss.c:2524 src/sss_client/pam_sss.c:2707 +#: src/sss_client/pam_sss.c:2552 src/sss_client/pam_sss.c:2740 msgid "Second Factor (optional): " msgstr "" -#: src/sss_client/pam_sss.c:2527 src/sss_client/pam_sss.c:2710 +#: src/sss_client/pam_sss.c:2555 src/sss_client/pam_sss.c:2743 msgid "Second Factor: " msgstr "" -#: src/sss_client/pam_sss.c:2547 +#: src/sss_client/pam_sss.c:2575 msgid "Insert your passkey device, then press ENTER." msgstr "" -#: src/sss_client/pam_sss.c:2551 src/sss_client/pam_sss.c:2554 +#: src/sss_client/pam_sss.c:2579 src/sss_client/pam_sss.c:2587 msgid "Password: " msgstr "Jelszó: " -#: src/sss_client/pam_sss.c:2706 src/sss_client/pam_sss.c:2709 +#: src/sss_client/pam_sss.c:2739 src/sss_client/pam_sss.c:2742 msgid "First Factor (Current Password): " msgstr "" -#: src/sss_client/pam_sss.c:2713 +#: src/sss_client/pam_sss.c:2746 msgid "Current Password: " msgstr "Jelenlegi jelszó:" -#: src/sss_client/pam_sss.c:3070 +#: src/sss_client/pam_sss.c:3103 msgid "Password expired. Change your password now." msgstr "A jelszava lejárt, változtass meg most." diff --git a/po/id.po b/po/id.po index 28c59a005ab..3fe8390e8aa 100644 --- a/po/id.po +++ b/po/id.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" -"POT-Creation-Date: 2023-05-05 10:11+0200\n" +"POT-Creation-Date: 2023-09-07 11:48+0200\n" "PO-Revision-Date: 2014-12-14 11:46-0500\n" "Last-Translator: Copied by Zanata \n" "Language-Team: Indonesian (http://www.transifex.com/projects/p/sssd/language/" @@ -588,12 +588,12 @@ msgid "Whether to automatically update the client's DNS entry" msgstr "" #: src/config/SSSDConfig/sssdoptions.py:201 -#: src/config/SSSDConfig/sssdoptions.py:233 +#: src/config/SSSDConfig/sssdoptions.py:234 msgid "The TTL to apply to the client's DNS entry after updating it" msgstr "" #: src/config/SSSDConfig/sssdoptions.py:202 -#: src/config/SSSDConfig/sssdoptions.py:234 +#: src/config/SSSDConfig/sssdoptions.py:235 msgid "The interface whose IP should be used for dynamic DNS updates" msgstr "" @@ -677,1162 +677,1166 @@ msgid "" "(long term password) must have to be saved as SHA512 hash into the cache." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:228 +#: src/config/SSSDConfig/sssdoptions.py:226 +msgid "Local authentication methods policy " +msgstr "" + +#: src/config/SSSDConfig/sssdoptions.py:229 msgid "IPA domain" msgstr "Domain IPA" -#: src/config/SSSDConfig/sssdoptions.py:229 +#: src/config/SSSDConfig/sssdoptions.py:230 msgid "IPA server address" msgstr "Alamat server IPA" -#: src/config/SSSDConfig/sssdoptions.py:230 +#: src/config/SSSDConfig/sssdoptions.py:231 msgid "Address of backup IPA server" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:231 +#: src/config/SSSDConfig/sssdoptions.py:232 msgid "IPA client hostname" msgstr "Nama host klien IPA" -#: src/config/SSSDConfig/sssdoptions.py:232 +#: src/config/SSSDConfig/sssdoptions.py:233 msgid "Whether to automatically update the client's DNS entry in FreeIPA" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:235 +#: src/config/SSSDConfig/sssdoptions.py:236 msgid "Search base for HBAC related objects" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:236 +#: src/config/SSSDConfig/sssdoptions.py:237 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:237 +#: src/config/SSSDConfig/sssdoptions.py:238 msgid "" "The amount of time in seconds between lookups of the SELinux maps against " "the IPA server" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:239 +#: src/config/SSSDConfig/sssdoptions.py:240 msgid "If set to false, host argument given by PAM will be ignored" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:240 +#: src/config/SSSDConfig/sssdoptions.py:241 msgid "The automounter location this IPA client is using" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:241 +#: src/config/SSSDConfig/sssdoptions.py:242 msgid "Search base for object containing info about IPA domain" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:242 +#: src/config/SSSDConfig/sssdoptions.py:243 msgid "Search base for objects containing info about ID ranges" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:243 -#: src/config/SSSDConfig/sssdoptions.py:299 +#: src/config/SSSDConfig/sssdoptions.py:244 +#: src/config/SSSDConfig/sssdoptions.py:300 msgid "Enable DNS sites - location based service discovery" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:244 +#: src/config/SSSDConfig/sssdoptions.py:245 msgid "Search base for view containers" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:245 +#: src/config/SSSDConfig/sssdoptions.py:246 msgid "Objectclass for view containers" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:246 +#: src/config/SSSDConfig/sssdoptions.py:247 msgid "Attribute with the name of the view" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:247 +#: src/config/SSSDConfig/sssdoptions.py:248 msgid "Objectclass for override objects" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:248 +#: src/config/SSSDConfig/sssdoptions.py:249 msgid "Attribute with the reference to the original object" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:249 +#: src/config/SSSDConfig/sssdoptions.py:250 msgid "Objectclass for user override objects" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:250 +#: src/config/SSSDConfig/sssdoptions.py:251 msgid "Objectclass for group override objects" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:251 +#: src/config/SSSDConfig/sssdoptions.py:252 msgid "Search base for Desktop Profile related objects" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:252 +#: src/config/SSSDConfig/sssdoptions.py:253 msgid "" "The amount of time in seconds between lookups of the Desktop Profile rules " "against the IPA server" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:254 +#: src/config/SSSDConfig/sssdoptions.py:255 msgid "" "The amount of time in minutes between lookups of Desktop Profiles rules " "against the IPA server when the last request did not find any rule" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:257 +#: src/config/SSSDConfig/sssdoptions.py:258 msgid "Search base for SUBID ranges" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:258 -#: src/config/SSSDConfig/sssdoptions.py:501 +#: src/config/SSSDConfig/sssdoptions.py:259 +#: src/config/SSSDConfig/sssdoptions.py:502 msgid "Which rules should be used to evaluate access control" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:259 +#: src/config/SSSDConfig/sssdoptions.py:260 msgid "The LDAP attribute that contains FQDN of the host." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:260 -#: src/config/SSSDConfig/sssdoptions.py:283 +#: src/config/SSSDConfig/sssdoptions.py:261 +#: src/config/SSSDConfig/sssdoptions.py:284 msgid "The object class of a host entry in LDAP." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:261 +#: src/config/SSSDConfig/sssdoptions.py:262 msgid "Use the given string as search base for host objects." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:262 +#: src/config/SSSDConfig/sssdoptions.py:263 msgid "The LDAP attribute that contains the host's SSH public keys." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:263 +#: src/config/SSSDConfig/sssdoptions.py:264 msgid "The LDAP attribute that contains NIS domain name of the netgroup." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:264 +#: src/config/SSSDConfig/sssdoptions.py:265 msgid "The LDAP attribute that contains the names of the netgroup's members." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:265 +#: src/config/SSSDConfig/sssdoptions.py:266 msgid "" "The LDAP attribute that lists FQDNs of hosts and host groups that are " "members of the netgroup." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:267 +#: src/config/SSSDConfig/sssdoptions.py:268 msgid "" "The LDAP attribute that lists hosts and host groups that are direct members " "of the netgroup." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:269 +#: src/config/SSSDConfig/sssdoptions.py:270 msgid "The LDAP attribute that lists netgroup's memberships." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:270 +#: src/config/SSSDConfig/sssdoptions.py:271 msgid "" "The LDAP attribute that lists system users and groups that are direct " "members of the netgroup." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:272 +#: src/config/SSSDConfig/sssdoptions.py:273 msgid "The LDAP attribute that corresponds to the netgroup name." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:273 +#: src/config/SSSDConfig/sssdoptions.py:274 msgid "The object class of a netgroup entry in LDAP." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:274 +#: src/config/SSSDConfig/sssdoptions.py:275 msgid "" "The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:275 +#: src/config/SSSDConfig/sssdoptions.py:276 msgid "" "The LDAP attribute that contains whether or not is user map enabled for " "usage." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:277 +#: src/config/SSSDConfig/sssdoptions.py:278 msgid "The LDAP attribute that contains host category such as 'all'." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:278 +#: src/config/SSSDConfig/sssdoptions.py:279 msgid "" "The LDAP attribute that contains all hosts / hostgroups this rule match " "against." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:280 +#: src/config/SSSDConfig/sssdoptions.py:281 msgid "" "The LDAP attribute that contains all users / groups this rule match against." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:282 +#: src/config/SSSDConfig/sssdoptions.py:283 msgid "The LDAP attribute that contains the name of SELinux usermap." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:284 +#: src/config/SSSDConfig/sssdoptions.py:285 msgid "" "The LDAP attribute that contains DN of HBAC rule which can be used for " "matching instead of memberUser and memberHost." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:286 +#: src/config/SSSDConfig/sssdoptions.py:287 msgid "The LDAP attribute that contains SELinux user string itself." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:287 +#: src/config/SSSDConfig/sssdoptions.py:288 msgid "The LDAP attribute that contains user category such as 'all'." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:288 +#: src/config/SSSDConfig/sssdoptions.py:289 msgid "The LDAP attribute that contains unique ID of the user map." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:289 +#: src/config/SSSDConfig/sssdoptions.py:290 msgid "" "The option denotes that the SSSD is running on IPA server and should perform " "lookups of users and groups from trusted domains differently." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:291 +#: src/config/SSSDConfig/sssdoptions.py:292 msgid "Use the given string as search base for trusted domains." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:294 +#: src/config/SSSDConfig/sssdoptions.py:295 msgid "Active Directory domain" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:295 +#: src/config/SSSDConfig/sssdoptions.py:296 msgid "Enabled Active Directory domains" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:296 +#: src/config/SSSDConfig/sssdoptions.py:297 msgid "Active Directory server address" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:297 +#: src/config/SSSDConfig/sssdoptions.py:298 msgid "Active Directory backup server address" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:298 +#: src/config/SSSDConfig/sssdoptions.py:299 msgid "Active Directory client hostname" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:300 -#: src/config/SSSDConfig/sssdoptions.py:499 +#: src/config/SSSDConfig/sssdoptions.py:301 +#: src/config/SSSDConfig/sssdoptions.py:500 msgid "LDAP filter to determine access privileges" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:301 +#: src/config/SSSDConfig/sssdoptions.py:302 msgid "Whether to use the Global Catalog for lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:302 +#: src/config/SSSDConfig/sssdoptions.py:303 msgid "Operation mode for GPO-based access control" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:303 +#: src/config/SSSDConfig/sssdoptions.py:304 msgid "" "The amount of time between lookups of the GPO policy files against the AD " "server" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:304 +#: src/config/SSSDConfig/sssdoptions.py:305 msgid "" "PAM service names that map to the GPO (Deny)InteractiveLogonRight policy " "settings" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:306 +#: src/config/SSSDConfig/sssdoptions.py:307 msgid "" "PAM service names that map to the GPO (Deny)RemoteInteractiveLogonRight " "policy settings" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:308 +#: src/config/SSSDConfig/sssdoptions.py:309 msgid "" "PAM service names that map to the GPO (Deny)NetworkLogonRight policy settings" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:309 +#: src/config/SSSDConfig/sssdoptions.py:310 msgid "" "PAM service names that map to the GPO (Deny)BatchLogonRight policy settings" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:310 +#: src/config/SSSDConfig/sssdoptions.py:311 msgid "" "PAM service names that map to the GPO (Deny)ServiceLogonRight policy settings" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:311 +#: src/config/SSSDConfig/sssdoptions.py:312 msgid "PAM service names for which GPO-based access is always granted" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:312 +#: src/config/SSSDConfig/sssdoptions.py:313 msgid "PAM service names for which GPO-based access is always denied" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:313 +#: src/config/SSSDConfig/sssdoptions.py:314 msgid "" "Default logon right (or permit/deny) to use for unmapped PAM service names" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:314 +#: src/config/SSSDConfig/sssdoptions.py:315 msgid "a particular site to be used by the client" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:315 +#: src/config/SSSDConfig/sssdoptions.py:316 msgid "" "Maximum age in days before the machine account password should be renewed" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:317 +#: src/config/SSSDConfig/sssdoptions.py:318 msgid "Option for tuning the machine account renewal task" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:318 +#: src/config/SSSDConfig/sssdoptions.py:319 msgid "Whether to update the machine account password in the Samba database" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:320 +#: src/config/SSSDConfig/sssdoptions.py:321 msgid "Use LDAPS port for LDAP and Global Catalog requests" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:321 +#: src/config/SSSDConfig/sssdoptions.py:322 msgid "Do not filter domain local groups from other domains" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:324 #: src/config/SSSDConfig/sssdoptions.py:325 +#: src/config/SSSDConfig/sssdoptions.py:326 msgid "Kerberos server address" msgstr "Alamat server Kerberos" -#: src/config/SSSDConfig/sssdoptions.py:326 +#: src/config/SSSDConfig/sssdoptions.py:327 msgid "Kerberos backup server address" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:327 +#: src/config/SSSDConfig/sssdoptions.py:328 msgid "Kerberos realm" msgstr "Realm Kerberos" -#: src/config/SSSDConfig/sssdoptions.py:328 +#: src/config/SSSDConfig/sssdoptions.py:329 msgid "Authentication timeout" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:329 +#: src/config/SSSDConfig/sssdoptions.py:330 msgid "Whether to create kdcinfo files" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:330 +#: src/config/SSSDConfig/sssdoptions.py:331 msgid "Where to drop krb5 config snippets" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:333 +#: src/config/SSSDConfig/sssdoptions.py:334 msgid "Directory to store credential caches" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:334 +#: src/config/SSSDConfig/sssdoptions.py:335 msgid "Location of the user's credential cache" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:335 +#: src/config/SSSDConfig/sssdoptions.py:336 msgid "Location of the keytab to validate credentials" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:336 +#: src/config/SSSDConfig/sssdoptions.py:337 msgid "Enable credential validation" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:337 +#: src/config/SSSDConfig/sssdoptions.py:338 msgid "Store password if offline for later online authentication" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:338 +#: src/config/SSSDConfig/sssdoptions.py:339 msgid "Renewable lifetime of the TGT" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:339 +#: src/config/SSSDConfig/sssdoptions.py:340 msgid "Lifetime of the TGT" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:340 +#: src/config/SSSDConfig/sssdoptions.py:341 msgid "Time between two checks for renewal" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:341 +#: src/config/SSSDConfig/sssdoptions.py:342 msgid "Enables FAST" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:342 +#: src/config/SSSDConfig/sssdoptions.py:343 msgid "Selects the principal to use for FAST" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:343 +#: src/config/SSSDConfig/sssdoptions.py:344 msgid "Use anonymous PKINIT to request FAST credentials" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:344 +#: src/config/SSSDConfig/sssdoptions.py:345 msgid "Enables principal canonicalization" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:345 +#: src/config/SSSDConfig/sssdoptions.py:346 msgid "Enables enterprise principals" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:346 +#: src/config/SSSDConfig/sssdoptions.py:347 msgid "Enables using of subdomains realms for authentication" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:347 +#: src/config/SSSDConfig/sssdoptions.py:348 msgid "A mapping from user names to Kerberos principal names" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:350 #: src/config/SSSDConfig/sssdoptions.py:351 +#: src/config/SSSDConfig/sssdoptions.py:352 msgid "Server where the change password service is running if not on the KDC" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:354 +#: src/config/SSSDConfig/sssdoptions.py:355 msgid "ldap_uri, The URI of the LDAP server" msgstr "ldap_uri, URI server LDAP" -#: src/config/SSSDConfig/sssdoptions.py:355 +#: src/config/SSSDConfig/sssdoptions.py:356 msgid "ldap_backup_uri, The URI of the LDAP server" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:356 +#: src/config/SSSDConfig/sssdoptions.py:357 msgid "The default base DN" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:357 +#: src/config/SSSDConfig/sssdoptions.py:358 msgid "The Schema Type in use on the LDAP server, rfc2307" msgstr "Jenis Skema yang digunakan pada server LDAP, rfc2307" -#: src/config/SSSDConfig/sssdoptions.py:358 +#: src/config/SSSDConfig/sssdoptions.py:359 msgid "Mode used to change user password" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:359 +#: src/config/SSSDConfig/sssdoptions.py:360 msgid "The default bind DN" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:360 +#: src/config/SSSDConfig/sssdoptions.py:361 msgid "The type of the authentication token of the default bind DN" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:361 +#: src/config/SSSDConfig/sssdoptions.py:362 msgid "The authentication token of the default bind DN" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:362 +#: src/config/SSSDConfig/sssdoptions.py:363 msgid "Length of time to attempt connection" msgstr "Lamanya waktu untuk mencoba koneksi" -#: src/config/SSSDConfig/sssdoptions.py:363 +#: src/config/SSSDConfig/sssdoptions.py:364 msgid "Length of time to attempt synchronous LDAP operations" msgstr "Lamanya waktu untuk mencoba operasi LDAP yang sinkron" -#: src/config/SSSDConfig/sssdoptions.py:364 +#: src/config/SSSDConfig/sssdoptions.py:365 msgid "Length of time between attempts to reconnect while offline" msgstr "Lamanya waktu antara upaya untuk menyambung kembali saat luring" -#: src/config/SSSDConfig/sssdoptions.py:365 +#: src/config/SSSDConfig/sssdoptions.py:366 msgid "Use only the upper case for realm names" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:366 +#: src/config/SSSDConfig/sssdoptions.py:367 msgid "File that contains CA certificates" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:367 +#: src/config/SSSDConfig/sssdoptions.py:368 msgid "Path to CA certificate directory" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:368 +#: src/config/SSSDConfig/sssdoptions.py:369 msgid "File that contains the client certificate" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:369 +#: src/config/SSSDConfig/sssdoptions.py:370 msgid "File that contains the client key" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:370 +#: src/config/SSSDConfig/sssdoptions.py:371 msgid "List of possible ciphers suites" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:371 +#: src/config/SSSDConfig/sssdoptions.py:372 msgid "Require TLS certificate verification" msgstr "Membutuhkan verifikasi sertifikat TLS" -#: src/config/SSSDConfig/sssdoptions.py:372 +#: src/config/SSSDConfig/sssdoptions.py:373 msgid "Specify the sasl mechanism to use" msgstr "Tentukan mekanisme sasl yang digunakan" -#: src/config/SSSDConfig/sssdoptions.py:373 +#: src/config/SSSDConfig/sssdoptions.py:374 msgid "Specify the sasl authorization id to use" msgstr "Tentukan id otorisasi sasl yang digunakan" -#: src/config/SSSDConfig/sssdoptions.py:374 +#: src/config/SSSDConfig/sssdoptions.py:375 msgid "Specify the sasl authorization realm to use" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:375 +#: src/config/SSSDConfig/sssdoptions.py:376 msgid "Specify the minimal SSF for LDAP sasl authorization" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:376 +#: src/config/SSSDConfig/sssdoptions.py:377 msgid "Specify the maximal SSF for LDAP sasl authorization" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:377 +#: src/config/SSSDConfig/sssdoptions.py:378 msgid "Kerberos service keytab" msgstr "Keytab layanan Kerberos" -#: src/config/SSSDConfig/sssdoptions.py:378 +#: src/config/SSSDConfig/sssdoptions.py:379 msgid "Use Kerberos auth for LDAP connection" msgstr "Gunakan otentikasi Kerberos untuk koneksi LDAP" -#: src/config/SSSDConfig/sssdoptions.py:379 +#: src/config/SSSDConfig/sssdoptions.py:380 msgid "Follow LDAP referrals" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:380 +#: src/config/SSSDConfig/sssdoptions.py:381 msgid "Lifetime of TGT for LDAP connection" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:381 +#: src/config/SSSDConfig/sssdoptions.py:382 msgid "How to dereference aliases" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:382 +#: src/config/SSSDConfig/sssdoptions.py:383 msgid "Service name for DNS service lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:383 +#: src/config/SSSDConfig/sssdoptions.py:384 msgid "The number of records to retrieve in a single LDAP query" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:384 +#: src/config/SSSDConfig/sssdoptions.py:385 msgid "The number of members that must be missing to trigger a full deref" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:385 +#: src/config/SSSDConfig/sssdoptions.py:386 msgid "Ignore unreadable LDAP references" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:386 +#: src/config/SSSDConfig/sssdoptions.py:387 msgid "" "Whether the LDAP library should perform a reverse lookup to canonicalize the " "host name during a SASL bind" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:388 +#: src/config/SSSDConfig/sssdoptions.py:389 msgid "" "Allows to retain local users as members of an LDAP group for servers that " "use the RFC2307 schema." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:391 +#: src/config/SSSDConfig/sssdoptions.py:392 msgid "entryUSN attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:392 +#: src/config/SSSDConfig/sssdoptions.py:393 msgid "lastUSN attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:394 +#: src/config/SSSDConfig/sssdoptions.py:395 msgid "How long to retain a connection to the LDAP server before disconnecting" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:397 +#: src/config/SSSDConfig/sssdoptions.py:398 msgid "Disable the LDAP paging control" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:398 +#: src/config/SSSDConfig/sssdoptions.py:399 msgid "Disable Active Directory range retrieval" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:401 +#: src/config/SSSDConfig/sssdoptions.py:402 msgid "Length of time to wait for a search request" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:402 +#: src/config/SSSDConfig/sssdoptions.py:403 msgid "Length of time to wait for a enumeration request" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:403 +#: src/config/SSSDConfig/sssdoptions.py:404 msgid "Length of time between enumeration updates" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:404 +#: src/config/SSSDConfig/sssdoptions.py:405 msgid "Maximum period deviation between enumeration updates" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:405 +#: src/config/SSSDConfig/sssdoptions.py:406 msgid "Length of time between cache cleanups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:406 +#: src/config/SSSDConfig/sssdoptions.py:407 msgid "Maximum time deviation between cache cleanups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:407 +#: src/config/SSSDConfig/sssdoptions.py:408 msgid "Require TLS for ID lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:408 +#: src/config/SSSDConfig/sssdoptions.py:409 msgid "Use ID-mapping of objectSID instead of pre-set IDs" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:409 +#: src/config/SSSDConfig/sssdoptions.py:410 msgid "Base DN for user lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:410 +#: src/config/SSSDConfig/sssdoptions.py:411 msgid "Scope of user lookups" msgstr "Lingkup pencarian pengguna" -#: src/config/SSSDConfig/sssdoptions.py:411 +#: src/config/SSSDConfig/sssdoptions.py:412 msgid "Filter for user lookups" msgstr "Filter pencarian pengguna" -#: src/config/SSSDConfig/sssdoptions.py:412 +#: src/config/SSSDConfig/sssdoptions.py:413 msgid "Objectclass for users" msgstr "Objectclass untuk pengguna" -#: src/config/SSSDConfig/sssdoptions.py:413 +#: src/config/SSSDConfig/sssdoptions.py:414 msgid "Username attribute" msgstr "Atribut Nama pengguna" -#: src/config/SSSDConfig/sssdoptions.py:414 +#: src/config/SSSDConfig/sssdoptions.py:415 msgid "UID attribute" msgstr "Atribut UID" -#: src/config/SSSDConfig/sssdoptions.py:415 +#: src/config/SSSDConfig/sssdoptions.py:416 msgid "Primary GID attribute" msgstr "Atribut GID Primer" -#: src/config/SSSDConfig/sssdoptions.py:416 +#: src/config/SSSDConfig/sssdoptions.py:417 msgid "GECOS attribute" msgstr "Atribut GECOS" -#: src/config/SSSDConfig/sssdoptions.py:417 +#: src/config/SSSDConfig/sssdoptions.py:418 msgid "Home directory attribute" msgstr "Atribut direktori Home" -#: src/config/SSSDConfig/sssdoptions.py:418 +#: src/config/SSSDConfig/sssdoptions.py:419 msgid "Shell attribute" msgstr "Atribut Shell" -#: src/config/SSSDConfig/sssdoptions.py:419 +#: src/config/SSSDConfig/sssdoptions.py:420 msgid "UUID attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:420 -#: src/config/SSSDConfig/sssdoptions.py:459 +#: src/config/SSSDConfig/sssdoptions.py:421 +#: src/config/SSSDConfig/sssdoptions.py:460 msgid "objectSID attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:421 +#: src/config/SSSDConfig/sssdoptions.py:422 msgid "Active Directory primary group attribute for ID-mapping" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:422 +#: src/config/SSSDConfig/sssdoptions.py:423 msgid "User principal attribute (for Kerberos)" msgstr "Atribut utama pengguna (untuk Kerberos)" -#: src/config/SSSDConfig/sssdoptions.py:423 +#: src/config/SSSDConfig/sssdoptions.py:424 msgid "Full Name" msgstr "Nama Lengkap" -#: src/config/SSSDConfig/sssdoptions.py:424 +#: src/config/SSSDConfig/sssdoptions.py:425 msgid "memberOf attribute" msgstr "Atribut memberOf" -#: src/config/SSSDConfig/sssdoptions.py:425 +#: src/config/SSSDConfig/sssdoptions.py:426 msgid "Modification time attribute" msgstr "Atribut waktu modifikasi" -#: src/config/SSSDConfig/sssdoptions.py:426 +#: src/config/SSSDConfig/sssdoptions.py:427 msgid "shadowLastChange attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:427 +#: src/config/SSSDConfig/sssdoptions.py:428 msgid "shadowMin attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:428 +#: src/config/SSSDConfig/sssdoptions.py:429 msgid "shadowMax attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:429 +#: src/config/SSSDConfig/sssdoptions.py:430 msgid "shadowWarning attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:430 +#: src/config/SSSDConfig/sssdoptions.py:431 msgid "shadowInactive attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:431 +#: src/config/SSSDConfig/sssdoptions.py:432 msgid "shadowExpire attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:432 +#: src/config/SSSDConfig/sssdoptions.py:433 msgid "shadowFlag attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:433 +#: src/config/SSSDConfig/sssdoptions.py:434 msgid "Attribute listing authorized PAM services" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:434 +#: src/config/SSSDConfig/sssdoptions.py:435 msgid "Attribute listing authorized server hosts" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:435 +#: src/config/SSSDConfig/sssdoptions.py:436 msgid "Attribute listing authorized server rhosts" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:436 +#: src/config/SSSDConfig/sssdoptions.py:437 msgid "krbLastPwdChange attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:437 +#: src/config/SSSDConfig/sssdoptions.py:438 msgid "krbPasswordExpiration attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:438 +#: src/config/SSSDConfig/sssdoptions.py:439 msgid "Attribute indicating that server side password policies are active" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:439 +#: src/config/SSSDConfig/sssdoptions.py:440 msgid "accountExpires attribute of AD" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:440 +#: src/config/SSSDConfig/sssdoptions.py:441 msgid "userAccountControl attribute of AD" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:441 +#: src/config/SSSDConfig/sssdoptions.py:442 msgid "nsAccountLock attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:442 +#: src/config/SSSDConfig/sssdoptions.py:443 msgid "loginDisabled attribute of NDS" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:443 +#: src/config/SSSDConfig/sssdoptions.py:444 msgid "loginExpirationTime attribute of NDS" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:444 +#: src/config/SSSDConfig/sssdoptions.py:445 msgid "loginAllowedTimeMap attribute of NDS" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:445 +#: src/config/SSSDConfig/sssdoptions.py:446 msgid "SSH public key attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:446 +#: src/config/SSSDConfig/sssdoptions.py:447 msgid "attribute listing allowed authentication types for a user" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:447 +#: src/config/SSSDConfig/sssdoptions.py:448 msgid "attribute containing the X509 certificate of the user" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:448 +#: src/config/SSSDConfig/sssdoptions.py:449 msgid "attribute containing the email address of the user" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:449 +#: src/config/SSSDConfig/sssdoptions.py:450 msgid "attribute containing the passkey mapping data of the user" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:450 +#: src/config/SSSDConfig/sssdoptions.py:451 msgid "A list of extra attributes to download along with the user entry" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:452 +#: src/config/SSSDConfig/sssdoptions.py:453 msgid "Base DN for group lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:453 +#: src/config/SSSDConfig/sssdoptions.py:454 msgid "Objectclass for groups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:454 +#: src/config/SSSDConfig/sssdoptions.py:455 msgid "Group name" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:455 +#: src/config/SSSDConfig/sssdoptions.py:456 msgid "Group password" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:456 +#: src/config/SSSDConfig/sssdoptions.py:457 msgid "GID attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:457 +#: src/config/SSSDConfig/sssdoptions.py:458 msgid "Group member attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:458 +#: src/config/SSSDConfig/sssdoptions.py:459 msgid "Group UUID attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:460 +#: src/config/SSSDConfig/sssdoptions.py:461 msgid "Modification time attribute for groups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:461 +#: src/config/SSSDConfig/sssdoptions.py:462 msgid "Type of the group and other flags" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:462 +#: src/config/SSSDConfig/sssdoptions.py:463 msgid "The LDAP group external member attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:463 +#: src/config/SSSDConfig/sssdoptions.py:464 msgid "Maximum nesting level SSSD will follow" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:464 +#: src/config/SSSDConfig/sssdoptions.py:465 msgid "Filter for group lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:465 +#: src/config/SSSDConfig/sssdoptions.py:466 msgid "Scope of group lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:467 +#: src/config/SSSDConfig/sssdoptions.py:468 msgid "Base DN for netgroup lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:468 +#: src/config/SSSDConfig/sssdoptions.py:469 msgid "Objectclass for netgroups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:469 +#: src/config/SSSDConfig/sssdoptions.py:470 msgid "Netgroup name" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:470 +#: src/config/SSSDConfig/sssdoptions.py:471 msgid "Netgroups members attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:471 +#: src/config/SSSDConfig/sssdoptions.py:472 msgid "Netgroup triple attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:472 +#: src/config/SSSDConfig/sssdoptions.py:473 msgid "Modification time attribute for netgroups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:474 +#: src/config/SSSDConfig/sssdoptions.py:475 msgid "Base DN for service lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:475 +#: src/config/SSSDConfig/sssdoptions.py:476 msgid "Objectclass for services" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:476 +#: src/config/SSSDConfig/sssdoptions.py:477 msgid "Service name attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:477 +#: src/config/SSSDConfig/sssdoptions.py:478 msgid "Service port attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:478 +#: src/config/SSSDConfig/sssdoptions.py:479 msgid "Service protocol attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:480 +#: src/config/SSSDConfig/sssdoptions.py:481 msgid "Lower bound for ID-mapping" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:481 +#: src/config/SSSDConfig/sssdoptions.py:482 msgid "Upper bound for ID-mapping" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:482 +#: src/config/SSSDConfig/sssdoptions.py:483 msgid "Number of IDs for each slice when ID-mapping" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:483 +#: src/config/SSSDConfig/sssdoptions.py:484 msgid "Use autorid-compatible algorithm for ID-mapping" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:484 +#: src/config/SSSDConfig/sssdoptions.py:485 msgid "Name of the default domain for ID-mapping" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:485 +#: src/config/SSSDConfig/sssdoptions.py:486 msgid "SID of the default domain for ID-mapping" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:486 +#: src/config/SSSDConfig/sssdoptions.py:487 msgid "Number of secondary slices" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:488 +#: src/config/SSSDConfig/sssdoptions.py:489 msgid "Whether to use Token-Groups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:489 +#: src/config/SSSDConfig/sssdoptions.py:490 msgid "Set lower boundary for allowed IDs from the LDAP server" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:490 +#: src/config/SSSDConfig/sssdoptions.py:491 msgid "Set upper boundary for allowed IDs from the LDAP server" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:491 +#: src/config/SSSDConfig/sssdoptions.py:492 msgid "DN for ppolicy queries" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:492 +#: src/config/SSSDConfig/sssdoptions.py:493 msgid "How many maximum entries to fetch during a wildcard request" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:493 +#: src/config/SSSDConfig/sssdoptions.py:494 msgid "Set libldap debug level" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:496 +#: src/config/SSSDConfig/sssdoptions.py:497 msgid "Policy to evaluate the password expiration" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:500 +#: src/config/SSSDConfig/sssdoptions.py:501 msgid "Which attributes shall be used to evaluate if an account is expired" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:504 +#: src/config/SSSDConfig/sssdoptions.py:505 msgid "URI of an LDAP server where password changes are allowed" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:505 +#: src/config/SSSDConfig/sssdoptions.py:506 msgid "URI of a backup LDAP server where password changes are allowed" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:506 +#: src/config/SSSDConfig/sssdoptions.py:507 msgid "DNS service name for LDAP password change server" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:507 +#: src/config/SSSDConfig/sssdoptions.py:508 msgid "" "Whether to update the ldap_user_shadow_last_change attribute after a " "password change" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:511 +#: src/config/SSSDConfig/sssdoptions.py:512 msgid "Base DN for sudo rules lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:512 +#: src/config/SSSDConfig/sssdoptions.py:513 msgid "Automatic full refresh period" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:513 +#: src/config/SSSDConfig/sssdoptions.py:514 msgid "Automatic smart refresh period" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:514 +#: src/config/SSSDConfig/sssdoptions.py:515 msgid "Smart and full refresh random offset" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:515 +#: src/config/SSSDConfig/sssdoptions.py:516 msgid "Whether to filter rules by hostname, IP addresses and network" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:516 +#: src/config/SSSDConfig/sssdoptions.py:517 msgid "" "Hostnames and/or fully qualified domain names of this machine to filter sudo " "rules" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:517 +#: src/config/SSSDConfig/sssdoptions.py:518 msgid "IPv4 or IPv6 addresses or network of this machine to filter sudo rules" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:518 +#: src/config/SSSDConfig/sssdoptions.py:519 msgid "Whether to include rules that contains netgroup in host attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:519 +#: src/config/SSSDConfig/sssdoptions.py:520 msgid "" "Whether to include rules that contains regular expression in host attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:520 +#: src/config/SSSDConfig/sssdoptions.py:521 msgid "Object class for sudo rules" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:521 +#: src/config/SSSDConfig/sssdoptions.py:522 msgid "Name of attribute that is used as object class for sudo rules" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:522 +#: src/config/SSSDConfig/sssdoptions.py:523 msgid "Sudo rule name" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:523 +#: src/config/SSSDConfig/sssdoptions.py:524 msgid "Sudo rule command attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:524 +#: src/config/SSSDConfig/sssdoptions.py:525 msgid "Sudo rule host attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:525 +#: src/config/SSSDConfig/sssdoptions.py:526 msgid "Sudo rule user attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:526 +#: src/config/SSSDConfig/sssdoptions.py:527 msgid "Sudo rule option attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:527 +#: src/config/SSSDConfig/sssdoptions.py:528 msgid "Sudo rule runas attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:528 +#: src/config/SSSDConfig/sssdoptions.py:529 msgid "Sudo rule runasuser attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:529 +#: src/config/SSSDConfig/sssdoptions.py:530 msgid "Sudo rule runasgroup attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:530 +#: src/config/SSSDConfig/sssdoptions.py:531 msgid "Sudo rule notbefore attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:531 +#: src/config/SSSDConfig/sssdoptions.py:532 msgid "Sudo rule notafter attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:532 +#: src/config/SSSDConfig/sssdoptions.py:533 msgid "Sudo rule order attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:535 +#: src/config/SSSDConfig/sssdoptions.py:536 msgid "Object class for automounter maps" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:536 +#: src/config/SSSDConfig/sssdoptions.py:537 msgid "Automounter map name attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:537 +#: src/config/SSSDConfig/sssdoptions.py:538 msgid "Object class for automounter map entries" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:538 +#: src/config/SSSDConfig/sssdoptions.py:539 msgid "Automounter map entry key attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:539 +#: src/config/SSSDConfig/sssdoptions.py:540 msgid "Automounter map entry value attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:540 +#: src/config/SSSDConfig/sssdoptions.py:541 msgid "Base DN for automounter map lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:541 +#: src/config/SSSDConfig/sssdoptions.py:542 msgid "The name of the automount master map in LDAP." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:544 +#: src/config/SSSDConfig/sssdoptions.py:545 msgid "Base DN for IP hosts lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:545 +#: src/config/SSSDConfig/sssdoptions.py:546 msgid "Object class for IP hosts" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:546 +#: src/config/SSSDConfig/sssdoptions.py:547 msgid "IP host name attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:547 +#: src/config/SSSDConfig/sssdoptions.py:548 msgid "IP host number (address) attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:548 +#: src/config/SSSDConfig/sssdoptions.py:549 msgid "IP host entryUSN attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:549 +#: src/config/SSSDConfig/sssdoptions.py:550 msgid "Base DN for IP networks lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:550 +#: src/config/SSSDConfig/sssdoptions.py:551 msgid "Object class for IP networks" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:551 +#: src/config/SSSDConfig/sssdoptions.py:552 msgid "IP network name attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:552 +#: src/config/SSSDConfig/sssdoptions.py:553 msgid "IP network number (address) attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:553 +#: src/config/SSSDConfig/sssdoptions.py:554 msgid "IP network entryUSN attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:556 +#: src/config/SSSDConfig/sssdoptions.py:557 msgid "Comma separated list of allowed users" msgstr "Daftar pengguna yang diijinkan dalam format yang dipisahkan koma" -#: src/config/SSSDConfig/sssdoptions.py:557 +#: src/config/SSSDConfig/sssdoptions.py:558 msgid "Comma separated list of prohibited users" msgstr "Daftar pengguna yang tidak diijinkan dalam format yang dipisahkan koma" -#: src/config/SSSDConfig/sssdoptions.py:558 +#: src/config/SSSDConfig/sssdoptions.py:559 msgid "" "Comma separated list of groups that are allowed to log in. This applies only " "to groups within this SSSD domain. Local groups are not evaluated." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:560 +#: src/config/SSSDConfig/sssdoptions.py:561 msgid "" "Comma separated list of groups that are explicitly denied access. This " "applies only to groups within this SSSD domain. Local groups are not " "evaluated." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:564 +#: src/config/SSSDConfig/sssdoptions.py:565 msgid "The number of preforked proxy children." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:567 +#: src/config/SSSDConfig/sssdoptions.py:568 msgid "The name of the NSS library to use" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:568 +#: src/config/SSSDConfig/sssdoptions.py:569 msgid "The name of the NSS library to use for hosts and networks lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:569 +#: src/config/SSSDConfig/sssdoptions.py:570 msgid "Whether to look up canonical group name from cache if possible" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:572 +#: src/config/SSSDConfig/sssdoptions.py:573 msgid "PAM stack to use" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:575 +#: src/config/SSSDConfig/sssdoptions.py:576 msgid "Path of passwd file sources." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:576 +#: src/config/SSSDConfig/sssdoptions.py:577 msgid "Path of group file sources." msgstr "" @@ -1881,67 +1885,67 @@ msgstr "" msgid "SSSD is already running\n" msgstr "" -#: src/providers/krb5/krb5_child.c:4007 src/providers/ldap/ldap_child.c:641 +#: src/providers/krb5/krb5_child.c:4027 src/providers/ldap/ldap_child.c:642 msgid "Allow core dumps" msgstr "" -#: src/providers/krb5/krb5_child.c:4009 src/providers/ldap/ldap_child.c:643 +#: src/providers/krb5/krb5_child.c:4029 src/providers/ldap/ldap_child.c:644 msgid "An open file descriptor for the debug logs" msgstr "" -#: src/providers/krb5/krb5_child.c:4012 +#: src/providers/krb5/krb5_child.c:4032 msgid "The user to create FAST ccache as" msgstr "" -#: src/providers/krb5/krb5_child.c:4014 +#: src/providers/krb5/krb5_child.c:4034 msgid "The group to create FAST ccache as" msgstr "" -#: src/providers/krb5/krb5_child.c:4016 +#: src/providers/krb5/krb5_child.c:4036 msgid "Use anonymous PKINIT to request FAST armor ticket" msgstr "" -#: src/providers/krb5/krb5_child.c:4018 +#: src/providers/krb5/krb5_child.c:4038 msgid "Kerberos realm to use" msgstr "" -#: src/providers/krb5/krb5_child.c:4020 +#: src/providers/krb5/krb5_child.c:4040 msgid "Requested lifetime of the ticket" msgstr "" -#: src/providers/krb5/krb5_child.c:4022 +#: src/providers/krb5/krb5_child.c:4042 msgid "Requested renewable lifetime of the ticket" msgstr "" -#: src/providers/krb5/krb5_child.c:4024 +#: src/providers/krb5/krb5_child.c:4044 msgid "FAST options ('never', 'try', 'demand')" msgstr "" -#: src/providers/krb5/krb5_child.c:4027 +#: src/providers/krb5/krb5_child.c:4047 msgid "Specifies the server principal to use for FAST" msgstr "" -#: src/providers/krb5/krb5_child.c:4029 +#: src/providers/krb5/krb5_child.c:4049 msgid "Requests canonicalization of the principal name" msgstr "" -#: src/providers/krb5/krb5_child.c:4031 +#: src/providers/krb5/krb5_child.c:4051 msgid "Use custom version of krb5_get_init_creds_password" msgstr "" -#: src/providers/krb5/krb5_child.c:4033 +#: src/providers/krb5/krb5_child.c:4053 msgid "Tevent chain ID used for logging purposes" msgstr "" -#: src/providers/krb5/krb5_child.c:4035 +#: src/providers/krb5/krb5_child.c:4055 msgid "Check PAC flags" msgstr "" -#: src/providers/krb5/krb5_child.c:4079 src/providers/ldap/ldap_child.c:669 +#: src/providers/krb5/krb5_child.c:4099 src/providers/ldap/ldap_child.c:670 msgid "talloc_asprintf failed.\n" msgstr "" -#: src/providers/krb5/krb5_child.c:4089 src/providers/ldap/ldap_child.c:678 +#: src/providers/krb5/krb5_child.c:4109 src/providers/ldap/ldap_child.c:679 msgid "set_debug_file_from_fd failed.\n" msgstr "" @@ -1985,119 +1989,131 @@ msgstr "" msgid "Permission denied. " msgstr "" -#: src/sss_client/pam_sss.c:70 src/sss_client/pam_sss.c:819 -#: src/sss_client/pam_sss.c:830 +#: src/sss_client/pam_sss.c:70 src/sss_client/pam_sss.c:838 +#: src/sss_client/pam_sss.c:849 msgid "Server message: " msgstr "Pesan server:" #: src/sss_client/pam_sss.c:71 +msgid "" +"Kerberos TGT will not be granted upon login, user experience will be " +"affected." +msgstr "" + +#: src/sss_client/pam_sss.c:72 msgid "Enter PIN:" msgstr "" -#: src/sss_client/pam_sss.c:314 +#: src/sss_client/pam_sss.c:315 msgid "Passwords do not match" msgstr "Kata sandi tidak cocok" -#: src/sss_client/pam_sss.c:502 +#: src/sss_client/pam_sss.c:503 msgid "Password reset by root is not supported." msgstr "" -#: src/sss_client/pam_sss.c:543 +#: src/sss_client/pam_sss.c:544 msgid "Authenticated with cached credentials" msgstr "" -#: src/sss_client/pam_sss.c:544 +#: src/sss_client/pam_sss.c:545 msgid ", your cached password will expire at: " msgstr "" -#: src/sss_client/pam_sss.c:574 +#: src/sss_client/pam_sss.c:575 #, c-format msgid "Your password has expired. You have %1$d grace login(s) remaining." msgstr "" -#: src/sss_client/pam_sss.c:624 +#: src/sss_client/pam_sss.c:625 #, c-format msgid "Your password will expire in %1$d %2$s." msgstr "" -#: src/sss_client/pam_sss.c:627 +#: src/sss_client/pam_sss.c:628 #, fuzzy, c-format msgid "Your password has expired." msgstr "Perubahan kata sandi gagal." -#: src/sss_client/pam_sss.c:678 +#: src/sss_client/pam_sss.c:679 msgid "Authentication is denied until: " msgstr "" -#: src/sss_client/pam_sss.c:699 +#: src/sss_client/pam_sss.c:700 msgid "System is offline, password change not possible" msgstr "Sistem sedang luring, perubahan kata sandi tidak dimungkinkan" -#: src/sss_client/pam_sss.c:714 +#: src/sss_client/pam_sss.c:715 msgid "" "After changing the OTP password, you need to log out and back in order to " "acquire a ticket" msgstr "" -#: src/sss_client/pam_sss.c:729 +#: src/sss_client/pam_sss.c:730 msgid "PIN locked" msgstr "" -#: src/sss_client/pam_sss.c:816 src/sss_client/pam_sss.c:829 +#: src/sss_client/pam_sss.c:745 +msgid "" +"No Kerberos TGT granted as the server does not support this method. Your " +"single-sign on(SSO) experience will be affected." +msgstr "" + +#: src/sss_client/pam_sss.c:835 src/sss_client/pam_sss.c:848 msgid "Password change failed. " msgstr "Perubahan kata sandi gagal." -#: src/sss_client/pam_sss.c:1797 +#: src/sss_client/pam_sss.c:1819 #, c-format msgid "Authenticate at %1$s and press ENTER." msgstr "" -#: src/sss_client/pam_sss.c:1800 +#: src/sss_client/pam_sss.c:1822 #, c-format msgid "Authenticate with PIN %1$s at %2$s and press ENTER." msgstr "" -#: src/sss_client/pam_sss.c:2153 +#: src/sss_client/pam_sss.c:2181 msgid "Please (re)insert (different) Smartcard" msgstr "" -#: src/sss_client/pam_sss.c:2352 +#: src/sss_client/pam_sss.c:2380 msgid "New Password: " msgstr "Kata Sandi Baru: " -#: src/sss_client/pam_sss.c:2353 +#: src/sss_client/pam_sss.c:2381 msgid "Reenter new Password: " msgstr "Masukkan lagi kata sandi baru:" -#: src/sss_client/pam_sss.c:2523 src/sss_client/pam_sss.c:2526 +#: src/sss_client/pam_sss.c:2551 src/sss_client/pam_sss.c:2554 msgid "First Factor: " msgstr "" -#: src/sss_client/pam_sss.c:2524 src/sss_client/pam_sss.c:2707 +#: src/sss_client/pam_sss.c:2552 src/sss_client/pam_sss.c:2740 msgid "Second Factor (optional): " msgstr "" -#: src/sss_client/pam_sss.c:2527 src/sss_client/pam_sss.c:2710 +#: src/sss_client/pam_sss.c:2555 src/sss_client/pam_sss.c:2743 msgid "Second Factor: " msgstr "" -#: src/sss_client/pam_sss.c:2547 +#: src/sss_client/pam_sss.c:2575 msgid "Insert your passkey device, then press ENTER." msgstr "" -#: src/sss_client/pam_sss.c:2551 src/sss_client/pam_sss.c:2554 +#: src/sss_client/pam_sss.c:2579 src/sss_client/pam_sss.c:2587 msgid "Password: " msgstr "Kata sandi:" -#: src/sss_client/pam_sss.c:2706 src/sss_client/pam_sss.c:2709 +#: src/sss_client/pam_sss.c:2739 src/sss_client/pam_sss.c:2742 msgid "First Factor (Current Password): " msgstr "" -#: src/sss_client/pam_sss.c:2713 +#: src/sss_client/pam_sss.c:2746 msgid "Current Password: " msgstr "Kata sandi saat ini:" -#: src/sss_client/pam_sss.c:3070 +#: src/sss_client/pam_sss.c:3103 msgid "Password expired. Change your password now." msgstr "" diff --git a/po/it.po b/po/it.po index e68fd483113..e6587155557 100644 --- a/po/it.po +++ b/po/it.po @@ -9,7 +9,7 @@ msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" -"POT-Creation-Date: 2023-05-05 10:11+0200\n" +"POT-Creation-Date: 2023-09-07 11:48+0200\n" "PO-Revision-Date: 2020-09-15 08:29+0000\n" "Last-Translator: Milo Casagrande \n" "Language-Team: Italian \n" "Language-Team: Japanese で実行 (root でなければなりません)\n" msgid "SSSD is already running\n" msgstr "SSSD はすでに実行中です\n" -#: src/providers/krb5/krb5_child.c:4007 src/providers/ldap/ldap_child.c:641 +#: src/providers/krb5/krb5_child.c:4027 src/providers/ldap/ldap_child.c:642 msgid "Allow core dumps" msgstr "コアダンプの許可" -#: src/providers/krb5/krb5_child.c:4009 src/providers/ldap/ldap_child.c:643 +#: src/providers/krb5/krb5_child.c:4029 src/providers/ldap/ldap_child.c:644 msgid "An open file descriptor for the debug logs" msgstr "デバッグログのオープンファイルディスクリプター" -#: src/providers/krb5/krb5_child.c:4012 +#: src/providers/krb5/krb5_child.c:4032 msgid "The user to create FAST ccache as" msgstr "次のように FAST ccache を作成するユーザー" -#: src/providers/krb5/krb5_child.c:4014 +#: src/providers/krb5/krb5_child.c:4034 msgid "The group to create FAST ccache as" msgstr "次のように FAST ccache を作成するグループ" -#: src/providers/krb5/krb5_child.c:4016 +#: src/providers/krb5/krb5_child.c:4036 msgid "Use anonymous PKINIT to request FAST armor ticket" msgstr "匿名の PKINIT を使用して FAST の armo チケットを要求する" -#: src/providers/krb5/krb5_child.c:4018 +#: src/providers/krb5/krb5_child.c:4038 msgid "Kerberos realm to use" msgstr "使用する Kerberos レルム" -#: src/providers/krb5/krb5_child.c:4020 +#: src/providers/krb5/krb5_child.c:4040 msgid "Requested lifetime of the ticket" msgstr "チケットの要求された有効期間" -#: src/providers/krb5/krb5_child.c:4022 +#: src/providers/krb5/krb5_child.c:4042 msgid "Requested renewable lifetime of the ticket" msgstr "チケットの要求された更新可能な有効期間" -#: src/providers/krb5/krb5_child.c:4024 +#: src/providers/krb5/krb5_child.c:4044 msgid "FAST options ('never', 'try', 'demand')" msgstr "FAST のオプション ('never'、'try'、'demand')" -#: src/providers/krb5/krb5_child.c:4027 +#: src/providers/krb5/krb5_child.c:4047 msgid "Specifies the server principal to use for FAST" msgstr "FAST で使用するサーバープリンシパルを指定します" -#: src/providers/krb5/krb5_child.c:4029 +#: src/providers/krb5/krb5_child.c:4049 msgid "Requests canonicalization of the principal name" msgstr "プリンシパル名の正規化を要求します" -#: src/providers/krb5/krb5_child.c:4031 +#: src/providers/krb5/krb5_child.c:4051 msgid "Use custom version of krb5_get_init_creds_password" msgstr "krb5_get_init_creds_password のカスタムバージョンを使用します" -#: src/providers/krb5/krb5_child.c:4033 +#: src/providers/krb5/krb5_child.c:4053 msgid "Tevent chain ID used for logging purposes" msgstr "デバッグのロギングの冗長性を設定する" -#: src/providers/krb5/krb5_child.c:4035 +#: src/providers/krb5/krb5_child.c:4055 msgid "Check PAC flags" msgstr "PAC フラグを確認する" -#: src/providers/krb5/krb5_child.c:4079 src/providers/ldap/ldap_child.c:669 +#: src/providers/krb5/krb5_child.c:4099 src/providers/ldap/ldap_child.c:670 msgid "talloc_asprintf failed.\n" msgstr "talloc_asprintf は失敗しました。\n" -#: src/providers/krb5/krb5_child.c:4089 src/providers/ldap/ldap_child.c:678 +#: src/providers/krb5/krb5_child.c:4109 src/providers/ldap/ldap_child.c:679 msgid "set_debug_file_from_fd failed.\n" msgstr "set_debug_file_from_fd は失敗しました。\n" @@ -2083,55 +2087,61 @@ msgstr "エラーの説明を検索中に予期しないエラーが発生しま msgid "Permission denied. " msgstr "パーミッションが拒否されました。 " -#: src/sss_client/pam_sss.c:70 src/sss_client/pam_sss.c:819 -#: src/sss_client/pam_sss.c:830 +#: src/sss_client/pam_sss.c:70 src/sss_client/pam_sss.c:838 +#: src/sss_client/pam_sss.c:849 msgid "Server message: " msgstr "サーバーのメッセージ: " #: src/sss_client/pam_sss.c:71 +msgid "" +"Kerberos TGT will not be granted upon login, user experience will be " +"affected." +msgstr "" + +#: src/sss_client/pam_sss.c:72 msgid "Enter PIN:" msgstr "PIN の入力:" -#: src/sss_client/pam_sss.c:314 +#: src/sss_client/pam_sss.c:315 msgid "Passwords do not match" msgstr "パスワードが一致しません" -#: src/sss_client/pam_sss.c:502 +#: src/sss_client/pam_sss.c:503 msgid "Password reset by root is not supported." msgstr "root によるパスワードのリセットはサポートされません。" -#: src/sss_client/pam_sss.c:543 +#: src/sss_client/pam_sss.c:544 msgid "Authenticated with cached credentials" msgstr "キャッシュされているクレデンシャルを用いて認証されました" -#: src/sss_client/pam_sss.c:544 +#: src/sss_client/pam_sss.c:545 msgid ", your cached password will expire at: " msgstr "、キャッシュされたパスワードが失効します: " -#: src/sss_client/pam_sss.c:574 +#: src/sss_client/pam_sss.c:575 #, c-format msgid "Your password has expired. You have %1$d grace login(s) remaining." msgstr "パスワードの期限が切れています。あと %1$d 回ログインできます。" -#: src/sss_client/pam_sss.c:624 +#: src/sss_client/pam_sss.c:625 #, c-format msgid "Your password will expire in %1$d %2$s." msgstr "あなたのパスワードは %1$d %2$s に期限切れになります。" -#: src/sss_client/pam_sss.c:627 +#: src/sss_client/pam_sss.c:628 #, c-format msgid "Your password has expired." msgstr "パスワードの有効期限が切れています。" -#: src/sss_client/pam_sss.c:678 +#: src/sss_client/pam_sss.c:679 msgid "Authentication is denied until: " msgstr "次まで認証が拒否されます: " -#: src/sss_client/pam_sss.c:699 +#: src/sss_client/pam_sss.c:700 msgid "System is offline, password change not possible" msgstr "システムがオフラインです、パスワード変更ができません" -#: src/sss_client/pam_sss.c:714 +#: src/sss_client/pam_sss.c:715 msgid "" "After changing the OTP password, you need to log out and back in order to " "acquire a ticket" @@ -2139,65 +2149,71 @@ msgstr "" "OTP パスワードの変更後、チケットを取得するためにログアウト後に再びログインす" "る必要があります" -#: src/sss_client/pam_sss.c:729 +#: src/sss_client/pam_sss.c:730 msgid "PIN locked" msgstr "PIN がロックされました" -#: src/sss_client/pam_sss.c:816 src/sss_client/pam_sss.c:829 +#: src/sss_client/pam_sss.c:745 +msgid "" +"No Kerberos TGT granted as the server does not support this method. Your " +"single-sign on(SSO) experience will be affected." +msgstr "" + +#: src/sss_client/pam_sss.c:835 src/sss_client/pam_sss.c:848 msgid "Password change failed. " msgstr "パスワードの変更に失敗しました。 " -#: src/sss_client/pam_sss.c:1797 +#: src/sss_client/pam_sss.c:1819 #, c-format msgid "Authenticate at %1$s and press ENTER." msgstr "%1$s で認証し、ENTER を押します。" -#: src/sss_client/pam_sss.c:1800 +#: src/sss_client/pam_sss.c:1822 #, c-format msgid "Authenticate with PIN %1$s at %2$s and press ENTER." msgstr "%2$s で PIN %1$s を使用して認証し、ENTER を押します。" -#: src/sss_client/pam_sss.c:2153 +#: src/sss_client/pam_sss.c:2181 msgid "Please (re)insert (different) Smartcard" msgstr "(別の)スマートカードを挿入(し直)してください" -#: src/sss_client/pam_sss.c:2352 +#: src/sss_client/pam_sss.c:2380 msgid "New Password: " msgstr "新しいパスワード: " -#: src/sss_client/pam_sss.c:2353 +#: src/sss_client/pam_sss.c:2381 msgid "Reenter new Password: " msgstr "新しいパスワードの再入力: " -#: src/sss_client/pam_sss.c:2523 src/sss_client/pam_sss.c:2526 +#: src/sss_client/pam_sss.c:2551 src/sss_client/pam_sss.c:2554 msgid "First Factor: " msgstr "1 番目の要素: " -#: src/sss_client/pam_sss.c:2524 src/sss_client/pam_sss.c:2707 +#: src/sss_client/pam_sss.c:2552 src/sss_client/pam_sss.c:2740 msgid "Second Factor (optional): " msgstr "2 番目の要素 (オプション): " -#: src/sss_client/pam_sss.c:2527 src/sss_client/pam_sss.c:2710 +#: src/sss_client/pam_sss.c:2555 src/sss_client/pam_sss.c:2743 msgid "Second Factor: " msgstr "2 番目の要素: " -#: src/sss_client/pam_sss.c:2547 +#: src/sss_client/pam_sss.c:2575 msgid "Insert your passkey device, then press ENTER." msgstr "パスキーデバイスを挿入し、ENTER キーを押します。" -#: src/sss_client/pam_sss.c:2551 src/sss_client/pam_sss.c:2554 +#: src/sss_client/pam_sss.c:2579 src/sss_client/pam_sss.c:2587 msgid "Password: " msgstr "パスワード: " -#: src/sss_client/pam_sss.c:2706 src/sss_client/pam_sss.c:2709 +#: src/sss_client/pam_sss.c:2739 src/sss_client/pam_sss.c:2742 msgid "First Factor (Current Password): " msgstr "1 番目の要素 (現在のパスワード): " -#: src/sss_client/pam_sss.c:2713 +#: src/sss_client/pam_sss.c:2746 msgid "Current Password: " msgstr "現在のパスワード: " -#: src/sss_client/pam_sss.c:3070 +#: src/sss_client/pam_sss.c:3103 msgid "Password expired. Change your password now." msgstr "パスワードの期限が切れました。いますぐパスワードを変更してください。" diff --git a/po/ka.po b/po/ka.po index 110a0092673..29fc2ae1645 100644 --- a/po/ka.po +++ b/po/ka.po @@ -6,7 +6,7 @@ msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" -"POT-Creation-Date: 2023-05-05 10:11+0200\n" +"POT-Creation-Date: 2023-09-07 11:48+0200\n" "PO-Revision-Date: 2023-06-04 04:20+0000\n" "Last-Translator: Temuri Doghonadze \n" "Language-Team: Georgian \n" "Language-Team: Korean 에서 실행 중, root여야 합니다\n" msgid "SSSD is already running\n" msgstr "SSSD가 이미 실행되고 있습니다\n" -#: src/providers/krb5/krb5_child.c:4007 src/providers/ldap/ldap_child.c:641 +#: src/providers/krb5/krb5_child.c:4027 src/providers/ldap/ldap_child.c:642 msgid "Allow core dumps" msgstr "코어 덤프 허용" -#: src/providers/krb5/krb5_child.c:4009 src/providers/ldap/ldap_child.c:643 +#: src/providers/krb5/krb5_child.c:4029 src/providers/ldap/ldap_child.c:644 msgid "An open file descriptor for the debug logs" msgstr "디버그 로그의 오픈 파일 설명자" -#: src/providers/krb5/krb5_child.c:4012 +#: src/providers/krb5/krb5_child.c:4032 msgid "The user to create FAST ccache as" msgstr "FAST ccache를 생성할 사용자" -#: src/providers/krb5/krb5_child.c:4014 +#: src/providers/krb5/krb5_child.c:4034 msgid "The group to create FAST ccache as" msgstr "FAST ccache를 생성할 그룹" -#: src/providers/krb5/krb5_child.c:4016 +#: src/providers/krb5/krb5_child.c:4036 msgid "Use anonymous PKINIT to request FAST armor ticket" msgstr "익명의 PKINIT를 사용하여 FAST 강화된 티켓을 요청합니다" -#: src/providers/krb5/krb5_child.c:4018 +#: src/providers/krb5/krb5_child.c:4038 msgid "Kerberos realm to use" msgstr "사용할 Kerberos 영역" -#: src/providers/krb5/krb5_child.c:4020 +#: src/providers/krb5/krb5_child.c:4040 msgid "Requested lifetime of the ticket" msgstr "티켓의 요청된 수명" -#: src/providers/krb5/krb5_child.c:4022 +#: src/providers/krb5/krb5_child.c:4042 msgid "Requested renewable lifetime of the ticket" msgstr "티켓의 요청된 재생 가능 수명" -#: src/providers/krb5/krb5_child.c:4024 +#: src/providers/krb5/krb5_child.c:4044 msgid "FAST options ('never', 'try', 'demand')" msgstr "FAST 옵션 ('never', 'try', 'demand')" -#: src/providers/krb5/krb5_child.c:4027 +#: src/providers/krb5/krb5_child.c:4047 msgid "Specifies the server principal to use for FAST" msgstr "FAST에 사용할 서버 주체를 지정" -#: src/providers/krb5/krb5_child.c:4029 +#: src/providers/krb5/krb5_child.c:4049 msgid "Requests canonicalization of the principal name" msgstr "주체 이름의 정규화 요청" -#: src/providers/krb5/krb5_child.c:4031 +#: src/providers/krb5/krb5_child.c:4051 msgid "Use custom version of krb5_get_init_creds_password" msgstr "krb5_get_init_creds_password의 사용자 지정 버전 사용" -#: src/providers/krb5/krb5_child.c:4033 +#: src/providers/krb5/krb5_child.c:4053 msgid "Tevent chain ID used for logging purposes" msgstr "로깅 목적을 위해 사용되는 T이벤트 체인 ID" -#: src/providers/krb5/krb5_child.c:4035 +#: src/providers/krb5/krb5_child.c:4055 msgid "Check PAC flags" msgstr "PAC 플래그 점검" -#: src/providers/krb5/krb5_child.c:4079 src/providers/ldap/ldap_child.c:669 +#: src/providers/krb5/krb5_child.c:4099 src/providers/ldap/ldap_child.c:670 msgid "talloc_asprintf failed.\n" msgstr "blockoc_asprintf에 실패했습니다.\n" -#: src/providers/krb5/krb5_child.c:4089 src/providers/ldap/ldap_child.c:678 +#: src/providers/krb5/krb5_child.c:4109 src/providers/ldap/ldap_child.c:679 msgid "set_debug_file_from_fd failed.\n" msgstr "set_debug_file_from_fd가 실패했습니다.\n" @@ -2054,120 +2058,132 @@ msgstr "오류 설명을 찾는 동안 예기치 않은 오류 발생" msgid "Permission denied. " msgstr "권한이 거부되었습니다. " -#: src/sss_client/pam_sss.c:70 src/sss_client/pam_sss.c:819 -#: src/sss_client/pam_sss.c:830 +#: src/sss_client/pam_sss.c:70 src/sss_client/pam_sss.c:838 +#: src/sss_client/pam_sss.c:849 msgid "Server message: " msgstr "서버 메시지: " #: src/sss_client/pam_sss.c:71 +msgid "" +"Kerberos TGT will not be granted upon login, user experience will be " +"affected." +msgstr "" + +#: src/sss_client/pam_sss.c:72 msgid "Enter PIN:" msgstr "PIN 입력:" -#: src/sss_client/pam_sss.c:314 +#: src/sss_client/pam_sss.c:315 msgid "Passwords do not match" msgstr "암호가 일치하지 않습니다" -#: src/sss_client/pam_sss.c:502 +#: src/sss_client/pam_sss.c:503 msgid "Password reset by root is not supported." msgstr "root로 재설정한 암호는 지원되지 않습니다." -#: src/sss_client/pam_sss.c:543 +#: src/sss_client/pam_sss.c:544 msgid "Authenticated with cached credentials" msgstr "캐쉬된 인증 정보로 인증됨" -#: src/sss_client/pam_sss.c:544 +#: src/sss_client/pam_sss.c:545 msgid ", your cached password will expire at: " msgstr ", 당신의 캐쉬된 비밀번호는 다음에 만료됩니다.: " -#: src/sss_client/pam_sss.c:574 +#: src/sss_client/pam_sss.c:575 #, c-format msgid "Your password has expired. You have %1$d grace login(s) remaining." msgstr "암호가 만료되었습니다. %1$d 유예 로그인이 남아 있습니다." -#: src/sss_client/pam_sss.c:624 +#: src/sss_client/pam_sss.c:625 #, c-format msgid "Your password will expire in %1$d %2$s." msgstr "암호는 %1$d %2$s에 만료됩니다." -#: src/sss_client/pam_sss.c:627 +#: src/sss_client/pam_sss.c:628 #, c-format msgid "Your password has expired." msgstr "당신의 비밀번호가 만료되었습니다." -#: src/sss_client/pam_sss.c:678 +#: src/sss_client/pam_sss.c:679 msgid "Authentication is denied until: " msgstr "인증은 다음 기간까지 거부됩니다. " -#: src/sss_client/pam_sss.c:699 +#: src/sss_client/pam_sss.c:700 msgid "System is offline, password change not possible" msgstr "시스템이 오프라인 상태이며 암호가 변경될 수 없습니다" -#: src/sss_client/pam_sss.c:714 +#: src/sss_client/pam_sss.c:715 msgid "" "After changing the OTP password, you need to log out and back in order to " "acquire a ticket" msgstr "" "OTP 암호를 변경한 후 티켓을 받으려면 로그아웃한 후 다시 로그인해야 합니다" -#: src/sss_client/pam_sss.c:729 +#: src/sss_client/pam_sss.c:730 msgid "PIN locked" msgstr "PIN 잠금" -#: src/sss_client/pam_sss.c:816 src/sss_client/pam_sss.c:829 +#: src/sss_client/pam_sss.c:745 +msgid "" +"No Kerberos TGT granted as the server does not support this method. Your " +"single-sign on(SSO) experience will be affected." +msgstr "" + +#: src/sss_client/pam_sss.c:835 src/sss_client/pam_sss.c:848 msgid "Password change failed. " msgstr "비밀번호 변경에 실패함. " -#: src/sss_client/pam_sss.c:1797 +#: src/sss_client/pam_sss.c:1819 #, c-format msgid "Authenticate at %1$s and press ENTER." msgstr "%1$s에 인증하고 ENTER를 누릅니다." -#: src/sss_client/pam_sss.c:1800 +#: src/sss_client/pam_sss.c:1822 #, c-format msgid "Authenticate with PIN %1$s at %2$s and press ENTER." msgstr "PIN %1$s(%2$s에서)으로 인증하고 ENTER를 누릅니다." -#: src/sss_client/pam_sss.c:2153 +#: src/sss_client/pam_sss.c:2181 msgid "Please (re)insert (different) Smartcard" msgstr "다른 스마트카드를 (다시)입력해 주세요" -#: src/sss_client/pam_sss.c:2352 +#: src/sss_client/pam_sss.c:2380 msgid "New Password: " msgstr "신규 암호: " -#: src/sss_client/pam_sss.c:2353 +#: src/sss_client/pam_sss.c:2381 msgid "Reenter new Password: " msgstr "신규 암호 재입력: " -#: src/sss_client/pam_sss.c:2523 src/sss_client/pam_sss.c:2526 +#: src/sss_client/pam_sss.c:2551 src/sss_client/pam_sss.c:2554 msgid "First Factor: " msgstr "첫 번째 요인: " -#: src/sss_client/pam_sss.c:2524 src/sss_client/pam_sss.c:2707 +#: src/sss_client/pam_sss.c:2552 src/sss_client/pam_sss.c:2740 msgid "Second Factor (optional): " msgstr "두 번째 요인(선택 사항): " -#: src/sss_client/pam_sss.c:2527 src/sss_client/pam_sss.c:2710 +#: src/sss_client/pam_sss.c:2555 src/sss_client/pam_sss.c:2743 msgid "Second Factor: " msgstr "두 번째 요인: " -#: src/sss_client/pam_sss.c:2547 +#: src/sss_client/pam_sss.c:2575 msgid "Insert your passkey device, then press ENTER." msgstr "자신의 패스키 장치를 넣고, 그런 후에 Enter를 눌러주세요." -#: src/sss_client/pam_sss.c:2551 src/sss_client/pam_sss.c:2554 +#: src/sss_client/pam_sss.c:2579 src/sss_client/pam_sss.c:2587 msgid "Password: " msgstr "비밀번호: " -#: src/sss_client/pam_sss.c:2706 src/sss_client/pam_sss.c:2709 +#: src/sss_client/pam_sss.c:2739 src/sss_client/pam_sss.c:2742 msgid "First Factor (Current Password): " msgstr "첫 번째 요인 (현재 암호): " -#: src/sss_client/pam_sss.c:2713 +#: src/sss_client/pam_sss.c:2746 msgid "Current Password: " msgstr "현재 암호: " -#: src/sss_client/pam_sss.c:3070 +#: src/sss_client/pam_sss.c:3103 msgid "Password expired. Change your password now." msgstr "암호가 만료되었습니다. 지금 암호를 변경하십시오." diff --git a/po/nb.po b/po/nb.po index 28e26c26694..11856f4582e 100644 --- a/po/nb.po +++ b/po/nb.po @@ -8,7 +8,7 @@ msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" -"POT-Creation-Date: 2023-05-05 10:11+0200\n" +"POT-Creation-Date: 2023-09-07 11:48+0200\n" "PO-Revision-Date: 2014-12-14 11:46-0500\n" "Last-Translator: Copied by Zanata \n" "Language-Team: Norwegian Bokmål (http://www.transifex.com/projects/p/sssd/" @@ -588,12 +588,12 @@ msgid "Whether to automatically update the client's DNS entry" msgstr "" #: src/config/SSSDConfig/sssdoptions.py:201 -#: src/config/SSSDConfig/sssdoptions.py:233 +#: src/config/SSSDConfig/sssdoptions.py:234 msgid "The TTL to apply to the client's DNS entry after updating it" msgstr "" #: src/config/SSSDConfig/sssdoptions.py:202 -#: src/config/SSSDConfig/sssdoptions.py:234 +#: src/config/SSSDConfig/sssdoptions.py:235 msgid "The interface whose IP should be used for dynamic DNS updates" msgstr "" @@ -677,1162 +677,1166 @@ msgid "" "(long term password) must have to be saved as SHA512 hash into the cache." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:228 +#: src/config/SSSDConfig/sssdoptions.py:226 +msgid "Local authentication methods policy " +msgstr "" + +#: src/config/SSSDConfig/sssdoptions.py:229 msgid "IPA domain" msgstr "IPA-domene" -#: src/config/SSSDConfig/sssdoptions.py:229 +#: src/config/SSSDConfig/sssdoptions.py:230 msgid "IPA server address" msgstr "IPA-tjeneradresse" -#: src/config/SSSDConfig/sssdoptions.py:230 +#: src/config/SSSDConfig/sssdoptions.py:231 msgid "Address of backup IPA server" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:231 +#: src/config/SSSDConfig/sssdoptions.py:232 msgid "IPA client hostname" msgstr "Vertsnavn for IPA-klient" -#: src/config/SSSDConfig/sssdoptions.py:232 +#: src/config/SSSDConfig/sssdoptions.py:233 msgid "Whether to automatically update the client's DNS entry in FreeIPA" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:235 +#: src/config/SSSDConfig/sssdoptions.py:236 msgid "Search base for HBAC related objects" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:236 +#: src/config/SSSDConfig/sssdoptions.py:237 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:237 +#: src/config/SSSDConfig/sssdoptions.py:238 msgid "" "The amount of time in seconds between lookups of the SELinux maps against " "the IPA server" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:239 +#: src/config/SSSDConfig/sssdoptions.py:240 msgid "If set to false, host argument given by PAM will be ignored" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:240 +#: src/config/SSSDConfig/sssdoptions.py:241 msgid "The automounter location this IPA client is using" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:241 +#: src/config/SSSDConfig/sssdoptions.py:242 msgid "Search base for object containing info about IPA domain" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:242 +#: src/config/SSSDConfig/sssdoptions.py:243 msgid "Search base for objects containing info about ID ranges" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:243 -#: src/config/SSSDConfig/sssdoptions.py:299 +#: src/config/SSSDConfig/sssdoptions.py:244 +#: src/config/SSSDConfig/sssdoptions.py:300 msgid "Enable DNS sites - location based service discovery" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:244 +#: src/config/SSSDConfig/sssdoptions.py:245 msgid "Search base for view containers" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:245 +#: src/config/SSSDConfig/sssdoptions.py:246 msgid "Objectclass for view containers" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:246 +#: src/config/SSSDConfig/sssdoptions.py:247 msgid "Attribute with the name of the view" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:247 +#: src/config/SSSDConfig/sssdoptions.py:248 msgid "Objectclass for override objects" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:248 +#: src/config/SSSDConfig/sssdoptions.py:249 msgid "Attribute with the reference to the original object" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:249 +#: src/config/SSSDConfig/sssdoptions.py:250 msgid "Objectclass for user override objects" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:250 +#: src/config/SSSDConfig/sssdoptions.py:251 msgid "Objectclass for group override objects" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:251 +#: src/config/SSSDConfig/sssdoptions.py:252 msgid "Search base for Desktop Profile related objects" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:252 +#: src/config/SSSDConfig/sssdoptions.py:253 msgid "" "The amount of time in seconds between lookups of the Desktop Profile rules " "against the IPA server" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:254 +#: src/config/SSSDConfig/sssdoptions.py:255 msgid "" "The amount of time in minutes between lookups of Desktop Profiles rules " "against the IPA server when the last request did not find any rule" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:257 +#: src/config/SSSDConfig/sssdoptions.py:258 msgid "Search base for SUBID ranges" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:258 -#: src/config/SSSDConfig/sssdoptions.py:501 +#: src/config/SSSDConfig/sssdoptions.py:259 +#: src/config/SSSDConfig/sssdoptions.py:502 msgid "Which rules should be used to evaluate access control" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:259 +#: src/config/SSSDConfig/sssdoptions.py:260 msgid "The LDAP attribute that contains FQDN of the host." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:260 -#: src/config/SSSDConfig/sssdoptions.py:283 +#: src/config/SSSDConfig/sssdoptions.py:261 +#: src/config/SSSDConfig/sssdoptions.py:284 msgid "The object class of a host entry in LDAP." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:261 +#: src/config/SSSDConfig/sssdoptions.py:262 msgid "Use the given string as search base for host objects." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:262 +#: src/config/SSSDConfig/sssdoptions.py:263 msgid "The LDAP attribute that contains the host's SSH public keys." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:263 +#: src/config/SSSDConfig/sssdoptions.py:264 msgid "The LDAP attribute that contains NIS domain name of the netgroup." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:264 +#: src/config/SSSDConfig/sssdoptions.py:265 msgid "The LDAP attribute that contains the names of the netgroup's members." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:265 +#: src/config/SSSDConfig/sssdoptions.py:266 msgid "" "The LDAP attribute that lists FQDNs of hosts and host groups that are " "members of the netgroup." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:267 +#: src/config/SSSDConfig/sssdoptions.py:268 msgid "" "The LDAP attribute that lists hosts and host groups that are direct members " "of the netgroup." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:269 +#: src/config/SSSDConfig/sssdoptions.py:270 msgid "The LDAP attribute that lists netgroup's memberships." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:270 +#: src/config/SSSDConfig/sssdoptions.py:271 msgid "" "The LDAP attribute that lists system users and groups that are direct " "members of the netgroup." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:272 +#: src/config/SSSDConfig/sssdoptions.py:273 msgid "The LDAP attribute that corresponds to the netgroup name." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:273 +#: src/config/SSSDConfig/sssdoptions.py:274 msgid "The object class of a netgroup entry in LDAP." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:274 +#: src/config/SSSDConfig/sssdoptions.py:275 msgid "" "The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:275 +#: src/config/SSSDConfig/sssdoptions.py:276 msgid "" "The LDAP attribute that contains whether or not is user map enabled for " "usage." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:277 +#: src/config/SSSDConfig/sssdoptions.py:278 msgid "The LDAP attribute that contains host category such as 'all'." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:278 +#: src/config/SSSDConfig/sssdoptions.py:279 msgid "" "The LDAP attribute that contains all hosts / hostgroups this rule match " "against." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:280 +#: src/config/SSSDConfig/sssdoptions.py:281 msgid "" "The LDAP attribute that contains all users / groups this rule match against." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:282 +#: src/config/SSSDConfig/sssdoptions.py:283 msgid "The LDAP attribute that contains the name of SELinux usermap." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:284 +#: src/config/SSSDConfig/sssdoptions.py:285 msgid "" "The LDAP attribute that contains DN of HBAC rule which can be used for " "matching instead of memberUser and memberHost." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:286 +#: src/config/SSSDConfig/sssdoptions.py:287 msgid "The LDAP attribute that contains SELinux user string itself." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:287 +#: src/config/SSSDConfig/sssdoptions.py:288 msgid "The LDAP attribute that contains user category such as 'all'." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:288 +#: src/config/SSSDConfig/sssdoptions.py:289 msgid "The LDAP attribute that contains unique ID of the user map." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:289 +#: src/config/SSSDConfig/sssdoptions.py:290 msgid "" "The option denotes that the SSSD is running on IPA server and should perform " "lookups of users and groups from trusted domains differently." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:291 +#: src/config/SSSDConfig/sssdoptions.py:292 msgid "Use the given string as search base for trusted domains." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:294 +#: src/config/SSSDConfig/sssdoptions.py:295 msgid "Active Directory domain" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:295 +#: src/config/SSSDConfig/sssdoptions.py:296 msgid "Enabled Active Directory domains" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:296 +#: src/config/SSSDConfig/sssdoptions.py:297 msgid "Active Directory server address" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:297 +#: src/config/SSSDConfig/sssdoptions.py:298 msgid "Active Directory backup server address" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:298 +#: src/config/SSSDConfig/sssdoptions.py:299 msgid "Active Directory client hostname" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:300 -#: src/config/SSSDConfig/sssdoptions.py:499 +#: src/config/SSSDConfig/sssdoptions.py:301 +#: src/config/SSSDConfig/sssdoptions.py:500 msgid "LDAP filter to determine access privileges" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:301 +#: src/config/SSSDConfig/sssdoptions.py:302 msgid "Whether to use the Global Catalog for lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:302 +#: src/config/SSSDConfig/sssdoptions.py:303 msgid "Operation mode for GPO-based access control" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:303 +#: src/config/SSSDConfig/sssdoptions.py:304 msgid "" "The amount of time between lookups of the GPO policy files against the AD " "server" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:304 +#: src/config/SSSDConfig/sssdoptions.py:305 msgid "" "PAM service names that map to the GPO (Deny)InteractiveLogonRight policy " "settings" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:306 +#: src/config/SSSDConfig/sssdoptions.py:307 msgid "" "PAM service names that map to the GPO (Deny)RemoteInteractiveLogonRight " "policy settings" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:308 +#: src/config/SSSDConfig/sssdoptions.py:309 msgid "" "PAM service names that map to the GPO (Deny)NetworkLogonRight policy settings" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:309 +#: src/config/SSSDConfig/sssdoptions.py:310 msgid "" "PAM service names that map to the GPO (Deny)BatchLogonRight policy settings" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:310 +#: src/config/SSSDConfig/sssdoptions.py:311 msgid "" "PAM service names that map to the GPO (Deny)ServiceLogonRight policy settings" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:311 +#: src/config/SSSDConfig/sssdoptions.py:312 msgid "PAM service names for which GPO-based access is always granted" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:312 +#: src/config/SSSDConfig/sssdoptions.py:313 msgid "PAM service names for which GPO-based access is always denied" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:313 +#: src/config/SSSDConfig/sssdoptions.py:314 msgid "" "Default logon right (or permit/deny) to use for unmapped PAM service names" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:314 +#: src/config/SSSDConfig/sssdoptions.py:315 msgid "a particular site to be used by the client" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:315 +#: src/config/SSSDConfig/sssdoptions.py:316 msgid "" "Maximum age in days before the machine account password should be renewed" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:317 +#: src/config/SSSDConfig/sssdoptions.py:318 msgid "Option for tuning the machine account renewal task" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:318 +#: src/config/SSSDConfig/sssdoptions.py:319 msgid "Whether to update the machine account password in the Samba database" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:320 +#: src/config/SSSDConfig/sssdoptions.py:321 msgid "Use LDAPS port for LDAP and Global Catalog requests" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:321 +#: src/config/SSSDConfig/sssdoptions.py:322 msgid "Do not filter domain local groups from other domains" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:324 #: src/config/SSSDConfig/sssdoptions.py:325 +#: src/config/SSSDConfig/sssdoptions.py:326 msgid "Kerberos server address" msgstr "Tjeneradresse for Kerberos" -#: src/config/SSSDConfig/sssdoptions.py:326 +#: src/config/SSSDConfig/sssdoptions.py:327 msgid "Kerberos backup server address" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:327 +#: src/config/SSSDConfig/sssdoptions.py:328 msgid "Kerberos realm" msgstr "Kerberos-område" -#: src/config/SSSDConfig/sssdoptions.py:328 +#: src/config/SSSDConfig/sssdoptions.py:329 msgid "Authentication timeout" msgstr "Tidsavbrudd for autentisering" -#: src/config/SSSDConfig/sssdoptions.py:329 +#: src/config/SSSDConfig/sssdoptions.py:330 msgid "Whether to create kdcinfo files" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:330 +#: src/config/SSSDConfig/sssdoptions.py:331 msgid "Where to drop krb5 config snippets" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:333 +#: src/config/SSSDConfig/sssdoptions.py:334 msgid "Directory to store credential caches" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:334 +#: src/config/SSSDConfig/sssdoptions.py:335 msgid "Location of the user's credential cache" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:335 +#: src/config/SSSDConfig/sssdoptions.py:336 msgid "Location of the keytab to validate credentials" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:336 +#: src/config/SSSDConfig/sssdoptions.py:337 msgid "Enable credential validation" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:337 +#: src/config/SSSDConfig/sssdoptions.py:338 msgid "Store password if offline for later online authentication" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:338 +#: src/config/SSSDConfig/sssdoptions.py:339 msgid "Renewable lifetime of the TGT" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:339 +#: src/config/SSSDConfig/sssdoptions.py:340 msgid "Lifetime of the TGT" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:340 +#: src/config/SSSDConfig/sssdoptions.py:341 msgid "Time between two checks for renewal" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:341 +#: src/config/SSSDConfig/sssdoptions.py:342 msgid "Enables FAST" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:342 +#: src/config/SSSDConfig/sssdoptions.py:343 msgid "Selects the principal to use for FAST" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:343 +#: src/config/SSSDConfig/sssdoptions.py:344 msgid "Use anonymous PKINIT to request FAST credentials" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:344 +#: src/config/SSSDConfig/sssdoptions.py:345 msgid "Enables principal canonicalization" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:345 +#: src/config/SSSDConfig/sssdoptions.py:346 msgid "Enables enterprise principals" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:346 +#: src/config/SSSDConfig/sssdoptions.py:347 msgid "Enables using of subdomains realms for authentication" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:347 +#: src/config/SSSDConfig/sssdoptions.py:348 msgid "A mapping from user names to Kerberos principal names" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:350 #: src/config/SSSDConfig/sssdoptions.py:351 +#: src/config/SSSDConfig/sssdoptions.py:352 msgid "Server where the change password service is running if not on the KDC" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:354 +#: src/config/SSSDConfig/sssdoptions.py:355 msgid "ldap_uri, The URI of the LDAP server" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:355 +#: src/config/SSSDConfig/sssdoptions.py:356 msgid "ldap_backup_uri, The URI of the LDAP server" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:356 +#: src/config/SSSDConfig/sssdoptions.py:357 msgid "The default base DN" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:357 +#: src/config/SSSDConfig/sssdoptions.py:358 msgid "The Schema Type in use on the LDAP server, rfc2307" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:358 +#: src/config/SSSDConfig/sssdoptions.py:359 msgid "Mode used to change user password" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:359 +#: src/config/SSSDConfig/sssdoptions.py:360 msgid "The default bind DN" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:360 +#: src/config/SSSDConfig/sssdoptions.py:361 msgid "The type of the authentication token of the default bind DN" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:361 +#: src/config/SSSDConfig/sssdoptions.py:362 msgid "The authentication token of the default bind DN" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:362 +#: src/config/SSSDConfig/sssdoptions.py:363 msgid "Length of time to attempt connection" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:363 +#: src/config/SSSDConfig/sssdoptions.py:364 msgid "Length of time to attempt synchronous LDAP operations" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:364 +#: src/config/SSSDConfig/sssdoptions.py:365 msgid "Length of time between attempts to reconnect while offline" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:365 +#: src/config/SSSDConfig/sssdoptions.py:366 msgid "Use only the upper case for realm names" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:366 +#: src/config/SSSDConfig/sssdoptions.py:367 msgid "File that contains CA certificates" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:367 +#: src/config/SSSDConfig/sssdoptions.py:368 msgid "Path to CA certificate directory" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:368 +#: src/config/SSSDConfig/sssdoptions.py:369 msgid "File that contains the client certificate" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:369 +#: src/config/SSSDConfig/sssdoptions.py:370 msgid "File that contains the client key" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:370 +#: src/config/SSSDConfig/sssdoptions.py:371 msgid "List of possible ciphers suites" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:371 +#: src/config/SSSDConfig/sssdoptions.py:372 msgid "Require TLS certificate verification" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:372 +#: src/config/SSSDConfig/sssdoptions.py:373 msgid "Specify the sasl mechanism to use" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:373 +#: src/config/SSSDConfig/sssdoptions.py:374 msgid "Specify the sasl authorization id to use" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:374 +#: src/config/SSSDConfig/sssdoptions.py:375 msgid "Specify the sasl authorization realm to use" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:375 +#: src/config/SSSDConfig/sssdoptions.py:376 msgid "Specify the minimal SSF for LDAP sasl authorization" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:376 +#: src/config/SSSDConfig/sssdoptions.py:377 msgid "Specify the maximal SSF for LDAP sasl authorization" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:377 +#: src/config/SSSDConfig/sssdoptions.py:378 msgid "Kerberos service keytab" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:378 +#: src/config/SSSDConfig/sssdoptions.py:379 msgid "Use Kerberos auth for LDAP connection" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:379 +#: src/config/SSSDConfig/sssdoptions.py:380 msgid "Follow LDAP referrals" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:380 +#: src/config/SSSDConfig/sssdoptions.py:381 msgid "Lifetime of TGT for LDAP connection" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:381 +#: src/config/SSSDConfig/sssdoptions.py:382 msgid "How to dereference aliases" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:382 +#: src/config/SSSDConfig/sssdoptions.py:383 msgid "Service name for DNS service lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:383 +#: src/config/SSSDConfig/sssdoptions.py:384 msgid "The number of records to retrieve in a single LDAP query" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:384 +#: src/config/SSSDConfig/sssdoptions.py:385 msgid "The number of members that must be missing to trigger a full deref" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:385 +#: src/config/SSSDConfig/sssdoptions.py:386 msgid "Ignore unreadable LDAP references" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:386 +#: src/config/SSSDConfig/sssdoptions.py:387 msgid "" "Whether the LDAP library should perform a reverse lookup to canonicalize the " "host name during a SASL bind" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:388 +#: src/config/SSSDConfig/sssdoptions.py:389 msgid "" "Allows to retain local users as members of an LDAP group for servers that " "use the RFC2307 schema." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:391 +#: src/config/SSSDConfig/sssdoptions.py:392 msgid "entryUSN attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:392 +#: src/config/SSSDConfig/sssdoptions.py:393 msgid "lastUSN attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:394 +#: src/config/SSSDConfig/sssdoptions.py:395 msgid "How long to retain a connection to the LDAP server before disconnecting" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:397 +#: src/config/SSSDConfig/sssdoptions.py:398 msgid "Disable the LDAP paging control" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:398 +#: src/config/SSSDConfig/sssdoptions.py:399 msgid "Disable Active Directory range retrieval" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:401 +#: src/config/SSSDConfig/sssdoptions.py:402 msgid "Length of time to wait for a search request" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:402 +#: src/config/SSSDConfig/sssdoptions.py:403 msgid "Length of time to wait for a enumeration request" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:403 +#: src/config/SSSDConfig/sssdoptions.py:404 msgid "Length of time between enumeration updates" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:404 +#: src/config/SSSDConfig/sssdoptions.py:405 msgid "Maximum period deviation between enumeration updates" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:405 +#: src/config/SSSDConfig/sssdoptions.py:406 msgid "Length of time between cache cleanups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:406 +#: src/config/SSSDConfig/sssdoptions.py:407 msgid "Maximum time deviation between cache cleanups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:407 +#: src/config/SSSDConfig/sssdoptions.py:408 msgid "Require TLS for ID lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:408 +#: src/config/SSSDConfig/sssdoptions.py:409 msgid "Use ID-mapping of objectSID instead of pre-set IDs" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:409 +#: src/config/SSSDConfig/sssdoptions.py:410 msgid "Base DN for user lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:410 +#: src/config/SSSDConfig/sssdoptions.py:411 msgid "Scope of user lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:411 +#: src/config/SSSDConfig/sssdoptions.py:412 msgid "Filter for user lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:412 +#: src/config/SSSDConfig/sssdoptions.py:413 msgid "Objectclass for users" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:413 +#: src/config/SSSDConfig/sssdoptions.py:414 msgid "Username attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:414 +#: src/config/SSSDConfig/sssdoptions.py:415 msgid "UID attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:415 +#: src/config/SSSDConfig/sssdoptions.py:416 msgid "Primary GID attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:416 +#: src/config/SSSDConfig/sssdoptions.py:417 msgid "GECOS attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:417 +#: src/config/SSSDConfig/sssdoptions.py:418 msgid "Home directory attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:418 +#: src/config/SSSDConfig/sssdoptions.py:419 msgid "Shell attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:419 +#: src/config/SSSDConfig/sssdoptions.py:420 msgid "UUID attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:420 -#: src/config/SSSDConfig/sssdoptions.py:459 +#: src/config/SSSDConfig/sssdoptions.py:421 +#: src/config/SSSDConfig/sssdoptions.py:460 msgid "objectSID attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:421 +#: src/config/SSSDConfig/sssdoptions.py:422 msgid "Active Directory primary group attribute for ID-mapping" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:422 +#: src/config/SSSDConfig/sssdoptions.py:423 msgid "User principal attribute (for Kerberos)" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:423 +#: src/config/SSSDConfig/sssdoptions.py:424 msgid "Full Name" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:424 +#: src/config/SSSDConfig/sssdoptions.py:425 msgid "memberOf attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:425 +#: src/config/SSSDConfig/sssdoptions.py:426 msgid "Modification time attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:426 +#: src/config/SSSDConfig/sssdoptions.py:427 msgid "shadowLastChange attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:427 +#: src/config/SSSDConfig/sssdoptions.py:428 msgid "shadowMin attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:428 +#: src/config/SSSDConfig/sssdoptions.py:429 msgid "shadowMax attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:429 +#: src/config/SSSDConfig/sssdoptions.py:430 msgid "shadowWarning attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:430 +#: src/config/SSSDConfig/sssdoptions.py:431 msgid "shadowInactive attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:431 +#: src/config/SSSDConfig/sssdoptions.py:432 msgid "shadowExpire attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:432 +#: src/config/SSSDConfig/sssdoptions.py:433 msgid "shadowFlag attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:433 +#: src/config/SSSDConfig/sssdoptions.py:434 msgid "Attribute listing authorized PAM services" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:434 +#: src/config/SSSDConfig/sssdoptions.py:435 msgid "Attribute listing authorized server hosts" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:435 +#: src/config/SSSDConfig/sssdoptions.py:436 msgid "Attribute listing authorized server rhosts" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:436 +#: src/config/SSSDConfig/sssdoptions.py:437 msgid "krbLastPwdChange attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:437 +#: src/config/SSSDConfig/sssdoptions.py:438 msgid "krbPasswordExpiration attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:438 +#: src/config/SSSDConfig/sssdoptions.py:439 msgid "Attribute indicating that server side password policies are active" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:439 +#: src/config/SSSDConfig/sssdoptions.py:440 msgid "accountExpires attribute of AD" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:440 +#: src/config/SSSDConfig/sssdoptions.py:441 msgid "userAccountControl attribute of AD" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:441 +#: src/config/SSSDConfig/sssdoptions.py:442 msgid "nsAccountLock attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:442 +#: src/config/SSSDConfig/sssdoptions.py:443 msgid "loginDisabled attribute of NDS" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:443 +#: src/config/SSSDConfig/sssdoptions.py:444 msgid "loginExpirationTime attribute of NDS" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:444 +#: src/config/SSSDConfig/sssdoptions.py:445 msgid "loginAllowedTimeMap attribute of NDS" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:445 +#: src/config/SSSDConfig/sssdoptions.py:446 msgid "SSH public key attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:446 +#: src/config/SSSDConfig/sssdoptions.py:447 msgid "attribute listing allowed authentication types for a user" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:447 +#: src/config/SSSDConfig/sssdoptions.py:448 msgid "attribute containing the X509 certificate of the user" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:448 +#: src/config/SSSDConfig/sssdoptions.py:449 msgid "attribute containing the email address of the user" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:449 +#: src/config/SSSDConfig/sssdoptions.py:450 msgid "attribute containing the passkey mapping data of the user" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:450 +#: src/config/SSSDConfig/sssdoptions.py:451 msgid "A list of extra attributes to download along with the user entry" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:452 +#: src/config/SSSDConfig/sssdoptions.py:453 msgid "Base DN for group lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:453 +#: src/config/SSSDConfig/sssdoptions.py:454 msgid "Objectclass for groups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:454 +#: src/config/SSSDConfig/sssdoptions.py:455 msgid "Group name" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:455 +#: src/config/SSSDConfig/sssdoptions.py:456 msgid "Group password" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:456 +#: src/config/SSSDConfig/sssdoptions.py:457 msgid "GID attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:457 +#: src/config/SSSDConfig/sssdoptions.py:458 msgid "Group member attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:458 +#: src/config/SSSDConfig/sssdoptions.py:459 msgid "Group UUID attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:460 +#: src/config/SSSDConfig/sssdoptions.py:461 msgid "Modification time attribute for groups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:461 +#: src/config/SSSDConfig/sssdoptions.py:462 msgid "Type of the group and other flags" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:462 +#: src/config/SSSDConfig/sssdoptions.py:463 msgid "The LDAP group external member attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:463 +#: src/config/SSSDConfig/sssdoptions.py:464 msgid "Maximum nesting level SSSD will follow" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:464 +#: src/config/SSSDConfig/sssdoptions.py:465 msgid "Filter for group lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:465 +#: src/config/SSSDConfig/sssdoptions.py:466 msgid "Scope of group lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:467 +#: src/config/SSSDConfig/sssdoptions.py:468 msgid "Base DN for netgroup lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:468 +#: src/config/SSSDConfig/sssdoptions.py:469 msgid "Objectclass for netgroups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:469 +#: src/config/SSSDConfig/sssdoptions.py:470 msgid "Netgroup name" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:470 +#: src/config/SSSDConfig/sssdoptions.py:471 msgid "Netgroups members attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:471 +#: src/config/SSSDConfig/sssdoptions.py:472 msgid "Netgroup triple attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:472 +#: src/config/SSSDConfig/sssdoptions.py:473 msgid "Modification time attribute for netgroups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:474 +#: src/config/SSSDConfig/sssdoptions.py:475 msgid "Base DN for service lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:475 +#: src/config/SSSDConfig/sssdoptions.py:476 msgid "Objectclass for services" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:476 +#: src/config/SSSDConfig/sssdoptions.py:477 msgid "Service name attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:477 +#: src/config/SSSDConfig/sssdoptions.py:478 msgid "Service port attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:478 +#: src/config/SSSDConfig/sssdoptions.py:479 msgid "Service protocol attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:480 +#: src/config/SSSDConfig/sssdoptions.py:481 msgid "Lower bound for ID-mapping" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:481 +#: src/config/SSSDConfig/sssdoptions.py:482 msgid "Upper bound for ID-mapping" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:482 +#: src/config/SSSDConfig/sssdoptions.py:483 msgid "Number of IDs for each slice when ID-mapping" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:483 +#: src/config/SSSDConfig/sssdoptions.py:484 msgid "Use autorid-compatible algorithm for ID-mapping" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:484 +#: src/config/SSSDConfig/sssdoptions.py:485 msgid "Name of the default domain for ID-mapping" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:485 +#: src/config/SSSDConfig/sssdoptions.py:486 msgid "SID of the default domain for ID-mapping" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:486 +#: src/config/SSSDConfig/sssdoptions.py:487 msgid "Number of secondary slices" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:488 +#: src/config/SSSDConfig/sssdoptions.py:489 msgid "Whether to use Token-Groups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:489 +#: src/config/SSSDConfig/sssdoptions.py:490 msgid "Set lower boundary for allowed IDs from the LDAP server" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:490 +#: src/config/SSSDConfig/sssdoptions.py:491 msgid "Set upper boundary for allowed IDs from the LDAP server" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:491 +#: src/config/SSSDConfig/sssdoptions.py:492 msgid "DN for ppolicy queries" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:492 +#: src/config/SSSDConfig/sssdoptions.py:493 msgid "How many maximum entries to fetch during a wildcard request" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:493 +#: src/config/SSSDConfig/sssdoptions.py:494 msgid "Set libldap debug level" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:496 +#: src/config/SSSDConfig/sssdoptions.py:497 msgid "Policy to evaluate the password expiration" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:500 +#: src/config/SSSDConfig/sssdoptions.py:501 msgid "Which attributes shall be used to evaluate if an account is expired" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:504 +#: src/config/SSSDConfig/sssdoptions.py:505 msgid "URI of an LDAP server where password changes are allowed" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:505 +#: src/config/SSSDConfig/sssdoptions.py:506 msgid "URI of a backup LDAP server where password changes are allowed" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:506 +#: src/config/SSSDConfig/sssdoptions.py:507 msgid "DNS service name for LDAP password change server" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:507 +#: src/config/SSSDConfig/sssdoptions.py:508 msgid "" "Whether to update the ldap_user_shadow_last_change attribute after a " "password change" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:511 +#: src/config/SSSDConfig/sssdoptions.py:512 msgid "Base DN for sudo rules lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:512 +#: src/config/SSSDConfig/sssdoptions.py:513 msgid "Automatic full refresh period" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:513 +#: src/config/SSSDConfig/sssdoptions.py:514 msgid "Automatic smart refresh period" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:514 +#: src/config/SSSDConfig/sssdoptions.py:515 msgid "Smart and full refresh random offset" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:515 +#: src/config/SSSDConfig/sssdoptions.py:516 msgid "Whether to filter rules by hostname, IP addresses and network" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:516 +#: src/config/SSSDConfig/sssdoptions.py:517 msgid "" "Hostnames and/or fully qualified domain names of this machine to filter sudo " "rules" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:517 +#: src/config/SSSDConfig/sssdoptions.py:518 msgid "IPv4 or IPv6 addresses or network of this machine to filter sudo rules" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:518 +#: src/config/SSSDConfig/sssdoptions.py:519 msgid "Whether to include rules that contains netgroup in host attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:519 +#: src/config/SSSDConfig/sssdoptions.py:520 msgid "" "Whether to include rules that contains regular expression in host attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:520 +#: src/config/SSSDConfig/sssdoptions.py:521 msgid "Object class for sudo rules" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:521 +#: src/config/SSSDConfig/sssdoptions.py:522 msgid "Name of attribute that is used as object class for sudo rules" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:522 +#: src/config/SSSDConfig/sssdoptions.py:523 msgid "Sudo rule name" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:523 +#: src/config/SSSDConfig/sssdoptions.py:524 msgid "Sudo rule command attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:524 +#: src/config/SSSDConfig/sssdoptions.py:525 msgid "Sudo rule host attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:525 +#: src/config/SSSDConfig/sssdoptions.py:526 msgid "Sudo rule user attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:526 +#: src/config/SSSDConfig/sssdoptions.py:527 msgid "Sudo rule option attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:527 +#: src/config/SSSDConfig/sssdoptions.py:528 msgid "Sudo rule runas attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:528 +#: src/config/SSSDConfig/sssdoptions.py:529 msgid "Sudo rule runasuser attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:529 +#: src/config/SSSDConfig/sssdoptions.py:530 msgid "Sudo rule runasgroup attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:530 +#: src/config/SSSDConfig/sssdoptions.py:531 msgid "Sudo rule notbefore attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:531 +#: src/config/SSSDConfig/sssdoptions.py:532 msgid "Sudo rule notafter attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:532 +#: src/config/SSSDConfig/sssdoptions.py:533 msgid "Sudo rule order attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:535 +#: src/config/SSSDConfig/sssdoptions.py:536 msgid "Object class for automounter maps" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:536 +#: src/config/SSSDConfig/sssdoptions.py:537 msgid "Automounter map name attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:537 +#: src/config/SSSDConfig/sssdoptions.py:538 msgid "Object class for automounter map entries" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:538 +#: src/config/SSSDConfig/sssdoptions.py:539 msgid "Automounter map entry key attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:539 +#: src/config/SSSDConfig/sssdoptions.py:540 msgid "Automounter map entry value attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:540 +#: src/config/SSSDConfig/sssdoptions.py:541 msgid "Base DN for automounter map lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:541 +#: src/config/SSSDConfig/sssdoptions.py:542 msgid "The name of the automount master map in LDAP." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:544 +#: src/config/SSSDConfig/sssdoptions.py:545 msgid "Base DN for IP hosts lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:545 +#: src/config/SSSDConfig/sssdoptions.py:546 msgid "Object class for IP hosts" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:546 +#: src/config/SSSDConfig/sssdoptions.py:547 msgid "IP host name attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:547 +#: src/config/SSSDConfig/sssdoptions.py:548 msgid "IP host number (address) attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:548 +#: src/config/SSSDConfig/sssdoptions.py:549 msgid "IP host entryUSN attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:549 +#: src/config/SSSDConfig/sssdoptions.py:550 msgid "Base DN for IP networks lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:550 +#: src/config/SSSDConfig/sssdoptions.py:551 msgid "Object class for IP networks" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:551 +#: src/config/SSSDConfig/sssdoptions.py:552 msgid "IP network name attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:552 +#: src/config/SSSDConfig/sssdoptions.py:553 msgid "IP network number (address) attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:553 +#: src/config/SSSDConfig/sssdoptions.py:554 msgid "IP network entryUSN attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:556 +#: src/config/SSSDConfig/sssdoptions.py:557 msgid "Comma separated list of allowed users" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:557 +#: src/config/SSSDConfig/sssdoptions.py:558 msgid "Comma separated list of prohibited users" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:558 +#: src/config/SSSDConfig/sssdoptions.py:559 msgid "" "Comma separated list of groups that are allowed to log in. This applies only " "to groups within this SSSD domain. Local groups are not evaluated." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:560 +#: src/config/SSSDConfig/sssdoptions.py:561 msgid "" "Comma separated list of groups that are explicitly denied access. This " "applies only to groups within this SSSD domain. Local groups are not " "evaluated." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:564 +#: src/config/SSSDConfig/sssdoptions.py:565 msgid "The number of preforked proxy children." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:567 +#: src/config/SSSDConfig/sssdoptions.py:568 msgid "The name of the NSS library to use" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:568 +#: src/config/SSSDConfig/sssdoptions.py:569 msgid "The name of the NSS library to use for hosts and networks lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:569 +#: src/config/SSSDConfig/sssdoptions.py:570 msgid "Whether to look up canonical group name from cache if possible" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:572 +#: src/config/SSSDConfig/sssdoptions.py:573 msgid "PAM stack to use" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:575 +#: src/config/SSSDConfig/sssdoptions.py:576 msgid "Path of passwd file sources." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:576 +#: src/config/SSSDConfig/sssdoptions.py:577 msgid "Path of group file sources." msgstr "" @@ -1881,67 +1885,67 @@ msgstr "" msgid "SSSD is already running\n" msgstr "" -#: src/providers/krb5/krb5_child.c:4007 src/providers/ldap/ldap_child.c:641 +#: src/providers/krb5/krb5_child.c:4027 src/providers/ldap/ldap_child.c:642 msgid "Allow core dumps" msgstr "" -#: src/providers/krb5/krb5_child.c:4009 src/providers/ldap/ldap_child.c:643 +#: src/providers/krb5/krb5_child.c:4029 src/providers/ldap/ldap_child.c:644 msgid "An open file descriptor for the debug logs" msgstr "" -#: src/providers/krb5/krb5_child.c:4012 +#: src/providers/krb5/krb5_child.c:4032 msgid "The user to create FAST ccache as" msgstr "" -#: src/providers/krb5/krb5_child.c:4014 +#: src/providers/krb5/krb5_child.c:4034 msgid "The group to create FAST ccache as" msgstr "" -#: src/providers/krb5/krb5_child.c:4016 +#: src/providers/krb5/krb5_child.c:4036 msgid "Use anonymous PKINIT to request FAST armor ticket" msgstr "" -#: src/providers/krb5/krb5_child.c:4018 +#: src/providers/krb5/krb5_child.c:4038 msgid "Kerberos realm to use" msgstr "" -#: src/providers/krb5/krb5_child.c:4020 +#: src/providers/krb5/krb5_child.c:4040 msgid "Requested lifetime of the ticket" msgstr "" -#: src/providers/krb5/krb5_child.c:4022 +#: src/providers/krb5/krb5_child.c:4042 msgid "Requested renewable lifetime of the ticket" msgstr "" -#: src/providers/krb5/krb5_child.c:4024 +#: src/providers/krb5/krb5_child.c:4044 msgid "FAST options ('never', 'try', 'demand')" msgstr "" -#: src/providers/krb5/krb5_child.c:4027 +#: src/providers/krb5/krb5_child.c:4047 msgid "Specifies the server principal to use for FAST" msgstr "" -#: src/providers/krb5/krb5_child.c:4029 +#: src/providers/krb5/krb5_child.c:4049 msgid "Requests canonicalization of the principal name" msgstr "" -#: src/providers/krb5/krb5_child.c:4031 +#: src/providers/krb5/krb5_child.c:4051 msgid "Use custom version of krb5_get_init_creds_password" msgstr "" -#: src/providers/krb5/krb5_child.c:4033 +#: src/providers/krb5/krb5_child.c:4053 msgid "Tevent chain ID used for logging purposes" msgstr "" -#: src/providers/krb5/krb5_child.c:4035 +#: src/providers/krb5/krb5_child.c:4055 msgid "Check PAC flags" msgstr "" -#: src/providers/krb5/krb5_child.c:4079 src/providers/ldap/ldap_child.c:669 +#: src/providers/krb5/krb5_child.c:4099 src/providers/ldap/ldap_child.c:670 msgid "talloc_asprintf failed.\n" msgstr "" -#: src/providers/krb5/krb5_child.c:4089 src/providers/ldap/ldap_child.c:678 +#: src/providers/krb5/krb5_child.c:4109 src/providers/ldap/ldap_child.c:679 msgid "set_debug_file_from_fd failed.\n" msgstr "" @@ -1985,119 +1989,131 @@ msgstr "" msgid "Permission denied. " msgstr "" -#: src/sss_client/pam_sss.c:70 src/sss_client/pam_sss.c:819 -#: src/sss_client/pam_sss.c:830 +#: src/sss_client/pam_sss.c:70 src/sss_client/pam_sss.c:838 +#: src/sss_client/pam_sss.c:849 msgid "Server message: " msgstr "" #: src/sss_client/pam_sss.c:71 +msgid "" +"Kerberos TGT will not be granted upon login, user experience will be " +"affected." +msgstr "" + +#: src/sss_client/pam_sss.c:72 msgid "Enter PIN:" msgstr "" -#: src/sss_client/pam_sss.c:314 +#: src/sss_client/pam_sss.c:315 msgid "Passwords do not match" msgstr "" -#: src/sss_client/pam_sss.c:502 +#: src/sss_client/pam_sss.c:503 msgid "Password reset by root is not supported." msgstr "" -#: src/sss_client/pam_sss.c:543 +#: src/sss_client/pam_sss.c:544 msgid "Authenticated with cached credentials" msgstr "" -#: src/sss_client/pam_sss.c:544 +#: src/sss_client/pam_sss.c:545 msgid ", your cached password will expire at: " msgstr "" -#: src/sss_client/pam_sss.c:574 +#: src/sss_client/pam_sss.c:575 #, c-format msgid "Your password has expired. You have %1$d grace login(s) remaining." msgstr "" -#: src/sss_client/pam_sss.c:624 +#: src/sss_client/pam_sss.c:625 #, c-format msgid "Your password will expire in %1$d %2$s." msgstr "" -#: src/sss_client/pam_sss.c:627 +#: src/sss_client/pam_sss.c:628 #, c-format msgid "Your password has expired." msgstr "" -#: src/sss_client/pam_sss.c:678 +#: src/sss_client/pam_sss.c:679 msgid "Authentication is denied until: " msgstr "" -#: src/sss_client/pam_sss.c:699 +#: src/sss_client/pam_sss.c:700 msgid "System is offline, password change not possible" msgstr "" -#: src/sss_client/pam_sss.c:714 +#: src/sss_client/pam_sss.c:715 msgid "" "After changing the OTP password, you need to log out and back in order to " "acquire a ticket" msgstr "" -#: src/sss_client/pam_sss.c:729 +#: src/sss_client/pam_sss.c:730 msgid "PIN locked" msgstr "" -#: src/sss_client/pam_sss.c:816 src/sss_client/pam_sss.c:829 +#: src/sss_client/pam_sss.c:745 +msgid "" +"No Kerberos TGT granted as the server does not support this method. Your " +"single-sign on(SSO) experience will be affected." +msgstr "" + +#: src/sss_client/pam_sss.c:835 src/sss_client/pam_sss.c:848 msgid "Password change failed. " msgstr "" -#: src/sss_client/pam_sss.c:1797 +#: src/sss_client/pam_sss.c:1819 #, c-format msgid "Authenticate at %1$s and press ENTER." msgstr "" -#: src/sss_client/pam_sss.c:1800 +#: src/sss_client/pam_sss.c:1822 #, c-format msgid "Authenticate with PIN %1$s at %2$s and press ENTER." msgstr "" -#: src/sss_client/pam_sss.c:2153 +#: src/sss_client/pam_sss.c:2181 msgid "Please (re)insert (different) Smartcard" msgstr "" -#: src/sss_client/pam_sss.c:2352 +#: src/sss_client/pam_sss.c:2380 msgid "New Password: " msgstr "" -#: src/sss_client/pam_sss.c:2353 +#: src/sss_client/pam_sss.c:2381 msgid "Reenter new Password: " msgstr "" -#: src/sss_client/pam_sss.c:2523 src/sss_client/pam_sss.c:2526 +#: src/sss_client/pam_sss.c:2551 src/sss_client/pam_sss.c:2554 msgid "First Factor: " msgstr "" -#: src/sss_client/pam_sss.c:2524 src/sss_client/pam_sss.c:2707 +#: src/sss_client/pam_sss.c:2552 src/sss_client/pam_sss.c:2740 msgid "Second Factor (optional): " msgstr "" -#: src/sss_client/pam_sss.c:2527 src/sss_client/pam_sss.c:2710 +#: src/sss_client/pam_sss.c:2555 src/sss_client/pam_sss.c:2743 msgid "Second Factor: " msgstr "" -#: src/sss_client/pam_sss.c:2547 +#: src/sss_client/pam_sss.c:2575 msgid "Insert your passkey device, then press ENTER." msgstr "" -#: src/sss_client/pam_sss.c:2551 src/sss_client/pam_sss.c:2554 +#: src/sss_client/pam_sss.c:2579 src/sss_client/pam_sss.c:2587 msgid "Password: " msgstr "" -#: src/sss_client/pam_sss.c:2706 src/sss_client/pam_sss.c:2709 +#: src/sss_client/pam_sss.c:2739 src/sss_client/pam_sss.c:2742 msgid "First Factor (Current Password): " msgstr "" -#: src/sss_client/pam_sss.c:2713 +#: src/sss_client/pam_sss.c:2746 msgid "Current Password: " msgstr "" -#: src/sss_client/pam_sss.c:3070 +#: src/sss_client/pam_sss.c:3103 msgid "Password expired. Change your password now." msgstr "" diff --git a/po/nl.po b/po/nl.po index d1505359101..90bf6b57903 100644 --- a/po/nl.po +++ b/po/nl.po @@ -13,7 +13,7 @@ msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" -"POT-Creation-Date: 2023-05-05 10:11+0200\n" +"POT-Creation-Date: 2023-09-07 11:48+0200\n" "PO-Revision-Date: 2014-12-14 11:47-0500\n" "Last-Translator: Copied by Zanata \n" "Language-Team: Dutch (http://www.transifex.com/projects/p/sssd/language/" @@ -623,14 +623,14 @@ msgid "Whether to automatically update the client's DNS entry" msgstr "Of de DNS ingang van de cliënt automatisch vernieuwd moet worden" #: src/config/SSSDConfig/sssdoptions.py:201 -#: src/config/SSSDConfig/sssdoptions.py:233 +#: src/config/SSSDConfig/sssdoptions.py:234 msgid "The TTL to apply to the client's DNS entry after updating it" msgstr "" "De TTL die toegepast moet worden op de DNS ingang van de cliënt na het " "vernieuwen hiervan" #: src/config/SSSDConfig/sssdoptions.py:202 -#: src/config/SSSDConfig/sssdoptions.py:234 +#: src/config/SSSDConfig/sssdoptions.py:235 msgid "The interface whose IP should be used for dynamic DNS updates" msgstr "" "De adapter wiens IP-adres gebruikt moet worden voor het dynamisch bijwerken " @@ -719,38 +719,42 @@ msgid "" "(long term password) must have to be saved as SHA512 hash into the cache." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:228 +#: src/config/SSSDConfig/sssdoptions.py:226 +msgid "Local authentication methods policy " +msgstr "" + +#: src/config/SSSDConfig/sssdoptions.py:229 msgid "IPA domain" msgstr "IPA-domein" -#: src/config/SSSDConfig/sssdoptions.py:229 +#: src/config/SSSDConfig/sssdoptions.py:230 msgid "IPA server address" msgstr "IPA-serveradres" -#: src/config/SSSDConfig/sssdoptions.py:230 +#: src/config/SSSDConfig/sssdoptions.py:231 msgid "Address of backup IPA server" msgstr "Adres van back-up IPA server" -#: src/config/SSSDConfig/sssdoptions.py:231 +#: src/config/SSSDConfig/sssdoptions.py:232 msgid "IPA client hostname" msgstr "IPA-clienthostname" -#: src/config/SSSDConfig/sssdoptions.py:232 +#: src/config/SSSDConfig/sssdoptions.py:233 msgid "Whether to automatically update the client's DNS entry in FreeIPA" msgstr "" "Of de DNS-gegevens van de client automatisch bijgewerkt moeten worden in " "FreeIPA" -#: src/config/SSSDConfig/sssdoptions.py:235 +#: src/config/SSSDConfig/sssdoptions.py:236 msgid "Search base for HBAC related objects" msgstr "Zoek basis voor HBAC gerelateerde objecten" -#: src/config/SSSDConfig/sssdoptions.py:236 +#: src/config/SSSDConfig/sssdoptions.py:237 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server" msgstr "De tijdsduur tussen het opzoeken van HBAC regels voor de IPA server" -#: src/config/SSSDConfig/sssdoptions.py:237 +#: src/config/SSSDConfig/sssdoptions.py:238 msgid "" "The amount of time in seconds between lookups of the SELinux maps against " "the IPA server" @@ -758,528 +762,528 @@ msgstr "" "De tijdsduur in seconden tussen zoekopdrachten in de SELinux mappen voor de " "IPA server" -#: src/config/SSSDConfig/sssdoptions.py:239 +#: src/config/SSSDConfig/sssdoptions.py:240 msgid "If set to false, host argument given by PAM will be ignored" msgstr "" "Als dit op false ingesteld is, wordt het host argument gegeven door PAM " "genegeerd" -#: src/config/SSSDConfig/sssdoptions.py:240 +#: src/config/SSSDConfig/sssdoptions.py:241 msgid "The automounter location this IPA client is using" msgstr "De automounter locatie die door deze IPA client wordt gebruikt" -#: src/config/SSSDConfig/sssdoptions.py:241 +#: src/config/SSSDConfig/sssdoptions.py:242 msgid "Search base for object containing info about IPA domain" msgstr "Zoek in base voor object die info over IPA domein bevat " -#: src/config/SSSDConfig/sssdoptions.py:242 +#: src/config/SSSDConfig/sssdoptions.py:243 msgid "Search base for objects containing info about ID ranges" msgstr "Zoek in base voor objecten die info over ID bereiken bevat" -#: src/config/SSSDConfig/sssdoptions.py:243 -#: src/config/SSSDConfig/sssdoptions.py:299 +#: src/config/SSSDConfig/sssdoptions.py:244 +#: src/config/SSSDConfig/sssdoptions.py:300 msgid "Enable DNS sites - location based service discovery" msgstr "Zet DNS sites aan - locatie gebaseerde service ontdekking" -#: src/config/SSSDConfig/sssdoptions.py:244 +#: src/config/SSSDConfig/sssdoptions.py:245 msgid "Search base for view containers" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:245 +#: src/config/SSSDConfig/sssdoptions.py:246 msgid "Objectclass for view containers" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:246 +#: src/config/SSSDConfig/sssdoptions.py:247 msgid "Attribute with the name of the view" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:247 +#: src/config/SSSDConfig/sssdoptions.py:248 msgid "Objectclass for override objects" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:248 +#: src/config/SSSDConfig/sssdoptions.py:249 msgid "Attribute with the reference to the original object" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:249 +#: src/config/SSSDConfig/sssdoptions.py:250 msgid "Objectclass for user override objects" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:250 +#: src/config/SSSDConfig/sssdoptions.py:251 msgid "Objectclass for group override objects" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:251 +#: src/config/SSSDConfig/sssdoptions.py:252 msgid "Search base for Desktop Profile related objects" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:252 +#: src/config/SSSDConfig/sssdoptions.py:253 msgid "" "The amount of time in seconds between lookups of the Desktop Profile rules " "against the IPA server" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:254 +#: src/config/SSSDConfig/sssdoptions.py:255 msgid "" "The amount of time in minutes between lookups of Desktop Profiles rules " "against the IPA server when the last request did not find any rule" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:257 +#: src/config/SSSDConfig/sssdoptions.py:258 #, fuzzy msgid "Search base for SUBID ranges" msgstr "Zoek basis voor HBAC gerelateerde objecten" -#: src/config/SSSDConfig/sssdoptions.py:258 -#: src/config/SSSDConfig/sssdoptions.py:501 +#: src/config/SSSDConfig/sssdoptions.py:259 +#: src/config/SSSDConfig/sssdoptions.py:502 msgid "Which rules should be used to evaluate access control" msgstr "" "Welke regels moeten gebruikt worden voor de evaluatie van toegangscontrole" -#: src/config/SSSDConfig/sssdoptions.py:259 +#: src/config/SSSDConfig/sssdoptions.py:260 msgid "The LDAP attribute that contains FQDN of the host." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:260 -#: src/config/SSSDConfig/sssdoptions.py:283 +#: src/config/SSSDConfig/sssdoptions.py:261 +#: src/config/SSSDConfig/sssdoptions.py:284 msgid "The object class of a host entry in LDAP." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:261 +#: src/config/SSSDConfig/sssdoptions.py:262 msgid "Use the given string as search base for host objects." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:262 +#: src/config/SSSDConfig/sssdoptions.py:263 msgid "The LDAP attribute that contains the host's SSH public keys." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:263 +#: src/config/SSSDConfig/sssdoptions.py:264 msgid "The LDAP attribute that contains NIS domain name of the netgroup." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:264 +#: src/config/SSSDConfig/sssdoptions.py:265 msgid "The LDAP attribute that contains the names of the netgroup's members." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:265 +#: src/config/SSSDConfig/sssdoptions.py:266 msgid "" "The LDAP attribute that lists FQDNs of hosts and host groups that are " "members of the netgroup." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:267 +#: src/config/SSSDConfig/sssdoptions.py:268 msgid "" "The LDAP attribute that lists hosts and host groups that are direct members " "of the netgroup." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:269 +#: src/config/SSSDConfig/sssdoptions.py:270 msgid "The LDAP attribute that lists netgroup's memberships." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:270 +#: src/config/SSSDConfig/sssdoptions.py:271 msgid "" "The LDAP attribute that lists system users and groups that are direct " "members of the netgroup." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:272 +#: src/config/SSSDConfig/sssdoptions.py:273 msgid "The LDAP attribute that corresponds to the netgroup name." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:273 +#: src/config/SSSDConfig/sssdoptions.py:274 msgid "The object class of a netgroup entry in LDAP." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:274 +#: src/config/SSSDConfig/sssdoptions.py:275 msgid "" "The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:275 +#: src/config/SSSDConfig/sssdoptions.py:276 msgid "" "The LDAP attribute that contains whether or not is user map enabled for " "usage." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:277 +#: src/config/SSSDConfig/sssdoptions.py:278 msgid "The LDAP attribute that contains host category such as 'all'." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:278 +#: src/config/SSSDConfig/sssdoptions.py:279 msgid "" "The LDAP attribute that contains all hosts / hostgroups this rule match " "against." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:280 +#: src/config/SSSDConfig/sssdoptions.py:281 msgid "" "The LDAP attribute that contains all users / groups this rule match against." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:282 +#: src/config/SSSDConfig/sssdoptions.py:283 msgid "The LDAP attribute that contains the name of SELinux usermap." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:284 +#: src/config/SSSDConfig/sssdoptions.py:285 msgid "" "The LDAP attribute that contains DN of HBAC rule which can be used for " "matching instead of memberUser and memberHost." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:286 +#: src/config/SSSDConfig/sssdoptions.py:287 msgid "The LDAP attribute that contains SELinux user string itself." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:287 +#: src/config/SSSDConfig/sssdoptions.py:288 msgid "The LDAP attribute that contains user category such as 'all'." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:288 +#: src/config/SSSDConfig/sssdoptions.py:289 msgid "The LDAP attribute that contains unique ID of the user map." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:289 +#: src/config/SSSDConfig/sssdoptions.py:290 msgid "" "The option denotes that the SSSD is running on IPA server and should perform " "lookups of users and groups from trusted domains differently." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:291 +#: src/config/SSSDConfig/sssdoptions.py:292 msgid "Use the given string as search base for trusted domains." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:294 +#: src/config/SSSDConfig/sssdoptions.py:295 msgid "Active Directory domain" msgstr "Active Directory domein" -#: src/config/SSSDConfig/sssdoptions.py:295 +#: src/config/SSSDConfig/sssdoptions.py:296 msgid "Enabled Active Directory domains" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:296 +#: src/config/SSSDConfig/sssdoptions.py:297 msgid "Active Directory server address" msgstr "Active Directory server adres" -#: src/config/SSSDConfig/sssdoptions.py:297 +#: src/config/SSSDConfig/sssdoptions.py:298 msgid "Active Directory backup server address" msgstr "Active Directory back-up server adres" -#: src/config/SSSDConfig/sssdoptions.py:298 +#: src/config/SSSDConfig/sssdoptions.py:299 msgid "Active Directory client hostname" msgstr "Active Directory cliënt hostnaam" -#: src/config/SSSDConfig/sssdoptions.py:300 -#: src/config/SSSDConfig/sssdoptions.py:499 +#: src/config/SSSDConfig/sssdoptions.py:301 +#: src/config/SSSDConfig/sssdoptions.py:500 msgid "LDAP filter to determine access privileges" msgstr "LDAP-filter om toegangsprivileges mee te bepalen" -#: src/config/SSSDConfig/sssdoptions.py:301 +#: src/config/SSSDConfig/sssdoptions.py:302 msgid "Whether to use the Global Catalog for lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:302 +#: src/config/SSSDConfig/sssdoptions.py:303 msgid "Operation mode for GPO-based access control" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:303 +#: src/config/SSSDConfig/sssdoptions.py:304 msgid "" "The amount of time between lookups of the GPO policy files against the AD " "server" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:304 +#: src/config/SSSDConfig/sssdoptions.py:305 msgid "" "PAM service names that map to the GPO (Deny)InteractiveLogonRight policy " "settings" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:306 +#: src/config/SSSDConfig/sssdoptions.py:307 msgid "" "PAM service names that map to the GPO (Deny)RemoteInteractiveLogonRight " "policy settings" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:308 +#: src/config/SSSDConfig/sssdoptions.py:309 msgid "" "PAM service names that map to the GPO (Deny)NetworkLogonRight policy settings" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:309 +#: src/config/SSSDConfig/sssdoptions.py:310 msgid "" "PAM service names that map to the GPO (Deny)BatchLogonRight policy settings" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:310 +#: src/config/SSSDConfig/sssdoptions.py:311 msgid "" "PAM service names that map to the GPO (Deny)ServiceLogonRight policy settings" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:311 +#: src/config/SSSDConfig/sssdoptions.py:312 msgid "PAM service names for which GPO-based access is always granted" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:312 +#: src/config/SSSDConfig/sssdoptions.py:313 msgid "PAM service names for which GPO-based access is always denied" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:313 +#: src/config/SSSDConfig/sssdoptions.py:314 msgid "" "Default logon right (or permit/deny) to use for unmapped PAM service names" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:314 +#: src/config/SSSDConfig/sssdoptions.py:315 msgid "a particular site to be used by the client" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:315 +#: src/config/SSSDConfig/sssdoptions.py:316 msgid "" "Maximum age in days before the machine account password should be renewed" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:317 +#: src/config/SSSDConfig/sssdoptions.py:318 msgid "Option for tuning the machine account renewal task" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:318 +#: src/config/SSSDConfig/sssdoptions.py:319 msgid "Whether to update the machine account password in the Samba database" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:320 +#: src/config/SSSDConfig/sssdoptions.py:321 msgid "Use LDAPS port for LDAP and Global Catalog requests" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:321 +#: src/config/SSSDConfig/sssdoptions.py:322 msgid "Do not filter domain local groups from other domains" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:324 #: src/config/SSSDConfig/sssdoptions.py:325 +#: src/config/SSSDConfig/sssdoptions.py:326 msgid "Kerberos server address" msgstr "Kerberos-serveradres" -#: src/config/SSSDConfig/sssdoptions.py:326 +#: src/config/SSSDConfig/sssdoptions.py:327 msgid "Kerberos backup server address" msgstr "Kerberos back-up server adres" -#: src/config/SSSDConfig/sssdoptions.py:327 +#: src/config/SSSDConfig/sssdoptions.py:328 msgid "Kerberos realm" msgstr "Kerberos-rijk" -#: src/config/SSSDConfig/sssdoptions.py:328 +#: src/config/SSSDConfig/sssdoptions.py:329 msgid "Authentication timeout" msgstr "Authenticatie timeout" -#: src/config/SSSDConfig/sssdoptions.py:329 +#: src/config/SSSDConfig/sssdoptions.py:330 msgid "Whether to create kdcinfo files" msgstr "Moeten kdcinfo bestanden aangemaakt worden" -#: src/config/SSSDConfig/sssdoptions.py:330 +#: src/config/SSSDConfig/sssdoptions.py:331 msgid "Where to drop krb5 config snippets" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:333 +#: src/config/SSSDConfig/sssdoptions.py:334 msgid "Directory to store credential caches" msgstr "Werkmap waar authenticatiegegevens opgeslagen worden" -#: src/config/SSSDConfig/sssdoptions.py:334 +#: src/config/SSSDConfig/sssdoptions.py:335 msgid "Location of the user's credential cache" msgstr "Locatie van de authenticatiecache van de gebruiker" -#: src/config/SSSDConfig/sssdoptions.py:335 +#: src/config/SSSDConfig/sssdoptions.py:336 msgid "Location of the keytab to validate credentials" msgstr "Locatie van de keytab om authenticatiegegevens te valideren" -#: src/config/SSSDConfig/sssdoptions.py:336 +#: src/config/SSSDConfig/sssdoptions.py:337 msgid "Enable credential validation" msgstr "Schakel authenticatiegegevensvalidatie in" -#: src/config/SSSDConfig/sssdoptions.py:337 +#: src/config/SSSDConfig/sssdoptions.py:338 msgid "Store password if offline for later online authentication" msgstr "" "Sla het wachtwoord op indien offline voor later gebruik bij online " "authenticatie" -#: src/config/SSSDConfig/sssdoptions.py:338 +#: src/config/SSSDConfig/sssdoptions.py:339 msgid "Renewable lifetime of the TGT" msgstr "Vernieuwbare levensduur van de TGT" -#: src/config/SSSDConfig/sssdoptions.py:339 +#: src/config/SSSDConfig/sssdoptions.py:340 msgid "Lifetime of the TGT" msgstr "Levensduur van de TGT" -#: src/config/SSSDConfig/sssdoptions.py:340 +#: src/config/SSSDConfig/sssdoptions.py:341 msgid "Time between two checks for renewal" msgstr "Tijd tussen twee checks voor vernieuwing" -#: src/config/SSSDConfig/sssdoptions.py:341 +#: src/config/SSSDConfig/sssdoptions.py:342 msgid "Enables FAST" msgstr "Zet FAST aan" -#: src/config/SSSDConfig/sssdoptions.py:342 +#: src/config/SSSDConfig/sssdoptions.py:343 msgid "Selects the principal to use for FAST" msgstr "Selecteert de hoofdpersoon te gebruiken voor FAST " -#: src/config/SSSDConfig/sssdoptions.py:343 +#: src/config/SSSDConfig/sssdoptions.py:344 msgid "Use anonymous PKINIT to request FAST credentials" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:344 +#: src/config/SSSDConfig/sssdoptions.py:345 msgid "Enables principal canonicalization" msgstr "Zet hoofdpersoon sanctioneren aan" -#: src/config/SSSDConfig/sssdoptions.py:345 +#: src/config/SSSDConfig/sssdoptions.py:346 msgid "Enables enterprise principals" msgstr "Zet enterprise principals aan" -#: src/config/SSSDConfig/sssdoptions.py:346 +#: src/config/SSSDConfig/sssdoptions.py:347 msgid "Enables using of subdomains realms for authentication" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:347 +#: src/config/SSSDConfig/sssdoptions.py:348 msgid "A mapping from user names to Kerberos principal names" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:350 #: src/config/SSSDConfig/sssdoptions.py:351 +#: src/config/SSSDConfig/sssdoptions.py:352 msgid "Server where the change password service is running if not on the KDC" msgstr "" "Server waar het wachtwoord wijzigingsservice draait indien niet op de KDC" -#: src/config/SSSDConfig/sssdoptions.py:354 +#: src/config/SSSDConfig/sssdoptions.py:355 msgid "ldap_uri, The URI of the LDAP server" msgstr "ldap_uri, de URI van de LDAP server" -#: src/config/SSSDConfig/sssdoptions.py:355 +#: src/config/SSSDConfig/sssdoptions.py:356 msgid "ldap_backup_uri, The URI of the LDAP server" msgstr "ldap_backup_uri, De URI van de LDAP server" -#: src/config/SSSDConfig/sssdoptions.py:356 +#: src/config/SSSDConfig/sssdoptions.py:357 msgid "The default base DN" msgstr "De standaard base DN" -#: src/config/SSSDConfig/sssdoptions.py:357 +#: src/config/SSSDConfig/sssdoptions.py:358 msgid "The Schema Type in use on the LDAP server, rfc2307" msgstr "Het schema type wat gebruikt wordt op de LDAP server, rfc2307" -#: src/config/SSSDConfig/sssdoptions.py:358 +#: src/config/SSSDConfig/sssdoptions.py:359 msgid "Mode used to change user password" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:359 +#: src/config/SSSDConfig/sssdoptions.py:360 msgid "The default bind DN" msgstr "De standaard bind DN" -#: src/config/SSSDConfig/sssdoptions.py:360 +#: src/config/SSSDConfig/sssdoptions.py:361 msgid "The type of the authentication token of the default bind DN" msgstr "Het type authenticatietoken van de standaard bind DN" -#: src/config/SSSDConfig/sssdoptions.py:361 +#: src/config/SSSDConfig/sssdoptions.py:362 msgid "The authentication token of the default bind DN" msgstr "Het authenticatietoken van de standaard bind DN" -#: src/config/SSSDConfig/sssdoptions.py:362 +#: src/config/SSSDConfig/sssdoptions.py:363 msgid "Length of time to attempt connection" msgstr "Hoe lang pogen te verbinden" -#: src/config/SSSDConfig/sssdoptions.py:363 +#: src/config/SSSDConfig/sssdoptions.py:364 msgid "Length of time to attempt synchronous LDAP operations" msgstr "Hoe lang proberen synchroon LDAP te benaderen" -#: src/config/SSSDConfig/sssdoptions.py:364 +#: src/config/SSSDConfig/sssdoptions.py:365 msgid "Length of time between attempts to reconnect while offline" msgstr "" "Duur tussen pogingen om de verbinding opnieuw tot stand te brengen tijdens " "offline zijn" -#: src/config/SSSDConfig/sssdoptions.py:365 +#: src/config/SSSDConfig/sssdoptions.py:366 msgid "Use only the upper case for realm names" msgstr "Gebruik alleen hoofdletters voor gebiedsnamen" -#: src/config/SSSDConfig/sssdoptions.py:366 +#: src/config/SSSDConfig/sssdoptions.py:367 msgid "File that contains CA certificates" msgstr "Bestand dat de bekende CA-certificaten bevat" -#: src/config/SSSDConfig/sssdoptions.py:367 +#: src/config/SSSDConfig/sssdoptions.py:368 msgid "Path to CA certificate directory" msgstr "Pad naar de CA-certificatenmap" -#: src/config/SSSDConfig/sssdoptions.py:368 +#: src/config/SSSDConfig/sssdoptions.py:369 msgid "File that contains the client certificate" msgstr "Bestand dat het client certificaat bevat" -#: src/config/SSSDConfig/sssdoptions.py:369 +#: src/config/SSSDConfig/sssdoptions.py:370 msgid "File that contains the client key" msgstr "Bestand dat de client sleutel bevat" -#: src/config/SSSDConfig/sssdoptions.py:370 +#: src/config/SSSDConfig/sssdoptions.py:371 msgid "List of possible ciphers suites" msgstr "Lijst van mogelijke sleutel suites" -#: src/config/SSSDConfig/sssdoptions.py:371 +#: src/config/SSSDConfig/sssdoptions.py:372 msgid "Require TLS certificate verification" msgstr "Vereis verificatie van het TLS-certificaat" -#: src/config/SSSDConfig/sssdoptions.py:372 +#: src/config/SSSDConfig/sssdoptions.py:373 msgid "Specify the sasl mechanism to use" msgstr "Geef het SASL-mechanisme op wat gebruikt moet worden" -#: src/config/SSSDConfig/sssdoptions.py:373 +#: src/config/SSSDConfig/sssdoptions.py:374 msgid "Specify the sasl authorization id to use" msgstr "Geef het SASL-authorisatie-ID op wat gebruikt moet worden" -#: src/config/SSSDConfig/sssdoptions.py:374 +#: src/config/SSSDConfig/sssdoptions.py:375 msgid "Specify the sasl authorization realm to use" msgstr "Specificeer het te gebruiken sasl autorisatiegebied " -#: src/config/SSSDConfig/sssdoptions.py:375 +#: src/config/SSSDConfig/sssdoptions.py:376 msgid "Specify the minimal SSF for LDAP sasl authorization" msgstr "Specificeer de minimale SSF voor LDAP sasl autorisatie" -#: src/config/SSSDConfig/sssdoptions.py:376 +#: src/config/SSSDConfig/sssdoptions.py:377 msgid "Specify the maximal SSF for LDAP sasl authorization" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:377 +#: src/config/SSSDConfig/sssdoptions.py:378 msgid "Kerberos service keytab" msgstr "Kerberos service keytab" -#: src/config/SSSDConfig/sssdoptions.py:378 +#: src/config/SSSDConfig/sssdoptions.py:379 msgid "Use Kerberos auth for LDAP connection" msgstr "Gebruik Kerberos authenticatie voor LDAP-connectie" -#: src/config/SSSDConfig/sssdoptions.py:379 +#: src/config/SSSDConfig/sssdoptions.py:380 msgid "Follow LDAP referrals" msgstr "Volg LDAP-doorverwijzingen" -#: src/config/SSSDConfig/sssdoptions.py:380 +#: src/config/SSSDConfig/sssdoptions.py:381 msgid "Lifetime of TGT for LDAP connection" msgstr "Levensduur van TGT voor LDAP-connectie" -#: src/config/SSSDConfig/sssdoptions.py:381 +#: src/config/SSSDConfig/sssdoptions.py:382 msgid "How to dereference aliases" msgstr "Hoe moet de alias referentie verwijderd worden" -#: src/config/SSSDConfig/sssdoptions.py:382 +#: src/config/SSSDConfig/sssdoptions.py:383 msgid "Service name for DNS service lookups" msgstr "Service naam voor DNS service opzoeken" -#: src/config/SSSDConfig/sssdoptions.py:383 +#: src/config/SSSDConfig/sssdoptions.py:384 msgid "The number of records to retrieve in a single LDAP query" msgstr "" "Het aantal records dat opgehaald moet worden met een enkele LDAP bevraging" -#: src/config/SSSDConfig/sssdoptions.py:384 +#: src/config/SSSDConfig/sssdoptions.py:385 msgid "The number of members that must be missing to trigger a full deref" msgstr "" "Het aantal leden van moet ontbreken om een volledige de-referentie te " "veroorzaken" -#: src/config/SSSDConfig/sssdoptions.py:385 +#: src/config/SSSDConfig/sssdoptions.py:386 msgid "Ignore unreadable LDAP references" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:386 +#: src/config/SSSDConfig/sssdoptions.py:387 msgid "" "Whether the LDAP library should perform a reverse lookup to canonicalize the " "host name during a SASL bind" @@ -1287,409 +1291,409 @@ msgstr "" "Moet de LDAP bibliotheek omgekeerd opzoeken uitvoeren om de hostnaam te " "autoriseren tijdens een SASL binding" -#: src/config/SSSDConfig/sssdoptions.py:388 +#: src/config/SSSDConfig/sssdoptions.py:389 msgid "" "Allows to retain local users as members of an LDAP group for servers that " "use the RFC2307 schema." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:391 +#: src/config/SSSDConfig/sssdoptions.py:392 msgid "entryUSN attribute" msgstr "entryUSN attribuut" -#: src/config/SSSDConfig/sssdoptions.py:392 +#: src/config/SSSDConfig/sssdoptions.py:393 msgid "lastUSN attribute" msgstr "lastUSN attribuut" -#: src/config/SSSDConfig/sssdoptions.py:394 +#: src/config/SSSDConfig/sssdoptions.py:395 msgid "How long to retain a connection to the LDAP server before disconnecting" msgstr "" "Hoe lang een verbinding met de LDAP server gebouden moet blijven voordat het " "losgekoppeld wordt" -#: src/config/SSSDConfig/sssdoptions.py:397 +#: src/config/SSSDConfig/sssdoptions.py:398 msgid "Disable the LDAP paging control" msgstr "Het LDAP paging besturingselement uitschakelen" -#: src/config/SSSDConfig/sssdoptions.py:398 +#: src/config/SSSDConfig/sssdoptions.py:399 msgid "Disable Active Directory range retrieval" msgstr "Zet Active Directory bereik opvragen uit" -#: src/config/SSSDConfig/sssdoptions.py:401 +#: src/config/SSSDConfig/sssdoptions.py:402 msgid "Length of time to wait for a search request" msgstr "Tijd om te wachten op een zoekopdracht" -#: src/config/SSSDConfig/sssdoptions.py:402 +#: src/config/SSSDConfig/sssdoptions.py:403 msgid "Length of time to wait for a enumeration request" msgstr "Tijdsduur te wachten voor een opsommingsverzoek" -#: src/config/SSSDConfig/sssdoptions.py:403 +#: src/config/SSSDConfig/sssdoptions.py:404 msgid "Length of time between enumeration updates" msgstr "Tijd om te wachten tussen enumeratie-updates" -#: src/config/SSSDConfig/sssdoptions.py:404 +#: src/config/SSSDConfig/sssdoptions.py:405 #, fuzzy msgid "Maximum period deviation between enumeration updates" msgstr "Tijd om te wachten tussen enumeratie-updates" -#: src/config/SSSDConfig/sssdoptions.py:405 +#: src/config/SSSDConfig/sssdoptions.py:406 msgid "Length of time between cache cleanups" msgstr "Tijdsduur tussen cache opschoningen" -#: src/config/SSSDConfig/sssdoptions.py:406 +#: src/config/SSSDConfig/sssdoptions.py:407 #, fuzzy msgid "Maximum time deviation between cache cleanups" msgstr "Tijdsduur tussen cache opschoningen" -#: src/config/SSSDConfig/sssdoptions.py:407 +#: src/config/SSSDConfig/sssdoptions.py:408 msgid "Require TLS for ID lookups" msgstr "Vereis TLS voor het opzoeken van ID's" -#: src/config/SSSDConfig/sssdoptions.py:408 +#: src/config/SSSDConfig/sssdoptions.py:409 msgid "Use ID-mapping of objectSID instead of pre-set IDs" msgstr "Gebruik ID-mapping van objectSID gebruiken in plaats van pre-set ID's" -#: src/config/SSSDConfig/sssdoptions.py:409 +#: src/config/SSSDConfig/sssdoptions.py:410 msgid "Base DN for user lookups" msgstr "Base DN voor het opzoeken van gebruikers" -#: src/config/SSSDConfig/sssdoptions.py:410 +#: src/config/SSSDConfig/sssdoptions.py:411 msgid "Scope of user lookups" msgstr "Scope voor het opzoeken van gebruikers" -#: src/config/SSSDConfig/sssdoptions.py:411 +#: src/config/SSSDConfig/sssdoptions.py:412 msgid "Filter for user lookups" msgstr "Filter voor het opzoeken van gebruikers" -#: src/config/SSSDConfig/sssdoptions.py:412 +#: src/config/SSSDConfig/sssdoptions.py:413 msgid "Objectclass for users" msgstr "Objectclass voor gebruikers" -#: src/config/SSSDConfig/sssdoptions.py:413 +#: src/config/SSSDConfig/sssdoptions.py:414 msgid "Username attribute" msgstr "Username-attribuut" -#: src/config/SSSDConfig/sssdoptions.py:414 +#: src/config/SSSDConfig/sssdoptions.py:415 msgid "UID attribute" msgstr "UID-attribuut" -#: src/config/SSSDConfig/sssdoptions.py:415 +#: src/config/SSSDConfig/sssdoptions.py:416 msgid "Primary GID attribute" msgstr "Primair GID-attribuut" -#: src/config/SSSDConfig/sssdoptions.py:416 +#: src/config/SSSDConfig/sssdoptions.py:417 msgid "GECOS attribute" msgstr "GECOS-attribuut" -#: src/config/SSSDConfig/sssdoptions.py:417 +#: src/config/SSSDConfig/sssdoptions.py:418 msgid "Home directory attribute" msgstr "Gebruikersmap-attribuut" -#: src/config/SSSDConfig/sssdoptions.py:418 +#: src/config/SSSDConfig/sssdoptions.py:419 msgid "Shell attribute" msgstr "Shell-attribuut" -#: src/config/SSSDConfig/sssdoptions.py:419 +#: src/config/SSSDConfig/sssdoptions.py:420 msgid "UUID attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:420 -#: src/config/SSSDConfig/sssdoptions.py:459 +#: src/config/SSSDConfig/sssdoptions.py:421 +#: src/config/SSSDConfig/sssdoptions.py:460 msgid "objectSID attribute" msgstr "objectSID attribuut" -#: src/config/SSSDConfig/sssdoptions.py:421 +#: src/config/SSSDConfig/sssdoptions.py:422 msgid "Active Directory primary group attribute for ID-mapping" msgstr "Active Directory primaire groep attribuut voor ID-mapping" -#: src/config/SSSDConfig/sssdoptions.py:422 +#: src/config/SSSDConfig/sssdoptions.py:423 msgid "User principal attribute (for Kerberos)" msgstr "Userprincipal-attribuut (voor Kerberos)" -#: src/config/SSSDConfig/sssdoptions.py:423 +#: src/config/SSSDConfig/sssdoptions.py:424 msgid "Full Name" msgstr "Volledige naam" -#: src/config/SSSDConfig/sssdoptions.py:424 +#: src/config/SSSDConfig/sssdoptions.py:425 msgid "memberOf attribute" msgstr "memberOf-attribuut" -#: src/config/SSSDConfig/sssdoptions.py:425 +#: src/config/SSSDConfig/sssdoptions.py:426 msgid "Modification time attribute" msgstr "Modification time-attribuut" -#: src/config/SSSDConfig/sssdoptions.py:426 +#: src/config/SSSDConfig/sssdoptions.py:427 msgid "shadowLastChange attribute" msgstr "shadowLastChange attribuut" -#: src/config/SSSDConfig/sssdoptions.py:427 +#: src/config/SSSDConfig/sssdoptions.py:428 msgid "shadowMin attribute" msgstr "shadowMin attribuut" -#: src/config/SSSDConfig/sssdoptions.py:428 +#: src/config/SSSDConfig/sssdoptions.py:429 msgid "shadowMax attribute" msgstr "shadowMax attribuut" -#: src/config/SSSDConfig/sssdoptions.py:429 +#: src/config/SSSDConfig/sssdoptions.py:430 msgid "shadowWarning attribute" msgstr "shadowWarning attribuut" -#: src/config/SSSDConfig/sssdoptions.py:430 +#: src/config/SSSDConfig/sssdoptions.py:431 msgid "shadowInactive attribute" msgstr "shadowInactive attribuut" -#: src/config/SSSDConfig/sssdoptions.py:431 +#: src/config/SSSDConfig/sssdoptions.py:432 msgid "shadowExpire attribute" msgstr "shadowExpire attribuut" -#: src/config/SSSDConfig/sssdoptions.py:432 +#: src/config/SSSDConfig/sssdoptions.py:433 msgid "shadowFlag attribute" msgstr "shadowFlag attribuut" -#: src/config/SSSDConfig/sssdoptions.py:433 +#: src/config/SSSDConfig/sssdoptions.py:434 msgid "Attribute listing authorized PAM services" msgstr "Attribuut voor tonen van geautoriseerde PAM services" -#: src/config/SSSDConfig/sssdoptions.py:434 +#: src/config/SSSDConfig/sssdoptions.py:435 msgid "Attribute listing authorized server hosts" msgstr "Attribuut dat geautoriseerde server hosts toont" -#: src/config/SSSDConfig/sssdoptions.py:435 +#: src/config/SSSDConfig/sssdoptions.py:436 msgid "Attribute listing authorized server rhosts" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:436 +#: src/config/SSSDConfig/sssdoptions.py:437 msgid "krbLastPwdChange attribute" msgstr "krbLastPwdChange attribuut" -#: src/config/SSSDConfig/sssdoptions.py:437 +#: src/config/SSSDConfig/sssdoptions.py:438 msgid "krbPasswordExpiration attribute" msgstr "krbPasswordExpiration attribuut" -#: src/config/SSSDConfig/sssdoptions.py:438 +#: src/config/SSSDConfig/sssdoptions.py:439 msgid "Attribute indicating that server side password policies are active" msgstr "Attribuut welke aangeeft dat wachtwoordtactiek op de server actief is" -#: src/config/SSSDConfig/sssdoptions.py:439 +#: src/config/SSSDConfig/sssdoptions.py:440 msgid "accountExpires attribute of AD" msgstr "accountExpires attribuut van AD" -#: src/config/SSSDConfig/sssdoptions.py:440 +#: src/config/SSSDConfig/sssdoptions.py:441 msgid "userAccountControl attribute of AD" msgstr "userAccountControl attribuut van AD" -#: src/config/SSSDConfig/sssdoptions.py:441 +#: src/config/SSSDConfig/sssdoptions.py:442 msgid "nsAccountLock attribute" msgstr "nsAccountLock attribuut" -#: src/config/SSSDConfig/sssdoptions.py:442 +#: src/config/SSSDConfig/sssdoptions.py:443 msgid "loginDisabled attribute of NDS" msgstr "loginDisabled attribuut van NDS" -#: src/config/SSSDConfig/sssdoptions.py:443 +#: src/config/SSSDConfig/sssdoptions.py:444 msgid "loginExpirationTime attribute of NDS" msgstr "loginExpirationTime attribuut van NDS" -#: src/config/SSSDConfig/sssdoptions.py:444 +#: src/config/SSSDConfig/sssdoptions.py:445 msgid "loginAllowedTimeMap attribute of NDS" msgstr "loginAllowedTimeMap attribuut van NDS" -#: src/config/SSSDConfig/sssdoptions.py:445 +#: src/config/SSSDConfig/sssdoptions.py:446 msgid "SSH public key attribute" msgstr "SSH publieke sleutel attribuut" -#: src/config/SSSDConfig/sssdoptions.py:446 +#: src/config/SSSDConfig/sssdoptions.py:447 msgid "attribute listing allowed authentication types for a user" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:447 +#: src/config/SSSDConfig/sssdoptions.py:448 msgid "attribute containing the X509 certificate of the user" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:448 +#: src/config/SSSDConfig/sssdoptions.py:449 msgid "attribute containing the email address of the user" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:449 +#: src/config/SSSDConfig/sssdoptions.py:450 msgid "attribute containing the passkey mapping data of the user" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:450 +#: src/config/SSSDConfig/sssdoptions.py:451 msgid "A list of extra attributes to download along with the user entry" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:452 +#: src/config/SSSDConfig/sssdoptions.py:453 msgid "Base DN for group lookups" msgstr "Basis DN voor groep opzoeken" -#: src/config/SSSDConfig/sssdoptions.py:453 +#: src/config/SSSDConfig/sssdoptions.py:454 msgid "Objectclass for groups" msgstr "Objectklasse voor groepen" -#: src/config/SSSDConfig/sssdoptions.py:454 +#: src/config/SSSDConfig/sssdoptions.py:455 msgid "Group name" msgstr "Groepsnaam" -#: src/config/SSSDConfig/sssdoptions.py:455 +#: src/config/SSSDConfig/sssdoptions.py:456 msgid "Group password" msgstr "Groep wachtwoord" -#: src/config/SSSDConfig/sssdoptions.py:456 +#: src/config/SSSDConfig/sssdoptions.py:457 msgid "GID attribute" msgstr "GID attribuut" -#: src/config/SSSDConfig/sssdoptions.py:457 +#: src/config/SSSDConfig/sssdoptions.py:458 msgid "Group member attribute" msgstr "Groep deelnemer attribuut" -#: src/config/SSSDConfig/sssdoptions.py:458 +#: src/config/SSSDConfig/sssdoptions.py:459 msgid "Group UUID attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:460 +#: src/config/SSSDConfig/sssdoptions.py:461 msgid "Modification time attribute for groups" msgstr "Verandertijd attribuut voor groepen" -#: src/config/SSSDConfig/sssdoptions.py:461 +#: src/config/SSSDConfig/sssdoptions.py:462 msgid "Type of the group and other flags" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:462 +#: src/config/SSSDConfig/sssdoptions.py:463 msgid "The LDAP group external member attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:463 +#: src/config/SSSDConfig/sssdoptions.py:464 msgid "Maximum nesting level SSSD will follow" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:464 +#: src/config/SSSDConfig/sssdoptions.py:465 msgid "Filter for group lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:465 +#: src/config/SSSDConfig/sssdoptions.py:466 msgid "Scope of group lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:467 +#: src/config/SSSDConfig/sssdoptions.py:468 msgid "Base DN for netgroup lookups" msgstr "Basis DN voor netgroep opzoeken" -#: src/config/SSSDConfig/sssdoptions.py:468 +#: src/config/SSSDConfig/sssdoptions.py:469 msgid "Objectclass for netgroups" msgstr "Objectklasse voor netgroepen" -#: src/config/SSSDConfig/sssdoptions.py:469 +#: src/config/SSSDConfig/sssdoptions.py:470 msgid "Netgroup name" msgstr "Netgroep naam" -#: src/config/SSSDConfig/sssdoptions.py:470 +#: src/config/SSSDConfig/sssdoptions.py:471 msgid "Netgroups members attribute" msgstr "Netgroep leden attribuut" -#: src/config/SSSDConfig/sssdoptions.py:471 +#: src/config/SSSDConfig/sssdoptions.py:472 msgid "Netgroup triple attribute" msgstr "Netgroep triple attibuut" -#: src/config/SSSDConfig/sssdoptions.py:472 +#: src/config/SSSDConfig/sssdoptions.py:473 msgid "Modification time attribute for netgroups" msgstr "Verandertijd attribuut voor netgroepen" -#: src/config/SSSDConfig/sssdoptions.py:474 +#: src/config/SSSDConfig/sssdoptions.py:475 msgid "Base DN for service lookups" msgstr "Basis DN voor service lookups" -#: src/config/SSSDConfig/sssdoptions.py:475 +#: src/config/SSSDConfig/sssdoptions.py:476 msgid "Objectclass for services" msgstr "Objectclass voor services" -#: src/config/SSSDConfig/sssdoptions.py:476 +#: src/config/SSSDConfig/sssdoptions.py:477 msgid "Service name attribute" msgstr "Service naam attribuut" -#: src/config/SSSDConfig/sssdoptions.py:477 +#: src/config/SSSDConfig/sssdoptions.py:478 msgid "Service port attribute" msgstr "Service port attribuut" -#: src/config/SSSDConfig/sssdoptions.py:478 +#: src/config/SSSDConfig/sssdoptions.py:479 msgid "Service protocol attribute" msgstr "Service protocol attribuut" -#: src/config/SSSDConfig/sssdoptions.py:480 +#: src/config/SSSDConfig/sssdoptions.py:481 msgid "Lower bound for ID-mapping" msgstr "Ondergrens voor ID-mapping" -#: src/config/SSSDConfig/sssdoptions.py:481 +#: src/config/SSSDConfig/sssdoptions.py:482 msgid "Upper bound for ID-mapping" msgstr "Bovengrens voor ID-mapping" -#: src/config/SSSDConfig/sssdoptions.py:482 +#: src/config/SSSDConfig/sssdoptions.py:483 msgid "Number of IDs for each slice when ID-mapping" msgstr "Aantal ID's voor elk segment bij ID-mapping" -#: src/config/SSSDConfig/sssdoptions.py:483 +#: src/config/SSSDConfig/sssdoptions.py:484 msgid "Use autorid-compatible algorithm for ID-mapping" msgstr "Gebruik autorid-compatibel algoritme voor ID-mapping" -#: src/config/SSSDConfig/sssdoptions.py:484 +#: src/config/SSSDConfig/sssdoptions.py:485 msgid "Name of the default domain for ID-mapping" msgstr "Naam van het standaard domein voor ID-mapping" -#: src/config/SSSDConfig/sssdoptions.py:485 +#: src/config/SSSDConfig/sssdoptions.py:486 msgid "SID of the default domain for ID-mapping" msgstr "SID van het standaard domein voor ID-mapping" -#: src/config/SSSDConfig/sssdoptions.py:486 +#: src/config/SSSDConfig/sssdoptions.py:487 msgid "Number of secondary slices" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:488 +#: src/config/SSSDConfig/sssdoptions.py:489 msgid "Whether to use Token-Groups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:489 +#: src/config/SSSDConfig/sssdoptions.py:490 msgid "Set lower boundary for allowed IDs from the LDAP server" msgstr "Laagste grens instellen voor toegestane id's van de LDAP-server" -#: src/config/SSSDConfig/sssdoptions.py:490 +#: src/config/SSSDConfig/sssdoptions.py:491 msgid "Set upper boundary for allowed IDs from the LDAP server" msgstr "Hoogste grens instellen voor toegestane id's van de LDAP-server" -#: src/config/SSSDConfig/sssdoptions.py:491 +#: src/config/SSSDConfig/sssdoptions.py:492 msgid "DN for ppolicy queries" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:492 +#: src/config/SSSDConfig/sssdoptions.py:493 msgid "How many maximum entries to fetch during a wildcard request" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:493 +#: src/config/SSSDConfig/sssdoptions.py:494 msgid "Set libldap debug level" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:496 +#: src/config/SSSDConfig/sssdoptions.py:497 msgid "Policy to evaluate the password expiration" msgstr "Policy om wacthwoordverloop mee te evalueren" -#: src/config/SSSDConfig/sssdoptions.py:500 +#: src/config/SSSDConfig/sssdoptions.py:501 msgid "Which attributes shall be used to evaluate if an account is expired" msgstr "" "Welke attributen worden gebruikt voor evaluatie als het account verlopen is" -#: src/config/SSSDConfig/sssdoptions.py:504 +#: src/config/SSSDConfig/sssdoptions.py:505 msgid "URI of an LDAP server where password changes are allowed" msgstr "" "URI van een LDAP server waarop wachtwoord veranderingen toegestaan zijn" -#: src/config/SSSDConfig/sssdoptions.py:505 +#: src/config/SSSDConfig/sssdoptions.py:506 msgid "URI of a backup LDAP server where password changes are allowed" msgstr "" "URI van een back-up LDAP server waar wachtwoord veranderingen toegestaan zijn" -#: src/config/SSSDConfig/sssdoptions.py:506 +#: src/config/SSSDConfig/sssdoptions.py:507 msgid "DNS service name for LDAP password change server" msgstr "DNS service naam voor LDAP wachtwoord verander server" -#: src/config/SSSDConfig/sssdoptions.py:507 +#: src/config/SSSDConfig/sssdoptions.py:508 msgid "" "Whether to update the ldap_user_shadow_last_change attribute after a " "password change" @@ -1697,27 +1701,27 @@ msgstr "" "Moet het ldap_user_shadow_last_change attribuut vernieuwd worden na een " "wachtwoordwijziging" -#: src/config/SSSDConfig/sssdoptions.py:511 +#: src/config/SSSDConfig/sssdoptions.py:512 msgid "Base DN for sudo rules lookups" msgstr "Basis DN voor sudo regels lookups" -#: src/config/SSSDConfig/sssdoptions.py:512 +#: src/config/SSSDConfig/sssdoptions.py:513 msgid "Automatic full refresh period" msgstr "Automatische volledige ververs periode" -#: src/config/SSSDConfig/sssdoptions.py:513 +#: src/config/SSSDConfig/sssdoptions.py:514 msgid "Automatic smart refresh period" msgstr "Automatische slimme ververs periode" -#: src/config/SSSDConfig/sssdoptions.py:514 +#: src/config/SSSDConfig/sssdoptions.py:515 msgid "Smart and full refresh random offset" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:515 +#: src/config/SSSDConfig/sssdoptions.py:516 msgid "Whether to filter rules by hostname, IP addresses and network" msgstr "Moeten regels gefilterd worden volgens hostnaam, IP adres en netwerk" -#: src/config/SSSDConfig/sssdoptions.py:516 +#: src/config/SSSDConfig/sssdoptions.py:517 msgid "" "Hostnames and/or fully qualified domain names of this machine to filter sudo " "rules" @@ -1725,190 +1729,190 @@ msgstr "" "Hostnamen en/of volledig gekwalificeerde domeinnamen van deze machine voor " "het filteren van sudo regels" -#: src/config/SSSDConfig/sssdoptions.py:517 +#: src/config/SSSDConfig/sssdoptions.py:518 msgid "IPv4 or IPv6 addresses or network of this machine to filter sudo rules" msgstr "" "IPv4 of IPv6 adressen of netwerk van deze machine voor het filteren van sudo " "regels" -#: src/config/SSSDConfig/sssdoptions.py:518 +#: src/config/SSSDConfig/sssdoptions.py:519 msgid "Whether to include rules that contains netgroup in host attribute" msgstr "" "Moeten regels toegevoegd worden die netgroep bevatten in host attribuut " -#: src/config/SSSDConfig/sssdoptions.py:519 +#: src/config/SSSDConfig/sssdoptions.py:520 msgid "" "Whether to include rules that contains regular expression in host attribute" msgstr "" "Moeten regels toegevoegd worden die regulaire expressie bevatten in host " "attribuut " -#: src/config/SSSDConfig/sssdoptions.py:520 +#: src/config/SSSDConfig/sssdoptions.py:521 msgid "Object class for sudo rules" msgstr "Objectklasse voor sudo regels" -#: src/config/SSSDConfig/sssdoptions.py:521 +#: src/config/SSSDConfig/sssdoptions.py:522 msgid "Name of attribute that is used as object class for sudo rules" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:522 +#: src/config/SSSDConfig/sssdoptions.py:523 msgid "Sudo rule name" msgstr "Sudo regelnaam" -#: src/config/SSSDConfig/sssdoptions.py:523 +#: src/config/SSSDConfig/sssdoptions.py:524 msgid "Sudo rule command attribute" msgstr "Sudo regel opdracht attribuut" -#: src/config/SSSDConfig/sssdoptions.py:524 +#: src/config/SSSDConfig/sssdoptions.py:525 msgid "Sudo rule host attribute" msgstr "Sudo regel host attribuut" -#: src/config/SSSDConfig/sssdoptions.py:525 +#: src/config/SSSDConfig/sssdoptions.py:526 msgid "Sudo rule user attribute" msgstr "Sudo regel gebruiker attribuut" -#: src/config/SSSDConfig/sssdoptions.py:526 +#: src/config/SSSDConfig/sssdoptions.py:527 msgid "Sudo rule option attribute" msgstr "Sudo regel optie attribuut" -#: src/config/SSSDConfig/sssdoptions.py:527 +#: src/config/SSSDConfig/sssdoptions.py:528 msgid "Sudo rule runas attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:528 +#: src/config/SSSDConfig/sssdoptions.py:529 msgid "Sudo rule runasuser attribute" msgstr "Sudo regel runasuser attribuut" -#: src/config/SSSDConfig/sssdoptions.py:529 +#: src/config/SSSDConfig/sssdoptions.py:530 msgid "Sudo rule runasgroup attribute" msgstr "Sudo regel runasgroup attribuut" -#: src/config/SSSDConfig/sssdoptions.py:530 +#: src/config/SSSDConfig/sssdoptions.py:531 msgid "Sudo rule notbefore attribute" msgstr "Sudo regel notbefore attribuut" -#: src/config/SSSDConfig/sssdoptions.py:531 +#: src/config/SSSDConfig/sssdoptions.py:532 msgid "Sudo rule notafter attribute" msgstr "Sudo regel notafter attribuut" -#: src/config/SSSDConfig/sssdoptions.py:532 +#: src/config/SSSDConfig/sssdoptions.py:533 msgid "Sudo rule order attribute" msgstr "Sudo regel volgorde attribuut" -#: src/config/SSSDConfig/sssdoptions.py:535 +#: src/config/SSSDConfig/sssdoptions.py:536 msgid "Object class for automounter maps" msgstr "Object class voor automounter maps" -#: src/config/SSSDConfig/sssdoptions.py:536 +#: src/config/SSSDConfig/sssdoptions.py:537 msgid "Automounter map name attribute" msgstr "Automounter map naam attribuut" -#: src/config/SSSDConfig/sssdoptions.py:537 +#: src/config/SSSDConfig/sssdoptions.py:538 msgid "Object class for automounter map entries" msgstr "Objectklasse voor automounter map ingaven" -#: src/config/SSSDConfig/sssdoptions.py:538 +#: src/config/SSSDConfig/sssdoptions.py:539 msgid "Automounter map entry key attribute" msgstr "Automounter map sleutel ingave attribuut" -#: src/config/SSSDConfig/sssdoptions.py:539 +#: src/config/SSSDConfig/sssdoptions.py:540 msgid "Automounter map entry value attribute" msgstr "Automounter map ingavewaarde attribuut" -#: src/config/SSSDConfig/sssdoptions.py:540 +#: src/config/SSSDConfig/sssdoptions.py:541 msgid "Base DN for automounter map lookups" msgstr "Basis DN voor automounter kaart opzoeken" -#: src/config/SSSDConfig/sssdoptions.py:541 +#: src/config/SSSDConfig/sssdoptions.py:542 msgid "The name of the automount master map in LDAP." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:544 +#: src/config/SSSDConfig/sssdoptions.py:545 msgid "Base DN for IP hosts lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:545 +#: src/config/SSSDConfig/sssdoptions.py:546 msgid "Object class for IP hosts" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:546 +#: src/config/SSSDConfig/sssdoptions.py:547 msgid "IP host name attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:547 +#: src/config/SSSDConfig/sssdoptions.py:548 msgid "IP host number (address) attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:548 +#: src/config/SSSDConfig/sssdoptions.py:549 msgid "IP host entryUSN attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:549 +#: src/config/SSSDConfig/sssdoptions.py:550 msgid "Base DN for IP networks lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:550 +#: src/config/SSSDConfig/sssdoptions.py:551 msgid "Object class for IP networks" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:551 +#: src/config/SSSDConfig/sssdoptions.py:552 msgid "IP network name attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:552 +#: src/config/SSSDConfig/sssdoptions.py:553 msgid "IP network number (address) attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:553 +#: src/config/SSSDConfig/sssdoptions.py:554 msgid "IP network entryUSN attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:556 +#: src/config/SSSDConfig/sssdoptions.py:557 msgid "Comma separated list of allowed users" msgstr "Kommagescheiden lijst van toegestane gebruikers" -#: src/config/SSSDConfig/sssdoptions.py:557 +#: src/config/SSSDConfig/sssdoptions.py:558 msgid "Comma separated list of prohibited users" msgstr "Kommagescheiden lijst van geweigerde gebruikers" -#: src/config/SSSDConfig/sssdoptions.py:558 +#: src/config/SSSDConfig/sssdoptions.py:559 msgid "" "Comma separated list of groups that are allowed to log in. This applies only " "to groups within this SSSD domain. Local groups are not evaluated." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:560 +#: src/config/SSSDConfig/sssdoptions.py:561 msgid "" "Comma separated list of groups that are explicitly denied access. This " "applies only to groups within this SSSD domain. Local groups are not " "evaluated." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:564 +#: src/config/SSSDConfig/sssdoptions.py:565 msgid "The number of preforked proxy children." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:567 +#: src/config/SSSDConfig/sssdoptions.py:568 msgid "The name of the NSS library to use" msgstr "De naam van de NSS-bibliotheek die gebruikt wordt" -#: src/config/SSSDConfig/sssdoptions.py:568 +#: src/config/SSSDConfig/sssdoptions.py:569 msgid "The name of the NSS library to use for hosts and networks lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:569 +#: src/config/SSSDConfig/sssdoptions.py:570 msgid "Whether to look up canonical group name from cache if possible" msgstr "Moet indien mogelijk canonieke groepsnaam in cache opgezocht worden " -#: src/config/SSSDConfig/sssdoptions.py:572 +#: src/config/SSSDConfig/sssdoptions.py:573 msgid "PAM stack to use" msgstr "PAM-stack die gebruikt wordt" -#: src/config/SSSDConfig/sssdoptions.py:575 +#: src/config/SSSDConfig/sssdoptions.py:576 msgid "Path of passwd file sources." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:576 +#: src/config/SSSDConfig/sssdoptions.py:577 msgid "Path of group file sources." msgstr "" @@ -1957,67 +1961,67 @@ msgstr "" msgid "SSSD is already running\n" msgstr "" -#: src/providers/krb5/krb5_child.c:4007 src/providers/ldap/ldap_child.c:641 +#: src/providers/krb5/krb5_child.c:4027 src/providers/ldap/ldap_child.c:642 msgid "Allow core dumps" msgstr "" -#: src/providers/krb5/krb5_child.c:4009 src/providers/ldap/ldap_child.c:643 +#: src/providers/krb5/krb5_child.c:4029 src/providers/ldap/ldap_child.c:644 msgid "An open file descriptor for the debug logs" msgstr "Een geopend bestand voor de debug logs" -#: src/providers/krb5/krb5_child.c:4012 +#: src/providers/krb5/krb5_child.c:4032 msgid "The user to create FAST ccache as" msgstr "" -#: src/providers/krb5/krb5_child.c:4014 +#: src/providers/krb5/krb5_child.c:4034 msgid "The group to create FAST ccache as" msgstr "" -#: src/providers/krb5/krb5_child.c:4016 +#: src/providers/krb5/krb5_child.c:4036 msgid "Use anonymous PKINIT to request FAST armor ticket" msgstr "" -#: src/providers/krb5/krb5_child.c:4018 +#: src/providers/krb5/krb5_child.c:4038 msgid "Kerberos realm to use" msgstr "" -#: src/providers/krb5/krb5_child.c:4020 +#: src/providers/krb5/krb5_child.c:4040 msgid "Requested lifetime of the ticket" msgstr "" -#: src/providers/krb5/krb5_child.c:4022 +#: src/providers/krb5/krb5_child.c:4042 msgid "Requested renewable lifetime of the ticket" msgstr "" -#: src/providers/krb5/krb5_child.c:4024 +#: src/providers/krb5/krb5_child.c:4044 msgid "FAST options ('never', 'try', 'demand')" msgstr "" -#: src/providers/krb5/krb5_child.c:4027 +#: src/providers/krb5/krb5_child.c:4047 msgid "Specifies the server principal to use for FAST" msgstr "" -#: src/providers/krb5/krb5_child.c:4029 +#: src/providers/krb5/krb5_child.c:4049 msgid "Requests canonicalization of the principal name" msgstr "" -#: src/providers/krb5/krb5_child.c:4031 +#: src/providers/krb5/krb5_child.c:4051 msgid "Use custom version of krb5_get_init_creds_password" msgstr "" -#: src/providers/krb5/krb5_child.c:4033 +#: src/providers/krb5/krb5_child.c:4053 msgid "Tevent chain ID used for logging purposes" msgstr "" -#: src/providers/krb5/krb5_child.c:4035 +#: src/providers/krb5/krb5_child.c:4055 msgid "Check PAC flags" msgstr "" -#: src/providers/krb5/krb5_child.c:4079 src/providers/ldap/ldap_child.c:669 +#: src/providers/krb5/krb5_child.c:4099 src/providers/ldap/ldap_child.c:670 msgid "talloc_asprintf failed.\n" msgstr "" -#: src/providers/krb5/krb5_child.c:4089 src/providers/ldap/ldap_child.c:678 +#: src/providers/krb5/krb5_child.c:4109 src/providers/ldap/ldap_child.c:679 msgid "set_debug_file_from_fd failed.\n" msgstr "" @@ -2062,120 +2066,132 @@ msgstr "Onverwachtte fout bij het opzoeken van een omschrijving" msgid "Permission denied. " msgstr "" -#: src/sss_client/pam_sss.c:70 src/sss_client/pam_sss.c:819 -#: src/sss_client/pam_sss.c:830 +#: src/sss_client/pam_sss.c:70 src/sss_client/pam_sss.c:838 +#: src/sss_client/pam_sss.c:849 msgid "Server message: " msgstr "Serverbericht:" #: src/sss_client/pam_sss.c:71 +msgid "" +"Kerberos TGT will not be granted upon login, user experience will be " +"affected." +msgstr "" + +#: src/sss_client/pam_sss.c:72 msgid "Enter PIN:" msgstr "" -#: src/sss_client/pam_sss.c:314 +#: src/sss_client/pam_sss.c:315 msgid "Passwords do not match" msgstr "Wachtwoorden komen niet overeen" -#: src/sss_client/pam_sss.c:502 +#: src/sss_client/pam_sss.c:503 msgid "Password reset by root is not supported." msgstr "Wachtwoorden als root wijzigen wordt niet ondersteund." -#: src/sss_client/pam_sss.c:543 +#: src/sss_client/pam_sss.c:544 msgid "Authenticated with cached credentials" msgstr "Geauthenticeerd met gecachte inloggegevens." -#: src/sss_client/pam_sss.c:544 +#: src/sss_client/pam_sss.c:545 msgid ", your cached password will expire at: " msgstr ", uw wachtwoord verloopt op:" -#: src/sss_client/pam_sss.c:574 +#: src/sss_client/pam_sss.c:575 #, c-format msgid "Your password has expired. You have %1$d grace login(s) remaining." msgstr "" "Je wachtwoord is verlopen. Je hebt nog slechts %1$d login(s) beschikbaar." -#: src/sss_client/pam_sss.c:624 +#: src/sss_client/pam_sss.c:625 #, c-format msgid "Your password will expire in %1$d %2$s." msgstr "Je wachtwoord zal verlopen in %1$d %2$s." -#: src/sss_client/pam_sss.c:627 +#: src/sss_client/pam_sss.c:628 #, fuzzy, c-format msgid "Your password has expired." msgstr "Je wachtwoord zal verlopen in %1$d %2$s." -#: src/sss_client/pam_sss.c:678 +#: src/sss_client/pam_sss.c:679 msgid "Authentication is denied until: " msgstr "Inloggen wordt geweigerd tot:" -#: src/sss_client/pam_sss.c:699 +#: src/sss_client/pam_sss.c:700 msgid "System is offline, password change not possible" msgstr "Systeem is offline, wachtwoord wijzigen niet mogelijk" -#: src/sss_client/pam_sss.c:714 +#: src/sss_client/pam_sss.c:715 msgid "" "After changing the OTP password, you need to log out and back in order to " "acquire a ticket" msgstr "" -#: src/sss_client/pam_sss.c:729 +#: src/sss_client/pam_sss.c:730 msgid "PIN locked" msgstr "" -#: src/sss_client/pam_sss.c:816 src/sss_client/pam_sss.c:829 +#: src/sss_client/pam_sss.c:745 +msgid "" +"No Kerberos TGT granted as the server does not support this method. Your " +"single-sign on(SSO) experience will be affected." +msgstr "" + +#: src/sss_client/pam_sss.c:835 src/sss_client/pam_sss.c:848 msgid "Password change failed. " msgstr "Wijzigen van wachtwoord mislukt." -#: src/sss_client/pam_sss.c:1797 +#: src/sss_client/pam_sss.c:1819 #, c-format msgid "Authenticate at %1$s and press ENTER." msgstr "" -#: src/sss_client/pam_sss.c:1800 +#: src/sss_client/pam_sss.c:1822 #, c-format msgid "Authenticate with PIN %1$s at %2$s and press ENTER." msgstr "" -#: src/sss_client/pam_sss.c:2153 +#: src/sss_client/pam_sss.c:2181 msgid "Please (re)insert (different) Smartcard" msgstr "" -#: src/sss_client/pam_sss.c:2352 +#: src/sss_client/pam_sss.c:2380 msgid "New Password: " msgstr "Nieuw Wachtwoord: " -#: src/sss_client/pam_sss.c:2353 +#: src/sss_client/pam_sss.c:2381 msgid "Reenter new Password: " msgstr "Voer nieuw wachtwoord nogmaals in: " -#: src/sss_client/pam_sss.c:2523 src/sss_client/pam_sss.c:2526 +#: src/sss_client/pam_sss.c:2551 src/sss_client/pam_sss.c:2554 msgid "First Factor: " msgstr "" -#: src/sss_client/pam_sss.c:2524 src/sss_client/pam_sss.c:2707 +#: src/sss_client/pam_sss.c:2552 src/sss_client/pam_sss.c:2740 msgid "Second Factor (optional): " msgstr "" -#: src/sss_client/pam_sss.c:2527 src/sss_client/pam_sss.c:2710 +#: src/sss_client/pam_sss.c:2555 src/sss_client/pam_sss.c:2743 msgid "Second Factor: " msgstr "" -#: src/sss_client/pam_sss.c:2547 +#: src/sss_client/pam_sss.c:2575 msgid "Insert your passkey device, then press ENTER." msgstr "" -#: src/sss_client/pam_sss.c:2551 src/sss_client/pam_sss.c:2554 +#: src/sss_client/pam_sss.c:2579 src/sss_client/pam_sss.c:2587 msgid "Password: " msgstr "Wachtwoord: " -#: src/sss_client/pam_sss.c:2706 src/sss_client/pam_sss.c:2709 +#: src/sss_client/pam_sss.c:2739 src/sss_client/pam_sss.c:2742 msgid "First Factor (Current Password): " msgstr "" -#: src/sss_client/pam_sss.c:2713 +#: src/sss_client/pam_sss.c:2746 msgid "Current Password: " msgstr "Huidig wachtwoord:" -#: src/sss_client/pam_sss.c:3070 +#: src/sss_client/pam_sss.c:3103 msgid "Password expired. Change your password now." msgstr "Wachtwoord verlopen. Verander nu uw wachtwoord." diff --git a/po/pl.po b/po/pl.po index ba4f05329d3..56c444cf466 100644 --- a/po/pl.po +++ b/po/pl.po @@ -15,7 +15,7 @@ msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" -"POT-Creation-Date: 2023-05-05 10:11+0200\n" +"POT-Creation-Date: 2023-09-07 11:48+0200\n" "PO-Revision-Date: 2023-06-05 13:20+0000\n" "Last-Translator: Piotr Drąg \n" "Language-Team: Polish , musi być rootem\n" msgid "SSSD is already running\n" msgstr "Usługa SSSD jest już uruchomiona\n" -#: src/providers/krb5/krb5_child.c:4007 src/providers/ldap/ldap_child.c:641 +#: src/providers/krb5/krb5_child.c:4027 src/providers/ldap/ldap_child.c:642 msgid "Allow core dumps" msgstr "Zezwala na zrzuty core" -#: src/providers/krb5/krb5_child.c:4009 src/providers/ldap/ldap_child.c:643 +#: src/providers/krb5/krb5_child.c:4029 src/providers/ldap/ldap_child.c:644 msgid "An open file descriptor for the debug logs" msgstr "Otwiera deskryptor pliku dla dzienników debugowania" -#: src/providers/krb5/krb5_child.c:4012 +#: src/providers/krb5/krb5_child.c:4032 msgid "The user to create FAST ccache as" msgstr "Użytkownik, jako który utworzyć ccache FAST" -#: src/providers/krb5/krb5_child.c:4014 +#: src/providers/krb5/krb5_child.c:4034 msgid "The group to create FAST ccache as" msgstr "Grupa, jako którą utworzyć ccache FAST" -#: src/providers/krb5/krb5_child.c:4016 +#: src/providers/krb5/krb5_child.c:4036 msgid "Use anonymous PKINIT to request FAST armor ticket" msgstr "Używa anonimowego PKINIT do żądania opakowanego biletu FAST" -#: src/providers/krb5/krb5_child.c:4018 +#: src/providers/krb5/krb5_child.c:4038 msgid "Kerberos realm to use" msgstr "Używany obszar Kerberosa" -#: src/providers/krb5/krb5_child.c:4020 +#: src/providers/krb5/krb5_child.c:4040 msgid "Requested lifetime of the ticket" msgstr "Żądany czas trwania biletu" -#: src/providers/krb5/krb5_child.c:4022 +#: src/providers/krb5/krb5_child.c:4042 msgid "Requested renewable lifetime of the ticket" msgstr "Żądany odnawialny czas trwania biletu" -#: src/providers/krb5/krb5_child.c:4024 +#: src/providers/krb5/krb5_child.c:4044 msgid "FAST options ('never', 'try', 'demand')" msgstr "Opcje FAST („never”, „try”, „demand”)" -#: src/providers/krb5/krb5_child.c:4027 +#: src/providers/krb5/krb5_child.c:4047 msgid "Specifies the server principal to use for FAST" msgstr "Podaje naczelnika serwera używanego dla FAST" -#: src/providers/krb5/krb5_child.c:4029 +#: src/providers/krb5/krb5_child.c:4049 msgid "Requests canonicalization of the principal name" msgstr "Żąda ujednolicenie nazwy naczelnika" -#: src/providers/krb5/krb5_child.c:4031 +#: src/providers/krb5/krb5_child.c:4051 msgid "Use custom version of krb5_get_init_creds_password" msgstr "Użycie niestandardowej wersji krb5_get_init_creds_password" -#: src/providers/krb5/krb5_child.c:4033 +#: src/providers/krb5/krb5_child.c:4053 msgid "Tevent chain ID used for logging purposes" msgstr "Identyfikator łańcucha tevent używany do celów zapisywania w dzienniku" -#: src/providers/krb5/krb5_child.c:4035 +#: src/providers/krb5/krb5_child.c:4055 msgid "Check PAC flags" msgstr "Sprawdza flagi PAC" -#: src/providers/krb5/krb5_child.c:4079 src/providers/ldap/ldap_child.c:669 +#: src/providers/krb5/krb5_child.c:4099 src/providers/ldap/ldap_child.c:670 msgid "talloc_asprintf failed.\n" msgstr "talloc_asprintf się nie powiodło.\n" -#: src/providers/krb5/krb5_child.c:4089 src/providers/ldap/ldap_child.c:678 +#: src/providers/krb5/krb5_child.c:4109 src/providers/ldap/ldap_child.c:679 msgid "set_debug_file_from_fd failed.\n" msgstr "set_debug_file_from_fd się nie powiodło.\n" @@ -2150,55 +2154,61 @@ msgstr "Nieoczekiwany błąd podczas wyszukiwania opisu błędu" msgid "Permission denied. " msgstr "Odmowa uprawnienia. " -#: src/sss_client/pam_sss.c:70 src/sss_client/pam_sss.c:819 -#: src/sss_client/pam_sss.c:830 +#: src/sss_client/pam_sss.c:70 src/sss_client/pam_sss.c:838 +#: src/sss_client/pam_sss.c:849 msgid "Server message: " msgstr "Komunikat serwera: " #: src/sss_client/pam_sss.c:71 +msgid "" +"Kerberos TGT will not be granted upon login, user experience will be " +"affected." +msgstr "" + +#: src/sss_client/pam_sss.c:72 msgid "Enter PIN:" msgstr "Proszę podać kod PIN:" -#: src/sss_client/pam_sss.c:314 +#: src/sss_client/pam_sss.c:315 msgid "Passwords do not match" msgstr "Hasła się nie zgadzają" -#: src/sss_client/pam_sss.c:502 +#: src/sss_client/pam_sss.c:503 msgid "Password reset by root is not supported." msgstr "Przywrócenie hasła przez użytkownika root nie jest obsługiwane." -#: src/sss_client/pam_sss.c:543 +#: src/sss_client/pam_sss.c:544 msgid "Authenticated with cached credentials" msgstr "Uwierzytelniono za pomocą danych z pamięci podręcznej" -#: src/sss_client/pam_sss.c:544 +#: src/sss_client/pam_sss.c:545 msgid ", your cached password will expire at: " msgstr ", hasło w pamięci podręcznej wygaśnie za: " -#: src/sss_client/pam_sss.c:574 +#: src/sss_client/pam_sss.c:575 #, c-format msgid "Your password has expired. You have %1$d grace login(s) remaining." msgstr "Hasło wygasło. Pozostało %1$d możliwych logowań." -#: src/sss_client/pam_sss.c:624 +#: src/sss_client/pam_sss.c:625 #, c-format msgid "Your password will expire in %1$d %2$s." msgstr "Hasło wygaśnie za %1$d %2$s." -#: src/sss_client/pam_sss.c:627 +#: src/sss_client/pam_sss.c:628 #, c-format msgid "Your password has expired." msgstr "Hasło wygasło." -#: src/sss_client/pam_sss.c:678 +#: src/sss_client/pam_sss.c:679 msgid "Authentication is denied until: " msgstr "Uwierzytelnianie jest zabronione do: " -#: src/sss_client/pam_sss.c:699 +#: src/sss_client/pam_sss.c:700 msgid "System is offline, password change not possible" msgstr "System jest w trybie offline, zmiana hasła nie jest możliwa" -#: src/sss_client/pam_sss.c:714 +#: src/sss_client/pam_sss.c:715 msgid "" "After changing the OTP password, you need to log out and back in order to " "acquire a ticket" @@ -2206,68 +2216,74 @@ msgstr "" "Po zmianie hasła OTP należy się wylogować i zalogować ponownie, aby uzyskać " "bilet" -#: src/sss_client/pam_sss.c:729 +#: src/sss_client/pam_sss.c:730 msgid "PIN locked" msgstr "Zablokowano kod PIN" -#: src/sss_client/pam_sss.c:816 src/sss_client/pam_sss.c:829 +#: src/sss_client/pam_sss.c:745 +msgid "" +"No Kerberos TGT granted as the server does not support this method. Your " +"single-sign on(SSO) experience will be affected." +msgstr "" + +#: src/sss_client/pam_sss.c:835 src/sss_client/pam_sss.c:848 msgid "Password change failed. " msgstr "Zmiana hasła się nie powiodła. " -#: src/sss_client/pam_sss.c:1797 +#: src/sss_client/pam_sss.c:1819 #, c-format msgid "Authenticate at %1$s and press ENTER." msgstr "Proszę uwierzytelnić pod adresem %1$s i nacisnąć klawisz Enter." -#: src/sss_client/pam_sss.c:1800 +#: src/sss_client/pam_sss.c:1822 #, c-format msgid "Authenticate with PIN %1$s at %2$s and press ENTER." msgstr "" "Proszę uwierzytelnić za pomocą kodu PIN %1$s pod adresem %2$s i nacisnąć " "klawisz Enter." -#: src/sss_client/pam_sss.c:2153 +#: src/sss_client/pam_sss.c:2181 msgid "Please (re)insert (different) Smartcard" msgstr "Proszę (ponownie) włożyć (inną) kartę smartcard" -#: src/sss_client/pam_sss.c:2352 +#: src/sss_client/pam_sss.c:2380 msgid "New Password: " msgstr "Nowe hasło: " -#: src/sss_client/pam_sss.c:2353 +#: src/sss_client/pam_sss.c:2381 msgid "Reenter new Password: " msgstr "Proszę ponownie podać nowe hasło: " -#: src/sss_client/pam_sss.c:2523 src/sss_client/pam_sss.c:2526 +#: src/sss_client/pam_sss.c:2551 src/sss_client/pam_sss.c:2554 msgid "First Factor: " msgstr "Pierwszy czynnik: " -#: src/sss_client/pam_sss.c:2524 src/sss_client/pam_sss.c:2707 +#: src/sss_client/pam_sss.c:2552 src/sss_client/pam_sss.c:2740 msgid "Second Factor (optional): " msgstr "Drugi czynnik (opcjonalnie): " -#: src/sss_client/pam_sss.c:2527 src/sss_client/pam_sss.c:2710 +#: src/sss_client/pam_sss.c:2555 src/sss_client/pam_sss.c:2743 msgid "Second Factor: " msgstr "Drugi czynnik: " -#: src/sss_client/pam_sss.c:2547 +#: src/sss_client/pam_sss.c:2575 msgid "Insert your passkey device, then press ENTER." msgstr "" "Proszę włożyć urządzenie hasła-klucza, a następnie nacisnąć klawisz Enter." -#: src/sss_client/pam_sss.c:2551 src/sss_client/pam_sss.c:2554 +#: src/sss_client/pam_sss.c:2579 src/sss_client/pam_sss.c:2587 msgid "Password: " msgstr "Hasło: " -#: src/sss_client/pam_sss.c:2706 src/sss_client/pam_sss.c:2709 +#: src/sss_client/pam_sss.c:2739 src/sss_client/pam_sss.c:2742 msgid "First Factor (Current Password): " msgstr "Pierwszy czynnik (obecne hasło): " -#: src/sss_client/pam_sss.c:2713 +#: src/sss_client/pam_sss.c:2746 msgid "Current Password: " msgstr "Bieżące hasło: " -#: src/sss_client/pam_sss.c:3070 +#: src/sss_client/pam_sss.c:3103 msgid "Password expired. Change your password now." msgstr "Hasło wygasło. Proszę je zmienić teraz." diff --git a/po/pt.po b/po/pt.po index ac622595797..bf9e8fe73d6 100644 --- a/po/pt.po +++ b/po/pt.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" -"POT-Creation-Date: 2023-05-05 10:11+0200\n" +"POT-Creation-Date: 2023-09-07 11:48+0200\n" "PO-Revision-Date: 2014-12-14 11:47-0500\n" "Last-Translator: Copied by Zanata \n" "Language-Team: Portuguese (http://www.transifex.com/projects/p/sssd/language/" @@ -598,12 +598,12 @@ msgid "Whether to automatically update the client's DNS entry" msgstr "" #: src/config/SSSDConfig/sssdoptions.py:201 -#: src/config/SSSDConfig/sssdoptions.py:233 +#: src/config/SSSDConfig/sssdoptions.py:234 msgid "The TTL to apply to the client's DNS entry after updating it" msgstr "" #: src/config/SSSDConfig/sssdoptions.py:202 -#: src/config/SSSDConfig/sssdoptions.py:234 +#: src/config/SSSDConfig/sssdoptions.py:235 msgid "The interface whose IP should be used for dynamic DNS updates" msgstr "" @@ -687,1165 +687,1169 @@ msgid "" "(long term password) must have to be saved as SHA512 hash into the cache." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:228 +#: src/config/SSSDConfig/sssdoptions.py:226 +msgid "Local authentication methods policy " +msgstr "" + +#: src/config/SSSDConfig/sssdoptions.py:229 msgid "IPA domain" msgstr "Domínio IPA" -#: src/config/SSSDConfig/sssdoptions.py:229 +#: src/config/SSSDConfig/sssdoptions.py:230 msgid "IPA server address" msgstr "Endereço do servidor IPA" -#: src/config/SSSDConfig/sssdoptions.py:230 +#: src/config/SSSDConfig/sssdoptions.py:231 msgid "Address of backup IPA server" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:231 +#: src/config/SSSDConfig/sssdoptions.py:232 msgid "IPA client hostname" msgstr "Nome da máquina do cliente IPA" -#: src/config/SSSDConfig/sssdoptions.py:232 +#: src/config/SSSDConfig/sssdoptions.py:233 msgid "Whether to automatically update the client's DNS entry in FreeIPA" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:235 +#: src/config/SSSDConfig/sssdoptions.py:236 msgid "Search base for HBAC related objects" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:236 +#: src/config/SSSDConfig/sssdoptions.py:237 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:237 +#: src/config/SSSDConfig/sssdoptions.py:238 msgid "" "The amount of time in seconds between lookups of the SELinux maps against " "the IPA server" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:239 +#: src/config/SSSDConfig/sssdoptions.py:240 msgid "If set to false, host argument given by PAM will be ignored" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:240 +#: src/config/SSSDConfig/sssdoptions.py:241 msgid "The automounter location this IPA client is using" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:241 +#: src/config/SSSDConfig/sssdoptions.py:242 msgid "Search base for object containing info about IPA domain" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:242 +#: src/config/SSSDConfig/sssdoptions.py:243 msgid "Search base for objects containing info about ID ranges" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:243 -#: src/config/SSSDConfig/sssdoptions.py:299 +#: src/config/SSSDConfig/sssdoptions.py:244 +#: src/config/SSSDConfig/sssdoptions.py:300 msgid "Enable DNS sites - location based service discovery" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:244 +#: src/config/SSSDConfig/sssdoptions.py:245 msgid "Search base for view containers" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:245 +#: src/config/SSSDConfig/sssdoptions.py:246 msgid "Objectclass for view containers" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:246 +#: src/config/SSSDConfig/sssdoptions.py:247 msgid "Attribute with the name of the view" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:247 +#: src/config/SSSDConfig/sssdoptions.py:248 msgid "Objectclass for override objects" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:248 +#: src/config/SSSDConfig/sssdoptions.py:249 msgid "Attribute with the reference to the original object" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:249 +#: src/config/SSSDConfig/sssdoptions.py:250 msgid "Objectclass for user override objects" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:250 +#: src/config/SSSDConfig/sssdoptions.py:251 msgid "Objectclass for group override objects" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:251 +#: src/config/SSSDConfig/sssdoptions.py:252 msgid "Search base for Desktop Profile related objects" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:252 +#: src/config/SSSDConfig/sssdoptions.py:253 msgid "" "The amount of time in seconds between lookups of the Desktop Profile rules " "against the IPA server" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:254 +#: src/config/SSSDConfig/sssdoptions.py:255 msgid "" "The amount of time in minutes between lookups of Desktop Profiles rules " "against the IPA server when the last request did not find any rule" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:257 +#: src/config/SSSDConfig/sssdoptions.py:258 msgid "Search base for SUBID ranges" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:258 -#: src/config/SSSDConfig/sssdoptions.py:501 +#: src/config/SSSDConfig/sssdoptions.py:259 +#: src/config/SSSDConfig/sssdoptions.py:502 msgid "Which rules should be used to evaluate access control" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:259 +#: src/config/SSSDConfig/sssdoptions.py:260 msgid "The LDAP attribute that contains FQDN of the host." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:260 -#: src/config/SSSDConfig/sssdoptions.py:283 +#: src/config/SSSDConfig/sssdoptions.py:261 +#: src/config/SSSDConfig/sssdoptions.py:284 msgid "The object class of a host entry in LDAP." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:261 +#: src/config/SSSDConfig/sssdoptions.py:262 msgid "Use the given string as search base for host objects." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:262 +#: src/config/SSSDConfig/sssdoptions.py:263 msgid "The LDAP attribute that contains the host's SSH public keys." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:263 +#: src/config/SSSDConfig/sssdoptions.py:264 msgid "The LDAP attribute that contains NIS domain name of the netgroup." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:264 +#: src/config/SSSDConfig/sssdoptions.py:265 msgid "The LDAP attribute that contains the names of the netgroup's members." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:265 +#: src/config/SSSDConfig/sssdoptions.py:266 msgid "" "The LDAP attribute that lists FQDNs of hosts and host groups that are " "members of the netgroup." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:267 +#: src/config/SSSDConfig/sssdoptions.py:268 msgid "" "The LDAP attribute that lists hosts and host groups that are direct members " "of the netgroup." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:269 +#: src/config/SSSDConfig/sssdoptions.py:270 msgid "The LDAP attribute that lists netgroup's memberships." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:270 +#: src/config/SSSDConfig/sssdoptions.py:271 msgid "" "The LDAP attribute that lists system users and groups that are direct " "members of the netgroup." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:272 +#: src/config/SSSDConfig/sssdoptions.py:273 msgid "The LDAP attribute that corresponds to the netgroup name." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:273 +#: src/config/SSSDConfig/sssdoptions.py:274 msgid "The object class of a netgroup entry in LDAP." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:274 +#: src/config/SSSDConfig/sssdoptions.py:275 msgid "" "The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:275 +#: src/config/SSSDConfig/sssdoptions.py:276 msgid "" "The LDAP attribute that contains whether or not is user map enabled for " "usage." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:277 +#: src/config/SSSDConfig/sssdoptions.py:278 msgid "The LDAP attribute that contains host category such as 'all'." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:278 +#: src/config/SSSDConfig/sssdoptions.py:279 msgid "" "The LDAP attribute that contains all hosts / hostgroups this rule match " "against." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:280 +#: src/config/SSSDConfig/sssdoptions.py:281 msgid "" "The LDAP attribute that contains all users / groups this rule match against." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:282 +#: src/config/SSSDConfig/sssdoptions.py:283 msgid "The LDAP attribute that contains the name of SELinux usermap." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:284 +#: src/config/SSSDConfig/sssdoptions.py:285 msgid "" "The LDAP attribute that contains DN of HBAC rule which can be used for " "matching instead of memberUser and memberHost." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:286 +#: src/config/SSSDConfig/sssdoptions.py:287 msgid "The LDAP attribute that contains SELinux user string itself." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:287 +#: src/config/SSSDConfig/sssdoptions.py:288 msgid "The LDAP attribute that contains user category such as 'all'." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:288 +#: src/config/SSSDConfig/sssdoptions.py:289 msgid "The LDAP attribute that contains unique ID of the user map." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:289 +#: src/config/SSSDConfig/sssdoptions.py:290 msgid "" "The option denotes that the SSSD is running on IPA server and should perform " "lookups of users and groups from trusted domains differently." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:291 +#: src/config/SSSDConfig/sssdoptions.py:292 msgid "Use the given string as search base for trusted domains." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:294 +#: src/config/SSSDConfig/sssdoptions.py:295 msgid "Active Directory domain" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:295 +#: src/config/SSSDConfig/sssdoptions.py:296 msgid "Enabled Active Directory domains" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:296 +#: src/config/SSSDConfig/sssdoptions.py:297 msgid "Active Directory server address" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:297 +#: src/config/SSSDConfig/sssdoptions.py:298 msgid "Active Directory backup server address" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:298 +#: src/config/SSSDConfig/sssdoptions.py:299 msgid "Active Directory client hostname" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:300 -#: src/config/SSSDConfig/sssdoptions.py:499 +#: src/config/SSSDConfig/sssdoptions.py:301 +#: src/config/SSSDConfig/sssdoptions.py:500 msgid "LDAP filter to determine access privileges" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:301 +#: src/config/SSSDConfig/sssdoptions.py:302 msgid "Whether to use the Global Catalog for lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:302 +#: src/config/SSSDConfig/sssdoptions.py:303 msgid "Operation mode for GPO-based access control" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:303 +#: src/config/SSSDConfig/sssdoptions.py:304 msgid "" "The amount of time between lookups of the GPO policy files against the AD " "server" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:304 +#: src/config/SSSDConfig/sssdoptions.py:305 msgid "" "PAM service names that map to the GPO (Deny)InteractiveLogonRight policy " "settings" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:306 +#: src/config/SSSDConfig/sssdoptions.py:307 msgid "" "PAM service names that map to the GPO (Deny)RemoteInteractiveLogonRight " "policy settings" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:308 +#: src/config/SSSDConfig/sssdoptions.py:309 msgid "" "PAM service names that map to the GPO (Deny)NetworkLogonRight policy settings" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:309 +#: src/config/SSSDConfig/sssdoptions.py:310 msgid "" "PAM service names that map to the GPO (Deny)BatchLogonRight policy settings" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:310 +#: src/config/SSSDConfig/sssdoptions.py:311 msgid "" "PAM service names that map to the GPO (Deny)ServiceLogonRight policy settings" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:311 +#: src/config/SSSDConfig/sssdoptions.py:312 msgid "PAM service names for which GPO-based access is always granted" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:312 +#: src/config/SSSDConfig/sssdoptions.py:313 msgid "PAM service names for which GPO-based access is always denied" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:313 +#: src/config/SSSDConfig/sssdoptions.py:314 msgid "" "Default logon right (or permit/deny) to use for unmapped PAM service names" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:314 +#: src/config/SSSDConfig/sssdoptions.py:315 msgid "a particular site to be used by the client" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:315 +#: src/config/SSSDConfig/sssdoptions.py:316 msgid "" "Maximum age in days before the machine account password should be renewed" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:317 +#: src/config/SSSDConfig/sssdoptions.py:318 msgid "Option for tuning the machine account renewal task" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:318 +#: src/config/SSSDConfig/sssdoptions.py:319 msgid "Whether to update the machine account password in the Samba database" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:320 +#: src/config/SSSDConfig/sssdoptions.py:321 msgid "Use LDAPS port for LDAP and Global Catalog requests" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:321 +#: src/config/SSSDConfig/sssdoptions.py:322 msgid "Do not filter domain local groups from other domains" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:324 #: src/config/SSSDConfig/sssdoptions.py:325 +#: src/config/SSSDConfig/sssdoptions.py:326 msgid "Kerberos server address" msgstr "Endereço do servidor Kerberos" -#: src/config/SSSDConfig/sssdoptions.py:326 +#: src/config/SSSDConfig/sssdoptions.py:327 msgid "Kerberos backup server address" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:327 +#: src/config/SSSDConfig/sssdoptions.py:328 msgid "Kerberos realm" msgstr "Reino Kerberos" -#: src/config/SSSDConfig/sssdoptions.py:328 +#: src/config/SSSDConfig/sssdoptions.py:329 msgid "Authentication timeout" msgstr "Tempo de expiração da autenticação" -#: src/config/SSSDConfig/sssdoptions.py:329 +#: src/config/SSSDConfig/sssdoptions.py:330 msgid "Whether to create kdcinfo files" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:330 +#: src/config/SSSDConfig/sssdoptions.py:331 msgid "Where to drop krb5 config snippets" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:333 +#: src/config/SSSDConfig/sssdoptions.py:334 msgid "Directory to store credential caches" msgstr "Directório para armazenar as caches de credenciais" -#: src/config/SSSDConfig/sssdoptions.py:334 +#: src/config/SSSDConfig/sssdoptions.py:335 msgid "Location of the user's credential cache" msgstr "Localização da cache de credenciais dos utilizadores" -#: src/config/SSSDConfig/sssdoptions.py:335 +#: src/config/SSSDConfig/sssdoptions.py:336 msgid "Location of the keytab to validate credentials" msgstr "Localização da tabela de chaves (keytab) para validar credenciais" -#: src/config/SSSDConfig/sssdoptions.py:336 +#: src/config/SSSDConfig/sssdoptions.py:337 msgid "Enable credential validation" msgstr "Activar validação de credenciais" -#: src/config/SSSDConfig/sssdoptions.py:337 +#: src/config/SSSDConfig/sssdoptions.py:338 msgid "Store password if offline for later online authentication" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:338 +#: src/config/SSSDConfig/sssdoptions.py:339 msgid "Renewable lifetime of the TGT" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:339 +#: src/config/SSSDConfig/sssdoptions.py:340 msgid "Lifetime of the TGT" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:340 +#: src/config/SSSDConfig/sssdoptions.py:341 msgid "Time between two checks for renewal" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:341 +#: src/config/SSSDConfig/sssdoptions.py:342 msgid "Enables FAST" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:342 +#: src/config/SSSDConfig/sssdoptions.py:343 msgid "Selects the principal to use for FAST" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:343 +#: src/config/SSSDConfig/sssdoptions.py:344 msgid "Use anonymous PKINIT to request FAST credentials" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:344 +#: src/config/SSSDConfig/sssdoptions.py:345 msgid "Enables principal canonicalization" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:345 +#: src/config/SSSDConfig/sssdoptions.py:346 msgid "Enables enterprise principals" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:346 +#: src/config/SSSDConfig/sssdoptions.py:347 msgid "Enables using of subdomains realms for authentication" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:347 +#: src/config/SSSDConfig/sssdoptions.py:348 msgid "A mapping from user names to Kerberos principal names" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:350 #: src/config/SSSDConfig/sssdoptions.py:351 +#: src/config/SSSDConfig/sssdoptions.py:352 msgid "Server where the change password service is running if not on the KDC" msgstr "" "Servidor onde está em execução o serviço de alteração de senha, se não " "coincide com o KDC" -#: src/config/SSSDConfig/sssdoptions.py:354 +#: src/config/SSSDConfig/sssdoptions.py:355 msgid "ldap_uri, The URI of the LDAP server" msgstr "ldap_uri, O URI do servidor LDAP" -#: src/config/SSSDConfig/sssdoptions.py:355 +#: src/config/SSSDConfig/sssdoptions.py:356 msgid "ldap_backup_uri, The URI of the LDAP server" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:356 +#: src/config/SSSDConfig/sssdoptions.py:357 msgid "The default base DN" msgstr "A base DN por omissão" -#: src/config/SSSDConfig/sssdoptions.py:357 +#: src/config/SSSDConfig/sssdoptions.py:358 msgid "The Schema Type in use on the LDAP server, rfc2307" msgstr "O tipo de Schema em utilização no servidor LDAP, rfc2307" -#: src/config/SSSDConfig/sssdoptions.py:358 +#: src/config/SSSDConfig/sssdoptions.py:359 msgid "Mode used to change user password" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:359 +#: src/config/SSSDConfig/sssdoptions.py:360 msgid "The default bind DN" msgstr "O DN por omissão para a ligação" -#: src/config/SSSDConfig/sssdoptions.py:360 +#: src/config/SSSDConfig/sssdoptions.py:361 msgid "The type of the authentication token of the default bind DN" msgstr "O tipo de token de autenticação do bind DN por omissão" -#: src/config/SSSDConfig/sssdoptions.py:361 +#: src/config/SSSDConfig/sssdoptions.py:362 msgid "The authentication token of the default bind DN" msgstr "O token de autenticação do bind DN por omissão" -#: src/config/SSSDConfig/sssdoptions.py:362 +#: src/config/SSSDConfig/sssdoptions.py:363 msgid "Length of time to attempt connection" msgstr "Período de tempo para tentar ligação" -#: src/config/SSSDConfig/sssdoptions.py:363 +#: src/config/SSSDConfig/sssdoptions.py:364 msgid "Length of time to attempt synchronous LDAP operations" msgstr "Tempo de espera para tentar operações LDAP síncronas" -#: src/config/SSSDConfig/sssdoptions.py:364 +#: src/config/SSSDConfig/sssdoptions.py:365 msgid "Length of time between attempts to reconnect while offline" msgstr "Tempo de espera entre tentativas para re-conectar quando desligado" -#: src/config/SSSDConfig/sssdoptions.py:365 +#: src/config/SSSDConfig/sssdoptions.py:366 msgid "Use only the upper case for realm names" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:366 +#: src/config/SSSDConfig/sssdoptions.py:367 msgid "File that contains CA certificates" msgstr "Ficheiro que contêm os certificados CA" -#: src/config/SSSDConfig/sssdoptions.py:367 +#: src/config/SSSDConfig/sssdoptions.py:368 msgid "Path to CA certificate directory" msgstr "Caminho para o directório do certificado CA" -#: src/config/SSSDConfig/sssdoptions.py:368 +#: src/config/SSSDConfig/sssdoptions.py:369 msgid "File that contains the client certificate" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:369 +#: src/config/SSSDConfig/sssdoptions.py:370 msgid "File that contains the client key" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:370 +#: src/config/SSSDConfig/sssdoptions.py:371 msgid "List of possible ciphers suites" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:371 +#: src/config/SSSDConfig/sssdoptions.py:372 msgid "Require TLS certificate verification" msgstr "Obriga a verificação de certificados TLS" -#: src/config/SSSDConfig/sssdoptions.py:372 +#: src/config/SSSDConfig/sssdoptions.py:373 msgid "Specify the sasl mechanism to use" msgstr "Especificar mecanismo sasl a utilizar" -#: src/config/SSSDConfig/sssdoptions.py:373 +#: src/config/SSSDConfig/sssdoptions.py:374 msgid "Specify the sasl authorization id to use" msgstr "Especifique o id sasl para utilizar na autorização" -#: src/config/SSSDConfig/sssdoptions.py:374 +#: src/config/SSSDConfig/sssdoptions.py:375 msgid "Specify the sasl authorization realm to use" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:375 +#: src/config/SSSDConfig/sssdoptions.py:376 msgid "Specify the minimal SSF for LDAP sasl authorization" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:376 +#: src/config/SSSDConfig/sssdoptions.py:377 msgid "Specify the maximal SSF for LDAP sasl authorization" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:377 +#: src/config/SSSDConfig/sssdoptions.py:378 msgid "Kerberos service keytab" msgstr "Separador chave do serviço Kerberos" -#: src/config/SSSDConfig/sssdoptions.py:378 +#: src/config/SSSDConfig/sssdoptions.py:379 msgid "Use Kerberos auth for LDAP connection" msgstr "Utilizar autenticação Kerberos para ligações LDAP" -#: src/config/SSSDConfig/sssdoptions.py:379 +#: src/config/SSSDConfig/sssdoptions.py:380 msgid "Follow LDAP referrals" msgstr "Seguir os referrals LDAP" -#: src/config/SSSDConfig/sssdoptions.py:380 +#: src/config/SSSDConfig/sssdoptions.py:381 msgid "Lifetime of TGT for LDAP connection" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:381 +#: src/config/SSSDConfig/sssdoptions.py:382 msgid "How to dereference aliases" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:382 +#: src/config/SSSDConfig/sssdoptions.py:383 msgid "Service name for DNS service lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:383 +#: src/config/SSSDConfig/sssdoptions.py:384 msgid "The number of records to retrieve in a single LDAP query" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:384 +#: src/config/SSSDConfig/sssdoptions.py:385 msgid "The number of members that must be missing to trigger a full deref" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:385 +#: src/config/SSSDConfig/sssdoptions.py:386 msgid "Ignore unreadable LDAP references" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:386 +#: src/config/SSSDConfig/sssdoptions.py:387 msgid "" "Whether the LDAP library should perform a reverse lookup to canonicalize the " "host name during a SASL bind" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:388 +#: src/config/SSSDConfig/sssdoptions.py:389 msgid "" "Allows to retain local users as members of an LDAP group for servers that " "use the RFC2307 schema." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:391 +#: src/config/SSSDConfig/sssdoptions.py:392 msgid "entryUSN attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:392 +#: src/config/SSSDConfig/sssdoptions.py:393 msgid "lastUSN attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:394 +#: src/config/SSSDConfig/sssdoptions.py:395 msgid "How long to retain a connection to the LDAP server before disconnecting" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:397 +#: src/config/SSSDConfig/sssdoptions.py:398 msgid "Disable the LDAP paging control" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:398 +#: src/config/SSSDConfig/sssdoptions.py:399 msgid "Disable Active Directory range retrieval" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:401 +#: src/config/SSSDConfig/sssdoptions.py:402 msgid "Length of time to wait for a search request" msgstr "Tempo de espera por um pedido de pesquisa" -#: src/config/SSSDConfig/sssdoptions.py:402 +#: src/config/SSSDConfig/sssdoptions.py:403 msgid "Length of time to wait for a enumeration request" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:403 +#: src/config/SSSDConfig/sssdoptions.py:404 msgid "Length of time between enumeration updates" msgstr "Período de tempo entre enumeração de actualizações" -#: src/config/SSSDConfig/sssdoptions.py:404 +#: src/config/SSSDConfig/sssdoptions.py:405 #, fuzzy msgid "Maximum period deviation between enumeration updates" msgstr "Período de tempo entre enumeração de actualizações" -#: src/config/SSSDConfig/sssdoptions.py:405 +#: src/config/SSSDConfig/sssdoptions.py:406 msgid "Length of time between cache cleanups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:406 +#: src/config/SSSDConfig/sssdoptions.py:407 msgid "Maximum time deviation between cache cleanups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:407 +#: src/config/SSSDConfig/sssdoptions.py:408 msgid "Require TLS for ID lookups" msgstr "Requer TLS para consultas de ID" -#: src/config/SSSDConfig/sssdoptions.py:408 +#: src/config/SSSDConfig/sssdoptions.py:409 msgid "Use ID-mapping of objectSID instead of pre-set IDs" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:409 +#: src/config/SSSDConfig/sssdoptions.py:410 msgid "Base DN for user lookups" msgstr "DN base para pesquisa de utilizadores" -#: src/config/SSSDConfig/sssdoptions.py:410 +#: src/config/SSSDConfig/sssdoptions.py:411 msgid "Scope of user lookups" msgstr "Âmbito das pesquisas do utilizador" -#: src/config/SSSDConfig/sssdoptions.py:411 +#: src/config/SSSDConfig/sssdoptions.py:412 msgid "Filter for user lookups" msgstr "Filtro para as pesquisas do utilizador" -#: src/config/SSSDConfig/sssdoptions.py:412 +#: src/config/SSSDConfig/sssdoptions.py:413 msgid "Objectclass for users" msgstr "Objectclass para utilizadores" -#: src/config/SSSDConfig/sssdoptions.py:413 +#: src/config/SSSDConfig/sssdoptions.py:414 msgid "Username attribute" msgstr "Atributo do nome do utilizador" -#: src/config/SSSDConfig/sssdoptions.py:414 +#: src/config/SSSDConfig/sssdoptions.py:415 msgid "UID attribute" msgstr "Atributo UID" -#: src/config/SSSDConfig/sssdoptions.py:415 +#: src/config/SSSDConfig/sssdoptions.py:416 msgid "Primary GID attribute" msgstr "Atributo GID primário" -#: src/config/SSSDConfig/sssdoptions.py:416 +#: src/config/SSSDConfig/sssdoptions.py:417 msgid "GECOS attribute" msgstr "Atributo GECOS" -#: src/config/SSSDConfig/sssdoptions.py:417 +#: src/config/SSSDConfig/sssdoptions.py:418 msgid "Home directory attribute" msgstr "Atributo da pasta pessoal" -#: src/config/SSSDConfig/sssdoptions.py:418 +#: src/config/SSSDConfig/sssdoptions.py:419 msgid "Shell attribute" msgstr "Atributo da Shell" -#: src/config/SSSDConfig/sssdoptions.py:419 +#: src/config/SSSDConfig/sssdoptions.py:420 msgid "UUID attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:420 -#: src/config/SSSDConfig/sssdoptions.py:459 +#: src/config/SSSDConfig/sssdoptions.py:421 +#: src/config/SSSDConfig/sssdoptions.py:460 msgid "objectSID attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:421 +#: src/config/SSSDConfig/sssdoptions.py:422 msgid "Active Directory primary group attribute for ID-mapping" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:422 +#: src/config/SSSDConfig/sssdoptions.py:423 msgid "User principal attribute (for Kerberos)" msgstr "Atributo principal do utilizador (para Kerberos)" -#: src/config/SSSDConfig/sssdoptions.py:423 +#: src/config/SSSDConfig/sssdoptions.py:424 msgid "Full Name" msgstr "Nome Completo" -#: src/config/SSSDConfig/sssdoptions.py:424 +#: src/config/SSSDConfig/sssdoptions.py:425 msgid "memberOf attribute" msgstr "Atributo memberOf" -#: src/config/SSSDConfig/sssdoptions.py:425 +#: src/config/SSSDConfig/sssdoptions.py:426 msgid "Modification time attribute" msgstr "Atributo da alteração da data" -#: src/config/SSSDConfig/sssdoptions.py:426 +#: src/config/SSSDConfig/sssdoptions.py:427 msgid "shadowLastChange attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:427 +#: src/config/SSSDConfig/sssdoptions.py:428 msgid "shadowMin attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:428 +#: src/config/SSSDConfig/sssdoptions.py:429 msgid "shadowMax attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:429 +#: src/config/SSSDConfig/sssdoptions.py:430 msgid "shadowWarning attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:430 +#: src/config/SSSDConfig/sssdoptions.py:431 msgid "shadowInactive attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:431 +#: src/config/SSSDConfig/sssdoptions.py:432 msgid "shadowExpire attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:432 +#: src/config/SSSDConfig/sssdoptions.py:433 msgid "shadowFlag attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:433 +#: src/config/SSSDConfig/sssdoptions.py:434 msgid "Attribute listing authorized PAM services" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:434 +#: src/config/SSSDConfig/sssdoptions.py:435 msgid "Attribute listing authorized server hosts" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:435 +#: src/config/SSSDConfig/sssdoptions.py:436 msgid "Attribute listing authorized server rhosts" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:436 +#: src/config/SSSDConfig/sssdoptions.py:437 msgid "krbLastPwdChange attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:437 +#: src/config/SSSDConfig/sssdoptions.py:438 msgid "krbPasswordExpiration attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:438 +#: src/config/SSSDConfig/sssdoptions.py:439 msgid "Attribute indicating that server side password policies are active" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:439 +#: src/config/SSSDConfig/sssdoptions.py:440 msgid "accountExpires attribute of AD" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:440 +#: src/config/SSSDConfig/sssdoptions.py:441 msgid "userAccountControl attribute of AD" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:441 +#: src/config/SSSDConfig/sssdoptions.py:442 msgid "nsAccountLock attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:442 +#: src/config/SSSDConfig/sssdoptions.py:443 msgid "loginDisabled attribute of NDS" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:443 +#: src/config/SSSDConfig/sssdoptions.py:444 msgid "loginExpirationTime attribute of NDS" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:444 +#: src/config/SSSDConfig/sssdoptions.py:445 msgid "loginAllowedTimeMap attribute of NDS" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:445 +#: src/config/SSSDConfig/sssdoptions.py:446 msgid "SSH public key attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:446 +#: src/config/SSSDConfig/sssdoptions.py:447 msgid "attribute listing allowed authentication types for a user" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:447 +#: src/config/SSSDConfig/sssdoptions.py:448 msgid "attribute containing the X509 certificate of the user" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:448 +#: src/config/SSSDConfig/sssdoptions.py:449 msgid "attribute containing the email address of the user" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:449 +#: src/config/SSSDConfig/sssdoptions.py:450 msgid "attribute containing the passkey mapping data of the user" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:450 +#: src/config/SSSDConfig/sssdoptions.py:451 msgid "A list of extra attributes to download along with the user entry" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:452 +#: src/config/SSSDConfig/sssdoptions.py:453 msgid "Base DN for group lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:453 +#: src/config/SSSDConfig/sssdoptions.py:454 msgid "Objectclass for groups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:454 +#: src/config/SSSDConfig/sssdoptions.py:455 msgid "Group name" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:455 +#: src/config/SSSDConfig/sssdoptions.py:456 msgid "Group password" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:456 +#: src/config/SSSDConfig/sssdoptions.py:457 msgid "GID attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:457 +#: src/config/SSSDConfig/sssdoptions.py:458 msgid "Group member attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:458 +#: src/config/SSSDConfig/sssdoptions.py:459 msgid "Group UUID attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:460 +#: src/config/SSSDConfig/sssdoptions.py:461 msgid "Modification time attribute for groups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:461 +#: src/config/SSSDConfig/sssdoptions.py:462 msgid "Type of the group and other flags" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:462 +#: src/config/SSSDConfig/sssdoptions.py:463 msgid "The LDAP group external member attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:463 +#: src/config/SSSDConfig/sssdoptions.py:464 msgid "Maximum nesting level SSSD will follow" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:464 +#: src/config/SSSDConfig/sssdoptions.py:465 msgid "Filter for group lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:465 +#: src/config/SSSDConfig/sssdoptions.py:466 msgid "Scope of group lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:467 +#: src/config/SSSDConfig/sssdoptions.py:468 msgid "Base DN for netgroup lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:468 +#: src/config/SSSDConfig/sssdoptions.py:469 msgid "Objectclass for netgroups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:469 +#: src/config/SSSDConfig/sssdoptions.py:470 msgid "Netgroup name" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:470 +#: src/config/SSSDConfig/sssdoptions.py:471 msgid "Netgroups members attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:471 +#: src/config/SSSDConfig/sssdoptions.py:472 msgid "Netgroup triple attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:472 +#: src/config/SSSDConfig/sssdoptions.py:473 msgid "Modification time attribute for netgroups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:474 +#: src/config/SSSDConfig/sssdoptions.py:475 msgid "Base DN for service lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:475 +#: src/config/SSSDConfig/sssdoptions.py:476 msgid "Objectclass for services" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:476 +#: src/config/SSSDConfig/sssdoptions.py:477 msgid "Service name attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:477 +#: src/config/SSSDConfig/sssdoptions.py:478 msgid "Service port attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:478 +#: src/config/SSSDConfig/sssdoptions.py:479 msgid "Service protocol attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:480 +#: src/config/SSSDConfig/sssdoptions.py:481 msgid "Lower bound for ID-mapping" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:481 +#: src/config/SSSDConfig/sssdoptions.py:482 msgid "Upper bound for ID-mapping" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:482 +#: src/config/SSSDConfig/sssdoptions.py:483 msgid "Number of IDs for each slice when ID-mapping" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:483 +#: src/config/SSSDConfig/sssdoptions.py:484 msgid "Use autorid-compatible algorithm for ID-mapping" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:484 +#: src/config/SSSDConfig/sssdoptions.py:485 msgid "Name of the default domain for ID-mapping" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:485 +#: src/config/SSSDConfig/sssdoptions.py:486 msgid "SID of the default domain for ID-mapping" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:486 +#: src/config/SSSDConfig/sssdoptions.py:487 msgid "Number of secondary slices" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:488 +#: src/config/SSSDConfig/sssdoptions.py:489 msgid "Whether to use Token-Groups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:489 +#: src/config/SSSDConfig/sssdoptions.py:490 msgid "Set lower boundary for allowed IDs from the LDAP server" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:490 +#: src/config/SSSDConfig/sssdoptions.py:491 msgid "Set upper boundary for allowed IDs from the LDAP server" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:491 +#: src/config/SSSDConfig/sssdoptions.py:492 msgid "DN for ppolicy queries" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:492 +#: src/config/SSSDConfig/sssdoptions.py:493 msgid "How many maximum entries to fetch during a wildcard request" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:493 +#: src/config/SSSDConfig/sssdoptions.py:494 msgid "Set libldap debug level" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:496 +#: src/config/SSSDConfig/sssdoptions.py:497 msgid "Policy to evaluate the password expiration" msgstr "Politica para avaliar a expiração da senha" -#: src/config/SSSDConfig/sssdoptions.py:500 +#: src/config/SSSDConfig/sssdoptions.py:501 msgid "Which attributes shall be used to evaluate if an account is expired" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:504 +#: src/config/SSSDConfig/sssdoptions.py:505 msgid "URI of an LDAP server where password changes are allowed" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:505 +#: src/config/SSSDConfig/sssdoptions.py:506 msgid "URI of a backup LDAP server where password changes are allowed" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:506 +#: src/config/SSSDConfig/sssdoptions.py:507 msgid "DNS service name for LDAP password change server" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:507 +#: src/config/SSSDConfig/sssdoptions.py:508 msgid "" "Whether to update the ldap_user_shadow_last_change attribute after a " "password change" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:511 +#: src/config/SSSDConfig/sssdoptions.py:512 msgid "Base DN for sudo rules lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:512 +#: src/config/SSSDConfig/sssdoptions.py:513 msgid "Automatic full refresh period" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:513 +#: src/config/SSSDConfig/sssdoptions.py:514 msgid "Automatic smart refresh period" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:514 +#: src/config/SSSDConfig/sssdoptions.py:515 msgid "Smart and full refresh random offset" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:515 +#: src/config/SSSDConfig/sssdoptions.py:516 msgid "Whether to filter rules by hostname, IP addresses and network" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:516 +#: src/config/SSSDConfig/sssdoptions.py:517 msgid "" "Hostnames and/or fully qualified domain names of this machine to filter sudo " "rules" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:517 +#: src/config/SSSDConfig/sssdoptions.py:518 msgid "IPv4 or IPv6 addresses or network of this machine to filter sudo rules" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:518 +#: src/config/SSSDConfig/sssdoptions.py:519 msgid "Whether to include rules that contains netgroup in host attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:519 +#: src/config/SSSDConfig/sssdoptions.py:520 msgid "" "Whether to include rules that contains regular expression in host attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:520 +#: src/config/SSSDConfig/sssdoptions.py:521 msgid "Object class for sudo rules" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:521 +#: src/config/SSSDConfig/sssdoptions.py:522 msgid "Name of attribute that is used as object class for sudo rules" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:522 +#: src/config/SSSDConfig/sssdoptions.py:523 msgid "Sudo rule name" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:523 +#: src/config/SSSDConfig/sssdoptions.py:524 msgid "Sudo rule command attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:524 +#: src/config/SSSDConfig/sssdoptions.py:525 msgid "Sudo rule host attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:525 +#: src/config/SSSDConfig/sssdoptions.py:526 msgid "Sudo rule user attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:526 +#: src/config/SSSDConfig/sssdoptions.py:527 msgid "Sudo rule option attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:527 +#: src/config/SSSDConfig/sssdoptions.py:528 msgid "Sudo rule runas attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:528 +#: src/config/SSSDConfig/sssdoptions.py:529 msgid "Sudo rule runasuser attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:529 +#: src/config/SSSDConfig/sssdoptions.py:530 msgid "Sudo rule runasgroup attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:530 +#: src/config/SSSDConfig/sssdoptions.py:531 msgid "Sudo rule notbefore attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:531 +#: src/config/SSSDConfig/sssdoptions.py:532 msgid "Sudo rule notafter attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:532 +#: src/config/SSSDConfig/sssdoptions.py:533 msgid "Sudo rule order attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:535 +#: src/config/SSSDConfig/sssdoptions.py:536 msgid "Object class for automounter maps" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:536 +#: src/config/SSSDConfig/sssdoptions.py:537 msgid "Automounter map name attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:537 +#: src/config/SSSDConfig/sssdoptions.py:538 msgid "Object class for automounter map entries" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:538 +#: src/config/SSSDConfig/sssdoptions.py:539 msgid "Automounter map entry key attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:539 +#: src/config/SSSDConfig/sssdoptions.py:540 msgid "Automounter map entry value attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:540 +#: src/config/SSSDConfig/sssdoptions.py:541 msgid "Base DN for automounter map lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:541 +#: src/config/SSSDConfig/sssdoptions.py:542 msgid "The name of the automount master map in LDAP." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:544 +#: src/config/SSSDConfig/sssdoptions.py:545 msgid "Base DN for IP hosts lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:545 +#: src/config/SSSDConfig/sssdoptions.py:546 msgid "Object class for IP hosts" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:546 +#: src/config/SSSDConfig/sssdoptions.py:547 msgid "IP host name attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:547 +#: src/config/SSSDConfig/sssdoptions.py:548 msgid "IP host number (address) attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:548 +#: src/config/SSSDConfig/sssdoptions.py:549 msgid "IP host entryUSN attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:549 +#: src/config/SSSDConfig/sssdoptions.py:550 msgid "Base DN for IP networks lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:550 +#: src/config/SSSDConfig/sssdoptions.py:551 msgid "Object class for IP networks" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:551 +#: src/config/SSSDConfig/sssdoptions.py:552 msgid "IP network name attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:552 +#: src/config/SSSDConfig/sssdoptions.py:553 msgid "IP network number (address) attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:553 +#: src/config/SSSDConfig/sssdoptions.py:554 msgid "IP network entryUSN attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:556 +#: src/config/SSSDConfig/sssdoptions.py:557 msgid "Comma separated list of allowed users" msgstr "Lista de utilizadores autorizados separados por vírgulas" -#: src/config/SSSDConfig/sssdoptions.py:557 +#: src/config/SSSDConfig/sssdoptions.py:558 msgid "Comma separated list of prohibited users" msgstr "Lista de utilizadores não autorizados separados por vírgulas" -#: src/config/SSSDConfig/sssdoptions.py:558 +#: src/config/SSSDConfig/sssdoptions.py:559 msgid "" "Comma separated list of groups that are allowed to log in. This applies only " "to groups within this SSSD domain. Local groups are not evaluated." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:560 +#: src/config/SSSDConfig/sssdoptions.py:561 msgid "" "Comma separated list of groups that are explicitly denied access. This " "applies only to groups within this SSSD domain. Local groups are not " "evaluated." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:564 +#: src/config/SSSDConfig/sssdoptions.py:565 msgid "The number of preforked proxy children." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:567 +#: src/config/SSSDConfig/sssdoptions.py:568 msgid "The name of the NSS library to use" msgstr "O nome da biblioteca NSS a utilizar" -#: src/config/SSSDConfig/sssdoptions.py:568 +#: src/config/SSSDConfig/sssdoptions.py:569 msgid "The name of the NSS library to use for hosts and networks lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:569 +#: src/config/SSSDConfig/sssdoptions.py:570 msgid "Whether to look up canonical group name from cache if possible" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:572 +#: src/config/SSSDConfig/sssdoptions.py:573 msgid "PAM stack to use" msgstr "Stack PAM a utilizar" -#: src/config/SSSDConfig/sssdoptions.py:575 +#: src/config/SSSDConfig/sssdoptions.py:576 msgid "Path of passwd file sources." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:576 +#: src/config/SSSDConfig/sssdoptions.py:577 msgid "Path of group file sources." msgstr "" @@ -1894,67 +1898,67 @@ msgstr "" msgid "SSSD is already running\n" msgstr "" -#: src/providers/krb5/krb5_child.c:4007 src/providers/ldap/ldap_child.c:641 +#: src/providers/krb5/krb5_child.c:4027 src/providers/ldap/ldap_child.c:642 msgid "Allow core dumps" msgstr "" -#: src/providers/krb5/krb5_child.c:4009 src/providers/ldap/ldap_child.c:643 +#: src/providers/krb5/krb5_child.c:4029 src/providers/ldap/ldap_child.c:644 msgid "An open file descriptor for the debug logs" msgstr "Um descritor de ficheiro aberto para os registos de depuração" -#: src/providers/krb5/krb5_child.c:4012 +#: src/providers/krb5/krb5_child.c:4032 msgid "The user to create FAST ccache as" msgstr "" -#: src/providers/krb5/krb5_child.c:4014 +#: src/providers/krb5/krb5_child.c:4034 msgid "The group to create FAST ccache as" msgstr "" -#: src/providers/krb5/krb5_child.c:4016 +#: src/providers/krb5/krb5_child.c:4036 msgid "Use anonymous PKINIT to request FAST armor ticket" msgstr "" -#: src/providers/krb5/krb5_child.c:4018 +#: src/providers/krb5/krb5_child.c:4038 msgid "Kerberos realm to use" msgstr "" -#: src/providers/krb5/krb5_child.c:4020 +#: src/providers/krb5/krb5_child.c:4040 msgid "Requested lifetime of the ticket" msgstr "" -#: src/providers/krb5/krb5_child.c:4022 +#: src/providers/krb5/krb5_child.c:4042 msgid "Requested renewable lifetime of the ticket" msgstr "" -#: src/providers/krb5/krb5_child.c:4024 +#: src/providers/krb5/krb5_child.c:4044 msgid "FAST options ('never', 'try', 'demand')" msgstr "" -#: src/providers/krb5/krb5_child.c:4027 +#: src/providers/krb5/krb5_child.c:4047 msgid "Specifies the server principal to use for FAST" msgstr "" -#: src/providers/krb5/krb5_child.c:4029 +#: src/providers/krb5/krb5_child.c:4049 msgid "Requests canonicalization of the principal name" msgstr "" -#: src/providers/krb5/krb5_child.c:4031 +#: src/providers/krb5/krb5_child.c:4051 msgid "Use custom version of krb5_get_init_creds_password" msgstr "" -#: src/providers/krb5/krb5_child.c:4033 +#: src/providers/krb5/krb5_child.c:4053 msgid "Tevent chain ID used for logging purposes" msgstr "" -#: src/providers/krb5/krb5_child.c:4035 +#: src/providers/krb5/krb5_child.c:4055 msgid "Check PAC flags" msgstr "" -#: src/providers/krb5/krb5_child.c:4079 src/providers/ldap/ldap_child.c:669 +#: src/providers/krb5/krb5_child.c:4099 src/providers/ldap/ldap_child.c:670 msgid "talloc_asprintf failed.\n" msgstr "" -#: src/providers/krb5/krb5_child.c:4089 src/providers/ldap/ldap_child.c:678 +#: src/providers/krb5/krb5_child.c:4109 src/providers/ldap/ldap_child.c:679 msgid "set_debug_file_from_fd failed.\n" msgstr "" @@ -1998,119 +2002,131 @@ msgstr "" msgid "Permission denied. " msgstr "" -#: src/sss_client/pam_sss.c:70 src/sss_client/pam_sss.c:819 -#: src/sss_client/pam_sss.c:830 +#: src/sss_client/pam_sss.c:70 src/sss_client/pam_sss.c:838 +#: src/sss_client/pam_sss.c:849 msgid "Server message: " msgstr "Mensagem do Servidor: " #: src/sss_client/pam_sss.c:71 +msgid "" +"Kerberos TGT will not be granted upon login, user experience will be " +"affected." +msgstr "" + +#: src/sss_client/pam_sss.c:72 msgid "Enter PIN:" msgstr "" -#: src/sss_client/pam_sss.c:314 +#: src/sss_client/pam_sss.c:315 msgid "Passwords do not match" msgstr "Senhas não coincidem" -#: src/sss_client/pam_sss.c:502 +#: src/sss_client/pam_sss.c:503 msgid "Password reset by root is not supported." msgstr "" -#: src/sss_client/pam_sss.c:543 +#: src/sss_client/pam_sss.c:544 msgid "Authenticated with cached credentials" msgstr "" -#: src/sss_client/pam_sss.c:544 +#: src/sss_client/pam_sss.c:545 msgid ", your cached password will expire at: " msgstr ", a sua senha guardada em cache irá expirar em: " -#: src/sss_client/pam_sss.c:574 +#: src/sss_client/pam_sss.c:575 #, c-format msgid "Your password has expired. You have %1$d grace login(s) remaining." msgstr "" -#: src/sss_client/pam_sss.c:624 +#: src/sss_client/pam_sss.c:625 #, c-format msgid "Your password will expire in %1$d %2$s." msgstr "" -#: src/sss_client/pam_sss.c:627 +#: src/sss_client/pam_sss.c:628 #, fuzzy, c-format msgid "Your password has expired." msgstr ", a sua senha guardada em cache irá expirar em: " -#: src/sss_client/pam_sss.c:678 +#: src/sss_client/pam_sss.c:679 msgid "Authentication is denied until: " msgstr "" -#: src/sss_client/pam_sss.c:699 +#: src/sss_client/pam_sss.c:700 msgid "System is offline, password change not possible" msgstr "O sistema está offline, a mudança de senha não é possível" -#: src/sss_client/pam_sss.c:714 +#: src/sss_client/pam_sss.c:715 msgid "" "After changing the OTP password, you need to log out and back in order to " "acquire a ticket" msgstr "" -#: src/sss_client/pam_sss.c:729 +#: src/sss_client/pam_sss.c:730 msgid "PIN locked" msgstr "" -#: src/sss_client/pam_sss.c:816 src/sss_client/pam_sss.c:829 +#: src/sss_client/pam_sss.c:745 +msgid "" +"No Kerberos TGT granted as the server does not support this method. Your " +"single-sign on(SSO) experience will be affected." +msgstr "" + +#: src/sss_client/pam_sss.c:835 src/sss_client/pam_sss.c:848 msgid "Password change failed. " msgstr "Alteração da senha falhou." -#: src/sss_client/pam_sss.c:1797 +#: src/sss_client/pam_sss.c:1819 #, c-format msgid "Authenticate at %1$s and press ENTER." msgstr "" -#: src/sss_client/pam_sss.c:1800 +#: src/sss_client/pam_sss.c:1822 #, c-format msgid "Authenticate with PIN %1$s at %2$s and press ENTER." msgstr "" -#: src/sss_client/pam_sss.c:2153 +#: src/sss_client/pam_sss.c:2181 msgid "Please (re)insert (different) Smartcard" msgstr "" -#: src/sss_client/pam_sss.c:2352 +#: src/sss_client/pam_sss.c:2380 msgid "New Password: " msgstr "Nova Senha: " -#: src/sss_client/pam_sss.c:2353 +#: src/sss_client/pam_sss.c:2381 msgid "Reenter new Password: " msgstr "Digite a senha novamente: " -#: src/sss_client/pam_sss.c:2523 src/sss_client/pam_sss.c:2526 +#: src/sss_client/pam_sss.c:2551 src/sss_client/pam_sss.c:2554 msgid "First Factor: " msgstr "" -#: src/sss_client/pam_sss.c:2524 src/sss_client/pam_sss.c:2707 +#: src/sss_client/pam_sss.c:2552 src/sss_client/pam_sss.c:2740 msgid "Second Factor (optional): " msgstr "" -#: src/sss_client/pam_sss.c:2527 src/sss_client/pam_sss.c:2710 +#: src/sss_client/pam_sss.c:2555 src/sss_client/pam_sss.c:2743 msgid "Second Factor: " msgstr "" -#: src/sss_client/pam_sss.c:2547 +#: src/sss_client/pam_sss.c:2575 msgid "Insert your passkey device, then press ENTER." msgstr "" -#: src/sss_client/pam_sss.c:2551 src/sss_client/pam_sss.c:2554 +#: src/sss_client/pam_sss.c:2579 src/sss_client/pam_sss.c:2587 msgid "Password: " msgstr "Senha: " -#: src/sss_client/pam_sss.c:2706 src/sss_client/pam_sss.c:2709 +#: src/sss_client/pam_sss.c:2739 src/sss_client/pam_sss.c:2742 msgid "First Factor (Current Password): " msgstr "" -#: src/sss_client/pam_sss.c:2713 +#: src/sss_client/pam_sss.c:2746 msgid "Current Password: " msgstr "Senha actual: " -#: src/sss_client/pam_sss.c:3070 +#: src/sss_client/pam_sss.c:3103 msgid "Password expired. Change your password now." msgstr "A senha expirou. Altere a sua senha agora." diff --git a/po/pt_BR.po b/po/pt_BR.po index 6921125d741..4333198a868 100644 --- a/po/pt_BR.po +++ b/po/pt_BR.po @@ -3,7 +3,7 @@ msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" -"POT-Creation-Date: 2023-05-05 10:11+0200\n" +"POT-Creation-Date: 2023-09-07 11:48+0200\n" "PO-Revision-Date: 2015-10-27 08:15-0400\n" "Last-Translator: Marco Aurélio Krause \n" "Language-Team: Portuguese (Brazil)\n" @@ -582,12 +582,12 @@ msgid "Whether to automatically update the client's DNS entry" msgstr "" #: src/config/SSSDConfig/sssdoptions.py:201 -#: src/config/SSSDConfig/sssdoptions.py:233 +#: src/config/SSSDConfig/sssdoptions.py:234 msgid "The TTL to apply to the client's DNS entry after updating it" msgstr "" #: src/config/SSSDConfig/sssdoptions.py:202 -#: src/config/SSSDConfig/sssdoptions.py:234 +#: src/config/SSSDConfig/sssdoptions.py:235 msgid "The interface whose IP should be used for dynamic DNS updates" msgstr "" @@ -671,1162 +671,1166 @@ msgid "" "(long term password) must have to be saved as SHA512 hash into the cache." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:228 -msgid "IPA domain" +#: src/config/SSSDConfig/sssdoptions.py:226 +msgid "Local authentication methods policy " msgstr "" #: src/config/SSSDConfig/sssdoptions.py:229 -msgid "IPA server address" +msgid "IPA domain" msgstr "" #: src/config/SSSDConfig/sssdoptions.py:230 -msgid "Address of backup IPA server" +msgid "IPA server address" msgstr "" #: src/config/SSSDConfig/sssdoptions.py:231 -msgid "IPA client hostname" +msgid "Address of backup IPA server" msgstr "" #: src/config/SSSDConfig/sssdoptions.py:232 +msgid "IPA client hostname" +msgstr "" + +#: src/config/SSSDConfig/sssdoptions.py:233 msgid "Whether to automatically update the client's DNS entry in FreeIPA" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:235 +#: src/config/SSSDConfig/sssdoptions.py:236 msgid "Search base for HBAC related objects" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:236 +#: src/config/SSSDConfig/sssdoptions.py:237 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:237 +#: src/config/SSSDConfig/sssdoptions.py:238 msgid "" "The amount of time in seconds between lookups of the SELinux maps against " "the IPA server" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:239 +#: src/config/SSSDConfig/sssdoptions.py:240 msgid "If set to false, host argument given by PAM will be ignored" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:240 +#: src/config/SSSDConfig/sssdoptions.py:241 msgid "The automounter location this IPA client is using" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:241 +#: src/config/SSSDConfig/sssdoptions.py:242 msgid "Search base for object containing info about IPA domain" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:242 +#: src/config/SSSDConfig/sssdoptions.py:243 msgid "Search base for objects containing info about ID ranges" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:243 -#: src/config/SSSDConfig/sssdoptions.py:299 +#: src/config/SSSDConfig/sssdoptions.py:244 +#: src/config/SSSDConfig/sssdoptions.py:300 msgid "Enable DNS sites - location based service discovery" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:244 +#: src/config/SSSDConfig/sssdoptions.py:245 msgid "Search base for view containers" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:245 +#: src/config/SSSDConfig/sssdoptions.py:246 msgid "Objectclass for view containers" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:246 +#: src/config/SSSDConfig/sssdoptions.py:247 msgid "Attribute with the name of the view" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:247 +#: src/config/SSSDConfig/sssdoptions.py:248 msgid "Objectclass for override objects" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:248 +#: src/config/SSSDConfig/sssdoptions.py:249 msgid "Attribute with the reference to the original object" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:249 +#: src/config/SSSDConfig/sssdoptions.py:250 msgid "Objectclass for user override objects" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:250 +#: src/config/SSSDConfig/sssdoptions.py:251 msgid "Objectclass for group override objects" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:251 +#: src/config/SSSDConfig/sssdoptions.py:252 msgid "Search base for Desktop Profile related objects" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:252 +#: src/config/SSSDConfig/sssdoptions.py:253 msgid "" "The amount of time in seconds between lookups of the Desktop Profile rules " "against the IPA server" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:254 +#: src/config/SSSDConfig/sssdoptions.py:255 msgid "" "The amount of time in minutes between lookups of Desktop Profiles rules " "against the IPA server when the last request did not find any rule" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:257 +#: src/config/SSSDConfig/sssdoptions.py:258 msgid "Search base for SUBID ranges" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:258 -#: src/config/SSSDConfig/sssdoptions.py:501 +#: src/config/SSSDConfig/sssdoptions.py:259 +#: src/config/SSSDConfig/sssdoptions.py:502 msgid "Which rules should be used to evaluate access control" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:259 +#: src/config/SSSDConfig/sssdoptions.py:260 msgid "The LDAP attribute that contains FQDN of the host." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:260 -#: src/config/SSSDConfig/sssdoptions.py:283 +#: src/config/SSSDConfig/sssdoptions.py:261 +#: src/config/SSSDConfig/sssdoptions.py:284 msgid "The object class of a host entry in LDAP." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:261 +#: src/config/SSSDConfig/sssdoptions.py:262 msgid "Use the given string as search base for host objects." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:262 +#: src/config/SSSDConfig/sssdoptions.py:263 msgid "The LDAP attribute that contains the host's SSH public keys." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:263 +#: src/config/SSSDConfig/sssdoptions.py:264 msgid "The LDAP attribute that contains NIS domain name of the netgroup." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:264 +#: src/config/SSSDConfig/sssdoptions.py:265 msgid "The LDAP attribute that contains the names of the netgroup's members." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:265 +#: src/config/SSSDConfig/sssdoptions.py:266 msgid "" "The LDAP attribute that lists FQDNs of hosts and host groups that are " "members of the netgroup." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:267 +#: src/config/SSSDConfig/sssdoptions.py:268 msgid "" "The LDAP attribute that lists hosts and host groups that are direct members " "of the netgroup." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:269 +#: src/config/SSSDConfig/sssdoptions.py:270 msgid "The LDAP attribute that lists netgroup's memberships." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:270 +#: src/config/SSSDConfig/sssdoptions.py:271 msgid "" "The LDAP attribute that lists system users and groups that are direct " "members of the netgroup." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:272 +#: src/config/SSSDConfig/sssdoptions.py:273 msgid "The LDAP attribute that corresponds to the netgroup name." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:273 +#: src/config/SSSDConfig/sssdoptions.py:274 msgid "The object class of a netgroup entry in LDAP." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:274 +#: src/config/SSSDConfig/sssdoptions.py:275 msgid "" "The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:275 +#: src/config/SSSDConfig/sssdoptions.py:276 msgid "" "The LDAP attribute that contains whether or not is user map enabled for " "usage." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:277 +#: src/config/SSSDConfig/sssdoptions.py:278 msgid "The LDAP attribute that contains host category such as 'all'." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:278 +#: src/config/SSSDConfig/sssdoptions.py:279 msgid "" "The LDAP attribute that contains all hosts / hostgroups this rule match " "against." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:280 +#: src/config/SSSDConfig/sssdoptions.py:281 msgid "" "The LDAP attribute that contains all users / groups this rule match against." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:282 +#: src/config/SSSDConfig/sssdoptions.py:283 msgid "The LDAP attribute that contains the name of SELinux usermap." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:284 +#: src/config/SSSDConfig/sssdoptions.py:285 msgid "" "The LDAP attribute that contains DN of HBAC rule which can be used for " "matching instead of memberUser and memberHost." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:286 +#: src/config/SSSDConfig/sssdoptions.py:287 msgid "The LDAP attribute that contains SELinux user string itself." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:287 +#: src/config/SSSDConfig/sssdoptions.py:288 msgid "The LDAP attribute that contains user category such as 'all'." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:288 +#: src/config/SSSDConfig/sssdoptions.py:289 msgid "The LDAP attribute that contains unique ID of the user map." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:289 +#: src/config/SSSDConfig/sssdoptions.py:290 msgid "" "The option denotes that the SSSD is running on IPA server and should perform " "lookups of users and groups from trusted domains differently." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:291 +#: src/config/SSSDConfig/sssdoptions.py:292 msgid "Use the given string as search base for trusted domains." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:294 +#: src/config/SSSDConfig/sssdoptions.py:295 msgid "Active Directory domain" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:295 +#: src/config/SSSDConfig/sssdoptions.py:296 msgid "Enabled Active Directory domains" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:296 +#: src/config/SSSDConfig/sssdoptions.py:297 msgid "Active Directory server address" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:297 +#: src/config/SSSDConfig/sssdoptions.py:298 msgid "Active Directory backup server address" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:298 +#: src/config/SSSDConfig/sssdoptions.py:299 msgid "Active Directory client hostname" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:300 -#: src/config/SSSDConfig/sssdoptions.py:499 +#: src/config/SSSDConfig/sssdoptions.py:301 +#: src/config/SSSDConfig/sssdoptions.py:500 msgid "LDAP filter to determine access privileges" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:301 +#: src/config/SSSDConfig/sssdoptions.py:302 msgid "Whether to use the Global Catalog for lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:302 +#: src/config/SSSDConfig/sssdoptions.py:303 msgid "Operation mode for GPO-based access control" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:303 +#: src/config/SSSDConfig/sssdoptions.py:304 msgid "" "The amount of time between lookups of the GPO policy files against the AD " "server" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:304 +#: src/config/SSSDConfig/sssdoptions.py:305 msgid "" "PAM service names that map to the GPO (Deny)InteractiveLogonRight policy " "settings" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:306 +#: src/config/SSSDConfig/sssdoptions.py:307 msgid "" "PAM service names that map to the GPO (Deny)RemoteInteractiveLogonRight " "policy settings" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:308 +#: src/config/SSSDConfig/sssdoptions.py:309 msgid "" "PAM service names that map to the GPO (Deny)NetworkLogonRight policy settings" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:309 +#: src/config/SSSDConfig/sssdoptions.py:310 msgid "" "PAM service names that map to the GPO (Deny)BatchLogonRight policy settings" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:310 +#: src/config/SSSDConfig/sssdoptions.py:311 msgid "" "PAM service names that map to the GPO (Deny)ServiceLogonRight policy settings" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:311 +#: src/config/SSSDConfig/sssdoptions.py:312 msgid "PAM service names for which GPO-based access is always granted" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:312 +#: src/config/SSSDConfig/sssdoptions.py:313 msgid "PAM service names for which GPO-based access is always denied" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:313 +#: src/config/SSSDConfig/sssdoptions.py:314 msgid "" "Default logon right (or permit/deny) to use for unmapped PAM service names" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:314 +#: src/config/SSSDConfig/sssdoptions.py:315 msgid "a particular site to be used by the client" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:315 +#: src/config/SSSDConfig/sssdoptions.py:316 msgid "" "Maximum age in days before the machine account password should be renewed" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:317 +#: src/config/SSSDConfig/sssdoptions.py:318 msgid "Option for tuning the machine account renewal task" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:318 +#: src/config/SSSDConfig/sssdoptions.py:319 msgid "Whether to update the machine account password in the Samba database" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:320 +#: src/config/SSSDConfig/sssdoptions.py:321 msgid "Use LDAPS port for LDAP and Global Catalog requests" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:321 +#: src/config/SSSDConfig/sssdoptions.py:322 msgid "Do not filter domain local groups from other domains" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:324 #: src/config/SSSDConfig/sssdoptions.py:325 +#: src/config/SSSDConfig/sssdoptions.py:326 msgid "Kerberos server address" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:326 +#: src/config/SSSDConfig/sssdoptions.py:327 msgid "Kerberos backup server address" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:327 +#: src/config/SSSDConfig/sssdoptions.py:328 msgid "Kerberos realm" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:328 +#: src/config/SSSDConfig/sssdoptions.py:329 msgid "Authentication timeout" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:329 +#: src/config/SSSDConfig/sssdoptions.py:330 msgid "Whether to create kdcinfo files" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:330 +#: src/config/SSSDConfig/sssdoptions.py:331 msgid "Where to drop krb5 config snippets" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:333 +#: src/config/SSSDConfig/sssdoptions.py:334 msgid "Directory to store credential caches" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:334 +#: src/config/SSSDConfig/sssdoptions.py:335 msgid "Location of the user's credential cache" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:335 +#: src/config/SSSDConfig/sssdoptions.py:336 msgid "Location of the keytab to validate credentials" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:336 +#: src/config/SSSDConfig/sssdoptions.py:337 msgid "Enable credential validation" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:337 +#: src/config/SSSDConfig/sssdoptions.py:338 msgid "Store password if offline for later online authentication" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:338 +#: src/config/SSSDConfig/sssdoptions.py:339 msgid "Renewable lifetime of the TGT" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:339 +#: src/config/SSSDConfig/sssdoptions.py:340 msgid "Lifetime of the TGT" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:340 +#: src/config/SSSDConfig/sssdoptions.py:341 msgid "Time between two checks for renewal" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:341 +#: src/config/SSSDConfig/sssdoptions.py:342 msgid "Enables FAST" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:342 +#: src/config/SSSDConfig/sssdoptions.py:343 msgid "Selects the principal to use for FAST" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:343 +#: src/config/SSSDConfig/sssdoptions.py:344 msgid "Use anonymous PKINIT to request FAST credentials" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:344 +#: src/config/SSSDConfig/sssdoptions.py:345 msgid "Enables principal canonicalization" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:345 +#: src/config/SSSDConfig/sssdoptions.py:346 msgid "Enables enterprise principals" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:346 +#: src/config/SSSDConfig/sssdoptions.py:347 msgid "Enables using of subdomains realms for authentication" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:347 +#: src/config/SSSDConfig/sssdoptions.py:348 msgid "A mapping from user names to Kerberos principal names" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:350 #: src/config/SSSDConfig/sssdoptions.py:351 +#: src/config/SSSDConfig/sssdoptions.py:352 msgid "Server where the change password service is running if not on the KDC" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:354 +#: src/config/SSSDConfig/sssdoptions.py:355 msgid "ldap_uri, The URI of the LDAP server" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:355 +#: src/config/SSSDConfig/sssdoptions.py:356 msgid "ldap_backup_uri, The URI of the LDAP server" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:356 +#: src/config/SSSDConfig/sssdoptions.py:357 msgid "The default base DN" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:357 +#: src/config/SSSDConfig/sssdoptions.py:358 msgid "The Schema Type in use on the LDAP server, rfc2307" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:358 +#: src/config/SSSDConfig/sssdoptions.py:359 msgid "Mode used to change user password" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:359 +#: src/config/SSSDConfig/sssdoptions.py:360 msgid "The default bind DN" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:360 +#: src/config/SSSDConfig/sssdoptions.py:361 msgid "The type of the authentication token of the default bind DN" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:361 +#: src/config/SSSDConfig/sssdoptions.py:362 msgid "The authentication token of the default bind DN" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:362 +#: src/config/SSSDConfig/sssdoptions.py:363 msgid "Length of time to attempt connection" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:363 +#: src/config/SSSDConfig/sssdoptions.py:364 msgid "Length of time to attempt synchronous LDAP operations" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:364 +#: src/config/SSSDConfig/sssdoptions.py:365 msgid "Length of time between attempts to reconnect while offline" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:365 +#: src/config/SSSDConfig/sssdoptions.py:366 msgid "Use only the upper case for realm names" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:366 +#: src/config/SSSDConfig/sssdoptions.py:367 msgid "File that contains CA certificates" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:367 +#: src/config/SSSDConfig/sssdoptions.py:368 msgid "Path to CA certificate directory" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:368 +#: src/config/SSSDConfig/sssdoptions.py:369 msgid "File that contains the client certificate" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:369 +#: src/config/SSSDConfig/sssdoptions.py:370 msgid "File that contains the client key" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:370 +#: src/config/SSSDConfig/sssdoptions.py:371 msgid "List of possible ciphers suites" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:371 +#: src/config/SSSDConfig/sssdoptions.py:372 msgid "Require TLS certificate verification" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:372 +#: src/config/SSSDConfig/sssdoptions.py:373 msgid "Specify the sasl mechanism to use" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:373 +#: src/config/SSSDConfig/sssdoptions.py:374 msgid "Specify the sasl authorization id to use" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:374 +#: src/config/SSSDConfig/sssdoptions.py:375 msgid "Specify the sasl authorization realm to use" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:375 +#: src/config/SSSDConfig/sssdoptions.py:376 msgid "Specify the minimal SSF for LDAP sasl authorization" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:376 +#: src/config/SSSDConfig/sssdoptions.py:377 msgid "Specify the maximal SSF for LDAP sasl authorization" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:377 +#: src/config/SSSDConfig/sssdoptions.py:378 msgid "Kerberos service keytab" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:378 +#: src/config/SSSDConfig/sssdoptions.py:379 msgid "Use Kerberos auth for LDAP connection" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:379 +#: src/config/SSSDConfig/sssdoptions.py:380 msgid "Follow LDAP referrals" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:380 +#: src/config/SSSDConfig/sssdoptions.py:381 msgid "Lifetime of TGT for LDAP connection" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:381 +#: src/config/SSSDConfig/sssdoptions.py:382 msgid "How to dereference aliases" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:382 +#: src/config/SSSDConfig/sssdoptions.py:383 msgid "Service name for DNS service lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:383 +#: src/config/SSSDConfig/sssdoptions.py:384 msgid "The number of records to retrieve in a single LDAP query" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:384 +#: src/config/SSSDConfig/sssdoptions.py:385 msgid "The number of members that must be missing to trigger a full deref" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:385 +#: src/config/SSSDConfig/sssdoptions.py:386 msgid "Ignore unreadable LDAP references" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:386 +#: src/config/SSSDConfig/sssdoptions.py:387 msgid "" "Whether the LDAP library should perform a reverse lookup to canonicalize the " "host name during a SASL bind" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:388 +#: src/config/SSSDConfig/sssdoptions.py:389 msgid "" "Allows to retain local users as members of an LDAP group for servers that " "use the RFC2307 schema." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:391 +#: src/config/SSSDConfig/sssdoptions.py:392 msgid "entryUSN attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:392 +#: src/config/SSSDConfig/sssdoptions.py:393 msgid "lastUSN attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:394 +#: src/config/SSSDConfig/sssdoptions.py:395 msgid "How long to retain a connection to the LDAP server before disconnecting" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:397 +#: src/config/SSSDConfig/sssdoptions.py:398 msgid "Disable the LDAP paging control" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:398 +#: src/config/SSSDConfig/sssdoptions.py:399 msgid "Disable Active Directory range retrieval" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:401 +#: src/config/SSSDConfig/sssdoptions.py:402 msgid "Length of time to wait for a search request" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:402 +#: src/config/SSSDConfig/sssdoptions.py:403 msgid "Length of time to wait for a enumeration request" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:403 +#: src/config/SSSDConfig/sssdoptions.py:404 msgid "Length of time between enumeration updates" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:404 +#: src/config/SSSDConfig/sssdoptions.py:405 msgid "Maximum period deviation between enumeration updates" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:405 +#: src/config/SSSDConfig/sssdoptions.py:406 msgid "Length of time between cache cleanups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:406 +#: src/config/SSSDConfig/sssdoptions.py:407 msgid "Maximum time deviation between cache cleanups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:407 +#: src/config/SSSDConfig/sssdoptions.py:408 msgid "Require TLS for ID lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:408 +#: src/config/SSSDConfig/sssdoptions.py:409 msgid "Use ID-mapping of objectSID instead of pre-set IDs" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:409 +#: src/config/SSSDConfig/sssdoptions.py:410 msgid "Base DN for user lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:410 +#: src/config/SSSDConfig/sssdoptions.py:411 msgid "Scope of user lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:411 +#: src/config/SSSDConfig/sssdoptions.py:412 msgid "Filter for user lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:412 +#: src/config/SSSDConfig/sssdoptions.py:413 msgid "Objectclass for users" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:413 +#: src/config/SSSDConfig/sssdoptions.py:414 msgid "Username attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:414 +#: src/config/SSSDConfig/sssdoptions.py:415 msgid "UID attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:415 +#: src/config/SSSDConfig/sssdoptions.py:416 msgid "Primary GID attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:416 +#: src/config/SSSDConfig/sssdoptions.py:417 msgid "GECOS attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:417 +#: src/config/SSSDConfig/sssdoptions.py:418 msgid "Home directory attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:418 +#: src/config/SSSDConfig/sssdoptions.py:419 msgid "Shell attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:419 +#: src/config/SSSDConfig/sssdoptions.py:420 msgid "UUID attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:420 -#: src/config/SSSDConfig/sssdoptions.py:459 +#: src/config/SSSDConfig/sssdoptions.py:421 +#: src/config/SSSDConfig/sssdoptions.py:460 msgid "objectSID attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:421 +#: src/config/SSSDConfig/sssdoptions.py:422 msgid "Active Directory primary group attribute for ID-mapping" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:422 +#: src/config/SSSDConfig/sssdoptions.py:423 msgid "User principal attribute (for Kerberos)" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:423 +#: src/config/SSSDConfig/sssdoptions.py:424 msgid "Full Name" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:424 +#: src/config/SSSDConfig/sssdoptions.py:425 msgid "memberOf attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:425 +#: src/config/SSSDConfig/sssdoptions.py:426 msgid "Modification time attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:426 +#: src/config/SSSDConfig/sssdoptions.py:427 msgid "shadowLastChange attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:427 +#: src/config/SSSDConfig/sssdoptions.py:428 msgid "shadowMin attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:428 +#: src/config/SSSDConfig/sssdoptions.py:429 msgid "shadowMax attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:429 +#: src/config/SSSDConfig/sssdoptions.py:430 msgid "shadowWarning attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:430 +#: src/config/SSSDConfig/sssdoptions.py:431 msgid "shadowInactive attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:431 +#: src/config/SSSDConfig/sssdoptions.py:432 msgid "shadowExpire attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:432 +#: src/config/SSSDConfig/sssdoptions.py:433 msgid "shadowFlag attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:433 +#: src/config/SSSDConfig/sssdoptions.py:434 msgid "Attribute listing authorized PAM services" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:434 +#: src/config/SSSDConfig/sssdoptions.py:435 msgid "Attribute listing authorized server hosts" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:435 +#: src/config/SSSDConfig/sssdoptions.py:436 msgid "Attribute listing authorized server rhosts" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:436 +#: src/config/SSSDConfig/sssdoptions.py:437 msgid "krbLastPwdChange attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:437 +#: src/config/SSSDConfig/sssdoptions.py:438 msgid "krbPasswordExpiration attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:438 +#: src/config/SSSDConfig/sssdoptions.py:439 msgid "Attribute indicating that server side password policies are active" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:439 +#: src/config/SSSDConfig/sssdoptions.py:440 msgid "accountExpires attribute of AD" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:440 +#: src/config/SSSDConfig/sssdoptions.py:441 msgid "userAccountControl attribute of AD" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:441 +#: src/config/SSSDConfig/sssdoptions.py:442 msgid "nsAccountLock attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:442 +#: src/config/SSSDConfig/sssdoptions.py:443 msgid "loginDisabled attribute of NDS" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:443 +#: src/config/SSSDConfig/sssdoptions.py:444 msgid "loginExpirationTime attribute of NDS" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:444 +#: src/config/SSSDConfig/sssdoptions.py:445 msgid "loginAllowedTimeMap attribute of NDS" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:445 +#: src/config/SSSDConfig/sssdoptions.py:446 msgid "SSH public key attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:446 +#: src/config/SSSDConfig/sssdoptions.py:447 msgid "attribute listing allowed authentication types for a user" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:447 +#: src/config/SSSDConfig/sssdoptions.py:448 msgid "attribute containing the X509 certificate of the user" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:448 +#: src/config/SSSDConfig/sssdoptions.py:449 msgid "attribute containing the email address of the user" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:449 +#: src/config/SSSDConfig/sssdoptions.py:450 msgid "attribute containing the passkey mapping data of the user" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:450 +#: src/config/SSSDConfig/sssdoptions.py:451 msgid "A list of extra attributes to download along with the user entry" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:452 +#: src/config/SSSDConfig/sssdoptions.py:453 msgid "Base DN for group lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:453 +#: src/config/SSSDConfig/sssdoptions.py:454 msgid "Objectclass for groups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:454 +#: src/config/SSSDConfig/sssdoptions.py:455 msgid "Group name" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:455 +#: src/config/SSSDConfig/sssdoptions.py:456 msgid "Group password" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:456 +#: src/config/SSSDConfig/sssdoptions.py:457 msgid "GID attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:457 +#: src/config/SSSDConfig/sssdoptions.py:458 msgid "Group member attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:458 +#: src/config/SSSDConfig/sssdoptions.py:459 msgid "Group UUID attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:460 +#: src/config/SSSDConfig/sssdoptions.py:461 msgid "Modification time attribute for groups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:461 +#: src/config/SSSDConfig/sssdoptions.py:462 msgid "Type of the group and other flags" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:462 +#: src/config/SSSDConfig/sssdoptions.py:463 msgid "The LDAP group external member attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:463 +#: src/config/SSSDConfig/sssdoptions.py:464 msgid "Maximum nesting level SSSD will follow" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:464 +#: src/config/SSSDConfig/sssdoptions.py:465 msgid "Filter for group lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:465 +#: src/config/SSSDConfig/sssdoptions.py:466 msgid "Scope of group lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:467 +#: src/config/SSSDConfig/sssdoptions.py:468 msgid "Base DN for netgroup lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:468 +#: src/config/SSSDConfig/sssdoptions.py:469 msgid "Objectclass for netgroups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:469 +#: src/config/SSSDConfig/sssdoptions.py:470 msgid "Netgroup name" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:470 +#: src/config/SSSDConfig/sssdoptions.py:471 msgid "Netgroups members attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:471 +#: src/config/SSSDConfig/sssdoptions.py:472 msgid "Netgroup triple attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:472 +#: src/config/SSSDConfig/sssdoptions.py:473 msgid "Modification time attribute for netgroups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:474 +#: src/config/SSSDConfig/sssdoptions.py:475 msgid "Base DN for service lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:475 +#: src/config/SSSDConfig/sssdoptions.py:476 msgid "Objectclass for services" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:476 +#: src/config/SSSDConfig/sssdoptions.py:477 msgid "Service name attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:477 +#: src/config/SSSDConfig/sssdoptions.py:478 msgid "Service port attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:478 +#: src/config/SSSDConfig/sssdoptions.py:479 msgid "Service protocol attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:480 +#: src/config/SSSDConfig/sssdoptions.py:481 msgid "Lower bound for ID-mapping" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:481 +#: src/config/SSSDConfig/sssdoptions.py:482 msgid "Upper bound for ID-mapping" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:482 +#: src/config/SSSDConfig/sssdoptions.py:483 msgid "Number of IDs for each slice when ID-mapping" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:483 +#: src/config/SSSDConfig/sssdoptions.py:484 msgid "Use autorid-compatible algorithm for ID-mapping" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:484 +#: src/config/SSSDConfig/sssdoptions.py:485 msgid "Name of the default domain for ID-mapping" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:485 +#: src/config/SSSDConfig/sssdoptions.py:486 msgid "SID of the default domain for ID-mapping" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:486 +#: src/config/SSSDConfig/sssdoptions.py:487 msgid "Number of secondary slices" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:488 +#: src/config/SSSDConfig/sssdoptions.py:489 msgid "Whether to use Token-Groups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:489 +#: src/config/SSSDConfig/sssdoptions.py:490 msgid "Set lower boundary for allowed IDs from the LDAP server" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:490 +#: src/config/SSSDConfig/sssdoptions.py:491 msgid "Set upper boundary for allowed IDs from the LDAP server" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:491 +#: src/config/SSSDConfig/sssdoptions.py:492 msgid "DN for ppolicy queries" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:492 +#: src/config/SSSDConfig/sssdoptions.py:493 msgid "How many maximum entries to fetch during a wildcard request" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:493 +#: src/config/SSSDConfig/sssdoptions.py:494 msgid "Set libldap debug level" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:496 +#: src/config/SSSDConfig/sssdoptions.py:497 msgid "Policy to evaluate the password expiration" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:500 +#: src/config/SSSDConfig/sssdoptions.py:501 msgid "Which attributes shall be used to evaluate if an account is expired" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:504 +#: src/config/SSSDConfig/sssdoptions.py:505 msgid "URI of an LDAP server where password changes are allowed" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:505 +#: src/config/SSSDConfig/sssdoptions.py:506 msgid "URI of a backup LDAP server where password changes are allowed" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:506 +#: src/config/SSSDConfig/sssdoptions.py:507 msgid "DNS service name for LDAP password change server" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:507 +#: src/config/SSSDConfig/sssdoptions.py:508 msgid "" "Whether to update the ldap_user_shadow_last_change attribute after a " "password change" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:511 +#: src/config/SSSDConfig/sssdoptions.py:512 msgid "Base DN for sudo rules lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:512 +#: src/config/SSSDConfig/sssdoptions.py:513 msgid "Automatic full refresh period" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:513 +#: src/config/SSSDConfig/sssdoptions.py:514 msgid "Automatic smart refresh period" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:514 +#: src/config/SSSDConfig/sssdoptions.py:515 msgid "Smart and full refresh random offset" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:515 +#: src/config/SSSDConfig/sssdoptions.py:516 msgid "Whether to filter rules by hostname, IP addresses and network" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:516 +#: src/config/SSSDConfig/sssdoptions.py:517 msgid "" "Hostnames and/or fully qualified domain names of this machine to filter sudo " "rules" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:517 +#: src/config/SSSDConfig/sssdoptions.py:518 msgid "IPv4 or IPv6 addresses or network of this machine to filter sudo rules" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:518 +#: src/config/SSSDConfig/sssdoptions.py:519 msgid "Whether to include rules that contains netgroup in host attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:519 +#: src/config/SSSDConfig/sssdoptions.py:520 msgid "" "Whether to include rules that contains regular expression in host attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:520 +#: src/config/SSSDConfig/sssdoptions.py:521 msgid "Object class for sudo rules" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:521 +#: src/config/SSSDConfig/sssdoptions.py:522 msgid "Name of attribute that is used as object class for sudo rules" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:522 +#: src/config/SSSDConfig/sssdoptions.py:523 msgid "Sudo rule name" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:523 +#: src/config/SSSDConfig/sssdoptions.py:524 msgid "Sudo rule command attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:524 +#: src/config/SSSDConfig/sssdoptions.py:525 msgid "Sudo rule host attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:525 +#: src/config/SSSDConfig/sssdoptions.py:526 msgid "Sudo rule user attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:526 +#: src/config/SSSDConfig/sssdoptions.py:527 msgid "Sudo rule option attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:527 +#: src/config/SSSDConfig/sssdoptions.py:528 msgid "Sudo rule runas attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:528 +#: src/config/SSSDConfig/sssdoptions.py:529 msgid "Sudo rule runasuser attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:529 +#: src/config/SSSDConfig/sssdoptions.py:530 msgid "Sudo rule runasgroup attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:530 +#: src/config/SSSDConfig/sssdoptions.py:531 msgid "Sudo rule notbefore attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:531 +#: src/config/SSSDConfig/sssdoptions.py:532 msgid "Sudo rule notafter attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:532 +#: src/config/SSSDConfig/sssdoptions.py:533 msgid "Sudo rule order attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:535 +#: src/config/SSSDConfig/sssdoptions.py:536 msgid "Object class for automounter maps" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:536 +#: src/config/SSSDConfig/sssdoptions.py:537 msgid "Automounter map name attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:537 +#: src/config/SSSDConfig/sssdoptions.py:538 msgid "Object class for automounter map entries" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:538 +#: src/config/SSSDConfig/sssdoptions.py:539 msgid "Automounter map entry key attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:539 +#: src/config/SSSDConfig/sssdoptions.py:540 msgid "Automounter map entry value attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:540 +#: src/config/SSSDConfig/sssdoptions.py:541 msgid "Base DN for automounter map lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:541 +#: src/config/SSSDConfig/sssdoptions.py:542 msgid "The name of the automount master map in LDAP." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:544 +#: src/config/SSSDConfig/sssdoptions.py:545 msgid "Base DN for IP hosts lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:545 +#: src/config/SSSDConfig/sssdoptions.py:546 msgid "Object class for IP hosts" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:546 +#: src/config/SSSDConfig/sssdoptions.py:547 msgid "IP host name attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:547 +#: src/config/SSSDConfig/sssdoptions.py:548 msgid "IP host number (address) attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:548 +#: src/config/SSSDConfig/sssdoptions.py:549 msgid "IP host entryUSN attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:549 +#: src/config/SSSDConfig/sssdoptions.py:550 msgid "Base DN for IP networks lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:550 +#: src/config/SSSDConfig/sssdoptions.py:551 msgid "Object class for IP networks" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:551 +#: src/config/SSSDConfig/sssdoptions.py:552 msgid "IP network name attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:552 +#: src/config/SSSDConfig/sssdoptions.py:553 msgid "IP network number (address) attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:553 +#: src/config/SSSDConfig/sssdoptions.py:554 msgid "IP network entryUSN attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:556 +#: src/config/SSSDConfig/sssdoptions.py:557 msgid "Comma separated list of allowed users" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:557 +#: src/config/SSSDConfig/sssdoptions.py:558 msgid "Comma separated list of prohibited users" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:558 +#: src/config/SSSDConfig/sssdoptions.py:559 msgid "" "Comma separated list of groups that are allowed to log in. This applies only " "to groups within this SSSD domain. Local groups are not evaluated." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:560 +#: src/config/SSSDConfig/sssdoptions.py:561 msgid "" "Comma separated list of groups that are explicitly denied access. This " "applies only to groups within this SSSD domain. Local groups are not " "evaluated." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:564 +#: src/config/SSSDConfig/sssdoptions.py:565 msgid "The number of preforked proxy children." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:567 +#: src/config/SSSDConfig/sssdoptions.py:568 msgid "The name of the NSS library to use" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:568 +#: src/config/SSSDConfig/sssdoptions.py:569 msgid "The name of the NSS library to use for hosts and networks lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:569 +#: src/config/SSSDConfig/sssdoptions.py:570 msgid "Whether to look up canonical group name from cache if possible" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:572 +#: src/config/SSSDConfig/sssdoptions.py:573 msgid "PAM stack to use" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:575 +#: src/config/SSSDConfig/sssdoptions.py:576 msgid "Path of passwd file sources." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:576 +#: src/config/SSSDConfig/sssdoptions.py:577 msgid "Path of group file sources." msgstr "" @@ -1875,67 +1879,67 @@ msgstr "" msgid "SSSD is already running\n" msgstr "" -#: src/providers/krb5/krb5_child.c:4007 src/providers/ldap/ldap_child.c:641 +#: src/providers/krb5/krb5_child.c:4027 src/providers/ldap/ldap_child.c:642 msgid "Allow core dumps" msgstr "" -#: src/providers/krb5/krb5_child.c:4009 src/providers/ldap/ldap_child.c:643 +#: src/providers/krb5/krb5_child.c:4029 src/providers/ldap/ldap_child.c:644 msgid "An open file descriptor for the debug logs" msgstr "" -#: src/providers/krb5/krb5_child.c:4012 +#: src/providers/krb5/krb5_child.c:4032 msgid "The user to create FAST ccache as" msgstr "" -#: src/providers/krb5/krb5_child.c:4014 +#: src/providers/krb5/krb5_child.c:4034 msgid "The group to create FAST ccache as" msgstr "" -#: src/providers/krb5/krb5_child.c:4016 +#: src/providers/krb5/krb5_child.c:4036 msgid "Use anonymous PKINIT to request FAST armor ticket" msgstr "" -#: src/providers/krb5/krb5_child.c:4018 +#: src/providers/krb5/krb5_child.c:4038 msgid "Kerberos realm to use" msgstr "" -#: src/providers/krb5/krb5_child.c:4020 +#: src/providers/krb5/krb5_child.c:4040 msgid "Requested lifetime of the ticket" msgstr "" -#: src/providers/krb5/krb5_child.c:4022 +#: src/providers/krb5/krb5_child.c:4042 msgid "Requested renewable lifetime of the ticket" msgstr "" -#: src/providers/krb5/krb5_child.c:4024 +#: src/providers/krb5/krb5_child.c:4044 msgid "FAST options ('never', 'try', 'demand')" msgstr "" -#: src/providers/krb5/krb5_child.c:4027 +#: src/providers/krb5/krb5_child.c:4047 msgid "Specifies the server principal to use for FAST" msgstr "" -#: src/providers/krb5/krb5_child.c:4029 +#: src/providers/krb5/krb5_child.c:4049 msgid "Requests canonicalization of the principal name" msgstr "" -#: src/providers/krb5/krb5_child.c:4031 +#: src/providers/krb5/krb5_child.c:4051 msgid "Use custom version of krb5_get_init_creds_password" msgstr "" -#: src/providers/krb5/krb5_child.c:4033 +#: src/providers/krb5/krb5_child.c:4053 msgid "Tevent chain ID used for logging purposes" msgstr "" -#: src/providers/krb5/krb5_child.c:4035 +#: src/providers/krb5/krb5_child.c:4055 msgid "Check PAC flags" msgstr "" -#: src/providers/krb5/krb5_child.c:4079 src/providers/ldap/ldap_child.c:669 +#: src/providers/krb5/krb5_child.c:4099 src/providers/ldap/ldap_child.c:670 msgid "talloc_asprintf failed.\n" msgstr "" -#: src/providers/krb5/krb5_child.c:4089 src/providers/ldap/ldap_child.c:678 +#: src/providers/krb5/krb5_child.c:4109 src/providers/ldap/ldap_child.c:679 msgid "set_debug_file_from_fd failed.\n" msgstr "" @@ -1979,119 +1983,131 @@ msgstr "" msgid "Permission denied. " msgstr "" -#: src/sss_client/pam_sss.c:70 src/sss_client/pam_sss.c:819 -#: src/sss_client/pam_sss.c:830 +#: src/sss_client/pam_sss.c:70 src/sss_client/pam_sss.c:838 +#: src/sss_client/pam_sss.c:849 msgid "Server message: " msgstr "" #: src/sss_client/pam_sss.c:71 +msgid "" +"Kerberos TGT will not be granted upon login, user experience will be " +"affected." +msgstr "" + +#: src/sss_client/pam_sss.c:72 msgid "Enter PIN:" msgstr "" -#: src/sss_client/pam_sss.c:314 +#: src/sss_client/pam_sss.c:315 msgid "Passwords do not match" msgstr "" -#: src/sss_client/pam_sss.c:502 +#: src/sss_client/pam_sss.c:503 msgid "Password reset by root is not supported." msgstr "" -#: src/sss_client/pam_sss.c:543 +#: src/sss_client/pam_sss.c:544 msgid "Authenticated with cached credentials" msgstr "" -#: src/sss_client/pam_sss.c:544 +#: src/sss_client/pam_sss.c:545 msgid ", your cached password will expire at: " msgstr "" -#: src/sss_client/pam_sss.c:574 +#: src/sss_client/pam_sss.c:575 #, c-format msgid "Your password has expired. You have %1$d grace login(s) remaining." msgstr "" -#: src/sss_client/pam_sss.c:624 +#: src/sss_client/pam_sss.c:625 #, c-format msgid "Your password will expire in %1$d %2$s." msgstr "" -#: src/sss_client/pam_sss.c:627 +#: src/sss_client/pam_sss.c:628 #, c-format msgid "Your password has expired." msgstr "" -#: src/sss_client/pam_sss.c:678 +#: src/sss_client/pam_sss.c:679 msgid "Authentication is denied until: " msgstr "" -#: src/sss_client/pam_sss.c:699 +#: src/sss_client/pam_sss.c:700 msgid "System is offline, password change not possible" msgstr "" -#: src/sss_client/pam_sss.c:714 +#: src/sss_client/pam_sss.c:715 msgid "" "After changing the OTP password, you need to log out and back in order to " "acquire a ticket" msgstr "" -#: src/sss_client/pam_sss.c:729 +#: src/sss_client/pam_sss.c:730 msgid "PIN locked" msgstr "" -#: src/sss_client/pam_sss.c:816 src/sss_client/pam_sss.c:829 +#: src/sss_client/pam_sss.c:745 +msgid "" +"No Kerberos TGT granted as the server does not support this method. Your " +"single-sign on(SSO) experience will be affected." +msgstr "" + +#: src/sss_client/pam_sss.c:835 src/sss_client/pam_sss.c:848 msgid "Password change failed. " msgstr "" -#: src/sss_client/pam_sss.c:1797 +#: src/sss_client/pam_sss.c:1819 #, c-format msgid "Authenticate at %1$s and press ENTER." msgstr "" -#: src/sss_client/pam_sss.c:1800 +#: src/sss_client/pam_sss.c:1822 #, c-format msgid "Authenticate with PIN %1$s at %2$s and press ENTER." msgstr "" -#: src/sss_client/pam_sss.c:2153 +#: src/sss_client/pam_sss.c:2181 msgid "Please (re)insert (different) Smartcard" msgstr "" -#: src/sss_client/pam_sss.c:2352 +#: src/sss_client/pam_sss.c:2380 msgid "New Password: " msgstr "" -#: src/sss_client/pam_sss.c:2353 +#: src/sss_client/pam_sss.c:2381 msgid "Reenter new Password: " msgstr "" -#: src/sss_client/pam_sss.c:2523 src/sss_client/pam_sss.c:2526 +#: src/sss_client/pam_sss.c:2551 src/sss_client/pam_sss.c:2554 msgid "First Factor: " msgstr "" -#: src/sss_client/pam_sss.c:2524 src/sss_client/pam_sss.c:2707 +#: src/sss_client/pam_sss.c:2552 src/sss_client/pam_sss.c:2740 msgid "Second Factor (optional): " msgstr "" -#: src/sss_client/pam_sss.c:2527 src/sss_client/pam_sss.c:2710 +#: src/sss_client/pam_sss.c:2555 src/sss_client/pam_sss.c:2743 msgid "Second Factor: " msgstr "" -#: src/sss_client/pam_sss.c:2547 +#: src/sss_client/pam_sss.c:2575 msgid "Insert your passkey device, then press ENTER." msgstr "" -#: src/sss_client/pam_sss.c:2551 src/sss_client/pam_sss.c:2554 +#: src/sss_client/pam_sss.c:2579 src/sss_client/pam_sss.c:2587 msgid "Password: " msgstr "" -#: src/sss_client/pam_sss.c:2706 src/sss_client/pam_sss.c:2709 +#: src/sss_client/pam_sss.c:2739 src/sss_client/pam_sss.c:2742 msgid "First Factor (Current Password): " msgstr "" -#: src/sss_client/pam_sss.c:2713 +#: src/sss_client/pam_sss.c:2746 msgid "Current Password: " msgstr "" -#: src/sss_client/pam_sss.c:3070 +#: src/sss_client/pam_sss.c:3103 msgid "Password expired. Change your password now." msgstr "" diff --git a/po/ru.po b/po/ru.po index 9eac9e828c6..74722790feb 100644 --- a/po/ru.po +++ b/po/ru.po @@ -12,7 +12,7 @@ msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" -"POT-Creation-Date: 2023-05-05 10:11+0200\n" +"POT-Creation-Date: 2023-09-07 11:48+0200\n" "PO-Revision-Date: 2023-06-06 20:20+0000\n" "Last-Translator: Elena Mishina \n" "Language-Team: Russian , а должно быть от имен msgid "SSSD is already running\n" msgstr "SSSD уже выполняется\n" -#: src/providers/krb5/krb5_child.c:4007 src/providers/ldap/ldap_child.c:641 +#: src/providers/krb5/krb5_child.c:4027 src/providers/ldap/ldap_child.c:642 msgid "Allow core dumps" msgstr "Разрешить дампы памяти" -#: src/providers/krb5/krb5_child.c:4009 src/providers/ldap/ldap_child.c:643 +#: src/providers/krb5/krb5_child.c:4029 src/providers/ldap/ldap_child.c:644 msgid "An open file descriptor for the debug logs" msgstr "Дескриптор открытых файлов для журнала отладки" -#: src/providers/krb5/krb5_child.c:4012 +#: src/providers/krb5/krb5_child.c:4032 msgid "The user to create FAST ccache as" msgstr "Пользователь, от имени которого следует создать ccache FAST" -#: src/providers/krb5/krb5_child.c:4014 +#: src/providers/krb5/krb5_child.c:4034 msgid "The group to create FAST ccache as" msgstr "Группа, от имени которой следует создать ccache FAST" -#: src/providers/krb5/krb5_child.c:4016 +#: src/providers/krb5/krb5_child.c:4036 msgid "Use anonymous PKINIT to request FAST armor ticket" msgstr "Использовать анонимный PKINIT для запроса билета защиты FAST" -#: src/providers/krb5/krb5_child.c:4018 +#: src/providers/krb5/krb5_child.c:4038 msgid "Kerberos realm to use" msgstr "Область действия Kerberos" -#: src/providers/krb5/krb5_child.c:4020 +#: src/providers/krb5/krb5_child.c:4040 msgid "Requested lifetime of the ticket" msgstr "Запрашиваемое время жизни билета" -#: src/providers/krb5/krb5_child.c:4022 +#: src/providers/krb5/krb5_child.c:4042 msgid "Requested renewable lifetime of the ticket" msgstr "Запрашиваемое возобновляемое время жизни билета" -#: src/providers/krb5/krb5_child.c:4024 +#: src/providers/krb5/krb5_child.c:4044 msgid "FAST options ('never', 'try', 'demand')" msgstr "Параметры FAST («never», «try», «demand»)" -#: src/providers/krb5/krb5_child.c:4027 +#: src/providers/krb5/krb5_child.c:4047 msgid "Specifies the server principal to use for FAST" msgstr "Указывает участник-сервер, который следует использовать для FAST" -#: src/providers/krb5/krb5_child.c:4029 +#: src/providers/krb5/krb5_child.c:4049 msgid "Requests canonicalization of the principal name" msgstr "Запрашивает преобразование имени участника в каноническую форму" -#: src/providers/krb5/krb5_child.c:4031 +#: src/providers/krb5/krb5_child.c:4051 msgid "Use custom version of krb5_get_init_creds_password" msgstr "Использовать нестандартную версию krb5_get_init_creds_password" -#: src/providers/krb5/krb5_child.c:4033 +#: src/providers/krb5/krb5_child.c:4053 msgid "Tevent chain ID used for logging purposes" msgstr "Идентификатор цепочки Tevent, используемый для ведения журнала" -#: src/providers/krb5/krb5_child.c:4035 +#: src/providers/krb5/krb5_child.c:4055 msgid "Check PAC flags" msgstr "Проверить PAC флаги" -#: src/providers/krb5/krb5_child.c:4079 src/providers/ldap/ldap_child.c:669 +#: src/providers/krb5/krb5_child.c:4099 src/providers/ldap/ldap_child.c:670 msgid "talloc_asprintf failed.\n" msgstr "Ошибка talloc_asprintf.\n" -#: src/providers/krb5/krb5_child.c:4089 src/providers/ldap/ldap_child.c:678 +#: src/providers/krb5/krb5_child.c:4109 src/providers/ldap/ldap_child.c:679 msgid "set_debug_file_from_fd failed.\n" msgstr "Ошибка set_debug_file_from_fd.\n" @@ -2195,55 +2199,61 @@ msgstr "Непредвиденная ошибка при поиске описа msgid "Permission denied. " msgstr "Доступ запрещён. " -#: src/sss_client/pam_sss.c:70 src/sss_client/pam_sss.c:819 -#: src/sss_client/pam_sss.c:830 +#: src/sss_client/pam_sss.c:70 src/sss_client/pam_sss.c:838 +#: src/sss_client/pam_sss.c:849 msgid "Server message: " msgstr "Сообщение сервера: " #: src/sss_client/pam_sss.c:71 +msgid "" +"Kerberos TGT will not be granted upon login, user experience will be " +"affected." +msgstr "" + +#: src/sss_client/pam_sss.c:72 msgid "Enter PIN:" msgstr "Введите PIN:" -#: src/sss_client/pam_sss.c:314 +#: src/sss_client/pam_sss.c:315 msgid "Passwords do not match" msgstr "Пароли не совпадают" -#: src/sss_client/pam_sss.c:502 +#: src/sss_client/pam_sss.c:503 msgid "Password reset by root is not supported." msgstr "Поддержка сброса пароля пользователем root не предусмотрена." -#: src/sss_client/pam_sss.c:543 +#: src/sss_client/pam_sss.c:544 msgid "Authenticated with cached credentials" msgstr "Проверка подлинности с учётными данными из кэша" -#: src/sss_client/pam_sss.c:544 +#: src/sss_client/pam_sss.c:545 msgid ", your cached password will expire at: " msgstr ", срок действия вашего кэшированного пароля истечёт: " -#: src/sss_client/pam_sss.c:574 +#: src/sss_client/pam_sss.c:575 #, c-format msgid "Your password has expired. You have %1$d grace login(s) remaining." msgstr "Срок действия пароля истёк. Осталось попыток входа в систему: %1$d." -#: src/sss_client/pam_sss.c:624 +#: src/sss_client/pam_sss.c:625 #, c-format msgid "Your password will expire in %1$d %2$s." msgstr "Срок действия пароля истекает через %1$d %2$s." -#: src/sss_client/pam_sss.c:627 +#: src/sss_client/pam_sss.c:628 #, c-format msgid "Your password has expired." msgstr "Срок действия пароля истёк." -#: src/sss_client/pam_sss.c:678 +#: src/sss_client/pam_sss.c:679 msgid "Authentication is denied until: " msgstr "Проверка подлинности запрещена до: " -#: src/sss_client/pam_sss.c:699 +#: src/sss_client/pam_sss.c:700 msgid "System is offline, password change not possible" msgstr "Система находится в автономном режиме, невозможно сменить пароль" -#: src/sss_client/pam_sss.c:714 +#: src/sss_client/pam_sss.c:715 msgid "" "After changing the OTP password, you need to log out and back in order to " "acquire a ticket" @@ -2251,66 +2261,72 @@ msgstr "" "После смены одноразового пароля необходимо выйти из системы и снова войти в " "неё, чтобы получить билет" -#: src/sss_client/pam_sss.c:729 +#: src/sss_client/pam_sss.c:730 msgid "PIN locked" msgstr "PIN заблокирован" -#: src/sss_client/pam_sss.c:816 src/sss_client/pam_sss.c:829 +#: src/sss_client/pam_sss.c:745 +msgid "" +"No Kerberos TGT granted as the server does not support this method. Your " +"single-sign on(SSO) experience will be affected." +msgstr "" + +#: src/sss_client/pam_sss.c:835 src/sss_client/pam_sss.c:848 msgid "Password change failed. " msgstr "Не удалось сменить пароль. " -#: src/sss_client/pam_sss.c:1797 +#: src/sss_client/pam_sss.c:1819 #, c-format msgid "Authenticate at %1$s and press ENTER." msgstr "Пожалуйста, авторизуйтесь на %1$s и нажмите ENTER." -#: src/sss_client/pam_sss.c:1800 +#: src/sss_client/pam_sss.c:1822 #, c-format msgid "Authenticate with PIN %1$s at %2$s and press ENTER." msgstr "" "Пожалуйста, авторизуйтесь с помощью PIN-кода %1$s на %2$s и нажмите ENTER." -#: src/sss_client/pam_sss.c:2153 +#: src/sss_client/pam_sss.c:2181 msgid "Please (re)insert (different) Smartcard" msgstr "Пожалуйста, вставьте (повторно/другую) смарт-карту" -#: src/sss_client/pam_sss.c:2352 +#: src/sss_client/pam_sss.c:2380 msgid "New Password: " msgstr "Новый пароль: " -#: src/sss_client/pam_sss.c:2353 +#: src/sss_client/pam_sss.c:2381 msgid "Reenter new Password: " msgstr "Введите новый пароль ещё раз: " -#: src/sss_client/pam_sss.c:2523 src/sss_client/pam_sss.c:2526 +#: src/sss_client/pam_sss.c:2551 src/sss_client/pam_sss.c:2554 msgid "First Factor: " msgstr "Первый фактор: " -#: src/sss_client/pam_sss.c:2524 src/sss_client/pam_sss.c:2707 +#: src/sss_client/pam_sss.c:2552 src/sss_client/pam_sss.c:2740 msgid "Second Factor (optional): " msgstr "Второй фактор (необязательно): " -#: src/sss_client/pam_sss.c:2527 src/sss_client/pam_sss.c:2710 +#: src/sss_client/pam_sss.c:2555 src/sss_client/pam_sss.c:2743 msgid "Second Factor: " msgstr "Второй фактор: " -#: src/sss_client/pam_sss.c:2547 +#: src/sss_client/pam_sss.c:2575 msgid "Insert your passkey device, then press ENTER." msgstr "Вставьте устройство с ключом доступа и нажмите ENTER." -#: src/sss_client/pam_sss.c:2551 src/sss_client/pam_sss.c:2554 +#: src/sss_client/pam_sss.c:2579 src/sss_client/pam_sss.c:2587 msgid "Password: " msgstr "Пароль: " -#: src/sss_client/pam_sss.c:2706 src/sss_client/pam_sss.c:2709 +#: src/sss_client/pam_sss.c:2739 src/sss_client/pam_sss.c:2742 msgid "First Factor (Current Password): " msgstr "Первый фактор (текущий пароль): " -#: src/sss_client/pam_sss.c:2713 +#: src/sss_client/pam_sss.c:2746 msgid "Current Password: " msgstr "Текущий пароль: " -#: src/sss_client/pam_sss.c:3070 +#: src/sss_client/pam_sss.c:3103 msgid "Password expired. Change your password now." msgstr "Срок действия пароля истёк. Необходимо сейчас изменить ваш пароль." diff --git a/po/sssd.pot b/po/sssd.pot index 3cc99837a5e..ad02cbf8319 100644 --- a/po/sssd.pot +++ b/po/sssd.pot @@ -8,7 +8,7 @@ msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" -"POT-Creation-Date: 2023-05-05 10:11+0200\n" +"POT-Creation-Date: 2023-09-07 11:48+0200\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME \n" "Language-Team: LANGUAGE \n" @@ -585,12 +585,12 @@ msgid "Whether to automatically update the client's DNS entry" msgstr "" #: src/config/SSSDConfig/sssdoptions.py:201 -#: src/config/SSSDConfig/sssdoptions.py:233 +#: src/config/SSSDConfig/sssdoptions.py:234 msgid "The TTL to apply to the client's DNS entry after updating it" msgstr "" #: src/config/SSSDConfig/sssdoptions.py:202 -#: src/config/SSSDConfig/sssdoptions.py:234 +#: src/config/SSSDConfig/sssdoptions.py:235 msgid "The interface whose IP should be used for dynamic DNS updates" msgstr "" @@ -674,1162 +674,1166 @@ msgid "" "(long term password) must have to be saved as SHA512 hash into the cache." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:228 -msgid "IPA domain" +#: src/config/SSSDConfig/sssdoptions.py:226 +msgid "Local authentication methods policy " msgstr "" #: src/config/SSSDConfig/sssdoptions.py:229 -msgid "IPA server address" +msgid "IPA domain" msgstr "" #: src/config/SSSDConfig/sssdoptions.py:230 -msgid "Address of backup IPA server" +msgid "IPA server address" msgstr "" #: src/config/SSSDConfig/sssdoptions.py:231 -msgid "IPA client hostname" +msgid "Address of backup IPA server" msgstr "" #: src/config/SSSDConfig/sssdoptions.py:232 +msgid "IPA client hostname" +msgstr "" + +#: src/config/SSSDConfig/sssdoptions.py:233 msgid "Whether to automatically update the client's DNS entry in FreeIPA" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:235 +#: src/config/SSSDConfig/sssdoptions.py:236 msgid "Search base for HBAC related objects" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:236 +#: src/config/SSSDConfig/sssdoptions.py:237 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:237 +#: src/config/SSSDConfig/sssdoptions.py:238 msgid "" "The amount of time in seconds between lookups of the SELinux maps against " "the IPA server" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:239 +#: src/config/SSSDConfig/sssdoptions.py:240 msgid "If set to false, host argument given by PAM will be ignored" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:240 +#: src/config/SSSDConfig/sssdoptions.py:241 msgid "The automounter location this IPA client is using" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:241 +#: src/config/SSSDConfig/sssdoptions.py:242 msgid "Search base for object containing info about IPA domain" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:242 +#: src/config/SSSDConfig/sssdoptions.py:243 msgid "Search base for objects containing info about ID ranges" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:243 -#: src/config/SSSDConfig/sssdoptions.py:299 +#: src/config/SSSDConfig/sssdoptions.py:244 +#: src/config/SSSDConfig/sssdoptions.py:300 msgid "Enable DNS sites - location based service discovery" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:244 +#: src/config/SSSDConfig/sssdoptions.py:245 msgid "Search base for view containers" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:245 +#: src/config/SSSDConfig/sssdoptions.py:246 msgid "Objectclass for view containers" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:246 +#: src/config/SSSDConfig/sssdoptions.py:247 msgid "Attribute with the name of the view" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:247 +#: src/config/SSSDConfig/sssdoptions.py:248 msgid "Objectclass for override objects" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:248 +#: src/config/SSSDConfig/sssdoptions.py:249 msgid "Attribute with the reference to the original object" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:249 +#: src/config/SSSDConfig/sssdoptions.py:250 msgid "Objectclass for user override objects" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:250 +#: src/config/SSSDConfig/sssdoptions.py:251 msgid "Objectclass for group override objects" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:251 +#: src/config/SSSDConfig/sssdoptions.py:252 msgid "Search base for Desktop Profile related objects" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:252 +#: src/config/SSSDConfig/sssdoptions.py:253 msgid "" "The amount of time in seconds between lookups of the Desktop Profile rules " "against the IPA server" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:254 +#: src/config/SSSDConfig/sssdoptions.py:255 msgid "" "The amount of time in minutes between lookups of Desktop Profiles rules " "against the IPA server when the last request did not find any rule" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:257 +#: src/config/SSSDConfig/sssdoptions.py:258 msgid "Search base for SUBID ranges" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:258 -#: src/config/SSSDConfig/sssdoptions.py:501 +#: src/config/SSSDConfig/sssdoptions.py:259 +#: src/config/SSSDConfig/sssdoptions.py:502 msgid "Which rules should be used to evaluate access control" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:259 +#: src/config/SSSDConfig/sssdoptions.py:260 msgid "The LDAP attribute that contains FQDN of the host." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:260 -#: src/config/SSSDConfig/sssdoptions.py:283 +#: src/config/SSSDConfig/sssdoptions.py:261 +#: src/config/SSSDConfig/sssdoptions.py:284 msgid "The object class of a host entry in LDAP." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:261 +#: src/config/SSSDConfig/sssdoptions.py:262 msgid "Use the given string as search base for host objects." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:262 +#: src/config/SSSDConfig/sssdoptions.py:263 msgid "The LDAP attribute that contains the host's SSH public keys." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:263 +#: src/config/SSSDConfig/sssdoptions.py:264 msgid "The LDAP attribute that contains NIS domain name of the netgroup." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:264 +#: src/config/SSSDConfig/sssdoptions.py:265 msgid "The LDAP attribute that contains the names of the netgroup's members." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:265 +#: src/config/SSSDConfig/sssdoptions.py:266 msgid "" "The LDAP attribute that lists FQDNs of hosts and host groups that are " "members of the netgroup." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:267 +#: src/config/SSSDConfig/sssdoptions.py:268 msgid "" "The LDAP attribute that lists hosts and host groups that are direct members " "of the netgroup." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:269 +#: src/config/SSSDConfig/sssdoptions.py:270 msgid "The LDAP attribute that lists netgroup's memberships." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:270 +#: src/config/SSSDConfig/sssdoptions.py:271 msgid "" "The LDAP attribute that lists system users and groups that are direct " "members of the netgroup." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:272 +#: src/config/SSSDConfig/sssdoptions.py:273 msgid "The LDAP attribute that corresponds to the netgroup name." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:273 +#: src/config/SSSDConfig/sssdoptions.py:274 msgid "The object class of a netgroup entry in LDAP." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:274 +#: src/config/SSSDConfig/sssdoptions.py:275 msgid "" "The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:275 +#: src/config/SSSDConfig/sssdoptions.py:276 msgid "" "The LDAP attribute that contains whether or not is user map enabled for " "usage." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:277 +#: src/config/SSSDConfig/sssdoptions.py:278 msgid "The LDAP attribute that contains host category such as 'all'." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:278 +#: src/config/SSSDConfig/sssdoptions.py:279 msgid "" "The LDAP attribute that contains all hosts / hostgroups this rule match " "against." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:280 +#: src/config/SSSDConfig/sssdoptions.py:281 msgid "" "The LDAP attribute that contains all users / groups this rule match against." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:282 +#: src/config/SSSDConfig/sssdoptions.py:283 msgid "The LDAP attribute that contains the name of SELinux usermap." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:284 +#: src/config/SSSDConfig/sssdoptions.py:285 msgid "" "The LDAP attribute that contains DN of HBAC rule which can be used for " "matching instead of memberUser and memberHost." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:286 +#: src/config/SSSDConfig/sssdoptions.py:287 msgid "The LDAP attribute that contains SELinux user string itself." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:287 +#: src/config/SSSDConfig/sssdoptions.py:288 msgid "The LDAP attribute that contains user category such as 'all'." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:288 +#: src/config/SSSDConfig/sssdoptions.py:289 msgid "The LDAP attribute that contains unique ID of the user map." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:289 +#: src/config/SSSDConfig/sssdoptions.py:290 msgid "" "The option denotes that the SSSD is running on IPA server and should perform " "lookups of users and groups from trusted domains differently." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:291 +#: src/config/SSSDConfig/sssdoptions.py:292 msgid "Use the given string as search base for trusted domains." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:294 +#: src/config/SSSDConfig/sssdoptions.py:295 msgid "Active Directory domain" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:295 +#: src/config/SSSDConfig/sssdoptions.py:296 msgid "Enabled Active Directory domains" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:296 +#: src/config/SSSDConfig/sssdoptions.py:297 msgid "Active Directory server address" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:297 +#: src/config/SSSDConfig/sssdoptions.py:298 msgid "Active Directory backup server address" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:298 +#: src/config/SSSDConfig/sssdoptions.py:299 msgid "Active Directory client hostname" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:300 -#: src/config/SSSDConfig/sssdoptions.py:499 +#: src/config/SSSDConfig/sssdoptions.py:301 +#: src/config/SSSDConfig/sssdoptions.py:500 msgid "LDAP filter to determine access privileges" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:301 +#: src/config/SSSDConfig/sssdoptions.py:302 msgid "Whether to use the Global Catalog for lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:302 +#: src/config/SSSDConfig/sssdoptions.py:303 msgid "Operation mode for GPO-based access control" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:303 +#: src/config/SSSDConfig/sssdoptions.py:304 msgid "" "The amount of time between lookups of the GPO policy files against the AD " "server" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:304 +#: src/config/SSSDConfig/sssdoptions.py:305 msgid "" "PAM service names that map to the GPO (Deny)InteractiveLogonRight policy " "settings" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:306 +#: src/config/SSSDConfig/sssdoptions.py:307 msgid "" "PAM service names that map to the GPO (Deny)RemoteInteractiveLogonRight " "policy settings" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:308 +#: src/config/SSSDConfig/sssdoptions.py:309 msgid "" "PAM service names that map to the GPO (Deny)NetworkLogonRight policy settings" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:309 +#: src/config/SSSDConfig/sssdoptions.py:310 msgid "" "PAM service names that map to the GPO (Deny)BatchLogonRight policy settings" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:310 +#: src/config/SSSDConfig/sssdoptions.py:311 msgid "" "PAM service names that map to the GPO (Deny)ServiceLogonRight policy settings" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:311 +#: src/config/SSSDConfig/sssdoptions.py:312 msgid "PAM service names for which GPO-based access is always granted" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:312 +#: src/config/SSSDConfig/sssdoptions.py:313 msgid "PAM service names for which GPO-based access is always denied" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:313 +#: src/config/SSSDConfig/sssdoptions.py:314 msgid "" "Default logon right (or permit/deny) to use for unmapped PAM service names" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:314 +#: src/config/SSSDConfig/sssdoptions.py:315 msgid "a particular site to be used by the client" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:315 +#: src/config/SSSDConfig/sssdoptions.py:316 msgid "" "Maximum age in days before the machine account password should be renewed" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:317 +#: src/config/SSSDConfig/sssdoptions.py:318 msgid "Option for tuning the machine account renewal task" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:318 +#: src/config/SSSDConfig/sssdoptions.py:319 msgid "Whether to update the machine account password in the Samba database" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:320 +#: src/config/SSSDConfig/sssdoptions.py:321 msgid "Use LDAPS port for LDAP and Global Catalog requests" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:321 +#: src/config/SSSDConfig/sssdoptions.py:322 msgid "Do not filter domain local groups from other domains" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:324 #: src/config/SSSDConfig/sssdoptions.py:325 +#: src/config/SSSDConfig/sssdoptions.py:326 msgid "Kerberos server address" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:326 +#: src/config/SSSDConfig/sssdoptions.py:327 msgid "Kerberos backup server address" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:327 +#: src/config/SSSDConfig/sssdoptions.py:328 msgid "Kerberos realm" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:328 +#: src/config/SSSDConfig/sssdoptions.py:329 msgid "Authentication timeout" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:329 +#: src/config/SSSDConfig/sssdoptions.py:330 msgid "Whether to create kdcinfo files" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:330 +#: src/config/SSSDConfig/sssdoptions.py:331 msgid "Where to drop krb5 config snippets" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:333 +#: src/config/SSSDConfig/sssdoptions.py:334 msgid "Directory to store credential caches" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:334 +#: src/config/SSSDConfig/sssdoptions.py:335 msgid "Location of the user's credential cache" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:335 +#: src/config/SSSDConfig/sssdoptions.py:336 msgid "Location of the keytab to validate credentials" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:336 +#: src/config/SSSDConfig/sssdoptions.py:337 msgid "Enable credential validation" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:337 +#: src/config/SSSDConfig/sssdoptions.py:338 msgid "Store password if offline for later online authentication" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:338 +#: src/config/SSSDConfig/sssdoptions.py:339 msgid "Renewable lifetime of the TGT" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:339 +#: src/config/SSSDConfig/sssdoptions.py:340 msgid "Lifetime of the TGT" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:340 +#: src/config/SSSDConfig/sssdoptions.py:341 msgid "Time between two checks for renewal" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:341 +#: src/config/SSSDConfig/sssdoptions.py:342 msgid "Enables FAST" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:342 +#: src/config/SSSDConfig/sssdoptions.py:343 msgid "Selects the principal to use for FAST" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:343 +#: src/config/SSSDConfig/sssdoptions.py:344 msgid "Use anonymous PKINIT to request FAST credentials" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:344 +#: src/config/SSSDConfig/sssdoptions.py:345 msgid "Enables principal canonicalization" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:345 +#: src/config/SSSDConfig/sssdoptions.py:346 msgid "Enables enterprise principals" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:346 +#: src/config/SSSDConfig/sssdoptions.py:347 msgid "Enables using of subdomains realms for authentication" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:347 +#: src/config/SSSDConfig/sssdoptions.py:348 msgid "A mapping from user names to Kerberos principal names" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:350 #: src/config/SSSDConfig/sssdoptions.py:351 +#: src/config/SSSDConfig/sssdoptions.py:352 msgid "Server where the change password service is running if not on the KDC" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:354 +#: src/config/SSSDConfig/sssdoptions.py:355 msgid "ldap_uri, The URI of the LDAP server" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:355 +#: src/config/SSSDConfig/sssdoptions.py:356 msgid "ldap_backup_uri, The URI of the LDAP server" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:356 +#: src/config/SSSDConfig/sssdoptions.py:357 msgid "The default base DN" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:357 +#: src/config/SSSDConfig/sssdoptions.py:358 msgid "The Schema Type in use on the LDAP server, rfc2307" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:358 +#: src/config/SSSDConfig/sssdoptions.py:359 msgid "Mode used to change user password" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:359 +#: src/config/SSSDConfig/sssdoptions.py:360 msgid "The default bind DN" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:360 +#: src/config/SSSDConfig/sssdoptions.py:361 msgid "The type of the authentication token of the default bind DN" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:361 +#: src/config/SSSDConfig/sssdoptions.py:362 msgid "The authentication token of the default bind DN" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:362 +#: src/config/SSSDConfig/sssdoptions.py:363 msgid "Length of time to attempt connection" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:363 +#: src/config/SSSDConfig/sssdoptions.py:364 msgid "Length of time to attempt synchronous LDAP operations" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:364 +#: src/config/SSSDConfig/sssdoptions.py:365 msgid "Length of time between attempts to reconnect while offline" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:365 +#: src/config/SSSDConfig/sssdoptions.py:366 msgid "Use only the upper case for realm names" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:366 +#: src/config/SSSDConfig/sssdoptions.py:367 msgid "File that contains CA certificates" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:367 +#: src/config/SSSDConfig/sssdoptions.py:368 msgid "Path to CA certificate directory" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:368 +#: src/config/SSSDConfig/sssdoptions.py:369 msgid "File that contains the client certificate" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:369 +#: src/config/SSSDConfig/sssdoptions.py:370 msgid "File that contains the client key" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:370 +#: src/config/SSSDConfig/sssdoptions.py:371 msgid "List of possible ciphers suites" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:371 +#: src/config/SSSDConfig/sssdoptions.py:372 msgid "Require TLS certificate verification" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:372 +#: src/config/SSSDConfig/sssdoptions.py:373 msgid "Specify the sasl mechanism to use" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:373 +#: src/config/SSSDConfig/sssdoptions.py:374 msgid "Specify the sasl authorization id to use" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:374 +#: src/config/SSSDConfig/sssdoptions.py:375 msgid "Specify the sasl authorization realm to use" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:375 +#: src/config/SSSDConfig/sssdoptions.py:376 msgid "Specify the minimal SSF for LDAP sasl authorization" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:376 +#: src/config/SSSDConfig/sssdoptions.py:377 msgid "Specify the maximal SSF for LDAP sasl authorization" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:377 +#: src/config/SSSDConfig/sssdoptions.py:378 msgid "Kerberos service keytab" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:378 +#: src/config/SSSDConfig/sssdoptions.py:379 msgid "Use Kerberos auth for LDAP connection" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:379 +#: src/config/SSSDConfig/sssdoptions.py:380 msgid "Follow LDAP referrals" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:380 +#: src/config/SSSDConfig/sssdoptions.py:381 msgid "Lifetime of TGT for LDAP connection" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:381 +#: src/config/SSSDConfig/sssdoptions.py:382 msgid "How to dereference aliases" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:382 +#: src/config/SSSDConfig/sssdoptions.py:383 msgid "Service name for DNS service lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:383 +#: src/config/SSSDConfig/sssdoptions.py:384 msgid "The number of records to retrieve in a single LDAP query" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:384 +#: src/config/SSSDConfig/sssdoptions.py:385 msgid "The number of members that must be missing to trigger a full deref" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:385 +#: src/config/SSSDConfig/sssdoptions.py:386 msgid "Ignore unreadable LDAP references" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:386 +#: src/config/SSSDConfig/sssdoptions.py:387 msgid "" "Whether the LDAP library should perform a reverse lookup to canonicalize the " "host name during a SASL bind" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:388 +#: src/config/SSSDConfig/sssdoptions.py:389 msgid "" "Allows to retain local users as members of an LDAP group for servers that " "use the RFC2307 schema." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:391 +#: src/config/SSSDConfig/sssdoptions.py:392 msgid "entryUSN attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:392 +#: src/config/SSSDConfig/sssdoptions.py:393 msgid "lastUSN attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:394 +#: src/config/SSSDConfig/sssdoptions.py:395 msgid "How long to retain a connection to the LDAP server before disconnecting" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:397 +#: src/config/SSSDConfig/sssdoptions.py:398 msgid "Disable the LDAP paging control" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:398 +#: src/config/SSSDConfig/sssdoptions.py:399 msgid "Disable Active Directory range retrieval" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:401 +#: src/config/SSSDConfig/sssdoptions.py:402 msgid "Length of time to wait for a search request" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:402 +#: src/config/SSSDConfig/sssdoptions.py:403 msgid "Length of time to wait for a enumeration request" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:403 +#: src/config/SSSDConfig/sssdoptions.py:404 msgid "Length of time between enumeration updates" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:404 +#: src/config/SSSDConfig/sssdoptions.py:405 msgid "Maximum period deviation between enumeration updates" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:405 +#: src/config/SSSDConfig/sssdoptions.py:406 msgid "Length of time between cache cleanups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:406 +#: src/config/SSSDConfig/sssdoptions.py:407 msgid "Maximum time deviation between cache cleanups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:407 +#: src/config/SSSDConfig/sssdoptions.py:408 msgid "Require TLS for ID lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:408 +#: src/config/SSSDConfig/sssdoptions.py:409 msgid "Use ID-mapping of objectSID instead of pre-set IDs" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:409 +#: src/config/SSSDConfig/sssdoptions.py:410 msgid "Base DN for user lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:410 +#: src/config/SSSDConfig/sssdoptions.py:411 msgid "Scope of user lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:411 +#: src/config/SSSDConfig/sssdoptions.py:412 msgid "Filter for user lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:412 +#: src/config/SSSDConfig/sssdoptions.py:413 msgid "Objectclass for users" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:413 +#: src/config/SSSDConfig/sssdoptions.py:414 msgid "Username attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:414 +#: src/config/SSSDConfig/sssdoptions.py:415 msgid "UID attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:415 +#: src/config/SSSDConfig/sssdoptions.py:416 msgid "Primary GID attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:416 +#: src/config/SSSDConfig/sssdoptions.py:417 msgid "GECOS attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:417 +#: src/config/SSSDConfig/sssdoptions.py:418 msgid "Home directory attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:418 +#: src/config/SSSDConfig/sssdoptions.py:419 msgid "Shell attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:419 +#: src/config/SSSDConfig/sssdoptions.py:420 msgid "UUID attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:420 -#: src/config/SSSDConfig/sssdoptions.py:459 +#: src/config/SSSDConfig/sssdoptions.py:421 +#: src/config/SSSDConfig/sssdoptions.py:460 msgid "objectSID attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:421 +#: src/config/SSSDConfig/sssdoptions.py:422 msgid "Active Directory primary group attribute for ID-mapping" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:422 +#: src/config/SSSDConfig/sssdoptions.py:423 msgid "User principal attribute (for Kerberos)" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:423 +#: src/config/SSSDConfig/sssdoptions.py:424 msgid "Full Name" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:424 +#: src/config/SSSDConfig/sssdoptions.py:425 msgid "memberOf attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:425 +#: src/config/SSSDConfig/sssdoptions.py:426 msgid "Modification time attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:426 +#: src/config/SSSDConfig/sssdoptions.py:427 msgid "shadowLastChange attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:427 +#: src/config/SSSDConfig/sssdoptions.py:428 msgid "shadowMin attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:428 +#: src/config/SSSDConfig/sssdoptions.py:429 msgid "shadowMax attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:429 +#: src/config/SSSDConfig/sssdoptions.py:430 msgid "shadowWarning attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:430 +#: src/config/SSSDConfig/sssdoptions.py:431 msgid "shadowInactive attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:431 +#: src/config/SSSDConfig/sssdoptions.py:432 msgid "shadowExpire attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:432 +#: src/config/SSSDConfig/sssdoptions.py:433 msgid "shadowFlag attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:433 +#: src/config/SSSDConfig/sssdoptions.py:434 msgid "Attribute listing authorized PAM services" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:434 +#: src/config/SSSDConfig/sssdoptions.py:435 msgid "Attribute listing authorized server hosts" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:435 +#: src/config/SSSDConfig/sssdoptions.py:436 msgid "Attribute listing authorized server rhosts" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:436 +#: src/config/SSSDConfig/sssdoptions.py:437 msgid "krbLastPwdChange attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:437 +#: src/config/SSSDConfig/sssdoptions.py:438 msgid "krbPasswordExpiration attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:438 +#: src/config/SSSDConfig/sssdoptions.py:439 msgid "Attribute indicating that server side password policies are active" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:439 +#: src/config/SSSDConfig/sssdoptions.py:440 msgid "accountExpires attribute of AD" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:440 +#: src/config/SSSDConfig/sssdoptions.py:441 msgid "userAccountControl attribute of AD" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:441 +#: src/config/SSSDConfig/sssdoptions.py:442 msgid "nsAccountLock attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:442 +#: src/config/SSSDConfig/sssdoptions.py:443 msgid "loginDisabled attribute of NDS" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:443 +#: src/config/SSSDConfig/sssdoptions.py:444 msgid "loginExpirationTime attribute of NDS" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:444 +#: src/config/SSSDConfig/sssdoptions.py:445 msgid "loginAllowedTimeMap attribute of NDS" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:445 +#: src/config/SSSDConfig/sssdoptions.py:446 msgid "SSH public key attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:446 +#: src/config/SSSDConfig/sssdoptions.py:447 msgid "attribute listing allowed authentication types for a user" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:447 +#: src/config/SSSDConfig/sssdoptions.py:448 msgid "attribute containing the X509 certificate of the user" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:448 +#: src/config/SSSDConfig/sssdoptions.py:449 msgid "attribute containing the email address of the user" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:449 +#: src/config/SSSDConfig/sssdoptions.py:450 msgid "attribute containing the passkey mapping data of the user" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:450 +#: src/config/SSSDConfig/sssdoptions.py:451 msgid "A list of extra attributes to download along with the user entry" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:452 +#: src/config/SSSDConfig/sssdoptions.py:453 msgid "Base DN for group lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:453 +#: src/config/SSSDConfig/sssdoptions.py:454 msgid "Objectclass for groups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:454 +#: src/config/SSSDConfig/sssdoptions.py:455 msgid "Group name" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:455 +#: src/config/SSSDConfig/sssdoptions.py:456 msgid "Group password" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:456 +#: src/config/SSSDConfig/sssdoptions.py:457 msgid "GID attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:457 +#: src/config/SSSDConfig/sssdoptions.py:458 msgid "Group member attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:458 +#: src/config/SSSDConfig/sssdoptions.py:459 msgid "Group UUID attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:460 +#: src/config/SSSDConfig/sssdoptions.py:461 msgid "Modification time attribute for groups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:461 +#: src/config/SSSDConfig/sssdoptions.py:462 msgid "Type of the group and other flags" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:462 +#: src/config/SSSDConfig/sssdoptions.py:463 msgid "The LDAP group external member attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:463 +#: src/config/SSSDConfig/sssdoptions.py:464 msgid "Maximum nesting level SSSD will follow" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:464 +#: src/config/SSSDConfig/sssdoptions.py:465 msgid "Filter for group lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:465 +#: src/config/SSSDConfig/sssdoptions.py:466 msgid "Scope of group lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:467 +#: src/config/SSSDConfig/sssdoptions.py:468 msgid "Base DN for netgroup lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:468 +#: src/config/SSSDConfig/sssdoptions.py:469 msgid "Objectclass for netgroups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:469 +#: src/config/SSSDConfig/sssdoptions.py:470 msgid "Netgroup name" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:470 +#: src/config/SSSDConfig/sssdoptions.py:471 msgid "Netgroups members attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:471 +#: src/config/SSSDConfig/sssdoptions.py:472 msgid "Netgroup triple attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:472 +#: src/config/SSSDConfig/sssdoptions.py:473 msgid "Modification time attribute for netgroups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:474 +#: src/config/SSSDConfig/sssdoptions.py:475 msgid "Base DN for service lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:475 +#: src/config/SSSDConfig/sssdoptions.py:476 msgid "Objectclass for services" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:476 +#: src/config/SSSDConfig/sssdoptions.py:477 msgid "Service name attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:477 +#: src/config/SSSDConfig/sssdoptions.py:478 msgid "Service port attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:478 +#: src/config/SSSDConfig/sssdoptions.py:479 msgid "Service protocol attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:480 +#: src/config/SSSDConfig/sssdoptions.py:481 msgid "Lower bound for ID-mapping" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:481 +#: src/config/SSSDConfig/sssdoptions.py:482 msgid "Upper bound for ID-mapping" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:482 +#: src/config/SSSDConfig/sssdoptions.py:483 msgid "Number of IDs for each slice when ID-mapping" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:483 +#: src/config/SSSDConfig/sssdoptions.py:484 msgid "Use autorid-compatible algorithm for ID-mapping" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:484 +#: src/config/SSSDConfig/sssdoptions.py:485 msgid "Name of the default domain for ID-mapping" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:485 +#: src/config/SSSDConfig/sssdoptions.py:486 msgid "SID of the default domain for ID-mapping" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:486 +#: src/config/SSSDConfig/sssdoptions.py:487 msgid "Number of secondary slices" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:488 +#: src/config/SSSDConfig/sssdoptions.py:489 msgid "Whether to use Token-Groups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:489 +#: src/config/SSSDConfig/sssdoptions.py:490 msgid "Set lower boundary for allowed IDs from the LDAP server" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:490 +#: src/config/SSSDConfig/sssdoptions.py:491 msgid "Set upper boundary for allowed IDs from the LDAP server" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:491 +#: src/config/SSSDConfig/sssdoptions.py:492 msgid "DN for ppolicy queries" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:492 +#: src/config/SSSDConfig/sssdoptions.py:493 msgid "How many maximum entries to fetch during a wildcard request" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:493 +#: src/config/SSSDConfig/sssdoptions.py:494 msgid "Set libldap debug level" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:496 +#: src/config/SSSDConfig/sssdoptions.py:497 msgid "Policy to evaluate the password expiration" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:500 +#: src/config/SSSDConfig/sssdoptions.py:501 msgid "Which attributes shall be used to evaluate if an account is expired" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:504 +#: src/config/SSSDConfig/sssdoptions.py:505 msgid "URI of an LDAP server where password changes are allowed" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:505 +#: src/config/SSSDConfig/sssdoptions.py:506 msgid "URI of a backup LDAP server where password changes are allowed" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:506 +#: src/config/SSSDConfig/sssdoptions.py:507 msgid "DNS service name for LDAP password change server" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:507 +#: src/config/SSSDConfig/sssdoptions.py:508 msgid "" "Whether to update the ldap_user_shadow_last_change attribute after a " "password change" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:511 +#: src/config/SSSDConfig/sssdoptions.py:512 msgid "Base DN for sudo rules lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:512 +#: src/config/SSSDConfig/sssdoptions.py:513 msgid "Automatic full refresh period" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:513 +#: src/config/SSSDConfig/sssdoptions.py:514 msgid "Automatic smart refresh period" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:514 +#: src/config/SSSDConfig/sssdoptions.py:515 msgid "Smart and full refresh random offset" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:515 +#: src/config/SSSDConfig/sssdoptions.py:516 msgid "Whether to filter rules by hostname, IP addresses and network" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:516 +#: src/config/SSSDConfig/sssdoptions.py:517 msgid "" "Hostnames and/or fully qualified domain names of this machine to filter sudo " "rules" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:517 +#: src/config/SSSDConfig/sssdoptions.py:518 msgid "IPv4 or IPv6 addresses or network of this machine to filter sudo rules" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:518 +#: src/config/SSSDConfig/sssdoptions.py:519 msgid "Whether to include rules that contains netgroup in host attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:519 +#: src/config/SSSDConfig/sssdoptions.py:520 msgid "" "Whether to include rules that contains regular expression in host attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:520 +#: src/config/SSSDConfig/sssdoptions.py:521 msgid "Object class for sudo rules" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:521 +#: src/config/SSSDConfig/sssdoptions.py:522 msgid "Name of attribute that is used as object class for sudo rules" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:522 +#: src/config/SSSDConfig/sssdoptions.py:523 msgid "Sudo rule name" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:523 +#: src/config/SSSDConfig/sssdoptions.py:524 msgid "Sudo rule command attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:524 +#: src/config/SSSDConfig/sssdoptions.py:525 msgid "Sudo rule host attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:525 +#: src/config/SSSDConfig/sssdoptions.py:526 msgid "Sudo rule user attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:526 +#: src/config/SSSDConfig/sssdoptions.py:527 msgid "Sudo rule option attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:527 +#: src/config/SSSDConfig/sssdoptions.py:528 msgid "Sudo rule runas attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:528 +#: src/config/SSSDConfig/sssdoptions.py:529 msgid "Sudo rule runasuser attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:529 +#: src/config/SSSDConfig/sssdoptions.py:530 msgid "Sudo rule runasgroup attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:530 +#: src/config/SSSDConfig/sssdoptions.py:531 msgid "Sudo rule notbefore attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:531 +#: src/config/SSSDConfig/sssdoptions.py:532 msgid "Sudo rule notafter attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:532 +#: src/config/SSSDConfig/sssdoptions.py:533 msgid "Sudo rule order attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:535 +#: src/config/SSSDConfig/sssdoptions.py:536 msgid "Object class for automounter maps" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:536 +#: src/config/SSSDConfig/sssdoptions.py:537 msgid "Automounter map name attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:537 +#: src/config/SSSDConfig/sssdoptions.py:538 msgid "Object class for automounter map entries" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:538 +#: src/config/SSSDConfig/sssdoptions.py:539 msgid "Automounter map entry key attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:539 +#: src/config/SSSDConfig/sssdoptions.py:540 msgid "Automounter map entry value attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:540 +#: src/config/SSSDConfig/sssdoptions.py:541 msgid "Base DN for automounter map lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:541 +#: src/config/SSSDConfig/sssdoptions.py:542 msgid "The name of the automount master map in LDAP." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:544 +#: src/config/SSSDConfig/sssdoptions.py:545 msgid "Base DN for IP hosts lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:545 +#: src/config/SSSDConfig/sssdoptions.py:546 msgid "Object class for IP hosts" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:546 +#: src/config/SSSDConfig/sssdoptions.py:547 msgid "IP host name attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:547 +#: src/config/SSSDConfig/sssdoptions.py:548 msgid "IP host number (address) attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:548 +#: src/config/SSSDConfig/sssdoptions.py:549 msgid "IP host entryUSN attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:549 +#: src/config/SSSDConfig/sssdoptions.py:550 msgid "Base DN for IP networks lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:550 +#: src/config/SSSDConfig/sssdoptions.py:551 msgid "Object class for IP networks" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:551 +#: src/config/SSSDConfig/sssdoptions.py:552 msgid "IP network name attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:552 +#: src/config/SSSDConfig/sssdoptions.py:553 msgid "IP network number (address) attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:553 +#: src/config/SSSDConfig/sssdoptions.py:554 msgid "IP network entryUSN attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:556 +#: src/config/SSSDConfig/sssdoptions.py:557 msgid "Comma separated list of allowed users" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:557 +#: src/config/SSSDConfig/sssdoptions.py:558 msgid "Comma separated list of prohibited users" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:558 +#: src/config/SSSDConfig/sssdoptions.py:559 msgid "" "Comma separated list of groups that are allowed to log in. This applies only " "to groups within this SSSD domain. Local groups are not evaluated." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:560 +#: src/config/SSSDConfig/sssdoptions.py:561 msgid "" "Comma separated list of groups that are explicitly denied access. This " "applies only to groups within this SSSD domain. Local groups are not " "evaluated." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:564 +#: src/config/SSSDConfig/sssdoptions.py:565 msgid "The number of preforked proxy children." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:567 +#: src/config/SSSDConfig/sssdoptions.py:568 msgid "The name of the NSS library to use" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:568 +#: src/config/SSSDConfig/sssdoptions.py:569 msgid "The name of the NSS library to use for hosts and networks lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:569 +#: src/config/SSSDConfig/sssdoptions.py:570 msgid "Whether to look up canonical group name from cache if possible" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:572 +#: src/config/SSSDConfig/sssdoptions.py:573 msgid "PAM stack to use" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:575 +#: src/config/SSSDConfig/sssdoptions.py:576 msgid "Path of passwd file sources." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:576 +#: src/config/SSSDConfig/sssdoptions.py:577 msgid "Path of group file sources." msgstr "" @@ -1878,67 +1882,67 @@ msgstr "" msgid "SSSD is already running\n" msgstr "" -#: src/providers/krb5/krb5_child.c:4007 src/providers/ldap/ldap_child.c:641 +#: src/providers/krb5/krb5_child.c:4027 src/providers/ldap/ldap_child.c:642 msgid "Allow core dumps" msgstr "" -#: src/providers/krb5/krb5_child.c:4009 src/providers/ldap/ldap_child.c:643 +#: src/providers/krb5/krb5_child.c:4029 src/providers/ldap/ldap_child.c:644 msgid "An open file descriptor for the debug logs" msgstr "" -#: src/providers/krb5/krb5_child.c:4012 +#: src/providers/krb5/krb5_child.c:4032 msgid "The user to create FAST ccache as" msgstr "" -#: src/providers/krb5/krb5_child.c:4014 +#: src/providers/krb5/krb5_child.c:4034 msgid "The group to create FAST ccache as" msgstr "" -#: src/providers/krb5/krb5_child.c:4016 +#: src/providers/krb5/krb5_child.c:4036 msgid "Use anonymous PKINIT to request FAST armor ticket" msgstr "" -#: src/providers/krb5/krb5_child.c:4018 +#: src/providers/krb5/krb5_child.c:4038 msgid "Kerberos realm to use" msgstr "" -#: src/providers/krb5/krb5_child.c:4020 +#: src/providers/krb5/krb5_child.c:4040 msgid "Requested lifetime of the ticket" msgstr "" -#: src/providers/krb5/krb5_child.c:4022 +#: src/providers/krb5/krb5_child.c:4042 msgid "Requested renewable lifetime of the ticket" msgstr "" -#: src/providers/krb5/krb5_child.c:4024 +#: src/providers/krb5/krb5_child.c:4044 msgid "FAST options ('never', 'try', 'demand')" msgstr "" -#: src/providers/krb5/krb5_child.c:4027 +#: src/providers/krb5/krb5_child.c:4047 msgid "Specifies the server principal to use for FAST" msgstr "" -#: src/providers/krb5/krb5_child.c:4029 +#: src/providers/krb5/krb5_child.c:4049 msgid "Requests canonicalization of the principal name" msgstr "" -#: src/providers/krb5/krb5_child.c:4031 +#: src/providers/krb5/krb5_child.c:4051 msgid "Use custom version of krb5_get_init_creds_password" msgstr "" -#: src/providers/krb5/krb5_child.c:4033 +#: src/providers/krb5/krb5_child.c:4053 msgid "Tevent chain ID used for logging purposes" msgstr "" -#: src/providers/krb5/krb5_child.c:4035 +#: src/providers/krb5/krb5_child.c:4055 msgid "Check PAC flags" msgstr "" -#: src/providers/krb5/krb5_child.c:4079 src/providers/ldap/ldap_child.c:669 +#: src/providers/krb5/krb5_child.c:4099 src/providers/ldap/ldap_child.c:670 msgid "talloc_asprintf failed.\n" msgstr "" -#: src/providers/krb5/krb5_child.c:4089 src/providers/ldap/ldap_child.c:678 +#: src/providers/krb5/krb5_child.c:4109 src/providers/ldap/ldap_child.c:679 msgid "set_debug_file_from_fd failed.\n" msgstr "" @@ -1982,119 +1986,131 @@ msgstr "" msgid "Permission denied. " msgstr "" -#: src/sss_client/pam_sss.c:70 src/sss_client/pam_sss.c:819 -#: src/sss_client/pam_sss.c:830 +#: src/sss_client/pam_sss.c:70 src/sss_client/pam_sss.c:838 +#: src/sss_client/pam_sss.c:849 msgid "Server message: " msgstr "" #: src/sss_client/pam_sss.c:71 +msgid "" +"Kerberos TGT will not be granted upon login, user experience will be " +"affected." +msgstr "" + +#: src/sss_client/pam_sss.c:72 msgid "Enter PIN:" msgstr "" -#: src/sss_client/pam_sss.c:314 +#: src/sss_client/pam_sss.c:315 msgid "Passwords do not match" msgstr "" -#: src/sss_client/pam_sss.c:502 +#: src/sss_client/pam_sss.c:503 msgid "Password reset by root is not supported." msgstr "" -#: src/sss_client/pam_sss.c:543 +#: src/sss_client/pam_sss.c:544 msgid "Authenticated with cached credentials" msgstr "" -#: src/sss_client/pam_sss.c:544 +#: src/sss_client/pam_sss.c:545 msgid ", your cached password will expire at: " msgstr "" -#: src/sss_client/pam_sss.c:574 +#: src/sss_client/pam_sss.c:575 #, c-format msgid "Your password has expired. You have %1$d grace login(s) remaining." msgstr "" -#: src/sss_client/pam_sss.c:624 +#: src/sss_client/pam_sss.c:625 #, c-format msgid "Your password will expire in %1$d %2$s." msgstr "" -#: src/sss_client/pam_sss.c:627 +#: src/sss_client/pam_sss.c:628 #, c-format msgid "Your password has expired." msgstr "" -#: src/sss_client/pam_sss.c:678 +#: src/sss_client/pam_sss.c:679 msgid "Authentication is denied until: " msgstr "" -#: src/sss_client/pam_sss.c:699 +#: src/sss_client/pam_sss.c:700 msgid "System is offline, password change not possible" msgstr "" -#: src/sss_client/pam_sss.c:714 +#: src/sss_client/pam_sss.c:715 msgid "" "After changing the OTP password, you need to log out and back in order to " "acquire a ticket" msgstr "" -#: src/sss_client/pam_sss.c:729 +#: src/sss_client/pam_sss.c:730 msgid "PIN locked" msgstr "" -#: src/sss_client/pam_sss.c:816 src/sss_client/pam_sss.c:829 +#: src/sss_client/pam_sss.c:745 +msgid "" +"No Kerberos TGT granted as the server does not support this method. Your " +"single-sign on(SSO) experience will be affected." +msgstr "" + +#: src/sss_client/pam_sss.c:835 src/sss_client/pam_sss.c:848 msgid "Password change failed. " msgstr "" -#: src/sss_client/pam_sss.c:1797 +#: src/sss_client/pam_sss.c:1819 #, c-format msgid "Authenticate at %1$s and press ENTER." msgstr "" -#: src/sss_client/pam_sss.c:1800 +#: src/sss_client/pam_sss.c:1822 #, c-format msgid "Authenticate with PIN %1$s at %2$s and press ENTER." msgstr "" -#: src/sss_client/pam_sss.c:2153 +#: src/sss_client/pam_sss.c:2181 msgid "Please (re)insert (different) Smartcard" msgstr "" -#: src/sss_client/pam_sss.c:2352 +#: src/sss_client/pam_sss.c:2380 msgid "New Password: " msgstr "" -#: src/sss_client/pam_sss.c:2353 +#: src/sss_client/pam_sss.c:2381 msgid "Reenter new Password: " msgstr "" -#: src/sss_client/pam_sss.c:2523 src/sss_client/pam_sss.c:2526 +#: src/sss_client/pam_sss.c:2551 src/sss_client/pam_sss.c:2554 msgid "First Factor: " msgstr "" -#: src/sss_client/pam_sss.c:2524 src/sss_client/pam_sss.c:2707 +#: src/sss_client/pam_sss.c:2552 src/sss_client/pam_sss.c:2740 msgid "Second Factor (optional): " msgstr "" -#: src/sss_client/pam_sss.c:2527 src/sss_client/pam_sss.c:2710 +#: src/sss_client/pam_sss.c:2555 src/sss_client/pam_sss.c:2743 msgid "Second Factor: " msgstr "" -#: src/sss_client/pam_sss.c:2547 +#: src/sss_client/pam_sss.c:2575 msgid "Insert your passkey device, then press ENTER." msgstr "" -#: src/sss_client/pam_sss.c:2551 src/sss_client/pam_sss.c:2554 +#: src/sss_client/pam_sss.c:2579 src/sss_client/pam_sss.c:2587 msgid "Password: " msgstr "" -#: src/sss_client/pam_sss.c:2706 src/sss_client/pam_sss.c:2709 +#: src/sss_client/pam_sss.c:2739 src/sss_client/pam_sss.c:2742 msgid "First Factor (Current Password): " msgstr "" -#: src/sss_client/pam_sss.c:2713 +#: src/sss_client/pam_sss.c:2746 msgid "Current Password: " msgstr "" -#: src/sss_client/pam_sss.c:3070 +#: src/sss_client/pam_sss.c:3103 msgid "Password expired. Change your password now." msgstr "" diff --git a/po/sv.po b/po/sv.po index 6900cc39b9c..6984119f2ea 100644 --- a/po/sv.po +++ b/po/sv.po @@ -13,7 +13,7 @@ msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" -"POT-Creation-Date: 2023-05-05 10:11+0200\n" +"POT-Creation-Date: 2023-09-07 11:48+0200\n" "PO-Revision-Date: 2023-08-30 14:21+0000\n" "Last-Translator: Göran Uddeborg \n" "Language-Team: Swedish , måste vara root\n" msgid "SSSD is already running\n" msgstr "SSSD kör redan\n" -#: src/providers/krb5/krb5_child.c:4007 src/providers/ldap/ldap_child.c:641 +#: src/providers/krb5/krb5_child.c:4027 src/providers/ldap/ldap_child.c:642 msgid "Allow core dumps" msgstr "Tillåt kärndumpar" -#: src/providers/krb5/krb5_child.c:4009 src/providers/ldap/ldap_child.c:643 +#: src/providers/krb5/krb5_child.c:4029 src/providers/ldap/ldap_child.c:644 msgid "An open file descriptor for the debug logs" msgstr "En öppen fildeskriptor för felsökningsloggarna" -#: src/providers/krb5/krb5_child.c:4012 +#: src/providers/krb5/krb5_child.c:4032 msgid "The user to create FAST ccache as" msgstr "Användaren att skapa en FAST-ccache som" -#: src/providers/krb5/krb5_child.c:4014 +#: src/providers/krb5/krb5_child.c:4034 msgid "The group to create FAST ccache as" msgstr "Gruppen att skapa en FAST-ccache som" -#: src/providers/krb5/krb5_child.c:4016 +#: src/providers/krb5/krb5_child.c:4036 msgid "Use anonymous PKINIT to request FAST armor ticket" msgstr "Använd anonym PKINIT för att begära FAST-skyddad biljett" -#: src/providers/krb5/krb5_child.c:4018 +#: src/providers/krb5/krb5_child.c:4038 msgid "Kerberos realm to use" msgstr "Kerberosrike att använda" -#: src/providers/krb5/krb5_child.c:4020 +#: src/providers/krb5/krb5_child.c:4040 msgid "Requested lifetime of the ticket" msgstr "Begärd livslängd på biljetten" -#: src/providers/krb5/krb5_child.c:4022 +#: src/providers/krb5/krb5_child.c:4042 msgid "Requested renewable lifetime of the ticket" msgstr "Begärd förnybar livslängd på biljetten" -#: src/providers/krb5/krb5_child.c:4024 +#: src/providers/krb5/krb5_child.c:4044 msgid "FAST options ('never', 'try', 'demand')" msgstr "FAST-flaggor (”never”, ”try”, ”demand”)" -#: src/providers/krb5/krb5_child.c:4027 +#: src/providers/krb5/krb5_child.c:4047 msgid "Specifies the server principal to use for FAST" msgstr "Anger serverhuvudmannen att använda för FAST" -#: src/providers/krb5/krb5_child.c:4029 +#: src/providers/krb5/krb5_child.c:4049 msgid "Requests canonicalization of the principal name" msgstr "Begär kanonisering av huvudmannanamnet" -#: src/providers/krb5/krb5_child.c:4031 +#: src/providers/krb5/krb5_child.c:4051 msgid "Use custom version of krb5_get_init_creds_password" msgstr "Använd en anpassad version av krb5_get_init_creds_password" -#: src/providers/krb5/krb5_child.c:4033 +#: src/providers/krb5/krb5_child.c:4053 msgid "Tevent chain ID used for logging purposes" msgstr "Tevent-kedje-ID använt för loggningssyfte" -#: src/providers/krb5/krb5_child.c:4035 +#: src/providers/krb5/krb5_child.c:4055 msgid "Check PAC flags" msgstr "Kontrollera PAC-flaggor" -#: src/providers/krb5/krb5_child.c:4079 src/providers/ldap/ldap_child.c:669 +#: src/providers/krb5/krb5_child.c:4099 src/providers/ldap/ldap_child.c:670 msgid "talloc_asprintf failed.\n" msgstr "talloc_asprintf misslyckades.\n" -#: src/providers/krb5/krb5_child.c:4089 src/providers/ldap/ldap_child.c:678 +#: src/providers/krb5/krb5_child.c:4109 src/providers/ldap/ldap_child.c:679 msgid "set_debug_file_from_fd failed.\n" msgstr "set_debug_file_from_fd misslyckades.\n" @@ -2122,55 +2126,61 @@ msgstr "Oväntat fel vid sökning efter ett felmeddelande" msgid "Permission denied. " msgstr "Åtkomst nekas. " -#: src/sss_client/pam_sss.c:70 src/sss_client/pam_sss.c:819 -#: src/sss_client/pam_sss.c:830 +#: src/sss_client/pam_sss.c:70 src/sss_client/pam_sss.c:838 +#: src/sss_client/pam_sss.c:849 msgid "Server message: " msgstr "Servermeddelande: " #: src/sss_client/pam_sss.c:71 +msgid "" +"Kerberos TGT will not be granted upon login, user experience will be " +"affected." +msgstr "" + +#: src/sss_client/pam_sss.c:72 msgid "Enter PIN:" msgstr "Ange PIN:" -#: src/sss_client/pam_sss.c:314 +#: src/sss_client/pam_sss.c:315 msgid "Passwords do not match" msgstr "Lösenorden stämmer inte överens" -#: src/sss_client/pam_sss.c:502 +#: src/sss_client/pam_sss.c:503 msgid "Password reset by root is not supported." msgstr "Återställning av lösenord av root stöds inte." -#: src/sss_client/pam_sss.c:543 +#: src/sss_client/pam_sss.c:544 msgid "Authenticated with cached credentials" msgstr "Autentiserad med cachade kreditiv" -#: src/sss_client/pam_sss.c:544 +#: src/sss_client/pam_sss.c:545 msgid ", your cached password will expire at: " msgstr ", ditt cache-lösenord kommer gå ut: " -#: src/sss_client/pam_sss.c:574 +#: src/sss_client/pam_sss.c:575 #, c-format msgid "Your password has expired. You have %1$d grace login(s) remaining." msgstr "Ditt lösenord har gått ut. Du har en frist på %1$d inloggningar kvar." -#: src/sss_client/pam_sss.c:624 +#: src/sss_client/pam_sss.c:625 #, c-format msgid "Your password will expire in %1$d %2$s." msgstr "Ditt lösenordet kommer gå ut om %1$d %2$s." -#: src/sss_client/pam_sss.c:627 +#: src/sss_client/pam_sss.c:628 #, c-format msgid "Your password has expired." msgstr "Ditt lösenordet har gått ut." -#: src/sss_client/pam_sss.c:678 +#: src/sss_client/pam_sss.c:679 msgid "Authentication is denied until: " msgstr "Autentisering nekas till: " -#: src/sss_client/pam_sss.c:699 +#: src/sss_client/pam_sss.c:700 msgid "System is offline, password change not possible" msgstr "Systemet är frånkopplat, ändring av lösenord är inte möjligt" -#: src/sss_client/pam_sss.c:714 +#: src/sss_client/pam_sss.c:715 msgid "" "After changing the OTP password, you need to log out and back in order to " "acquire a ticket" @@ -2178,65 +2188,71 @@ msgstr "" "Efter att ha ändrat OTP-lösenordet behöver du logga ut och tillbaka in för " "att få en biljett" -#: src/sss_client/pam_sss.c:729 +#: src/sss_client/pam_sss.c:730 msgid "PIN locked" msgstr "PIN-låst" -#: src/sss_client/pam_sss.c:816 src/sss_client/pam_sss.c:829 +#: src/sss_client/pam_sss.c:745 +msgid "" +"No Kerberos TGT granted as the server does not support this method. Your " +"single-sign on(SSO) experience will be affected." +msgstr "" + +#: src/sss_client/pam_sss.c:835 src/sss_client/pam_sss.c:848 msgid "Password change failed. " msgstr "Lösenordsändringen misslyckades. " -#: src/sss_client/pam_sss.c:1797 +#: src/sss_client/pam_sss.c:1819 #, c-format msgid "Authenticate at %1$s and press ENTER." msgstr "Autentisera vid %1$s och tryck på ENTER." -#: src/sss_client/pam_sss.c:1800 +#: src/sss_client/pam_sss.c:1822 #, c-format msgid "Authenticate with PIN %1$s at %2$s and press ENTER." msgstr "Autentisera med PIN %1$s vid %2$s och tryck på ENTER." -#: src/sss_client/pam_sss.c:2153 +#: src/sss_client/pam_sss.c:2181 msgid "Please (re)insert (different) Smartcard" msgstr "Sätt (igen) in ett (annat) smartkort" -#: src/sss_client/pam_sss.c:2352 +#: src/sss_client/pam_sss.c:2380 msgid "New Password: " msgstr "Nytt lösenord: " -#: src/sss_client/pam_sss.c:2353 +#: src/sss_client/pam_sss.c:2381 msgid "Reenter new Password: " msgstr "Skriv det nya lösenordet igen: " -#: src/sss_client/pam_sss.c:2523 src/sss_client/pam_sss.c:2526 +#: src/sss_client/pam_sss.c:2551 src/sss_client/pam_sss.c:2554 msgid "First Factor: " msgstr "Första faktorn: " -#: src/sss_client/pam_sss.c:2524 src/sss_client/pam_sss.c:2707 +#: src/sss_client/pam_sss.c:2552 src/sss_client/pam_sss.c:2740 msgid "Second Factor (optional): " msgstr "Andra faktorn (frivillig): " -#: src/sss_client/pam_sss.c:2527 src/sss_client/pam_sss.c:2710 +#: src/sss_client/pam_sss.c:2555 src/sss_client/pam_sss.c:2743 msgid "Second Factor: " msgstr "Andra faktorn: " -#: src/sss_client/pam_sss.c:2547 +#: src/sss_client/pam_sss.c:2575 msgid "Insert your passkey device, then press ENTER." msgstr "Sätt in en lösennyckelsenhet, tryck sedan ENTER." -#: src/sss_client/pam_sss.c:2551 src/sss_client/pam_sss.c:2554 +#: src/sss_client/pam_sss.c:2579 src/sss_client/pam_sss.c:2587 msgid "Password: " msgstr "Lösenord: " -#: src/sss_client/pam_sss.c:2706 src/sss_client/pam_sss.c:2709 +#: src/sss_client/pam_sss.c:2739 src/sss_client/pam_sss.c:2742 msgid "First Factor (Current Password): " msgstr "Första faktorn (nuvarande lösenord): " -#: src/sss_client/pam_sss.c:2713 +#: src/sss_client/pam_sss.c:2746 msgid "Current Password: " msgstr "Nuvarande lösenord: " -#: src/sss_client/pam_sss.c:3070 +#: src/sss_client/pam_sss.c:3103 msgid "Password expired. Change your password now." msgstr "Lösenordet har gått ut. Ändra ditt lösenord nu." diff --git a/po/tg.po b/po/tg.po index ccda3e7dc05..e49921b6b82 100644 --- a/po/tg.po +++ b/po/tg.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" -"POT-Creation-Date: 2023-05-05 10:11+0200\n" +"POT-Creation-Date: 2023-09-07 11:48+0200\n" "PO-Revision-Date: 2014-12-14 11:48-0500\n" "Last-Translator: Copied by Zanata \n" "Language-Team: Tajik (http://www.transifex.com/projects/p/sssd/language/" @@ -587,12 +587,12 @@ msgid "Whether to automatically update the client's DNS entry" msgstr "" #: src/config/SSSDConfig/sssdoptions.py:201 -#: src/config/SSSDConfig/sssdoptions.py:233 +#: src/config/SSSDConfig/sssdoptions.py:234 msgid "The TTL to apply to the client's DNS entry after updating it" msgstr "" #: src/config/SSSDConfig/sssdoptions.py:202 -#: src/config/SSSDConfig/sssdoptions.py:234 +#: src/config/SSSDConfig/sssdoptions.py:235 msgid "The interface whose IP should be used for dynamic DNS updates" msgstr "" @@ -676,1162 +676,1166 @@ msgid "" "(long term password) must have to be saved as SHA512 hash into the cache." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:228 -msgid "IPA domain" +#: src/config/SSSDConfig/sssdoptions.py:226 +msgid "Local authentication methods policy " msgstr "" #: src/config/SSSDConfig/sssdoptions.py:229 -msgid "IPA server address" +msgid "IPA domain" msgstr "" #: src/config/SSSDConfig/sssdoptions.py:230 -msgid "Address of backup IPA server" +msgid "IPA server address" msgstr "" #: src/config/SSSDConfig/sssdoptions.py:231 -msgid "IPA client hostname" +msgid "Address of backup IPA server" msgstr "" #: src/config/SSSDConfig/sssdoptions.py:232 +msgid "IPA client hostname" +msgstr "" + +#: src/config/SSSDConfig/sssdoptions.py:233 msgid "Whether to automatically update the client's DNS entry in FreeIPA" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:235 +#: src/config/SSSDConfig/sssdoptions.py:236 msgid "Search base for HBAC related objects" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:236 +#: src/config/SSSDConfig/sssdoptions.py:237 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:237 +#: src/config/SSSDConfig/sssdoptions.py:238 msgid "" "The amount of time in seconds between lookups of the SELinux maps against " "the IPA server" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:239 +#: src/config/SSSDConfig/sssdoptions.py:240 msgid "If set to false, host argument given by PAM will be ignored" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:240 +#: src/config/SSSDConfig/sssdoptions.py:241 msgid "The automounter location this IPA client is using" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:241 +#: src/config/SSSDConfig/sssdoptions.py:242 msgid "Search base for object containing info about IPA domain" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:242 +#: src/config/SSSDConfig/sssdoptions.py:243 msgid "Search base for objects containing info about ID ranges" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:243 -#: src/config/SSSDConfig/sssdoptions.py:299 +#: src/config/SSSDConfig/sssdoptions.py:244 +#: src/config/SSSDConfig/sssdoptions.py:300 msgid "Enable DNS sites - location based service discovery" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:244 +#: src/config/SSSDConfig/sssdoptions.py:245 msgid "Search base for view containers" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:245 +#: src/config/SSSDConfig/sssdoptions.py:246 msgid "Objectclass for view containers" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:246 +#: src/config/SSSDConfig/sssdoptions.py:247 msgid "Attribute with the name of the view" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:247 +#: src/config/SSSDConfig/sssdoptions.py:248 msgid "Objectclass for override objects" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:248 +#: src/config/SSSDConfig/sssdoptions.py:249 msgid "Attribute with the reference to the original object" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:249 +#: src/config/SSSDConfig/sssdoptions.py:250 msgid "Objectclass for user override objects" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:250 +#: src/config/SSSDConfig/sssdoptions.py:251 msgid "Objectclass for group override objects" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:251 +#: src/config/SSSDConfig/sssdoptions.py:252 msgid "Search base for Desktop Profile related objects" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:252 +#: src/config/SSSDConfig/sssdoptions.py:253 msgid "" "The amount of time in seconds between lookups of the Desktop Profile rules " "against the IPA server" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:254 +#: src/config/SSSDConfig/sssdoptions.py:255 msgid "" "The amount of time in minutes between lookups of Desktop Profiles rules " "against the IPA server when the last request did not find any rule" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:257 +#: src/config/SSSDConfig/sssdoptions.py:258 msgid "Search base for SUBID ranges" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:258 -#: src/config/SSSDConfig/sssdoptions.py:501 +#: src/config/SSSDConfig/sssdoptions.py:259 +#: src/config/SSSDConfig/sssdoptions.py:502 msgid "Which rules should be used to evaluate access control" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:259 +#: src/config/SSSDConfig/sssdoptions.py:260 msgid "The LDAP attribute that contains FQDN of the host." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:260 -#: src/config/SSSDConfig/sssdoptions.py:283 +#: src/config/SSSDConfig/sssdoptions.py:261 +#: src/config/SSSDConfig/sssdoptions.py:284 msgid "The object class of a host entry in LDAP." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:261 +#: src/config/SSSDConfig/sssdoptions.py:262 msgid "Use the given string as search base for host objects." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:262 +#: src/config/SSSDConfig/sssdoptions.py:263 msgid "The LDAP attribute that contains the host's SSH public keys." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:263 +#: src/config/SSSDConfig/sssdoptions.py:264 msgid "The LDAP attribute that contains NIS domain name of the netgroup." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:264 +#: src/config/SSSDConfig/sssdoptions.py:265 msgid "The LDAP attribute that contains the names of the netgroup's members." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:265 +#: src/config/SSSDConfig/sssdoptions.py:266 msgid "" "The LDAP attribute that lists FQDNs of hosts and host groups that are " "members of the netgroup." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:267 +#: src/config/SSSDConfig/sssdoptions.py:268 msgid "" "The LDAP attribute that lists hosts and host groups that are direct members " "of the netgroup." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:269 +#: src/config/SSSDConfig/sssdoptions.py:270 msgid "The LDAP attribute that lists netgroup's memberships." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:270 +#: src/config/SSSDConfig/sssdoptions.py:271 msgid "" "The LDAP attribute that lists system users and groups that are direct " "members of the netgroup." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:272 +#: src/config/SSSDConfig/sssdoptions.py:273 msgid "The LDAP attribute that corresponds to the netgroup name." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:273 +#: src/config/SSSDConfig/sssdoptions.py:274 msgid "The object class of a netgroup entry in LDAP." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:274 +#: src/config/SSSDConfig/sssdoptions.py:275 msgid "" "The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:275 +#: src/config/SSSDConfig/sssdoptions.py:276 msgid "" "The LDAP attribute that contains whether or not is user map enabled for " "usage." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:277 +#: src/config/SSSDConfig/sssdoptions.py:278 msgid "The LDAP attribute that contains host category such as 'all'." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:278 +#: src/config/SSSDConfig/sssdoptions.py:279 msgid "" "The LDAP attribute that contains all hosts / hostgroups this rule match " "against." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:280 +#: src/config/SSSDConfig/sssdoptions.py:281 msgid "" "The LDAP attribute that contains all users / groups this rule match against." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:282 +#: src/config/SSSDConfig/sssdoptions.py:283 msgid "The LDAP attribute that contains the name of SELinux usermap." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:284 +#: src/config/SSSDConfig/sssdoptions.py:285 msgid "" "The LDAP attribute that contains DN of HBAC rule which can be used for " "matching instead of memberUser and memberHost." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:286 +#: src/config/SSSDConfig/sssdoptions.py:287 msgid "The LDAP attribute that contains SELinux user string itself." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:287 +#: src/config/SSSDConfig/sssdoptions.py:288 msgid "The LDAP attribute that contains user category such as 'all'." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:288 +#: src/config/SSSDConfig/sssdoptions.py:289 msgid "The LDAP attribute that contains unique ID of the user map." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:289 +#: src/config/SSSDConfig/sssdoptions.py:290 msgid "" "The option denotes that the SSSD is running on IPA server and should perform " "lookups of users and groups from trusted domains differently." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:291 +#: src/config/SSSDConfig/sssdoptions.py:292 msgid "Use the given string as search base for trusted domains." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:294 +#: src/config/SSSDConfig/sssdoptions.py:295 msgid "Active Directory domain" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:295 +#: src/config/SSSDConfig/sssdoptions.py:296 msgid "Enabled Active Directory domains" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:296 +#: src/config/SSSDConfig/sssdoptions.py:297 msgid "Active Directory server address" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:297 +#: src/config/SSSDConfig/sssdoptions.py:298 msgid "Active Directory backup server address" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:298 +#: src/config/SSSDConfig/sssdoptions.py:299 msgid "Active Directory client hostname" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:300 -#: src/config/SSSDConfig/sssdoptions.py:499 +#: src/config/SSSDConfig/sssdoptions.py:301 +#: src/config/SSSDConfig/sssdoptions.py:500 msgid "LDAP filter to determine access privileges" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:301 +#: src/config/SSSDConfig/sssdoptions.py:302 msgid "Whether to use the Global Catalog for lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:302 +#: src/config/SSSDConfig/sssdoptions.py:303 msgid "Operation mode for GPO-based access control" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:303 +#: src/config/SSSDConfig/sssdoptions.py:304 msgid "" "The amount of time between lookups of the GPO policy files against the AD " "server" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:304 +#: src/config/SSSDConfig/sssdoptions.py:305 msgid "" "PAM service names that map to the GPO (Deny)InteractiveLogonRight policy " "settings" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:306 +#: src/config/SSSDConfig/sssdoptions.py:307 msgid "" "PAM service names that map to the GPO (Deny)RemoteInteractiveLogonRight " "policy settings" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:308 +#: src/config/SSSDConfig/sssdoptions.py:309 msgid "" "PAM service names that map to the GPO (Deny)NetworkLogonRight policy settings" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:309 +#: src/config/SSSDConfig/sssdoptions.py:310 msgid "" "PAM service names that map to the GPO (Deny)BatchLogonRight policy settings" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:310 +#: src/config/SSSDConfig/sssdoptions.py:311 msgid "" "PAM service names that map to the GPO (Deny)ServiceLogonRight policy settings" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:311 +#: src/config/SSSDConfig/sssdoptions.py:312 msgid "PAM service names for which GPO-based access is always granted" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:312 +#: src/config/SSSDConfig/sssdoptions.py:313 msgid "PAM service names for which GPO-based access is always denied" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:313 +#: src/config/SSSDConfig/sssdoptions.py:314 msgid "" "Default logon right (or permit/deny) to use for unmapped PAM service names" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:314 +#: src/config/SSSDConfig/sssdoptions.py:315 msgid "a particular site to be used by the client" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:315 +#: src/config/SSSDConfig/sssdoptions.py:316 msgid "" "Maximum age in days before the machine account password should be renewed" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:317 +#: src/config/SSSDConfig/sssdoptions.py:318 msgid "Option for tuning the machine account renewal task" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:318 +#: src/config/SSSDConfig/sssdoptions.py:319 msgid "Whether to update the machine account password in the Samba database" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:320 +#: src/config/SSSDConfig/sssdoptions.py:321 msgid "Use LDAPS port for LDAP and Global Catalog requests" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:321 +#: src/config/SSSDConfig/sssdoptions.py:322 msgid "Do not filter domain local groups from other domains" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:324 #: src/config/SSSDConfig/sssdoptions.py:325 +#: src/config/SSSDConfig/sssdoptions.py:326 msgid "Kerberos server address" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:326 +#: src/config/SSSDConfig/sssdoptions.py:327 msgid "Kerberos backup server address" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:327 +#: src/config/SSSDConfig/sssdoptions.py:328 msgid "Kerberos realm" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:328 +#: src/config/SSSDConfig/sssdoptions.py:329 msgid "Authentication timeout" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:329 +#: src/config/SSSDConfig/sssdoptions.py:330 msgid "Whether to create kdcinfo files" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:330 +#: src/config/SSSDConfig/sssdoptions.py:331 msgid "Where to drop krb5 config snippets" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:333 +#: src/config/SSSDConfig/sssdoptions.py:334 msgid "Directory to store credential caches" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:334 +#: src/config/SSSDConfig/sssdoptions.py:335 msgid "Location of the user's credential cache" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:335 +#: src/config/SSSDConfig/sssdoptions.py:336 msgid "Location of the keytab to validate credentials" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:336 +#: src/config/SSSDConfig/sssdoptions.py:337 msgid "Enable credential validation" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:337 +#: src/config/SSSDConfig/sssdoptions.py:338 msgid "Store password if offline for later online authentication" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:338 +#: src/config/SSSDConfig/sssdoptions.py:339 msgid "Renewable lifetime of the TGT" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:339 +#: src/config/SSSDConfig/sssdoptions.py:340 msgid "Lifetime of the TGT" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:340 +#: src/config/SSSDConfig/sssdoptions.py:341 msgid "Time between two checks for renewal" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:341 +#: src/config/SSSDConfig/sssdoptions.py:342 msgid "Enables FAST" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:342 +#: src/config/SSSDConfig/sssdoptions.py:343 msgid "Selects the principal to use for FAST" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:343 +#: src/config/SSSDConfig/sssdoptions.py:344 msgid "Use anonymous PKINIT to request FAST credentials" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:344 +#: src/config/SSSDConfig/sssdoptions.py:345 msgid "Enables principal canonicalization" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:345 +#: src/config/SSSDConfig/sssdoptions.py:346 msgid "Enables enterprise principals" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:346 +#: src/config/SSSDConfig/sssdoptions.py:347 msgid "Enables using of subdomains realms for authentication" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:347 +#: src/config/SSSDConfig/sssdoptions.py:348 msgid "A mapping from user names to Kerberos principal names" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:350 #: src/config/SSSDConfig/sssdoptions.py:351 +#: src/config/SSSDConfig/sssdoptions.py:352 msgid "Server where the change password service is running if not on the KDC" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:354 +#: src/config/SSSDConfig/sssdoptions.py:355 msgid "ldap_uri, The URI of the LDAP server" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:355 +#: src/config/SSSDConfig/sssdoptions.py:356 msgid "ldap_backup_uri, The URI of the LDAP server" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:356 +#: src/config/SSSDConfig/sssdoptions.py:357 msgid "The default base DN" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:357 +#: src/config/SSSDConfig/sssdoptions.py:358 msgid "The Schema Type in use on the LDAP server, rfc2307" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:358 +#: src/config/SSSDConfig/sssdoptions.py:359 msgid "Mode used to change user password" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:359 +#: src/config/SSSDConfig/sssdoptions.py:360 msgid "The default bind DN" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:360 +#: src/config/SSSDConfig/sssdoptions.py:361 msgid "The type of the authentication token of the default bind DN" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:361 +#: src/config/SSSDConfig/sssdoptions.py:362 msgid "The authentication token of the default bind DN" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:362 +#: src/config/SSSDConfig/sssdoptions.py:363 msgid "Length of time to attempt connection" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:363 +#: src/config/SSSDConfig/sssdoptions.py:364 msgid "Length of time to attempt synchronous LDAP operations" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:364 +#: src/config/SSSDConfig/sssdoptions.py:365 msgid "Length of time between attempts to reconnect while offline" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:365 +#: src/config/SSSDConfig/sssdoptions.py:366 msgid "Use only the upper case for realm names" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:366 +#: src/config/SSSDConfig/sssdoptions.py:367 msgid "File that contains CA certificates" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:367 +#: src/config/SSSDConfig/sssdoptions.py:368 msgid "Path to CA certificate directory" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:368 +#: src/config/SSSDConfig/sssdoptions.py:369 msgid "File that contains the client certificate" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:369 +#: src/config/SSSDConfig/sssdoptions.py:370 msgid "File that contains the client key" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:370 +#: src/config/SSSDConfig/sssdoptions.py:371 msgid "List of possible ciphers suites" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:371 +#: src/config/SSSDConfig/sssdoptions.py:372 msgid "Require TLS certificate verification" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:372 +#: src/config/SSSDConfig/sssdoptions.py:373 msgid "Specify the sasl mechanism to use" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:373 +#: src/config/SSSDConfig/sssdoptions.py:374 msgid "Specify the sasl authorization id to use" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:374 +#: src/config/SSSDConfig/sssdoptions.py:375 msgid "Specify the sasl authorization realm to use" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:375 +#: src/config/SSSDConfig/sssdoptions.py:376 msgid "Specify the minimal SSF for LDAP sasl authorization" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:376 +#: src/config/SSSDConfig/sssdoptions.py:377 msgid "Specify the maximal SSF for LDAP sasl authorization" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:377 +#: src/config/SSSDConfig/sssdoptions.py:378 msgid "Kerberos service keytab" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:378 +#: src/config/SSSDConfig/sssdoptions.py:379 msgid "Use Kerberos auth for LDAP connection" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:379 +#: src/config/SSSDConfig/sssdoptions.py:380 msgid "Follow LDAP referrals" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:380 +#: src/config/SSSDConfig/sssdoptions.py:381 msgid "Lifetime of TGT for LDAP connection" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:381 +#: src/config/SSSDConfig/sssdoptions.py:382 msgid "How to dereference aliases" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:382 +#: src/config/SSSDConfig/sssdoptions.py:383 msgid "Service name for DNS service lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:383 +#: src/config/SSSDConfig/sssdoptions.py:384 msgid "The number of records to retrieve in a single LDAP query" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:384 +#: src/config/SSSDConfig/sssdoptions.py:385 msgid "The number of members that must be missing to trigger a full deref" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:385 +#: src/config/SSSDConfig/sssdoptions.py:386 msgid "Ignore unreadable LDAP references" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:386 +#: src/config/SSSDConfig/sssdoptions.py:387 msgid "" "Whether the LDAP library should perform a reverse lookup to canonicalize the " "host name during a SASL bind" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:388 +#: src/config/SSSDConfig/sssdoptions.py:389 msgid "" "Allows to retain local users as members of an LDAP group for servers that " "use the RFC2307 schema." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:391 +#: src/config/SSSDConfig/sssdoptions.py:392 msgid "entryUSN attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:392 +#: src/config/SSSDConfig/sssdoptions.py:393 msgid "lastUSN attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:394 +#: src/config/SSSDConfig/sssdoptions.py:395 msgid "How long to retain a connection to the LDAP server before disconnecting" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:397 +#: src/config/SSSDConfig/sssdoptions.py:398 msgid "Disable the LDAP paging control" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:398 +#: src/config/SSSDConfig/sssdoptions.py:399 msgid "Disable Active Directory range retrieval" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:401 +#: src/config/SSSDConfig/sssdoptions.py:402 msgid "Length of time to wait for a search request" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:402 +#: src/config/SSSDConfig/sssdoptions.py:403 msgid "Length of time to wait for a enumeration request" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:403 +#: src/config/SSSDConfig/sssdoptions.py:404 msgid "Length of time between enumeration updates" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:404 +#: src/config/SSSDConfig/sssdoptions.py:405 msgid "Maximum period deviation between enumeration updates" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:405 +#: src/config/SSSDConfig/sssdoptions.py:406 msgid "Length of time between cache cleanups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:406 +#: src/config/SSSDConfig/sssdoptions.py:407 msgid "Maximum time deviation between cache cleanups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:407 +#: src/config/SSSDConfig/sssdoptions.py:408 msgid "Require TLS for ID lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:408 +#: src/config/SSSDConfig/sssdoptions.py:409 msgid "Use ID-mapping of objectSID instead of pre-set IDs" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:409 +#: src/config/SSSDConfig/sssdoptions.py:410 msgid "Base DN for user lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:410 +#: src/config/SSSDConfig/sssdoptions.py:411 msgid "Scope of user lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:411 +#: src/config/SSSDConfig/sssdoptions.py:412 msgid "Filter for user lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:412 +#: src/config/SSSDConfig/sssdoptions.py:413 msgid "Objectclass for users" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:413 +#: src/config/SSSDConfig/sssdoptions.py:414 msgid "Username attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:414 +#: src/config/SSSDConfig/sssdoptions.py:415 msgid "UID attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:415 +#: src/config/SSSDConfig/sssdoptions.py:416 msgid "Primary GID attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:416 +#: src/config/SSSDConfig/sssdoptions.py:417 msgid "GECOS attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:417 +#: src/config/SSSDConfig/sssdoptions.py:418 msgid "Home directory attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:418 +#: src/config/SSSDConfig/sssdoptions.py:419 msgid "Shell attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:419 +#: src/config/SSSDConfig/sssdoptions.py:420 msgid "UUID attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:420 -#: src/config/SSSDConfig/sssdoptions.py:459 +#: src/config/SSSDConfig/sssdoptions.py:421 +#: src/config/SSSDConfig/sssdoptions.py:460 msgid "objectSID attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:421 +#: src/config/SSSDConfig/sssdoptions.py:422 msgid "Active Directory primary group attribute for ID-mapping" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:422 +#: src/config/SSSDConfig/sssdoptions.py:423 msgid "User principal attribute (for Kerberos)" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:423 +#: src/config/SSSDConfig/sssdoptions.py:424 msgid "Full Name" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:424 +#: src/config/SSSDConfig/sssdoptions.py:425 msgid "memberOf attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:425 +#: src/config/SSSDConfig/sssdoptions.py:426 msgid "Modification time attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:426 +#: src/config/SSSDConfig/sssdoptions.py:427 msgid "shadowLastChange attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:427 +#: src/config/SSSDConfig/sssdoptions.py:428 msgid "shadowMin attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:428 +#: src/config/SSSDConfig/sssdoptions.py:429 msgid "shadowMax attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:429 +#: src/config/SSSDConfig/sssdoptions.py:430 msgid "shadowWarning attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:430 +#: src/config/SSSDConfig/sssdoptions.py:431 msgid "shadowInactive attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:431 +#: src/config/SSSDConfig/sssdoptions.py:432 msgid "shadowExpire attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:432 +#: src/config/SSSDConfig/sssdoptions.py:433 msgid "shadowFlag attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:433 +#: src/config/SSSDConfig/sssdoptions.py:434 msgid "Attribute listing authorized PAM services" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:434 +#: src/config/SSSDConfig/sssdoptions.py:435 msgid "Attribute listing authorized server hosts" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:435 +#: src/config/SSSDConfig/sssdoptions.py:436 msgid "Attribute listing authorized server rhosts" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:436 +#: src/config/SSSDConfig/sssdoptions.py:437 msgid "krbLastPwdChange attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:437 +#: src/config/SSSDConfig/sssdoptions.py:438 msgid "krbPasswordExpiration attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:438 +#: src/config/SSSDConfig/sssdoptions.py:439 msgid "Attribute indicating that server side password policies are active" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:439 +#: src/config/SSSDConfig/sssdoptions.py:440 msgid "accountExpires attribute of AD" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:440 +#: src/config/SSSDConfig/sssdoptions.py:441 msgid "userAccountControl attribute of AD" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:441 +#: src/config/SSSDConfig/sssdoptions.py:442 msgid "nsAccountLock attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:442 +#: src/config/SSSDConfig/sssdoptions.py:443 msgid "loginDisabled attribute of NDS" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:443 +#: src/config/SSSDConfig/sssdoptions.py:444 msgid "loginExpirationTime attribute of NDS" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:444 +#: src/config/SSSDConfig/sssdoptions.py:445 msgid "loginAllowedTimeMap attribute of NDS" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:445 +#: src/config/SSSDConfig/sssdoptions.py:446 msgid "SSH public key attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:446 +#: src/config/SSSDConfig/sssdoptions.py:447 msgid "attribute listing allowed authentication types for a user" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:447 +#: src/config/SSSDConfig/sssdoptions.py:448 msgid "attribute containing the X509 certificate of the user" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:448 +#: src/config/SSSDConfig/sssdoptions.py:449 msgid "attribute containing the email address of the user" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:449 +#: src/config/SSSDConfig/sssdoptions.py:450 msgid "attribute containing the passkey mapping data of the user" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:450 +#: src/config/SSSDConfig/sssdoptions.py:451 msgid "A list of extra attributes to download along with the user entry" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:452 +#: src/config/SSSDConfig/sssdoptions.py:453 msgid "Base DN for group lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:453 +#: src/config/SSSDConfig/sssdoptions.py:454 msgid "Objectclass for groups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:454 +#: src/config/SSSDConfig/sssdoptions.py:455 msgid "Group name" msgstr "Номи гурӯҳ" -#: src/config/SSSDConfig/sssdoptions.py:455 +#: src/config/SSSDConfig/sssdoptions.py:456 msgid "Group password" msgstr "Пароли гурӯҳ" -#: src/config/SSSDConfig/sssdoptions.py:456 +#: src/config/SSSDConfig/sssdoptions.py:457 msgid "GID attribute" msgstr "Аттрибути GID" -#: src/config/SSSDConfig/sssdoptions.py:457 +#: src/config/SSSDConfig/sssdoptions.py:458 msgid "Group member attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:458 +#: src/config/SSSDConfig/sssdoptions.py:459 msgid "Group UUID attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:460 +#: src/config/SSSDConfig/sssdoptions.py:461 msgid "Modification time attribute for groups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:461 +#: src/config/SSSDConfig/sssdoptions.py:462 msgid "Type of the group and other flags" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:462 +#: src/config/SSSDConfig/sssdoptions.py:463 msgid "The LDAP group external member attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:463 +#: src/config/SSSDConfig/sssdoptions.py:464 msgid "Maximum nesting level SSSD will follow" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:464 +#: src/config/SSSDConfig/sssdoptions.py:465 msgid "Filter for group lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:465 +#: src/config/SSSDConfig/sssdoptions.py:466 msgid "Scope of group lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:467 +#: src/config/SSSDConfig/sssdoptions.py:468 msgid "Base DN for netgroup lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:468 +#: src/config/SSSDConfig/sssdoptions.py:469 msgid "Objectclass for netgroups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:469 +#: src/config/SSSDConfig/sssdoptions.py:470 msgid "Netgroup name" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:470 +#: src/config/SSSDConfig/sssdoptions.py:471 msgid "Netgroups members attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:471 +#: src/config/SSSDConfig/sssdoptions.py:472 msgid "Netgroup triple attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:472 +#: src/config/SSSDConfig/sssdoptions.py:473 msgid "Modification time attribute for netgroups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:474 +#: src/config/SSSDConfig/sssdoptions.py:475 msgid "Base DN for service lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:475 +#: src/config/SSSDConfig/sssdoptions.py:476 msgid "Objectclass for services" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:476 +#: src/config/SSSDConfig/sssdoptions.py:477 msgid "Service name attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:477 +#: src/config/SSSDConfig/sssdoptions.py:478 msgid "Service port attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:478 +#: src/config/SSSDConfig/sssdoptions.py:479 msgid "Service protocol attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:480 +#: src/config/SSSDConfig/sssdoptions.py:481 msgid "Lower bound for ID-mapping" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:481 +#: src/config/SSSDConfig/sssdoptions.py:482 msgid "Upper bound for ID-mapping" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:482 +#: src/config/SSSDConfig/sssdoptions.py:483 msgid "Number of IDs for each slice when ID-mapping" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:483 +#: src/config/SSSDConfig/sssdoptions.py:484 msgid "Use autorid-compatible algorithm for ID-mapping" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:484 +#: src/config/SSSDConfig/sssdoptions.py:485 msgid "Name of the default domain for ID-mapping" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:485 +#: src/config/SSSDConfig/sssdoptions.py:486 msgid "SID of the default domain for ID-mapping" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:486 +#: src/config/SSSDConfig/sssdoptions.py:487 msgid "Number of secondary slices" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:488 +#: src/config/SSSDConfig/sssdoptions.py:489 msgid "Whether to use Token-Groups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:489 +#: src/config/SSSDConfig/sssdoptions.py:490 msgid "Set lower boundary for allowed IDs from the LDAP server" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:490 +#: src/config/SSSDConfig/sssdoptions.py:491 msgid "Set upper boundary for allowed IDs from the LDAP server" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:491 +#: src/config/SSSDConfig/sssdoptions.py:492 msgid "DN for ppolicy queries" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:492 +#: src/config/SSSDConfig/sssdoptions.py:493 msgid "How many maximum entries to fetch during a wildcard request" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:493 +#: src/config/SSSDConfig/sssdoptions.py:494 msgid "Set libldap debug level" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:496 +#: src/config/SSSDConfig/sssdoptions.py:497 msgid "Policy to evaluate the password expiration" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:500 +#: src/config/SSSDConfig/sssdoptions.py:501 msgid "Which attributes shall be used to evaluate if an account is expired" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:504 +#: src/config/SSSDConfig/sssdoptions.py:505 msgid "URI of an LDAP server where password changes are allowed" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:505 +#: src/config/SSSDConfig/sssdoptions.py:506 msgid "URI of a backup LDAP server where password changes are allowed" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:506 +#: src/config/SSSDConfig/sssdoptions.py:507 msgid "DNS service name for LDAP password change server" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:507 +#: src/config/SSSDConfig/sssdoptions.py:508 msgid "" "Whether to update the ldap_user_shadow_last_change attribute after a " "password change" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:511 +#: src/config/SSSDConfig/sssdoptions.py:512 msgid "Base DN for sudo rules lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:512 +#: src/config/SSSDConfig/sssdoptions.py:513 msgid "Automatic full refresh period" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:513 +#: src/config/SSSDConfig/sssdoptions.py:514 msgid "Automatic smart refresh period" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:514 +#: src/config/SSSDConfig/sssdoptions.py:515 msgid "Smart and full refresh random offset" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:515 +#: src/config/SSSDConfig/sssdoptions.py:516 msgid "Whether to filter rules by hostname, IP addresses and network" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:516 +#: src/config/SSSDConfig/sssdoptions.py:517 msgid "" "Hostnames and/or fully qualified domain names of this machine to filter sudo " "rules" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:517 +#: src/config/SSSDConfig/sssdoptions.py:518 msgid "IPv4 or IPv6 addresses or network of this machine to filter sudo rules" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:518 +#: src/config/SSSDConfig/sssdoptions.py:519 msgid "Whether to include rules that contains netgroup in host attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:519 +#: src/config/SSSDConfig/sssdoptions.py:520 msgid "" "Whether to include rules that contains regular expression in host attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:520 +#: src/config/SSSDConfig/sssdoptions.py:521 msgid "Object class for sudo rules" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:521 +#: src/config/SSSDConfig/sssdoptions.py:522 msgid "Name of attribute that is used as object class for sudo rules" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:522 +#: src/config/SSSDConfig/sssdoptions.py:523 msgid "Sudo rule name" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:523 +#: src/config/SSSDConfig/sssdoptions.py:524 msgid "Sudo rule command attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:524 +#: src/config/SSSDConfig/sssdoptions.py:525 msgid "Sudo rule host attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:525 +#: src/config/SSSDConfig/sssdoptions.py:526 msgid "Sudo rule user attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:526 +#: src/config/SSSDConfig/sssdoptions.py:527 msgid "Sudo rule option attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:527 +#: src/config/SSSDConfig/sssdoptions.py:528 msgid "Sudo rule runas attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:528 +#: src/config/SSSDConfig/sssdoptions.py:529 msgid "Sudo rule runasuser attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:529 +#: src/config/SSSDConfig/sssdoptions.py:530 msgid "Sudo rule runasgroup attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:530 +#: src/config/SSSDConfig/sssdoptions.py:531 msgid "Sudo rule notbefore attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:531 +#: src/config/SSSDConfig/sssdoptions.py:532 msgid "Sudo rule notafter attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:532 +#: src/config/SSSDConfig/sssdoptions.py:533 msgid "Sudo rule order attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:535 +#: src/config/SSSDConfig/sssdoptions.py:536 msgid "Object class for automounter maps" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:536 +#: src/config/SSSDConfig/sssdoptions.py:537 msgid "Automounter map name attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:537 +#: src/config/SSSDConfig/sssdoptions.py:538 msgid "Object class for automounter map entries" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:538 +#: src/config/SSSDConfig/sssdoptions.py:539 msgid "Automounter map entry key attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:539 +#: src/config/SSSDConfig/sssdoptions.py:540 msgid "Automounter map entry value attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:540 +#: src/config/SSSDConfig/sssdoptions.py:541 msgid "Base DN for automounter map lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:541 +#: src/config/SSSDConfig/sssdoptions.py:542 msgid "The name of the automount master map in LDAP." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:544 +#: src/config/SSSDConfig/sssdoptions.py:545 msgid "Base DN for IP hosts lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:545 +#: src/config/SSSDConfig/sssdoptions.py:546 msgid "Object class for IP hosts" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:546 +#: src/config/SSSDConfig/sssdoptions.py:547 msgid "IP host name attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:547 +#: src/config/SSSDConfig/sssdoptions.py:548 msgid "IP host number (address) attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:548 +#: src/config/SSSDConfig/sssdoptions.py:549 msgid "IP host entryUSN attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:549 +#: src/config/SSSDConfig/sssdoptions.py:550 msgid "Base DN for IP networks lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:550 +#: src/config/SSSDConfig/sssdoptions.py:551 msgid "Object class for IP networks" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:551 +#: src/config/SSSDConfig/sssdoptions.py:552 msgid "IP network name attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:552 +#: src/config/SSSDConfig/sssdoptions.py:553 msgid "IP network number (address) attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:553 +#: src/config/SSSDConfig/sssdoptions.py:554 msgid "IP network entryUSN attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:556 +#: src/config/SSSDConfig/sssdoptions.py:557 msgid "Comma separated list of allowed users" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:557 +#: src/config/SSSDConfig/sssdoptions.py:558 msgid "Comma separated list of prohibited users" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:558 +#: src/config/SSSDConfig/sssdoptions.py:559 msgid "" "Comma separated list of groups that are allowed to log in. This applies only " "to groups within this SSSD domain. Local groups are not evaluated." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:560 +#: src/config/SSSDConfig/sssdoptions.py:561 msgid "" "Comma separated list of groups that are explicitly denied access. This " "applies only to groups within this SSSD domain. Local groups are not " "evaluated." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:564 +#: src/config/SSSDConfig/sssdoptions.py:565 msgid "The number of preforked proxy children." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:567 +#: src/config/SSSDConfig/sssdoptions.py:568 msgid "The name of the NSS library to use" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:568 +#: src/config/SSSDConfig/sssdoptions.py:569 msgid "The name of the NSS library to use for hosts and networks lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:569 +#: src/config/SSSDConfig/sssdoptions.py:570 msgid "Whether to look up canonical group name from cache if possible" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:572 +#: src/config/SSSDConfig/sssdoptions.py:573 msgid "PAM stack to use" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:575 +#: src/config/SSSDConfig/sssdoptions.py:576 msgid "Path of passwd file sources." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:576 +#: src/config/SSSDConfig/sssdoptions.py:577 msgid "Path of group file sources." msgstr "" @@ -1880,67 +1884,67 @@ msgstr "" msgid "SSSD is already running\n" msgstr "" -#: src/providers/krb5/krb5_child.c:4007 src/providers/ldap/ldap_child.c:641 +#: src/providers/krb5/krb5_child.c:4027 src/providers/ldap/ldap_child.c:642 msgid "Allow core dumps" msgstr "" -#: src/providers/krb5/krb5_child.c:4009 src/providers/ldap/ldap_child.c:643 +#: src/providers/krb5/krb5_child.c:4029 src/providers/ldap/ldap_child.c:644 msgid "An open file descriptor for the debug logs" msgstr "" -#: src/providers/krb5/krb5_child.c:4012 +#: src/providers/krb5/krb5_child.c:4032 msgid "The user to create FAST ccache as" msgstr "" -#: src/providers/krb5/krb5_child.c:4014 +#: src/providers/krb5/krb5_child.c:4034 msgid "The group to create FAST ccache as" msgstr "" -#: src/providers/krb5/krb5_child.c:4016 +#: src/providers/krb5/krb5_child.c:4036 msgid "Use anonymous PKINIT to request FAST armor ticket" msgstr "" -#: src/providers/krb5/krb5_child.c:4018 +#: src/providers/krb5/krb5_child.c:4038 msgid "Kerberos realm to use" msgstr "" -#: src/providers/krb5/krb5_child.c:4020 +#: src/providers/krb5/krb5_child.c:4040 msgid "Requested lifetime of the ticket" msgstr "" -#: src/providers/krb5/krb5_child.c:4022 +#: src/providers/krb5/krb5_child.c:4042 msgid "Requested renewable lifetime of the ticket" msgstr "" -#: src/providers/krb5/krb5_child.c:4024 +#: src/providers/krb5/krb5_child.c:4044 msgid "FAST options ('never', 'try', 'demand')" msgstr "" -#: src/providers/krb5/krb5_child.c:4027 +#: src/providers/krb5/krb5_child.c:4047 msgid "Specifies the server principal to use for FAST" msgstr "" -#: src/providers/krb5/krb5_child.c:4029 +#: src/providers/krb5/krb5_child.c:4049 msgid "Requests canonicalization of the principal name" msgstr "" -#: src/providers/krb5/krb5_child.c:4031 +#: src/providers/krb5/krb5_child.c:4051 msgid "Use custom version of krb5_get_init_creds_password" msgstr "" -#: src/providers/krb5/krb5_child.c:4033 +#: src/providers/krb5/krb5_child.c:4053 msgid "Tevent chain ID used for logging purposes" msgstr "" -#: src/providers/krb5/krb5_child.c:4035 +#: src/providers/krb5/krb5_child.c:4055 msgid "Check PAC flags" msgstr "" -#: src/providers/krb5/krb5_child.c:4079 src/providers/ldap/ldap_child.c:669 +#: src/providers/krb5/krb5_child.c:4099 src/providers/ldap/ldap_child.c:670 msgid "talloc_asprintf failed.\n" msgstr "" -#: src/providers/krb5/krb5_child.c:4089 src/providers/ldap/ldap_child.c:678 +#: src/providers/krb5/krb5_child.c:4109 src/providers/ldap/ldap_child.c:679 msgid "set_debug_file_from_fd failed.\n" msgstr "" @@ -1984,119 +1988,131 @@ msgstr "" msgid "Permission denied. " msgstr "" -#: src/sss_client/pam_sss.c:70 src/sss_client/pam_sss.c:819 -#: src/sss_client/pam_sss.c:830 +#: src/sss_client/pam_sss.c:70 src/sss_client/pam_sss.c:838 +#: src/sss_client/pam_sss.c:849 msgid "Server message: " msgstr "" #: src/sss_client/pam_sss.c:71 +msgid "" +"Kerberos TGT will not be granted upon login, user experience will be " +"affected." +msgstr "" + +#: src/sss_client/pam_sss.c:72 msgid "Enter PIN:" msgstr "" -#: src/sss_client/pam_sss.c:314 +#: src/sss_client/pam_sss.c:315 msgid "Passwords do not match" msgstr "Паролҳо номувофиқанд" -#: src/sss_client/pam_sss.c:502 +#: src/sss_client/pam_sss.c:503 msgid "Password reset by root is not supported." msgstr "" -#: src/sss_client/pam_sss.c:543 +#: src/sss_client/pam_sss.c:544 msgid "Authenticated with cached credentials" msgstr "" -#: src/sss_client/pam_sss.c:544 +#: src/sss_client/pam_sss.c:545 msgid ", your cached password will expire at: " msgstr "" -#: src/sss_client/pam_sss.c:574 +#: src/sss_client/pam_sss.c:575 #, c-format msgid "Your password has expired. You have %1$d grace login(s) remaining." msgstr "" -#: src/sss_client/pam_sss.c:624 +#: src/sss_client/pam_sss.c:625 #, c-format msgid "Your password will expire in %1$d %2$s." msgstr "" -#: src/sss_client/pam_sss.c:627 +#: src/sss_client/pam_sss.c:628 #, c-format msgid "Your password has expired." msgstr "" -#: src/sss_client/pam_sss.c:678 +#: src/sss_client/pam_sss.c:679 msgid "Authentication is denied until: " msgstr "" -#: src/sss_client/pam_sss.c:699 +#: src/sss_client/pam_sss.c:700 msgid "System is offline, password change not possible" msgstr "" -#: src/sss_client/pam_sss.c:714 +#: src/sss_client/pam_sss.c:715 msgid "" "After changing the OTP password, you need to log out and back in order to " "acquire a ticket" msgstr "" -#: src/sss_client/pam_sss.c:729 +#: src/sss_client/pam_sss.c:730 msgid "PIN locked" msgstr "" -#: src/sss_client/pam_sss.c:816 src/sss_client/pam_sss.c:829 +#: src/sss_client/pam_sss.c:745 +msgid "" +"No Kerberos TGT granted as the server does not support this method. Your " +"single-sign on(SSO) experience will be affected." +msgstr "" + +#: src/sss_client/pam_sss.c:835 src/sss_client/pam_sss.c:848 msgid "Password change failed. " msgstr "" -#: src/sss_client/pam_sss.c:1797 +#: src/sss_client/pam_sss.c:1819 #, c-format msgid "Authenticate at %1$s and press ENTER." msgstr "" -#: src/sss_client/pam_sss.c:1800 +#: src/sss_client/pam_sss.c:1822 #, c-format msgid "Authenticate with PIN %1$s at %2$s and press ENTER." msgstr "" -#: src/sss_client/pam_sss.c:2153 +#: src/sss_client/pam_sss.c:2181 msgid "Please (re)insert (different) Smartcard" msgstr "" -#: src/sss_client/pam_sss.c:2352 +#: src/sss_client/pam_sss.c:2380 msgid "New Password: " msgstr "Пароли нав:" -#: src/sss_client/pam_sss.c:2353 +#: src/sss_client/pam_sss.c:2381 msgid "Reenter new Password: " msgstr "" -#: src/sss_client/pam_sss.c:2523 src/sss_client/pam_sss.c:2526 +#: src/sss_client/pam_sss.c:2551 src/sss_client/pam_sss.c:2554 msgid "First Factor: " msgstr "" -#: src/sss_client/pam_sss.c:2524 src/sss_client/pam_sss.c:2707 +#: src/sss_client/pam_sss.c:2552 src/sss_client/pam_sss.c:2740 msgid "Second Factor (optional): " msgstr "" -#: src/sss_client/pam_sss.c:2527 src/sss_client/pam_sss.c:2710 +#: src/sss_client/pam_sss.c:2555 src/sss_client/pam_sss.c:2743 msgid "Second Factor: " msgstr "" -#: src/sss_client/pam_sss.c:2547 +#: src/sss_client/pam_sss.c:2575 msgid "Insert your passkey device, then press ENTER." msgstr "" -#: src/sss_client/pam_sss.c:2551 src/sss_client/pam_sss.c:2554 +#: src/sss_client/pam_sss.c:2579 src/sss_client/pam_sss.c:2587 msgid "Password: " msgstr "Парол:" -#: src/sss_client/pam_sss.c:2706 src/sss_client/pam_sss.c:2709 +#: src/sss_client/pam_sss.c:2739 src/sss_client/pam_sss.c:2742 msgid "First Factor (Current Password): " msgstr "" -#: src/sss_client/pam_sss.c:2713 +#: src/sss_client/pam_sss.c:2746 msgid "Current Password: " msgstr "" -#: src/sss_client/pam_sss.c:3070 +#: src/sss_client/pam_sss.c:3103 msgid "Password expired. Change your password now." msgstr "" diff --git a/po/tr.po b/po/tr.po index ad5ff4a13b8..44499824d1f 100644 --- a/po/tr.po +++ b/po/tr.po @@ -10,7 +10,7 @@ msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" -"POT-Creation-Date: 2023-05-05 10:11+0200\n" +"POT-Creation-Date: 2023-09-07 11:48+0200\n" "PO-Revision-Date: 2023-06-04 04:20+0000\n" "Last-Translator: Kemal Oktay Aktoğan \n" "Language-Team: Turkish altında çalışıyor, yetkili kullanıcı(root) olmalı\n" msgid "SSSD is already running\n" msgstr "SSSD zaten çalışıyor\n" -#: src/providers/krb5/krb5_child.c:4007 src/providers/ldap/ldap_child.c:641 +#: src/providers/krb5/krb5_child.c:4027 src/providers/ldap/ldap_child.c:642 msgid "Allow core dumps" msgstr "Çekirdek dökümlerine izin ver" -#: src/providers/krb5/krb5_child.c:4009 src/providers/ldap/ldap_child.c:643 +#: src/providers/krb5/krb5_child.c:4029 src/providers/ldap/ldap_child.c:644 msgid "An open file descriptor for the debug logs" msgstr "Hata ayıklama günlükleri için açık bir dosya tanımlayıcısı" -#: src/providers/krb5/krb5_child.c:4012 +#: src/providers/krb5/krb5_child.c:4032 msgid "The user to create FAST ccache as" msgstr "Kullanıcı olarak FAST ccache oluştur" -#: src/providers/krb5/krb5_child.c:4014 +#: src/providers/krb5/krb5_child.c:4034 msgid "The group to create FAST ccache as" msgstr "Grup olarak FAST ccache oluştur" -#: src/providers/krb5/krb5_child.c:4016 +#: src/providers/krb5/krb5_child.c:4036 msgid "Use anonymous PKINIT to request FAST armor ticket" msgstr "FAST kimlik bilgilerini istemek için anonim PKINIT kullanın" -#: src/providers/krb5/krb5_child.c:4018 +#: src/providers/krb5/krb5_child.c:4038 msgid "Kerberos realm to use" msgstr "Kullanılacak Kerberos bölgesi" -#: src/providers/krb5/krb5_child.c:4020 +#: src/providers/krb5/krb5_child.c:4040 msgid "Requested lifetime of the ticket" msgstr "Biletin talep edilen kullanım ömrü" -#: src/providers/krb5/krb5_child.c:4022 +#: src/providers/krb5/krb5_child.c:4042 msgid "Requested renewable lifetime of the ticket" msgstr "Biletin talep edilen yenilenebilir kullanım ömrü" -#: src/providers/krb5/krb5_child.c:4024 +#: src/providers/krb5/krb5_child.c:4044 msgid "FAST options ('never', 'try', 'demand')" msgstr "FAST seçenekleri ('never', 'try', 'demand')" -#: src/providers/krb5/krb5_child.c:4027 +#: src/providers/krb5/krb5_child.c:4047 msgid "Specifies the server principal to use for FAST" msgstr "FAST için kullanılacak sunucu sorumlusunu belirtir" -#: src/providers/krb5/krb5_child.c:4029 +#: src/providers/krb5/krb5_child.c:4049 msgid "Requests canonicalization of the principal name" msgstr "Ana adın standartlaştırılmasını ister" -#: src/providers/krb5/krb5_child.c:4031 +#: src/providers/krb5/krb5_child.c:4051 msgid "Use custom version of krb5_get_init_creds_password" msgstr "krb5_get_init_creds_password'ün özel sürümünü kullanın" -#: src/providers/krb5/krb5_child.c:4033 +#: src/providers/krb5/krb5_child.c:4053 msgid "Tevent chain ID used for logging purposes" msgstr "Günlük kaydı amacıyla kullanılan olay zinciri kimliği" -#: src/providers/krb5/krb5_child.c:4035 +#: src/providers/krb5/krb5_child.c:4055 msgid "Check PAC flags" msgstr "PAC bayraklarını denetleyin" -#: src/providers/krb5/krb5_child.c:4079 src/providers/ldap/ldap_child.c:669 +#: src/providers/krb5/krb5_child.c:4099 src/providers/ldap/ldap_child.c:670 msgid "talloc_asprintf failed.\n" msgstr "talloc_asprintf başarısız oldu.\n" -#: src/providers/krb5/krb5_child.c:4089 src/providers/ldap/ldap_child.c:678 +#: src/providers/krb5/krb5_child.c:4109 src/providers/ldap/ldap_child.c:679 msgid "set_debug_file_from_fd failed.\n" msgstr "set_debug_file_from_fd başarısız oldu.\n" @@ -2168,55 +2172,61 @@ msgstr "Hata açıklaması aranırken beklenmeyen hata" msgid "Permission denied. " msgstr "İzin reddedildi. " -#: src/sss_client/pam_sss.c:70 src/sss_client/pam_sss.c:819 -#: src/sss_client/pam_sss.c:830 +#: src/sss_client/pam_sss.c:70 src/sss_client/pam_sss.c:838 +#: src/sss_client/pam_sss.c:849 msgid "Server message: " msgstr "Sunucu iletisi: " #: src/sss_client/pam_sss.c:71 +msgid "" +"Kerberos TGT will not be granted upon login, user experience will be " +"affected." +msgstr "" + +#: src/sss_client/pam_sss.c:72 msgid "Enter PIN:" msgstr "" -#: src/sss_client/pam_sss.c:314 +#: src/sss_client/pam_sss.c:315 msgid "Passwords do not match" msgstr "Parolalar eşleşmiyor" -#: src/sss_client/pam_sss.c:502 +#: src/sss_client/pam_sss.c:503 msgid "Password reset by root is not supported." msgstr "Yönetici tarafından parola sıfırlama desteklenmez." -#: src/sss_client/pam_sss.c:543 +#: src/sss_client/pam_sss.c:544 msgid "Authenticated with cached credentials" msgstr "Önbelleğe alınmış kimlik bilgileriyle doğrulandı" -#: src/sss_client/pam_sss.c:544 +#: src/sss_client/pam_sss.c:545 msgid ", your cached password will expire at: " msgstr ", önbelleğe alınmış parolanızın süresi şu tarihte sona erecek: " -#: src/sss_client/pam_sss.c:574 +#: src/sss_client/pam_sss.c:575 #, c-format msgid "Your password has expired. You have %1$d grace login(s) remaining." msgstr "Parolanızın süresi doldu. %1$d ek oturum açma hakkınız kaldı." -#: src/sss_client/pam_sss.c:624 +#: src/sss_client/pam_sss.c:625 #, c-format msgid "Your password will expire in %1$d %2$s." msgstr "Parolanızın süresi %1$d %2$s içinde dolacak." -#: src/sss_client/pam_sss.c:627 +#: src/sss_client/pam_sss.c:628 #, fuzzy, c-format msgid "Your password has expired." msgstr "Parolanızın süresi %1$d %2$s içinde dolacak." -#: src/sss_client/pam_sss.c:678 +#: src/sss_client/pam_sss.c:679 msgid "Authentication is denied until: " msgstr "Kimlik doğrulama şu ana kadar reddedilir: " -#: src/sss_client/pam_sss.c:699 +#: src/sss_client/pam_sss.c:700 msgid "System is offline, password change not possible" msgstr "Sistem çevrimdışı, şifre değişikliği mümkün değil" -#: src/sss_client/pam_sss.c:714 +#: src/sss_client/pam_sss.c:715 msgid "" "After changing the OTP password, you need to log out and back in order to " "acquire a ticket" @@ -2224,65 +2234,71 @@ msgstr "" "OTP şifresini değiştirdikten sonra bilet almak için oturumu kapatıp tekrar " "açmanız gerekir" -#: src/sss_client/pam_sss.c:729 +#: src/sss_client/pam_sss.c:730 msgid "PIN locked" msgstr "PIN kilitli" -#: src/sss_client/pam_sss.c:816 src/sss_client/pam_sss.c:829 +#: src/sss_client/pam_sss.c:745 +msgid "" +"No Kerberos TGT granted as the server does not support this method. Your " +"single-sign on(SSO) experience will be affected." +msgstr "" + +#: src/sss_client/pam_sss.c:835 src/sss_client/pam_sss.c:848 msgid "Password change failed. " msgstr "Parola değişikliği başarısız oldu. " -#: src/sss_client/pam_sss.c:1797 +#: src/sss_client/pam_sss.c:1819 #, c-format msgid "Authenticate at %1$s and press ENTER." msgstr "%1$s'de kimlik doğrulaması yapın ve ENTER'a basın." -#: src/sss_client/pam_sss.c:1800 +#: src/sss_client/pam_sss.c:1822 #, c-format msgid "Authenticate with PIN %1$s at %2$s and press ENTER." msgstr "%2$s'de %1$s PIN'i ile kimlik doğrulaması yapın ve ENTER'a basın." -#: src/sss_client/pam_sss.c:2153 +#: src/sss_client/pam_sss.c:2181 msgid "Please (re)insert (different) Smartcard" msgstr "Lütfen (farklı bir) Akıllı Kartı (yeniden) yerleştirin" -#: src/sss_client/pam_sss.c:2352 +#: src/sss_client/pam_sss.c:2380 msgid "New Password: " msgstr "Yeni Parola: " -#: src/sss_client/pam_sss.c:2353 +#: src/sss_client/pam_sss.c:2381 msgid "Reenter new Password: " msgstr "Yeni parolayı tekrar giriniz: " -#: src/sss_client/pam_sss.c:2523 src/sss_client/pam_sss.c:2526 +#: src/sss_client/pam_sss.c:2551 src/sss_client/pam_sss.c:2554 msgid "First Factor: " msgstr "Birinci Etken: " -#: src/sss_client/pam_sss.c:2524 src/sss_client/pam_sss.c:2707 +#: src/sss_client/pam_sss.c:2552 src/sss_client/pam_sss.c:2740 msgid "Second Factor (optional): " msgstr "İkinci Etken (isteğe bağlı): " -#: src/sss_client/pam_sss.c:2527 src/sss_client/pam_sss.c:2710 +#: src/sss_client/pam_sss.c:2555 src/sss_client/pam_sss.c:2743 msgid "Second Factor: " msgstr "İkinci Etken: " -#: src/sss_client/pam_sss.c:2547 +#: src/sss_client/pam_sss.c:2575 msgid "Insert your passkey device, then press ENTER." msgstr "" -#: src/sss_client/pam_sss.c:2551 src/sss_client/pam_sss.c:2554 +#: src/sss_client/pam_sss.c:2579 src/sss_client/pam_sss.c:2587 msgid "Password: " msgstr "Parola: " -#: src/sss_client/pam_sss.c:2706 src/sss_client/pam_sss.c:2709 +#: src/sss_client/pam_sss.c:2739 src/sss_client/pam_sss.c:2742 msgid "First Factor (Current Password): " msgstr "Birinci Etken (Geçerli Parola): " -#: src/sss_client/pam_sss.c:2713 +#: src/sss_client/pam_sss.c:2746 msgid "Current Password: " msgstr "Geçerli Parola: " -#: src/sss_client/pam_sss.c:3070 +#: src/sss_client/pam_sss.c:3103 msgid "Password expired. Change your password now." msgstr "Parolanızın zamanı doldu. Parolanızı şimdi değiştirin." diff --git a/po/uk.po b/po/uk.po index b3295f09f83..f8e2a90aa4b 100644 --- a/po/uk.po +++ b/po/uk.po @@ -15,7 +15,7 @@ msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" -"POT-Creation-Date: 2023-05-05 10:11+0200\n" +"POT-Creation-Date: 2023-09-07 11:48+0200\n" "PO-Revision-Date: 2023-06-02 05:50+0000\n" "Last-Translator: Yuri Chornoivan \n" "Language-Team: Ukrainian , а має бути від msgid "SSSD is already running\n" msgstr "SSSD вже запущено\n" -#: src/providers/krb5/krb5_child.c:4007 src/providers/ldap/ldap_child.c:641 +#: src/providers/krb5/krb5_child.c:4027 src/providers/ldap/ldap_child.c:642 msgid "Allow core dumps" msgstr "Дозволити дампи ядра" -#: src/providers/krb5/krb5_child.c:4009 src/providers/ldap/ldap_child.c:643 +#: src/providers/krb5/krb5_child.c:4029 src/providers/ldap/ldap_child.c:644 msgid "An open file descriptor for the debug logs" msgstr "Дескриптор відкритого файла для запису журналів діагностики" -#: src/providers/krb5/krb5_child.c:4012 +#: src/providers/krb5/krb5_child.c:4032 msgid "The user to create FAST ccache as" msgstr "Користувач, від імені якого слід створити ccache FAST" -#: src/providers/krb5/krb5_child.c:4014 +#: src/providers/krb5/krb5_child.c:4034 msgid "The group to create FAST ccache as" msgstr "Група, від імені якої слід створити ccache FAST" -#: src/providers/krb5/krb5_child.c:4016 +#: src/providers/krb5/krb5_child.c:4036 msgid "Use anonymous PKINIT to request FAST armor ticket" msgstr "Анонімний PKINIT для запитів щодо квитка захисту FAST" -#: src/providers/krb5/krb5_child.c:4018 +#: src/providers/krb5/krb5_child.c:4038 msgid "Kerberos realm to use" msgstr "Область Kerberos, якою слід скористатися" -#: src/providers/krb5/krb5_child.c:4020 +#: src/providers/krb5/krb5_child.c:4040 msgid "Requested lifetime of the ticket" msgstr "Запитаний строк дії квитка" -#: src/providers/krb5/krb5_child.c:4022 +#: src/providers/krb5/krb5_child.c:4042 msgid "Requested renewable lifetime of the ticket" msgstr "Запитаний час оновлення строку дії квитка" -#: src/providers/krb5/krb5_child.c:4024 +#: src/providers/krb5/krb5_child.c:4044 msgid "FAST options ('never', 'try', 'demand')" msgstr "Параметри FAST ('never', 'try', 'demand')" -#: src/providers/krb5/krb5_child.c:4027 +#: src/providers/krb5/krb5_child.c:4047 msgid "Specifies the server principal to use for FAST" msgstr "" "Визначає реєстраційний запис сервера, який слід використовувати для FAST" -#: src/providers/krb5/krb5_child.c:4029 +#: src/providers/krb5/krb5_child.c:4049 msgid "Requests canonicalization of the principal name" msgstr "Вимагає перетворення реєстраційного запису у канонічну форму" -#: src/providers/krb5/krb5_child.c:4031 +#: src/providers/krb5/krb5_child.c:4051 msgid "Use custom version of krb5_get_init_creds_password" msgstr "Використовувати нетипову версію krb5_get_init_creds_password" -#: src/providers/krb5/krb5_child.c:4033 +#: src/providers/krb5/krb5_child.c:4053 msgid "Tevent chain ID used for logging purposes" msgstr "" "Ідентифікатор ланцюжка Tevent, який використовується для ведення журналу" -#: src/providers/krb5/krb5_child.c:4035 +#: src/providers/krb5/krb5_child.c:4055 msgid "Check PAC flags" msgstr "Перевірити прапорці PAC" -#: src/providers/krb5/krb5_child.c:4079 src/providers/ldap/ldap_child.c:669 +#: src/providers/krb5/krb5_child.c:4099 src/providers/ldap/ldap_child.c:670 msgid "talloc_asprintf failed.\n" msgstr "Помилка talloc_asprintf.\n" -#: src/providers/krb5/krb5_child.c:4089 src/providers/ldap/ldap_child.c:678 +#: src/providers/krb5/krb5_child.c:4109 src/providers/ldap/ldap_child.c:679 msgid "set_debug_file_from_fd failed.\n" msgstr "Помилка set_debug_file_from_fd.\n" @@ -2216,55 +2220,61 @@ msgstr "Неочікувана помилка під час пошуку опи msgid "Permission denied. " msgstr "Відмовлено у доступі. " -#: src/sss_client/pam_sss.c:70 src/sss_client/pam_sss.c:819 -#: src/sss_client/pam_sss.c:830 +#: src/sss_client/pam_sss.c:70 src/sss_client/pam_sss.c:838 +#: src/sss_client/pam_sss.c:849 msgid "Server message: " msgstr "Повідомлення сервера: " #: src/sss_client/pam_sss.c:71 +msgid "" +"Kerberos TGT will not be granted upon login, user experience will be " +"affected." +msgstr "" + +#: src/sss_client/pam_sss.c:72 msgid "Enter PIN:" msgstr "Введіть PIN:" -#: src/sss_client/pam_sss.c:314 +#: src/sss_client/pam_sss.c:315 msgid "Passwords do not match" msgstr "Паролі не збігаються" -#: src/sss_client/pam_sss.c:502 +#: src/sss_client/pam_sss.c:503 msgid "Password reset by root is not supported." msgstr "Підтримки скидання пароля користувачем root не передбачено." -#: src/sss_client/pam_sss.c:543 +#: src/sss_client/pam_sss.c:544 msgid "Authenticated with cached credentials" msgstr "Розпізнано за реєстраційними даними з кешу" -#: src/sss_client/pam_sss.c:544 +#: src/sss_client/pam_sss.c:545 msgid ", your cached password will expire at: " msgstr ", строк дії вашого кешованого пароля завершиться: " -#: src/sss_client/pam_sss.c:574 +#: src/sss_client/pam_sss.c:575 #, c-format msgid "Your password has expired. You have %1$d grace login(s) remaining." msgstr "Строк дії вашого пароля вичерпано. Залишилося %1$d резервних входи." -#: src/sss_client/pam_sss.c:624 +#: src/sss_client/pam_sss.c:625 #, c-format msgid "Your password will expire in %1$d %2$s." msgstr "Строк дії вашого пароля завершиться за %1$d %2$s." -#: src/sss_client/pam_sss.c:627 +#: src/sss_client/pam_sss.c:628 #, c-format msgid "Your password has expired." msgstr "Строк дії вашого пароля вичерпано." -#: src/sss_client/pam_sss.c:678 +#: src/sss_client/pam_sss.c:679 msgid "Authentication is denied until: " msgstr "Розпізнавання заборонено до: " -#: src/sss_client/pam_sss.c:699 +#: src/sss_client/pam_sss.c:700 msgid "System is offline, password change not possible" msgstr "Система працює у автономному режимі, зміна пароля неможлива" -#: src/sss_client/pam_sss.c:714 +#: src/sss_client/pam_sss.c:715 msgid "" "After changing the OTP password, you need to log out and back in order to " "acquire a ticket" @@ -2272,66 +2282,72 @@ msgstr "" "Після зміни пароля OTP вам слід вийти із системи і увійти до неї знову, щоб " "отримати про квиток" -#: src/sss_client/pam_sss.c:729 +#: src/sss_client/pam_sss.c:730 msgid "PIN locked" msgstr "PIN заблоковано" -#: src/sss_client/pam_sss.c:816 src/sss_client/pam_sss.c:829 +#: src/sss_client/pam_sss.c:745 +msgid "" +"No Kerberos TGT granted as the server does not support this method. Your " +"single-sign on(SSO) experience will be affected." +msgstr "" + +#: src/sss_client/pam_sss.c:835 src/sss_client/pam_sss.c:848 msgid "Password change failed. " msgstr "Спроба зміни пароля зазнала невдачі. " -#: src/sss_client/pam_sss.c:1797 +#: src/sss_client/pam_sss.c:1819 #, c-format msgid "Authenticate at %1$s and press ENTER." msgstr "Пройдіть розпізнавання на %1$s і натисніть ENTER." -#: src/sss_client/pam_sss.c:1800 +#: src/sss_client/pam_sss.c:1822 #, c-format msgid "Authenticate with PIN %1$s at %2$s and press ENTER." msgstr "" "Пройдіть розпізнавання за допомогою PIN %1$s на %2$s і натисніть ENTER." -#: src/sss_client/pam_sss.c:2153 +#: src/sss_client/pam_sss.c:2181 msgid "Please (re)insert (different) Smartcard" msgstr "Будь ласка, вставте (повторно) (іншу) смарт-картку" -#: src/sss_client/pam_sss.c:2352 +#: src/sss_client/pam_sss.c:2380 msgid "New Password: " msgstr "Новий пароль: " -#: src/sss_client/pam_sss.c:2353 +#: src/sss_client/pam_sss.c:2381 msgid "Reenter new Password: " msgstr "Ще раз введіть новий пароль: " -#: src/sss_client/pam_sss.c:2523 src/sss_client/pam_sss.c:2526 +#: src/sss_client/pam_sss.c:2551 src/sss_client/pam_sss.c:2554 msgid "First Factor: " msgstr "Перший фактор: " -#: src/sss_client/pam_sss.c:2524 src/sss_client/pam_sss.c:2707 +#: src/sss_client/pam_sss.c:2552 src/sss_client/pam_sss.c:2740 msgid "Second Factor (optional): " msgstr "Другий фактор (необов'язковий): " -#: src/sss_client/pam_sss.c:2527 src/sss_client/pam_sss.c:2710 +#: src/sss_client/pam_sss.c:2555 src/sss_client/pam_sss.c:2743 msgid "Second Factor: " msgstr "Другий фактор: " -#: src/sss_client/pam_sss.c:2547 +#: src/sss_client/pam_sss.c:2575 msgid "Insert your passkey device, then press ENTER." msgstr "Вставте ваш пристрій ключа і натисніть клавішу ENTER." -#: src/sss_client/pam_sss.c:2551 src/sss_client/pam_sss.c:2554 +#: src/sss_client/pam_sss.c:2579 src/sss_client/pam_sss.c:2587 msgid "Password: " msgstr "Пароль: " -#: src/sss_client/pam_sss.c:2706 src/sss_client/pam_sss.c:2709 +#: src/sss_client/pam_sss.c:2739 src/sss_client/pam_sss.c:2742 msgid "First Factor (Current Password): " msgstr "Перший фактор (поточний пароль): " -#: src/sss_client/pam_sss.c:2713 +#: src/sss_client/pam_sss.c:2746 msgid "Current Password: " msgstr "Поточний пароль: " -#: src/sss_client/pam_sss.c:3070 +#: src/sss_client/pam_sss.c:3103 msgid "Password expired. Change your password now." msgstr "Строк дії пароля вичерпано. Змініть ваш пароль." diff --git a/po/zh_CN.po b/po/zh_CN.po index 3a17ef454a8..b8a6c8367e3 100644 --- a/po/zh_CN.po +++ b/po/zh_CN.po @@ -13,7 +13,7 @@ msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" -"POT-Creation-Date: 2023-05-05 10:11+0200\n" +"POT-Creation-Date: 2023-09-07 11:48+0200\n" "PO-Revision-Date: 2023-07-24 17:20+0000\n" "Last-Translator: Funda Wang \n" "Language-Team: Chinese (Simplified) 下运行,必须是 root\n" msgid "SSSD is already running\n" msgstr "SSSD 已运行\n" -#: src/providers/krb5/krb5_child.c:4007 src/providers/ldap/ldap_child.c:641 +#: src/providers/krb5/krb5_child.c:4027 src/providers/ldap/ldap_child.c:642 msgid "Allow core dumps" msgstr "允许内核转储" -#: src/providers/krb5/krb5_child.c:4009 src/providers/ldap/ldap_child.c:643 +#: src/providers/krb5/krb5_child.c:4029 src/providers/ldap/ldap_child.c:644 msgid "An open file descriptor for the debug logs" msgstr "调试日志的打开文件描述符" -#: src/providers/krb5/krb5_child.c:4012 +#: src/providers/krb5/krb5_child.c:4032 msgid "The user to create FAST ccache as" msgstr "用户创建 FAST 缓存为" -#: src/providers/krb5/krb5_child.c:4014 +#: src/providers/krb5/krb5_child.c:4034 msgid "The group to create FAST ccache as" msgstr "组创建 FAST 缓存为" -#: src/providers/krb5/krb5_child.c:4016 +#: src/providers/krb5/krb5_child.c:4036 msgid "Use anonymous PKINIT to request FAST armor ticket" msgstr "使用匿名 PKINIT 请求 FAST armor 票" -#: src/providers/krb5/krb5_child.c:4018 +#: src/providers/krb5/krb5_child.c:4038 msgid "Kerberos realm to use" msgstr "要使用的 kerberos 域" -#: src/providers/krb5/krb5_child.c:4020 +#: src/providers/krb5/krb5_child.c:4040 msgid "Requested lifetime of the ticket" msgstr "要求的票证寿命" -#: src/providers/krb5/krb5_child.c:4022 +#: src/providers/krb5/krb5_child.c:4042 msgid "Requested renewable lifetime of the ticket" msgstr "要求的可续约票证寿命" -#: src/providers/krb5/krb5_child.c:4024 +#: src/providers/krb5/krb5_child.c:4044 msgid "FAST options ('never', 'try', 'demand')" msgstr "FAST 选项('never'、'try'、'demand')" -#: src/providers/krb5/krb5_child.c:4027 +#: src/providers/krb5/krb5_child.c:4047 msgid "Specifies the server principal to use for FAST" msgstr "指定用于 FAST 的服务器主体" -#: src/providers/krb5/krb5_child.c:4029 +#: src/providers/krb5/krb5_child.c:4049 msgid "Requests canonicalization of the principal name" msgstr "要求规范化主体名称" -#: src/providers/krb5/krb5_child.c:4031 +#: src/providers/krb5/krb5_child.c:4051 msgid "Use custom version of krb5_get_init_creds_password" msgstr "使用自定义版本的 krb5_get_init_creds_password" -#: src/providers/krb5/krb5_child.c:4033 +#: src/providers/krb5/krb5_child.c:4053 msgid "Tevent chain ID used for logging purposes" msgstr "用于日志记录的 Tevent 链 ID" -#: src/providers/krb5/krb5_child.c:4035 +#: src/providers/krb5/krb5_child.c:4055 msgid "Check PAC flags" msgstr "检查 PAC 标志" -#: src/providers/krb5/krb5_child.c:4079 src/providers/ldap/ldap_child.c:669 +#: src/providers/krb5/krb5_child.c:4099 src/providers/ldap/ldap_child.c:670 msgid "talloc_asprintf failed.\n" msgstr "talloc_asprintf 失败。\n" -#: src/providers/krb5/krb5_child.c:4089 src/providers/ldap/ldap_child.c:678 +#: src/providers/krb5/krb5_child.c:4109 src/providers/ldap/ldap_child.c:679 msgid "set_debug_file_from_fd failed.\n" msgstr "set_debug_file_from_fd 失败。\n" @@ -2027,119 +2031,131 @@ msgstr "查找错误说明时出现意外错误" msgid "Permission denied. " msgstr "权限被拒绝。 " -#: src/sss_client/pam_sss.c:70 src/sss_client/pam_sss.c:819 -#: src/sss_client/pam_sss.c:830 +#: src/sss_client/pam_sss.c:70 src/sss_client/pam_sss.c:838 +#: src/sss_client/pam_sss.c:849 msgid "Server message: " msgstr "服务器消息: " #: src/sss_client/pam_sss.c:71 +msgid "" +"Kerberos TGT will not be granted upon login, user experience will be " +"affected." +msgstr "" + +#: src/sss_client/pam_sss.c:72 msgid "Enter PIN:" msgstr "输入 PIN:" -#: src/sss_client/pam_sss.c:314 +#: src/sss_client/pam_sss.c:315 msgid "Passwords do not match" msgstr "密码不匹配" -#: src/sss_client/pam_sss.c:502 +#: src/sss_client/pam_sss.c:503 msgid "Password reset by root is not supported." msgstr "不支持通过 root 重置密码。" -#: src/sss_client/pam_sss.c:543 +#: src/sss_client/pam_sss.c:544 msgid "Authenticated with cached credentials" msgstr "通过缓存的凭据进行身份验证" -#: src/sss_client/pam_sss.c:544 +#: src/sss_client/pam_sss.c:545 msgid ", your cached password will expire at: " msgstr ",您缓存的密码将过期于: " -#: src/sss_client/pam_sss.c:574 +#: src/sss_client/pam_sss.c:575 #, c-format msgid "Your password has expired. You have %1$d grace login(s) remaining." msgstr "您的密码已过期。您有 %1$d 剩余宽限登陆。" -#: src/sss_client/pam_sss.c:624 +#: src/sss_client/pam_sss.c:625 #, c-format msgid "Your password will expire in %1$d %2$s." msgstr "您的密码将于 %1$d %2$s 过期。" -#: src/sss_client/pam_sss.c:627 +#: src/sss_client/pam_sss.c:628 #, c-format msgid "Your password has expired." msgstr "您的密码已经过期。" -#: src/sss_client/pam_sss.c:678 +#: src/sss_client/pam_sss.c:679 msgid "Authentication is denied until: " msgstr "身份验证被拒绝,直到: " -#: src/sss_client/pam_sss.c:699 +#: src/sss_client/pam_sss.c:700 msgid "System is offline, password change not possible" msgstr "系统离线,无法更改密码" -#: src/sss_client/pam_sss.c:714 +#: src/sss_client/pam_sss.c:715 msgid "" "After changing the OTP password, you need to log out and back in order to " "acquire a ticket" msgstr "更改 OTP 密码后,您需要注销并重新登录以获得票证" -#: src/sss_client/pam_sss.c:729 +#: src/sss_client/pam_sss.c:730 msgid "PIN locked" msgstr "PIN 已锁定" -#: src/sss_client/pam_sss.c:816 src/sss_client/pam_sss.c:829 +#: src/sss_client/pam_sss.c:745 +msgid "" +"No Kerberos TGT granted as the server does not support this method. Your " +"single-sign on(SSO) experience will be affected." +msgstr "" + +#: src/sss_client/pam_sss.c:835 src/sss_client/pam_sss.c:848 msgid "Password change failed. " msgstr "更改密码失败。 " -#: src/sss_client/pam_sss.c:1797 +#: src/sss_client/pam_sss.c:1819 #, c-format msgid "Authenticate at %1$s and press ENTER." msgstr "在 %1$s 处进行身份验证,然后按 ENTER 。" -#: src/sss_client/pam_sss.c:1800 +#: src/sss_client/pam_sss.c:1822 #, c-format msgid "Authenticate with PIN %1$s at %2$s and press ENTER." msgstr "在 %2$s 处使用 PIN %1$s 进行身份验证,然后按 ENTER 。" -#: src/sss_client/pam_sss.c:2153 +#: src/sss_client/pam_sss.c:2181 msgid "Please (re)insert (different) Smartcard" msgstr "请(重新)插入(不同的)智能卡" -#: src/sss_client/pam_sss.c:2352 +#: src/sss_client/pam_sss.c:2380 msgid "New Password: " msgstr "新密码: " -#: src/sss_client/pam_sss.c:2353 +#: src/sss_client/pam_sss.c:2381 msgid "Reenter new Password: " msgstr "重新输入新密码: " -#: src/sss_client/pam_sss.c:2523 src/sss_client/pam_sss.c:2526 +#: src/sss_client/pam_sss.c:2551 src/sss_client/pam_sss.c:2554 msgid "First Factor: " msgstr "第一因素: " -#: src/sss_client/pam_sss.c:2524 src/sss_client/pam_sss.c:2707 +#: src/sss_client/pam_sss.c:2552 src/sss_client/pam_sss.c:2740 msgid "Second Factor (optional): " msgstr "第二因素(可选): " -#: src/sss_client/pam_sss.c:2527 src/sss_client/pam_sss.c:2710 +#: src/sss_client/pam_sss.c:2555 src/sss_client/pam_sss.c:2743 msgid "Second Factor: " msgstr "第二因素: " -#: src/sss_client/pam_sss.c:2547 +#: src/sss_client/pam_sss.c:2575 msgid "Insert your passkey device, then press ENTER." msgstr "插入您的通行密钥设备,然后按回车键。" -#: src/sss_client/pam_sss.c:2551 src/sss_client/pam_sss.c:2554 +#: src/sss_client/pam_sss.c:2579 src/sss_client/pam_sss.c:2587 msgid "Password: " msgstr "密码: " -#: src/sss_client/pam_sss.c:2706 src/sss_client/pam_sss.c:2709 +#: src/sss_client/pam_sss.c:2739 src/sss_client/pam_sss.c:2742 msgid "First Factor (Current Password): " msgstr "第一因素(当前密码): " -#: src/sss_client/pam_sss.c:2713 +#: src/sss_client/pam_sss.c:2746 msgid "Current Password: " msgstr "当前密码: " -#: src/sss_client/pam_sss.c:3070 +#: src/sss_client/pam_sss.c:3103 msgid "Password expired. Change your password now." msgstr "密码已过期。立即更改密码。" diff --git a/po/zh_TW.po b/po/zh_TW.po index 1e9c6b85f7a..ae9b0c37f47 100644 --- a/po/zh_TW.po +++ b/po/zh_TW.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" -"POT-Creation-Date: 2023-05-05 10:11+0200\n" +"POT-Creation-Date: 2023-09-07 11:48+0200\n" "PO-Revision-Date: 2014-12-14 11:50-0500\n" "Last-Translator: Copied by Zanata \n" "Language-Team: Chinese (Taiwan) (http://www.transifex.com/projects/p/sssd/" @@ -589,12 +589,12 @@ msgid "Whether to automatically update the client's DNS entry" msgstr "" #: src/config/SSSDConfig/sssdoptions.py:201 -#: src/config/SSSDConfig/sssdoptions.py:233 +#: src/config/SSSDConfig/sssdoptions.py:234 msgid "The TTL to apply to the client's DNS entry after updating it" msgstr "" #: src/config/SSSDConfig/sssdoptions.py:202 -#: src/config/SSSDConfig/sssdoptions.py:234 +#: src/config/SSSDConfig/sssdoptions.py:235 msgid "The interface whose IP should be used for dynamic DNS updates" msgstr "" @@ -678,1162 +678,1166 @@ msgid "" "(long term password) must have to be saved as SHA512 hash into the cache." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:228 +#: src/config/SSSDConfig/sssdoptions.py:226 +msgid "Local authentication methods policy " +msgstr "" + +#: src/config/SSSDConfig/sssdoptions.py:229 msgid "IPA domain" msgstr "IPA 網域" -#: src/config/SSSDConfig/sssdoptions.py:229 +#: src/config/SSSDConfig/sssdoptions.py:230 msgid "IPA server address" msgstr "IPA 伺服器位址" -#: src/config/SSSDConfig/sssdoptions.py:230 +#: src/config/SSSDConfig/sssdoptions.py:231 msgid "Address of backup IPA server" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:231 +#: src/config/SSSDConfig/sssdoptions.py:232 msgid "IPA client hostname" msgstr "IPA 客戶端主機名稱" -#: src/config/SSSDConfig/sssdoptions.py:232 +#: src/config/SSSDConfig/sssdoptions.py:233 msgid "Whether to automatically update the client's DNS entry in FreeIPA" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:235 +#: src/config/SSSDConfig/sssdoptions.py:236 msgid "Search base for HBAC related objects" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:236 +#: src/config/SSSDConfig/sssdoptions.py:237 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:237 +#: src/config/SSSDConfig/sssdoptions.py:238 msgid "" "The amount of time in seconds between lookups of the SELinux maps against " "the IPA server" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:239 +#: src/config/SSSDConfig/sssdoptions.py:240 msgid "If set to false, host argument given by PAM will be ignored" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:240 +#: src/config/SSSDConfig/sssdoptions.py:241 msgid "The automounter location this IPA client is using" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:241 +#: src/config/SSSDConfig/sssdoptions.py:242 msgid "Search base for object containing info about IPA domain" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:242 +#: src/config/SSSDConfig/sssdoptions.py:243 msgid "Search base for objects containing info about ID ranges" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:243 -#: src/config/SSSDConfig/sssdoptions.py:299 +#: src/config/SSSDConfig/sssdoptions.py:244 +#: src/config/SSSDConfig/sssdoptions.py:300 msgid "Enable DNS sites - location based service discovery" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:244 +#: src/config/SSSDConfig/sssdoptions.py:245 msgid "Search base for view containers" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:245 +#: src/config/SSSDConfig/sssdoptions.py:246 msgid "Objectclass for view containers" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:246 +#: src/config/SSSDConfig/sssdoptions.py:247 msgid "Attribute with the name of the view" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:247 +#: src/config/SSSDConfig/sssdoptions.py:248 msgid "Objectclass for override objects" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:248 +#: src/config/SSSDConfig/sssdoptions.py:249 msgid "Attribute with the reference to the original object" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:249 +#: src/config/SSSDConfig/sssdoptions.py:250 msgid "Objectclass for user override objects" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:250 +#: src/config/SSSDConfig/sssdoptions.py:251 msgid "Objectclass for group override objects" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:251 +#: src/config/SSSDConfig/sssdoptions.py:252 msgid "Search base for Desktop Profile related objects" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:252 +#: src/config/SSSDConfig/sssdoptions.py:253 msgid "" "The amount of time in seconds between lookups of the Desktop Profile rules " "against the IPA server" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:254 +#: src/config/SSSDConfig/sssdoptions.py:255 msgid "" "The amount of time in minutes between lookups of Desktop Profiles rules " "against the IPA server when the last request did not find any rule" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:257 +#: src/config/SSSDConfig/sssdoptions.py:258 msgid "Search base for SUBID ranges" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:258 -#: src/config/SSSDConfig/sssdoptions.py:501 +#: src/config/SSSDConfig/sssdoptions.py:259 +#: src/config/SSSDConfig/sssdoptions.py:502 msgid "Which rules should be used to evaluate access control" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:259 +#: src/config/SSSDConfig/sssdoptions.py:260 msgid "The LDAP attribute that contains FQDN of the host." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:260 -#: src/config/SSSDConfig/sssdoptions.py:283 +#: src/config/SSSDConfig/sssdoptions.py:261 +#: src/config/SSSDConfig/sssdoptions.py:284 msgid "The object class of a host entry in LDAP." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:261 +#: src/config/SSSDConfig/sssdoptions.py:262 msgid "Use the given string as search base for host objects." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:262 +#: src/config/SSSDConfig/sssdoptions.py:263 msgid "The LDAP attribute that contains the host's SSH public keys." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:263 +#: src/config/SSSDConfig/sssdoptions.py:264 msgid "The LDAP attribute that contains NIS domain name of the netgroup." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:264 +#: src/config/SSSDConfig/sssdoptions.py:265 msgid "The LDAP attribute that contains the names of the netgroup's members." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:265 +#: src/config/SSSDConfig/sssdoptions.py:266 msgid "" "The LDAP attribute that lists FQDNs of hosts and host groups that are " "members of the netgroup." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:267 +#: src/config/SSSDConfig/sssdoptions.py:268 msgid "" "The LDAP attribute that lists hosts and host groups that are direct members " "of the netgroup." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:269 +#: src/config/SSSDConfig/sssdoptions.py:270 msgid "The LDAP attribute that lists netgroup's memberships." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:270 +#: src/config/SSSDConfig/sssdoptions.py:271 msgid "" "The LDAP attribute that lists system users and groups that are direct " "members of the netgroup." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:272 +#: src/config/SSSDConfig/sssdoptions.py:273 msgid "The LDAP attribute that corresponds to the netgroup name." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:273 +#: src/config/SSSDConfig/sssdoptions.py:274 msgid "The object class of a netgroup entry in LDAP." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:274 +#: src/config/SSSDConfig/sssdoptions.py:275 msgid "" "The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:275 +#: src/config/SSSDConfig/sssdoptions.py:276 msgid "" "The LDAP attribute that contains whether or not is user map enabled for " "usage." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:277 +#: src/config/SSSDConfig/sssdoptions.py:278 msgid "The LDAP attribute that contains host category such as 'all'." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:278 +#: src/config/SSSDConfig/sssdoptions.py:279 msgid "" "The LDAP attribute that contains all hosts / hostgroups this rule match " "against." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:280 +#: src/config/SSSDConfig/sssdoptions.py:281 msgid "" "The LDAP attribute that contains all users / groups this rule match against." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:282 +#: src/config/SSSDConfig/sssdoptions.py:283 msgid "The LDAP attribute that contains the name of SELinux usermap." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:284 +#: src/config/SSSDConfig/sssdoptions.py:285 msgid "" "The LDAP attribute that contains DN of HBAC rule which can be used for " "matching instead of memberUser and memberHost." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:286 +#: src/config/SSSDConfig/sssdoptions.py:287 msgid "The LDAP attribute that contains SELinux user string itself." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:287 +#: src/config/SSSDConfig/sssdoptions.py:288 msgid "The LDAP attribute that contains user category such as 'all'." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:288 +#: src/config/SSSDConfig/sssdoptions.py:289 msgid "The LDAP attribute that contains unique ID of the user map." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:289 +#: src/config/SSSDConfig/sssdoptions.py:290 msgid "" "The option denotes that the SSSD is running on IPA server and should perform " "lookups of users and groups from trusted domains differently." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:291 +#: src/config/SSSDConfig/sssdoptions.py:292 msgid "Use the given string as search base for trusted domains." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:294 +#: src/config/SSSDConfig/sssdoptions.py:295 msgid "Active Directory domain" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:295 +#: src/config/SSSDConfig/sssdoptions.py:296 msgid "Enabled Active Directory domains" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:296 +#: src/config/SSSDConfig/sssdoptions.py:297 msgid "Active Directory server address" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:297 +#: src/config/SSSDConfig/sssdoptions.py:298 msgid "Active Directory backup server address" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:298 +#: src/config/SSSDConfig/sssdoptions.py:299 msgid "Active Directory client hostname" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:300 -#: src/config/SSSDConfig/sssdoptions.py:499 +#: src/config/SSSDConfig/sssdoptions.py:301 +#: src/config/SSSDConfig/sssdoptions.py:500 msgid "LDAP filter to determine access privileges" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:301 +#: src/config/SSSDConfig/sssdoptions.py:302 msgid "Whether to use the Global Catalog for lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:302 +#: src/config/SSSDConfig/sssdoptions.py:303 msgid "Operation mode for GPO-based access control" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:303 +#: src/config/SSSDConfig/sssdoptions.py:304 msgid "" "The amount of time between lookups of the GPO policy files against the AD " "server" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:304 +#: src/config/SSSDConfig/sssdoptions.py:305 msgid "" "PAM service names that map to the GPO (Deny)InteractiveLogonRight policy " "settings" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:306 +#: src/config/SSSDConfig/sssdoptions.py:307 msgid "" "PAM service names that map to the GPO (Deny)RemoteInteractiveLogonRight " "policy settings" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:308 +#: src/config/SSSDConfig/sssdoptions.py:309 msgid "" "PAM service names that map to the GPO (Deny)NetworkLogonRight policy settings" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:309 +#: src/config/SSSDConfig/sssdoptions.py:310 msgid "" "PAM service names that map to the GPO (Deny)BatchLogonRight policy settings" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:310 +#: src/config/SSSDConfig/sssdoptions.py:311 msgid "" "PAM service names that map to the GPO (Deny)ServiceLogonRight policy settings" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:311 +#: src/config/SSSDConfig/sssdoptions.py:312 msgid "PAM service names for which GPO-based access is always granted" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:312 +#: src/config/SSSDConfig/sssdoptions.py:313 msgid "PAM service names for which GPO-based access is always denied" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:313 +#: src/config/SSSDConfig/sssdoptions.py:314 msgid "" "Default logon right (or permit/deny) to use for unmapped PAM service names" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:314 +#: src/config/SSSDConfig/sssdoptions.py:315 msgid "a particular site to be used by the client" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:315 +#: src/config/SSSDConfig/sssdoptions.py:316 msgid "" "Maximum age in days before the machine account password should be renewed" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:317 +#: src/config/SSSDConfig/sssdoptions.py:318 msgid "Option for tuning the machine account renewal task" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:318 +#: src/config/SSSDConfig/sssdoptions.py:319 msgid "Whether to update the machine account password in the Samba database" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:320 +#: src/config/SSSDConfig/sssdoptions.py:321 msgid "Use LDAPS port for LDAP and Global Catalog requests" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:321 +#: src/config/SSSDConfig/sssdoptions.py:322 msgid "Do not filter domain local groups from other domains" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:324 #: src/config/SSSDConfig/sssdoptions.py:325 +#: src/config/SSSDConfig/sssdoptions.py:326 msgid "Kerberos server address" msgstr "Kerberos 伺服器位址" -#: src/config/SSSDConfig/sssdoptions.py:326 +#: src/config/SSSDConfig/sssdoptions.py:327 msgid "Kerberos backup server address" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:327 +#: src/config/SSSDConfig/sssdoptions.py:328 msgid "Kerberos realm" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:328 +#: src/config/SSSDConfig/sssdoptions.py:329 msgid "Authentication timeout" msgstr "認證逾時" -#: src/config/SSSDConfig/sssdoptions.py:329 +#: src/config/SSSDConfig/sssdoptions.py:330 msgid "Whether to create kdcinfo files" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:330 +#: src/config/SSSDConfig/sssdoptions.py:331 msgid "Where to drop krb5 config snippets" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:333 +#: src/config/SSSDConfig/sssdoptions.py:334 msgid "Directory to store credential caches" msgstr "儲存憑證快取的目錄" -#: src/config/SSSDConfig/sssdoptions.py:334 +#: src/config/SSSDConfig/sssdoptions.py:335 msgid "Location of the user's credential cache" msgstr "使用者憑證快取的位置" -#: src/config/SSSDConfig/sssdoptions.py:335 +#: src/config/SSSDConfig/sssdoptions.py:336 msgid "Location of the keytab to validate credentials" msgstr "驗證憑證用的金鑰表格位置" -#: src/config/SSSDConfig/sssdoptions.py:336 +#: src/config/SSSDConfig/sssdoptions.py:337 msgid "Enable credential validation" msgstr "啟用憑證驗證" -#: src/config/SSSDConfig/sssdoptions.py:337 +#: src/config/SSSDConfig/sssdoptions.py:338 msgid "Store password if offline for later online authentication" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:338 +#: src/config/SSSDConfig/sssdoptions.py:339 msgid "Renewable lifetime of the TGT" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:339 +#: src/config/SSSDConfig/sssdoptions.py:340 msgid "Lifetime of the TGT" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:340 +#: src/config/SSSDConfig/sssdoptions.py:341 msgid "Time between two checks for renewal" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:341 +#: src/config/SSSDConfig/sssdoptions.py:342 msgid "Enables FAST" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:342 +#: src/config/SSSDConfig/sssdoptions.py:343 msgid "Selects the principal to use for FAST" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:343 +#: src/config/SSSDConfig/sssdoptions.py:344 msgid "Use anonymous PKINIT to request FAST credentials" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:344 +#: src/config/SSSDConfig/sssdoptions.py:345 msgid "Enables principal canonicalization" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:345 +#: src/config/SSSDConfig/sssdoptions.py:346 msgid "Enables enterprise principals" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:346 +#: src/config/SSSDConfig/sssdoptions.py:347 msgid "Enables using of subdomains realms for authentication" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:347 +#: src/config/SSSDConfig/sssdoptions.py:348 msgid "A mapping from user names to Kerberos principal names" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:350 #: src/config/SSSDConfig/sssdoptions.py:351 +#: src/config/SSSDConfig/sssdoptions.py:352 msgid "Server where the change password service is running if not on the KDC" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:354 +#: src/config/SSSDConfig/sssdoptions.py:355 msgid "ldap_uri, The URI of the LDAP server" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:355 +#: src/config/SSSDConfig/sssdoptions.py:356 msgid "ldap_backup_uri, The URI of the LDAP server" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:356 +#: src/config/SSSDConfig/sssdoptions.py:357 msgid "The default base DN" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:357 +#: src/config/SSSDConfig/sssdoptions.py:358 msgid "The Schema Type in use on the LDAP server, rfc2307" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:358 +#: src/config/SSSDConfig/sssdoptions.py:359 msgid "Mode used to change user password" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:359 +#: src/config/SSSDConfig/sssdoptions.py:360 msgid "The default bind DN" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:360 +#: src/config/SSSDConfig/sssdoptions.py:361 msgid "The type of the authentication token of the default bind DN" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:361 +#: src/config/SSSDConfig/sssdoptions.py:362 msgid "The authentication token of the default bind DN" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:362 +#: src/config/SSSDConfig/sssdoptions.py:363 msgid "Length of time to attempt connection" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:363 +#: src/config/SSSDConfig/sssdoptions.py:364 msgid "Length of time to attempt synchronous LDAP operations" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:364 +#: src/config/SSSDConfig/sssdoptions.py:365 msgid "Length of time between attempts to reconnect while offline" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:365 +#: src/config/SSSDConfig/sssdoptions.py:366 msgid "Use only the upper case for realm names" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:366 +#: src/config/SSSDConfig/sssdoptions.py:367 msgid "File that contains CA certificates" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:367 +#: src/config/SSSDConfig/sssdoptions.py:368 msgid "Path to CA certificate directory" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:368 +#: src/config/SSSDConfig/sssdoptions.py:369 msgid "File that contains the client certificate" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:369 +#: src/config/SSSDConfig/sssdoptions.py:370 msgid "File that contains the client key" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:370 +#: src/config/SSSDConfig/sssdoptions.py:371 msgid "List of possible ciphers suites" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:371 +#: src/config/SSSDConfig/sssdoptions.py:372 msgid "Require TLS certificate verification" msgstr "需要 TLS 憑證驗證" -#: src/config/SSSDConfig/sssdoptions.py:372 +#: src/config/SSSDConfig/sssdoptions.py:373 msgid "Specify the sasl mechanism to use" msgstr "指定要使用的 sasl 機制" -#: src/config/SSSDConfig/sssdoptions.py:373 +#: src/config/SSSDConfig/sssdoptions.py:374 msgid "Specify the sasl authorization id to use" msgstr "指定要使用的 sasl 認證 id" -#: src/config/SSSDConfig/sssdoptions.py:374 +#: src/config/SSSDConfig/sssdoptions.py:375 msgid "Specify the sasl authorization realm to use" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:375 +#: src/config/SSSDConfig/sssdoptions.py:376 msgid "Specify the minimal SSF for LDAP sasl authorization" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:376 +#: src/config/SSSDConfig/sssdoptions.py:377 msgid "Specify the maximal SSF for LDAP sasl authorization" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:377 +#: src/config/SSSDConfig/sssdoptions.py:378 msgid "Kerberos service keytab" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:378 +#: src/config/SSSDConfig/sssdoptions.py:379 msgid "Use Kerberos auth for LDAP connection" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:379 +#: src/config/SSSDConfig/sssdoptions.py:380 msgid "Follow LDAP referrals" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:380 +#: src/config/SSSDConfig/sssdoptions.py:381 msgid "Lifetime of TGT for LDAP connection" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:381 +#: src/config/SSSDConfig/sssdoptions.py:382 msgid "How to dereference aliases" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:382 +#: src/config/SSSDConfig/sssdoptions.py:383 msgid "Service name for DNS service lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:383 +#: src/config/SSSDConfig/sssdoptions.py:384 msgid "The number of records to retrieve in a single LDAP query" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:384 +#: src/config/SSSDConfig/sssdoptions.py:385 msgid "The number of members that must be missing to trigger a full deref" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:385 +#: src/config/SSSDConfig/sssdoptions.py:386 msgid "Ignore unreadable LDAP references" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:386 +#: src/config/SSSDConfig/sssdoptions.py:387 msgid "" "Whether the LDAP library should perform a reverse lookup to canonicalize the " "host name during a SASL bind" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:388 +#: src/config/SSSDConfig/sssdoptions.py:389 msgid "" "Allows to retain local users as members of an LDAP group for servers that " "use the RFC2307 schema." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:391 +#: src/config/SSSDConfig/sssdoptions.py:392 msgid "entryUSN attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:392 +#: src/config/SSSDConfig/sssdoptions.py:393 msgid "lastUSN attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:394 +#: src/config/SSSDConfig/sssdoptions.py:395 msgid "How long to retain a connection to the LDAP server before disconnecting" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:397 +#: src/config/SSSDConfig/sssdoptions.py:398 msgid "Disable the LDAP paging control" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:398 +#: src/config/SSSDConfig/sssdoptions.py:399 msgid "Disable Active Directory range retrieval" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:401 +#: src/config/SSSDConfig/sssdoptions.py:402 msgid "Length of time to wait for a search request" msgstr "搜尋請求的等候時間長度" -#: src/config/SSSDConfig/sssdoptions.py:402 +#: src/config/SSSDConfig/sssdoptions.py:403 msgid "Length of time to wait for a enumeration request" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:403 +#: src/config/SSSDConfig/sssdoptions.py:404 msgid "Length of time between enumeration updates" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:404 +#: src/config/SSSDConfig/sssdoptions.py:405 msgid "Maximum period deviation between enumeration updates" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:405 +#: src/config/SSSDConfig/sssdoptions.py:406 msgid "Length of time between cache cleanups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:406 +#: src/config/SSSDConfig/sssdoptions.py:407 msgid "Maximum time deviation between cache cleanups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:407 +#: src/config/SSSDConfig/sssdoptions.py:408 msgid "Require TLS for ID lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:408 +#: src/config/SSSDConfig/sssdoptions.py:409 msgid "Use ID-mapping of objectSID instead of pre-set IDs" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:409 +#: src/config/SSSDConfig/sssdoptions.py:410 msgid "Base DN for user lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:410 +#: src/config/SSSDConfig/sssdoptions.py:411 msgid "Scope of user lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:411 +#: src/config/SSSDConfig/sssdoptions.py:412 msgid "Filter for user lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:412 +#: src/config/SSSDConfig/sssdoptions.py:413 msgid "Objectclass for users" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:413 +#: src/config/SSSDConfig/sssdoptions.py:414 msgid "Username attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:414 +#: src/config/SSSDConfig/sssdoptions.py:415 msgid "UID attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:415 +#: src/config/SSSDConfig/sssdoptions.py:416 msgid "Primary GID attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:416 +#: src/config/SSSDConfig/sssdoptions.py:417 msgid "GECOS attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:417 +#: src/config/SSSDConfig/sssdoptions.py:418 msgid "Home directory attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:418 +#: src/config/SSSDConfig/sssdoptions.py:419 msgid "Shell attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:419 +#: src/config/SSSDConfig/sssdoptions.py:420 msgid "UUID attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:420 -#: src/config/SSSDConfig/sssdoptions.py:459 +#: src/config/SSSDConfig/sssdoptions.py:421 +#: src/config/SSSDConfig/sssdoptions.py:460 msgid "objectSID attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:421 +#: src/config/SSSDConfig/sssdoptions.py:422 msgid "Active Directory primary group attribute for ID-mapping" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:422 +#: src/config/SSSDConfig/sssdoptions.py:423 msgid "User principal attribute (for Kerberos)" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:423 +#: src/config/SSSDConfig/sssdoptions.py:424 msgid "Full Name" msgstr "全名" -#: src/config/SSSDConfig/sssdoptions.py:424 +#: src/config/SSSDConfig/sssdoptions.py:425 msgid "memberOf attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:425 +#: src/config/SSSDConfig/sssdoptions.py:426 msgid "Modification time attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:426 +#: src/config/SSSDConfig/sssdoptions.py:427 msgid "shadowLastChange attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:427 +#: src/config/SSSDConfig/sssdoptions.py:428 msgid "shadowMin attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:428 +#: src/config/SSSDConfig/sssdoptions.py:429 msgid "shadowMax attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:429 +#: src/config/SSSDConfig/sssdoptions.py:430 msgid "shadowWarning attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:430 +#: src/config/SSSDConfig/sssdoptions.py:431 msgid "shadowInactive attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:431 +#: src/config/SSSDConfig/sssdoptions.py:432 msgid "shadowExpire attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:432 +#: src/config/SSSDConfig/sssdoptions.py:433 msgid "shadowFlag attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:433 +#: src/config/SSSDConfig/sssdoptions.py:434 msgid "Attribute listing authorized PAM services" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:434 +#: src/config/SSSDConfig/sssdoptions.py:435 msgid "Attribute listing authorized server hosts" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:435 +#: src/config/SSSDConfig/sssdoptions.py:436 msgid "Attribute listing authorized server rhosts" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:436 +#: src/config/SSSDConfig/sssdoptions.py:437 msgid "krbLastPwdChange attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:437 +#: src/config/SSSDConfig/sssdoptions.py:438 msgid "krbPasswordExpiration attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:438 +#: src/config/SSSDConfig/sssdoptions.py:439 msgid "Attribute indicating that server side password policies are active" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:439 +#: src/config/SSSDConfig/sssdoptions.py:440 msgid "accountExpires attribute of AD" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:440 +#: src/config/SSSDConfig/sssdoptions.py:441 msgid "userAccountControl attribute of AD" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:441 +#: src/config/SSSDConfig/sssdoptions.py:442 msgid "nsAccountLock attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:442 +#: src/config/SSSDConfig/sssdoptions.py:443 msgid "loginDisabled attribute of NDS" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:443 +#: src/config/SSSDConfig/sssdoptions.py:444 msgid "loginExpirationTime attribute of NDS" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:444 +#: src/config/SSSDConfig/sssdoptions.py:445 msgid "loginAllowedTimeMap attribute of NDS" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:445 +#: src/config/SSSDConfig/sssdoptions.py:446 msgid "SSH public key attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:446 +#: src/config/SSSDConfig/sssdoptions.py:447 msgid "attribute listing allowed authentication types for a user" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:447 +#: src/config/SSSDConfig/sssdoptions.py:448 msgid "attribute containing the X509 certificate of the user" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:448 +#: src/config/SSSDConfig/sssdoptions.py:449 msgid "attribute containing the email address of the user" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:449 +#: src/config/SSSDConfig/sssdoptions.py:450 msgid "attribute containing the passkey mapping data of the user" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:450 +#: src/config/SSSDConfig/sssdoptions.py:451 msgid "A list of extra attributes to download along with the user entry" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:452 +#: src/config/SSSDConfig/sssdoptions.py:453 msgid "Base DN for group lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:453 +#: src/config/SSSDConfig/sssdoptions.py:454 msgid "Objectclass for groups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:454 +#: src/config/SSSDConfig/sssdoptions.py:455 msgid "Group name" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:455 +#: src/config/SSSDConfig/sssdoptions.py:456 msgid "Group password" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:456 +#: src/config/SSSDConfig/sssdoptions.py:457 msgid "GID attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:457 +#: src/config/SSSDConfig/sssdoptions.py:458 msgid "Group member attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:458 +#: src/config/SSSDConfig/sssdoptions.py:459 msgid "Group UUID attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:460 +#: src/config/SSSDConfig/sssdoptions.py:461 msgid "Modification time attribute for groups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:461 +#: src/config/SSSDConfig/sssdoptions.py:462 msgid "Type of the group and other flags" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:462 +#: src/config/SSSDConfig/sssdoptions.py:463 msgid "The LDAP group external member attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:463 +#: src/config/SSSDConfig/sssdoptions.py:464 msgid "Maximum nesting level SSSD will follow" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:464 +#: src/config/SSSDConfig/sssdoptions.py:465 msgid "Filter for group lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:465 +#: src/config/SSSDConfig/sssdoptions.py:466 msgid "Scope of group lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:467 +#: src/config/SSSDConfig/sssdoptions.py:468 msgid "Base DN for netgroup lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:468 +#: src/config/SSSDConfig/sssdoptions.py:469 msgid "Objectclass for netgroups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:469 +#: src/config/SSSDConfig/sssdoptions.py:470 msgid "Netgroup name" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:470 +#: src/config/SSSDConfig/sssdoptions.py:471 msgid "Netgroups members attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:471 +#: src/config/SSSDConfig/sssdoptions.py:472 msgid "Netgroup triple attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:472 +#: src/config/SSSDConfig/sssdoptions.py:473 msgid "Modification time attribute for netgroups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:474 +#: src/config/SSSDConfig/sssdoptions.py:475 msgid "Base DN for service lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:475 +#: src/config/SSSDConfig/sssdoptions.py:476 msgid "Objectclass for services" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:476 +#: src/config/SSSDConfig/sssdoptions.py:477 msgid "Service name attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:477 +#: src/config/SSSDConfig/sssdoptions.py:478 msgid "Service port attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:478 +#: src/config/SSSDConfig/sssdoptions.py:479 msgid "Service protocol attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:480 +#: src/config/SSSDConfig/sssdoptions.py:481 msgid "Lower bound for ID-mapping" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:481 +#: src/config/SSSDConfig/sssdoptions.py:482 msgid "Upper bound for ID-mapping" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:482 +#: src/config/SSSDConfig/sssdoptions.py:483 msgid "Number of IDs for each slice when ID-mapping" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:483 +#: src/config/SSSDConfig/sssdoptions.py:484 msgid "Use autorid-compatible algorithm for ID-mapping" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:484 +#: src/config/SSSDConfig/sssdoptions.py:485 msgid "Name of the default domain for ID-mapping" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:485 +#: src/config/SSSDConfig/sssdoptions.py:486 msgid "SID of the default domain for ID-mapping" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:486 +#: src/config/SSSDConfig/sssdoptions.py:487 msgid "Number of secondary slices" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:488 +#: src/config/SSSDConfig/sssdoptions.py:489 msgid "Whether to use Token-Groups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:489 +#: src/config/SSSDConfig/sssdoptions.py:490 msgid "Set lower boundary for allowed IDs from the LDAP server" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:490 +#: src/config/SSSDConfig/sssdoptions.py:491 msgid "Set upper boundary for allowed IDs from the LDAP server" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:491 +#: src/config/SSSDConfig/sssdoptions.py:492 msgid "DN for ppolicy queries" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:492 +#: src/config/SSSDConfig/sssdoptions.py:493 msgid "How many maximum entries to fetch during a wildcard request" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:493 +#: src/config/SSSDConfig/sssdoptions.py:494 msgid "Set libldap debug level" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:496 +#: src/config/SSSDConfig/sssdoptions.py:497 msgid "Policy to evaluate the password expiration" msgstr "評估密碼過期時效的策略" -#: src/config/SSSDConfig/sssdoptions.py:500 +#: src/config/SSSDConfig/sssdoptions.py:501 msgid "Which attributes shall be used to evaluate if an account is expired" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:504 +#: src/config/SSSDConfig/sssdoptions.py:505 msgid "URI of an LDAP server where password changes are allowed" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:505 +#: src/config/SSSDConfig/sssdoptions.py:506 msgid "URI of a backup LDAP server where password changes are allowed" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:506 +#: src/config/SSSDConfig/sssdoptions.py:507 msgid "DNS service name for LDAP password change server" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:507 +#: src/config/SSSDConfig/sssdoptions.py:508 msgid "" "Whether to update the ldap_user_shadow_last_change attribute after a " "password change" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:511 +#: src/config/SSSDConfig/sssdoptions.py:512 msgid "Base DN for sudo rules lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:512 +#: src/config/SSSDConfig/sssdoptions.py:513 msgid "Automatic full refresh period" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:513 +#: src/config/SSSDConfig/sssdoptions.py:514 msgid "Automatic smart refresh period" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:514 +#: src/config/SSSDConfig/sssdoptions.py:515 msgid "Smart and full refresh random offset" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:515 +#: src/config/SSSDConfig/sssdoptions.py:516 msgid "Whether to filter rules by hostname, IP addresses and network" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:516 +#: src/config/SSSDConfig/sssdoptions.py:517 msgid "" "Hostnames and/or fully qualified domain names of this machine to filter sudo " "rules" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:517 +#: src/config/SSSDConfig/sssdoptions.py:518 msgid "IPv4 or IPv6 addresses or network of this machine to filter sudo rules" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:518 +#: src/config/SSSDConfig/sssdoptions.py:519 msgid "Whether to include rules that contains netgroup in host attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:519 +#: src/config/SSSDConfig/sssdoptions.py:520 msgid "" "Whether to include rules that contains regular expression in host attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:520 +#: src/config/SSSDConfig/sssdoptions.py:521 msgid "Object class for sudo rules" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:521 +#: src/config/SSSDConfig/sssdoptions.py:522 msgid "Name of attribute that is used as object class for sudo rules" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:522 +#: src/config/SSSDConfig/sssdoptions.py:523 msgid "Sudo rule name" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:523 +#: src/config/SSSDConfig/sssdoptions.py:524 msgid "Sudo rule command attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:524 +#: src/config/SSSDConfig/sssdoptions.py:525 msgid "Sudo rule host attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:525 +#: src/config/SSSDConfig/sssdoptions.py:526 msgid "Sudo rule user attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:526 +#: src/config/SSSDConfig/sssdoptions.py:527 msgid "Sudo rule option attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:527 +#: src/config/SSSDConfig/sssdoptions.py:528 msgid "Sudo rule runas attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:528 +#: src/config/SSSDConfig/sssdoptions.py:529 msgid "Sudo rule runasuser attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:529 +#: src/config/SSSDConfig/sssdoptions.py:530 msgid "Sudo rule runasgroup attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:530 +#: src/config/SSSDConfig/sssdoptions.py:531 msgid "Sudo rule notbefore attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:531 +#: src/config/SSSDConfig/sssdoptions.py:532 msgid "Sudo rule notafter attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:532 +#: src/config/SSSDConfig/sssdoptions.py:533 msgid "Sudo rule order attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:535 +#: src/config/SSSDConfig/sssdoptions.py:536 msgid "Object class for automounter maps" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:536 +#: src/config/SSSDConfig/sssdoptions.py:537 msgid "Automounter map name attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:537 +#: src/config/SSSDConfig/sssdoptions.py:538 msgid "Object class for automounter map entries" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:538 +#: src/config/SSSDConfig/sssdoptions.py:539 msgid "Automounter map entry key attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:539 +#: src/config/SSSDConfig/sssdoptions.py:540 msgid "Automounter map entry value attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:540 +#: src/config/SSSDConfig/sssdoptions.py:541 msgid "Base DN for automounter map lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:541 +#: src/config/SSSDConfig/sssdoptions.py:542 msgid "The name of the automount master map in LDAP." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:544 +#: src/config/SSSDConfig/sssdoptions.py:545 msgid "Base DN for IP hosts lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:545 +#: src/config/SSSDConfig/sssdoptions.py:546 msgid "Object class for IP hosts" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:546 +#: src/config/SSSDConfig/sssdoptions.py:547 msgid "IP host name attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:547 +#: src/config/SSSDConfig/sssdoptions.py:548 msgid "IP host number (address) attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:548 +#: src/config/SSSDConfig/sssdoptions.py:549 msgid "IP host entryUSN attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:549 +#: src/config/SSSDConfig/sssdoptions.py:550 msgid "Base DN for IP networks lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:550 +#: src/config/SSSDConfig/sssdoptions.py:551 msgid "Object class for IP networks" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:551 +#: src/config/SSSDConfig/sssdoptions.py:552 msgid "IP network name attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:552 +#: src/config/SSSDConfig/sssdoptions.py:553 msgid "IP network number (address) attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:553 +#: src/config/SSSDConfig/sssdoptions.py:554 msgid "IP network entryUSN attribute" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:556 +#: src/config/SSSDConfig/sssdoptions.py:557 msgid "Comma separated list of allowed users" msgstr "許可的使用者清單,請使用半形逗號作為分隔" -#: src/config/SSSDConfig/sssdoptions.py:557 +#: src/config/SSSDConfig/sssdoptions.py:558 msgid "Comma separated list of prohibited users" msgstr "被禁止的使用者清單,請使用半形逗號作為分隔" -#: src/config/SSSDConfig/sssdoptions.py:558 +#: src/config/SSSDConfig/sssdoptions.py:559 msgid "" "Comma separated list of groups that are allowed to log in. This applies only " "to groups within this SSSD domain. Local groups are not evaluated." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:560 +#: src/config/SSSDConfig/sssdoptions.py:561 msgid "" "Comma separated list of groups that are explicitly denied access. This " "applies only to groups within this SSSD domain. Local groups are not " "evaluated." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:564 +#: src/config/SSSDConfig/sssdoptions.py:565 msgid "The number of preforked proxy children." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:567 +#: src/config/SSSDConfig/sssdoptions.py:568 msgid "The name of the NSS library to use" msgstr "要使用的 NSS 函式庫名稱" -#: src/config/SSSDConfig/sssdoptions.py:568 +#: src/config/SSSDConfig/sssdoptions.py:569 msgid "The name of the NSS library to use for hosts and networks lookups" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:569 +#: src/config/SSSDConfig/sssdoptions.py:570 msgid "Whether to look up canonical group name from cache if possible" msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:572 +#: src/config/SSSDConfig/sssdoptions.py:573 msgid "PAM stack to use" msgstr "要使用的 PAM 堆疊" -#: src/config/SSSDConfig/sssdoptions.py:575 +#: src/config/SSSDConfig/sssdoptions.py:576 msgid "Path of passwd file sources." msgstr "" -#: src/config/SSSDConfig/sssdoptions.py:576 +#: src/config/SSSDConfig/sssdoptions.py:577 msgid "Path of group file sources." msgstr "" @@ -1882,67 +1886,67 @@ msgstr "" msgid "SSSD is already running\n" msgstr "" -#: src/providers/krb5/krb5_child.c:4007 src/providers/ldap/ldap_child.c:641 +#: src/providers/krb5/krb5_child.c:4027 src/providers/ldap/ldap_child.c:642 msgid "Allow core dumps" msgstr "" -#: src/providers/krb5/krb5_child.c:4009 src/providers/ldap/ldap_child.c:643 +#: src/providers/krb5/krb5_child.c:4029 src/providers/ldap/ldap_child.c:644 msgid "An open file descriptor for the debug logs" msgstr "" -#: src/providers/krb5/krb5_child.c:4012 +#: src/providers/krb5/krb5_child.c:4032 msgid "The user to create FAST ccache as" msgstr "" -#: src/providers/krb5/krb5_child.c:4014 +#: src/providers/krb5/krb5_child.c:4034 msgid "The group to create FAST ccache as" msgstr "" -#: src/providers/krb5/krb5_child.c:4016 +#: src/providers/krb5/krb5_child.c:4036 msgid "Use anonymous PKINIT to request FAST armor ticket" msgstr "" -#: src/providers/krb5/krb5_child.c:4018 +#: src/providers/krb5/krb5_child.c:4038 msgid "Kerberos realm to use" msgstr "" -#: src/providers/krb5/krb5_child.c:4020 +#: src/providers/krb5/krb5_child.c:4040 msgid "Requested lifetime of the ticket" msgstr "" -#: src/providers/krb5/krb5_child.c:4022 +#: src/providers/krb5/krb5_child.c:4042 msgid "Requested renewable lifetime of the ticket" msgstr "" -#: src/providers/krb5/krb5_child.c:4024 +#: src/providers/krb5/krb5_child.c:4044 msgid "FAST options ('never', 'try', 'demand')" msgstr "" -#: src/providers/krb5/krb5_child.c:4027 +#: src/providers/krb5/krb5_child.c:4047 msgid "Specifies the server principal to use for FAST" msgstr "" -#: src/providers/krb5/krb5_child.c:4029 +#: src/providers/krb5/krb5_child.c:4049 msgid "Requests canonicalization of the principal name" msgstr "" -#: src/providers/krb5/krb5_child.c:4031 +#: src/providers/krb5/krb5_child.c:4051 msgid "Use custom version of krb5_get_init_creds_password" msgstr "" -#: src/providers/krb5/krb5_child.c:4033 +#: src/providers/krb5/krb5_child.c:4053 msgid "Tevent chain ID used for logging purposes" msgstr "" -#: src/providers/krb5/krb5_child.c:4035 +#: src/providers/krb5/krb5_child.c:4055 msgid "Check PAC flags" msgstr "" -#: src/providers/krb5/krb5_child.c:4079 src/providers/ldap/ldap_child.c:669 +#: src/providers/krb5/krb5_child.c:4099 src/providers/ldap/ldap_child.c:670 msgid "talloc_asprintf failed.\n" msgstr "" -#: src/providers/krb5/krb5_child.c:4089 src/providers/ldap/ldap_child.c:678 +#: src/providers/krb5/krb5_child.c:4109 src/providers/ldap/ldap_child.c:679 msgid "set_debug_file_from_fd failed.\n" msgstr "" @@ -1986,119 +1990,131 @@ msgstr "" msgid "Permission denied. " msgstr "" -#: src/sss_client/pam_sss.c:70 src/sss_client/pam_sss.c:819 -#: src/sss_client/pam_sss.c:830 +#: src/sss_client/pam_sss.c:70 src/sss_client/pam_sss.c:838 +#: src/sss_client/pam_sss.c:849 msgid "Server message: " msgstr "伺服器訊息:" #: src/sss_client/pam_sss.c:71 +msgid "" +"Kerberos TGT will not be granted upon login, user experience will be " +"affected." +msgstr "" + +#: src/sss_client/pam_sss.c:72 msgid "Enter PIN:" msgstr "" -#: src/sss_client/pam_sss.c:314 +#: src/sss_client/pam_sss.c:315 msgid "Passwords do not match" msgstr "密碼不相符" -#: src/sss_client/pam_sss.c:502 +#: src/sss_client/pam_sss.c:503 msgid "Password reset by root is not supported." msgstr "" -#: src/sss_client/pam_sss.c:543 +#: src/sss_client/pam_sss.c:544 msgid "Authenticated with cached credentials" msgstr "" -#: src/sss_client/pam_sss.c:544 +#: src/sss_client/pam_sss.c:545 msgid ", your cached password will expire at: " msgstr ",您快取的密碼將在此刻過期:" -#: src/sss_client/pam_sss.c:574 +#: src/sss_client/pam_sss.c:575 #, c-format msgid "Your password has expired. You have %1$d grace login(s) remaining." msgstr "" -#: src/sss_client/pam_sss.c:624 +#: src/sss_client/pam_sss.c:625 #, c-format msgid "Your password will expire in %1$d %2$s." msgstr "" -#: src/sss_client/pam_sss.c:627 +#: src/sss_client/pam_sss.c:628 #, fuzzy, c-format msgid "Your password has expired." msgstr ",您快取的密碼將在此刻過期:" -#: src/sss_client/pam_sss.c:678 +#: src/sss_client/pam_sss.c:679 msgid "Authentication is denied until: " msgstr "" -#: src/sss_client/pam_sss.c:699 +#: src/sss_client/pam_sss.c:700 msgid "System is offline, password change not possible" msgstr "系統已離線,不可能作密碼變更" -#: src/sss_client/pam_sss.c:714 +#: src/sss_client/pam_sss.c:715 msgid "" "After changing the OTP password, you need to log out and back in order to " "acquire a ticket" msgstr "" -#: src/sss_client/pam_sss.c:729 +#: src/sss_client/pam_sss.c:730 msgid "PIN locked" msgstr "" -#: src/sss_client/pam_sss.c:816 src/sss_client/pam_sss.c:829 +#: src/sss_client/pam_sss.c:745 +msgid "" +"No Kerberos TGT granted as the server does not support this method. Your " +"single-sign on(SSO) experience will be affected." +msgstr "" + +#: src/sss_client/pam_sss.c:835 src/sss_client/pam_sss.c:848 msgid "Password change failed. " msgstr "密碼變更失敗。" -#: src/sss_client/pam_sss.c:1797 +#: src/sss_client/pam_sss.c:1819 #, c-format msgid "Authenticate at %1$s and press ENTER." msgstr "" -#: src/sss_client/pam_sss.c:1800 +#: src/sss_client/pam_sss.c:1822 #, c-format msgid "Authenticate with PIN %1$s at %2$s and press ENTER." msgstr "" -#: src/sss_client/pam_sss.c:2153 +#: src/sss_client/pam_sss.c:2181 msgid "Please (re)insert (different) Smartcard" msgstr "" -#: src/sss_client/pam_sss.c:2352 +#: src/sss_client/pam_sss.c:2380 msgid "New Password: " msgstr "新密碼:" -#: src/sss_client/pam_sss.c:2353 +#: src/sss_client/pam_sss.c:2381 msgid "Reenter new Password: " msgstr "再次輸入新密碼:" -#: src/sss_client/pam_sss.c:2523 src/sss_client/pam_sss.c:2526 +#: src/sss_client/pam_sss.c:2551 src/sss_client/pam_sss.c:2554 msgid "First Factor: " msgstr "" -#: src/sss_client/pam_sss.c:2524 src/sss_client/pam_sss.c:2707 +#: src/sss_client/pam_sss.c:2552 src/sss_client/pam_sss.c:2740 msgid "Second Factor (optional): " msgstr "" -#: src/sss_client/pam_sss.c:2527 src/sss_client/pam_sss.c:2710 +#: src/sss_client/pam_sss.c:2555 src/sss_client/pam_sss.c:2743 msgid "Second Factor: " msgstr "" -#: src/sss_client/pam_sss.c:2547 +#: src/sss_client/pam_sss.c:2575 msgid "Insert your passkey device, then press ENTER." msgstr "" -#: src/sss_client/pam_sss.c:2551 src/sss_client/pam_sss.c:2554 +#: src/sss_client/pam_sss.c:2579 src/sss_client/pam_sss.c:2587 msgid "Password: " msgstr "密碼:" -#: src/sss_client/pam_sss.c:2706 src/sss_client/pam_sss.c:2709 +#: src/sss_client/pam_sss.c:2739 src/sss_client/pam_sss.c:2742 msgid "First Factor (Current Password): " msgstr "" -#: src/sss_client/pam_sss.c:2713 +#: src/sss_client/pam_sss.c:2746 msgid "Current Password: " msgstr "目前的密碼:" -#: src/sss_client/pam_sss.c:3070 +#: src/sss_client/pam_sss.c:3103 msgid "Password expired. Change your password now." msgstr "密碼已過期。請立刻變更您的密碼。" diff --git a/src/man/po/br.po b/src/man/po/br.po index ada77270df0..52581a7bf0b 100644 --- a/src/man/po/br.po +++ b/src/man/po/br.po @@ -8,7 +8,7 @@ msgid "" msgstr "" "Project-Id-Version: sssd-docs 2.3.0\n" "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" -"POT-Creation-Date: 2023-05-05 10:09+0200\n" +"POT-Creation-Date: 2023-09-07 11:47+0200\n" "PO-Revision-Date: 2014-12-14 11:51-0500\n" "Last-Translator: Copied by Zanata \n" "Language-Team: Breton (http://www.transifex.com/projects/p/sssd/language/" @@ -205,8 +205,8 @@ msgstr "" #. type: Content of: #: sssd.conf.5.xml:136 sssd.conf.5.xml:173 sssd.conf.5.xml:358 -#: sssd.conf.5.xml:714 sssd.conf.5.xml:729 sssd.conf.5.xml:951 -#: sssd.conf.5.xml:1069 sssd.conf.5.xml:2197 sssd-ldap.5.xml:1071 +#: sssd.conf.5.xml:714 sssd.conf.5.xml:729 sssd.conf.5.xml:952 +#: sssd.conf.5.xml:1070 sssd.conf.5.xml:2198 sssd-ldap.5.xml:1071 #: sssd-ldap.5.xml:1174 sssd-ldap.5.xml:1243 sssd-ldap.5.xml:1750 #: sssd-ldap.5.xml:1815 sssd-ipa.5.xml:342 sssd-ad.5.xml:252 sssd-ad.5.xml:366 #: sssd-ad.5.xml:1200 sssd-ad.5.xml:1348 sssd-krb5.5.xml:358 @@ -226,8 +226,8 @@ msgid "" msgstr "" #. type: Content of: -#: sssd.conf.5.xml:149 sssd.conf.5.xml:652 sssd.conf.5.xml:948 -#: sssd.conf.5.xml:2100 sssd.conf.5.xml:2167 sssd.conf.5.xml:4128 +#: sssd.conf.5.xml:149 sssd.conf.5.xml:652 sssd.conf.5.xml:949 +#: sssd.conf.5.xml:2101 sssd.conf.5.xml:2168 sssd.conf.5.xml:4174 #: sssd-ldap.5.xml:312 sssd-ldap.5.xml:917 sssd-ldap.5.xml:936 #: sssd-ldap.5.xml:1146 sssd-ldap.5.xml:1599 sssd-ldap.5.xml:1839 #: sssd-ipa.5.xml:152 sssd-ipa.5.xml:254 sssd-ipa.5.xml:657 sssd-ad.5.xml:1106 @@ -295,8 +295,8 @@ msgid "" msgstr "" #. type: Content of: -#: sssd.conf.5.xml:196 sssd.conf.5.xml:1289 sssd.conf.5.xml:1766 -#: sssd.conf.5.xml:4144 sssd-ldap.5.xml:765 include/ldap_id_mapping.xml:270 +#: sssd.conf.5.xml:196 sssd.conf.5.xml:1290 sssd.conf.5.xml:1767 +#: sssd.conf.5.xml:4190 sssd-ldap.5.xml:765 include/ldap_id_mapping.xml:270 msgid "Default: 10" msgstr "" @@ -360,19 +360,19 @@ msgid "" msgstr "" #. type: Content of: -#: sssd.conf.5.xml:258 sssd.conf.5.xml:783 +#: sssd.conf.5.xml:258 sssd.conf.5.xml:784 msgid "reconnection_retries (integer)" msgstr "" #. type: Content of: -#: sssd.conf.5.xml:261 sssd.conf.5.xml:786 +#: sssd.conf.5.xml:261 sssd.conf.5.xml:787 msgid "" "Number of times services should attempt to reconnect in the event of a Data " "Provider crash or restart before they give up" msgstr "" #. type: Content of: -#: sssd.conf.5.xml:266 sssd.conf.5.xml:791 sssd.conf.5.xml:3708 +#: sssd.conf.5.xml:266 sssd.conf.5.xml:792 sssd.conf.5.xml:3709 #: include/failover.xml:100 msgid "Default: 3" msgstr "Dre ziouer : 3" @@ -394,7 +394,7 @@ msgid "" msgstr "" #. type: Content of: -#: sssd.conf.5.xml:287 sssd.conf.5.xml:3540 +#: sssd.conf.5.xml:287 sssd.conf.5.xml:3541 msgid "re_expression (string)" msgstr "re_expression (neudennad)" @@ -414,12 +414,12 @@ msgid "" msgstr "" #. type: Content of: -#: sssd.conf.5.xml:304 sssd.conf.5.xml:3597 +#: sssd.conf.5.xml:304 sssd.conf.5.xml:3598 msgid "full_name_format (string)" msgstr "full_name_format (neudennad)" #. type: Content of: -#: sssd.conf.5.xml:307 sssd.conf.5.xml:3600 +#: sssd.conf.5.xml:307 sssd.conf.5.xml:3601 msgid "" "A printf 3 -compatible format that describes how to compose a " @@ -427,39 +427,39 @@ msgid "" msgstr "" #. type: Content of: -#: sssd.conf.5.xml:318 sssd.conf.5.xml:3611 +#: sssd.conf.5.xml:318 sssd.conf.5.xml:3612 msgid "%1$s" msgstr "" #. type: Content of: -#: sssd.conf.5.xml:319 sssd.conf.5.xml:3612 +#: sssd.conf.5.xml:319 sssd.conf.5.xml:3613 msgid "user name" msgstr "" #. type: Content of: -#: sssd.conf.5.xml:322 sssd.conf.5.xml:3615 +#: sssd.conf.5.xml:322 sssd.conf.5.xml:3616 msgid "%2$s" msgstr "" #. type: Content of: -#: sssd.conf.5.xml:325 sssd.conf.5.xml:3618 +#: sssd.conf.5.xml:325 sssd.conf.5.xml:3619 msgid "domain name as specified in the SSSD config file." msgstr "" #. type: Content of: -#: sssd.conf.5.xml:331 sssd.conf.5.xml:3624 +#: sssd.conf.5.xml:331 sssd.conf.5.xml:3625 msgid "%3$s" msgstr "" #. type: Content of: -#: sssd.conf.5.xml:334 sssd.conf.5.xml:3627 +#: sssd.conf.5.xml:334 sssd.conf.5.xml:3628 msgid "" "domain flat name. Mostly usable for Active Directory domains, both directly " "configured or discovered via IPA trusts." msgstr "" #. type: Content of: -#: sssd.conf.5.xml:315 sssd.conf.5.xml:3608 +#: sssd.conf.5.xml:315 sssd.conf.5.xml:3609 msgid "" "The following expansions are supported: " @@ -873,7 +873,7 @@ msgid "" msgstr "" #. type: Content of: -#: sssd.conf.5.xml:700 sssd.conf.5.xml:1790 sssd.conf.5.xml:4194 +#: sssd.conf.5.xml:700 sssd.conf.5.xml:1791 sssd.conf.5.xml:4240 #: sssd-ad.5.xml:187 sssd-ad.5.xml:327 sssd-ad.5.xml:341 msgid "Default: Not set" msgstr "" @@ -922,11 +922,11 @@ msgstr "re_expression (neudennad)" #: sssd.conf.5.xml:744 msgid "" "Enable or disable the user verification (i.e. PIN, fingerprint) during " -"authentication." +"authentication. If enabled, the PIN will always be requested." msgstr "" #. type: Content of: -#: sssd.conf.5.xml:749 +#: sssd.conf.5.xml:750 msgid "" "The default is that the key settings decide what to do. In the IPA or " "kerberos pre-authentication case, this value will be overwritten by the " @@ -953,12 +953,12 @@ msgid "" msgstr "" #. type: Content of: -#: sssd.conf.5.xml:768 +#: sssd.conf.5.xml:769 msgid "SERVICES SECTIONS" msgstr "RANNOÙ SERVIJOÙ" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:770 +#: sssd.conf.5.xml:771 msgid "" "Settings that can be used to configure different services are described in " "this section. They should reside in the [<replaceable>$NAME</replaceable>] " @@ -967,22 +967,22 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:777 +#: sssd.conf.5.xml:778 msgid "General service configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:779 +#: sssd.conf.5.xml:780 msgid "These options can be used to configure any service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:796 +#: sssd.conf.5.xml:797 msgid "fd_limit" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:799 +#: sssd.conf.5.xml:800 msgid "" "This option specifies the maximum number of file descriptors that may be " "opened at one time by this SSSD process. On systems where SSSD is granted " @@ -992,17 +992,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:808 +#: sssd.conf.5.xml:809 msgid "Default: 8192 (or limits.conf \"hard\" limit)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:813 +#: sssd.conf.5.xml:814 msgid "client_idle_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:816 +#: sssd.conf.5.xml:817 msgid "" "This option specifies the number of seconds that a client of an SSSD process " "can hold onto a file descriptor without communicating on it. This value is " @@ -1012,19 +1012,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:825 +#: sssd.conf.5.xml:826 #, fuzzy #| msgid "Default: 3" msgid "Default: 60, KCM: 300" msgstr "Dre ziouer : 3" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:830 +#: sssd.conf.5.xml:831 msgid "offline_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:833 +#: sssd.conf.5.xml:834 msgid "" "When SSSD switches to offline mode the amount of time before it tries to go " "back online will increase based upon the time spent disconnected. By " @@ -1035,14 +1035,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:844 sssd.conf.5.xml:900 +#: sssd.conf.5.xml:845 sssd.conf.5.xml:901 msgid "" "new_delay = Minimum(old_delay * 2, offline_timeout_max) + random[0..." "offline_timeout_random_offset]" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:847 +#: sssd.conf.5.xml:848 msgid "" "The offline_timeout default value is 60. The offline_timeout_max default " "value is 3600. The offline_timeout_random_offset default value is 30. The " @@ -1050,44 +1050,44 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:853 +#: sssd.conf.5.xml:854 msgid "" "Note that the maximum length of each interval is defined by " "offline_timeout_max (apart of random part)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:857 sssd.conf.5.xml:1200 sssd.conf.5.xml:1583 -#: sssd.conf.5.xml:1879 sssd-ldap.5.xml:494 +#: sssd.conf.5.xml:858 sssd.conf.5.xml:1201 sssd.conf.5.xml:1584 +#: sssd.conf.5.xml:1880 sssd-ldap.5.xml:494 msgid "Default: 60" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:862 +#: sssd.conf.5.xml:863 msgid "offline_timeout_max (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:865 +#: sssd.conf.5.xml:866 msgid "" "Controls by how much the time between attempts to go online can be " "incremented following unsuccessful attempts to go online." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:870 +#: sssd.conf.5.xml:871 msgid "A value of 0 disables the incrementing behaviour." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:873 +#: sssd.conf.5.xml:874 msgid "" "The value of this parameter should be set in correlation to offline_timeout " "parameter value." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:877 +#: sssd.conf.5.xml:878 msgid "" "With offline_timeout set to 60 (default value) there is no point in setting " "offlinet_timeout_max to less than 120 as it will saturate instantly. General " @@ -1096,62 +1096,62 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:883 +#: sssd.conf.5.xml:884 msgid "" "Although a value between 0 and offline_timeout may be specified, it has the " "effect of overriding the offline_timeout value so is of little use." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:888 +#: sssd.conf.5.xml:889 #, fuzzy #| msgid "Default: 3" msgid "Default: 3600" msgstr "Dre ziouer : 3" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:893 +#: sssd.conf.5.xml:894 msgid "offline_timeout_random_offset (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:896 +#: sssd.conf.5.xml:897 msgid "" "When SSSD is in offline mode it keeps probing backend servers in specified " "time intervals:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:903 +#: sssd.conf.5.xml:904 msgid "" "This parameter controls the value of the random offset used for the above " "equation. Final random_offset value will be random number in range:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:908 +#: sssd.conf.5.xml:909 msgid "[0 - offline_timeout_random_offset]" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:911 +#: sssd.conf.5.xml:912 msgid "A value of 0 disables the random offset addition." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:914 +#: sssd.conf.5.xml:915 #, fuzzy #| msgid "Default: 3" msgid "Default: 30" msgstr "Dre ziouer : 3" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:919 +#: sssd.conf.5.xml:920 msgid "responder_idle_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:922 +#: sssd.conf.5.xml:923 msgid "" "This option specifies the number of seconds that an SSSD responder process " "can be up without being used. This value is limited in order to avoid " @@ -1163,58 +1163,58 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:936 sssd.conf.5.xml:1213 sssd.conf.5.xml:2321 +#: sssd.conf.5.xml:937 sssd.conf.5.xml:1214 sssd.conf.5.xml:2322 #: sssd-ldap.5.xml:331 msgid "Default: 300" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:941 +#: sssd.conf.5.xml:942 msgid "cache_first" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:944 +#: sssd.conf.5.xml:945 msgid "" "This option specifies whether the responder should query all caches before " "querying the Data Providers." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:959 +#: sssd.conf.5.xml:960 msgid "NSS configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:961 +#: sssd.conf.5.xml:962 msgid "" "These options can be used to configure the Name Service Switch (NSS) service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:966 +#: sssd.conf.5.xml:967 msgid "enum_cache_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:969 +#: sssd.conf.5.xml:970 msgid "" "How many seconds should nss_sss cache enumerations (requests for info about " "all users)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:973 +#: sssd.conf.5.xml:974 msgid "Default: 120" msgstr "Dre ziouer : 120" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:978 +#: sssd.conf.5.xml:979 msgid "entry_cache_nowait_percentage (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:981 +#: sssd.conf.5.xml:982 msgid "" "The entry cache can be set to automatically update entries in the background " "if they are requested beyond a percentage of the entry_cache_timeout value " @@ -1222,7 +1222,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:987 +#: sssd.conf.5.xml:988 msgid "" "For example, if the domain's entry_cache_timeout is set to 30s and " "entry_cache_nowait_percentage is set to 50 (percent), entries that come in " @@ -1232,7 +1232,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:997 +#: sssd.conf.5.xml:998 msgid "" "Valid values for this option are 0-99 and represent a percentage of the " "entry_cache_timeout for each domain. For performance reasons, this " @@ -1241,17 +1241,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1005 sssd.conf.5.xml:2121 +#: sssd.conf.5.xml:1006 sssd.conf.5.xml:2122 msgid "Default: 50" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1010 +#: sssd.conf.5.xml:1011 msgid "entry_negative_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1013 +#: sssd.conf.5.xml:1014 msgid "" "Specifies for how many seconds nss_sss should cache negative cache hits " "(that is, queries for invalid database entries, like nonexistent ones) " @@ -1259,17 +1259,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1019 sssd.conf.5.xml:1778 sssd.conf.5.xml:2145 +#: sssd.conf.5.xml:1020 sssd.conf.5.xml:1779 sssd.conf.5.xml:2146 msgid "Default: 15" msgstr "Dre ziouer : 15" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1024 +#: sssd.conf.5.xml:1025 msgid "local_negative_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1027 +#: sssd.conf.5.xml:1028 msgid "" "Specifies for how many seconds nss_sss should keep local users and groups in " "negative cache before trying to look it up in the back end again. Setting " @@ -1277,17 +1277,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1033 +#: sssd.conf.5.xml:1034 msgid "Default: 14400 (4 hours)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1038 +#: sssd.conf.5.xml:1039 msgid "filter_users, filter_groups (string)" msgstr "filter_users, filter_groups (neudennad)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1041 +#: sssd.conf.5.xml:1042 msgid "" "Exclude certain users or groups from being fetched from the sss NSS " "database. This is particularly useful for system accounts. This option can " @@ -1296,7 +1296,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1049 +#: sssd.conf.5.xml:1050 msgid "" "NOTE: The filter_groups option doesn't affect inheritance of nested group " "members, since filtering happens after they are propagated for returning via " @@ -1305,41 +1305,41 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1057 +#: sssd.conf.5.xml:1058 msgid "Default: root" msgstr "Dre zoiuer : root" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1062 +#: sssd.conf.5.xml:1063 msgid "filter_users_in_groups (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1065 +#: sssd.conf.5.xml:1066 msgid "" "If you want filtered user still be group members set this option to false." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1076 +#: sssd.conf.5.xml:1077 msgid "fallback_homedir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1079 +#: sssd.conf.5.xml:1080 msgid "" "Set a default template for a user's home directory if one is not specified " "explicitly by the domain's data provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1084 +#: sssd.conf.5.xml:1085 msgid "" "The available values for this option are the same as for override_homedir." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1090 +#: sssd.conf.5.xml:1091 #, no-wrap msgid "" "fallback_homedir = /home/%u\n" @@ -1347,23 +1347,23 @@ msgid "" msgstr "" #. type: Content of: <varlistentry><listitem><para> -#: sssd.conf.5.xml:1088 sssd.conf.5.xml:1650 sssd.conf.5.xml:1669 -#: sssd.conf.5.xml:1746 sssd-krb5.5.xml:451 include/override_homedir.xml:66 +#: sssd.conf.5.xml:1089 sssd.conf.5.xml:1651 sssd.conf.5.xml:1670 +#: sssd.conf.5.xml:1747 sssd-krb5.5.xml:451 include/override_homedir.xml:66 msgid "example: <placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1094 +#: sssd.conf.5.xml:1095 msgid "Default: not set (no substitution for unset home directories)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1100 +#: sssd.conf.5.xml:1101 msgid "override_shell (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1103 +#: sssd.conf.5.xml:1104 msgid "" "Override the login shell for all users. This option supersedes any other " "shell options if it takes effect and can be set either in the [nss] section " @@ -1371,47 +1371,47 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1109 +#: sssd.conf.5.xml:1110 msgid "Default: not set (SSSD will use the value retrieved from LDAP)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1115 +#: sssd.conf.5.xml:1116 msgid "allowed_shells (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1118 +#: sssd.conf.5.xml:1119 msgid "" "Restrict user shell to one of the listed values. The order of evaluation is:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1121 +#: sssd.conf.5.xml:1122 msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1125 +#: sssd.conf.5.xml:1126 msgid "" "2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</" "quote>, use the value of the shell_fallback parameter." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1130 +#: sssd.conf.5.xml:1131 msgid "" "3. If the shell is not in the allowed_shells list and not in <quote>/etc/" "shells</quote>, a nologin shell is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1135 +#: sssd.conf.5.xml:1136 msgid "The wildcard (*) can be used to allow any shell." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1138 +#: sssd.conf.5.xml:1139 msgid "" "The (*) is useful if you want to use shell_fallback in case that user's " "shell is not in <quote>/etc/shells</quote> and maintaining list of all " @@ -1419,113 +1419,113 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1145 +#: sssd.conf.5.xml:1146 msgid "An empty string for shell is passed as-is to libc." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1148 +#: sssd.conf.5.xml:1149 msgid "" "The <quote>/etc/shells</quote> is only read on SSSD start up, which means " "that a restart of the SSSD is required in case a new shell is installed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1152 +#: sssd.conf.5.xml:1153 msgid "Default: Not set. The user shell is automatically used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1157 +#: sssd.conf.5.xml:1158 msgid "vetoed_shells (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1160 +#: sssd.conf.5.xml:1161 msgid "Replace any instance of these shells with the shell_fallback" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1165 +#: sssd.conf.5.xml:1166 msgid "shell_fallback (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1168 +#: sssd.conf.5.xml:1169 msgid "" "The default shell to use if an allowed shell is not installed on the machine." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1172 +#: sssd.conf.5.xml:1173 msgid "Default: /bin/sh" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1177 +#: sssd.conf.5.xml:1178 msgid "default_shell" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1180 +#: sssd.conf.5.xml:1181 msgid "" "The default shell to use if the provider does not return one during lookup. " "This option can be specified globally in the [nss] section or per-domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1186 +#: sssd.conf.5.xml:1187 msgid "" "Default: not set (Return NULL if no shell is specified and rely on libc to " "substitute something sensible when necessary, usually /bin/sh)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1193 sssd.conf.5.xml:1576 +#: sssd.conf.5.xml:1194 sssd.conf.5.xml:1577 msgid "get_domains_timeout (int)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1196 sssd.conf.5.xml:1579 +#: sssd.conf.5.xml:1197 sssd.conf.5.xml:1580 msgid "" "Specifies time in seconds for which the list of subdomains will be " "considered valid." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1205 +#: sssd.conf.5.xml:1206 msgid "memcache_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1208 +#: sssd.conf.5.xml:1209 msgid "" "Specifies time in seconds for which records in the in-memory cache will be " "valid. Setting this option to zero will disable the in-memory cache." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1216 +#: sssd.conf.5.xml:1217 msgid "" "WARNING: Disabling the in-memory cache will have significant negative impact " "on SSSD's performance and should only be used for testing." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1222 sssd.conf.5.xml:1247 sssd.conf.5.xml:1272 -#: sssd.conf.5.xml:1297 sssd.conf.5.xml:1324 +#: sssd.conf.5.xml:1223 sssd.conf.5.xml:1248 sssd.conf.5.xml:1273 +#: sssd.conf.5.xml:1298 sssd.conf.5.xml:1325 msgid "" "NOTE: If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", " "client applications will not use the fast in-memory cache." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1230 +#: sssd.conf.5.xml:1231 msgid "memcache_size_passwd (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1233 +#: sssd.conf.5.xml:1234 msgid "" "Size (in megabytes) of the data table allocated inside fast in-memory cache " "for passwd requests. Setting the size to 0 will disable the passwd in-" @@ -1533,25 +1533,25 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1239 sssd.conf.5.xml:2963 sssd-ldap.5.xml:548 +#: sssd.conf.5.xml:1240 sssd.conf.5.xml:2964 sssd-ldap.5.xml:548 msgid "Default: 8" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1242 sssd.conf.5.xml:1267 sssd.conf.5.xml:1292 -#: sssd.conf.5.xml:1319 +#: sssd.conf.5.xml:1243 sssd.conf.5.xml:1268 sssd.conf.5.xml:1293 +#: sssd.conf.5.xml:1320 msgid "" "WARNING: Disabled or too small in-memory cache can have significant negative " "impact on SSSD's performance." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1255 +#: sssd.conf.5.xml:1256 msgid "memcache_size_group (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1258 +#: sssd.conf.5.xml:1259 msgid "" "Size (in megabytes) of the data table allocated inside fast in-memory cache " "for group requests. Setting the size to 0 will disable the group in-memory " @@ -1559,19 +1559,19 @@ msgid "" msgstr "" #. type: Content of: <variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1264 sssd.conf.5.xml:1316 sssd.conf.5.xml:3729 +#: sssd.conf.5.xml:1265 sssd.conf.5.xml:1317 sssd.conf.5.xml:3730 #: sssd-ldap.5.xml:473 sssd-ldap.5.xml:525 include/failover.xml:116 #: include/krb5_options.xml:11 msgid "Default: 6" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1280 +#: sssd.conf.5.xml:1281 msgid "memcache_size_initgroups (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1283 +#: sssd.conf.5.xml:1284 msgid "" "Size (in megabytes) of the data table allocated inside fast in-memory cache " "for initgroups requests. Setting the size to 0 will disable the initgroups " @@ -1579,12 +1579,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1305 +#: sssd.conf.5.xml:1306 msgid "memcache_size_sid (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1308 +#: sssd.conf.5.xml:1309 msgid "" "Size (in megabytes) of the data table allocated inside fast in-memory cache " "for SID related requests. Only SID-by-ID and ID-by-SID requests are " @@ -1593,12 +1593,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1332 sssd-ifp.5.xml:90 +#: sssd.conf.5.xml:1333 sssd-ifp.5.xml:90 msgid "user_attributes (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1335 +#: sssd.conf.5.xml:1336 msgid "" "Some of the additional NSS responder requests can return more attributes " "than just the POSIX ones defined by the NSS interface. The list of " @@ -1609,45 +1609,45 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1348 +#: sssd.conf.5.xml:1349 msgid "" "To make configuration more easy the NSS responder will check the InfoPipe " "option if it is not set for the NSS responder." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1353 +#: sssd.conf.5.xml:1354 msgid "Default: not set, fallback to InfoPipe option" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1358 +#: sssd.conf.5.xml:1359 msgid "pwfield (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1361 +#: sssd.conf.5.xml:1362 msgid "" "The value that NSS operations that return users or groups will return for " "the <quote>password</quote> field." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1366 +#: sssd.conf.5.xml:1367 #, fuzzy #| msgid "Default: true" msgid "Default: <quote>*</quote>" msgstr "Dre ziouer : true" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1369 +#: sssd.conf.5.xml:1370 msgid "" "Note: This option can also be set per-domain which overwrites the value in " "[nss] section." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1373 +#: sssd.conf.5.xml:1374 msgid "" "Default: <quote>not set</quote> (remote domains), <phrase " "condition=\"with_files_provider\"> <quote>x</quote> (the files domain), </" @@ -1656,60 +1656,60 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:1385 +#: sssd.conf.5.xml:1386 msgid "PAM configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:1387 +#: sssd.conf.5.xml:1388 msgid "" "These options can be used to configure the Pluggable Authentication Module " "(PAM) service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1392 +#: sssd.conf.5.xml:1393 msgid "offline_credentials_expiration (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1395 +#: sssd.conf.5.xml:1396 msgid "" "If the authentication provider is offline, how long should we allow cached " "logins (in days since the last successful online login)." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1400 sssd.conf.5.xml:1413 +#: sssd.conf.5.xml:1401 sssd.conf.5.xml:1414 msgid "Default: 0 (No limit)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1406 +#: sssd.conf.5.xml:1407 msgid "offline_failed_login_attempts (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1409 +#: sssd.conf.5.xml:1410 msgid "" "If the authentication provider is offline, how many failed login attempts " "are allowed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1419 +#: sssd.conf.5.xml:1420 msgid "offline_failed_login_delay (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1422 +#: sssd.conf.5.xml:1423 msgid "" "The time in minutes which has to pass after offline_failed_login_attempts " "has been reached before a new login attempt is possible." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1427 +#: sssd.conf.5.xml:1428 msgid "" "If set to 0 the user cannot authenticate offline if " "offline_failed_login_attempts has been reached. Only a successful online " @@ -1717,61 +1717,61 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1433 sssd.conf.5.xml:1543 +#: sssd.conf.5.xml:1434 sssd.conf.5.xml:1544 msgid "Default: 5" msgstr "Dre zoiuer : 5" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1439 +#: sssd.conf.5.xml:1440 msgid "pam_verbosity (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1442 +#: sssd.conf.5.xml:1443 msgid "" "Controls what kind of messages are shown to the user during authentication. " "The higher the number to more messages are displayed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1447 +#: sssd.conf.5.xml:1448 msgid "Currently sssd supports the following values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1450 +#: sssd.conf.5.xml:1451 msgid "<emphasis>0</emphasis>: do not show any message" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1453 +#: sssd.conf.5.xml:1454 msgid "<emphasis>1</emphasis>: show only important messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1457 +#: sssd.conf.5.xml:1458 msgid "<emphasis>2</emphasis>: show informational messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1460 +#: sssd.conf.5.xml:1461 msgid "<emphasis>3</emphasis>: show all messages and debug information" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1464 sssd.8.xml:63 +#: sssd.conf.5.xml:1465 sssd.8.xml:63 msgid "Default: 1" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1470 +#: sssd.conf.5.xml:1471 #, fuzzy #| msgid "re_expression (string)" msgid "pam_response_filter (string)" msgstr "re_expression (neudennad)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1473 +#: sssd.conf.5.xml:1474 msgid "" "A comma separated list of strings which allows to remove (filter) data sent " "by the PAM responder to pam_sss PAM module. There are different kind of " @@ -1780,51 +1780,51 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1481 +#: sssd.conf.5.xml:1482 msgid "" "While messages already can be controlled with the help of the pam_verbosity " "option this option allows to filter out other kind of responses as well." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1488 +#: sssd.conf.5.xml:1489 msgid "ENV" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1489 +#: sssd.conf.5.xml:1490 msgid "Do not send any environment variables to any service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1492 +#: sssd.conf.5.xml:1493 msgid "ENV:var_name" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1493 +#: sssd.conf.5.xml:1494 msgid "Do not send environment variable var_name to any service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1497 +#: sssd.conf.5.xml:1498 msgid "ENV:var_name:service" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1498 +#: sssd.conf.5.xml:1499 msgid "Do not send environment variable var_name to service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1486 +#: sssd.conf.5.xml:1487 msgid "" "Currently the following filters are supported: <placeholder " "type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1505 +#: sssd.conf.5.xml:1506 msgid "" "The list of strings can either be the list of filters which would set this " "list of filters and overwrite the defaults. Or each element of the list can " @@ -1835,23 +1835,23 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1516 +#: sssd.conf.5.xml:1517 msgid "Default: ENV:KRB5CCNAME:sudo, ENV:KRB5CCNAME:sudo-i" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1519 +#: sssd.conf.5.xml:1520 msgid "" "Example: -ENV:KRB5CCNAME:sudo-i will remove the filter from the default list" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1526 +#: sssd.conf.5.xml:1527 msgid "pam_id_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1529 +#: sssd.conf.5.xml:1530 msgid "" "For any PAM request while SSSD is online, the SSSD will attempt to " "immediately update the cached identity information for the user in order to " @@ -1859,7 +1859,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1535 +#: sssd.conf.5.xml:1536 msgid "" "A complete PAM conversation may perform multiple PAM requests, such as " "account management and session opening. This option controls (on a per-" @@ -1868,17 +1868,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1549 +#: sssd.conf.5.xml:1550 msgid "pam_pwd_expiration_warning (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1552 sssd.conf.5.xml:2987 +#: sssd.conf.5.xml:1553 sssd.conf.5.xml:2988 msgid "Display a warning N days before the password expires." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1555 +#: sssd.conf.5.xml:1556 msgid "" "Please note that the backend server has to provide information about the " "expiration time of the password. If this information is missing, sssd " @@ -1886,31 +1886,31 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1561 sssd.conf.5.xml:2990 +#: sssd.conf.5.xml:1562 sssd.conf.5.xml:2991 msgid "" "If zero is set, then this filter is not applied, i.e. if the expiration " "warning was received from backend server, it will automatically be displayed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1566 +#: sssd.conf.5.xml:1567 msgid "" "This setting can be overridden by setting <emphasis>pwd_expiration_warning</" "emphasis> for a particular domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1571 sssd.conf.5.xml:3976 sssd-ldap.5.xml:606 sssd.8.xml:79 +#: sssd.conf.5.xml:1572 sssd.conf.5.xml:3977 sssd-ldap.5.xml:606 sssd.8.xml:79 msgid "Default: 0" msgstr "Dre ziouer : 0" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1588 +#: sssd.conf.5.xml:1589 msgid "pam_trusted_users (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1591 +#: sssd.conf.5.xml:1592 msgid "" "Specifies the comma-separated list of UID values or user names that are " "allowed to run PAM conversations against trusted domains. Users not " @@ -1920,75 +1920,75 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1601 +#: sssd.conf.5.xml:1602 msgid "Default: All users are considered trusted by default" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1605 +#: sssd.conf.5.xml:1606 msgid "" "Please note that UID 0 is always allowed to access the PAM responder even in " "case it is not in the pam_trusted_users list." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1612 +#: sssd.conf.5.xml:1613 msgid "pam_public_domains (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1615 +#: sssd.conf.5.xml:1616 msgid "" "Specifies the comma-separated list of domain names that are accessible even " "to untrusted users." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1619 +#: sssd.conf.5.xml:1620 msgid "Two special values for pam_public_domains option are defined:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1623 +#: sssd.conf.5.xml:1624 msgid "" "all (Untrusted users are allowed to access all domains in PAM responder.)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1627 +#: sssd.conf.5.xml:1628 msgid "" "none (Untrusted users are not allowed to access any domains PAM in " "responder.)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1631 sssd.conf.5.xml:1656 sssd.conf.5.xml:1675 -#: sssd.conf.5.xml:1912 sssd.conf.5.xml:2732 sssd.conf.5.xml:3905 +#: sssd.conf.5.xml:1632 sssd.conf.5.xml:1657 sssd.conf.5.xml:1676 +#: sssd.conf.5.xml:1913 sssd.conf.5.xml:2733 sssd.conf.5.xml:3906 #: sssd-ldap.5.xml:1207 msgid "Default: none" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1636 +#: sssd.conf.5.xml:1637 msgid "pam_account_expired_message (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1639 +#: sssd.conf.5.xml:1640 msgid "" "Allows a custom expiration message to be set, replacing the default " "'Permission denied' message." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1644 +#: sssd.conf.5.xml:1645 msgid "" "Note: Please be aware that message is only printed for the SSH service " "unless pam_verbosity is set to 3 (show all messages and debug information)." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1652 +#: sssd.conf.5.xml:1653 #, no-wrap msgid "" "pam_account_expired_message = Account expired, please contact help desk.\n" @@ -1996,19 +1996,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1661 +#: sssd.conf.5.xml:1662 msgid "pam_account_locked_message (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1664 +#: sssd.conf.5.xml:1665 msgid "" "Allows a custom lockout message to be set, replacing the default 'Permission " "denied' message." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1671 +#: sssd.conf.5.xml:1672 #, no-wrap msgid "" "pam_account_locked_message = Account locked, please contact help desk.\n" @@ -2016,17 +2016,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1680 +#: sssd.conf.5.xml:1681 msgid "pam_passkey_auth (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1683 +#: sssd.conf.5.xml:1684 msgid "Enable passkey device based authentication." msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1686 sssd.conf.5.xml:1697 sssd.conf.5.xml:1711 +#: sssd.conf.5.xml:1687 sssd.conf.5.xml:1698 sssd.conf.5.xml:1712 #: sssd-ldap.5.xml:671 sssd-ldap.5.xml:692 sssd-ldap.5.xml:788 #: sssd-ldap.5.xml:1293 sssd-ad.5.xml:505 sssd-ad.5.xml:581 sssd-ad.5.xml:1126 #: sssd-ad.5.xml:1175 include/ldap_id_mapping.xml:250 @@ -2034,22 +2034,22 @@ msgid "Default: False" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1691 +#: sssd.conf.5.xml:1692 msgid "passkey_debug_libfido2 (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1694 +#: sssd.conf.5.xml:1695 msgid "Enable libfido2 library debug messages." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1702 +#: sssd.conf.5.xml:1703 msgid "pam_cert_auth (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1705 +#: sssd.conf.5.xml:1706 msgid "" "Enable certificate based Smartcard authentication. Since this requires " "additional communication with the Smartcard which will delay the " @@ -2057,36 +2057,36 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1716 +#: sssd.conf.5.xml:1717 msgid "pam_cert_db_path (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1719 +#: sssd.conf.5.xml:1720 msgid "The path to the certificate database." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1722 sssd.conf.5.xml:2247 sssd.conf.5.xml:4308 +#: sssd.conf.5.xml:1723 sssd.conf.5.xml:2248 sssd.conf.5.xml:4354 msgid "Default:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1724 sssd.conf.5.xml:2249 +#: sssd.conf.5.xml:1725 sssd.conf.5.xml:2250 msgid "" "/etc/sssd/pki/sssd_auth_ca_db.pem (path to a file with trusted CA " "certificates in PEM format)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1734 +#: sssd.conf.5.xml:1735 #, fuzzy #| msgid "re_expression (string)" msgid "pam_cert_verification (string)" msgstr "re_expression (neudennad)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1737 +#: sssd.conf.5.xml:1738 msgid "" "With this parameter the PAM certificate verification can be tuned with a " "comma separated list of options that override the " @@ -2096,7 +2096,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1748 +#: sssd.conf.5.xml:1749 #, no-wrap msgid "" "pam_cert_verification = partial_chain\n" @@ -2104,59 +2104,59 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1752 +#: sssd.conf.5.xml:1753 msgid "" "Default: not set, i.e. use default <quote>certificate_verification</quote> " "option defined in <quote>[sssd]</quote> section." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1759 +#: sssd.conf.5.xml:1760 msgid "p11_child_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1762 +#: sssd.conf.5.xml:1763 msgid "How many seconds will pam_sss wait for p11_child to finish." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1771 +#: sssd.conf.5.xml:1772 msgid "passkey_child_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1774 +#: sssd.conf.5.xml:1775 msgid "" "How many seconds will the PAM responder wait for passkey_child to finish." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1783 +#: sssd.conf.5.xml:1784 msgid "pam_app_services (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1786 +#: sssd.conf.5.xml:1787 msgid "" "Which PAM services are permitted to contact domains of type " "<quote>application</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1795 +#: sssd.conf.5.xml:1796 msgid "pam_p11_allowed_services (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1798 +#: sssd.conf.5.xml:1799 msgid "" "A comma-separated list of PAM service names for which it will be allowed to " "use Smartcards." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1813 +#: sssd.conf.5.xml:1814 #, no-wrap msgid "" "pam_p11_allowed_services = +my_pam_service, -login\n" @@ -2164,7 +2164,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1802 +#: sssd.conf.5.xml:1803 msgid "" "It is possible to add another PAM service name to the default set by using " "<quote>+service_name</quote> or to explicitly remove a PAM service name from " @@ -2176,63 +2176,63 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1817 sssd-ad.5.xml:644 sssd-ad.5.xml:753 sssd-ad.5.xml:811 +#: sssd.conf.5.xml:1818 sssd-ad.5.xml:644 sssd-ad.5.xml:753 sssd-ad.5.xml:811 #: sssd-ad.5.xml:869 sssd-ad.5.xml:947 msgid "Default: the default set of PAM service names includes:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1822 sssd-ad.5.xml:648 +#: sssd.conf.5.xml:1823 sssd-ad.5.xml:648 msgid "login" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1827 sssd-ad.5.xml:653 +#: sssd.conf.5.xml:1828 sssd-ad.5.xml:653 msgid "su" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1832 sssd-ad.5.xml:658 +#: sssd.conf.5.xml:1833 sssd-ad.5.xml:658 msgid "su-l" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1837 sssd-ad.5.xml:673 +#: sssd.conf.5.xml:1838 sssd-ad.5.xml:673 msgid "gdm-smartcard" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1842 sssd-ad.5.xml:668 +#: sssd.conf.5.xml:1843 sssd-ad.5.xml:668 msgid "gdm-password" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1847 sssd-ad.5.xml:678 +#: sssd.conf.5.xml:1848 sssd-ad.5.xml:678 msgid "kdm" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1852 sssd-ad.5.xml:956 +#: sssd.conf.5.xml:1853 sssd-ad.5.xml:956 msgid "sudo" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1857 sssd-ad.5.xml:961 +#: sssd.conf.5.xml:1858 sssd-ad.5.xml:961 msgid "sudo-i" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1862 +#: sssd.conf.5.xml:1863 msgid "gnome-screensaver" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1870 +#: sssd.conf.5.xml:1871 msgid "p11_wait_for_card_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1873 +#: sssd.conf.5.xml:1874 msgid "" "If Smartcard authentication is required how many extra seconds in addition " "to p11_child_timeout should the PAM responder wait until a Smartcard is " @@ -2240,12 +2240,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1884 +#: sssd.conf.5.xml:1885 msgid "p11_uri (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1887 +#: sssd.conf.5.xml:1888 msgid "" "PKCS#11 URI (see RFC-7512 for details) which can be used to restrict the " "selection of devices used for Smartcard authentication. By default SSSD's " @@ -2256,7 +2256,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1900 +#: sssd.conf.5.xml:1901 #, no-wrap msgid "" "p11_uri = pkcs11:slot-description=My%20Smartcard%20Reader\n" @@ -2264,7 +2264,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1904 +#: sssd.conf.5.xml:1905 #, no-wrap msgid "" "p11_uri = pkcs11:library-description=OpenSC%20smartcard%20framework;slot-id=2\n" @@ -2272,7 +2272,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1898 +#: sssd.conf.5.xml:1899 msgid "" "Example: <placeholder type=\"programlisting\" id=\"0\"/> or <placeholder " "type=\"programlisting\" id=\"1\"/> To find suitable URI please check the " @@ -2281,47 +2281,47 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1917 +#: sssd.conf.5.xml:1918 msgid "pam_initgroups_scheme" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1925 +#: sssd.conf.5.xml:1926 msgid "always" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1926 +#: sssd.conf.5.xml:1927 msgid "" "Always do an online lookup, please note that pam_id_timeout still applies" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1930 +#: sssd.conf.5.xml:1931 msgid "no_session" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1931 +#: sssd.conf.5.xml:1932 msgid "" "Only do an online lookup if there is no active session of the user, i.e. if " "the user is currently not logged in" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1936 +#: sssd.conf.5.xml:1937 msgid "never" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1937 +#: sssd.conf.5.xml:1938 msgid "" "Never force an online lookup, use the data from the cache as long as they " "are not expired" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1920 +#: sssd.conf.5.xml:1921 msgid "" "The PAM responder can force an online lookup to get the current group " "memberships of the user trying to log in. This option controls when this " @@ -2330,30 +2330,30 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1944 +#: sssd.conf.5.xml:1945 msgid "Default: no_session" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1949 sssd.conf.5.xml:4247 +#: sssd.conf.5.xml:1950 sssd.conf.5.xml:4293 msgid "pam_gssapi_services" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1952 +#: sssd.conf.5.xml:1953 msgid "" "Comma separated list of PAM services that are allowed to try GSSAPI " "authentication using pam_sss_gss.so module." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1957 +#: sssd.conf.5.xml:1958 msgid "" "To disable GSSAPI authentication, set this option to <quote>-</quote> (dash)." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1961 sssd.conf.5.xml:1992 sssd.conf.5.xml:2030 +#: sssd.conf.5.xml:1962 sssd.conf.5.xml:1993 sssd.conf.5.xml:2031 msgid "" "Note: This option can also be set per-domain which overwrites the value in " "[pam] section. It can also be set for trusted domain which overwrites the " @@ -2361,7 +2361,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1969 +#: sssd.conf.5.xml:1970 #, no-wrap msgid "" "pam_gssapi_services = sudo, sudo-i\n" @@ -2369,22 +2369,22 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1967 sssd.conf.5.xml:3899 +#: sssd.conf.5.xml:1968 sssd.conf.5.xml:3900 msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1973 +#: sssd.conf.5.xml:1974 msgid "Default: - (GSSAPI authentication is disabled)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1978 sssd.conf.5.xml:4248 +#: sssd.conf.5.xml:1979 sssd.conf.5.xml:4294 msgid "pam_gssapi_check_upn" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1981 +#: sssd.conf.5.xml:1982 msgid "" "If True, SSSD will require that the Kerberos user principal that " "successfully authenticated through GSSAPI can be associated with the user " @@ -2392,25 +2392,25 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1988 +#: sssd.conf.5.xml:1989 msgid "" "If False, every user that is able to obtained required service ticket will " "be authenticated." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1998 sssd-ad.5.xml:1266 sss_rpcidmapd.5.xml:76 +#: sssd.conf.5.xml:1999 sssd-ad.5.xml:1266 sss_rpcidmapd.5.xml:76 #: sssd-files.5.xml:145 msgid "Default: True" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2003 +#: sssd.conf.5.xml:2004 msgid "pam_gssapi_indicators_map" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2006 +#: sssd.conf.5.xml:2007 msgid "" "Comma separated list of authentication indicators required to be present in " "a Kerberos ticket to access a PAM service that is allowed to try GSSAPI " @@ -2418,7 +2418,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2012 +#: sssd.conf.5.xml:2013 msgid "" "Each element of the list can be either an authentication indicator name or a " "pair <quote>service:indicator</quote>. Indicators not prefixed with the PAM " @@ -2433,7 +2433,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2025 +#: sssd.conf.5.xml:2026 msgid "" "To disable GSSAPI authentication indicator check, set this option to <quote>-" "</quote> (dash). To disable the check for a specific PAM service, add " @@ -2441,45 +2441,45 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2036 +#: sssd.conf.5.xml:2037 msgid "" "Following authentication indicators are supported by IPA Kerberos " "deployments:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2039 +#: sssd.conf.5.xml:2040 msgid "" "pkinit -- pre-authentication using X.509 certificates -- whether stored in " "files or on smart cards." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2042 +#: sssd.conf.5.xml:2043 msgid "" "hardened -- SPAKE pre-authentication or any pre-authentication wrapped in a " "FAST channel." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2045 +#: sssd.conf.5.xml:2046 msgid "radius -- pre-authentication with the help of a RADIUS server." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2048 +#: sssd.conf.5.xml:2049 msgid "" "otp -- pre-authentication using integrated two-factor authentication (2FA or " "one-time password, OTP) in IPA." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2051 +#: sssd.conf.5.xml:2052 msgid "idp -- pre-authentication using external identity provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:2061 +#: sssd.conf.5.xml:2062 #, no-wrap msgid "" "pam_gssapi_indicators_map = sudo:pkinit, sudo-i:pkinit\n" @@ -2487,7 +2487,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2056 +#: sssd.conf.5.xml:2057 msgid "" "Example: to require access to SUDO services only for users which obtained " "their Kerberos tickets with a X.509 certificate pre-authentication (PKINIT), " @@ -2495,17 +2495,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2065 +#: sssd.conf.5.xml:2066 msgid "Default: not set (use of authentication indicators is not required)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:2073 +#: sssd.conf.5.xml:2074 msgid "SUDO configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2075 +#: sssd.conf.5.xml:2076 msgid "" "These options can be used to configure the sudo service. The detailed " "instructions for configuration of <citerefentry> <refentrytitle>sudo</" @@ -2516,24 +2516,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2092 +#: sssd.conf.5.xml:2093 msgid "sudo_timed (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2095 +#: sssd.conf.5.xml:2096 msgid "" "Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes " "that implement time-dependent sudoers entries." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2107 +#: sssd.conf.5.xml:2108 msgid "sudo_threshold (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2110 +#: sssd.conf.5.xml:2111 msgid "" "Maximum number of expired rules that can be refreshed at once. If number of " "expired rules is below threshold, those rules are refreshed with " @@ -2543,22 +2543,22 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:2129 +#: sssd.conf.5.xml:2130 msgid "AUTOFS configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2131 +#: sssd.conf.5.xml:2132 msgid "These options can be used to configure the autofs service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2135 +#: sssd.conf.5.xml:2136 msgid "autofs_negative_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2138 +#: sssd.conf.5.xml:2139 msgid "" "Specifies for how many seconds should the autofs responder negative cache " "hits (that is, queries for invalid map entries, like nonexistent ones) " @@ -2566,51 +2566,51 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:2154 +#: sssd.conf.5.xml:2155 msgid "SSH configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2156 +#: sssd.conf.5.xml:2157 msgid "These options can be used to configure the SSH service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2160 +#: sssd.conf.5.xml:2161 msgid "ssh_hash_known_hosts (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2163 +#: sssd.conf.5.xml:2164 msgid "" "Whether or not to hash host names and addresses in the managed known_hosts " "file." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2172 +#: sssd.conf.5.xml:2173 msgid "ssh_known_hosts_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2175 +#: sssd.conf.5.xml:2176 msgid "" "How many seconds to keep a host in the managed known_hosts file after its " "host keys were requested." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2179 +#: sssd.conf.5.xml:2180 msgid "Default: 180" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2184 +#: sssd.conf.5.xml:2185 msgid "ssh_use_certificate_keys (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2187 +#: sssd.conf.5.xml:2188 msgid "" "If set to true the <command>sss_ssh_authorizedkeys</command> will return ssh " "keys derived from the public key of X.509 certificates stored in the user " @@ -2619,12 +2619,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2202 +#: sssd.conf.5.xml:2203 msgid "ssh_use_certificate_matching_rules (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2205 +#: sssd.conf.5.xml:2206 msgid "" "By default the ssh responder will use all available certificate matching " "rules to filter the certificates so that ssh keys are only derived from the " @@ -2634,7 +2634,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2214 +#: sssd.conf.5.xml:2215 msgid "" "There are two special key words 'all_rules' and 'no_rules' which will enable " "all or no rules, respectively. The latter means that no certificates will be " @@ -2642,7 +2642,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2221 +#: sssd.conf.5.xml:2222 msgid "" "If no rules are configured using 'all_rules' will enable a default rule " "which enables all certificates suitable for client authentication. This is " @@ -2651,38 +2651,38 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2228 +#: sssd.conf.5.xml:2229 msgid "" "A non-existing rule name is considered an error. If as a result no rule is " "selected all certificates will be ignored." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2233 +#: sssd.conf.5.xml:2234 msgid "" "Default: not set, equivalent to 'all_rules', all found rules or the default " "rule are used" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2239 +#: sssd.conf.5.xml:2240 msgid "ca_db (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2242 +#: sssd.conf.5.xml:2243 msgid "" "Path to a storage of trusted CA certificates. The option is used to validate " "user certificates before deriving public ssh keys from them." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:2262 +#: sssd.conf.5.xml:2263 msgid "PAC responder configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2264 +#: sssd.conf.5.xml:2265 msgid "" "The PAC responder works together with the authorization data plugin for MIT " "Kerberos sssd_pac_plugin.so and a sub-domain provider. The plugin sends the " @@ -2693,7 +2693,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2273 +#: sssd.conf.5.xml:2274 msgid "" "If the remote user does not exist in the cache, it is created. The UID is " "determined with the help of the SID, trusted domains will have UPGs and the " @@ -2704,24 +2704,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2281 +#: sssd.conf.5.xml:2282 msgid "" "If there are SIDs of groups from domains sssd knows about, the user will be " "added to those groups." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2287 +#: sssd.conf.5.xml:2288 msgid "These options can be used to configure the PAC responder." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2291 sssd-ifp.5.xml:66 +#: sssd.conf.5.xml:2292 sssd-ifp.5.xml:66 msgid "allowed_uids (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2294 +#: sssd.conf.5.xml:2295 msgid "" "Specifies the comma-separated list of UID values or user names that are " "allowed to access the PAC responder. User names are resolved to UIDs at " @@ -2729,12 +2729,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2300 +#: sssd.conf.5.xml:2301 msgid "Default: 0 (only the root user is allowed to access the PAC responder)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2304 +#: sssd.conf.5.xml:2305 msgid "" "Please note that although the UID 0 is used as the default it will be " "overwritten with this option. If you still want to allow the root user to " @@ -2743,26 +2743,26 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2313 +#: sssd.conf.5.xml:2314 msgid "pac_lifetime (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2316 +#: sssd.conf.5.xml:2317 msgid "" "Lifetime of the PAC entry in seconds. As long as the PAC is valid the PAC " "data can be used to determine the group memberships of a user." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2326 +#: sssd.conf.5.xml:2327 #, fuzzy #| msgid "re_expression (string)" msgid "pac_check (string)" msgstr "re_expression (neudennad)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2329 +#: sssd.conf.5.xml:2330 msgid "" "Apply additional checks on the PAC of the Kerberos ticket which is available " "in Active Directory and FreeIPA domains, if configured. Please note that " @@ -2773,24 +2773,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2343 +#: sssd.conf.5.xml:2344 msgid "no_check" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2345 +#: sssd.conf.5.xml:2346 msgid "" "The PAC must not be present and even if it is present no additional checks " "will be done." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2351 +#: sssd.conf.5.xml:2352 msgid "pac_present" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2353 +#: sssd.conf.5.xml:2354 msgid "" "The PAC must be present in the service ticket which SSSD will request with " "the help of the user's TGT. If the PAC is not available the authentication " @@ -2798,24 +2798,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2361 +#: sssd.conf.5.xml:2362 msgid "check_upn" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2363 +#: sssd.conf.5.xml:2364 msgid "" "If the PAC is present check if the user principal name (UPN) information is " "consistent." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2369 +#: sssd.conf.5.xml:2370 msgid "check_upn_allow_missing" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2371 +#: sssd.conf.5.xml:2372 msgid "" "This option should be used together with 'check_upn' and handles the case " "where a UPN is set on the server-side but is not read by SSSD. The typical " @@ -2827,7 +2827,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2383 +#: sssd.conf.5.xml:2384 msgid "" "Currently this option is set by default to avoid regressions in such " "environments. A log message will be added to the system log and SSSD's debug " @@ -2838,60 +2838,60 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2397 +#: sssd.conf.5.xml:2398 msgid "upn_dns_info_present" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2399 +#: sssd.conf.5.xml:2400 msgid "The PAC must contain the UPN-DNS-INFO buffer, implies 'check_upn'." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2404 +#: sssd.conf.5.xml:2405 msgid "check_upn_dns_info_ex" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2406 +#: sssd.conf.5.xml:2407 msgid "" "If the PAC is present and the extension to the UPN-DNS-INFO buffer is " "available check if the information in the extension is consistent." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2413 +#: sssd.conf.5.xml:2414 msgid "upn_dns_info_ex_present" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2415 +#: sssd.conf.5.xml:2416 msgid "" "The PAC must contain the extension of the UPN-DNS-INFO buffer, implies " "'check_upn_dns_info_ex', 'upn_dns_info_present' and 'check_upn'." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2339 +#: sssd.conf.5.xml:2340 msgid "" "The following options can be used alone or in a comma-separated list: " "<placeholder type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2425 +#: sssd.conf.5.xml:2426 msgid "" "Default: no_check (AD and IPA provider 'check_upn, check_upn_allow_missing, " "check_upn_dns_info_ex')" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:2434 +#: sssd.conf.5.xml:2435 msgid "Session recording configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2436 +#: sssd.conf.5.xml:2437 msgid "" "Session recording works in conjunction with <citerefentry> " "<refentrytitle>tlog-rec-session</refentrytitle> <manvolnum>8</manvolnum> </" @@ -2901,66 +2901,66 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2449 +#: sssd.conf.5.xml:2450 msgid "These options can be used to configure session recording." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2453 sssd-session-recording.5.xml:64 +#: sssd.conf.5.xml:2454 sssd-session-recording.5.xml:64 msgid "scope (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2460 sssd-session-recording.5.xml:71 +#: sssd.conf.5.xml:2461 sssd-session-recording.5.xml:71 msgid "\"none\"" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2463 sssd-session-recording.5.xml:74 +#: sssd.conf.5.xml:2464 sssd-session-recording.5.xml:74 msgid "No users are recorded." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2468 sssd-session-recording.5.xml:79 +#: sssd.conf.5.xml:2469 sssd-session-recording.5.xml:79 msgid "\"some\"" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2471 sssd-session-recording.5.xml:82 +#: sssd.conf.5.xml:2472 sssd-session-recording.5.xml:82 msgid "" "Users/groups specified by <replaceable>users</replaceable> and " "<replaceable>groups</replaceable> options are recorded." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2480 sssd-session-recording.5.xml:91 +#: sssd.conf.5.xml:2481 sssd-session-recording.5.xml:91 msgid "\"all\"" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2483 sssd-session-recording.5.xml:94 +#: sssd.conf.5.xml:2484 sssd-session-recording.5.xml:94 msgid "All users are recorded." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2456 sssd-session-recording.5.xml:67 +#: sssd.conf.5.xml:2457 sssd-session-recording.5.xml:67 msgid "" "One of the following strings specifying the scope of session recording: " "<placeholder type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2490 sssd-session-recording.5.xml:101 +#: sssd.conf.5.xml:2491 sssd-session-recording.5.xml:101 msgid "Default: \"none\"" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2495 sssd-session-recording.5.xml:106 +#: sssd.conf.5.xml:2496 sssd-session-recording.5.xml:106 msgid "users (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2498 sssd-session-recording.5.xml:109 +#: sssd.conf.5.xml:2499 sssd-session-recording.5.xml:109 msgid "" "A comma-separated list of users which should have session recording enabled. " "Matches user names as returned by NSS. I.e. after the possible space " @@ -2968,17 +2968,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2504 sssd-session-recording.5.xml:115 +#: sssd.conf.5.xml:2505 sssd-session-recording.5.xml:115 msgid "Default: Empty. Matches no users." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2509 sssd-session-recording.5.xml:120 +#: sssd.conf.5.xml:2510 sssd-session-recording.5.xml:120 msgid "groups (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2512 sssd-session-recording.5.xml:123 +#: sssd.conf.5.xml:2513 sssd-session-recording.5.xml:123 msgid "" "A comma-separated list of groups, members of which should have session " "recording enabled. Matches group names as returned by NSS. I.e. after the " @@ -2986,7 +2986,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2518 sssd.conf.5.xml:2550 sssd-session-recording.5.xml:129 +#: sssd.conf.5.xml:2519 sssd.conf.5.xml:2551 sssd-session-recording.5.xml:129 #: sssd-session-recording.5.xml:161 msgid "" "NOTE: using this option (having it set to anything) has a considerable " @@ -2995,60 +2995,60 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2525 sssd-session-recording.5.xml:136 +#: sssd.conf.5.xml:2526 sssd-session-recording.5.xml:136 msgid "Default: Empty. Matches no groups." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2530 sssd-session-recording.5.xml:141 +#: sssd.conf.5.xml:2531 sssd-session-recording.5.xml:141 #, fuzzy #| msgid "re_expression (string)" msgid "exclude_users (string)" msgstr "re_expression (neudennad)" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2533 sssd-session-recording.5.xml:144 +#: sssd.conf.5.xml:2534 sssd-session-recording.5.xml:144 msgid "" "A comma-separated list of users to be excluded from recording, only " "applicable with 'scope=all'." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2537 sssd-session-recording.5.xml:148 +#: sssd.conf.5.xml:2538 sssd-session-recording.5.xml:148 msgid "Default: Empty. No users excluded." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2542 sssd-session-recording.5.xml:153 +#: sssd.conf.5.xml:2543 sssd-session-recording.5.xml:153 #, fuzzy #| msgid "filter_users, filter_groups (string)" msgid "exclude_groups (string)" msgstr "filter_users, filter_groups (neudennad)" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2545 sssd-session-recording.5.xml:156 +#: sssd.conf.5.xml:2546 sssd-session-recording.5.xml:156 msgid "" "A comma-separated list of groups, members of which should be excluded from " "recording. Only applicable with 'scope=all'." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2557 sssd-session-recording.5.xml:168 +#: sssd.conf.5.xml:2558 sssd-session-recording.5.xml:168 msgid "Default: Empty. No groups excluded." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:2567 +#: sssd.conf.5.xml:2568 msgid "DOMAIN SECTIONS" msgstr "RANNOÙ DOMANI" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2574 +#: sssd.conf.5.xml:2575 msgid "enabled" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2577 +#: sssd.conf.5.xml:2578 msgid "" "Explicitly enable or disable the domain. If <quote>true</quote>, the domain " "is always <quote>enabled</quote>. If <quote>false</quote>, the domain is " @@ -3058,12 +3058,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2589 +#: sssd.conf.5.xml:2590 msgid "domain_type (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2592 +#: sssd.conf.5.xml:2593 msgid "" "Specifies whether the domain is meant to be used by POSIX-aware clients such " "as the Name Service Switch or by applications that do not need POSIX data to " @@ -3072,14 +3072,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2600 +#: sssd.conf.5.xml:2601 msgid "" "Allowed values for this option are <quote>posix</quote> and " "<quote>application</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2604 +#: sssd.conf.5.xml:2605 msgid "" "POSIX domains are reachable by all services. Application domains are only " "reachable from the InfoPipe responder (see <citerefentry> " @@ -3088,38 +3088,38 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2612 +#: sssd.conf.5.xml:2613 msgid "" "NOTE: The application domains are currently well tested with " "<quote>id_provider=ldap</quote> only." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2616 +#: sssd.conf.5.xml:2617 msgid "" "For an easy way to configure a non-POSIX domains, please see the " "<quote>Application domains</quote> section." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2620 +#: sssd.conf.5.xml:2621 msgid "Default: posix" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2626 +#: sssd.conf.5.xml:2627 msgid "min_id,max_id (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2629 +#: sssd.conf.5.xml:2630 msgid "" "UID and GID limits for the domain. If a domain contains an entry that is " "outside these limits, it is ignored." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2634 +#: sssd.conf.5.xml:2635 msgid "" "For users, this affects the primary GID limit. The user will not be returned " "to NSS if either the UID or the primary GID is outside the range. For non-" @@ -3128,24 +3128,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2641 +#: sssd.conf.5.xml:2642 msgid "" "These ID limits affect even saving entries to cache, not only returning them " "by name or ID." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2645 +#: sssd.conf.5.xml:2646 msgid "Default: 1 for min_id, 0 (no limit) for max_id" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2651 +#: sssd.conf.5.xml:2652 msgid "enumerate (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2654 +#: sssd.conf.5.xml:2655 msgid "" "Determines if a domain can be enumerated, that is, whether the domain can " "list all the users and group it contains. Note that it is not required to " @@ -3154,29 +3154,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2662 +#: sssd.conf.5.xml:2663 msgid "TRUE = Users and groups are enumerated" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2665 +#: sssd.conf.5.xml:2666 msgid "FALSE = No enumerations for this domain" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2668 sssd.conf.5.xml:2942 sssd.conf.5.xml:3119 +#: sssd.conf.5.xml:2669 sssd.conf.5.xml:2943 sssd.conf.5.xml:3120 msgid "Default: FALSE" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2671 +#: sssd.conf.5.xml:2672 msgid "" "Enumerating a domain requires SSSD to download and store ALL user and group " "entries from the remote server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2676 +#: sssd.conf.5.xml:2677 msgid "" "Note: Enabling enumeration has a moderate performance impact on SSSD while " "enumeration is running. It may take up to several minutes after SSSD startup " @@ -3190,14 +3190,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2691 +#: sssd.conf.5.xml:2692 msgid "" "While the first enumeration is running, requests for the complete user or " "group lists may return no results until it completes." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2696 +#: sssd.conf.5.xml:2697 msgid "" "Further, enabling enumeration may increase the time necessary to detect " "network disconnection, as longer timeouts are required to ensure that " @@ -3206,39 +3206,39 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2704 +#: sssd.conf.5.xml:2705 msgid "" "For the reasons cited above, enabling enumeration is not recommended, " "especially in large environments." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2712 +#: sssd.conf.5.xml:2713 msgid "subdomain_enumerate (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2719 +#: sssd.conf.5.xml:2720 msgid "all" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2720 +#: sssd.conf.5.xml:2721 msgid "All discovered trusted domains will be enumerated" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2723 +#: sssd.conf.5.xml:2724 msgid "none" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2724 +#: sssd.conf.5.xml:2725 msgid "No discovered trusted domains will be enumerated" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2715 +#: sssd.conf.5.xml:2716 msgid "" "Whether any of autodetected trusted domains should be enumerated. The " "supported values are: <placeholder type=\"variablelist\" id=\"0\"/> " @@ -3247,19 +3247,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2738 +#: sssd.conf.5.xml:2739 msgid "entry_cache_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2741 +#: sssd.conf.5.xml:2742 msgid "" "How many seconds should nss_sss consider entries valid before asking the " "backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2745 +#: sssd.conf.5.xml:2746 msgid "" "The cache expiration timestamps are stored as attributes of individual " "objects in the cache. Therefore, changing the cache timeout only has effect " @@ -3270,139 +3270,139 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2758 +#: sssd.conf.5.xml:2759 msgid "Default: 5400" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2764 +#: sssd.conf.5.xml:2765 msgid "entry_cache_user_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2767 +#: sssd.conf.5.xml:2768 msgid "" "How many seconds should nss_sss consider user entries valid before asking " "the backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2771 sssd.conf.5.xml:2784 sssd.conf.5.xml:2797 -#: sssd.conf.5.xml:2810 sssd.conf.5.xml:2824 sssd.conf.5.xml:2837 -#: sssd.conf.5.xml:2851 sssd.conf.5.xml:2865 sssd.conf.5.xml:2878 +#: sssd.conf.5.xml:2772 sssd.conf.5.xml:2785 sssd.conf.5.xml:2798 +#: sssd.conf.5.xml:2811 sssd.conf.5.xml:2825 sssd.conf.5.xml:2838 +#: sssd.conf.5.xml:2852 sssd.conf.5.xml:2866 sssd.conf.5.xml:2879 msgid "Default: entry_cache_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2777 +#: sssd.conf.5.xml:2778 msgid "entry_cache_group_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2780 +#: sssd.conf.5.xml:2781 msgid "" "How many seconds should nss_sss consider group entries valid before asking " "the backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2790 +#: sssd.conf.5.xml:2791 msgid "entry_cache_netgroup_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2793 +#: sssd.conf.5.xml:2794 msgid "" "How many seconds should nss_sss consider netgroup entries valid before " "asking the backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2803 +#: sssd.conf.5.xml:2804 msgid "entry_cache_service_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2806 +#: sssd.conf.5.xml:2807 msgid "" "How many seconds should nss_sss consider service entries valid before asking " "the backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2816 +#: sssd.conf.5.xml:2817 msgid "entry_cache_resolver_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2819 +#: sssd.conf.5.xml:2820 msgid "" "How many seconds should nss_sss consider hosts and networks entries valid " "before asking the backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2830 +#: sssd.conf.5.xml:2831 msgid "entry_cache_sudo_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2833 +#: sssd.conf.5.xml:2834 msgid "" "How many seconds should sudo consider rules valid before asking the backend " "again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2843 +#: sssd.conf.5.xml:2844 msgid "entry_cache_autofs_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2846 +#: sssd.conf.5.xml:2847 msgid "" "How many seconds should the autofs service consider automounter maps valid " "before asking the backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2857 +#: sssd.conf.5.xml:2858 msgid "entry_cache_ssh_host_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2860 +#: sssd.conf.5.xml:2861 msgid "" "How many seconds to keep a host ssh key after refresh. IE how long to cache " "the host key for." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2871 +#: sssd.conf.5.xml:2872 msgid "entry_cache_computer_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2874 +#: sssd.conf.5.xml:2875 msgid "" "How many seconds to keep the local computer entry before asking the backend " "again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2884 +#: sssd.conf.5.xml:2885 msgid "refresh_expired_interval (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2887 +#: sssd.conf.5.xml:2888 msgid "" "Specifies how many seconds SSSD has to wait before triggering a background " "refresh task which will refresh all expired or nearly expired records." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2892 +#: sssd.conf.5.xml:2893 msgid "" "The background refresh will process users, groups and netgroups in the " "cache. For users who have performed the initgroups (get group membership for " @@ -3411,17 +3411,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2900 +#: sssd.conf.5.xml:2901 msgid "This option is automatically inherited for all trusted domains." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2904 +#: sssd.conf.5.xml:2905 msgid "You can consider setting this value to 3/4 * entry_cache_timeout." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2908 +#: sssd.conf.5.xml:2909 msgid "" "Cache entry will be refreshed by background task when 2/3 of cache timeout " "has already passed. If there are existing cached entries, the background " @@ -3433,23 +3433,23 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2921 sssd-ldap.5.xml:360 sssd-ldap.5.xml:1736 +#: sssd.conf.5.xml:2922 sssd-ldap.5.xml:360 sssd-ldap.5.xml:1736 #: sssd-ipa.5.xml:270 msgid "Default: 0 (disabled)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2927 +#: sssd.conf.5.xml:2928 msgid "cache_credentials (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2930 +#: sssd.conf.5.xml:2931 msgid "Determines if user credentials are also cached in the local LDB cache." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2934 +#: sssd.conf.5.xml:2935 msgid "" "Take a note that while credentials are stored as a salted SHA512 hash, this " "still potentially poses some security risk in case an attacker manages to " @@ -3458,12 +3458,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2948 +#: sssd.conf.5.xml:2949 msgid "cache_credentials_minimal_first_factor_length (int)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2951 +#: sssd.conf.5.xml:2952 msgid "" "If 2-Factor-Authentication (2FA) is used and credentials should be saved " "this value determines the minimal length the first authentication factor " @@ -3471,19 +3471,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2958 +#: sssd.conf.5.xml:2959 msgid "" "This should avoid that the short PINs of a PIN based 2FA scheme are saved in " "the cache which would make them easy targets for brute-force attacks." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2969 +#: sssd.conf.5.xml:2970 msgid "account_cache_expiration (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2972 +#: sssd.conf.5.xml:2973 msgid "" "Number of days entries are left in cache after last successful login before " "being removed during a cleanup of the cache. 0 means keep forever. The " @@ -3492,17 +3492,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2979 +#: sssd.conf.5.xml:2980 msgid "Default: 0 (unlimited)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2984 +#: sssd.conf.5.xml:2985 msgid "pwd_expiration_warning (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2995 +#: sssd.conf.5.xml:2996 msgid "" "Please note that the backend server has to provide information about the " "expiration time of the password. If this information is missing, sssd " @@ -3511,28 +3511,28 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3002 +#: sssd.conf.5.xml:3003 msgid "Default: 7 (Kerberos), 0 (LDAP)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3008 +#: sssd.conf.5.xml:3009 msgid "id_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3011 +#: sssd.conf.5.xml:3012 msgid "" "The identification provider used for the domain. Supported ID providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3015 +#: sssd.conf.5.xml:3016 msgid "<quote>proxy</quote>: Support a legacy NSS provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3018 +#: sssd.conf.5.xml:3019 msgid "" "<quote>files</quote>: FILES provider. See <citerefentry> <refentrytitle>sssd-" "files</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more " @@ -3540,7 +3540,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3026 +#: sssd.conf.5.xml:3027 msgid "" "<quote>ldap</quote>: LDAP provider. See <citerefentry> <refentrytitle>sssd-" "ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more " @@ -3548,8 +3548,8 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3034 sssd.conf.5.xml:3145 sssd.conf.5.xml:3196 -#: sssd.conf.5.xml:3259 +#: sssd.conf.5.xml:3035 sssd.conf.5.xml:3146 sssd.conf.5.xml:3197 +#: sssd.conf.5.xml:3260 msgid "" "<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management " "provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> " @@ -3558,8 +3558,8 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3043 sssd.conf.5.xml:3154 sssd.conf.5.xml:3205 -#: sssd.conf.5.xml:3268 +#: sssd.conf.5.xml:3044 sssd.conf.5.xml:3155 sssd.conf.5.xml:3206 +#: sssd.conf.5.xml:3269 msgid "" "<quote>ad</quote>: Active Directory provider. See <citerefentry> " "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3567,19 +3567,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3054 +#: sssd.conf.5.xml:3055 msgid "use_fully_qualified_names (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3057 +#: sssd.conf.5.xml:3058 msgid "" "Use the full name and domain (as formatted by the domain's full_name_format) " "as the user's login name reported to NSS." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3062 +#: sssd.conf.5.xml:3063 msgid "" "If set to TRUE, all requests to this domain must use fully qualified names. " "For example, if used in LOCAL domain that contains a \"test\" user, " @@ -3588,7 +3588,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3070 +#: sssd.conf.5.xml:3071 msgid "" "NOTE: This option has no effect on netgroup lookups due to their tendency to " "include nested netgroups without qualified names. For netgroups, all domains " @@ -3596,24 +3596,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3077 +#: sssd.conf.5.xml:3078 msgid "" "Default: FALSE (TRUE for trusted domain/sub-domains or if " "default_domain_suffix is used)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3084 +#: sssd.conf.5.xml:3085 msgid "ignore_group_members (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3087 +#: sssd.conf.5.xml:3088 msgid "Do not return group members for group lookups." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3090 +#: sssd.conf.5.xml:3091 msgid "" "If set to TRUE, the group membership attribute is not requested from the " "ldap server, and group members are not returned when processing group lookup " @@ -3625,7 +3625,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3108 +#: sssd.conf.5.xml:3109 msgid "" "Enabling this option can also make access provider checks for group " "membership significantly faster, especially for groups containing many " @@ -3633,7 +3633,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3114 sssd.conf.5.xml:3821 sssd-ldap.5.xml:326 +#: sssd.conf.5.xml:3115 sssd.conf.5.xml:3822 sssd-ldap.5.xml:326 #: sssd-ldap.5.xml:355 sssd-ldap.5.xml:408 sssd-ldap.5.xml:468 #: sssd-ldap.5.xml:489 sssd-ldap.5.xml:520 sssd-ldap.5.xml:543 #: sssd-ldap.5.xml:582 sssd-ldap.5.xml:601 sssd-ldap.5.xml:625 @@ -3644,19 +3644,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3124 +#: sssd.conf.5.xml:3125 msgid "auth_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3127 +#: sssd.conf.5.xml:3128 msgid "" "The authentication provider used for the domain. Supported auth providers " "are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3131 sssd.conf.5.xml:3189 +#: sssd.conf.5.xml:3132 sssd.conf.5.xml:3190 msgid "" "<quote>ldap</quote> for native LDAP authentication. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3664,7 +3664,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3138 +#: sssd.conf.5.xml:3139 msgid "" "<quote>krb5</quote> for Kerberos authentication. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3672,30 +3672,30 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3162 +#: sssd.conf.5.xml:3163 msgid "" "<quote>proxy</quote> for relaying authentication to some other PAM target." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3165 +#: sssd.conf.5.xml:3166 msgid "<quote>none</quote> disables authentication explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3168 +#: sssd.conf.5.xml:3169 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can handle " "authentication requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3174 +#: sssd.conf.5.xml:3175 msgid "access_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3177 +#: sssd.conf.5.xml:3178 msgid "" "The access control provider used for the domain. There are two built-in " "access providers (in addition to any included in installed backends) " @@ -3703,19 +3703,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3183 +#: sssd.conf.5.xml:3184 msgid "" "<quote>permit</quote> always allow access. It's the only permitted access " "provider for a local domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3186 +#: sssd.conf.5.xml:3187 msgid "<quote>deny</quote> always deny access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3213 +#: sssd.conf.5.xml:3214 msgid "" "<quote>simple</quote> access control based on access or deny lists. See " "<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</" @@ -3724,7 +3724,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3220 +#: sssd.conf.5.xml:3221 msgid "" "<quote>krb5</quote>: .k5login based access control. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum></" @@ -3732,29 +3732,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3227 +#: sssd.conf.5.xml:3228 msgid "<quote>proxy</quote> for relaying access control to another PAM module." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3230 +#: sssd.conf.5.xml:3231 msgid "Default: <quote>permit</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3235 +#: sssd.conf.5.xml:3236 msgid "chpass_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3238 +#: sssd.conf.5.xml:3239 msgid "" "The provider which should handle change password operations for the domain. " "Supported change password providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3243 +#: sssd.conf.5.xml:3244 msgid "" "<quote>ldap</quote> to change a password stored in a LDAP server. See " "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" @@ -3762,7 +3762,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3251 +#: sssd.conf.5.xml:3252 msgid "" "<quote>krb5</quote> to change the Kerberos password. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3770,35 +3770,35 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3276 +#: sssd.conf.5.xml:3277 msgid "" "<quote>proxy</quote> for relaying password changes to some other PAM target." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3280 +#: sssd.conf.5.xml:3281 msgid "<quote>none</quote> disallows password changes explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3283 +#: sssd.conf.5.xml:3284 msgid "" "Default: <quote>auth_provider</quote> is used if it is set and can handle " "change password requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3290 +#: sssd.conf.5.xml:3291 msgid "sudo_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3293 +#: sssd.conf.5.xml:3294 msgid "The SUDO provider used for the domain. Supported SUDO providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3297 +#: sssd.conf.5.xml:3298 msgid "" "<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3806,32 +3806,32 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3305 +#: sssd.conf.5.xml:3306 msgid "" "<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default " "settings." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3309 +#: sssd.conf.5.xml:3310 msgid "" "<quote>ad</quote> the same as <quote>ldap</quote> but with AD default " "settings." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3313 +#: sssd.conf.5.xml:3314 msgid "<quote>none</quote> disables SUDO explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3316 sssd.conf.5.xml:3402 sssd.conf.5.xml:3472 -#: sssd.conf.5.xml:3497 sssd.conf.5.xml:3533 +#: sssd.conf.5.xml:3317 sssd.conf.5.xml:3403 sssd.conf.5.xml:3473 +#: sssd.conf.5.xml:3498 sssd.conf.5.xml:3534 msgid "Default: The value of <quote>id_provider</quote> is used if it is set." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3320 +#: sssd.conf.5.xml:3321 msgid "" "The detailed instructions for configuration of sudo_provider are in the " "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " @@ -3842,7 +3842,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3335 +#: sssd.conf.5.xml:3336 msgid "" "<emphasis>NOTE:</emphasis> Sudo rules are periodically downloaded in the " "background unless the sudo provider is explicitly disabled. Set " @@ -3851,12 +3851,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3345 +#: sssd.conf.5.xml:3346 msgid "selinux_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3348 +#: sssd.conf.5.xml:3349 msgid "" "The provider which should handle loading of selinux settings. Note that this " "provider will be called right after access provider ends. Supported selinux " @@ -3864,7 +3864,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3354 +#: sssd.conf.5.xml:3355 msgid "" "<quote>ipa</quote> to load selinux settings from an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" @@ -3872,31 +3872,31 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3362 +#: sssd.conf.5.xml:3363 msgid "<quote>none</quote> disallows fetching selinux settings explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3365 +#: sssd.conf.5.xml:3366 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can handle " "selinux loading requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3371 +#: sssd.conf.5.xml:3372 msgid "subdomains_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3374 +#: sssd.conf.5.xml:3375 msgid "" "The provider which should handle fetching of subdomains. This value should " "be always the same as id_provider. Supported subdomain providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3380 +#: sssd.conf.5.xml:3381 msgid "" "<quote>ipa</quote> to load a list of subdomains from an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" @@ -3904,7 +3904,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3389 +#: sssd.conf.5.xml:3390 msgid "" "<quote>ad</quote> to load a list of subdomains from an Active Directory " "server. See <citerefentry> <refentrytitle>sssd-ad</refentrytitle> " @@ -3913,17 +3913,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3398 +#: sssd.conf.5.xml:3399 msgid "<quote>none</quote> disallows fetching subdomains explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3408 +#: sssd.conf.5.xml:3409 msgid "session_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3411 +#: sssd.conf.5.xml:3412 msgid "" "The provider which configures and manages user session related tasks. The " "only user session task currently provided is the integration with Fleet " @@ -3931,43 +3931,43 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3418 +#: sssd.conf.5.xml:3419 msgid "<quote>ipa</quote> to allow performing user session related tasks." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3422 +#: sssd.conf.5.xml:3423 msgid "" "<quote>none</quote> does not perform any kind of user session related tasks." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3426 +#: sssd.conf.5.xml:3427 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can perform " "session related tasks." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3430 +#: sssd.conf.5.xml:3431 msgid "" "<emphasis>NOTE:</emphasis> In order to have this feature working as expected " "SSSD must be running as \"root\" and not as the unprivileged user." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3438 +#: sssd.conf.5.xml:3439 msgid "autofs_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3441 +#: sssd.conf.5.xml:3442 msgid "" "The autofs provider used for the domain. Supported autofs providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3445 +#: sssd.conf.5.xml:3446 msgid "" "<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3975,7 +3975,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3452 +#: sssd.conf.5.xml:3453 msgid "" "<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> " "<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3983,7 +3983,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3460 +#: sssd.conf.5.xml:3461 msgid "" "<quote>ad</quote> to load maps stored in an AD server. See <citerefentry> " "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3991,24 +3991,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3469 +#: sssd.conf.5.xml:3470 msgid "<quote>none</quote> disables autofs explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3479 +#: sssd.conf.5.xml:3480 msgid "hostid_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3482 +#: sssd.conf.5.xml:3483 msgid "" "The provider used for retrieving host identity information. Supported " "hostid providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3486 +#: sssd.conf.5.xml:3487 msgid "" "<quote>ipa</quote> to load host identity stored in an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" @@ -4016,31 +4016,31 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3494 +#: sssd.conf.5.xml:3495 msgid "<quote>none</quote> disables hostid explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3504 +#: sssd.conf.5.xml:3505 msgid "resolver_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3507 +#: sssd.conf.5.xml:3508 msgid "" "The provider which should handle hosts and networks lookups. Supported " "resolver providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3511 +#: sssd.conf.5.xml:3512 msgid "" "<quote>proxy</quote> to forward lookups to another NSS library. See " "<quote>proxy_resolver_lib_name</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3515 +#: sssd.conf.5.xml:3516 msgid "" "<quote>ldap</quote> to fetch hosts and networks stored in LDAP. See " "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" @@ -4048,7 +4048,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3522 +#: sssd.conf.5.xml:3523 msgid "" "<quote>ad</quote> to fetch hosts and networks stored in AD. See " "<citerefentry> <refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</" @@ -4057,12 +4057,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3530 +#: sssd.conf.5.xml:3531 msgid "<quote>none</quote> disallows fetching hosts and networks explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3543 +#: sssd.conf.5.xml:3544 msgid "" "Regular expression for this domain that describes how to parse the string " "containing user name and domain into these components. The \"domain\" can " @@ -4072,24 +4072,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3552 +#: sssd.conf.5.xml:3553 msgid "" "Default: <quote>^((?P<name>.+)@(?P<domain>[^@]*)|(?P<name>" "[^@]+))$</quote> which allows two different styles for user names:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:3557 sssd.conf.5.xml:3571 +#: sssd.conf.5.xml:3558 sssd.conf.5.xml:3572 msgid "username" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:3560 sssd.conf.5.xml:3574 +#: sssd.conf.5.xml:3561 sssd.conf.5.xml:3575 msgid "username@domain.name" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3565 +#: sssd.conf.5.xml:3566 msgid "" "Default for the AD and IPA provider: <quote>^(((?P<domain>[^\\\\]+)\\" "\\(?P<name>.+))|((?P<name>.+)@(?P<domain>[^@]+))|((?P<" @@ -4098,19 +4098,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:3577 +#: sssd.conf.5.xml:3578 msgid "domain\\username" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3580 +#: sssd.conf.5.xml:3581 msgid "" "While the first two correspond to the general default the third one is " "introduced to allow easy integration of users from Windows domains." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3585 +#: sssd.conf.5.xml:3586 msgid "" "The default re_expression uses the <quote>@</quote> character as a separator " "between the name and the domain. As a result of this setting the default " @@ -4120,89 +4120,89 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3637 +#: sssd.conf.5.xml:3638 msgid "Default: <quote>%1$s@%2$s</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3643 +#: sssd.conf.5.xml:3644 msgid "lookup_family_order (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3646 +#: sssd.conf.5.xml:3647 msgid "" "Provides the ability to select preferred address family to use when " "performing DNS lookups." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3650 +#: sssd.conf.5.xml:3651 msgid "Supported values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3653 +#: sssd.conf.5.xml:3654 msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3656 +#: sssd.conf.5.xml:3657 msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3659 +#: sssd.conf.5.xml:3660 msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3662 +#: sssd.conf.5.xml:3663 msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3665 +#: sssd.conf.5.xml:3666 msgid "Default: ipv4_first" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3671 +#: sssd.conf.5.xml:3672 msgid "dns_resolver_server_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3674 +#: sssd.conf.5.xml:3675 msgid "" "Defines the amount of time (in milliseconds) SSSD would try to talk to DNS " "server before trying next DNS server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3679 +#: sssd.conf.5.xml:3680 msgid "" "The AD provider will use this option for the CLDAP ping timeouts as well." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3683 sssd.conf.5.xml:3703 sssd.conf.5.xml:3724 +#: sssd.conf.5.xml:3684 sssd.conf.5.xml:3704 sssd.conf.5.xml:3725 msgid "" "Please see the section <quote>FAILOVER</quote> for more information about " "the service resolution." msgstr "" #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3688 sssd-ldap.5.xml:644 include/failover.xml:84 +#: sssd.conf.5.xml:3689 sssd-ldap.5.xml:644 include/failover.xml:84 msgid "Default: 1000" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3694 +#: sssd.conf.5.xml:3695 msgid "dns_resolver_op_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3697 +#: sssd.conf.5.xml:3698 msgid "" "Defines the amount of time (in seconds) to wait to resolve single DNS query " "(e.g. resolution of a hostname or an SRV record) before trying the next " @@ -4210,12 +4210,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3714 +#: sssd.conf.5.xml:3715 msgid "dns_resolver_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3717 +#: sssd.conf.5.xml:3718 msgid "" "Defines the amount of time (in seconds) to wait for a reply from the " "internal fail over service before assuming that the service is unreachable. " @@ -4224,12 +4224,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3735 +#: sssd.conf.5.xml:3736 msgid "dns_resolver_use_search_list (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3738 +#: sssd.conf.5.xml:3739 msgid "" "Normally, the DNS resolver searches the domain list defined in the " "\"search\" directive from the resolv.conf file. This can lead to delays in " @@ -4237,7 +4237,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3744 +#: sssd.conf.5.xml:3745 msgid "" "If fully qualified domain names (or _srv_) are used in the SSSD " "configuration, setting this option to FALSE can prevent unnecessary DNS " @@ -4245,71 +4245,71 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3750 +#: sssd.conf.5.xml:3751 #, fuzzy #| msgid "Default: 3" msgid "Default: TRUE" msgstr "Dre ziouer : 3" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3756 +#: sssd.conf.5.xml:3757 msgid "dns_discovery_domain (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3759 +#: sssd.conf.5.xml:3760 msgid "" "If service discovery is used in the back end, specifies the domain part of " "the service discovery DNS query." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3763 +#: sssd.conf.5.xml:3764 msgid "Default: Use the domain part of machine's hostname" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3769 +#: sssd.conf.5.xml:3770 msgid "override_gid (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3772 +#: sssd.conf.5.xml:3773 msgid "Override the primary GID value with the one specified." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3778 +#: sssd.conf.5.xml:3779 msgid "case_sensitive (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3785 +#: sssd.conf.5.xml:3786 msgid "True" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3788 +#: sssd.conf.5.xml:3789 msgid "Case sensitive. This value is invalid for AD provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3794 +#: sssd.conf.5.xml:3795 msgid "False" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3796 +#: sssd.conf.5.xml:3797 msgid "Case insensitive." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3800 +#: sssd.conf.5.xml:3801 msgid "Preserving" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3803 +#: sssd.conf.5.xml:3804 msgid "" "Same as False (case insensitive), but does not lowercase names in the result " "of NSS operations. Note that name aliases (and in case of services also " @@ -4317,31 +4317,31 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3811 +#: sssd.conf.5.xml:3812 msgid "" "If you want to set this value for trusted domain with IPA provider, you need " "to set it on both the client and SSSD on the server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3781 +#: sssd.conf.5.xml:3782 msgid "" "Treat user and group names as case sensitive. Possible option values are: " "<placeholder type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3826 +#: sssd.conf.5.xml:3827 msgid "Default: True (False for AD provider)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3832 +#: sssd.conf.5.xml:3833 msgid "subdomain_inherit (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3835 +#: sssd.conf.5.xml:3836 msgid "" "Specifies a list of configuration parameters that should be inherited by a " "subdomain. Please note that only selected parameters can be inherited. " @@ -4349,104 +4349,104 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3841 +#: sssd.conf.5.xml:3842 msgid "ldap_search_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3844 +#: sssd.conf.5.xml:3845 msgid "ldap_network_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3847 +#: sssd.conf.5.xml:3848 msgid "ldap_opt_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3850 +#: sssd.conf.5.xml:3851 msgid "ldap_offline_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3853 +#: sssd.conf.5.xml:3854 msgid "ldap_enumeration_refresh_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3856 +#: sssd.conf.5.xml:3857 msgid "ldap_enumeration_refresh_offset" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3859 +#: sssd.conf.5.xml:3860 msgid "ldap_purge_cache_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3862 +#: sssd.conf.5.xml:3863 msgid "ldap_purge_cache_offset" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3865 +#: sssd.conf.5.xml:3866 msgid "" "ldap_krb5_keytab (the value of krb5_keytab will be used if ldap_krb5_keytab " "is not set explicitly)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3869 +#: sssd.conf.5.xml:3870 msgid "ldap_krb5_ticket_lifetime" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3872 +#: sssd.conf.5.xml:3873 msgid "ldap_enumeration_search_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3875 +#: sssd.conf.5.xml:3876 msgid "ldap_connection_expire_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3878 +#: sssd.conf.5.xml:3879 msgid "ldap_connection_expire_offset" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3881 +#: sssd.conf.5.xml:3882 msgid "ldap_connection_idle_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3884 sssd-ldap.5.xml:400 +#: sssd.conf.5.xml:3885 sssd-ldap.5.xml:400 msgid "ldap_use_tokengroups" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3887 +#: sssd.conf.5.xml:3888 msgid "ldap_user_principal" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3890 +#: sssd.conf.5.xml:3891 msgid "ignore_group_members" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3893 +#: sssd.conf.5.xml:3894 msgid "auto_private_groups" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3896 +#: sssd.conf.5.xml:3897 msgid "case_sensitive" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:3901 +#: sssd.conf.5.xml:3902 #, no-wrap msgid "" "subdomain_inherit = ldap_purge_cache_timeout\n" @@ -4454,27 +4454,27 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3908 +#: sssd.conf.5.xml:3909 msgid "Note: This option only works with the IPA and AD provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3915 +#: sssd.conf.5.xml:3916 msgid "subdomain_homedir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3926 +#: sssd.conf.5.xml:3927 msgid "%F" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3927 +#: sssd.conf.5.xml:3928 msgid "flat (NetBIOS) name of a subdomain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3918 +#: sssd.conf.5.xml:3919 msgid "" "Use this homedir as default value for all subdomains within this domain in " "IPA AD trust. See <emphasis>override_homedir</emphasis> for info about " @@ -4484,34 +4484,34 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3932 +#: sssd.conf.5.xml:3933 msgid "" "The value can be overridden by <emphasis>override_homedir</emphasis> option." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3936 +#: sssd.conf.5.xml:3937 msgid "Default: <filename>/home/%d/%u</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3941 +#: sssd.conf.5.xml:3942 msgid "realmd_tags (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3944 +#: sssd.conf.5.xml:3945 msgid "" "Various tags stored by the realmd configuration service for this domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3950 +#: sssd.conf.5.xml:3951 msgid "cached_auth_timeout (int)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3953 +#: sssd.conf.5.xml:3954 msgid "" "Specifies time in seconds since last successful online authentication for " "which user will be authenticated using cached credentials while SSSD is in " @@ -4520,19 +4520,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3961 +#: sssd.conf.5.xml:3962 msgid "" "This option's value is inherited by all trusted domains. At the moment it is " "not possible to set a different value per trusted domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3966 +#: sssd.conf.5.xml:3967 msgid "Special value 0 implies that this feature is disabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3970 +#: sssd.conf.5.xml:3971 msgid "" "Please note that if <quote>cached_auth_timeout</quote> is longer than " "<quote>pam_id_timeout</quote> then the back end could be called to handle " @@ -4540,24 +4540,85 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3981 +#: sssd.conf.5.xml:3982 +#, fuzzy +#| msgid "re_expression (string)" +msgid "local_auth_policy (string)" +msgstr "re_expression (neudennad)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3985 +msgid "" +"Local authentication methods policy. Some backends (i.e. LDAP, proxy " +"provider) only support a password based authentication, while others can " +"handle PKINIT based Smartcard authentication (AD, IPA), two-factor " +"authentication (IPA), or other methods against a central instance. By " +"default in such cases authentication is only performed with the methods " +"supported by the backend." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3995 +msgid "" +"There are three possible values for this option: match, only, enable. " +"<quote>match</quote> is used to match offline and online states for Kerberos " +"methods. <quote>only</quote> ignores the online methods and only offer the " +"local ones. enable allows explicitly defining the methods for local " +"authentication. As an example, <quote>enable:passkey</quote>, only enables " +"passkey for local authentication. Multiple enable values should be comma-" +"separated, such as <quote>enable:passkey, enable:smartcard</quote>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:4011 +#, no-wrap +msgid "" +"[domain/shadowutils]\n" +"id_provider = proxy\n" +"proxy_lib_name = files\n" +"auth_provider = none\n" +"local_auth_policy = only\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4007 +msgid "" +"The following configuration example allows local users to authenticate " +"locally using any enabled method (i.e. smartcard, passkey). <placeholder " +"type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4019 +msgid "This option is ignored for the files provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4022 +#, fuzzy +#| msgid "Default: 3" +msgid "Default: match" +msgstr "Dre ziouer : 3" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4027 msgid "auto_private_groups (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3987 +#: sssd.conf.5.xml:4033 msgid "true" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3990 +#: sssd.conf.5.xml:4036 msgid "" "Create user's private group unconditionally from user's UID number. The GID " "number is ignored in this case." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3994 +#: sssd.conf.5.xml:4040 msgid "" "NOTE: Because the GID number and the user private group are inferred from " "the UID number, it is not supported to have multiple entries with the same " @@ -4566,24 +4627,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4003 +#: sssd.conf.5.xml:4049 msgid "false" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4006 +#: sssd.conf.5.xml:4052 msgid "" "Always use the user's primary GID number. The GID number must refer to a " "group object in the LDAP database." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4012 +#: sssd.conf.5.xml:4058 msgid "hybrid" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4015 +#: sssd.conf.5.xml:4061 msgid "" "A primary group is autogenerated for user entries whose UID and GID numbers " "have the same value and at the same time the GID number does not correspond " @@ -4593,14 +4654,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4028 +#: sssd.conf.5.xml:4074 msgid "" "If the UID and GID of a user are different, then the GID must correspond to " "a group entry, otherwise the GID is simply not resolvable." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4035 +#: sssd.conf.5.xml:4081 msgid "" "This feature is useful for environments that wish to stop maintaining a " "separate group objects for the user private groups, but also wish to retain " @@ -4608,21 +4669,21 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3984 +#: sssd.conf.5.xml:4030 msgid "" "This option takes any of three available values: <placeholder " "type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4047 +#: sssd.conf.5.xml:4093 msgid "" "For subdomains, the default value is False for subdomains that use assigned " "POSIX IDs and True for subdomains that use automatic ID-mapping." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:4055 +#: sssd.conf.5.xml:4101 #, no-wrap msgid "" "[domain/forest.domain/sub.domain]\n" @@ -4630,7 +4691,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:4061 +#: sssd.conf.5.xml:4107 #, no-wrap msgid "" "[domain/forest.domain]\n" @@ -4639,7 +4700,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4052 +#: sssd.conf.5.xml:4098 msgid "" "The value of auto_private_groups can either be set per subdomains in a " "subsection, for example: <placeholder type=\"programlisting\" id=\"0\"/> or " @@ -4648,7 +4709,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:2569 +#: sssd.conf.5.xml:2570 msgid "" "These configuration options can be present in a domain configuration " "section, that is, in a section called <quote>[domain/<replaceable>NAME</" @@ -4656,29 +4717,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4076 +#: sssd.conf.5.xml:4122 msgid "proxy_pam_target (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4079 +#: sssd.conf.5.xml:4125 msgid "The proxy target PAM proxies to." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4082 +#: sssd.conf.5.xml:4128 msgid "" "Default: not set by default, you have to take an existing pam configuration " "or create a new one and add the service name here." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4090 +#: sssd.conf.5.xml:4136 msgid "proxy_lib_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4093 +#: sssd.conf.5.xml:4139 msgid "" "The name of the NSS library to use in proxy domains. The NSS functions " "searched for in the library are in the form of _nss_$(libName)_$(function), " @@ -4686,12 +4747,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4103 +#: sssd.conf.5.xml:4149 msgid "proxy_resolver_lib_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4106 +#: sssd.conf.5.xml:4152 msgid "" "The name of the NSS library to use for hosts and networks lookups in proxy " "domains. The NSS functions searched for in the library are in the form of " @@ -4699,12 +4760,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4117 +#: sssd.conf.5.xml:4163 msgid "proxy_fast_alias (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4120 +#: sssd.conf.5.xml:4166 msgid "" "When a user or group is looked up by name in the proxy provider, a second " "lookup by ID is performed to \"canonicalize\" the name in case the requested " @@ -4713,12 +4774,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4134 +#: sssd.conf.5.xml:4180 msgid "proxy_max_children (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4137 +#: sssd.conf.5.xml:4183 msgid "" "This option specifies the number of pre-forked proxy children. It is useful " "for high-load SSSD environments where sssd may run out of available child " @@ -4726,19 +4787,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4072 +#: sssd.conf.5.xml:4118 msgid "" "Options valid for proxy domains. <placeholder type=\"variablelist\" " "id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:4153 +#: sssd.conf.5.xml:4199 msgid "Application domains" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4155 +#: sssd.conf.5.xml:4201 msgid "" "SSSD, with its D-Bus interface (see <citerefentry> <refentrytitle>sssd-ifp</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry>) is appealing to " @@ -4755,7 +4816,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4175 +#: sssd.conf.5.xml:4221 msgid "" "Please note that the application domain must still be explicitly enabled in " "the <quote>domains</quote> parameter so that the lookup order between the " @@ -4763,17 +4824,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> -#: sssd.conf.5.xml:4181 +#: sssd.conf.5.xml:4227 msgid "Application domain parameters" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4183 +#: sssd.conf.5.xml:4229 msgid "inherit_from (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4186 +#: sssd.conf.5.xml:4232 msgid "" "The SSSD POSIX-type domain the application domain inherits all settings " "from. The application domain can moreover add its own settings to the " @@ -4782,7 +4843,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4200 +#: sssd.conf.5.xml:4246 msgid "" "The following example illustrates the use of an application domain. In this " "setup, the POSIX domain is connected to an LDAP server and is used by the OS " @@ -4792,7 +4853,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><programlisting> -#: sssd.conf.5.xml:4208 +#: sssd.conf.5.xml:4254 #, no-wrap msgid "" "[sssd]\n" @@ -4812,12 +4873,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4228 +#: sssd.conf.5.xml:4274 msgid "TRUSTED DOMAIN SECTION" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4230 +#: sssd.conf.5.xml:4276 msgid "" "Some options used in the domain section can also be used in the trusted " "domain section, that is, in a section called <quote>[domain/" @@ -4828,69 +4889,69 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4237 +#: sssd.conf.5.xml:4283 msgid "ldap_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4238 +#: sssd.conf.5.xml:4284 msgid "ldap_user_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4239 +#: sssd.conf.5.xml:4285 msgid "ldap_group_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4240 +#: sssd.conf.5.xml:4286 msgid "ldap_netgroup_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4241 +#: sssd.conf.5.xml:4287 msgid "ldap_service_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4242 +#: sssd.conf.5.xml:4288 msgid "ldap_sasl_mech," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4243 +#: sssd.conf.5.xml:4289 msgid "ad_server," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4244 +#: sssd.conf.5.xml:4290 msgid "ad_backup_server," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4245 +#: sssd.conf.5.xml:4291 msgid "ad_site," msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4246 sssd-ipa.5.xml:879 +#: sssd.conf.5.xml:4292 sssd-ipa.5.xml:879 msgid "use_fully_qualified_names" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4250 +#: sssd.conf.5.xml:4296 msgid "" "For more details about these options see their individual description in the " "manual page." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4256 +#: sssd.conf.5.xml:4302 msgid "CERTIFICATE MAPPING SECTION" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4258 +#: sssd.conf.5.xml:4304 msgid "" "To allow authentication with Smartcards and certificates SSSD must be able " "to map certificates to users. This can be done by adding the full " @@ -4903,7 +4964,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4272 +#: sssd.conf.5.xml:4318 msgid "" "To make the mapping more flexible mapping and matching rules were added to " "SSSD (see <citerefentry> <refentrytitle>sss-certmap</refentrytitle> " @@ -4911,7 +4972,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4281 +#: sssd.conf.5.xml:4327 msgid "" "A mapping and matching rule can be added to the SSSD configuration in a " "section on its own with a name like <quote>[certmap/" @@ -4920,55 +4981,55 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4288 +#: sssd.conf.5.xml:4334 msgid "matchrule (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4291 +#: sssd.conf.5.xml:4337 msgid "" "Only certificates from the Smartcard which matches this rule will be " "processed, all others are ignored." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4295 +#: sssd.conf.5.xml:4341 msgid "" "Default: KRB5:<EKU>clientAuth, i.e. only certificates which have the " "Extended Key Usage <quote>clientAuth</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4302 +#: sssd.conf.5.xml:4348 msgid "maprule (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4305 +#: sssd.conf.5.xml:4351 msgid "Defines how the user is found for a given certificate." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4311 +#: sssd.conf.5.xml:4357 msgid "" "LDAP:(userCertificate;binary={cert!bin}) for LDAP based providers like " "<quote>ldap</quote>, <quote>AD</quote> or <quote>ipa</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4317 +#: sssd.conf.5.xml:4363 msgid "" "The RULE_NAME for the <quote>files</quote> provider which tries to find a " "user with the same name." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4326 +#: sssd.conf.5.xml:4372 msgid "domains (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4329 +#: sssd.conf.5.xml:4375 msgid "" "Comma separated list of domain names the rule should be applied. By default " "a rule is only valid in the domain configured in sssd.conf. If the provider " @@ -4977,17 +5038,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4336 +#: sssd.conf.5.xml:4382 msgid "Default: the configured domain in sssd.conf" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4341 +#: sssd.conf.5.xml:4387 msgid "priority (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4344 +#: sssd.conf.5.xml:4390 msgid "" "Unsigned integer value defining the priority of the rule. The higher the " "number the lower the priority. <quote>0</quote> stands for the highest " @@ -4995,26 +5056,26 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4350 +#: sssd.conf.5.xml:4396 msgid "Default: the lowest priority" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4356 +#: sssd.conf.5.xml:4402 msgid "" "To make the configuration simple and reduce the amount of configuration " "options the <quote>files</quote> provider has some special properties:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4362 +#: sssd.conf.5.xml:4408 msgid "" "if maprule is not set the RULE_NAME name is assumed to be the name of the " "matching user" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4368 +#: sssd.conf.5.xml:4414 msgid "" "if a maprule is used both a single user name or a template like " "<quote>{subject_rfc822_name.short_name}</quote> must be in braces like e.g. " @@ -5023,17 +5084,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4377 +#: sssd.conf.5.xml:4423 msgid "the <quote>domains</quote> option is ignored" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4385 +#: sssd.conf.5.xml:4431 msgid "PROMPTING CONFIGURATION SECTION" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4387 +#: sssd.conf.5.xml:4433 msgid "" "If a special file (<filename>/var/lib/sss/pubconf/pam_preauth_available</" "filename>) exists SSSD's PAM module pam_sss will ask SSSD to figure out " @@ -5043,7 +5104,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4395 +#: sssd.conf.5.xml:4441 msgid "" "With the growing number of authentication methods and the possibility that " "there are multiple ones for a single user the heuristic used by pam_sss to " @@ -5052,59 +5113,59 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4407 +#: sssd.conf.5.xml:4453 msgid "[prompting/password]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4410 +#: sssd.conf.5.xml:4456 msgid "password_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4411 +#: sssd.conf.5.xml:4457 msgid "to change the string of the password prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4409 +#: sssd.conf.5.xml:4455 msgid "" "to configure password prompting, allowed options are: <placeholder " "type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4419 +#: sssd.conf.5.xml:4465 msgid "[prompting/2fa]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4423 +#: sssd.conf.5.xml:4469 msgid "first_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4424 +#: sssd.conf.5.xml:4470 msgid "to change the string of the prompt for the first factor" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4427 +#: sssd.conf.5.xml:4473 msgid "second_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4428 +#: sssd.conf.5.xml:4474 msgid "to change the string of the prompt for the second factor" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4431 +#: sssd.conf.5.xml:4477 msgid "single_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4432 +#: sssd.conf.5.xml:4478 msgid "" "boolean value, if True there will be only a single prompt using the value of " "first_prompt where it is expected that both factors are entered as a single " @@ -5113,7 +5174,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4421 +#: sssd.conf.5.xml:4467 msgid "" "to configure two-factor authentication prompting, allowed options are: " "<placeholder type=\"variablelist\" id=\"0\"/> If the second factor is " @@ -5122,17 +5183,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4449 +#: sssd.conf.5.xml:4495 msgid "[prompting/passkey]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4455 sssd-ad.5.xml:1021 +#: sssd.conf.5.xml:4501 sssd-ad.5.xml:1021 msgid "interactive" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4457 +#: sssd.conf.5.xml:4503 msgid "" "boolean value, if True prompt a message and wait before testing the presence " "of a passkey device. Recommended if your device doesn’t have a tactile " @@ -5140,46 +5201,46 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4465 +#: sssd.conf.5.xml:4511 msgid "interactive_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4467 +#: sssd.conf.5.xml:4513 msgid "to change the message of the interactive prompt." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4472 +#: sssd.conf.5.xml:4518 msgid "touch" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4474 +#: sssd.conf.5.xml:4520 msgid "" "boolean value, if True prompt a message to remind the user to touch the " "device." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4480 +#: sssd.conf.5.xml:4526 msgid "touch_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4482 +#: sssd.conf.5.xml:4528 msgid "to change the message of the touch prompt." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4451 +#: sssd.conf.5.xml:4497 msgid "" "to configure passkey authentication prompting, allowed options are: " "<placeholder type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4402 +#: sssd.conf.5.xml:4448 msgid "" "Each supported authentication method has its own configuration subsection " "under <quote>[prompting/...]</quote>. Currently there are: <placeholder " @@ -5188,7 +5249,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4493 +#: sssd.conf.5.xml:4539 msgid "" "It is possible to add a subsection for specific PAM services, e.g. " "<quote>[prompting/password/sshd]</quote> to individual change the prompting " @@ -5196,12 +5257,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4500 pam_sss_gss.8.xml:157 idmap_sss.8.xml:43 +#: sssd.conf.5.xml:4546 pam_sss_gss.8.xml:157 idmap_sss.8.xml:43 msgid "EXAMPLES" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4506 +#: sssd.conf.5.xml:4552 #, no-wrap msgid "" "[sssd]\n" @@ -5231,7 +5292,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4502 +#: sssd.conf.5.xml:4548 msgid "" "1. The following example shows a typical SSSD config. It does not describe " "configuration of the domains themselves - refer to documentation on " @@ -5240,7 +5301,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4539 +#: sssd.conf.5.xml:4585 #, no-wrap msgid "" "[domain/ipa.com/child.ad.com]\n" @@ -5248,7 +5309,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4533 +#: sssd.conf.5.xml:4579 msgid "" "2. The following example shows configuration of IPA AD trust where the AD " "forest consists of two domains in a parent-child structure. Suppose IPA " @@ -5259,7 +5320,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4550 +#: sssd.conf.5.xml:4596 #, no-wrap msgid "" "[certmap/my.domain/rule_name]\n" @@ -5270,7 +5331,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4544 +#: sssd.conf.5.xml:4590 msgid "" "3. The following example shows the configuration of a certificate mapping " "rule. It is valid for the configured domain <quote>my.domain</quote> and " @@ -17281,7 +17342,7 @@ msgstr "" #: include/ldap_id_mapping.xml:235 msgid "" "When this option is configured, domains will be allocated starting with " -"slice zero and increasing monatomically with each additional domain." +"slice zero and increasing monotonically with each additional domain." msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> diff --git a/src/man/po/ca.po b/src/man/po/ca.po index 9ea66b94fc8..3acf43b6884 100644 --- a/src/man/po/ca.po +++ b/src/man/po/ca.po @@ -14,7 +14,7 @@ msgid "" msgstr "" "Project-Id-Version: sssd-docs 2.3.0\n" "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" -"POT-Creation-Date: 2023-05-05 10:09+0200\n" +"POT-Creation-Date: 2023-09-07 11:47+0200\n" "PO-Revision-Date: 2015-10-18 04:13-0400\n" "Last-Translator: Robert Antoni Buj Gelonch <rbuj@fedoraproject.org>\n" "Language-Team: Catalan (http://www.transifex.com/projects/p/sssd/language/" @@ -231,8 +231,8 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:136 sssd.conf.5.xml:173 sssd.conf.5.xml:358 -#: sssd.conf.5.xml:714 sssd.conf.5.xml:729 sssd.conf.5.xml:951 -#: sssd.conf.5.xml:1069 sssd.conf.5.xml:2197 sssd-ldap.5.xml:1071 +#: sssd.conf.5.xml:714 sssd.conf.5.xml:729 sssd.conf.5.xml:952 +#: sssd.conf.5.xml:1070 sssd.conf.5.xml:2198 sssd-ldap.5.xml:1071 #: sssd-ldap.5.xml:1174 sssd-ldap.5.xml:1243 sssd-ldap.5.xml:1750 #: sssd-ldap.5.xml:1815 sssd-ipa.5.xml:342 sssd-ad.5.xml:252 sssd-ad.5.xml:366 #: sssd-ad.5.xml:1200 sssd-ad.5.xml:1348 sssd-krb5.5.xml:358 @@ -255,8 +255,8 @@ msgstr "" "aleshores s'ignora aquesta opció." #. type: Content of: <variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:149 sssd.conf.5.xml:652 sssd.conf.5.xml:948 -#: sssd.conf.5.xml:2100 sssd.conf.5.xml:2167 sssd.conf.5.xml:4128 +#: sssd.conf.5.xml:149 sssd.conf.5.xml:652 sssd.conf.5.xml:949 +#: sssd.conf.5.xml:2101 sssd.conf.5.xml:2168 sssd.conf.5.xml:4174 #: sssd-ldap.5.xml:312 sssd-ldap.5.xml:917 sssd-ldap.5.xml:936 #: sssd-ldap.5.xml:1146 sssd-ldap.5.xml:1599 sssd-ldap.5.xml:1839 #: sssd-ipa.5.xml:152 sssd-ipa.5.xml:254 sssd-ipa.5.xml:657 sssd-ad.5.xml:1106 @@ -326,8 +326,8 @@ msgid "" msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:196 sssd.conf.5.xml:1289 sssd.conf.5.xml:1766 -#: sssd.conf.5.xml:4144 sssd-ldap.5.xml:765 include/ldap_id_mapping.xml:270 +#: sssd.conf.5.xml:196 sssd.conf.5.xml:1290 sssd.conf.5.xml:1767 +#: sssd.conf.5.xml:4190 sssd-ldap.5.xml:765 include/ldap_id_mapping.xml:270 msgid "Default: 10" msgstr "Per defecte: 10" @@ -398,12 +398,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:258 sssd.conf.5.xml:783 +#: sssd.conf.5.xml:258 sssd.conf.5.xml:784 msgid "reconnection_retries (integer)" msgstr "reconnection_retries (enter)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:261 sssd.conf.5.xml:786 +#: sssd.conf.5.xml:261 sssd.conf.5.xml:787 msgid "" "Number of times services should attempt to reconnect in the event of a Data " "Provider crash or restart before they give up" @@ -413,7 +413,7 @@ msgstr "" "vençuts" #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:266 sssd.conf.5.xml:791 sssd.conf.5.xml:3708 +#: sssd.conf.5.xml:266 sssd.conf.5.xml:792 sssd.conf.5.xml:3709 #: include/failover.xml:100 msgid "Default: 3" msgstr "Per defecte: 3" @@ -435,7 +435,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:287 sssd.conf.5.xml:3540 +#: sssd.conf.5.xml:287 sssd.conf.5.xml:3541 msgid "re_expression (string)" msgstr "re_expression (cadena)" @@ -457,12 +457,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:304 sssd.conf.5.xml:3597 +#: sssd.conf.5.xml:304 sssd.conf.5.xml:3598 msgid "full_name_format (string)" msgstr "full_name_format (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:307 sssd.conf.5.xml:3600 +#: sssd.conf.5.xml:307 sssd.conf.5.xml:3601 msgid "" "A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</" "manvolnum> </citerefentry>-compatible format that describes how to compose a " @@ -473,40 +473,40 @@ msgstr "" "compondre un FQN des dels components del nom d'usuari i del nom del domini." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:318 sssd.conf.5.xml:3611 +#: sssd.conf.5.xml:318 sssd.conf.5.xml:3612 msgid "%1$s" msgstr "%1$s" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:319 sssd.conf.5.xml:3612 +#: sssd.conf.5.xml:319 sssd.conf.5.xml:3613 msgid "user name" msgstr "nom d'usuari" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:322 sssd.conf.5.xml:3615 +#: sssd.conf.5.xml:322 sssd.conf.5.xml:3616 msgid "%2$s" msgstr "%2$s" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:325 sssd.conf.5.xml:3618 +#: sssd.conf.5.xml:325 sssd.conf.5.xml:3619 msgid "domain name as specified in the SSSD config file." msgstr "" "el nom del domini tal com s'especifica al fitxer de configuració de l'SSSD." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:331 sssd.conf.5.xml:3624 +#: sssd.conf.5.xml:331 sssd.conf.5.xml:3625 msgid "%3$s" msgstr "%3$s" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:334 sssd.conf.5.xml:3627 +#: sssd.conf.5.xml:334 sssd.conf.5.xml:3628 msgid "" "domain flat name. Mostly usable for Active Directory domains, both directly " "configured or discovered via IPA trusts." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:315 sssd.conf.5.xml:3608 +#: sssd.conf.5.xml:315 sssd.conf.5.xml:3609 msgid "" "The following expansions are supported: <placeholder type=\"variablelist\" " "id=\"0\"/>" @@ -952,7 +952,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:700 sssd.conf.5.xml:1790 sssd.conf.5.xml:4194 +#: sssd.conf.5.xml:700 sssd.conf.5.xml:1791 sssd.conf.5.xml:4240 #: sssd-ad.5.xml:187 sssd-ad.5.xml:327 sssd-ad.5.xml:341 msgid "Default: Not set" msgstr "Per defecte: Sense establir" @@ -1005,11 +1005,11 @@ msgstr "ldap_user_certificate (cadena)" #: sssd.conf.5.xml:744 msgid "" "Enable or disable the user verification (i.e. PIN, fingerprint) during " -"authentication." +"authentication. If enabled, the PIN will always be requested." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:749 +#: sssd.conf.5.xml:750 msgid "" "The default is that the key settings decide what to do. In the IPA or " "kerberos pre-authentication case, this value will be overwritten by the " @@ -1048,12 +1048,12 @@ msgstr "" "type=\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:768 +#: sssd.conf.5.xml:769 msgid "SERVICES SECTIONS" msgstr "SECCIONS DELS SERVEIS" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:770 +#: sssd.conf.5.xml:771 msgid "" "Settings that can be used to configure different services are described in " "this section. They should reside in the [<replaceable>$NAME</replaceable>] " @@ -1066,22 +1066,22 @@ msgstr "" "quote>" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:777 +#: sssd.conf.5.xml:778 msgid "General service configuration options" msgstr "Opcions de configuració del servei general" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:779 +#: sssd.conf.5.xml:780 msgid "These options can be used to configure any service." msgstr "Es poden utilitzar aquestes opcions per configurar qualsevol servei." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:796 +#: sssd.conf.5.xml:797 msgid "fd_limit" msgstr "fd_limit" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:799 +#: sssd.conf.5.xml:800 msgid "" "This option specifies the maximum number of file descriptors that may be " "opened at one time by this SSSD process. On systems where SSSD is granted " @@ -1091,17 +1091,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:808 +#: sssd.conf.5.xml:809 msgid "Default: 8192 (or limits.conf \"hard\" limit)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:813 +#: sssd.conf.5.xml:814 msgid "client_idle_timeout" msgstr "client_idle_timeout" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:816 +#: sssd.conf.5.xml:817 msgid "" "This option specifies the number of seconds that a client of an SSSD process " "can hold onto a file descriptor without communicating on it. This value is " @@ -1111,19 +1111,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:825 +#: sssd.conf.5.xml:826 #, fuzzy #| msgid "Default: 300" msgid "Default: 60, KCM: 300" msgstr "Per defecte: 300" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:830 +#: sssd.conf.5.xml:831 msgid "offline_timeout (integer)" msgstr "offline_timeout (enter)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:833 +#: sssd.conf.5.xml:834 msgid "" "When SSSD switches to offline mode the amount of time before it tries to go " "back online will increase based upon the time spent disconnected. By " @@ -1134,14 +1134,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:844 sssd.conf.5.xml:900 +#: sssd.conf.5.xml:845 sssd.conf.5.xml:901 msgid "" "new_delay = Minimum(old_delay * 2, offline_timeout_max) + random[0..." "offline_timeout_random_offset]" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:847 +#: sssd.conf.5.xml:848 msgid "" "The offline_timeout default value is 60. The offline_timeout_max default " "value is 3600. The offline_timeout_random_offset default value is 30. The " @@ -1149,46 +1149,46 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:853 +#: sssd.conf.5.xml:854 msgid "" "Note that the maximum length of each interval is defined by " "offline_timeout_max (apart of random part)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:857 sssd.conf.5.xml:1200 sssd.conf.5.xml:1583 -#: sssd.conf.5.xml:1879 sssd-ldap.5.xml:494 +#: sssd.conf.5.xml:858 sssd.conf.5.xml:1201 sssd.conf.5.xml:1584 +#: sssd.conf.5.xml:1880 sssd-ldap.5.xml:494 msgid "Default: 60" msgstr "Per defecte: 60" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:862 +#: sssd.conf.5.xml:863 #, fuzzy #| msgid "offline_timeout (integer)" msgid "offline_timeout_max (integer)" msgstr "offline_timeout (enter)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:865 +#: sssd.conf.5.xml:866 msgid "" "Controls by how much the time between attempts to go online can be " "incremented following unsuccessful attempts to go online." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:870 +#: sssd.conf.5.xml:871 msgid "A value of 0 disables the incrementing behaviour." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:873 +#: sssd.conf.5.xml:874 msgid "" "The value of this parameter should be set in correlation to offline_timeout " "parameter value." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:877 +#: sssd.conf.5.xml:878 msgid "" "With offline_timeout set to 60 (default value) there is no point in setting " "offlinet_timeout_max to less than 120 as it will saturate instantly. General " @@ -1197,66 +1197,66 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:883 +#: sssd.conf.5.xml:884 msgid "" "Although a value between 0 and offline_timeout may be specified, it has the " "effect of overriding the offline_timeout value so is of little use." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:888 +#: sssd.conf.5.xml:889 #, fuzzy #| msgid "Default: 300" msgid "Default: 3600" msgstr "Per defecte: 300" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:893 +#: sssd.conf.5.xml:894 #, fuzzy #| msgid "offline_timeout + random_offset" msgid "offline_timeout_random_offset (integer)" msgstr "offline_timeout + random_offset" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:896 +#: sssd.conf.5.xml:897 msgid "" "When SSSD is in offline mode it keeps probing backend servers in specified " "time intervals:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:903 +#: sssd.conf.5.xml:904 msgid "" "This parameter controls the value of the random offset used for the above " "equation. Final random_offset value will be random number in range:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:908 +#: sssd.conf.5.xml:909 #, fuzzy #| msgid "offline_timeout + random_offset" msgid "[0 - offline_timeout_random_offset]" msgstr "offline_timeout + random_offset" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:911 +#: sssd.conf.5.xml:912 msgid "A value of 0 disables the random offset addition." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:914 +#: sssd.conf.5.xml:915 #, fuzzy #| msgid "Default: 300" msgid "Default: 30" msgstr "Per defecte: 300" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:919 +#: sssd.conf.5.xml:920 msgid "responder_idle_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:922 +#: sssd.conf.5.xml:923 msgid "" "This option specifies the number of seconds that an SSSD responder process " "can be up without being used. This value is limited in order to avoid " @@ -1268,30 +1268,30 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:936 sssd.conf.5.xml:1213 sssd.conf.5.xml:2321 +#: sssd.conf.5.xml:937 sssd.conf.5.xml:1214 sssd.conf.5.xml:2322 #: sssd-ldap.5.xml:331 msgid "Default: 300" msgstr "Per defecte: 300" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:941 +#: sssd.conf.5.xml:942 msgid "cache_first" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:944 +#: sssd.conf.5.xml:945 msgid "" "This option specifies whether the responder should query all caches before " "querying the Data Providers." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:959 +#: sssd.conf.5.xml:960 msgid "NSS configuration options" msgstr "Opcions de configuració de l'NSS" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:961 +#: sssd.conf.5.xml:962 msgid "" "These options can be used to configure the Name Service Switch (NSS) service." msgstr "" @@ -1299,12 +1299,12 @@ msgstr "" "Service Switch)." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:966 +#: sssd.conf.5.xml:967 msgid "enum_cache_timeout (integer)" msgstr "enum_cache_timeout (enter)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:969 +#: sssd.conf.5.xml:970 msgid "" "How many seconds should nss_sss cache enumerations (requests for info about " "all users)" @@ -1313,17 +1313,17 @@ msgstr "" "(peticions d'informació sobre tots els usuaris)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:973 +#: sssd.conf.5.xml:974 msgid "Default: 120" msgstr "Per defecte: 120" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:978 +#: sssd.conf.5.xml:979 msgid "entry_cache_nowait_percentage (integer)" msgstr "entry_cache_nowait_percentage (enter)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:981 +#: sssd.conf.5.xml:982 msgid "" "The entry cache can be set to automatically update entries in the background " "if they are requested beyond a percentage of the entry_cache_timeout value " @@ -1334,7 +1334,7 @@ msgstr "" "valor entry_cache_timeout per al domini." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:987 +#: sssd.conf.5.xml:988 msgid "" "For example, if the domain's entry_cache_timeout is set to 30s and " "entry_cache_nowait_percentage is set to 50 (percent), entries that come in " @@ -1350,7 +1350,7 @@ msgstr "" "peticions que esperen per a una actualització de la memòria cau." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:997 +#: sssd.conf.5.xml:998 msgid "" "Valid values for this option are 0-99 and represent a percentage of the " "entry_cache_timeout for each domain. For performance reasons, this " @@ -1363,17 +1363,17 @@ msgstr "" "(0 desactiva aquesta característica)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1005 sssd.conf.5.xml:2121 +#: sssd.conf.5.xml:1006 sssd.conf.5.xml:2122 msgid "Default: 50" msgstr "Per defecte: 50" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1010 +#: sssd.conf.5.xml:1011 msgid "entry_negative_timeout (integer)" msgstr "entry_negative_timeout (enter)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1013 +#: sssd.conf.5.xml:1014 msgid "" "Specifies for how many seconds nss_sss should cache negative cache hits " "(that is, queries for invalid database entries, like nonexistent ones) " @@ -1385,17 +1385,17 @@ msgstr "" "altra vegada." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1019 sssd.conf.5.xml:1778 sssd.conf.5.xml:2145 +#: sssd.conf.5.xml:1020 sssd.conf.5.xml:1779 sssd.conf.5.xml:2146 msgid "Default: 15" msgstr "Per defecte: 15" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1024 +#: sssd.conf.5.xml:1025 msgid "local_negative_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1027 +#: sssd.conf.5.xml:1028 msgid "" "Specifies for how many seconds nss_sss should keep local users and groups in " "negative cache before trying to look it up in the back end again. Setting " @@ -1403,17 +1403,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1033 +#: sssd.conf.5.xml:1034 msgid "Default: 14400 (4 hours)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1038 +#: sssd.conf.5.xml:1039 msgid "filter_users, filter_groups (string)" msgstr "filter_users, filter_groups (cadena)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1041 +#: sssd.conf.5.xml:1042 msgid "" "Exclude certain users or groups from being fetched from the sss NSS " "database. This is particularly useful for system accounts. This option can " @@ -1422,7 +1422,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1049 +#: sssd.conf.5.xml:1050 msgid "" "NOTE: The filter_groups option doesn't affect inheritance of nested group " "members, since filtering happens after they are propagated for returning via " @@ -1431,17 +1431,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1057 +#: sssd.conf.5.xml:1058 msgid "Default: root" msgstr "Per defecte: root" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1062 +#: sssd.conf.5.xml:1063 msgid "filter_users_in_groups (bool)" msgstr "filter_users_in_groups (booleà)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1065 +#: sssd.conf.5.xml:1066 msgid "" "If you want filtered user still be group members set this option to false." msgstr "" @@ -1449,12 +1449,12 @@ msgstr "" "aquesta opció a false." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1076 +#: sssd.conf.5.xml:1077 msgid "fallback_homedir (string)" msgstr "fallback_homedir (cadena)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1079 +#: sssd.conf.5.xml:1080 msgid "" "Set a default template for a user's home directory if one is not specified " "explicitly by the domain's data provider." @@ -1463,7 +1463,7 @@ msgstr "" "si no se n'especifica cap explícitament amb el proveïdor de dades del domini." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1084 +#: sssd.conf.5.xml:1085 msgid "" "The available values for this option are the same as for override_homedir." msgstr "" @@ -1471,7 +1471,7 @@ msgstr "" "override_homedir." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1090 +#: sssd.conf.5.xml:1091 #, no-wrap msgid "" "fallback_homedir = /home/%u\n" @@ -1481,25 +1481,25 @@ msgstr "" " " #. type: Content of: <varlistentry><listitem><para> -#: sssd.conf.5.xml:1088 sssd.conf.5.xml:1650 sssd.conf.5.xml:1669 -#: sssd.conf.5.xml:1746 sssd-krb5.5.xml:451 include/override_homedir.xml:66 +#: sssd.conf.5.xml:1089 sssd.conf.5.xml:1651 sssd.conf.5.xml:1670 +#: sssd.conf.5.xml:1747 sssd-krb5.5.xml:451 include/override_homedir.xml:66 msgid "example: <placeholder type=\"programlisting\" id=\"0\"/>" msgstr "exemple: <placeholder type=\"programlisting\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1094 +#: sssd.conf.5.xml:1095 msgid "Default: not set (no substitution for unset home directories)" msgstr "" "Per defecte: sense establir (cap substitució per als directoris inicials no " "establerts)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1100 +#: sssd.conf.5.xml:1101 msgid "override_shell (string)" msgstr "override_shell (cadena)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1103 +#: sssd.conf.5.xml:1104 msgid "" "Override the login shell for all users. This option supersedes any other " "shell options if it takes effect and can be set either in the [nss] section " @@ -1510,18 +1510,18 @@ msgstr "" "pot configurar ja sigui en la secció [nss] o per cada domini." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1109 +#: sssd.conf.5.xml:1110 msgid "Default: not set (SSSD will use the value retrieved from LDAP)" msgstr "" "Per defecte: sense establir (SSSD utilitzarà el valor recuperat del LDAP)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1115 +#: sssd.conf.5.xml:1116 msgid "allowed_shells (string)" msgstr "allowed_shells (cadena)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1118 +#: sssd.conf.5.xml:1119 msgid "" "Restrict user shell to one of the listed values. The order of evaluation is:" msgstr "" @@ -1529,31 +1529,31 @@ msgstr "" "d'avaluació és:" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1121 +#: sssd.conf.5.xml:1122 msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used." msgstr "1. Si el shell està present al <quote>/etc/shells</quote>, s'utilitza." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1125 +#: sssd.conf.5.xml:1126 msgid "" "2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</" "quote>, use the value of the shell_fallback parameter." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1130 +#: sssd.conf.5.xml:1131 msgid "" "3. If the shell is not in the allowed_shells list and not in <quote>/etc/" "shells</quote>, a nologin shell is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1135 +#: sssd.conf.5.xml:1136 msgid "The wildcard (*) can be used to allow any shell." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1138 +#: sssd.conf.5.xml:1139 msgid "" "The (*) is useful if you want to use shell_fallback in case that user's " "shell is not in <quote>/etc/shells</quote> and maintaining list of all " @@ -1561,117 +1561,117 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1145 +#: sssd.conf.5.xml:1146 msgid "An empty string for shell is passed as-is to libc." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1148 +#: sssd.conf.5.xml:1149 msgid "" "The <quote>/etc/shells</quote> is only read on SSSD start up, which means " "that a restart of the SSSD is required in case a new shell is installed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1152 +#: sssd.conf.5.xml:1153 msgid "Default: Not set. The user shell is automatically used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1157 +#: sssd.conf.5.xml:1158 msgid "vetoed_shells (string)" msgstr "vetoed_shells (cadena)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1160 +#: sssd.conf.5.xml:1161 msgid "Replace any instance of these shells with the shell_fallback" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1165 +#: sssd.conf.5.xml:1166 msgid "shell_fallback (string)" msgstr "shell_fallback (cadena)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1168 +#: sssd.conf.5.xml:1169 msgid "" "The default shell to use if an allowed shell is not installed on the machine." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1172 +#: sssd.conf.5.xml:1173 msgid "Default: /bin/sh" msgstr "Per defecte: /bin/sh" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1177 +#: sssd.conf.5.xml:1178 msgid "default_shell" msgstr "default_shell" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1180 +#: sssd.conf.5.xml:1181 msgid "" "The default shell to use if the provider does not return one during lookup. " "This option can be specified globally in the [nss] section or per-domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1186 +#: sssd.conf.5.xml:1187 msgid "" "Default: not set (Return NULL if no shell is specified and rely on libc to " "substitute something sensible when necessary, usually /bin/sh)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1193 sssd.conf.5.xml:1576 +#: sssd.conf.5.xml:1194 sssd.conf.5.xml:1577 msgid "get_domains_timeout (int)" msgstr "get_domains_timeout (enter)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1196 sssd.conf.5.xml:1579 +#: sssd.conf.5.xml:1197 sssd.conf.5.xml:1580 msgid "" "Specifies time in seconds for which the list of subdomains will be " "considered valid." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1205 +#: sssd.conf.5.xml:1206 #, fuzzy #| msgid "enum_cache_timeout (integer)" msgid "memcache_timeout (integer)" msgstr "enum_cache_timeout (enter)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1208 +#: sssd.conf.5.xml:1209 msgid "" "Specifies time in seconds for which records in the in-memory cache will be " "valid. Setting this option to zero will disable the in-memory cache." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1216 +#: sssd.conf.5.xml:1217 msgid "" "WARNING: Disabling the in-memory cache will have significant negative impact " "on SSSD's performance and should only be used for testing." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1222 sssd.conf.5.xml:1247 sssd.conf.5.xml:1272 -#: sssd.conf.5.xml:1297 sssd.conf.5.xml:1324 +#: sssd.conf.5.xml:1223 sssd.conf.5.xml:1248 sssd.conf.5.xml:1273 +#: sssd.conf.5.xml:1298 sssd.conf.5.xml:1325 msgid "" "NOTE: If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", " "client applications will not use the fast in-memory cache." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1230 +#: sssd.conf.5.xml:1231 #, fuzzy #| msgid "enum_cache_timeout (integer)" msgid "memcache_size_passwd (integer)" msgstr "enum_cache_timeout (enter)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1233 +#: sssd.conf.5.xml:1234 msgid "" "Size (in megabytes) of the data table allocated inside fast in-memory cache " "for passwd requests. Setting the size to 0 will disable the passwd in-" @@ -1679,27 +1679,27 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1239 sssd.conf.5.xml:2963 sssd-ldap.5.xml:548 +#: sssd.conf.5.xml:1240 sssd.conf.5.xml:2964 sssd-ldap.5.xml:548 msgid "Default: 8" msgstr "Per defecte: 8" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1242 sssd.conf.5.xml:1267 sssd.conf.5.xml:1292 -#: sssd.conf.5.xml:1319 +#: sssd.conf.5.xml:1243 sssd.conf.5.xml:1268 sssd.conf.5.xml:1293 +#: sssd.conf.5.xml:1320 msgid "" "WARNING: Disabled or too small in-memory cache can have significant negative " "impact on SSSD's performance." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1255 +#: sssd.conf.5.xml:1256 #, fuzzy #| msgid "enum_cache_timeout (integer)" msgid "memcache_size_group (integer)" msgstr "enum_cache_timeout (enter)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1258 +#: sssd.conf.5.xml:1259 msgid "" "Size (in megabytes) of the data table allocated inside fast in-memory cache " "for group requests. Setting the size to 0 will disable the group in-memory " @@ -1707,21 +1707,21 @@ msgid "" msgstr "" #. type: Content of: <variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1264 sssd.conf.5.xml:1316 sssd.conf.5.xml:3729 +#: sssd.conf.5.xml:1265 sssd.conf.5.xml:1317 sssd.conf.5.xml:3730 #: sssd-ldap.5.xml:473 sssd-ldap.5.xml:525 include/failover.xml:116 #: include/krb5_options.xml:11 msgid "Default: 6" msgstr "Per defecte: 6" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1280 +#: sssd.conf.5.xml:1281 #, fuzzy #| msgid "enum_cache_timeout (integer)" msgid "memcache_size_initgroups (integer)" msgstr "enum_cache_timeout (enter)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1283 +#: sssd.conf.5.xml:1284 msgid "" "Size (in megabytes) of the data table allocated inside fast in-memory cache " "for initgroups requests. Setting the size to 0 will disable the initgroups " @@ -1729,14 +1729,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1305 +#: sssd.conf.5.xml:1306 #, fuzzy #| msgid "enum_cache_timeout (integer)" msgid "memcache_size_sid (integer)" msgstr "enum_cache_timeout (enter)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1308 +#: sssd.conf.5.xml:1309 msgid "" "Size (in megabytes) of the data table allocated inside fast in-memory cache " "for SID related requests. Only SID-by-ID and ID-by-SID requests are " @@ -1745,12 +1745,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1332 sssd-ifp.5.xml:90 +#: sssd.conf.5.xml:1333 sssd-ifp.5.xml:90 msgid "user_attributes (string)" msgstr "user_attributes (cadena)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1335 +#: sssd.conf.5.xml:1336 msgid "" "Some of the additional NSS responder requests can return more attributes " "than just the POSIX ones defined by the NSS interface. The list of " @@ -1761,45 +1761,45 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1348 +#: sssd.conf.5.xml:1349 msgid "" "To make configuration more easy the NSS responder will check the InfoPipe " "option if it is not set for the NSS responder." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1353 +#: sssd.conf.5.xml:1354 msgid "Default: not set, fallback to InfoPipe option" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1358 +#: sssd.conf.5.xml:1359 msgid "pwfield (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1361 +#: sssd.conf.5.xml:1362 msgid "" "The value that NSS operations that return users or groups will return for " "the <quote>password</quote> field." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1366 +#: sssd.conf.5.xml:1367 #, fuzzy #| msgid "Default: <quote>permit</quote>" msgid "Default: <quote>*</quote>" msgstr "Per defecte: <quote>permit</quote>" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1369 +#: sssd.conf.5.xml:1370 msgid "" "Note: This option can also be set per-domain which overwrites the value in " "[nss] section." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1373 +#: sssd.conf.5.xml:1374 msgid "" "Default: <quote>not set</quote> (remote domains), <phrase " "condition=\"with_files_provider\"> <quote>x</quote> (the files domain), </" @@ -1808,12 +1808,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:1385 +#: sssd.conf.5.xml:1386 msgid "PAM configuration options" msgstr "Opcions de configuració del PAM" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:1387 +#: sssd.conf.5.xml:1388 msgid "" "These options can be used to configure the Pluggable Authentication Module " "(PAM) service." @@ -1822,12 +1822,12 @@ msgstr "" "(Pluggable Authentication Module)." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1392 +#: sssd.conf.5.xml:1393 msgid "offline_credentials_expiration (integer)" msgstr "offline_credentials_expiration (enter)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1395 +#: sssd.conf.5.xml:1396 msgid "" "If the authentication provider is offline, how long should we allow cached " "logins (in days since the last successful online login)." @@ -1837,17 +1837,17 @@ msgstr "" "de sessió)." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1400 sssd.conf.5.xml:1413 +#: sssd.conf.5.xml:1401 sssd.conf.5.xml:1414 msgid "Default: 0 (No limit)" msgstr "Per defecte: 0 (sense límit)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1406 +#: sssd.conf.5.xml:1407 msgid "offline_failed_login_attempts (integer)" msgstr "offline_failed_login_attempts (enter)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1409 +#: sssd.conf.5.xml:1410 msgid "" "If the authentication provider is offline, how many failed login attempts " "are allowed." @@ -1856,12 +1856,12 @@ msgstr "" "fallits es permet." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1419 +#: sssd.conf.5.xml:1420 msgid "offline_failed_login_delay (integer)" msgstr "offline_failed_login_delay (enter)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1422 +#: sssd.conf.5.xml:1423 msgid "" "The time in minutes which has to pass after offline_failed_login_attempts " "has been reached before a new login attempt is possible." @@ -1871,7 +1871,7 @@ msgstr "" "possible." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1427 +#: sssd.conf.5.xml:1428 msgid "" "If set to 0 the user cannot authenticate offline if " "offline_failed_login_attempts has been reached. Only a successful online " @@ -1879,17 +1879,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1433 sssd.conf.5.xml:1543 +#: sssd.conf.5.xml:1434 sssd.conf.5.xml:1544 msgid "Default: 5" msgstr "Per defecte: 5" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1439 +#: sssd.conf.5.xml:1440 msgid "pam_verbosity (integer)" msgstr "pam_verbosity (enter)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1442 +#: sssd.conf.5.xml:1443 msgid "" "Controls what kind of messages are shown to the user during authentication. " "The higher the number to more messages are displayed." @@ -1898,45 +1898,45 @@ msgstr "" "l'autenticació. Com més gran sigui el nombre més missatges es mostren." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1447 +#: sssd.conf.5.xml:1448 msgid "Currently sssd supports the following values:" msgstr "L'sssd actualment admet els següents valors:" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1450 +#: sssd.conf.5.xml:1451 msgid "<emphasis>0</emphasis>: do not show any message" msgstr "<emphasis>0</emphasis>: no mostris cap missatge" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1453 +#: sssd.conf.5.xml:1454 msgid "<emphasis>1</emphasis>: show only important messages" msgstr "<emphasis>1</emphasis>: Mostra només missatges importants" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1457 +#: sssd.conf.5.xml:1458 msgid "<emphasis>2</emphasis>: show informational messages" msgstr "<emphasis>2</emphasis>: Mostra missatges informatius" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1460 +#: sssd.conf.5.xml:1461 msgid "<emphasis>3</emphasis>: show all messages and debug information" msgstr "" "<emphasis>3</emphasis>: Mostra tots els missatges i informació de depuració" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1464 sssd.8.xml:63 +#: sssd.conf.5.xml:1465 sssd.8.xml:63 msgid "Default: 1" msgstr "Per defecte: 1" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1470 +#: sssd.conf.5.xml:1471 #, fuzzy #| msgid "ad_access_filter (string)" msgid "pam_response_filter (string)" msgstr "ad_access_filter (cadena)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1473 +#: sssd.conf.5.xml:1474 msgid "" "A comma separated list of strings which allows to remove (filter) data sent " "by the PAM responder to pam_sss PAM module. There are different kind of " @@ -1945,51 +1945,51 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1481 +#: sssd.conf.5.xml:1482 msgid "" "While messages already can be controlled with the help of the pam_verbosity " "option this option allows to filter out other kind of responses as well." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1488 +#: sssd.conf.5.xml:1489 msgid "ENV" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1489 +#: sssd.conf.5.xml:1490 msgid "Do not send any environment variables to any service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1492 +#: sssd.conf.5.xml:1493 msgid "ENV:var_name" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1493 +#: sssd.conf.5.xml:1494 msgid "Do not send environment variable var_name to any service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1497 +#: sssd.conf.5.xml:1498 msgid "ENV:var_name:service" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1498 +#: sssd.conf.5.xml:1499 msgid "Do not send environment variable var_name to service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1486 +#: sssd.conf.5.xml:1487 msgid "" "Currently the following filters are supported: <placeholder " "type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1505 +#: sssd.conf.5.xml:1506 msgid "" "The list of strings can either be the list of filters which would set this " "list of filters and overwrite the defaults. Or each element of the list can " @@ -2000,23 +2000,23 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1516 +#: sssd.conf.5.xml:1517 msgid "Default: ENV:KRB5CCNAME:sudo, ENV:KRB5CCNAME:sudo-i" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1519 +#: sssd.conf.5.xml:1520 msgid "" "Example: -ENV:KRB5CCNAME:sudo-i will remove the filter from the default list" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1526 +#: sssd.conf.5.xml:1527 msgid "pam_id_timeout (integer)" msgstr "pam_id_timeout (enter)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1529 +#: sssd.conf.5.xml:1530 msgid "" "For any PAM request while SSSD is online, the SSSD will attempt to " "immediately update the cached identity information for the user in order to " @@ -2028,7 +2028,7 @@ msgstr "" "l'última informació." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1535 +#: sssd.conf.5.xml:1536 msgid "" "A complete PAM conversation may perform multiple PAM requests, such as " "account management and session opening. This option controls (on a per-" @@ -2042,17 +2042,17 @@ msgstr "" "excessives al proveïdor d'identitat." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1549 +#: sssd.conf.5.xml:1550 msgid "pam_pwd_expiration_warning (integer)" msgstr "pam_pwd_expiration_warning (enter)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1552 sssd.conf.5.xml:2987 +#: sssd.conf.5.xml:1553 sssd.conf.5.xml:2988 msgid "Display a warning N days before the password expires." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1555 +#: sssd.conf.5.xml:1556 msgid "" "Please note that the backend server has to provide information about the " "expiration time of the password. If this information is missing, sssd " @@ -2060,31 +2060,31 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1561 sssd.conf.5.xml:2990 +#: sssd.conf.5.xml:1562 sssd.conf.5.xml:2991 msgid "" "If zero is set, then this filter is not applied, i.e. if the expiration " "warning was received from backend server, it will automatically be displayed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1566 +#: sssd.conf.5.xml:1567 msgid "" "This setting can be overridden by setting <emphasis>pwd_expiration_warning</" "emphasis> for a particular domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1571 sssd.conf.5.xml:3976 sssd-ldap.5.xml:606 sssd.8.xml:79 +#: sssd.conf.5.xml:1572 sssd.conf.5.xml:3977 sssd-ldap.5.xml:606 sssd.8.xml:79 msgid "Default: 0" msgstr "Per defecte: 0" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1588 +#: sssd.conf.5.xml:1589 msgid "pam_trusted_users (string)" msgstr "pam_trusted_users (cadena)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1591 +#: sssd.conf.5.xml:1592 msgid "" "Specifies the comma-separated list of UID values or user names that are " "allowed to run PAM conversations against trusted domains. Users not " @@ -2094,75 +2094,75 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1601 +#: sssd.conf.5.xml:1602 msgid "Default: All users are considered trusted by default" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1605 +#: sssd.conf.5.xml:1606 msgid "" "Please note that UID 0 is always allowed to access the PAM responder even in " "case it is not in the pam_trusted_users list." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1612 +#: sssd.conf.5.xml:1613 msgid "pam_public_domains (string)" msgstr "pam_public_domains (cadena)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1615 +#: sssd.conf.5.xml:1616 msgid "" "Specifies the comma-separated list of domain names that are accessible even " "to untrusted users." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1619 +#: sssd.conf.5.xml:1620 msgid "Two special values for pam_public_domains option are defined:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1623 +#: sssd.conf.5.xml:1624 msgid "" "all (Untrusted users are allowed to access all domains in PAM responder.)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1627 +#: sssd.conf.5.xml:1628 msgid "" "none (Untrusted users are not allowed to access any domains PAM in " "responder.)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1631 sssd.conf.5.xml:1656 sssd.conf.5.xml:1675 -#: sssd.conf.5.xml:1912 sssd.conf.5.xml:2732 sssd.conf.5.xml:3905 +#: sssd.conf.5.xml:1632 sssd.conf.5.xml:1657 sssd.conf.5.xml:1676 +#: sssd.conf.5.xml:1913 sssd.conf.5.xml:2733 sssd.conf.5.xml:3906 #: sssd-ldap.5.xml:1207 msgid "Default: none" msgstr "Per defecte: none" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1636 +#: sssd.conf.5.xml:1637 msgid "pam_account_expired_message (string)" msgstr "pam_account_expired_message (cadena)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1639 +#: sssd.conf.5.xml:1640 msgid "" "Allows a custom expiration message to be set, replacing the default " "'Permission denied' message." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1644 +#: sssd.conf.5.xml:1645 msgid "" "Note: Please be aware that message is only printed for the SSH service " "unless pam_verbosity is set to 3 (show all messages and debug information)." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1652 +#: sssd.conf.5.xml:1653 #, no-wrap msgid "" "pam_account_expired_message = Account expired, please contact help desk.\n" @@ -2170,19 +2170,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1661 +#: sssd.conf.5.xml:1662 msgid "pam_account_locked_message (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1664 +#: sssd.conf.5.xml:1665 msgid "" "Allows a custom lockout message to be set, replacing the default 'Permission " "denied' message." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1671 +#: sssd.conf.5.xml:1672 #, no-wrap msgid "" "pam_account_locked_message = Account locked, please contact help desk.\n" @@ -2190,19 +2190,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1680 +#: sssd.conf.5.xml:1681 #, fuzzy #| msgid "ldap_chpass_update_last_change (bool)" msgid "pam_passkey_auth (bool)" msgstr "ldap_chpass_update_last_change (booleà)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1683 +#: sssd.conf.5.xml:1684 msgid "Enable passkey device based authentication." msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1686 sssd.conf.5.xml:1697 sssd.conf.5.xml:1711 +#: sssd.conf.5.xml:1687 sssd.conf.5.xml:1698 sssd.conf.5.xml:1712 #: sssd-ldap.5.xml:671 sssd-ldap.5.xml:692 sssd-ldap.5.xml:788 #: sssd-ldap.5.xml:1293 sssd-ad.5.xml:505 sssd-ad.5.xml:581 sssd-ad.5.xml:1126 #: sssd-ad.5.xml:1175 include/ldap_id_mapping.xml:250 @@ -2210,22 +2210,22 @@ msgid "Default: False" msgstr "Per defecte: False" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1691 +#: sssd.conf.5.xml:1692 msgid "passkey_debug_libfido2 (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1694 +#: sssd.conf.5.xml:1695 msgid "Enable libfido2 library debug messages." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1702 +#: sssd.conf.5.xml:1703 msgid "pam_cert_auth (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1705 +#: sssd.conf.5.xml:1706 msgid "" "Enable certificate based Smartcard authentication. Since this requires " "additional communication with the Smartcard which will delay the " @@ -2233,36 +2233,36 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1716 +#: sssd.conf.5.xml:1717 msgid "pam_cert_db_path (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1719 +#: sssd.conf.5.xml:1720 msgid "The path to the certificate database." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1722 sssd.conf.5.xml:2247 sssd.conf.5.xml:4308 +#: sssd.conf.5.xml:1723 sssd.conf.5.xml:2248 sssd.conf.5.xml:4354 msgid "Default:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1724 sssd.conf.5.xml:2249 +#: sssd.conf.5.xml:1725 sssd.conf.5.xml:2250 msgid "" "/etc/sssd/pki/sssd_auth_ca_db.pem (path to a file with trusted CA " "certificates in PEM format)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1734 +#: sssd.conf.5.xml:1735 #, fuzzy #| msgid "ldap_user_certificate (string)" msgid "pam_cert_verification (string)" msgstr "ldap_user_certificate (cadena)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1737 +#: sssd.conf.5.xml:1738 msgid "" "With this parameter the PAM certificate verification can be tuned with a " "comma separated list of options that override the " @@ -2272,7 +2272,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1748 +#: sssd.conf.5.xml:1749 #, fuzzy, no-wrap #| msgid "" #| "ad_gpo_map_service = +my_pam_service\n" @@ -2285,61 +2285,61 @@ msgstr "" " " #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1752 +#: sssd.conf.5.xml:1753 msgid "" "Default: not set, i.e. use default <quote>certificate_verification</quote> " "option defined in <quote>[sssd]</quote> section." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1759 +#: sssd.conf.5.xml:1760 msgid "p11_child_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1762 +#: sssd.conf.5.xml:1763 msgid "How many seconds will pam_sss wait for p11_child to finish." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1771 +#: sssd.conf.5.xml:1772 #, fuzzy #| msgid "pam_id_timeout (integer)" msgid "passkey_child_timeout (integer)" msgstr "pam_id_timeout (enter)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1774 +#: sssd.conf.5.xml:1775 msgid "" "How many seconds will the PAM responder wait for passkey_child to finish." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1783 +#: sssd.conf.5.xml:1784 msgid "pam_app_services (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1786 +#: sssd.conf.5.xml:1787 msgid "" "Which PAM services are permitted to contact domains of type " "<quote>application</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1795 +#: sssd.conf.5.xml:1796 msgid "pam_p11_allowed_services (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1798 +#: sssd.conf.5.xml:1799 msgid "" "A comma-separated list of PAM service names for which it will be allowed to " "use Smartcards." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1813 +#: sssd.conf.5.xml:1814 #, no-wrap msgid "" "pam_p11_allowed_services = +my_pam_service, -login\n" @@ -2347,7 +2347,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1802 +#: sssd.conf.5.xml:1803 msgid "" "It is possible to add another PAM service name to the default set by using " "<quote>+service_name</quote> or to explicitly remove a PAM service name from " @@ -2359,63 +2359,63 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1817 sssd-ad.5.xml:644 sssd-ad.5.xml:753 sssd-ad.5.xml:811 +#: sssd.conf.5.xml:1818 sssd-ad.5.xml:644 sssd-ad.5.xml:753 sssd-ad.5.xml:811 #: sssd-ad.5.xml:869 sssd-ad.5.xml:947 msgid "Default: the default set of PAM service names includes:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1822 sssd-ad.5.xml:648 +#: sssd.conf.5.xml:1823 sssd-ad.5.xml:648 msgid "login" msgstr "login" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1827 sssd-ad.5.xml:653 +#: sssd.conf.5.xml:1828 sssd-ad.5.xml:653 msgid "su" msgstr "su" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1832 sssd-ad.5.xml:658 +#: sssd.conf.5.xml:1833 sssd-ad.5.xml:658 msgid "su-l" msgstr "su-l" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1837 sssd-ad.5.xml:673 +#: sssd.conf.5.xml:1838 sssd-ad.5.xml:673 msgid "gdm-smartcard" msgstr "gdm-smartcard" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1842 sssd-ad.5.xml:668 +#: sssd.conf.5.xml:1843 sssd-ad.5.xml:668 msgid "gdm-password" msgstr "gdm-password" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1847 sssd-ad.5.xml:678 +#: sssd.conf.5.xml:1848 sssd-ad.5.xml:678 msgid "kdm" msgstr "kdm" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1852 sssd-ad.5.xml:956 +#: sssd.conf.5.xml:1853 sssd-ad.5.xml:956 msgid "sudo" msgstr "sudo" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1857 sssd-ad.5.xml:961 +#: sssd.conf.5.xml:1858 sssd-ad.5.xml:961 msgid "sudo-i" msgstr "sudo-i" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1862 +#: sssd.conf.5.xml:1863 msgid "gnome-screensaver" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1870 +#: sssd.conf.5.xml:1871 msgid "p11_wait_for_card_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1873 +#: sssd.conf.5.xml:1874 msgid "" "If Smartcard authentication is required how many extra seconds in addition " "to p11_child_timeout should the PAM responder wait until a Smartcard is " @@ -2423,12 +2423,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1884 +#: sssd.conf.5.xml:1885 msgid "p11_uri (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1887 +#: sssd.conf.5.xml:1888 msgid "" "PKCS#11 URI (see RFC-7512 for details) which can be used to restrict the " "selection of devices used for Smartcard authentication. By default SSSD's " @@ -2439,7 +2439,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1900 +#: sssd.conf.5.xml:1901 #, no-wrap msgid "" "p11_uri = pkcs11:slot-description=My%20Smartcard%20Reader\n" @@ -2447,7 +2447,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1904 +#: sssd.conf.5.xml:1905 #, no-wrap msgid "" "p11_uri = pkcs11:library-description=OpenSC%20smartcard%20framework;slot-id=2\n" @@ -2455,7 +2455,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1898 +#: sssd.conf.5.xml:1899 msgid "" "Example: <placeholder type=\"programlisting\" id=\"0\"/> or <placeholder " "type=\"programlisting\" id=\"1\"/> To find suitable URI please check the " @@ -2464,47 +2464,47 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1917 +#: sssd.conf.5.xml:1918 msgid "pam_initgroups_scheme" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1925 +#: sssd.conf.5.xml:1926 msgid "always" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1926 +#: sssd.conf.5.xml:1927 msgid "" "Always do an online lookup, please note that pam_id_timeout still applies" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1930 +#: sssd.conf.5.xml:1931 msgid "no_session" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1931 +#: sssd.conf.5.xml:1932 msgid "" "Only do an online lookup if there is no active session of the user, i.e. if " "the user is currently not logged in" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1936 +#: sssd.conf.5.xml:1937 msgid "never" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1937 +#: sssd.conf.5.xml:1938 msgid "" "Never force an online lookup, use the data from the cache as long as they " "are not expired" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1920 +#: sssd.conf.5.xml:1921 msgid "" "The PAM responder can force an online lookup to get the current group " "memberships of the user trying to log in. This option controls when this " @@ -2513,19 +2513,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1944 +#: sssd.conf.5.xml:1945 msgid "Default: no_session" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1949 sssd.conf.5.xml:4247 +#: sssd.conf.5.xml:1950 sssd.conf.5.xml:4293 #, fuzzy #| msgid "ad_gpo_map_service (string)" msgid "pam_gssapi_services" msgstr "ad_gpo_map_service (cadena)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1952 +#: sssd.conf.5.xml:1953 #, fuzzy #| msgid "Comma separated list of users who are allowed to log in." msgid "" @@ -2535,13 +2535,13 @@ msgstr "" "Llista separada per comes dels usuaris a qui se'ls permet iniciar la sessió." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1957 +#: sssd.conf.5.xml:1958 msgid "" "To disable GSSAPI authentication, set this option to <quote>-</quote> (dash)." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1961 sssd.conf.5.xml:1992 sssd.conf.5.xml:2030 +#: sssd.conf.5.xml:1962 sssd.conf.5.xml:1993 sssd.conf.5.xml:2031 msgid "" "Note: This option can also be set per-domain which overwrites the value in " "[pam] section. It can also be set for trusted domain which overwrites the " @@ -2549,7 +2549,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1969 +#: sssd.conf.5.xml:1970 #, fuzzy, no-wrap #| msgid "" #| "ad_gpo_map_service = +my_pam_service\n" @@ -2562,22 +2562,22 @@ msgstr "" " " #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1967 sssd.conf.5.xml:3899 +#: sssd.conf.5.xml:1968 sssd.conf.5.xml:3900 msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>" msgstr "Exemple: <placeholder type=\"programlisting\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1973 +#: sssd.conf.5.xml:1974 msgid "Default: - (GSSAPI authentication is disabled)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1978 sssd.conf.5.xml:4248 +#: sssd.conf.5.xml:1979 sssd.conf.5.xml:4294 msgid "pam_gssapi_check_upn" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1981 +#: sssd.conf.5.xml:1982 msgid "" "If True, SSSD will require that the Kerberos user principal that " "successfully authenticated through GSSAPI can be associated with the user " @@ -2585,25 +2585,25 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1988 +#: sssd.conf.5.xml:1989 msgid "" "If False, every user that is able to obtained required service ticket will " "be authenticated." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1998 sssd-ad.5.xml:1266 sss_rpcidmapd.5.xml:76 +#: sssd.conf.5.xml:1999 sssd-ad.5.xml:1266 sss_rpcidmapd.5.xml:76 #: sssd-files.5.xml:145 msgid "Default: True" msgstr "Per defecte: True" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2003 +#: sssd.conf.5.xml:2004 msgid "pam_gssapi_indicators_map" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2006 +#: sssd.conf.5.xml:2007 msgid "" "Comma separated list of authentication indicators required to be present in " "a Kerberos ticket to access a PAM service that is allowed to try GSSAPI " @@ -2611,7 +2611,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2012 +#: sssd.conf.5.xml:2013 msgid "" "Each element of the list can be either an authentication indicator name or a " "pair <quote>service:indicator</quote>. Indicators not prefixed with the PAM " @@ -2626,7 +2626,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2025 +#: sssd.conf.5.xml:2026 msgid "" "To disable GSSAPI authentication indicator check, set this option to <quote>-" "</quote> (dash). To disable the check for a specific PAM service, add " @@ -2634,45 +2634,45 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2036 +#: sssd.conf.5.xml:2037 msgid "" "Following authentication indicators are supported by IPA Kerberos " "deployments:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2039 +#: sssd.conf.5.xml:2040 msgid "" "pkinit -- pre-authentication using X.509 certificates -- whether stored in " "files or on smart cards." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2042 +#: sssd.conf.5.xml:2043 msgid "" "hardened -- SPAKE pre-authentication or any pre-authentication wrapped in a " "FAST channel." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2045 +#: sssd.conf.5.xml:2046 msgid "radius -- pre-authentication with the help of a RADIUS server." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2048 +#: sssd.conf.5.xml:2049 msgid "" "otp -- pre-authentication using integrated two-factor authentication (2FA or " "one-time password, OTP) in IPA." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2051 +#: sssd.conf.5.xml:2052 msgid "idp -- pre-authentication using external identity provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:2061 +#: sssd.conf.5.xml:2062 #, fuzzy, no-wrap #| msgid "" #| "ad_gpo_map_permit = +my_pam_service, -sudo\n" @@ -2685,7 +2685,7 @@ msgstr "" " " #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2056 +#: sssd.conf.5.xml:2057 msgid "" "Example: to require access to SUDO services only for users which obtained " "their Kerberos tickets with a X.509 certificate pre-authentication (PKINIT), " @@ -2693,7 +2693,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2065 +#: sssd.conf.5.xml:2066 #, fuzzy #| msgid "Default: not set (no substitution for unset home directories)" msgid "Default: not set (use of authentication indicators is not required)" @@ -2702,12 +2702,12 @@ msgstr "" "establerts)" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:2073 +#: sssd.conf.5.xml:2074 msgid "SUDO configuration options" msgstr "Opcions de configuració de SUDO" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2075 +#: sssd.conf.5.xml:2076 msgid "" "These options can be used to configure the sudo service. The detailed " "instructions for configuration of <citerefentry> <refentrytitle>sudo</" @@ -2725,24 +2725,24 @@ msgstr "" "manvolnum> </citerefentry>." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2092 +#: sssd.conf.5.xml:2093 msgid "sudo_timed (bool)" msgstr "sudo_timed (booleà)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2095 +#: sssd.conf.5.xml:2096 msgid "" "Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes " "that implement time-dependent sudoers entries." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2107 +#: sssd.conf.5.xml:2108 msgid "sudo_threshold (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2110 +#: sssd.conf.5.xml:2111 msgid "" "Maximum number of expired rules that can be refreshed at once. If number of " "expired rules is below threshold, those rules are refreshed with " @@ -2752,23 +2752,23 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:2129 +#: sssd.conf.5.xml:2130 msgid "AUTOFS configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2131 +#: sssd.conf.5.xml:2132 msgid "These options can be used to configure the autofs service." msgstr "" "Es poden utilitzar aquestes opcions per configurar el servei de l'autofs." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2135 +#: sssd.conf.5.xml:2136 msgid "autofs_negative_timeout (integer)" msgstr "autofs_negative_timeout (enter)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2138 +#: sssd.conf.5.xml:2139 msgid "" "Specifies for how many seconds should the autofs responder negative cache " "hits (that is, queries for invalid map entries, like nonexistent ones) " @@ -2776,51 +2776,51 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:2154 +#: sssd.conf.5.xml:2155 msgid "SSH configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2156 +#: sssd.conf.5.xml:2157 msgid "These options can be used to configure the SSH service." msgstr "Es poden utilitzar aquestes opcions per configurar el servei de l'SSH." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2160 +#: sssd.conf.5.xml:2161 msgid "ssh_hash_known_hosts (bool)" msgstr "ssh_hash_known_hosts (booleà)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2163 +#: sssd.conf.5.xml:2164 msgid "" "Whether or not to hash host names and addresses in the managed known_hosts " "file." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2172 +#: sssd.conf.5.xml:2173 msgid "ssh_known_hosts_timeout (integer)" msgstr "ssh_known_hosts_timeout (enter)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2175 +#: sssd.conf.5.xml:2176 msgid "" "How many seconds to keep a host in the managed known_hosts file after its " "host keys were requested." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2179 +#: sssd.conf.5.xml:2180 msgid "Default: 180" msgstr "Per defecte: 180" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2184 +#: sssd.conf.5.xml:2185 msgid "ssh_use_certificate_keys (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2187 +#: sssd.conf.5.xml:2188 msgid "" "If set to true the <command>sss_ssh_authorizedkeys</command> will return ssh " "keys derived from the public key of X.509 certificates stored in the user " @@ -2829,12 +2829,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2202 +#: sssd.conf.5.xml:2203 msgid "ssh_use_certificate_matching_rules (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2205 +#: sssd.conf.5.xml:2206 msgid "" "By default the ssh responder will use all available certificate matching " "rules to filter the certificates so that ssh keys are only derived from the " @@ -2844,7 +2844,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2214 +#: sssd.conf.5.xml:2215 msgid "" "There are two special key words 'all_rules' and 'no_rules' which will enable " "all or no rules, respectively. The latter means that no certificates will be " @@ -2852,7 +2852,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2221 +#: sssd.conf.5.xml:2222 msgid "" "If no rules are configured using 'all_rules' will enable a default rule " "which enables all certificates suitable for client authentication. This is " @@ -2861,38 +2861,38 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2228 +#: sssd.conf.5.xml:2229 msgid "" "A non-existing rule name is considered an error. If as a result no rule is " "selected all certificates will be ignored." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2233 +#: sssd.conf.5.xml:2234 msgid "" "Default: not set, equivalent to 'all_rules', all found rules or the default " "rule are used" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2239 +#: sssd.conf.5.xml:2240 msgid "ca_db (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2242 +#: sssd.conf.5.xml:2243 msgid "" "Path to a storage of trusted CA certificates. The option is used to validate " "user certificates before deriving public ssh keys from them." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:2262 +#: sssd.conf.5.xml:2263 msgid "PAC responder configuration options" msgstr "Opcions de configuració del contestador del PAC." #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2264 +#: sssd.conf.5.xml:2265 msgid "" "The PAC responder works together with the authorization data plugin for MIT " "Kerberos sssd_pac_plugin.so and a sub-domain provider. The plugin sends the " @@ -2903,7 +2903,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2273 +#: sssd.conf.5.xml:2274 msgid "" "If the remote user does not exist in the cache, it is created. The UID is " "determined with the help of the SID, trusted domains will have UPGs and the " @@ -2914,25 +2914,25 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2281 +#: sssd.conf.5.xml:2282 msgid "" "If there are SIDs of groups from domains sssd knows about, the user will be " "added to those groups." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2287 +#: sssd.conf.5.xml:2288 msgid "These options can be used to configure the PAC responder." msgstr "" "Es poden utilitzar aquestes opcions per configurar el contestador del PAC." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2291 sssd-ifp.5.xml:66 +#: sssd.conf.5.xml:2292 sssd-ifp.5.xml:66 msgid "allowed_uids (string)" msgstr "allowed_uids (cadena)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2294 +#: sssd.conf.5.xml:2295 msgid "" "Specifies the comma-separated list of UID values or user names that are " "allowed to access the PAC responder. User names are resolved to UIDs at " @@ -2940,12 +2940,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2300 +#: sssd.conf.5.xml:2301 msgid "Default: 0 (only the root user is allowed to access the PAC responder)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2304 +#: sssd.conf.5.xml:2305 msgid "" "Please note that although the UID 0 is used as the default it will be " "overwritten with this option. If you still want to allow the root user to " @@ -2954,26 +2954,26 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2313 +#: sssd.conf.5.xml:2314 msgid "pac_lifetime (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2316 +#: sssd.conf.5.xml:2317 msgid "" "Lifetime of the PAC entry in seconds. As long as the PAC is valid the PAC " "data can be used to determine the group memberships of a user." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2326 +#: sssd.conf.5.xml:2327 #, fuzzy #| msgid "ldap_schema (string)" msgid "pac_check (string)" msgstr "ldap_schema (cadena)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2329 +#: sssd.conf.5.xml:2330 msgid "" "Apply additional checks on the PAC of the Kerberos ticket which is available " "in Active Directory and FreeIPA domains, if configured. Please note that " @@ -2984,24 +2984,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2343 +#: sssd.conf.5.xml:2344 msgid "no_check" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2345 +#: sssd.conf.5.xml:2346 msgid "" "The PAC must not be present and even if it is present no additional checks " "will be done." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2351 +#: sssd.conf.5.xml:2352 msgid "pac_present" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2353 +#: sssd.conf.5.xml:2354 msgid "" "The PAC must be present in the service ticket which SSSD will request with " "the help of the user's TGT. If the PAC is not available the authentication " @@ -3009,24 +3009,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2361 +#: sssd.conf.5.xml:2362 msgid "check_upn" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2363 +#: sssd.conf.5.xml:2364 msgid "" "If the PAC is present check if the user principal name (UPN) information is " "consistent." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2369 +#: sssd.conf.5.xml:2370 msgid "check_upn_allow_missing" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2371 +#: sssd.conf.5.xml:2372 msgid "" "This option should be used together with 'check_upn' and handles the case " "where a UPN is set on the server-side but is not read by SSSD. The typical " @@ -3038,7 +3038,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2383 +#: sssd.conf.5.xml:2384 msgid "" "Currently this option is set by default to avoid regressions in such " "environments. A log message will be added to the system log and SSSD's debug " @@ -3049,41 +3049,41 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2397 +#: sssd.conf.5.xml:2398 msgid "upn_dns_info_present" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2399 +#: sssd.conf.5.xml:2400 msgid "The PAC must contain the UPN-DNS-INFO buffer, implies 'check_upn'." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2404 +#: sssd.conf.5.xml:2405 msgid "check_upn_dns_info_ex" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2406 +#: sssd.conf.5.xml:2407 msgid "" "If the PAC is present and the extension to the UPN-DNS-INFO buffer is " "available check if the information in the extension is consistent." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2413 +#: sssd.conf.5.xml:2414 msgid "upn_dns_info_ex_present" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2415 +#: sssd.conf.5.xml:2416 msgid "" "The PAC must contain the extension of the UPN-DNS-INFO buffer, implies " "'check_upn_dns_info_ex', 'upn_dns_info_present' and 'check_upn'." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2339 +#: sssd.conf.5.xml:2340 #, fuzzy #| msgid "" #| "The following expansions are supported: <placeholder " @@ -3096,19 +3096,19 @@ msgstr "" "id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2425 +#: sssd.conf.5.xml:2426 msgid "" "Default: no_check (AD and IPA provider 'check_upn, check_upn_allow_missing, " "check_upn_dns_info_ex')" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:2434 +#: sssd.conf.5.xml:2435 msgid "Session recording configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2436 +#: sssd.conf.5.xml:2437 msgid "" "Session recording works in conjunction with <citerefentry> " "<refentrytitle>tlog-rec-session</refentrytitle> <manvolnum>8</manvolnum> </" @@ -3118,66 +3118,66 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2449 +#: sssd.conf.5.xml:2450 msgid "These options can be used to configure session recording." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2453 sssd-session-recording.5.xml:64 +#: sssd.conf.5.xml:2454 sssd-session-recording.5.xml:64 msgid "scope (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2460 sssd-session-recording.5.xml:71 +#: sssd.conf.5.xml:2461 sssd-session-recording.5.xml:71 msgid "\"none\"" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2463 sssd-session-recording.5.xml:74 +#: sssd.conf.5.xml:2464 sssd-session-recording.5.xml:74 msgid "No users are recorded." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2468 sssd-session-recording.5.xml:79 +#: sssd.conf.5.xml:2469 sssd-session-recording.5.xml:79 msgid "\"some\"" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2471 sssd-session-recording.5.xml:82 +#: sssd.conf.5.xml:2472 sssd-session-recording.5.xml:82 msgid "" "Users/groups specified by <replaceable>users</replaceable> and " "<replaceable>groups</replaceable> options are recorded." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2480 sssd-session-recording.5.xml:91 +#: sssd.conf.5.xml:2481 sssd-session-recording.5.xml:91 msgid "\"all\"" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2483 sssd-session-recording.5.xml:94 +#: sssd.conf.5.xml:2484 sssd-session-recording.5.xml:94 msgid "All users are recorded." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2456 sssd-session-recording.5.xml:67 +#: sssd.conf.5.xml:2457 sssd-session-recording.5.xml:67 msgid "" "One of the following strings specifying the scope of session recording: " "<placeholder type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2490 sssd-session-recording.5.xml:101 +#: sssd.conf.5.xml:2491 sssd-session-recording.5.xml:101 msgid "Default: \"none\"" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2495 sssd-session-recording.5.xml:106 +#: sssd.conf.5.xml:2496 sssd-session-recording.5.xml:106 msgid "users (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2498 sssd-session-recording.5.xml:109 +#: sssd.conf.5.xml:2499 sssd-session-recording.5.xml:109 msgid "" "A comma-separated list of users which should have session recording enabled. " "Matches user names as returned by NSS. I.e. after the possible space " @@ -3185,17 +3185,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2504 sssd-session-recording.5.xml:115 +#: sssd.conf.5.xml:2505 sssd-session-recording.5.xml:115 msgid "Default: Empty. Matches no users." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2509 sssd-session-recording.5.xml:120 +#: sssd.conf.5.xml:2510 sssd-session-recording.5.xml:120 msgid "groups (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2512 sssd-session-recording.5.xml:123 +#: sssd.conf.5.xml:2513 sssd-session-recording.5.xml:123 msgid "" "A comma-separated list of groups, members of which should have session " "recording enabled. Matches group names as returned by NSS. I.e. after the " @@ -3203,7 +3203,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2518 sssd.conf.5.xml:2550 sssd-session-recording.5.xml:129 +#: sssd.conf.5.xml:2519 sssd.conf.5.xml:2551 sssd-session-recording.5.xml:129 #: sssd-session-recording.5.xml:161 msgid "" "NOTE: using this option (having it set to anything) has a considerable " @@ -3212,64 +3212,64 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2525 sssd-session-recording.5.xml:136 +#: sssd.conf.5.xml:2526 sssd-session-recording.5.xml:136 msgid "Default: Empty. Matches no groups." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2530 sssd-session-recording.5.xml:141 +#: sssd.conf.5.xml:2531 sssd-session-recording.5.xml:141 #, fuzzy #| msgid "simple_deny_users (string)" msgid "exclude_users (string)" msgstr "simple_deny_users (cadena)" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2533 sssd-session-recording.5.xml:144 +#: sssd.conf.5.xml:2534 sssd-session-recording.5.xml:144 msgid "" "A comma-separated list of users to be excluded from recording, only " "applicable with 'scope=all'." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2537 sssd-session-recording.5.xml:148 +#: sssd.conf.5.xml:2538 sssd-session-recording.5.xml:148 #, fuzzy #| msgid "Default: empty, i.e. ldap_uri is used." msgid "Default: Empty. No users excluded." msgstr "Per defecte: buit, és a dir, s'utilitza ldap_uri." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2542 sssd-session-recording.5.xml:153 +#: sssd.conf.5.xml:2543 sssd-session-recording.5.xml:153 #, fuzzy #| msgid "simple_deny_groups (string)" msgid "exclude_groups (string)" msgstr "simple_deny_groups (cadena)" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2545 sssd-session-recording.5.xml:156 +#: sssd.conf.5.xml:2546 sssd-session-recording.5.xml:156 msgid "" "A comma-separated list of groups, members of which should be excluded from " "recording. Only applicable with 'scope=all'." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2557 sssd-session-recording.5.xml:168 +#: sssd.conf.5.xml:2558 sssd-session-recording.5.xml:168 #, fuzzy #| msgid "Default: empty, i.e. ldap_uri is used." msgid "Default: Empty. No groups excluded." msgstr "Per defecte: buit, és a dir, s'utilitza ldap_uri." #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:2567 +#: sssd.conf.5.xml:2568 msgid "DOMAIN SECTIONS" msgstr "SECCIONS DE DOMINI" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2574 +#: sssd.conf.5.xml:2575 msgid "enabled" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2577 +#: sssd.conf.5.xml:2578 msgid "" "Explicitly enable or disable the domain. If <quote>true</quote>, the domain " "is always <quote>enabled</quote>. If <quote>false</quote>, the domain is " @@ -3279,12 +3279,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2589 +#: sssd.conf.5.xml:2590 msgid "domain_type (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2592 +#: sssd.conf.5.xml:2593 msgid "" "Specifies whether the domain is meant to be used by POSIX-aware clients such " "as the Name Service Switch or by applications that do not need POSIX data to " @@ -3293,14 +3293,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2600 +#: sssd.conf.5.xml:2601 msgid "" "Allowed values for this option are <quote>posix</quote> and " "<quote>application</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2604 +#: sssd.conf.5.xml:2605 msgid "" "POSIX domains are reachable by all services. Application domains are only " "reachable from the InfoPipe responder (see <citerefentry> " @@ -3309,31 +3309,31 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2612 +#: sssd.conf.5.xml:2613 msgid "" "NOTE: The application domains are currently well tested with " "<quote>id_provider=ldap</quote> only." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2616 +#: sssd.conf.5.xml:2617 msgid "" "For an easy way to configure a non-POSIX domains, please see the " "<quote>Application domains</quote> section." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2620 +#: sssd.conf.5.xml:2621 msgid "Default: posix" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2626 +#: sssd.conf.5.xml:2627 msgid "min_id,max_id (integer)" msgstr "min_id, max_id (enter)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2629 +#: sssd.conf.5.xml:2630 msgid "" "UID and GID limits for the domain. If a domain contains an entry that is " "outside these limits, it is ignored." @@ -3342,7 +3342,7 @@ msgstr "" "fora d'aquests límits, s'ignora." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2634 +#: sssd.conf.5.xml:2635 msgid "" "For users, this affects the primary GID limit. The user will not be returned " "to NSS if either the UID or the primary GID is outside the range. For non-" @@ -3355,24 +3355,24 @@ msgstr "" "com s'esperava." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2641 +#: sssd.conf.5.xml:2642 msgid "" "These ID limits affect even saving entries to cache, not only returning them " "by name or ID." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2645 +#: sssd.conf.5.xml:2646 msgid "Default: 1 for min_id, 0 (no limit) for max_id" msgstr "Per defecte: 1 per a min_id, 0 (sense límit) per a max_id" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2651 +#: sssd.conf.5.xml:2652 msgid "enumerate (bool)" msgstr "enumerate (booleà)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2654 +#: sssd.conf.5.xml:2655 msgid "" "Determines if a domain can be enumerated, that is, whether the domain can " "list all the users and group it contains. Note that it is not required to " @@ -3381,29 +3381,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2662 +#: sssd.conf.5.xml:2663 msgid "TRUE = Users and groups are enumerated" msgstr "TRUE = Els usuaris i grups s'enumeren" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2665 +#: sssd.conf.5.xml:2666 msgid "FALSE = No enumerations for this domain" msgstr "FALSE = Cap enumeració per a aquest domini" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2668 sssd.conf.5.xml:2942 sssd.conf.5.xml:3119 +#: sssd.conf.5.xml:2669 sssd.conf.5.xml:2943 sssd.conf.5.xml:3120 msgid "Default: FALSE" msgstr "Per defecte: FALSE" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2671 +#: sssd.conf.5.xml:2672 msgid "" "Enumerating a domain requires SSSD to download and store ALL user and group " "entries from the remote server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2676 +#: sssd.conf.5.xml:2677 msgid "" "Note: Enabling enumeration has a moderate performance impact on SSSD while " "enumeration is running. It may take up to several minutes after SSSD startup " @@ -3417,7 +3417,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2691 +#: sssd.conf.5.xml:2692 msgid "" "While the first enumeration is running, requests for the complete user or " "group lists may return no results until it completes." @@ -3427,7 +3427,7 @@ msgstr "" "finalitzi." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2696 +#: sssd.conf.5.xml:2697 msgid "" "Further, enabling enumeration may increase the time necessary to detect " "network disconnection, as longer timeouts are required to ensure that " @@ -3441,39 +3441,39 @@ msgstr "" "ús." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2704 +#: sssd.conf.5.xml:2705 msgid "" "For the reasons cited above, enabling enumeration is not recommended, " "especially in large environments." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2712 +#: sssd.conf.5.xml:2713 msgid "subdomain_enumerate (string)" msgstr "subdomain_enumerate (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2719 +#: sssd.conf.5.xml:2720 msgid "all" msgstr "all" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2720 +#: sssd.conf.5.xml:2721 msgid "All discovered trusted domains will be enumerated" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2723 +#: sssd.conf.5.xml:2724 msgid "none" msgstr "none" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2724 +#: sssd.conf.5.xml:2725 msgid "No discovered trusted domains will be enumerated" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2715 +#: sssd.conf.5.xml:2716 msgid "" "Whether any of autodetected trusted domains should be enumerated. The " "supported values are: <placeholder type=\"variablelist\" id=\"0\"/> " @@ -3482,12 +3482,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2738 +#: sssd.conf.5.xml:2739 msgid "entry_cache_timeout (integer)" msgstr "entry_cache_timeout (enter)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2741 +#: sssd.conf.5.xml:2742 msgid "" "How many seconds should nss_sss consider entries valid before asking the " "backend again" @@ -3496,7 +3496,7 @@ msgstr "" "demanar al rerefons una altra vegada" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2745 +#: sssd.conf.5.xml:2746 msgid "" "The cache expiration timestamps are stored as attributes of individual " "objects in the cache. Therefore, changing the cache timeout only has effect " @@ -3507,139 +3507,139 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2758 +#: sssd.conf.5.xml:2759 msgid "Default: 5400" msgstr "Per defecte: 5400" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2764 +#: sssd.conf.5.xml:2765 msgid "entry_cache_user_timeout (integer)" msgstr "entry_cache_user_timeout (enter)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2767 +#: sssd.conf.5.xml:2768 msgid "" "How many seconds should nss_sss consider user entries valid before asking " "the backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2771 sssd.conf.5.xml:2784 sssd.conf.5.xml:2797 -#: sssd.conf.5.xml:2810 sssd.conf.5.xml:2824 sssd.conf.5.xml:2837 -#: sssd.conf.5.xml:2851 sssd.conf.5.xml:2865 sssd.conf.5.xml:2878 +#: sssd.conf.5.xml:2772 sssd.conf.5.xml:2785 sssd.conf.5.xml:2798 +#: sssd.conf.5.xml:2811 sssd.conf.5.xml:2825 sssd.conf.5.xml:2838 +#: sssd.conf.5.xml:2852 sssd.conf.5.xml:2866 sssd.conf.5.xml:2879 msgid "Default: entry_cache_timeout" msgstr "Per defecte: entry_cache_timeout" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2777 +#: sssd.conf.5.xml:2778 msgid "entry_cache_group_timeout (integer)" msgstr "entry_cache_group_timeout (enter)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2780 +#: sssd.conf.5.xml:2781 msgid "" "How many seconds should nss_sss consider group entries valid before asking " "the backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2790 +#: sssd.conf.5.xml:2791 msgid "entry_cache_netgroup_timeout (integer)" msgstr "entry_cache_netgroup_timeout (enter)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2793 +#: sssd.conf.5.xml:2794 msgid "" "How many seconds should nss_sss consider netgroup entries valid before " "asking the backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2803 +#: sssd.conf.5.xml:2804 msgid "entry_cache_service_timeout (integer)" msgstr "entry_cache_service_timeout (enter)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2806 +#: sssd.conf.5.xml:2807 msgid "" "How many seconds should nss_sss consider service entries valid before asking " "the backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2816 +#: sssd.conf.5.xml:2817 msgid "entry_cache_resolver_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2819 +#: sssd.conf.5.xml:2820 msgid "" "How many seconds should nss_sss consider hosts and networks entries valid " "before asking the backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2830 +#: sssd.conf.5.xml:2831 msgid "entry_cache_sudo_timeout (integer)" msgstr "entry_cache_sudo_timeout (enter)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2833 +#: sssd.conf.5.xml:2834 msgid "" "How many seconds should sudo consider rules valid before asking the backend " "again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2843 +#: sssd.conf.5.xml:2844 msgid "entry_cache_autofs_timeout (integer)" msgstr "entry_cache_autofs_timeout (enter)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2846 +#: sssd.conf.5.xml:2847 msgid "" "How many seconds should the autofs service consider automounter maps valid " "before asking the backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2857 +#: sssd.conf.5.xml:2858 msgid "entry_cache_ssh_host_timeout (integer)" msgstr "entry_cache_ssh_host_timeout (enter)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2860 +#: sssd.conf.5.xml:2861 msgid "" "How many seconds to keep a host ssh key after refresh. IE how long to cache " "the host key for." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2871 +#: sssd.conf.5.xml:2872 msgid "entry_cache_computer_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2874 +#: sssd.conf.5.xml:2875 msgid "" "How many seconds to keep the local computer entry before asking the backend " "again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2884 +#: sssd.conf.5.xml:2885 msgid "refresh_expired_interval (integer)" msgstr "refresh_expired_interval (enter)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2887 +#: sssd.conf.5.xml:2888 msgid "" "Specifies how many seconds SSSD has to wait before triggering a background " "refresh task which will refresh all expired or nearly expired records." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2892 +#: sssd.conf.5.xml:2893 msgid "" "The background refresh will process users, groups and netgroups in the " "cache. For users who have performed the initgroups (get group membership for " @@ -3648,17 +3648,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2900 +#: sssd.conf.5.xml:2901 msgid "This option is automatically inherited for all trusted domains." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2904 +#: sssd.conf.5.xml:2905 msgid "You can consider setting this value to 3/4 * entry_cache_timeout." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2908 +#: sssd.conf.5.xml:2909 msgid "" "Cache entry will be refreshed by background task when 2/3 of cache timeout " "has already passed. If there are existing cached entries, the background " @@ -3670,18 +3670,18 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2921 sssd-ldap.5.xml:360 sssd-ldap.5.xml:1736 +#: sssd.conf.5.xml:2922 sssd-ldap.5.xml:360 sssd-ldap.5.xml:1736 #: sssd-ipa.5.xml:270 msgid "Default: 0 (disabled)" msgstr "Per defecte: 0 (inhabilitat)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2927 +#: sssd.conf.5.xml:2928 msgid "cache_credentials (bool)" msgstr "cache_credentials (booleà)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2930 +#: sssd.conf.5.xml:2931 #, fuzzy #| msgid "" #| "Determines if user credentials are also cached in the local LDB cache" @@ -3691,7 +3691,7 @@ msgstr "" "cau local de LDB" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2934 +#: sssd.conf.5.xml:2935 msgid "" "Take a note that while credentials are stored as a salted SHA512 hash, this " "still potentially poses some security risk in case an attacker manages to " @@ -3700,12 +3700,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2948 +#: sssd.conf.5.xml:2949 msgid "cache_credentials_minimal_first_factor_length (int)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2951 +#: sssd.conf.5.xml:2952 msgid "" "If 2-Factor-Authentication (2FA) is used and credentials should be saved " "this value determines the minimal length the first authentication factor " @@ -3713,19 +3713,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2958 +#: sssd.conf.5.xml:2959 msgid "" "This should avoid that the short PINs of a PIN based 2FA scheme are saved in " "the cache which would make them easy targets for brute-force attacks." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2969 +#: sssd.conf.5.xml:2970 msgid "account_cache_expiration (integer)" msgstr "account_cache_expiration (enter)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2972 +#: sssd.conf.5.xml:2973 msgid "" "Number of days entries are left in cache after last successful login before " "being removed during a cleanup of the cache. 0 means keep forever. The " @@ -3738,17 +3738,17 @@ msgstr "" "ha de ser superior o igual que offline_credentials_expiration." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2979 +#: sssd.conf.5.xml:2980 msgid "Default: 0 (unlimited)" msgstr "Per defecte: 0 (sense límit)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2984 +#: sssd.conf.5.xml:2985 msgid "pwd_expiration_warning (integer)" msgstr "pwd_expiration_warning (enter)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2995 +#: sssd.conf.5.xml:2996 msgid "" "Please note that the backend server has to provide information about the " "expiration time of the password. If this information is missing, sssd " @@ -3757,28 +3757,28 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3002 +#: sssd.conf.5.xml:3003 msgid "Default: 7 (Kerberos), 0 (LDAP)" msgstr "Per defecte: 7 (Kerberos), 0 (LDAP)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3008 +#: sssd.conf.5.xml:3009 msgid "id_provider (string)" msgstr "id_provider (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3011 +#: sssd.conf.5.xml:3012 msgid "" "The identification provider used for the domain. Supported ID providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3015 +#: sssd.conf.5.xml:3016 msgid "<quote>proxy</quote>: Support a legacy NSS provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3018 +#: sssd.conf.5.xml:3019 msgid "" "<quote>files</quote>: FILES provider. See <citerefentry> <refentrytitle>sssd-" "files</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more " @@ -3786,7 +3786,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3026 +#: sssd.conf.5.xml:3027 msgid "" "<quote>ldap</quote>: LDAP provider. See <citerefentry> <refentrytitle>sssd-" "ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more " @@ -3794,8 +3794,8 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3034 sssd.conf.5.xml:3145 sssd.conf.5.xml:3196 -#: sssd.conf.5.xml:3259 +#: sssd.conf.5.xml:3035 sssd.conf.5.xml:3146 sssd.conf.5.xml:3197 +#: sssd.conf.5.xml:3260 msgid "" "<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management " "provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> " @@ -3804,8 +3804,8 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3043 sssd.conf.5.xml:3154 sssd.conf.5.xml:3205 -#: sssd.conf.5.xml:3268 +#: sssd.conf.5.xml:3044 sssd.conf.5.xml:3155 sssd.conf.5.xml:3206 +#: sssd.conf.5.xml:3269 msgid "" "<quote>ad</quote>: Active Directory provider. See <citerefentry> " "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3813,19 +3813,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3054 +#: sssd.conf.5.xml:3055 msgid "use_fully_qualified_names (bool)" msgstr "use_fully_qualified_names (booleà)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3057 +#: sssd.conf.5.xml:3058 msgid "" "Use the full name and domain (as formatted by the domain's full_name_format) " "as the user's login name reported to NSS." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3062 +#: sssd.conf.5.xml:3063 msgid "" "If set to TRUE, all requests to this domain must use fully qualified names. " "For example, if used in LOCAL domain that contains a \"test\" user, " @@ -3838,7 +3838,7 @@ msgstr "" "l'usuari mentre que <command>getent passwd test@LOCAL</command> sí." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3070 +#: sssd.conf.5.xml:3071 msgid "" "NOTE: This option has no effect on netgroup lookups due to their tendency to " "include nested netgroups without qualified names. For netgroups, all domains " @@ -3846,24 +3846,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3077 +#: sssd.conf.5.xml:3078 msgid "" "Default: FALSE (TRUE for trusted domain/sub-domains or if " "default_domain_suffix is used)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3084 +#: sssd.conf.5.xml:3085 msgid "ignore_group_members (bool)" msgstr "ignore_group_members (booleà)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3087 +#: sssd.conf.5.xml:3088 msgid "Do not return group members for group lookups." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3090 +#: sssd.conf.5.xml:3091 msgid "" "If set to TRUE, the group membership attribute is not requested from the " "ldap server, and group members are not returned when processing group lookup " @@ -3875,7 +3875,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3108 +#: sssd.conf.5.xml:3109 msgid "" "Enabling this option can also make access provider checks for group " "membership significantly faster, especially for groups containing many " @@ -3883,7 +3883,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3114 sssd.conf.5.xml:3821 sssd-ldap.5.xml:326 +#: sssd.conf.5.xml:3115 sssd.conf.5.xml:3822 sssd-ldap.5.xml:326 #: sssd-ldap.5.xml:355 sssd-ldap.5.xml:408 sssd-ldap.5.xml:468 #: sssd-ldap.5.xml:489 sssd-ldap.5.xml:520 sssd-ldap.5.xml:543 #: sssd-ldap.5.xml:582 sssd-ldap.5.xml:601 sssd-ldap.5.xml:625 @@ -3894,12 +3894,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3124 +#: sssd.conf.5.xml:3125 msgid "auth_provider (string)" msgstr "auth_provider (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3127 +#: sssd.conf.5.xml:3128 msgid "" "The authentication provider used for the domain. Supported auth providers " "are:" @@ -3908,7 +3908,7 @@ msgstr "" "d'autenticació suportats són:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3131 sssd.conf.5.xml:3189 +#: sssd.conf.5.xml:3132 sssd.conf.5.xml:3190 msgid "" "<quote>ldap</quote> for native LDAP authentication. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3919,7 +3919,7 @@ msgstr "" "manvolnum></citerefentry> per a més informació sobre configuració d'LDAP." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3138 +#: sssd.conf.5.xml:3139 msgid "" "<quote>krb5</quote> for Kerberos authentication. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3930,7 +3930,7 @@ msgstr "" "manvolnum></citerefentry> per a més informació sobre configurar Kerberos." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3162 +#: sssd.conf.5.xml:3163 msgid "" "<quote>proxy</quote> for relaying authentication to some other PAM target." msgstr "" @@ -3938,12 +3938,12 @@ msgstr "" "de PAM." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3165 +#: sssd.conf.5.xml:3166 msgid "<quote>none</quote> disables authentication explicitly." msgstr "<quote>none</quote> impossibilita l'autenticació explícitament." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3168 +#: sssd.conf.5.xml:3169 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can handle " "authentication requests." @@ -3952,12 +3952,12 @@ msgstr "" "gestionar les sol·licituds d'autenticació." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3174 +#: sssd.conf.5.xml:3175 msgid "access_provider (string)" msgstr "access_provider (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3177 +#: sssd.conf.5.xml:3178 msgid "" "The access control provider used for the domain. There are two built-in " "access providers (in addition to any included in installed backends) " @@ -3968,19 +3968,19 @@ msgstr "" "instal·lats) Els proveïdors especials interns són:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3183 +#: sssd.conf.5.xml:3184 msgid "" "<quote>permit</quote> always allow access. It's the only permitted access " "provider for a local domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3186 +#: sssd.conf.5.xml:3187 msgid "<quote>deny</quote> always deny access." msgstr "<quote>deny</quote> sempre denega l'accés." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3213 +#: sssd.conf.5.xml:3214 msgid "" "<quote>simple</quote> access control based on access or deny lists. See " "<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</" @@ -3993,7 +3993,7 @@ msgstr "" "configuració del mòdul d'accés simple." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3220 +#: sssd.conf.5.xml:3221 msgid "" "<quote>krb5</quote>: .k5login based access control. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum></" @@ -4001,22 +4001,22 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3227 +#: sssd.conf.5.xml:3228 msgid "<quote>proxy</quote> for relaying access control to another PAM module." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3230 +#: sssd.conf.5.xml:3231 msgid "Default: <quote>permit</quote>" msgstr "Per defecte: <quote>permit</quote>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3235 +#: sssd.conf.5.xml:3236 msgid "chpass_provider (string)" msgstr "chpass_provider (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3238 +#: sssd.conf.5.xml:3239 msgid "" "The provider which should handle change password operations for the domain. " "Supported change password providers are:" @@ -4025,7 +4025,7 @@ msgstr "" "al domini. Els proveïdors de canvi de contrasenya compatibles són:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3243 +#: sssd.conf.5.xml:3244 msgid "" "<quote>ldap</quote> to change a password stored in a LDAP server. See " "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" @@ -4033,7 +4033,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3251 +#: sssd.conf.5.xml:3252 msgid "" "<quote>krb5</quote> to change the Kerberos password. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" @@ -4044,7 +4044,7 @@ msgstr "" "manvolnum></citerefentry> per a més informació sobre configurar Kerberos." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3276 +#: sssd.conf.5.xml:3277 msgid "" "<quote>proxy</quote> for relaying password changes to some other PAM target." msgstr "" @@ -4052,12 +4052,12 @@ msgstr "" "objectiu PAM." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3280 +#: sssd.conf.5.xml:3281 msgid "<quote>none</quote> disallows password changes explicitly." msgstr "<quote>none</quote> rebutja els canvis de contrasenya explícitament." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3283 +#: sssd.conf.5.xml:3284 msgid "" "Default: <quote>auth_provider</quote> is used if it is set and can handle " "change password requests." @@ -4066,17 +4066,17 @@ msgstr "" "gestionar peticions de canvi de contrasenya." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3290 +#: sssd.conf.5.xml:3291 msgid "sudo_provider (string)" msgstr "sudo_provider (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3293 +#: sssd.conf.5.xml:3294 msgid "The SUDO provider used for the domain. Supported SUDO providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3297 +#: sssd.conf.5.xml:3298 msgid "" "<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" @@ -4084,32 +4084,32 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3305 +#: sssd.conf.5.xml:3306 msgid "" "<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default " "settings." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3309 +#: sssd.conf.5.xml:3310 msgid "" "<quote>ad</quote> the same as <quote>ldap</quote> but with AD default " "settings." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3313 +#: sssd.conf.5.xml:3314 msgid "<quote>none</quote> disables SUDO explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3316 sssd.conf.5.xml:3402 sssd.conf.5.xml:3472 -#: sssd.conf.5.xml:3497 sssd.conf.5.xml:3533 +#: sssd.conf.5.xml:3317 sssd.conf.5.xml:3403 sssd.conf.5.xml:3473 +#: sssd.conf.5.xml:3498 sssd.conf.5.xml:3534 msgid "Default: The value of <quote>id_provider</quote> is used if it is set." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3320 +#: sssd.conf.5.xml:3321 msgid "" "The detailed instructions for configuration of sudo_provider are in the " "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " @@ -4120,7 +4120,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3335 +#: sssd.conf.5.xml:3336 msgid "" "<emphasis>NOTE:</emphasis> Sudo rules are periodically downloaded in the " "background unless the sudo provider is explicitly disabled. Set " @@ -4129,12 +4129,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3345 +#: sssd.conf.5.xml:3346 msgid "selinux_provider (string)" msgstr "selinux_provider (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3348 +#: sssd.conf.5.xml:3349 msgid "" "The provider which should handle loading of selinux settings. Note that this " "provider will be called right after access provider ends. Supported selinux " @@ -4142,7 +4142,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3354 +#: sssd.conf.5.xml:3355 msgid "" "<quote>ipa</quote> to load selinux settings from an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" @@ -4150,31 +4150,31 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3362 +#: sssd.conf.5.xml:3363 msgid "<quote>none</quote> disallows fetching selinux settings explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3365 +#: sssd.conf.5.xml:3366 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can handle " "selinux loading requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3371 +#: sssd.conf.5.xml:3372 msgid "subdomains_provider (string)" msgstr "subdomains_provider (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3374 +#: sssd.conf.5.xml:3375 msgid "" "The provider which should handle fetching of subdomains. This value should " "be always the same as id_provider. Supported subdomain providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3380 +#: sssd.conf.5.xml:3381 msgid "" "<quote>ipa</quote> to load a list of subdomains from an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" @@ -4182,7 +4182,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3389 +#: sssd.conf.5.xml:3390 msgid "" "<quote>ad</quote> to load a list of subdomains from an Active Directory " "server. See <citerefentry> <refentrytitle>sssd-ad</refentrytitle> " @@ -4191,17 +4191,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3398 +#: sssd.conf.5.xml:3399 msgid "<quote>none</quote> disallows fetching subdomains explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3408 +#: sssd.conf.5.xml:3409 msgid "session_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3411 +#: sssd.conf.5.xml:3412 msgid "" "The provider which configures and manages user session related tasks. The " "only user session task currently provided is the integration with Fleet " @@ -4209,43 +4209,43 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3418 +#: sssd.conf.5.xml:3419 msgid "<quote>ipa</quote> to allow performing user session related tasks." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3422 +#: sssd.conf.5.xml:3423 msgid "" "<quote>none</quote> does not perform any kind of user session related tasks." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3426 +#: sssd.conf.5.xml:3427 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can perform " "session related tasks." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3430 +#: sssd.conf.5.xml:3431 msgid "" "<emphasis>NOTE:</emphasis> In order to have this feature working as expected " "SSSD must be running as \"root\" and not as the unprivileged user." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3438 +#: sssd.conf.5.xml:3439 msgid "autofs_provider (string)" msgstr "autofs_provider (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3441 +#: sssd.conf.5.xml:3442 msgid "" "The autofs provider used for the domain. Supported autofs providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3445 +#: sssd.conf.5.xml:3446 msgid "" "<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" @@ -4253,7 +4253,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3452 +#: sssd.conf.5.xml:3453 msgid "" "<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> " "<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </" @@ -4261,7 +4261,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3460 +#: sssd.conf.5.xml:3461 msgid "" "<quote>ad</quote> to load maps stored in an AD server. See <citerefentry> " "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </" @@ -4269,24 +4269,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3469 +#: sssd.conf.5.xml:3470 msgid "<quote>none</quote> disables autofs explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3479 +#: sssd.conf.5.xml:3480 msgid "hostid_provider (string)" msgstr "hostid_provider (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3482 +#: sssd.conf.5.xml:3483 msgid "" "The provider used for retrieving host identity information. Supported " "hostid providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3486 +#: sssd.conf.5.xml:3487 msgid "" "<quote>ipa</quote> to load host identity stored in an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" @@ -4294,31 +4294,31 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3494 +#: sssd.conf.5.xml:3495 msgid "<quote>none</quote> disables hostid explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3504 +#: sssd.conf.5.xml:3505 msgid "resolver_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3507 +#: sssd.conf.5.xml:3508 msgid "" "The provider which should handle hosts and networks lookups. Supported " "resolver providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3511 +#: sssd.conf.5.xml:3512 msgid "" "<quote>proxy</quote> to forward lookups to another NSS library. See " "<quote>proxy_resolver_lib_name</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3515 +#: sssd.conf.5.xml:3516 msgid "" "<quote>ldap</quote> to fetch hosts and networks stored in LDAP. See " "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" @@ -4326,7 +4326,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3522 +#: sssd.conf.5.xml:3523 msgid "" "<quote>ad</quote> to fetch hosts and networks stored in AD. See " "<citerefentry> <refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</" @@ -4335,12 +4335,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3530 +#: sssd.conf.5.xml:3531 msgid "<quote>none</quote> disallows fetching hosts and networks explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3543 +#: sssd.conf.5.xml:3544 msgid "" "Regular expression for this domain that describes how to parse the string " "containing user name and domain into these components. The \"domain\" can " @@ -4350,24 +4350,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3552 +#: sssd.conf.5.xml:3553 msgid "" "Default: <quote>^((?P<name>.+)@(?P<domain>[^@]*)|(?P<name>" "[^@]+))$</quote> which allows two different styles for user names:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:3557 sssd.conf.5.xml:3571 +#: sssd.conf.5.xml:3558 sssd.conf.5.xml:3572 msgid "username" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:3560 sssd.conf.5.xml:3574 +#: sssd.conf.5.xml:3561 sssd.conf.5.xml:3575 msgid "username@domain.name" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3565 +#: sssd.conf.5.xml:3566 msgid "" "Default for the AD and IPA provider: <quote>^(((?P<domain>[^\\\\]+)\\" "\\(?P<name>.+))|((?P<name>.+)@(?P<domain>[^@]+))|((?P<" @@ -4376,19 +4376,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:3577 +#: sssd.conf.5.xml:3578 msgid "domain\\username" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3580 +#: sssd.conf.5.xml:3581 msgid "" "While the first two correspond to the general default the third one is " "introduced to allow easy integration of users from Windows domains." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3585 +#: sssd.conf.5.xml:3586 msgid "" "The default re_expression uses the <quote>@</quote> character as a separator " "between the name and the domain. As a result of this setting the default " @@ -4398,17 +4398,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3637 +#: sssd.conf.5.xml:3638 msgid "Default: <quote>%1$s@%2$s</quote>." msgstr "Per defecte: <quote>%1$s@%2$s</quote>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3643 +#: sssd.conf.5.xml:3644 msgid "lookup_family_order (string)" msgstr "lookup_family_order (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3646 +#: sssd.conf.5.xml:3647 msgid "" "Provides the ability to select preferred address family to use when " "performing DNS lookups." @@ -4417,76 +4417,76 @@ msgstr "" "realitzar cerques de DNS." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3650 +#: sssd.conf.5.xml:3651 msgid "Supported values:" msgstr "Valors admesos:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3653 +#: sssd.conf.5.xml:3654 msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6" msgstr "ipv4_first: Intenta resoldre l'adreça IPv4, si falla, intenta IPv6" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3656 +#: sssd.conf.5.xml:3657 msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses." msgstr "ipv4_only: Intenta resoldre només noms màquina a adreces IPv4." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3659 +#: sssd.conf.5.xml:3660 msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4" msgstr "ipv6_first: Intenta resoldre l'adreça IPv6, si falla, intenta IPv4" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3662 +#: sssd.conf.5.xml:3663 msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses." msgstr "ipv6_only: Intenta resoldre només noms màquina a adreces IPv6." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3665 +#: sssd.conf.5.xml:3666 msgid "Default: ipv4_first" msgstr "Per defecte: ipv4_first" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3671 +#: sssd.conf.5.xml:3672 #, fuzzy #| msgid "dns_resolver_timeout (integer)" msgid "dns_resolver_server_timeout (integer)" msgstr "dns_resolver_timeout (enter)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3674 +#: sssd.conf.5.xml:3675 msgid "" "Defines the amount of time (in milliseconds) SSSD would try to talk to DNS " "server before trying next DNS server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3679 +#: sssd.conf.5.xml:3680 msgid "" "The AD provider will use this option for the CLDAP ping timeouts as well." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3683 sssd.conf.5.xml:3703 sssd.conf.5.xml:3724 +#: sssd.conf.5.xml:3684 sssd.conf.5.xml:3704 sssd.conf.5.xml:3725 msgid "" "Please see the section <quote>FAILOVER</quote> for more information about " "the service resolution." msgstr "" #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3688 sssd-ldap.5.xml:644 include/failover.xml:84 +#: sssd.conf.5.xml:3689 sssd-ldap.5.xml:644 include/failover.xml:84 msgid "Default: 1000" msgstr "Per defecte: 1000" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3694 +#: sssd.conf.5.xml:3695 #, fuzzy #| msgid "dns_resolver_timeout (integer)" msgid "dns_resolver_op_timeout (integer)" msgstr "dns_resolver_timeout (enter)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3697 +#: sssd.conf.5.xml:3698 msgid "" "Defines the amount of time (in seconds) to wait to resolve single DNS query " "(e.g. resolution of a hostname or an SRV record) before trying the next " @@ -4494,12 +4494,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3714 +#: sssd.conf.5.xml:3715 msgid "dns_resolver_timeout (integer)" msgstr "dns_resolver_timeout (enter)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3717 +#: sssd.conf.5.xml:3718 msgid "" "Defines the amount of time (in seconds) to wait for a reply from the " "internal fail over service before assuming that the service is unreachable. " @@ -4508,14 +4508,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3735 +#: sssd.conf.5.xml:3736 #, fuzzy #| msgid "dns_resolver_timeout (integer)" msgid "dns_resolver_use_search_list (bool)" msgstr "dns_resolver_timeout (enter)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3738 +#: sssd.conf.5.xml:3739 msgid "" "Normally, the DNS resolver searches the domain list defined in the " "\"search\" directive from the resolv.conf file. This can lead to delays in " @@ -4523,7 +4523,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3744 +#: sssd.conf.5.xml:3745 msgid "" "If fully qualified domain names (or _srv_) are used in the SSSD " "configuration, setting this option to FALSE can prevent unnecessary DNS " @@ -4531,17 +4531,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3750 +#: sssd.conf.5.xml:3751 msgid "Default: TRUE" msgstr "Per defecte: TRUE" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3756 +#: sssd.conf.5.xml:3757 msgid "dns_discovery_domain (string)" msgstr "dns_discovery_domain (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3759 +#: sssd.conf.5.xml:3760 msgid "" "If service discovery is used in the back end, specifies the domain part of " "the service discovery DNS query." @@ -4550,52 +4550,52 @@ msgstr "" "del domini de la consulta DNS del servei de descobriment." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3763 +#: sssd.conf.5.xml:3764 msgid "Default: Use the domain part of machine's hostname" msgstr "Per defecte: Utilitza la part del domini del nom de màquina" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3769 +#: sssd.conf.5.xml:3770 msgid "override_gid (integer)" msgstr "override_gid (enter)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3772 +#: sssd.conf.5.xml:3773 msgid "Override the primary GID value with the one specified." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3778 +#: sssd.conf.5.xml:3779 msgid "case_sensitive (string)" msgstr "case_sensitive (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3785 +#: sssd.conf.5.xml:3786 msgid "True" msgstr "True" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3788 +#: sssd.conf.5.xml:3789 msgid "Case sensitive. This value is invalid for AD provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3794 +#: sssd.conf.5.xml:3795 msgid "False" msgstr "False" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3796 +#: sssd.conf.5.xml:3797 msgid "Case insensitive." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3800 +#: sssd.conf.5.xml:3801 msgid "Preserving" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3803 +#: sssd.conf.5.xml:3804 msgid "" "Same as False (case insensitive), but does not lowercase names in the result " "of NSS operations. Note that name aliases (and in case of services also " @@ -4603,14 +4603,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3811 +#: sssd.conf.5.xml:3812 msgid "" "If you want to set this value for trusted domain with IPA provider, you need " "to set it on both the client and SSSD on the server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3781 +#: sssd.conf.5.xml:3782 #, fuzzy #| msgid "" #| "The following expansions are supported: <placeholder " @@ -4623,17 +4623,17 @@ msgstr "" "id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3826 +#: sssd.conf.5.xml:3827 msgid "Default: True (False for AD provider)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3832 +#: sssd.conf.5.xml:3833 msgid "subdomain_inherit (string)" msgstr "subdomain_inherit (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3835 +#: sssd.conf.5.xml:3836 msgid "" "Specifies a list of configuration parameters that should be inherited by a " "subdomain. Please note that only selected parameters can be inherited. " @@ -4641,130 +4641,130 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3841 +#: sssd.conf.5.xml:3842 #, fuzzy #| msgid "ldap_search_timeout (integer)" msgid "ldap_search_timeout" msgstr "ldap_search_timeout (enter)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3844 +#: sssd.conf.5.xml:3845 #, fuzzy #| msgid "ldap_network_timeout (integer)" msgid "ldap_network_timeout" msgstr "ldap_network_timeout (enter)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3847 +#: sssd.conf.5.xml:3848 #, fuzzy #| msgid "ldap_opt_timeout (integer)" msgid "ldap_opt_timeout" msgstr "ldap_opt_timeout (enter)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3850 +#: sssd.conf.5.xml:3851 #, fuzzy #| msgid "ldap_connection_expire_timeout (integer)" msgid "ldap_offline_timeout" msgstr "ldap_connection_expire_timeout (enter)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3853 +#: sssd.conf.5.xml:3854 #, fuzzy #| msgid "ldap_enumeration_refresh_timeout (integer)" msgid "ldap_enumeration_refresh_timeout" msgstr "ldap_enumeration_refresh_timeout (enter)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3856 +#: sssd.conf.5.xml:3857 #, fuzzy #| msgid "ldap_enumeration_refresh_timeout (integer)" msgid "ldap_enumeration_refresh_offset" msgstr "ldap_enumeration_refresh_timeout (enter)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3859 +#: sssd.conf.5.xml:3860 msgid "ldap_purge_cache_timeout" msgstr "ldap_purge_cache_timeout" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3862 +#: sssd.conf.5.xml:3863 #, fuzzy #| msgid "ldap_purge_cache_timeout" msgid "ldap_purge_cache_offset" msgstr "ldap_purge_cache_timeout" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3865 +#: sssd.conf.5.xml:3866 msgid "" "ldap_krb5_keytab (the value of krb5_keytab will be used if ldap_krb5_keytab " "is not set explicitly)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3869 +#: sssd.conf.5.xml:3870 #, fuzzy #| msgid "ldap_krb5_ticket_lifetime (integer)" msgid "ldap_krb5_ticket_lifetime" msgstr "ldap_krb5_ticket_lifetime (enter)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3872 +#: sssd.conf.5.xml:3873 #, fuzzy #| msgid "ldap_enumeration_search_timeout (integer)" msgid "ldap_enumeration_search_timeout" msgstr "ldap_enumeration_search_timeout (enter)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3875 +#: sssd.conf.5.xml:3876 #, fuzzy #| msgid "ldap_connection_expire_timeout (integer)" msgid "ldap_connection_expire_timeout" msgstr "ldap_connection_expire_timeout (enter)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3878 +#: sssd.conf.5.xml:3879 #, fuzzy #| msgid "ldap_connection_expire_timeout (integer)" msgid "ldap_connection_expire_offset" msgstr "ldap_connection_expire_timeout (enter)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3881 +#: sssd.conf.5.xml:3882 #, fuzzy #| msgid "ldap_connection_expire_timeout (integer)" msgid "ldap_connection_idle_timeout" msgstr "ldap_connection_expire_timeout (enter)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3884 sssd-ldap.5.xml:400 +#: sssd.conf.5.xml:3885 sssd-ldap.5.xml:400 msgid "ldap_use_tokengroups" msgstr "ldap_use_tokengroups" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3887 +#: sssd.conf.5.xml:3888 msgid "ldap_user_principal" msgstr "ldap_user_principal" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3890 +#: sssd.conf.5.xml:3891 msgid "ignore_group_members" msgstr "ignore_group_members" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3893 +#: sssd.conf.5.xml:3894 msgid "auto_private_groups" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3896 +#: sssd.conf.5.xml:3897 #, fuzzy #| msgid "case_sensitive (string)" msgid "case_sensitive" msgstr "case_sensitive (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:3901 +#: sssd.conf.5.xml:3902 #, no-wrap msgid "" "subdomain_inherit = ldap_purge_cache_timeout\n" @@ -4774,27 +4774,27 @@ msgstr "" " " #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3908 +#: sssd.conf.5.xml:3909 msgid "Note: This option only works with the IPA and AD provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3915 +#: sssd.conf.5.xml:3916 msgid "subdomain_homedir (string)" msgstr "subdomain_homedir (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3926 +#: sssd.conf.5.xml:3927 msgid "%F" msgstr "%F" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3927 +#: sssd.conf.5.xml:3928 msgid "flat (NetBIOS) name of a subdomain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3918 +#: sssd.conf.5.xml:3919 msgid "" "Use this homedir as default value for all subdomains within this domain in " "IPA AD trust. See <emphasis>override_homedir</emphasis> for info about " @@ -4804,34 +4804,34 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3932 +#: sssd.conf.5.xml:3933 msgid "" "The value can be overridden by <emphasis>override_homedir</emphasis> option." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3936 +#: sssd.conf.5.xml:3937 msgid "Default: <filename>/home/%d/%u</filename>" msgstr "Per defecte: <filename>/home/%d/%u</filename>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3941 +#: sssd.conf.5.xml:3942 msgid "realmd_tags (string)" msgstr "realmd_tags (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3944 +#: sssd.conf.5.xml:3945 msgid "" "Various tags stored by the realmd configuration service for this domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3950 +#: sssd.conf.5.xml:3951 msgid "cached_auth_timeout (int)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3953 +#: sssd.conf.5.xml:3954 msgid "" "Specifies time in seconds since last successful online authentication for " "which user will be authenticated using cached credentials while SSSD is in " @@ -4840,19 +4840,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3961 +#: sssd.conf.5.xml:3962 msgid "" "This option's value is inherited by all trusted domains. At the moment it is " "not possible to set a different value per trusted domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3966 +#: sssd.conf.5.xml:3967 msgid "Special value 0 implies that this feature is disabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3970 +#: sssd.conf.5.xml:3971 msgid "" "Please note that if <quote>cached_auth_timeout</quote> is longer than " "<quote>pam_id_timeout</quote> then the back end could be called to handle " @@ -4860,24 +4860,95 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3981 +#: sssd.conf.5.xml:3982 +#, fuzzy +#| msgid "ldap_pwd_policy (string)" +msgid "local_auth_policy (string)" +msgstr "ldap_pwd_policy (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3985 +msgid "" +"Local authentication methods policy. Some backends (i.e. LDAP, proxy " +"provider) only support a password based authentication, while others can " +"handle PKINIT based Smartcard authentication (AD, IPA), two-factor " +"authentication (IPA), or other methods against a central instance. By " +"default in such cases authentication is only performed with the methods " +"supported by the backend." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3995 +msgid "" +"There are three possible values for this option: match, only, enable. " +"<quote>match</quote> is used to match offline and online states for Kerberos " +"methods. <quote>only</quote> ignores the online methods and only offer the " +"local ones. enable allows explicitly defining the methods for local " +"authentication. As an example, <quote>enable:passkey</quote>, only enables " +"passkey for local authentication. Multiple enable values should be comma-" +"separated, such as <quote>enable:passkey, enable:smartcard</quote>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:4011 +#, no-wrap +msgid "" +"[domain/shadowutils]\n" +"id_provider = proxy\n" +"proxy_lib_name = files\n" +"auth_provider = none\n" +"local_auth_policy = only\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4007 +#, fuzzy +#| msgid "" +#| "The following example shows a minimal idmapd.conf which makes use of the " +#| "sss plugin. <placeholder type=\"programlisting\" id=\"0\"/>" +msgid "" +"The following configuration example allows local users to authenticate " +"locally using any enabled method (i.e. smartcard, passkey). <placeholder " +"type=\"programlisting\" id=\"0\"/>" +msgstr "" +"En el següent exemple es mostra un idmapd.conf mínim que fa ús del connector " +"sss. <placeholder type=\"programlisting\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4019 +#, fuzzy +#| msgid "These options can be used to configure the InfoPipe responder." +msgid "This option is ignored for the files provider." +msgstr "" +"Es poden utilitzar aquestes opcions per configurar el contestador de " +"l'InfoPipe." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4022 +#, fuzzy +#| msgid "Default: cn" +msgid "Default: match" +msgstr "Per defecte: cn" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4027 msgid "auto_private_groups (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3987 +#: sssd.conf.5.xml:4033 msgid "true" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3990 +#: sssd.conf.5.xml:4036 msgid "" "Create user's private group unconditionally from user's UID number. The GID " "number is ignored in this case." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3994 +#: sssd.conf.5.xml:4040 msgid "" "NOTE: Because the GID number and the user private group are inferred from " "the UID number, it is not supported to have multiple entries with the same " @@ -4886,24 +4957,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4003 +#: sssd.conf.5.xml:4049 msgid "false" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4006 +#: sssd.conf.5.xml:4052 msgid "" "Always use the user's primary GID number. The GID number must refer to a " "group object in the LDAP database." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4012 +#: sssd.conf.5.xml:4058 msgid "hybrid" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4015 +#: sssd.conf.5.xml:4061 msgid "" "A primary group is autogenerated for user entries whose UID and GID numbers " "have the same value and at the same time the GID number does not correspond " @@ -4913,14 +4984,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4028 +#: sssd.conf.5.xml:4074 msgid "" "If the UID and GID of a user are different, then the GID must correspond to " "a group entry, otherwise the GID is simply not resolvable." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4035 +#: sssd.conf.5.xml:4081 msgid "" "This feature is useful for environments that wish to stop maintaining a " "separate group objects for the user private groups, but also wish to retain " @@ -4928,21 +4999,21 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3984 +#: sssd.conf.5.xml:4030 msgid "" "This option takes any of three available values: <placeholder " "type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4047 +#: sssd.conf.5.xml:4093 msgid "" "For subdomains, the default value is False for subdomains that use assigned " "POSIX IDs and True for subdomains that use automatic ID-mapping." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:4055 +#: sssd.conf.5.xml:4101 #, no-wrap msgid "" "[domain/forest.domain/sub.domain]\n" @@ -4950,7 +5021,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:4061 +#: sssd.conf.5.xml:4107 #, no-wrap msgid "" "[domain/forest.domain]\n" @@ -4959,7 +5030,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4052 +#: sssd.conf.5.xml:4098 msgid "" "The value of auto_private_groups can either be set per subdomains in a " "subsection, for example: <placeholder type=\"programlisting\" id=\"0\"/> or " @@ -4968,7 +5039,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:2569 +#: sssd.conf.5.xml:2570 msgid "" "These configuration options can be present in a domain configuration " "section, that is, in a section called <quote>[domain/<replaceable>NAME</" @@ -4979,17 +5050,17 @@ msgstr "" "replaceable>]</quote> <placeholder type=\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4076 +#: sssd.conf.5.xml:4122 msgid "proxy_pam_target (string)" msgstr "proxy_pam_target (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4079 +#: sssd.conf.5.xml:4125 msgid "The proxy target PAM proxies to." msgstr "El servidor intermediari on reenvia PAM." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4082 +#: sssd.conf.5.xml:4128 msgid "" "Default: not set by default, you have to take an existing pam configuration " "or create a new one and add the service name here." @@ -4998,12 +5069,12 @@ msgstr "" "de pam existent o crear-ne una de nova i afegir aquí el nom del servei." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4090 +#: sssd.conf.5.xml:4136 msgid "proxy_lib_name (string)" msgstr "proxy_lib_name (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4093 +#: sssd.conf.5.xml:4139 msgid "" "The name of the NSS library to use in proxy domains. The NSS functions " "searched for in the library are in the form of _nss_$(libName)_$(function), " @@ -5014,12 +5085,12 @@ msgstr "" "format _nss_$(libName)_$(function), per exemple _nss_files_getpwent." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4103 +#: sssd.conf.5.xml:4149 msgid "proxy_resolver_lib_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4106 +#: sssd.conf.5.xml:4152 msgid "" "The name of the NSS library to use for hosts and networks lookups in proxy " "domains. The NSS functions searched for in the library are in the form of " @@ -5027,12 +5098,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4117 +#: sssd.conf.5.xml:4163 msgid "proxy_fast_alias (boolean)" msgstr "proxy_fast_alias (booleà)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4120 +#: sssd.conf.5.xml:4166 msgid "" "When a user or group is looked up by name in the proxy provider, a second " "lookup by ID is performed to \"canonicalize\" the name in case the requested " @@ -5041,12 +5112,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4134 +#: sssd.conf.5.xml:4180 msgid "proxy_max_children (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4137 +#: sssd.conf.5.xml:4183 msgid "" "This option specifies the number of pre-forked proxy children. It is useful " "for high-load SSSD environments where sssd may run out of available child " @@ -5054,7 +5125,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4072 +#: sssd.conf.5.xml:4118 msgid "" "Options valid for proxy domains. <placeholder type=\"variablelist\" " "id=\"0\"/>" @@ -5063,12 +5134,12 @@ msgstr "" "type=\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:4153 +#: sssd.conf.5.xml:4199 msgid "Application domains" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4155 +#: sssd.conf.5.xml:4201 msgid "" "SSSD, with its D-Bus interface (see <citerefentry> <refentrytitle>sssd-ifp</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry>) is appealing to " @@ -5085,7 +5156,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4175 +#: sssd.conf.5.xml:4221 msgid "" "Please note that the application domain must still be explicitly enabled in " "the <quote>domains</quote> parameter so that the lookup order between the " @@ -5093,17 +5164,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> -#: sssd.conf.5.xml:4181 +#: sssd.conf.5.xml:4227 msgid "Application domain parameters" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4183 +#: sssd.conf.5.xml:4229 msgid "inherit_from (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4186 +#: sssd.conf.5.xml:4232 msgid "" "The SSSD POSIX-type domain the application domain inherits all settings " "from. The application domain can moreover add its own settings to the " @@ -5112,7 +5183,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4200 +#: sssd.conf.5.xml:4246 msgid "" "The following example illustrates the use of an application domain. In this " "setup, the POSIX domain is connected to an LDAP server and is used by the OS " @@ -5122,7 +5193,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><programlisting> -#: sssd.conf.5.xml:4208 +#: sssd.conf.5.xml:4254 #, no-wrap msgid "" "[sssd]\n" @@ -5142,12 +5213,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4228 +#: sssd.conf.5.xml:4274 msgid "TRUSTED DOMAIN SECTION" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4230 +#: sssd.conf.5.xml:4276 msgid "" "Some options used in the domain section can also be used in the trusted " "domain section, that is, in a section called <quote>[domain/" @@ -5158,69 +5229,69 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4237 +#: sssd.conf.5.xml:4283 msgid "ldap_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4238 +#: sssd.conf.5.xml:4284 msgid "ldap_user_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4239 +#: sssd.conf.5.xml:4285 msgid "ldap_group_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4240 +#: sssd.conf.5.xml:4286 msgid "ldap_netgroup_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4241 +#: sssd.conf.5.xml:4287 msgid "ldap_service_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4242 +#: sssd.conf.5.xml:4288 msgid "ldap_sasl_mech," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4243 +#: sssd.conf.5.xml:4289 msgid "ad_server," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4244 +#: sssd.conf.5.xml:4290 msgid "ad_backup_server," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4245 +#: sssd.conf.5.xml:4291 msgid "ad_site," msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4246 sssd-ipa.5.xml:879 +#: sssd.conf.5.xml:4292 sssd-ipa.5.xml:879 msgid "use_fully_qualified_names" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4250 +#: sssd.conf.5.xml:4296 msgid "" "For more details about these options see their individual description in the " "manual page." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4256 +#: sssd.conf.5.xml:4302 msgid "CERTIFICATE MAPPING SECTION" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4258 +#: sssd.conf.5.xml:4304 msgid "" "To allow authentication with Smartcards and certificates SSSD must be able " "to map certificates to users. This can be done by adding the full " @@ -5233,7 +5304,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4272 +#: sssd.conf.5.xml:4318 msgid "" "To make the mapping more flexible mapping and matching rules were added to " "SSSD (see <citerefentry> <refentrytitle>sss-certmap</refentrytitle> " @@ -5241,7 +5312,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4281 +#: sssd.conf.5.xml:4327 msgid "" "A mapping and matching rule can be added to the SSSD configuration in a " "section on its own with a name like <quote>[certmap/" @@ -5250,55 +5321,55 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4288 +#: sssd.conf.5.xml:4334 msgid "matchrule (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4291 +#: sssd.conf.5.xml:4337 msgid "" "Only certificates from the Smartcard which matches this rule will be " "processed, all others are ignored." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4295 +#: sssd.conf.5.xml:4341 msgid "" "Default: KRB5:<EKU>clientAuth, i.e. only certificates which have the " "Extended Key Usage <quote>clientAuth</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4302 +#: sssd.conf.5.xml:4348 msgid "maprule (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4305 +#: sssd.conf.5.xml:4351 msgid "Defines how the user is found for a given certificate." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4311 +#: sssd.conf.5.xml:4357 msgid "" "LDAP:(userCertificate;binary={cert!bin}) for LDAP based providers like " "<quote>ldap</quote>, <quote>AD</quote> or <quote>ipa</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4317 +#: sssd.conf.5.xml:4363 msgid "" "The RULE_NAME for the <quote>files</quote> provider which tries to find a " "user with the same name." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4326 +#: sssd.conf.5.xml:4372 msgid "domains (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4329 +#: sssd.conf.5.xml:4375 msgid "" "Comma separated list of domain names the rule should be applied. By default " "a rule is only valid in the domain configured in sssd.conf. If the provider " @@ -5307,17 +5378,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4336 +#: sssd.conf.5.xml:4382 msgid "Default: the configured domain in sssd.conf" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4341 +#: sssd.conf.5.xml:4387 msgid "priority (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4344 +#: sssd.conf.5.xml:4390 msgid "" "Unsigned integer value defining the priority of the rule. The higher the " "number the lower the priority. <quote>0</quote> stands for the highest " @@ -5325,26 +5396,26 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4350 +#: sssd.conf.5.xml:4396 msgid "Default: the lowest priority" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4356 +#: sssd.conf.5.xml:4402 msgid "" "To make the configuration simple and reduce the amount of configuration " "options the <quote>files</quote> provider has some special properties:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4362 +#: sssd.conf.5.xml:4408 msgid "" "if maprule is not set the RULE_NAME name is assumed to be the name of the " "matching user" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4368 +#: sssd.conf.5.xml:4414 msgid "" "if a maprule is used both a single user name or a template like " "<quote>{subject_rfc822_name.short_name}</quote> must be in braces like e.g. " @@ -5353,17 +5424,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4377 +#: sssd.conf.5.xml:4423 msgid "the <quote>domains</quote> option is ignored" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4385 +#: sssd.conf.5.xml:4431 msgid "PROMPTING CONFIGURATION SECTION" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4387 +#: sssd.conf.5.xml:4433 msgid "" "If a special file (<filename>/var/lib/sss/pubconf/pam_preauth_available</" "filename>) exists SSSD's PAM module pam_sss will ask SSSD to figure out " @@ -5373,7 +5444,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4395 +#: sssd.conf.5.xml:4441 msgid "" "With the growing number of authentication methods and the possibility that " "there are multiple ones for a single user the heuristic used by pam_sss to " @@ -5382,59 +5453,59 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4407 +#: sssd.conf.5.xml:4453 msgid "[prompting/password]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4410 +#: sssd.conf.5.xml:4456 msgid "password_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4411 +#: sssd.conf.5.xml:4457 msgid "to change the string of the password prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4409 +#: sssd.conf.5.xml:4455 msgid "" "to configure password prompting, allowed options are: <placeholder " "type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4419 +#: sssd.conf.5.xml:4465 msgid "[prompting/2fa]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4423 +#: sssd.conf.5.xml:4469 msgid "first_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4424 +#: sssd.conf.5.xml:4470 msgid "to change the string of the prompt for the first factor" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4427 +#: sssd.conf.5.xml:4473 msgid "second_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4428 +#: sssd.conf.5.xml:4474 msgid "to change the string of the prompt for the second factor" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4431 +#: sssd.conf.5.xml:4477 msgid "single_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4432 +#: sssd.conf.5.xml:4478 msgid "" "boolean value, if True there will be only a single prompt using the value of " "first_prompt where it is expected that both factors are entered as a single " @@ -5443,7 +5514,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4421 +#: sssd.conf.5.xml:4467 msgid "" "to configure two-factor authentication prompting, allowed options are: " "<placeholder type=\"variablelist\" id=\"0\"/> If the second factor is " @@ -5452,17 +5523,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4449 +#: sssd.conf.5.xml:4495 msgid "[prompting/passkey]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4455 sssd-ad.5.xml:1021 +#: sssd.conf.5.xml:4501 sssd-ad.5.xml:1021 msgid "interactive" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4457 +#: sssd.conf.5.xml:4503 msgid "" "boolean value, if True prompt a message and wait before testing the presence " "of a passkey device. Recommended if your device doesn’t have a tactile " @@ -5470,39 +5541,39 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4465 +#: sssd.conf.5.xml:4511 msgid "interactive_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4467 +#: sssd.conf.5.xml:4513 msgid "to change the message of the interactive prompt." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4472 +#: sssd.conf.5.xml:4518 msgid "touch" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4474 +#: sssd.conf.5.xml:4520 msgid "" "boolean value, if True prompt a message to remind the user to touch the " "device." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4480 +#: sssd.conf.5.xml:4526 msgid "touch_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4482 +#: sssd.conf.5.xml:4528 msgid "to change the message of the touch prompt." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4451 +#: sssd.conf.5.xml:4497 #, fuzzy #| msgid "" #| "The following expansions are supported: <placeholder " @@ -5515,7 +5586,7 @@ msgstr "" "id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4402 +#: sssd.conf.5.xml:4448 msgid "" "Each supported authentication method has its own configuration subsection " "under <quote>[prompting/...]</quote>. Currently there are: <placeholder " @@ -5524,7 +5595,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4493 +#: sssd.conf.5.xml:4539 msgid "" "It is possible to add a subsection for specific PAM services, e.g. " "<quote>[prompting/password/sshd]</quote> to individual change the prompting " @@ -5532,12 +5603,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4500 pam_sss_gss.8.xml:157 idmap_sss.8.xml:43 +#: sssd.conf.5.xml:4546 pam_sss_gss.8.xml:157 idmap_sss.8.xml:43 msgid "EXAMPLES" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4506 +#: sssd.conf.5.xml:4552 #, no-wrap msgid "" "[sssd]\n" @@ -5591,7 +5662,7 @@ msgstr "" "enumerate = False\n" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4502 +#: sssd.conf.5.xml:4548 msgid "" "1. The following example shows a typical SSSD config. It does not describe " "configuration of the domains themselves - refer to documentation on " @@ -5600,7 +5671,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4539 +#: sssd.conf.5.xml:4585 #, no-wrap msgid "" "[domain/ipa.com/child.ad.com]\n" @@ -5608,7 +5679,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4533 +#: sssd.conf.5.xml:4579 msgid "" "2. The following example shows configuration of IPA AD trust where the AD " "forest consists of two domains in a parent-child structure. Suppose IPA " @@ -5619,7 +5690,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4550 +#: sssd.conf.5.xml:4596 #, no-wrap msgid "" "[certmap/my.domain/rule_name]\n" @@ -5630,7 +5701,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4544 +#: sssd.conf.5.xml:4590 msgid "" "3. The following example shows the configuration of a certificate mapping " "rule. It is valid for the configured domain <quote>my.domain</quote> and " @@ -18249,7 +18320,7 @@ msgstr "" #: include/ldap_id_mapping.xml:235 msgid "" "When this option is configured, domains will be allocated starting with " -"slice zero and increasing monatomically with each additional domain." +"slice zero and increasing monotonically with each additional domain." msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> diff --git a/src/man/po/cs.po b/src/man/po/cs.po index dbf3502ec4e..9c9cce291be 100644 --- a/src/man/po/cs.po +++ b/src/man/po/cs.po @@ -10,7 +10,7 @@ msgid "" msgstr "" "Project-Id-Version: sssd-docs 2.3.0\n" "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" -"POT-Creation-Date: 2023-05-05 10:09+0200\n" +"POT-Creation-Date: 2023-09-07 11:47+0200\n" "PO-Revision-Date: 2022-05-20 09:18+0000\n" "Last-Translator: Pavel Borecki <pavel.borecki@gmail.com>\n" "Language-Team: Czech <https://translate.fedoraproject.org/projects/sssd/sssd-" @@ -223,8 +223,8 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:136 sssd.conf.5.xml:173 sssd.conf.5.xml:358 -#: sssd.conf.5.xml:714 sssd.conf.5.xml:729 sssd.conf.5.xml:951 -#: sssd.conf.5.xml:1069 sssd.conf.5.xml:2197 sssd-ldap.5.xml:1071 +#: sssd.conf.5.xml:714 sssd.conf.5.xml:729 sssd.conf.5.xml:952 +#: sssd.conf.5.xml:1070 sssd.conf.5.xml:2198 sssd-ldap.5.xml:1071 #: sssd-ldap.5.xml:1174 sssd-ldap.5.xml:1243 sssd-ldap.5.xml:1750 #: sssd-ldap.5.xml:1815 sssd-ipa.5.xml:342 sssd-ad.5.xml:252 sssd-ad.5.xml:366 #: sssd-ad.5.xml:1200 sssd-ad.5.xml:1348 sssd-krb5.5.xml:358 @@ -244,8 +244,8 @@ msgid "" msgstr "" #. type: Content of: <variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:149 sssd.conf.5.xml:652 sssd.conf.5.xml:948 -#: sssd.conf.5.xml:2100 sssd.conf.5.xml:2167 sssd.conf.5.xml:4128 +#: sssd.conf.5.xml:149 sssd.conf.5.xml:652 sssd.conf.5.xml:949 +#: sssd.conf.5.xml:2101 sssd.conf.5.xml:2168 sssd.conf.5.xml:4174 #: sssd-ldap.5.xml:312 sssd-ldap.5.xml:917 sssd-ldap.5.xml:936 #: sssd-ldap.5.xml:1146 sssd-ldap.5.xml:1599 sssd-ldap.5.xml:1839 #: sssd-ipa.5.xml:152 sssd-ipa.5.xml:254 sssd-ipa.5.xml:657 sssd-ad.5.xml:1106 @@ -313,8 +313,8 @@ msgid "" msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:196 sssd.conf.5.xml:1289 sssd.conf.5.xml:1766 -#: sssd.conf.5.xml:4144 sssd-ldap.5.xml:765 include/ldap_id_mapping.xml:270 +#: sssd.conf.5.xml:196 sssd.conf.5.xml:1290 sssd.conf.5.xml:1767 +#: sssd.conf.5.xml:4190 sssd-ldap.5.xml:765 include/ldap_id_mapping.xml:270 msgid "Default: 10" msgstr "" @@ -380,19 +380,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:258 sssd.conf.5.xml:783 +#: sssd.conf.5.xml:258 sssd.conf.5.xml:784 msgid "reconnection_retries (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:261 sssd.conf.5.xml:786 +#: sssd.conf.5.xml:261 sssd.conf.5.xml:787 msgid "" "Number of times services should attempt to reconnect in the event of a Data " "Provider crash or restart before they give up" msgstr "" #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:266 sssd.conf.5.xml:791 sssd.conf.5.xml:3708 +#: sssd.conf.5.xml:266 sssd.conf.5.xml:792 sssd.conf.5.xml:3709 #: include/failover.xml:100 msgid "Default: 3" msgstr "Výchozí: 3" @@ -414,7 +414,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:287 sssd.conf.5.xml:3540 +#: sssd.conf.5.xml:287 sssd.conf.5.xml:3541 msgid "re_expression (string)" msgstr "" @@ -434,12 +434,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:304 sssd.conf.5.xml:3597 +#: sssd.conf.5.xml:304 sssd.conf.5.xml:3598 msgid "full_name_format (string)" msgstr "full_name_format (řetězec)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:307 sssd.conf.5.xml:3600 +#: sssd.conf.5.xml:307 sssd.conf.5.xml:3601 msgid "" "A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</" "manvolnum> </citerefentry>-compatible format that describes how to compose a " @@ -447,39 +447,39 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:318 sssd.conf.5.xml:3611 +#: sssd.conf.5.xml:318 sssd.conf.5.xml:3612 msgid "%1$s" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:319 sssd.conf.5.xml:3612 +#: sssd.conf.5.xml:319 sssd.conf.5.xml:3613 msgid "user name" msgstr "uživatelské jméno" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:322 sssd.conf.5.xml:3615 +#: sssd.conf.5.xml:322 sssd.conf.5.xml:3616 msgid "%2$s" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:325 sssd.conf.5.xml:3618 +#: sssd.conf.5.xml:325 sssd.conf.5.xml:3619 msgid "domain name as specified in the SSSD config file." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:331 sssd.conf.5.xml:3624 +#: sssd.conf.5.xml:331 sssd.conf.5.xml:3625 msgid "%3$s" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:334 sssd.conf.5.xml:3627 +#: sssd.conf.5.xml:334 sssd.conf.5.xml:3628 msgid "" "domain flat name. Mostly usable for Active Directory domains, both directly " "configured or discovered via IPA trusts." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:315 sssd.conf.5.xml:3608 +#: sssd.conf.5.xml:315 sssd.conf.5.xml:3609 msgid "" "The following expansions are supported: <placeholder type=\"variablelist\" " "id=\"0\"/>" @@ -897,7 +897,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:700 sssd.conf.5.xml:1790 sssd.conf.5.xml:4194 +#: sssd.conf.5.xml:700 sssd.conf.5.xml:1791 sssd.conf.5.xml:4240 #: sssd-ad.5.xml:187 sssd-ad.5.xml:327 sssd-ad.5.xml:341 msgid "Default: Not set" msgstr "" @@ -942,11 +942,11 @@ msgstr "" #: sssd.conf.5.xml:744 msgid "" "Enable or disable the user verification (i.e. PIN, fingerprint) during " -"authentication." +"authentication. If enabled, the PIN will always be requested." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:749 +#: sssd.conf.5.xml:750 msgid "" "The default is that the key settings decide what to do. In the IPA or " "kerberos pre-authentication case, this value will be overwritten by the " @@ -973,12 +973,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:768 +#: sssd.conf.5.xml:769 msgid "SERVICES SECTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:770 +#: sssd.conf.5.xml:771 msgid "" "Settings that can be used to configure different services are described in " "this section. They should reside in the [<replaceable>$NAME</replaceable>] " @@ -987,22 +987,22 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:777 +#: sssd.conf.5.xml:778 msgid "General service configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:779 +#: sssd.conf.5.xml:780 msgid "These options can be used to configure any service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:796 +#: sssd.conf.5.xml:797 msgid "fd_limit" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:799 +#: sssd.conf.5.xml:800 msgid "" "This option specifies the maximum number of file descriptors that may be " "opened at one time by this SSSD process. On systems where SSSD is granted " @@ -1012,17 +1012,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:808 +#: sssd.conf.5.xml:809 msgid "Default: 8192 (or limits.conf \"hard\" limit)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:813 +#: sssd.conf.5.xml:814 msgid "client_idle_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:816 +#: sssd.conf.5.xml:817 msgid "" "This option specifies the number of seconds that a client of an SSSD process " "can hold onto a file descriptor without communicating on it. This value is " @@ -1032,19 +1032,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:825 +#: sssd.conf.5.xml:826 #, fuzzy #| msgid "Default: 200000" msgid "Default: 60, KCM: 300" msgstr "Výchozí: 200000" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:830 +#: sssd.conf.5.xml:831 msgid "offline_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:833 +#: sssd.conf.5.xml:834 msgid "" "When SSSD switches to offline mode the amount of time before it tries to go " "back online will increase based upon the time spent disconnected. By " @@ -1055,14 +1055,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:844 sssd.conf.5.xml:900 +#: sssd.conf.5.xml:845 sssd.conf.5.xml:901 msgid "" "new_delay = Minimum(old_delay * 2, offline_timeout_max) + random[0..." "offline_timeout_random_offset]" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:847 +#: sssd.conf.5.xml:848 msgid "" "The offline_timeout default value is 60. The offline_timeout_max default " "value is 3600. The offline_timeout_random_offset default value is 30. The " @@ -1070,46 +1070,46 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:853 +#: sssd.conf.5.xml:854 msgid "" "Note that the maximum length of each interval is defined by " "offline_timeout_max (apart of random part)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:857 sssd.conf.5.xml:1200 sssd.conf.5.xml:1583 -#: sssd.conf.5.xml:1879 sssd-ldap.5.xml:494 +#: sssd.conf.5.xml:858 sssd.conf.5.xml:1201 sssd.conf.5.xml:1584 +#: sssd.conf.5.xml:1880 sssd-ldap.5.xml:494 msgid "Default: 60" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:862 +#: sssd.conf.5.xml:863 #, fuzzy #| msgid "ldap_idmap_range_max (integer)" msgid "offline_timeout_max (integer)" msgstr "ldap_idmap_range_max (celé číslo)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:865 +#: sssd.conf.5.xml:866 msgid "" "Controls by how much the time between attempts to go online can be " "incremented following unsuccessful attempts to go online." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:870 +#: sssd.conf.5.xml:871 msgid "A value of 0 disables the incrementing behaviour." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:873 +#: sssd.conf.5.xml:874 msgid "" "The value of this parameter should be set in correlation to offline_timeout " "parameter value." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:877 +#: sssd.conf.5.xml:878 msgid "" "With offline_timeout set to 60 (default value) there is no point in setting " "offlinet_timeout_max to less than 120 as it will saturate instantly. General " @@ -1118,64 +1118,64 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:883 +#: sssd.conf.5.xml:884 msgid "" "Although a value between 0 and offline_timeout may be specified, it has the " "effect of overriding the offline_timeout value so is of little use." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:888 +#: sssd.conf.5.xml:889 #, fuzzy #| msgid "Default: 200000" msgid "Default: 3600" msgstr "Výchozí: 200000" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:893 +#: sssd.conf.5.xml:894 #, fuzzy #| msgid "ldap_idmap_range_size (integer)" msgid "offline_timeout_random_offset (integer)" msgstr "ldap_idmap_range_size (celé číslo)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:896 +#: sssd.conf.5.xml:897 msgid "" "When SSSD is in offline mode it keeps probing backend servers in specified " "time intervals:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:903 +#: sssd.conf.5.xml:904 msgid "" "This parameter controls the value of the random offset used for the above " "equation. Final random_offset value will be random number in range:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:908 +#: sssd.conf.5.xml:909 msgid "[0 - offline_timeout_random_offset]" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:911 +#: sssd.conf.5.xml:912 msgid "A value of 0 disables the random offset addition." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:914 +#: sssd.conf.5.xml:915 #, fuzzy #| msgid "Default: 200000" msgid "Default: 30" msgstr "Výchozí: 200000" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:919 +#: sssd.conf.5.xml:920 msgid "responder_idle_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:922 +#: sssd.conf.5.xml:923 msgid "" "This option specifies the number of seconds that an SSSD responder process " "can be up without being used. This value is limited in order to avoid " @@ -1187,58 +1187,58 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:936 sssd.conf.5.xml:1213 sssd.conf.5.xml:2321 +#: sssd.conf.5.xml:937 sssd.conf.5.xml:1214 sssd.conf.5.xml:2322 #: sssd-ldap.5.xml:331 msgid "Default: 300" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:941 +#: sssd.conf.5.xml:942 msgid "cache_first" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:944 +#: sssd.conf.5.xml:945 msgid "" "This option specifies whether the responder should query all caches before " "querying the Data Providers." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:959 +#: sssd.conf.5.xml:960 msgid "NSS configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:961 +#: sssd.conf.5.xml:962 msgid "" "These options can be used to configure the Name Service Switch (NSS) service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:966 +#: sssd.conf.5.xml:967 msgid "enum_cache_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:969 +#: sssd.conf.5.xml:970 msgid "" "How many seconds should nss_sss cache enumerations (requests for info about " "all users)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:973 +#: sssd.conf.5.xml:974 msgid "Default: 120" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:978 +#: sssd.conf.5.xml:979 msgid "entry_cache_nowait_percentage (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:981 +#: sssd.conf.5.xml:982 msgid "" "The entry cache can be set to automatically update entries in the background " "if they are requested beyond a percentage of the entry_cache_timeout value " @@ -1249,7 +1249,7 @@ msgstr "" "doménu." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:987 +#: sssd.conf.5.xml:988 msgid "" "For example, if the domain's entry_cache_timeout is set to 30s and " "entry_cache_nowait_percentage is set to 50 (percent), entries that come in " @@ -1259,7 +1259,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:997 +#: sssd.conf.5.xml:998 msgid "" "Valid values for this option are 0-99 and represent a percentage of the " "entry_cache_timeout for each domain. For performance reasons, this " @@ -1268,17 +1268,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1005 sssd.conf.5.xml:2121 +#: sssd.conf.5.xml:1006 sssd.conf.5.xml:2122 msgid "Default: 50" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1010 +#: sssd.conf.5.xml:1011 msgid "entry_negative_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1013 +#: sssd.conf.5.xml:1014 msgid "" "Specifies for how many seconds nss_sss should cache negative cache hits " "(that is, queries for invalid database entries, like nonexistent ones) " @@ -1286,17 +1286,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1019 sssd.conf.5.xml:1778 sssd.conf.5.xml:2145 +#: sssd.conf.5.xml:1020 sssd.conf.5.xml:1779 sssd.conf.5.xml:2146 msgid "Default: 15" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1024 +#: sssd.conf.5.xml:1025 msgid "local_negative_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1027 +#: sssd.conf.5.xml:1028 msgid "" "Specifies for how many seconds nss_sss should keep local users and groups in " "negative cache before trying to look it up in the back end again. Setting " @@ -1304,17 +1304,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1033 +#: sssd.conf.5.xml:1034 msgid "Default: 14400 (4 hours)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1038 +#: sssd.conf.5.xml:1039 msgid "filter_users, filter_groups (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1041 +#: sssd.conf.5.xml:1042 msgid "" "Exclude certain users or groups from being fetched from the sss NSS " "database. This is particularly useful for system accounts. This option can " @@ -1323,7 +1323,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1049 +#: sssd.conf.5.xml:1050 msgid "" "NOTE: The filter_groups option doesn't affect inheritance of nested group " "members, since filtering happens after they are propagated for returning via " @@ -1332,41 +1332,41 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1057 +#: sssd.conf.5.xml:1058 msgid "Default: root" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1062 +#: sssd.conf.5.xml:1063 msgid "filter_users_in_groups (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1065 +#: sssd.conf.5.xml:1066 msgid "" "If you want filtered user still be group members set this option to false." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1076 +#: sssd.conf.5.xml:1077 msgid "fallback_homedir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1079 +#: sssd.conf.5.xml:1080 msgid "" "Set a default template for a user's home directory if one is not specified " "explicitly by the domain's data provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1084 +#: sssd.conf.5.xml:1085 msgid "" "The available values for this option are the same as for override_homedir." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1090 +#: sssd.conf.5.xml:1091 #, no-wrap msgid "" "fallback_homedir = /home/%u\n" @@ -1374,23 +1374,23 @@ msgid "" msgstr "" #. type: Content of: <varlistentry><listitem><para> -#: sssd.conf.5.xml:1088 sssd.conf.5.xml:1650 sssd.conf.5.xml:1669 -#: sssd.conf.5.xml:1746 sssd-krb5.5.xml:451 include/override_homedir.xml:66 +#: sssd.conf.5.xml:1089 sssd.conf.5.xml:1651 sssd.conf.5.xml:1670 +#: sssd.conf.5.xml:1747 sssd-krb5.5.xml:451 include/override_homedir.xml:66 msgid "example: <placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1094 +#: sssd.conf.5.xml:1095 msgid "Default: not set (no substitution for unset home directories)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1100 +#: sssd.conf.5.xml:1101 msgid "override_shell (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1103 +#: sssd.conf.5.xml:1104 msgid "" "Override the login shell for all users. This option supersedes any other " "shell options if it takes effect and can be set either in the [nss] section " @@ -1398,47 +1398,47 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1109 +#: sssd.conf.5.xml:1110 msgid "Default: not set (SSSD will use the value retrieved from LDAP)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1115 +#: sssd.conf.5.xml:1116 msgid "allowed_shells (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1118 +#: sssd.conf.5.xml:1119 msgid "" "Restrict user shell to one of the listed values. The order of evaluation is:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1121 +#: sssd.conf.5.xml:1122 msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1125 +#: sssd.conf.5.xml:1126 msgid "" "2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</" "quote>, use the value of the shell_fallback parameter." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1130 +#: sssd.conf.5.xml:1131 msgid "" "3. If the shell is not in the allowed_shells list and not in <quote>/etc/" "shells</quote>, a nologin shell is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1135 +#: sssd.conf.5.xml:1136 msgid "The wildcard (*) can be used to allow any shell." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1138 +#: sssd.conf.5.xml:1139 msgid "" "The (*) is useful if you want to use shell_fallback in case that user's " "shell is not in <quote>/etc/shells</quote> and maintaining list of all " @@ -1446,74 +1446,74 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1145 +#: sssd.conf.5.xml:1146 msgid "An empty string for shell is passed as-is to libc." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1148 +#: sssd.conf.5.xml:1149 msgid "" "The <quote>/etc/shells</quote> is only read on SSSD start up, which means " "that a restart of the SSSD is required in case a new shell is installed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1152 +#: sssd.conf.5.xml:1153 msgid "Default: Not set. The user shell is automatically used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1157 +#: sssd.conf.5.xml:1158 msgid "vetoed_shells (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1160 +#: sssd.conf.5.xml:1161 msgid "Replace any instance of these shells with the shell_fallback" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1165 +#: sssd.conf.5.xml:1166 msgid "shell_fallback (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1168 +#: sssd.conf.5.xml:1169 msgid "" "The default shell to use if an allowed shell is not installed on the machine." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1172 +#: sssd.conf.5.xml:1173 msgid "Default: /bin/sh" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1177 +#: sssd.conf.5.xml:1178 msgid "default_shell" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1180 +#: sssd.conf.5.xml:1181 msgid "" "The default shell to use if the provider does not return one during lookup. " "This option can be specified globally in the [nss] section or per-domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1186 +#: sssd.conf.5.xml:1187 msgid "" "Default: not set (Return NULL if no shell is specified and rely on libc to " "substitute something sensible when necessary, usually /bin/sh)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1193 sssd.conf.5.xml:1576 +#: sssd.conf.5.xml:1194 sssd.conf.5.xml:1577 msgid "get_domains_timeout (int)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1196 sssd.conf.5.xml:1579 +#: sssd.conf.5.xml:1197 sssd.conf.5.xml:1580 msgid "" "Specifies time in seconds for which the list of subdomains will be " "considered valid." @@ -1522,39 +1522,39 @@ msgstr "" "platný." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1205 +#: sssd.conf.5.xml:1206 msgid "memcache_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1208 +#: sssd.conf.5.xml:1209 msgid "" "Specifies time in seconds for which records in the in-memory cache will be " "valid. Setting this option to zero will disable the in-memory cache." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1216 +#: sssd.conf.5.xml:1217 msgid "" "WARNING: Disabling the in-memory cache will have significant negative impact " "on SSSD's performance and should only be used for testing." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1222 sssd.conf.5.xml:1247 sssd.conf.5.xml:1272 -#: sssd.conf.5.xml:1297 sssd.conf.5.xml:1324 +#: sssd.conf.5.xml:1223 sssd.conf.5.xml:1248 sssd.conf.5.xml:1273 +#: sssd.conf.5.xml:1298 sssd.conf.5.xml:1325 msgid "" "NOTE: If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", " "client applications will not use the fast in-memory cache." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1230 +#: sssd.conf.5.xml:1231 msgid "memcache_size_passwd (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1233 +#: sssd.conf.5.xml:1234 msgid "" "Size (in megabytes) of the data table allocated inside fast in-memory cache " "for passwd requests. Setting the size to 0 will disable the passwd in-" @@ -1562,27 +1562,27 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1239 sssd.conf.5.xml:2963 sssd-ldap.5.xml:548 +#: sssd.conf.5.xml:1240 sssd.conf.5.xml:2964 sssd-ldap.5.xml:548 msgid "Default: 8" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1242 sssd.conf.5.xml:1267 sssd.conf.5.xml:1292 -#: sssd.conf.5.xml:1319 +#: sssd.conf.5.xml:1243 sssd.conf.5.xml:1268 sssd.conf.5.xml:1293 +#: sssd.conf.5.xml:1320 msgid "" "WARNING: Disabled or too small in-memory cache can have significant negative " "impact on SSSD's performance." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1255 +#: sssd.conf.5.xml:1256 #, fuzzy #| msgid "ldap_idmap_range_size (integer)" msgid "memcache_size_group (integer)" msgstr "ldap_idmap_range_size (celé číslo)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1258 +#: sssd.conf.5.xml:1259 msgid "" "Size (in megabytes) of the data table allocated inside fast in-memory cache " "for group requests. Setting the size to 0 will disable the group in-memory " @@ -1590,19 +1590,19 @@ msgid "" msgstr "" #. type: Content of: <variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1264 sssd.conf.5.xml:1316 sssd.conf.5.xml:3729 +#: sssd.conf.5.xml:1265 sssd.conf.5.xml:1317 sssd.conf.5.xml:3730 #: sssd-ldap.5.xml:473 sssd-ldap.5.xml:525 include/failover.xml:116 #: include/krb5_options.xml:11 msgid "Default: 6" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1280 +#: sssd.conf.5.xml:1281 msgid "memcache_size_initgroups (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1283 +#: sssd.conf.5.xml:1284 msgid "" "Size (in megabytes) of the data table allocated inside fast in-memory cache " "for initgroups requests. Setting the size to 0 will disable the initgroups " @@ -1610,14 +1610,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1305 +#: sssd.conf.5.xml:1306 #, fuzzy #| msgid "ldap_idmap_range_size (integer)" msgid "memcache_size_sid (integer)" msgstr "ldap_idmap_range_size (celé číslo)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1308 +#: sssd.conf.5.xml:1309 msgid "" "Size (in megabytes) of the data table allocated inside fast in-memory cache " "for SID related requests. Only SID-by-ID and ID-by-SID requests are " @@ -1626,12 +1626,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1332 sssd-ifp.5.xml:90 +#: sssd.conf.5.xml:1333 sssd-ifp.5.xml:90 msgid "user_attributes (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1335 +#: sssd.conf.5.xml:1336 msgid "" "Some of the additional NSS responder requests can return more attributes " "than just the POSIX ones defined by the NSS interface. The list of " @@ -1642,43 +1642,43 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1348 +#: sssd.conf.5.xml:1349 msgid "" "To make configuration more easy the NSS responder will check the InfoPipe " "option if it is not set for the NSS responder." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1353 +#: sssd.conf.5.xml:1354 msgid "Default: not set, fallback to InfoPipe option" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1358 +#: sssd.conf.5.xml:1359 msgid "pwfield (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1361 +#: sssd.conf.5.xml:1362 msgid "" "The value that NSS operations that return users or groups will return for " "the <quote>password</quote> field." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1366 +#: sssd.conf.5.xml:1367 msgid "Default: <quote>*</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1369 +#: sssd.conf.5.xml:1370 msgid "" "Note: This option can also be set per-domain which overwrites the value in " "[nss] section." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1373 +#: sssd.conf.5.xml:1374 msgid "" "Default: <quote>not set</quote> (remote domains), <phrase " "condition=\"with_files_provider\"> <quote>x</quote> (the files domain), </" @@ -1687,60 +1687,60 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:1385 +#: sssd.conf.5.xml:1386 msgid "PAM configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:1387 +#: sssd.conf.5.xml:1388 msgid "" "These options can be used to configure the Pluggable Authentication Module " "(PAM) service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1392 +#: sssd.conf.5.xml:1393 msgid "offline_credentials_expiration (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1395 +#: sssd.conf.5.xml:1396 msgid "" "If the authentication provider is offline, how long should we allow cached " "logins (in days since the last successful online login)." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1400 sssd.conf.5.xml:1413 +#: sssd.conf.5.xml:1401 sssd.conf.5.xml:1414 msgid "Default: 0 (No limit)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1406 +#: sssd.conf.5.xml:1407 msgid "offline_failed_login_attempts (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1409 +#: sssd.conf.5.xml:1410 msgid "" "If the authentication provider is offline, how many failed login attempts " "are allowed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1419 +#: sssd.conf.5.xml:1420 msgid "offline_failed_login_delay (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1422 +#: sssd.conf.5.xml:1423 msgid "" "The time in minutes which has to pass after offline_failed_login_attempts " "has been reached before a new login attempt is possible." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1427 +#: sssd.conf.5.xml:1428 msgid "" "If set to 0 the user cannot authenticate offline if " "offline_failed_login_attempts has been reached. Only a successful online " @@ -1748,59 +1748,59 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1433 sssd.conf.5.xml:1543 +#: sssd.conf.5.xml:1434 sssd.conf.5.xml:1544 msgid "Default: 5" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1439 +#: sssd.conf.5.xml:1440 msgid "pam_verbosity (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1442 +#: sssd.conf.5.xml:1443 msgid "" "Controls what kind of messages are shown to the user during authentication. " "The higher the number to more messages are displayed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1447 +#: sssd.conf.5.xml:1448 msgid "Currently sssd supports the following values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1450 +#: sssd.conf.5.xml:1451 msgid "<emphasis>0</emphasis>: do not show any message" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1453 +#: sssd.conf.5.xml:1454 msgid "<emphasis>1</emphasis>: show only important messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1457 +#: sssd.conf.5.xml:1458 msgid "<emphasis>2</emphasis>: show informational messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1460 +#: sssd.conf.5.xml:1461 msgid "<emphasis>3</emphasis>: show all messages and debug information" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1464 sssd.8.xml:63 +#: sssd.conf.5.xml:1465 sssd.8.xml:63 msgid "Default: 1" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1470 +#: sssd.conf.5.xml:1471 msgid "pam_response_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1473 +#: sssd.conf.5.xml:1474 msgid "" "A comma separated list of strings which allows to remove (filter) data sent " "by the PAM responder to pam_sss PAM module. There are different kind of " @@ -1809,51 +1809,51 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1481 +#: sssd.conf.5.xml:1482 msgid "" "While messages already can be controlled with the help of the pam_verbosity " "option this option allows to filter out other kind of responses as well." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1488 +#: sssd.conf.5.xml:1489 msgid "ENV" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1489 +#: sssd.conf.5.xml:1490 msgid "Do not send any environment variables to any service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1492 +#: sssd.conf.5.xml:1493 msgid "ENV:var_name" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1493 +#: sssd.conf.5.xml:1494 msgid "Do not send environment variable var_name to any service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1497 +#: sssd.conf.5.xml:1498 msgid "ENV:var_name:service" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1498 +#: sssd.conf.5.xml:1499 msgid "Do not send environment variable var_name to service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1486 +#: sssd.conf.5.xml:1487 msgid "" "Currently the following filters are supported: <placeholder " "type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1505 +#: sssd.conf.5.xml:1506 msgid "" "The list of strings can either be the list of filters which would set this " "list of filters and overwrite the defaults. Or each element of the list can " @@ -1864,23 +1864,23 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1516 +#: sssd.conf.5.xml:1517 msgid "Default: ENV:KRB5CCNAME:sudo, ENV:KRB5CCNAME:sudo-i" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1519 +#: sssd.conf.5.xml:1520 msgid "" "Example: -ENV:KRB5CCNAME:sudo-i will remove the filter from the default list" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1526 +#: sssd.conf.5.xml:1527 msgid "pam_id_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1529 +#: sssd.conf.5.xml:1530 msgid "" "For any PAM request while SSSD is online, the SSSD will attempt to " "immediately update the cached identity information for the user in order to " @@ -1888,7 +1888,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1535 +#: sssd.conf.5.xml:1536 msgid "" "A complete PAM conversation may perform multiple PAM requests, such as " "account management and session opening. This option controls (on a per-" @@ -1897,17 +1897,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1549 +#: sssd.conf.5.xml:1550 msgid "pam_pwd_expiration_warning (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1552 sssd.conf.5.xml:2987 +#: sssd.conf.5.xml:1553 sssd.conf.5.xml:2988 msgid "Display a warning N days before the password expires." msgstr "Zobrazit varování N dnů před skončením platnosti hesla." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1555 +#: sssd.conf.5.xml:1556 msgid "" "Please note that the backend server has to provide information about the " "expiration time of the password. If this information is missing, sssd " @@ -1915,31 +1915,31 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1561 sssd.conf.5.xml:2990 +#: sssd.conf.5.xml:1562 sssd.conf.5.xml:2991 msgid "" "If zero is set, then this filter is not applied, i.e. if the expiration " "warning was received from backend server, it will automatically be displayed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1566 +#: sssd.conf.5.xml:1567 msgid "" "This setting can be overridden by setting <emphasis>pwd_expiration_warning</" "emphasis> for a particular domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1571 sssd.conf.5.xml:3976 sssd-ldap.5.xml:606 sssd.8.xml:79 +#: sssd.conf.5.xml:1572 sssd.conf.5.xml:3977 sssd-ldap.5.xml:606 sssd.8.xml:79 msgid "Default: 0" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1588 +#: sssd.conf.5.xml:1589 msgid "pam_trusted_users (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1591 +#: sssd.conf.5.xml:1592 msgid "" "Specifies the comma-separated list of UID values or user names that are " "allowed to run PAM conversations against trusted domains. Users not " @@ -1949,75 +1949,75 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1601 +#: sssd.conf.5.xml:1602 msgid "Default: All users are considered trusted by default" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1605 +#: sssd.conf.5.xml:1606 msgid "" "Please note that UID 0 is always allowed to access the PAM responder even in " "case it is not in the pam_trusted_users list." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1612 +#: sssd.conf.5.xml:1613 msgid "pam_public_domains (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1615 +#: sssd.conf.5.xml:1616 msgid "" "Specifies the comma-separated list of domain names that are accessible even " "to untrusted users." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1619 +#: sssd.conf.5.xml:1620 msgid "Two special values for pam_public_domains option are defined:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1623 +#: sssd.conf.5.xml:1624 msgid "" "all (Untrusted users are allowed to access all domains in PAM responder.)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1627 +#: sssd.conf.5.xml:1628 msgid "" "none (Untrusted users are not allowed to access any domains PAM in " "responder.)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1631 sssd.conf.5.xml:1656 sssd.conf.5.xml:1675 -#: sssd.conf.5.xml:1912 sssd.conf.5.xml:2732 sssd.conf.5.xml:3905 +#: sssd.conf.5.xml:1632 sssd.conf.5.xml:1657 sssd.conf.5.xml:1676 +#: sssd.conf.5.xml:1913 sssd.conf.5.xml:2733 sssd.conf.5.xml:3906 #: sssd-ldap.5.xml:1207 msgid "Default: none" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1636 +#: sssd.conf.5.xml:1637 msgid "pam_account_expired_message (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1639 +#: sssd.conf.5.xml:1640 msgid "" "Allows a custom expiration message to be set, replacing the default " "'Permission denied' message." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1644 +#: sssd.conf.5.xml:1645 msgid "" "Note: Please be aware that message is only printed for the SSH service " "unless pam_verbosity is set to 3 (show all messages and debug information)." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1652 +#: sssd.conf.5.xml:1653 #, no-wrap msgid "" "pam_account_expired_message = Account expired, please contact help desk.\n" @@ -2025,19 +2025,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1661 +#: sssd.conf.5.xml:1662 msgid "pam_account_locked_message (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1664 +#: sssd.conf.5.xml:1665 msgid "" "Allows a custom lockout message to be set, replacing the default 'Permission " "denied' message." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1671 +#: sssd.conf.5.xml:1672 #, no-wrap msgid "" "pam_account_locked_message = Account locked, please contact help desk.\n" @@ -2045,17 +2045,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1680 +#: sssd.conf.5.xml:1681 msgid "pam_passkey_auth (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1683 +#: sssd.conf.5.xml:1684 msgid "Enable passkey device based authentication." msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1686 sssd.conf.5.xml:1697 sssd.conf.5.xml:1711 +#: sssd.conf.5.xml:1687 sssd.conf.5.xml:1698 sssd.conf.5.xml:1712 #: sssd-ldap.5.xml:671 sssd-ldap.5.xml:692 sssd-ldap.5.xml:788 #: sssd-ldap.5.xml:1293 sssd-ad.5.xml:505 sssd-ad.5.xml:581 sssd-ad.5.xml:1126 #: sssd-ad.5.xml:1175 include/ldap_id_mapping.xml:250 @@ -2063,22 +2063,22 @@ msgid "Default: False" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1691 +#: sssd.conf.5.xml:1692 msgid "passkey_debug_libfido2 (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1694 +#: sssd.conf.5.xml:1695 msgid "Enable libfido2 library debug messages." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1702 +#: sssd.conf.5.xml:1703 msgid "pam_cert_auth (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1705 +#: sssd.conf.5.xml:1706 msgid "" "Enable certificate based Smartcard authentication. Since this requires " "additional communication with the Smartcard which will delay the " @@ -2086,34 +2086,34 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1716 +#: sssd.conf.5.xml:1717 msgid "pam_cert_db_path (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1719 +#: sssd.conf.5.xml:1720 msgid "The path to the certificate database." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1722 sssd.conf.5.xml:2247 sssd.conf.5.xml:4308 +#: sssd.conf.5.xml:1723 sssd.conf.5.xml:2248 sssd.conf.5.xml:4354 msgid "Default:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1724 sssd.conf.5.xml:2249 +#: sssd.conf.5.xml:1725 sssd.conf.5.xml:2250 msgid "" "/etc/sssd/pki/sssd_auth_ca_db.pem (path to a file with trusted CA " "certificates in PEM format)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1734 +#: sssd.conf.5.xml:1735 msgid "pam_cert_verification (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1737 +#: sssd.conf.5.xml:1738 msgid "" "With this parameter the PAM certificate verification can be tuned with a " "comma separated list of options that override the " @@ -2123,7 +2123,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1748 +#: sssd.conf.5.xml:1749 #, no-wrap msgid "" "pam_cert_verification = partial_chain\n" @@ -2131,61 +2131,61 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1752 +#: sssd.conf.5.xml:1753 msgid "" "Default: not set, i.e. use default <quote>certificate_verification</quote> " "option defined in <quote>[sssd]</quote> section." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1759 +#: sssd.conf.5.xml:1760 msgid "p11_child_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1762 +#: sssd.conf.5.xml:1763 msgid "How many seconds will pam_sss wait for p11_child to finish." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1771 +#: sssd.conf.5.xml:1772 #, fuzzy #| msgid "timeout (integer)" msgid "passkey_child_timeout (integer)" msgstr "timeout (celé kladné číslo)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1774 +#: sssd.conf.5.xml:1775 msgid "" "How many seconds will the PAM responder wait for passkey_child to finish." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1783 +#: sssd.conf.5.xml:1784 msgid "pam_app_services (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1786 +#: sssd.conf.5.xml:1787 msgid "" "Which PAM services are permitted to contact domains of type " "<quote>application</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1795 +#: sssd.conf.5.xml:1796 msgid "pam_p11_allowed_services (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1798 +#: sssd.conf.5.xml:1799 msgid "" "A comma-separated list of PAM service names for which it will be allowed to " "use Smartcards." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1813 +#: sssd.conf.5.xml:1814 #, no-wrap msgid "" "pam_p11_allowed_services = +my_pam_service, -login\n" @@ -2193,7 +2193,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1802 +#: sssd.conf.5.xml:1803 msgid "" "It is possible to add another PAM service name to the default set by using " "<quote>+service_name</quote> or to explicitly remove a PAM service name from " @@ -2205,63 +2205,63 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1817 sssd-ad.5.xml:644 sssd-ad.5.xml:753 sssd-ad.5.xml:811 +#: sssd.conf.5.xml:1818 sssd-ad.5.xml:644 sssd-ad.5.xml:753 sssd-ad.5.xml:811 #: sssd-ad.5.xml:869 sssd-ad.5.xml:947 msgid "Default: the default set of PAM service names includes:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1822 sssd-ad.5.xml:648 +#: sssd.conf.5.xml:1823 sssd-ad.5.xml:648 msgid "login" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1827 sssd-ad.5.xml:653 +#: sssd.conf.5.xml:1828 sssd-ad.5.xml:653 msgid "su" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1832 sssd-ad.5.xml:658 +#: sssd.conf.5.xml:1833 sssd-ad.5.xml:658 msgid "su-l" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1837 sssd-ad.5.xml:673 +#: sssd.conf.5.xml:1838 sssd-ad.5.xml:673 msgid "gdm-smartcard" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1842 sssd-ad.5.xml:668 +#: sssd.conf.5.xml:1843 sssd-ad.5.xml:668 msgid "gdm-password" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1847 sssd-ad.5.xml:678 +#: sssd.conf.5.xml:1848 sssd-ad.5.xml:678 msgid "kdm" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1852 sssd-ad.5.xml:956 +#: sssd.conf.5.xml:1853 sssd-ad.5.xml:956 msgid "sudo" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1857 sssd-ad.5.xml:961 +#: sssd.conf.5.xml:1858 sssd-ad.5.xml:961 msgid "sudo-i" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1862 +#: sssd.conf.5.xml:1863 msgid "gnome-screensaver" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1870 +#: sssd.conf.5.xml:1871 msgid "p11_wait_for_card_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1873 +#: sssd.conf.5.xml:1874 msgid "" "If Smartcard authentication is required how many extra seconds in addition " "to p11_child_timeout should the PAM responder wait until a Smartcard is " @@ -2269,12 +2269,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1884 +#: sssd.conf.5.xml:1885 msgid "p11_uri (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1887 +#: sssd.conf.5.xml:1888 msgid "" "PKCS#11 URI (see RFC-7512 for details) which can be used to restrict the " "selection of devices used for Smartcard authentication. By default SSSD's " @@ -2285,7 +2285,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1900 +#: sssd.conf.5.xml:1901 #, no-wrap msgid "" "p11_uri = pkcs11:slot-description=My%20Smartcard%20Reader\n" @@ -2293,7 +2293,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1904 +#: sssd.conf.5.xml:1905 #, no-wrap msgid "" "p11_uri = pkcs11:library-description=OpenSC%20smartcard%20framework;slot-id=2\n" @@ -2301,7 +2301,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1898 +#: sssd.conf.5.xml:1899 msgid "" "Example: <placeholder type=\"programlisting\" id=\"0\"/> or <placeholder " "type=\"programlisting\" id=\"1\"/> To find suitable URI please check the " @@ -2310,47 +2310,47 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1917 +#: sssd.conf.5.xml:1918 msgid "pam_initgroups_scheme" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1925 +#: sssd.conf.5.xml:1926 msgid "always" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1926 +#: sssd.conf.5.xml:1927 msgid "" "Always do an online lookup, please note that pam_id_timeout still applies" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1930 +#: sssd.conf.5.xml:1931 msgid "no_session" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1931 +#: sssd.conf.5.xml:1932 msgid "" "Only do an online lookup if there is no active session of the user, i.e. if " "the user is currently not logged in" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1936 +#: sssd.conf.5.xml:1937 msgid "never" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1937 +#: sssd.conf.5.xml:1938 msgid "" "Never force an online lookup, use the data from the cache as long as they " "are not expired" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1920 +#: sssd.conf.5.xml:1921 msgid "" "The PAM responder can force an online lookup to get the current group " "memberships of the user trying to log in. This option controls when this " @@ -2359,30 +2359,30 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1944 +#: sssd.conf.5.xml:1945 msgid "Default: no_session" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1949 sssd.conf.5.xml:4247 +#: sssd.conf.5.xml:1950 sssd.conf.5.xml:4293 msgid "pam_gssapi_services" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1952 +#: sssd.conf.5.xml:1953 msgid "" "Comma separated list of PAM services that are allowed to try GSSAPI " "authentication using pam_sss_gss.so module." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1957 +#: sssd.conf.5.xml:1958 msgid "" "To disable GSSAPI authentication, set this option to <quote>-</quote> (dash)." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1961 sssd.conf.5.xml:1992 sssd.conf.5.xml:2030 +#: sssd.conf.5.xml:1962 sssd.conf.5.xml:1993 sssd.conf.5.xml:2031 msgid "" "Note: This option can also be set per-domain which overwrites the value in " "[pam] section. It can also be set for trusted domain which overwrites the " @@ -2390,7 +2390,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1969 +#: sssd.conf.5.xml:1970 #, no-wrap msgid "" "pam_gssapi_services = sudo, sudo-i\n" @@ -2398,22 +2398,22 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1967 sssd.conf.5.xml:3899 +#: sssd.conf.5.xml:1968 sssd.conf.5.xml:3900 msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1973 +#: sssd.conf.5.xml:1974 msgid "Default: - (GSSAPI authentication is disabled)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1978 sssd.conf.5.xml:4248 +#: sssd.conf.5.xml:1979 sssd.conf.5.xml:4294 msgid "pam_gssapi_check_upn" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1981 +#: sssd.conf.5.xml:1982 msgid "" "If True, SSSD will require that the Kerberos user principal that " "successfully authenticated through GSSAPI can be associated with the user " @@ -2421,25 +2421,25 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1988 +#: sssd.conf.5.xml:1989 msgid "" "If False, every user that is able to obtained required service ticket will " "be authenticated." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1998 sssd-ad.5.xml:1266 sss_rpcidmapd.5.xml:76 +#: sssd.conf.5.xml:1999 sssd-ad.5.xml:1266 sss_rpcidmapd.5.xml:76 #: sssd-files.5.xml:145 msgid "Default: True" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2003 +#: sssd.conf.5.xml:2004 msgid "pam_gssapi_indicators_map" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2006 +#: sssd.conf.5.xml:2007 msgid "" "Comma separated list of authentication indicators required to be present in " "a Kerberos ticket to access a PAM service that is allowed to try GSSAPI " @@ -2447,7 +2447,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2012 +#: sssd.conf.5.xml:2013 msgid "" "Each element of the list can be either an authentication indicator name or a " "pair <quote>service:indicator</quote>. Indicators not prefixed with the PAM " @@ -2462,7 +2462,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2025 +#: sssd.conf.5.xml:2026 msgid "" "To disable GSSAPI authentication indicator check, set this option to <quote>-" "</quote> (dash). To disable the check for a specific PAM service, add " @@ -2470,45 +2470,45 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2036 +#: sssd.conf.5.xml:2037 msgid "" "Following authentication indicators are supported by IPA Kerberos " "deployments:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2039 +#: sssd.conf.5.xml:2040 msgid "" "pkinit -- pre-authentication using X.509 certificates -- whether stored in " "files or on smart cards." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2042 +#: sssd.conf.5.xml:2043 msgid "" "hardened -- SPAKE pre-authentication or any pre-authentication wrapped in a " "FAST channel." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2045 +#: sssd.conf.5.xml:2046 msgid "radius -- pre-authentication with the help of a RADIUS server." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2048 +#: sssd.conf.5.xml:2049 msgid "" "otp -- pre-authentication using integrated two-factor authentication (2FA or " "one-time password, OTP) in IPA." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2051 +#: sssd.conf.5.xml:2052 msgid "idp -- pre-authentication using external identity provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:2061 +#: sssd.conf.5.xml:2062 #, no-wrap msgid "" "pam_gssapi_indicators_map = sudo:pkinit, sudo-i:pkinit\n" @@ -2516,7 +2516,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2056 +#: sssd.conf.5.xml:2057 msgid "" "Example: to require access to SUDO services only for users which obtained " "their Kerberos tickets with a X.509 certificate pre-authentication (PKINIT), " @@ -2524,17 +2524,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2065 +#: sssd.conf.5.xml:2066 msgid "Default: not set (use of authentication indicators is not required)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:2073 +#: sssd.conf.5.xml:2074 msgid "SUDO configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2075 +#: sssd.conf.5.xml:2076 msgid "" "These options can be used to configure the sudo service. The detailed " "instructions for configuration of <citerefentry> <refentrytitle>sudo</" @@ -2545,24 +2545,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2092 +#: sssd.conf.5.xml:2093 msgid "sudo_timed (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2095 +#: sssd.conf.5.xml:2096 msgid "" "Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes " "that implement time-dependent sudoers entries." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2107 +#: sssd.conf.5.xml:2108 msgid "sudo_threshold (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2110 +#: sssd.conf.5.xml:2111 msgid "" "Maximum number of expired rules that can be refreshed at once. If number of " "expired rules is below threshold, those rules are refreshed with " @@ -2572,22 +2572,22 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:2129 +#: sssd.conf.5.xml:2130 msgid "AUTOFS configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2131 +#: sssd.conf.5.xml:2132 msgid "These options can be used to configure the autofs service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2135 +#: sssd.conf.5.xml:2136 msgid "autofs_negative_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2138 +#: sssd.conf.5.xml:2139 msgid "" "Specifies for how many seconds should the autofs responder negative cache " "hits (that is, queries for invalid map entries, like nonexistent ones) " @@ -2595,51 +2595,51 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:2154 +#: sssd.conf.5.xml:2155 msgid "SSH configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2156 +#: sssd.conf.5.xml:2157 msgid "These options can be used to configure the SSH service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2160 +#: sssd.conf.5.xml:2161 msgid "ssh_hash_known_hosts (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2163 +#: sssd.conf.5.xml:2164 msgid "" "Whether or not to hash host names and addresses in the managed known_hosts " "file." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2172 +#: sssd.conf.5.xml:2173 msgid "ssh_known_hosts_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2175 +#: sssd.conf.5.xml:2176 msgid "" "How many seconds to keep a host in the managed known_hosts file after its " "host keys were requested." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2179 +#: sssd.conf.5.xml:2180 msgid "Default: 180" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2184 +#: sssd.conf.5.xml:2185 msgid "ssh_use_certificate_keys (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2187 +#: sssd.conf.5.xml:2188 msgid "" "If set to true the <command>sss_ssh_authorizedkeys</command> will return ssh " "keys derived from the public key of X.509 certificates stored in the user " @@ -2648,12 +2648,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2202 +#: sssd.conf.5.xml:2203 msgid "ssh_use_certificate_matching_rules (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2205 +#: sssd.conf.5.xml:2206 msgid "" "By default the ssh responder will use all available certificate matching " "rules to filter the certificates so that ssh keys are only derived from the " @@ -2663,7 +2663,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2214 +#: sssd.conf.5.xml:2215 msgid "" "There are two special key words 'all_rules' and 'no_rules' which will enable " "all or no rules, respectively. The latter means that no certificates will be " @@ -2671,7 +2671,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2221 +#: sssd.conf.5.xml:2222 msgid "" "If no rules are configured using 'all_rules' will enable a default rule " "which enables all certificates suitable for client authentication. This is " @@ -2680,38 +2680,38 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2228 +#: sssd.conf.5.xml:2229 msgid "" "A non-existing rule name is considered an error. If as a result no rule is " "selected all certificates will be ignored." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2233 +#: sssd.conf.5.xml:2234 msgid "" "Default: not set, equivalent to 'all_rules', all found rules or the default " "rule are used" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2239 +#: sssd.conf.5.xml:2240 msgid "ca_db (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2242 +#: sssd.conf.5.xml:2243 msgid "" "Path to a storage of trusted CA certificates. The option is used to validate " "user certificates before deriving public ssh keys from them." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:2262 +#: sssd.conf.5.xml:2263 msgid "PAC responder configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2264 +#: sssd.conf.5.xml:2265 msgid "" "The PAC responder works together with the authorization data plugin for MIT " "Kerberos sssd_pac_plugin.so and a sub-domain provider. The plugin sends the " @@ -2722,7 +2722,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2273 +#: sssd.conf.5.xml:2274 msgid "" "If the remote user does not exist in the cache, it is created. The UID is " "determined with the help of the SID, trusted domains will have UPGs and the " @@ -2733,24 +2733,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2281 +#: sssd.conf.5.xml:2282 msgid "" "If there are SIDs of groups from domains sssd knows about, the user will be " "added to those groups." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2287 +#: sssd.conf.5.xml:2288 msgid "These options can be used to configure the PAC responder." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2291 sssd-ifp.5.xml:66 +#: sssd.conf.5.xml:2292 sssd-ifp.5.xml:66 msgid "allowed_uids (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2294 +#: sssd.conf.5.xml:2295 msgid "" "Specifies the comma-separated list of UID values or user names that are " "allowed to access the PAC responder. User names are resolved to UIDs at " @@ -2758,12 +2758,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2300 +#: sssd.conf.5.xml:2301 msgid "Default: 0 (only the root user is allowed to access the PAC responder)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2304 +#: sssd.conf.5.xml:2305 msgid "" "Please note that although the UID 0 is used as the default it will be " "overwritten with this option. If you still want to allow the root user to " @@ -2772,26 +2772,26 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2313 +#: sssd.conf.5.xml:2314 msgid "pac_lifetime (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2316 +#: sssd.conf.5.xml:2317 msgid "" "Lifetime of the PAC entry in seconds. As long as the PAC is valid the PAC " "data can be used to determine the group memberships of a user." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2326 +#: sssd.conf.5.xml:2327 #, fuzzy #| msgid "krb5_rcache_dir (string)" msgid "pac_check (string)" msgstr "krb5_rcache_dir (řetězec)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2329 +#: sssd.conf.5.xml:2330 msgid "" "Apply additional checks on the PAC of the Kerberos ticket which is available " "in Active Directory and FreeIPA domains, if configured. Please note that " @@ -2802,24 +2802,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2343 +#: sssd.conf.5.xml:2344 msgid "no_check" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2345 +#: sssd.conf.5.xml:2346 msgid "" "The PAC must not be present and even if it is present no additional checks " "will be done." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2351 +#: sssd.conf.5.xml:2352 msgid "pac_present" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2353 +#: sssd.conf.5.xml:2354 msgid "" "The PAC must be present in the service ticket which SSSD will request with " "the help of the user's TGT. If the PAC is not available the authentication " @@ -2827,24 +2827,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2361 +#: sssd.conf.5.xml:2362 msgid "check_upn" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2363 +#: sssd.conf.5.xml:2364 msgid "" "If the PAC is present check if the user principal name (UPN) information is " "consistent." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2369 +#: sssd.conf.5.xml:2370 msgid "check_upn_allow_missing" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2371 +#: sssd.conf.5.xml:2372 msgid "" "This option should be used together with 'check_upn' and handles the case " "where a UPN is set on the server-side but is not read by SSSD. The typical " @@ -2856,7 +2856,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2383 +#: sssd.conf.5.xml:2384 msgid "" "Currently this option is set by default to avoid regressions in such " "environments. A log message will be added to the system log and SSSD's debug " @@ -2867,60 +2867,60 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2397 +#: sssd.conf.5.xml:2398 msgid "upn_dns_info_present" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2399 +#: sssd.conf.5.xml:2400 msgid "The PAC must contain the UPN-DNS-INFO buffer, implies 'check_upn'." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2404 +#: sssd.conf.5.xml:2405 msgid "check_upn_dns_info_ex" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2406 +#: sssd.conf.5.xml:2407 msgid "" "If the PAC is present and the extension to the UPN-DNS-INFO buffer is " "available check if the information in the extension is consistent." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2413 +#: sssd.conf.5.xml:2414 msgid "upn_dns_info_ex_present" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2415 +#: sssd.conf.5.xml:2416 msgid "" "The PAC must contain the extension of the UPN-DNS-INFO buffer, implies " "'check_upn_dns_info_ex', 'upn_dns_info_present' and 'check_upn'." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2339 +#: sssd.conf.5.xml:2340 msgid "" "The following options can be used alone or in a comma-separated list: " "<placeholder type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2425 +#: sssd.conf.5.xml:2426 msgid "" "Default: no_check (AD and IPA provider 'check_upn, check_upn_allow_missing, " "check_upn_dns_info_ex')" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:2434 +#: sssd.conf.5.xml:2435 msgid "Session recording configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2436 +#: sssd.conf.5.xml:2437 msgid "" "Session recording works in conjunction with <citerefentry> " "<refentrytitle>tlog-rec-session</refentrytitle> <manvolnum>8</manvolnum> </" @@ -2930,66 +2930,66 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2449 +#: sssd.conf.5.xml:2450 msgid "These options can be used to configure session recording." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2453 sssd-session-recording.5.xml:64 +#: sssd.conf.5.xml:2454 sssd-session-recording.5.xml:64 msgid "scope (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2460 sssd-session-recording.5.xml:71 +#: sssd.conf.5.xml:2461 sssd-session-recording.5.xml:71 msgid "\"none\"" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2463 sssd-session-recording.5.xml:74 +#: sssd.conf.5.xml:2464 sssd-session-recording.5.xml:74 msgid "No users are recorded." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2468 sssd-session-recording.5.xml:79 +#: sssd.conf.5.xml:2469 sssd-session-recording.5.xml:79 msgid "\"some\"" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2471 sssd-session-recording.5.xml:82 +#: sssd.conf.5.xml:2472 sssd-session-recording.5.xml:82 msgid "" "Users/groups specified by <replaceable>users</replaceable> and " "<replaceable>groups</replaceable> options are recorded." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2480 sssd-session-recording.5.xml:91 +#: sssd.conf.5.xml:2481 sssd-session-recording.5.xml:91 msgid "\"all\"" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2483 sssd-session-recording.5.xml:94 +#: sssd.conf.5.xml:2484 sssd-session-recording.5.xml:94 msgid "All users are recorded." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2456 sssd-session-recording.5.xml:67 +#: sssd.conf.5.xml:2457 sssd-session-recording.5.xml:67 msgid "" "One of the following strings specifying the scope of session recording: " "<placeholder type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2490 sssd-session-recording.5.xml:101 +#: sssd.conf.5.xml:2491 sssd-session-recording.5.xml:101 msgid "Default: \"none\"" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2495 sssd-session-recording.5.xml:106 +#: sssd.conf.5.xml:2496 sssd-session-recording.5.xml:106 msgid "users (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2498 sssd-session-recording.5.xml:109 +#: sssd.conf.5.xml:2499 sssd-session-recording.5.xml:109 msgid "" "A comma-separated list of users which should have session recording enabled. " "Matches user names as returned by NSS. I.e. after the possible space " @@ -3000,17 +3000,17 @@ msgstr "" "mezer, změně velikosti písmen, atd." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2504 sssd-session-recording.5.xml:115 +#: sssd.conf.5.xml:2505 sssd-session-recording.5.xml:115 msgid "Default: Empty. Matches no users." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2509 sssd-session-recording.5.xml:120 +#: sssd.conf.5.xml:2510 sssd-session-recording.5.xml:120 msgid "groups (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2512 sssd-session-recording.5.xml:123 +#: sssd.conf.5.xml:2513 sssd-session-recording.5.xml:123 msgid "" "A comma-separated list of groups, members of which should have session " "recording enabled. Matches group names as returned by NSS. I.e. after the " @@ -3021,7 +3021,7 @@ msgstr "" "nahrazení mezer, změn velikosti písmen, atd." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2518 sssd.conf.5.xml:2550 sssd-session-recording.5.xml:129 +#: sssd.conf.5.xml:2519 sssd.conf.5.xml:2551 sssd-session-recording.5.xml:129 #: sssd-session-recording.5.xml:161 msgid "" "NOTE: using this option (having it set to anything) has a considerable " @@ -3030,60 +3030,60 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2525 sssd-session-recording.5.xml:136 +#: sssd.conf.5.xml:2526 sssd-session-recording.5.xml:136 msgid "Default: Empty. Matches no groups." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2530 sssd-session-recording.5.xml:141 +#: sssd.conf.5.xml:2531 sssd-session-recording.5.xml:141 #, fuzzy #| msgid "simple_deny_users (string)" msgid "exclude_users (string)" msgstr "simple_deny_users (řetězec)" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2533 sssd-session-recording.5.xml:144 +#: sssd.conf.5.xml:2534 sssd-session-recording.5.xml:144 msgid "" "A comma-separated list of users to be excluded from recording, only " "applicable with 'scope=all'." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2537 sssd-session-recording.5.xml:148 +#: sssd.conf.5.xml:2538 sssd-session-recording.5.xml:148 msgid "Default: Empty. No users excluded." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2542 sssd-session-recording.5.xml:153 +#: sssd.conf.5.xml:2543 sssd-session-recording.5.xml:153 #, fuzzy #| msgid "simple_deny_groups (string)" msgid "exclude_groups (string)" msgstr "simple_deny_groups (řetězec)" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2545 sssd-session-recording.5.xml:156 +#: sssd.conf.5.xml:2546 sssd-session-recording.5.xml:156 msgid "" "A comma-separated list of groups, members of which should be excluded from " "recording. Only applicable with 'scope=all'." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2557 sssd-session-recording.5.xml:168 +#: sssd.conf.5.xml:2558 sssd-session-recording.5.xml:168 msgid "Default: Empty. No groups excluded." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:2567 +#: sssd.conf.5.xml:2568 msgid "DOMAIN SECTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2574 +#: sssd.conf.5.xml:2575 msgid "enabled" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2577 +#: sssd.conf.5.xml:2578 msgid "" "Explicitly enable or disable the domain. If <quote>true</quote>, the domain " "is always <quote>enabled</quote>. If <quote>false</quote>, the domain is " @@ -3093,12 +3093,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2589 +#: sssd.conf.5.xml:2590 msgid "domain_type (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2592 +#: sssd.conf.5.xml:2593 msgid "" "Specifies whether the domain is meant to be used by POSIX-aware clients such " "as the Name Service Switch or by applications that do not need POSIX data to " @@ -3107,14 +3107,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2600 +#: sssd.conf.5.xml:2601 msgid "" "Allowed values for this option are <quote>posix</quote> and " "<quote>application</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2604 +#: sssd.conf.5.xml:2605 msgid "" "POSIX domains are reachable by all services. Application domains are only " "reachable from the InfoPipe responder (see <citerefentry> " @@ -3123,38 +3123,38 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2612 +#: sssd.conf.5.xml:2613 msgid "" "NOTE: The application domains are currently well tested with " "<quote>id_provider=ldap</quote> only." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2616 +#: sssd.conf.5.xml:2617 msgid "" "For an easy way to configure a non-POSIX domains, please see the " "<quote>Application domains</quote> section." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2620 +#: sssd.conf.5.xml:2621 msgid "Default: posix" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2626 +#: sssd.conf.5.xml:2627 msgid "min_id,max_id (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2629 +#: sssd.conf.5.xml:2630 msgid "" "UID and GID limits for the domain. If a domain contains an entry that is " "outside these limits, it is ignored." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2634 +#: sssd.conf.5.xml:2635 msgid "" "For users, this affects the primary GID limit. The user will not be returned " "to NSS if either the UID or the primary GID is outside the range. For non-" @@ -3163,24 +3163,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2641 +#: sssd.conf.5.xml:2642 msgid "" "These ID limits affect even saving entries to cache, not only returning them " "by name or ID." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2645 +#: sssd.conf.5.xml:2646 msgid "Default: 1 for min_id, 0 (no limit) for max_id" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2651 +#: sssd.conf.5.xml:2652 msgid "enumerate (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2654 +#: sssd.conf.5.xml:2655 msgid "" "Determines if a domain can be enumerated, that is, whether the domain can " "list all the users and group it contains. Note that it is not required to " @@ -3189,29 +3189,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2662 +#: sssd.conf.5.xml:2663 msgid "TRUE = Users and groups are enumerated" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2665 +#: sssd.conf.5.xml:2666 msgid "FALSE = No enumerations for this domain" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2668 sssd.conf.5.xml:2942 sssd.conf.5.xml:3119 +#: sssd.conf.5.xml:2669 sssd.conf.5.xml:2943 sssd.conf.5.xml:3120 msgid "Default: FALSE" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2671 +#: sssd.conf.5.xml:2672 msgid "" "Enumerating a domain requires SSSD to download and store ALL user and group " "entries from the remote server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2676 +#: sssd.conf.5.xml:2677 msgid "" "Note: Enabling enumeration has a moderate performance impact on SSSD while " "enumeration is running. It may take up to several minutes after SSSD startup " @@ -3225,14 +3225,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2691 +#: sssd.conf.5.xml:2692 msgid "" "While the first enumeration is running, requests for the complete user or " "group lists may return no results until it completes." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2696 +#: sssd.conf.5.xml:2697 msgid "" "Further, enabling enumeration may increase the time necessary to detect " "network disconnection, as longer timeouts are required to ensure that " @@ -3241,39 +3241,39 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2704 +#: sssd.conf.5.xml:2705 msgid "" "For the reasons cited above, enabling enumeration is not recommended, " "especially in large environments." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2712 +#: sssd.conf.5.xml:2713 msgid "subdomain_enumerate (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2719 +#: sssd.conf.5.xml:2720 msgid "all" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2720 +#: sssd.conf.5.xml:2721 msgid "All discovered trusted domains will be enumerated" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2723 +#: sssd.conf.5.xml:2724 msgid "none" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2724 +#: sssd.conf.5.xml:2725 msgid "No discovered trusted domains will be enumerated" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2715 +#: sssd.conf.5.xml:2716 msgid "" "Whether any of autodetected trusted domains should be enumerated. The " "supported values are: <placeholder type=\"variablelist\" id=\"0\"/> " @@ -3282,19 +3282,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2738 +#: sssd.conf.5.xml:2739 msgid "entry_cache_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2741 +#: sssd.conf.5.xml:2742 msgid "" "How many seconds should nss_sss consider entries valid before asking the " "backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2745 +#: sssd.conf.5.xml:2746 msgid "" "The cache expiration timestamps are stored as attributes of individual " "objects in the cache. Therefore, changing the cache timeout only has effect " @@ -3305,108 +3305,108 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2758 +#: sssd.conf.5.xml:2759 msgid "Default: 5400" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2764 +#: sssd.conf.5.xml:2765 msgid "entry_cache_user_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2767 +#: sssd.conf.5.xml:2768 msgid "" "How many seconds should nss_sss consider user entries valid before asking " "the backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2771 sssd.conf.5.xml:2784 sssd.conf.5.xml:2797 -#: sssd.conf.5.xml:2810 sssd.conf.5.xml:2824 sssd.conf.5.xml:2837 -#: sssd.conf.5.xml:2851 sssd.conf.5.xml:2865 sssd.conf.5.xml:2878 +#: sssd.conf.5.xml:2772 sssd.conf.5.xml:2785 sssd.conf.5.xml:2798 +#: sssd.conf.5.xml:2811 sssd.conf.5.xml:2825 sssd.conf.5.xml:2838 +#: sssd.conf.5.xml:2852 sssd.conf.5.xml:2866 sssd.conf.5.xml:2879 msgid "Default: entry_cache_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2777 +#: sssd.conf.5.xml:2778 msgid "entry_cache_group_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2780 +#: sssd.conf.5.xml:2781 msgid "" "How many seconds should nss_sss consider group entries valid before asking " "the backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2790 +#: sssd.conf.5.xml:2791 msgid "entry_cache_netgroup_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2793 +#: sssd.conf.5.xml:2794 msgid "" "How many seconds should nss_sss consider netgroup entries valid before " "asking the backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2803 +#: sssd.conf.5.xml:2804 msgid "entry_cache_service_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2806 +#: sssd.conf.5.xml:2807 msgid "" "How many seconds should nss_sss consider service entries valid before asking " "the backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2816 +#: sssd.conf.5.xml:2817 msgid "entry_cache_resolver_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2819 +#: sssd.conf.5.xml:2820 msgid "" "How many seconds should nss_sss consider hosts and networks entries valid " "before asking the backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2830 +#: sssd.conf.5.xml:2831 msgid "entry_cache_sudo_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2833 +#: sssd.conf.5.xml:2834 msgid "" "How many seconds should sudo consider rules valid before asking the backend " "again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2843 +#: sssd.conf.5.xml:2844 msgid "entry_cache_autofs_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2846 +#: sssd.conf.5.xml:2847 msgid "" "How many seconds should the autofs service consider automounter maps valid " "before asking the backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2857 +#: sssd.conf.5.xml:2858 msgid "entry_cache_ssh_host_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2860 +#: sssd.conf.5.xml:2861 msgid "" "How many seconds to keep a host ssh key after refresh. IE how long to cache " "the host key for." @@ -3415,31 +3415,31 @@ msgstr "" "dlouhou dobu ponechávat klíč hostitel v mezipaměti." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2871 +#: sssd.conf.5.xml:2872 msgid "entry_cache_computer_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2874 +#: sssd.conf.5.xml:2875 msgid "" "How many seconds to keep the local computer entry before asking the backend " "again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2884 +#: sssd.conf.5.xml:2885 msgid "refresh_expired_interval (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2887 +#: sssd.conf.5.xml:2888 msgid "" "Specifies how many seconds SSSD has to wait before triggering a background " "refresh task which will refresh all expired or nearly expired records." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2892 +#: sssd.conf.5.xml:2893 msgid "" "The background refresh will process users, groups and netgroups in the " "cache. For users who have performed the initgroups (get group membership for " @@ -3448,17 +3448,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2900 +#: sssd.conf.5.xml:2901 msgid "This option is automatically inherited for all trusted domains." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2904 +#: sssd.conf.5.xml:2905 msgid "You can consider setting this value to 3/4 * entry_cache_timeout." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2908 +#: sssd.conf.5.xml:2909 msgid "" "Cache entry will be refreshed by background task when 2/3 of cache timeout " "has already passed. If there are existing cached entries, the background " @@ -3470,23 +3470,23 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2921 sssd-ldap.5.xml:360 sssd-ldap.5.xml:1736 +#: sssd.conf.5.xml:2922 sssd-ldap.5.xml:360 sssd-ldap.5.xml:1736 #: sssd-ipa.5.xml:270 msgid "Default: 0 (disabled)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2927 +#: sssd.conf.5.xml:2928 msgid "cache_credentials (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2930 +#: sssd.conf.5.xml:2931 msgid "Determines if user credentials are also cached in the local LDB cache." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2934 +#: sssd.conf.5.xml:2935 msgid "" "Take a note that while credentials are stored as a salted SHA512 hash, this " "still potentially poses some security risk in case an attacker manages to " @@ -3495,12 +3495,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2948 +#: sssd.conf.5.xml:2949 msgid "cache_credentials_minimal_first_factor_length (int)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2951 +#: sssd.conf.5.xml:2952 msgid "" "If 2-Factor-Authentication (2FA) is used and credentials should be saved " "this value determines the minimal length the first authentication factor " @@ -3512,19 +3512,19 @@ msgstr "" "otisk do mezipaměti." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2958 +#: sssd.conf.5.xml:2959 msgid "" "This should avoid that the short PINs of a PIN based 2FA scheme are saved in " "the cache which would make them easy targets for brute-force attacks." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2969 +#: sssd.conf.5.xml:2970 msgid "account_cache_expiration (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2972 +#: sssd.conf.5.xml:2973 msgid "" "Number of days entries are left in cache after last successful login before " "being removed during a cleanup of the cache. 0 means keep forever. The " @@ -3533,17 +3533,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2979 +#: sssd.conf.5.xml:2980 msgid "Default: 0 (unlimited)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2984 +#: sssd.conf.5.xml:2985 msgid "pwd_expiration_warning (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2995 +#: sssd.conf.5.xml:2996 msgid "" "Please note that the backend server has to provide information about the " "expiration time of the password. If this information is missing, sssd " @@ -3552,28 +3552,28 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3002 +#: sssd.conf.5.xml:3003 msgid "Default: 7 (Kerberos), 0 (LDAP)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3008 +#: sssd.conf.5.xml:3009 msgid "id_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3011 +#: sssd.conf.5.xml:3012 msgid "" "The identification provider used for the domain. Supported ID providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3015 +#: sssd.conf.5.xml:3016 msgid "<quote>proxy</quote>: Support a legacy NSS provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3018 +#: sssd.conf.5.xml:3019 msgid "" "<quote>files</quote>: FILES provider. See <citerefentry> <refentrytitle>sssd-" "files</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more " @@ -3581,7 +3581,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3026 +#: sssd.conf.5.xml:3027 msgid "" "<quote>ldap</quote>: LDAP provider. See <citerefentry> <refentrytitle>sssd-" "ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more " @@ -3589,8 +3589,8 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3034 sssd.conf.5.xml:3145 sssd.conf.5.xml:3196 -#: sssd.conf.5.xml:3259 +#: sssd.conf.5.xml:3035 sssd.conf.5.xml:3146 sssd.conf.5.xml:3197 +#: sssd.conf.5.xml:3260 msgid "" "<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management " "provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> " @@ -3599,8 +3599,8 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3043 sssd.conf.5.xml:3154 sssd.conf.5.xml:3205 -#: sssd.conf.5.xml:3268 +#: sssd.conf.5.xml:3044 sssd.conf.5.xml:3155 sssd.conf.5.xml:3206 +#: sssd.conf.5.xml:3269 msgid "" "<quote>ad</quote>: Active Directory provider. See <citerefentry> " "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3608,19 +3608,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3054 +#: sssd.conf.5.xml:3055 msgid "use_fully_qualified_names (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3057 +#: sssd.conf.5.xml:3058 msgid "" "Use the full name and domain (as formatted by the domain's full_name_format) " "as the user's login name reported to NSS." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3062 +#: sssd.conf.5.xml:3063 msgid "" "If set to TRUE, all requests to this domain must use fully qualified names. " "For example, if used in LOCAL domain that contains a \"test\" user, " @@ -3629,7 +3629,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3070 +#: sssd.conf.5.xml:3071 msgid "" "NOTE: This option has no effect on netgroup lookups due to their tendency to " "include nested netgroups without qualified names. For netgroups, all domains " @@ -3637,24 +3637,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3077 +#: sssd.conf.5.xml:3078 msgid "" "Default: FALSE (TRUE for trusted domain/sub-domains or if " "default_domain_suffix is used)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3084 +#: sssd.conf.5.xml:3085 msgid "ignore_group_members (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3087 +#: sssd.conf.5.xml:3088 msgid "Do not return group members for group lookups." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3090 +#: sssd.conf.5.xml:3091 msgid "" "If set to TRUE, the group membership attribute is not requested from the " "ldap server, and group members are not returned when processing group lookup " @@ -3666,7 +3666,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3108 +#: sssd.conf.5.xml:3109 msgid "" "Enabling this option can also make access provider checks for group " "membership significantly faster, especially for groups containing many " @@ -3674,7 +3674,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3114 sssd.conf.5.xml:3821 sssd-ldap.5.xml:326 +#: sssd.conf.5.xml:3115 sssd.conf.5.xml:3822 sssd-ldap.5.xml:326 #: sssd-ldap.5.xml:355 sssd-ldap.5.xml:408 sssd-ldap.5.xml:468 #: sssd-ldap.5.xml:489 sssd-ldap.5.xml:520 sssd-ldap.5.xml:543 #: sssd-ldap.5.xml:582 sssd-ldap.5.xml:601 sssd-ldap.5.xml:625 @@ -3685,19 +3685,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3124 +#: sssd.conf.5.xml:3125 msgid "auth_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3127 +#: sssd.conf.5.xml:3128 msgid "" "The authentication provider used for the domain. Supported auth providers " "are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3131 sssd.conf.5.xml:3189 +#: sssd.conf.5.xml:3132 sssd.conf.5.xml:3190 msgid "" "<quote>ldap</quote> for native LDAP authentication. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3705,7 +3705,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3138 +#: sssd.conf.5.xml:3139 msgid "" "<quote>krb5</quote> for Kerberos authentication. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3713,30 +3713,30 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3162 +#: sssd.conf.5.xml:3163 msgid "" "<quote>proxy</quote> for relaying authentication to some other PAM target." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3165 +#: sssd.conf.5.xml:3166 msgid "<quote>none</quote> disables authentication explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3168 +#: sssd.conf.5.xml:3169 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can handle " "authentication requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3174 +#: sssd.conf.5.xml:3175 msgid "access_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3177 +#: sssd.conf.5.xml:3178 msgid "" "The access control provider used for the domain. There are two built-in " "access providers (in addition to any included in installed backends) " @@ -3744,19 +3744,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3183 +#: sssd.conf.5.xml:3184 msgid "" "<quote>permit</quote> always allow access. It's the only permitted access " "provider for a local domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3186 +#: sssd.conf.5.xml:3187 msgid "<quote>deny</quote> always deny access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3213 +#: sssd.conf.5.xml:3214 msgid "" "<quote>simple</quote> access control based on access or deny lists. See " "<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</" @@ -3765,7 +3765,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3220 +#: sssd.conf.5.xml:3221 msgid "" "<quote>krb5</quote>: .k5login based access control. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum></" @@ -3773,29 +3773,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3227 +#: sssd.conf.5.xml:3228 msgid "<quote>proxy</quote> for relaying access control to another PAM module." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3230 +#: sssd.conf.5.xml:3231 msgid "Default: <quote>permit</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3235 +#: sssd.conf.5.xml:3236 msgid "chpass_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3238 +#: sssd.conf.5.xml:3239 msgid "" "The provider which should handle change password operations for the domain. " "Supported change password providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3243 +#: sssd.conf.5.xml:3244 msgid "" "<quote>ldap</quote> to change a password stored in a LDAP server. See " "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" @@ -3803,7 +3803,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3251 +#: sssd.conf.5.xml:3252 msgid "" "<quote>krb5</quote> to change the Kerberos password. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3811,35 +3811,35 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3276 +#: sssd.conf.5.xml:3277 msgid "" "<quote>proxy</quote> for relaying password changes to some other PAM target." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3280 +#: sssd.conf.5.xml:3281 msgid "<quote>none</quote> disallows password changes explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3283 +#: sssd.conf.5.xml:3284 msgid "" "Default: <quote>auth_provider</quote> is used if it is set and can handle " "change password requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3290 +#: sssd.conf.5.xml:3291 msgid "sudo_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3293 +#: sssd.conf.5.xml:3294 msgid "The SUDO provider used for the domain. Supported SUDO providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3297 +#: sssd.conf.5.xml:3298 msgid "" "<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3847,32 +3847,32 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3305 +#: sssd.conf.5.xml:3306 msgid "" "<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default " "settings." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3309 +#: sssd.conf.5.xml:3310 msgid "" "<quote>ad</quote> the same as <quote>ldap</quote> but with AD default " "settings." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3313 +#: sssd.conf.5.xml:3314 msgid "<quote>none</quote> disables SUDO explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3316 sssd.conf.5.xml:3402 sssd.conf.5.xml:3472 -#: sssd.conf.5.xml:3497 sssd.conf.5.xml:3533 +#: sssd.conf.5.xml:3317 sssd.conf.5.xml:3403 sssd.conf.5.xml:3473 +#: sssd.conf.5.xml:3498 sssd.conf.5.xml:3534 msgid "Default: The value of <quote>id_provider</quote> is used if it is set." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3320 +#: sssd.conf.5.xml:3321 msgid "" "The detailed instructions for configuration of sudo_provider are in the " "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " @@ -3883,7 +3883,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3335 +#: sssd.conf.5.xml:3336 msgid "" "<emphasis>NOTE:</emphasis> Sudo rules are periodically downloaded in the " "background unless the sudo provider is explicitly disabled. Set " @@ -3892,12 +3892,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3345 +#: sssd.conf.5.xml:3346 msgid "selinux_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3348 +#: sssd.conf.5.xml:3349 msgid "" "The provider which should handle loading of selinux settings. Note that this " "provider will be called right after access provider ends. Supported selinux " @@ -3905,7 +3905,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3354 +#: sssd.conf.5.xml:3355 msgid "" "<quote>ipa</quote> to load selinux settings from an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" @@ -3913,31 +3913,31 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3362 +#: sssd.conf.5.xml:3363 msgid "<quote>none</quote> disallows fetching selinux settings explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3365 +#: sssd.conf.5.xml:3366 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can handle " "selinux loading requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3371 +#: sssd.conf.5.xml:3372 msgid "subdomains_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3374 +#: sssd.conf.5.xml:3375 msgid "" "The provider which should handle fetching of subdomains. This value should " "be always the same as id_provider. Supported subdomain providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3380 +#: sssd.conf.5.xml:3381 msgid "" "<quote>ipa</quote> to load a list of subdomains from an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" @@ -3945,7 +3945,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3389 +#: sssd.conf.5.xml:3390 msgid "" "<quote>ad</quote> to load a list of subdomains from an Active Directory " "server. See <citerefentry> <refentrytitle>sssd-ad</refentrytitle> " @@ -3954,17 +3954,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3398 +#: sssd.conf.5.xml:3399 msgid "<quote>none</quote> disallows fetching subdomains explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3408 +#: sssd.conf.5.xml:3409 msgid "session_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3411 +#: sssd.conf.5.xml:3412 msgid "" "The provider which configures and manages user session related tasks. The " "only user session task currently provided is the integration with Fleet " @@ -3972,43 +3972,43 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3418 +#: sssd.conf.5.xml:3419 msgid "<quote>ipa</quote> to allow performing user session related tasks." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3422 +#: sssd.conf.5.xml:3423 msgid "" "<quote>none</quote> does not perform any kind of user session related tasks." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3426 +#: sssd.conf.5.xml:3427 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can perform " "session related tasks." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3430 +#: sssd.conf.5.xml:3431 msgid "" "<emphasis>NOTE:</emphasis> In order to have this feature working as expected " "SSSD must be running as \"root\" and not as the unprivileged user." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3438 +#: sssd.conf.5.xml:3439 msgid "autofs_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3441 +#: sssd.conf.5.xml:3442 msgid "" "The autofs provider used for the domain. Supported autofs providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3445 +#: sssd.conf.5.xml:3446 msgid "" "<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" @@ -4016,7 +4016,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3452 +#: sssd.conf.5.xml:3453 msgid "" "<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> " "<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </" @@ -4024,7 +4024,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3460 +#: sssd.conf.5.xml:3461 msgid "" "<quote>ad</quote> to load maps stored in an AD server. See <citerefentry> " "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </" @@ -4032,24 +4032,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3469 +#: sssd.conf.5.xml:3470 msgid "<quote>none</quote> disables autofs explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3479 +#: sssd.conf.5.xml:3480 msgid "hostid_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3482 +#: sssd.conf.5.xml:3483 msgid "" "The provider used for retrieving host identity information. Supported " "hostid providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3486 +#: sssd.conf.5.xml:3487 msgid "" "<quote>ipa</quote> to load host identity stored in an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" @@ -4057,31 +4057,31 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3494 +#: sssd.conf.5.xml:3495 msgid "<quote>none</quote> disables hostid explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3504 +#: sssd.conf.5.xml:3505 msgid "resolver_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3507 +#: sssd.conf.5.xml:3508 msgid "" "The provider which should handle hosts and networks lookups. Supported " "resolver providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3511 +#: sssd.conf.5.xml:3512 msgid "" "<quote>proxy</quote> to forward lookups to another NSS library. See " "<quote>proxy_resolver_lib_name</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3515 +#: sssd.conf.5.xml:3516 msgid "" "<quote>ldap</quote> to fetch hosts and networks stored in LDAP. See " "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" @@ -4089,7 +4089,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3522 +#: sssd.conf.5.xml:3523 msgid "" "<quote>ad</quote> to fetch hosts and networks stored in AD. See " "<citerefentry> <refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</" @@ -4098,12 +4098,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3530 +#: sssd.conf.5.xml:3531 msgid "<quote>none</quote> disallows fetching hosts and networks explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3543 +#: sssd.conf.5.xml:3544 msgid "" "Regular expression for this domain that describes how to parse the string " "containing user name and domain into these components. The \"domain\" can " @@ -4113,7 +4113,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3552 +#: sssd.conf.5.xml:3553 msgid "" "Default: <quote>^((?P<name>.+)@(?P<domain>[^@]*)|(?P<name>" "[^@]+))$</quote> which allows two different styles for user names:" @@ -4122,17 +4122,17 @@ msgstr "" # auto translated by TM merge from project: Fedora Websites, version: # fedorahosted.org, DocId: po/fedorahosted #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:3557 sssd.conf.5.xml:3571 +#: sssd.conf.5.xml:3558 sssd.conf.5.xml:3572 msgid "username" msgstr "username" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:3560 sssd.conf.5.xml:3574 +#: sssd.conf.5.xml:3561 sssd.conf.5.xml:3575 msgid "username@domain.name" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3565 +#: sssd.conf.5.xml:3566 msgid "" "Default for the AD and IPA provider: <quote>^(((?P<domain>[^\\\\]+)\\" "\\(?P<name>.+))|((?P<name>.+)@(?P<domain>[^@]+))|((?P<" @@ -4141,19 +4141,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:3577 +#: sssd.conf.5.xml:3578 msgid "domain\\username" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3580 +#: sssd.conf.5.xml:3581 msgid "" "While the first two correspond to the general default the third one is " "introduced to allow easy integration of users from Windows domains." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3585 +#: sssd.conf.5.xml:3586 msgid "" "The default re_expression uses the <quote>@</quote> character as a separator " "between the name and the domain. As a result of this setting the default " @@ -4163,93 +4163,93 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3637 +#: sssd.conf.5.xml:3638 msgid "Default: <quote>%1$s@%2$s</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3643 +#: sssd.conf.5.xml:3644 msgid "lookup_family_order (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3646 +#: sssd.conf.5.xml:3647 msgid "" "Provides the ability to select preferred address family to use when " "performing DNS lookups." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3650 +#: sssd.conf.5.xml:3651 msgid "Supported values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3653 +#: sssd.conf.5.xml:3654 msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3656 +#: sssd.conf.5.xml:3657 msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3659 +#: sssd.conf.5.xml:3660 msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3662 +#: sssd.conf.5.xml:3663 msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3665 +#: sssd.conf.5.xml:3666 msgid "Default: ipv4_first" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3671 +#: sssd.conf.5.xml:3672 #, fuzzy #| msgid "dns_resolver_timeout" msgid "dns_resolver_server_timeout (integer)" msgstr "dns_resolver_timeout" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3674 +#: sssd.conf.5.xml:3675 msgid "" "Defines the amount of time (in milliseconds) SSSD would try to talk to DNS " "server before trying next DNS server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3679 +#: sssd.conf.5.xml:3680 msgid "" "The AD provider will use this option for the CLDAP ping timeouts as well." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3683 sssd.conf.5.xml:3703 sssd.conf.5.xml:3724 +#: sssd.conf.5.xml:3684 sssd.conf.5.xml:3704 sssd.conf.5.xml:3725 msgid "" "Please see the section <quote>FAILOVER</quote> for more information about " "the service resolution." msgstr "" #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3688 sssd-ldap.5.xml:644 include/failover.xml:84 +#: sssd.conf.5.xml:3689 sssd-ldap.5.xml:644 include/failover.xml:84 msgid "Default: 1000" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3694 +#: sssd.conf.5.xml:3695 #, fuzzy #| msgid "dns_resolver_op_timeout" msgid "dns_resolver_op_timeout (integer)" msgstr "dns_resolver_op_timeout" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3697 +#: sssd.conf.5.xml:3698 msgid "" "Defines the amount of time (in seconds) to wait to resolve single DNS query " "(e.g. resolution of a hostname or an SRV record) before trying the next " @@ -4257,12 +4257,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3714 +#: sssd.conf.5.xml:3715 msgid "dns_resolver_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3717 +#: sssd.conf.5.xml:3718 msgid "" "Defines the amount of time (in seconds) to wait for a reply from the " "internal fail over service before assuming that the service is unreachable. " @@ -4271,14 +4271,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3735 +#: sssd.conf.5.xml:3736 #, fuzzy #| msgid "dns_resolver_timeout" msgid "dns_resolver_use_search_list (bool)" msgstr "dns_resolver_timeout" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3738 +#: sssd.conf.5.xml:3739 msgid "" "Normally, the DNS resolver searches the domain list defined in the " "\"search\" directive from the resolv.conf file. This can lead to delays in " @@ -4286,7 +4286,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3744 +#: sssd.conf.5.xml:3745 msgid "" "If fully qualified domain names (or _srv_) are used in the SSSD " "configuration, setting this option to FALSE can prevent unnecessary DNS " @@ -4294,71 +4294,71 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3750 +#: sssd.conf.5.xml:3751 #, fuzzy #| msgid "Default: 3" msgid "Default: TRUE" msgstr "Výchozí: 3" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3756 +#: sssd.conf.5.xml:3757 msgid "dns_discovery_domain (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3759 +#: sssd.conf.5.xml:3760 msgid "" "If service discovery is used in the back end, specifies the domain part of " "the service discovery DNS query." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3763 +#: sssd.conf.5.xml:3764 msgid "Default: Use the domain part of machine's hostname" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3769 +#: sssd.conf.5.xml:3770 msgid "override_gid (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3772 +#: sssd.conf.5.xml:3773 msgid "Override the primary GID value with the one specified." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3778 +#: sssd.conf.5.xml:3779 msgid "case_sensitive (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3785 +#: sssd.conf.5.xml:3786 msgid "True" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3788 +#: sssd.conf.5.xml:3789 msgid "Case sensitive. This value is invalid for AD provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3794 +#: sssd.conf.5.xml:3795 msgid "False" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3796 +#: sssd.conf.5.xml:3797 msgid "Case insensitive." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3800 +#: sssd.conf.5.xml:3801 msgid "Preserving" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3803 +#: sssd.conf.5.xml:3804 msgid "" "Same as False (case insensitive), but does not lowercase names in the result " "of NSS operations. Note that name aliases (and in case of services also " @@ -4366,31 +4366,31 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3811 +#: sssd.conf.5.xml:3812 msgid "" "If you want to set this value for trusted domain with IPA provider, you need " "to set it on both the client and SSSD on the server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3781 +#: sssd.conf.5.xml:3782 msgid "" "Treat user and group names as case sensitive. Possible option values are: " "<placeholder type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3826 +#: sssd.conf.5.xml:3827 msgid "Default: True (False for AD provider)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3832 +#: sssd.conf.5.xml:3833 msgid "subdomain_inherit (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3835 +#: sssd.conf.5.xml:3836 msgid "" "Specifies a list of configuration parameters that should be inherited by a " "subdomain. Please note that only selected parameters can be inherited. " @@ -4398,120 +4398,120 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3841 +#: sssd.conf.5.xml:3842 #, fuzzy #| msgid "dns_resolver_timeout" msgid "ldap_search_timeout" msgstr "dns_resolver_timeout" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3844 +#: sssd.conf.5.xml:3845 #, fuzzy #| msgid "dns_resolver_timeout" msgid "ldap_network_timeout" msgstr "dns_resolver_timeout" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3847 +#: sssd.conf.5.xml:3848 #, fuzzy #| msgid "dns_resolver_op_timeout" msgid "ldap_opt_timeout" msgstr "dns_resolver_op_timeout" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3850 +#: sssd.conf.5.xml:3851 #, fuzzy #| msgid "dns_resolver_timeout" msgid "ldap_offline_timeout" msgstr "dns_resolver_timeout" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3853 +#: sssd.conf.5.xml:3854 #, fuzzy #| msgid "dns_resolver_op_timeout" msgid "ldap_enumeration_refresh_timeout" msgstr "dns_resolver_op_timeout" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3856 +#: sssd.conf.5.xml:3857 msgid "ldap_enumeration_refresh_offset" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3859 +#: sssd.conf.5.xml:3860 msgid "ldap_purge_cache_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3862 +#: sssd.conf.5.xml:3863 msgid "ldap_purge_cache_offset" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3865 +#: sssd.conf.5.xml:3866 msgid "" "ldap_krb5_keytab (the value of krb5_keytab will be used if ldap_krb5_keytab " "is not set explicitly)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3869 +#: sssd.conf.5.xml:3870 msgid "ldap_krb5_ticket_lifetime" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3872 +#: sssd.conf.5.xml:3873 #, fuzzy #| msgid "dns_resolver_op_timeout" msgid "ldap_enumeration_search_timeout" msgstr "dns_resolver_op_timeout" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3875 +#: sssd.conf.5.xml:3876 #, fuzzy #| msgid "dns_resolver_op_timeout" msgid "ldap_connection_expire_timeout" msgstr "dns_resolver_op_timeout" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3878 +#: sssd.conf.5.xml:3879 #, fuzzy #| msgid "dns_resolver_op_timeout" msgid "ldap_connection_expire_offset" msgstr "dns_resolver_op_timeout" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3881 +#: sssd.conf.5.xml:3882 msgid "ldap_connection_idle_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3884 sssd-ldap.5.xml:400 +#: sssd.conf.5.xml:3885 sssd-ldap.5.xml:400 msgid "ldap_use_tokengroups" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3887 +#: sssd.conf.5.xml:3888 msgid "ldap_user_principal" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3890 +#: sssd.conf.5.xml:3891 msgid "ignore_group_members" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3893 +#: sssd.conf.5.xml:3894 msgid "auto_private_groups" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3896 +#: sssd.conf.5.xml:3897 msgid "case_sensitive" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:3901 +#: sssd.conf.5.xml:3902 #, no-wrap msgid "" "subdomain_inherit = ldap_purge_cache_timeout\n" @@ -4519,27 +4519,27 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3908 +#: sssd.conf.5.xml:3909 msgid "Note: This option only works with the IPA and AD provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3915 +#: sssd.conf.5.xml:3916 msgid "subdomain_homedir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3926 +#: sssd.conf.5.xml:3927 msgid "%F" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3927 +#: sssd.conf.5.xml:3928 msgid "flat (NetBIOS) name of a subdomain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3918 +#: sssd.conf.5.xml:3919 msgid "" "Use this homedir as default value for all subdomains within this domain in " "IPA AD trust. See <emphasis>override_homedir</emphasis> for info about " @@ -4549,34 +4549,34 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3932 +#: sssd.conf.5.xml:3933 msgid "" "The value can be overridden by <emphasis>override_homedir</emphasis> option." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3936 +#: sssd.conf.5.xml:3937 msgid "Default: <filename>/home/%d/%u</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3941 +#: sssd.conf.5.xml:3942 msgid "realmd_tags (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3944 +#: sssd.conf.5.xml:3945 msgid "" "Various tags stored by the realmd configuration service for this domain." msgstr "Různé štítky uložené službou nastavování realmd pro tuto doménu." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3950 +#: sssd.conf.5.xml:3951 msgid "cached_auth_timeout (int)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3953 +#: sssd.conf.5.xml:3954 msgid "" "Specifies time in seconds since last successful online authentication for " "which user will be authenticated using cached credentials while SSSD is in " @@ -4585,19 +4585,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3961 +#: sssd.conf.5.xml:3962 msgid "" "This option's value is inherited by all trusted domains. At the moment it is " "not possible to set a different value per trusted domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3966 +#: sssd.conf.5.xml:3967 msgid "Special value 0 implies that this feature is disabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3970 +#: sssd.conf.5.xml:3971 msgid "" "Please note that if <quote>cached_auth_timeout</quote> is longer than " "<quote>pam_id_timeout</quote> then the back end could be called to handle " @@ -4605,24 +4605,85 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3981 +#: sssd.conf.5.xml:3982 +#, fuzzy +#| msgid "simple_deny_users (string)" +msgid "local_auth_policy (string)" +msgstr "simple_deny_users (řetězec)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3985 +msgid "" +"Local authentication methods policy. Some backends (i.e. LDAP, proxy " +"provider) only support a password based authentication, while others can " +"handle PKINIT based Smartcard authentication (AD, IPA), two-factor " +"authentication (IPA), or other methods against a central instance. By " +"default in such cases authentication is only performed with the methods " +"supported by the backend." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3995 +msgid "" +"There are three possible values for this option: match, only, enable. " +"<quote>match</quote> is used to match offline and online states for Kerberos " +"methods. <quote>only</quote> ignores the online methods and only offer the " +"local ones. enable allows explicitly defining the methods for local " +"authentication. As an example, <quote>enable:passkey</quote>, only enables " +"passkey for local authentication. Multiple enable values should be comma-" +"separated, such as <quote>enable:passkey, enable:smartcard</quote>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:4011 +#, no-wrap +msgid "" +"[domain/shadowutils]\n" +"id_provider = proxy\n" +"proxy_lib_name = files\n" +"auth_provider = none\n" +"local_auth_policy = only\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4007 +msgid "" +"The following configuration example allows local users to authenticate " +"locally using any enabled method (i.e. smartcard, passkey). <placeholder " +"type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4019 +msgid "This option is ignored for the files provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4022 +#, fuzzy +#| msgid "Default: 3" +msgid "Default: match" +msgstr "Výchozí: 3" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4027 msgid "auto_private_groups (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3987 +#: sssd.conf.5.xml:4033 msgid "true" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3990 +#: sssd.conf.5.xml:4036 msgid "" "Create user's private group unconditionally from user's UID number. The GID " "number is ignored in this case." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3994 +#: sssd.conf.5.xml:4040 msgid "" "NOTE: Because the GID number and the user private group are inferred from " "the UID number, it is not supported to have multiple entries with the same " @@ -4631,24 +4692,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4003 +#: sssd.conf.5.xml:4049 msgid "false" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4006 +#: sssd.conf.5.xml:4052 msgid "" "Always use the user's primary GID number. The GID number must refer to a " "group object in the LDAP database." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4012 +#: sssd.conf.5.xml:4058 msgid "hybrid" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4015 +#: sssd.conf.5.xml:4061 msgid "" "A primary group is autogenerated for user entries whose UID and GID numbers " "have the same value and at the same time the GID number does not correspond " @@ -4658,14 +4719,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4028 +#: sssd.conf.5.xml:4074 msgid "" "If the UID and GID of a user are different, then the GID must correspond to " "a group entry, otherwise the GID is simply not resolvable." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4035 +#: sssd.conf.5.xml:4081 msgid "" "This feature is useful for environments that wish to stop maintaining a " "separate group objects for the user private groups, but also wish to retain " @@ -4673,21 +4734,21 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3984 +#: sssd.conf.5.xml:4030 msgid "" "This option takes any of three available values: <placeholder " "type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4047 +#: sssd.conf.5.xml:4093 msgid "" "For subdomains, the default value is False for subdomains that use assigned " "POSIX IDs and True for subdomains that use automatic ID-mapping." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:4055 +#: sssd.conf.5.xml:4101 #, no-wrap msgid "" "[domain/forest.domain/sub.domain]\n" @@ -4695,7 +4756,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:4061 +#: sssd.conf.5.xml:4107 #, no-wrap msgid "" "[domain/forest.domain]\n" @@ -4704,7 +4765,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4052 +#: sssd.conf.5.xml:4098 msgid "" "The value of auto_private_groups can either be set per subdomains in a " "subsection, for example: <placeholder type=\"programlisting\" id=\"0\"/> or " @@ -4713,7 +4774,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:2569 +#: sssd.conf.5.xml:2570 msgid "" "These configuration options can be present in a domain configuration " "section, that is, in a section called <quote>[domain/<replaceable>NAME</" @@ -4721,29 +4782,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4076 +#: sssd.conf.5.xml:4122 msgid "proxy_pam_target (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4079 +#: sssd.conf.5.xml:4125 msgid "The proxy target PAM proxies to." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4082 +#: sssd.conf.5.xml:4128 msgid "" "Default: not set by default, you have to take an existing pam configuration " "or create a new one and add the service name here." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4090 +#: sssd.conf.5.xml:4136 msgid "proxy_lib_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4093 +#: sssd.conf.5.xml:4139 msgid "" "The name of the NSS library to use in proxy domains. The NSS functions " "searched for in the library are in the form of _nss_$(libName)_$(function), " @@ -4751,12 +4812,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4103 +#: sssd.conf.5.xml:4149 msgid "proxy_resolver_lib_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4106 +#: sssd.conf.5.xml:4152 msgid "" "The name of the NSS library to use for hosts and networks lookups in proxy " "domains. The NSS functions searched for in the library are in the form of " @@ -4764,12 +4825,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4117 +#: sssd.conf.5.xml:4163 msgid "proxy_fast_alias (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4120 +#: sssd.conf.5.xml:4166 msgid "" "When a user or group is looked up by name in the proxy provider, a second " "lookup by ID is performed to \"canonicalize\" the name in case the requested " @@ -4778,12 +4839,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4134 +#: sssd.conf.5.xml:4180 msgid "proxy_max_children (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4137 +#: sssd.conf.5.xml:4183 msgid "" "This option specifies the number of pre-forked proxy children. It is useful " "for high-load SSSD environments where sssd may run out of available child " @@ -4791,19 +4852,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4072 +#: sssd.conf.5.xml:4118 msgid "" "Options valid for proxy domains. <placeholder type=\"variablelist\" " "id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:4153 +#: sssd.conf.5.xml:4199 msgid "Application domains" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4155 +#: sssd.conf.5.xml:4201 msgid "" "SSSD, with its D-Bus interface (see <citerefentry> <refentrytitle>sssd-ifp</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry>) is appealing to " @@ -4820,7 +4881,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4175 +#: sssd.conf.5.xml:4221 msgid "" "Please note that the application domain must still be explicitly enabled in " "the <quote>domains</quote> parameter so that the lookup order between the " @@ -4828,17 +4889,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> -#: sssd.conf.5.xml:4181 +#: sssd.conf.5.xml:4227 msgid "Application domain parameters" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4183 +#: sssd.conf.5.xml:4229 msgid "inherit_from (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4186 +#: sssd.conf.5.xml:4232 msgid "" "The SSSD POSIX-type domain the application domain inherits all settings " "from. The application domain can moreover add its own settings to the " @@ -4847,7 +4908,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4200 +#: sssd.conf.5.xml:4246 msgid "" "The following example illustrates the use of an application domain. In this " "setup, the POSIX domain is connected to an LDAP server and is used by the OS " @@ -4857,7 +4918,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><programlisting> -#: sssd.conf.5.xml:4208 +#: sssd.conf.5.xml:4254 #, no-wrap msgid "" "[sssd]\n" @@ -4877,12 +4938,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4228 +#: sssd.conf.5.xml:4274 msgid "TRUSTED DOMAIN SECTION" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4230 +#: sssd.conf.5.xml:4276 msgid "" "Some options used in the domain section can also be used in the trusted " "domain section, that is, in a section called <quote>[domain/" @@ -4893,69 +4954,69 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4237 +#: sssd.conf.5.xml:4283 msgid "ldap_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4238 +#: sssd.conf.5.xml:4284 msgid "ldap_user_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4239 +#: sssd.conf.5.xml:4285 msgid "ldap_group_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4240 +#: sssd.conf.5.xml:4286 msgid "ldap_netgroup_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4241 +#: sssd.conf.5.xml:4287 msgid "ldap_service_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4242 +#: sssd.conf.5.xml:4288 msgid "ldap_sasl_mech," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4243 +#: sssd.conf.5.xml:4289 msgid "ad_server," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4244 +#: sssd.conf.5.xml:4290 msgid "ad_backup_server," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4245 +#: sssd.conf.5.xml:4291 msgid "ad_site," msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4246 sssd-ipa.5.xml:879 +#: sssd.conf.5.xml:4292 sssd-ipa.5.xml:879 msgid "use_fully_qualified_names" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4250 +#: sssd.conf.5.xml:4296 msgid "" "For more details about these options see their individual description in the " "manual page." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4256 +#: sssd.conf.5.xml:4302 msgid "CERTIFICATE MAPPING SECTION" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4258 +#: sssd.conf.5.xml:4304 msgid "" "To allow authentication with Smartcards and certificates SSSD must be able " "to map certificates to users. This can be done by adding the full " @@ -4968,7 +5029,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4272 +#: sssd.conf.5.xml:4318 msgid "" "To make the mapping more flexible mapping and matching rules were added to " "SSSD (see <citerefentry> <refentrytitle>sss-certmap</refentrytitle> " @@ -4976,7 +5037,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4281 +#: sssd.conf.5.xml:4327 msgid "" "A mapping and matching rule can be added to the SSSD configuration in a " "section on its own with a name like <quote>[certmap/" @@ -4985,55 +5046,55 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4288 +#: sssd.conf.5.xml:4334 msgid "matchrule (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4291 +#: sssd.conf.5.xml:4337 msgid "" "Only certificates from the Smartcard which matches this rule will be " "processed, all others are ignored." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4295 +#: sssd.conf.5.xml:4341 msgid "" "Default: KRB5:<EKU>clientAuth, i.e. only certificates which have the " "Extended Key Usage <quote>clientAuth</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4302 +#: sssd.conf.5.xml:4348 msgid "maprule (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4305 +#: sssd.conf.5.xml:4351 msgid "Defines how the user is found for a given certificate." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4311 +#: sssd.conf.5.xml:4357 msgid "" "LDAP:(userCertificate;binary={cert!bin}) for LDAP based providers like " "<quote>ldap</quote>, <quote>AD</quote> or <quote>ipa</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4317 +#: sssd.conf.5.xml:4363 msgid "" "The RULE_NAME for the <quote>files</quote> provider which tries to find a " "user with the same name." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4326 +#: sssd.conf.5.xml:4372 msgid "domains (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4329 +#: sssd.conf.5.xml:4375 msgid "" "Comma separated list of domain names the rule should be applied. By default " "a rule is only valid in the domain configured in sssd.conf. If the provider " @@ -5042,17 +5103,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4336 +#: sssd.conf.5.xml:4382 msgid "Default: the configured domain in sssd.conf" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4341 +#: sssd.conf.5.xml:4387 msgid "priority (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4344 +#: sssd.conf.5.xml:4390 msgid "" "Unsigned integer value defining the priority of the rule. The higher the " "number the lower the priority. <quote>0</quote> stands for the highest " @@ -5060,26 +5121,26 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4350 +#: sssd.conf.5.xml:4396 msgid "Default: the lowest priority" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4356 +#: sssd.conf.5.xml:4402 msgid "" "To make the configuration simple and reduce the amount of configuration " "options the <quote>files</quote> provider has some special properties:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4362 +#: sssd.conf.5.xml:4408 msgid "" "if maprule is not set the RULE_NAME name is assumed to be the name of the " "matching user" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4368 +#: sssd.conf.5.xml:4414 msgid "" "if a maprule is used both a single user name or a template like " "<quote>{subject_rfc822_name.short_name}</quote> must be in braces like e.g. " @@ -5088,17 +5149,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4377 +#: sssd.conf.5.xml:4423 msgid "the <quote>domains</quote> option is ignored" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4385 +#: sssd.conf.5.xml:4431 msgid "PROMPTING CONFIGURATION SECTION" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4387 +#: sssd.conf.5.xml:4433 msgid "" "If a special file (<filename>/var/lib/sss/pubconf/pam_preauth_available</" "filename>) exists SSSD's PAM module pam_sss will ask SSSD to figure out " @@ -5108,7 +5169,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4395 +#: sssd.conf.5.xml:4441 msgid "" "With the growing number of authentication methods and the possibility that " "there are multiple ones for a single user the heuristic used by pam_sss to " @@ -5117,59 +5178,59 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4407 +#: sssd.conf.5.xml:4453 msgid "[prompting/password]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4410 +#: sssd.conf.5.xml:4456 msgid "password_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4411 +#: sssd.conf.5.xml:4457 msgid "to change the string of the password prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4409 +#: sssd.conf.5.xml:4455 msgid "" "to configure password prompting, allowed options are: <placeholder " "type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4419 +#: sssd.conf.5.xml:4465 msgid "[prompting/2fa]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4423 +#: sssd.conf.5.xml:4469 msgid "first_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4424 +#: sssd.conf.5.xml:4470 msgid "to change the string of the prompt for the first factor" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4427 +#: sssd.conf.5.xml:4473 msgid "second_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4428 +#: sssd.conf.5.xml:4474 msgid "to change the string of the prompt for the second factor" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4431 +#: sssd.conf.5.xml:4477 msgid "single_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4432 +#: sssd.conf.5.xml:4478 msgid "" "boolean value, if True there will be only a single prompt using the value of " "first_prompt where it is expected that both factors are entered as a single " @@ -5178,7 +5239,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4421 +#: sssd.conf.5.xml:4467 msgid "" "to configure two-factor authentication prompting, allowed options are: " "<placeholder type=\"variablelist\" id=\"0\"/> If the second factor is " @@ -5187,17 +5248,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4449 +#: sssd.conf.5.xml:4495 msgid "[prompting/passkey]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4455 sssd-ad.5.xml:1021 +#: sssd.conf.5.xml:4501 sssd-ad.5.xml:1021 msgid "interactive" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4457 +#: sssd.conf.5.xml:4503 msgid "" "boolean value, if True prompt a message and wait before testing the presence " "of a passkey device. Recommended if your device doesn’t have a tactile " @@ -5205,46 +5266,46 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4465 +#: sssd.conf.5.xml:4511 msgid "interactive_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4467 +#: sssd.conf.5.xml:4513 msgid "to change the message of the interactive prompt." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4472 +#: sssd.conf.5.xml:4518 msgid "touch" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4474 +#: sssd.conf.5.xml:4520 msgid "" "boolean value, if True prompt a message to remind the user to touch the " "device." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4480 +#: sssd.conf.5.xml:4526 msgid "touch_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4482 +#: sssd.conf.5.xml:4528 msgid "to change the message of the touch prompt." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4451 +#: sssd.conf.5.xml:4497 msgid "" "to configure passkey authentication prompting, allowed options are: " "<placeholder type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4402 +#: sssd.conf.5.xml:4448 msgid "" "Each supported authentication method has its own configuration subsection " "under <quote>[prompting/...]</quote>. Currently there are: <placeholder " @@ -5253,7 +5314,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4493 +#: sssd.conf.5.xml:4539 msgid "" "It is possible to add a subsection for specific PAM services, e.g. " "<quote>[prompting/password/sshd]</quote> to individual change the prompting " @@ -5261,12 +5322,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4500 pam_sss_gss.8.xml:157 idmap_sss.8.xml:43 +#: sssd.conf.5.xml:4546 pam_sss_gss.8.xml:157 idmap_sss.8.xml:43 msgid "EXAMPLES" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4506 +#: sssd.conf.5.xml:4552 #, no-wrap msgid "" "[sssd]\n" @@ -5296,7 +5357,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4502 +#: sssd.conf.5.xml:4548 msgid "" "1. The following example shows a typical SSSD config. It does not describe " "configuration of the domains themselves - refer to documentation on " @@ -5305,7 +5366,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4539 +#: sssd.conf.5.xml:4585 #, no-wrap msgid "" "[domain/ipa.com/child.ad.com]\n" @@ -5313,7 +5374,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4533 +#: sssd.conf.5.xml:4579 msgid "" "2. The following example shows configuration of IPA AD trust where the AD " "forest consists of two domains in a parent-child structure. Suppose IPA " @@ -5324,7 +5385,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4550 +#: sssd.conf.5.xml:4596 #, no-wrap msgid "" "[certmap/my.domain/rule_name]\n" @@ -5335,7 +5396,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4544 +#: sssd.conf.5.xml:4590 msgid "" "3. The following example shows the configuration of a certificate mapping " "rule. It is valid for the configured domain <quote>my.domain</quote> and " @@ -17388,7 +17449,7 @@ msgstr "" #: include/ldap_id_mapping.xml:235 msgid "" "When this option is configured, domains will be allocated starting with " -"slice zero and increasing monatomically with each additional domain." +"slice zero and increasing monotonically with each additional domain." msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> diff --git a/src/man/po/de.po b/src/man/po/de.po index 5a6187b14fd..a2f003b0a17 100644 --- a/src/man/po/de.po +++ b/src/man/po/de.po @@ -10,7 +10,7 @@ msgid "" msgstr "" "Project-Id-Version: sssd-docs 2.3.0\n" "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" -"POT-Creation-Date: 2023-05-05 10:09+0200\n" +"POT-Creation-Date: 2023-09-07 11:47+0200\n" "PO-Revision-Date: 2021-02-02 14:40+0000\n" "Last-Translator: Sumit Bose <sbose@redhat.com>\n" "Language-Team: German <https://translate.fedoraproject.org/projects/sssd/" @@ -219,8 +219,8 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:136 sssd.conf.5.xml:173 sssd.conf.5.xml:358 -#: sssd.conf.5.xml:714 sssd.conf.5.xml:729 sssd.conf.5.xml:951 -#: sssd.conf.5.xml:1069 sssd.conf.5.xml:2197 sssd-ldap.5.xml:1071 +#: sssd.conf.5.xml:714 sssd.conf.5.xml:729 sssd.conf.5.xml:952 +#: sssd.conf.5.xml:1070 sssd.conf.5.xml:2198 sssd-ldap.5.xml:1071 #: sssd-ldap.5.xml:1174 sssd-ldap.5.xml:1243 sssd-ldap.5.xml:1750 #: sssd-ldap.5.xml:1815 sssd-ipa.5.xml:342 sssd-ad.5.xml:252 sssd-ad.5.xml:366 #: sssd-ad.5.xml:1200 sssd-ad.5.xml:1348 sssd-krb5.5.xml:358 @@ -240,8 +240,8 @@ msgid "" msgstr "" #. type: Content of: <variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:149 sssd.conf.5.xml:652 sssd.conf.5.xml:948 -#: sssd.conf.5.xml:2100 sssd.conf.5.xml:2167 sssd.conf.5.xml:4128 +#: sssd.conf.5.xml:149 sssd.conf.5.xml:652 sssd.conf.5.xml:949 +#: sssd.conf.5.xml:2101 sssd.conf.5.xml:2168 sssd.conf.5.xml:4174 #: sssd-ldap.5.xml:312 sssd-ldap.5.xml:917 sssd-ldap.5.xml:936 #: sssd-ldap.5.xml:1146 sssd-ldap.5.xml:1599 sssd-ldap.5.xml:1839 #: sssd-ipa.5.xml:152 sssd-ipa.5.xml:254 sssd-ipa.5.xml:657 sssd-ad.5.xml:1106 @@ -311,8 +311,8 @@ msgid "" msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:196 sssd.conf.5.xml:1289 sssd.conf.5.xml:1766 -#: sssd.conf.5.xml:4144 sssd-ldap.5.xml:765 include/ldap_id_mapping.xml:270 +#: sssd.conf.5.xml:196 sssd.conf.5.xml:1290 sssd.conf.5.xml:1767 +#: sssd.conf.5.xml:4190 sssd-ldap.5.xml:765 include/ldap_id_mapping.xml:270 msgid "Default: 10" msgstr "Voreinstellung: 10" @@ -383,12 +383,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:258 sssd.conf.5.xml:783 +#: sssd.conf.5.xml:258 sssd.conf.5.xml:784 msgid "reconnection_retries (integer)" msgstr "reconnection_retries (Ganzzahl)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:261 sssd.conf.5.xml:786 +#: sssd.conf.5.xml:261 sssd.conf.5.xml:787 msgid "" "Number of times services should attempt to reconnect in the event of a Data " "Provider crash or restart before they give up" @@ -398,7 +398,7 @@ msgstr "" "startet." #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:266 sssd.conf.5.xml:791 sssd.conf.5.xml:3708 +#: sssd.conf.5.xml:266 sssd.conf.5.xml:792 sssd.conf.5.xml:3709 #: include/failover.xml:100 msgid "Default: 3" msgstr "Voreinstellung: 3" @@ -420,7 +420,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:287 sssd.conf.5.xml:3540 +#: sssd.conf.5.xml:287 sssd.conf.5.xml:3541 msgid "re_expression (string)" msgstr "re_expression (Zeichenkette)" @@ -443,12 +443,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:304 sssd.conf.5.xml:3597 +#: sssd.conf.5.xml:304 sssd.conf.5.xml:3598 msgid "full_name_format (string)" msgstr "full_name_format (Zeichenkette)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:307 sssd.conf.5.xml:3600 +#: sssd.conf.5.xml:307 sssd.conf.5.xml:3601 msgid "" "A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</" "manvolnum> </citerefentry>-compatible format that describes how to compose a " @@ -460,32 +460,32 @@ msgstr "" "zusammengestellt wird." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:318 sssd.conf.5.xml:3611 +#: sssd.conf.5.xml:318 sssd.conf.5.xml:3612 msgid "%1$s" msgstr "%1$s" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:319 sssd.conf.5.xml:3612 +#: sssd.conf.5.xml:319 sssd.conf.5.xml:3613 msgid "user name" msgstr "Benutzername" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:322 sssd.conf.5.xml:3615 +#: sssd.conf.5.xml:322 sssd.conf.5.xml:3616 msgid "%2$s" msgstr "%2$s" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:325 sssd.conf.5.xml:3618 +#: sssd.conf.5.xml:325 sssd.conf.5.xml:3619 msgid "domain name as specified in the SSSD config file." msgstr "Domain-Name, wie er durch die SSSD-Konfigurationsdatei angegeben wird" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:331 sssd.conf.5.xml:3624 +#: sssd.conf.5.xml:331 sssd.conf.5.xml:3625 msgid "%3$s" msgstr "%3$s" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:334 sssd.conf.5.xml:3627 +#: sssd.conf.5.xml:334 sssd.conf.5.xml:3628 msgid "" "domain flat name. Mostly usable for Active Directory domains, both directly " "configured or discovered via IPA trusts." @@ -494,7 +494,7 @@ msgstr "" "direkt konfiguriert als auch über IPA-Trust" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:315 sssd.conf.5.xml:3608 +#: sssd.conf.5.xml:315 sssd.conf.5.xml:3609 msgid "" "The following expansions are supported: <placeholder type=\"variablelist\" " "id=\"0\"/>" @@ -937,7 +937,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:700 sssd.conf.5.xml:1790 sssd.conf.5.xml:4194 +#: sssd.conf.5.xml:700 sssd.conf.5.xml:1791 sssd.conf.5.xml:4240 #: sssd-ad.5.xml:187 sssd-ad.5.xml:327 sssd-ad.5.xml:341 msgid "Default: Not set" msgstr "Voreinstellung: Nicht gesetzt" @@ -990,11 +990,11 @@ msgstr "ipa_automount_location (Zeichenkette)" #: sssd.conf.5.xml:744 msgid "" "Enable or disable the user verification (i.e. PIN, fingerprint) during " -"authentication." +"authentication. If enabled, the PIN will always be requested." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:749 +#: sssd.conf.5.xml:750 msgid "" "The default is that the key settings decide what to do. In the IPA or " "kerberos pre-authentication case, this value will be overwritten by the " @@ -1033,12 +1033,12 @@ msgstr "" "verwendet. <placeholder type=\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:768 +#: sssd.conf.5.xml:769 msgid "SERVICES SECTIONS" msgstr "DIENSTABSCHNITTE" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:770 +#: sssd.conf.5.xml:771 msgid "" "Settings that can be used to configure different services are described in " "this section. They should reside in the [<replaceable>$NAME</replaceable>] " @@ -1051,22 +1051,22 @@ msgstr "" "Abschnitt zum Beispiel <quote>[nss]</quote>." #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:777 +#: sssd.conf.5.xml:778 msgid "General service configuration options" msgstr "Allgemeine Optionen zum Konfigurieren von Diensten" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:779 +#: sssd.conf.5.xml:780 msgid "These options can be used to configure any service." msgstr "Diese Optionen können zur Konfiguration jedes Dienstes benutzt werden." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:796 +#: sssd.conf.5.xml:797 msgid "fd_limit" msgstr "fd_limit" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:799 +#: sssd.conf.5.xml:800 msgid "" "This option specifies the maximum number of file descriptors that may be " "opened at one time by this SSSD process. On systems where SSSD is granted " @@ -1082,17 +1082,17 @@ msgstr "" "Begrenzung in der »limit.conf« sein." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:808 +#: sssd.conf.5.xml:809 msgid "Default: 8192 (or limits.conf \"hard\" limit)" msgstr "Voreinstellung: 8192 (oder die »harte« Begrenzung der »limit.conf«)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:813 +#: sssd.conf.5.xml:814 msgid "client_idle_timeout" msgstr "client_idle_timeout" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:816 +#: sssd.conf.5.xml:817 msgid "" "This option specifies the number of seconds that a client of an SSSD process " "can hold onto a file descriptor without communicating on it. This value is " @@ -1102,19 +1102,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:825 +#: sssd.conf.5.xml:826 #, fuzzy #| msgid "Default: 300" msgid "Default: 60, KCM: 300" msgstr "Voreinstellung: 300" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:830 +#: sssd.conf.5.xml:831 msgid "offline_timeout (integer)" msgstr "offline_timeout (Ganzzahl)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:833 +#: sssd.conf.5.xml:834 msgid "" "When SSSD switches to offline mode the amount of time before it tries to go " "back online will increase based upon the time spent disconnected. By " @@ -1125,14 +1125,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:844 sssd.conf.5.xml:900 +#: sssd.conf.5.xml:845 sssd.conf.5.xml:901 msgid "" "new_delay = Minimum(old_delay * 2, offline_timeout_max) + random[0..." "offline_timeout_random_offset]" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:847 +#: sssd.conf.5.xml:848 msgid "" "The offline_timeout default value is 60. The offline_timeout_max default " "value is 3600. The offline_timeout_random_offset default value is 30. The " @@ -1140,46 +1140,46 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:853 +#: sssd.conf.5.xml:854 msgid "" "Note that the maximum length of each interval is defined by " "offline_timeout_max (apart of random part)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:857 sssd.conf.5.xml:1200 sssd.conf.5.xml:1583 -#: sssd.conf.5.xml:1879 sssd-ldap.5.xml:494 +#: sssd.conf.5.xml:858 sssd.conf.5.xml:1201 sssd.conf.5.xml:1584 +#: sssd.conf.5.xml:1880 sssd-ldap.5.xml:494 msgid "Default: 60" msgstr "Voreinstellung: 60" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:862 +#: sssd.conf.5.xml:863 #, fuzzy #| msgid "offline_timeout (integer)" msgid "offline_timeout_max (integer)" msgstr "offline_timeout (Ganzzahl)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:865 +#: sssd.conf.5.xml:866 msgid "" "Controls by how much the time between attempts to go online can be " "incremented following unsuccessful attempts to go online." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:870 +#: sssd.conf.5.xml:871 msgid "A value of 0 disables the incrementing behaviour." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:873 +#: sssd.conf.5.xml:874 msgid "" "The value of this parameter should be set in correlation to offline_timeout " "parameter value." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:877 +#: sssd.conf.5.xml:878 msgid "" "With offline_timeout set to 60 (default value) there is no point in setting " "offlinet_timeout_max to less than 120 as it will saturate instantly. General " @@ -1188,64 +1188,64 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:883 +#: sssd.conf.5.xml:884 msgid "" "Although a value between 0 and offline_timeout may be specified, it has the " "effect of overriding the offline_timeout value so is of little use." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:888 +#: sssd.conf.5.xml:889 #, fuzzy #| msgid "Default: 300" msgid "Default: 3600" msgstr "Voreinstellung: 300" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:893 +#: sssd.conf.5.xml:894 #, fuzzy #| msgid "offline_timeout (integer)" msgid "offline_timeout_random_offset (integer)" msgstr "offline_timeout (Ganzzahl)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:896 +#: sssd.conf.5.xml:897 msgid "" "When SSSD is in offline mode it keeps probing backend servers in specified " "time intervals:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:903 +#: sssd.conf.5.xml:904 msgid "" "This parameter controls the value of the random offset used for the above " "equation. Final random_offset value will be random number in range:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:908 +#: sssd.conf.5.xml:909 msgid "[0 - offline_timeout_random_offset]" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:911 +#: sssd.conf.5.xml:912 msgid "A value of 0 disables the random offset addition." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:914 +#: sssd.conf.5.xml:915 #, fuzzy #| msgid "Default: 300" msgid "Default: 30" msgstr "Voreinstellung: 300" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:919 +#: sssd.conf.5.xml:920 msgid "responder_idle_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:922 +#: sssd.conf.5.xml:923 msgid "" "This option specifies the number of seconds that an SSSD responder process " "can be up without being used. This value is limited in order to avoid " @@ -1257,30 +1257,30 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:936 sssd.conf.5.xml:1213 sssd.conf.5.xml:2321 +#: sssd.conf.5.xml:937 sssd.conf.5.xml:1214 sssd.conf.5.xml:2322 #: sssd-ldap.5.xml:331 msgid "Default: 300" msgstr "Voreinstellung: 300" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:941 +#: sssd.conf.5.xml:942 msgid "cache_first" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:944 +#: sssd.conf.5.xml:945 msgid "" "This option specifies whether the responder should query all caches before " "querying the Data Providers." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:959 +#: sssd.conf.5.xml:960 msgid "NSS configuration options" msgstr "NSS-Konfigurationsoptionen" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:961 +#: sssd.conf.5.xml:962 msgid "" "These options can be used to configure the Name Service Switch (NSS) service." msgstr "" @@ -1288,12 +1288,12 @@ msgstr "" "benutzt werden" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:966 +#: sssd.conf.5.xml:967 msgid "enum_cache_timeout (integer)" msgstr "enum_cache_timeout (Ganzzahl)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:969 +#: sssd.conf.5.xml:970 msgid "" "How many seconds should nss_sss cache enumerations (requests for info about " "all users)" @@ -1302,17 +1302,17 @@ msgstr "" "über alle Nutzer) zwischenspeichern?" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:973 +#: sssd.conf.5.xml:974 msgid "Default: 120" msgstr "Voreinstellung: 120" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:978 +#: sssd.conf.5.xml:979 msgid "entry_cache_nowait_percentage (integer)" msgstr "entry_cache_nowait_percentage (Ganzzahl)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:981 +#: sssd.conf.5.xml:982 msgid "" "The entry cache can be set to automatically update entries in the background " "if they are requested beyond a percentage of the entry_cache_timeout value " @@ -1324,7 +1324,7 @@ msgstr "" "werden." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:987 +#: sssd.conf.5.xml:988 msgid "" "For example, if the domain's entry_cache_timeout is set to 30s and " "entry_cache_nowait_percentage is set to 50 (percent), entries that come in " @@ -1341,7 +1341,7 @@ msgstr "" "Zwischenspeicheraktualisierung zu warten." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:997 +#: sssd.conf.5.xml:998 msgid "" "Valid values for this option are 0-99 and represent a percentage of the " "entry_cache_timeout for each domain. For performance reasons, this " @@ -1354,17 +1354,17 @@ msgstr "" "Sekunden senken. (0 schaltet diese Funktionalität aus.)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1005 sssd.conf.5.xml:2121 +#: sssd.conf.5.xml:1006 sssd.conf.5.xml:2122 msgid "Default: 50" msgstr "Voreinstellung: 50" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1010 +#: sssd.conf.5.xml:1011 msgid "entry_negative_timeout (integer)" msgstr "entry_negative_timeout (Ganzzahl)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1013 +#: sssd.conf.5.xml:1014 msgid "" "Specifies for how many seconds nss_sss should cache negative cache hits " "(that is, queries for invalid database entries, like nonexistent ones) " @@ -1376,17 +1376,17 @@ msgstr "" "Backend erneut gefragt wird)." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1019 sssd.conf.5.xml:1778 sssd.conf.5.xml:2145 +#: sssd.conf.5.xml:1020 sssd.conf.5.xml:1779 sssd.conf.5.xml:2146 msgid "Default: 15" msgstr "Voreinstellung: 15" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1024 +#: sssd.conf.5.xml:1025 msgid "local_negative_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1027 +#: sssd.conf.5.xml:1028 msgid "" "Specifies for how many seconds nss_sss should keep local users and groups in " "negative cache before trying to look it up in the back end again. Setting " @@ -1394,17 +1394,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1033 +#: sssd.conf.5.xml:1034 msgid "Default: 14400 (4 hours)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1038 +#: sssd.conf.5.xml:1039 msgid "filter_users, filter_groups (string)" msgstr "filter_users, filter_groups (Zeichenkette)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1041 +#: sssd.conf.5.xml:1042 msgid "" "Exclude certain users or groups from being fetched from the sss NSS " "database. This is particularly useful for system accounts. This option can " @@ -1413,7 +1413,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1049 +#: sssd.conf.5.xml:1050 msgid "" "NOTE: The filter_groups option doesn't affect inheritance of nested group " "members, since filtering happens after they are propagated for returning via " @@ -1422,17 +1422,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1057 +#: sssd.conf.5.xml:1058 msgid "Default: root" msgstr "Voreinstellung: root" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1062 +#: sssd.conf.5.xml:1063 msgid "filter_users_in_groups (bool)" msgstr "filter_users_in_groups (Boolesch)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1065 +#: sssd.conf.5.xml:1066 msgid "" "If you want filtered user still be group members set this option to false." msgstr "" @@ -1440,12 +1440,12 @@ msgstr "" "setzen Sie diese Option auf »false«." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1076 +#: sssd.conf.5.xml:1077 msgid "fallback_homedir (string)" msgstr "fallback_homedir (Zeichenkette)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1079 +#: sssd.conf.5.xml:1080 msgid "" "Set a default template for a user's home directory if one is not specified " "explicitly by the domain's data provider." @@ -1454,7 +1454,7 @@ msgstr "" "es nicht explizit durch den Datenanbieter der Domain angegeben wurde." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1084 +#: sssd.conf.5.xml:1085 msgid "" "The available values for this option are the same as for override_homedir." msgstr "" @@ -1462,7 +1462,7 @@ msgstr "" "»override_homedir«." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1090 +#: sssd.conf.5.xml:1091 #, no-wrap msgid "" "fallback_homedir = /home/%u\n" @@ -1472,25 +1472,25 @@ msgstr "" " " #. type: Content of: <varlistentry><listitem><para> -#: sssd.conf.5.xml:1088 sssd.conf.5.xml:1650 sssd.conf.5.xml:1669 -#: sssd.conf.5.xml:1746 sssd-krb5.5.xml:451 include/override_homedir.xml:66 +#: sssd.conf.5.xml:1089 sssd.conf.5.xml:1651 sssd.conf.5.xml:1670 +#: sssd.conf.5.xml:1747 sssd-krb5.5.xml:451 include/override_homedir.xml:66 msgid "example: <placeholder type=\"programlisting\" id=\"0\"/>" msgstr "Beispiel: <placeholder type=\"programlisting\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1094 +#: sssd.conf.5.xml:1095 msgid "Default: not set (no substitution for unset home directories)" msgstr "" "Voreinstellung: nicht gesetzt (kein Ersetzen nicht gesetzter Home-" "Verzeichnisse)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1100 +#: sssd.conf.5.xml:1101 msgid "override_shell (string)" msgstr "override_shell (Zeichenkette)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1103 +#: sssd.conf.5.xml:1104 msgid "" "Override the login shell for all users. This option supersedes any other " "shell options if it takes effect and can be set either in the [nss] section " @@ -1501,19 +1501,19 @@ msgstr "" "entweder im Abschnitt [nss] oder für jede Domain gesetzt werden." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1109 +#: sssd.conf.5.xml:1110 msgid "Default: not set (SSSD will use the value retrieved from LDAP)" msgstr "" "Voreinstellung: nicht gesetzt (SSSD wird den von LDAP erhaltenen Wert " "benutzen)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1115 +#: sssd.conf.5.xml:1116 msgid "allowed_shells (string)" msgstr "allowed_shells (Zeichenkette)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1118 +#: sssd.conf.5.xml:1119 msgid "" "Restrict user shell to one of the listed values. The order of evaluation is:" msgstr "" @@ -1521,12 +1521,12 @@ msgstr "" "Reihenfolge der Auswertung ist:" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1121 +#: sssd.conf.5.xml:1122 msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used." msgstr "1. Falls die Shell in »/etc/shells« vorhanden ist, wird sie benutzt." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1125 +#: sssd.conf.5.xml:1126 msgid "" "2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</" "quote>, use the value of the shell_fallback parameter." @@ -1535,7 +1535,7 @@ msgstr "" "shells« steht, wird der Wert des Parameters »shell_fallback« verwendet." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1130 +#: sssd.conf.5.xml:1131 msgid "" "3. If the shell is not in the allowed_shells list and not in <quote>/etc/" "shells</quote>, a nologin shell is used." @@ -1544,12 +1544,12 @@ msgstr "" "steht, wird eine Nicht-Login-Shell benutzt." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1135 +#: sssd.conf.5.xml:1136 msgid "The wildcard (*) can be used to allow any shell." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1138 +#: sssd.conf.5.xml:1139 msgid "" "The (*) is useful if you want to use shell_fallback in case that user's " "shell is not in <quote>/etc/shells</quote> and maintaining list of all " @@ -1557,13 +1557,13 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1145 +#: sssd.conf.5.xml:1146 msgid "An empty string for shell is passed as-is to libc." msgstr "" "Eine leere Zeichenkette als Shell wird, so wie sie ist, an Libc übergeben." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1148 +#: sssd.conf.5.xml:1149 msgid "" "The <quote>/etc/shells</quote> is only read on SSSD start up, which means " "that a restart of the SSSD is required in case a new shell is installed." @@ -1572,28 +1572,28 @@ msgstr "" "Fall einer neu installierten Shell ein Neustart von SSSD nötig ist." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1152 +#: sssd.conf.5.xml:1153 msgid "Default: Not set. The user shell is automatically used." msgstr "" "Voreinstellung: nicht gesetzt. Die Benutzer-Shell wird automatisch verwendet." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1157 +#: sssd.conf.5.xml:1158 msgid "vetoed_shells (string)" msgstr "vetoed_shells (Zeichenkette)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1160 +#: sssd.conf.5.xml:1161 msgid "Replace any instance of these shells with the shell_fallback" msgstr "ersetzt jedwede Instanz dieser Shells durch die aus »shell_fallback«." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1165 +#: sssd.conf.5.xml:1166 msgid "shell_fallback (string)" msgstr "shell_fallback (Zeichenkette)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1168 +#: sssd.conf.5.xml:1169 msgid "" "The default shell to use if an allowed shell is not installed on the machine." msgstr "" @@ -1601,17 +1601,17 @@ msgstr "" "auf dem Rechner installiert ist." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1172 +#: sssd.conf.5.xml:1173 msgid "Default: /bin/sh" msgstr "Voreinstellung: /bin/sh" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1177 +#: sssd.conf.5.xml:1178 msgid "default_shell" msgstr "default_shell" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1180 +#: sssd.conf.5.xml:1181 msgid "" "The default shell to use if the provider does not return one during lookup. " "This option can be specified globally in the [nss] section or per-domain." @@ -1621,7 +1621,7 @@ msgstr "" "jede Domain gesetzt werden." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1186 +#: sssd.conf.5.xml:1187 msgid "" "Default: not set (Return NULL if no shell is specified and rely on libc to " "substitute something sensible when necessary, usually /bin/sh)" @@ -1631,12 +1631,12 @@ msgstr "" "Vernünftiges, üblicherweise /bin/sh, ersetzt.)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1193 sssd.conf.5.xml:1576 +#: sssd.conf.5.xml:1194 sssd.conf.5.xml:1577 msgid "get_domains_timeout (int)" msgstr "get_domains_timeout (Ganzzahl)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1196 sssd.conf.5.xml:1579 +#: sssd.conf.5.xml:1197 sssd.conf.5.xml:1580 msgid "" "Specifies time in seconds for which the list of subdomains will be " "considered valid." @@ -1645,43 +1645,43 @@ msgstr "" "gültig erachtet wird." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1205 +#: sssd.conf.5.xml:1206 #, fuzzy #| msgid "enum_cache_timeout (integer)" msgid "memcache_timeout (integer)" msgstr "enum_cache_timeout (Ganzzahl)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1208 +#: sssd.conf.5.xml:1209 msgid "" "Specifies time in seconds for which records in the in-memory cache will be " "valid. Setting this option to zero will disable the in-memory cache." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1216 +#: sssd.conf.5.xml:1217 msgid "" "WARNING: Disabling the in-memory cache will have significant negative impact " "on SSSD's performance and should only be used for testing." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1222 sssd.conf.5.xml:1247 sssd.conf.5.xml:1272 -#: sssd.conf.5.xml:1297 sssd.conf.5.xml:1324 +#: sssd.conf.5.xml:1223 sssd.conf.5.xml:1248 sssd.conf.5.xml:1273 +#: sssd.conf.5.xml:1298 sssd.conf.5.xml:1325 msgid "" "NOTE: If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", " "client applications will not use the fast in-memory cache." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1230 +#: sssd.conf.5.xml:1231 #, fuzzy #| msgid "enum_cache_timeout (integer)" msgid "memcache_size_passwd (integer)" msgstr "enum_cache_timeout (Ganzzahl)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1233 +#: sssd.conf.5.xml:1234 msgid "" "Size (in megabytes) of the data table allocated inside fast in-memory cache " "for passwd requests. Setting the size to 0 will disable the passwd in-" @@ -1689,27 +1689,27 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1239 sssd.conf.5.xml:2963 sssd-ldap.5.xml:548 +#: sssd.conf.5.xml:1240 sssd.conf.5.xml:2964 sssd-ldap.5.xml:548 msgid "Default: 8" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1242 sssd.conf.5.xml:1267 sssd.conf.5.xml:1292 -#: sssd.conf.5.xml:1319 +#: sssd.conf.5.xml:1243 sssd.conf.5.xml:1268 sssd.conf.5.xml:1293 +#: sssd.conf.5.xml:1320 msgid "" "WARNING: Disabled or too small in-memory cache can have significant negative " "impact on SSSD's performance." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1255 +#: sssd.conf.5.xml:1256 #, fuzzy #| msgid "enum_cache_timeout (integer)" msgid "memcache_size_group (integer)" msgstr "enum_cache_timeout (Ganzzahl)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1258 +#: sssd.conf.5.xml:1259 msgid "" "Size (in megabytes) of the data table allocated inside fast in-memory cache " "for group requests. Setting the size to 0 will disable the group in-memory " @@ -1717,21 +1717,21 @@ msgid "" msgstr "" #. type: Content of: <variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1264 sssd.conf.5.xml:1316 sssd.conf.5.xml:3729 +#: sssd.conf.5.xml:1265 sssd.conf.5.xml:1317 sssd.conf.5.xml:3730 #: sssd-ldap.5.xml:473 sssd-ldap.5.xml:525 include/failover.xml:116 #: include/krb5_options.xml:11 msgid "Default: 6" msgstr "Voreinstellung: 6" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1280 +#: sssd.conf.5.xml:1281 #, fuzzy #| msgid "enum_cache_timeout (integer)" msgid "memcache_size_initgroups (integer)" msgstr "enum_cache_timeout (Ganzzahl)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1283 +#: sssd.conf.5.xml:1284 msgid "" "Size (in megabytes) of the data table allocated inside fast in-memory cache " "for initgroups requests. Setting the size to 0 will disable the initgroups " @@ -1739,14 +1739,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1305 +#: sssd.conf.5.xml:1306 #, fuzzy #| msgid "enum_cache_timeout (integer)" msgid "memcache_size_sid (integer)" msgstr "enum_cache_timeout (Ganzzahl)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1308 +#: sssd.conf.5.xml:1309 msgid "" "Size (in megabytes) of the data table allocated inside fast in-memory cache " "for SID related requests. Only SID-by-ID and ID-by-SID requests are " @@ -1755,12 +1755,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1332 sssd-ifp.5.xml:90 +#: sssd.conf.5.xml:1333 sssd-ifp.5.xml:90 msgid "user_attributes (string)" msgstr "user_attributes (Zeichenkette)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1335 +#: sssd.conf.5.xml:1336 msgid "" "Some of the additional NSS responder requests can return more attributes " "than just the POSIX ones defined by the NSS interface. The list of " @@ -1771,38 +1771,38 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1348 +#: sssd.conf.5.xml:1349 msgid "" "To make configuration more easy the NSS responder will check the InfoPipe " "option if it is not set for the NSS responder." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1353 +#: sssd.conf.5.xml:1354 msgid "Default: not set, fallback to InfoPipe option" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1358 +#: sssd.conf.5.xml:1359 msgid "pwfield (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1361 +#: sssd.conf.5.xml:1362 msgid "" "The value that NSS operations that return users or groups will return for " "the <quote>password</quote> field." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1366 +#: sssd.conf.5.xml:1367 #, fuzzy #| msgid "Default: <quote>permit</quote>" msgid "Default: <quote>*</quote>" msgstr "Voreinstellung: »permit«" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1369 +#: sssd.conf.5.xml:1370 #, fuzzy #| msgid "This option can also be set per-domain." msgid "" @@ -1811,7 +1811,7 @@ msgid "" msgstr "Diese Option kann auch pro Domain gesetzt werden." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1373 +#: sssd.conf.5.xml:1374 msgid "" "Default: <quote>not set</quote> (remote domains), <phrase " "condition=\"with_files_provider\"> <quote>x</quote> (the files domain), </" @@ -1820,12 +1820,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:1385 +#: sssd.conf.5.xml:1386 msgid "PAM configuration options" msgstr "PAM-Konfigurationsoptionen" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:1387 +#: sssd.conf.5.xml:1388 msgid "" "These options can be used to configure the Pluggable Authentication Module " "(PAM) service." @@ -1834,12 +1834,12 @@ msgstr "" "Authentication Module« (PAM) einzurichten." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1392 +#: sssd.conf.5.xml:1393 msgid "offline_credentials_expiration (integer)" msgstr "offline_credentials_expiration (Ganzzahl)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1395 +#: sssd.conf.5.xml:1396 msgid "" "If the authentication provider is offline, how long should we allow cached " "logins (in days since the last successful online login)." @@ -1849,17 +1849,17 @@ msgstr "" "erfolgreichen Anmeldung)?" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1400 sssd.conf.5.xml:1413 +#: sssd.conf.5.xml:1401 sssd.conf.5.xml:1414 msgid "Default: 0 (No limit)" msgstr "Voreinstellung: 0 (unbegrenzt)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1406 +#: sssd.conf.5.xml:1407 msgid "offline_failed_login_attempts (integer)" msgstr "offline_failed_login_attempts (Ganzzahl)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1409 +#: sssd.conf.5.xml:1410 msgid "" "If the authentication provider is offline, how many failed login attempts " "are allowed." @@ -1868,12 +1868,12 @@ msgstr "" "Authentifizierungsanbieter offline ist?" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1419 +#: sssd.conf.5.xml:1420 msgid "offline_failed_login_delay (integer)" msgstr "offline_failed_login_delay (Ganzzahl)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1422 +#: sssd.conf.5.xml:1423 msgid "" "The time in minutes which has to pass after offline_failed_login_attempts " "has been reached before a new login attempt is possible." @@ -1883,7 +1883,7 @@ msgstr "" "Anmeldeversuch möglich ist." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1427 +#: sssd.conf.5.xml:1428 msgid "" "If set to 0 the user cannot authenticate offline if " "offline_failed_login_attempts has been reached. Only a successful online " @@ -1895,17 +1895,17 @@ msgstr "" "Authentifizierung reaktivieren." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1433 sssd.conf.5.xml:1543 +#: sssd.conf.5.xml:1434 sssd.conf.5.xml:1544 msgid "Default: 5" msgstr "Voreinstellung: 5" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1439 +#: sssd.conf.5.xml:1440 msgid "pam_verbosity (integer)" msgstr "pam_verbosity (Ganzzahl)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1442 +#: sssd.conf.5.xml:1443 msgid "" "Controls what kind of messages are shown to the user during authentication. " "The higher the number to more messages are displayed." @@ -1914,45 +1914,45 @@ msgstr "" "angezeigt werden. Je höher die Zahl, desto mehr Nachrichten werden angezeigt." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1447 +#: sssd.conf.5.xml:1448 msgid "Currently sssd supports the following values:" msgstr "Derzeit unterstützt SSSD folgende Werte:" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1450 +#: sssd.conf.5.xml:1451 msgid "<emphasis>0</emphasis>: do not show any message" msgstr "<emphasis>0</emphasis>: keine Nachricht anzeigen" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1453 +#: sssd.conf.5.xml:1454 msgid "<emphasis>1</emphasis>: show only important messages" msgstr "<emphasis>1</emphasis>: nur wichtige Nachrichten anzeigen" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1457 +#: sssd.conf.5.xml:1458 msgid "<emphasis>2</emphasis>: show informational messages" msgstr "<emphasis>2</emphasis>: nur informative Nachrichten anzeigen" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1460 +#: sssd.conf.5.xml:1461 msgid "<emphasis>3</emphasis>: show all messages and debug information" msgstr "" "<emphasis>3</emphasis>: alle Nachrichten und Debug-Informationen anzeigen" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1464 sssd.8.xml:63 +#: sssd.conf.5.xml:1465 sssd.8.xml:63 msgid "Default: 1" msgstr "Voreinstellung: 1" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1470 +#: sssd.conf.5.xml:1471 #, fuzzy #| msgid "ad_access_filter (string)" msgid "pam_response_filter (string)" msgstr "ad_access_filter (Zeichenkette)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1473 +#: sssd.conf.5.xml:1474 msgid "" "A comma separated list of strings which allows to remove (filter) data sent " "by the PAM responder to pam_sss PAM module. There are different kind of " @@ -1961,51 +1961,51 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1481 +#: sssd.conf.5.xml:1482 msgid "" "While messages already can be controlled with the help of the pam_verbosity " "option this option allows to filter out other kind of responses as well." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1488 +#: sssd.conf.5.xml:1489 msgid "ENV" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1489 +#: sssd.conf.5.xml:1490 msgid "Do not send any environment variables to any service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1492 +#: sssd.conf.5.xml:1493 msgid "ENV:var_name" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1493 +#: sssd.conf.5.xml:1494 msgid "Do not send environment variable var_name to any service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1497 +#: sssd.conf.5.xml:1498 msgid "ENV:var_name:service" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1498 +#: sssd.conf.5.xml:1499 msgid "Do not send environment variable var_name to service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1486 +#: sssd.conf.5.xml:1487 msgid "" "Currently the following filters are supported: <placeholder " "type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1505 +#: sssd.conf.5.xml:1506 msgid "" "The list of strings can either be the list of filters which would set this " "list of filters and overwrite the defaults. Or each element of the list can " @@ -2016,23 +2016,23 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1516 +#: sssd.conf.5.xml:1517 msgid "Default: ENV:KRB5CCNAME:sudo, ENV:KRB5CCNAME:sudo-i" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1519 +#: sssd.conf.5.xml:1520 msgid "" "Example: -ENV:KRB5CCNAME:sudo-i will remove the filter from the default list" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1526 +#: sssd.conf.5.xml:1527 msgid "pam_id_timeout (integer)" msgstr "pam_id_timeout (Ganzzahl)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1529 +#: sssd.conf.5.xml:1530 msgid "" "For any PAM request while SSSD is online, the SSSD will attempt to " "immediately update the cached identity information for the user in order to " @@ -2044,7 +2044,7 @@ msgstr "" "den neusten Informationen erfolgt." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1535 +#: sssd.conf.5.xml:1536 msgid "" "A complete PAM conversation may perform multiple PAM requests, such as " "account management and session opening. This option controls (on a per-" @@ -2058,17 +2058,17 @@ msgstr "" "viele Abfragen der Identitätsanbieter zu vermeiden." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1549 +#: sssd.conf.5.xml:1550 msgid "pam_pwd_expiration_warning (integer)" msgstr "pam_pwd_expiration_warning (Ganzzahl)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1552 sssd.conf.5.xml:2987 +#: sssd.conf.5.xml:1553 sssd.conf.5.xml:2988 msgid "Display a warning N days before the password expires." msgstr "zeigt N Tage vor Ablauf des Passworts eine Warnung an." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1555 +#: sssd.conf.5.xml:1556 msgid "" "Please note that the backend server has to provide information about the " "expiration time of the password. If this information is missing, sssd " @@ -2079,7 +2079,7 @@ msgstr "" "SSSD keine Warnung anzeigen." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1561 sssd.conf.5.xml:2990 +#: sssd.conf.5.xml:1562 sssd.conf.5.xml:2991 msgid "" "If zero is set, then this filter is not applied, i.e. if the expiration " "warning was received from backend server, it will automatically be displayed." @@ -2089,7 +2089,7 @@ msgstr "" "automatisch angezeigt." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1566 +#: sssd.conf.5.xml:1567 msgid "" "This setting can be overridden by setting <emphasis>pwd_expiration_warning</" "emphasis> for a particular domain." @@ -2098,17 +2098,17 @@ msgstr "" "emphasis> für eine bestimmte Domain außer Kraft gesetzt werden." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1571 sssd.conf.5.xml:3976 sssd-ldap.5.xml:606 sssd.8.xml:79 +#: sssd.conf.5.xml:1572 sssd.conf.5.xml:3977 sssd-ldap.5.xml:606 sssd.8.xml:79 msgid "Default: 0" msgstr "Voreinstellung: 0" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1588 +#: sssd.conf.5.xml:1589 msgid "pam_trusted_users (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1591 +#: sssd.conf.5.xml:1592 msgid "" "Specifies the comma-separated list of UID values or user names that are " "allowed to run PAM conversations against trusted domains. Users not " @@ -2118,75 +2118,75 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1601 +#: sssd.conf.5.xml:1602 msgid "Default: All users are considered trusted by default" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1605 +#: sssd.conf.5.xml:1606 msgid "" "Please note that UID 0 is always allowed to access the PAM responder even in " "case it is not in the pam_trusted_users list." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1612 +#: sssd.conf.5.xml:1613 msgid "pam_public_domains (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1615 +#: sssd.conf.5.xml:1616 msgid "" "Specifies the comma-separated list of domain names that are accessible even " "to untrusted users." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1619 +#: sssd.conf.5.xml:1620 msgid "Two special values for pam_public_domains option are defined:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1623 +#: sssd.conf.5.xml:1624 msgid "" "all (Untrusted users are allowed to access all domains in PAM responder.)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1627 +#: sssd.conf.5.xml:1628 msgid "" "none (Untrusted users are not allowed to access any domains PAM in " "responder.)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1631 sssd.conf.5.xml:1656 sssd.conf.5.xml:1675 -#: sssd.conf.5.xml:1912 sssd.conf.5.xml:2732 sssd.conf.5.xml:3905 +#: sssd.conf.5.xml:1632 sssd.conf.5.xml:1657 sssd.conf.5.xml:1676 +#: sssd.conf.5.xml:1913 sssd.conf.5.xml:2733 sssd.conf.5.xml:3906 #: sssd-ldap.5.xml:1207 msgid "Default: none" msgstr "Voreinstellung: none" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1636 +#: sssd.conf.5.xml:1637 msgid "pam_account_expired_message (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1639 +#: sssd.conf.5.xml:1640 msgid "" "Allows a custom expiration message to be set, replacing the default " "'Permission denied' message." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1644 +#: sssd.conf.5.xml:1645 msgid "" "Note: Please be aware that message is only printed for the SSH service " "unless pam_verbosity is set to 3 (show all messages and debug information)." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1652 +#: sssd.conf.5.xml:1653 #, no-wrap msgid "" "pam_account_expired_message = Account expired, please contact help desk.\n" @@ -2194,19 +2194,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1661 +#: sssd.conf.5.xml:1662 msgid "pam_account_locked_message (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1664 +#: sssd.conf.5.xml:1665 msgid "" "Allows a custom lockout message to be set, replacing the default 'Permission " "denied' message." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1671 +#: sssd.conf.5.xml:1672 #, no-wrap msgid "" "pam_account_locked_message = Account locked, please contact help desk.\n" @@ -2214,19 +2214,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1680 +#: sssd.conf.5.xml:1681 #, fuzzy #| msgid "ldap_chpass_update_last_change (bool)" msgid "pam_passkey_auth (bool)" msgstr "ldap_chpass_update_last_change (Boolesch)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1683 +#: sssd.conf.5.xml:1684 msgid "Enable passkey device based authentication." msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1686 sssd.conf.5.xml:1697 sssd.conf.5.xml:1711 +#: sssd.conf.5.xml:1687 sssd.conf.5.xml:1698 sssd.conf.5.xml:1712 #: sssd-ldap.5.xml:671 sssd-ldap.5.xml:692 sssd-ldap.5.xml:788 #: sssd-ldap.5.xml:1293 sssd-ad.5.xml:505 sssd-ad.5.xml:581 sssd-ad.5.xml:1126 #: sssd-ad.5.xml:1175 include/ldap_id_mapping.xml:250 @@ -2234,22 +2234,22 @@ msgid "Default: False" msgstr "Voreinstellung: False" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1691 +#: sssd.conf.5.xml:1692 msgid "passkey_debug_libfido2 (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1694 +#: sssd.conf.5.xml:1695 msgid "Enable libfido2 library debug messages." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1702 +#: sssd.conf.5.xml:1703 msgid "pam_cert_auth (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1705 +#: sssd.conf.5.xml:1706 msgid "" "Enable certificate based Smartcard authentication. Since this requires " "additional communication with the Smartcard which will delay the " @@ -2257,36 +2257,36 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1716 +#: sssd.conf.5.xml:1717 msgid "pam_cert_db_path (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1719 +#: sssd.conf.5.xml:1720 msgid "The path to the certificate database." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1722 sssd.conf.5.xml:2247 sssd.conf.5.xml:4308 +#: sssd.conf.5.xml:1723 sssd.conf.5.xml:2248 sssd.conf.5.xml:4354 msgid "Default:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1724 sssd.conf.5.xml:2249 +#: sssd.conf.5.xml:1725 sssd.conf.5.xml:2250 msgid "" "/etc/sssd/pki/sssd_auth_ca_db.pem (path to a file with trusted CA " "certificates in PEM format)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1734 +#: sssd.conf.5.xml:1735 #, fuzzy #| msgid "ipa_automount_location (string)" msgid "pam_cert_verification (string)" msgstr "ipa_automount_location (Zeichenkette)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1737 +#: sssd.conf.5.xml:1738 msgid "" "With this parameter the PAM certificate verification can be tuned with a " "comma separated list of options that override the " @@ -2296,7 +2296,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1748 +#: sssd.conf.5.xml:1749 #, fuzzy, no-wrap #| msgid "" #| "fallback_homedir = /home/%u\n" @@ -2309,61 +2309,61 @@ msgstr "" " " #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1752 +#: sssd.conf.5.xml:1753 msgid "" "Default: not set, i.e. use default <quote>certificate_verification</quote> " "option defined in <quote>[sssd]</quote> section." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1759 +#: sssd.conf.5.xml:1760 msgid "p11_child_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1762 +#: sssd.conf.5.xml:1763 msgid "How many seconds will pam_sss wait for p11_child to finish." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1771 +#: sssd.conf.5.xml:1772 #, fuzzy #| msgid "pam_id_timeout (integer)" msgid "passkey_child_timeout (integer)" msgstr "pam_id_timeout (Ganzzahl)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1774 +#: sssd.conf.5.xml:1775 msgid "" "How many seconds will the PAM responder wait for passkey_child to finish." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1783 +#: sssd.conf.5.xml:1784 msgid "pam_app_services (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1786 +#: sssd.conf.5.xml:1787 msgid "" "Which PAM services are permitted to contact domains of type " "<quote>application</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1795 +#: sssd.conf.5.xml:1796 msgid "pam_p11_allowed_services (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1798 +#: sssd.conf.5.xml:1799 msgid "" "A comma-separated list of PAM service names for which it will be allowed to " "use Smartcards." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1813 +#: sssd.conf.5.xml:1814 #, no-wrap msgid "" "pam_p11_allowed_services = +my_pam_service, -login\n" @@ -2371,7 +2371,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1802 +#: sssd.conf.5.xml:1803 msgid "" "It is possible to add another PAM service name to the default set by using " "<quote>+service_name</quote> or to explicitly remove a PAM service name from " @@ -2383,63 +2383,63 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1817 sssd-ad.5.xml:644 sssd-ad.5.xml:753 sssd-ad.5.xml:811 +#: sssd.conf.5.xml:1818 sssd-ad.5.xml:644 sssd-ad.5.xml:753 sssd-ad.5.xml:811 #: sssd-ad.5.xml:869 sssd-ad.5.xml:947 msgid "Default: the default set of PAM service names includes:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1822 sssd-ad.5.xml:648 +#: sssd.conf.5.xml:1823 sssd-ad.5.xml:648 msgid "login" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1827 sssd-ad.5.xml:653 +#: sssd.conf.5.xml:1828 sssd-ad.5.xml:653 msgid "su" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1832 sssd-ad.5.xml:658 +#: sssd.conf.5.xml:1833 sssd-ad.5.xml:658 msgid "su-l" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1837 sssd-ad.5.xml:673 +#: sssd.conf.5.xml:1838 sssd-ad.5.xml:673 msgid "gdm-smartcard" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1842 sssd-ad.5.xml:668 +#: sssd.conf.5.xml:1843 sssd-ad.5.xml:668 msgid "gdm-password" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1847 sssd-ad.5.xml:678 +#: sssd.conf.5.xml:1848 sssd-ad.5.xml:678 msgid "kdm" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1852 sssd-ad.5.xml:956 +#: sssd.conf.5.xml:1853 sssd-ad.5.xml:956 msgid "sudo" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1857 sssd-ad.5.xml:961 +#: sssd.conf.5.xml:1858 sssd-ad.5.xml:961 msgid "sudo-i" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1862 +#: sssd.conf.5.xml:1863 msgid "gnome-screensaver" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1870 +#: sssd.conf.5.xml:1871 msgid "p11_wait_for_card_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1873 +#: sssd.conf.5.xml:1874 msgid "" "If Smartcard authentication is required how many extra seconds in addition " "to p11_child_timeout should the PAM responder wait until a Smartcard is " @@ -2447,12 +2447,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1884 +#: sssd.conf.5.xml:1885 msgid "p11_uri (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1887 +#: sssd.conf.5.xml:1888 msgid "" "PKCS#11 URI (see RFC-7512 for details) which can be used to restrict the " "selection of devices used for Smartcard authentication. By default SSSD's " @@ -2463,7 +2463,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1900 +#: sssd.conf.5.xml:1901 #, no-wrap msgid "" "p11_uri = pkcs11:slot-description=My%20Smartcard%20Reader\n" @@ -2471,7 +2471,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1904 +#: sssd.conf.5.xml:1905 #, no-wrap msgid "" "p11_uri = pkcs11:library-description=OpenSC%20smartcard%20framework;slot-id=2\n" @@ -2479,7 +2479,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1898 +#: sssd.conf.5.xml:1899 msgid "" "Example: <placeholder type=\"programlisting\" id=\"0\"/> or <placeholder " "type=\"programlisting\" id=\"1\"/> To find suitable URI please check the " @@ -2488,47 +2488,47 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1917 +#: sssd.conf.5.xml:1918 msgid "pam_initgroups_scheme" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1925 +#: sssd.conf.5.xml:1926 msgid "always" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1926 +#: sssd.conf.5.xml:1927 msgid "" "Always do an online lookup, please note that pam_id_timeout still applies" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1930 +#: sssd.conf.5.xml:1931 msgid "no_session" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1931 +#: sssd.conf.5.xml:1932 msgid "" "Only do an online lookup if there is no active session of the user, i.e. if " "the user is currently not logged in" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1936 +#: sssd.conf.5.xml:1937 msgid "never" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1937 +#: sssd.conf.5.xml:1938 msgid "" "Never force an online lookup, use the data from the cache as long as they " "are not expired" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1920 +#: sssd.conf.5.xml:1921 msgid "" "The PAM responder can force an online lookup to get the current group " "memberships of the user trying to log in. This option controls when this " @@ -2537,17 +2537,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1944 +#: sssd.conf.5.xml:1945 msgid "Default: no_session" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1949 sssd.conf.5.xml:4247 +#: sssd.conf.5.xml:1950 sssd.conf.5.xml:4293 msgid "pam_gssapi_services" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1952 +#: sssd.conf.5.xml:1953 #, fuzzy #| msgid "Comma separated list of users who are allowed to log in." msgid "" @@ -2556,13 +2556,13 @@ msgid "" msgstr "Durch Kommata getrennte Liste von Benutzern, die sich anmelden dürfen." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1957 +#: sssd.conf.5.xml:1958 msgid "" "To disable GSSAPI authentication, set this option to <quote>-</quote> (dash)." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1961 sssd.conf.5.xml:1992 sssd.conf.5.xml:2030 +#: sssd.conf.5.xml:1962 sssd.conf.5.xml:1993 sssd.conf.5.xml:2031 msgid "" "Note: This option can also be set per-domain which overwrites the value in " "[pam] section. It can also be set for trusted domain which overwrites the " @@ -2570,7 +2570,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1969 +#: sssd.conf.5.xml:1970 #, fuzzy, no-wrap #| msgid "" #| "fallback_homedir = /home/%u\n" @@ -2583,22 +2583,22 @@ msgstr "" " " #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1967 sssd.conf.5.xml:3899 +#: sssd.conf.5.xml:1968 sssd.conf.5.xml:3900 msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1973 +#: sssd.conf.5.xml:1974 msgid "Default: - (GSSAPI authentication is disabled)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1978 sssd.conf.5.xml:4248 +#: sssd.conf.5.xml:1979 sssd.conf.5.xml:4294 msgid "pam_gssapi_check_upn" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1981 +#: sssd.conf.5.xml:1982 msgid "" "If True, SSSD will require that the Kerberos user principal that " "successfully authenticated through GSSAPI can be associated with the user " @@ -2606,25 +2606,25 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1988 +#: sssd.conf.5.xml:1989 msgid "" "If False, every user that is able to obtained required service ticket will " "be authenticated." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1998 sssd-ad.5.xml:1266 sss_rpcidmapd.5.xml:76 +#: sssd.conf.5.xml:1999 sssd-ad.5.xml:1266 sss_rpcidmapd.5.xml:76 #: sssd-files.5.xml:145 msgid "Default: True" msgstr "Voreinstellung: True" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2003 +#: sssd.conf.5.xml:2004 msgid "pam_gssapi_indicators_map" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2006 +#: sssd.conf.5.xml:2007 msgid "" "Comma separated list of authentication indicators required to be present in " "a Kerberos ticket to access a PAM service that is allowed to try GSSAPI " @@ -2632,7 +2632,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2012 +#: sssd.conf.5.xml:2013 msgid "" "Each element of the list can be either an authentication indicator name or a " "pair <quote>service:indicator</quote>. Indicators not prefixed with the PAM " @@ -2647,7 +2647,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2025 +#: sssd.conf.5.xml:2026 msgid "" "To disable GSSAPI authentication indicator check, set this option to <quote>-" "</quote> (dash). To disable the check for a specific PAM service, add " @@ -2655,45 +2655,45 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2036 +#: sssd.conf.5.xml:2037 msgid "" "Following authentication indicators are supported by IPA Kerberos " "deployments:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2039 +#: sssd.conf.5.xml:2040 msgid "" "pkinit -- pre-authentication using X.509 certificates -- whether stored in " "files or on smart cards." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2042 +#: sssd.conf.5.xml:2043 msgid "" "hardened -- SPAKE pre-authentication or any pre-authentication wrapped in a " "FAST channel." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2045 +#: sssd.conf.5.xml:2046 msgid "radius -- pre-authentication with the help of a RADIUS server." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2048 +#: sssd.conf.5.xml:2049 msgid "" "otp -- pre-authentication using integrated two-factor authentication (2FA or " "one-time password, OTP) in IPA." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2051 +#: sssd.conf.5.xml:2052 msgid "idp -- pre-authentication using external identity provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:2061 +#: sssd.conf.5.xml:2062 #, no-wrap msgid "" "pam_gssapi_indicators_map = sudo:pkinit, sudo-i:pkinit\n" @@ -2701,7 +2701,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2056 +#: sssd.conf.5.xml:2057 msgid "" "Example: to require access to SUDO services only for users which obtained " "their Kerberos tickets with a X.509 certificate pre-authentication (PKINIT), " @@ -2709,7 +2709,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2065 +#: sssd.conf.5.xml:2066 #, fuzzy #| msgid "Default: not set (no substitution for unset home directories)" msgid "Default: not set (use of authentication indicators is not required)" @@ -2718,12 +2718,12 @@ msgstr "" "Verzeichnisse)" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:2073 +#: sssd.conf.5.xml:2074 msgid "SUDO configuration options" msgstr "Sudo-Konfigurationsoptionen" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2075 +#: sssd.conf.5.xml:2076 msgid "" "These options can be used to configure the sudo service. The detailed " "instructions for configuration of <citerefentry> <refentrytitle>sudo</" @@ -2741,12 +2741,12 @@ msgstr "" "manvolnum> </citerefentry>." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2092 +#: sssd.conf.5.xml:2093 msgid "sudo_timed (bool)" msgstr "sudo_timed (Boolesch)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2095 +#: sssd.conf.5.xml:2096 msgid "" "Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes " "that implement time-dependent sudoers entries." @@ -2756,12 +2756,12 @@ msgstr "" "nicht." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2107 +#: sssd.conf.5.xml:2108 msgid "sudo_threshold (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2110 +#: sssd.conf.5.xml:2111 msgid "" "Maximum number of expired rules that can be refreshed at once. If number of " "expired rules is below threshold, those rules are refreshed with " @@ -2771,23 +2771,23 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:2129 +#: sssd.conf.5.xml:2130 msgid "AUTOFS configuration options" msgstr "AUTOFS-Konfigurationsoptionen" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2131 +#: sssd.conf.5.xml:2132 msgid "These options can be used to configure the autofs service." msgstr "" "Diese Optionen können zum Konfigurieren des Dienstes »autofs« benutzt werden." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2135 +#: sssd.conf.5.xml:2136 msgid "autofs_negative_timeout (integer)" msgstr "autofs_negative_timeout (Ganzzahl)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2138 +#: sssd.conf.5.xml:2139 msgid "" "Specifies for how many seconds should the autofs responder negative cache " "hits (that is, queries for invalid map entries, like nonexistent ones) " @@ -2798,23 +2798,23 @@ msgstr "" "nicht existierende), bevor das Backend erneut befragt wird." #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:2154 +#: sssd.conf.5.xml:2155 msgid "SSH configuration options" msgstr "SSH-Konfigurationsoptionen" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2156 +#: sssd.conf.5.xml:2157 msgid "These options can be used to configure the SSH service." msgstr "" "Diese Optionen können zum Konfigurieren des SSH-Dienstes benutzt werden." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2160 +#: sssd.conf.5.xml:2161 msgid "ssh_hash_known_hosts (bool)" msgstr "ssh_hash_known_hosts (Boolesch)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2163 +#: sssd.conf.5.xml:2164 msgid "" "Whether or not to hash host names and addresses in the managed known_hosts " "file." @@ -2823,12 +2823,12 @@ msgstr "" "»known_hosts« zusammengemischt werden oder nicht." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2172 +#: sssd.conf.5.xml:2173 msgid "ssh_known_hosts_timeout (integer)" msgstr "ssh_known_hosts_timeout (Ganzzahl)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2175 +#: sssd.conf.5.xml:2176 msgid "" "How many seconds to keep a host in the managed known_hosts file after its " "host keys were requested." @@ -2837,17 +2837,17 @@ msgstr "" "»known_hosts« behalten wird, bevor seine Rechnerschlüssel abgefragt werden." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2179 +#: sssd.conf.5.xml:2180 msgid "Default: 180" msgstr "Voreinstellung: 180" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2184 +#: sssd.conf.5.xml:2185 msgid "ssh_use_certificate_keys (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2187 +#: sssd.conf.5.xml:2188 msgid "" "If set to true the <command>sss_ssh_authorizedkeys</command> will return ssh " "keys derived from the public key of X.509 certificates stored in the user " @@ -2856,12 +2856,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2202 +#: sssd.conf.5.xml:2203 msgid "ssh_use_certificate_matching_rules (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2205 +#: sssd.conf.5.xml:2206 msgid "" "By default the ssh responder will use all available certificate matching " "rules to filter the certificates so that ssh keys are only derived from the " @@ -2871,7 +2871,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2214 +#: sssd.conf.5.xml:2215 msgid "" "There are two special key words 'all_rules' and 'no_rules' which will enable " "all or no rules, respectively. The latter means that no certificates will be " @@ -2879,7 +2879,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2221 +#: sssd.conf.5.xml:2222 msgid "" "If no rules are configured using 'all_rules' will enable a default rule " "which enables all certificates suitable for client authentication. This is " @@ -2888,38 +2888,38 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2228 +#: sssd.conf.5.xml:2229 msgid "" "A non-existing rule name is considered an error. If as a result no rule is " "selected all certificates will be ignored." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2233 +#: sssd.conf.5.xml:2234 msgid "" "Default: not set, equivalent to 'all_rules', all found rules or the default " "rule are used" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2239 +#: sssd.conf.5.xml:2240 msgid "ca_db (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2242 +#: sssd.conf.5.xml:2243 msgid "" "Path to a storage of trusted CA certificates. The option is used to validate " "user certificates before deriving public ssh keys from them." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:2262 +#: sssd.conf.5.xml:2263 msgid "PAC responder configuration options" msgstr "PAC-Responder-Konfigurationsoptionen" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2264 +#: sssd.conf.5.xml:2265 msgid "" "The PAC responder works together with the authorization data plugin for MIT " "Kerberos sssd_pac_plugin.so and a sub-domain provider. The plugin sends the " @@ -2930,7 +2930,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2273 +#: sssd.conf.5.xml:2274 msgid "" "If the remote user does not exist in the cache, it is created. The UID is " "determined with the help of the SID, trusted domains will have UPGs and the " @@ -2941,7 +2941,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2281 +#: sssd.conf.5.xml:2282 msgid "" "If there are SIDs of groups from domains sssd knows about, the user will be " "added to those groups." @@ -2950,18 +2950,18 @@ msgstr "" "diesen Gruppen hinzugefügt." #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2287 +#: sssd.conf.5.xml:2288 msgid "These options can be used to configure the PAC responder." msgstr "" "Diese Optionen können zur Konfiguration des PAC-Responders verwendet werden." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2291 sssd-ifp.5.xml:66 +#: sssd.conf.5.xml:2292 sssd-ifp.5.xml:66 msgid "allowed_uids (string)" msgstr "allowed_uids (Zeichenkette)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2294 +#: sssd.conf.5.xml:2295 msgid "" "Specifies the comma-separated list of UID values or user names that are " "allowed to access the PAC responder. User names are resolved to UIDs at " @@ -2972,14 +2972,14 @@ msgstr "" "beim Starten zu UIDs aufgelöst." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2300 +#: sssd.conf.5.xml:2301 msgid "Default: 0 (only the root user is allowed to access the PAC responder)" msgstr "" "Voreinstellung: 0 (Nur dem Benutzer Root ist der Zugriff auf den PAC-" "Responder gestattet.)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2304 +#: sssd.conf.5.xml:2305 msgid "" "Please note that although the UID 0 is used as the default it will be " "overwritten with this option. If you still want to allow the root user to " @@ -2992,26 +2992,26 @@ msgstr "" "der Liste der erlaubten UIDs auch die 0 hinzufügen." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2313 +#: sssd.conf.5.xml:2314 msgid "pac_lifetime (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2316 +#: sssd.conf.5.xml:2317 msgid "" "Lifetime of the PAC entry in seconds. As long as the PAC is valid the PAC " "data can be used to determine the group memberships of a user." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2326 +#: sssd.conf.5.xml:2327 #, fuzzy #| msgid "ldap_schema (string)" msgid "pac_check (string)" msgstr "ldap_schema (Zeichenkette)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2329 +#: sssd.conf.5.xml:2330 msgid "" "Apply additional checks on the PAC of the Kerberos ticket which is available " "in Active Directory and FreeIPA domains, if configured. Please note that " @@ -3022,24 +3022,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2343 +#: sssd.conf.5.xml:2344 msgid "no_check" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2345 +#: sssd.conf.5.xml:2346 msgid "" "The PAC must not be present and even if it is present no additional checks " "will be done." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2351 +#: sssd.conf.5.xml:2352 msgid "pac_present" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2353 +#: sssd.conf.5.xml:2354 msgid "" "The PAC must be present in the service ticket which SSSD will request with " "the help of the user's TGT. If the PAC is not available the authentication " @@ -3047,24 +3047,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2361 +#: sssd.conf.5.xml:2362 msgid "check_upn" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2363 +#: sssd.conf.5.xml:2364 msgid "" "If the PAC is present check if the user principal name (UPN) information is " "consistent." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2369 +#: sssd.conf.5.xml:2370 msgid "check_upn_allow_missing" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2371 +#: sssd.conf.5.xml:2372 msgid "" "This option should be used together with 'check_upn' and handles the case " "where a UPN is set on the server-side but is not read by SSSD. The typical " @@ -3076,7 +3076,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2383 +#: sssd.conf.5.xml:2384 msgid "" "Currently this option is set by default to avoid regressions in such " "environments. A log message will be added to the system log and SSSD's debug " @@ -3087,41 +3087,41 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2397 +#: sssd.conf.5.xml:2398 msgid "upn_dns_info_present" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2399 +#: sssd.conf.5.xml:2400 msgid "The PAC must contain the UPN-DNS-INFO buffer, implies 'check_upn'." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2404 +#: sssd.conf.5.xml:2405 msgid "check_upn_dns_info_ex" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2406 +#: sssd.conf.5.xml:2407 msgid "" "If the PAC is present and the extension to the UPN-DNS-INFO buffer is " "available check if the information in the extension is consistent." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2413 +#: sssd.conf.5.xml:2414 msgid "upn_dns_info_ex_present" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2415 +#: sssd.conf.5.xml:2416 msgid "" "The PAC must contain the extension of the UPN-DNS-INFO buffer, implies " "'check_upn_dns_info_ex', 'upn_dns_info_present' and 'check_upn'." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2339 +#: sssd.conf.5.xml:2340 #, fuzzy #| msgid "" #| "The following expansions are supported: <placeholder " @@ -3134,19 +3134,19 @@ msgstr "" "type=\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2425 +#: sssd.conf.5.xml:2426 msgid "" "Default: no_check (AD and IPA provider 'check_upn, check_upn_allow_missing, " "check_upn_dns_info_ex')" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:2434 +#: sssd.conf.5.xml:2435 msgid "Session recording configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2436 +#: sssd.conf.5.xml:2437 msgid "" "Session recording works in conjunction with <citerefentry> " "<refentrytitle>tlog-rec-session</refentrytitle> <manvolnum>8</manvolnum> </" @@ -3156,66 +3156,66 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2449 +#: sssd.conf.5.xml:2450 msgid "These options can be used to configure session recording." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2453 sssd-session-recording.5.xml:64 +#: sssd.conf.5.xml:2454 sssd-session-recording.5.xml:64 msgid "scope (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2460 sssd-session-recording.5.xml:71 +#: sssd.conf.5.xml:2461 sssd-session-recording.5.xml:71 msgid "\"none\"" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2463 sssd-session-recording.5.xml:74 +#: sssd.conf.5.xml:2464 sssd-session-recording.5.xml:74 msgid "No users are recorded." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2468 sssd-session-recording.5.xml:79 +#: sssd.conf.5.xml:2469 sssd-session-recording.5.xml:79 msgid "\"some\"" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2471 sssd-session-recording.5.xml:82 +#: sssd.conf.5.xml:2472 sssd-session-recording.5.xml:82 msgid "" "Users/groups specified by <replaceable>users</replaceable> and " "<replaceable>groups</replaceable> options are recorded." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2480 sssd-session-recording.5.xml:91 +#: sssd.conf.5.xml:2481 sssd-session-recording.5.xml:91 msgid "\"all\"" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2483 sssd-session-recording.5.xml:94 +#: sssd.conf.5.xml:2484 sssd-session-recording.5.xml:94 msgid "All users are recorded." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2456 sssd-session-recording.5.xml:67 +#: sssd.conf.5.xml:2457 sssd-session-recording.5.xml:67 msgid "" "One of the following strings specifying the scope of session recording: " "<placeholder type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2490 sssd-session-recording.5.xml:101 +#: sssd.conf.5.xml:2491 sssd-session-recording.5.xml:101 msgid "Default: \"none\"" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2495 sssd-session-recording.5.xml:106 +#: sssd.conf.5.xml:2496 sssd-session-recording.5.xml:106 msgid "users (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2498 sssd-session-recording.5.xml:109 +#: sssd.conf.5.xml:2499 sssd-session-recording.5.xml:109 msgid "" "A comma-separated list of users which should have session recording enabled. " "Matches user names as returned by NSS. I.e. after the possible space " @@ -3223,17 +3223,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2504 sssd-session-recording.5.xml:115 +#: sssd.conf.5.xml:2505 sssd-session-recording.5.xml:115 msgid "Default: Empty. Matches no users." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2509 sssd-session-recording.5.xml:120 +#: sssd.conf.5.xml:2510 sssd-session-recording.5.xml:120 msgid "groups (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2512 sssd-session-recording.5.xml:123 +#: sssd.conf.5.xml:2513 sssd-session-recording.5.xml:123 msgid "" "A comma-separated list of groups, members of which should have session " "recording enabled. Matches group names as returned by NSS. I.e. after the " @@ -3241,7 +3241,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2518 sssd.conf.5.xml:2550 sssd-session-recording.5.xml:129 +#: sssd.conf.5.xml:2519 sssd.conf.5.xml:2551 sssd-session-recording.5.xml:129 #: sssd-session-recording.5.xml:161 msgid "" "NOTE: using this option (having it set to anything) has a considerable " @@ -3250,64 +3250,64 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2525 sssd-session-recording.5.xml:136 +#: sssd.conf.5.xml:2526 sssd-session-recording.5.xml:136 msgid "Default: Empty. Matches no groups." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2530 sssd-session-recording.5.xml:141 +#: sssd.conf.5.xml:2531 sssd-session-recording.5.xml:141 #, fuzzy #| msgid "simple_deny_users (string)" msgid "exclude_users (string)" msgstr "simple_deny_users (Zeichenkette)" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2533 sssd-session-recording.5.xml:144 +#: sssd.conf.5.xml:2534 sssd-session-recording.5.xml:144 msgid "" "A comma-separated list of users to be excluded from recording, only " "applicable with 'scope=all'." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2537 sssd-session-recording.5.xml:148 +#: sssd.conf.5.xml:2538 sssd-session-recording.5.xml:148 #, fuzzy #| msgid "Default: empty, i.e. ldap_uri is used." msgid "Default: Empty. No users excluded." msgstr "Voreinstellung: leer, d.h., dass »ldap_uri« benutzt wird" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2542 sssd-session-recording.5.xml:153 +#: sssd.conf.5.xml:2543 sssd-session-recording.5.xml:153 #, fuzzy #| msgid "simple_deny_groups (string)" msgid "exclude_groups (string)" msgstr "simple_deny_groups (Zeichenkette)" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2545 sssd-session-recording.5.xml:156 +#: sssd.conf.5.xml:2546 sssd-session-recording.5.xml:156 msgid "" "A comma-separated list of groups, members of which should be excluded from " "recording. Only applicable with 'scope=all'." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2557 sssd-session-recording.5.xml:168 +#: sssd.conf.5.xml:2558 sssd-session-recording.5.xml:168 #, fuzzy #| msgid "Default: empty, i.e. ldap_uri is used." msgid "Default: Empty. No groups excluded." msgstr "Voreinstellung: leer, d.h., dass »ldap_uri« benutzt wird" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:2567 +#: sssd.conf.5.xml:2568 msgid "DOMAIN SECTIONS" msgstr "DOMAIN-ABSCHNITTE" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2574 +#: sssd.conf.5.xml:2575 msgid "enabled" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2577 +#: sssd.conf.5.xml:2578 msgid "" "Explicitly enable or disable the domain. If <quote>true</quote>, the domain " "is always <quote>enabled</quote>. If <quote>false</quote>, the domain is " @@ -3317,12 +3317,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2589 +#: sssd.conf.5.xml:2590 msgid "domain_type (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2592 +#: sssd.conf.5.xml:2593 msgid "" "Specifies whether the domain is meant to be used by POSIX-aware clients such " "as the Name Service Switch or by applications that do not need POSIX data to " @@ -3331,14 +3331,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2600 +#: sssd.conf.5.xml:2601 msgid "" "Allowed values for this option are <quote>posix</quote> and " "<quote>application</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2604 +#: sssd.conf.5.xml:2605 msgid "" "POSIX domains are reachable by all services. Application domains are only " "reachable from the InfoPipe responder (see <citerefentry> " @@ -3347,31 +3347,31 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2612 +#: sssd.conf.5.xml:2613 msgid "" "NOTE: The application domains are currently well tested with " "<quote>id_provider=ldap</quote> only." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2616 +#: sssd.conf.5.xml:2617 msgid "" "For an easy way to configure a non-POSIX domains, please see the " "<quote>Application domains</quote> section." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2620 +#: sssd.conf.5.xml:2621 msgid "Default: posix" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2626 +#: sssd.conf.5.xml:2627 msgid "min_id,max_id (integer)" msgstr "min_id,max_id (Ganzzahl)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2629 +#: sssd.conf.5.xml:2630 msgid "" "UID and GID limits for the domain. If a domain contains an entry that is " "outside these limits, it is ignored." @@ -3380,7 +3380,7 @@ msgstr "" "enthält, der jenseits dieser Beschränkungen liegt, wird er ignoriert." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2634 +#: sssd.conf.5.xml:2635 msgid "" "For users, this affects the primary GID limit. The user will not be returned " "to NSS if either the UID or the primary GID is outside the range. For non-" @@ -3393,7 +3393,7 @@ msgstr "" "werden jene, die im Bereich liegen, wie erwartet gemeldet." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2641 +#: sssd.conf.5.xml:2642 msgid "" "These ID limits affect even saving entries to cache, not only returning them " "by name or ID." @@ -3402,17 +3402,17 @@ msgstr "" "den Zwischenspeicher und nicht nur ihre Rückgabe über Name oder ID." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2645 +#: sssd.conf.5.xml:2646 msgid "Default: 1 for min_id, 0 (no limit) for max_id" msgstr "Voreinstellung: 1 für »min_id«, 0 (keine Beschränkung) für »max_id«" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2651 +#: sssd.conf.5.xml:2652 msgid "enumerate (bool)" msgstr "enumerate (Boolesch)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2654 +#: sssd.conf.5.xml:2655 msgid "" "Determines if a domain can be enumerated, that is, whether the domain can " "list all the users and group it contains. Note that it is not required to " @@ -3421,29 +3421,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2662 +#: sssd.conf.5.xml:2663 msgid "TRUE = Users and groups are enumerated" msgstr "TRUE = Benutzer und Gruppen werden aufgezählt." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2665 +#: sssd.conf.5.xml:2666 msgid "FALSE = No enumerations for this domain" msgstr "FALSE = keine Aufzählungen für diese Domain" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2668 sssd.conf.5.xml:2942 sssd.conf.5.xml:3119 +#: sssd.conf.5.xml:2669 sssd.conf.5.xml:2943 sssd.conf.5.xml:3120 msgid "Default: FALSE" msgstr "Voreinstellung: FALSE" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2671 +#: sssd.conf.5.xml:2672 msgid "" "Enumerating a domain requires SSSD to download and store ALL user and group " "entries from the remote server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2676 +#: sssd.conf.5.xml:2677 msgid "" "Note: Enabling enumeration has a moderate performance impact on SSSD while " "enumeration is running. It may take up to several minutes after SSSD startup " @@ -3457,7 +3457,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2691 +#: sssd.conf.5.xml:2692 msgid "" "While the first enumeration is running, requests for the complete user or " "group lists may return no results until it completes." @@ -3467,7 +3467,7 @@ msgstr "" "Ergebnisse zurück." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2696 +#: sssd.conf.5.xml:2697 msgid "" "Further, enabling enumeration may increase the time necessary to detect " "network disconnection, as longer timeouts are required to ensure that " @@ -3482,7 +3482,7 @@ msgstr "" "benutzten »id_provider«." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2704 +#: sssd.conf.5.xml:2705 msgid "" "For the reasons cited above, enabling enumeration is not recommended, " "especially in large environments." @@ -3491,32 +3491,32 @@ msgstr "" "insbesondere in großen Umgebungen, nicht empfohlen." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2712 +#: sssd.conf.5.xml:2713 msgid "subdomain_enumerate (string)" msgstr "subdomain_enumerate (Zeichenkette)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2719 +#: sssd.conf.5.xml:2720 msgid "all" msgstr "all" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2720 +#: sssd.conf.5.xml:2721 msgid "All discovered trusted domains will be enumerated" msgstr "Alle entdeckten vertrauenswürdigen Domains werden aufgezählt." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2723 +#: sssd.conf.5.xml:2724 msgid "none" msgstr "none" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2724 +#: sssd.conf.5.xml:2725 msgid "No discovered trusted domains will be enumerated" msgstr "Keine der entdeckten vertrauenswürdigen Domains wird aufgezählt." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2715 +#: sssd.conf.5.xml:2716 msgid "" "Whether any of autodetected trusted domains should be enumerated. The " "supported values are: <placeholder type=\"variablelist\" id=\"0\"/> " @@ -3530,12 +3530,12 @@ msgstr "" "Domains aktivieren." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2738 +#: sssd.conf.5.xml:2739 msgid "entry_cache_timeout (integer)" msgstr "entry_cache_timeout (Ganzzahl)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2741 +#: sssd.conf.5.xml:2742 msgid "" "How many seconds should nss_sss consider entries valid before asking the " "backend again" @@ -3544,7 +3544,7 @@ msgstr "" "soll, bevor das Backend erneut abgefragt wird." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2745 +#: sssd.conf.5.xml:2746 msgid "" "The cache expiration timestamps are stored as attributes of individual " "objects in the cache. Therefore, changing the cache timeout only has effect " @@ -3562,17 +3562,17 @@ msgstr "" "wurden." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2758 +#: sssd.conf.5.xml:2759 msgid "Default: 5400" msgstr "Voreinstellung: 5400" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2764 +#: sssd.conf.5.xml:2765 msgid "entry_cache_user_timeout (integer)" msgstr "entry_cache_user_timeout (Ganzzahl)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2767 +#: sssd.conf.5.xml:2768 msgid "" "How many seconds should nss_sss consider user entries valid before asking " "the backend again" @@ -3581,19 +3581,19 @@ msgstr "" "betrachten soll, bevor das Backend erneut abgefragt wird." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2771 sssd.conf.5.xml:2784 sssd.conf.5.xml:2797 -#: sssd.conf.5.xml:2810 sssd.conf.5.xml:2824 sssd.conf.5.xml:2837 -#: sssd.conf.5.xml:2851 sssd.conf.5.xml:2865 sssd.conf.5.xml:2878 +#: sssd.conf.5.xml:2772 sssd.conf.5.xml:2785 sssd.conf.5.xml:2798 +#: sssd.conf.5.xml:2811 sssd.conf.5.xml:2825 sssd.conf.5.xml:2838 +#: sssd.conf.5.xml:2852 sssd.conf.5.xml:2866 sssd.conf.5.xml:2879 msgid "Default: entry_cache_timeout" msgstr "Voreinstellung: entry_cache_timeout" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2777 +#: sssd.conf.5.xml:2778 msgid "entry_cache_group_timeout (integer)" msgstr "entry_cache_group_timeout (Ganzzahl)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2780 +#: sssd.conf.5.xml:2781 msgid "" "How many seconds should nss_sss consider group entries valid before asking " "the backend again" @@ -3602,12 +3602,12 @@ msgstr "" "betrachten soll, bevor das Backend erneut abgefragt wird." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2790 +#: sssd.conf.5.xml:2791 msgid "entry_cache_netgroup_timeout (integer)" msgstr "entry_cache_netgroup_timeout (Ganzzahl)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2793 +#: sssd.conf.5.xml:2794 msgid "" "How many seconds should nss_sss consider netgroup entries valid before " "asking the backend again" @@ -3616,12 +3616,12 @@ msgstr "" "betrachten soll, bevor das Backend erneut abgefragt wird." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2803 +#: sssd.conf.5.xml:2804 msgid "entry_cache_service_timeout (integer)" msgstr "entry_cache_service_timeout (Ganzzahl)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2806 +#: sssd.conf.5.xml:2807 msgid "" "How many seconds should nss_sss consider service entries valid before asking " "the backend again" @@ -3630,24 +3630,24 @@ msgstr "" "betrachten soll, bevor das Backend erneut abgefragt wird." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2816 +#: sssd.conf.5.xml:2817 msgid "entry_cache_resolver_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2819 +#: sssd.conf.5.xml:2820 msgid "" "How many seconds should nss_sss consider hosts and networks entries valid " "before asking the backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2830 +#: sssd.conf.5.xml:2831 msgid "entry_cache_sudo_timeout (integer)" msgstr "entry_cache_sudo_timeout (Ganzzahl)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2833 +#: sssd.conf.5.xml:2834 msgid "" "How many seconds should sudo consider rules valid before asking the backend " "again" @@ -3656,12 +3656,12 @@ msgstr "" "bevor das Backend erneut abgefragt wird." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2843 +#: sssd.conf.5.xml:2844 msgid "entry_cache_autofs_timeout (integer)" msgstr "entry_cache_autofs_timeout (Ganzzahl)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2846 +#: sssd.conf.5.xml:2847 msgid "" "How many seconds should the autofs service consider automounter maps valid " "before asking the backend again" @@ -3671,36 +3671,36 @@ msgstr "" "wird." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2857 +#: sssd.conf.5.xml:2858 msgid "entry_cache_ssh_host_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2860 +#: sssd.conf.5.xml:2861 msgid "" "How many seconds to keep a host ssh key after refresh. IE how long to cache " "the host key for." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2871 +#: sssd.conf.5.xml:2872 msgid "entry_cache_computer_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2874 +#: sssd.conf.5.xml:2875 msgid "" "How many seconds to keep the local computer entry before asking the backend " "again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2884 +#: sssd.conf.5.xml:2885 msgid "refresh_expired_interval (integer)" msgstr "refresh_expired_interval (Ganzzahl)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2887 +#: sssd.conf.5.xml:2888 msgid "" "Specifies how many seconds SSSD has to wait before triggering a background " "refresh task which will refresh all expired or nearly expired records." @@ -3710,7 +3710,7 @@ msgstr "" "abgelaufenen oder beinahe abgelaufenen Daten aktualisiert werden." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2892 +#: sssd.conf.5.xml:2893 msgid "" "The background refresh will process users, groups and netgroups in the " "cache. For users who have performed the initgroups (get group membership for " @@ -3719,19 +3719,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2900 +#: sssd.conf.5.xml:2901 msgid "This option is automatically inherited for all trusted domains." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2904 +#: sssd.conf.5.xml:2905 msgid "You can consider setting this value to 3/4 * entry_cache_timeout." msgstr "" "Sie können in Betracht ziehen, diesen Wert auf 3/4 * entry_cache_timeout zu " "setzen." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2908 +#: sssd.conf.5.xml:2909 msgid "" "Cache entry will be refreshed by background task when 2/3 of cache timeout " "has already passed. If there are existing cached entries, the background " @@ -3743,18 +3743,18 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2921 sssd-ldap.5.xml:360 sssd-ldap.5.xml:1736 +#: sssd.conf.5.xml:2922 sssd-ldap.5.xml:360 sssd-ldap.5.xml:1736 #: sssd-ipa.5.xml:270 msgid "Default: 0 (disabled)" msgstr "Voreinstellung: 0 (deaktiviert)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2927 +#: sssd.conf.5.xml:2928 msgid "cache_credentials (bool)" msgstr "cache_credentials (Boolesch)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2930 +#: sssd.conf.5.xml:2931 #, fuzzy #| msgid "" #| "Determines if user credentials are also cached in the local LDB cache" @@ -3764,7 +3764,7 @@ msgstr "" "zwischengespeichert werden." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2934 +#: sssd.conf.5.xml:2935 msgid "" "Take a note that while credentials are stored as a salted SHA512 hash, this " "still potentially poses some security risk in case an attacker manages to " @@ -3773,12 +3773,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2948 +#: sssd.conf.5.xml:2949 msgid "cache_credentials_minimal_first_factor_length (int)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2951 +#: sssd.conf.5.xml:2952 msgid "" "If 2-Factor-Authentication (2FA) is used and credentials should be saved " "this value determines the minimal length the first authentication factor " @@ -3790,19 +3790,19 @@ msgstr "" "gespeichert zu werden." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2958 +#: sssd.conf.5.xml:2959 msgid "" "This should avoid that the short PINs of a PIN based 2FA scheme are saved in " "the cache which would make them easy targets for brute-force attacks." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2969 +#: sssd.conf.5.xml:2970 msgid "account_cache_expiration (integer)" msgstr "account_cache_expiration (Ganzzahl)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2972 +#: sssd.conf.5.xml:2973 msgid "" "Number of days entries are left in cache after last successful login before " "being removed during a cleanup of the cache. 0 means keep forever. The " @@ -3815,17 +3815,17 @@ msgstr "" "Parameters muss größer oder gleich »offline_credentials_expiration« sein." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2979 +#: sssd.conf.5.xml:2980 msgid "Default: 0 (unlimited)" msgstr "Voreinstellung: 0 (unbegrenzt)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2984 +#: sssd.conf.5.xml:2985 msgid "pwd_expiration_warning (integer)" msgstr "pwd_expiration_warning (Ganzzahl)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2995 +#: sssd.conf.5.xml:2996 msgid "" "Please note that the backend server has to provide information about the " "expiration time of the password. If this information is missing, sssd " @@ -3838,17 +3838,17 @@ msgstr "" "Authentifizierungsanbieter konfiguriert werden." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3002 +#: sssd.conf.5.xml:3003 msgid "Default: 7 (Kerberos), 0 (LDAP)" msgstr "Voreinstellung: 7 (Kerberos), 0 (LDAP)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3008 +#: sssd.conf.5.xml:3009 msgid "id_provider (string)" msgstr "id_provider (Zeichenkette)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3011 +#: sssd.conf.5.xml:3012 msgid "" "The identification provider used for the domain. Supported ID providers are:" msgstr "" @@ -3856,12 +3856,12 @@ msgstr "" "werden unterstützt:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3015 +#: sssd.conf.5.xml:3016 msgid "<quote>proxy</quote>: Support a legacy NSS provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3018 +#: sssd.conf.5.xml:3019 msgid "" "<quote>files</quote>: FILES provider. See <citerefentry> <refentrytitle>sssd-" "files</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more " @@ -3869,7 +3869,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3026 +#: sssd.conf.5.xml:3027 msgid "" "<quote>ldap</quote>: LDAP provider. See <citerefentry> <refentrytitle>sssd-" "ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more " @@ -3880,8 +3880,8 @@ msgstr "" "<manvolnum>5</manvolnum> </citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3034 sssd.conf.5.xml:3145 sssd.conf.5.xml:3196 -#: sssd.conf.5.xml:3259 +#: sssd.conf.5.xml:3035 sssd.conf.5.xml:3146 sssd.conf.5.xml:3197 +#: sssd.conf.5.xml:3260 msgid "" "<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management " "provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> " @@ -3894,8 +3894,8 @@ msgstr "" "manvolnum> </citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3043 sssd.conf.5.xml:3154 sssd.conf.5.xml:3205 -#: sssd.conf.5.xml:3268 +#: sssd.conf.5.xml:3044 sssd.conf.5.xml:3155 sssd.conf.5.xml:3206 +#: sssd.conf.5.xml:3269 msgid "" "<quote>ad</quote>: Active Directory provider. See <citerefentry> " "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3907,12 +3907,12 @@ msgstr "" "citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3054 +#: sssd.conf.5.xml:3055 msgid "use_fully_qualified_names (bool)" msgstr "use_fully_qualified_names (Boolesch)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3057 +#: sssd.conf.5.xml:3058 msgid "" "Use the full name and domain (as formatted by the domain's full_name_format) " "as the user's login name reported to NSS." @@ -3922,7 +3922,7 @@ msgstr "" "Benutzers, der an NSS gemeldet wird." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3062 +#: sssd.conf.5.xml:3063 msgid "" "If set to TRUE, all requests to this domain must use fully qualified names. " "For example, if used in LOCAL domain that contains a \"test\" user, " @@ -3936,7 +3936,7 @@ msgstr "" "test@LOCAL</command> würde ihn hingegen finden." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3070 +#: sssd.conf.5.xml:3071 msgid "" "NOTE: This option has no effect on netgroup lookups due to their tendency to " "include nested netgroups without qualified names. For netgroups, all domains " @@ -3948,24 +3948,24 @@ msgstr "" "nicht voll qualifizierter Name angefragt wird." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3077 +#: sssd.conf.5.xml:3078 msgid "" "Default: FALSE (TRUE for trusted domain/sub-domains or if " "default_domain_suffix is used)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3084 +#: sssd.conf.5.xml:3085 msgid "ignore_group_members (bool)" msgstr "ignore_group_members (Boolesch)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3087 +#: sssd.conf.5.xml:3088 msgid "Do not return group members for group lookups." msgstr "gibt beim Nachschlagen der Gruppe nicht die Gruppenmitglieder zurück." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3090 +#: sssd.conf.5.xml:3091 msgid "" "If set to TRUE, the group membership attribute is not requested from the " "ldap server, and group members are not returned when processing group lookup " @@ -3977,7 +3977,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3108 +#: sssd.conf.5.xml:3109 msgid "" "Enabling this option can also make access provider checks for group " "membership significantly faster, especially for groups containing many " @@ -3985,7 +3985,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3114 sssd.conf.5.xml:3821 sssd-ldap.5.xml:326 +#: sssd.conf.5.xml:3115 sssd.conf.5.xml:3822 sssd-ldap.5.xml:326 #: sssd-ldap.5.xml:355 sssd-ldap.5.xml:408 sssd-ldap.5.xml:468 #: sssd-ldap.5.xml:489 sssd-ldap.5.xml:520 sssd-ldap.5.xml:543 #: sssd-ldap.5.xml:582 sssd-ldap.5.xml:601 sssd-ldap.5.xml:625 @@ -3996,12 +3996,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3124 +#: sssd.conf.5.xml:3125 msgid "auth_provider (string)" msgstr "auth_provider (Zeichenkette)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3127 +#: sssd.conf.5.xml:3128 msgid "" "The authentication provider used for the domain. Supported auth providers " "are:" @@ -4010,7 +4010,7 @@ msgstr "" "Authentifizierungsanbieter werden unterstützt:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3131 sssd.conf.5.xml:3189 +#: sssd.conf.5.xml:3132 sssd.conf.5.xml:3190 msgid "" "<quote>ldap</quote> for native LDAP authentication. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" @@ -4021,7 +4021,7 @@ msgstr "" "ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3138 +#: sssd.conf.5.xml:3139 msgid "" "<quote>krb5</quote> for Kerberos authentication. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" @@ -4033,19 +4033,19 @@ msgstr "" "citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3162 +#: sssd.conf.5.xml:3163 msgid "" "<quote>proxy</quote> for relaying authentication to some other PAM target." msgstr "" "»proxy« zur Weitergabe der Authentifizierung an irgendein anderes PAM-Ziel" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3165 +#: sssd.conf.5.xml:3166 msgid "<quote>none</quote> disables authentication explicitly." msgstr "»none« deaktiviert explizit die Authentifizierung." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3168 +#: sssd.conf.5.xml:3169 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can handle " "authentication requests." @@ -4054,12 +4054,12 @@ msgstr "" "mit Authentifizierungsanfragen umgehen." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3174 +#: sssd.conf.5.xml:3175 msgid "access_provider (string)" msgstr "access_provider (Zeichenkette)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3177 +#: sssd.conf.5.xml:3178 msgid "" "The access control provider used for the domain. There are two built-in " "access providers (in addition to any included in installed backends) " @@ -4070,7 +4070,7 @@ msgstr "" "Backends enthalten sind). Interne Spezialanbieter sind:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3183 +#: sssd.conf.5.xml:3184 msgid "" "<quote>permit</quote> always allow access. It's the only permitted access " "provider for a local domain." @@ -4079,12 +4079,12 @@ msgstr "" "für eine lokale Domain." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3186 +#: sssd.conf.5.xml:3187 msgid "<quote>deny</quote> always deny access." msgstr "»deny« verweigert dem Zugriff immer." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3213 +#: sssd.conf.5.xml:3214 msgid "" "<quote>simple</quote> access control based on access or deny lists. See " "<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</" @@ -4097,7 +4097,7 @@ msgstr "" "simple</refentrytitle> <manvolnum>5</manvolnum></citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3220 +#: sssd.conf.5.xml:3221 msgid "" "<quote>krb5</quote>: .k5login based access control. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum></" @@ -4105,22 +4105,22 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3227 +#: sssd.conf.5.xml:3228 msgid "<quote>proxy</quote> for relaying access control to another PAM module." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3230 +#: sssd.conf.5.xml:3231 msgid "Default: <quote>permit</quote>" msgstr "Voreinstellung: »permit«" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3235 +#: sssd.conf.5.xml:3236 msgid "chpass_provider (string)" msgstr "chpass_provider (Zeichenkette)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3238 +#: sssd.conf.5.xml:3239 msgid "" "The provider which should handle change password operations for the domain. " "Supported change password providers are:" @@ -4129,7 +4129,7 @@ msgstr "" "Folgende Anbieter von Passwortänderungen werden unterstützt:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3243 +#: sssd.conf.5.xml:3244 msgid "" "<quote>ldap</quote> to change a password stored in a LDAP server. See " "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" @@ -4137,7 +4137,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3251 +#: sssd.conf.5.xml:3252 msgid "" "<quote>krb5</quote> to change the Kerberos password. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" @@ -4149,19 +4149,19 @@ msgstr "" "citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3276 +#: sssd.conf.5.xml:3277 msgid "" "<quote>proxy</quote> for relaying password changes to some other PAM target." msgstr "" "»proxy« zur Weitergabe der Passwortänderung an irgendein anderes PAM-Ziel" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3280 +#: sssd.conf.5.xml:3281 msgid "<quote>none</quote> disallows password changes explicitly." msgstr "»none« verbietet explizit Passwortänderungen." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3283 +#: sssd.conf.5.xml:3284 msgid "" "Default: <quote>auth_provider</quote> is used if it is set and can handle " "change password requests." @@ -4170,19 +4170,19 @@ msgstr "" "kann mit Passwortänderungsanfragen umgehen." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3290 +#: sssd.conf.5.xml:3291 msgid "sudo_provider (string)" msgstr "sudo_provider (Zeichenkette)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3293 +#: sssd.conf.5.xml:3294 msgid "The SUDO provider used for the domain. Supported SUDO providers are:" msgstr "" "der für diese Domain benutzte Sudo-Anbieter. Folgende Sudo-Anbieter werden " "unterstützt:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3297 +#: sssd.conf.5.xml:3298 msgid "" "<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" @@ -4193,7 +4193,7 @@ msgstr "" "ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3305 +#: sssd.conf.5.xml:3306 msgid "" "<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default " "settings." @@ -4202,7 +4202,7 @@ msgstr "" "Vorgabeeinstellungen für IPA." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3309 +#: sssd.conf.5.xml:3310 msgid "" "<quote>ad</quote> the same as <quote>ldap</quote> but with AD default " "settings." @@ -4211,19 +4211,19 @@ msgstr "" "Vorgabeeinstellungen für AD." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3313 +#: sssd.conf.5.xml:3314 msgid "<quote>none</quote> disables SUDO explicitly." msgstr "»none« deaktiviert explizit Sudo." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3316 sssd.conf.5.xml:3402 sssd.conf.5.xml:3472 -#: sssd.conf.5.xml:3497 sssd.conf.5.xml:3533 +#: sssd.conf.5.xml:3317 sssd.conf.5.xml:3403 sssd.conf.5.xml:3473 +#: sssd.conf.5.xml:3498 sssd.conf.5.xml:3534 msgid "Default: The value of <quote>id_provider</quote> is used if it is set." msgstr "" "Voreinstellung: Falls gesetzt, wird der Wert von »id_provider« benutzt." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3320 +#: sssd.conf.5.xml:3321 msgid "" "The detailed instructions for configuration of sudo_provider are in the " "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " @@ -4240,7 +4240,7 @@ msgstr "" "<manvolnum>5</manvolnum> </citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3335 +#: sssd.conf.5.xml:3336 msgid "" "<emphasis>NOTE:</emphasis> Sudo rules are periodically downloaded in the " "background unless the sudo provider is explicitly disabled. Set " @@ -4249,12 +4249,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3345 +#: sssd.conf.5.xml:3346 msgid "selinux_provider (string)" msgstr "selinux_provider (Zeichenkette)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3348 +#: sssd.conf.5.xml:3349 msgid "" "The provider which should handle loading of selinux settings. Note that this " "provider will be called right after access provider ends. Supported selinux " @@ -4265,7 +4265,7 @@ msgstr "" "Zugriffsanbieter beendet hat. Folgende SELinux-Anbieter werden unterstützt:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3354 +#: sssd.conf.5.xml:3355 msgid "" "<quote>ipa</quote> to load selinux settings from an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" @@ -4277,12 +4277,12 @@ msgstr "" "manvolnum> </citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3362 +#: sssd.conf.5.xml:3363 msgid "<quote>none</quote> disallows fetching selinux settings explicitly." msgstr "»none« verbietet explizit das Abholen von SELinux-Einstellungen." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3365 +#: sssd.conf.5.xml:3366 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can handle " "selinux loading requests." @@ -4291,12 +4291,12 @@ msgstr "" "kann SELinux-Ladeanfragen handhaben." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3371 +#: sssd.conf.5.xml:3372 msgid "subdomains_provider (string)" msgstr "subdomains_provider (Zeichenkette)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3374 +#: sssd.conf.5.xml:3375 msgid "" "The provider which should handle fetching of subdomains. This value should " "be always the same as id_provider. Supported subdomain providers are:" @@ -4306,7 +4306,7 @@ msgstr "" "werden unterstützt:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3380 +#: sssd.conf.5.xml:3381 msgid "" "<quote>ipa</quote> to load a list of subdomains from an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" @@ -4318,7 +4318,7 @@ msgstr "" "citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3389 +#: sssd.conf.5.xml:3390 msgid "" "<quote>ad</quote> to load a list of subdomains from an Active Directory " "server. See <citerefentry> <refentrytitle>sssd-ad</refentrytitle> " @@ -4327,17 +4327,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3398 +#: sssd.conf.5.xml:3399 msgid "<quote>none</quote> disallows fetching subdomains explicitly." msgstr "»none« deaktiviert explizit das Abholen von Subdomains." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3408 +#: sssd.conf.5.xml:3409 msgid "session_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3411 +#: sssd.conf.5.xml:3412 msgid "" "The provider which configures and manages user session related tasks. The " "only user session task currently provided is the integration with Fleet " @@ -4345,37 +4345,37 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3418 +#: sssd.conf.5.xml:3419 msgid "<quote>ipa</quote> to allow performing user session related tasks." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3422 +#: sssd.conf.5.xml:3423 msgid "" "<quote>none</quote> does not perform any kind of user session related tasks." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3426 +#: sssd.conf.5.xml:3427 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can perform " "session related tasks." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3430 +#: sssd.conf.5.xml:3431 msgid "" "<emphasis>NOTE:</emphasis> In order to have this feature working as expected " "SSSD must be running as \"root\" and not as the unprivileged user." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3438 +#: sssd.conf.5.xml:3439 msgid "autofs_provider (string)" msgstr "autofs_provider (Zeichenkette)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3441 +#: sssd.conf.5.xml:3442 msgid "" "The autofs provider used for the domain. Supported autofs providers are:" msgstr "" @@ -4383,7 +4383,7 @@ msgstr "" "»autofs« werden unterstützt:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3445 +#: sssd.conf.5.xml:3446 msgid "" "<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" @@ -4395,7 +4395,7 @@ msgstr "" "citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3452 +#: sssd.conf.5.xml:3453 msgid "" "<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> " "<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </" @@ -4407,7 +4407,7 @@ msgstr "" "citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3460 +#: sssd.conf.5.xml:3461 msgid "" "<quote>ad</quote> to load maps stored in an AD server. See <citerefentry> " "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </" @@ -4415,17 +4415,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3469 +#: sssd.conf.5.xml:3470 msgid "<quote>none</quote> disables autofs explicitly." msgstr "»none« deaktiviert explizit »autofs«." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3479 +#: sssd.conf.5.xml:3480 msgid "hostid_provider (string)" msgstr "hostid_provider (Zeichenkette)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3482 +#: sssd.conf.5.xml:3483 msgid "" "The provider used for retrieving host identity information. Supported " "hostid providers are:" @@ -4434,7 +4434,7 @@ msgstr "" "wird. Folgende Anbieter von »hostid« werden unterstützt:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3486 +#: sssd.conf.5.xml:3487 msgid "" "<quote>ipa</quote> to load host identity stored in an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" @@ -4446,31 +4446,31 @@ msgstr "" "manvolnum> </citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3494 +#: sssd.conf.5.xml:3495 msgid "<quote>none</quote> disables hostid explicitly." msgstr "»none« deaktiviert explizit »hostid«." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3504 +#: sssd.conf.5.xml:3505 msgid "resolver_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3507 +#: sssd.conf.5.xml:3508 msgid "" "The provider which should handle hosts and networks lookups. Supported " "resolver providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3511 +#: sssd.conf.5.xml:3512 msgid "" "<quote>proxy</quote> to forward lookups to another NSS library. See " "<quote>proxy_resolver_lib_name</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3515 +#: sssd.conf.5.xml:3516 msgid "" "<quote>ldap</quote> to fetch hosts and networks stored in LDAP. See " "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" @@ -4478,7 +4478,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3522 +#: sssd.conf.5.xml:3523 msgid "" "<quote>ad</quote> to fetch hosts and networks stored in AD. See " "<citerefentry> <refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</" @@ -4487,12 +4487,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3530 +#: sssd.conf.5.xml:3531 msgid "<quote>none</quote> disallows fetching hosts and networks explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3543 +#: sssd.conf.5.xml:3544 msgid "" "Regular expression for this domain that describes how to parse the string " "containing user name and domain into these components. The \"domain\" can " @@ -4507,7 +4507,7 @@ msgstr "" "(NetBIOS-) Namen der Domain entsprechen." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3552 +#: sssd.conf.5.xml:3553 #, fuzzy #| msgid "" #| "Default for the AD and IPA provider: <quote>(((?P<domain>[^\\\\]+)\\" @@ -4523,17 +4523,17 @@ msgstr "" "P<Name>[^@\\\\]+)$))« " #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:3557 sssd.conf.5.xml:3571 +#: sssd.conf.5.xml:3558 sssd.conf.5.xml:3572 msgid "username" msgstr "Benutzername" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:3560 sssd.conf.5.xml:3574 +#: sssd.conf.5.xml:3561 sssd.conf.5.xml:3575 msgid "username@domain.name" msgstr "Benutzername@Domain.Name" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3565 +#: sssd.conf.5.xml:3566 #, fuzzy #| msgid "" #| "Default for the AD and IPA provider: <quote>(((?P<domain>[^\\\\]+)\\" @@ -4551,12 +4551,12 @@ msgstr "" "P<Name>[^@\\\\]+)$))« " #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:3577 +#: sssd.conf.5.xml:3578 msgid "domain\\username" msgstr "Domain\\Benutzername" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3580 +#: sssd.conf.5.xml:3581 msgid "" "While the first two correspond to the general default the third one is " "introduced to allow easy integration of users from Windows domains." @@ -4566,7 +4566,7 @@ msgstr "" "Windows-Domains zu ermöglichen." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3585 +#: sssd.conf.5.xml:3586 msgid "" "The default re_expression uses the <quote>@</quote> character as a separator " "between the name and the domain. As a result of this setting the default " @@ -4576,17 +4576,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3637 +#: sssd.conf.5.xml:3638 msgid "Default: <quote>%1$s@%2$s</quote>." msgstr "Voreinstellung: »%1$s@%2$s«" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3643 +#: sssd.conf.5.xml:3644 msgid "lookup_family_order (string)" msgstr "lookup_family_order (Zeichenkette)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3646 +#: sssd.conf.5.xml:3647 msgid "" "Provides the ability to select preferred address family to use when " "performing DNS lookups." @@ -4594,80 +4594,80 @@ msgstr "" "ermöglicht es, die bei DNS-Abfragen zu bevorzugende Adressfamilie zu wählen." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3650 +#: sssd.conf.5.xml:3651 msgid "Supported values:" msgstr "unterstützte Werte:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3653 +#: sssd.conf.5.xml:3654 msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6" msgstr "" "ipv4_first: versucht die IPv4- und, falls dies fehlschlägt, die IPv6-Adresse " "nachzuschlagen" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3656 +#: sssd.conf.5.xml:3657 msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses." msgstr "ipv4_only: versucht, nur Rechnernamen zu IPv4-Adressen aufzulösen" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3659 +#: sssd.conf.5.xml:3660 msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4" msgstr "" "ipv6_first: versucht die IPv6- und, falls dies fehlschlägt, die IPv4-Adresse " "nachzuschlagen" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3662 +#: sssd.conf.5.xml:3663 msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses." msgstr "ipv6_only: versucht, nur Rechnernamen zu IPv6-Adressen aufzulösen" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3665 +#: sssd.conf.5.xml:3666 msgid "Default: ipv4_first" msgstr "Voreinstellung: ipv4_first" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3671 +#: sssd.conf.5.xml:3672 #, fuzzy #| msgid "dns_resolver_timeout (integer)" msgid "dns_resolver_server_timeout (integer)" msgstr "dns_resolver_timeout (Ganzzahl)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3674 +#: sssd.conf.5.xml:3675 msgid "" "Defines the amount of time (in milliseconds) SSSD would try to talk to DNS " "server before trying next DNS server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3679 +#: sssd.conf.5.xml:3680 msgid "" "The AD provider will use this option for the CLDAP ping timeouts as well." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3683 sssd.conf.5.xml:3703 sssd.conf.5.xml:3724 +#: sssd.conf.5.xml:3684 sssd.conf.5.xml:3704 sssd.conf.5.xml:3725 msgid "" "Please see the section <quote>FAILOVER</quote> for more information about " "the service resolution." msgstr "" #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3688 sssd-ldap.5.xml:644 include/failover.xml:84 +#: sssd.conf.5.xml:3689 sssd-ldap.5.xml:644 include/failover.xml:84 msgid "Default: 1000" msgstr "Voreinstellung: 1000" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3694 +#: sssd.conf.5.xml:3695 #, fuzzy #| msgid "dns_resolver_timeout (integer)" msgid "dns_resolver_op_timeout (integer)" msgstr "dns_resolver_timeout (Ganzzahl)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3697 +#: sssd.conf.5.xml:3698 msgid "" "Defines the amount of time (in seconds) to wait to resolve single DNS query " "(e.g. resolution of a hostname or an SRV record) before trying the next " @@ -4675,12 +4675,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3714 +#: sssd.conf.5.xml:3715 msgid "dns_resolver_timeout (integer)" msgstr "dns_resolver_timeout (Ganzzahl)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3717 +#: sssd.conf.5.xml:3718 msgid "" "Defines the amount of time (in seconds) to wait for a reply from the " "internal fail over service before assuming that the service is unreachable. " @@ -4689,14 +4689,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3735 +#: sssd.conf.5.xml:3736 #, fuzzy #| msgid "dns_resolver_timeout (integer)" msgid "dns_resolver_use_search_list (bool)" msgstr "dns_resolver_timeout (Ganzzahl)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3738 +#: sssd.conf.5.xml:3739 msgid "" "Normally, the DNS resolver searches the domain list defined in the " "\"search\" directive from the resolv.conf file. This can lead to delays in " @@ -4704,7 +4704,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3744 +#: sssd.conf.5.xml:3745 msgid "" "If fully qualified domain names (or _srv_) are used in the SSSD " "configuration, setting this option to FALSE can prevent unnecessary DNS " @@ -4712,17 +4712,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3750 +#: sssd.conf.5.xml:3751 msgid "Default: TRUE" msgstr "Voreinstellung: TRUE" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3756 +#: sssd.conf.5.xml:3757 msgid "dns_discovery_domain (string)" msgstr "dns_discovery_domain (Zeichenkette)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3759 +#: sssd.conf.5.xml:3760 msgid "" "If service discovery is used in the back end, specifies the domain part of " "the service discovery DNS query." @@ -4731,52 +4731,52 @@ msgstr "" "DNS-Dienstabfrage an." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3763 +#: sssd.conf.5.xml:3764 msgid "Default: Use the domain part of machine's hostname" msgstr "Voreinstellung: Der Domain-Teil des Rechnernamens wird benutzt." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3769 +#: sssd.conf.5.xml:3770 msgid "override_gid (integer)" msgstr "override_gid (Ganzzahl)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3772 +#: sssd.conf.5.xml:3773 msgid "Override the primary GID value with the one specified." msgstr "überschreibt die Haupt-GID mit der angegebenen." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3778 +#: sssd.conf.5.xml:3779 msgid "case_sensitive (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3785 +#: sssd.conf.5.xml:3786 msgid "True" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3788 +#: sssd.conf.5.xml:3789 msgid "Case sensitive. This value is invalid for AD provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3794 +#: sssd.conf.5.xml:3795 msgid "False" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3796 +#: sssd.conf.5.xml:3797 msgid "Case insensitive." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3800 +#: sssd.conf.5.xml:3801 msgid "Preserving" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3803 +#: sssd.conf.5.xml:3804 msgid "" "Same as False (case insensitive), but does not lowercase names in the result " "of NSS operations. Note that name aliases (and in case of services also " @@ -4784,14 +4784,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3811 +#: sssd.conf.5.xml:3812 msgid "" "If you want to set this value for trusted domain with IPA provider, you need " "to set it on both the client and SSSD on the server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3781 +#: sssd.conf.5.xml:3782 #, fuzzy #| msgid "" #| "The following expansions are supported: <placeholder " @@ -4804,17 +4804,17 @@ msgstr "" "type=\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3826 +#: sssd.conf.5.xml:3827 msgid "Default: True (False for AD provider)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3832 +#: sssd.conf.5.xml:3833 msgid "subdomain_inherit (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3835 +#: sssd.conf.5.xml:3836 msgid "" "Specifies a list of configuration parameters that should be inherited by a " "subdomain. Please note that only selected parameters can be inherited. " @@ -4822,128 +4822,128 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3841 +#: sssd.conf.5.xml:3842 #, fuzzy #| msgid "ldap_search_timeout (integer)" msgid "ldap_search_timeout" msgstr "ldap_search_timeout (Ganzzahl)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3844 +#: sssd.conf.5.xml:3845 #, fuzzy #| msgid "ldap_network_timeout (integer)" msgid "ldap_network_timeout" msgstr "ldap_network_timeout (Ganzzahl)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3847 +#: sssd.conf.5.xml:3848 #, fuzzy #| msgid "ldap_opt_timeout (integer)" msgid "ldap_opt_timeout" msgstr "ldap_opt_timeout (Ganzzahl)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3850 +#: sssd.conf.5.xml:3851 #, fuzzy #| msgid "ldap_connection_expire_timeout (integer)" msgid "ldap_offline_timeout" msgstr "ldap_connection_expire_timeout (Ganzzahl)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3853 +#: sssd.conf.5.xml:3854 #, fuzzy #| msgid "ldap_enumeration_refresh_timeout (integer)" msgid "ldap_enumeration_refresh_timeout" msgstr "ldap_enumeration_refresh_timeout (Ganzzahl)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3856 +#: sssd.conf.5.xml:3857 #, fuzzy #| msgid "ldap_enumeration_refresh_timeout (integer)" msgid "ldap_enumeration_refresh_offset" msgstr "ldap_enumeration_refresh_timeout (Ganzzahl)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3859 +#: sssd.conf.5.xml:3860 msgid "ldap_purge_cache_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3862 +#: sssd.conf.5.xml:3863 #, fuzzy #| msgid "ldap_purge_cache_timeout (integer)" msgid "ldap_purge_cache_offset" msgstr "ldap_purge_cache_timeout (Ganzzahl)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3865 +#: sssd.conf.5.xml:3866 msgid "" "ldap_krb5_keytab (the value of krb5_keytab will be used if ldap_krb5_keytab " "is not set explicitly)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3869 +#: sssd.conf.5.xml:3870 #, fuzzy #| msgid "ldap_krb5_ticket_lifetime (integer)" msgid "ldap_krb5_ticket_lifetime" msgstr "ldap_krb5_ticket_lifetime (Ganzzahl)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3872 +#: sssd.conf.5.xml:3873 #, fuzzy #| msgid "ldap_enumeration_search_timeout (integer)" msgid "ldap_enumeration_search_timeout" msgstr "ldap_enumeration_search_timeout (Ganzzahl)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3875 +#: sssd.conf.5.xml:3876 #, fuzzy #| msgid "ldap_connection_expire_timeout (integer)" msgid "ldap_connection_expire_timeout" msgstr "ldap_connection_expire_timeout (Ganzzahl)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3878 +#: sssd.conf.5.xml:3879 #, fuzzy #| msgid "ldap_connection_expire_timeout (integer)" msgid "ldap_connection_expire_offset" msgstr "ldap_connection_expire_timeout (Ganzzahl)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3881 +#: sssd.conf.5.xml:3882 #, fuzzy #| msgid "ldap_connection_expire_timeout (integer)" msgid "ldap_connection_idle_timeout" msgstr "ldap_connection_expire_timeout (Ganzzahl)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3884 sssd-ldap.5.xml:400 +#: sssd.conf.5.xml:3885 sssd-ldap.5.xml:400 msgid "ldap_use_tokengroups" msgstr "ldap_use_tokengroups" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3887 +#: sssd.conf.5.xml:3888 msgid "ldap_user_principal" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3890 +#: sssd.conf.5.xml:3891 msgid "ignore_group_members" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3893 +#: sssd.conf.5.xml:3894 msgid "auto_private_groups" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3896 +#: sssd.conf.5.xml:3897 msgid "case_sensitive" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:3901 +#: sssd.conf.5.xml:3902 #, no-wrap msgid "" "subdomain_inherit = ldap_purge_cache_timeout\n" @@ -4951,27 +4951,27 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3908 +#: sssd.conf.5.xml:3909 msgid "Note: This option only works with the IPA and AD provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3915 +#: sssd.conf.5.xml:3916 msgid "subdomain_homedir (string)" msgstr "subdomain_homedir (Zeichenkette)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3926 +#: sssd.conf.5.xml:3927 msgid "%F" msgstr "%F" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3927 +#: sssd.conf.5.xml:3928 msgid "flat (NetBIOS) name of a subdomain." msgstr "flacher (NetBIOS-) Name einer Subdomain" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3918 +#: sssd.conf.5.xml:3919 msgid "" "Use this homedir as default value for all subdomains within this domain in " "IPA AD trust. See <emphasis>override_homedir</emphasis> for info about " @@ -4986,7 +4986,7 @@ msgstr "" "verwendet werden. <placeholder type=\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3932 +#: sssd.conf.5.xml:3933 msgid "" "The value can be overridden by <emphasis>override_homedir</emphasis> option." msgstr "" @@ -4994,17 +4994,17 @@ msgstr "" "überschrieben werden." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3936 +#: sssd.conf.5.xml:3937 msgid "Default: <filename>/home/%d/%u</filename>" msgstr "Voreinstellung: <filename>/home/%d/%u</filename>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3941 +#: sssd.conf.5.xml:3942 msgid "realmd_tags (string)" msgstr "realmd_tags (Zeichenkette)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3944 +#: sssd.conf.5.xml:3945 msgid "" "Various tags stored by the realmd configuration service for this domain." msgstr "" @@ -5012,12 +5012,12 @@ msgstr "" "Kennzeichnungen." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3950 +#: sssd.conf.5.xml:3951 msgid "cached_auth_timeout (int)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3953 +#: sssd.conf.5.xml:3954 msgid "" "Specifies time in seconds since last successful online authentication for " "which user will be authenticated using cached credentials while SSSD is in " @@ -5026,19 +5026,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3961 +#: sssd.conf.5.xml:3962 msgid "" "This option's value is inherited by all trusted domains. At the moment it is " "not possible to set a different value per trusted domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3966 +#: sssd.conf.5.xml:3967 msgid "Special value 0 implies that this feature is disabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3970 +#: sssd.conf.5.xml:3971 msgid "" "Please note that if <quote>cached_auth_timeout</quote> is longer than " "<quote>pam_id_timeout</quote> then the back end could be called to handle " @@ -5046,24 +5046,87 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3981 +#: sssd.conf.5.xml:3982 +#, fuzzy +#| msgid "ldap_pwd_policy (string)" +msgid "local_auth_policy (string)" +msgstr "ldap_pwd_policy (Zeichenkette)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3985 +msgid "" +"Local authentication methods policy. Some backends (i.e. LDAP, proxy " +"provider) only support a password based authentication, while others can " +"handle PKINIT based Smartcard authentication (AD, IPA), two-factor " +"authentication (IPA), or other methods against a central instance. By " +"default in such cases authentication is only performed with the methods " +"supported by the backend." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3995 +msgid "" +"There are three possible values for this option: match, only, enable. " +"<quote>match</quote> is used to match offline and online states for Kerberos " +"methods. <quote>only</quote> ignores the online methods and only offer the " +"local ones. enable allows explicitly defining the methods for local " +"authentication. As an example, <quote>enable:passkey</quote>, only enables " +"passkey for local authentication. Multiple enable values should be comma-" +"separated, such as <quote>enable:passkey, enable:smartcard</quote>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:4011 +#, no-wrap +msgid "" +"[domain/shadowutils]\n" +"id_provider = proxy\n" +"proxy_lib_name = files\n" +"auth_provider = none\n" +"local_auth_policy = only\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4007 +msgid "" +"The following configuration example allows local users to authenticate " +"locally using any enabled method (i.e. smartcard, passkey). <placeholder " +"type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4019 +#, fuzzy +#| msgid "This option is not available in IPA provider." +msgid "This option is ignored for the files provider." +msgstr "Diese Option ist für IPA-Anbieter nicht verfügbar." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4022 +#, fuzzy +#| msgid "Default: cn" +msgid "Default: match" +msgstr "Voreinstellung: cn" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4027 msgid "auto_private_groups (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3987 +#: sssd.conf.5.xml:4033 msgid "true" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3990 +#: sssd.conf.5.xml:4036 msgid "" "Create user's private group unconditionally from user's UID number. The GID " "number is ignored in this case." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3994 +#: sssd.conf.5.xml:4040 msgid "" "NOTE: Because the GID number and the user private group are inferred from " "the UID number, it is not supported to have multiple entries with the same " @@ -5072,24 +5135,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4003 +#: sssd.conf.5.xml:4049 msgid "false" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4006 +#: sssd.conf.5.xml:4052 msgid "" "Always use the user's primary GID number. The GID number must refer to a " "group object in the LDAP database." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4012 +#: sssd.conf.5.xml:4058 msgid "hybrid" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4015 +#: sssd.conf.5.xml:4061 msgid "" "A primary group is autogenerated for user entries whose UID and GID numbers " "have the same value and at the same time the GID number does not correspond " @@ -5099,14 +5162,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4028 +#: sssd.conf.5.xml:4074 msgid "" "If the UID and GID of a user are different, then the GID must correspond to " "a group entry, otherwise the GID is simply not resolvable." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4035 +#: sssd.conf.5.xml:4081 msgid "" "This feature is useful for environments that wish to stop maintaining a " "separate group objects for the user private groups, but also wish to retain " @@ -5114,21 +5177,21 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3984 +#: sssd.conf.5.xml:4030 msgid "" "This option takes any of three available values: <placeholder " "type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4047 +#: sssd.conf.5.xml:4093 msgid "" "For subdomains, the default value is False for subdomains that use assigned " "POSIX IDs and True for subdomains that use automatic ID-mapping." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:4055 +#: sssd.conf.5.xml:4101 #, no-wrap msgid "" "[domain/forest.domain/sub.domain]\n" @@ -5136,7 +5199,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:4061 +#: sssd.conf.5.xml:4107 #, no-wrap msgid "" "[domain/forest.domain]\n" @@ -5145,7 +5208,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4052 +#: sssd.conf.5.xml:4098 msgid "" "The value of auto_private_groups can either be set per subdomains in a " "subsection, for example: <placeholder type=\"programlisting\" id=\"0\"/> or " @@ -5154,7 +5217,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:2569 +#: sssd.conf.5.xml:2570 msgid "" "These configuration options can be present in a domain configuration " "section, that is, in a section called <quote>[domain/<replaceable>NAME</" @@ -5166,17 +5229,17 @@ msgstr "" "type=\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4076 +#: sssd.conf.5.xml:4122 msgid "proxy_pam_target (string)" msgstr "proxy_pam_target (Zeichenkette)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4079 +#: sssd.conf.5.xml:4125 msgid "The proxy target PAM proxies to." msgstr "das Proxy-Ziel, an das PAM weiterleitet" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4082 +#: sssd.conf.5.xml:4128 msgid "" "Default: not set by default, you have to take an existing pam configuration " "or create a new one and add the service name here." @@ -5186,12 +5249,12 @@ msgstr "" "hinzufügen." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4090 +#: sssd.conf.5.xml:4136 msgid "proxy_lib_name (string)" msgstr "proxy_lib_name (Zeichenkette)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4093 +#: sssd.conf.5.xml:4139 msgid "" "The name of the NSS library to use in proxy domains. The NSS functions " "searched for in the library are in the form of _nss_$(libName)_$(function), " @@ -5202,12 +5265,12 @@ msgstr "" "»_nss_$(libName)_$(function)«, zum Beispiel »_nss_files_getpwent«." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4103 +#: sssd.conf.5.xml:4149 msgid "proxy_resolver_lib_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4106 +#: sssd.conf.5.xml:4152 msgid "" "The name of the NSS library to use for hosts and networks lookups in proxy " "domains. The NSS functions searched for in the library are in the form of " @@ -5215,12 +5278,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4117 +#: sssd.conf.5.xml:4163 msgid "proxy_fast_alias (boolean)" msgstr "proxy_fast_alias (Boolesch)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4120 +#: sssd.conf.5.xml:4166 msgid "" "When a user or group is looked up by name in the proxy provider, a second " "lookup by ID is performed to \"canonicalize\" the name in case the requested " @@ -5234,12 +5297,12 @@ msgstr "" "veranlassen, die ID im Zwischenspeicher nachzuschlagen." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4134 +#: sssd.conf.5.xml:4180 msgid "proxy_max_children (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4137 +#: sssd.conf.5.xml:4183 msgid "" "This option specifies the number of pre-forked proxy children. It is useful " "for high-load SSSD environments where sssd may run out of available child " @@ -5247,7 +5310,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4072 +#: sssd.conf.5.xml:4118 msgid "" "Options valid for proxy domains. <placeholder type=\"variablelist\" " "id=\"0\"/>" @@ -5256,12 +5319,12 @@ msgstr "" "id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:4153 +#: sssd.conf.5.xml:4199 msgid "Application domains" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4155 +#: sssd.conf.5.xml:4201 msgid "" "SSSD, with its D-Bus interface (see <citerefentry> <refentrytitle>sssd-ifp</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry>) is appealing to " @@ -5278,7 +5341,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4175 +#: sssd.conf.5.xml:4221 msgid "" "Please note that the application domain must still be explicitly enabled in " "the <quote>domains</quote> parameter so that the lookup order between the " @@ -5286,17 +5349,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> -#: sssd.conf.5.xml:4181 +#: sssd.conf.5.xml:4227 msgid "Application domain parameters" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4183 +#: sssd.conf.5.xml:4229 msgid "inherit_from (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4186 +#: sssd.conf.5.xml:4232 msgid "" "The SSSD POSIX-type domain the application domain inherits all settings " "from. The application domain can moreover add its own settings to the " @@ -5305,7 +5368,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4200 +#: sssd.conf.5.xml:4246 msgid "" "The following example illustrates the use of an application domain. In this " "setup, the POSIX domain is connected to an LDAP server and is used by the OS " @@ -5315,7 +5378,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><programlisting> -#: sssd.conf.5.xml:4208 +#: sssd.conf.5.xml:4254 #, no-wrap msgid "" "[sssd]\n" @@ -5335,12 +5398,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4228 +#: sssd.conf.5.xml:4274 msgid "TRUSTED DOMAIN SECTION" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4230 +#: sssd.conf.5.xml:4276 msgid "" "Some options used in the domain section can also be used in the trusted " "domain section, that is, in a section called <quote>[domain/" @@ -5351,69 +5414,69 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4237 +#: sssd.conf.5.xml:4283 msgid "ldap_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4238 +#: sssd.conf.5.xml:4284 msgid "ldap_user_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4239 +#: sssd.conf.5.xml:4285 msgid "ldap_group_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4240 +#: sssd.conf.5.xml:4286 msgid "ldap_netgroup_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4241 +#: sssd.conf.5.xml:4287 msgid "ldap_service_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4242 +#: sssd.conf.5.xml:4288 msgid "ldap_sasl_mech," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4243 +#: sssd.conf.5.xml:4289 msgid "ad_server," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4244 +#: sssd.conf.5.xml:4290 msgid "ad_backup_server," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4245 +#: sssd.conf.5.xml:4291 msgid "ad_site," msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4246 sssd-ipa.5.xml:879 +#: sssd.conf.5.xml:4292 sssd-ipa.5.xml:879 msgid "use_fully_qualified_names" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4250 +#: sssd.conf.5.xml:4296 msgid "" "For more details about these options see their individual description in the " "manual page." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4256 +#: sssd.conf.5.xml:4302 msgid "CERTIFICATE MAPPING SECTION" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4258 +#: sssd.conf.5.xml:4304 msgid "" "To allow authentication with Smartcards and certificates SSSD must be able " "to map certificates to users. This can be done by adding the full " @@ -5426,7 +5489,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4272 +#: sssd.conf.5.xml:4318 msgid "" "To make the mapping more flexible mapping and matching rules were added to " "SSSD (see <citerefentry> <refentrytitle>sss-certmap</refentrytitle> " @@ -5434,7 +5497,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4281 +#: sssd.conf.5.xml:4327 msgid "" "A mapping and matching rule can be added to the SSSD configuration in a " "section on its own with a name like <quote>[certmap/" @@ -5443,55 +5506,55 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4288 +#: sssd.conf.5.xml:4334 msgid "matchrule (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4291 +#: sssd.conf.5.xml:4337 msgid "" "Only certificates from the Smartcard which matches this rule will be " "processed, all others are ignored." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4295 +#: sssd.conf.5.xml:4341 msgid "" "Default: KRB5:<EKU>clientAuth, i.e. only certificates which have the " "Extended Key Usage <quote>clientAuth</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4302 +#: sssd.conf.5.xml:4348 msgid "maprule (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4305 +#: sssd.conf.5.xml:4351 msgid "Defines how the user is found for a given certificate." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4311 +#: sssd.conf.5.xml:4357 msgid "" "LDAP:(userCertificate;binary={cert!bin}) for LDAP based providers like " "<quote>ldap</quote>, <quote>AD</quote> or <quote>ipa</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4317 +#: sssd.conf.5.xml:4363 msgid "" "The RULE_NAME for the <quote>files</quote> provider which tries to find a " "user with the same name." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4326 +#: sssd.conf.5.xml:4372 msgid "domains (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4329 +#: sssd.conf.5.xml:4375 msgid "" "Comma separated list of domain names the rule should be applied. By default " "a rule is only valid in the domain configured in sssd.conf. If the provider " @@ -5500,17 +5563,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4336 +#: sssd.conf.5.xml:4382 msgid "Default: the configured domain in sssd.conf" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4341 +#: sssd.conf.5.xml:4387 msgid "priority (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4344 +#: sssd.conf.5.xml:4390 msgid "" "Unsigned integer value defining the priority of the rule. The higher the " "number the lower the priority. <quote>0</quote> stands for the highest " @@ -5518,26 +5581,26 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4350 +#: sssd.conf.5.xml:4396 msgid "Default: the lowest priority" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4356 +#: sssd.conf.5.xml:4402 msgid "" "To make the configuration simple and reduce the amount of configuration " "options the <quote>files</quote> provider has some special properties:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4362 +#: sssd.conf.5.xml:4408 msgid "" "if maprule is not set the RULE_NAME name is assumed to be the name of the " "matching user" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4368 +#: sssd.conf.5.xml:4414 msgid "" "if a maprule is used both a single user name or a template like " "<quote>{subject_rfc822_name.short_name}</quote> must be in braces like e.g. " @@ -5546,17 +5609,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4377 +#: sssd.conf.5.xml:4423 msgid "the <quote>domains</quote> option is ignored" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4385 +#: sssd.conf.5.xml:4431 msgid "PROMPTING CONFIGURATION SECTION" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4387 +#: sssd.conf.5.xml:4433 msgid "" "If a special file (<filename>/var/lib/sss/pubconf/pam_preauth_available</" "filename>) exists SSSD's PAM module pam_sss will ask SSSD to figure out " @@ -5566,7 +5629,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4395 +#: sssd.conf.5.xml:4441 msgid "" "With the growing number of authentication methods and the possibility that " "there are multiple ones for a single user the heuristic used by pam_sss to " @@ -5575,59 +5638,59 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4407 +#: sssd.conf.5.xml:4453 msgid "[prompting/password]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4410 +#: sssd.conf.5.xml:4456 msgid "password_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4411 +#: sssd.conf.5.xml:4457 msgid "to change the string of the password prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4409 +#: sssd.conf.5.xml:4455 msgid "" "to configure password prompting, allowed options are: <placeholder " "type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4419 +#: sssd.conf.5.xml:4465 msgid "[prompting/2fa]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4423 +#: sssd.conf.5.xml:4469 msgid "first_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4424 +#: sssd.conf.5.xml:4470 msgid "to change the string of the prompt for the first factor" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4427 +#: sssd.conf.5.xml:4473 msgid "second_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4428 +#: sssd.conf.5.xml:4474 msgid "to change the string of the prompt for the second factor" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4431 +#: sssd.conf.5.xml:4477 msgid "single_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4432 +#: sssd.conf.5.xml:4478 msgid "" "boolean value, if True there will be only a single prompt using the value of " "first_prompt where it is expected that both factors are entered as a single " @@ -5636,7 +5699,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4421 +#: sssd.conf.5.xml:4467 msgid "" "to configure two-factor authentication prompting, allowed options are: " "<placeholder type=\"variablelist\" id=\"0\"/> If the second factor is " @@ -5645,17 +5708,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4449 +#: sssd.conf.5.xml:4495 msgid "[prompting/passkey]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4455 sssd-ad.5.xml:1021 +#: sssd.conf.5.xml:4501 sssd-ad.5.xml:1021 msgid "interactive" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4457 +#: sssd.conf.5.xml:4503 msgid "" "boolean value, if True prompt a message and wait before testing the presence " "of a passkey device. Recommended if your device doesn’t have a tactile " @@ -5663,39 +5726,39 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4465 +#: sssd.conf.5.xml:4511 msgid "interactive_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4467 +#: sssd.conf.5.xml:4513 msgid "to change the message of the interactive prompt." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4472 +#: sssd.conf.5.xml:4518 msgid "touch" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4474 +#: sssd.conf.5.xml:4520 msgid "" "boolean value, if True prompt a message to remind the user to touch the " "device." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4480 +#: sssd.conf.5.xml:4526 msgid "touch_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4482 +#: sssd.conf.5.xml:4528 msgid "to change the message of the touch prompt." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4451 +#: sssd.conf.5.xml:4497 #, fuzzy #| msgid "" #| "The following expansions are supported: <placeholder " @@ -5708,7 +5771,7 @@ msgstr "" "type=\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4402 +#: sssd.conf.5.xml:4448 msgid "" "Each supported authentication method has its own configuration subsection " "under <quote>[prompting/...]</quote>. Currently there are: <placeholder " @@ -5717,7 +5780,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4493 +#: sssd.conf.5.xml:4539 msgid "" "It is possible to add a subsection for specific PAM services, e.g. " "<quote>[prompting/password/sshd]</quote> to individual change the prompting " @@ -5725,12 +5788,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4500 pam_sss_gss.8.xml:157 idmap_sss.8.xml:43 +#: sssd.conf.5.xml:4546 pam_sss_gss.8.xml:157 idmap_sss.8.xml:43 msgid "EXAMPLES" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4506 +#: sssd.conf.5.xml:4552 #, no-wrap msgid "" "[sssd]\n" @@ -5784,7 +5847,7 @@ msgstr "" "enumerate = False\n" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4502 +#: sssd.conf.5.xml:4548 msgid "" "1. The following example shows a typical SSSD config. It does not describe " "configuration of the domains themselves - refer to documentation on " @@ -5793,7 +5856,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4539 +#: sssd.conf.5.xml:4585 #, no-wrap msgid "" "[domain/ipa.com/child.ad.com]\n" @@ -5801,7 +5864,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4533 +#: sssd.conf.5.xml:4579 msgid "" "2. The following example shows configuration of IPA AD trust where the AD " "forest consists of two domains in a parent-child structure. Suppose IPA " @@ -5812,7 +5875,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4550 +#: sssd.conf.5.xml:4596 #, no-wrap msgid "" "[certmap/my.domain/rule_name]\n" @@ -5823,7 +5886,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4544 +#: sssd.conf.5.xml:4590 msgid "" "3. The following example shows the configuration of a certificate mapping " "rule. It is valid for the configured domain <quote>my.domain</quote> and " @@ -19192,9 +19255,13 @@ msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: include/ldap_id_mapping.xml:235 +#, fuzzy +#| msgid "" +#| "When this option is configured, domains will be allocated starting with " +#| "slice zero and increasing monatomically with each additional domain." msgid "" "When this option is configured, domains will be allocated starting with " -"slice zero and increasing monatomically with each additional domain." +"slice zero and increasing monotonically with each additional domain." msgstr "" "Wenn diese Option konfiguriert wurde, werden Domains beginnend bei Slice " "null reserviert und gleichmäßig mit jeder zusätzlichen Domain vergrößert." diff --git a/src/man/po/es.po b/src/man/po/es.po index 1cf1c71b709..cf1bdbea09e 100644 --- a/src/man/po/es.po +++ b/src/man/po/es.po @@ -18,7 +18,7 @@ msgid "" msgstr "" "Project-Id-Version: sssd-docs 2.3.0\n" "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" -"POT-Creation-Date: 2023-05-05 10:09+0200\n" +"POT-Creation-Date: 2023-09-07 11:47+0200\n" "PO-Revision-Date: 2021-10-27 15:05+0000\n" "Last-Translator: Emilio Herrera <ehespinosa57@gmail.com>\n" "Language-Team: Spanish <https://translate.fedoraproject.org/projects/sssd/" @@ -261,8 +261,8 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:136 sssd.conf.5.xml:173 sssd.conf.5.xml:358 -#: sssd.conf.5.xml:714 sssd.conf.5.xml:729 sssd.conf.5.xml:951 -#: sssd.conf.5.xml:1069 sssd.conf.5.xml:2197 sssd-ldap.5.xml:1071 +#: sssd.conf.5.xml:714 sssd.conf.5.xml:729 sssd.conf.5.xml:952 +#: sssd.conf.5.xml:1070 sssd.conf.5.xml:2198 sssd-ldap.5.xml:1071 #: sssd-ldap.5.xml:1174 sssd-ldap.5.xml:1243 sssd-ldap.5.xml:1750 #: sssd-ldap.5.xml:1815 sssd-ipa.5.xml:342 sssd-ad.5.xml:252 sssd-ad.5.xml:366 #: sssd-ad.5.xml:1200 sssd-ad.5.xml:1348 sssd-krb5.5.xml:358 @@ -285,8 +285,8 @@ msgstr "" "se ignora." #. type: Content of: <variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:149 sssd.conf.5.xml:652 sssd.conf.5.xml:948 -#: sssd.conf.5.xml:2100 sssd.conf.5.xml:2167 sssd.conf.5.xml:4128 +#: sssd.conf.5.xml:149 sssd.conf.5.xml:652 sssd.conf.5.xml:949 +#: sssd.conf.5.xml:2101 sssd.conf.5.xml:2168 sssd.conf.5.xml:4174 #: sssd-ldap.5.xml:312 sssd-ldap.5.xml:917 sssd-ldap.5.xml:936 #: sssd-ldap.5.xml:1146 sssd-ldap.5.xml:1599 sssd-ldap.5.xml:1839 #: sssd-ipa.5.xml:152 sssd-ipa.5.xml:254 sssd-ipa.5.xml:657 sssd-ad.5.xml:1106 @@ -364,8 +364,8 @@ msgstr "" "Advierta que después de tres pulsaciones perdidas el servicio se terminará." #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:196 sssd.conf.5.xml:1289 sssd.conf.5.xml:1766 -#: sssd.conf.5.xml:4144 sssd-ldap.5.xml:765 include/ldap_id_mapping.xml:270 +#: sssd.conf.5.xml:196 sssd.conf.5.xml:1290 sssd.conf.5.xml:1767 +#: sssd.conf.5.xml:4190 sssd-ldap.5.xml:765 include/ldap_id_mapping.xml:270 msgid "Default: 10" msgstr "Predeterminado: 10" @@ -443,12 +443,12 @@ msgstr "" "usen para ejecución: \"systemctl enable sssd-@service@.socket\". </phrase>" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:258 sssd.conf.5.xml:783 +#: sssd.conf.5.xml:258 sssd.conf.5.xml:784 msgid "reconnection_retries (integer)" msgstr "reconnection_retries (entero)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:261 sssd.conf.5.xml:786 +#: sssd.conf.5.xml:261 sssd.conf.5.xml:787 msgid "" "Number of times services should attempt to reconnect in the event of a Data " "Provider crash or restart before they give up" @@ -457,7 +457,7 @@ msgstr "" "de datos del proveedor, o de reiniciarse antes de abandonar" #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:266 sssd.conf.5.xml:791 sssd.conf.5.xml:3708 +#: sssd.conf.5.xml:266 sssd.conf.5.xml:792 sssd.conf.5.xml:3709 #: include/failover.xml:100 msgid "Default: 3" msgstr "Predeterminado: 3" @@ -485,7 +485,7 @@ msgstr "" "\"/\" está prohibido." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:287 sssd.conf.5.xml:3540 +#: sssd.conf.5.xml:287 sssd.conf.5.xml:3541 msgid "re_expression (string)" msgstr "re_expression (cadena)" @@ -510,12 +510,12 @@ msgstr "" "las SECCIONES DOMINIO para mas información sobre estas expresiones regulares." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:304 sssd.conf.5.xml:3597 +#: sssd.conf.5.xml:304 sssd.conf.5.xml:3598 msgid "full_name_format (string)" msgstr "full_name_format (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:307 sssd.conf.5.xml:3600 +#: sssd.conf.5.xml:307 sssd.conf.5.xml:3601 msgid "" "A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</" "manvolnum> </citerefentry>-compatible format that describes how to compose a " @@ -527,33 +527,33 @@ msgstr "" "dominio." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:318 sssd.conf.5.xml:3611 +#: sssd.conf.5.xml:318 sssd.conf.5.xml:3612 msgid "%1$s" msgstr "%1$s" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:319 sssd.conf.5.xml:3612 +#: sssd.conf.5.xml:319 sssd.conf.5.xml:3613 msgid "user name" msgstr "nombre de usuario" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:322 sssd.conf.5.xml:3615 +#: sssd.conf.5.xml:322 sssd.conf.5.xml:3616 msgid "%2$s" msgstr "%2$s" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:325 sssd.conf.5.xml:3618 +#: sssd.conf.5.xml:325 sssd.conf.5.xml:3619 msgid "domain name as specified in the SSSD config file." msgstr "" "nombre de dominio como se especifica en el fichero de configuración SSSD" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:331 sssd.conf.5.xml:3624 +#: sssd.conf.5.xml:331 sssd.conf.5.xml:3625 msgid "%3$s" msgstr "%3$s" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:334 sssd.conf.5.xml:3627 +#: sssd.conf.5.xml:334 sssd.conf.5.xml:3628 msgid "" "domain flat name. Mostly usable for Active Directory domains, both directly " "configured or discovered via IPA trusts." @@ -563,7 +563,7 @@ msgstr "" "medio de IPA de confianza." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:315 sssd.conf.5.xml:3608 +#: sssd.conf.5.xml:315 sssd.conf.5.xml:3609 msgid "" "The following expansions are supported: <placeholder type=\"variablelist\" " "id=\"0\"/>" @@ -1132,7 +1132,7 @@ msgstr "" "casos donde los nombres de usuarios se deben compartir entre dominios." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:700 sssd.conf.5.xml:1790 sssd.conf.5.xml:4194 +#: sssd.conf.5.xml:700 sssd.conf.5.xml:1791 sssd.conf.5.xml:4240 #: sssd-ad.5.xml:187 sssd-ad.5.xml:327 sssd-ad.5.xml:341 msgid "Default: Not set" msgstr "Por defecto: No definido" @@ -1185,11 +1185,11 @@ msgstr "certificate_verification (cadena)" #: sssd.conf.5.xml:744 msgid "" "Enable or disable the user verification (i.e. PIN, fingerprint) during " -"authentication." +"authentication. If enabled, the PIN will always be requested." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:749 +#: sssd.conf.5.xml:750 msgid "" "The default is that the key settings decide what to do. In the IPA or " "kerberos pre-authentication case, this value will be overwritten by the " @@ -1230,12 +1230,12 @@ msgstr "" "<placeholder type=\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:768 +#: sssd.conf.5.xml:769 msgid "SERVICES SECTIONS" msgstr "SECCIONES DE SERVICIOS" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:770 +#: sssd.conf.5.xml:771 msgid "" "Settings that can be used to configure different services are described in " "this section. They should reside in the [<replaceable>$NAME</replaceable>] " @@ -1248,22 +1248,22 @@ msgstr "" "sección sería <quote>[nss]</quote>" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:777 +#: sssd.conf.5.xml:778 msgid "General service configuration options" msgstr "Opciones de configuración de servicios generales" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:779 +#: sssd.conf.5.xml:780 msgid "These options can be used to configure any service." msgstr "Estas opciones pueden usarse para configurar cualquier servicio." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:796 +#: sssd.conf.5.xml:797 msgid "fd_limit" msgstr "fd_limit" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:799 +#: sssd.conf.5.xml:800 msgid "" "This option specifies the maximum number of file descriptors that may be " "opened at one time by this SSSD process. On systems where SSSD is granted " @@ -1278,17 +1278,17 @@ msgstr "" "valor más bajo de este o de limite “hard” en limits.conf." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:808 +#: sssd.conf.5.xml:809 msgid "Default: 8192 (or limits.conf \"hard\" limit)" msgstr "Por defecto: 8192 (o limite “hard” en limits.conf)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:813 +#: sssd.conf.5.xml:814 msgid "client_idle_timeout" msgstr "client_idle_timeout" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:816 +#: sssd.conf.5.xml:817 msgid "" "This option specifies the number of seconds that a client of an SSSD process " "can hold onto a file descriptor without communicating on it. This value is " @@ -1303,17 +1303,17 @@ msgstr "" "configura un valor más bajo será ajustado a 10 segundos." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:825 +#: sssd.conf.5.xml:826 msgid "Default: 60, KCM: 300" msgstr "Predeterminado: 60, KCM: 300" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:830 +#: sssd.conf.5.xml:831 msgid "offline_timeout (integer)" msgstr "offline_timeout (entero)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:833 +#: sssd.conf.5.xml:834 msgid "" "When SSSD switches to offline mode the amount of time before it tries to go " "back online will increase based upon the time spent disconnected. By " @@ -1331,7 +1331,7 @@ msgstr "" "nuevo intervalo se calcula mediante lo siguiente:" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:844 sssd.conf.5.xml:900 +#: sssd.conf.5.xml:845 sssd.conf.5.xml:901 msgid "" "new_delay = Minimum(old_delay * 2, offline_timeout_max) + random[0..." "offline_timeout_random_offset]" @@ -1340,7 +1340,7 @@ msgstr "" "offline_timeout_random_offset]" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:847 +#: sssd.conf.5.xml:848 msgid "" "The offline_timeout default value is 60. The offline_timeout_max default " "value is 3600. The offline_timeout_random_offset default value is 30. The " @@ -1352,46 +1352,46 @@ msgstr "" "segundos antes del próximo reintento." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:853 +#: sssd.conf.5.xml:854 msgid "" "Note that the maximum length of each interval is defined by " "offline_timeout_max (apart of random part)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:857 sssd.conf.5.xml:1200 sssd.conf.5.xml:1583 -#: sssd.conf.5.xml:1879 sssd-ldap.5.xml:494 +#: sssd.conf.5.xml:858 sssd.conf.5.xml:1201 sssd.conf.5.xml:1584 +#: sssd.conf.5.xml:1880 sssd-ldap.5.xml:494 msgid "Default: 60" msgstr "Predeterminado: 60" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:862 +#: sssd.conf.5.xml:863 #, fuzzy #| msgid "offline_timeout (integer)" msgid "offline_timeout_max (integer)" msgstr "offline_timeout (entero)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:865 +#: sssd.conf.5.xml:866 msgid "" "Controls by how much the time between attempts to go online can be " "incremented following unsuccessful attempts to go online." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:870 +#: sssd.conf.5.xml:871 msgid "A value of 0 disables the incrementing behaviour." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:873 +#: sssd.conf.5.xml:874 msgid "" "The value of this parameter should be set in correlation to offline_timeout " "parameter value." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:877 +#: sssd.conf.5.xml:878 msgid "" "With offline_timeout set to 60 (default value) there is no point in setting " "offlinet_timeout_max to less than 120 as it will saturate instantly. General " @@ -1400,66 +1400,66 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:883 +#: sssd.conf.5.xml:884 msgid "" "Although a value between 0 and offline_timeout may be specified, it has the " "effect of overriding the offline_timeout value so is of little use." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:888 +#: sssd.conf.5.xml:889 #, fuzzy #| msgid "Default: 300" msgid "Default: 3600" msgstr "Predeterminado: 300" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:893 +#: sssd.conf.5.xml:894 #, fuzzy #| msgid "offline_timeout + random_offset" msgid "offline_timeout_random_offset (integer)" msgstr "offline_timeout + random_offset" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:896 +#: sssd.conf.5.xml:897 msgid "" "When SSSD is in offline mode it keeps probing backend servers in specified " "time intervals:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:903 +#: sssd.conf.5.xml:904 msgid "" "This parameter controls the value of the random offset used for the above " "equation. Final random_offset value will be random number in range:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:908 +#: sssd.conf.5.xml:909 #, fuzzy #| msgid "offline_timeout + random_offset" msgid "[0 - offline_timeout_random_offset]" msgstr "offline_timeout + random_offset" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:911 +#: sssd.conf.5.xml:912 msgid "A value of 0 disables the random offset addition." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:914 +#: sssd.conf.5.xml:915 #, fuzzy #| msgid "Default: 300" msgid "Default: 30" msgstr "Predeterminado: 300" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:919 +#: sssd.conf.5.xml:920 msgid "responder_idle_timeout" msgstr "responder_idle_timeout" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:922 +#: sssd.conf.5.xml:923 msgid "" "This option specifies the number of seconds that an SSSD responder process " "can be up without being used. This value is limited in order to avoid " @@ -1478,18 +1478,18 @@ msgstr "" "los servicios activados son socket o D-Bus." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:936 sssd.conf.5.xml:1213 sssd.conf.5.xml:2321 +#: sssd.conf.5.xml:937 sssd.conf.5.xml:1214 sssd.conf.5.xml:2322 #: sssd-ldap.5.xml:331 msgid "Default: 300" msgstr "Predeterminado: 300" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:941 +#: sssd.conf.5.xml:942 msgid "cache_first" msgstr "cache_first" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:944 +#: sssd.conf.5.xml:945 msgid "" "This option specifies whether the responder should query all caches before " "querying the Data Providers." @@ -1498,12 +1498,12 @@ msgstr "" "de consultar a los Proveedores de Datos." #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:959 +#: sssd.conf.5.xml:960 msgid "NSS configuration options" msgstr "Opciones de configuración de NSS" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:961 +#: sssd.conf.5.xml:962 msgid "" "These options can be used to configure the Name Service Switch (NSS) service." msgstr "" @@ -1511,12 +1511,12 @@ msgstr "" "Switch (NSS)." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:966 +#: sssd.conf.5.xml:967 msgid "enum_cache_timeout (integer)" msgstr "enum_cache_timeout (entero)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:969 +#: sssd.conf.5.xml:970 msgid "" "How many seconds should nss_sss cache enumerations (requests for info about " "all users)" @@ -1525,17 +1525,17 @@ msgstr "" "sobre todos los usuarios)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:973 +#: sssd.conf.5.xml:974 msgid "Default: 120" msgstr "Predeterminado: 120" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:978 +#: sssd.conf.5.xml:979 msgid "entry_cache_nowait_percentage (integer)" msgstr "entry_cache_nowait_percentage (entero)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:981 +#: sssd.conf.5.xml:982 msgid "" "The entry cache can be set to automatically update entries in the background " "if they are requested beyond a percentage of the entry_cache_timeout value " @@ -1546,7 +1546,7 @@ msgstr "" "valor de entry_cache_timeout para el dominio." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:987 +#: sssd.conf.5.xml:988 msgid "" "For example, if the domain's entry_cache_timeout is set to 30s and " "entry_cache_nowait_percentage is set to 50 (percent), entries that come in " @@ -1562,7 +1562,7 @@ msgstr "" "actualización del cache." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:997 +#: sssd.conf.5.xml:998 msgid "" "Valid values for this option are 0-99 and represent a percentage of the " "entry_cache_timeout for each domain. For performance reasons, this " @@ -1575,17 +1575,17 @@ msgstr "" "segundos. (0 deshabilita esta función)." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1005 sssd.conf.5.xml:2121 +#: sssd.conf.5.xml:1006 sssd.conf.5.xml:2122 msgid "Default: 50" msgstr "Predeterminado: 50" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1010 +#: sssd.conf.5.xml:1011 msgid "entry_negative_timeout (integer)" msgstr "entry_negative_timeout (entero)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1013 +#: sssd.conf.5.xml:1014 msgid "" "Specifies for how many seconds nss_sss should cache negative cache hits " "(that is, queries for invalid database entries, like nonexistent ones) " @@ -1596,17 +1596,17 @@ msgstr "" "entradas no existentes) antes de preguntar al punto final otra vez." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1019 sssd.conf.5.xml:1778 sssd.conf.5.xml:2145 +#: sssd.conf.5.xml:1020 sssd.conf.5.xml:1779 sssd.conf.5.xml:2146 msgid "Default: 15" msgstr "Predeterminado: 15" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1024 +#: sssd.conf.5.xml:1025 msgid "local_negative_timeout (integer)" msgstr "local_negative_timeout (integer)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1027 +#: sssd.conf.5.xml:1028 msgid "" "Specifies for how many seconds nss_sss should keep local users and groups in " "negative cache before trying to look it up in the back end again. Setting " @@ -1617,17 +1617,17 @@ msgstr "" "otra vez. Fijando la opción a 0 deshabilita esta característica." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1033 +#: sssd.conf.5.xml:1034 msgid "Default: 14400 (4 hours)" msgstr "Por defecto: 14400 (4 horas)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1038 +#: sssd.conf.5.xml:1039 msgid "filter_users, filter_groups (string)" msgstr "filter_users, filter_groups (cadena)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1041 +#: sssd.conf.5.xml:1042 msgid "" "Exclude certain users or groups from being fetched from the sss NSS " "database. This is particularly useful for system accounts. This option can " @@ -1641,7 +1641,7 @@ msgstr "" "usuario (UPN)." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1049 +#: sssd.conf.5.xml:1050 msgid "" "NOTE: The filter_groups option doesn't affect inheritance of nested group " "members, since filtering happens after they are propagated for returning via " @@ -1654,17 +1654,17 @@ msgstr "" "filtrado mantendrá los usuarios miembros del listado posterior." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1057 +#: sssd.conf.5.xml:1058 msgid "Default: root" msgstr "Predeterminado: root" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1062 +#: sssd.conf.5.xml:1063 msgid "filter_users_in_groups (bool)" msgstr "filter_users_in_groups (bool)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1065 +#: sssd.conf.5.xml:1066 msgid "" "If you want filtered user still be group members set this option to false." msgstr "" @@ -1672,12 +1672,12 @@ msgstr "" "opción a false." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1076 +#: sssd.conf.5.xml:1077 msgid "fallback_homedir (string)" msgstr "fallback_homedir (cadena)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1079 +#: sssd.conf.5.xml:1080 msgid "" "Set a default template for a user's home directory if one is not specified " "explicitly by the domain's data provider." @@ -1686,7 +1686,7 @@ msgstr "" "especificado una explícitamente por el proveedor de datos del dominio." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1084 +#: sssd.conf.5.xml:1085 msgid "" "The available values for this option are the same as for override_homedir." msgstr "" @@ -1694,7 +1694,7 @@ msgstr "" "override_homedir." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1090 +#: sssd.conf.5.xml:1091 #, no-wrap msgid "" "fallback_homedir = /home/%u\n" @@ -1704,24 +1704,24 @@ msgstr "" " " #. type: Content of: <varlistentry><listitem><para> -#: sssd.conf.5.xml:1088 sssd.conf.5.xml:1650 sssd.conf.5.xml:1669 -#: sssd.conf.5.xml:1746 sssd-krb5.5.xml:451 include/override_homedir.xml:66 +#: sssd.conf.5.xml:1089 sssd.conf.5.xml:1651 sssd.conf.5.xml:1670 +#: sssd.conf.5.xml:1747 sssd-krb5.5.xml:451 include/override_homedir.xml:66 msgid "example: <placeholder type=\"programlisting\" id=\"0\"/>" msgstr "ejemplo: <placeholder type=\"programlisting\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1094 +#: sssd.conf.5.xml:1095 msgid "Default: not set (no substitution for unset home directories)" msgstr "" "Por defecto: no fijado (sin sustitución para los directorios home no fijados)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1100 +#: sssd.conf.5.xml:1101 msgid "override_shell (string)" msgstr "override_shell (cadena)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1103 +#: sssd.conf.5.xml:1104 msgid "" "Override the login shell for all users. This option supersedes any other " "shell options if it takes effect and can be set either in the [nss] section " @@ -1732,17 +1732,17 @@ msgstr "" "la sección [nss] o por dominio." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1109 +#: sssd.conf.5.xml:1110 msgid "Default: not set (SSSD will use the value retrieved from LDAP)" msgstr "Por defecto: no fijado (SSSD usará el valor recuperado desde LDAP)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1115 +#: sssd.conf.5.xml:1116 msgid "allowed_shells (string)" msgstr "allowed_shells (cadena)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1118 +#: sssd.conf.5.xml:1119 msgid "" "Restrict user shell to one of the listed values. The order of evaluation is:" msgstr "" @@ -1750,12 +1750,12 @@ msgstr "" "evaluación es:" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1121 +#: sssd.conf.5.xml:1122 msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used." msgstr "1. Si el shell está presente en <quote>/etc/shells</quote>, se usa." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1125 +#: sssd.conf.5.xml:1126 msgid "" "2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</" "quote>, use the value of the shell_fallback parameter." @@ -1764,7 +1764,7 @@ msgstr "" "shells</quote>, usa el valor del parámetro shell_fallback." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1130 +#: sssd.conf.5.xml:1131 msgid "" "3. If the shell is not in the allowed_shells list and not in <quote>/etc/" "shells</quote>, a nologin shell is used." @@ -1773,12 +1773,12 @@ msgstr "" "shells</quote>, se usará un shell de no acceso." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1135 +#: sssd.conf.5.xml:1136 msgid "The wildcard (*) can be used to allow any shell." msgstr "Se puede usar el comodín (*) para permitir cualquier shell." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1138 +#: sssd.conf.5.xml:1139 msgid "" "The (*) is useful if you want to use shell_fallback in case that user's " "shell is not in <quote>/etc/shells</quote> and maintaining list of all " @@ -1789,12 +1789,12 @@ msgstr "" "los shells permitidos en allowed_shells estuviera llena." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1145 +#: sssd.conf.5.xml:1146 msgid "An empty string for shell is passed as-is to libc." msgstr "Una cadena vacía para el shell se pasa como-es a libc." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1148 +#: sssd.conf.5.xml:1149 msgid "" "The <quote>/etc/shells</quote> is only read on SSSD start up, which means " "that a restart of the SSSD is required in case a new shell is installed." @@ -1804,27 +1804,27 @@ msgstr "" "una nueva shell." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1152 +#: sssd.conf.5.xml:1153 msgid "Default: Not set. The user shell is automatically used." msgstr "Por defecto: No fijado. La shell del usuario se usa automáticamente." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1157 +#: sssd.conf.5.xml:1158 msgid "vetoed_shells (string)" msgstr "vetoed_shells (cadena)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1160 +#: sssd.conf.5.xml:1161 msgid "Replace any instance of these shells with the shell_fallback" msgstr "Reemplaza cualquier instancia de estos shells con shell_fallback" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1165 +#: sssd.conf.5.xml:1166 msgid "shell_fallback (string)" msgstr "shell_fallback (cadena)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1168 +#: sssd.conf.5.xml:1169 msgid "" "The default shell to use if an allowed shell is not installed on the machine." msgstr "" @@ -1832,17 +1832,17 @@ msgstr "" "máquina." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1172 +#: sssd.conf.5.xml:1173 msgid "Default: /bin/sh" msgstr "Predeterminado: /bin/sh" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1177 +#: sssd.conf.5.xml:1178 msgid "default_shell" msgstr "default_shell" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1180 +#: sssd.conf.5.xml:1181 msgid "" "The default shell to use if the provider does not return one during lookup. " "This option can be specified globally in the [nss] section or per-domain." @@ -1852,7 +1852,7 @@ msgstr "" "o por dominio." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1186 +#: sssd.conf.5.xml:1187 msgid "" "Default: not set (Return NULL if no shell is specified and rely on libc to " "substitute something sensible when necessary, usually /bin/sh)" @@ -1862,12 +1862,12 @@ msgstr "" "normalmente /bin/sh)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1193 sssd.conf.5.xml:1576 +#: sssd.conf.5.xml:1194 sssd.conf.5.xml:1577 msgid "get_domains_timeout (int)" msgstr "get_domains_timeout (entero)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1196 sssd.conf.5.xml:1579 +#: sssd.conf.5.xml:1197 sssd.conf.5.xml:1580 msgid "" "Specifies time in seconds for which the list of subdomains will be " "considered valid." @@ -1876,14 +1876,14 @@ msgstr "" "considerada válida." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1205 +#: sssd.conf.5.xml:1206 #, fuzzy #| msgid "enum_cache_timeout (integer)" msgid "memcache_timeout (integer)" msgstr "enum_cache_timeout (entero)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1208 +#: sssd.conf.5.xml:1209 msgid "" "Specifies time in seconds for which records in the in-memory cache will be " "valid. Setting this option to zero will disable the in-memory cache." @@ -1892,7 +1892,7 @@ msgstr "" "cache serán validos. Fijando esta opción o cero deshabilita la memoria cache." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1216 +#: sssd.conf.5.xml:1217 msgid "" "WARNING: Disabling the in-memory cache will have significant negative impact " "on SSSD's performance and should only be used for testing." @@ -1902,8 +1902,8 @@ msgstr "" "pruebas." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1222 sssd.conf.5.xml:1247 sssd.conf.5.xml:1272 -#: sssd.conf.5.xml:1297 sssd.conf.5.xml:1324 +#: sssd.conf.5.xml:1223 sssd.conf.5.xml:1248 sssd.conf.5.xml:1273 +#: sssd.conf.5.xml:1298 sssd.conf.5.xml:1325 msgid "" "NOTE: If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", " "client applications will not use the fast in-memory cache." @@ -1912,14 +1912,14 @@ msgstr "" "las aplicaciones clientes no usaran la memoria cache rápida." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1230 +#: sssd.conf.5.xml:1231 #, fuzzy #| msgid "enum_cache_timeout (integer)" msgid "memcache_size_passwd (integer)" msgstr "enum_cache_timeout (entero)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1233 +#: sssd.conf.5.xml:1234 #, fuzzy #| msgid "" #| "Specifies time in seconds for which records in the in-memory cache will " @@ -1933,13 +1933,13 @@ msgstr "" "cache serán validos. Fijando esta opción o cero deshabilita la memoria cache." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1239 sssd.conf.5.xml:2963 sssd-ldap.5.xml:548 +#: sssd.conf.5.xml:1240 sssd.conf.5.xml:2964 sssd-ldap.5.xml:548 msgid "Default: 8" msgstr "Predeterminado: 8" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1242 sssd.conf.5.xml:1267 sssd.conf.5.xml:1292 -#: sssd.conf.5.xml:1319 +#: sssd.conf.5.xml:1243 sssd.conf.5.xml:1268 sssd.conf.5.xml:1293 +#: sssd.conf.5.xml:1320 #, fuzzy #| msgid "" #| "WARNING: Disabling the in-memory cache will have significant negative " @@ -1953,14 +1953,14 @@ msgstr "" "pruebas." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1255 +#: sssd.conf.5.xml:1256 #, fuzzy #| msgid "enum_cache_timeout (integer)" msgid "memcache_size_group (integer)" msgstr "enum_cache_timeout (entero)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1258 +#: sssd.conf.5.xml:1259 #, fuzzy #| msgid "" #| "Specifies time in seconds for which records in the in-memory cache will " @@ -1974,21 +1974,21 @@ msgstr "" "cache serán validos. Fijando esta opción o cero deshabilita la memoria cache." #. type: Content of: <variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1264 sssd.conf.5.xml:1316 sssd.conf.5.xml:3729 +#: sssd.conf.5.xml:1265 sssd.conf.5.xml:1317 sssd.conf.5.xml:3730 #: sssd-ldap.5.xml:473 sssd-ldap.5.xml:525 include/failover.xml:116 #: include/krb5_options.xml:11 msgid "Default: 6" msgstr "Predeterminado: 6" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1280 +#: sssd.conf.5.xml:1281 #, fuzzy #| msgid "enum_cache_timeout (integer)" msgid "memcache_size_initgroups (integer)" msgstr "enum_cache_timeout (entero)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1283 +#: sssd.conf.5.xml:1284 #, fuzzy #| msgid "" #| "Specifies time in seconds for which records in the in-memory cache will " @@ -2002,14 +2002,14 @@ msgstr "" "cache serán validos. Fijando esta opción o cero deshabilita la memoria cache." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1305 +#: sssd.conf.5.xml:1306 #, fuzzy #| msgid "enum_cache_timeout (integer)" msgid "memcache_size_sid (integer)" msgstr "enum_cache_timeout (entero)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1308 +#: sssd.conf.5.xml:1309 #, fuzzy #| msgid "" #| "Specifies time in seconds for which records in the in-memory cache will " @@ -2024,12 +2024,12 @@ msgstr "" "cache serán validos. Fijando esta opción o cero deshabilita la memoria cache." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1332 sssd-ifp.5.xml:90 +#: sssd.conf.5.xml:1333 sssd-ifp.5.xml:90 msgid "user_attributes (string)" msgstr "user_attributes (string)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1335 +#: sssd.conf.5.xml:1336 msgid "" "Some of the additional NSS responder requests can return more attributes " "than just the POSIX ones defined by the NSS interface. The list of " @@ -2047,7 +2047,7 @@ msgstr "" "predeterminados." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1348 +#: sssd.conf.5.xml:1349 msgid "" "To make configuration more easy the NSS responder will check the InfoPipe " "option if it is not set for the NSS responder." @@ -2056,17 +2056,17 @@ msgstr "" "opción InfoPipe si no está fijada para el contestador NSS." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1353 +#: sssd.conf.5.xml:1354 msgid "Default: not set, fallback to InfoPipe option" msgstr "Por defecto: no ajustada, retroceder a opción InfoPipe" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1358 +#: sssd.conf.5.xml:1359 msgid "pwfield (string)" msgstr "pwfield (cadena)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1361 +#: sssd.conf.5.xml:1362 msgid "" "The value that NSS operations that return users or groups will return for " "the <quote>password</quote> field." @@ -2075,14 +2075,14 @@ msgstr "" "para el campo <quote>password</quote>." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1366 +#: sssd.conf.5.xml:1367 #, fuzzy #| msgid "Default: <quote>permit</quote>" msgid "Default: <quote>*</quote>" msgstr "Predeterminado: <quote>permit</quote>" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1369 +#: sssd.conf.5.xml:1370 #, fuzzy #| msgid "This option can also be set per-domain." msgid "" @@ -2091,7 +2091,7 @@ msgid "" msgstr "Esta opción puede ser también fijada por dominio." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1373 +#: sssd.conf.5.xml:1374 #, fuzzy #| msgid "" #| "Default: <quote>*</quote> (remote domains) or <quote>x</quote> (the " @@ -2106,12 +2106,12 @@ msgstr "" "ficheros de dominio)" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:1385 +#: sssd.conf.5.xml:1386 msgid "PAM configuration options" msgstr "Opciones de configuración PAM" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:1387 +#: sssd.conf.5.xml:1388 msgid "" "These options can be used to configure the Pluggable Authentication Module " "(PAM) service." @@ -2120,12 +2120,12 @@ msgstr "" "Authentication Module (PAM)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1392 +#: sssd.conf.5.xml:1393 msgid "offline_credentials_expiration (integer)" msgstr "offline_credentials_expiration (entero)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1395 +#: sssd.conf.5.xml:1396 msgid "" "If the authentication provider is offline, how long should we allow cached " "logins (in days since the last successful online login)." @@ -2134,17 +2134,17 @@ msgstr "" "los accesos escondidos (en días desde el último login en línea con éxito)." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1400 sssd.conf.5.xml:1413 +#: sssd.conf.5.xml:1401 sssd.conf.5.xml:1414 msgid "Default: 0 (No limit)" msgstr "Predeterminado: 0 (Sin límite)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1406 +#: sssd.conf.5.xml:1407 msgid "offline_failed_login_attempts (integer)" msgstr "offline_failed_login_attempts (entero)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1409 +#: sssd.conf.5.xml:1410 msgid "" "If the authentication provider is offline, how many failed login attempts " "are allowed." @@ -2153,12 +2153,12 @@ msgstr "" "login fallados están permitidos." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1419 +#: sssd.conf.5.xml:1420 msgid "offline_failed_login_delay (integer)" msgstr "offline_failed_login_delay (entero)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1422 +#: sssd.conf.5.xml:1423 msgid "" "The time in minutes which has to pass after offline_failed_login_attempts " "has been reached before a new login attempt is possible." @@ -2168,7 +2168,7 @@ msgstr "" "intento de login sea posible." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1427 +#: sssd.conf.5.xml:1428 msgid "" "If set to 0 the user cannot authenticate offline if " "offline_failed_login_attempts has been reached. Only a successful online " @@ -2179,17 +2179,17 @@ msgstr "" "éxito puede habilitar otra vez la autenticación fuera de línea." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1433 sssd.conf.5.xml:1543 +#: sssd.conf.5.xml:1434 sssd.conf.5.xml:1544 msgid "Default: 5" msgstr "Predeterminado: 5" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1439 +#: sssd.conf.5.xml:1440 msgid "pam_verbosity (integer)" msgstr "pam_verbosity (entero)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1442 +#: sssd.conf.5.xml:1443 msgid "" "Controls what kind of messages are shown to the user during authentication. " "The higher the number to more messages are displayed." @@ -2198,46 +2198,46 @@ msgstr "" "autenticación. Cuanto mayor sea el número de mensajes más aparecen." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1447 +#: sssd.conf.5.xml:1448 msgid "Currently sssd supports the following values:" msgstr "Actualmente sssd soporta los siguientes valores:" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1450 +#: sssd.conf.5.xml:1451 msgid "<emphasis>0</emphasis>: do not show any message" msgstr "<emphasis>0</emphasis>: no mostrar ningún mensaje" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1453 +#: sssd.conf.5.xml:1454 msgid "<emphasis>1</emphasis>: show only important messages" msgstr "<emphasis>1</emphasis>: mostrar sólo mensajes importantes" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1457 +#: sssd.conf.5.xml:1458 msgid "<emphasis>2</emphasis>: show informational messages" msgstr "<emphasis>2</emphasis>: mostrar mensajes informativos" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1460 +#: sssd.conf.5.xml:1461 msgid "<emphasis>3</emphasis>: show all messages and debug information" msgstr "" "<emphasis>3</emphasis>: mostrar todos los mensajes e información de " "depuración" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1464 sssd.8.xml:63 +#: sssd.conf.5.xml:1465 sssd.8.xml:63 msgid "Default: 1" msgstr "Predeterminado: 1" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1470 +#: sssd.conf.5.xml:1471 #, fuzzy #| msgid "pam_response_filter (integer)" msgid "pam_response_filter (string)" msgstr "pam_response_filter (entero)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1473 +#: sssd.conf.5.xml:1474 msgid "" "A comma separated list of strings which allows to remove (filter) data sent " "by the PAM responder to pam_sss PAM module. There are different kind of " @@ -2250,7 +2250,7 @@ msgstr "" "variables de entorno que deberían ser fijadas por pam_sss." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1481 +#: sssd.conf.5.xml:1482 msgid "" "While messages already can be controlled with the help of the pam_verbosity " "option this option allows to filter out other kind of responses as well." @@ -2259,37 +2259,37 @@ msgstr "" "pam_verbosity esta opción permite filtrar otra clase de respuestas también." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1488 +#: sssd.conf.5.xml:1489 msgid "ENV" msgstr "ENV" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1489 +#: sssd.conf.5.xml:1490 msgid "Do not send any environment variables to any service." msgstr "No envía ninguna variable de entorno a ningún servicio." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1492 +#: sssd.conf.5.xml:1493 msgid "ENV:var_name" msgstr "ENV:var_name" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1493 +#: sssd.conf.5.xml:1494 msgid "Do not send environment variable var_name to any service." msgstr "No envía la variable de entorno var_name a ningún servicio." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1497 +#: sssd.conf.5.xml:1498 msgid "ENV:var_name:service" msgstr "ENV:var_name:service" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1498 +#: sssd.conf.5.xml:1499 msgid "Do not send environment variable var_name to service." msgstr "No envía la variable de entorno var_name al servicio." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1486 +#: sssd.conf.5.xml:1487 msgid "" "Currently the following filters are supported: <placeholder " "type=\"variablelist\" id=\"0\"/>" @@ -2298,7 +2298,7 @@ msgstr "" "type=\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1505 +#: sssd.conf.5.xml:1506 msgid "" "The list of strings can either be the list of filters which would set this " "list of filters and overwrite the defaults. Or each element of the list can " @@ -2309,25 +2309,25 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1516 +#: sssd.conf.5.xml:1517 #, fuzzy #| msgid "Example: ENV:KRB5CCNAME:sudo-i" msgid "Default: ENV:KRB5CCNAME:sudo, ENV:KRB5CCNAME:sudo-i" msgstr "Ejemplo: ENV:KRB5CCNAME:sudo-i" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1519 +#: sssd.conf.5.xml:1520 msgid "" "Example: -ENV:KRB5CCNAME:sudo-i will remove the filter from the default list" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1526 +#: sssd.conf.5.xml:1527 msgid "pam_id_timeout (integer)" msgstr "pam_id_timeout (entero)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1529 +#: sssd.conf.5.xml:1530 msgid "" "For any PAM request while SSSD is online, the SSSD will attempt to " "immediately update the cached identity information for the user in order to " @@ -2339,7 +2339,7 @@ msgstr "" "información más actual." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1535 +#: sssd.conf.5.xml:1536 msgid "" "A complete PAM conversation may perform multiple PAM requests, such as " "account management and session opening. This option controls (on a per-" @@ -2353,17 +2353,17 @@ msgstr "" "proveedor de identidad." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1549 +#: sssd.conf.5.xml:1550 msgid "pam_pwd_expiration_warning (integer)" msgstr "pam_pwd_expiration_warning (entero)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1552 sssd.conf.5.xml:2987 +#: sssd.conf.5.xml:1553 sssd.conf.5.xml:2988 msgid "Display a warning N days before the password expires." msgstr "Mostrar una advertencia N días antes que la contraseña caduque." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1555 +#: sssd.conf.5.xml:1556 msgid "" "Please note that the backend server has to provide information about the " "expiration time of the password. If this information is missing, sssd " @@ -2374,7 +2374,7 @@ msgstr "" "información desaparece, sssd no podrá mostrar un aviso." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1561 sssd.conf.5.xml:2990 +#: sssd.conf.5.xml:1562 sssd.conf.5.xml:2991 msgid "" "If zero is set, then this filter is not applied, i.e. if the expiration " "warning was received from backend server, it will automatically be displayed." @@ -2384,7 +2384,7 @@ msgstr "" "automáticamente." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1566 +#: sssd.conf.5.xml:1567 msgid "" "This setting can be overridden by setting <emphasis>pwd_expiration_warning</" "emphasis> for a particular domain." @@ -2393,17 +2393,17 @@ msgstr "" "<emphasis>pwd_expiration_warning</emphasis> para un dominio concreto." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1571 sssd.conf.5.xml:3976 sssd-ldap.5.xml:606 sssd.8.xml:79 +#: sssd.conf.5.xml:1572 sssd.conf.5.xml:3977 sssd-ldap.5.xml:606 sssd.8.xml:79 msgid "Default: 0" msgstr "Predeterminado: 0" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1588 +#: sssd.conf.5.xml:1589 msgid "pam_trusted_users (string)" msgstr "pam_trusted_users (cadena)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1591 +#: sssd.conf.5.xml:1592 msgid "" "Specifies the comma-separated list of UID values or user names that are " "allowed to run PAM conversations against trusted domains. Users not " @@ -2418,12 +2418,12 @@ msgstr "" "nombres de usuarios se resuelven a UIDs en el arranque." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1601 +#: sssd.conf.5.xml:1602 msgid "Default: All users are considered trusted by default" msgstr "Por defecto: Todos los usuarios se consideran de confianza por defecto" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1605 +#: sssd.conf.5.xml:1606 msgid "" "Please note that UID 0 is always allowed to access the PAM responder even in " "case it is not in the pam_trusted_users list." @@ -2432,12 +2432,12 @@ msgstr "" "aunque no está en la la lista pam_trusted_users." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1612 +#: sssd.conf.5.xml:1613 msgid "pam_public_domains (string)" msgstr "pam_public_domains (cadena)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1615 +#: sssd.conf.5.xml:1616 msgid "" "Specifies the comma-separated list of domain names that are accessible even " "to untrusted users." @@ -2446,13 +2446,13 @@ msgstr "" "accesibles hasta para los usuarios en los que no se confíe." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1619 +#: sssd.conf.5.xml:1620 msgid "Two special values for pam_public_domains option are defined:" msgstr "" "Hay definidos dos valores especiales para la opción pam_public_domains:" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1623 +#: sssd.conf.5.xml:1624 msgid "" "all (Untrusted users are allowed to access all domains in PAM responder.)" msgstr "" @@ -2460,7 +2460,7 @@ msgstr "" "dominios en el contestador PAM.)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1627 +#: sssd.conf.5.xml:1628 msgid "" "none (Untrusted users are not allowed to access any domains PAM in " "responder.)" @@ -2469,19 +2469,19 @@ msgstr "" "dominios PAM en el contestador.)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1631 sssd.conf.5.xml:1656 sssd.conf.5.xml:1675 -#: sssd.conf.5.xml:1912 sssd.conf.5.xml:2732 sssd.conf.5.xml:3905 +#: sssd.conf.5.xml:1632 sssd.conf.5.xml:1657 sssd.conf.5.xml:1676 +#: sssd.conf.5.xml:1913 sssd.conf.5.xml:2733 sssd.conf.5.xml:3906 #: sssd-ldap.5.xml:1207 msgid "Default: none" msgstr "Predeterminado: none" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1636 +#: sssd.conf.5.xml:1637 msgid "pam_account_expired_message (string)" msgstr "pam_account_expired_message (cadena)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1639 +#: sssd.conf.5.xml:1640 msgid "" "Allows a custom expiration message to be set, replacing the default " "'Permission denied' message." @@ -2490,7 +2490,7 @@ msgstr "" "mensaje predeterminado 'Permiso denegado'." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1644 +#: sssd.conf.5.xml:1645 msgid "" "Note: Please be aware that message is only printed for the SSH service " "unless pam_verbosity is set to 3 (show all messages and debug information)." @@ -2500,7 +2500,7 @@ msgstr "" "mensajes e información de depuración)." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1652 +#: sssd.conf.5.xml:1653 #, no-wrap msgid "" "pam_account_expired_message = Account expired, please contact help desk.\n" @@ -2510,12 +2510,12 @@ msgstr "" " " #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1661 +#: sssd.conf.5.xml:1662 msgid "pam_account_locked_message (string)" msgstr "pam_account_locked_message (cadena)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1664 +#: sssd.conf.5.xml:1665 msgid "" "Allows a custom lockout message to be set, replacing the default 'Permission " "denied' message." @@ -2524,7 +2524,7 @@ msgstr "" "por defecto 'Permiso denegado'." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1671 +#: sssd.conf.5.xml:1672 #, no-wrap msgid "" "pam_account_locked_message = Account locked, please contact help desk.\n" @@ -2534,19 +2534,19 @@ msgstr "" " " #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1680 +#: sssd.conf.5.xml:1681 #, fuzzy #| msgid "pam_cert_auth (bool)" msgid "pam_passkey_auth (bool)" msgstr "pam_cert_auth (booleano)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1683 +#: sssd.conf.5.xml:1684 msgid "Enable passkey device based authentication." msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1686 sssd.conf.5.xml:1697 sssd.conf.5.xml:1711 +#: sssd.conf.5.xml:1687 sssd.conf.5.xml:1698 sssd.conf.5.xml:1712 #: sssd-ldap.5.xml:671 sssd-ldap.5.xml:692 sssd-ldap.5.xml:788 #: sssd-ldap.5.xml:1293 sssd-ad.5.xml:505 sssd-ad.5.xml:581 sssd-ad.5.xml:1126 #: sssd-ad.5.xml:1175 include/ldap_id_mapping.xml:250 @@ -2554,22 +2554,22 @@ msgid "Default: False" msgstr "Por defecto: False" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1691 +#: sssd.conf.5.xml:1692 msgid "passkey_debug_libfido2 (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1694 +#: sssd.conf.5.xml:1695 msgid "Enable libfido2 library debug messages." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1702 +#: sssd.conf.5.xml:1703 msgid "pam_cert_auth (bool)" msgstr "pam_cert_auth (booleano)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1705 +#: sssd.conf.5.xml:1706 msgid "" "Enable certificate based Smartcard authentication. Since this requires " "additional communication with the Smartcard which will delay the " @@ -2580,22 +2580,22 @@ msgstr "" "de autenticación esta opción está deshabilitada por defecto." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1716 +#: sssd.conf.5.xml:1717 msgid "pam_cert_db_path (string)" msgstr "pam_cert_db_path (cadena)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1719 +#: sssd.conf.5.xml:1720 msgid "The path to the certificate database." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1722 sssd.conf.5.xml:2247 sssd.conf.5.xml:4308 +#: sssd.conf.5.xml:1723 sssd.conf.5.xml:2248 sssd.conf.5.xml:4354 msgid "Default:" msgstr "Predeterminado:" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1724 sssd.conf.5.xml:2249 +#: sssd.conf.5.xml:1725 sssd.conf.5.xml:2250 #, fuzzy #| msgid "" #| "/etc/sssd/pki/sssd_auth_ca_db.pem (OpenSSL version, path to a file with " @@ -2608,14 +2608,14 @@ msgstr "" "certificados CA de confianza en formato PEM)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1734 +#: sssd.conf.5.xml:1735 #, fuzzy #| msgid "certificate_verification (string)" msgid "pam_cert_verification (string)" msgstr "certificate_verification (cadena)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1737 +#: sssd.conf.5.xml:1738 #, fuzzy #| msgid "" #| "With this parameter the certificate verification can be tuned with a " @@ -2633,7 +2633,7 @@ msgstr "" "<placeholder type=\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1748 +#: sssd.conf.5.xml:1749 #, fuzzy, no-wrap #| msgid "" #| "pam_p11_allowed_services = +my_pam_service, -login\n" @@ -2646,31 +2646,31 @@ msgstr "" " " #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1752 +#: sssd.conf.5.xml:1753 msgid "" "Default: not set, i.e. use default <quote>certificate_verification</quote> " "option defined in <quote>[sssd]</quote> section." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1759 +#: sssd.conf.5.xml:1760 msgid "p11_child_timeout (integer)" msgstr "p11_child_timeout (entero)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1762 +#: sssd.conf.5.xml:1763 msgid "How many seconds will pam_sss wait for p11_child to finish." msgstr "Cuantos segundos esperará pam_sss wait para que p11_child finalice." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1771 +#: sssd.conf.5.xml:1772 #, fuzzy #| msgid "p11_child_timeout (integer)" msgid "passkey_child_timeout (integer)" msgstr "p11_child_timeout (entero)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1774 +#: sssd.conf.5.xml:1775 #, fuzzy #| msgid "How many seconds will pam_sss wait for p11_child to finish." msgid "" @@ -2678,12 +2678,12 @@ msgid "" msgstr "Cuantos segundos esperará pam_sss wait para que p11_child finalice." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1783 +#: sssd.conf.5.xml:1784 msgid "pam_app_services (string)" msgstr "pam_app_services (cadena)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1786 +#: sssd.conf.5.xml:1787 msgid "" "Which PAM services are permitted to contact domains of type " "<quote>application</quote>" @@ -2692,12 +2692,12 @@ msgstr "" "tipo <quote>application</quote>" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1795 +#: sssd.conf.5.xml:1796 msgid "pam_p11_allowed_services (integer)" msgstr "pam_p11_allowed_services (entero)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1798 +#: sssd.conf.5.xml:1799 msgid "" "A comma-separated list of PAM service names for which it will be allowed to " "use Smartcards." @@ -2706,7 +2706,7 @@ msgstr "" "permitidos usar Smartcards." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1813 +#: sssd.conf.5.xml:1814 #, no-wrap msgid "" "pam_p11_allowed_services = +my_pam_service, -login\n" @@ -2716,7 +2716,7 @@ msgstr "" " " #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1802 +#: sssd.conf.5.xml:1803 msgid "" "It is possible to add another PAM service name to the default set by using " "<quote>+service_name</quote> or to explicitly remove a PAM service name from " @@ -2736,7 +2736,7 @@ msgstr "" "id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1817 sssd-ad.5.xml:644 sssd-ad.5.xml:753 sssd-ad.5.xml:811 +#: sssd.conf.5.xml:1818 sssd-ad.5.xml:644 sssd-ad.5.xml:753 sssd-ad.5.xml:811 #: sssd-ad.5.xml:869 sssd-ad.5.xml:947 msgid "Default: the default set of PAM service names includes:" msgstr "" @@ -2744,57 +2744,57 @@ msgstr "" "incluye:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1822 sssd-ad.5.xml:648 +#: sssd.conf.5.xml:1823 sssd-ad.5.xml:648 msgid "login" msgstr "login" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1827 sssd-ad.5.xml:653 +#: sssd.conf.5.xml:1828 sssd-ad.5.xml:653 msgid "su" msgstr "su" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1832 sssd-ad.5.xml:658 +#: sssd.conf.5.xml:1833 sssd-ad.5.xml:658 msgid "su-l" msgstr "su-l" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1837 sssd-ad.5.xml:673 +#: sssd.conf.5.xml:1838 sssd-ad.5.xml:673 msgid "gdm-smartcard" msgstr "gdm-smartcard" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1842 sssd-ad.5.xml:668 +#: sssd.conf.5.xml:1843 sssd-ad.5.xml:668 msgid "gdm-password" msgstr "gdm-password" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1847 sssd-ad.5.xml:678 +#: sssd.conf.5.xml:1848 sssd-ad.5.xml:678 msgid "kdm" msgstr "kdm" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1852 sssd-ad.5.xml:956 +#: sssd.conf.5.xml:1853 sssd-ad.5.xml:956 msgid "sudo" msgstr "sudo" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1857 sssd-ad.5.xml:961 +#: sssd.conf.5.xml:1858 sssd-ad.5.xml:961 msgid "sudo-i" msgstr "sudo-i" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1862 +#: sssd.conf.5.xml:1863 msgid "gnome-screensaver" msgstr "gnome-screensaver" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1870 +#: sssd.conf.5.xml:1871 msgid "p11_wait_for_card_timeout (integer)" msgstr "p11_wait_for_card_timeout (entero)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1873 +#: sssd.conf.5.xml:1874 msgid "" "If Smartcard authentication is required how many extra seconds in addition " "to p11_child_timeout should the PAM responder wait until a Smartcard is " @@ -2805,12 +2805,12 @@ msgstr "" "inserte la Smartcard." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1884 +#: sssd.conf.5.xml:1885 msgid "p11_uri (string)" msgstr "p11_uri (cadena)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1887 +#: sssd.conf.5.xml:1888 msgid "" "PKCS#11 URI (see RFC-7512 for details) which can be used to restrict the " "selection of devices used for Smartcard authentication. By default SSSD's " @@ -2828,7 +2828,7 @@ msgstr "" "específico." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1900 +#: sssd.conf.5.xml:1901 #, fuzzy, no-wrap #| msgid "" #| "p11_uri = library-description=OpenSC%20smartcard%20framework;slot-id=2\n" @@ -2841,7 +2841,7 @@ msgstr "" " " #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1904 +#: sssd.conf.5.xml:1905 #, fuzzy, no-wrap #| msgid "" #| "p11_uri = library-description=OpenSC%20smartcard%20framework;slot-id=2\n" @@ -2854,7 +2854,7 @@ msgstr "" " " #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1898 +#: sssd.conf.5.xml:1899 msgid "" "Example: <placeholder type=\"programlisting\" id=\"0\"/> or <placeholder " "type=\"programlisting\" id=\"1\"/> To find suitable URI please check the " @@ -2867,47 +2867,47 @@ msgstr "" "GnuTLS 'p11tool' con e.g. '--list-all' mostrará PKCS#11 URIs también." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1917 +#: sssd.conf.5.xml:1918 msgid "pam_initgroups_scheme" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1925 +#: sssd.conf.5.xml:1926 msgid "always" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1926 +#: sssd.conf.5.xml:1927 msgid "" "Always do an online lookup, please note that pam_id_timeout still applies" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1930 +#: sssd.conf.5.xml:1931 msgid "no_session" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1931 +#: sssd.conf.5.xml:1932 msgid "" "Only do an online lookup if there is no active session of the user, i.e. if " "the user is currently not logged in" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1936 +#: sssd.conf.5.xml:1937 msgid "never" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1937 +#: sssd.conf.5.xml:1938 msgid "" "Never force an online lookup, use the data from the cache as long as they " "are not expired" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1920 +#: sssd.conf.5.xml:1921 msgid "" "The PAM responder can force an online lookup to get the current group " "memberships of the user trying to log in. This option controls when this " @@ -2916,19 +2916,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1944 +#: sssd.conf.5.xml:1945 msgid "Default: no_session" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1949 sssd.conf.5.xml:4247 +#: sssd.conf.5.xml:1950 sssd.conf.5.xml:4293 #, fuzzy #| msgid "pam_app_services (string)" msgid "pam_gssapi_services" msgstr "pam_app_services (cadena)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1952 +#: sssd.conf.5.xml:1953 #, fuzzy #| msgid "Comma separated list of users who are allowed to log in." msgid "" @@ -2937,13 +2937,13 @@ msgid "" msgstr "Lista separada por comas de usuarios a los está permitido el acceso." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1957 +#: sssd.conf.5.xml:1958 msgid "" "To disable GSSAPI authentication, set this option to <quote>-</quote> (dash)." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1961 sssd.conf.5.xml:1992 sssd.conf.5.xml:2030 +#: sssd.conf.5.xml:1962 sssd.conf.5.xml:1993 sssd.conf.5.xml:2031 msgid "" "Note: This option can also be set per-domain which overwrites the value in " "[pam] section. It can also be set for trusted domain which overwrites the " @@ -2951,7 +2951,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1969 +#: sssd.conf.5.xml:1970 #, fuzzy, no-wrap #| msgid "" #| "pam_p11_allowed_services = +my_pam_service, -login\n" @@ -2964,22 +2964,22 @@ msgstr "" " " #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1967 sssd.conf.5.xml:3899 +#: sssd.conf.5.xml:1968 sssd.conf.5.xml:3900 msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>" msgstr "Ejemplo: <placeholder type=\"programlisting\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1973 +#: sssd.conf.5.xml:1974 msgid "Default: - (GSSAPI authentication is disabled)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1978 sssd.conf.5.xml:4248 +#: sssd.conf.5.xml:1979 sssd.conf.5.xml:4294 msgid "pam_gssapi_check_upn" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1981 +#: sssd.conf.5.xml:1982 msgid "" "If True, SSSD will require that the Kerberos user principal that " "successfully authenticated through GSSAPI can be associated with the user " @@ -2987,25 +2987,25 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1988 +#: sssd.conf.5.xml:1989 msgid "" "If False, every user that is able to obtained required service ticket will " "be authenticated." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1998 sssd-ad.5.xml:1266 sss_rpcidmapd.5.xml:76 +#: sssd.conf.5.xml:1999 sssd-ad.5.xml:1266 sss_rpcidmapd.5.xml:76 #: sssd-files.5.xml:145 msgid "Default: True" msgstr "Predeterminado: True" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2003 +#: sssd.conf.5.xml:2004 msgid "pam_gssapi_indicators_map" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2006 +#: sssd.conf.5.xml:2007 msgid "" "Comma separated list of authentication indicators required to be present in " "a Kerberos ticket to access a PAM service that is allowed to try GSSAPI " @@ -3013,7 +3013,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2012 +#: sssd.conf.5.xml:2013 msgid "" "Each element of the list can be either an authentication indicator name or a " "pair <quote>service:indicator</quote>. Indicators not prefixed with the PAM " @@ -3028,7 +3028,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2025 +#: sssd.conf.5.xml:2026 msgid "" "To disable GSSAPI authentication indicator check, set this option to <quote>-" "</quote> (dash). To disable the check for a specific PAM service, add " @@ -3036,45 +3036,45 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2036 +#: sssd.conf.5.xml:2037 msgid "" "Following authentication indicators are supported by IPA Kerberos " "deployments:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2039 +#: sssd.conf.5.xml:2040 msgid "" "pkinit -- pre-authentication using X.509 certificates -- whether stored in " "files or on smart cards." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2042 +#: sssd.conf.5.xml:2043 msgid "" "hardened -- SPAKE pre-authentication or any pre-authentication wrapped in a " "FAST channel." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2045 +#: sssd.conf.5.xml:2046 msgid "radius -- pre-authentication with the help of a RADIUS server." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2048 +#: sssd.conf.5.xml:2049 msgid "" "otp -- pre-authentication using integrated two-factor authentication (2FA or " "one-time password, OTP) in IPA." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2051 +#: sssd.conf.5.xml:2052 msgid "idp -- pre-authentication using external identity provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:2061 +#: sssd.conf.5.xml:2062 #, fuzzy, no-wrap #| msgid "" #| "pam_p11_allowed_services = +my_pam_service, -login\n" @@ -3087,7 +3087,7 @@ msgstr "" " " #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2056 +#: sssd.conf.5.xml:2057 msgid "" "Example: to require access to SUDO services only for users which obtained " "their Kerberos tickets with a X.509 certificate pre-authentication (PKINIT), " @@ -3095,7 +3095,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2065 +#: sssd.conf.5.xml:2066 #, fuzzy #| msgid "Default: not set (no substitution for unset home directories)" msgid "Default: not set (use of authentication indicators is not required)" @@ -3103,12 +3103,12 @@ msgstr "" "Por defecto: no fijado (sin sustitución para los directorios home no fijados)" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:2073 +#: sssd.conf.5.xml:2074 msgid "SUDO configuration options" msgstr "SUDO opciones de configuración" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2075 +#: sssd.conf.5.xml:2076 msgid "" "These options can be used to configure the sudo service. The detailed " "instructions for configuration of <citerefentry> <refentrytitle>sudo</" @@ -3126,12 +3126,12 @@ msgstr "" "manvolnum> </citerefentry>." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2092 +#: sssd.conf.5.xml:2093 msgid "sudo_timed (bool)" msgstr "sudo_timed (booleano)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2095 +#: sssd.conf.5.xml:2096 msgid "" "Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes " "that implement time-dependent sudoers entries." @@ -3140,12 +3140,12 @@ msgstr "" "entradas de sudoers dependientes del tiempo." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2107 +#: sssd.conf.5.xml:2108 msgid "sudo_threshold (integer)" msgstr "sudo_threshold (entero)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2110 +#: sssd.conf.5.xml:2111 msgid "" "Maximum number of expired rules that can be refreshed at once. If number of " "expired rules is below threshold, those rules are refreshed with " @@ -3161,22 +3161,22 @@ msgstr "" "comando." #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:2129 +#: sssd.conf.5.xml:2130 msgid "AUTOFS configuration options" msgstr "Opciones de configuración AUTOFS" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2131 +#: sssd.conf.5.xml:2132 msgid "These options can be used to configure the autofs service." msgstr "Estas opciones pueden ser usadas para configurar el servicio autofs." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2135 +#: sssd.conf.5.xml:2136 msgid "autofs_negative_timeout (integer)" msgstr "autofs_negative_timeout (entero)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2138 +#: sssd.conf.5.xml:2139 msgid "" "Specifies for how many seconds should the autofs responder negative cache " "hits (that is, queries for invalid map entries, like nonexistent ones) " @@ -3187,22 +3187,22 @@ msgstr "" "existentes) antes de preguntar al punto final otra vez." #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:2154 +#: sssd.conf.5.xml:2155 msgid "SSH configuration options" msgstr "Opciones de configuración SSH" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2156 +#: sssd.conf.5.xml:2157 msgid "These options can be used to configure the SSH service." msgstr "Estas opciones se pueden usar para configurar el servicio SSH." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2160 +#: sssd.conf.5.xml:2161 msgid "ssh_hash_known_hosts (bool)" msgstr "ssh_hash_known_hosts (booleano)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2163 +#: sssd.conf.5.xml:2164 msgid "" "Whether or not to hash host names and addresses in the managed known_hosts " "file." @@ -3211,12 +3211,12 @@ msgstr "" "known_host. " #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2172 +#: sssd.conf.5.xml:2173 msgid "ssh_known_hosts_timeout (integer)" msgstr "ssh_known_hosts_timeout (entero)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2175 +#: sssd.conf.5.xml:2176 msgid "" "How many seconds to keep a host in the managed known_hosts file after its " "host keys were requested." @@ -3225,17 +3225,17 @@ msgstr "" "después de que se hayan pedido sus claves de host." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2179 +#: sssd.conf.5.xml:2180 msgid "Default: 180" msgstr "Por defecto: 180" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2184 +#: sssd.conf.5.xml:2185 msgid "ssh_use_certificate_keys (bool)" msgstr "ssh_use_certificate_keys (booleano)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2187 +#: sssd.conf.5.xml:2188 msgid "" "If set to true the <command>sss_ssh_authorizedkeys</command> will return ssh " "keys derived from the public key of X.509 certificates stored in the user " @@ -3249,12 +3249,12 @@ msgstr "" "manvolnum> </citerefentry> for details." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2202 +#: sssd.conf.5.xml:2203 msgid "ssh_use_certificate_matching_rules (string)" msgstr "ssh_use_certificate_matching_rules (cadena)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2205 +#: sssd.conf.5.xml:2206 msgid "" "By default the ssh responder will use all available certificate matching " "rules to filter the certificates so that ssh keys are only derived from the " @@ -3269,7 +3269,7 @@ msgstr "" "de reglas que coincidan y mapeen. Todas las demás reglas serán ignoradas." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2214 +#: sssd.conf.5.xml:2215 msgid "" "There are two special key words 'all_rules' and 'no_rules' which will enable " "all or no rules, respectively. The latter means that no certificates will be " @@ -3277,7 +3277,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2221 +#: sssd.conf.5.xml:2222 msgid "" "If no rules are configured using 'all_rules' will enable a default rule " "which enables all certificates suitable for client authentication. This is " @@ -3286,26 +3286,26 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2228 +#: sssd.conf.5.xml:2229 msgid "" "A non-existing rule name is considered an error. If as a result no rule is " "selected all certificates will be ignored." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2233 +#: sssd.conf.5.xml:2234 msgid "" "Default: not set, equivalent to 'all_rules', all found rules or the default " "rule are used" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2239 +#: sssd.conf.5.xml:2240 msgid "ca_db (string)" msgstr "ca_db (cadena)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2242 +#: sssd.conf.5.xml:2243 msgid "" "Path to a storage of trusted CA certificates. The option is used to validate " "user certificates before deriving public ssh keys from them." @@ -3315,12 +3315,12 @@ msgstr "" "públicas ssh de ellos." #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:2262 +#: sssd.conf.5.xml:2263 msgid "PAC responder configuration options" msgstr "Opciones de configuración del respondedor PAC" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2264 +#: sssd.conf.5.xml:2265 msgid "" "The PAC responder works together with the authorization data plugin for MIT " "Kerberos sssd_pac_plugin.so and a sub-domain provider. The plugin sends the " @@ -3338,7 +3338,7 @@ msgstr "" "se hacen algunas de las siguientes operaciones:" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2273 +#: sssd.conf.5.xml:2274 msgid "" "If the remote user does not exist in the cache, it is created. The UID is " "determined with the help of the SID, trusted domains will have UPGs and the " @@ -3354,7 +3354,7 @@ msgstr "" "predeterminado, pero se puede sustituir con el parámetro default_shell." #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2281 +#: sssd.conf.5.xml:2282 msgid "" "If there are SIDs of groups from domains sssd knows about, the user will be " "added to those groups." @@ -3363,17 +3363,17 @@ msgstr "" "a esos grupos." #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2287 +#: sssd.conf.5.xml:2288 msgid "These options can be used to configure the PAC responder." msgstr "Estas opciones pueden ser usadas para configurar el respondedor PAC." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2291 sssd-ifp.5.xml:66 +#: sssd.conf.5.xml:2292 sssd-ifp.5.xml:66 msgid "allowed_uids (string)" msgstr "allowed_uids (cadena)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2294 +#: sssd.conf.5.xml:2295 msgid "" "Specifies the comma-separated list of UID values or user names that are " "allowed to access the PAC responder. User names are resolved to UIDs at " @@ -3383,14 +3383,14 @@ msgstr "" "usuario que tiene el acceso permitido al respondedor PAC." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2300 +#: sssd.conf.5.xml:2301 msgid "Default: 0 (only the root user is allowed to access the PAC responder)" msgstr "" "Por defecto: 0 (sólo el usuario root tiene permitido el acceso al " "respondedor PAC)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2304 +#: sssd.conf.5.xml:2305 msgid "" "Please note that although the UID 0 is used as the default it will be " "overwritten with this option. If you still want to allow the root user to " @@ -3403,12 +3403,12 @@ msgstr "" "lista de UIDs permitidas también." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2313 +#: sssd.conf.5.xml:2314 msgid "pac_lifetime (integer)" msgstr "pac_lifetime (entero)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2316 +#: sssd.conf.5.xml:2317 msgid "" "Lifetime of the PAC entry in seconds. As long as the PAC is valid the PAC " "data can be used to determine the group memberships of a user." @@ -3418,14 +3418,14 @@ msgstr "" "usuario." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2326 +#: sssd.conf.5.xml:2327 #, fuzzy #| msgid "ldap_schema (string)" msgid "pac_check (string)" msgstr "ldap_schema (cadena)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2329 +#: sssd.conf.5.xml:2330 msgid "" "Apply additional checks on the PAC of the Kerberos ticket which is available " "in Active Directory and FreeIPA domains, if configured. Please note that " @@ -3436,24 +3436,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2343 +#: sssd.conf.5.xml:2344 msgid "no_check" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2345 +#: sssd.conf.5.xml:2346 msgid "" "The PAC must not be present and even if it is present no additional checks " "will be done." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2351 +#: sssd.conf.5.xml:2352 msgid "pac_present" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2353 +#: sssd.conf.5.xml:2354 msgid "" "The PAC must be present in the service ticket which SSSD will request with " "the help of the user's TGT. If the PAC is not available the authentication " @@ -3461,24 +3461,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2361 +#: sssd.conf.5.xml:2362 msgid "check_upn" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2363 +#: sssd.conf.5.xml:2364 msgid "" "If the PAC is present check if the user principal name (UPN) information is " "consistent." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2369 +#: sssd.conf.5.xml:2370 msgid "check_upn_allow_missing" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2371 +#: sssd.conf.5.xml:2372 msgid "" "This option should be used together with 'check_upn' and handles the case " "where a UPN is set on the server-side but is not read by SSSD. The typical " @@ -3490,7 +3490,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2383 +#: sssd.conf.5.xml:2384 msgid "" "Currently this option is set by default to avoid regressions in such " "environments. A log message will be added to the system log and SSSD's debug " @@ -3501,41 +3501,41 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2397 +#: sssd.conf.5.xml:2398 msgid "upn_dns_info_present" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2399 +#: sssd.conf.5.xml:2400 msgid "The PAC must contain the UPN-DNS-INFO buffer, implies 'check_upn'." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2404 +#: sssd.conf.5.xml:2405 msgid "check_upn_dns_info_ex" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2406 +#: sssd.conf.5.xml:2407 msgid "" "If the PAC is present and the extension to the UPN-DNS-INFO buffer is " "available check if the information in the extension is consistent." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2413 +#: sssd.conf.5.xml:2414 msgid "upn_dns_info_ex_present" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2415 +#: sssd.conf.5.xml:2416 msgid "" "The PAC must contain the extension of the UPN-DNS-INFO buffer, implies " "'check_upn_dns_info_ex', 'upn_dns_info_present' and 'check_upn'." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2339 +#: sssd.conf.5.xml:2340 #, fuzzy #| msgid "" #| "The following expansions are supported: <placeholder " @@ -3548,19 +3548,19 @@ msgstr "" "type=\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2425 +#: sssd.conf.5.xml:2426 msgid "" "Default: no_check (AD and IPA provider 'check_upn, check_upn_allow_missing, " "check_upn_dns_info_ex')" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:2434 +#: sssd.conf.5.xml:2435 msgid "Session recording configuration options" msgstr "Opciones de configuración de la grabación de sesión" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2436 +#: sssd.conf.5.xml:2437 msgid "" "Session recording works in conjunction with <citerefentry> " "<refentrytitle>tlog-rec-session</refentrytitle> <manvolnum>8</manvolnum> </" @@ -3576,32 +3576,32 @@ msgstr "" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2449 +#: sssd.conf.5.xml:2450 msgid "These options can be used to configure session recording." msgstr "Se pueden usar estas opciones para configurar la grabación de sesión." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2453 sssd-session-recording.5.xml:64 +#: sssd.conf.5.xml:2454 sssd-session-recording.5.xml:64 msgid "scope (string)" msgstr "scope (cadena)" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2460 sssd-session-recording.5.xml:71 +#: sssd.conf.5.xml:2461 sssd-session-recording.5.xml:71 msgid "\"none\"" msgstr "\"none\"" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2463 sssd-session-recording.5.xml:74 +#: sssd.conf.5.xml:2464 sssd-session-recording.5.xml:74 msgid "No users are recorded." msgstr "NO se grabaron usuarios." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2468 sssd-session-recording.5.xml:79 +#: sssd.conf.5.xml:2469 sssd-session-recording.5.xml:79 msgid "\"some\"" msgstr "\"some\"" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2471 sssd-session-recording.5.xml:82 +#: sssd.conf.5.xml:2472 sssd-session-recording.5.xml:82 msgid "" "Users/groups specified by <replaceable>users</replaceable> and " "<replaceable>groups</replaceable> options are recorded." @@ -3610,17 +3610,17 @@ msgstr "" "replaceable> y<replaceable>groups</replaceable> son grabados." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2480 sssd-session-recording.5.xml:91 +#: sssd.conf.5.xml:2481 sssd-session-recording.5.xml:91 msgid "\"all\"" msgstr "\"all\"" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2483 sssd-session-recording.5.xml:94 +#: sssd.conf.5.xml:2484 sssd-session-recording.5.xml:94 msgid "All users are recorded." msgstr "Se graban todos los usuarios." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2456 sssd-session-recording.5.xml:67 +#: sssd.conf.5.xml:2457 sssd-session-recording.5.xml:67 msgid "" "One of the following strings specifying the scope of session recording: " "<placeholder type=\"variablelist\" id=\"0\"/>" @@ -3629,17 +3629,17 @@ msgstr "" "grabación: <placeholder type=\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2490 sssd-session-recording.5.xml:101 +#: sssd.conf.5.xml:2491 sssd-session-recording.5.xml:101 msgid "Default: \"none\"" msgstr "Predeterminado: \"none\"" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2495 sssd-session-recording.5.xml:106 +#: sssd.conf.5.xml:2496 sssd-session-recording.5.xml:106 msgid "users (string)" msgstr "users (cadena)" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2498 sssd-session-recording.5.xml:109 +#: sssd.conf.5.xml:2499 sssd-session-recording.5.xml:109 msgid "" "A comma-separated list of users which should have session recording enabled. " "Matches user names as returned by NSS. I.e. after the possible space " @@ -3651,17 +3651,17 @@ msgstr "" "mayúsculas/minúsculas, etc." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2504 sssd-session-recording.5.xml:115 +#: sssd.conf.5.xml:2505 sssd-session-recording.5.xml:115 msgid "Default: Empty. Matches no users." msgstr "Predeterminado: Vacío. No hay usuarios coincidentes." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2509 sssd-session-recording.5.xml:120 +#: sssd.conf.5.xml:2510 sssd-session-recording.5.xml:120 msgid "groups (string)" msgstr "groups (cadena)" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2512 sssd-session-recording.5.xml:123 +#: sssd.conf.5.xml:2513 sssd-session-recording.5.xml:123 msgid "" "A comma-separated list of groups, members of which should have session " "recording enabled. Matches group names as returned by NSS. I.e. after the " @@ -3673,7 +3673,7 @@ msgstr "" "minúsculas, etc." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2518 sssd.conf.5.xml:2550 sssd-session-recording.5.xml:129 +#: sssd.conf.5.xml:2519 sssd.conf.5.xml:2551 sssd-session-recording.5.xml:129 #: sssd-session-recording.5.xml:161 msgid "" "NOTE: using this option (having it set to anything) has a considerable " @@ -3686,64 +3686,64 @@ msgstr "" "pertenece el usuario." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2525 sssd-session-recording.5.xml:136 +#: sssd.conf.5.xml:2526 sssd-session-recording.5.xml:136 msgid "Default: Empty. Matches no groups." msgstr "Predeterminado: Vacío. No empareja grupos." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2530 sssd-session-recording.5.xml:141 +#: sssd.conf.5.xml:2531 sssd-session-recording.5.xml:141 #, fuzzy #| msgid "users (string)" msgid "exclude_users (string)" msgstr "users (cadena)" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2533 sssd-session-recording.5.xml:144 +#: sssd.conf.5.xml:2534 sssd-session-recording.5.xml:144 msgid "" "A comma-separated list of users to be excluded from recording, only " "applicable with 'scope=all'." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2537 sssd-session-recording.5.xml:148 +#: sssd.conf.5.xml:2538 sssd-session-recording.5.xml:148 #, fuzzy #| msgid "Default: Empty. Matches no users." msgid "Default: Empty. No users excluded." msgstr "Predeterminado: Vacío. No hay usuarios coincidentes." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2542 sssd-session-recording.5.xml:153 +#: sssd.conf.5.xml:2543 sssd-session-recording.5.xml:153 #, fuzzy #| msgid "groups (string)" msgid "exclude_groups (string)" msgstr "groups (cadena)" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2545 sssd-session-recording.5.xml:156 +#: sssd.conf.5.xml:2546 sssd-session-recording.5.xml:156 msgid "" "A comma-separated list of groups, members of which should be excluded from " "recording. Only applicable with 'scope=all'." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2557 sssd-session-recording.5.xml:168 +#: sssd.conf.5.xml:2558 sssd-session-recording.5.xml:168 #, fuzzy #| msgid "Default: Empty. Matches no groups." msgid "Default: Empty. No groups excluded." msgstr "Predeterminado: Vacío. No empareja grupos." #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:2567 +#: sssd.conf.5.xml:2568 msgid "DOMAIN SECTIONS" msgstr "SECCIONES DE DOMINIO" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2574 +#: sssd.conf.5.xml:2575 msgid "enabled" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2577 +#: sssd.conf.5.xml:2578 msgid "" "Explicitly enable or disable the domain. If <quote>true</quote>, the domain " "is always <quote>enabled</quote>. If <quote>false</quote>, the domain is " @@ -3753,12 +3753,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2589 +#: sssd.conf.5.xml:2590 msgid "domain_type (string)" msgstr "domain_type (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2592 +#: sssd.conf.5.xml:2593 msgid "" "Specifies whether the domain is meant to be used by POSIX-aware clients such " "as the Name Service Switch or by applications that do not need POSIX data to " @@ -3771,7 +3771,7 @@ msgstr "" "disponibles para las interfaces y utilidades de sistema operativo." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2600 +#: sssd.conf.5.xml:2601 msgid "" "Allowed values for this option are <quote>posix</quote> and " "<quote>application</quote>." @@ -3780,7 +3780,7 @@ msgstr "" "<quote>application</quote>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2604 +#: sssd.conf.5.xml:2605 msgid "" "POSIX domains are reachable by all services. Application domains are only " "reachable from the InfoPipe responder (see <citerefentry> " @@ -3793,7 +3793,7 @@ msgstr "" "manvolnum> </citerefentry>) y el contestador PAM." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2612 +#: sssd.conf.5.xml:2613 msgid "" "NOTE: The application domains are currently well tested with " "<quote>id_provider=ldap</quote> only." @@ -3802,7 +3802,7 @@ msgstr "" "<quote>id_provider=ldap</quote>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2616 +#: sssd.conf.5.xml:2617 msgid "" "For an easy way to configure a non-POSIX domains, please see the " "<quote>Application domains</quote> section." @@ -3811,17 +3811,17 @@ msgstr "" "<quote>Dominios aplicación</quote>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2620 +#: sssd.conf.5.xml:2621 msgid "Default: posix" msgstr "Predeterminado: posix" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2626 +#: sssd.conf.5.xml:2627 msgid "min_id,max_id (integer)" msgstr "min_id, max_id (entero)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2629 +#: sssd.conf.5.xml:2630 msgid "" "UID and GID limits for the domain. If a domain contains an entry that is " "outside these limits, it is ignored." @@ -3830,7 +3830,7 @@ msgstr "" "está fuera de estos límites, ésta es ignorada." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2634 +#: sssd.conf.5.xml:2635 msgid "" "For users, this affects the primary GID limit. The user will not be returned " "to NSS if either the UID or the primary GID is outside the range. For non-" @@ -3843,7 +3843,7 @@ msgstr "" "reportados como en espera." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2641 +#: sssd.conf.5.xml:2642 msgid "" "These ID limits affect even saving entries to cache, not only returning them " "by name or ID." @@ -3852,17 +3852,17 @@ msgstr "" "devolviéndolas por nombre o ID." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2645 +#: sssd.conf.5.xml:2646 msgid "Default: 1 for min_id, 0 (no limit) for max_id" msgstr "Predeterminado: 1 para min_id, 0 (sin límite) para max_id" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2651 +#: sssd.conf.5.xml:2652 msgid "enumerate (bool)" msgstr "enumerar (bool)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2654 +#: sssd.conf.5.xml:2655 msgid "" "Determines if a domain can be enumerated, that is, whether the domain can " "list all the users and group it contains. Note that it is not required to " @@ -3875,22 +3875,22 @@ msgstr "" "Este parámetros puede tener uno de los siguientes valores:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2662 +#: sssd.conf.5.xml:2663 msgid "TRUE = Users and groups are enumerated" msgstr "TRUE = Usuarios y grupos son enumerados" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2665 +#: sssd.conf.5.xml:2666 msgid "FALSE = No enumerations for this domain" msgstr "FALSE = Sin enumeraciones para este dominio" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2668 sssd.conf.5.xml:2942 sssd.conf.5.xml:3119 +#: sssd.conf.5.xml:2669 sssd.conf.5.xml:2943 sssd.conf.5.xml:3120 msgid "Default: FALSE" msgstr "Predeterminado: FALSE" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2671 +#: sssd.conf.5.xml:2672 msgid "" "Enumerating a domain requires SSSD to download and store ALL user and group " "entries from the remote server." @@ -3899,7 +3899,7 @@ msgstr "" "entradas de usuario y grupo del servidor remoto." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2676 +#: sssd.conf.5.xml:2677 msgid "" "Note: Enabling enumeration has a moderate performance impact on SSSD while " "enumeration is running. It may take up to several minutes after SSSD startup " @@ -3923,7 +3923,7 @@ msgstr "" "guardián interno." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2691 +#: sssd.conf.5.xml:2692 msgid "" "While the first enumeration is running, requests for the complete user or " "group lists may return no results until it completes." @@ -3933,7 +3933,7 @@ msgstr "" "completen." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2696 +#: sssd.conf.5.xml:2697 msgid "" "Further, enabling enumeration may increase the time necessary to detect " "network disconnection, as longer timeouts are required to ensure that " @@ -3947,7 +3947,7 @@ msgstr "" "específico id_provider en uso." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2704 +#: sssd.conf.5.xml:2705 msgid "" "For the reasons cited above, enabling enumeration is not recommended, " "especially in large environments." @@ -3956,32 +3956,32 @@ msgstr "" "especialmente en entornos grandes." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2712 +#: sssd.conf.5.xml:2713 msgid "subdomain_enumerate (string)" msgstr "subdomain_enumerate (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2719 +#: sssd.conf.5.xml:2720 msgid "all" msgstr "all" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2720 +#: sssd.conf.5.xml:2721 msgid "All discovered trusted domains will be enumerated" msgstr "Se enumerarán todos los dominios de confianza descubiertos" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2723 +#: sssd.conf.5.xml:2724 msgid "none" msgstr "none" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2724 +#: sssd.conf.5.xml:2725 msgid "No discovered trusted domains will be enumerated" msgstr "No serán enumerados dominios de confianza descubiertos" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2715 +#: sssd.conf.5.xml:2716 msgid "" "Whether any of autodetected trusted domains should be enumerated. The " "supported values are: <placeholder type=\"variablelist\" id=\"0\"/> " @@ -3994,12 +3994,12 @@ msgstr "" "enumeración solo para estos dominios de confianza." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2738 +#: sssd.conf.5.xml:2739 msgid "entry_cache_timeout (integer)" msgstr "entry_cache_timeout (entero)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2741 +#: sssd.conf.5.xml:2742 msgid "" "How many seconds should nss_sss consider entries valid before asking the " "backend again" @@ -4008,7 +4008,7 @@ msgstr "" "volver a consultar al backend" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2745 +#: sssd.conf.5.xml:2746 msgid "" "The cache expiration timestamps are stored as attributes of individual " "objects in the cache. Therefore, changing the cache timeout only has effect " @@ -4026,17 +4026,17 @@ msgstr "" "están en la caché." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2758 +#: sssd.conf.5.xml:2759 msgid "Default: 5400" msgstr "Predeterminado: 5400" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2764 +#: sssd.conf.5.xml:2765 msgid "entry_cache_user_timeout (integer)" msgstr "entry_cache_user_timeout (entero)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2767 +#: sssd.conf.5.xml:2768 msgid "" "How many seconds should nss_sss consider user entries valid before asking " "the backend again" @@ -4045,19 +4045,19 @@ msgstr "" "antes de preguntar al punto final otra vez." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2771 sssd.conf.5.xml:2784 sssd.conf.5.xml:2797 -#: sssd.conf.5.xml:2810 sssd.conf.5.xml:2824 sssd.conf.5.xml:2837 -#: sssd.conf.5.xml:2851 sssd.conf.5.xml:2865 sssd.conf.5.xml:2878 +#: sssd.conf.5.xml:2772 sssd.conf.5.xml:2785 sssd.conf.5.xml:2798 +#: sssd.conf.5.xml:2811 sssd.conf.5.xml:2825 sssd.conf.5.xml:2838 +#: sssd.conf.5.xml:2852 sssd.conf.5.xml:2866 sssd.conf.5.xml:2879 msgid "Default: entry_cache_timeout" msgstr "Por defecto: entry_cache_timeout" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2777 +#: sssd.conf.5.xml:2778 msgid "entry_cache_group_timeout (integer)" msgstr "entry_cache_group_timeout (entero)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2780 +#: sssd.conf.5.xml:2781 msgid "" "How many seconds should nss_sss consider group entries valid before asking " "the backend again" @@ -4066,12 +4066,12 @@ msgstr "" "antes de preguntar al punto final otra vez." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2790 +#: sssd.conf.5.xml:2791 msgid "entry_cache_netgroup_timeout (integer)" msgstr "entry_cache_netgroup_timeout (entero)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2793 +#: sssd.conf.5.xml:2794 msgid "" "How many seconds should nss_sss consider netgroup entries valid before " "asking the backend again" @@ -4080,12 +4080,12 @@ msgstr "" "válidas antes de preguntar al punto final otra vez." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2803 +#: sssd.conf.5.xml:2804 msgid "entry_cache_service_timeout (integer)" msgstr "entry_cache_service_timeout (entero)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2806 +#: sssd.conf.5.xml:2807 msgid "" "How many seconds should nss_sss consider service entries valid before asking " "the backend again" @@ -4094,24 +4094,24 @@ msgstr "" "antes de preguntar al punto final otra vez." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2816 +#: sssd.conf.5.xml:2817 msgid "entry_cache_resolver_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2819 +#: sssd.conf.5.xml:2820 msgid "" "How many seconds should nss_sss consider hosts and networks entries valid " "before asking the backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2830 +#: sssd.conf.5.xml:2831 msgid "entry_cache_sudo_timeout (integer)" msgstr "entry_cache_sudo_timeout (entero)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2833 +#: sssd.conf.5.xml:2834 msgid "" "How many seconds should sudo consider rules valid before asking the backend " "again" @@ -4120,12 +4120,12 @@ msgstr "" "preguntar al backend otra vez." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2843 +#: sssd.conf.5.xml:2844 msgid "entry_cache_autofs_timeout (integer)" msgstr "entry_cache_autofs_timeout (entero)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2846 +#: sssd.conf.5.xml:2847 msgid "" "How many seconds should the autofs service consider automounter maps valid " "before asking the backend again" @@ -4134,12 +4134,12 @@ msgstr "" "automontaje válidos antes de preguntar al punto final otra vez." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2857 +#: sssd.conf.5.xml:2858 msgid "entry_cache_ssh_host_timeout (integer)" msgstr "entry_cache_ssh_host_timeout (entero)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2860 +#: sssd.conf.5.xml:2861 msgid "" "How many seconds to keep a host ssh key after refresh. IE how long to cache " "the host key for." @@ -4148,24 +4148,24 @@ msgstr "" "cuanto guardar en caché la clave de host." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2871 +#: sssd.conf.5.xml:2872 msgid "entry_cache_computer_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2874 +#: sssd.conf.5.xml:2875 msgid "" "How many seconds to keep the local computer entry before asking the backend " "again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2884 +#: sssd.conf.5.xml:2885 msgid "refresh_expired_interval (integer)" msgstr "refresh_expired_interval (entero)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2887 +#: sssd.conf.5.xml:2888 msgid "" "Specifies how many seconds SSSD has to wait before triggering a background " "refresh task which will refresh all expired or nearly expired records." @@ -4175,7 +4175,7 @@ msgstr "" "expirados o a punto de hacerlo." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2892 +#: sssd.conf.5.xml:2893 msgid "" "The background refresh will process users, groups and netgroups in the " "cache. For users who have performed the initgroups (get group membership for " @@ -4188,18 +4188,18 @@ msgstr "" "login), tanto la entrada usuario y la membresia de grupo son actualizados." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2900 +#: sssd.conf.5.xml:2901 msgid "This option is automatically inherited for all trusted domains." msgstr "" "Esta opción se hereda automáticamente para todos los dominios de confianza." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2904 +#: sssd.conf.5.xml:2905 msgid "You can consider setting this value to 3/4 * entry_cache_timeout." msgstr "Usted puede considerar ajustar este valor a 3/4 * entry_cache_timeout." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2908 +#: sssd.conf.5.xml:2909 msgid "" "Cache entry will be refreshed by background task when 2/3 of cache timeout " "has already passed. If there are existing cached entries, the background " @@ -4211,18 +4211,18 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2921 sssd-ldap.5.xml:360 sssd-ldap.5.xml:1736 +#: sssd.conf.5.xml:2922 sssd-ldap.5.xml:360 sssd-ldap.5.xml:1736 #: sssd-ipa.5.xml:270 msgid "Default: 0 (disabled)" msgstr "Predeterminado: 0 (deshabilitado)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2927 +#: sssd.conf.5.xml:2928 msgid "cache_credentials (bool)" msgstr "cache_credentials (bool)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2930 +#: sssd.conf.5.xml:2931 #, fuzzy #| msgid "" #| "Determines if user credentials are also cached in the local LDB cache" @@ -4232,7 +4232,7 @@ msgstr "" "cache LDB local" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2934 +#: sssd.conf.5.xml:2935 msgid "" "Take a note that while credentials are stored as a salted SHA512 hash, this " "still potentially poses some security risk in case an attacker manages to " @@ -4241,12 +4241,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2948 +#: sssd.conf.5.xml:2949 msgid "cache_credentials_minimal_first_factor_length (int)" msgstr "cache_credentials_minimal_first_factor_length (entero)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2951 +#: sssd.conf.5.xml:2952 msgid "" "If 2-Factor-Authentication (2FA) is used and credentials should be saved " "this value determines the minimal length the first authentication factor " @@ -4258,7 +4258,7 @@ msgstr "" "SHA512 en el caché." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2958 +#: sssd.conf.5.xml:2959 msgid "" "This should avoid that the short PINs of a PIN based 2FA scheme are saved in " "the cache which would make them easy targets for brute-force attacks." @@ -4268,12 +4268,12 @@ msgstr "" "bruta." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2969 +#: sssd.conf.5.xml:2970 msgid "account_cache_expiration (integer)" msgstr "account_cache_expiration (entero)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2972 +#: sssd.conf.5.xml:2973 msgid "" "Number of days entries are left in cache after last successful login before " "being removed during a cleanup of the cache. 0 means keep forever. The " @@ -4286,17 +4286,17 @@ msgstr "" "grande o igual que offline_credentials_expiration." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2979 +#: sssd.conf.5.xml:2980 msgid "Default: 0 (unlimited)" msgstr "Predeterminado: 0 (ilimitado)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2984 +#: sssd.conf.5.xml:2985 msgid "pwd_expiration_warning (integer)" msgstr "pwd_expiration_warning (entero)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2995 +#: sssd.conf.5.xml:2996 msgid "" "Please note that the backend server has to provide information about the " "expiration time of the password. If this information is missing, sssd " @@ -4309,17 +4309,17 @@ msgstr "" "configurar un proveedor de autorización para el backend." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3002 +#: sssd.conf.5.xml:3003 msgid "Default: 7 (Kerberos), 0 (LDAP)" msgstr "Por defecto: 7 (Kerberos), 0 (LDAP)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3008 +#: sssd.conf.5.xml:3009 msgid "id_provider (string)" msgstr "id_provider (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3011 +#: sssd.conf.5.xml:3012 msgid "" "The identification provider used for the domain. Supported ID providers are:" msgstr "" @@ -4327,12 +4327,12 @@ msgstr "" "soportados son:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3015 +#: sssd.conf.5.xml:3016 msgid "<quote>proxy</quote>: Support a legacy NSS provider." msgstr "<quote>proxy</quote>: Soporta un proveedor NSS heredado." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3018 +#: sssd.conf.5.xml:3019 msgid "" "<quote>files</quote>: FILES provider. See <citerefentry> <refentrytitle>sssd-" "files</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more " @@ -4344,7 +4344,7 @@ msgstr "" "grupos locales en SSSD." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3026 +#: sssd.conf.5.xml:3027 msgid "" "<quote>ldap</quote>: LDAP provider. See <citerefentry> <refentrytitle>sssd-" "ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more " @@ -4355,8 +4355,8 @@ msgstr "" "información sobre la configuración de LDAP." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3034 sssd.conf.5.xml:3145 sssd.conf.5.xml:3196 -#: sssd.conf.5.xml:3259 +#: sssd.conf.5.xml:3035 sssd.conf.5.xml:3146 sssd.conf.5.xml:3197 +#: sssd.conf.5.xml:3260 msgid "" "<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management " "provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> " @@ -4369,8 +4369,8 @@ msgstr "" "configuración de FreeIPA." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3043 sssd.conf.5.xml:3154 sssd.conf.5.xml:3205 -#: sssd.conf.5.xml:3268 +#: sssd.conf.5.xml:3044 sssd.conf.5.xml:3155 sssd.conf.5.xml:3206 +#: sssd.conf.5.xml:3269 msgid "" "<quote>ad</quote>: Active Directory provider. See <citerefentry> " "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </" @@ -4382,12 +4382,12 @@ msgstr "" "Directory." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3054 +#: sssd.conf.5.xml:3055 msgid "use_fully_qualified_names (bool)" msgstr "use_fully_qualified_names (bool)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3057 +#: sssd.conf.5.xml:3058 msgid "" "Use the full name and domain (as formatted by the domain's full_name_format) " "as the user's login name reported to NSS." @@ -4397,7 +4397,7 @@ msgstr "" "NSS." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3062 +#: sssd.conf.5.xml:3063 msgid "" "If set to TRUE, all requests to this domain must use fully qualified names. " "For example, if used in LOCAL domain that contains a \"test\" user, " @@ -4411,7 +4411,7 @@ msgstr "" "command> lo haría." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3070 +#: sssd.conf.5.xml:3071 msgid "" "NOTE: This option has no effect on netgroup lookups due to their tendency to " "include nested netgroups without qualified names. For netgroups, all domains " @@ -4423,24 +4423,24 @@ msgstr "" "cualificado." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3077 +#: sssd.conf.5.xml:3078 msgid "" "Default: FALSE (TRUE for trusted domain/sub-domains or if " "default_domain_suffix is used)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3084 +#: sssd.conf.5.xml:3085 msgid "ignore_group_members (bool)" msgstr "ignore_group_members (bool)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3087 +#: sssd.conf.5.xml:3088 msgid "Do not return group members for group lookups." msgstr "No devuelve miembros de grupo para búsquedas de grupo." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3090 +#: sssd.conf.5.xml:3091 msgid "" "If set to TRUE, the group membership attribute is not requested from the " "ldap server, and group members are not returned when processing group lookup " @@ -4459,7 +4459,7 @@ msgstr "" "devolver el grupo pedido como si estuviera vacío." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3108 +#: sssd.conf.5.xml:3109 msgid "" "Enabling this option can also make access provider checks for group " "membership significantly faster, especially for groups containing many " @@ -4470,7 +4470,7 @@ msgstr "" "especialmente para grupos que contienen muchos miembros." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3114 sssd.conf.5.xml:3821 sssd-ldap.5.xml:326 +#: sssd.conf.5.xml:3115 sssd.conf.5.xml:3822 sssd-ldap.5.xml:326 #: sssd-ldap.5.xml:355 sssd-ldap.5.xml:408 sssd-ldap.5.xml:468 #: sssd-ldap.5.xml:489 sssd-ldap.5.xml:520 sssd-ldap.5.xml:543 #: sssd-ldap.5.xml:582 sssd-ldap.5.xml:601 sssd-ldap.5.xml:625 @@ -4481,12 +4481,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3124 +#: sssd.conf.5.xml:3125 msgid "auth_provider (string)" msgstr "auth_provider (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3127 +#: sssd.conf.5.xml:3128 msgid "" "The authentication provider used for the domain. Supported auth providers " "are:" @@ -4495,7 +4495,7 @@ msgstr "" "autenticación soportados son:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3131 sssd.conf.5.xml:3189 +#: sssd.conf.5.xml:3132 sssd.conf.5.xml:3190 msgid "" "<quote>ldap</quote> for native LDAP authentication. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" @@ -4506,7 +4506,7 @@ msgstr "" "citerefentry> para más información sobre la configuración LDAP." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3138 +#: sssd.conf.5.xml:3139 msgid "" "<quote>krb5</quote> for Kerberos authentication. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" @@ -4517,7 +4517,7 @@ msgstr "" "citerefentry> para más información sobre la configuración de Kerberos." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3162 +#: sssd.conf.5.xml:3163 msgid "" "<quote>proxy</quote> for relaying authentication to some other PAM target." msgstr "" @@ -4525,12 +4525,12 @@ msgstr "" "objetivo PAM." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3165 +#: sssd.conf.5.xml:3166 msgid "<quote>none</quote> disables authentication explicitly." msgstr "<quote>none</quote> deshabilita la autenticación explícitamente." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3168 +#: sssd.conf.5.xml:3169 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can handle " "authentication requests." @@ -4539,12 +4539,12 @@ msgstr "" "manejar las peticiones de autenticación." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3174 +#: sssd.conf.5.xml:3175 msgid "access_provider (string)" msgstr "access_provider (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3177 +#: sssd.conf.5.xml:3178 msgid "" "The access control provider used for the domain. There are two built-in " "access providers (in addition to any included in installed backends) " @@ -4555,7 +4555,7 @@ msgstr "" "proveedores especiales internos son:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3183 +#: sssd.conf.5.xml:3184 msgid "" "<quote>permit</quote> always allow access. It's the only permitted access " "provider for a local domain." @@ -4564,12 +4564,12 @@ msgstr "" "sólo permitido para un dominio local." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3186 +#: sssd.conf.5.xml:3187 msgid "<quote>deny</quote> always deny access." msgstr "<quote>deny</quote> siempre niega el acceso." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3213 +#: sssd.conf.5.xml:3214 msgid "" "<quote>simple</quote> access control based on access or deny lists. See " "<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</" @@ -4582,7 +4582,7 @@ msgstr "" "configuración del módulo de acceso sencillo." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3220 +#: sssd.conf.5.xml:3221 msgid "" "<quote>krb5</quote>: .k5login based access control. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum></" @@ -4594,23 +4594,23 @@ msgstr "" "Kerberos." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3227 +#: sssd.conf.5.xml:3228 msgid "<quote>proxy</quote> for relaying access control to another PAM module." msgstr "" "<quote>proxy</quote> para transmitir control de acceso a otro módulo PAM." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3230 +#: sssd.conf.5.xml:3231 msgid "Default: <quote>permit</quote>" msgstr "Predeterminado: <quote>permit</quote>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3235 +#: sssd.conf.5.xml:3236 msgid "chpass_provider (string)" msgstr "chpass_provider (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3238 +#: sssd.conf.5.xml:3239 msgid "" "The provider which should handle change password operations for the domain. " "Supported change password providers are:" @@ -4619,7 +4619,7 @@ msgstr "" "el dominio. Los proveedores de cambio de passweord soportados son:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3243 +#: sssd.conf.5.xml:3244 msgid "" "<quote>ldap</quote> to change a password stored in a LDAP server. See " "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" @@ -4631,7 +4631,7 @@ msgstr "" "configuración de LDAP." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3251 +#: sssd.conf.5.xml:3252 msgid "" "<quote>krb5</quote> to change the Kerberos password. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" @@ -4642,7 +4642,7 @@ msgstr "" "citerefentry> para más información sobre configurar Kerberos." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3276 +#: sssd.conf.5.xml:3277 msgid "" "<quote>proxy</quote> for relaying password changes to some other PAM target." msgstr "" @@ -4650,13 +4650,13 @@ msgstr "" "otros objetivos PAM." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3280 +#: sssd.conf.5.xml:3281 msgid "<quote>none</quote> disallows password changes explicitly." msgstr "" "<quote>none</quote> deniega explícitamente los cambios en la contraseña." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3283 +#: sssd.conf.5.xml:3284 msgid "" "Default: <quote>auth_provider</quote> is used if it is set and can handle " "change password requests." @@ -4665,18 +4665,18 @@ msgstr "" "puede manejar las peticiones de cambio de password." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3290 +#: sssd.conf.5.xml:3291 msgid "sudo_provider (string)" msgstr "sudo_provider (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3293 +#: sssd.conf.5.xml:3294 msgid "The SUDO provider used for the domain. Supported SUDO providers are:" msgstr "" "El proveedor SUDO usado por el dominio. Los proveedores SUDO soportados son:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3297 +#: sssd.conf.5.xml:3298 msgid "" "<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" @@ -4687,7 +4687,7 @@ msgstr "" "citerefentry> para más información sobre la configuración LDAP." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3305 +#: sssd.conf.5.xml:3306 msgid "" "<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default " "settings." @@ -4696,7 +4696,7 @@ msgstr "" "predeterminados IPA." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3309 +#: sssd.conf.5.xml:3310 msgid "" "<quote>ad</quote> the same as <quote>ldap</quote> but with AD default " "settings." @@ -4705,19 +4705,19 @@ msgstr "" "predeterminados AD." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3313 +#: sssd.conf.5.xml:3314 msgid "<quote>none</quote> disables SUDO explicitly." msgstr "<quote>none</quote>deshabilita SUDO explícitamente." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3316 sssd.conf.5.xml:3402 sssd.conf.5.xml:3472 -#: sssd.conf.5.xml:3497 sssd.conf.5.xml:3533 +#: sssd.conf.5.xml:3317 sssd.conf.5.xml:3403 sssd.conf.5.xml:3473 +#: sssd.conf.5.xml:3498 sssd.conf.5.xml:3534 msgid "Default: The value of <quote>id_provider</quote> is used if it is set." msgstr "" "Por defecto: el valor de <quote>id_provider</quote> se usa si está fijado." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3320 +#: sssd.conf.5.xml:3321 msgid "" "The detailed instructions for configuration of sudo_provider are in the " "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " @@ -4734,7 +4734,7 @@ msgstr "" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3335 +#: sssd.conf.5.xml:3336 msgid "" "<emphasis>NOTE:</emphasis> Sudo rules are periodically downloaded in the " "background unless the sudo provider is explicitly disabled. Set " @@ -4748,12 +4748,12 @@ msgstr "" "desea usar sudo cn SSSD mas." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3345 +#: sssd.conf.5.xml:3346 msgid "selinux_provider (string)" msgstr "selinux_provider (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3348 +#: sssd.conf.5.xml:3349 msgid "" "The provider which should handle loading of selinux settings. Note that this " "provider will be called right after access provider ends. Supported selinux " @@ -4764,7 +4764,7 @@ msgstr "" "finalice. Los proveedores selinux soportados son:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3354 +#: sssd.conf.5.xml:3355 msgid "" "<quote>ipa</quote> to load selinux settings from an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" @@ -4776,14 +4776,14 @@ msgstr "" "IPA." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3362 +#: sssd.conf.5.xml:3363 msgid "<quote>none</quote> disallows fetching selinux settings explicitly." msgstr "" "<quote>none</quote> deshabilita ir a buscar los ajustes selinux " "explícitamente." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3365 +#: sssd.conf.5.xml:3366 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can handle " "selinux loading requests." @@ -4792,12 +4792,12 @@ msgstr "" "manejar las peticiones de carga selinux." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3371 +#: sssd.conf.5.xml:3372 msgid "subdomains_provider (string)" msgstr "subdomains_provider (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3374 +#: sssd.conf.5.xml:3375 msgid "" "The provider which should handle fetching of subdomains. This value should " "be always the same as id_provider. Supported subdomain providers are:" @@ -4807,7 +4807,7 @@ msgstr "" "soportados son:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3380 +#: sssd.conf.5.xml:3381 msgid "" "<quote>ipa</quote> to load a list of subdomains from an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" @@ -4819,7 +4819,7 @@ msgstr "" "configuración de IPA." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3389 +#: sssd.conf.5.xml:3390 msgid "" "<quote>ad</quote> to load a list of subdomains from an Active Directory " "server. See <citerefentry> <refentrytitle>sssd-ad</refentrytitle> " @@ -4832,18 +4832,18 @@ msgstr "" "configuración del proveedor AD." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3398 +#: sssd.conf.5.xml:3399 msgid "<quote>none</quote> disallows fetching subdomains explicitly." msgstr "" "<quote>none</quote> deshabilita el buscador de subdominios explícitamente." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3408 +#: sssd.conf.5.xml:3409 msgid "session_provider (string)" msgstr "session_provider (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3411 +#: sssd.conf.5.xml:3412 msgid "" "The provider which configures and manages user session related tasks. The " "only user session task currently provided is the integration with Fleet " @@ -4855,14 +4855,14 @@ msgstr "" "de sesiones soportados son:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3418 +#: sssd.conf.5.xml:3419 msgid "<quote>ipa</quote> to allow performing user session related tasks." msgstr "" "<quote>ipa</quote> para permitir llevar a cabo tareas relacionadas con la " "sesión de usuario." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3422 +#: sssd.conf.5.xml:3423 msgid "" "<quote>none</quote> does not perform any kind of user session related tasks." msgstr "" @@ -4870,7 +4870,7 @@ msgstr "" "de usuario." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3426 +#: sssd.conf.5.xml:3427 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can perform " "session related tasks." @@ -4879,7 +4879,7 @@ msgstr "" "llevar a cabo tareas relacionadas con la sesión de usuario." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3430 +#: sssd.conf.5.xml:3431 msgid "" "<emphasis>NOTE:</emphasis> In order to have this feature working as expected " "SSSD must be running as \"root\" and not as the unprivileged user." @@ -4889,12 +4889,12 @@ msgstr "" "sin privilegios." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3438 +#: sssd.conf.5.xml:3439 msgid "autofs_provider (string)" msgstr "autofs_provider (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3441 +#: sssd.conf.5.xml:3442 msgid "" "The autofs provider used for the domain. Supported autofs providers are:" msgstr "" @@ -4902,7 +4902,7 @@ msgstr "" "son:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3445 +#: sssd.conf.5.xml:3446 msgid "" "<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" @@ -4914,7 +4914,7 @@ msgstr "" "LDAP." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3452 +#: sssd.conf.5.xml:3453 msgid "" "<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> " "<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </" @@ -4926,7 +4926,7 @@ msgstr "" "IPA." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3460 +#: sssd.conf.5.xml:3461 msgid "" "<quote>ad</quote> to load maps stored in an AD server. See <citerefentry> " "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </" @@ -4938,17 +4938,17 @@ msgstr "" "proveedor AD." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3469 +#: sssd.conf.5.xml:3470 msgid "<quote>none</quote> disables autofs explicitly." msgstr "<quote>none</quote> deshabilita autofs explícitamente." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3479 +#: sssd.conf.5.xml:3480 msgid "hostid_provider (string)" msgstr "hostid_provider (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3482 +#: sssd.conf.5.xml:3483 msgid "" "The provider used for retrieving host identity information. Supported " "hostid providers are:" @@ -4957,7 +4957,7 @@ msgstr "" "proveedores de hostid soportados son:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3486 +#: sssd.conf.5.xml:3487 msgid "" "<quote>ipa</quote> to load host identity stored in an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" @@ -4969,31 +4969,31 @@ msgstr "" "configuración de IPA." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3494 +#: sssd.conf.5.xml:3495 msgid "<quote>none</quote> disables hostid explicitly." msgstr "<quote>none</quote> deshabilita hostid explícitamente." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3504 +#: sssd.conf.5.xml:3505 msgid "resolver_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3507 +#: sssd.conf.5.xml:3508 msgid "" "The provider which should handle hosts and networks lookups. Supported " "resolver providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3511 +#: sssd.conf.5.xml:3512 msgid "" "<quote>proxy</quote> to forward lookups to another NSS library. See " "<quote>proxy_resolver_lib_name</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3515 +#: sssd.conf.5.xml:3516 msgid "" "<quote>ldap</quote> to fetch hosts and networks stored in LDAP. See " "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" @@ -5001,7 +5001,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3522 +#: sssd.conf.5.xml:3523 msgid "" "<quote>ad</quote> to fetch hosts and networks stored in AD. See " "<citerefentry> <refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</" @@ -5010,12 +5010,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3530 +#: sssd.conf.5.xml:3531 msgid "<quote>none</quote> disallows fetching hosts and networks explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3543 +#: sssd.conf.5.xml:3544 msgid "" "Regular expression for this domain that describes how to parse the string " "containing user name and domain into these components. The \"domain\" can " @@ -5030,7 +5030,7 @@ msgstr "" "dominios Active Directory, el nombre plano (NetBIOS) del dominio." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3552 +#: sssd.conf.5.xml:3553 #, fuzzy #| msgid "" #| "Default for the AD and IPA provider: <quote>(((?P<domain>[^\\\\]+)\\" @@ -5047,17 +5047,17 @@ msgstr "" "nombres de usuario:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:3557 sssd.conf.5.xml:3571 +#: sssd.conf.5.xml:3558 sssd.conf.5.xml:3572 msgid "username" msgstr "nombre de usuario" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:3560 sssd.conf.5.xml:3574 +#: sssd.conf.5.xml:3561 sssd.conf.5.xml:3575 msgid "username@domain.name" msgstr "username@domain.name" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3565 +#: sssd.conf.5.xml:3566 #, fuzzy #| msgid "" #| "Default for the AD and IPA provider: <quote>(((?P<domain>[^\\\\]+)\\" @@ -5076,12 +5076,12 @@ msgstr "" "nombres de usuario:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:3577 +#: sssd.conf.5.xml:3578 msgid "domain\\username" msgstr "dominio/nombre_de_usuario" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3580 +#: sssd.conf.5.xml:3581 msgid "" "While the first two correspond to the general default the third one is " "introduced to allow easy integration of users from Windows domains." @@ -5091,7 +5091,7 @@ msgstr "" "dominios Windows." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3585 +#: sssd.conf.5.xml:3586 msgid "" "The default re_expression uses the <quote>@</quote> character as a separator " "between the name and the domain. As a result of this setting the default " @@ -5101,17 +5101,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3637 +#: sssd.conf.5.xml:3638 msgid "Default: <quote>%1$s@%2$s</quote>." msgstr "Predeterminado: <quote>%1$s@%2$s</quote>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3643 +#: sssd.conf.5.xml:3644 msgid "lookup_family_order (string)" msgstr "lookup_family_order (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3646 +#: sssd.conf.5.xml:3647 msgid "" "Provides the ability to select preferred address family to use when " "performing DNS lookups." @@ -5120,57 +5120,57 @@ msgstr "" "a usar cuando se lleven a cabo búsquedas DNS." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3650 +#: sssd.conf.5.xml:3651 msgid "Supported values:" msgstr "Valores soportados:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3653 +#: sssd.conf.5.xml:3654 msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6" msgstr "ipv4_first: Intenta buscar dirección IPv4, si falla, intenta IPv6" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3656 +#: sssd.conf.5.xml:3657 msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses." msgstr "ipv4_only: Sólo intenta resolver nombres de host a direccones IPv4." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3659 +#: sssd.conf.5.xml:3660 msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4" msgstr "ipv6_first: Intenta buscar dirección IPv6, si falla, intenta IPv4" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3662 +#: sssd.conf.5.xml:3663 msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses." msgstr "ipv6_only: Sólo intenta resolver nombres de host a direccones IPv6." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3665 +#: sssd.conf.5.xml:3666 msgid "Default: ipv4_first" msgstr "Predeterminado: ipv4_first" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3671 +#: sssd.conf.5.xml:3672 #, fuzzy #| msgid "dns_resolver_timeout (integer)" msgid "dns_resolver_server_timeout (integer)" msgstr "dns_resolver_timeout (entero)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3674 +#: sssd.conf.5.xml:3675 msgid "" "Defines the amount of time (in milliseconds) SSSD would try to talk to DNS " "server before trying next DNS server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3679 +#: sssd.conf.5.xml:3680 msgid "" "The AD provider will use this option for the CLDAP ping timeouts as well." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3683 sssd.conf.5.xml:3703 sssd.conf.5.xml:3724 +#: sssd.conf.5.xml:3684 sssd.conf.5.xml:3704 sssd.conf.5.xml:3725 msgid "" "Please see the section <quote>FAILOVER</quote> for more information about " "the service resolution." @@ -5179,19 +5179,19 @@ msgstr "" "información sobre la resolución del servicio." #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3688 sssd-ldap.5.xml:644 include/failover.xml:84 +#: sssd.conf.5.xml:3689 sssd-ldap.5.xml:644 include/failover.xml:84 msgid "Default: 1000" msgstr "Predeterminado: 1000" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3694 +#: sssd.conf.5.xml:3695 #, fuzzy #| msgid "dns_resolver_timeout (integer)" msgid "dns_resolver_op_timeout (integer)" msgstr "dns_resolver_timeout (entero)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3697 +#: sssd.conf.5.xml:3698 msgid "" "Defines the amount of time (in seconds) to wait to resolve single DNS query " "(e.g. resolution of a hostname or an SRV record) before trying the next " @@ -5199,12 +5199,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3714 +#: sssd.conf.5.xml:3715 msgid "dns_resolver_timeout (integer)" msgstr "dns_resolver_timeout (entero)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3717 +#: sssd.conf.5.xml:3718 msgid "" "Defines the amount of time (in seconds) to wait for a reply from the " "internal fail over service before assuming that the service is unreachable. " @@ -5217,14 +5217,14 @@ msgstr "" "trabajando en modo offline." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3735 +#: sssd.conf.5.xml:3736 #, fuzzy #| msgid "dns_resolver_timeout (integer)" msgid "dns_resolver_use_search_list (bool)" msgstr "dns_resolver_timeout (entero)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3738 +#: sssd.conf.5.xml:3739 msgid "" "Normally, the DNS resolver searches the domain list defined in the " "\"search\" directive from the resolv.conf file. This can lead to delays in " @@ -5232,7 +5232,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3744 +#: sssd.conf.5.xml:3745 msgid "" "If fully qualified domain names (or _srv_) are used in the SSSD " "configuration, setting this option to FALSE can prevent unnecessary DNS " @@ -5240,17 +5240,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3750 +#: sssd.conf.5.xml:3751 msgid "Default: TRUE" msgstr "Predeterminado: TRUE" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3756 +#: sssd.conf.5.xml:3757 msgid "dns_discovery_domain (string)" msgstr "dns_discovery_domain (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3759 +#: sssd.conf.5.xml:3760 msgid "" "If service discovery is used in the back end, specifies the domain part of " "the service discovery DNS query." @@ -5259,55 +5259,55 @@ msgstr "" "de dominio de la pregunta al descubridor de servicio DNS." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3763 +#: sssd.conf.5.xml:3764 msgid "Default: Use the domain part of machine's hostname" msgstr "" "Predeterminado: Utilizar la parte del dominio del nombre de host del equipo" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3769 +#: sssd.conf.5.xml:3770 msgid "override_gid (integer)" msgstr "override_gid (entero)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3772 +#: sssd.conf.5.xml:3773 msgid "Override the primary GID value with the one specified." msgstr "Anula el valor primario GID con el especificado." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3778 +#: sssd.conf.5.xml:3779 msgid "case_sensitive (string)" msgstr "case_sensitive (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3785 +#: sssd.conf.5.xml:3786 msgid "True" msgstr "True" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3788 +#: sssd.conf.5.xml:3789 msgid "Case sensitive. This value is invalid for AD provider." msgstr "" "Distingue mayúsculas y minúsculas. Este valor es invalido para el proveedor " "AD." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3794 +#: sssd.conf.5.xml:3795 msgid "False" msgstr "False" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3796 +#: sssd.conf.5.xml:3797 msgid "Case insensitive." msgstr "No sensible a mayúsculas minúsculas." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3800 +#: sssd.conf.5.xml:3801 msgid "Preserving" msgstr "Preserving" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3803 +#: sssd.conf.5.xml:3804 msgid "" "Same as False (case insensitive), but does not lowercase names in the result " "of NSS operations. Note that name aliases (and in case of services also " @@ -5319,14 +5319,14 @@ msgstr "" "protocolo) están en minúsculas en la salida." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3811 +#: sssd.conf.5.xml:3812 msgid "" "If you want to set this value for trusted domain with IPA provider, you need " "to set it on both the client and SSSD on the server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3781 +#: sssd.conf.5.xml:3782 #, fuzzy #| msgid "" #| "The available options are: <placeholder type=\"variablelist\" id=\"0\"/>" @@ -5337,17 +5337,17 @@ msgstr "" "Las opciones disponibles son: <placeholder type=\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3826 +#: sssd.conf.5.xml:3827 msgid "Default: True (False for AD provider)" msgstr "Predeterminado: True (False para proveedor AD)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3832 +#: sssd.conf.5.xml:3833 msgid "subdomain_inherit (string)" msgstr "subdomain_inherit (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3835 +#: sssd.conf.5.xml:3836 msgid "" "Specifies a list of configuration parameters that should be inherited by a " "subdomain. Please note that only selected parameters can be inherited. " @@ -5359,61 +5359,61 @@ msgstr "" "siguientes opciones:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3841 +#: sssd.conf.5.xml:3842 #, fuzzy #| msgid "ldap_search_timeout (integer)" msgid "ldap_search_timeout" msgstr "ldap_search_timeout (entero)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3844 +#: sssd.conf.5.xml:3845 #, fuzzy #| msgid "ldap_network_timeout (integer)" msgid "ldap_network_timeout" msgstr "ldap_network_timeout (entero)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3847 +#: sssd.conf.5.xml:3848 #, fuzzy #| msgid "ldap_opt_timeout (integer)" msgid "ldap_opt_timeout" msgstr "ldap_opt_timeout (entero)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3850 +#: sssd.conf.5.xml:3851 #, fuzzy #| msgid "ldap_connection_expire_timeout (integer)" msgid "ldap_offline_timeout" msgstr "ldap_connection_expire_timeout (entero)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3853 +#: sssd.conf.5.xml:3854 #, fuzzy #| msgid "ldap_enumeration_refresh_timeout (integer)" msgid "ldap_enumeration_refresh_timeout" msgstr "ldap_enumeration_refresh_timeout (entero)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3856 +#: sssd.conf.5.xml:3857 #, fuzzy #| msgid "ldap_enumeration_refresh_timeout (integer)" msgid "ldap_enumeration_refresh_offset" msgstr "ldap_enumeration_refresh_timeout (entero)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3859 +#: sssd.conf.5.xml:3860 msgid "ldap_purge_cache_timeout" msgstr "ldap_purge_cache_timeout" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3862 +#: sssd.conf.5.xml:3863 #, fuzzy #| msgid "ldap_purge_cache_timeout" msgid "ldap_purge_cache_offset" msgstr "ldap_purge_cache_timeout" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3865 +#: sssd.conf.5.xml:3866 msgid "" "ldap_krb5_keytab (the value of krb5_keytab will be used if ldap_krb5_keytab " "is not set explicitly)" @@ -5422,71 +5422,71 @@ msgstr "" "explícitamente ldap_krb5_keytab)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3869 +#: sssd.conf.5.xml:3870 #, fuzzy #| msgid "ldap_krb5_ticket_lifetime (integer)" msgid "ldap_krb5_ticket_lifetime" msgstr "ldap_krb5_ticket_lifetime (entero)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3872 +#: sssd.conf.5.xml:3873 #, fuzzy #| msgid "ldap_enumeration_search_timeout (integer)" msgid "ldap_enumeration_search_timeout" msgstr "ldap_enumeration_search_timeout (entero)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3875 +#: sssd.conf.5.xml:3876 #, fuzzy #| msgid "ldap_connection_expire_timeout (integer)" msgid "ldap_connection_expire_timeout" msgstr "ldap_connection_expire_timeout (entero)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3878 +#: sssd.conf.5.xml:3879 #, fuzzy #| msgid "ldap_connection_expire_timeout (integer)" msgid "ldap_connection_expire_offset" msgstr "ldap_connection_expire_timeout (entero)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3881 +#: sssd.conf.5.xml:3882 #, fuzzy #| msgid "ldap_connection_expire_timeout (integer)" msgid "ldap_connection_idle_timeout" msgstr "ldap_connection_expire_timeout (entero)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3884 sssd-ldap.5.xml:400 +#: sssd.conf.5.xml:3885 sssd-ldap.5.xml:400 msgid "ldap_use_tokengroups" msgstr "ldap_use_tokengroups" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3887 +#: sssd.conf.5.xml:3888 msgid "ldap_user_principal" msgstr "ldap_user_principal" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3890 +#: sssd.conf.5.xml:3891 msgid "ignore_group_members" msgstr "ignore_group_members" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3893 +#: sssd.conf.5.xml:3894 #, fuzzy #| msgid "auto_private_groups (string)" msgid "auto_private_groups" msgstr "auto_private_groups (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3896 +#: sssd.conf.5.xml:3897 #, fuzzy #| msgid "Case insensitive." msgid "case_sensitive" msgstr "No sensible a mayúsculas minúsculas." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:3901 +#: sssd.conf.5.xml:3902 #, no-wrap msgid "" "subdomain_inherit = ldap_purge_cache_timeout\n" @@ -5496,27 +5496,27 @@ msgstr "" " " #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3908 +#: sssd.conf.5.xml:3909 msgid "Note: This option only works with the IPA and AD provider." msgstr "Aviso: Esta opción solo trabaja con el proveedor IPA y AD." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3915 +#: sssd.conf.5.xml:3916 msgid "subdomain_homedir (string)" msgstr "subdomain_homedir (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3926 +#: sssd.conf.5.xml:3927 msgid "%F" msgstr "%F" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3927 +#: sssd.conf.5.xml:3928 msgid "flat (NetBIOS) name of a subdomain." msgstr "flat (NetBIOS) nombre de un subdominio." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3918 +#: sssd.conf.5.xml:3919 msgid "" "Use this homedir as default value for all subdomains within this domain in " "IPA AD trust. See <emphasis>override_homedir</emphasis> for info about " @@ -5532,7 +5532,7 @@ msgstr "" "id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3932 +#: sssd.conf.5.xml:3933 msgid "" "The value can be overridden by <emphasis>override_homedir</emphasis> option." msgstr "" @@ -5540,17 +5540,17 @@ msgstr "" "emphasis>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3936 +#: sssd.conf.5.xml:3937 msgid "Default: <filename>/home/%d/%u</filename>" msgstr "Por defecto: <filename>/home/%d/%u</filename>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3941 +#: sssd.conf.5.xml:3942 msgid "realmd_tags (string)" msgstr "realmd_tags (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3944 +#: sssd.conf.5.xml:3945 msgid "" "Various tags stored by the realmd configuration service for this domain." msgstr "" @@ -5558,12 +5558,12 @@ msgstr "" "este dominio." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3950 +#: sssd.conf.5.xml:3951 msgid "cached_auth_timeout (int)" msgstr "cached_auth_timeout (entero)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3953 +#: sssd.conf.5.xml:3954 msgid "" "Specifies time in seconds since last successful online authentication for " "which user will be authenticated using cached credentials while SSSD is in " @@ -5576,7 +5576,7 @@ msgstr "" "incorrectas, SSSD cae de nuevo a la autenticación en linea." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3961 +#: sssd.conf.5.xml:3962 msgid "" "This option's value is inherited by all trusted domains. At the moment it is " "not possible to set a different value per trusted domain." @@ -5586,12 +5586,12 @@ msgstr "" "confianza." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3966 +#: sssd.conf.5.xml:3967 msgid "Special value 0 implies that this feature is disabled." msgstr "El valor especial 0 implica que esta función está deshabilitada." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3970 +#: sssd.conf.5.xml:3971 msgid "" "Please note that if <quote>cached_auth_timeout</quote> is longer than " "<quote>pam_id_timeout</quote> then the back end could be called to handle " @@ -5602,17 +5602,80 @@ msgstr "" "gestionar <quote>initgroups.</quote>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3981 +#: sssd.conf.5.xml:3982 +#, fuzzy +#| msgid "ldap_pwd_policy (string)" +msgid "local_auth_policy (string)" +msgstr "ldap_pwd_policy (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3985 +msgid "" +"Local authentication methods policy. Some backends (i.e. LDAP, proxy " +"provider) only support a password based authentication, while others can " +"handle PKINIT based Smartcard authentication (AD, IPA), two-factor " +"authentication (IPA), or other methods against a central instance. By " +"default in such cases authentication is only performed with the methods " +"supported by the backend." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3995 +msgid "" +"There are three possible values for this option: match, only, enable. " +"<quote>match</quote> is used to match offline and online states for Kerberos " +"methods. <quote>only</quote> ignores the online methods and only offer the " +"local ones. enable allows explicitly defining the methods for local " +"authentication. As an example, <quote>enable:passkey</quote>, only enables " +"passkey for local authentication. Multiple enable values should be comma-" +"separated, such as <quote>enable:passkey, enable:smartcard</quote>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:4011 +#, no-wrap +msgid "" +"[domain/shadowutils]\n" +"id_provider = proxy\n" +"proxy_lib_name = files\n" +"auth_provider = none\n" +"local_auth_policy = only\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4007 +msgid "" +"The following configuration example allows local users to authenticate " +"locally using any enabled method (i.e. smartcard, passkey). <placeholder " +"type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4019 +#, fuzzy +#| msgid "This option is not available in IPA provider." +msgid "This option is ignored for the files provider." +msgstr "Esta opción no está disponible en el proveedor IPA." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4022 +#, fuzzy +#| msgid "Default: mail" +msgid "Default: match" +msgstr "Predeterminado: mail" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4027 msgid "auto_private_groups (string)" msgstr "auto_private_groups (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3987 +#: sssd.conf.5.xml:4033 msgid "true" msgstr "true" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3990 +#: sssd.conf.5.xml:4036 msgid "" "Create user's private group unconditionally from user's UID number. The GID " "number is ignored in this case." @@ -5621,7 +5684,7 @@ msgstr "" "usuario. El número GID se ignora en este caso." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3994 +#: sssd.conf.5.xml:4040 msgid "" "NOTE: Because the GID number and the user private group are inferred from " "the UID number, it is not supported to have multiple entries with the same " @@ -5634,12 +5697,12 @@ msgstr "" "unicidad den el espacio de ID." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4003 +#: sssd.conf.5.xml:4049 msgid "false" msgstr "false" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4006 +#: sssd.conf.5.xml:4052 msgid "" "Always use the user's primary GID number. The GID number must refer to a " "group object in the LDAP database." @@ -5648,12 +5711,12 @@ msgstr "" "a un objeto grupo en las base de datos LDAP." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4012 +#: sssd.conf.5.xml:4058 msgid "hybrid" msgstr "hybrid" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4015 +#: sssd.conf.5.xml:4061 msgid "" "A primary group is autogenerated for user entries whose UID and GID numbers " "have the same value and at the same time the GID number does not correspond " @@ -5668,7 +5731,7 @@ msgstr "" "grupo, el GID primario del usuario se resuelve al de ese objeto grupo." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4028 +#: sssd.conf.5.xml:4074 msgid "" "If the UID and GID of a user are different, then the GID must correspond to " "a group entry, otherwise the GID is simply not resolvable." @@ -5677,7 +5740,7 @@ msgstr "" "una entrada de grupo, de otro modo el GID simplemente no se puede resolver." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4035 +#: sssd.conf.5.xml:4081 msgid "" "This feature is useful for environments that wish to stop maintaining a " "separate group objects for the user private groups, but also wish to retain " @@ -5688,7 +5751,7 @@ msgstr "" "también desea retener los grupos privados existentes del usuario." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3984 +#: sssd.conf.5.xml:4030 msgid "" "This option takes any of three available values: <placeholder " "type=\"variablelist\" id=\"0\"/>" @@ -5697,7 +5760,7 @@ msgstr "" "type=\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4047 +#: sssd.conf.5.xml:4093 msgid "" "For subdomains, the default value is False for subdomains that use assigned " "POSIX IDs and True for subdomains that use automatic ID-mapping." @@ -5706,7 +5769,7 @@ msgstr "" "POSIX IDs asignados y True para subdominios que usan mapeo de ID automático." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:4055 +#: sssd.conf.5.xml:4101 #, no-wrap msgid "" "[domain/forest.domain/sub.domain]\n" @@ -5716,7 +5779,7 @@ msgstr "" "auto_private_groups = false\n" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:4061 +#: sssd.conf.5.xml:4107 #, no-wrap msgid "" "[domain/forest.domain]\n" @@ -5728,7 +5791,7 @@ msgstr "" "auto_private_groups = false\n" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4052 +#: sssd.conf.5.xml:4098 msgid "" "The value of auto_private_groups can either be set per subdomains in a " "subsection, for example: <placeholder type=\"programlisting\" id=\"0\"/> or " @@ -5742,7 +5805,7 @@ msgstr "" "type=\"programlisting\" id=\"1\"/>" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:2569 +#: sssd.conf.5.xml:2570 msgid "" "These configuration options can be present in a domain configuration " "section, that is, in a section called <quote>[domain/<replaceable>NAME</" @@ -5754,17 +5817,17 @@ msgstr "" "id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4076 +#: sssd.conf.5.xml:4122 msgid "proxy_pam_target (string)" msgstr "proxy_pam_target (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4079 +#: sssd.conf.5.xml:4125 msgid "The proxy target PAM proxies to." msgstr "El proxy de destino PAM próximo a." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4082 +#: sssd.conf.5.xml:4128 msgid "" "Default: not set by default, you have to take an existing pam configuration " "or create a new one and add the service name here." @@ -5773,12 +5836,12 @@ msgstr "" "pam existente o crear una nueva y añadir el nombre de servicio aquí." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4090 +#: sssd.conf.5.xml:4136 msgid "proxy_lib_name (string)" msgstr "proxy_lib_name (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4093 +#: sssd.conf.5.xml:4139 msgid "" "The name of the NSS library to use in proxy domains. The NSS functions " "searched for in the library are in the form of _nss_$(libName)_$(function), " @@ -5789,12 +5852,12 @@ msgstr "" "_nss_$(libName)_$(function), por ejemplo _nss_files_getpwent." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4103 +#: sssd.conf.5.xml:4149 msgid "proxy_resolver_lib_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4106 +#: sssd.conf.5.xml:4152 msgid "" "The name of the NSS library to use for hosts and networks lookups in proxy " "domains. The NSS functions searched for in the library are in the form of " @@ -5802,12 +5865,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4117 +#: sssd.conf.5.xml:4163 msgid "proxy_fast_alias (boolean)" msgstr "proxy_fast_alias (booleano)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4120 +#: sssd.conf.5.xml:4166 msgid "" "When a user or group is looked up by name in the proxy provider, a second " "lookup by ID is performed to \"canonicalize\" the name in case the requested " @@ -5821,12 +5884,12 @@ msgstr "" "razones de rendimiento." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4134 +#: sssd.conf.5.xml:4180 msgid "proxy_max_children (integer)" msgstr "proxy_max_children (entero)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4137 +#: sssd.conf.5.xml:4183 msgid "" "This option specifies the number of pre-forked proxy children. It is useful " "for high-load SSSD environments where sssd may run out of available child " @@ -5838,7 +5901,7 @@ msgstr "" "son encoladas." #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4072 +#: sssd.conf.5.xml:4118 msgid "" "Options valid for proxy domains. <placeholder type=\"variablelist\" " "id=\"0\"/>" @@ -5847,12 +5910,12 @@ msgstr "" "id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:4153 +#: sssd.conf.5.xml:4199 msgid "Application domains" msgstr "Dominios de aplicaciones" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4155 +#: sssd.conf.5.xml:4201 msgid "" "SSSD, with its D-Bus interface (see <citerefentry> <refentrytitle>sssd-ifp</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry>) is appealing to " @@ -5881,7 +5944,7 @@ msgstr "" "que opcionalmente herede ajustes de un dominio SSSD tradicional." #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4175 +#: sssd.conf.5.xml:4221 msgid "" "Please note that the application domain must still be explicitly enabled in " "the <quote>domains</quote> parameter so that the lookup order between the " @@ -5893,17 +5956,17 @@ msgstr "" "establecido correctamente." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> -#: sssd.conf.5.xml:4181 +#: sssd.conf.5.xml:4227 msgid "Application domain parameters" msgstr "Parámetros de dominio de aplicación" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4183 +#: sssd.conf.5.xml:4229 msgid "inherit_from (string)" msgstr "inherit_from (cadena)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4186 +#: sssd.conf.5.xml:4232 msgid "" "The SSSD POSIX-type domain the application domain inherits all settings " "from. The application domain can moreover add its own settings to the " @@ -5916,7 +5979,7 @@ msgstr "" "<quote>hermano</quote>." #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4200 +#: sssd.conf.5.xml:4246 msgid "" "The following example illustrates the use of an application domain. In this " "setup, the POSIX domain is connected to an LDAP server and is used by the OS " @@ -5931,7 +5994,7 @@ msgstr "" "cache y hace al atributo phone alcanzable a través del interfaz D-Bus." #. type: Content of: <reference><refentry><refsect1><refsect2><programlisting> -#: sssd.conf.5.xml:4208 +#: sssd.conf.5.xml:4254 #, no-wrap msgid "" "[sssd]\n" @@ -5965,12 +6028,12 @@ msgstr "" "ldap_user_extra_attrs = phone:telephoneNumber\n" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4228 +#: sssd.conf.5.xml:4274 msgid "TRUSTED DOMAIN SECTION" msgstr "SECCIÓN DE DOMINIO DE CONFIANZA" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4230 +#: sssd.conf.5.xml:4276 msgid "" "Some options used in the domain section can also be used in the trusted " "domain section, that is, in a section called <quote>[domain/" @@ -5987,57 +6050,57 @@ msgstr "" "soportadas en la sección de dominio de confianza son:" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4237 +#: sssd.conf.5.xml:4283 msgid "ldap_search_base," msgstr "ldap_search_base," #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4238 +#: sssd.conf.5.xml:4284 msgid "ldap_user_search_base," msgstr "ldap_user_search_base," #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4239 +#: sssd.conf.5.xml:4285 msgid "ldap_group_search_base," msgstr "ldap_group_search_base," #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4240 +#: sssd.conf.5.xml:4286 msgid "ldap_netgroup_search_base," msgstr "ldap_netgroup_search_base," #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4241 +#: sssd.conf.5.xml:4287 msgid "ldap_service_search_base," msgstr "ldap_service_search_base," #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4242 +#: sssd.conf.5.xml:4288 msgid "ldap_sasl_mech," msgstr "ldap_sasl_mech," #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4243 +#: sssd.conf.5.xml:4289 msgid "ad_server," msgstr "ad_server," #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4244 +#: sssd.conf.5.xml:4290 msgid "ad_backup_server," msgstr "ad_backup_server," #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4245 +#: sssd.conf.5.xml:4291 msgid "ad_site," msgstr "ad_site," #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4246 sssd-ipa.5.xml:879 +#: sssd.conf.5.xml:4292 sssd-ipa.5.xml:879 msgid "use_fully_qualified_names" msgstr "use_fully_qualified_names" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4250 +#: sssd.conf.5.xml:4296 msgid "" "For more details about these options see their individual description in the " "manual page." @@ -6046,12 +6109,12 @@ msgstr "" "página de manual." #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4256 +#: sssd.conf.5.xml:4302 msgid "CERTIFICATE MAPPING SECTION" msgstr "SECCIÓN DE MAPEO DEL CERTIFICADO" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4258 +#: sssd.conf.5.xml:4304 msgid "" "To allow authentication with Smartcards and certificates SSSD must be able " "to map certificates to users. This can be done by adding the full " @@ -6073,7 +6136,7 @@ msgstr "" "usan autenticación PAM." #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4272 +#: sssd.conf.5.xml:4318 msgid "" "To make the mapping more flexible mapping and matching rules were added to " "SSSD (see <citerefentry> <refentrytitle>sss-certmap</refentrytitle> " @@ -6085,7 +6148,7 @@ msgstr "" "citerefentry>)." #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4281 +#: sssd.conf.5.xml:4327 msgid "" "A mapping and matching rule can be added to the SSSD configuration in a " "section on its own with a name like <quote>[certmap/" @@ -6099,12 +6162,12 @@ msgstr "" "opciones:" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4288 +#: sssd.conf.5.xml:4334 msgid "matchrule (string)" msgstr "matchrule (cadena)" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4291 +#: sssd.conf.5.xml:4337 msgid "" "Only certificates from the Smartcard which matches this rule will be " "processed, all others are ignored." @@ -6113,7 +6176,7 @@ msgstr "" "procesados, los demás son ignorados." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4295 +#: sssd.conf.5.xml:4341 msgid "" "Default: KRB5:<EKU>clientAuth, i.e. only certificates which have the " "Extended Key Usage <quote>clientAuth</quote>" @@ -6122,17 +6185,17 @@ msgstr "" "tengan Extended Key Usage <quote>clientAuth</quote>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4302 +#: sssd.conf.5.xml:4348 msgid "maprule (string)" msgstr "maprule (cadena)" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4305 +#: sssd.conf.5.xml:4351 msgid "Defines how the user is found for a given certificate." msgstr "Define como se encuentra un usuario desde un certificado dado." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4311 +#: sssd.conf.5.xml:4357 msgid "" "LDAP:(userCertificate;binary={cert!bin}) for LDAP based providers like " "<quote>ldap</quote>, <quote>AD</quote> or <quote>ipa</quote>." @@ -6141,7 +6204,7 @@ msgstr "" "como <quote>ldap</quote>, <quote>AD</quote> o <quote>ipa</quote>." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4317 +#: sssd.conf.5.xml:4363 msgid "" "The RULE_NAME for the <quote>files</quote> provider which tries to find a " "user with the same name." @@ -6150,12 +6213,12 @@ msgstr "" "encontrar un usuario con el mismo nombre." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4326 +#: sssd.conf.5.xml:4372 msgid "domains (string)" msgstr "domains (cadena)" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4329 +#: sssd.conf.5.xml:4375 msgid "" "Comma separated list of domain names the rule should be applied. By default " "a rule is only valid in the domain configured in sssd.conf. If the provider " @@ -6168,17 +6231,17 @@ msgstr "" "usada para añadir la regla a los subdominios también." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4336 +#: sssd.conf.5.xml:4382 msgid "Default: the configured domain in sssd.conf" msgstr "Predetermiado: el dominio configurado en sssd.conf" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4341 +#: sssd.conf.5.xml:4387 msgid "priority (integer)" msgstr "priority (entero)" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4344 +#: sssd.conf.5.xml:4390 msgid "" "Unsigned integer value defining the priority of the rule. The higher the " "number the lower the priority. <quote>0</quote> stands for the highest " @@ -6189,12 +6252,12 @@ msgstr "" "más alte mientras que <quote>4294967295</quote> es la más baja." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4350 +#: sssd.conf.5.xml:4396 msgid "Default: the lowest priority" msgstr "Predeterminado: la prioridad más baja" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4356 +#: sssd.conf.5.xml:4402 msgid "" "To make the configuration simple and reduce the amount of configuration " "options the <quote>files</quote> provider has some special properties:" @@ -6204,7 +6267,7 @@ msgstr "" "propiedades especiales:" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4362 +#: sssd.conf.5.xml:4408 msgid "" "if maprule is not set the RULE_NAME name is assumed to be the name of the " "matching user" @@ -6213,7 +6276,7 @@ msgstr "" "usuario coincidente" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4368 +#: sssd.conf.5.xml:4414 msgid "" "if a maprule is used both a single user name or a template like " "<quote>{subject_rfc822_name.short_name}</quote> must be in braces like e.g. " @@ -6226,17 +6289,17 @@ msgstr "" "short_name})</quote>" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4377 +#: sssd.conf.5.xml:4423 msgid "the <quote>domains</quote> option is ignored" msgstr "la opción <quote>domains</quote> es ignorada" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4385 +#: sssd.conf.5.xml:4431 msgid "PROMPTING CONFIGURATION SECTION" msgstr "SECCIÓN DE CONFIGURACIÓN INICIAL" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4387 +#: sssd.conf.5.xml:4433 msgid "" "If a special file (<filename>/var/lib/sss/pubconf/pam_preauth_available</" "filename>) exists SSSD's PAM module pam_sss will ask SSSD to figure out " @@ -6251,7 +6314,7 @@ msgstr "" "al usuario las credenciales apropiadas." #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4395 +#: sssd.conf.5.xml:4441 msgid "" "With the growing number of authentication methods and the possibility that " "there are multiple ones for a single user the heuristic used by pam_sss to " @@ -6264,22 +6327,22 @@ msgstr "" "Las siguientes opciones deberían suministrar una mejor flexibilidad aquí." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4407 +#: sssd.conf.5.xml:4453 msgid "[prompting/password]" msgstr "[prompting/password]" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4410 +#: sssd.conf.5.xml:4456 msgid "password_prompt" msgstr "password_prompt" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4411 +#: sssd.conf.5.xml:4457 msgid "to change the string of the password prompt" msgstr "cambiar la cadena de solicitud de contraseña" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4409 +#: sssd.conf.5.xml:4455 msgid "" "to configure password prompting, allowed options are: <placeholder " "type=\"variablelist\" id=\"0\"/>" @@ -6288,37 +6351,37 @@ msgstr "" "<placeholder type=\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4419 +#: sssd.conf.5.xml:4465 msgid "[prompting/2fa]" msgstr "[prompting/2fa]" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4423 +#: sssd.conf.5.xml:4469 msgid "first_prompt" msgstr "first_prompt" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4424 +#: sssd.conf.5.xml:4470 msgid "to change the string of the prompt for the first factor" msgstr "para cambiar la cadena de la solicitud del primer factor" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4427 +#: sssd.conf.5.xml:4473 msgid "second_prompt" msgstr "second_prompt" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4428 +#: sssd.conf.5.xml:4474 msgid "to change the string of the prompt for the second factor" msgstr "para cambiar la cadena de la solicitud para el segundo factor" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4431 +#: sssd.conf.5.xml:4477 msgid "single_prompt" msgstr "single_prompt" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4432 +#: sssd.conf.5.xml:4478 #, fuzzy #| msgid "" #| "boolean value, if True there will be only a single prompt using the value " @@ -6335,7 +6398,7 @@ msgstr "" "única cadena" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4421 +#: sssd.conf.5.xml:4467 msgid "" "to configure two-factor authentication prompting, allowed options are: " "<placeholder type=\"variablelist\" id=\"0\"/> If the second factor is " @@ -6344,19 +6407,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4449 +#: sssd.conf.5.xml:4495 #, fuzzy #| msgid "[prompting/password]" msgid "[prompting/passkey]" msgstr "[prompting/password]" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4455 sssd-ad.5.xml:1021 +#: sssd.conf.5.xml:4501 sssd-ad.5.xml:1021 msgid "interactive" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4457 +#: sssd.conf.5.xml:4503 msgid "" "boolean value, if True prompt a message and wait before testing the presence " "of a passkey device. Recommended if your device doesn’t have a tactile " @@ -6364,47 +6427,47 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4465 +#: sssd.conf.5.xml:4511 #, fuzzy #| msgid "first_prompt" msgid "interactive_prompt" msgstr "first_prompt" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4467 +#: sssd.conf.5.xml:4513 #, fuzzy #| msgid "to change the string of the password prompt" msgid "to change the message of the interactive prompt." msgstr "cambiar la cadena de solicitud de contraseña" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4472 +#: sssd.conf.5.xml:4518 msgid "touch" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4474 +#: sssd.conf.5.xml:4520 msgid "" "boolean value, if True prompt a message to remind the user to touch the " "device." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4480 +#: sssd.conf.5.xml:4526 #, fuzzy #| msgid "first_prompt" msgid "touch_prompt" msgstr "first_prompt" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4482 +#: sssd.conf.5.xml:4528 #, fuzzy #| msgid "to change the string of the password prompt" msgid "to change the message of the touch prompt." msgstr "cambiar la cadena de solicitud de contraseña" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4451 +#: sssd.conf.5.xml:4497 #, fuzzy #| msgid "" #| "to configure two-factor authentication prompting, allowed options are: " @@ -6417,7 +6480,7 @@ msgstr "" "permitidas son: <placeholder type=\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4402 +#: sssd.conf.5.xml:4448 #, fuzzy #| msgid "" #| "Each supported authentication method has its own configuration subsection " @@ -6436,7 +6499,7 @@ msgstr "" "type=\"variablelist\" id=\"1\"/>" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4493 +#: sssd.conf.5.xml:4539 msgid "" "It is possible to add a subsection for specific PAM services, e.g. " "<quote>[prompting/password/sshd]</quote> to individual change the prompting " @@ -6447,12 +6510,12 @@ msgstr "" "pregunta para este servicio." #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4500 pam_sss_gss.8.xml:157 idmap_sss.8.xml:43 +#: sssd.conf.5.xml:4546 pam_sss_gss.8.xml:157 idmap_sss.8.xml:43 msgid "EXAMPLES" msgstr "EJEMPLOS" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4506 +#: sssd.conf.5.xml:4552 #, no-wrap msgid "" "[sssd]\n" @@ -6506,7 +6569,7 @@ msgstr "" "enumerate = False\n" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4502 +#: sssd.conf.5.xml:4548 msgid "" "1. The following example shows a typical SSSD config. It does not describe " "configuration of the domains themselves - refer to documentation on " @@ -6519,7 +6582,7 @@ msgstr "" "type=\"programlisting\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4539 +#: sssd.conf.5.xml:4585 #, no-wrap msgid "" "[domain/ipa.com/child.ad.com]\n" @@ -6529,7 +6592,7 @@ msgstr "" "use_fully_qualified_names = false\n" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4533 +#: sssd.conf.5.xml:4579 msgid "" "2. The following example shows configuration of IPA AD trust where the AD " "forest consists of two domains in a parent-child structure. Suppose IPA " @@ -6546,7 +6609,7 @@ msgstr "" "type=\"programlisting\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4550 +#: sssd.conf.5.xml:4596 #, fuzzy, no-wrap #| msgid "" #| "[certmap/my.domain/rule_name]\n" @@ -6574,7 +6637,7 @@ msgstr "" "matchrule = <ISSUER>^CN=My-CA,DC=MY,DC=DOMAIN$<SUBJECT>^CN=User.Name,DC=MY,DC=DOMAIN$\n" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4544 +#: sssd.conf.5.xml:4590 #, fuzzy #| msgid "" #| "3. The following example shows the configuration for two certificate " @@ -20528,9 +20591,13 @@ msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: include/ldap_id_mapping.xml:235 +#, fuzzy +#| msgid "" +#| "When this option is configured, domains will be allocated starting with " +#| "slice zero and increasing monatomically with each additional domain." msgid "" "When this option is configured, domains will be allocated starting with " -"slice zero and increasing monatomically with each additional domain." +"slice zero and increasing monotonically with each additional domain." msgstr "" "Cuando esta opción está configurada, los dominios serán asignados empezando " "con la rebanada cero e incrementándose de uno en uno con cada dominio " diff --git a/src/man/po/eu.po b/src/man/po/eu.po index d93aef8f1d3..25b8039e969 100644 --- a/src/man/po/eu.po +++ b/src/man/po/eu.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: sssd-docs 2.3.0\n" "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" -"POT-Creation-Date: 2023-05-05 10:09+0200\n" +"POT-Creation-Date: 2023-09-07 11:47+0200\n" "PO-Revision-Date: 2014-12-14 11:55-0500\n" "Last-Translator: Copied by Zanata <copied-by-zanata@zanata.org>\n" "Language-Team: Basque (http://www.transifex.com/projects/p/sssd/language/" @@ -204,8 +204,8 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:136 sssd.conf.5.xml:173 sssd.conf.5.xml:358 -#: sssd.conf.5.xml:714 sssd.conf.5.xml:729 sssd.conf.5.xml:951 -#: sssd.conf.5.xml:1069 sssd.conf.5.xml:2197 sssd-ldap.5.xml:1071 +#: sssd.conf.5.xml:714 sssd.conf.5.xml:729 sssd.conf.5.xml:952 +#: sssd.conf.5.xml:1070 sssd.conf.5.xml:2198 sssd-ldap.5.xml:1071 #: sssd-ldap.5.xml:1174 sssd-ldap.5.xml:1243 sssd-ldap.5.xml:1750 #: sssd-ldap.5.xml:1815 sssd-ipa.5.xml:342 sssd-ad.5.xml:252 sssd-ad.5.xml:366 #: sssd-ad.5.xml:1200 sssd-ad.5.xml:1348 sssd-krb5.5.xml:358 @@ -225,8 +225,8 @@ msgid "" msgstr "" #. type: Content of: <variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:149 sssd.conf.5.xml:652 sssd.conf.5.xml:948 -#: sssd.conf.5.xml:2100 sssd.conf.5.xml:2167 sssd.conf.5.xml:4128 +#: sssd.conf.5.xml:149 sssd.conf.5.xml:652 sssd.conf.5.xml:949 +#: sssd.conf.5.xml:2101 sssd.conf.5.xml:2168 sssd.conf.5.xml:4174 #: sssd-ldap.5.xml:312 sssd-ldap.5.xml:917 sssd-ldap.5.xml:936 #: sssd-ldap.5.xml:1146 sssd-ldap.5.xml:1599 sssd-ldap.5.xml:1839 #: sssd-ipa.5.xml:152 sssd-ipa.5.xml:254 sssd-ipa.5.xml:657 sssd-ad.5.xml:1106 @@ -294,8 +294,8 @@ msgid "" msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:196 sssd.conf.5.xml:1289 sssd.conf.5.xml:1766 -#: sssd.conf.5.xml:4144 sssd-ldap.5.xml:765 include/ldap_id_mapping.xml:270 +#: sssd.conf.5.xml:196 sssd.conf.5.xml:1290 sssd.conf.5.xml:1767 +#: sssd.conf.5.xml:4190 sssd-ldap.5.xml:765 include/ldap_id_mapping.xml:270 msgid "Default: 10" msgstr "" @@ -359,19 +359,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:258 sssd.conf.5.xml:783 +#: sssd.conf.5.xml:258 sssd.conf.5.xml:784 msgid "reconnection_retries (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:261 sssd.conf.5.xml:786 +#: sssd.conf.5.xml:261 sssd.conf.5.xml:787 msgid "" "Number of times services should attempt to reconnect in the event of a Data " "Provider crash or restart before they give up" msgstr "" #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:266 sssd.conf.5.xml:791 sssd.conf.5.xml:3708 +#: sssd.conf.5.xml:266 sssd.conf.5.xml:792 sssd.conf.5.xml:3709 #: include/failover.xml:100 msgid "Default: 3" msgstr "" @@ -393,7 +393,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:287 sssd.conf.5.xml:3540 +#: sssd.conf.5.xml:287 sssd.conf.5.xml:3541 msgid "re_expression (string)" msgstr "" @@ -413,12 +413,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:304 sssd.conf.5.xml:3597 +#: sssd.conf.5.xml:304 sssd.conf.5.xml:3598 msgid "full_name_format (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:307 sssd.conf.5.xml:3600 +#: sssd.conf.5.xml:307 sssd.conf.5.xml:3601 msgid "" "A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</" "manvolnum> </citerefentry>-compatible format that describes how to compose a " @@ -426,39 +426,39 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:318 sssd.conf.5.xml:3611 +#: sssd.conf.5.xml:318 sssd.conf.5.xml:3612 msgid "%1$s" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:319 sssd.conf.5.xml:3612 +#: sssd.conf.5.xml:319 sssd.conf.5.xml:3613 msgid "user name" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:322 sssd.conf.5.xml:3615 +#: sssd.conf.5.xml:322 sssd.conf.5.xml:3616 msgid "%2$s" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:325 sssd.conf.5.xml:3618 +#: sssd.conf.5.xml:325 sssd.conf.5.xml:3619 msgid "domain name as specified in the SSSD config file." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:331 sssd.conf.5.xml:3624 +#: sssd.conf.5.xml:331 sssd.conf.5.xml:3625 msgid "%3$s" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:334 sssd.conf.5.xml:3627 +#: sssd.conf.5.xml:334 sssd.conf.5.xml:3628 msgid "" "domain flat name. Mostly usable for Active Directory domains, both directly " "configured or discovered via IPA trusts." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:315 sssd.conf.5.xml:3608 +#: sssd.conf.5.xml:315 sssd.conf.5.xml:3609 msgid "" "The following expansions are supported: <placeholder type=\"variablelist\" " "id=\"0\"/>" @@ -872,7 +872,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:700 sssd.conf.5.xml:1790 sssd.conf.5.xml:4194 +#: sssd.conf.5.xml:700 sssd.conf.5.xml:1791 sssd.conf.5.xml:4240 #: sssd-ad.5.xml:187 sssd-ad.5.xml:327 sssd-ad.5.xml:341 msgid "Default: Not set" msgstr "" @@ -917,11 +917,11 @@ msgstr "" #: sssd.conf.5.xml:744 msgid "" "Enable or disable the user verification (i.e. PIN, fingerprint) during " -"authentication." +"authentication. If enabled, the PIN will always be requested." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:749 +#: sssd.conf.5.xml:750 msgid "" "The default is that the key settings decide what to do. In the IPA or " "kerberos pre-authentication case, this value will be overwritten by the " @@ -948,12 +948,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:768 +#: sssd.conf.5.xml:769 msgid "SERVICES SECTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:770 +#: sssd.conf.5.xml:771 msgid "" "Settings that can be used to configure different services are described in " "this section. They should reside in the [<replaceable>$NAME</replaceable>] " @@ -962,22 +962,22 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:777 +#: sssd.conf.5.xml:778 msgid "General service configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:779 +#: sssd.conf.5.xml:780 msgid "These options can be used to configure any service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:796 +#: sssd.conf.5.xml:797 msgid "fd_limit" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:799 +#: sssd.conf.5.xml:800 msgid "" "This option specifies the maximum number of file descriptors that may be " "opened at one time by this SSSD process. On systems where SSSD is granted " @@ -987,17 +987,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:808 +#: sssd.conf.5.xml:809 msgid "Default: 8192 (or limits.conf \"hard\" limit)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:813 +#: sssd.conf.5.xml:814 msgid "client_idle_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:816 +#: sssd.conf.5.xml:817 msgid "" "This option specifies the number of seconds that a client of an SSSD process " "can hold onto a file descriptor without communicating on it. This value is " @@ -1007,17 +1007,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:825 +#: sssd.conf.5.xml:826 msgid "Default: 60, KCM: 300" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:830 +#: sssd.conf.5.xml:831 msgid "offline_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:833 +#: sssd.conf.5.xml:834 msgid "" "When SSSD switches to offline mode the amount of time before it tries to go " "back online will increase based upon the time spent disconnected. By " @@ -1028,14 +1028,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:844 sssd.conf.5.xml:900 +#: sssd.conf.5.xml:845 sssd.conf.5.xml:901 msgid "" "new_delay = Minimum(old_delay * 2, offline_timeout_max) + random[0..." "offline_timeout_random_offset]" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:847 +#: sssd.conf.5.xml:848 msgid "" "The offline_timeout default value is 60. The offline_timeout_max default " "value is 3600. The offline_timeout_random_offset default value is 30. The " @@ -1043,44 +1043,44 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:853 +#: sssd.conf.5.xml:854 msgid "" "Note that the maximum length of each interval is defined by " "offline_timeout_max (apart of random part)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:857 sssd.conf.5.xml:1200 sssd.conf.5.xml:1583 -#: sssd.conf.5.xml:1879 sssd-ldap.5.xml:494 +#: sssd.conf.5.xml:858 sssd.conf.5.xml:1201 sssd.conf.5.xml:1584 +#: sssd.conf.5.xml:1880 sssd-ldap.5.xml:494 msgid "Default: 60" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:862 +#: sssd.conf.5.xml:863 msgid "offline_timeout_max (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:865 +#: sssd.conf.5.xml:866 msgid "" "Controls by how much the time between attempts to go online can be " "incremented following unsuccessful attempts to go online." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:870 +#: sssd.conf.5.xml:871 msgid "A value of 0 disables the incrementing behaviour." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:873 +#: sssd.conf.5.xml:874 msgid "" "The value of this parameter should be set in correlation to offline_timeout " "parameter value." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:877 +#: sssd.conf.5.xml:878 msgid "" "With offline_timeout set to 60 (default value) there is no point in setting " "offlinet_timeout_max to less than 120 as it will saturate instantly. General " @@ -1089,58 +1089,58 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:883 +#: sssd.conf.5.xml:884 msgid "" "Although a value between 0 and offline_timeout may be specified, it has the " "effect of overriding the offline_timeout value so is of little use." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:888 +#: sssd.conf.5.xml:889 msgid "Default: 3600" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:893 +#: sssd.conf.5.xml:894 msgid "offline_timeout_random_offset (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:896 +#: sssd.conf.5.xml:897 msgid "" "When SSSD is in offline mode it keeps probing backend servers in specified " "time intervals:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:903 +#: sssd.conf.5.xml:904 msgid "" "This parameter controls the value of the random offset used for the above " "equation. Final random_offset value will be random number in range:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:908 +#: sssd.conf.5.xml:909 msgid "[0 - offline_timeout_random_offset]" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:911 +#: sssd.conf.5.xml:912 msgid "A value of 0 disables the random offset addition." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:914 +#: sssd.conf.5.xml:915 msgid "Default: 30" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:919 +#: sssd.conf.5.xml:920 msgid "responder_idle_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:922 +#: sssd.conf.5.xml:923 msgid "" "This option specifies the number of seconds that an SSSD responder process " "can be up without being used. This value is limited in order to avoid " @@ -1152,58 +1152,58 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:936 sssd.conf.5.xml:1213 sssd.conf.5.xml:2321 +#: sssd.conf.5.xml:937 sssd.conf.5.xml:1214 sssd.conf.5.xml:2322 #: sssd-ldap.5.xml:331 msgid "Default: 300" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:941 +#: sssd.conf.5.xml:942 msgid "cache_first" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:944 +#: sssd.conf.5.xml:945 msgid "" "This option specifies whether the responder should query all caches before " "querying the Data Providers." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:959 +#: sssd.conf.5.xml:960 msgid "NSS configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:961 +#: sssd.conf.5.xml:962 msgid "" "These options can be used to configure the Name Service Switch (NSS) service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:966 +#: sssd.conf.5.xml:967 msgid "enum_cache_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:969 +#: sssd.conf.5.xml:970 msgid "" "How many seconds should nss_sss cache enumerations (requests for info about " "all users)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:973 +#: sssd.conf.5.xml:974 msgid "Default: 120" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:978 +#: sssd.conf.5.xml:979 msgid "entry_cache_nowait_percentage (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:981 +#: sssd.conf.5.xml:982 msgid "" "The entry cache can be set to automatically update entries in the background " "if they are requested beyond a percentage of the entry_cache_timeout value " @@ -1211,7 +1211,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:987 +#: sssd.conf.5.xml:988 msgid "" "For example, if the domain's entry_cache_timeout is set to 30s and " "entry_cache_nowait_percentage is set to 50 (percent), entries that come in " @@ -1221,7 +1221,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:997 +#: sssd.conf.5.xml:998 msgid "" "Valid values for this option are 0-99 and represent a percentage of the " "entry_cache_timeout for each domain. For performance reasons, this " @@ -1230,17 +1230,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1005 sssd.conf.5.xml:2121 +#: sssd.conf.5.xml:1006 sssd.conf.5.xml:2122 msgid "Default: 50" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1010 +#: sssd.conf.5.xml:1011 msgid "entry_negative_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1013 +#: sssd.conf.5.xml:1014 msgid "" "Specifies for how many seconds nss_sss should cache negative cache hits " "(that is, queries for invalid database entries, like nonexistent ones) " @@ -1248,17 +1248,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1019 sssd.conf.5.xml:1778 sssd.conf.5.xml:2145 +#: sssd.conf.5.xml:1020 sssd.conf.5.xml:1779 sssd.conf.5.xml:2146 msgid "Default: 15" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1024 +#: sssd.conf.5.xml:1025 msgid "local_negative_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1027 +#: sssd.conf.5.xml:1028 msgid "" "Specifies for how many seconds nss_sss should keep local users and groups in " "negative cache before trying to look it up in the back end again. Setting " @@ -1266,17 +1266,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1033 +#: sssd.conf.5.xml:1034 msgid "Default: 14400 (4 hours)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1038 +#: sssd.conf.5.xml:1039 msgid "filter_users, filter_groups (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1041 +#: sssd.conf.5.xml:1042 msgid "" "Exclude certain users or groups from being fetched from the sss NSS " "database. This is particularly useful for system accounts. This option can " @@ -1285,7 +1285,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1049 +#: sssd.conf.5.xml:1050 msgid "" "NOTE: The filter_groups option doesn't affect inheritance of nested group " "members, since filtering happens after they are propagated for returning via " @@ -1294,41 +1294,41 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1057 +#: sssd.conf.5.xml:1058 msgid "Default: root" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1062 +#: sssd.conf.5.xml:1063 msgid "filter_users_in_groups (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1065 +#: sssd.conf.5.xml:1066 msgid "" "If you want filtered user still be group members set this option to false." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1076 +#: sssd.conf.5.xml:1077 msgid "fallback_homedir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1079 +#: sssd.conf.5.xml:1080 msgid "" "Set a default template for a user's home directory if one is not specified " "explicitly by the domain's data provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1084 +#: sssd.conf.5.xml:1085 msgid "" "The available values for this option are the same as for override_homedir." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1090 +#: sssd.conf.5.xml:1091 #, no-wrap msgid "" "fallback_homedir = /home/%u\n" @@ -1336,23 +1336,23 @@ msgid "" msgstr "" #. type: Content of: <varlistentry><listitem><para> -#: sssd.conf.5.xml:1088 sssd.conf.5.xml:1650 sssd.conf.5.xml:1669 -#: sssd.conf.5.xml:1746 sssd-krb5.5.xml:451 include/override_homedir.xml:66 +#: sssd.conf.5.xml:1089 sssd.conf.5.xml:1651 sssd.conf.5.xml:1670 +#: sssd.conf.5.xml:1747 sssd-krb5.5.xml:451 include/override_homedir.xml:66 msgid "example: <placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1094 +#: sssd.conf.5.xml:1095 msgid "Default: not set (no substitution for unset home directories)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1100 +#: sssd.conf.5.xml:1101 msgid "override_shell (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1103 +#: sssd.conf.5.xml:1104 msgid "" "Override the login shell for all users. This option supersedes any other " "shell options if it takes effect and can be set either in the [nss] section " @@ -1360,47 +1360,47 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1109 +#: sssd.conf.5.xml:1110 msgid "Default: not set (SSSD will use the value retrieved from LDAP)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1115 +#: sssd.conf.5.xml:1116 msgid "allowed_shells (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1118 +#: sssd.conf.5.xml:1119 msgid "" "Restrict user shell to one of the listed values. The order of evaluation is:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1121 +#: sssd.conf.5.xml:1122 msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1125 +#: sssd.conf.5.xml:1126 msgid "" "2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</" "quote>, use the value of the shell_fallback parameter." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1130 +#: sssd.conf.5.xml:1131 msgid "" "3. If the shell is not in the allowed_shells list and not in <quote>/etc/" "shells</quote>, a nologin shell is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1135 +#: sssd.conf.5.xml:1136 msgid "The wildcard (*) can be used to allow any shell." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1138 +#: sssd.conf.5.xml:1139 msgid "" "The (*) is useful if you want to use shell_fallback in case that user's " "shell is not in <quote>/etc/shells</quote> and maintaining list of all " @@ -1408,113 +1408,113 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1145 +#: sssd.conf.5.xml:1146 msgid "An empty string for shell is passed as-is to libc." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1148 +#: sssd.conf.5.xml:1149 msgid "" "The <quote>/etc/shells</quote> is only read on SSSD start up, which means " "that a restart of the SSSD is required in case a new shell is installed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1152 +#: sssd.conf.5.xml:1153 msgid "Default: Not set. The user shell is automatically used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1157 +#: sssd.conf.5.xml:1158 msgid "vetoed_shells (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1160 +#: sssd.conf.5.xml:1161 msgid "Replace any instance of these shells with the shell_fallback" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1165 +#: sssd.conf.5.xml:1166 msgid "shell_fallback (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1168 +#: sssd.conf.5.xml:1169 msgid "" "The default shell to use if an allowed shell is not installed on the machine." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1172 +#: sssd.conf.5.xml:1173 msgid "Default: /bin/sh" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1177 +#: sssd.conf.5.xml:1178 msgid "default_shell" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1180 +#: sssd.conf.5.xml:1181 msgid "" "The default shell to use if the provider does not return one during lookup. " "This option can be specified globally in the [nss] section or per-domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1186 +#: sssd.conf.5.xml:1187 msgid "" "Default: not set (Return NULL if no shell is specified and rely on libc to " "substitute something sensible when necessary, usually /bin/sh)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1193 sssd.conf.5.xml:1576 +#: sssd.conf.5.xml:1194 sssd.conf.5.xml:1577 msgid "get_domains_timeout (int)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1196 sssd.conf.5.xml:1579 +#: sssd.conf.5.xml:1197 sssd.conf.5.xml:1580 msgid "" "Specifies time in seconds for which the list of subdomains will be " "considered valid." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1205 +#: sssd.conf.5.xml:1206 msgid "memcache_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1208 +#: sssd.conf.5.xml:1209 msgid "" "Specifies time in seconds for which records in the in-memory cache will be " "valid. Setting this option to zero will disable the in-memory cache." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1216 +#: sssd.conf.5.xml:1217 msgid "" "WARNING: Disabling the in-memory cache will have significant negative impact " "on SSSD's performance and should only be used for testing." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1222 sssd.conf.5.xml:1247 sssd.conf.5.xml:1272 -#: sssd.conf.5.xml:1297 sssd.conf.5.xml:1324 +#: sssd.conf.5.xml:1223 sssd.conf.5.xml:1248 sssd.conf.5.xml:1273 +#: sssd.conf.5.xml:1298 sssd.conf.5.xml:1325 msgid "" "NOTE: If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", " "client applications will not use the fast in-memory cache." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1230 +#: sssd.conf.5.xml:1231 msgid "memcache_size_passwd (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1233 +#: sssd.conf.5.xml:1234 msgid "" "Size (in megabytes) of the data table allocated inside fast in-memory cache " "for passwd requests. Setting the size to 0 will disable the passwd in-" @@ -1522,25 +1522,25 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1239 sssd.conf.5.xml:2963 sssd-ldap.5.xml:548 +#: sssd.conf.5.xml:1240 sssd.conf.5.xml:2964 sssd-ldap.5.xml:548 msgid "Default: 8" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1242 sssd.conf.5.xml:1267 sssd.conf.5.xml:1292 -#: sssd.conf.5.xml:1319 +#: sssd.conf.5.xml:1243 sssd.conf.5.xml:1268 sssd.conf.5.xml:1293 +#: sssd.conf.5.xml:1320 msgid "" "WARNING: Disabled or too small in-memory cache can have significant negative " "impact on SSSD's performance." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1255 +#: sssd.conf.5.xml:1256 msgid "memcache_size_group (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1258 +#: sssd.conf.5.xml:1259 msgid "" "Size (in megabytes) of the data table allocated inside fast in-memory cache " "for group requests. Setting the size to 0 will disable the group in-memory " @@ -1548,19 +1548,19 @@ msgid "" msgstr "" #. type: Content of: <variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1264 sssd.conf.5.xml:1316 sssd.conf.5.xml:3729 +#: sssd.conf.5.xml:1265 sssd.conf.5.xml:1317 sssd.conf.5.xml:3730 #: sssd-ldap.5.xml:473 sssd-ldap.5.xml:525 include/failover.xml:116 #: include/krb5_options.xml:11 msgid "Default: 6" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1280 +#: sssd.conf.5.xml:1281 msgid "memcache_size_initgroups (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1283 +#: sssd.conf.5.xml:1284 msgid "" "Size (in megabytes) of the data table allocated inside fast in-memory cache " "for initgroups requests. Setting the size to 0 will disable the initgroups " @@ -1568,12 +1568,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1305 +#: sssd.conf.5.xml:1306 msgid "memcache_size_sid (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1308 +#: sssd.conf.5.xml:1309 msgid "" "Size (in megabytes) of the data table allocated inside fast in-memory cache " "for SID related requests. Only SID-by-ID and ID-by-SID requests are " @@ -1582,12 +1582,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1332 sssd-ifp.5.xml:90 +#: sssd.conf.5.xml:1333 sssd-ifp.5.xml:90 msgid "user_attributes (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1335 +#: sssd.conf.5.xml:1336 msgid "" "Some of the additional NSS responder requests can return more attributes " "than just the POSIX ones defined by the NSS interface. The list of " @@ -1598,43 +1598,43 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1348 +#: sssd.conf.5.xml:1349 msgid "" "To make configuration more easy the NSS responder will check the InfoPipe " "option if it is not set for the NSS responder." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1353 +#: sssd.conf.5.xml:1354 msgid "Default: not set, fallback to InfoPipe option" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1358 +#: sssd.conf.5.xml:1359 msgid "pwfield (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1361 +#: sssd.conf.5.xml:1362 msgid "" "The value that NSS operations that return users or groups will return for " "the <quote>password</quote> field." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1366 +#: sssd.conf.5.xml:1367 msgid "Default: <quote>*</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1369 +#: sssd.conf.5.xml:1370 msgid "" "Note: This option can also be set per-domain which overwrites the value in " "[nss] section." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1373 +#: sssd.conf.5.xml:1374 msgid "" "Default: <quote>not set</quote> (remote domains), <phrase " "condition=\"with_files_provider\"> <quote>x</quote> (the files domain), </" @@ -1643,60 +1643,60 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:1385 +#: sssd.conf.5.xml:1386 msgid "PAM configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:1387 +#: sssd.conf.5.xml:1388 msgid "" "These options can be used to configure the Pluggable Authentication Module " "(PAM) service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1392 +#: sssd.conf.5.xml:1393 msgid "offline_credentials_expiration (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1395 +#: sssd.conf.5.xml:1396 msgid "" "If the authentication provider is offline, how long should we allow cached " "logins (in days since the last successful online login)." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1400 sssd.conf.5.xml:1413 +#: sssd.conf.5.xml:1401 sssd.conf.5.xml:1414 msgid "Default: 0 (No limit)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1406 +#: sssd.conf.5.xml:1407 msgid "offline_failed_login_attempts (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1409 +#: sssd.conf.5.xml:1410 msgid "" "If the authentication provider is offline, how many failed login attempts " "are allowed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1419 +#: sssd.conf.5.xml:1420 msgid "offline_failed_login_delay (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1422 +#: sssd.conf.5.xml:1423 msgid "" "The time in minutes which has to pass after offline_failed_login_attempts " "has been reached before a new login attempt is possible." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1427 +#: sssd.conf.5.xml:1428 msgid "" "If set to 0 the user cannot authenticate offline if " "offline_failed_login_attempts has been reached. Only a successful online " @@ -1704,59 +1704,59 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1433 sssd.conf.5.xml:1543 +#: sssd.conf.5.xml:1434 sssd.conf.5.xml:1544 msgid "Default: 5" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1439 +#: sssd.conf.5.xml:1440 msgid "pam_verbosity (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1442 +#: sssd.conf.5.xml:1443 msgid "" "Controls what kind of messages are shown to the user during authentication. " "The higher the number to more messages are displayed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1447 +#: sssd.conf.5.xml:1448 msgid "Currently sssd supports the following values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1450 +#: sssd.conf.5.xml:1451 msgid "<emphasis>0</emphasis>: do not show any message" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1453 +#: sssd.conf.5.xml:1454 msgid "<emphasis>1</emphasis>: show only important messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1457 +#: sssd.conf.5.xml:1458 msgid "<emphasis>2</emphasis>: show informational messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1460 +#: sssd.conf.5.xml:1461 msgid "<emphasis>3</emphasis>: show all messages and debug information" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1464 sssd.8.xml:63 +#: sssd.conf.5.xml:1465 sssd.8.xml:63 msgid "Default: 1" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1470 +#: sssd.conf.5.xml:1471 msgid "pam_response_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1473 +#: sssd.conf.5.xml:1474 msgid "" "A comma separated list of strings which allows to remove (filter) data sent " "by the PAM responder to pam_sss PAM module. There are different kind of " @@ -1765,51 +1765,51 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1481 +#: sssd.conf.5.xml:1482 msgid "" "While messages already can be controlled with the help of the pam_verbosity " "option this option allows to filter out other kind of responses as well." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1488 +#: sssd.conf.5.xml:1489 msgid "ENV" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1489 +#: sssd.conf.5.xml:1490 msgid "Do not send any environment variables to any service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1492 +#: sssd.conf.5.xml:1493 msgid "ENV:var_name" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1493 +#: sssd.conf.5.xml:1494 msgid "Do not send environment variable var_name to any service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1497 +#: sssd.conf.5.xml:1498 msgid "ENV:var_name:service" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1498 +#: sssd.conf.5.xml:1499 msgid "Do not send environment variable var_name to service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1486 +#: sssd.conf.5.xml:1487 msgid "" "Currently the following filters are supported: <placeholder " "type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1505 +#: sssd.conf.5.xml:1506 msgid "" "The list of strings can either be the list of filters which would set this " "list of filters and overwrite the defaults. Or each element of the list can " @@ -1820,23 +1820,23 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1516 +#: sssd.conf.5.xml:1517 msgid "Default: ENV:KRB5CCNAME:sudo, ENV:KRB5CCNAME:sudo-i" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1519 +#: sssd.conf.5.xml:1520 msgid "" "Example: -ENV:KRB5CCNAME:sudo-i will remove the filter from the default list" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1526 +#: sssd.conf.5.xml:1527 msgid "pam_id_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1529 +#: sssd.conf.5.xml:1530 msgid "" "For any PAM request while SSSD is online, the SSSD will attempt to " "immediately update the cached identity information for the user in order to " @@ -1844,7 +1844,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1535 +#: sssd.conf.5.xml:1536 msgid "" "A complete PAM conversation may perform multiple PAM requests, such as " "account management and session opening. This option controls (on a per-" @@ -1853,17 +1853,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1549 +#: sssd.conf.5.xml:1550 msgid "pam_pwd_expiration_warning (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1552 sssd.conf.5.xml:2987 +#: sssd.conf.5.xml:1553 sssd.conf.5.xml:2988 msgid "Display a warning N days before the password expires." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1555 +#: sssd.conf.5.xml:1556 msgid "" "Please note that the backend server has to provide information about the " "expiration time of the password. If this information is missing, sssd " @@ -1871,31 +1871,31 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1561 sssd.conf.5.xml:2990 +#: sssd.conf.5.xml:1562 sssd.conf.5.xml:2991 msgid "" "If zero is set, then this filter is not applied, i.e. if the expiration " "warning was received from backend server, it will automatically be displayed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1566 +#: sssd.conf.5.xml:1567 msgid "" "This setting can be overridden by setting <emphasis>pwd_expiration_warning</" "emphasis> for a particular domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1571 sssd.conf.5.xml:3976 sssd-ldap.5.xml:606 sssd.8.xml:79 +#: sssd.conf.5.xml:1572 sssd.conf.5.xml:3977 sssd-ldap.5.xml:606 sssd.8.xml:79 msgid "Default: 0" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1588 +#: sssd.conf.5.xml:1589 msgid "pam_trusted_users (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1591 +#: sssd.conf.5.xml:1592 msgid "" "Specifies the comma-separated list of UID values or user names that are " "allowed to run PAM conversations against trusted domains. Users not " @@ -1905,75 +1905,75 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1601 +#: sssd.conf.5.xml:1602 msgid "Default: All users are considered trusted by default" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1605 +#: sssd.conf.5.xml:1606 msgid "" "Please note that UID 0 is always allowed to access the PAM responder even in " "case it is not in the pam_trusted_users list." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1612 +#: sssd.conf.5.xml:1613 msgid "pam_public_domains (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1615 +#: sssd.conf.5.xml:1616 msgid "" "Specifies the comma-separated list of domain names that are accessible even " "to untrusted users." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1619 +#: sssd.conf.5.xml:1620 msgid "Two special values for pam_public_domains option are defined:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1623 +#: sssd.conf.5.xml:1624 msgid "" "all (Untrusted users are allowed to access all domains in PAM responder.)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1627 +#: sssd.conf.5.xml:1628 msgid "" "none (Untrusted users are not allowed to access any domains PAM in " "responder.)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1631 sssd.conf.5.xml:1656 sssd.conf.5.xml:1675 -#: sssd.conf.5.xml:1912 sssd.conf.5.xml:2732 sssd.conf.5.xml:3905 +#: sssd.conf.5.xml:1632 sssd.conf.5.xml:1657 sssd.conf.5.xml:1676 +#: sssd.conf.5.xml:1913 sssd.conf.5.xml:2733 sssd.conf.5.xml:3906 #: sssd-ldap.5.xml:1207 msgid "Default: none" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1636 +#: sssd.conf.5.xml:1637 msgid "pam_account_expired_message (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1639 +#: sssd.conf.5.xml:1640 msgid "" "Allows a custom expiration message to be set, replacing the default " "'Permission denied' message." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1644 +#: sssd.conf.5.xml:1645 msgid "" "Note: Please be aware that message is only printed for the SSH service " "unless pam_verbosity is set to 3 (show all messages and debug information)." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1652 +#: sssd.conf.5.xml:1653 #, no-wrap msgid "" "pam_account_expired_message = Account expired, please contact help desk.\n" @@ -1981,19 +1981,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1661 +#: sssd.conf.5.xml:1662 msgid "pam_account_locked_message (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1664 +#: sssd.conf.5.xml:1665 msgid "" "Allows a custom lockout message to be set, replacing the default 'Permission " "denied' message." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1671 +#: sssd.conf.5.xml:1672 #, no-wrap msgid "" "pam_account_locked_message = Account locked, please contact help desk.\n" @@ -2001,17 +2001,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1680 +#: sssd.conf.5.xml:1681 msgid "pam_passkey_auth (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1683 +#: sssd.conf.5.xml:1684 msgid "Enable passkey device based authentication." msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1686 sssd.conf.5.xml:1697 sssd.conf.5.xml:1711 +#: sssd.conf.5.xml:1687 sssd.conf.5.xml:1698 sssd.conf.5.xml:1712 #: sssd-ldap.5.xml:671 sssd-ldap.5.xml:692 sssd-ldap.5.xml:788 #: sssd-ldap.5.xml:1293 sssd-ad.5.xml:505 sssd-ad.5.xml:581 sssd-ad.5.xml:1126 #: sssd-ad.5.xml:1175 include/ldap_id_mapping.xml:250 @@ -2019,22 +2019,22 @@ msgid "Default: False" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1691 +#: sssd.conf.5.xml:1692 msgid "passkey_debug_libfido2 (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1694 +#: sssd.conf.5.xml:1695 msgid "Enable libfido2 library debug messages." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1702 +#: sssd.conf.5.xml:1703 msgid "pam_cert_auth (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1705 +#: sssd.conf.5.xml:1706 msgid "" "Enable certificate based Smartcard authentication. Since this requires " "additional communication with the Smartcard which will delay the " @@ -2042,34 +2042,34 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1716 +#: sssd.conf.5.xml:1717 msgid "pam_cert_db_path (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1719 +#: sssd.conf.5.xml:1720 msgid "The path to the certificate database." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1722 sssd.conf.5.xml:2247 sssd.conf.5.xml:4308 +#: sssd.conf.5.xml:1723 sssd.conf.5.xml:2248 sssd.conf.5.xml:4354 msgid "Default:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1724 sssd.conf.5.xml:2249 +#: sssd.conf.5.xml:1725 sssd.conf.5.xml:2250 msgid "" "/etc/sssd/pki/sssd_auth_ca_db.pem (path to a file with trusted CA " "certificates in PEM format)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1734 +#: sssd.conf.5.xml:1735 msgid "pam_cert_verification (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1737 +#: sssd.conf.5.xml:1738 msgid "" "With this parameter the PAM certificate verification can be tuned with a " "comma separated list of options that override the " @@ -2079,7 +2079,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1748 +#: sssd.conf.5.xml:1749 #, no-wrap msgid "" "pam_cert_verification = partial_chain\n" @@ -2087,59 +2087,59 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1752 +#: sssd.conf.5.xml:1753 msgid "" "Default: not set, i.e. use default <quote>certificate_verification</quote> " "option defined in <quote>[sssd]</quote> section." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1759 +#: sssd.conf.5.xml:1760 msgid "p11_child_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1762 +#: sssd.conf.5.xml:1763 msgid "How many seconds will pam_sss wait for p11_child to finish." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1771 +#: sssd.conf.5.xml:1772 msgid "passkey_child_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1774 +#: sssd.conf.5.xml:1775 msgid "" "How many seconds will the PAM responder wait for passkey_child to finish." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1783 +#: sssd.conf.5.xml:1784 msgid "pam_app_services (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1786 +#: sssd.conf.5.xml:1787 msgid "" "Which PAM services are permitted to contact domains of type " "<quote>application</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1795 +#: sssd.conf.5.xml:1796 msgid "pam_p11_allowed_services (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1798 +#: sssd.conf.5.xml:1799 msgid "" "A comma-separated list of PAM service names for which it will be allowed to " "use Smartcards." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1813 +#: sssd.conf.5.xml:1814 #, no-wrap msgid "" "pam_p11_allowed_services = +my_pam_service, -login\n" @@ -2147,7 +2147,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1802 +#: sssd.conf.5.xml:1803 msgid "" "It is possible to add another PAM service name to the default set by using " "<quote>+service_name</quote> or to explicitly remove a PAM service name from " @@ -2159,63 +2159,63 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1817 sssd-ad.5.xml:644 sssd-ad.5.xml:753 sssd-ad.5.xml:811 +#: sssd.conf.5.xml:1818 sssd-ad.5.xml:644 sssd-ad.5.xml:753 sssd-ad.5.xml:811 #: sssd-ad.5.xml:869 sssd-ad.5.xml:947 msgid "Default: the default set of PAM service names includes:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1822 sssd-ad.5.xml:648 +#: sssd.conf.5.xml:1823 sssd-ad.5.xml:648 msgid "login" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1827 sssd-ad.5.xml:653 +#: sssd.conf.5.xml:1828 sssd-ad.5.xml:653 msgid "su" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1832 sssd-ad.5.xml:658 +#: sssd.conf.5.xml:1833 sssd-ad.5.xml:658 msgid "su-l" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1837 sssd-ad.5.xml:673 +#: sssd.conf.5.xml:1838 sssd-ad.5.xml:673 msgid "gdm-smartcard" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1842 sssd-ad.5.xml:668 +#: sssd.conf.5.xml:1843 sssd-ad.5.xml:668 msgid "gdm-password" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1847 sssd-ad.5.xml:678 +#: sssd.conf.5.xml:1848 sssd-ad.5.xml:678 msgid "kdm" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1852 sssd-ad.5.xml:956 +#: sssd.conf.5.xml:1853 sssd-ad.5.xml:956 msgid "sudo" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1857 sssd-ad.5.xml:961 +#: sssd.conf.5.xml:1858 sssd-ad.5.xml:961 msgid "sudo-i" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1862 +#: sssd.conf.5.xml:1863 msgid "gnome-screensaver" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1870 +#: sssd.conf.5.xml:1871 msgid "p11_wait_for_card_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1873 +#: sssd.conf.5.xml:1874 msgid "" "If Smartcard authentication is required how many extra seconds in addition " "to p11_child_timeout should the PAM responder wait until a Smartcard is " @@ -2223,12 +2223,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1884 +#: sssd.conf.5.xml:1885 msgid "p11_uri (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1887 +#: sssd.conf.5.xml:1888 msgid "" "PKCS#11 URI (see RFC-7512 for details) which can be used to restrict the " "selection of devices used for Smartcard authentication. By default SSSD's " @@ -2239,7 +2239,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1900 +#: sssd.conf.5.xml:1901 #, no-wrap msgid "" "p11_uri = pkcs11:slot-description=My%20Smartcard%20Reader\n" @@ -2247,7 +2247,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1904 +#: sssd.conf.5.xml:1905 #, no-wrap msgid "" "p11_uri = pkcs11:library-description=OpenSC%20smartcard%20framework;slot-id=2\n" @@ -2255,7 +2255,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1898 +#: sssd.conf.5.xml:1899 msgid "" "Example: <placeholder type=\"programlisting\" id=\"0\"/> or <placeholder " "type=\"programlisting\" id=\"1\"/> To find suitable URI please check the " @@ -2264,47 +2264,47 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1917 +#: sssd.conf.5.xml:1918 msgid "pam_initgroups_scheme" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1925 +#: sssd.conf.5.xml:1926 msgid "always" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1926 +#: sssd.conf.5.xml:1927 msgid "" "Always do an online lookup, please note that pam_id_timeout still applies" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1930 +#: sssd.conf.5.xml:1931 msgid "no_session" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1931 +#: sssd.conf.5.xml:1932 msgid "" "Only do an online lookup if there is no active session of the user, i.e. if " "the user is currently not logged in" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1936 +#: sssd.conf.5.xml:1937 msgid "never" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1937 +#: sssd.conf.5.xml:1938 msgid "" "Never force an online lookup, use the data from the cache as long as they " "are not expired" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1920 +#: sssd.conf.5.xml:1921 msgid "" "The PAM responder can force an online lookup to get the current group " "memberships of the user trying to log in. This option controls when this " @@ -2313,30 +2313,30 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1944 +#: sssd.conf.5.xml:1945 msgid "Default: no_session" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1949 sssd.conf.5.xml:4247 +#: sssd.conf.5.xml:1950 sssd.conf.5.xml:4293 msgid "pam_gssapi_services" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1952 +#: sssd.conf.5.xml:1953 msgid "" "Comma separated list of PAM services that are allowed to try GSSAPI " "authentication using pam_sss_gss.so module." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1957 +#: sssd.conf.5.xml:1958 msgid "" "To disable GSSAPI authentication, set this option to <quote>-</quote> (dash)." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1961 sssd.conf.5.xml:1992 sssd.conf.5.xml:2030 +#: sssd.conf.5.xml:1962 sssd.conf.5.xml:1993 sssd.conf.5.xml:2031 msgid "" "Note: This option can also be set per-domain which overwrites the value in " "[pam] section. It can also be set for trusted domain which overwrites the " @@ -2344,7 +2344,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1969 +#: sssd.conf.5.xml:1970 #, no-wrap msgid "" "pam_gssapi_services = sudo, sudo-i\n" @@ -2352,22 +2352,22 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1967 sssd.conf.5.xml:3899 +#: sssd.conf.5.xml:1968 sssd.conf.5.xml:3900 msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1973 +#: sssd.conf.5.xml:1974 msgid "Default: - (GSSAPI authentication is disabled)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1978 sssd.conf.5.xml:4248 +#: sssd.conf.5.xml:1979 sssd.conf.5.xml:4294 msgid "pam_gssapi_check_upn" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1981 +#: sssd.conf.5.xml:1982 msgid "" "If True, SSSD will require that the Kerberos user principal that " "successfully authenticated through GSSAPI can be associated with the user " @@ -2375,25 +2375,25 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1988 +#: sssd.conf.5.xml:1989 msgid "" "If False, every user that is able to obtained required service ticket will " "be authenticated." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1998 sssd-ad.5.xml:1266 sss_rpcidmapd.5.xml:76 +#: sssd.conf.5.xml:1999 sssd-ad.5.xml:1266 sss_rpcidmapd.5.xml:76 #: sssd-files.5.xml:145 msgid "Default: True" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2003 +#: sssd.conf.5.xml:2004 msgid "pam_gssapi_indicators_map" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2006 +#: sssd.conf.5.xml:2007 msgid "" "Comma separated list of authentication indicators required to be present in " "a Kerberos ticket to access a PAM service that is allowed to try GSSAPI " @@ -2401,7 +2401,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2012 +#: sssd.conf.5.xml:2013 msgid "" "Each element of the list can be either an authentication indicator name or a " "pair <quote>service:indicator</quote>. Indicators not prefixed with the PAM " @@ -2416,7 +2416,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2025 +#: sssd.conf.5.xml:2026 msgid "" "To disable GSSAPI authentication indicator check, set this option to <quote>-" "</quote> (dash). To disable the check for a specific PAM service, add " @@ -2424,45 +2424,45 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2036 +#: sssd.conf.5.xml:2037 msgid "" "Following authentication indicators are supported by IPA Kerberos " "deployments:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2039 +#: sssd.conf.5.xml:2040 msgid "" "pkinit -- pre-authentication using X.509 certificates -- whether stored in " "files or on smart cards." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2042 +#: sssd.conf.5.xml:2043 msgid "" "hardened -- SPAKE pre-authentication or any pre-authentication wrapped in a " "FAST channel." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2045 +#: sssd.conf.5.xml:2046 msgid "radius -- pre-authentication with the help of a RADIUS server." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2048 +#: sssd.conf.5.xml:2049 msgid "" "otp -- pre-authentication using integrated two-factor authentication (2FA or " "one-time password, OTP) in IPA." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2051 +#: sssd.conf.5.xml:2052 msgid "idp -- pre-authentication using external identity provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:2061 +#: sssd.conf.5.xml:2062 #, no-wrap msgid "" "pam_gssapi_indicators_map = sudo:pkinit, sudo-i:pkinit\n" @@ -2470,7 +2470,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2056 +#: sssd.conf.5.xml:2057 msgid "" "Example: to require access to SUDO services only for users which obtained " "their Kerberos tickets with a X.509 certificate pre-authentication (PKINIT), " @@ -2478,17 +2478,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2065 +#: sssd.conf.5.xml:2066 msgid "Default: not set (use of authentication indicators is not required)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:2073 +#: sssd.conf.5.xml:2074 msgid "SUDO configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2075 +#: sssd.conf.5.xml:2076 msgid "" "These options can be used to configure the sudo service. The detailed " "instructions for configuration of <citerefentry> <refentrytitle>sudo</" @@ -2499,24 +2499,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2092 +#: sssd.conf.5.xml:2093 msgid "sudo_timed (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2095 +#: sssd.conf.5.xml:2096 msgid "" "Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes " "that implement time-dependent sudoers entries." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2107 +#: sssd.conf.5.xml:2108 msgid "sudo_threshold (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2110 +#: sssd.conf.5.xml:2111 msgid "" "Maximum number of expired rules that can be refreshed at once. If number of " "expired rules is below threshold, those rules are refreshed with " @@ -2526,22 +2526,22 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:2129 +#: sssd.conf.5.xml:2130 msgid "AUTOFS configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2131 +#: sssd.conf.5.xml:2132 msgid "These options can be used to configure the autofs service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2135 +#: sssd.conf.5.xml:2136 msgid "autofs_negative_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2138 +#: sssd.conf.5.xml:2139 msgid "" "Specifies for how many seconds should the autofs responder negative cache " "hits (that is, queries for invalid map entries, like nonexistent ones) " @@ -2549,51 +2549,51 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:2154 +#: sssd.conf.5.xml:2155 msgid "SSH configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2156 +#: sssd.conf.5.xml:2157 msgid "These options can be used to configure the SSH service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2160 +#: sssd.conf.5.xml:2161 msgid "ssh_hash_known_hosts (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2163 +#: sssd.conf.5.xml:2164 msgid "" "Whether or not to hash host names and addresses in the managed known_hosts " "file." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2172 +#: sssd.conf.5.xml:2173 msgid "ssh_known_hosts_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2175 +#: sssd.conf.5.xml:2176 msgid "" "How many seconds to keep a host in the managed known_hosts file after its " "host keys were requested." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2179 +#: sssd.conf.5.xml:2180 msgid "Default: 180" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2184 +#: sssd.conf.5.xml:2185 msgid "ssh_use_certificate_keys (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2187 +#: sssd.conf.5.xml:2188 msgid "" "If set to true the <command>sss_ssh_authorizedkeys</command> will return ssh " "keys derived from the public key of X.509 certificates stored in the user " @@ -2602,12 +2602,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2202 +#: sssd.conf.5.xml:2203 msgid "ssh_use_certificate_matching_rules (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2205 +#: sssd.conf.5.xml:2206 msgid "" "By default the ssh responder will use all available certificate matching " "rules to filter the certificates so that ssh keys are only derived from the " @@ -2617,7 +2617,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2214 +#: sssd.conf.5.xml:2215 msgid "" "There are two special key words 'all_rules' and 'no_rules' which will enable " "all or no rules, respectively. The latter means that no certificates will be " @@ -2625,7 +2625,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2221 +#: sssd.conf.5.xml:2222 msgid "" "If no rules are configured using 'all_rules' will enable a default rule " "which enables all certificates suitable for client authentication. This is " @@ -2634,38 +2634,38 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2228 +#: sssd.conf.5.xml:2229 msgid "" "A non-existing rule name is considered an error. If as a result no rule is " "selected all certificates will be ignored." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2233 +#: sssd.conf.5.xml:2234 msgid "" "Default: not set, equivalent to 'all_rules', all found rules or the default " "rule are used" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2239 +#: sssd.conf.5.xml:2240 msgid "ca_db (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2242 +#: sssd.conf.5.xml:2243 msgid "" "Path to a storage of trusted CA certificates. The option is used to validate " "user certificates before deriving public ssh keys from them." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:2262 +#: sssd.conf.5.xml:2263 msgid "PAC responder configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2264 +#: sssd.conf.5.xml:2265 msgid "" "The PAC responder works together with the authorization data plugin for MIT " "Kerberos sssd_pac_plugin.so and a sub-domain provider. The plugin sends the " @@ -2676,7 +2676,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2273 +#: sssd.conf.5.xml:2274 msgid "" "If the remote user does not exist in the cache, it is created. The UID is " "determined with the help of the SID, trusted domains will have UPGs and the " @@ -2687,24 +2687,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2281 +#: sssd.conf.5.xml:2282 msgid "" "If there are SIDs of groups from domains sssd knows about, the user will be " "added to those groups." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2287 +#: sssd.conf.5.xml:2288 msgid "These options can be used to configure the PAC responder." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2291 sssd-ifp.5.xml:66 +#: sssd.conf.5.xml:2292 sssd-ifp.5.xml:66 msgid "allowed_uids (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2294 +#: sssd.conf.5.xml:2295 msgid "" "Specifies the comma-separated list of UID values or user names that are " "allowed to access the PAC responder. User names are resolved to UIDs at " @@ -2712,12 +2712,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2300 +#: sssd.conf.5.xml:2301 msgid "Default: 0 (only the root user is allowed to access the PAC responder)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2304 +#: sssd.conf.5.xml:2305 msgid "" "Please note that although the UID 0 is used as the default it will be " "overwritten with this option. If you still want to allow the root user to " @@ -2726,24 +2726,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2313 +#: sssd.conf.5.xml:2314 msgid "pac_lifetime (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2316 +#: sssd.conf.5.xml:2317 msgid "" "Lifetime of the PAC entry in seconds. As long as the PAC is valid the PAC " "data can be used to determine the group memberships of a user." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2326 +#: sssd.conf.5.xml:2327 msgid "pac_check (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2329 +#: sssd.conf.5.xml:2330 msgid "" "Apply additional checks on the PAC of the Kerberos ticket which is available " "in Active Directory and FreeIPA domains, if configured. Please note that " @@ -2754,24 +2754,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2343 +#: sssd.conf.5.xml:2344 msgid "no_check" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2345 +#: sssd.conf.5.xml:2346 msgid "" "The PAC must not be present and even if it is present no additional checks " "will be done." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2351 +#: sssd.conf.5.xml:2352 msgid "pac_present" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2353 +#: sssd.conf.5.xml:2354 msgid "" "The PAC must be present in the service ticket which SSSD will request with " "the help of the user's TGT. If the PAC is not available the authentication " @@ -2779,24 +2779,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2361 +#: sssd.conf.5.xml:2362 msgid "check_upn" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2363 +#: sssd.conf.5.xml:2364 msgid "" "If the PAC is present check if the user principal name (UPN) information is " "consistent." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2369 +#: sssd.conf.5.xml:2370 msgid "check_upn_allow_missing" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2371 +#: sssd.conf.5.xml:2372 msgid "" "This option should be used together with 'check_upn' and handles the case " "where a UPN is set on the server-side but is not read by SSSD. The typical " @@ -2808,7 +2808,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2383 +#: sssd.conf.5.xml:2384 msgid "" "Currently this option is set by default to avoid regressions in such " "environments. A log message will be added to the system log and SSSD's debug " @@ -2819,60 +2819,60 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2397 +#: sssd.conf.5.xml:2398 msgid "upn_dns_info_present" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2399 +#: sssd.conf.5.xml:2400 msgid "The PAC must contain the UPN-DNS-INFO buffer, implies 'check_upn'." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2404 +#: sssd.conf.5.xml:2405 msgid "check_upn_dns_info_ex" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2406 +#: sssd.conf.5.xml:2407 msgid "" "If the PAC is present and the extension to the UPN-DNS-INFO buffer is " "available check if the information in the extension is consistent." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2413 +#: sssd.conf.5.xml:2414 msgid "upn_dns_info_ex_present" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2415 +#: sssd.conf.5.xml:2416 msgid "" "The PAC must contain the extension of the UPN-DNS-INFO buffer, implies " "'check_upn_dns_info_ex', 'upn_dns_info_present' and 'check_upn'." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2339 +#: sssd.conf.5.xml:2340 msgid "" "The following options can be used alone or in a comma-separated list: " "<placeholder type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2425 +#: sssd.conf.5.xml:2426 msgid "" "Default: no_check (AD and IPA provider 'check_upn, check_upn_allow_missing, " "check_upn_dns_info_ex')" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:2434 +#: sssd.conf.5.xml:2435 msgid "Session recording configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2436 +#: sssd.conf.5.xml:2437 msgid "" "Session recording works in conjunction with <citerefentry> " "<refentrytitle>tlog-rec-session</refentrytitle> <manvolnum>8</manvolnum> </" @@ -2882,66 +2882,66 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2449 +#: sssd.conf.5.xml:2450 msgid "These options can be used to configure session recording." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2453 sssd-session-recording.5.xml:64 +#: sssd.conf.5.xml:2454 sssd-session-recording.5.xml:64 msgid "scope (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2460 sssd-session-recording.5.xml:71 +#: sssd.conf.5.xml:2461 sssd-session-recording.5.xml:71 msgid "\"none\"" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2463 sssd-session-recording.5.xml:74 +#: sssd.conf.5.xml:2464 sssd-session-recording.5.xml:74 msgid "No users are recorded." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2468 sssd-session-recording.5.xml:79 +#: sssd.conf.5.xml:2469 sssd-session-recording.5.xml:79 msgid "\"some\"" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2471 sssd-session-recording.5.xml:82 +#: sssd.conf.5.xml:2472 sssd-session-recording.5.xml:82 msgid "" "Users/groups specified by <replaceable>users</replaceable> and " "<replaceable>groups</replaceable> options are recorded." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2480 sssd-session-recording.5.xml:91 +#: sssd.conf.5.xml:2481 sssd-session-recording.5.xml:91 msgid "\"all\"" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2483 sssd-session-recording.5.xml:94 +#: sssd.conf.5.xml:2484 sssd-session-recording.5.xml:94 msgid "All users are recorded." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2456 sssd-session-recording.5.xml:67 +#: sssd.conf.5.xml:2457 sssd-session-recording.5.xml:67 msgid "" "One of the following strings specifying the scope of session recording: " "<placeholder type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2490 sssd-session-recording.5.xml:101 +#: sssd.conf.5.xml:2491 sssd-session-recording.5.xml:101 msgid "Default: \"none\"" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2495 sssd-session-recording.5.xml:106 +#: sssd.conf.5.xml:2496 sssd-session-recording.5.xml:106 msgid "users (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2498 sssd-session-recording.5.xml:109 +#: sssd.conf.5.xml:2499 sssd-session-recording.5.xml:109 msgid "" "A comma-separated list of users which should have session recording enabled. " "Matches user names as returned by NSS. I.e. after the possible space " @@ -2949,17 +2949,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2504 sssd-session-recording.5.xml:115 +#: sssd.conf.5.xml:2505 sssd-session-recording.5.xml:115 msgid "Default: Empty. Matches no users." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2509 sssd-session-recording.5.xml:120 +#: sssd.conf.5.xml:2510 sssd-session-recording.5.xml:120 msgid "groups (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2512 sssd-session-recording.5.xml:123 +#: sssd.conf.5.xml:2513 sssd-session-recording.5.xml:123 msgid "" "A comma-separated list of groups, members of which should have session " "recording enabled. Matches group names as returned by NSS. I.e. after the " @@ -2967,7 +2967,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2518 sssd.conf.5.xml:2550 sssd-session-recording.5.xml:129 +#: sssd.conf.5.xml:2519 sssd.conf.5.xml:2551 sssd-session-recording.5.xml:129 #: sssd-session-recording.5.xml:161 msgid "" "NOTE: using this option (having it set to anything) has a considerable " @@ -2976,56 +2976,56 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2525 sssd-session-recording.5.xml:136 +#: sssd.conf.5.xml:2526 sssd-session-recording.5.xml:136 msgid "Default: Empty. Matches no groups." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2530 sssd-session-recording.5.xml:141 +#: sssd.conf.5.xml:2531 sssd-session-recording.5.xml:141 msgid "exclude_users (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2533 sssd-session-recording.5.xml:144 +#: sssd.conf.5.xml:2534 sssd-session-recording.5.xml:144 msgid "" "A comma-separated list of users to be excluded from recording, only " "applicable with 'scope=all'." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2537 sssd-session-recording.5.xml:148 +#: sssd.conf.5.xml:2538 sssd-session-recording.5.xml:148 msgid "Default: Empty. No users excluded." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2542 sssd-session-recording.5.xml:153 +#: sssd.conf.5.xml:2543 sssd-session-recording.5.xml:153 msgid "exclude_groups (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2545 sssd-session-recording.5.xml:156 +#: sssd.conf.5.xml:2546 sssd-session-recording.5.xml:156 msgid "" "A comma-separated list of groups, members of which should be excluded from " "recording. Only applicable with 'scope=all'." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2557 sssd-session-recording.5.xml:168 +#: sssd.conf.5.xml:2558 sssd-session-recording.5.xml:168 msgid "Default: Empty. No groups excluded." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:2567 +#: sssd.conf.5.xml:2568 msgid "DOMAIN SECTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2574 +#: sssd.conf.5.xml:2575 msgid "enabled" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2577 +#: sssd.conf.5.xml:2578 msgid "" "Explicitly enable or disable the domain. If <quote>true</quote>, the domain " "is always <quote>enabled</quote>. If <quote>false</quote>, the domain is " @@ -3035,12 +3035,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2589 +#: sssd.conf.5.xml:2590 msgid "domain_type (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2592 +#: sssd.conf.5.xml:2593 msgid "" "Specifies whether the domain is meant to be used by POSIX-aware clients such " "as the Name Service Switch or by applications that do not need POSIX data to " @@ -3049,14 +3049,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2600 +#: sssd.conf.5.xml:2601 msgid "" "Allowed values for this option are <quote>posix</quote> and " "<quote>application</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2604 +#: sssd.conf.5.xml:2605 msgid "" "POSIX domains are reachable by all services. Application domains are only " "reachable from the InfoPipe responder (see <citerefentry> " @@ -3065,38 +3065,38 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2612 +#: sssd.conf.5.xml:2613 msgid "" "NOTE: The application domains are currently well tested with " "<quote>id_provider=ldap</quote> only." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2616 +#: sssd.conf.5.xml:2617 msgid "" "For an easy way to configure a non-POSIX domains, please see the " "<quote>Application domains</quote> section." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2620 +#: sssd.conf.5.xml:2621 msgid "Default: posix" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2626 +#: sssd.conf.5.xml:2627 msgid "min_id,max_id (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2629 +#: sssd.conf.5.xml:2630 msgid "" "UID and GID limits for the domain. If a domain contains an entry that is " "outside these limits, it is ignored." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2634 +#: sssd.conf.5.xml:2635 msgid "" "For users, this affects the primary GID limit. The user will not be returned " "to NSS if either the UID or the primary GID is outside the range. For non-" @@ -3105,24 +3105,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2641 +#: sssd.conf.5.xml:2642 msgid "" "These ID limits affect even saving entries to cache, not only returning them " "by name or ID." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2645 +#: sssd.conf.5.xml:2646 msgid "Default: 1 for min_id, 0 (no limit) for max_id" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2651 +#: sssd.conf.5.xml:2652 msgid "enumerate (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2654 +#: sssd.conf.5.xml:2655 msgid "" "Determines if a domain can be enumerated, that is, whether the domain can " "list all the users and group it contains. Note that it is not required to " @@ -3131,29 +3131,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2662 +#: sssd.conf.5.xml:2663 msgid "TRUE = Users and groups are enumerated" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2665 +#: sssd.conf.5.xml:2666 msgid "FALSE = No enumerations for this domain" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2668 sssd.conf.5.xml:2942 sssd.conf.5.xml:3119 +#: sssd.conf.5.xml:2669 sssd.conf.5.xml:2943 sssd.conf.5.xml:3120 msgid "Default: FALSE" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2671 +#: sssd.conf.5.xml:2672 msgid "" "Enumerating a domain requires SSSD to download and store ALL user and group " "entries from the remote server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2676 +#: sssd.conf.5.xml:2677 msgid "" "Note: Enabling enumeration has a moderate performance impact on SSSD while " "enumeration is running. It may take up to several minutes after SSSD startup " @@ -3167,14 +3167,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2691 +#: sssd.conf.5.xml:2692 msgid "" "While the first enumeration is running, requests for the complete user or " "group lists may return no results until it completes." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2696 +#: sssd.conf.5.xml:2697 msgid "" "Further, enabling enumeration may increase the time necessary to detect " "network disconnection, as longer timeouts are required to ensure that " @@ -3183,39 +3183,39 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2704 +#: sssd.conf.5.xml:2705 msgid "" "For the reasons cited above, enabling enumeration is not recommended, " "especially in large environments." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2712 +#: sssd.conf.5.xml:2713 msgid "subdomain_enumerate (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2719 +#: sssd.conf.5.xml:2720 msgid "all" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2720 +#: sssd.conf.5.xml:2721 msgid "All discovered trusted domains will be enumerated" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2723 +#: sssd.conf.5.xml:2724 msgid "none" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2724 +#: sssd.conf.5.xml:2725 msgid "No discovered trusted domains will be enumerated" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2715 +#: sssd.conf.5.xml:2716 msgid "" "Whether any of autodetected trusted domains should be enumerated. The " "supported values are: <placeholder type=\"variablelist\" id=\"0\"/> " @@ -3224,19 +3224,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2738 +#: sssd.conf.5.xml:2739 msgid "entry_cache_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2741 +#: sssd.conf.5.xml:2742 msgid "" "How many seconds should nss_sss consider entries valid before asking the " "backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2745 +#: sssd.conf.5.xml:2746 msgid "" "The cache expiration timestamps are stored as attributes of individual " "objects in the cache. Therefore, changing the cache timeout only has effect " @@ -3247,139 +3247,139 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2758 +#: sssd.conf.5.xml:2759 msgid "Default: 5400" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2764 +#: sssd.conf.5.xml:2765 msgid "entry_cache_user_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2767 +#: sssd.conf.5.xml:2768 msgid "" "How many seconds should nss_sss consider user entries valid before asking " "the backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2771 sssd.conf.5.xml:2784 sssd.conf.5.xml:2797 -#: sssd.conf.5.xml:2810 sssd.conf.5.xml:2824 sssd.conf.5.xml:2837 -#: sssd.conf.5.xml:2851 sssd.conf.5.xml:2865 sssd.conf.5.xml:2878 +#: sssd.conf.5.xml:2772 sssd.conf.5.xml:2785 sssd.conf.5.xml:2798 +#: sssd.conf.5.xml:2811 sssd.conf.5.xml:2825 sssd.conf.5.xml:2838 +#: sssd.conf.5.xml:2852 sssd.conf.5.xml:2866 sssd.conf.5.xml:2879 msgid "Default: entry_cache_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2777 +#: sssd.conf.5.xml:2778 msgid "entry_cache_group_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2780 +#: sssd.conf.5.xml:2781 msgid "" "How many seconds should nss_sss consider group entries valid before asking " "the backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2790 +#: sssd.conf.5.xml:2791 msgid "entry_cache_netgroup_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2793 +#: sssd.conf.5.xml:2794 msgid "" "How many seconds should nss_sss consider netgroup entries valid before " "asking the backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2803 +#: sssd.conf.5.xml:2804 msgid "entry_cache_service_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2806 +#: sssd.conf.5.xml:2807 msgid "" "How many seconds should nss_sss consider service entries valid before asking " "the backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2816 +#: sssd.conf.5.xml:2817 msgid "entry_cache_resolver_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2819 +#: sssd.conf.5.xml:2820 msgid "" "How many seconds should nss_sss consider hosts and networks entries valid " "before asking the backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2830 +#: sssd.conf.5.xml:2831 msgid "entry_cache_sudo_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2833 +#: sssd.conf.5.xml:2834 msgid "" "How many seconds should sudo consider rules valid before asking the backend " "again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2843 +#: sssd.conf.5.xml:2844 msgid "entry_cache_autofs_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2846 +#: sssd.conf.5.xml:2847 msgid "" "How many seconds should the autofs service consider automounter maps valid " "before asking the backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2857 +#: sssd.conf.5.xml:2858 msgid "entry_cache_ssh_host_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2860 +#: sssd.conf.5.xml:2861 msgid "" "How many seconds to keep a host ssh key after refresh. IE how long to cache " "the host key for." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2871 +#: sssd.conf.5.xml:2872 msgid "entry_cache_computer_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2874 +#: sssd.conf.5.xml:2875 msgid "" "How many seconds to keep the local computer entry before asking the backend " "again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2884 +#: sssd.conf.5.xml:2885 msgid "refresh_expired_interval (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2887 +#: sssd.conf.5.xml:2888 msgid "" "Specifies how many seconds SSSD has to wait before triggering a background " "refresh task which will refresh all expired or nearly expired records." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2892 +#: sssd.conf.5.xml:2893 msgid "" "The background refresh will process users, groups and netgroups in the " "cache. For users who have performed the initgroups (get group membership for " @@ -3388,17 +3388,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2900 +#: sssd.conf.5.xml:2901 msgid "This option is automatically inherited for all trusted domains." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2904 +#: sssd.conf.5.xml:2905 msgid "You can consider setting this value to 3/4 * entry_cache_timeout." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2908 +#: sssd.conf.5.xml:2909 msgid "" "Cache entry will be refreshed by background task when 2/3 of cache timeout " "has already passed. If there are existing cached entries, the background " @@ -3410,23 +3410,23 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2921 sssd-ldap.5.xml:360 sssd-ldap.5.xml:1736 +#: sssd.conf.5.xml:2922 sssd-ldap.5.xml:360 sssd-ldap.5.xml:1736 #: sssd-ipa.5.xml:270 msgid "Default: 0 (disabled)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2927 +#: sssd.conf.5.xml:2928 msgid "cache_credentials (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2930 +#: sssd.conf.5.xml:2931 msgid "Determines if user credentials are also cached in the local LDB cache." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2934 +#: sssd.conf.5.xml:2935 msgid "" "Take a note that while credentials are stored as a salted SHA512 hash, this " "still potentially poses some security risk in case an attacker manages to " @@ -3435,12 +3435,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2948 +#: sssd.conf.5.xml:2949 msgid "cache_credentials_minimal_first_factor_length (int)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2951 +#: sssd.conf.5.xml:2952 msgid "" "If 2-Factor-Authentication (2FA) is used and credentials should be saved " "this value determines the minimal length the first authentication factor " @@ -3448,19 +3448,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2958 +#: sssd.conf.5.xml:2959 msgid "" "This should avoid that the short PINs of a PIN based 2FA scheme are saved in " "the cache which would make them easy targets for brute-force attacks." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2969 +#: sssd.conf.5.xml:2970 msgid "account_cache_expiration (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2972 +#: sssd.conf.5.xml:2973 msgid "" "Number of days entries are left in cache after last successful login before " "being removed during a cleanup of the cache. 0 means keep forever. The " @@ -3469,17 +3469,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2979 +#: sssd.conf.5.xml:2980 msgid "Default: 0 (unlimited)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2984 +#: sssd.conf.5.xml:2985 msgid "pwd_expiration_warning (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2995 +#: sssd.conf.5.xml:2996 msgid "" "Please note that the backend server has to provide information about the " "expiration time of the password. If this information is missing, sssd " @@ -3488,28 +3488,28 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3002 +#: sssd.conf.5.xml:3003 msgid "Default: 7 (Kerberos), 0 (LDAP)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3008 +#: sssd.conf.5.xml:3009 msgid "id_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3011 +#: sssd.conf.5.xml:3012 msgid "" "The identification provider used for the domain. Supported ID providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3015 +#: sssd.conf.5.xml:3016 msgid "<quote>proxy</quote>: Support a legacy NSS provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3018 +#: sssd.conf.5.xml:3019 msgid "" "<quote>files</quote>: FILES provider. See <citerefentry> <refentrytitle>sssd-" "files</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more " @@ -3517,7 +3517,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3026 +#: sssd.conf.5.xml:3027 msgid "" "<quote>ldap</quote>: LDAP provider. See <citerefentry> <refentrytitle>sssd-" "ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more " @@ -3525,8 +3525,8 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3034 sssd.conf.5.xml:3145 sssd.conf.5.xml:3196 -#: sssd.conf.5.xml:3259 +#: sssd.conf.5.xml:3035 sssd.conf.5.xml:3146 sssd.conf.5.xml:3197 +#: sssd.conf.5.xml:3260 msgid "" "<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management " "provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> " @@ -3535,8 +3535,8 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3043 sssd.conf.5.xml:3154 sssd.conf.5.xml:3205 -#: sssd.conf.5.xml:3268 +#: sssd.conf.5.xml:3044 sssd.conf.5.xml:3155 sssd.conf.5.xml:3206 +#: sssd.conf.5.xml:3269 msgid "" "<quote>ad</quote>: Active Directory provider. See <citerefentry> " "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3544,19 +3544,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3054 +#: sssd.conf.5.xml:3055 msgid "use_fully_qualified_names (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3057 +#: sssd.conf.5.xml:3058 msgid "" "Use the full name and domain (as formatted by the domain's full_name_format) " "as the user's login name reported to NSS." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3062 +#: sssd.conf.5.xml:3063 msgid "" "If set to TRUE, all requests to this domain must use fully qualified names. " "For example, if used in LOCAL domain that contains a \"test\" user, " @@ -3565,7 +3565,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3070 +#: sssd.conf.5.xml:3071 msgid "" "NOTE: This option has no effect on netgroup lookups due to their tendency to " "include nested netgroups without qualified names. For netgroups, all domains " @@ -3573,24 +3573,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3077 +#: sssd.conf.5.xml:3078 msgid "" "Default: FALSE (TRUE for trusted domain/sub-domains or if " "default_domain_suffix is used)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3084 +#: sssd.conf.5.xml:3085 msgid "ignore_group_members (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3087 +#: sssd.conf.5.xml:3088 msgid "Do not return group members for group lookups." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3090 +#: sssd.conf.5.xml:3091 msgid "" "If set to TRUE, the group membership attribute is not requested from the " "ldap server, and group members are not returned when processing group lookup " @@ -3602,7 +3602,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3108 +#: sssd.conf.5.xml:3109 msgid "" "Enabling this option can also make access provider checks for group " "membership significantly faster, especially for groups containing many " @@ -3610,7 +3610,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3114 sssd.conf.5.xml:3821 sssd-ldap.5.xml:326 +#: sssd.conf.5.xml:3115 sssd.conf.5.xml:3822 sssd-ldap.5.xml:326 #: sssd-ldap.5.xml:355 sssd-ldap.5.xml:408 sssd-ldap.5.xml:468 #: sssd-ldap.5.xml:489 sssd-ldap.5.xml:520 sssd-ldap.5.xml:543 #: sssd-ldap.5.xml:582 sssd-ldap.5.xml:601 sssd-ldap.5.xml:625 @@ -3621,19 +3621,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3124 +#: sssd.conf.5.xml:3125 msgid "auth_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3127 +#: sssd.conf.5.xml:3128 msgid "" "The authentication provider used for the domain. Supported auth providers " "are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3131 sssd.conf.5.xml:3189 +#: sssd.conf.5.xml:3132 sssd.conf.5.xml:3190 msgid "" "<quote>ldap</quote> for native LDAP authentication. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3641,7 +3641,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3138 +#: sssd.conf.5.xml:3139 msgid "" "<quote>krb5</quote> for Kerberos authentication. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3649,30 +3649,30 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3162 +#: sssd.conf.5.xml:3163 msgid "" "<quote>proxy</quote> for relaying authentication to some other PAM target." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3165 +#: sssd.conf.5.xml:3166 msgid "<quote>none</quote> disables authentication explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3168 +#: sssd.conf.5.xml:3169 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can handle " "authentication requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3174 +#: sssd.conf.5.xml:3175 msgid "access_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3177 +#: sssd.conf.5.xml:3178 msgid "" "The access control provider used for the domain. There are two built-in " "access providers (in addition to any included in installed backends) " @@ -3680,19 +3680,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3183 +#: sssd.conf.5.xml:3184 msgid "" "<quote>permit</quote> always allow access. It's the only permitted access " "provider for a local domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3186 +#: sssd.conf.5.xml:3187 msgid "<quote>deny</quote> always deny access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3213 +#: sssd.conf.5.xml:3214 msgid "" "<quote>simple</quote> access control based on access or deny lists. See " "<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</" @@ -3701,7 +3701,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3220 +#: sssd.conf.5.xml:3221 msgid "" "<quote>krb5</quote>: .k5login based access control. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum></" @@ -3709,29 +3709,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3227 +#: sssd.conf.5.xml:3228 msgid "<quote>proxy</quote> for relaying access control to another PAM module." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3230 +#: sssd.conf.5.xml:3231 msgid "Default: <quote>permit</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3235 +#: sssd.conf.5.xml:3236 msgid "chpass_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3238 +#: sssd.conf.5.xml:3239 msgid "" "The provider which should handle change password operations for the domain. " "Supported change password providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3243 +#: sssd.conf.5.xml:3244 msgid "" "<quote>ldap</quote> to change a password stored in a LDAP server. See " "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" @@ -3739,7 +3739,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3251 +#: sssd.conf.5.xml:3252 msgid "" "<quote>krb5</quote> to change the Kerberos password. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3747,35 +3747,35 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3276 +#: sssd.conf.5.xml:3277 msgid "" "<quote>proxy</quote> for relaying password changes to some other PAM target." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3280 +#: sssd.conf.5.xml:3281 msgid "<quote>none</quote> disallows password changes explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3283 +#: sssd.conf.5.xml:3284 msgid "" "Default: <quote>auth_provider</quote> is used if it is set and can handle " "change password requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3290 +#: sssd.conf.5.xml:3291 msgid "sudo_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3293 +#: sssd.conf.5.xml:3294 msgid "The SUDO provider used for the domain. Supported SUDO providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3297 +#: sssd.conf.5.xml:3298 msgid "" "<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3783,32 +3783,32 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3305 +#: sssd.conf.5.xml:3306 msgid "" "<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default " "settings." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3309 +#: sssd.conf.5.xml:3310 msgid "" "<quote>ad</quote> the same as <quote>ldap</quote> but with AD default " "settings." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3313 +#: sssd.conf.5.xml:3314 msgid "<quote>none</quote> disables SUDO explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3316 sssd.conf.5.xml:3402 sssd.conf.5.xml:3472 -#: sssd.conf.5.xml:3497 sssd.conf.5.xml:3533 +#: sssd.conf.5.xml:3317 sssd.conf.5.xml:3403 sssd.conf.5.xml:3473 +#: sssd.conf.5.xml:3498 sssd.conf.5.xml:3534 msgid "Default: The value of <quote>id_provider</quote> is used if it is set." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3320 +#: sssd.conf.5.xml:3321 msgid "" "The detailed instructions for configuration of sudo_provider are in the " "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " @@ -3819,7 +3819,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3335 +#: sssd.conf.5.xml:3336 msgid "" "<emphasis>NOTE:</emphasis> Sudo rules are periodically downloaded in the " "background unless the sudo provider is explicitly disabled. Set " @@ -3828,12 +3828,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3345 +#: sssd.conf.5.xml:3346 msgid "selinux_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3348 +#: sssd.conf.5.xml:3349 msgid "" "The provider which should handle loading of selinux settings. Note that this " "provider will be called right after access provider ends. Supported selinux " @@ -3841,7 +3841,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3354 +#: sssd.conf.5.xml:3355 msgid "" "<quote>ipa</quote> to load selinux settings from an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" @@ -3849,31 +3849,31 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3362 +#: sssd.conf.5.xml:3363 msgid "<quote>none</quote> disallows fetching selinux settings explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3365 +#: sssd.conf.5.xml:3366 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can handle " "selinux loading requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3371 +#: sssd.conf.5.xml:3372 msgid "subdomains_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3374 +#: sssd.conf.5.xml:3375 msgid "" "The provider which should handle fetching of subdomains. This value should " "be always the same as id_provider. Supported subdomain providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3380 +#: sssd.conf.5.xml:3381 msgid "" "<quote>ipa</quote> to load a list of subdomains from an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" @@ -3881,7 +3881,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3389 +#: sssd.conf.5.xml:3390 msgid "" "<quote>ad</quote> to load a list of subdomains from an Active Directory " "server. See <citerefentry> <refentrytitle>sssd-ad</refentrytitle> " @@ -3890,17 +3890,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3398 +#: sssd.conf.5.xml:3399 msgid "<quote>none</quote> disallows fetching subdomains explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3408 +#: sssd.conf.5.xml:3409 msgid "session_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3411 +#: sssd.conf.5.xml:3412 msgid "" "The provider which configures and manages user session related tasks. The " "only user session task currently provided is the integration with Fleet " @@ -3908,43 +3908,43 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3418 +#: sssd.conf.5.xml:3419 msgid "<quote>ipa</quote> to allow performing user session related tasks." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3422 +#: sssd.conf.5.xml:3423 msgid "" "<quote>none</quote> does not perform any kind of user session related tasks." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3426 +#: sssd.conf.5.xml:3427 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can perform " "session related tasks." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3430 +#: sssd.conf.5.xml:3431 msgid "" "<emphasis>NOTE:</emphasis> In order to have this feature working as expected " "SSSD must be running as \"root\" and not as the unprivileged user." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3438 +#: sssd.conf.5.xml:3439 msgid "autofs_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3441 +#: sssd.conf.5.xml:3442 msgid "" "The autofs provider used for the domain. Supported autofs providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3445 +#: sssd.conf.5.xml:3446 msgid "" "<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3952,7 +3952,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3452 +#: sssd.conf.5.xml:3453 msgid "" "<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> " "<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3960,7 +3960,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3460 +#: sssd.conf.5.xml:3461 msgid "" "<quote>ad</quote> to load maps stored in an AD server. See <citerefentry> " "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3968,24 +3968,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3469 +#: sssd.conf.5.xml:3470 msgid "<quote>none</quote> disables autofs explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3479 +#: sssd.conf.5.xml:3480 msgid "hostid_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3482 +#: sssd.conf.5.xml:3483 msgid "" "The provider used for retrieving host identity information. Supported " "hostid providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3486 +#: sssd.conf.5.xml:3487 msgid "" "<quote>ipa</quote> to load host identity stored in an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" @@ -3993,31 +3993,31 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3494 +#: sssd.conf.5.xml:3495 msgid "<quote>none</quote> disables hostid explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3504 +#: sssd.conf.5.xml:3505 msgid "resolver_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3507 +#: sssd.conf.5.xml:3508 msgid "" "The provider which should handle hosts and networks lookups. Supported " "resolver providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3511 +#: sssd.conf.5.xml:3512 msgid "" "<quote>proxy</quote> to forward lookups to another NSS library. See " "<quote>proxy_resolver_lib_name</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3515 +#: sssd.conf.5.xml:3516 msgid "" "<quote>ldap</quote> to fetch hosts and networks stored in LDAP. See " "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" @@ -4025,7 +4025,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3522 +#: sssd.conf.5.xml:3523 msgid "" "<quote>ad</quote> to fetch hosts and networks stored in AD. See " "<citerefentry> <refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</" @@ -4034,12 +4034,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3530 +#: sssd.conf.5.xml:3531 msgid "<quote>none</quote> disallows fetching hosts and networks explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3543 +#: sssd.conf.5.xml:3544 msgid "" "Regular expression for this domain that describes how to parse the string " "containing user name and domain into these components. The \"domain\" can " @@ -4049,24 +4049,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3552 +#: sssd.conf.5.xml:3553 msgid "" "Default: <quote>^((?P<name>.+)@(?P<domain>[^@]*)|(?P<name>" "[^@]+))$</quote> which allows two different styles for user names:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:3557 sssd.conf.5.xml:3571 +#: sssd.conf.5.xml:3558 sssd.conf.5.xml:3572 msgid "username" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:3560 sssd.conf.5.xml:3574 +#: sssd.conf.5.xml:3561 sssd.conf.5.xml:3575 msgid "username@domain.name" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3565 +#: sssd.conf.5.xml:3566 msgid "" "Default for the AD and IPA provider: <quote>^(((?P<domain>[^\\\\]+)\\" "\\(?P<name>.+))|((?P<name>.+)@(?P<domain>[^@]+))|((?P<" @@ -4075,19 +4075,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:3577 +#: sssd.conf.5.xml:3578 msgid "domain\\username" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3580 +#: sssd.conf.5.xml:3581 msgid "" "While the first two correspond to the general default the third one is " "introduced to allow easy integration of users from Windows domains." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3585 +#: sssd.conf.5.xml:3586 msgid "" "The default re_expression uses the <quote>@</quote> character as a separator " "between the name and the domain. As a result of this setting the default " @@ -4097,89 +4097,89 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3637 +#: sssd.conf.5.xml:3638 msgid "Default: <quote>%1$s@%2$s</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3643 +#: sssd.conf.5.xml:3644 msgid "lookup_family_order (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3646 +#: sssd.conf.5.xml:3647 msgid "" "Provides the ability to select preferred address family to use when " "performing DNS lookups." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3650 +#: sssd.conf.5.xml:3651 msgid "Supported values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3653 +#: sssd.conf.5.xml:3654 msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3656 +#: sssd.conf.5.xml:3657 msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3659 +#: sssd.conf.5.xml:3660 msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3662 +#: sssd.conf.5.xml:3663 msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3665 +#: sssd.conf.5.xml:3666 msgid "Default: ipv4_first" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3671 +#: sssd.conf.5.xml:3672 msgid "dns_resolver_server_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3674 +#: sssd.conf.5.xml:3675 msgid "" "Defines the amount of time (in milliseconds) SSSD would try to talk to DNS " "server before trying next DNS server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3679 +#: sssd.conf.5.xml:3680 msgid "" "The AD provider will use this option for the CLDAP ping timeouts as well." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3683 sssd.conf.5.xml:3703 sssd.conf.5.xml:3724 +#: sssd.conf.5.xml:3684 sssd.conf.5.xml:3704 sssd.conf.5.xml:3725 msgid "" "Please see the section <quote>FAILOVER</quote> for more information about " "the service resolution." msgstr "" #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3688 sssd-ldap.5.xml:644 include/failover.xml:84 +#: sssd.conf.5.xml:3689 sssd-ldap.5.xml:644 include/failover.xml:84 msgid "Default: 1000" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3694 +#: sssd.conf.5.xml:3695 msgid "dns_resolver_op_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3697 +#: sssd.conf.5.xml:3698 msgid "" "Defines the amount of time (in seconds) to wait to resolve single DNS query " "(e.g. resolution of a hostname or an SRV record) before trying the next " @@ -4187,12 +4187,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3714 +#: sssd.conf.5.xml:3715 msgid "dns_resolver_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3717 +#: sssd.conf.5.xml:3718 msgid "" "Defines the amount of time (in seconds) to wait for a reply from the " "internal fail over service before assuming that the service is unreachable. " @@ -4201,12 +4201,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3735 +#: sssd.conf.5.xml:3736 msgid "dns_resolver_use_search_list (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3738 +#: sssd.conf.5.xml:3739 msgid "" "Normally, the DNS resolver searches the domain list defined in the " "\"search\" directive from the resolv.conf file. This can lead to delays in " @@ -4214,7 +4214,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3744 +#: sssd.conf.5.xml:3745 msgid "" "If fully qualified domain names (or _srv_) are used in the SSSD " "configuration, setting this option to FALSE can prevent unnecessary DNS " @@ -4222,69 +4222,69 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3750 +#: sssd.conf.5.xml:3751 msgid "Default: TRUE" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3756 +#: sssd.conf.5.xml:3757 msgid "dns_discovery_domain (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3759 +#: sssd.conf.5.xml:3760 msgid "" "If service discovery is used in the back end, specifies the domain part of " "the service discovery DNS query." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3763 +#: sssd.conf.5.xml:3764 msgid "Default: Use the domain part of machine's hostname" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3769 +#: sssd.conf.5.xml:3770 msgid "override_gid (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3772 +#: sssd.conf.5.xml:3773 msgid "Override the primary GID value with the one specified." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3778 +#: sssd.conf.5.xml:3779 msgid "case_sensitive (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3785 +#: sssd.conf.5.xml:3786 msgid "True" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3788 +#: sssd.conf.5.xml:3789 msgid "Case sensitive. This value is invalid for AD provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3794 +#: sssd.conf.5.xml:3795 msgid "False" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3796 +#: sssd.conf.5.xml:3797 msgid "Case insensitive." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3800 +#: sssd.conf.5.xml:3801 msgid "Preserving" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3803 +#: sssd.conf.5.xml:3804 msgid "" "Same as False (case insensitive), but does not lowercase names in the result " "of NSS operations. Note that name aliases (and in case of services also " @@ -4292,31 +4292,31 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3811 +#: sssd.conf.5.xml:3812 msgid "" "If you want to set this value for trusted domain with IPA provider, you need " "to set it on both the client and SSSD on the server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3781 +#: sssd.conf.5.xml:3782 msgid "" "Treat user and group names as case sensitive. Possible option values are: " "<placeholder type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3826 +#: sssd.conf.5.xml:3827 msgid "Default: True (False for AD provider)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3832 +#: sssd.conf.5.xml:3833 msgid "subdomain_inherit (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3835 +#: sssd.conf.5.xml:3836 msgid "" "Specifies a list of configuration parameters that should be inherited by a " "subdomain. Please note that only selected parameters can be inherited. " @@ -4324,104 +4324,104 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3841 +#: sssd.conf.5.xml:3842 msgid "ldap_search_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3844 +#: sssd.conf.5.xml:3845 msgid "ldap_network_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3847 +#: sssd.conf.5.xml:3848 msgid "ldap_opt_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3850 +#: sssd.conf.5.xml:3851 msgid "ldap_offline_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3853 +#: sssd.conf.5.xml:3854 msgid "ldap_enumeration_refresh_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3856 +#: sssd.conf.5.xml:3857 msgid "ldap_enumeration_refresh_offset" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3859 +#: sssd.conf.5.xml:3860 msgid "ldap_purge_cache_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3862 +#: sssd.conf.5.xml:3863 msgid "ldap_purge_cache_offset" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3865 +#: sssd.conf.5.xml:3866 msgid "" "ldap_krb5_keytab (the value of krb5_keytab will be used if ldap_krb5_keytab " "is not set explicitly)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3869 +#: sssd.conf.5.xml:3870 msgid "ldap_krb5_ticket_lifetime" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3872 +#: sssd.conf.5.xml:3873 msgid "ldap_enumeration_search_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3875 +#: sssd.conf.5.xml:3876 msgid "ldap_connection_expire_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3878 +#: sssd.conf.5.xml:3879 msgid "ldap_connection_expire_offset" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3881 +#: sssd.conf.5.xml:3882 msgid "ldap_connection_idle_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3884 sssd-ldap.5.xml:400 +#: sssd.conf.5.xml:3885 sssd-ldap.5.xml:400 msgid "ldap_use_tokengroups" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3887 +#: sssd.conf.5.xml:3888 msgid "ldap_user_principal" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3890 +#: sssd.conf.5.xml:3891 msgid "ignore_group_members" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3893 +#: sssd.conf.5.xml:3894 msgid "auto_private_groups" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3896 +#: sssd.conf.5.xml:3897 msgid "case_sensitive" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:3901 +#: sssd.conf.5.xml:3902 #, no-wrap msgid "" "subdomain_inherit = ldap_purge_cache_timeout\n" @@ -4429,27 +4429,27 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3908 +#: sssd.conf.5.xml:3909 msgid "Note: This option only works with the IPA and AD provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3915 +#: sssd.conf.5.xml:3916 msgid "subdomain_homedir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3926 +#: sssd.conf.5.xml:3927 msgid "%F" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3927 +#: sssd.conf.5.xml:3928 msgid "flat (NetBIOS) name of a subdomain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3918 +#: sssd.conf.5.xml:3919 msgid "" "Use this homedir as default value for all subdomains within this domain in " "IPA AD trust. See <emphasis>override_homedir</emphasis> for info about " @@ -4459,34 +4459,34 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3932 +#: sssd.conf.5.xml:3933 msgid "" "The value can be overridden by <emphasis>override_homedir</emphasis> option." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3936 +#: sssd.conf.5.xml:3937 msgid "Default: <filename>/home/%d/%u</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3941 +#: sssd.conf.5.xml:3942 msgid "realmd_tags (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3944 +#: sssd.conf.5.xml:3945 msgid "" "Various tags stored by the realmd configuration service for this domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3950 +#: sssd.conf.5.xml:3951 msgid "cached_auth_timeout (int)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3953 +#: sssd.conf.5.xml:3954 msgid "" "Specifies time in seconds since last successful online authentication for " "which user will be authenticated using cached credentials while SSSD is in " @@ -4495,19 +4495,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3961 +#: sssd.conf.5.xml:3962 msgid "" "This option's value is inherited by all trusted domains. At the moment it is " "not possible to set a different value per trusted domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3966 +#: sssd.conf.5.xml:3967 msgid "Special value 0 implies that this feature is disabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3970 +#: sssd.conf.5.xml:3971 msgid "" "Please note that if <quote>cached_auth_timeout</quote> is longer than " "<quote>pam_id_timeout</quote> then the back end could be called to handle " @@ -4515,24 +4515,81 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3981 +#: sssd.conf.5.xml:3982 +msgid "local_auth_policy (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3985 +msgid "" +"Local authentication methods policy. Some backends (i.e. LDAP, proxy " +"provider) only support a password based authentication, while others can " +"handle PKINIT based Smartcard authentication (AD, IPA), two-factor " +"authentication (IPA), or other methods against a central instance. By " +"default in such cases authentication is only performed with the methods " +"supported by the backend." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3995 +msgid "" +"There are three possible values for this option: match, only, enable. " +"<quote>match</quote> is used to match offline and online states for Kerberos " +"methods. <quote>only</quote> ignores the online methods and only offer the " +"local ones. enable allows explicitly defining the methods for local " +"authentication. As an example, <quote>enable:passkey</quote>, only enables " +"passkey for local authentication. Multiple enable values should be comma-" +"separated, such as <quote>enable:passkey, enable:smartcard</quote>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:4011 +#, no-wrap +msgid "" +"[domain/shadowutils]\n" +"id_provider = proxy\n" +"proxy_lib_name = files\n" +"auth_provider = none\n" +"local_auth_policy = only\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4007 +msgid "" +"The following configuration example allows local users to authenticate " +"locally using any enabled method (i.e. smartcard, passkey). <placeholder " +"type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4019 +msgid "This option is ignored for the files provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4022 +msgid "Default: match" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4027 msgid "auto_private_groups (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3987 +#: sssd.conf.5.xml:4033 msgid "true" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3990 +#: sssd.conf.5.xml:4036 msgid "" "Create user's private group unconditionally from user's UID number. The GID " "number is ignored in this case." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3994 +#: sssd.conf.5.xml:4040 msgid "" "NOTE: Because the GID number and the user private group are inferred from " "the UID number, it is not supported to have multiple entries with the same " @@ -4541,24 +4598,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4003 +#: sssd.conf.5.xml:4049 msgid "false" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4006 +#: sssd.conf.5.xml:4052 msgid "" "Always use the user's primary GID number. The GID number must refer to a " "group object in the LDAP database." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4012 +#: sssd.conf.5.xml:4058 msgid "hybrid" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4015 +#: sssd.conf.5.xml:4061 msgid "" "A primary group is autogenerated for user entries whose UID and GID numbers " "have the same value and at the same time the GID number does not correspond " @@ -4568,14 +4625,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4028 +#: sssd.conf.5.xml:4074 msgid "" "If the UID and GID of a user are different, then the GID must correspond to " "a group entry, otherwise the GID is simply not resolvable." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4035 +#: sssd.conf.5.xml:4081 msgid "" "This feature is useful for environments that wish to stop maintaining a " "separate group objects for the user private groups, but also wish to retain " @@ -4583,21 +4640,21 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3984 +#: sssd.conf.5.xml:4030 msgid "" "This option takes any of three available values: <placeholder " "type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4047 +#: sssd.conf.5.xml:4093 msgid "" "For subdomains, the default value is False for subdomains that use assigned " "POSIX IDs and True for subdomains that use automatic ID-mapping." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:4055 +#: sssd.conf.5.xml:4101 #, no-wrap msgid "" "[domain/forest.domain/sub.domain]\n" @@ -4605,7 +4662,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:4061 +#: sssd.conf.5.xml:4107 #, no-wrap msgid "" "[domain/forest.domain]\n" @@ -4614,7 +4671,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4052 +#: sssd.conf.5.xml:4098 msgid "" "The value of auto_private_groups can either be set per subdomains in a " "subsection, for example: <placeholder type=\"programlisting\" id=\"0\"/> or " @@ -4623,7 +4680,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:2569 +#: sssd.conf.5.xml:2570 msgid "" "These configuration options can be present in a domain configuration " "section, that is, in a section called <quote>[domain/<replaceable>NAME</" @@ -4631,29 +4688,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4076 +#: sssd.conf.5.xml:4122 msgid "proxy_pam_target (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4079 +#: sssd.conf.5.xml:4125 msgid "The proxy target PAM proxies to." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4082 +#: sssd.conf.5.xml:4128 msgid "" "Default: not set by default, you have to take an existing pam configuration " "or create a new one and add the service name here." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4090 +#: sssd.conf.5.xml:4136 msgid "proxy_lib_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4093 +#: sssd.conf.5.xml:4139 msgid "" "The name of the NSS library to use in proxy domains. The NSS functions " "searched for in the library are in the form of _nss_$(libName)_$(function), " @@ -4661,12 +4718,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4103 +#: sssd.conf.5.xml:4149 msgid "proxy_resolver_lib_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4106 +#: sssd.conf.5.xml:4152 msgid "" "The name of the NSS library to use for hosts and networks lookups in proxy " "domains. The NSS functions searched for in the library are in the form of " @@ -4674,12 +4731,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4117 +#: sssd.conf.5.xml:4163 msgid "proxy_fast_alias (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4120 +#: sssd.conf.5.xml:4166 msgid "" "When a user or group is looked up by name in the proxy provider, a second " "lookup by ID is performed to \"canonicalize\" the name in case the requested " @@ -4688,12 +4745,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4134 +#: sssd.conf.5.xml:4180 msgid "proxy_max_children (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4137 +#: sssd.conf.5.xml:4183 msgid "" "This option specifies the number of pre-forked proxy children. It is useful " "for high-load SSSD environments where sssd may run out of available child " @@ -4701,19 +4758,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4072 +#: sssd.conf.5.xml:4118 msgid "" "Options valid for proxy domains. <placeholder type=\"variablelist\" " "id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:4153 +#: sssd.conf.5.xml:4199 msgid "Application domains" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4155 +#: sssd.conf.5.xml:4201 msgid "" "SSSD, with its D-Bus interface (see <citerefentry> <refentrytitle>sssd-ifp</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry>) is appealing to " @@ -4730,7 +4787,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4175 +#: sssd.conf.5.xml:4221 msgid "" "Please note that the application domain must still be explicitly enabled in " "the <quote>domains</quote> parameter so that the lookup order between the " @@ -4738,17 +4795,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> -#: sssd.conf.5.xml:4181 +#: sssd.conf.5.xml:4227 msgid "Application domain parameters" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4183 +#: sssd.conf.5.xml:4229 msgid "inherit_from (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4186 +#: sssd.conf.5.xml:4232 msgid "" "The SSSD POSIX-type domain the application domain inherits all settings " "from. The application domain can moreover add its own settings to the " @@ -4757,7 +4814,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4200 +#: sssd.conf.5.xml:4246 msgid "" "The following example illustrates the use of an application domain. In this " "setup, the POSIX domain is connected to an LDAP server and is used by the OS " @@ -4767,7 +4824,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><programlisting> -#: sssd.conf.5.xml:4208 +#: sssd.conf.5.xml:4254 #, no-wrap msgid "" "[sssd]\n" @@ -4787,12 +4844,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4228 +#: sssd.conf.5.xml:4274 msgid "TRUSTED DOMAIN SECTION" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4230 +#: sssd.conf.5.xml:4276 msgid "" "Some options used in the domain section can also be used in the trusted " "domain section, that is, in a section called <quote>[domain/" @@ -4803,69 +4860,69 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4237 +#: sssd.conf.5.xml:4283 msgid "ldap_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4238 +#: sssd.conf.5.xml:4284 msgid "ldap_user_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4239 +#: sssd.conf.5.xml:4285 msgid "ldap_group_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4240 +#: sssd.conf.5.xml:4286 msgid "ldap_netgroup_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4241 +#: sssd.conf.5.xml:4287 msgid "ldap_service_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4242 +#: sssd.conf.5.xml:4288 msgid "ldap_sasl_mech," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4243 +#: sssd.conf.5.xml:4289 msgid "ad_server," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4244 +#: sssd.conf.5.xml:4290 msgid "ad_backup_server," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4245 +#: sssd.conf.5.xml:4291 msgid "ad_site," msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4246 sssd-ipa.5.xml:879 +#: sssd.conf.5.xml:4292 sssd-ipa.5.xml:879 msgid "use_fully_qualified_names" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4250 +#: sssd.conf.5.xml:4296 msgid "" "For more details about these options see their individual description in the " "manual page." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4256 +#: sssd.conf.5.xml:4302 msgid "CERTIFICATE MAPPING SECTION" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4258 +#: sssd.conf.5.xml:4304 msgid "" "To allow authentication with Smartcards and certificates SSSD must be able " "to map certificates to users. This can be done by adding the full " @@ -4878,7 +4935,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4272 +#: sssd.conf.5.xml:4318 msgid "" "To make the mapping more flexible mapping and matching rules were added to " "SSSD (see <citerefentry> <refentrytitle>sss-certmap</refentrytitle> " @@ -4886,7 +4943,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4281 +#: sssd.conf.5.xml:4327 msgid "" "A mapping and matching rule can be added to the SSSD configuration in a " "section on its own with a name like <quote>[certmap/" @@ -4895,55 +4952,55 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4288 +#: sssd.conf.5.xml:4334 msgid "matchrule (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4291 +#: sssd.conf.5.xml:4337 msgid "" "Only certificates from the Smartcard which matches this rule will be " "processed, all others are ignored." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4295 +#: sssd.conf.5.xml:4341 msgid "" "Default: KRB5:<EKU>clientAuth, i.e. only certificates which have the " "Extended Key Usage <quote>clientAuth</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4302 +#: sssd.conf.5.xml:4348 msgid "maprule (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4305 +#: sssd.conf.5.xml:4351 msgid "Defines how the user is found for a given certificate." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4311 +#: sssd.conf.5.xml:4357 msgid "" "LDAP:(userCertificate;binary={cert!bin}) for LDAP based providers like " "<quote>ldap</quote>, <quote>AD</quote> or <quote>ipa</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4317 +#: sssd.conf.5.xml:4363 msgid "" "The RULE_NAME for the <quote>files</quote> provider which tries to find a " "user with the same name." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4326 +#: sssd.conf.5.xml:4372 msgid "domains (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4329 +#: sssd.conf.5.xml:4375 msgid "" "Comma separated list of domain names the rule should be applied. By default " "a rule is only valid in the domain configured in sssd.conf. If the provider " @@ -4952,17 +5009,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4336 +#: sssd.conf.5.xml:4382 msgid "Default: the configured domain in sssd.conf" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4341 +#: sssd.conf.5.xml:4387 msgid "priority (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4344 +#: sssd.conf.5.xml:4390 msgid "" "Unsigned integer value defining the priority of the rule. The higher the " "number the lower the priority. <quote>0</quote> stands for the highest " @@ -4970,26 +5027,26 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4350 +#: sssd.conf.5.xml:4396 msgid "Default: the lowest priority" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4356 +#: sssd.conf.5.xml:4402 msgid "" "To make the configuration simple and reduce the amount of configuration " "options the <quote>files</quote> provider has some special properties:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4362 +#: sssd.conf.5.xml:4408 msgid "" "if maprule is not set the RULE_NAME name is assumed to be the name of the " "matching user" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4368 +#: sssd.conf.5.xml:4414 msgid "" "if a maprule is used both a single user name or a template like " "<quote>{subject_rfc822_name.short_name}</quote> must be in braces like e.g. " @@ -4998,17 +5055,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4377 +#: sssd.conf.5.xml:4423 msgid "the <quote>domains</quote> option is ignored" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4385 +#: sssd.conf.5.xml:4431 msgid "PROMPTING CONFIGURATION SECTION" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4387 +#: sssd.conf.5.xml:4433 msgid "" "If a special file (<filename>/var/lib/sss/pubconf/pam_preauth_available</" "filename>) exists SSSD's PAM module pam_sss will ask SSSD to figure out " @@ -5018,7 +5075,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4395 +#: sssd.conf.5.xml:4441 msgid "" "With the growing number of authentication methods and the possibility that " "there are multiple ones for a single user the heuristic used by pam_sss to " @@ -5027,59 +5084,59 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4407 +#: sssd.conf.5.xml:4453 msgid "[prompting/password]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4410 +#: sssd.conf.5.xml:4456 msgid "password_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4411 +#: sssd.conf.5.xml:4457 msgid "to change the string of the password prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4409 +#: sssd.conf.5.xml:4455 msgid "" "to configure password prompting, allowed options are: <placeholder " "type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4419 +#: sssd.conf.5.xml:4465 msgid "[prompting/2fa]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4423 +#: sssd.conf.5.xml:4469 msgid "first_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4424 +#: sssd.conf.5.xml:4470 msgid "to change the string of the prompt for the first factor" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4427 +#: sssd.conf.5.xml:4473 msgid "second_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4428 +#: sssd.conf.5.xml:4474 msgid "to change the string of the prompt for the second factor" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4431 +#: sssd.conf.5.xml:4477 msgid "single_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4432 +#: sssd.conf.5.xml:4478 msgid "" "boolean value, if True there will be only a single prompt using the value of " "first_prompt where it is expected that both factors are entered as a single " @@ -5088,7 +5145,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4421 +#: sssd.conf.5.xml:4467 msgid "" "to configure two-factor authentication prompting, allowed options are: " "<placeholder type=\"variablelist\" id=\"0\"/> If the second factor is " @@ -5097,17 +5154,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4449 +#: sssd.conf.5.xml:4495 msgid "[prompting/passkey]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4455 sssd-ad.5.xml:1021 +#: sssd.conf.5.xml:4501 sssd-ad.5.xml:1021 msgid "interactive" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4457 +#: sssd.conf.5.xml:4503 msgid "" "boolean value, if True prompt a message and wait before testing the presence " "of a passkey device. Recommended if your device doesn’t have a tactile " @@ -5115,46 +5172,46 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4465 +#: sssd.conf.5.xml:4511 msgid "interactive_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4467 +#: sssd.conf.5.xml:4513 msgid "to change the message of the interactive prompt." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4472 +#: sssd.conf.5.xml:4518 msgid "touch" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4474 +#: sssd.conf.5.xml:4520 msgid "" "boolean value, if True prompt a message to remind the user to touch the " "device." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4480 +#: sssd.conf.5.xml:4526 msgid "touch_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4482 +#: sssd.conf.5.xml:4528 msgid "to change the message of the touch prompt." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4451 +#: sssd.conf.5.xml:4497 msgid "" "to configure passkey authentication prompting, allowed options are: " "<placeholder type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4402 +#: sssd.conf.5.xml:4448 msgid "" "Each supported authentication method has its own configuration subsection " "under <quote>[prompting/...]</quote>. Currently there are: <placeholder " @@ -5163,7 +5220,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4493 +#: sssd.conf.5.xml:4539 msgid "" "It is possible to add a subsection for specific PAM services, e.g. " "<quote>[prompting/password/sshd]</quote> to individual change the prompting " @@ -5171,12 +5228,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4500 pam_sss_gss.8.xml:157 idmap_sss.8.xml:43 +#: sssd.conf.5.xml:4546 pam_sss_gss.8.xml:157 idmap_sss.8.xml:43 msgid "EXAMPLES" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4506 +#: sssd.conf.5.xml:4552 #, no-wrap msgid "" "[sssd]\n" @@ -5206,7 +5263,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4502 +#: sssd.conf.5.xml:4548 msgid "" "1. The following example shows a typical SSSD config. It does not describe " "configuration of the domains themselves - refer to documentation on " @@ -5215,7 +5272,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4539 +#: sssd.conf.5.xml:4585 #, no-wrap msgid "" "[domain/ipa.com/child.ad.com]\n" @@ -5223,7 +5280,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4533 +#: sssd.conf.5.xml:4579 msgid "" "2. The following example shows configuration of IPA AD trust where the AD " "forest consists of two domains in a parent-child structure. Suppose IPA " @@ -5234,7 +5291,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4550 +#: sssd.conf.5.xml:4596 #, no-wrap msgid "" "[certmap/my.domain/rule_name]\n" @@ -5245,7 +5302,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4544 +#: sssd.conf.5.xml:4590 msgid "" "3. The following example shows the configuration of a certificate mapping " "rule. It is valid for the configured domain <quote>my.domain</quote> and " @@ -17240,7 +17297,7 @@ msgstr "" #: include/ldap_id_mapping.xml:235 msgid "" "When this option is configured, domains will be allocated starting with " -"slice zero and increasing monatomically with each additional domain." +"slice zero and increasing monotonically with each additional domain." msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> diff --git a/src/man/po/fi.po b/src/man/po/fi.po index b29b914bf17..b86511b6e67 100644 --- a/src/man/po/fi.po +++ b/src/man/po/fi.po @@ -3,7 +3,7 @@ msgid "" msgstr "" "Project-Id-Version: sssd-docs 2.3.0\n" "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" -"POT-Creation-Date: 2023-05-05 10:09+0200\n" +"POT-Creation-Date: 2023-09-07 11:47+0200\n" "PO-Revision-Date: 2022-03-20 19:16+0000\n" "Last-Translator: Jan Kuparinen <copper_fin@hotmail.com>\n" "Language-Team: Finnish <https://translate.fedoraproject.org/projects/sssd/" @@ -200,8 +200,8 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:136 sssd.conf.5.xml:173 sssd.conf.5.xml:358 -#: sssd.conf.5.xml:714 sssd.conf.5.xml:729 sssd.conf.5.xml:951 -#: sssd.conf.5.xml:1069 sssd.conf.5.xml:2197 sssd-ldap.5.xml:1071 +#: sssd.conf.5.xml:714 sssd.conf.5.xml:729 sssd.conf.5.xml:952 +#: sssd.conf.5.xml:1070 sssd.conf.5.xml:2198 sssd-ldap.5.xml:1071 #: sssd-ldap.5.xml:1174 sssd-ldap.5.xml:1243 sssd-ldap.5.xml:1750 #: sssd-ldap.5.xml:1815 sssd-ipa.5.xml:342 sssd-ad.5.xml:252 sssd-ad.5.xml:366 #: sssd-ad.5.xml:1200 sssd-ad.5.xml:1348 sssd-krb5.5.xml:358 @@ -221,8 +221,8 @@ msgid "" msgstr "" #. type: Content of: <variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:149 sssd.conf.5.xml:652 sssd.conf.5.xml:948 -#: sssd.conf.5.xml:2100 sssd.conf.5.xml:2167 sssd.conf.5.xml:4128 +#: sssd.conf.5.xml:149 sssd.conf.5.xml:652 sssd.conf.5.xml:949 +#: sssd.conf.5.xml:2101 sssd.conf.5.xml:2168 sssd.conf.5.xml:4174 #: sssd-ldap.5.xml:312 sssd-ldap.5.xml:917 sssd-ldap.5.xml:936 #: sssd-ldap.5.xml:1146 sssd-ldap.5.xml:1599 sssd-ldap.5.xml:1839 #: sssd-ipa.5.xml:152 sssd-ipa.5.xml:254 sssd-ipa.5.xml:657 sssd-ad.5.xml:1106 @@ -290,8 +290,8 @@ msgid "" msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:196 sssd.conf.5.xml:1289 sssd.conf.5.xml:1766 -#: sssd.conf.5.xml:4144 sssd-ldap.5.xml:765 include/ldap_id_mapping.xml:270 +#: sssd.conf.5.xml:196 sssd.conf.5.xml:1290 sssd.conf.5.xml:1767 +#: sssd.conf.5.xml:4190 sssd-ldap.5.xml:765 include/ldap_id_mapping.xml:270 msgid "Default: 10" msgstr "" @@ -357,19 +357,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:258 sssd.conf.5.xml:783 +#: sssd.conf.5.xml:258 sssd.conf.5.xml:784 msgid "reconnection_retries (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:261 sssd.conf.5.xml:786 +#: sssd.conf.5.xml:261 sssd.conf.5.xml:787 msgid "" "Number of times services should attempt to reconnect in the event of a Data " "Provider crash or restart before they give up" msgstr "" #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:266 sssd.conf.5.xml:791 sssd.conf.5.xml:3708 +#: sssd.conf.5.xml:266 sssd.conf.5.xml:792 sssd.conf.5.xml:3709 #: include/failover.xml:100 msgid "Default: 3" msgstr "" @@ -391,7 +391,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:287 sssd.conf.5.xml:3540 +#: sssd.conf.5.xml:287 sssd.conf.5.xml:3541 msgid "re_expression (string)" msgstr "" @@ -411,12 +411,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:304 sssd.conf.5.xml:3597 +#: sssd.conf.5.xml:304 sssd.conf.5.xml:3598 msgid "full_name_format (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:307 sssd.conf.5.xml:3600 +#: sssd.conf.5.xml:307 sssd.conf.5.xml:3601 msgid "" "A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</" "manvolnum> </citerefentry>-compatible format that describes how to compose a " @@ -424,39 +424,39 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:318 sssd.conf.5.xml:3611 +#: sssd.conf.5.xml:318 sssd.conf.5.xml:3612 msgid "%1$s" msgstr "%1$s" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:319 sssd.conf.5.xml:3612 +#: sssd.conf.5.xml:319 sssd.conf.5.xml:3613 msgid "user name" msgstr "käyttäjänimi" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:322 sssd.conf.5.xml:3615 +#: sssd.conf.5.xml:322 sssd.conf.5.xml:3616 msgid "%2$s" msgstr "%2$s" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:325 sssd.conf.5.xml:3618 +#: sssd.conf.5.xml:325 sssd.conf.5.xml:3619 msgid "domain name as specified in the SSSD config file." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:331 sssd.conf.5.xml:3624 +#: sssd.conf.5.xml:331 sssd.conf.5.xml:3625 msgid "%3$s" msgstr "%3$s" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:334 sssd.conf.5.xml:3627 +#: sssd.conf.5.xml:334 sssd.conf.5.xml:3628 msgid "" "domain flat name. Mostly usable for Active Directory domains, both directly " "configured or discovered via IPA trusts." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:315 sssd.conf.5.xml:3608 +#: sssd.conf.5.xml:315 sssd.conf.5.xml:3609 msgid "" "The following expansions are supported: <placeholder type=\"variablelist\" " "id=\"0\"/>" @@ -874,7 +874,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:700 sssd.conf.5.xml:1790 sssd.conf.5.xml:4194 +#: sssd.conf.5.xml:700 sssd.conf.5.xml:1791 sssd.conf.5.xml:4240 #: sssd-ad.5.xml:187 sssd-ad.5.xml:327 sssd-ad.5.xml:341 msgid "Default: Not set" msgstr "Oletus: ei asetettu" @@ -919,11 +919,11 @@ msgstr "" #: sssd.conf.5.xml:744 msgid "" "Enable or disable the user verification (i.e. PIN, fingerprint) during " -"authentication." +"authentication. If enabled, the PIN will always be requested." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:749 +#: sssd.conf.5.xml:750 msgid "" "The default is that the key settings decide what to do. In the IPA or " "kerberos pre-authentication case, this value will be overwritten by the " @@ -950,12 +950,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:768 +#: sssd.conf.5.xml:769 msgid "SERVICES SECTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:770 +#: sssd.conf.5.xml:771 msgid "" "Settings that can be used to configure different services are described in " "this section. They should reside in the [<replaceable>$NAME</replaceable>] " @@ -964,22 +964,22 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:777 +#: sssd.conf.5.xml:778 msgid "General service configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:779 +#: sssd.conf.5.xml:780 msgid "These options can be used to configure any service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:796 +#: sssd.conf.5.xml:797 msgid "fd_limit" msgstr "fd_limit" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:799 +#: sssd.conf.5.xml:800 msgid "" "This option specifies the maximum number of file descriptors that may be " "opened at one time by this SSSD process. On systems where SSSD is granted " @@ -989,17 +989,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:808 +#: sssd.conf.5.xml:809 msgid "Default: 8192 (or limits.conf \"hard\" limit)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:813 +#: sssd.conf.5.xml:814 msgid "client_idle_timeout" msgstr "client_idle_timeout" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:816 +#: sssd.conf.5.xml:817 msgid "" "This option specifies the number of seconds that a client of an SSSD process " "can hold onto a file descriptor without communicating on it. This value is " @@ -1009,17 +1009,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:825 +#: sssd.conf.5.xml:826 msgid "Default: 60, KCM: 300" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:830 +#: sssd.conf.5.xml:831 msgid "offline_timeout (integer)" msgstr "offline_timeout (integeri)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:833 +#: sssd.conf.5.xml:834 msgid "" "When SSSD switches to offline mode the amount of time before it tries to go " "back online will increase based upon the time spent disconnected. By " @@ -1030,14 +1030,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:844 sssd.conf.5.xml:900 +#: sssd.conf.5.xml:845 sssd.conf.5.xml:901 msgid "" "new_delay = Minimum(old_delay * 2, offline_timeout_max) + random[0..." "offline_timeout_random_offset]" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:847 +#: sssd.conf.5.xml:848 msgid "" "The offline_timeout default value is 60. The offline_timeout_max default " "value is 3600. The offline_timeout_random_offset default value is 30. The " @@ -1045,44 +1045,44 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:853 +#: sssd.conf.5.xml:854 msgid "" "Note that the maximum length of each interval is defined by " "offline_timeout_max (apart of random part)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:857 sssd.conf.5.xml:1200 sssd.conf.5.xml:1583 -#: sssd.conf.5.xml:1879 sssd-ldap.5.xml:494 +#: sssd.conf.5.xml:858 sssd.conf.5.xml:1201 sssd.conf.5.xml:1584 +#: sssd.conf.5.xml:1880 sssd-ldap.5.xml:494 msgid "Default: 60" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:862 +#: sssd.conf.5.xml:863 msgid "offline_timeout_max (integer)" msgstr "offline_timeout_max (integeri)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:865 +#: sssd.conf.5.xml:866 msgid "" "Controls by how much the time between attempts to go online can be " "incremented following unsuccessful attempts to go online." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:870 +#: sssd.conf.5.xml:871 msgid "A value of 0 disables the incrementing behaviour." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:873 +#: sssd.conf.5.xml:874 msgid "" "The value of this parameter should be set in correlation to offline_timeout " "parameter value." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:877 +#: sssd.conf.5.xml:878 msgid "" "With offline_timeout set to 60 (default value) there is no point in setting " "offlinet_timeout_max to less than 120 as it will saturate instantly. General " @@ -1091,58 +1091,58 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:883 +#: sssd.conf.5.xml:884 msgid "" "Although a value between 0 and offline_timeout may be specified, it has the " "effect of overriding the offline_timeout value so is of little use." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:888 +#: sssd.conf.5.xml:889 msgid "Default: 3600" msgstr "Oletus: 3600" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:893 +#: sssd.conf.5.xml:894 msgid "offline_timeout_random_offset (integer)" msgstr "offline_timeout_random_offset (integeri)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:896 +#: sssd.conf.5.xml:897 msgid "" "When SSSD is in offline mode it keeps probing backend servers in specified " "time intervals:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:903 +#: sssd.conf.5.xml:904 msgid "" "This parameter controls the value of the random offset used for the above " "equation. Final random_offset value will be random number in range:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:908 +#: sssd.conf.5.xml:909 msgid "[0 - offline_timeout_random_offset]" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:911 +#: sssd.conf.5.xml:912 msgid "A value of 0 disables the random offset addition." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:914 +#: sssd.conf.5.xml:915 msgid "Default: 30" msgstr "Oletus: 30" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:919 +#: sssd.conf.5.xml:920 msgid "responder_idle_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:922 +#: sssd.conf.5.xml:923 msgid "" "This option specifies the number of seconds that an SSSD responder process " "can be up without being used. This value is limited in order to avoid " @@ -1154,58 +1154,58 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:936 sssd.conf.5.xml:1213 sssd.conf.5.xml:2321 +#: sssd.conf.5.xml:937 sssd.conf.5.xml:1214 sssd.conf.5.xml:2322 #: sssd-ldap.5.xml:331 msgid "Default: 300" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:941 +#: sssd.conf.5.xml:942 msgid "cache_first" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:944 +#: sssd.conf.5.xml:945 msgid "" "This option specifies whether the responder should query all caches before " "querying the Data Providers." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:959 +#: sssd.conf.5.xml:960 msgid "NSS configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:961 +#: sssd.conf.5.xml:962 msgid "" "These options can be used to configure the Name Service Switch (NSS) service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:966 +#: sssd.conf.5.xml:967 msgid "enum_cache_timeout (integer)" msgstr "enum_cache_timeout (integeri)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:969 +#: sssd.conf.5.xml:970 msgid "" "How many seconds should nss_sss cache enumerations (requests for info about " "all users)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:973 +#: sssd.conf.5.xml:974 msgid "Default: 120" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:978 +#: sssd.conf.5.xml:979 msgid "entry_cache_nowait_percentage (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:981 +#: sssd.conf.5.xml:982 msgid "" "The entry cache can be set to automatically update entries in the background " "if they are requested beyond a percentage of the entry_cache_timeout value " @@ -1213,7 +1213,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:987 +#: sssd.conf.5.xml:988 msgid "" "For example, if the domain's entry_cache_timeout is set to 30s and " "entry_cache_nowait_percentage is set to 50 (percent), entries that come in " @@ -1223,7 +1223,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:997 +#: sssd.conf.5.xml:998 msgid "" "Valid values for this option are 0-99 and represent a percentage of the " "entry_cache_timeout for each domain. For performance reasons, this " @@ -1232,17 +1232,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1005 sssd.conf.5.xml:2121 +#: sssd.conf.5.xml:1006 sssd.conf.5.xml:2122 msgid "Default: 50" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1010 +#: sssd.conf.5.xml:1011 msgid "entry_negative_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1013 +#: sssd.conf.5.xml:1014 msgid "" "Specifies for how many seconds nss_sss should cache negative cache hits " "(that is, queries for invalid database entries, like nonexistent ones) " @@ -1250,17 +1250,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1019 sssd.conf.5.xml:1778 sssd.conf.5.xml:2145 +#: sssd.conf.5.xml:1020 sssd.conf.5.xml:1779 sssd.conf.5.xml:2146 msgid "Default: 15" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1024 +#: sssd.conf.5.xml:1025 msgid "local_negative_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1027 +#: sssd.conf.5.xml:1028 msgid "" "Specifies for how many seconds nss_sss should keep local users and groups in " "negative cache before trying to look it up in the back end again. Setting " @@ -1268,17 +1268,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1033 +#: sssd.conf.5.xml:1034 msgid "Default: 14400 (4 hours)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1038 +#: sssd.conf.5.xml:1039 msgid "filter_users, filter_groups (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1041 +#: sssd.conf.5.xml:1042 msgid "" "Exclude certain users or groups from being fetched from the sss NSS " "database. This is particularly useful for system accounts. This option can " @@ -1287,7 +1287,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1049 +#: sssd.conf.5.xml:1050 msgid "" "NOTE: The filter_groups option doesn't affect inheritance of nested group " "members, since filtering happens after they are propagated for returning via " @@ -1296,41 +1296,41 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1057 +#: sssd.conf.5.xml:1058 msgid "Default: root" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1062 +#: sssd.conf.5.xml:1063 msgid "filter_users_in_groups (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1065 +#: sssd.conf.5.xml:1066 msgid "" "If you want filtered user still be group members set this option to false." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1076 +#: sssd.conf.5.xml:1077 msgid "fallback_homedir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1079 +#: sssd.conf.5.xml:1080 msgid "" "Set a default template for a user's home directory if one is not specified " "explicitly by the domain's data provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1084 +#: sssd.conf.5.xml:1085 msgid "" "The available values for this option are the same as for override_homedir." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1090 +#: sssd.conf.5.xml:1091 #, no-wrap msgid "" "fallback_homedir = /home/%u\n" @@ -1338,23 +1338,23 @@ msgid "" msgstr "" #. type: Content of: <varlistentry><listitem><para> -#: sssd.conf.5.xml:1088 sssd.conf.5.xml:1650 sssd.conf.5.xml:1669 -#: sssd.conf.5.xml:1746 sssd-krb5.5.xml:451 include/override_homedir.xml:66 +#: sssd.conf.5.xml:1089 sssd.conf.5.xml:1651 sssd.conf.5.xml:1670 +#: sssd.conf.5.xml:1747 sssd-krb5.5.xml:451 include/override_homedir.xml:66 msgid "example: <placeholder type=\"programlisting\" id=\"0\"/>" msgstr "Esimerkki: <placeholder type=\"programlisting\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1094 +#: sssd.conf.5.xml:1095 msgid "Default: not set (no substitution for unset home directories)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1100 +#: sssd.conf.5.xml:1101 msgid "override_shell (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1103 +#: sssd.conf.5.xml:1104 msgid "" "Override the login shell for all users. This option supersedes any other " "shell options if it takes effect and can be set either in the [nss] section " @@ -1362,47 +1362,47 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1109 +#: sssd.conf.5.xml:1110 msgid "Default: not set (SSSD will use the value retrieved from LDAP)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1115 +#: sssd.conf.5.xml:1116 msgid "allowed_shells (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1118 +#: sssd.conf.5.xml:1119 msgid "" "Restrict user shell to one of the listed values. The order of evaluation is:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1121 +#: sssd.conf.5.xml:1122 msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1125 +#: sssd.conf.5.xml:1126 msgid "" "2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</" "quote>, use the value of the shell_fallback parameter." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1130 +#: sssd.conf.5.xml:1131 msgid "" "3. If the shell is not in the allowed_shells list and not in <quote>/etc/" "shells</quote>, a nologin shell is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1135 +#: sssd.conf.5.xml:1136 msgid "The wildcard (*) can be used to allow any shell." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1138 +#: sssd.conf.5.xml:1139 msgid "" "The (*) is useful if you want to use shell_fallback in case that user's " "shell is not in <quote>/etc/shells</quote> and maintaining list of all " @@ -1410,113 +1410,113 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1145 +#: sssd.conf.5.xml:1146 msgid "An empty string for shell is passed as-is to libc." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1148 +#: sssd.conf.5.xml:1149 msgid "" "The <quote>/etc/shells</quote> is only read on SSSD start up, which means " "that a restart of the SSSD is required in case a new shell is installed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1152 +#: sssd.conf.5.xml:1153 msgid "Default: Not set. The user shell is automatically used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1157 +#: sssd.conf.5.xml:1158 msgid "vetoed_shells (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1160 +#: sssd.conf.5.xml:1161 msgid "Replace any instance of these shells with the shell_fallback" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1165 +#: sssd.conf.5.xml:1166 msgid "shell_fallback (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1168 +#: sssd.conf.5.xml:1169 msgid "" "The default shell to use if an allowed shell is not installed on the machine." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1172 +#: sssd.conf.5.xml:1173 msgid "Default: /bin/sh" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1177 +#: sssd.conf.5.xml:1178 msgid "default_shell" msgstr "Oletuskomentorivitulkki" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1180 +#: sssd.conf.5.xml:1181 msgid "" "The default shell to use if the provider does not return one during lookup. " "This option can be specified globally in the [nss] section or per-domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1186 +#: sssd.conf.5.xml:1187 msgid "" "Default: not set (Return NULL if no shell is specified and rely on libc to " "substitute something sensible when necessary, usually /bin/sh)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1193 sssd.conf.5.xml:1576 +#: sssd.conf.5.xml:1194 sssd.conf.5.xml:1577 msgid "get_domains_timeout (int)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1196 sssd.conf.5.xml:1579 +#: sssd.conf.5.xml:1197 sssd.conf.5.xml:1580 msgid "" "Specifies time in seconds for which the list of subdomains will be " "considered valid." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1205 +#: sssd.conf.5.xml:1206 msgid "memcache_timeout (integer)" msgstr "memcache_timeout (integeri)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1208 +#: sssd.conf.5.xml:1209 msgid "" "Specifies time in seconds for which records in the in-memory cache will be " "valid. Setting this option to zero will disable the in-memory cache." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1216 +#: sssd.conf.5.xml:1217 msgid "" "WARNING: Disabling the in-memory cache will have significant negative impact " "on SSSD's performance and should only be used for testing." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1222 sssd.conf.5.xml:1247 sssd.conf.5.xml:1272 -#: sssd.conf.5.xml:1297 sssd.conf.5.xml:1324 +#: sssd.conf.5.xml:1223 sssd.conf.5.xml:1248 sssd.conf.5.xml:1273 +#: sssd.conf.5.xml:1298 sssd.conf.5.xml:1325 msgid "" "NOTE: If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", " "client applications will not use the fast in-memory cache." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1230 +#: sssd.conf.5.xml:1231 msgid "memcache_size_passwd (integer)" msgstr "memcache_size_passwd (integeri)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1233 +#: sssd.conf.5.xml:1234 msgid "" "Size (in megabytes) of the data table allocated inside fast in-memory cache " "for passwd requests. Setting the size to 0 will disable the passwd in-" @@ -1524,25 +1524,25 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1239 sssd.conf.5.xml:2963 sssd-ldap.5.xml:548 +#: sssd.conf.5.xml:1240 sssd.conf.5.xml:2964 sssd-ldap.5.xml:548 msgid "Default: 8" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1242 sssd.conf.5.xml:1267 sssd.conf.5.xml:1292 -#: sssd.conf.5.xml:1319 +#: sssd.conf.5.xml:1243 sssd.conf.5.xml:1268 sssd.conf.5.xml:1293 +#: sssd.conf.5.xml:1320 msgid "" "WARNING: Disabled or too small in-memory cache can have significant negative " "impact on SSSD's performance." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1255 +#: sssd.conf.5.xml:1256 msgid "memcache_size_group (integer)" msgstr "memcache_size_group (integeri)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1258 +#: sssd.conf.5.xml:1259 msgid "" "Size (in megabytes) of the data table allocated inside fast in-memory cache " "for group requests. Setting the size to 0 will disable the group in-memory " @@ -1550,19 +1550,19 @@ msgid "" msgstr "" #. type: Content of: <variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1264 sssd.conf.5.xml:1316 sssd.conf.5.xml:3729 +#: sssd.conf.5.xml:1265 sssd.conf.5.xml:1317 sssd.conf.5.xml:3730 #: sssd-ldap.5.xml:473 sssd-ldap.5.xml:525 include/failover.xml:116 #: include/krb5_options.xml:11 msgid "Default: 6" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1280 +#: sssd.conf.5.xml:1281 msgid "memcache_size_initgroups (integer)" msgstr "memcache_size_initgroups (integeri)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1283 +#: sssd.conf.5.xml:1284 msgid "" "Size (in megabytes) of the data table allocated inside fast in-memory cache " "for initgroups requests. Setting the size to 0 will disable the initgroups " @@ -1570,14 +1570,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1305 +#: sssd.conf.5.xml:1306 #, fuzzy #| msgid "memcache_size_passwd (integer)" msgid "memcache_size_sid (integer)" msgstr "memcache_size_passwd (integeri)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1308 +#: sssd.conf.5.xml:1309 msgid "" "Size (in megabytes) of the data table allocated inside fast in-memory cache " "for SID related requests. Only SID-by-ID and ID-by-SID requests are " @@ -1586,12 +1586,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1332 sssd-ifp.5.xml:90 +#: sssd.conf.5.xml:1333 sssd-ifp.5.xml:90 msgid "user_attributes (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1335 +#: sssd.conf.5.xml:1336 msgid "" "Some of the additional NSS responder requests can return more attributes " "than just the POSIX ones defined by the NSS interface. The list of " @@ -1602,43 +1602,43 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1348 +#: sssd.conf.5.xml:1349 msgid "" "To make configuration more easy the NSS responder will check the InfoPipe " "option if it is not set for the NSS responder." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1353 +#: sssd.conf.5.xml:1354 msgid "Default: not set, fallback to InfoPipe option" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1358 +#: sssd.conf.5.xml:1359 msgid "pwfield (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1361 +#: sssd.conf.5.xml:1362 msgid "" "The value that NSS operations that return users or groups will return for " "the <quote>password</quote> field." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1366 +#: sssd.conf.5.xml:1367 msgid "Default: <quote>*</quote>" msgstr "Oletus: <quote>*</quote>" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1369 +#: sssd.conf.5.xml:1370 msgid "" "Note: This option can also be set per-domain which overwrites the value in " "[nss] section." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1373 +#: sssd.conf.5.xml:1374 msgid "" "Default: <quote>not set</quote> (remote domains), <phrase " "condition=\"with_files_provider\"> <quote>x</quote> (the files domain), </" @@ -1647,60 +1647,60 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:1385 +#: sssd.conf.5.xml:1386 msgid "PAM configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:1387 +#: sssd.conf.5.xml:1388 msgid "" "These options can be used to configure the Pluggable Authentication Module " "(PAM) service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1392 +#: sssd.conf.5.xml:1393 msgid "offline_credentials_expiration (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1395 +#: sssd.conf.5.xml:1396 msgid "" "If the authentication provider is offline, how long should we allow cached " "logins (in days since the last successful online login)." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1400 sssd.conf.5.xml:1413 +#: sssd.conf.5.xml:1401 sssd.conf.5.xml:1414 msgid "Default: 0 (No limit)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1406 +#: sssd.conf.5.xml:1407 msgid "offline_failed_login_attempts (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1409 +#: sssd.conf.5.xml:1410 msgid "" "If the authentication provider is offline, how many failed login attempts " "are allowed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1419 +#: sssd.conf.5.xml:1420 msgid "offline_failed_login_delay (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1422 +#: sssd.conf.5.xml:1423 msgid "" "The time in minutes which has to pass after offline_failed_login_attempts " "has been reached before a new login attempt is possible." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1427 +#: sssd.conf.5.xml:1428 msgid "" "If set to 0 the user cannot authenticate offline if " "offline_failed_login_attempts has been reached. Only a successful online " @@ -1708,59 +1708,59 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1433 sssd.conf.5.xml:1543 +#: sssd.conf.5.xml:1434 sssd.conf.5.xml:1544 msgid "Default: 5" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1439 +#: sssd.conf.5.xml:1440 msgid "pam_verbosity (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1442 +#: sssd.conf.5.xml:1443 msgid "" "Controls what kind of messages are shown to the user during authentication. " "The higher the number to more messages are displayed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1447 +#: sssd.conf.5.xml:1448 msgid "Currently sssd supports the following values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1450 +#: sssd.conf.5.xml:1451 msgid "<emphasis>0</emphasis>: do not show any message" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1453 +#: sssd.conf.5.xml:1454 msgid "<emphasis>1</emphasis>: show only important messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1457 +#: sssd.conf.5.xml:1458 msgid "<emphasis>2</emphasis>: show informational messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1460 +#: sssd.conf.5.xml:1461 msgid "<emphasis>3</emphasis>: show all messages and debug information" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1464 sssd.8.xml:63 +#: sssd.conf.5.xml:1465 sssd.8.xml:63 msgid "Default: 1" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1470 +#: sssd.conf.5.xml:1471 msgid "pam_response_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1473 +#: sssd.conf.5.xml:1474 msgid "" "A comma separated list of strings which allows to remove (filter) data sent " "by the PAM responder to pam_sss PAM module. There are different kind of " @@ -1769,51 +1769,51 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1481 +#: sssd.conf.5.xml:1482 msgid "" "While messages already can be controlled with the help of the pam_verbosity " "option this option allows to filter out other kind of responses as well." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1488 +#: sssd.conf.5.xml:1489 msgid "ENV" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1489 +#: sssd.conf.5.xml:1490 msgid "Do not send any environment variables to any service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1492 +#: sssd.conf.5.xml:1493 msgid "ENV:var_name" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1493 +#: sssd.conf.5.xml:1494 msgid "Do not send environment variable var_name to any service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1497 +#: sssd.conf.5.xml:1498 msgid "ENV:var_name:service" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1498 +#: sssd.conf.5.xml:1499 msgid "Do not send environment variable var_name to service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1486 +#: sssd.conf.5.xml:1487 msgid "" "Currently the following filters are supported: <placeholder " "type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1505 +#: sssd.conf.5.xml:1506 msgid "" "The list of strings can either be the list of filters which would set this " "list of filters and overwrite the defaults. Or each element of the list can " @@ -1824,23 +1824,23 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1516 +#: sssd.conf.5.xml:1517 msgid "Default: ENV:KRB5CCNAME:sudo, ENV:KRB5CCNAME:sudo-i" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1519 +#: sssd.conf.5.xml:1520 msgid "" "Example: -ENV:KRB5CCNAME:sudo-i will remove the filter from the default list" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1526 +#: sssd.conf.5.xml:1527 msgid "pam_id_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1529 +#: sssd.conf.5.xml:1530 msgid "" "For any PAM request while SSSD is online, the SSSD will attempt to " "immediately update the cached identity information for the user in order to " @@ -1848,7 +1848,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1535 +#: sssd.conf.5.xml:1536 msgid "" "A complete PAM conversation may perform multiple PAM requests, such as " "account management and session opening. This option controls (on a per-" @@ -1857,17 +1857,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1549 +#: sssd.conf.5.xml:1550 msgid "pam_pwd_expiration_warning (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1552 sssd.conf.5.xml:2987 +#: sssd.conf.5.xml:1553 sssd.conf.5.xml:2988 msgid "Display a warning N days before the password expires." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1555 +#: sssd.conf.5.xml:1556 msgid "" "Please note that the backend server has to provide information about the " "expiration time of the password. If this information is missing, sssd " @@ -1875,31 +1875,31 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1561 sssd.conf.5.xml:2990 +#: sssd.conf.5.xml:1562 sssd.conf.5.xml:2991 msgid "" "If zero is set, then this filter is not applied, i.e. if the expiration " "warning was received from backend server, it will automatically be displayed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1566 +#: sssd.conf.5.xml:1567 msgid "" "This setting can be overridden by setting <emphasis>pwd_expiration_warning</" "emphasis> for a particular domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1571 sssd.conf.5.xml:3976 sssd-ldap.5.xml:606 sssd.8.xml:79 +#: sssd.conf.5.xml:1572 sssd.conf.5.xml:3977 sssd-ldap.5.xml:606 sssd.8.xml:79 msgid "Default: 0" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1588 +#: sssd.conf.5.xml:1589 msgid "pam_trusted_users (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1591 +#: sssd.conf.5.xml:1592 msgid "" "Specifies the comma-separated list of UID values or user names that are " "allowed to run PAM conversations against trusted domains. Users not " @@ -1909,75 +1909,75 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1601 +#: sssd.conf.5.xml:1602 msgid "Default: All users are considered trusted by default" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1605 +#: sssd.conf.5.xml:1606 msgid "" "Please note that UID 0 is always allowed to access the PAM responder even in " "case it is not in the pam_trusted_users list." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1612 +#: sssd.conf.5.xml:1613 msgid "pam_public_domains (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1615 +#: sssd.conf.5.xml:1616 msgid "" "Specifies the comma-separated list of domain names that are accessible even " "to untrusted users." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1619 +#: sssd.conf.5.xml:1620 msgid "Two special values for pam_public_domains option are defined:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1623 +#: sssd.conf.5.xml:1624 msgid "" "all (Untrusted users are allowed to access all domains in PAM responder.)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1627 +#: sssd.conf.5.xml:1628 msgid "" "none (Untrusted users are not allowed to access any domains PAM in " "responder.)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1631 sssd.conf.5.xml:1656 sssd.conf.5.xml:1675 -#: sssd.conf.5.xml:1912 sssd.conf.5.xml:2732 sssd.conf.5.xml:3905 +#: sssd.conf.5.xml:1632 sssd.conf.5.xml:1657 sssd.conf.5.xml:1676 +#: sssd.conf.5.xml:1913 sssd.conf.5.xml:2733 sssd.conf.5.xml:3906 #: sssd-ldap.5.xml:1207 msgid "Default: none" msgstr "Oletus: ei mitään" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1636 +#: sssd.conf.5.xml:1637 msgid "pam_account_expired_message (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1639 +#: sssd.conf.5.xml:1640 msgid "" "Allows a custom expiration message to be set, replacing the default " "'Permission denied' message." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1644 +#: sssd.conf.5.xml:1645 msgid "" "Note: Please be aware that message is only printed for the SSH service " "unless pam_verbosity is set to 3 (show all messages and debug information)." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1652 +#: sssd.conf.5.xml:1653 #, no-wrap msgid "" "pam_account_expired_message = Account expired, please contact help desk.\n" @@ -1985,19 +1985,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1661 +#: sssd.conf.5.xml:1662 msgid "pam_account_locked_message (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1664 +#: sssd.conf.5.xml:1665 msgid "" "Allows a custom lockout message to be set, replacing the default 'Permission " "denied' message." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1671 +#: sssd.conf.5.xml:1672 #, no-wrap msgid "" "pam_account_locked_message = Account locked, please contact help desk.\n" @@ -2005,17 +2005,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1680 +#: sssd.conf.5.xml:1681 msgid "pam_passkey_auth (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1683 +#: sssd.conf.5.xml:1684 msgid "Enable passkey device based authentication." msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1686 sssd.conf.5.xml:1697 sssd.conf.5.xml:1711 +#: sssd.conf.5.xml:1687 sssd.conf.5.xml:1698 sssd.conf.5.xml:1712 #: sssd-ldap.5.xml:671 sssd-ldap.5.xml:692 sssd-ldap.5.xml:788 #: sssd-ldap.5.xml:1293 sssd-ad.5.xml:505 sssd-ad.5.xml:581 sssd-ad.5.xml:1126 #: sssd-ad.5.xml:1175 include/ldap_id_mapping.xml:250 @@ -2023,22 +2023,22 @@ msgid "Default: False" msgstr "Oletus:epätosi" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1691 +#: sssd.conf.5.xml:1692 msgid "passkey_debug_libfido2 (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1694 +#: sssd.conf.5.xml:1695 msgid "Enable libfido2 library debug messages." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1702 +#: sssd.conf.5.xml:1703 msgid "pam_cert_auth (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1705 +#: sssd.conf.5.xml:1706 msgid "" "Enable certificate based Smartcard authentication. Since this requires " "additional communication with the Smartcard which will delay the " @@ -2046,34 +2046,34 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1716 +#: sssd.conf.5.xml:1717 msgid "pam_cert_db_path (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1719 +#: sssd.conf.5.xml:1720 msgid "The path to the certificate database." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1722 sssd.conf.5.xml:2247 sssd.conf.5.xml:4308 +#: sssd.conf.5.xml:1723 sssd.conf.5.xml:2248 sssd.conf.5.xml:4354 msgid "Default:" msgstr "Oletus:" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1724 sssd.conf.5.xml:2249 +#: sssd.conf.5.xml:1725 sssd.conf.5.xml:2250 msgid "" "/etc/sssd/pki/sssd_auth_ca_db.pem (path to a file with trusted CA " "certificates in PEM format)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1734 +#: sssd.conf.5.xml:1735 msgid "pam_cert_verification (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1737 +#: sssd.conf.5.xml:1738 msgid "" "With this parameter the PAM certificate verification can be tuned with a " "comma separated list of options that override the " @@ -2083,7 +2083,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1748 +#: sssd.conf.5.xml:1749 #, no-wrap msgid "" "pam_cert_verification = partial_chain\n" @@ -2093,61 +2093,61 @@ msgstr "" " " #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1752 +#: sssd.conf.5.xml:1753 msgid "" "Default: not set, i.e. use default <quote>certificate_verification</quote> " "option defined in <quote>[sssd]</quote> section." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1759 +#: sssd.conf.5.xml:1760 msgid "p11_child_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1762 +#: sssd.conf.5.xml:1763 msgid "How many seconds will pam_sss wait for p11_child to finish." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1771 +#: sssd.conf.5.xml:1772 #, fuzzy #| msgid "entry_cache_timeout (integer)" msgid "passkey_child_timeout (integer)" msgstr "entry_cache_timeout (integeri)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1774 +#: sssd.conf.5.xml:1775 msgid "" "How many seconds will the PAM responder wait for passkey_child to finish." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1783 +#: sssd.conf.5.xml:1784 msgid "pam_app_services (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1786 +#: sssd.conf.5.xml:1787 msgid "" "Which PAM services are permitted to contact domains of type " "<quote>application</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1795 +#: sssd.conf.5.xml:1796 msgid "pam_p11_allowed_services (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1798 +#: sssd.conf.5.xml:1799 msgid "" "A comma-separated list of PAM service names for which it will be allowed to " "use Smartcards." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1813 +#: sssd.conf.5.xml:1814 #, no-wrap msgid "" "pam_p11_allowed_services = +my_pam_service, -login\n" @@ -2155,7 +2155,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1802 +#: sssd.conf.5.xml:1803 msgid "" "It is possible to add another PAM service name to the default set by using " "<quote>+service_name</quote> or to explicitly remove a PAM service name from " @@ -2167,63 +2167,63 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1817 sssd-ad.5.xml:644 sssd-ad.5.xml:753 sssd-ad.5.xml:811 +#: sssd.conf.5.xml:1818 sssd-ad.5.xml:644 sssd-ad.5.xml:753 sssd-ad.5.xml:811 #: sssd-ad.5.xml:869 sssd-ad.5.xml:947 msgid "Default: the default set of PAM service names includes:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1822 sssd-ad.5.xml:648 +#: sssd.conf.5.xml:1823 sssd-ad.5.xml:648 msgid "login" msgstr "kirjautuminen" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1827 sssd-ad.5.xml:653 +#: sssd.conf.5.xml:1828 sssd-ad.5.xml:653 msgid "su" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1832 sssd-ad.5.xml:658 +#: sssd.conf.5.xml:1833 sssd-ad.5.xml:658 msgid "su-l" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1837 sssd-ad.5.xml:673 +#: sssd.conf.5.xml:1838 sssd-ad.5.xml:673 msgid "gdm-smartcard" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1842 sssd-ad.5.xml:668 +#: sssd.conf.5.xml:1843 sssd-ad.5.xml:668 msgid "gdm-password" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1847 sssd-ad.5.xml:678 +#: sssd.conf.5.xml:1848 sssd-ad.5.xml:678 msgid "kdm" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1852 sssd-ad.5.xml:956 +#: sssd.conf.5.xml:1853 sssd-ad.5.xml:956 msgid "sudo" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1857 sssd-ad.5.xml:961 +#: sssd.conf.5.xml:1858 sssd-ad.5.xml:961 msgid "sudo-i" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1862 +#: sssd.conf.5.xml:1863 msgid "gnome-screensaver" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1870 +#: sssd.conf.5.xml:1871 msgid "p11_wait_for_card_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1873 +#: sssd.conf.5.xml:1874 msgid "" "If Smartcard authentication is required how many extra seconds in addition " "to p11_child_timeout should the PAM responder wait until a Smartcard is " @@ -2231,12 +2231,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1884 +#: sssd.conf.5.xml:1885 msgid "p11_uri (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1887 +#: sssd.conf.5.xml:1888 msgid "" "PKCS#11 URI (see RFC-7512 for details) which can be used to restrict the " "selection of devices used for Smartcard authentication. By default SSSD's " @@ -2247,7 +2247,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1900 +#: sssd.conf.5.xml:1901 #, no-wrap msgid "" "p11_uri = pkcs11:slot-description=My%20Smartcard%20Reader\n" @@ -2255,7 +2255,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1904 +#: sssd.conf.5.xml:1905 #, no-wrap msgid "" "p11_uri = pkcs11:library-description=OpenSC%20smartcard%20framework;slot-id=2\n" @@ -2263,7 +2263,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1898 +#: sssd.conf.5.xml:1899 msgid "" "Example: <placeholder type=\"programlisting\" id=\"0\"/> or <placeholder " "type=\"programlisting\" id=\"1\"/> To find suitable URI please check the " @@ -2272,47 +2272,47 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1917 +#: sssd.conf.5.xml:1918 msgid "pam_initgroups_scheme" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1925 +#: sssd.conf.5.xml:1926 msgid "always" msgstr "aina" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1926 +#: sssd.conf.5.xml:1927 msgid "" "Always do an online lookup, please note that pam_id_timeout still applies" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1930 +#: sssd.conf.5.xml:1931 msgid "no_session" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1931 +#: sssd.conf.5.xml:1932 msgid "" "Only do an online lookup if there is no active session of the user, i.e. if " "the user is currently not logged in" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1936 +#: sssd.conf.5.xml:1937 msgid "never" msgstr "Ei koskaan" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1937 +#: sssd.conf.5.xml:1938 msgid "" "Never force an online lookup, use the data from the cache as long as they " "are not expired" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1920 +#: sssd.conf.5.xml:1921 msgid "" "The PAM responder can force an online lookup to get the current group " "memberships of the user trying to log in. This option controls when this " @@ -2321,30 +2321,30 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1944 +#: sssd.conf.5.xml:1945 msgid "Default: no_session" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1949 sssd.conf.5.xml:4247 +#: sssd.conf.5.xml:1950 sssd.conf.5.xml:4293 msgid "pam_gssapi_services" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1952 +#: sssd.conf.5.xml:1953 msgid "" "Comma separated list of PAM services that are allowed to try GSSAPI " "authentication using pam_sss_gss.so module." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1957 +#: sssd.conf.5.xml:1958 msgid "" "To disable GSSAPI authentication, set this option to <quote>-</quote> (dash)." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1961 sssd.conf.5.xml:1992 sssd.conf.5.xml:2030 +#: sssd.conf.5.xml:1962 sssd.conf.5.xml:1993 sssd.conf.5.xml:2031 msgid "" "Note: This option can also be set per-domain which overwrites the value in " "[pam] section. It can also be set for trusted domain which overwrites the " @@ -2352,7 +2352,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1969 +#: sssd.conf.5.xml:1970 #, no-wrap msgid "" "pam_gssapi_services = sudo, sudo-i\n" @@ -2362,22 +2362,22 @@ msgstr "" " " #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1967 sssd.conf.5.xml:3899 +#: sssd.conf.5.xml:1968 sssd.conf.5.xml:3900 msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>" msgstr "Esimerkki: <placeholder type=\"programlisting\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1973 +#: sssd.conf.5.xml:1974 msgid "Default: - (GSSAPI authentication is disabled)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1978 sssd.conf.5.xml:4248 +#: sssd.conf.5.xml:1979 sssd.conf.5.xml:4294 msgid "pam_gssapi_check_upn" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1981 +#: sssd.conf.5.xml:1982 msgid "" "If True, SSSD will require that the Kerberos user principal that " "successfully authenticated through GSSAPI can be associated with the user " @@ -2385,25 +2385,25 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1988 +#: sssd.conf.5.xml:1989 msgid "" "If False, every user that is able to obtained required service ticket will " "be authenticated." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1998 sssd-ad.5.xml:1266 sss_rpcidmapd.5.xml:76 +#: sssd.conf.5.xml:1999 sssd-ad.5.xml:1266 sss_rpcidmapd.5.xml:76 #: sssd-files.5.xml:145 msgid "Default: True" msgstr "Oletus:tosi" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2003 +#: sssd.conf.5.xml:2004 msgid "pam_gssapi_indicators_map" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2006 +#: sssd.conf.5.xml:2007 msgid "" "Comma separated list of authentication indicators required to be present in " "a Kerberos ticket to access a PAM service that is allowed to try GSSAPI " @@ -2411,7 +2411,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2012 +#: sssd.conf.5.xml:2013 msgid "" "Each element of the list can be either an authentication indicator name or a " "pair <quote>service:indicator</quote>. Indicators not prefixed with the PAM " @@ -2426,7 +2426,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2025 +#: sssd.conf.5.xml:2026 msgid "" "To disable GSSAPI authentication indicator check, set this option to <quote>-" "</quote> (dash). To disable the check for a specific PAM service, add " @@ -2434,45 +2434,45 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2036 +#: sssd.conf.5.xml:2037 msgid "" "Following authentication indicators are supported by IPA Kerberos " "deployments:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2039 +#: sssd.conf.5.xml:2040 msgid "" "pkinit -- pre-authentication using X.509 certificates -- whether stored in " "files or on smart cards." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2042 +#: sssd.conf.5.xml:2043 msgid "" "hardened -- SPAKE pre-authentication or any pre-authentication wrapped in a " "FAST channel." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2045 +#: sssd.conf.5.xml:2046 msgid "radius -- pre-authentication with the help of a RADIUS server." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2048 +#: sssd.conf.5.xml:2049 msgid "" "otp -- pre-authentication using integrated two-factor authentication (2FA or " "one-time password, OTP) in IPA." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2051 +#: sssd.conf.5.xml:2052 msgid "idp -- pre-authentication using external identity provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:2061 +#: sssd.conf.5.xml:2062 #, no-wrap msgid "" "pam_gssapi_indicators_map = sudo:pkinit, sudo-i:pkinit\n" @@ -2480,7 +2480,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2056 +#: sssd.conf.5.xml:2057 msgid "" "Example: to require access to SUDO services only for users which obtained " "their Kerberos tickets with a X.509 certificate pre-authentication (PKINIT), " @@ -2488,17 +2488,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2065 +#: sssd.conf.5.xml:2066 msgid "Default: not set (use of authentication indicators is not required)" msgstr "Oletus: ei asetettu(todennusindikaattoreiden käyttöä ei vaadita)" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:2073 +#: sssd.conf.5.xml:2074 msgid "SUDO configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2075 +#: sssd.conf.5.xml:2076 msgid "" "These options can be used to configure the sudo service. The detailed " "instructions for configuration of <citerefentry> <refentrytitle>sudo</" @@ -2509,24 +2509,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2092 +#: sssd.conf.5.xml:2093 msgid "sudo_timed (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2095 +#: sssd.conf.5.xml:2096 msgid "" "Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes " "that implement time-dependent sudoers entries." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2107 +#: sssd.conf.5.xml:2108 msgid "sudo_threshold (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2110 +#: sssd.conf.5.xml:2111 msgid "" "Maximum number of expired rules that can be refreshed at once. If number of " "expired rules is below threshold, those rules are refreshed with " @@ -2536,22 +2536,22 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:2129 +#: sssd.conf.5.xml:2130 msgid "AUTOFS configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2131 +#: sssd.conf.5.xml:2132 msgid "These options can be used to configure the autofs service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2135 +#: sssd.conf.5.xml:2136 msgid "autofs_negative_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2138 +#: sssd.conf.5.xml:2139 msgid "" "Specifies for how many seconds should the autofs responder negative cache " "hits (that is, queries for invalid map entries, like nonexistent ones) " @@ -2559,51 +2559,51 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:2154 +#: sssd.conf.5.xml:2155 msgid "SSH configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2156 +#: sssd.conf.5.xml:2157 msgid "These options can be used to configure the SSH service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2160 +#: sssd.conf.5.xml:2161 msgid "ssh_hash_known_hosts (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2163 +#: sssd.conf.5.xml:2164 msgid "" "Whether or not to hash host names and addresses in the managed known_hosts " "file." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2172 +#: sssd.conf.5.xml:2173 msgid "ssh_known_hosts_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2175 +#: sssd.conf.5.xml:2176 msgid "" "How many seconds to keep a host in the managed known_hosts file after its " "host keys were requested." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2179 +#: sssd.conf.5.xml:2180 msgid "Default: 180" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2184 +#: sssd.conf.5.xml:2185 msgid "ssh_use_certificate_keys (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2187 +#: sssd.conf.5.xml:2188 msgid "" "If set to true the <command>sss_ssh_authorizedkeys</command> will return ssh " "keys derived from the public key of X.509 certificates stored in the user " @@ -2612,12 +2612,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2202 +#: sssd.conf.5.xml:2203 msgid "ssh_use_certificate_matching_rules (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2205 +#: sssd.conf.5.xml:2206 msgid "" "By default the ssh responder will use all available certificate matching " "rules to filter the certificates so that ssh keys are only derived from the " @@ -2627,7 +2627,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2214 +#: sssd.conf.5.xml:2215 msgid "" "There are two special key words 'all_rules' and 'no_rules' which will enable " "all or no rules, respectively. The latter means that no certificates will be " @@ -2635,7 +2635,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2221 +#: sssd.conf.5.xml:2222 msgid "" "If no rules are configured using 'all_rules' will enable a default rule " "which enables all certificates suitable for client authentication. This is " @@ -2644,38 +2644,38 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2228 +#: sssd.conf.5.xml:2229 msgid "" "A non-existing rule name is considered an error. If as a result no rule is " "selected all certificates will be ignored." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2233 +#: sssd.conf.5.xml:2234 msgid "" "Default: not set, equivalent to 'all_rules', all found rules or the default " "rule are used" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2239 +#: sssd.conf.5.xml:2240 msgid "ca_db (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2242 +#: sssd.conf.5.xml:2243 msgid "" "Path to a storage of trusted CA certificates. The option is used to validate " "user certificates before deriving public ssh keys from them." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:2262 +#: sssd.conf.5.xml:2263 msgid "PAC responder configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2264 +#: sssd.conf.5.xml:2265 msgid "" "The PAC responder works together with the authorization data plugin for MIT " "Kerberos sssd_pac_plugin.so and a sub-domain provider. The plugin sends the " @@ -2686,7 +2686,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2273 +#: sssd.conf.5.xml:2274 msgid "" "If the remote user does not exist in the cache, it is created. The UID is " "determined with the help of the SID, trusted domains will have UPGs and the " @@ -2697,24 +2697,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2281 +#: sssd.conf.5.xml:2282 msgid "" "If there are SIDs of groups from domains sssd knows about, the user will be " "added to those groups." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2287 +#: sssd.conf.5.xml:2288 msgid "These options can be used to configure the PAC responder." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2291 sssd-ifp.5.xml:66 +#: sssd.conf.5.xml:2292 sssd-ifp.5.xml:66 msgid "allowed_uids (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2294 +#: sssd.conf.5.xml:2295 msgid "" "Specifies the comma-separated list of UID values or user names that are " "allowed to access the PAC responder. User names are resolved to UIDs at " @@ -2722,12 +2722,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2300 +#: sssd.conf.5.xml:2301 msgid "Default: 0 (only the root user is allowed to access the PAC responder)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2304 +#: sssd.conf.5.xml:2305 msgid "" "Please note that although the UID 0 is used as the default it will be " "overwritten with this option. If you still want to allow the root user to " @@ -2736,24 +2736,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2313 +#: sssd.conf.5.xml:2314 msgid "pac_lifetime (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2316 +#: sssd.conf.5.xml:2317 msgid "" "Lifetime of the PAC entry in seconds. As long as the PAC is valid the PAC " "data can be used to determine the group memberships of a user." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2326 +#: sssd.conf.5.xml:2327 msgid "pac_check (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2329 +#: sssd.conf.5.xml:2330 msgid "" "Apply additional checks on the PAC of the Kerberos ticket which is available " "in Active Directory and FreeIPA domains, if configured. Please note that " @@ -2764,26 +2764,26 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2343 +#: sssd.conf.5.xml:2344 msgid "no_check" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2345 +#: sssd.conf.5.xml:2346 msgid "" "The PAC must not be present and even if it is present no additional checks " "will be done." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2351 +#: sssd.conf.5.xml:2352 #, fuzzy #| msgid "present" msgid "pac_present" msgstr "nykyinen" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2353 +#: sssd.conf.5.xml:2354 msgid "" "The PAC must be present in the service ticket which SSSD will request with " "the help of the user's TGT. If the PAC is not available the authentication " @@ -2791,24 +2791,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2361 +#: sssd.conf.5.xml:2362 msgid "check_upn" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2363 +#: sssd.conf.5.xml:2364 msgid "" "If the PAC is present check if the user principal name (UPN) information is " "consistent." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2369 +#: sssd.conf.5.xml:2370 msgid "check_upn_allow_missing" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2371 +#: sssd.conf.5.xml:2372 msgid "" "This option should be used together with 'check_upn' and handles the case " "where a UPN is set on the server-side but is not read by SSSD. The typical " @@ -2820,7 +2820,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2383 +#: sssd.conf.5.xml:2384 msgid "" "Currently this option is set by default to avoid regressions in such " "environments. A log message will be added to the system log and SSSD's debug " @@ -2831,60 +2831,60 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2397 +#: sssd.conf.5.xml:2398 msgid "upn_dns_info_present" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2399 +#: sssd.conf.5.xml:2400 msgid "The PAC must contain the UPN-DNS-INFO buffer, implies 'check_upn'." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2404 +#: sssd.conf.5.xml:2405 msgid "check_upn_dns_info_ex" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2406 +#: sssd.conf.5.xml:2407 msgid "" "If the PAC is present and the extension to the UPN-DNS-INFO buffer is " "available check if the information in the extension is consistent." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2413 +#: sssd.conf.5.xml:2414 msgid "upn_dns_info_ex_present" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2415 +#: sssd.conf.5.xml:2416 msgid "" "The PAC must contain the extension of the UPN-DNS-INFO buffer, implies " "'check_upn_dns_info_ex', 'upn_dns_info_present' and 'check_upn'." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2339 +#: sssd.conf.5.xml:2340 msgid "" "The following options can be used alone or in a comma-separated list: " "<placeholder type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2425 +#: sssd.conf.5.xml:2426 msgid "" "Default: no_check (AD and IPA provider 'check_upn, check_upn_allow_missing, " "check_upn_dns_info_ex')" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:2434 +#: sssd.conf.5.xml:2435 msgid "Session recording configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2436 +#: sssd.conf.5.xml:2437 msgid "" "Session recording works in conjunction with <citerefentry> " "<refentrytitle>tlog-rec-session</refentrytitle> <manvolnum>8</manvolnum> </" @@ -2894,66 +2894,66 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2449 +#: sssd.conf.5.xml:2450 msgid "These options can be used to configure session recording." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2453 sssd-session-recording.5.xml:64 +#: sssd.conf.5.xml:2454 sssd-session-recording.5.xml:64 msgid "scope (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2460 sssd-session-recording.5.xml:71 +#: sssd.conf.5.xml:2461 sssd-session-recording.5.xml:71 msgid "\"none\"" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2463 sssd-session-recording.5.xml:74 +#: sssd.conf.5.xml:2464 sssd-session-recording.5.xml:74 msgid "No users are recorded." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2468 sssd-session-recording.5.xml:79 +#: sssd.conf.5.xml:2469 sssd-session-recording.5.xml:79 msgid "\"some\"" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2471 sssd-session-recording.5.xml:82 +#: sssd.conf.5.xml:2472 sssd-session-recording.5.xml:82 msgid "" "Users/groups specified by <replaceable>users</replaceable> and " "<replaceable>groups</replaceable> options are recorded." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2480 sssd-session-recording.5.xml:91 +#: sssd.conf.5.xml:2481 sssd-session-recording.5.xml:91 msgid "\"all\"" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2483 sssd-session-recording.5.xml:94 +#: sssd.conf.5.xml:2484 sssd-session-recording.5.xml:94 msgid "All users are recorded." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2456 sssd-session-recording.5.xml:67 +#: sssd.conf.5.xml:2457 sssd-session-recording.5.xml:67 msgid "" "One of the following strings specifying the scope of session recording: " "<placeholder type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2490 sssd-session-recording.5.xml:101 +#: sssd.conf.5.xml:2491 sssd-session-recording.5.xml:101 msgid "Default: \"none\"" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2495 sssd-session-recording.5.xml:106 +#: sssd.conf.5.xml:2496 sssd-session-recording.5.xml:106 msgid "users (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2498 sssd-session-recording.5.xml:109 +#: sssd.conf.5.xml:2499 sssd-session-recording.5.xml:109 msgid "" "A comma-separated list of users which should have session recording enabled. " "Matches user names as returned by NSS. I.e. after the possible space " @@ -2961,17 +2961,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2504 sssd-session-recording.5.xml:115 +#: sssd.conf.5.xml:2505 sssd-session-recording.5.xml:115 msgid "Default: Empty. Matches no users." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2509 sssd-session-recording.5.xml:120 +#: sssd.conf.5.xml:2510 sssd-session-recording.5.xml:120 msgid "groups (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2512 sssd-session-recording.5.xml:123 +#: sssd.conf.5.xml:2513 sssd-session-recording.5.xml:123 msgid "" "A comma-separated list of groups, members of which should have session " "recording enabled. Matches group names as returned by NSS. I.e. after the " @@ -2979,7 +2979,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2518 sssd.conf.5.xml:2550 sssd-session-recording.5.xml:129 +#: sssd.conf.5.xml:2519 sssd.conf.5.xml:2551 sssd-session-recording.5.xml:129 #: sssd-session-recording.5.xml:161 msgid "" "NOTE: using this option (having it set to anything) has a considerable " @@ -2988,56 +2988,56 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2525 sssd-session-recording.5.xml:136 +#: sssd.conf.5.xml:2526 sssd-session-recording.5.xml:136 msgid "Default: Empty. Matches no groups." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2530 sssd-session-recording.5.xml:141 +#: sssd.conf.5.xml:2531 sssd-session-recording.5.xml:141 msgid "exclude_users (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2533 sssd-session-recording.5.xml:144 +#: sssd.conf.5.xml:2534 sssd-session-recording.5.xml:144 msgid "" "A comma-separated list of users to be excluded from recording, only " "applicable with 'scope=all'." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2537 sssd-session-recording.5.xml:148 +#: sssd.conf.5.xml:2538 sssd-session-recording.5.xml:148 msgid "Default: Empty. No users excluded." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2542 sssd-session-recording.5.xml:153 +#: sssd.conf.5.xml:2543 sssd-session-recording.5.xml:153 msgid "exclude_groups (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2545 sssd-session-recording.5.xml:156 +#: sssd.conf.5.xml:2546 sssd-session-recording.5.xml:156 msgid "" "A comma-separated list of groups, members of which should be excluded from " "recording. Only applicable with 'scope=all'." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2557 sssd-session-recording.5.xml:168 +#: sssd.conf.5.xml:2558 sssd-session-recording.5.xml:168 msgid "Default: Empty. No groups excluded." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:2567 +#: sssd.conf.5.xml:2568 msgid "DOMAIN SECTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2574 +#: sssd.conf.5.xml:2575 msgid "enabled" msgstr "käytössä" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2577 +#: sssd.conf.5.xml:2578 msgid "" "Explicitly enable or disable the domain. If <quote>true</quote>, the domain " "is always <quote>enabled</quote>. If <quote>false</quote>, the domain is " @@ -3047,12 +3047,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2589 +#: sssd.conf.5.xml:2590 msgid "domain_type (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2592 +#: sssd.conf.5.xml:2593 msgid "" "Specifies whether the domain is meant to be used by POSIX-aware clients such " "as the Name Service Switch or by applications that do not need POSIX data to " @@ -3061,14 +3061,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2600 +#: sssd.conf.5.xml:2601 msgid "" "Allowed values for this option are <quote>posix</quote> and " "<quote>application</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2604 +#: sssd.conf.5.xml:2605 msgid "" "POSIX domains are reachable by all services. Application domains are only " "reachable from the InfoPipe responder (see <citerefentry> " @@ -3077,38 +3077,38 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2612 +#: sssd.conf.5.xml:2613 msgid "" "NOTE: The application domains are currently well tested with " "<quote>id_provider=ldap</quote> only." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2616 +#: sssd.conf.5.xml:2617 msgid "" "For an easy way to configure a non-POSIX domains, please see the " "<quote>Application domains</quote> section." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2620 +#: sssd.conf.5.xml:2621 msgid "Default: posix" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2626 +#: sssd.conf.5.xml:2627 msgid "min_id,max_id (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2629 +#: sssd.conf.5.xml:2630 msgid "" "UID and GID limits for the domain. If a domain contains an entry that is " "outside these limits, it is ignored." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2634 +#: sssd.conf.5.xml:2635 msgid "" "For users, this affects the primary GID limit. The user will not be returned " "to NSS if either the UID or the primary GID is outside the range. For non-" @@ -3117,24 +3117,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2641 +#: sssd.conf.5.xml:2642 msgid "" "These ID limits affect even saving entries to cache, not only returning them " "by name or ID." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2645 +#: sssd.conf.5.xml:2646 msgid "Default: 1 for min_id, 0 (no limit) for max_id" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2651 +#: sssd.conf.5.xml:2652 msgid "enumerate (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2654 +#: sssd.conf.5.xml:2655 msgid "" "Determines if a domain can be enumerated, that is, whether the domain can " "list all the users and group it contains. Note that it is not required to " @@ -3143,29 +3143,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2662 +#: sssd.conf.5.xml:2663 msgid "TRUE = Users and groups are enumerated" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2665 +#: sssd.conf.5.xml:2666 msgid "FALSE = No enumerations for this domain" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2668 sssd.conf.5.xml:2942 sssd.conf.5.xml:3119 +#: sssd.conf.5.xml:2669 sssd.conf.5.xml:2943 sssd.conf.5.xml:3120 msgid "Default: FALSE" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2671 +#: sssd.conf.5.xml:2672 msgid "" "Enumerating a domain requires SSSD to download and store ALL user and group " "entries from the remote server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2676 +#: sssd.conf.5.xml:2677 msgid "" "Note: Enabling enumeration has a moderate performance impact on SSSD while " "enumeration is running. It may take up to several minutes after SSSD startup " @@ -3179,14 +3179,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2691 +#: sssd.conf.5.xml:2692 msgid "" "While the first enumeration is running, requests for the complete user or " "group lists may return no results until it completes." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2696 +#: sssd.conf.5.xml:2697 msgid "" "Further, enabling enumeration may increase the time necessary to detect " "network disconnection, as longer timeouts are required to ensure that " @@ -3195,39 +3195,39 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2704 +#: sssd.conf.5.xml:2705 msgid "" "For the reasons cited above, enabling enumeration is not recommended, " "especially in large environments." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2712 +#: sssd.conf.5.xml:2713 msgid "subdomain_enumerate (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2719 +#: sssd.conf.5.xml:2720 msgid "all" msgstr "kaikki" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2720 +#: sssd.conf.5.xml:2721 msgid "All discovered trusted domains will be enumerated" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2723 +#: sssd.conf.5.xml:2724 msgid "none" msgstr "Ei mitään" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2724 +#: sssd.conf.5.xml:2725 msgid "No discovered trusted domains will be enumerated" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2715 +#: sssd.conf.5.xml:2716 msgid "" "Whether any of autodetected trusted domains should be enumerated. The " "supported values are: <placeholder type=\"variablelist\" id=\"0\"/> " @@ -3236,19 +3236,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2738 +#: sssd.conf.5.xml:2739 msgid "entry_cache_timeout (integer)" msgstr "entry_cache_timeout (integeri)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2741 +#: sssd.conf.5.xml:2742 msgid "" "How many seconds should nss_sss consider entries valid before asking the " "backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2745 +#: sssd.conf.5.xml:2746 msgid "" "The cache expiration timestamps are stored as attributes of individual " "objects in the cache. Therefore, changing the cache timeout only has effect " @@ -3259,139 +3259,139 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2758 +#: sssd.conf.5.xml:2759 msgid "Default: 5400" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2764 +#: sssd.conf.5.xml:2765 msgid "entry_cache_user_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2767 +#: sssd.conf.5.xml:2768 msgid "" "How many seconds should nss_sss consider user entries valid before asking " "the backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2771 sssd.conf.5.xml:2784 sssd.conf.5.xml:2797 -#: sssd.conf.5.xml:2810 sssd.conf.5.xml:2824 sssd.conf.5.xml:2837 -#: sssd.conf.5.xml:2851 sssd.conf.5.xml:2865 sssd.conf.5.xml:2878 +#: sssd.conf.5.xml:2772 sssd.conf.5.xml:2785 sssd.conf.5.xml:2798 +#: sssd.conf.5.xml:2811 sssd.conf.5.xml:2825 sssd.conf.5.xml:2838 +#: sssd.conf.5.xml:2852 sssd.conf.5.xml:2866 sssd.conf.5.xml:2879 msgid "Default: entry_cache_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2777 +#: sssd.conf.5.xml:2778 msgid "entry_cache_group_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2780 +#: sssd.conf.5.xml:2781 msgid "" "How many seconds should nss_sss consider group entries valid before asking " "the backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2790 +#: sssd.conf.5.xml:2791 msgid "entry_cache_netgroup_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2793 +#: sssd.conf.5.xml:2794 msgid "" "How many seconds should nss_sss consider netgroup entries valid before " "asking the backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2803 +#: sssd.conf.5.xml:2804 msgid "entry_cache_service_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2806 +#: sssd.conf.5.xml:2807 msgid "" "How many seconds should nss_sss consider service entries valid before asking " "the backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2816 +#: sssd.conf.5.xml:2817 msgid "entry_cache_resolver_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2819 +#: sssd.conf.5.xml:2820 msgid "" "How many seconds should nss_sss consider hosts and networks entries valid " "before asking the backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2830 +#: sssd.conf.5.xml:2831 msgid "entry_cache_sudo_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2833 +#: sssd.conf.5.xml:2834 msgid "" "How many seconds should sudo consider rules valid before asking the backend " "again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2843 +#: sssd.conf.5.xml:2844 msgid "entry_cache_autofs_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2846 +#: sssd.conf.5.xml:2847 msgid "" "How many seconds should the autofs service consider automounter maps valid " "before asking the backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2857 +#: sssd.conf.5.xml:2858 msgid "entry_cache_ssh_host_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2860 +#: sssd.conf.5.xml:2861 msgid "" "How many seconds to keep a host ssh key after refresh. IE how long to cache " "the host key for." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2871 +#: sssd.conf.5.xml:2872 msgid "entry_cache_computer_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2874 +#: sssd.conf.5.xml:2875 msgid "" "How many seconds to keep the local computer entry before asking the backend " "again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2884 +#: sssd.conf.5.xml:2885 msgid "refresh_expired_interval (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2887 +#: sssd.conf.5.xml:2888 msgid "" "Specifies how many seconds SSSD has to wait before triggering a background " "refresh task which will refresh all expired or nearly expired records." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2892 +#: sssd.conf.5.xml:2893 msgid "" "The background refresh will process users, groups and netgroups in the " "cache. For users who have performed the initgroups (get group membership for " @@ -3400,17 +3400,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2900 +#: sssd.conf.5.xml:2901 msgid "This option is automatically inherited for all trusted domains." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2904 +#: sssd.conf.5.xml:2905 msgid "You can consider setting this value to 3/4 * entry_cache_timeout." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2908 +#: sssd.conf.5.xml:2909 msgid "" "Cache entry will be refreshed by background task when 2/3 of cache timeout " "has already passed. If there are existing cached entries, the background " @@ -3422,23 +3422,23 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2921 sssd-ldap.5.xml:360 sssd-ldap.5.xml:1736 +#: sssd.conf.5.xml:2922 sssd-ldap.5.xml:360 sssd-ldap.5.xml:1736 #: sssd-ipa.5.xml:270 msgid "Default: 0 (disabled)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2927 +#: sssd.conf.5.xml:2928 msgid "cache_credentials (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2930 +#: sssd.conf.5.xml:2931 msgid "Determines if user credentials are also cached in the local LDB cache." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2934 +#: sssd.conf.5.xml:2935 msgid "" "Take a note that while credentials are stored as a salted SHA512 hash, this " "still potentially poses some security risk in case an attacker manages to " @@ -3447,12 +3447,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2948 +#: sssd.conf.5.xml:2949 msgid "cache_credentials_minimal_first_factor_length (int)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2951 +#: sssd.conf.5.xml:2952 msgid "" "If 2-Factor-Authentication (2FA) is used and credentials should be saved " "this value determines the minimal length the first authentication factor " @@ -3460,19 +3460,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2958 +#: sssd.conf.5.xml:2959 msgid "" "This should avoid that the short PINs of a PIN based 2FA scheme are saved in " "the cache which would make them easy targets for brute-force attacks." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2969 +#: sssd.conf.5.xml:2970 msgid "account_cache_expiration (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2972 +#: sssd.conf.5.xml:2973 msgid "" "Number of days entries are left in cache after last successful login before " "being removed during a cleanup of the cache. 0 means keep forever. The " @@ -3481,17 +3481,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2979 +#: sssd.conf.5.xml:2980 msgid "Default: 0 (unlimited)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2984 +#: sssd.conf.5.xml:2985 msgid "pwd_expiration_warning (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2995 +#: sssd.conf.5.xml:2996 msgid "" "Please note that the backend server has to provide information about the " "expiration time of the password. If this information is missing, sssd " @@ -3500,28 +3500,28 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3002 +#: sssd.conf.5.xml:3003 msgid "Default: 7 (Kerberos), 0 (LDAP)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3008 +#: sssd.conf.5.xml:3009 msgid "id_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3011 +#: sssd.conf.5.xml:3012 msgid "" "The identification provider used for the domain. Supported ID providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3015 +#: sssd.conf.5.xml:3016 msgid "<quote>proxy</quote>: Support a legacy NSS provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3018 +#: sssd.conf.5.xml:3019 msgid "" "<quote>files</quote>: FILES provider. See <citerefentry> <refentrytitle>sssd-" "files</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more " @@ -3529,7 +3529,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3026 +#: sssd.conf.5.xml:3027 msgid "" "<quote>ldap</quote>: LDAP provider. See <citerefentry> <refentrytitle>sssd-" "ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more " @@ -3537,8 +3537,8 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3034 sssd.conf.5.xml:3145 sssd.conf.5.xml:3196 -#: sssd.conf.5.xml:3259 +#: sssd.conf.5.xml:3035 sssd.conf.5.xml:3146 sssd.conf.5.xml:3197 +#: sssd.conf.5.xml:3260 msgid "" "<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management " "provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> " @@ -3547,8 +3547,8 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3043 sssd.conf.5.xml:3154 sssd.conf.5.xml:3205 -#: sssd.conf.5.xml:3268 +#: sssd.conf.5.xml:3044 sssd.conf.5.xml:3155 sssd.conf.5.xml:3206 +#: sssd.conf.5.xml:3269 msgid "" "<quote>ad</quote>: Active Directory provider. See <citerefentry> " "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3556,19 +3556,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3054 +#: sssd.conf.5.xml:3055 msgid "use_fully_qualified_names (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3057 +#: sssd.conf.5.xml:3058 msgid "" "Use the full name and domain (as formatted by the domain's full_name_format) " "as the user's login name reported to NSS." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3062 +#: sssd.conf.5.xml:3063 msgid "" "If set to TRUE, all requests to this domain must use fully qualified names. " "For example, if used in LOCAL domain that contains a \"test\" user, " @@ -3577,7 +3577,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3070 +#: sssd.conf.5.xml:3071 msgid "" "NOTE: This option has no effect on netgroup lookups due to their tendency to " "include nested netgroups without qualified names. For netgroups, all domains " @@ -3585,24 +3585,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3077 +#: sssd.conf.5.xml:3078 msgid "" "Default: FALSE (TRUE for trusted domain/sub-domains or if " "default_domain_suffix is used)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3084 +#: sssd.conf.5.xml:3085 msgid "ignore_group_members (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3087 +#: sssd.conf.5.xml:3088 msgid "Do not return group members for group lookups." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3090 +#: sssd.conf.5.xml:3091 msgid "" "If set to TRUE, the group membership attribute is not requested from the " "ldap server, and group members are not returned when processing group lookup " @@ -3614,7 +3614,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3108 +#: sssd.conf.5.xml:3109 msgid "" "Enabling this option can also make access provider checks for group " "membership significantly faster, especially for groups containing many " @@ -3622,7 +3622,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3114 sssd.conf.5.xml:3821 sssd-ldap.5.xml:326 +#: sssd.conf.5.xml:3115 sssd.conf.5.xml:3822 sssd-ldap.5.xml:326 #: sssd-ldap.5.xml:355 sssd-ldap.5.xml:408 sssd-ldap.5.xml:468 #: sssd-ldap.5.xml:489 sssd-ldap.5.xml:520 sssd-ldap.5.xml:543 #: sssd-ldap.5.xml:582 sssd-ldap.5.xml:601 sssd-ldap.5.xml:625 @@ -3633,19 +3633,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3124 +#: sssd.conf.5.xml:3125 msgid "auth_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3127 +#: sssd.conf.5.xml:3128 msgid "" "The authentication provider used for the domain. Supported auth providers " "are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3131 sssd.conf.5.xml:3189 +#: sssd.conf.5.xml:3132 sssd.conf.5.xml:3190 msgid "" "<quote>ldap</quote> for native LDAP authentication. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3653,7 +3653,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3138 +#: sssd.conf.5.xml:3139 msgid "" "<quote>krb5</quote> for Kerberos authentication. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3661,30 +3661,30 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3162 +#: sssd.conf.5.xml:3163 msgid "" "<quote>proxy</quote> for relaying authentication to some other PAM target." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3165 +#: sssd.conf.5.xml:3166 msgid "<quote>none</quote> disables authentication explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3168 +#: sssd.conf.5.xml:3169 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can handle " "authentication requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3174 +#: sssd.conf.5.xml:3175 msgid "access_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3177 +#: sssd.conf.5.xml:3178 msgid "" "The access control provider used for the domain. There are two built-in " "access providers (in addition to any included in installed backends) " @@ -3692,19 +3692,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3183 +#: sssd.conf.5.xml:3184 msgid "" "<quote>permit</quote> always allow access. It's the only permitted access " "provider for a local domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3186 +#: sssd.conf.5.xml:3187 msgid "<quote>deny</quote> always deny access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3213 +#: sssd.conf.5.xml:3214 msgid "" "<quote>simple</quote> access control based on access or deny lists. See " "<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</" @@ -3713,7 +3713,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3220 +#: sssd.conf.5.xml:3221 msgid "" "<quote>krb5</quote>: .k5login based access control. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum></" @@ -3721,29 +3721,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3227 +#: sssd.conf.5.xml:3228 msgid "<quote>proxy</quote> for relaying access control to another PAM module." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3230 +#: sssd.conf.5.xml:3231 msgid "Default: <quote>permit</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3235 +#: sssd.conf.5.xml:3236 msgid "chpass_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3238 +#: sssd.conf.5.xml:3239 msgid "" "The provider which should handle change password operations for the domain. " "Supported change password providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3243 +#: sssd.conf.5.xml:3244 msgid "" "<quote>ldap</quote> to change a password stored in a LDAP server. See " "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" @@ -3751,7 +3751,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3251 +#: sssd.conf.5.xml:3252 msgid "" "<quote>krb5</quote> to change the Kerberos password. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3759,35 +3759,35 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3276 +#: sssd.conf.5.xml:3277 msgid "" "<quote>proxy</quote> for relaying password changes to some other PAM target." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3280 +#: sssd.conf.5.xml:3281 msgid "<quote>none</quote> disallows password changes explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3283 +#: sssd.conf.5.xml:3284 msgid "" "Default: <quote>auth_provider</quote> is used if it is set and can handle " "change password requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3290 +#: sssd.conf.5.xml:3291 msgid "sudo_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3293 +#: sssd.conf.5.xml:3294 msgid "The SUDO provider used for the domain. Supported SUDO providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3297 +#: sssd.conf.5.xml:3298 msgid "" "<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3795,32 +3795,32 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3305 +#: sssd.conf.5.xml:3306 msgid "" "<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default " "settings." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3309 +#: sssd.conf.5.xml:3310 msgid "" "<quote>ad</quote> the same as <quote>ldap</quote> but with AD default " "settings." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3313 +#: sssd.conf.5.xml:3314 msgid "<quote>none</quote> disables SUDO explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3316 sssd.conf.5.xml:3402 sssd.conf.5.xml:3472 -#: sssd.conf.5.xml:3497 sssd.conf.5.xml:3533 +#: sssd.conf.5.xml:3317 sssd.conf.5.xml:3403 sssd.conf.5.xml:3473 +#: sssd.conf.5.xml:3498 sssd.conf.5.xml:3534 msgid "Default: The value of <quote>id_provider</quote> is used if it is set." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3320 +#: sssd.conf.5.xml:3321 msgid "" "The detailed instructions for configuration of sudo_provider are in the " "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " @@ -3831,7 +3831,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3335 +#: sssd.conf.5.xml:3336 msgid "" "<emphasis>NOTE:</emphasis> Sudo rules are periodically downloaded in the " "background unless the sudo provider is explicitly disabled. Set " @@ -3840,12 +3840,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3345 +#: sssd.conf.5.xml:3346 msgid "selinux_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3348 +#: sssd.conf.5.xml:3349 msgid "" "The provider which should handle loading of selinux settings. Note that this " "provider will be called right after access provider ends. Supported selinux " @@ -3853,7 +3853,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3354 +#: sssd.conf.5.xml:3355 msgid "" "<quote>ipa</quote> to load selinux settings from an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" @@ -3861,31 +3861,31 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3362 +#: sssd.conf.5.xml:3363 msgid "<quote>none</quote> disallows fetching selinux settings explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3365 +#: sssd.conf.5.xml:3366 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can handle " "selinux loading requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3371 +#: sssd.conf.5.xml:3372 msgid "subdomains_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3374 +#: sssd.conf.5.xml:3375 msgid "" "The provider which should handle fetching of subdomains. This value should " "be always the same as id_provider. Supported subdomain providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3380 +#: sssd.conf.5.xml:3381 msgid "" "<quote>ipa</quote> to load a list of subdomains from an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" @@ -3893,7 +3893,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3389 +#: sssd.conf.5.xml:3390 msgid "" "<quote>ad</quote> to load a list of subdomains from an Active Directory " "server. See <citerefentry> <refentrytitle>sssd-ad</refentrytitle> " @@ -3902,17 +3902,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3398 +#: sssd.conf.5.xml:3399 msgid "<quote>none</quote> disallows fetching subdomains explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3408 +#: sssd.conf.5.xml:3409 msgid "session_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3411 +#: sssd.conf.5.xml:3412 msgid "" "The provider which configures and manages user session related tasks. The " "only user session task currently provided is the integration with Fleet " @@ -3920,43 +3920,43 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3418 +#: sssd.conf.5.xml:3419 msgid "<quote>ipa</quote> to allow performing user session related tasks." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3422 +#: sssd.conf.5.xml:3423 msgid "" "<quote>none</quote> does not perform any kind of user session related tasks." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3426 +#: sssd.conf.5.xml:3427 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can perform " "session related tasks." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3430 +#: sssd.conf.5.xml:3431 msgid "" "<emphasis>NOTE:</emphasis> In order to have this feature working as expected " "SSSD must be running as \"root\" and not as the unprivileged user." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3438 +#: sssd.conf.5.xml:3439 msgid "autofs_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3441 +#: sssd.conf.5.xml:3442 msgid "" "The autofs provider used for the domain. Supported autofs providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3445 +#: sssd.conf.5.xml:3446 msgid "" "<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3964,7 +3964,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3452 +#: sssd.conf.5.xml:3453 msgid "" "<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> " "<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3972,7 +3972,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3460 +#: sssd.conf.5.xml:3461 msgid "" "<quote>ad</quote> to load maps stored in an AD server. See <citerefentry> " "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3980,24 +3980,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3469 +#: sssd.conf.5.xml:3470 msgid "<quote>none</quote> disables autofs explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3479 +#: sssd.conf.5.xml:3480 msgid "hostid_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3482 +#: sssd.conf.5.xml:3483 msgid "" "The provider used for retrieving host identity information. Supported " "hostid providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3486 +#: sssd.conf.5.xml:3487 msgid "" "<quote>ipa</quote> to load host identity stored in an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" @@ -4005,31 +4005,31 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3494 +#: sssd.conf.5.xml:3495 msgid "<quote>none</quote> disables hostid explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3504 +#: sssd.conf.5.xml:3505 msgid "resolver_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3507 +#: sssd.conf.5.xml:3508 msgid "" "The provider which should handle hosts and networks lookups. Supported " "resolver providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3511 +#: sssd.conf.5.xml:3512 msgid "" "<quote>proxy</quote> to forward lookups to another NSS library. See " "<quote>proxy_resolver_lib_name</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3515 +#: sssd.conf.5.xml:3516 msgid "" "<quote>ldap</quote> to fetch hosts and networks stored in LDAP. See " "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" @@ -4037,7 +4037,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3522 +#: sssd.conf.5.xml:3523 msgid "" "<quote>ad</quote> to fetch hosts and networks stored in AD. See " "<citerefentry> <refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</" @@ -4046,12 +4046,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3530 +#: sssd.conf.5.xml:3531 msgid "<quote>none</quote> disallows fetching hosts and networks explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3543 +#: sssd.conf.5.xml:3544 msgid "" "Regular expression for this domain that describes how to parse the string " "containing user name and domain into these components. The \"domain\" can " @@ -4061,24 +4061,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3552 +#: sssd.conf.5.xml:3553 msgid "" "Default: <quote>^((?P<name>.+)@(?P<domain>[^@]*)|(?P<name>" "[^@]+))$</quote> which allows two different styles for user names:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:3557 sssd.conf.5.xml:3571 +#: sssd.conf.5.xml:3558 sssd.conf.5.xml:3572 msgid "username" msgstr "käyttäjänimi" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:3560 sssd.conf.5.xml:3574 +#: sssd.conf.5.xml:3561 sssd.conf.5.xml:3575 msgid "username@domain.name" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3565 +#: sssd.conf.5.xml:3566 msgid "" "Default for the AD and IPA provider: <quote>^(((?P<domain>[^\\\\]+)\\" "\\(?P<name>.+))|((?P<name>.+)@(?P<domain>[^@]+))|((?P<" @@ -4087,19 +4087,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:3577 +#: sssd.conf.5.xml:3578 msgid "domain\\username" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3580 +#: sssd.conf.5.xml:3581 msgid "" "While the first two correspond to the general default the third one is " "introduced to allow easy integration of users from Windows domains." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3585 +#: sssd.conf.5.xml:3586 msgid "" "The default re_expression uses the <quote>@</quote> character as a separator " "between the name and the domain. As a result of this setting the default " @@ -4109,89 +4109,89 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3637 +#: sssd.conf.5.xml:3638 msgid "Default: <quote>%1$s@%2$s</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3643 +#: sssd.conf.5.xml:3644 msgid "lookup_family_order (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3646 +#: sssd.conf.5.xml:3647 msgid "" "Provides the ability to select preferred address family to use when " "performing DNS lookups." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3650 +#: sssd.conf.5.xml:3651 msgid "Supported values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3653 +#: sssd.conf.5.xml:3654 msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3656 +#: sssd.conf.5.xml:3657 msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3659 +#: sssd.conf.5.xml:3660 msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3662 +#: sssd.conf.5.xml:3663 msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3665 +#: sssd.conf.5.xml:3666 msgid "Default: ipv4_first" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3671 +#: sssd.conf.5.xml:3672 msgid "dns_resolver_server_timeout (integer)" msgstr "dns_resolver_server_timeout (integeri)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3674 +#: sssd.conf.5.xml:3675 msgid "" "Defines the amount of time (in milliseconds) SSSD would try to talk to DNS " "server before trying next DNS server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3679 +#: sssd.conf.5.xml:3680 msgid "" "The AD provider will use this option for the CLDAP ping timeouts as well." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3683 sssd.conf.5.xml:3703 sssd.conf.5.xml:3724 +#: sssd.conf.5.xml:3684 sssd.conf.5.xml:3704 sssd.conf.5.xml:3725 msgid "" "Please see the section <quote>FAILOVER</quote> for more information about " "the service resolution." msgstr "" #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3688 sssd-ldap.5.xml:644 include/failover.xml:84 +#: sssd.conf.5.xml:3689 sssd-ldap.5.xml:644 include/failover.xml:84 msgid "Default: 1000" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3694 +#: sssd.conf.5.xml:3695 msgid "dns_resolver_op_timeout (integer)" msgstr "dns_resolver_op_timeout (integeri)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3697 +#: sssd.conf.5.xml:3698 msgid "" "Defines the amount of time (in seconds) to wait to resolve single DNS query " "(e.g. resolution of a hostname or an SRV record) before trying the next " @@ -4199,12 +4199,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3714 +#: sssd.conf.5.xml:3715 msgid "dns_resolver_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3717 +#: sssd.conf.5.xml:3718 msgid "" "Defines the amount of time (in seconds) to wait for a reply from the " "internal fail over service before assuming that the service is unreachable. " @@ -4213,14 +4213,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3735 +#: sssd.conf.5.xml:3736 #, fuzzy #| msgid "dns_resolver_server_timeout (integer)" msgid "dns_resolver_use_search_list (bool)" msgstr "dns_resolver_server_timeout (integeri)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3738 +#: sssd.conf.5.xml:3739 msgid "" "Normally, the DNS resolver searches the domain list defined in the " "\"search\" directive from the resolv.conf file. This can lead to delays in " @@ -4228,7 +4228,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3744 +#: sssd.conf.5.xml:3745 msgid "" "If fully qualified domain names (or _srv_) are used in the SSSD " "configuration, setting this option to FALSE can prevent unnecessary DNS " @@ -4236,71 +4236,71 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3750 +#: sssd.conf.5.xml:3751 #, fuzzy #| msgid "Default: True" msgid "Default: TRUE" msgstr "Oletus:tosi" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3756 +#: sssd.conf.5.xml:3757 msgid "dns_discovery_domain (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3759 +#: sssd.conf.5.xml:3760 msgid "" "If service discovery is used in the back end, specifies the domain part of " "the service discovery DNS query." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3763 +#: sssd.conf.5.xml:3764 msgid "Default: Use the domain part of machine's hostname" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3769 +#: sssd.conf.5.xml:3770 msgid "override_gid (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3772 +#: sssd.conf.5.xml:3773 msgid "Override the primary GID value with the one specified." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3778 +#: sssd.conf.5.xml:3779 msgid "case_sensitive (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3785 +#: sssd.conf.5.xml:3786 msgid "True" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3788 +#: sssd.conf.5.xml:3789 msgid "Case sensitive. This value is invalid for AD provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3794 +#: sssd.conf.5.xml:3795 msgid "False" msgstr "epätosi" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3796 +#: sssd.conf.5.xml:3797 msgid "Case insensitive." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3800 +#: sssd.conf.5.xml:3801 msgid "Preserving" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3803 +#: sssd.conf.5.xml:3804 msgid "" "Same as False (case insensitive), but does not lowercase names in the result " "of NSS operations. Note that name aliases (and in case of services also " @@ -4308,31 +4308,31 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3811 +#: sssd.conf.5.xml:3812 msgid "" "If you want to set this value for trusted domain with IPA provider, you need " "to set it on both the client and SSSD on the server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3781 +#: sssd.conf.5.xml:3782 msgid "" "Treat user and group names as case sensitive. Possible option values are: " "<placeholder type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3826 +#: sssd.conf.5.xml:3827 msgid "Default: True (False for AD provider)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3832 +#: sssd.conf.5.xml:3833 msgid "subdomain_inherit (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3835 +#: sssd.conf.5.xml:3836 msgid "" "Specifies a list of configuration parameters that should be inherited by a " "subdomain. Please note that only selected parameters can be inherited. " @@ -4340,124 +4340,124 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3841 +#: sssd.conf.5.xml:3842 #, fuzzy #| msgid "ldap_purge_cache_timeout" msgid "ldap_search_timeout" msgstr "ldap_purge_cache_timeout" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3844 +#: sssd.conf.5.xml:3845 #, fuzzy #| msgid "client_idle_timeout" msgid "ldap_network_timeout" msgstr "client_idle_timeout" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3847 +#: sssd.conf.5.xml:3848 #, fuzzy #| msgid "ldap_purge_cache_timeout" msgid "ldap_opt_timeout" msgstr "ldap_purge_cache_timeout" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3850 +#: sssd.conf.5.xml:3851 #, fuzzy #| msgid "client_idle_timeout" msgid "ldap_offline_timeout" msgstr "client_idle_timeout" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3853 +#: sssd.conf.5.xml:3854 #, fuzzy #| msgid "client_idle_timeout" msgid "ldap_enumeration_refresh_timeout" msgstr "client_idle_timeout" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3856 +#: sssd.conf.5.xml:3857 msgid "ldap_enumeration_refresh_offset" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3859 +#: sssd.conf.5.xml:3860 msgid "ldap_purge_cache_timeout" msgstr "ldap_purge_cache_timeout" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3862 +#: sssd.conf.5.xml:3863 #, fuzzy #| msgid "ldap_purge_cache_timeout" msgid "ldap_purge_cache_offset" msgstr "ldap_purge_cache_timeout" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3865 +#: sssd.conf.5.xml:3866 msgid "" "ldap_krb5_keytab (the value of krb5_keytab will be used if ldap_krb5_keytab " "is not set explicitly)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3869 +#: sssd.conf.5.xml:3870 msgid "ldap_krb5_ticket_lifetime" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3872 +#: sssd.conf.5.xml:3873 #, fuzzy #| msgid "client_idle_timeout" msgid "ldap_enumeration_search_timeout" msgstr "client_idle_timeout" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3875 +#: sssd.conf.5.xml:3876 #, fuzzy #| msgid "client_idle_timeout" msgid "ldap_connection_expire_timeout" msgstr "client_idle_timeout" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3878 +#: sssd.conf.5.xml:3879 #, fuzzy #| msgid "client_idle_timeout" msgid "ldap_connection_expire_offset" msgstr "client_idle_timeout" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3881 +#: sssd.conf.5.xml:3882 #, fuzzy #| msgid "client_idle_timeout" msgid "ldap_connection_idle_timeout" msgstr "client_idle_timeout" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3884 sssd-ldap.5.xml:400 +#: sssd.conf.5.xml:3885 sssd-ldap.5.xml:400 msgid "ldap_use_tokengroups" msgstr "ldap_use_tokengroups" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3887 +#: sssd.conf.5.xml:3888 msgid "ldap_user_principal" msgstr "ldap_user_principal" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3890 +#: sssd.conf.5.xml:3891 msgid "ignore_group_members" msgstr "ignore_group_members" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3893 +#: sssd.conf.5.xml:3894 msgid "auto_private_groups" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3896 +#: sssd.conf.5.xml:3897 msgid "case_sensitive" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:3901 +#: sssd.conf.5.xml:3902 #, no-wrap msgid "" "subdomain_inherit = ldap_purge_cache_timeout\n" @@ -4467,27 +4467,27 @@ msgstr "" " " #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3908 +#: sssd.conf.5.xml:3909 msgid "Note: This option only works with the IPA and AD provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3915 +#: sssd.conf.5.xml:3916 msgid "subdomain_homedir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3926 +#: sssd.conf.5.xml:3927 msgid "%F" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3927 +#: sssd.conf.5.xml:3928 msgid "flat (NetBIOS) name of a subdomain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3918 +#: sssd.conf.5.xml:3919 msgid "" "Use this homedir as default value for all subdomains within this domain in " "IPA AD trust. See <emphasis>override_homedir</emphasis> for info about " @@ -4497,34 +4497,34 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3932 +#: sssd.conf.5.xml:3933 msgid "" "The value can be overridden by <emphasis>override_homedir</emphasis> option." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3936 +#: sssd.conf.5.xml:3937 msgid "Default: <filename>/home/%d/%u</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3941 +#: sssd.conf.5.xml:3942 msgid "realmd_tags (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3944 +#: sssd.conf.5.xml:3945 msgid "" "Various tags stored by the realmd configuration service for this domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3950 +#: sssd.conf.5.xml:3951 msgid "cached_auth_timeout (int)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3953 +#: sssd.conf.5.xml:3954 msgid "" "Specifies time in seconds since last successful online authentication for " "which user will be authenticated using cached credentials while SSSD is in " @@ -4533,19 +4533,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3961 +#: sssd.conf.5.xml:3962 msgid "" "This option's value is inherited by all trusted domains. At the moment it is " "not possible to set a different value per trusted domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3966 +#: sssd.conf.5.xml:3967 msgid "Special value 0 implies that this feature is disabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3970 +#: sssd.conf.5.xml:3971 msgid "" "Please note that if <quote>cached_auth_timeout</quote> is longer than " "<quote>pam_id_timeout</quote> then the back end could be called to handle " @@ -4553,24 +4553,85 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3981 +#: sssd.conf.5.xml:3982 +#, fuzzy +#| msgid "ldap_user_principal" +msgid "local_auth_policy (string)" +msgstr "ldap_user_principal" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3985 +msgid "" +"Local authentication methods policy. Some backends (i.e. LDAP, proxy " +"provider) only support a password based authentication, while others can " +"handle PKINIT based Smartcard authentication (AD, IPA), two-factor " +"authentication (IPA), or other methods against a central instance. By " +"default in such cases authentication is only performed with the methods " +"supported by the backend." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3995 +msgid "" +"There are three possible values for this option: match, only, enable. " +"<quote>match</quote> is used to match offline and online states for Kerberos " +"methods. <quote>only</quote> ignores the online methods and only offer the " +"local ones. enable allows explicitly defining the methods for local " +"authentication. As an example, <quote>enable:passkey</quote>, only enables " +"passkey for local authentication. Multiple enable values should be comma-" +"separated, such as <quote>enable:passkey, enable:smartcard</quote>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:4011 +#, no-wrap +msgid "" +"[domain/shadowutils]\n" +"id_provider = proxy\n" +"proxy_lib_name = files\n" +"auth_provider = none\n" +"local_auth_policy = only\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4007 +msgid "" +"The following configuration example allows local users to authenticate " +"locally using any enabled method (i.e. smartcard, passkey). <placeholder " +"type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4019 +msgid "This option is ignored for the files provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4022 +#, fuzzy +#| msgid "Default: true" +msgid "Default: match" +msgstr "Oletus:tosi" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4027 msgid "auto_private_groups (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3987 +#: sssd.conf.5.xml:4033 msgid "true" msgstr "tosi" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3990 +#: sssd.conf.5.xml:4036 msgid "" "Create user's private group unconditionally from user's UID number. The GID " "number is ignored in this case." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3994 +#: sssd.conf.5.xml:4040 msgid "" "NOTE: Because the GID number and the user private group are inferred from " "the UID number, it is not supported to have multiple entries with the same " @@ -4579,24 +4640,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4003 +#: sssd.conf.5.xml:4049 msgid "false" msgstr "epätosi" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4006 +#: sssd.conf.5.xml:4052 msgid "" "Always use the user's primary GID number. The GID number must refer to a " "group object in the LDAP database." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4012 +#: sssd.conf.5.xml:4058 msgid "hybrid" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4015 +#: sssd.conf.5.xml:4061 msgid "" "A primary group is autogenerated for user entries whose UID and GID numbers " "have the same value and at the same time the GID number does not correspond " @@ -4606,14 +4667,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4028 +#: sssd.conf.5.xml:4074 msgid "" "If the UID and GID of a user are different, then the GID must correspond to " "a group entry, otherwise the GID is simply not resolvable." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4035 +#: sssd.conf.5.xml:4081 msgid "" "This feature is useful for environments that wish to stop maintaining a " "separate group objects for the user private groups, but also wish to retain " @@ -4621,21 +4682,21 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3984 +#: sssd.conf.5.xml:4030 msgid "" "This option takes any of three available values: <placeholder " "type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4047 +#: sssd.conf.5.xml:4093 msgid "" "For subdomains, the default value is False for subdomains that use assigned " "POSIX IDs and True for subdomains that use automatic ID-mapping." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:4055 +#: sssd.conf.5.xml:4101 #, no-wrap msgid "" "[domain/forest.domain/sub.domain]\n" @@ -4643,7 +4704,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:4061 +#: sssd.conf.5.xml:4107 #, no-wrap msgid "" "[domain/forest.domain]\n" @@ -4652,7 +4713,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4052 +#: sssd.conf.5.xml:4098 msgid "" "The value of auto_private_groups can either be set per subdomains in a " "subsection, for example: <placeholder type=\"programlisting\" id=\"0\"/> or " @@ -4661,7 +4722,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:2569 +#: sssd.conf.5.xml:2570 msgid "" "These configuration options can be present in a domain configuration " "section, that is, in a section called <quote>[domain/<replaceable>NAME</" @@ -4669,29 +4730,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4076 +#: sssd.conf.5.xml:4122 msgid "proxy_pam_target (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4079 +#: sssd.conf.5.xml:4125 msgid "The proxy target PAM proxies to." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4082 +#: sssd.conf.5.xml:4128 msgid "" "Default: not set by default, you have to take an existing pam configuration " "or create a new one and add the service name here." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4090 +#: sssd.conf.5.xml:4136 msgid "proxy_lib_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4093 +#: sssd.conf.5.xml:4139 msgid "" "The name of the NSS library to use in proxy domains. The NSS functions " "searched for in the library are in the form of _nss_$(libName)_$(function), " @@ -4699,12 +4760,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4103 +#: sssd.conf.5.xml:4149 msgid "proxy_resolver_lib_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4106 +#: sssd.conf.5.xml:4152 msgid "" "The name of the NSS library to use for hosts and networks lookups in proxy " "domains. The NSS functions searched for in the library are in the form of " @@ -4712,12 +4773,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4117 +#: sssd.conf.5.xml:4163 msgid "proxy_fast_alias (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4120 +#: sssd.conf.5.xml:4166 msgid "" "When a user or group is looked up by name in the proxy provider, a second " "lookup by ID is performed to \"canonicalize\" the name in case the requested " @@ -4726,12 +4787,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4134 +#: sssd.conf.5.xml:4180 msgid "proxy_max_children (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4137 +#: sssd.conf.5.xml:4183 msgid "" "This option specifies the number of pre-forked proxy children. It is useful " "for high-load SSSD environments where sssd may run out of available child " @@ -4739,19 +4800,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4072 +#: sssd.conf.5.xml:4118 msgid "" "Options valid for proxy domains. <placeholder type=\"variablelist\" " "id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:4153 +#: sssd.conf.5.xml:4199 msgid "Application domains" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4155 +#: sssd.conf.5.xml:4201 msgid "" "SSSD, with its D-Bus interface (see <citerefentry> <refentrytitle>sssd-ifp</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry>) is appealing to " @@ -4768,7 +4829,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4175 +#: sssd.conf.5.xml:4221 msgid "" "Please note that the application domain must still be explicitly enabled in " "the <quote>domains</quote> parameter so that the lookup order between the " @@ -4776,17 +4837,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> -#: sssd.conf.5.xml:4181 +#: sssd.conf.5.xml:4227 msgid "Application domain parameters" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4183 +#: sssd.conf.5.xml:4229 msgid "inherit_from (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4186 +#: sssd.conf.5.xml:4232 msgid "" "The SSSD POSIX-type domain the application domain inherits all settings " "from. The application domain can moreover add its own settings to the " @@ -4795,7 +4856,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4200 +#: sssd.conf.5.xml:4246 msgid "" "The following example illustrates the use of an application domain. In this " "setup, the POSIX domain is connected to an LDAP server and is used by the OS " @@ -4805,7 +4866,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><programlisting> -#: sssd.conf.5.xml:4208 +#: sssd.conf.5.xml:4254 #, no-wrap msgid "" "[sssd]\n" @@ -4825,12 +4886,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4228 +#: sssd.conf.5.xml:4274 msgid "TRUSTED DOMAIN SECTION" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4230 +#: sssd.conf.5.xml:4276 msgid "" "Some options used in the domain section can also be used in the trusted " "domain section, that is, in a section called <quote>[domain/" @@ -4841,69 +4902,69 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4237 +#: sssd.conf.5.xml:4283 msgid "ldap_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4238 +#: sssd.conf.5.xml:4284 msgid "ldap_user_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4239 +#: sssd.conf.5.xml:4285 msgid "ldap_group_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4240 +#: sssd.conf.5.xml:4286 msgid "ldap_netgroup_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4241 +#: sssd.conf.5.xml:4287 msgid "ldap_service_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4242 +#: sssd.conf.5.xml:4288 msgid "ldap_sasl_mech," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4243 +#: sssd.conf.5.xml:4289 msgid "ad_server," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4244 +#: sssd.conf.5.xml:4290 msgid "ad_backup_server," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4245 +#: sssd.conf.5.xml:4291 msgid "ad_site," msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4246 sssd-ipa.5.xml:879 +#: sssd.conf.5.xml:4292 sssd-ipa.5.xml:879 msgid "use_fully_qualified_names" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4250 +#: sssd.conf.5.xml:4296 msgid "" "For more details about these options see their individual description in the " "manual page." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4256 +#: sssd.conf.5.xml:4302 msgid "CERTIFICATE MAPPING SECTION" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4258 +#: sssd.conf.5.xml:4304 msgid "" "To allow authentication with Smartcards and certificates SSSD must be able " "to map certificates to users. This can be done by adding the full " @@ -4916,7 +4977,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4272 +#: sssd.conf.5.xml:4318 msgid "" "To make the mapping more flexible mapping and matching rules were added to " "SSSD (see <citerefentry> <refentrytitle>sss-certmap</refentrytitle> " @@ -4924,7 +4985,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4281 +#: sssd.conf.5.xml:4327 msgid "" "A mapping and matching rule can be added to the SSSD configuration in a " "section on its own with a name like <quote>[certmap/" @@ -4933,55 +4994,55 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4288 +#: sssd.conf.5.xml:4334 msgid "matchrule (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4291 +#: sssd.conf.5.xml:4337 msgid "" "Only certificates from the Smartcard which matches this rule will be " "processed, all others are ignored." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4295 +#: sssd.conf.5.xml:4341 msgid "" "Default: KRB5:<EKU>clientAuth, i.e. only certificates which have the " "Extended Key Usage <quote>clientAuth</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4302 +#: sssd.conf.5.xml:4348 msgid "maprule (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4305 +#: sssd.conf.5.xml:4351 msgid "Defines how the user is found for a given certificate." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4311 +#: sssd.conf.5.xml:4357 msgid "" "LDAP:(userCertificate;binary={cert!bin}) for LDAP based providers like " "<quote>ldap</quote>, <quote>AD</quote> or <quote>ipa</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4317 +#: sssd.conf.5.xml:4363 msgid "" "The RULE_NAME for the <quote>files</quote> provider which tries to find a " "user with the same name." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4326 +#: sssd.conf.5.xml:4372 msgid "domains (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4329 +#: sssd.conf.5.xml:4375 msgid "" "Comma separated list of domain names the rule should be applied. By default " "a rule is only valid in the domain configured in sssd.conf. If the provider " @@ -4990,17 +5051,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4336 +#: sssd.conf.5.xml:4382 msgid "Default: the configured domain in sssd.conf" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4341 +#: sssd.conf.5.xml:4387 msgid "priority (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4344 +#: sssd.conf.5.xml:4390 msgid "" "Unsigned integer value defining the priority of the rule. The higher the " "number the lower the priority. <quote>0</quote> stands for the highest " @@ -5008,26 +5069,26 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4350 +#: sssd.conf.5.xml:4396 msgid "Default: the lowest priority" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4356 +#: sssd.conf.5.xml:4402 msgid "" "To make the configuration simple and reduce the amount of configuration " "options the <quote>files</quote> provider has some special properties:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4362 +#: sssd.conf.5.xml:4408 msgid "" "if maprule is not set the RULE_NAME name is assumed to be the name of the " "matching user" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4368 +#: sssd.conf.5.xml:4414 msgid "" "if a maprule is used both a single user name or a template like " "<quote>{subject_rfc822_name.short_name}</quote> must be in braces like e.g. " @@ -5036,17 +5097,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4377 +#: sssd.conf.5.xml:4423 msgid "the <quote>domains</quote> option is ignored" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4385 +#: sssd.conf.5.xml:4431 msgid "PROMPTING CONFIGURATION SECTION" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4387 +#: sssd.conf.5.xml:4433 msgid "" "If a special file (<filename>/var/lib/sss/pubconf/pam_preauth_available</" "filename>) exists SSSD's PAM module pam_sss will ask SSSD to figure out " @@ -5056,7 +5117,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4395 +#: sssd.conf.5.xml:4441 msgid "" "With the growing number of authentication methods and the possibility that " "there are multiple ones for a single user the heuristic used by pam_sss to " @@ -5065,59 +5126,59 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4407 +#: sssd.conf.5.xml:4453 msgid "[prompting/password]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4410 +#: sssd.conf.5.xml:4456 msgid "password_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4411 +#: sssd.conf.5.xml:4457 msgid "to change the string of the password prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4409 +#: sssd.conf.5.xml:4455 msgid "" "to configure password prompting, allowed options are: <placeholder " "type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4419 +#: sssd.conf.5.xml:4465 msgid "[prompting/2fa]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4423 +#: sssd.conf.5.xml:4469 msgid "first_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4424 +#: sssd.conf.5.xml:4470 msgid "to change the string of the prompt for the first factor" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4427 +#: sssd.conf.5.xml:4473 msgid "second_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4428 +#: sssd.conf.5.xml:4474 msgid "to change the string of the prompt for the second factor" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4431 +#: sssd.conf.5.xml:4477 msgid "single_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4432 +#: sssd.conf.5.xml:4478 msgid "" "boolean value, if True there will be only a single prompt using the value of " "first_prompt where it is expected that both factors are entered as a single " @@ -5126,7 +5187,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4421 +#: sssd.conf.5.xml:4467 msgid "" "to configure two-factor authentication prompting, allowed options are: " "<placeholder type=\"variablelist\" id=\"0\"/> If the second factor is " @@ -5135,17 +5196,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4449 +#: sssd.conf.5.xml:4495 msgid "[prompting/passkey]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4455 sssd-ad.5.xml:1021 +#: sssd.conf.5.xml:4501 sssd-ad.5.xml:1021 msgid "interactive" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4457 +#: sssd.conf.5.xml:4503 msgid "" "boolean value, if True prompt a message and wait before testing the presence " "of a passkey device. Recommended if your device doesn’t have a tactile " @@ -5153,46 +5214,46 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4465 +#: sssd.conf.5.xml:4511 msgid "interactive_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4467 +#: sssd.conf.5.xml:4513 msgid "to change the message of the interactive prompt." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4472 +#: sssd.conf.5.xml:4518 msgid "touch" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4474 +#: sssd.conf.5.xml:4520 msgid "" "boolean value, if True prompt a message to remind the user to touch the " "device." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4480 +#: sssd.conf.5.xml:4526 msgid "touch_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4482 +#: sssd.conf.5.xml:4528 msgid "to change the message of the touch prompt." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4451 +#: sssd.conf.5.xml:4497 msgid "" "to configure passkey authentication prompting, allowed options are: " "<placeholder type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4402 +#: sssd.conf.5.xml:4448 msgid "" "Each supported authentication method has its own configuration subsection " "under <quote>[prompting/...]</quote>. Currently there are: <placeholder " @@ -5201,7 +5262,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4493 +#: sssd.conf.5.xml:4539 msgid "" "It is possible to add a subsection for specific PAM services, e.g. " "<quote>[prompting/password/sshd]</quote> to individual change the prompting " @@ -5209,12 +5270,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4500 pam_sss_gss.8.xml:157 idmap_sss.8.xml:43 +#: sssd.conf.5.xml:4546 pam_sss_gss.8.xml:157 idmap_sss.8.xml:43 msgid "EXAMPLES" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4506 +#: sssd.conf.5.xml:4552 #, no-wrap msgid "" "[sssd]\n" @@ -5244,7 +5305,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4502 +#: sssd.conf.5.xml:4548 msgid "" "1. The following example shows a typical SSSD config. It does not describe " "configuration of the domains themselves - refer to documentation on " @@ -5253,7 +5314,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4539 +#: sssd.conf.5.xml:4585 #, no-wrap msgid "" "[domain/ipa.com/child.ad.com]\n" @@ -5261,7 +5322,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4533 +#: sssd.conf.5.xml:4579 msgid "" "2. The following example shows configuration of IPA AD trust where the AD " "forest consists of two domains in a parent-child structure. Suppose IPA " @@ -5272,7 +5333,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4550 +#: sssd.conf.5.xml:4596 #, no-wrap msgid "" "[certmap/my.domain/rule_name]\n" @@ -5283,7 +5344,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4544 +#: sssd.conf.5.xml:4590 msgid "" "3. The following example shows the configuration of a certificate mapping " "rule. It is valid for the configured domain <quote>my.domain</quote> and " @@ -17282,7 +17343,7 @@ msgstr "" #: include/ldap_id_mapping.xml:235 msgid "" "When this option is configured, domains will be allocated starting with " -"slice zero and increasing monatomically with each additional domain." +"slice zero and increasing monotonically with each additional domain." msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> diff --git a/src/man/po/fr.po b/src/man/po/fr.po index faf7e6a4489..96ccfacd99f 100644 --- a/src/man/po/fr.po +++ b/src/man/po/fr.po @@ -17,7 +17,7 @@ msgid "" msgstr "" "Project-Id-Version: sssd-docs 2.3.0\n" "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" -"POT-Creation-Date: 2023-05-05 10:09+0200\n" +"POT-Creation-Date: 2023-09-07 11:47+0200\n" "PO-Revision-Date: 2020-07-22 07:49-0400\n" "Last-Translator: Copied by Zanata <copied-by-zanata@zanata.org>\n" "Language-Team: French (http://www.transifex.com/projects/p/sssd/language/" @@ -235,8 +235,8 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:136 sssd.conf.5.xml:173 sssd.conf.5.xml:358 -#: sssd.conf.5.xml:714 sssd.conf.5.xml:729 sssd.conf.5.xml:951 -#: sssd.conf.5.xml:1069 sssd.conf.5.xml:2197 sssd-ldap.5.xml:1071 +#: sssd.conf.5.xml:714 sssd.conf.5.xml:729 sssd.conf.5.xml:952 +#: sssd.conf.5.xml:1070 sssd.conf.5.xml:2198 sssd-ldap.5.xml:1071 #: sssd-ldap.5.xml:1174 sssd-ldap.5.xml:1243 sssd-ldap.5.xml:1750 #: sssd-ldap.5.xml:1815 sssd-ipa.5.xml:342 sssd-ad.5.xml:252 sssd-ad.5.xml:366 #: sssd-ad.5.xml:1200 sssd-ad.5.xml:1348 sssd-krb5.5.xml:358 @@ -259,8 +259,8 @@ msgstr "" "sera ignorée." #. type: Content of: <variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:149 sssd.conf.5.xml:652 sssd.conf.5.xml:948 -#: sssd.conf.5.xml:2100 sssd.conf.5.xml:2167 sssd.conf.5.xml:4128 +#: sssd.conf.5.xml:149 sssd.conf.5.xml:652 sssd.conf.5.xml:949 +#: sssd.conf.5.xml:2101 sssd.conf.5.xml:2168 sssd.conf.5.xml:4174 #: sssd-ldap.5.xml:312 sssd-ldap.5.xml:917 sssd-ldap.5.xml:936 #: sssd-ldap.5.xml:1146 sssd-ldap.5.xml:1599 sssd-ldap.5.xml:1839 #: sssd-ipa.5.xml:152 sssd-ipa.5.xml:254 sssd-ipa.5.xml:657 sssd-ad.5.xml:1106 @@ -330,8 +330,8 @@ msgid "" msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:196 sssd.conf.5.xml:1289 sssd.conf.5.xml:1766 -#: sssd.conf.5.xml:4144 sssd-ldap.5.xml:765 include/ldap_id_mapping.xml:270 +#: sssd.conf.5.xml:196 sssd.conf.5.xml:1290 sssd.conf.5.xml:1767 +#: sssd.conf.5.xml:4190 sssd-ldap.5.xml:765 include/ldap_id_mapping.xml:270 msgid "Default: 10" msgstr "Par défaut : 10" @@ -402,12 +402,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:258 sssd.conf.5.xml:783 +#: sssd.conf.5.xml:258 sssd.conf.5.xml:784 msgid "reconnection_retries (integer)" msgstr "reconnection_retries (entier)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:261 sssd.conf.5.xml:786 +#: sssd.conf.5.xml:261 sssd.conf.5.xml:787 msgid "" "Number of times services should attempt to reconnect in the event of a Data " "Provider crash or restart before they give up" @@ -417,7 +417,7 @@ msgstr "" "d'abandonner" #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:266 sssd.conf.5.xml:791 sssd.conf.5.xml:3708 +#: sssd.conf.5.xml:266 sssd.conf.5.xml:792 sssd.conf.5.xml:3709 #: include/failover.xml:100 msgid "Default: 3" msgstr "Par défaut : 3" @@ -439,7 +439,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:287 sssd.conf.5.xml:3540 +#: sssd.conf.5.xml:287 sssd.conf.5.xml:3541 msgid "re_expression (string)" msgstr "re_expression (chaîne)" @@ -461,12 +461,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:304 sssd.conf.5.xml:3597 +#: sssd.conf.5.xml:304 sssd.conf.5.xml:3598 msgid "full_name_format (string)" msgstr "full_name_format (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:307 sssd.conf.5.xml:3600 +#: sssd.conf.5.xml:307 sssd.conf.5.xml:3601 msgid "" "A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</" "manvolnum> </citerefentry>-compatible format that describes how to compose a " @@ -478,33 +478,33 @@ msgstr "" "domaine." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:318 sssd.conf.5.xml:3611 +#: sssd.conf.5.xml:318 sssd.conf.5.xml:3612 msgid "%1$s" msgstr "%1$s" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:319 sssd.conf.5.xml:3612 +#: sssd.conf.5.xml:319 sssd.conf.5.xml:3613 msgid "user name" msgstr "nom d'utilisateur" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:322 sssd.conf.5.xml:3615 +#: sssd.conf.5.xml:322 sssd.conf.5.xml:3616 msgid "%2$s" msgstr "%2$s" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:325 sssd.conf.5.xml:3618 +#: sssd.conf.5.xml:325 sssd.conf.5.xml:3619 msgid "domain name as specified in the SSSD config file." msgstr "" "nom de domaine tel qu'indiqué dans le fichier de configuration de SSSD." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:331 sssd.conf.5.xml:3624 +#: sssd.conf.5.xml:331 sssd.conf.5.xml:3625 msgid "%3$s" msgstr "%3$s" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:334 sssd.conf.5.xml:3627 +#: sssd.conf.5.xml:334 sssd.conf.5.xml:3628 msgid "" "domain flat name. Mostly usable for Active Directory domains, both directly " "configured or discovered via IPA trusts." @@ -514,7 +514,7 @@ msgstr "" "d'approbation IPA." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:315 sssd.conf.5.xml:3608 +#: sssd.conf.5.xml:315 sssd.conf.5.xml:3609 msgid "" "The following expansions are supported: <placeholder type=\"variablelist\" " "id=\"0\"/>" @@ -964,7 +964,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:700 sssd.conf.5.xml:1790 sssd.conf.5.xml:4194 +#: sssd.conf.5.xml:700 sssd.conf.5.xml:1791 sssd.conf.5.xml:4240 #: sssd-ad.5.xml:187 sssd-ad.5.xml:327 sssd-ad.5.xml:341 msgid "Default: Not set" msgstr "Par défaut : non défini" @@ -1017,11 +1017,11 @@ msgstr "ldap_user_certificate (chaîne)" #: sssd.conf.5.xml:744 msgid "" "Enable or disable the user verification (i.e. PIN, fingerprint) during " -"authentication." +"authentication. If enabled, the PIN will always be requested." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:749 +#: sssd.conf.5.xml:750 msgid "" "The default is that the key settings decide what to do. In the IPA or " "kerberos pre-authentication case, this value will be overwritten by the " @@ -1060,12 +1060,12 @@ msgstr "" "l'identité des domaines. <placeholder type=\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:768 +#: sssd.conf.5.xml:769 msgid "SERVICES SECTIONS" msgstr "SECTIONS DE SERVICES" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:770 +#: sssd.conf.5.xml:771 msgid "" "Settings that can be used to configure different services are described in " "this section. They should reside in the [<replaceable>$NAME</replaceable>] " @@ -1078,22 +1078,22 @@ msgstr "" "section doit être <quote>[nss]</quote>" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:777 +#: sssd.conf.5.xml:778 msgid "General service configuration options" msgstr "Options générales de configuration de service" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:779 +#: sssd.conf.5.xml:780 msgid "These options can be used to configure any service." msgstr "Ces options peuvent être utilisées pour configurer les services." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:796 +#: sssd.conf.5.xml:797 msgid "fd_limit" msgstr "fd_limit" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:799 +#: sssd.conf.5.xml:800 msgid "" "This option specifies the maximum number of file descriptors that may be " "opened at one time by this SSSD process. On systems where SSSD is granted " @@ -1108,17 +1108,17 @@ msgstr "" "valeur inférieure ou la limite « hard » de limits.conf." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:808 +#: sssd.conf.5.xml:809 msgid "Default: 8192 (or limits.conf \"hard\" limit)" msgstr "Par défault : 8192 (ou la limite « hard » de limits.conf)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:813 +#: sssd.conf.5.xml:814 msgid "client_idle_timeout" msgstr "client_idle_timeout" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:816 +#: sssd.conf.5.xml:817 msgid "" "This option specifies the number of seconds that a client of an SSSD process " "can hold onto a file descriptor without communicating on it. This value is " @@ -1128,19 +1128,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:825 +#: sssd.conf.5.xml:826 #, fuzzy #| msgid "Default: 300" msgid "Default: 60, KCM: 300" msgstr "Par défaut : 300" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:830 +#: sssd.conf.5.xml:831 msgid "offline_timeout (integer)" msgstr "offline_timeout (entier)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:833 +#: sssd.conf.5.xml:834 msgid "" "When SSSD switches to offline mode the amount of time before it tries to go " "back online will increase based upon the time spent disconnected. By " @@ -1151,14 +1151,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:844 sssd.conf.5.xml:900 +#: sssd.conf.5.xml:845 sssd.conf.5.xml:901 msgid "" "new_delay = Minimum(old_delay * 2, offline_timeout_max) + random[0..." "offline_timeout_random_offset]" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:847 +#: sssd.conf.5.xml:848 msgid "" "The offline_timeout default value is 60. The offline_timeout_max default " "value is 3600. The offline_timeout_random_offset default value is 30. The " @@ -1166,46 +1166,46 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:853 +#: sssd.conf.5.xml:854 msgid "" "Note that the maximum length of each interval is defined by " "offline_timeout_max (apart of random part)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:857 sssd.conf.5.xml:1200 sssd.conf.5.xml:1583 -#: sssd.conf.5.xml:1879 sssd-ldap.5.xml:494 +#: sssd.conf.5.xml:858 sssd.conf.5.xml:1201 sssd.conf.5.xml:1584 +#: sssd.conf.5.xml:1880 sssd-ldap.5.xml:494 msgid "Default: 60" msgstr "Par défaut : 60" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:862 +#: sssd.conf.5.xml:863 #, fuzzy #| msgid "offline_timeout (integer)" msgid "offline_timeout_max (integer)" msgstr "offline_timeout (entier)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:865 +#: sssd.conf.5.xml:866 msgid "" "Controls by how much the time between attempts to go online can be " "incremented following unsuccessful attempts to go online." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:870 +#: sssd.conf.5.xml:871 msgid "A value of 0 disables the incrementing behaviour." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:873 +#: sssd.conf.5.xml:874 msgid "" "The value of this parameter should be set in correlation to offline_timeout " "parameter value." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:877 +#: sssd.conf.5.xml:878 msgid "" "With offline_timeout set to 60 (default value) there is no point in setting " "offlinet_timeout_max to less than 120 as it will saturate instantly. General " @@ -1214,66 +1214,66 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:883 +#: sssd.conf.5.xml:884 msgid "" "Although a value between 0 and offline_timeout may be specified, it has the " "effect of overriding the offline_timeout value so is of little use." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:888 +#: sssd.conf.5.xml:889 #, fuzzy #| msgid "Default: 300" msgid "Default: 3600" msgstr "Par défaut : 300" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:893 +#: sssd.conf.5.xml:894 #, fuzzy #| msgid "offline_timeout + random_offset" msgid "offline_timeout_random_offset (integer)" msgstr "offline_timeout + random_offset" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:896 +#: sssd.conf.5.xml:897 msgid "" "When SSSD is in offline mode it keeps probing backend servers in specified " "time intervals:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:903 +#: sssd.conf.5.xml:904 msgid "" "This parameter controls the value of the random offset used for the above " "equation. Final random_offset value will be random number in range:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:908 +#: sssd.conf.5.xml:909 #, fuzzy #| msgid "offline_timeout + random_offset" msgid "[0 - offline_timeout_random_offset]" msgstr "offline_timeout + random_offset" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:911 +#: sssd.conf.5.xml:912 msgid "A value of 0 disables the random offset addition." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:914 +#: sssd.conf.5.xml:915 #, fuzzy #| msgid "Default: 300" msgid "Default: 30" msgstr "Par défaut : 300" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:919 +#: sssd.conf.5.xml:920 msgid "responder_idle_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:922 +#: sssd.conf.5.xml:923 msgid "" "This option specifies the number of seconds that an SSSD responder process " "can be up without being used. This value is limited in order to avoid " @@ -1285,30 +1285,30 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:936 sssd.conf.5.xml:1213 sssd.conf.5.xml:2321 +#: sssd.conf.5.xml:937 sssd.conf.5.xml:1214 sssd.conf.5.xml:2322 #: sssd-ldap.5.xml:331 msgid "Default: 300" msgstr "Par défaut : 300" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:941 +#: sssd.conf.5.xml:942 msgid "cache_first" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:944 +#: sssd.conf.5.xml:945 msgid "" "This option specifies whether the responder should query all caches before " "querying the Data Providers." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:959 +#: sssd.conf.5.xml:960 msgid "NSS configuration options" msgstr "Options de configuration NSS" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:961 +#: sssd.conf.5.xml:962 msgid "" "These options can be used to configure the Name Service Switch (NSS) service." msgstr "" @@ -1316,12 +1316,12 @@ msgstr "" "Switch (NSS)." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:966 +#: sssd.conf.5.xml:967 msgid "enum_cache_timeout (integer)" msgstr "enum_cache_timeout (entier)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:969 +#: sssd.conf.5.xml:970 msgid "" "How many seconds should nss_sss cache enumerations (requests for info about " "all users)" @@ -1330,17 +1330,17 @@ msgstr "" "énumérations (requêtes sur les informations de tous les utilisateurs)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:973 +#: sssd.conf.5.xml:974 msgid "Default: 120" msgstr "Par défaut : 120" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:978 +#: sssd.conf.5.xml:979 msgid "entry_cache_nowait_percentage (integer)" msgstr "entry_cache_nowait_percentage (entier)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:981 +#: sssd.conf.5.xml:982 msgid "" "The entry cache can be set to automatically update entries in the background " "if they are requested beyond a percentage of the entry_cache_timeout value " @@ -1351,7 +1351,7 @@ msgstr "" "valeur de entry_cache_timeout pour le domaine." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:987 +#: sssd.conf.5.xml:988 msgid "" "For example, if the domain's entry_cache_timeout is set to 30s and " "entry_cache_nowait_percentage is set to 50 (percent), entries that come in " @@ -1367,7 +1367,7 @@ msgstr "" "cache." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:997 +#: sssd.conf.5.xml:998 msgid "" "Valid values for this option are 0-99 and represent a percentage of the " "entry_cache_timeout for each domain. For performance reasons, this " @@ -1380,17 +1380,17 @@ msgstr "" "de non réponse à moins de 10 secondes (0 pour désactiver l'option)." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1005 sssd.conf.5.xml:2121 +#: sssd.conf.5.xml:1006 sssd.conf.5.xml:2122 msgid "Default: 50" msgstr "Par défaut : 50" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1010 +#: sssd.conf.5.xml:1011 msgid "entry_negative_timeout (integer)" msgstr "entry_negative_timeout (entier)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1013 +#: sssd.conf.5.xml:1014 msgid "" "Specifies for how many seconds nss_sss should cache negative cache hits " "(that is, queries for invalid database entries, like nonexistent ones) " @@ -1402,17 +1402,17 @@ msgstr "" "appel au moteur." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1019 sssd.conf.5.xml:1778 sssd.conf.5.xml:2145 +#: sssd.conf.5.xml:1020 sssd.conf.5.xml:1779 sssd.conf.5.xml:2146 msgid "Default: 15" msgstr "Par défaut : 15" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1024 +#: sssd.conf.5.xml:1025 msgid "local_negative_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1027 +#: sssd.conf.5.xml:1028 msgid "" "Specifies for how many seconds nss_sss should keep local users and groups in " "negative cache before trying to look it up in the back end again. Setting " @@ -1420,17 +1420,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1033 +#: sssd.conf.5.xml:1034 msgid "Default: 14400 (4 hours)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1038 +#: sssd.conf.5.xml:1039 msgid "filter_users, filter_groups (string)" msgstr "filter_users, filter_groups (chaîne)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1041 +#: sssd.conf.5.xml:1042 msgid "" "Exclude certain users or groups from being fetched from the sss NSS " "database. This is particularly useful for system accounts. This option can " @@ -1439,7 +1439,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1049 +#: sssd.conf.5.xml:1050 msgid "" "NOTE: The filter_groups option doesn't affect inheritance of nested group " "members, since filtering happens after they are propagated for returning via " @@ -1448,17 +1448,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1057 +#: sssd.conf.5.xml:1058 msgid "Default: root" msgstr "Par défaut : root" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1062 +#: sssd.conf.5.xml:1063 msgid "filter_users_in_groups (bool)" msgstr "filter_users_in_groups (booléen)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1065 +#: sssd.conf.5.xml:1066 msgid "" "If you want filtered user still be group members set this option to false." msgstr "" @@ -1466,12 +1466,12 @@ msgstr "" "membres de groupes." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1076 +#: sssd.conf.5.xml:1077 msgid "fallback_homedir (string)" msgstr "fallback_homedir (string)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1079 +#: sssd.conf.5.xml:1080 msgid "" "Set a default template for a user's home directory if one is not specified " "explicitly by the domain's data provider." @@ -1480,7 +1480,7 @@ msgstr "" "explicitement spécifié par le fournisseur de données du domaine." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1084 +#: sssd.conf.5.xml:1085 msgid "" "The available values for this option are the same as for override_homedir." msgstr "" @@ -1488,7 +1488,7 @@ msgstr "" "override_homedir." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1090 +#: sssd.conf.5.xml:1091 #, no-wrap msgid "" "fallback_homedir = /home/%u\n" @@ -1498,25 +1498,25 @@ msgstr "" " " #. type: Content of: <varlistentry><listitem><para> -#: sssd.conf.5.xml:1088 sssd.conf.5.xml:1650 sssd.conf.5.xml:1669 -#: sssd.conf.5.xml:1746 sssd-krb5.5.xml:451 include/override_homedir.xml:66 +#: sssd.conf.5.xml:1089 sssd.conf.5.xml:1651 sssd.conf.5.xml:1670 +#: sssd.conf.5.xml:1747 sssd-krb5.5.xml:451 include/override_homedir.xml:66 msgid "example: <placeholder type=\"programlisting\" id=\"0\"/>" msgstr "exemple : <placeholder type=\"programlisting\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1094 +#: sssd.conf.5.xml:1095 msgid "Default: not set (no substitution for unset home directories)" msgstr "" "Par défaut : non défini (aucune substitution pour les répertoires d'accueil " "non définis)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1100 +#: sssd.conf.5.xml:1101 msgid "override_shell (string)" msgstr "override_shell (string)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1103 +#: sssd.conf.5.xml:1104 msgid "" "Override the login shell for all users. This option supersedes any other " "shell options if it takes effect and can be set either in the [nss] section " @@ -1528,17 +1528,17 @@ msgstr "" "section [nss], soit par domaine." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1109 +#: sssd.conf.5.xml:1110 msgid "Default: not set (SSSD will use the value retrieved from LDAP)" msgstr "Par défaut : indéfini (SSSD utilisera la valeur récupérée de LDAP)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1115 +#: sssd.conf.5.xml:1116 msgid "allowed_shells (string)" msgstr "allowed_shells (chaîne)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1118 +#: sssd.conf.5.xml:1119 msgid "" "Restrict user shell to one of the listed values. The order of evaluation is:" msgstr "" @@ -1546,14 +1546,14 @@ msgstr "" "indiquées. L'ordre d'évaluation est :" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1121 +#: sssd.conf.5.xml:1122 msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used." msgstr "" "1. Si l'interpréteur de commandes est présent dans <quote>/etc/shells</" "quote>, il est utilisé." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1125 +#: sssd.conf.5.xml:1126 msgid "" "2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</" "quote>, use the value of the shell_fallback parameter." @@ -1563,7 +1563,7 @@ msgstr "" "shell_fallback » sera utilisée." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1130 +#: sssd.conf.5.xml:1131 msgid "" "3. If the shell is not in the allowed_shells list and not in <quote>/etc/" "shells</quote>, a nologin shell is used." @@ -1572,12 +1572,12 @@ msgstr "" "ni dans <quote>/etc/shells</quote>, une connexion sans shell est utilisée." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1135 +#: sssd.conf.5.xml:1136 msgid "The wildcard (*) can be used to allow any shell." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1138 +#: sssd.conf.5.xml:1139 msgid "" "The (*) is useful if you want to use shell_fallback in case that user's " "shell is not in <quote>/etc/shells</quote> and maintaining list of all " @@ -1585,14 +1585,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1145 +#: sssd.conf.5.xml:1146 msgid "An empty string for shell is passed as-is to libc." msgstr "" "Une chaîne vide pour l'interpréteur de commandes est passée telle quelle est " "à la libc." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1148 +#: sssd.conf.5.xml:1149 msgid "" "The <quote>/etc/shells</quote> is only read on SSSD start up, which means " "that a restart of the SSSD is required in case a new shell is installed." @@ -1602,31 +1602,31 @@ msgstr "" "est installé." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1152 +#: sssd.conf.5.xml:1153 msgid "Default: Not set. The user shell is automatically used." msgstr "" "Par défaut : non défini. L'interpréteur de commandes de l'utilisateur est " "utilisé automatiquement." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1157 +#: sssd.conf.5.xml:1158 msgid "vetoed_shells (string)" msgstr "vetoed_shells (chaîne)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1160 +#: sssd.conf.5.xml:1161 msgid "Replace any instance of these shells with the shell_fallback" msgstr "" "Remplace toutes les occurences de ces interpréteurs de commandes par " "l'interpréteur de commandes par défaut" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1165 +#: sssd.conf.5.xml:1166 msgid "shell_fallback (string)" msgstr "shell_fallback (chaîne)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1168 +#: sssd.conf.5.xml:1169 msgid "" "The default shell to use if an allowed shell is not installed on the machine." msgstr "" @@ -1634,17 +1634,17 @@ msgstr "" "commandes autorisé n'est pas installé sur la machine." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1172 +#: sssd.conf.5.xml:1173 msgid "Default: /bin/sh" msgstr "Par défaut : /bin/sh" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1177 +#: sssd.conf.5.xml:1178 msgid "default_shell" msgstr "default_shell" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1180 +#: sssd.conf.5.xml:1181 msgid "" "The default shell to use if the provider does not return one during lookup. " "This option can be specified globally in the [nss] section or per-domain." @@ -1654,7 +1654,7 @@ msgstr "" "choix soit dans la section [nss], soit par domaine." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1186 +#: sssd.conf.5.xml:1187 msgid "" "Default: not set (Return NULL if no shell is specified and rely on libc to " "substitute something sensible when necessary, usually /bin/sh)" @@ -1664,12 +1664,12 @@ msgstr "" "nécessaire, habituellement /bin/sh)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1193 sssd.conf.5.xml:1576 +#: sssd.conf.5.xml:1194 sssd.conf.5.xml:1577 msgid "get_domains_timeout (int)" msgstr "get_domains_timeout (int)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1196 sssd.conf.5.xml:1579 +#: sssd.conf.5.xml:1197 sssd.conf.5.xml:1580 msgid "" "Specifies time in seconds for which the list of subdomains will be " "considered valid." @@ -1678,43 +1678,43 @@ msgstr "" "jugée valide." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1205 +#: sssd.conf.5.xml:1206 #, fuzzy #| msgid "enum_cache_timeout (integer)" msgid "memcache_timeout (integer)" msgstr "enum_cache_timeout (entier)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1208 +#: sssd.conf.5.xml:1209 msgid "" "Specifies time in seconds for which records in the in-memory cache will be " "valid. Setting this option to zero will disable the in-memory cache." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1216 +#: sssd.conf.5.xml:1217 msgid "" "WARNING: Disabling the in-memory cache will have significant negative impact " "on SSSD's performance and should only be used for testing." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1222 sssd.conf.5.xml:1247 sssd.conf.5.xml:1272 -#: sssd.conf.5.xml:1297 sssd.conf.5.xml:1324 +#: sssd.conf.5.xml:1223 sssd.conf.5.xml:1248 sssd.conf.5.xml:1273 +#: sssd.conf.5.xml:1298 sssd.conf.5.xml:1325 msgid "" "NOTE: If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", " "client applications will not use the fast in-memory cache." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1230 +#: sssd.conf.5.xml:1231 #, fuzzy #| msgid "enum_cache_timeout (integer)" msgid "memcache_size_passwd (integer)" msgstr "enum_cache_timeout (entier)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1233 +#: sssd.conf.5.xml:1234 msgid "" "Size (in megabytes) of the data table allocated inside fast in-memory cache " "for passwd requests. Setting the size to 0 will disable the passwd in-" @@ -1722,27 +1722,27 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1239 sssd.conf.5.xml:2963 sssd-ldap.5.xml:548 +#: sssd.conf.5.xml:1240 sssd.conf.5.xml:2964 sssd-ldap.5.xml:548 msgid "Default: 8" msgstr "Par défaut : 8" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1242 sssd.conf.5.xml:1267 sssd.conf.5.xml:1292 -#: sssd.conf.5.xml:1319 +#: sssd.conf.5.xml:1243 sssd.conf.5.xml:1268 sssd.conf.5.xml:1293 +#: sssd.conf.5.xml:1320 msgid "" "WARNING: Disabled or too small in-memory cache can have significant negative " "impact on SSSD's performance." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1255 +#: sssd.conf.5.xml:1256 #, fuzzy #| msgid "enum_cache_timeout (integer)" msgid "memcache_size_group (integer)" msgstr "enum_cache_timeout (entier)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1258 +#: sssd.conf.5.xml:1259 msgid "" "Size (in megabytes) of the data table allocated inside fast in-memory cache " "for group requests. Setting the size to 0 will disable the group in-memory " @@ -1750,21 +1750,21 @@ msgid "" msgstr "" #. type: Content of: <variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1264 sssd.conf.5.xml:1316 sssd.conf.5.xml:3729 +#: sssd.conf.5.xml:1265 sssd.conf.5.xml:1317 sssd.conf.5.xml:3730 #: sssd-ldap.5.xml:473 sssd-ldap.5.xml:525 include/failover.xml:116 #: include/krb5_options.xml:11 msgid "Default: 6" msgstr "Par défaut : 6" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1280 +#: sssd.conf.5.xml:1281 #, fuzzy #| msgid "enum_cache_timeout (integer)" msgid "memcache_size_initgroups (integer)" msgstr "enum_cache_timeout (entier)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1283 +#: sssd.conf.5.xml:1284 msgid "" "Size (in megabytes) of the data table allocated inside fast in-memory cache " "for initgroups requests. Setting the size to 0 will disable the initgroups " @@ -1772,14 +1772,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1305 +#: sssd.conf.5.xml:1306 #, fuzzy #| msgid "enum_cache_timeout (integer)" msgid "memcache_size_sid (integer)" msgstr "enum_cache_timeout (entier)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1308 +#: sssd.conf.5.xml:1309 msgid "" "Size (in megabytes) of the data table allocated inside fast in-memory cache " "for SID related requests. Only SID-by-ID and ID-by-SID requests are " @@ -1788,12 +1788,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1332 sssd-ifp.5.xml:90 +#: sssd.conf.5.xml:1333 sssd-ifp.5.xml:90 msgid "user_attributes (string)" msgstr "user_attributes (chaîne)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1335 +#: sssd.conf.5.xml:1336 msgid "" "Some of the additional NSS responder requests can return more attributes " "than just the POSIX ones defined by the NSS interface. The list of " @@ -1804,38 +1804,38 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1348 +#: sssd.conf.5.xml:1349 msgid "" "To make configuration more easy the NSS responder will check the InfoPipe " "option if it is not set for the NSS responder." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1353 +#: sssd.conf.5.xml:1354 msgid "Default: not set, fallback to InfoPipe option" msgstr "Par défaut : non défini, repli sur l'option InfoPipe" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1358 +#: sssd.conf.5.xml:1359 msgid "pwfield (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1361 +#: sssd.conf.5.xml:1362 msgid "" "The value that NSS operations that return users or groups will return for " "the <quote>password</quote> field." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1366 +#: sssd.conf.5.xml:1367 #, fuzzy #| msgid "Default: <quote>permit</quote>" msgid "Default: <quote>*</quote>" msgstr "Par défaut : <quote>permit</quote>" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1369 +#: sssd.conf.5.xml:1370 #, fuzzy #| msgid "This option can also be set per-domain." msgid "" @@ -1844,7 +1844,7 @@ msgid "" msgstr "Cette option peut aussi être définie pour chaque domaine." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1373 +#: sssd.conf.5.xml:1374 msgid "" "Default: <quote>not set</quote> (remote domains), <phrase " "condition=\"with_files_provider\"> <quote>x</quote> (the files domain), </" @@ -1853,12 +1853,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:1385 +#: sssd.conf.5.xml:1386 msgid "PAM configuration options" msgstr "Options de configuration de PAM" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:1387 +#: sssd.conf.5.xml:1388 msgid "" "These options can be used to configure the Pluggable Authentication Module " "(PAM) service." @@ -1867,12 +1867,12 @@ msgstr "" "Module (PAM)." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1392 +#: sssd.conf.5.xml:1393 msgid "offline_credentials_expiration (integer)" msgstr "offline_credentials_expiration (entier)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1395 +#: sssd.conf.5.xml:1396 msgid "" "If the authentication provider is offline, how long should we allow cached " "logins (in days since the last successful online login)." @@ -1882,17 +1882,17 @@ msgstr "" "connexion réussie)." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1400 sssd.conf.5.xml:1413 +#: sssd.conf.5.xml:1401 sssd.conf.5.xml:1414 msgid "Default: 0 (No limit)" msgstr "Par défaut : 0 (pas de limite)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1406 +#: sssd.conf.5.xml:1407 msgid "offline_failed_login_attempts (integer)" msgstr "offline_failed_login_attempts (entier)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1409 +#: sssd.conf.5.xml:1410 msgid "" "If the authentication provider is offline, how many failed login attempts " "are allowed." @@ -1901,12 +1901,12 @@ msgstr "" "échouées sont autorisées." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1419 +#: sssd.conf.5.xml:1420 msgid "offline_failed_login_delay (integer)" msgstr "offline_failed_login_delay (entier)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1422 +#: sssd.conf.5.xml:1423 msgid "" "The time in minutes which has to pass after offline_failed_login_attempts " "has been reached before a new login attempt is possible." @@ -1916,7 +1916,7 @@ msgstr "" "soit possible." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1427 +#: sssd.conf.5.xml:1428 msgid "" "If set to 0 the user cannot authenticate offline if " "offline_failed_login_attempts has been reached. Only a successful online " @@ -1927,17 +1927,17 @@ msgstr "" "connexion réussie en ligne peut réactiver l'authentification." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1433 sssd.conf.5.xml:1543 +#: sssd.conf.5.xml:1434 sssd.conf.5.xml:1544 msgid "Default: 5" msgstr "Par défaut : 5" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1439 +#: sssd.conf.5.xml:1440 msgid "pam_verbosity (integer)" msgstr "pam_verbosity (entier)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1442 +#: sssd.conf.5.xml:1443 msgid "" "Controls what kind of messages are shown to the user during authentication. " "The higher the number to more messages are displayed." @@ -1947,46 +1947,46 @@ msgstr "" "affichés sera important." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1447 +#: sssd.conf.5.xml:1448 msgid "Currently sssd supports the following values:" msgstr "Actuellement sssd supporte les valeurs suivantes :" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1450 +#: sssd.conf.5.xml:1451 msgid "<emphasis>0</emphasis>: do not show any message" msgstr "<emphasis>0</emphasis> : ne pas afficher de message" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1453 +#: sssd.conf.5.xml:1454 msgid "<emphasis>1</emphasis>: show only important messages" msgstr "<emphasis>1</emphasis> : afficher seulement les messages importants" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1457 +#: sssd.conf.5.xml:1458 msgid "<emphasis>2</emphasis>: show informational messages" msgstr "<emphasis>2</emphasis> : afficher les messages d'information" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1460 +#: sssd.conf.5.xml:1461 msgid "<emphasis>3</emphasis>: show all messages and debug information" msgstr "" "<emphasis>3</emphasis> : afficher tous les messages et informations de " "débogage" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1464 sssd.8.xml:63 +#: sssd.conf.5.xml:1465 sssd.8.xml:63 msgid "Default: 1" msgstr "Par défaut : 1" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1470 +#: sssd.conf.5.xml:1471 #, fuzzy #| msgid "ad_access_filter (string)" msgid "pam_response_filter (string)" msgstr "ad_access_filter (chaîne)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1473 +#: sssd.conf.5.xml:1474 msgid "" "A comma separated list of strings which allows to remove (filter) data sent " "by the PAM responder to pam_sss PAM module. There are different kind of " @@ -1995,51 +1995,51 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1481 +#: sssd.conf.5.xml:1482 msgid "" "While messages already can be controlled with the help of the pam_verbosity " "option this option allows to filter out other kind of responses as well." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1488 +#: sssd.conf.5.xml:1489 msgid "ENV" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1489 +#: sssd.conf.5.xml:1490 msgid "Do not send any environment variables to any service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1492 +#: sssd.conf.5.xml:1493 msgid "ENV:var_name" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1493 +#: sssd.conf.5.xml:1494 msgid "Do not send environment variable var_name to any service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1497 +#: sssd.conf.5.xml:1498 msgid "ENV:var_name:service" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1498 +#: sssd.conf.5.xml:1499 msgid "Do not send environment variable var_name to service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1486 +#: sssd.conf.5.xml:1487 msgid "" "Currently the following filters are supported: <placeholder " "type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1505 +#: sssd.conf.5.xml:1506 msgid "" "The list of strings can either be the list of filters which would set this " "list of filters and overwrite the defaults. Or each element of the list can " @@ -2050,23 +2050,23 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1516 +#: sssd.conf.5.xml:1517 msgid "Default: ENV:KRB5CCNAME:sudo, ENV:KRB5CCNAME:sudo-i" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1519 +#: sssd.conf.5.xml:1520 msgid "" "Example: -ENV:KRB5CCNAME:sudo-i will remove the filter from the default list" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1526 +#: sssd.conf.5.xml:1527 msgid "pam_id_timeout (integer)" msgstr "pam_id_timeout (entier)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1529 +#: sssd.conf.5.xml:1530 msgid "" "For any PAM request while SSSD is online, the SSSD will attempt to " "immediately update the cached identity information for the user in order to " @@ -2078,7 +2078,7 @@ msgstr "" "les dernières informations." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1535 +#: sssd.conf.5.xml:1536 msgid "" "A complete PAM conversation may perform multiple PAM requests, such as " "account management and session opening. This option controls (on a per-" @@ -2092,17 +2092,17 @@ msgstr "" "fournisseur d'identité." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1549 +#: sssd.conf.5.xml:1550 msgid "pam_pwd_expiration_warning (integer)" msgstr "pam_pwd_expiration_warning (entier)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1552 sssd.conf.5.xml:2987 +#: sssd.conf.5.xml:1553 sssd.conf.5.xml:2988 msgid "Display a warning N days before the password expires." msgstr "Afficher une alerte N jours avant l'expiration du mot de passe." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1555 +#: sssd.conf.5.xml:1556 msgid "" "Please note that the backend server has to provide information about the " "expiration time of the password. If this information is missing, sssd " @@ -2113,7 +2113,7 @@ msgstr "" "ne peut afficher de message d'alerte." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1561 sssd.conf.5.xml:2990 +#: sssd.conf.5.xml:1562 sssd.conf.5.xml:2991 msgid "" "If zero is set, then this filter is not applied, i.e. if the expiration " "warning was received from backend server, it will automatically be displayed." @@ -2123,7 +2123,7 @@ msgstr "" "sera automatiquement affiché." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1566 +#: sssd.conf.5.xml:1567 msgid "" "This setting can be overridden by setting <emphasis>pwd_expiration_warning</" "emphasis> for a particular domain." @@ -2132,17 +2132,17 @@ msgstr "" "<emphasis>pwd_expiration_warning</emphasis> pour un domaine particulier." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1571 sssd.conf.5.xml:3976 sssd-ldap.5.xml:606 sssd.8.xml:79 +#: sssd.conf.5.xml:1572 sssd.conf.5.xml:3977 sssd-ldap.5.xml:606 sssd.8.xml:79 msgid "Default: 0" msgstr "Par défaut : 0" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1588 +#: sssd.conf.5.xml:1589 msgid "pam_trusted_users (string)" msgstr "pam_trusted_users (chaîne)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1591 +#: sssd.conf.5.xml:1592 msgid "" "Specifies the comma-separated list of UID values or user names that are " "allowed to run PAM conversations against trusted domains. Users not " @@ -2152,37 +2152,37 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1601 +#: sssd.conf.5.xml:1602 msgid "Default: All users are considered trusted by default" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1605 +#: sssd.conf.5.xml:1606 msgid "" "Please note that UID 0 is always allowed to access the PAM responder even in " "case it is not in the pam_trusted_users list." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1612 +#: sssd.conf.5.xml:1613 msgid "pam_public_domains (string)" msgstr "pam_public_domains (chaîne)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1615 +#: sssd.conf.5.xml:1616 msgid "" "Specifies the comma-separated list of domain names that are accessible even " "to untrusted users." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1619 +#: sssd.conf.5.xml:1620 msgid "Two special values for pam_public_domains option are defined:" msgstr "" "Deux valeurs spéciales pour l'option pam_public_domains sont définies :" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1623 +#: sssd.conf.5.xml:1624 msgid "" "all (Untrusted users are allowed to access all domains in PAM responder.)" msgstr "" @@ -2190,7 +2190,7 @@ msgstr "" "à tous les domaines PAM dans le répondeur.)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1627 +#: sssd.conf.5.xml:1628 msgid "" "none (Untrusted users are not allowed to access any domains PAM in " "responder.)" @@ -2199,33 +2199,33 @@ msgstr "" "autorisés à accéder à un des domaines PAM dans le répondeur.)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1631 sssd.conf.5.xml:1656 sssd.conf.5.xml:1675 -#: sssd.conf.5.xml:1912 sssd.conf.5.xml:2732 sssd.conf.5.xml:3905 +#: sssd.conf.5.xml:1632 sssd.conf.5.xml:1657 sssd.conf.5.xml:1676 +#: sssd.conf.5.xml:1913 sssd.conf.5.xml:2733 sssd.conf.5.xml:3906 #: sssd-ldap.5.xml:1207 msgid "Default: none" msgstr "Par défaut : aucun" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1636 +#: sssd.conf.5.xml:1637 msgid "pam_account_expired_message (string)" msgstr "pam_account_expired_message (chaîne)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1639 +#: sssd.conf.5.xml:1640 msgid "" "Allows a custom expiration message to be set, replacing the default " "'Permission denied' message." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1644 +#: sssd.conf.5.xml:1645 msgid "" "Note: Please be aware that message is only printed for the SSH service " "unless pam_verbosity is set to 3 (show all messages and debug information)." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1652 +#: sssd.conf.5.xml:1653 #, no-wrap msgid "" "pam_account_expired_message = Account expired, please contact help desk.\n" @@ -2233,19 +2233,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1661 +#: sssd.conf.5.xml:1662 msgid "pam_account_locked_message (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1664 +#: sssd.conf.5.xml:1665 msgid "" "Allows a custom lockout message to be set, replacing the default 'Permission " "denied' message." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1671 +#: sssd.conf.5.xml:1672 #, no-wrap msgid "" "pam_account_locked_message = Account locked, please contact help desk.\n" @@ -2253,19 +2253,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1680 +#: sssd.conf.5.xml:1681 #, fuzzy #| msgid "ldap_chpass_update_last_change (bool)" msgid "pam_passkey_auth (bool)" msgstr "ldap_chpass_update_last_change (bool)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1683 +#: sssd.conf.5.xml:1684 msgid "Enable passkey device based authentication." msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1686 sssd.conf.5.xml:1697 sssd.conf.5.xml:1711 +#: sssd.conf.5.xml:1687 sssd.conf.5.xml:1698 sssd.conf.5.xml:1712 #: sssd-ldap.5.xml:671 sssd-ldap.5.xml:692 sssd-ldap.5.xml:788 #: sssd-ldap.5.xml:1293 sssd-ad.5.xml:505 sssd-ad.5.xml:581 sssd-ad.5.xml:1126 #: sssd-ad.5.xml:1175 include/ldap_id_mapping.xml:250 @@ -2273,22 +2273,22 @@ msgid "Default: False" msgstr "Par défaut : False" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1691 +#: sssd.conf.5.xml:1692 msgid "passkey_debug_libfido2 (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1694 +#: sssd.conf.5.xml:1695 msgid "Enable libfido2 library debug messages." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1702 +#: sssd.conf.5.xml:1703 msgid "pam_cert_auth (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1705 +#: sssd.conf.5.xml:1706 msgid "" "Enable certificate based Smartcard authentication. Since this requires " "additional communication with the Smartcard which will delay the " @@ -2296,36 +2296,36 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1716 +#: sssd.conf.5.xml:1717 msgid "pam_cert_db_path (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1719 +#: sssd.conf.5.xml:1720 msgid "The path to the certificate database." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1722 sssd.conf.5.xml:2247 sssd.conf.5.xml:4308 +#: sssd.conf.5.xml:1723 sssd.conf.5.xml:2248 sssd.conf.5.xml:4354 msgid "Default:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1724 sssd.conf.5.xml:2249 +#: sssd.conf.5.xml:1725 sssd.conf.5.xml:2250 msgid "" "/etc/sssd/pki/sssd_auth_ca_db.pem (path to a file with trusted CA " "certificates in PEM format)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1734 +#: sssd.conf.5.xml:1735 #, fuzzy #| msgid "ldap_user_certificate (string)" msgid "pam_cert_verification (string)" msgstr "ldap_user_certificate (chaîne)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1737 +#: sssd.conf.5.xml:1738 msgid "" "With this parameter the PAM certificate verification can be tuned with a " "comma separated list of options that override the " @@ -2335,7 +2335,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1748 +#: sssd.conf.5.xml:1749 #, fuzzy, no-wrap #| msgid "" #| "subdomain_inherit = ldap_purge_cache_timeout\n" @@ -2348,61 +2348,61 @@ msgstr "" " " #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1752 +#: sssd.conf.5.xml:1753 msgid "" "Default: not set, i.e. use default <quote>certificate_verification</quote> " "option defined in <quote>[sssd]</quote> section." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1759 +#: sssd.conf.5.xml:1760 msgid "p11_child_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1762 +#: sssd.conf.5.xml:1763 msgid "How many seconds will pam_sss wait for p11_child to finish." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1771 +#: sssd.conf.5.xml:1772 #, fuzzy #| msgid "pam_id_timeout (integer)" msgid "passkey_child_timeout (integer)" msgstr "pam_id_timeout (entier)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1774 +#: sssd.conf.5.xml:1775 msgid "" "How many seconds will the PAM responder wait for passkey_child to finish." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1783 +#: sssd.conf.5.xml:1784 msgid "pam_app_services (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1786 +#: sssd.conf.5.xml:1787 msgid "" "Which PAM services are permitted to contact domains of type " "<quote>application</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1795 +#: sssd.conf.5.xml:1796 msgid "pam_p11_allowed_services (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1798 +#: sssd.conf.5.xml:1799 msgid "" "A comma-separated list of PAM service names for which it will be allowed to " "use Smartcards." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1813 +#: sssd.conf.5.xml:1814 #, no-wrap msgid "" "pam_p11_allowed_services = +my_pam_service, -login\n" @@ -2410,7 +2410,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1802 +#: sssd.conf.5.xml:1803 msgid "" "It is possible to add another PAM service name to the default set by using " "<quote>+service_name</quote> or to explicitly remove a PAM service name from " @@ -2422,63 +2422,63 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1817 sssd-ad.5.xml:644 sssd-ad.5.xml:753 sssd-ad.5.xml:811 +#: sssd.conf.5.xml:1818 sssd-ad.5.xml:644 sssd-ad.5.xml:753 sssd-ad.5.xml:811 #: sssd-ad.5.xml:869 sssd-ad.5.xml:947 msgid "Default: the default set of PAM service names includes:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1822 sssd-ad.5.xml:648 +#: sssd.conf.5.xml:1823 sssd-ad.5.xml:648 msgid "login" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1827 sssd-ad.5.xml:653 +#: sssd.conf.5.xml:1828 sssd-ad.5.xml:653 msgid "su" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1832 sssd-ad.5.xml:658 +#: sssd.conf.5.xml:1833 sssd-ad.5.xml:658 msgid "su-l" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1837 sssd-ad.5.xml:673 +#: sssd.conf.5.xml:1838 sssd-ad.5.xml:673 msgid "gdm-smartcard" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1842 sssd-ad.5.xml:668 +#: sssd.conf.5.xml:1843 sssd-ad.5.xml:668 msgid "gdm-password" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1847 sssd-ad.5.xml:678 +#: sssd.conf.5.xml:1848 sssd-ad.5.xml:678 msgid "kdm" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1852 sssd-ad.5.xml:956 +#: sssd.conf.5.xml:1853 sssd-ad.5.xml:956 msgid "sudo" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1857 sssd-ad.5.xml:961 +#: sssd.conf.5.xml:1858 sssd-ad.5.xml:961 msgid "sudo-i" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1862 +#: sssd.conf.5.xml:1863 msgid "gnome-screensaver" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1870 +#: sssd.conf.5.xml:1871 msgid "p11_wait_for_card_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1873 +#: sssd.conf.5.xml:1874 msgid "" "If Smartcard authentication is required how many extra seconds in addition " "to p11_child_timeout should the PAM responder wait until a Smartcard is " @@ -2486,12 +2486,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1884 +#: sssd.conf.5.xml:1885 msgid "p11_uri (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1887 +#: sssd.conf.5.xml:1888 msgid "" "PKCS#11 URI (see RFC-7512 for details) which can be used to restrict the " "selection of devices used for Smartcard authentication. By default SSSD's " @@ -2502,7 +2502,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1900 +#: sssd.conf.5.xml:1901 #, no-wrap msgid "" "p11_uri = pkcs11:slot-description=My%20Smartcard%20Reader\n" @@ -2510,7 +2510,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1904 +#: sssd.conf.5.xml:1905 #, no-wrap msgid "" "p11_uri = pkcs11:library-description=OpenSC%20smartcard%20framework;slot-id=2\n" @@ -2518,7 +2518,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1898 +#: sssd.conf.5.xml:1899 msgid "" "Example: <placeholder type=\"programlisting\" id=\"0\"/> or <placeholder " "type=\"programlisting\" id=\"1\"/> To find suitable URI please check the " @@ -2527,47 +2527,47 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1917 +#: sssd.conf.5.xml:1918 msgid "pam_initgroups_scheme" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1925 +#: sssd.conf.5.xml:1926 msgid "always" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1926 +#: sssd.conf.5.xml:1927 msgid "" "Always do an online lookup, please note that pam_id_timeout still applies" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1930 +#: sssd.conf.5.xml:1931 msgid "no_session" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1931 +#: sssd.conf.5.xml:1932 msgid "" "Only do an online lookup if there is no active session of the user, i.e. if " "the user is currently not logged in" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1936 +#: sssd.conf.5.xml:1937 msgid "never" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1937 +#: sssd.conf.5.xml:1938 msgid "" "Never force an online lookup, use the data from the cache as long as they " "are not expired" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1920 +#: sssd.conf.5.xml:1921 msgid "" "The PAM responder can force an online lookup to get the current group " "memberships of the user trying to log in. This option controls when this " @@ -2576,19 +2576,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1944 +#: sssd.conf.5.xml:1945 msgid "Default: no_session" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1949 sssd.conf.5.xml:4247 +#: sssd.conf.5.xml:1950 sssd.conf.5.xml:4293 #, fuzzy #| msgid "ad_gpo_map_service (string)" msgid "pam_gssapi_services" msgstr "ad_gpo_map_service (chaîne)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1952 +#: sssd.conf.5.xml:1953 #, fuzzy #| msgid "Comma separated list of users who are allowed to log in." msgid "" @@ -2598,13 +2598,13 @@ msgstr "" "Liste séparée par des virgules d'utilisateurs autorisés à se connecter." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1957 +#: sssd.conf.5.xml:1958 msgid "" "To disable GSSAPI authentication, set this option to <quote>-</quote> (dash)." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1961 sssd.conf.5.xml:1992 sssd.conf.5.xml:2030 +#: sssd.conf.5.xml:1962 sssd.conf.5.xml:1993 sssd.conf.5.xml:2031 msgid "" "Note: This option can also be set per-domain which overwrites the value in " "[pam] section. It can also be set for trusted domain which overwrites the " @@ -2612,7 +2612,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1969 +#: sssd.conf.5.xml:1970 #, fuzzy, no-wrap #| msgid "" #| "fallback_homedir = /home/%u\n" @@ -2625,22 +2625,22 @@ msgstr "" " " #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1967 sssd.conf.5.xml:3899 +#: sssd.conf.5.xml:1968 sssd.conf.5.xml:3900 msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>" msgstr "Exemple : <placeholder type=\"programlisting\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1973 +#: sssd.conf.5.xml:1974 msgid "Default: - (GSSAPI authentication is disabled)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1978 sssd.conf.5.xml:4248 +#: sssd.conf.5.xml:1979 sssd.conf.5.xml:4294 msgid "pam_gssapi_check_upn" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1981 +#: sssd.conf.5.xml:1982 msgid "" "If True, SSSD will require that the Kerberos user principal that " "successfully authenticated through GSSAPI can be associated with the user " @@ -2648,25 +2648,25 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1988 +#: sssd.conf.5.xml:1989 msgid "" "If False, every user that is able to obtained required service ticket will " "be authenticated." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1998 sssd-ad.5.xml:1266 sss_rpcidmapd.5.xml:76 +#: sssd.conf.5.xml:1999 sssd-ad.5.xml:1266 sss_rpcidmapd.5.xml:76 #: sssd-files.5.xml:145 msgid "Default: True" msgstr "Par défaut : True" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2003 +#: sssd.conf.5.xml:2004 msgid "pam_gssapi_indicators_map" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2006 +#: sssd.conf.5.xml:2007 msgid "" "Comma separated list of authentication indicators required to be present in " "a Kerberos ticket to access a PAM service that is allowed to try GSSAPI " @@ -2674,7 +2674,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2012 +#: sssd.conf.5.xml:2013 msgid "" "Each element of the list can be either an authentication indicator name or a " "pair <quote>service:indicator</quote>. Indicators not prefixed with the PAM " @@ -2689,7 +2689,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2025 +#: sssd.conf.5.xml:2026 msgid "" "To disable GSSAPI authentication indicator check, set this option to <quote>-" "</quote> (dash). To disable the check for a specific PAM service, add " @@ -2697,45 +2697,45 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2036 +#: sssd.conf.5.xml:2037 msgid "" "Following authentication indicators are supported by IPA Kerberos " "deployments:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2039 +#: sssd.conf.5.xml:2040 msgid "" "pkinit -- pre-authentication using X.509 certificates -- whether stored in " "files or on smart cards." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2042 +#: sssd.conf.5.xml:2043 msgid "" "hardened -- SPAKE pre-authentication or any pre-authentication wrapped in a " "FAST channel." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2045 +#: sssd.conf.5.xml:2046 msgid "radius -- pre-authentication with the help of a RADIUS server." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2048 +#: sssd.conf.5.xml:2049 msgid "" "otp -- pre-authentication using integrated two-factor authentication (2FA or " "one-time password, OTP) in IPA." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2051 +#: sssd.conf.5.xml:2052 msgid "idp -- pre-authentication using external identity provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:2061 +#: sssd.conf.5.xml:2062 #, no-wrap msgid "" "pam_gssapi_indicators_map = sudo:pkinit, sudo-i:pkinit\n" @@ -2743,7 +2743,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2056 +#: sssd.conf.5.xml:2057 msgid "" "Example: to require access to SUDO services only for users which obtained " "their Kerberos tickets with a X.509 certificate pre-authentication (PKINIT), " @@ -2751,7 +2751,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2065 +#: sssd.conf.5.xml:2066 #, fuzzy #| msgid "Default: not set (no substitution for unset home directories)" msgid "Default: not set (use of authentication indicators is not required)" @@ -2760,12 +2760,12 @@ msgstr "" "non définis)" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:2073 +#: sssd.conf.5.xml:2074 msgid "SUDO configuration options" msgstr "Options de configuration de SUDO" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2075 +#: sssd.conf.5.xml:2076 msgid "" "These options can be used to configure the sudo service. The detailed " "instructions for configuration of <citerefentry> <refentrytitle>sudo</" @@ -2782,12 +2782,12 @@ msgstr "" "sudo</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2092 +#: sssd.conf.5.xml:2093 msgid "sudo_timed (bool)" msgstr "sudo_timed (booléen)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2095 +#: sssd.conf.5.xml:2096 msgid "" "Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes " "that implement time-dependent sudoers entries." @@ -2796,12 +2796,12 @@ msgstr "" "les entrées sudoers sensibles au temps." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2107 +#: sssd.conf.5.xml:2108 msgid "sudo_threshold (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2110 +#: sssd.conf.5.xml:2111 msgid "" "Maximum number of expired rules that can be refreshed at once. If number of " "expired rules is below threshold, those rules are refreshed with " @@ -2811,22 +2811,22 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:2129 +#: sssd.conf.5.xml:2130 msgid "AUTOFS configuration options" msgstr "Options de configuration AUTOFS" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2131 +#: sssd.conf.5.xml:2132 msgid "These options can be used to configure the autofs service." msgstr "Ces options peuvent être utilisées pour configurer le service autofs." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2135 +#: sssd.conf.5.xml:2136 msgid "autofs_negative_timeout (integer)" msgstr "autofs_negative_timeout (entier)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2138 +#: sssd.conf.5.xml:2139 msgid "" "Specifies for how many seconds should the autofs responder negative cache " "hits (that is, queries for invalid map entries, like nonexistent ones) " @@ -2838,23 +2838,23 @@ msgstr "" "moteur." #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:2154 +#: sssd.conf.5.xml:2155 msgid "SSH configuration options" msgstr "Options de configuration SSH" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2156 +#: sssd.conf.5.xml:2157 msgid "These options can be used to configure the SSH service." msgstr "" "Les options suivantes peuvent être utilisées pour configurer le service SSH." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2160 +#: sssd.conf.5.xml:2161 msgid "ssh_hash_known_hosts (bool)" msgstr "ssh_hash_known_hosts (bool)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2163 +#: sssd.conf.5.xml:2164 msgid "" "Whether or not to hash host names and addresses in the managed known_hosts " "file." @@ -2862,12 +2862,12 @@ msgstr "" "Condenser ou non les noms de systèmes et adresses du fichier known_hosts" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2172 +#: sssd.conf.5.xml:2173 msgid "ssh_known_hosts_timeout (integer)" msgstr "ssh_known_hosts_timeout (integer)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2175 +#: sssd.conf.5.xml:2176 msgid "" "How many seconds to keep a host in the managed known_hosts file after its " "host keys were requested." @@ -2876,17 +2876,17 @@ msgstr "" "known_hosts géré après que ses clés de système ont été demandés." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2179 +#: sssd.conf.5.xml:2180 msgid "Default: 180" msgstr "Par défaut : 180" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2184 +#: sssd.conf.5.xml:2185 msgid "ssh_use_certificate_keys (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2187 +#: sssd.conf.5.xml:2188 msgid "" "If set to true the <command>sss_ssh_authorizedkeys</command> will return ssh " "keys derived from the public key of X.509 certificates stored in the user " @@ -2895,12 +2895,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2202 +#: sssd.conf.5.xml:2203 msgid "ssh_use_certificate_matching_rules (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2205 +#: sssd.conf.5.xml:2206 msgid "" "By default the ssh responder will use all available certificate matching " "rules to filter the certificates so that ssh keys are only derived from the " @@ -2910,7 +2910,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2214 +#: sssd.conf.5.xml:2215 msgid "" "There are two special key words 'all_rules' and 'no_rules' which will enable " "all or no rules, respectively. The latter means that no certificates will be " @@ -2918,7 +2918,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2221 +#: sssd.conf.5.xml:2222 msgid "" "If no rules are configured using 'all_rules' will enable a default rule " "which enables all certificates suitable for client authentication. This is " @@ -2927,38 +2927,38 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2228 +#: sssd.conf.5.xml:2229 msgid "" "A non-existing rule name is considered an error. If as a result no rule is " "selected all certificates will be ignored." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2233 +#: sssd.conf.5.xml:2234 msgid "" "Default: not set, equivalent to 'all_rules', all found rules or the default " "rule are used" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2239 +#: sssd.conf.5.xml:2240 msgid "ca_db (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2242 +#: sssd.conf.5.xml:2243 msgid "" "Path to a storage of trusted CA certificates. The option is used to validate " "user certificates before deriving public ssh keys from them." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:2262 +#: sssd.conf.5.xml:2263 msgid "PAC responder configuration options" msgstr "Options de configuration du répondeur PAC" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2264 +#: sssd.conf.5.xml:2265 msgid "" "The PAC responder works together with the authorization data plugin for MIT " "Kerberos sssd_pac_plugin.so and a sub-domain provider. The plugin sends the " @@ -2969,7 +2969,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2273 +#: sssd.conf.5.xml:2274 msgid "" "If the remote user does not exist in the cache, it is created. The UID is " "determined with the help of the SID, trusted domains will have UPGs and the " @@ -2980,7 +2980,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2281 +#: sssd.conf.5.xml:2282 msgid "" "If there are SIDs of groups from domains sssd knows about, the user will be " "added to those groups." @@ -2989,19 +2989,19 @@ msgstr "" "ajouté à ces groupes." #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2287 +#: sssd.conf.5.xml:2288 msgid "These options can be used to configure the PAC responder." msgstr "" "Les options suivantes peuvent être utilisées pour configurer le répondeur " "PAC." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2291 sssd-ifp.5.xml:66 +#: sssd.conf.5.xml:2292 sssd-ifp.5.xml:66 msgid "allowed_uids (string)" msgstr "allowed_uids (string)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2294 +#: sssd.conf.5.xml:2295 msgid "" "Specifies the comma-separated list of UID values or user names that are " "allowed to access the PAC responder. User names are resolved to UIDs at " @@ -3012,14 +3012,14 @@ msgstr "" "seront résolus en UID au démarrage." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2300 +#: sssd.conf.5.xml:2301 msgid "Default: 0 (only the root user is allowed to access the PAC responder)" msgstr "" "Par défaut : 0 (seul l'utilisateur root est autorisé à accéder au répondeur " "PAC)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2304 +#: sssd.conf.5.xml:2305 msgid "" "Please note that although the UID 0 is used as the default it will be " "overwritten with this option. If you still want to allow the root user to " @@ -3032,26 +3032,26 @@ msgstr "" "0 à la liste des UID d'utilisateurs autorisés." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2313 +#: sssd.conf.5.xml:2314 msgid "pac_lifetime (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2316 +#: sssd.conf.5.xml:2317 msgid "" "Lifetime of the PAC entry in seconds. As long as the PAC is valid the PAC " "data can be used to determine the group memberships of a user." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2326 +#: sssd.conf.5.xml:2327 #, fuzzy #| msgid "ldap_schema (string)" msgid "pac_check (string)" msgstr "ldap_schema (chaîne)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2329 +#: sssd.conf.5.xml:2330 msgid "" "Apply additional checks on the PAC of the Kerberos ticket which is available " "in Active Directory and FreeIPA domains, if configured. Please note that " @@ -3062,24 +3062,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2343 +#: sssd.conf.5.xml:2344 msgid "no_check" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2345 +#: sssd.conf.5.xml:2346 msgid "" "The PAC must not be present and even if it is present no additional checks " "will be done." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2351 +#: sssd.conf.5.xml:2352 msgid "pac_present" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2353 +#: sssd.conf.5.xml:2354 msgid "" "The PAC must be present in the service ticket which SSSD will request with " "the help of the user's TGT. If the PAC is not available the authentication " @@ -3087,24 +3087,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2361 +#: sssd.conf.5.xml:2362 msgid "check_upn" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2363 +#: sssd.conf.5.xml:2364 msgid "" "If the PAC is present check if the user principal name (UPN) information is " "consistent." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2369 +#: sssd.conf.5.xml:2370 msgid "check_upn_allow_missing" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2371 +#: sssd.conf.5.xml:2372 msgid "" "This option should be used together with 'check_upn' and handles the case " "where a UPN is set on the server-side but is not read by SSSD. The typical " @@ -3116,7 +3116,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2383 +#: sssd.conf.5.xml:2384 msgid "" "Currently this option is set by default to avoid regressions in such " "environments. A log message will be added to the system log and SSSD's debug " @@ -3127,41 +3127,41 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2397 +#: sssd.conf.5.xml:2398 msgid "upn_dns_info_present" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2399 +#: sssd.conf.5.xml:2400 msgid "The PAC must contain the UPN-DNS-INFO buffer, implies 'check_upn'." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2404 +#: sssd.conf.5.xml:2405 msgid "check_upn_dns_info_ex" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2406 +#: sssd.conf.5.xml:2407 msgid "" "If the PAC is present and the extension to the UPN-DNS-INFO buffer is " "available check if the information in the extension is consistent." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2413 +#: sssd.conf.5.xml:2414 msgid "upn_dns_info_ex_present" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2415 +#: sssd.conf.5.xml:2416 msgid "" "The PAC must contain the extension of the UPN-DNS-INFO buffer, implies " "'check_upn_dns_info_ex', 'upn_dns_info_present' and 'check_upn'." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2339 +#: sssd.conf.5.xml:2340 #, fuzzy #| msgid "" #| "The following expansions are supported: <placeholder " @@ -3174,19 +3174,19 @@ msgstr "" "type=\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2425 +#: sssd.conf.5.xml:2426 msgid "" "Default: no_check (AD and IPA provider 'check_upn, check_upn_allow_missing, " "check_upn_dns_info_ex')" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:2434 +#: sssd.conf.5.xml:2435 msgid "Session recording configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2436 +#: sssd.conf.5.xml:2437 msgid "" "Session recording works in conjunction with <citerefentry> " "<refentrytitle>tlog-rec-session</refentrytitle> <manvolnum>8</manvolnum> </" @@ -3196,66 +3196,66 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2449 +#: sssd.conf.5.xml:2450 msgid "These options can be used to configure session recording." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2453 sssd-session-recording.5.xml:64 +#: sssd.conf.5.xml:2454 sssd-session-recording.5.xml:64 msgid "scope (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2460 sssd-session-recording.5.xml:71 +#: sssd.conf.5.xml:2461 sssd-session-recording.5.xml:71 msgid "\"none\"" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2463 sssd-session-recording.5.xml:74 +#: sssd.conf.5.xml:2464 sssd-session-recording.5.xml:74 msgid "No users are recorded." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2468 sssd-session-recording.5.xml:79 +#: sssd.conf.5.xml:2469 sssd-session-recording.5.xml:79 msgid "\"some\"" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2471 sssd-session-recording.5.xml:82 +#: sssd.conf.5.xml:2472 sssd-session-recording.5.xml:82 msgid "" "Users/groups specified by <replaceable>users</replaceable> and " "<replaceable>groups</replaceable> options are recorded." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2480 sssd-session-recording.5.xml:91 +#: sssd.conf.5.xml:2481 sssd-session-recording.5.xml:91 msgid "\"all\"" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2483 sssd-session-recording.5.xml:94 +#: sssd.conf.5.xml:2484 sssd-session-recording.5.xml:94 msgid "All users are recorded." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2456 sssd-session-recording.5.xml:67 +#: sssd.conf.5.xml:2457 sssd-session-recording.5.xml:67 msgid "" "One of the following strings specifying the scope of session recording: " "<placeholder type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2490 sssd-session-recording.5.xml:101 +#: sssd.conf.5.xml:2491 sssd-session-recording.5.xml:101 msgid "Default: \"none\"" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2495 sssd-session-recording.5.xml:106 +#: sssd.conf.5.xml:2496 sssd-session-recording.5.xml:106 msgid "users (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2498 sssd-session-recording.5.xml:109 +#: sssd.conf.5.xml:2499 sssd-session-recording.5.xml:109 msgid "" "A comma-separated list of users which should have session recording enabled. " "Matches user names as returned by NSS. I.e. after the possible space " @@ -3263,17 +3263,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2504 sssd-session-recording.5.xml:115 +#: sssd.conf.5.xml:2505 sssd-session-recording.5.xml:115 msgid "Default: Empty. Matches no users." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2509 sssd-session-recording.5.xml:120 +#: sssd.conf.5.xml:2510 sssd-session-recording.5.xml:120 msgid "groups (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2512 sssd-session-recording.5.xml:123 +#: sssd.conf.5.xml:2513 sssd-session-recording.5.xml:123 msgid "" "A comma-separated list of groups, members of which should have session " "recording enabled. Matches group names as returned by NSS. I.e. after the " @@ -3281,7 +3281,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2518 sssd.conf.5.xml:2550 sssd-session-recording.5.xml:129 +#: sssd.conf.5.xml:2519 sssd.conf.5.xml:2551 sssd-session-recording.5.xml:129 #: sssd-session-recording.5.xml:161 msgid "" "NOTE: using this option (having it set to anything) has a considerable " @@ -3290,64 +3290,64 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2525 sssd-session-recording.5.xml:136 +#: sssd.conf.5.xml:2526 sssd-session-recording.5.xml:136 msgid "Default: Empty. Matches no groups." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2530 sssd-session-recording.5.xml:141 +#: sssd.conf.5.xml:2531 sssd-session-recording.5.xml:141 #, fuzzy #| msgid "simple_deny_users (string)" msgid "exclude_users (string)" msgstr "simple_deny_users (chaîne)" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2533 sssd-session-recording.5.xml:144 +#: sssd.conf.5.xml:2534 sssd-session-recording.5.xml:144 msgid "" "A comma-separated list of users to be excluded from recording, only " "applicable with 'scope=all'." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2537 sssd-session-recording.5.xml:148 +#: sssd.conf.5.xml:2538 sssd-session-recording.5.xml:148 #, fuzzy #| msgid "Default: empty, i.e. ldap_uri is used." msgid "Default: Empty. No users excluded." msgstr "Par défaut : vide, ldap_uri est donc utilisé." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2542 sssd-session-recording.5.xml:153 +#: sssd.conf.5.xml:2543 sssd-session-recording.5.xml:153 #, fuzzy #| msgid "simple_deny_groups (string)" msgid "exclude_groups (string)" msgstr "simple_deny_groups (chaîne)" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2545 sssd-session-recording.5.xml:156 +#: sssd.conf.5.xml:2546 sssd-session-recording.5.xml:156 msgid "" "A comma-separated list of groups, members of which should be excluded from " "recording. Only applicable with 'scope=all'." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2557 sssd-session-recording.5.xml:168 +#: sssd.conf.5.xml:2558 sssd-session-recording.5.xml:168 #, fuzzy #| msgid "Default: empty, i.e. ldap_uri is used." msgid "Default: Empty. No groups excluded." msgstr "Par défaut : vide, ldap_uri est donc utilisé." #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:2567 +#: sssd.conf.5.xml:2568 msgid "DOMAIN SECTIONS" msgstr "SECTIONS DOMAINES" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2574 +#: sssd.conf.5.xml:2575 msgid "enabled" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2577 +#: sssd.conf.5.xml:2578 msgid "" "Explicitly enable or disable the domain. If <quote>true</quote>, the domain " "is always <quote>enabled</quote>. If <quote>false</quote>, the domain is " @@ -3357,12 +3357,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2589 +#: sssd.conf.5.xml:2590 msgid "domain_type (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2592 +#: sssd.conf.5.xml:2593 msgid "" "Specifies whether the domain is meant to be used by POSIX-aware clients such " "as the Name Service Switch or by applications that do not need POSIX data to " @@ -3371,14 +3371,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2600 +#: sssd.conf.5.xml:2601 msgid "" "Allowed values for this option are <quote>posix</quote> and " "<quote>application</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2604 +#: sssd.conf.5.xml:2605 msgid "" "POSIX domains are reachable by all services. Application domains are only " "reachable from the InfoPipe responder (see <citerefentry> " @@ -3387,31 +3387,31 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2612 +#: sssd.conf.5.xml:2613 msgid "" "NOTE: The application domains are currently well tested with " "<quote>id_provider=ldap</quote> only." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2616 +#: sssd.conf.5.xml:2617 msgid "" "For an easy way to configure a non-POSIX domains, please see the " "<quote>Application domains</quote> section." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2620 +#: sssd.conf.5.xml:2621 msgid "Default: posix" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2626 +#: sssd.conf.5.xml:2627 msgid "min_id,max_id (integer)" msgstr "min_id,max_id (entier)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2629 +#: sssd.conf.5.xml:2630 msgid "" "UID and GID limits for the domain. If a domain contains an entry that is " "outside these limits, it is ignored." @@ -3420,7 +3420,7 @@ msgstr "" "dehors de ces limites, elle est ignorée." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2634 +#: sssd.conf.5.xml:2635 msgid "" "For users, this affects the primary GID limit. The user will not be returned " "to NSS if either the UID or the primary GID is outside the range. For non-" @@ -3433,7 +3433,7 @@ msgstr "" "qui sont dans la plage seront rapportés comme prévu." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2641 +#: sssd.conf.5.xml:2642 msgid "" "These ID limits affect even saving entries to cache, not only returning them " "by name or ID." @@ -3442,17 +3442,17 @@ msgstr "" "pas seulement leur recherche par nom ou identifiant." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2645 +#: sssd.conf.5.xml:2646 msgid "Default: 1 for min_id, 0 (no limit) for max_id" msgstr "Default: 1 for min_id, 0 (no limit) for max_id" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2651 +#: sssd.conf.5.xml:2652 msgid "enumerate (bool)" msgstr "enumerate (booléen)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2654 +#: sssd.conf.5.xml:2655 msgid "" "Determines if a domain can be enumerated, that is, whether the domain can " "list all the users and group it contains. Note that it is not required to " @@ -3461,29 +3461,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2662 +#: sssd.conf.5.xml:2663 msgid "TRUE = Users and groups are enumerated" msgstr "TRUE = utilisateurs et groupes sont énumérés" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2665 +#: sssd.conf.5.xml:2666 msgid "FALSE = No enumerations for this domain" msgstr "FALSE = aucune énumération pour ce domaine" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2668 sssd.conf.5.xml:2942 sssd.conf.5.xml:3119 +#: sssd.conf.5.xml:2669 sssd.conf.5.xml:2943 sssd.conf.5.xml:3120 msgid "Default: FALSE" msgstr "Par défaut : FALSE" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2671 +#: sssd.conf.5.xml:2672 msgid "" "Enumerating a domain requires SSSD to download and store ALL user and group " "entries from the remote server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2676 +#: sssd.conf.5.xml:2677 msgid "" "Note: Enabling enumeration has a moderate performance impact on SSSD while " "enumeration is running. It may take up to several minutes after SSSD startup " @@ -3497,7 +3497,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2691 +#: sssd.conf.5.xml:2692 msgid "" "While the first enumeration is running, requests for the complete user or " "group lists may return no results until it completes." @@ -3507,7 +3507,7 @@ msgstr "" "l'énumération ne se termine." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2696 +#: sssd.conf.5.xml:2697 msgid "" "Further, enabling enumeration may increase the time necessary to detect " "network disconnection, as longer timeouts are required to ensure that " @@ -3521,7 +3521,7 @@ msgstr "" "fournisseur d'identité spécifique utilisé." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2704 +#: sssd.conf.5.xml:2705 msgid "" "For the reasons cited above, enabling enumeration is not recommended, " "especially in large environments." @@ -3530,32 +3530,32 @@ msgstr "" "déconseillée, surtout dans les environnements de grande taille." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2712 +#: sssd.conf.5.xml:2713 msgid "subdomain_enumerate (string)" msgstr "subdomain_enumerate (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2719 +#: sssd.conf.5.xml:2720 msgid "all" msgstr "all" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2720 +#: sssd.conf.5.xml:2721 msgid "All discovered trusted domains will be enumerated" msgstr "Tous les domaines approuvés découverts seront énumérés" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2723 +#: sssd.conf.5.xml:2724 msgid "none" msgstr "none" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2724 +#: sssd.conf.5.xml:2725 msgid "No discovered trusted domains will be enumerated" msgstr "Aucun domaine approuvé découvert ne sera énuméré" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2715 +#: sssd.conf.5.xml:2716 msgid "" "Whether any of autodetected trusted domains should be enumerated. The " "supported values are: <placeholder type=\"variablelist\" id=\"0\"/> " @@ -3569,12 +3569,12 @@ msgstr "" "activer l'énumération pour ces seuls domaines." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2738 +#: sssd.conf.5.xml:2739 msgid "entry_cache_timeout (integer)" msgstr "entry_cache_timeout (entier)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2741 +#: sssd.conf.5.xml:2742 msgid "" "How many seconds should nss_sss consider entries valid before asking the " "backend again" @@ -3583,7 +3583,7 @@ msgstr "" "comme valides avant de les redemander au moteur" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2745 +#: sssd.conf.5.xml:2746 msgid "" "The cache expiration timestamps are stored as attributes of individual " "objects in the cache. Therefore, changing the cache timeout only has effect " @@ -3601,17 +3601,17 @@ msgstr "" "rafraîchissement des entrées qui sont déjà en cache." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2758 +#: sssd.conf.5.xml:2759 msgid "Default: 5400" msgstr "Par défaut : 5400" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2764 +#: sssd.conf.5.xml:2765 msgid "entry_cache_user_timeout (integer)" msgstr "entry_cache_user_timeout (entier)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2767 +#: sssd.conf.5.xml:2768 msgid "" "How many seconds should nss_sss consider user entries valid before asking " "the backend again" @@ -3620,19 +3620,19 @@ msgstr "" "d'utilisateurs comme valides avant de les redemander au moteur." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2771 sssd.conf.5.xml:2784 sssd.conf.5.xml:2797 -#: sssd.conf.5.xml:2810 sssd.conf.5.xml:2824 sssd.conf.5.xml:2837 -#: sssd.conf.5.xml:2851 sssd.conf.5.xml:2865 sssd.conf.5.xml:2878 +#: sssd.conf.5.xml:2772 sssd.conf.5.xml:2785 sssd.conf.5.xml:2798 +#: sssd.conf.5.xml:2811 sssd.conf.5.xml:2825 sssd.conf.5.xml:2838 +#: sssd.conf.5.xml:2852 sssd.conf.5.xml:2866 sssd.conf.5.xml:2879 msgid "Default: entry_cache_timeout" msgstr "Par défaut : entry_cache_timeout" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2777 +#: sssd.conf.5.xml:2778 msgid "entry_cache_group_timeout (integer)" msgstr "entry_cache_group_timeout (entier)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2780 +#: sssd.conf.5.xml:2781 msgid "" "How many seconds should nss_sss consider group entries valid before asking " "the backend again" @@ -3641,12 +3641,12 @@ msgstr "" "groupes comme valides avant de les redemander au moteur." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2790 +#: sssd.conf.5.xml:2791 msgid "entry_cache_netgroup_timeout (integer)" msgstr "entry_cache_netgroup_timeout (entier)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2793 +#: sssd.conf.5.xml:2794 msgid "" "How many seconds should nss_sss consider netgroup entries valid before " "asking the backend again" @@ -3655,12 +3655,12 @@ msgstr "" "netgroup comme valides avant de les redemander au moteur." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2803 +#: sssd.conf.5.xml:2804 msgid "entry_cache_service_timeout (integer)" msgstr "entry_cache_service_timeout (entier)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2806 +#: sssd.conf.5.xml:2807 msgid "" "How many seconds should nss_sss consider service entries valid before asking " "the backend again" @@ -3669,24 +3669,24 @@ msgstr "" "service valides avant de les redemander au moteur" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2816 +#: sssd.conf.5.xml:2817 msgid "entry_cache_resolver_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2819 +#: sssd.conf.5.xml:2820 msgid "" "How many seconds should nss_sss consider hosts and networks entries valid " "before asking the backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2830 +#: sssd.conf.5.xml:2831 msgid "entry_cache_sudo_timeout (integer)" msgstr "entry_cache_sudo_timeout (integer)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2833 +#: sssd.conf.5.xml:2834 msgid "" "How many seconds should sudo consider rules valid before asking the backend " "again" @@ -3695,12 +3695,12 @@ msgstr "" "valides avant de les redemander au moteur" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2843 +#: sssd.conf.5.xml:2844 msgid "entry_cache_autofs_timeout (integer)" msgstr "entry_cache_autofs_timeout (integer)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2846 +#: sssd.conf.5.xml:2847 msgid "" "How many seconds should the autofs service consider automounter maps valid " "before asking the backend again" @@ -3709,12 +3709,12 @@ msgstr "" "cartes d'automontage comme valides avant de les redemander au moteur" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2857 +#: sssd.conf.5.xml:2858 msgid "entry_cache_ssh_host_timeout (integer)" msgstr "entry_cache_ssh_host_timeout (entier)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2860 +#: sssd.conf.5.xml:2861 msgid "" "How many seconds to keep a host ssh key after refresh. IE how long to cache " "the host key for." @@ -3723,24 +3723,24 @@ msgstr "" "rafraichissement. I.e. combien de temps mettre la clé en cache." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2871 +#: sssd.conf.5.xml:2872 msgid "entry_cache_computer_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2874 +#: sssd.conf.5.xml:2875 msgid "" "How many seconds to keep the local computer entry before asking the backend " "again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2884 +#: sssd.conf.5.xml:2885 msgid "refresh_expired_interval (integer)" msgstr "refresh_expired_interval (entier)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2887 +#: sssd.conf.5.xml:2888 msgid "" "Specifies how many seconds SSSD has to wait before triggering a background " "refresh task which will refresh all expired or nearly expired records." @@ -3750,7 +3750,7 @@ msgstr "" "enregistrements expirés ou sur le point de l'être." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2892 +#: sssd.conf.5.xml:2893 msgid "" "The background refresh will process users, groups and netgroups in the " "cache. For users who have performed the initgroups (get group membership for " @@ -3759,18 +3759,18 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2900 +#: sssd.conf.5.xml:2901 msgid "This option is automatically inherited for all trusted domains." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2904 +#: sssd.conf.5.xml:2905 msgid "You can consider setting this value to 3/4 * entry_cache_timeout." msgstr "" "Il est envisageable de configurer cette valeur à 3/4 * entry_cache_timeout." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2908 +#: sssd.conf.5.xml:2909 msgid "" "Cache entry will be refreshed by background task when 2/3 of cache timeout " "has already passed. If there are existing cached entries, the background " @@ -3782,18 +3782,18 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2921 sssd-ldap.5.xml:360 sssd-ldap.5.xml:1736 +#: sssd.conf.5.xml:2922 sssd-ldap.5.xml:360 sssd-ldap.5.xml:1736 #: sssd-ipa.5.xml:270 msgid "Default: 0 (disabled)" msgstr "Par défaut : 0 (désactivé)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2927 +#: sssd.conf.5.xml:2928 msgid "cache_credentials (bool)" msgstr "cache_credentials (booléen)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2930 +#: sssd.conf.5.xml:2931 #, fuzzy #| msgid "" #| "Determines if user credentials are also cached in the local LDB cache" @@ -3803,7 +3803,7 @@ msgstr "" "cache dans le cache LDB local" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2934 +#: sssd.conf.5.xml:2935 msgid "" "Take a note that while credentials are stored as a salted SHA512 hash, this " "still potentially poses some security risk in case an attacker manages to " @@ -3812,12 +3812,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2948 +#: sssd.conf.5.xml:2949 msgid "cache_credentials_minimal_first_factor_length (int)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2951 +#: sssd.conf.5.xml:2952 msgid "" "If 2-Factor-Authentication (2FA) is used and credentials should be saved " "this value determines the minimal length the first authentication factor " @@ -3825,19 +3825,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2958 +#: sssd.conf.5.xml:2959 msgid "" "This should avoid that the short PINs of a PIN based 2FA scheme are saved in " "the cache which would make them easy targets for brute-force attacks." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2969 +#: sssd.conf.5.xml:2970 msgid "account_cache_expiration (integer)" msgstr "account_cache_expiration (entier)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2972 +#: sssd.conf.5.xml:2973 msgid "" "Number of days entries are left in cache after last successful login before " "being removed during a cleanup of the cache. 0 means keep forever. The " @@ -3850,17 +3850,17 @@ msgstr "" "paramètre doit être supérieur ou égal à offline_credentials_expiration." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2979 +#: sssd.conf.5.xml:2980 msgid "Default: 0 (unlimited)" msgstr "Par défaut : 0 (illimité)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2984 +#: sssd.conf.5.xml:2985 msgid "pwd_expiration_warning (integer)" msgstr "pwd_expiration_warning (integer)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2995 +#: sssd.conf.5.xml:2996 msgid "" "Please note that the backend server has to provide information about the " "expiration time of the password. If this information is missing, sssd " @@ -3873,17 +3873,17 @@ msgstr "" "fournisseur oauth doit être configuré pour le moteur." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3002 +#: sssd.conf.5.xml:3003 msgid "Default: 7 (Kerberos), 0 (LDAP)" msgstr "Par défaut : 7 (Kerberos), 0 (LDAP)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3008 +#: sssd.conf.5.xml:3009 msgid "id_provider (string)" msgstr "id_provider (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3011 +#: sssd.conf.5.xml:3012 msgid "" "The identification provider used for the domain. Supported ID providers are:" msgstr "" @@ -3891,12 +3891,12 @@ msgstr "" "d'identification pris en charge sont :" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3015 +#: sssd.conf.5.xml:3016 msgid "<quote>proxy</quote>: Support a legacy NSS provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3018 +#: sssd.conf.5.xml:3019 msgid "" "<quote>files</quote>: FILES provider. See <citerefentry> <refentrytitle>sssd-" "files</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more " @@ -3904,7 +3904,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3026 +#: sssd.conf.5.xml:3027 msgid "" "<quote>ldap</quote>: LDAP provider. See <citerefentry> <refentrytitle>sssd-" "ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more " @@ -3916,8 +3916,8 @@ msgstr "" "LDAP." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3034 sssd.conf.5.xml:3145 sssd.conf.5.xml:3196 -#: sssd.conf.5.xml:3259 +#: sssd.conf.5.xml:3035 sssd.conf.5.xml:3146 sssd.conf.5.xml:3197 +#: sssd.conf.5.xml:3260 msgid "" "<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management " "provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> " @@ -3930,8 +3930,8 @@ msgstr "" "configuration de FreeIPA." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3043 sssd.conf.5.xml:3154 sssd.conf.5.xml:3205 -#: sssd.conf.5.xml:3268 +#: sssd.conf.5.xml:3044 sssd.conf.5.xml:3155 sssd.conf.5.xml:3206 +#: sssd.conf.5.xml:3269 msgid "" "<quote>ad</quote>: Active Directory provider. See <citerefentry> " "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3943,12 +3943,12 @@ msgstr "" "d'Active Directory." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3054 +#: sssd.conf.5.xml:3055 msgid "use_fully_qualified_names (bool)" msgstr "use_fully_qualified_names (booléen)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3057 +#: sssd.conf.5.xml:3058 msgid "" "Use the full name and domain (as formatted by the domain's full_name_format) " "as the user's login name reported to NSS." @@ -3958,7 +3958,7 @@ msgstr "" "communiqué à NSS." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3062 +#: sssd.conf.5.xml:3063 msgid "" "If set to TRUE, all requests to this domain must use fully qualified names. " "For example, if used in LOCAL domain that contains a \"test\" user, " @@ -3972,7 +3972,7 @@ msgstr "" "trouve." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3070 +#: sssd.conf.5.xml:3071 msgid "" "NOTE: This option has no effect on netgroup lookups due to their tendency to " "include nested netgroups without qualified names. For netgroups, all domains " @@ -3984,24 +3984,24 @@ msgstr "" "qualifié sera demandé." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3077 +#: sssd.conf.5.xml:3078 msgid "" "Default: FALSE (TRUE for trusted domain/sub-domains or if " "default_domain_suffix is used)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3084 +#: sssd.conf.5.xml:3085 msgid "ignore_group_members (bool)" msgstr "ignore_group_members (booléen)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3087 +#: sssd.conf.5.xml:3088 msgid "Do not return group members for group lookups." msgstr "Ne pas envoyer les membres des groupes sur les recherches de groupes." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3090 +#: sssd.conf.5.xml:3091 msgid "" "If set to TRUE, the group membership attribute is not requested from the " "ldap server, and group members are not returned when processing group lookup " @@ -4013,7 +4013,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3108 +#: sssd.conf.5.xml:3109 msgid "" "Enabling this option can also make access provider checks for group " "membership significantly faster, especially for groups containing many " @@ -4021,7 +4021,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3114 sssd.conf.5.xml:3821 sssd-ldap.5.xml:326 +#: sssd.conf.5.xml:3115 sssd.conf.5.xml:3822 sssd-ldap.5.xml:326 #: sssd-ldap.5.xml:355 sssd-ldap.5.xml:408 sssd-ldap.5.xml:468 #: sssd-ldap.5.xml:489 sssd-ldap.5.xml:520 sssd-ldap.5.xml:543 #: sssd-ldap.5.xml:582 sssd-ldap.5.xml:601 sssd-ldap.5.xml:625 @@ -4032,12 +4032,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3124 +#: sssd.conf.5.xml:3125 msgid "auth_provider (string)" msgstr "auth_provider (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3127 +#: sssd.conf.5.xml:3128 msgid "" "The authentication provider used for the domain. Supported auth providers " "are:" @@ -4046,7 +4046,7 @@ msgstr "" "pris en charge sont :" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3131 sssd.conf.5.xml:3189 +#: sssd.conf.5.xml:3132 sssd.conf.5.xml:3190 msgid "" "<quote>ldap</quote> for native LDAP authentication. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" @@ -4058,7 +4058,7 @@ msgstr "" "LDAP." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3138 +#: sssd.conf.5.xml:3139 msgid "" "<quote>krb5</quote> for Kerberos authentication. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" @@ -4069,7 +4069,7 @@ msgstr "" "citerefentry> pour plus d'informations sur la configuration de Kerberos." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3162 +#: sssd.conf.5.xml:3163 msgid "" "<quote>proxy</quote> for relaying authentication to some other PAM target." msgstr "" @@ -4077,12 +4077,12 @@ msgstr "" "PAM." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3165 +#: sssd.conf.5.xml:3166 msgid "<quote>none</quote> disables authentication explicitly." msgstr "<quote>none</quote> désactive l'authentification explicitement." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3168 +#: sssd.conf.5.xml:3169 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can handle " "authentication requests." @@ -4091,12 +4091,12 @@ msgstr "" "gérer les requêtes d'authentification." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3174 +#: sssd.conf.5.xml:3175 msgid "access_provider (string)" msgstr "access_provider (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3177 +#: sssd.conf.5.xml:3178 msgid "" "The access control provider used for the domain. There are two built-in " "access providers (in addition to any included in installed backends) " @@ -4107,7 +4107,7 @@ msgstr "" "installés). Les fournisseurs internes spécifiques sont :" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3183 +#: sssd.conf.5.xml:3184 msgid "" "<quote>permit</quote> always allow access. It's the only permitted access " "provider for a local domain." @@ -4116,12 +4116,12 @@ msgstr "" "d'accès autorisé pour un domaine local." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3186 +#: sssd.conf.5.xml:3187 msgid "<quote>deny</quote> always deny access." msgstr "<quote>deny</quote> toujours refuser les accès." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3213 +#: sssd.conf.5.xml:3214 msgid "" "<quote>simple</quote> access control based on access or deny lists. See " "<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</" @@ -4134,7 +4134,7 @@ msgstr "" "d'informations sur la configuration du module d'accès simple." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3220 +#: sssd.conf.5.xml:3221 msgid "" "<quote>krb5</quote>: .k5login based access control. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum></" @@ -4142,22 +4142,22 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3227 +#: sssd.conf.5.xml:3228 msgid "<quote>proxy</quote> for relaying access control to another PAM module." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3230 +#: sssd.conf.5.xml:3231 msgid "Default: <quote>permit</quote>" msgstr "Par défaut : <quote>permit</quote>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3235 +#: sssd.conf.5.xml:3236 msgid "chpass_provider (string)" msgstr "chpass_provider (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3238 +#: sssd.conf.5.xml:3239 msgid "" "The provider which should handle change password operations for the domain. " "Supported change password providers are:" @@ -4166,7 +4166,7 @@ msgstr "" "domaine. Les fournisseurs pris en charge sont :" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3243 +#: sssd.conf.5.xml:3244 msgid "" "<quote>ldap</quote> to change a password stored in a LDAP server. See " "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" @@ -4174,7 +4174,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3251 +#: sssd.conf.5.xml:3252 msgid "" "<quote>krb5</quote> to change the Kerberos password. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" @@ -4186,7 +4186,7 @@ msgstr "" "Kerberos." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3276 +#: sssd.conf.5.xml:3277 msgid "" "<quote>proxy</quote> for relaying password changes to some other PAM target." msgstr "" @@ -4194,14 +4194,14 @@ msgstr "" "autre cible PAM." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3280 +#: sssd.conf.5.xml:3281 msgid "<quote>none</quote> disallows password changes explicitly." msgstr "" "<quote>none</quote> pour désactiver explicitement le changement de mot de " "passe." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3283 +#: sssd.conf.5.xml:3284 msgid "" "Default: <quote>auth_provider</quote> is used if it is set and can handle " "change password requests." @@ -4210,19 +4210,19 @@ msgstr "" "peut gérer les changements de mot de passe." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3290 +#: sssd.conf.5.xml:3291 msgid "sudo_provider (string)" msgstr "sudo_provider (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3293 +#: sssd.conf.5.xml:3294 msgid "The SUDO provider used for the domain. Supported SUDO providers are:" msgstr "" "Le fournisseur SUDO, utilisé pour le domaine. Les fournisseurs SUDO pris en " "charge sont :" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3297 +#: sssd.conf.5.xml:3298 msgid "" "<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" @@ -4234,7 +4234,7 @@ msgstr "" "LDAP." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3305 +#: sssd.conf.5.xml:3306 msgid "" "<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default " "settings." @@ -4243,7 +4243,7 @@ msgstr "" "par défaut pour IPA." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3309 +#: sssd.conf.5.xml:3310 msgid "" "<quote>ad</quote> the same as <quote>ldap</quote> but with AD default " "settings." @@ -4252,20 +4252,20 @@ msgstr "" "par défaut pour AD." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3313 +#: sssd.conf.5.xml:3314 msgid "<quote>none</quote> disables SUDO explicitly." msgstr "<quote>none</quote> désactive explicitement SUDO." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3316 sssd.conf.5.xml:3402 sssd.conf.5.xml:3472 -#: sssd.conf.5.xml:3497 sssd.conf.5.xml:3533 +#: sssd.conf.5.xml:3317 sssd.conf.5.xml:3403 sssd.conf.5.xml:3473 +#: sssd.conf.5.xml:3498 sssd.conf.5.xml:3534 msgid "Default: The value of <quote>id_provider</quote> is used if it is set." msgstr "" "Par défaut : La valeur de <quote>id_provider</quote> est utilisée si elle " "est définie." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3320 +#: sssd.conf.5.xml:3321 msgid "" "The detailed instructions for configuration of sudo_provider are in the " "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " @@ -4276,7 +4276,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3335 +#: sssd.conf.5.xml:3336 msgid "" "<emphasis>NOTE:</emphasis> Sudo rules are periodically downloaded in the " "background unless the sudo provider is explicitly disabled. Set " @@ -4285,12 +4285,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3345 +#: sssd.conf.5.xml:3346 msgid "selinux_provider (string)" msgstr "selinux_provider (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3348 +#: sssd.conf.5.xml:3349 msgid "" "The provider which should handle loading of selinux settings. Note that this " "provider will be called right after access provider ends. Supported selinux " @@ -4301,7 +4301,7 @@ msgstr "" "fournisseur d'accès. Les fournisseurs selinux pris en charge sont :" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3354 +#: sssd.conf.5.xml:3355 msgid "" "<quote>ipa</quote> to load selinux settings from an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" @@ -4313,14 +4313,14 @@ msgstr "" "IPA." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3362 +#: sssd.conf.5.xml:3363 msgid "<quote>none</quote> disallows fetching selinux settings explicitly." msgstr "" "<quote>none</quote> n'autorise pas la récupération explicite des paramètres " "selinux." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3365 +#: sssd.conf.5.xml:3366 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can handle " "selinux loading requests." @@ -4329,12 +4329,12 @@ msgstr "" "gérer le chargement selinux" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3371 +#: sssd.conf.5.xml:3372 msgid "subdomains_provider (string)" msgstr "subdomains_provider (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3374 +#: sssd.conf.5.xml:3375 msgid "" "The provider which should handle fetching of subdomains. This value should " "be always the same as id_provider. Supported subdomain providers are:" @@ -4344,7 +4344,7 @@ msgstr "" "fournisseurs de sous-domaine pris en charge sont :" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3380 +#: sssd.conf.5.xml:3381 msgid "" "<quote>ipa</quote> to load a list of subdomains from an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" @@ -4356,7 +4356,7 @@ msgstr "" "IPA." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3389 +#: sssd.conf.5.xml:3390 msgid "" "<quote>ad</quote> to load a list of subdomains from an Active Directory " "server. See <citerefentry> <refentrytitle>sssd-ad</refentrytitle> " @@ -4365,18 +4365,18 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3398 +#: sssd.conf.5.xml:3399 msgid "<quote>none</quote> disallows fetching subdomains explicitly." msgstr "" "<quote>none</quote> désactive la récupération explicite des sous-domaines." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3408 +#: sssd.conf.5.xml:3409 msgid "session_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3411 +#: sssd.conf.5.xml:3412 msgid "" "The provider which configures and manages user session related tasks. The " "only user session task currently provided is the integration with Fleet " @@ -4384,37 +4384,37 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3418 +#: sssd.conf.5.xml:3419 msgid "<quote>ipa</quote> to allow performing user session related tasks." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3422 +#: sssd.conf.5.xml:3423 msgid "" "<quote>none</quote> does not perform any kind of user session related tasks." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3426 +#: sssd.conf.5.xml:3427 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can perform " "session related tasks." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3430 +#: sssd.conf.5.xml:3431 msgid "" "<emphasis>NOTE:</emphasis> In order to have this feature working as expected " "SSSD must be running as \"root\" and not as the unprivileged user." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3438 +#: sssd.conf.5.xml:3439 msgid "autofs_provider (string)" msgstr "autofs_provider (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3441 +#: sssd.conf.5.xml:3442 msgid "" "The autofs provider used for the domain. Supported autofs providers are:" msgstr "" @@ -4422,7 +4422,7 @@ msgstr "" "en charge sont :" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3445 +#: sssd.conf.5.xml:3446 msgid "" "<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" @@ -4434,7 +4434,7 @@ msgstr "" "LDAP." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3452 +#: sssd.conf.5.xml:3453 msgid "" "<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> " "<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </" @@ -4446,7 +4446,7 @@ msgstr "" "IPA." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3460 +#: sssd.conf.5.xml:3461 msgid "" "<quote>ad</quote> to load maps stored in an AD server. See <citerefentry> " "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </" @@ -4454,17 +4454,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3469 +#: sssd.conf.5.xml:3470 msgid "<quote>none</quote> disables autofs explicitly." msgstr "<quote>none</quote> désactive explicitement autofs." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3479 +#: sssd.conf.5.xml:3480 msgid "hostid_provider (string)" msgstr "hostid_provider (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3482 +#: sssd.conf.5.xml:3483 msgid "" "The provider used for retrieving host identity information. Supported " "hostid providers are:" @@ -4473,7 +4473,7 @@ msgstr "" "systèmes. Les fournisseurs de hostid pris en charge sont :" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3486 +#: sssd.conf.5.xml:3487 msgid "" "<quote>ipa</quote> to load host identity stored in an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" @@ -4485,31 +4485,31 @@ msgstr "" "configuration de IPA." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3494 +#: sssd.conf.5.xml:3495 msgid "<quote>none</quote> disables hostid explicitly." msgstr "<quote>none</quote> désactive explicitement hostid." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3504 +#: sssd.conf.5.xml:3505 msgid "resolver_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3507 +#: sssd.conf.5.xml:3508 msgid "" "The provider which should handle hosts and networks lookups. Supported " "resolver providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3511 +#: sssd.conf.5.xml:3512 msgid "" "<quote>proxy</quote> to forward lookups to another NSS library. See " "<quote>proxy_resolver_lib_name</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3515 +#: sssd.conf.5.xml:3516 msgid "" "<quote>ldap</quote> to fetch hosts and networks stored in LDAP. See " "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" @@ -4517,7 +4517,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3522 +#: sssd.conf.5.xml:3523 msgid "" "<quote>ad</quote> to fetch hosts and networks stored in AD. See " "<citerefentry> <refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</" @@ -4526,12 +4526,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3530 +#: sssd.conf.5.xml:3531 msgid "<quote>none</quote> disallows fetching hosts and networks explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3543 +#: sssd.conf.5.xml:3544 msgid "" "Regular expression for this domain that describes how to parse the string " "containing user name and domain into these components. The \"domain\" can " @@ -4547,7 +4547,7 @@ msgstr "" "domaine." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3552 +#: sssd.conf.5.xml:3553 #, fuzzy #| msgid "" #| "Default for the AD and IPA provider: <quote>(((?P<domain>[^\\\\]+)\\" @@ -4564,17 +4564,17 @@ msgstr "" "styles différents pour les noms d'utilisateurs :" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:3557 sssd.conf.5.xml:3571 +#: sssd.conf.5.xml:3558 sssd.conf.5.xml:3572 msgid "username" msgstr "username" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:3560 sssd.conf.5.xml:3574 +#: sssd.conf.5.xml:3561 sssd.conf.5.xml:3575 msgid "username@domain.name" msgstr "username@domain.name" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3565 +#: sssd.conf.5.xml:3566 #, fuzzy #| msgid "" #| "Default for the AD and IPA provider: <quote>(((?P<domain>[^\\\\]+)\\" @@ -4593,12 +4593,12 @@ msgstr "" "styles différents pour les noms d'utilisateurs :" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:3577 +#: sssd.conf.5.xml:3578 msgid "domain\\username" msgstr "domain\\username" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3580 +#: sssd.conf.5.xml:3581 msgid "" "While the first two correspond to the general default the third one is " "introduced to allow easy integration of users from Windows domains." @@ -4608,7 +4608,7 @@ msgstr "" "utilisateurs de domaines Windows." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3585 +#: sssd.conf.5.xml:3586 msgid "" "The default re_expression uses the <quote>@</quote> character as a separator " "between the name and the domain. As a result of this setting the default " @@ -4618,17 +4618,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3637 +#: sssd.conf.5.xml:3638 msgid "Default: <quote>%1$s@%2$s</quote>." msgstr "Par défaut : <quote>%1$s@%2$s</quote>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3643 +#: sssd.conf.5.xml:3644 msgid "lookup_family_order (string)" msgstr "lookup_family_order (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3646 +#: sssd.conf.5.xml:3647 msgid "" "Provides the ability to select preferred address family to use when " "performing DNS lookups." @@ -4637,82 +4637,82 @@ msgstr "" "utiliser pour effectuer les requêtes DNS." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3650 +#: sssd.conf.5.xml:3651 msgid "Supported values:" msgstr "Valeurs prises en charge :" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3653 +#: sssd.conf.5.xml:3654 msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6" msgstr "" "ipv4_first : essayer de chercher une adresse IPv4, et en cas d'échec, " "essayer IPv6." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3656 +#: sssd.conf.5.xml:3657 msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses." msgstr "" "ipv4_only : ne tenter de résoudre les noms de systèmes qu'en adresses IPv4." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3659 +#: sssd.conf.5.xml:3660 msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4" msgstr "" "ipv6_first : essayer de chercher une adresse IPv6, et en cas d'échec, tenter " "IPv4." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3662 +#: sssd.conf.5.xml:3663 msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses." msgstr "" "ipv6_only : ne tenter de résoudre les noms de systèmes qu'en adresses IPv6." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3665 +#: sssd.conf.5.xml:3666 msgid "Default: ipv4_first" msgstr "Par défaut : ipv4_first" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3671 +#: sssd.conf.5.xml:3672 #, fuzzy #| msgid "dns_resolver_timeout (integer)" msgid "dns_resolver_server_timeout (integer)" msgstr "dns_resolver_timeout (entier)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3674 +#: sssd.conf.5.xml:3675 msgid "" "Defines the amount of time (in milliseconds) SSSD would try to talk to DNS " "server before trying next DNS server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3679 +#: sssd.conf.5.xml:3680 msgid "" "The AD provider will use this option for the CLDAP ping timeouts as well." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3683 sssd.conf.5.xml:3703 sssd.conf.5.xml:3724 +#: sssd.conf.5.xml:3684 sssd.conf.5.xml:3704 sssd.conf.5.xml:3725 msgid "" "Please see the section <quote>FAILOVER</quote> for more information about " "the service resolution." msgstr "" #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3688 sssd-ldap.5.xml:644 include/failover.xml:84 +#: sssd.conf.5.xml:3689 sssd-ldap.5.xml:644 include/failover.xml:84 msgid "Default: 1000" msgstr "Par défaut : 1000" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3694 +#: sssd.conf.5.xml:3695 #, fuzzy #| msgid "dns_resolver_timeout (integer)" msgid "dns_resolver_op_timeout (integer)" msgstr "dns_resolver_timeout (entier)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3697 +#: sssd.conf.5.xml:3698 msgid "" "Defines the amount of time (in seconds) to wait to resolve single DNS query " "(e.g. resolution of a hostname or an SRV record) before trying the next " @@ -4720,12 +4720,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3714 +#: sssd.conf.5.xml:3715 msgid "dns_resolver_timeout (integer)" msgstr "dns_resolver_timeout (entier)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3717 +#: sssd.conf.5.xml:3718 msgid "" "Defines the amount of time (in seconds) to wait for a reply from the " "internal fail over service before assuming that the service is unreachable. " @@ -4734,14 +4734,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3735 +#: sssd.conf.5.xml:3736 #, fuzzy #| msgid "dns_resolver_timeout (integer)" msgid "dns_resolver_use_search_list (bool)" msgstr "dns_resolver_timeout (entier)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3738 +#: sssd.conf.5.xml:3739 msgid "" "Normally, the DNS resolver searches the domain list defined in the " "\"search\" directive from the resolv.conf file. This can lead to delays in " @@ -4749,7 +4749,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3744 +#: sssd.conf.5.xml:3745 msgid "" "If fully qualified domain names (or _srv_) are used in the SSSD " "configuration, setting this option to FALSE can prevent unnecessary DNS " @@ -4757,17 +4757,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3750 +#: sssd.conf.5.xml:3751 msgid "Default: TRUE" msgstr "Par défaut : TRUE" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3756 +#: sssd.conf.5.xml:3757 msgid "dns_discovery_domain (string)" msgstr "dns_discovery_domain (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3759 +#: sssd.conf.5.xml:3760 msgid "" "If service discovery is used in the back end, specifies the domain part of " "the service discovery DNS query." @@ -4776,54 +4776,54 @@ msgstr "" "du domaine faisant partie de la requête DNS de découverte de services." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3763 +#: sssd.conf.5.xml:3764 msgid "Default: Use the domain part of machine's hostname" msgstr "" "Par défaut : utiliser la partie du domaine qui est dans le nom de système de " "la machine." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3769 +#: sssd.conf.5.xml:3770 msgid "override_gid (integer)" msgstr "override_gid (entier)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3772 +#: sssd.conf.5.xml:3773 msgid "Override the primary GID value with the one specified." msgstr "Redéfinit le GID primaire avec la valeur spécifiée." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3778 +#: sssd.conf.5.xml:3779 msgid "case_sensitive (string)" msgstr "case_sensitive (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3785 +#: sssd.conf.5.xml:3786 msgid "True" msgstr "True" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3788 +#: sssd.conf.5.xml:3789 msgid "Case sensitive. This value is invalid for AD provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3794 +#: sssd.conf.5.xml:3795 msgid "False" msgstr "False" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3796 +#: sssd.conf.5.xml:3797 msgid "Case insensitive." msgstr "Insensible à la casse." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3800 +#: sssd.conf.5.xml:3801 msgid "Preserving" msgstr "Preserving" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3803 +#: sssd.conf.5.xml:3804 msgid "" "Same as False (case insensitive), but does not lowercase names in the result " "of NSS operations. Note that name aliases (and in case of services also " @@ -4835,14 +4835,14 @@ msgstr "" "sortie." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3811 +#: sssd.conf.5.xml:3812 msgid "" "If you want to set this value for trusted domain with IPA provider, you need " "to set it on both the client and SSSD on the server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3781 +#: sssd.conf.5.xml:3782 #, fuzzy #| msgid "" #| "The following expansions are supported: <placeholder " @@ -4855,17 +4855,17 @@ msgstr "" "type=\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3826 +#: sssd.conf.5.xml:3827 msgid "Default: True (False for AD provider)" msgstr "Par défaut : true (false pour le fournisseur AD)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3832 +#: sssd.conf.5.xml:3833 msgid "subdomain_inherit (string)" msgstr "subdomain_inherit (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3835 +#: sssd.conf.5.xml:3836 msgid "" "Specifies a list of configuration parameters that should be inherited by a " "subdomain. Please note that only selected parameters can be inherited. " @@ -4873,130 +4873,130 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3841 +#: sssd.conf.5.xml:3842 #, fuzzy #| msgid "ldap_search_timeout (integer)" msgid "ldap_search_timeout" msgstr "ldap_search_timeout (entier)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3844 +#: sssd.conf.5.xml:3845 #, fuzzy #| msgid "ldap_network_timeout (integer)" msgid "ldap_network_timeout" msgstr "ldap_network_timeout (entier)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3847 +#: sssd.conf.5.xml:3848 #, fuzzy #| msgid "ldap_opt_timeout (integer)" msgid "ldap_opt_timeout" msgstr "ldap_opt_timeout (entier)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3850 +#: sssd.conf.5.xml:3851 #, fuzzy #| msgid "ldap_connection_expire_timeout (integer)" msgid "ldap_offline_timeout" msgstr "ldap_connection_expire_timeout (entier)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3853 +#: sssd.conf.5.xml:3854 #, fuzzy #| msgid "ldap_enumeration_refresh_timeout (integer)" msgid "ldap_enumeration_refresh_timeout" msgstr "ldap_enumeration_refresh_timeout (entier)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3856 +#: sssd.conf.5.xml:3857 #, fuzzy #| msgid "ldap_enumeration_refresh_timeout (integer)" msgid "ldap_enumeration_refresh_offset" msgstr "ldap_enumeration_refresh_timeout (entier)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3859 +#: sssd.conf.5.xml:3860 msgid "ldap_purge_cache_timeout" msgstr "ldap_purge_cache_timeout" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3862 +#: sssd.conf.5.xml:3863 #, fuzzy #| msgid "ldap_purge_cache_timeout" msgid "ldap_purge_cache_offset" msgstr "ldap_purge_cache_timeout" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3865 +#: sssd.conf.5.xml:3866 msgid "" "ldap_krb5_keytab (the value of krb5_keytab will be used if ldap_krb5_keytab " "is not set explicitly)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3869 +#: sssd.conf.5.xml:3870 #, fuzzy #| msgid "ldap_krb5_ticket_lifetime (integer)" msgid "ldap_krb5_ticket_lifetime" msgstr "ldap_krb5_ticket_lifetime (entier)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3872 +#: sssd.conf.5.xml:3873 #, fuzzy #| msgid "ldap_enumeration_search_timeout (integer)" msgid "ldap_enumeration_search_timeout" msgstr "ldap_enumeration_search_timeout (entier)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3875 +#: sssd.conf.5.xml:3876 #, fuzzy #| msgid "ldap_connection_expire_timeout (integer)" msgid "ldap_connection_expire_timeout" msgstr "ldap_connection_expire_timeout (entier)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3878 +#: sssd.conf.5.xml:3879 #, fuzzy #| msgid "ldap_connection_expire_timeout (integer)" msgid "ldap_connection_expire_offset" msgstr "ldap_connection_expire_timeout (entier)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3881 +#: sssd.conf.5.xml:3882 #, fuzzy #| msgid "ldap_connection_expire_timeout (integer)" msgid "ldap_connection_idle_timeout" msgstr "ldap_connection_expire_timeout (entier)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3884 sssd-ldap.5.xml:400 +#: sssd.conf.5.xml:3885 sssd-ldap.5.xml:400 msgid "ldap_use_tokengroups" msgstr "ldap_use_tokengroups" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3887 +#: sssd.conf.5.xml:3888 msgid "ldap_user_principal" msgstr "ldap_user_principal" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3890 +#: sssd.conf.5.xml:3891 msgid "ignore_group_members" msgstr "ignore_group_members" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3893 +#: sssd.conf.5.xml:3894 msgid "auto_private_groups" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3896 +#: sssd.conf.5.xml:3897 #, fuzzy #| msgid "Case insensitive." msgid "case_sensitive" msgstr "Insensible à la casse." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:3901 +#: sssd.conf.5.xml:3902 #, no-wrap msgid "" "subdomain_inherit = ldap_purge_cache_timeout\n" @@ -5006,27 +5006,27 @@ msgstr "" " " #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3908 +#: sssd.conf.5.xml:3909 msgid "Note: This option only works with the IPA and AD provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3915 +#: sssd.conf.5.xml:3916 msgid "subdomain_homedir (string)" msgstr "subdomain_homedir (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3926 +#: sssd.conf.5.xml:3927 msgid "%F" msgstr "%F" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3927 +#: sssd.conf.5.xml:3928 msgid "flat (NetBIOS) name of a subdomain." msgstr "nom plat (NetBIOS) d'un sous-domaine." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3918 +#: sssd.conf.5.xml:3919 msgid "" "Use this homedir as default value for all subdomains within this domain in " "IPA AD trust. See <emphasis>override_homedir</emphasis> for info about " @@ -5042,7 +5042,7 @@ msgstr "" "type=\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3932 +#: sssd.conf.5.xml:3933 msgid "" "The value can be overridden by <emphasis>override_homedir</emphasis> option." msgstr "" @@ -5050,17 +5050,17 @@ msgstr "" "emphasis>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3936 +#: sssd.conf.5.xml:3937 msgid "Default: <filename>/home/%d/%u</filename>" msgstr "Par défaut : <filename>/home/%d/%u</filename>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3941 +#: sssd.conf.5.xml:3942 msgid "realmd_tags (string)" msgstr "realmd_tags (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3944 +#: sssd.conf.5.xml:3945 msgid "" "Various tags stored by the realmd configuration service for this domain." msgstr "" @@ -5068,12 +5068,12 @@ msgstr "" "ce domaine." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3950 +#: sssd.conf.5.xml:3951 msgid "cached_auth_timeout (int)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3953 +#: sssd.conf.5.xml:3954 msgid "" "Specifies time in seconds since last successful online authentication for " "which user will be authenticated using cached credentials while SSSD is in " @@ -5082,19 +5082,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3961 +#: sssd.conf.5.xml:3962 msgid "" "This option's value is inherited by all trusted domains. At the moment it is " "not possible to set a different value per trusted domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3966 +#: sssd.conf.5.xml:3967 msgid "Special value 0 implies that this feature is disabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3970 +#: sssd.conf.5.xml:3971 msgid "" "Please note that if <quote>cached_auth_timeout</quote> is longer than " "<quote>pam_id_timeout</quote> then the back end could be called to handle " @@ -5102,24 +5102,87 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3981 +#: sssd.conf.5.xml:3982 +#, fuzzy +#| msgid "ldap_pwd_policy (string)" +msgid "local_auth_policy (string)" +msgstr "ldap_pwd_policy (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3985 +msgid "" +"Local authentication methods policy. Some backends (i.e. LDAP, proxy " +"provider) only support a password based authentication, while others can " +"handle PKINIT based Smartcard authentication (AD, IPA), two-factor " +"authentication (IPA), or other methods against a central instance. By " +"default in such cases authentication is only performed with the methods " +"supported by the backend." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3995 +msgid "" +"There are three possible values for this option: match, only, enable. " +"<quote>match</quote> is used to match offline and online states for Kerberos " +"methods. <quote>only</quote> ignores the online methods and only offer the " +"local ones. enable allows explicitly defining the methods for local " +"authentication. As an example, <quote>enable:passkey</quote>, only enables " +"passkey for local authentication. Multiple enable values should be comma-" +"separated, such as <quote>enable:passkey, enable:smartcard</quote>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:4011 +#, no-wrap +msgid "" +"[domain/shadowutils]\n" +"id_provider = proxy\n" +"proxy_lib_name = files\n" +"auth_provider = none\n" +"local_auth_policy = only\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4007 +msgid "" +"The following configuration example allows local users to authenticate " +"locally using any enabled method (i.e. smartcard, passkey). <placeholder " +"type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4019 +#, fuzzy +#| msgid "This option is not available in IPA provider." +msgid "This option is ignored for the files provider." +msgstr "Cette option n'est pas disponible dans le fournisseur IPA." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4022 +#, fuzzy +#| msgid "Default: cn" +msgid "Default: match" +msgstr "Par défaut : cn" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4027 msgid "auto_private_groups (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3987 +#: sssd.conf.5.xml:4033 msgid "true" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3990 +#: sssd.conf.5.xml:4036 msgid "" "Create user's private group unconditionally from user's UID number. The GID " "number is ignored in this case." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3994 +#: sssd.conf.5.xml:4040 msgid "" "NOTE: Because the GID number and the user private group are inferred from " "the UID number, it is not supported to have multiple entries with the same " @@ -5128,24 +5191,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4003 +#: sssd.conf.5.xml:4049 msgid "false" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4006 +#: sssd.conf.5.xml:4052 msgid "" "Always use the user's primary GID number. The GID number must refer to a " "group object in the LDAP database." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4012 +#: sssd.conf.5.xml:4058 msgid "hybrid" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4015 +#: sssd.conf.5.xml:4061 msgid "" "A primary group is autogenerated for user entries whose UID and GID numbers " "have the same value and at the same time the GID number does not correspond " @@ -5155,14 +5218,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4028 +#: sssd.conf.5.xml:4074 msgid "" "If the UID and GID of a user are different, then the GID must correspond to " "a group entry, otherwise the GID is simply not resolvable." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4035 +#: sssd.conf.5.xml:4081 msgid "" "This feature is useful for environments that wish to stop maintaining a " "separate group objects for the user private groups, but also wish to retain " @@ -5170,21 +5233,21 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3984 +#: sssd.conf.5.xml:4030 msgid "" "This option takes any of three available values: <placeholder " "type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4047 +#: sssd.conf.5.xml:4093 msgid "" "For subdomains, the default value is False for subdomains that use assigned " "POSIX IDs and True for subdomains that use automatic ID-mapping." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:4055 +#: sssd.conf.5.xml:4101 #, no-wrap msgid "" "[domain/forest.domain/sub.domain]\n" @@ -5192,7 +5255,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:4061 +#: sssd.conf.5.xml:4107 #, no-wrap msgid "" "[domain/forest.domain]\n" @@ -5201,7 +5264,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4052 +#: sssd.conf.5.xml:4098 msgid "" "The value of auto_private_groups can either be set per subdomains in a " "subsection, for example: <placeholder type=\"programlisting\" id=\"0\"/> or " @@ -5210,7 +5273,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:2569 +#: sssd.conf.5.xml:2570 msgid "" "These configuration options can be present in a domain configuration " "section, that is, in a section called <quote>[domain/<replaceable>NAME</" @@ -5222,17 +5285,17 @@ msgstr "" "id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4076 +#: sssd.conf.5.xml:4122 msgid "proxy_pam_target (string)" msgstr "proxy_pam_target (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4079 +#: sssd.conf.5.xml:4125 msgid "The proxy target PAM proxies to." msgstr "Le proxy cible duquel PAM devient mandataire." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4082 +#: sssd.conf.5.xml:4128 msgid "" "Default: not set by default, you have to take an existing pam configuration " "or create a new one and add the service name here." @@ -5241,12 +5304,12 @@ msgstr "" "ou en créer une nouvelle et ajouter le nom de service ici." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4090 +#: sssd.conf.5.xml:4136 msgid "proxy_lib_name (string)" msgstr "proxy_lib_name (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4093 +#: sssd.conf.5.xml:4139 msgid "" "The name of the NSS library to use in proxy domains. The NSS functions " "searched for in the library are in the form of _nss_$(libName)_$(function), " @@ -5257,12 +5320,12 @@ msgstr "" "_nss_$(libName)_$(function), par exemple _nss_files_getpwent." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4103 +#: sssd.conf.5.xml:4149 msgid "proxy_resolver_lib_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4106 +#: sssd.conf.5.xml:4152 msgid "" "The name of the NSS library to use for hosts and networks lookups in proxy " "domains. The NSS functions searched for in the library are in the form of " @@ -5270,12 +5333,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4117 +#: sssd.conf.5.xml:4163 msgid "proxy_fast_alias (boolean)" msgstr "proxy_fast_alias (boolean)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4120 +#: sssd.conf.5.xml:4166 msgid "" "When a user or group is looked up by name in the proxy provider, a second " "lookup by ID is performed to \"canonicalize\" the name in case the requested " @@ -5289,12 +5352,12 @@ msgstr "" "afin d'améliorer les performances." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4134 +#: sssd.conf.5.xml:4180 msgid "proxy_max_children (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4137 +#: sssd.conf.5.xml:4183 msgid "" "This option specifies the number of pre-forked proxy children. It is useful " "for high-load SSSD environments where sssd may run out of available child " @@ -5302,7 +5365,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4072 +#: sssd.conf.5.xml:4118 msgid "" "Options valid for proxy domains. <placeholder type=\"variablelist\" " "id=\"0\"/>" @@ -5311,12 +5374,12 @@ msgstr "" "id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:4153 +#: sssd.conf.5.xml:4199 msgid "Application domains" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4155 +#: sssd.conf.5.xml:4201 msgid "" "SSSD, with its D-Bus interface (see <citerefentry> <refentrytitle>sssd-ifp</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry>) is appealing to " @@ -5333,7 +5396,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4175 +#: sssd.conf.5.xml:4221 msgid "" "Please note that the application domain must still be explicitly enabled in " "the <quote>domains</quote> parameter so that the lookup order between the " @@ -5341,17 +5404,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> -#: sssd.conf.5.xml:4181 +#: sssd.conf.5.xml:4227 msgid "Application domain parameters" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4183 +#: sssd.conf.5.xml:4229 msgid "inherit_from (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4186 +#: sssd.conf.5.xml:4232 msgid "" "The SSSD POSIX-type domain the application domain inherits all settings " "from. The application domain can moreover add its own settings to the " @@ -5360,7 +5423,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4200 +#: sssd.conf.5.xml:4246 msgid "" "The following example illustrates the use of an application domain. In this " "setup, the POSIX domain is connected to an LDAP server and is used by the OS " @@ -5370,7 +5433,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><programlisting> -#: sssd.conf.5.xml:4208 +#: sssd.conf.5.xml:4254 #, no-wrap msgid "" "[sssd]\n" @@ -5390,12 +5453,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4228 +#: sssd.conf.5.xml:4274 msgid "TRUSTED DOMAIN SECTION" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4230 +#: sssd.conf.5.xml:4276 msgid "" "Some options used in the domain section can also be used in the trusted " "domain section, that is, in a section called <quote>[domain/" @@ -5406,69 +5469,69 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4237 +#: sssd.conf.5.xml:4283 msgid "ldap_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4238 +#: sssd.conf.5.xml:4284 msgid "ldap_user_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4239 +#: sssd.conf.5.xml:4285 msgid "ldap_group_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4240 +#: sssd.conf.5.xml:4286 msgid "ldap_netgroup_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4241 +#: sssd.conf.5.xml:4287 msgid "ldap_service_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4242 +#: sssd.conf.5.xml:4288 msgid "ldap_sasl_mech," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4243 +#: sssd.conf.5.xml:4289 msgid "ad_server," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4244 +#: sssd.conf.5.xml:4290 msgid "ad_backup_server," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4245 +#: sssd.conf.5.xml:4291 msgid "ad_site," msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4246 sssd-ipa.5.xml:879 +#: sssd.conf.5.xml:4292 sssd-ipa.5.xml:879 msgid "use_fully_qualified_names" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4250 +#: sssd.conf.5.xml:4296 msgid "" "For more details about these options see their individual description in the " "manual page." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4256 +#: sssd.conf.5.xml:4302 msgid "CERTIFICATE MAPPING SECTION" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4258 +#: sssd.conf.5.xml:4304 msgid "" "To allow authentication with Smartcards and certificates SSSD must be able " "to map certificates to users. This can be done by adding the full " @@ -5481,7 +5544,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4272 +#: sssd.conf.5.xml:4318 msgid "" "To make the mapping more flexible mapping and matching rules were added to " "SSSD (see <citerefentry> <refentrytitle>sss-certmap</refentrytitle> " @@ -5489,7 +5552,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4281 +#: sssd.conf.5.xml:4327 msgid "" "A mapping and matching rule can be added to the SSSD configuration in a " "section on its own with a name like <quote>[certmap/" @@ -5498,55 +5561,55 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4288 +#: sssd.conf.5.xml:4334 msgid "matchrule (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4291 +#: sssd.conf.5.xml:4337 msgid "" "Only certificates from the Smartcard which matches this rule will be " "processed, all others are ignored." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4295 +#: sssd.conf.5.xml:4341 msgid "" "Default: KRB5:<EKU>clientAuth, i.e. only certificates which have the " "Extended Key Usage <quote>clientAuth</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4302 +#: sssd.conf.5.xml:4348 msgid "maprule (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4305 +#: sssd.conf.5.xml:4351 msgid "Defines how the user is found for a given certificate." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4311 +#: sssd.conf.5.xml:4357 msgid "" "LDAP:(userCertificate;binary={cert!bin}) for LDAP based providers like " "<quote>ldap</quote>, <quote>AD</quote> or <quote>ipa</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4317 +#: sssd.conf.5.xml:4363 msgid "" "The RULE_NAME for the <quote>files</quote> provider which tries to find a " "user with the same name." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4326 +#: sssd.conf.5.xml:4372 msgid "domains (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4329 +#: sssd.conf.5.xml:4375 msgid "" "Comma separated list of domain names the rule should be applied. By default " "a rule is only valid in the domain configured in sssd.conf. If the provider " @@ -5555,17 +5618,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4336 +#: sssd.conf.5.xml:4382 msgid "Default: the configured domain in sssd.conf" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4341 +#: sssd.conf.5.xml:4387 msgid "priority (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4344 +#: sssd.conf.5.xml:4390 msgid "" "Unsigned integer value defining the priority of the rule. The higher the " "number the lower the priority. <quote>0</quote> stands for the highest " @@ -5573,26 +5636,26 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4350 +#: sssd.conf.5.xml:4396 msgid "Default: the lowest priority" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4356 +#: sssd.conf.5.xml:4402 msgid "" "To make the configuration simple and reduce the amount of configuration " "options the <quote>files</quote> provider has some special properties:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4362 +#: sssd.conf.5.xml:4408 msgid "" "if maprule is not set the RULE_NAME name is assumed to be the name of the " "matching user" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4368 +#: sssd.conf.5.xml:4414 msgid "" "if a maprule is used both a single user name or a template like " "<quote>{subject_rfc822_name.short_name}</quote> must be in braces like e.g. " @@ -5601,17 +5664,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4377 +#: sssd.conf.5.xml:4423 msgid "the <quote>domains</quote> option is ignored" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4385 +#: sssd.conf.5.xml:4431 msgid "PROMPTING CONFIGURATION SECTION" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4387 +#: sssd.conf.5.xml:4433 msgid "" "If a special file (<filename>/var/lib/sss/pubconf/pam_preauth_available</" "filename>) exists SSSD's PAM module pam_sss will ask SSSD to figure out " @@ -5621,7 +5684,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4395 +#: sssd.conf.5.xml:4441 msgid "" "With the growing number of authentication methods and the possibility that " "there are multiple ones for a single user the heuristic used by pam_sss to " @@ -5630,59 +5693,59 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4407 +#: sssd.conf.5.xml:4453 msgid "[prompting/password]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4410 +#: sssd.conf.5.xml:4456 msgid "password_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4411 +#: sssd.conf.5.xml:4457 msgid "to change the string of the password prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4409 +#: sssd.conf.5.xml:4455 msgid "" "to configure password prompting, allowed options are: <placeholder " "type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4419 +#: sssd.conf.5.xml:4465 msgid "[prompting/2fa]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4423 +#: sssd.conf.5.xml:4469 msgid "first_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4424 +#: sssd.conf.5.xml:4470 msgid "to change the string of the prompt for the first factor" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4427 +#: sssd.conf.5.xml:4473 msgid "second_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4428 +#: sssd.conf.5.xml:4474 msgid "to change the string of the prompt for the second factor" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4431 +#: sssd.conf.5.xml:4477 msgid "single_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4432 +#: sssd.conf.5.xml:4478 msgid "" "boolean value, if True there will be only a single prompt using the value of " "first_prompt where it is expected that both factors are entered as a single " @@ -5691,7 +5754,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4421 +#: sssd.conf.5.xml:4467 msgid "" "to configure two-factor authentication prompting, allowed options are: " "<placeholder type=\"variablelist\" id=\"0\"/> If the second factor is " @@ -5700,17 +5763,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4449 +#: sssd.conf.5.xml:4495 msgid "[prompting/passkey]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4455 sssd-ad.5.xml:1021 +#: sssd.conf.5.xml:4501 sssd-ad.5.xml:1021 msgid "interactive" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4457 +#: sssd.conf.5.xml:4503 msgid "" "boolean value, if True prompt a message and wait before testing the presence " "of a passkey device. Recommended if your device doesn’t have a tactile " @@ -5718,39 +5781,39 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4465 +#: sssd.conf.5.xml:4511 msgid "interactive_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4467 +#: sssd.conf.5.xml:4513 msgid "to change the message of the interactive prompt." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4472 +#: sssd.conf.5.xml:4518 msgid "touch" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4474 +#: sssd.conf.5.xml:4520 msgid "" "boolean value, if True prompt a message to remind the user to touch the " "device." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4480 +#: sssd.conf.5.xml:4526 msgid "touch_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4482 +#: sssd.conf.5.xml:4528 msgid "to change the message of the touch prompt." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4451 +#: sssd.conf.5.xml:4497 #, fuzzy #| msgid "" #| "The following expansions are supported: <placeholder " @@ -5763,7 +5826,7 @@ msgstr "" "type=\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4402 +#: sssd.conf.5.xml:4448 msgid "" "Each supported authentication method has its own configuration subsection " "under <quote>[prompting/...]</quote>. Currently there are: <placeholder " @@ -5772,7 +5835,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4493 +#: sssd.conf.5.xml:4539 msgid "" "It is possible to add a subsection for specific PAM services, e.g. " "<quote>[prompting/password/sshd]</quote> to individual change the prompting " @@ -5780,12 +5843,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4500 pam_sss_gss.8.xml:157 idmap_sss.8.xml:43 +#: sssd.conf.5.xml:4546 pam_sss_gss.8.xml:157 idmap_sss.8.xml:43 msgid "EXAMPLES" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4506 +#: sssd.conf.5.xml:4552 #, no-wrap msgid "" "[sssd]\n" @@ -5839,7 +5902,7 @@ msgstr "" "enumerate = False\n" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4502 +#: sssd.conf.5.xml:4548 msgid "" "1. The following example shows a typical SSSD config. It does not describe " "configuration of the domains themselves - refer to documentation on " @@ -5848,7 +5911,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4539 +#: sssd.conf.5.xml:4585 #, no-wrap msgid "" "[domain/ipa.com/child.ad.com]\n" @@ -5856,7 +5919,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4533 +#: sssd.conf.5.xml:4579 msgid "" "2. The following example shows configuration of IPA AD trust where the AD " "forest consists of two domains in a parent-child structure. Suppose IPA " @@ -5867,7 +5930,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4550 +#: sssd.conf.5.xml:4596 #, no-wrap msgid "" "[certmap/my.domain/rule_name]\n" @@ -5878,7 +5941,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4544 +#: sssd.conf.5.xml:4590 msgid "" "3. The following example shows the configuration of a certificate mapping " "rule. It is valid for the configured domain <quote>my.domain</quote> and " @@ -19113,9 +19176,13 @@ msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: include/ldap_id_mapping.xml:235 +#, fuzzy +#| msgid "" +#| "When this option is configured, domains will be allocated starting with " +#| "slice zero and increasing monatomically with each additional domain." msgid "" "When this option is configured, domains will be allocated starting with " -"slice zero and increasing monatomically with each additional domain." +"slice zero and increasing monotonically with each additional domain." msgstr "" "Lorsque cette option est configurée, les domaines seront alloués en " "commençant par la tranche zéro et augmentant de manière monotone pour chaque " diff --git a/src/man/po/ja.po b/src/man/po/ja.po index 7e41316e36c..46cde5f13e5 100644 --- a/src/man/po/ja.po +++ b/src/man/po/ja.po @@ -12,7 +12,7 @@ msgid "" msgstr "" "Project-Id-Version: sssd-docs 2.3.0\n" "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" -"POT-Creation-Date: 2023-05-05 10:09+0200\n" +"POT-Creation-Date: 2023-09-07 11:47+0200\n" "PO-Revision-Date: 2021-07-20 07:04+0000\n" "Last-Translator: Ludek Janda <ljanda@redhat.com>\n" "Language-Team: Japanese <https://translate.fedoraproject.org/projects/sssd/" @@ -219,8 +219,8 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:136 sssd.conf.5.xml:173 sssd.conf.5.xml:358 -#: sssd.conf.5.xml:714 sssd.conf.5.xml:729 sssd.conf.5.xml:951 -#: sssd.conf.5.xml:1069 sssd.conf.5.xml:2197 sssd-ldap.5.xml:1071 +#: sssd.conf.5.xml:714 sssd.conf.5.xml:729 sssd.conf.5.xml:952 +#: sssd.conf.5.xml:1070 sssd.conf.5.xml:2198 sssd-ldap.5.xml:1071 #: sssd-ldap.5.xml:1174 sssd-ldap.5.xml:1243 sssd-ldap.5.xml:1750 #: sssd-ldap.5.xml:1815 sssd-ipa.5.xml:342 sssd-ad.5.xml:252 sssd-ad.5.xml:366 #: sssd-ad.5.xml:1200 sssd-ad.5.xml:1348 sssd-krb5.5.xml:358 @@ -240,8 +240,8 @@ msgid "" msgstr "" #. type: Content of: <variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:149 sssd.conf.5.xml:652 sssd.conf.5.xml:948 -#: sssd.conf.5.xml:2100 sssd.conf.5.xml:2167 sssd.conf.5.xml:4128 +#: sssd.conf.5.xml:149 sssd.conf.5.xml:652 sssd.conf.5.xml:949 +#: sssd.conf.5.xml:2101 sssd.conf.5.xml:2168 sssd.conf.5.xml:4174 #: sssd-ldap.5.xml:312 sssd-ldap.5.xml:917 sssd-ldap.5.xml:936 #: sssd-ldap.5.xml:1146 sssd-ldap.5.xml:1599 sssd-ldap.5.xml:1839 #: sssd-ipa.5.xml:152 sssd-ipa.5.xml:254 sssd-ipa.5.xml:657 sssd-ad.5.xml:1106 @@ -311,8 +311,8 @@ msgid "" msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:196 sssd.conf.5.xml:1289 sssd.conf.5.xml:1766 -#: sssd.conf.5.xml:4144 sssd-ldap.5.xml:765 include/ldap_id_mapping.xml:270 +#: sssd.conf.5.xml:196 sssd.conf.5.xml:1290 sssd.conf.5.xml:1767 +#: sssd.conf.5.xml:4190 sssd-ldap.5.xml:765 include/ldap_id_mapping.xml:270 msgid "Default: 10" msgstr "初期値: 10" @@ -378,12 +378,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:258 sssd.conf.5.xml:783 +#: sssd.conf.5.xml:258 sssd.conf.5.xml:784 msgid "reconnection_retries (integer)" msgstr "reconnection_retries (整数)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:261 sssd.conf.5.xml:786 +#: sssd.conf.5.xml:261 sssd.conf.5.xml:787 msgid "" "Number of times services should attempt to reconnect in the event of a Data " "Provider crash or restart before they give up" @@ -392,7 +392,7 @@ msgstr "" "める前に試行する回数です。" #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:266 sssd.conf.5.xml:791 sssd.conf.5.xml:3708 +#: sssd.conf.5.xml:266 sssd.conf.5.xml:792 sssd.conf.5.xml:3709 #: include/failover.xml:100 msgid "Default: 3" msgstr "初期値: 3" @@ -414,7 +414,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:287 sssd.conf.5.xml:3540 +#: sssd.conf.5.xml:287 sssd.conf.5.xml:3541 msgid "re_expression (string)" msgstr "re_expression (文字列)" @@ -434,12 +434,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:304 sssd.conf.5.xml:3597 +#: sssd.conf.5.xml:304 sssd.conf.5.xml:3598 msgid "full_name_format (string)" msgstr "full_name_format (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:307 sssd.conf.5.xml:3600 +#: sssd.conf.5.xml:307 sssd.conf.5.xml:3601 msgid "" "A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</" "manvolnum> </citerefentry>-compatible format that describes how to compose a " @@ -450,39 +450,39 @@ msgstr "" "manvolnum> </citerefentry> 互換形式。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:318 sssd.conf.5.xml:3611 +#: sssd.conf.5.xml:318 sssd.conf.5.xml:3612 msgid "%1$s" msgstr "%1$s" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:319 sssd.conf.5.xml:3612 +#: sssd.conf.5.xml:319 sssd.conf.5.xml:3613 msgid "user name" msgstr "ユーザー名" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:322 sssd.conf.5.xml:3615 +#: sssd.conf.5.xml:322 sssd.conf.5.xml:3616 msgid "%2$s" msgstr "%2$s" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:325 sssd.conf.5.xml:3618 +#: sssd.conf.5.xml:325 sssd.conf.5.xml:3619 msgid "domain name as specified in the SSSD config file." msgstr "SSSD 設定ファイルにおいて指定されるドメイン名。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:331 sssd.conf.5.xml:3624 +#: sssd.conf.5.xml:331 sssd.conf.5.xml:3625 msgid "%3$s" msgstr "%3$s" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:334 sssd.conf.5.xml:3627 +#: sssd.conf.5.xml:334 sssd.conf.5.xml:3628 msgid "" "domain flat name. Mostly usable for Active Directory domains, both directly " "configured or discovered via IPA trusts." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:315 sssd.conf.5.xml:3608 +#: sssd.conf.5.xml:315 sssd.conf.5.xml:3609 msgid "" "The following expansions are supported: <placeholder type=\"variablelist\" " "id=\"0\"/>" @@ -921,7 +921,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:700 sssd.conf.5.xml:1790 sssd.conf.5.xml:4194 +#: sssd.conf.5.xml:700 sssd.conf.5.xml:1791 sssd.conf.5.xml:4240 #: sssd-ad.5.xml:187 sssd-ad.5.xml:327 sssd-ad.5.xml:341 msgid "Default: Not set" msgstr "" @@ -974,11 +974,11 @@ msgstr "ipa_automount_location (文字列)" #: sssd.conf.5.xml:744 msgid "" "Enable or disable the user verification (i.e. PIN, fingerprint) during " -"authentication." +"authentication. If enabled, the PIN will always be requested." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:749 +#: sssd.conf.5.xml:750 msgid "" "The default is that the key settings decide what to do. In the IPA or " "kerberos pre-authentication case, this value will be overwritten by the " @@ -1016,12 +1016,12 @@ msgstr "" "<placeholder type=\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:768 +#: sssd.conf.5.xml:769 msgid "SERVICES SECTIONS" msgstr "サービスセクション" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:770 +#: sssd.conf.5.xml:771 msgid "" "Settings that can be used to configure different services are described in " "this section. They should reside in the [<replaceable>$NAME</replaceable>] " @@ -1033,22 +1033,22 @@ msgstr "" "ば、NSS サービスは <quote>[nss]</quote> セクションです" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:777 +#: sssd.conf.5.xml:778 msgid "General service configuration options" msgstr "サービス設定の全体オプション" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:779 +#: sssd.conf.5.xml:780 msgid "These options can be used to configure any service." msgstr "これらのオプションはすべてのサービスを設定するために使用できます。" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:796 +#: sssd.conf.5.xml:797 msgid "fd_limit" msgstr "fd_limit" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:799 +#: sssd.conf.5.xml:800 msgid "" "This option specifies the maximum number of file descriptors that may be " "opened at one time by this SSSD process. On systems where SSSD is granted " @@ -1058,17 +1058,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:808 +#: sssd.conf.5.xml:809 msgid "Default: 8192 (or limits.conf \"hard\" limit)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:813 +#: sssd.conf.5.xml:814 msgid "client_idle_timeout" msgstr "client_idle_timeout" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:816 +#: sssd.conf.5.xml:817 msgid "" "This option specifies the number of seconds that a client of an SSSD process " "can hold onto a file descriptor without communicating on it. This value is " @@ -1078,19 +1078,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:825 +#: sssd.conf.5.xml:826 #, fuzzy #| msgid "Default: 300" msgid "Default: 60, KCM: 300" msgstr "初期値: 300" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:830 +#: sssd.conf.5.xml:831 msgid "offline_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:833 +#: sssd.conf.5.xml:834 msgid "" "When SSSD switches to offline mode the amount of time before it tries to go " "back online will increase based upon the time spent disconnected. By " @@ -1101,14 +1101,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:844 sssd.conf.5.xml:900 +#: sssd.conf.5.xml:845 sssd.conf.5.xml:901 msgid "" "new_delay = Minimum(old_delay * 2, offline_timeout_max) + random[0..." "offline_timeout_random_offset]" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:847 +#: sssd.conf.5.xml:848 msgid "" "The offline_timeout default value is 60. The offline_timeout_max default " "value is 3600. The offline_timeout_random_offset default value is 30. The " @@ -1116,46 +1116,46 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:853 +#: sssd.conf.5.xml:854 msgid "" "Note that the maximum length of each interval is defined by " "offline_timeout_max (apart of random part)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:857 sssd.conf.5.xml:1200 sssd.conf.5.xml:1583 -#: sssd.conf.5.xml:1879 sssd-ldap.5.xml:494 +#: sssd.conf.5.xml:858 sssd.conf.5.xml:1201 sssd.conf.5.xml:1584 +#: sssd.conf.5.xml:1880 sssd-ldap.5.xml:494 msgid "Default: 60" msgstr "初期値: 60" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:862 +#: sssd.conf.5.xml:863 #, fuzzy #| msgid "timeout (integer)" msgid "offline_timeout_max (integer)" msgstr "timeout (整数)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:865 +#: sssd.conf.5.xml:866 msgid "" "Controls by how much the time between attempts to go online can be " "incremented following unsuccessful attempts to go online." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:870 +#: sssd.conf.5.xml:871 msgid "A value of 0 disables the incrementing behaviour." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:873 +#: sssd.conf.5.xml:874 msgid "" "The value of this parameter should be set in correlation to offline_timeout " "parameter value." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:877 +#: sssd.conf.5.xml:878 msgid "" "With offline_timeout set to 60 (default value) there is no point in setting " "offlinet_timeout_max to less than 120 as it will saturate instantly. General " @@ -1164,64 +1164,64 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:883 +#: sssd.conf.5.xml:884 msgid "" "Although a value between 0 and offline_timeout may be specified, it has the " "effect of overriding the offline_timeout value so is of little use." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:888 +#: sssd.conf.5.xml:889 #, fuzzy #| msgid "Default: 300" msgid "Default: 3600" msgstr "初期値: 300" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:893 +#: sssd.conf.5.xml:894 #, fuzzy #| msgid "offline_failed_login_attempts (integer)" msgid "offline_timeout_random_offset (integer)" msgstr "offline_failed_login_attempts (整数)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:896 +#: sssd.conf.5.xml:897 msgid "" "When SSSD is in offline mode it keeps probing backend servers in specified " "time intervals:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:903 +#: sssd.conf.5.xml:904 msgid "" "This parameter controls the value of the random offset used for the above " "equation. Final random_offset value will be random number in range:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:908 +#: sssd.conf.5.xml:909 msgid "[0 - offline_timeout_random_offset]" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:911 +#: sssd.conf.5.xml:912 msgid "A value of 0 disables the random offset addition." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:914 +#: sssd.conf.5.xml:915 #, fuzzy #| msgid "Default: 300" msgid "Default: 30" msgstr "初期値: 300" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:919 +#: sssd.conf.5.xml:920 msgid "responder_idle_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:922 +#: sssd.conf.5.xml:923 msgid "" "This option specifies the number of seconds that an SSSD responder process " "can be up without being used. This value is limited in order to avoid " @@ -1233,30 +1233,30 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:936 sssd.conf.5.xml:1213 sssd.conf.5.xml:2321 +#: sssd.conf.5.xml:937 sssd.conf.5.xml:1214 sssd.conf.5.xml:2322 #: sssd-ldap.5.xml:331 msgid "Default: 300" msgstr "初期値: 300" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:941 +#: sssd.conf.5.xml:942 msgid "cache_first" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:944 +#: sssd.conf.5.xml:945 msgid "" "This option specifies whether the responder should query all caches before " "querying the Data Providers." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:959 +#: sssd.conf.5.xml:960 msgid "NSS configuration options" msgstr "NSS 設定オプション" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:961 +#: sssd.conf.5.xml:962 msgid "" "These options can be used to configure the Name Service Switch (NSS) service." msgstr "" @@ -1264,12 +1264,12 @@ msgstr "" "きます。" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:966 +#: sssd.conf.5.xml:967 msgid "enum_cache_timeout (integer)" msgstr "enum_cache_timeout (整数)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:969 +#: sssd.conf.5.xml:970 msgid "" "How many seconds should nss_sss cache enumerations (requests for info about " "all users)" @@ -1278,17 +1278,17 @@ msgstr "" "要求)。" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:973 +#: sssd.conf.5.xml:974 msgid "Default: 120" msgstr "初期値: 120" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:978 +#: sssd.conf.5.xml:979 msgid "entry_cache_nowait_percentage (integer)" msgstr "entry_cache_nowait_percentage (整数)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:981 +#: sssd.conf.5.xml:982 msgid "" "The entry cache can be set to automatically update entries in the background " "if they are requested beyond a percentage of the entry_cache_timeout value " @@ -1299,7 +1299,7 @@ msgstr "" "す。" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:987 +#: sssd.conf.5.xml:988 msgid "" "For example, if the domain's entry_cache_timeout is set to 30s and " "entry_cache_nowait_percentage is set to 50 (percent), entries that come in " @@ -1314,7 +1314,7 @@ msgstr "" "とをブロックする必要がありません。" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:997 +#: sssd.conf.5.xml:998 msgid "" "Valid values for this option are 0-99 and represent a percentage of the " "entry_cache_timeout for each domain. For performance reasons, this " @@ -1327,17 +1327,17 @@ msgstr "" "(0 はこの機能を無効にします)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1005 sssd.conf.5.xml:2121 +#: sssd.conf.5.xml:1006 sssd.conf.5.xml:2122 msgid "Default: 50" msgstr "初期値: 50" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1010 +#: sssd.conf.5.xml:1011 msgid "entry_negative_timeout (integer)" msgstr "entry_negative_timeout (整数)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1013 +#: sssd.conf.5.xml:1014 msgid "" "Specifies for how many seconds nss_sss should cache negative cache hits " "(that is, queries for invalid database entries, like nonexistent ones) " @@ -1348,17 +1348,17 @@ msgstr "" "せ)をキャッシュする秒数を指定します。" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1019 sssd.conf.5.xml:1778 sssd.conf.5.xml:2145 +#: sssd.conf.5.xml:1020 sssd.conf.5.xml:1779 sssd.conf.5.xml:2146 msgid "Default: 15" msgstr "初期値: 15" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1024 +#: sssd.conf.5.xml:1025 msgid "local_negative_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1027 +#: sssd.conf.5.xml:1028 msgid "" "Specifies for how many seconds nss_sss should keep local users and groups in " "negative cache before trying to look it up in the back end again. Setting " @@ -1366,17 +1366,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1033 +#: sssd.conf.5.xml:1034 msgid "Default: 14400 (4 hours)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1038 +#: sssd.conf.5.xml:1039 msgid "filter_users, filter_groups (string)" msgstr "filter_users, filter_groups (文字列)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1041 +#: sssd.conf.5.xml:1042 msgid "" "Exclude certain users or groups from being fetched from the sss NSS " "database. This is particularly useful for system accounts. This option can " @@ -1385,7 +1385,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1049 +#: sssd.conf.5.xml:1050 msgid "" "NOTE: The filter_groups option doesn't affect inheritance of nested group " "members, since filtering happens after they are propagated for returning via " @@ -1394,17 +1394,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1057 +#: sssd.conf.5.xml:1058 msgid "Default: root" msgstr "初期値: root" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1062 +#: sssd.conf.5.xml:1063 msgid "filter_users_in_groups (bool)" msgstr "filter_users_in_groups (論理値)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1065 +#: sssd.conf.5.xml:1066 msgid "" "If you want filtered user still be group members set this option to false." msgstr "" @@ -1412,12 +1412,12 @@ msgstr "" "ションを偽に設定します。" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1076 +#: sssd.conf.5.xml:1077 msgid "fallback_homedir (string)" msgstr "fallback_homedir (文字列)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1079 +#: sssd.conf.5.xml:1080 msgid "" "Set a default template for a user's home directory if one is not specified " "explicitly by the domain's data provider." @@ -1426,7 +1426,7 @@ msgstr "" "ホームディレクトリーの標準テンプレートを設定します。" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1084 +#: sssd.conf.5.xml:1085 msgid "" "The available values for this option are the same as for override_homedir." msgstr "" @@ -1434,7 +1434,7 @@ msgstr "" "同じです。" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1090 +#: sssd.conf.5.xml:1091 #, no-wrap msgid "" "fallback_homedir = /home/%u\n" @@ -1444,23 +1444,23 @@ msgstr "" " " #. type: Content of: <varlistentry><listitem><para> -#: sssd.conf.5.xml:1088 sssd.conf.5.xml:1650 sssd.conf.5.xml:1669 -#: sssd.conf.5.xml:1746 sssd-krb5.5.xml:451 include/override_homedir.xml:66 +#: sssd.conf.5.xml:1089 sssd.conf.5.xml:1651 sssd.conf.5.xml:1670 +#: sssd.conf.5.xml:1747 sssd-krb5.5.xml:451 include/override_homedir.xml:66 msgid "example: <placeholder type=\"programlisting\" id=\"0\"/>" msgstr "例: <placeholder type=\"programlisting\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1094 +#: sssd.conf.5.xml:1095 msgid "Default: not set (no substitution for unset home directories)" msgstr "初期値: 設定なし (ホームディレクトリーの設定がない場合は代替なし)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1100 +#: sssd.conf.5.xml:1101 msgid "override_shell (string)" msgstr "override_shell (文字列)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1103 +#: sssd.conf.5.xml:1104 msgid "" "Override the login shell for all users. This option supersedes any other " "shell options if it takes effect and can be set either in the [nss] section " @@ -1468,17 +1468,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1109 +#: sssd.conf.5.xml:1110 msgid "Default: not set (SSSD will use the value retrieved from LDAP)" msgstr "初期値: 設定なし (SSSD は LDAP から取得された値を使用します)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1115 +#: sssd.conf.5.xml:1116 msgid "allowed_shells (string)" msgstr "allowed_shells (文字列)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1118 +#: sssd.conf.5.xml:1119 msgid "" "Restrict user shell to one of the listed values. The order of evaluation is:" msgstr "" @@ -1486,13 +1486,13 @@ msgstr "" "す:" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1121 +#: sssd.conf.5.xml:1122 msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used." msgstr "" "1. シェルが <quote>/etc/shells</quote> に存在すると、それが使用されます。" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1125 +#: sssd.conf.5.xml:1126 msgid "" "2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</" "quote>, use the value of the shell_fallback parameter." @@ -1501,7 +1501,7 @@ msgstr "" "ば、shell_fallback パラメーターの値を使用します。" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1130 +#: sssd.conf.5.xml:1131 msgid "" "3. If the shell is not in the allowed_shells list and not in <quote>/etc/" "shells</quote>, a nologin shell is used." @@ -1510,12 +1510,12 @@ msgstr "" "ば、nologin シェルが使用されます。" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1135 +#: sssd.conf.5.xml:1136 msgid "The wildcard (*) can be used to allow any shell." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1138 +#: sssd.conf.5.xml:1139 msgid "" "The (*) is useful if you want to use shell_fallback in case that user's " "shell is not in <quote>/etc/shells</quote> and maintaining list of all " @@ -1523,12 +1523,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1145 +#: sssd.conf.5.xml:1146 msgid "An empty string for shell is passed as-is to libc." msgstr "シェルの空文字列は libc にそのまま渡されます。" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1148 +#: sssd.conf.5.xml:1149 msgid "" "The <quote>/etc/shells</quote> is only read on SSSD start up, which means " "that a restart of the SSSD is required in case a new shell is installed." @@ -1538,27 +1538,27 @@ msgstr "" "ます。" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1152 +#: sssd.conf.5.xml:1153 msgid "Default: Not set. The user shell is automatically used." msgstr "初期値: 設定されません。ユーザーシェルが自動的に使用されます。" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1157 +#: sssd.conf.5.xml:1158 msgid "vetoed_shells (string)" msgstr "vetoed_shells (文字列)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1160 +#: sssd.conf.5.xml:1161 msgid "Replace any instance of these shells with the shell_fallback" msgstr "これらのシェルのインスタンスをすべて shell_fallback に置き換えます" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1165 +#: sssd.conf.5.xml:1166 msgid "shell_fallback (string)" msgstr "shell_fallback (文字列)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1168 +#: sssd.conf.5.xml:1169 msgid "" "The default shell to use if an allowed shell is not installed on the machine." msgstr "" @@ -1566,79 +1566,79 @@ msgstr "" "す。" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1172 +#: sssd.conf.5.xml:1173 msgid "Default: /bin/sh" msgstr "初期値: /bin/sh" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1177 +#: sssd.conf.5.xml:1178 msgid "default_shell" msgstr "default_shell" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1180 +#: sssd.conf.5.xml:1181 msgid "" "The default shell to use if the provider does not return one during lookup. " "This option can be specified globally in the [nss] section or per-domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1186 +#: sssd.conf.5.xml:1187 msgid "" "Default: not set (Return NULL if no shell is specified and rely on libc to " "substitute something sensible when necessary, usually /bin/sh)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1193 sssd.conf.5.xml:1576 +#: sssd.conf.5.xml:1194 sssd.conf.5.xml:1577 msgid "get_domains_timeout (int)" msgstr "get_domains_timeout (整数)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1196 sssd.conf.5.xml:1579 +#: sssd.conf.5.xml:1197 sssd.conf.5.xml:1580 msgid "" "Specifies time in seconds for which the list of subdomains will be " "considered valid." msgstr "サブドメインのリストが有効とみなされる時間を秒単位で指定します。" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1205 +#: sssd.conf.5.xml:1206 #, fuzzy #| msgid "enum_cache_timeout (integer)" msgid "memcache_timeout (integer)" msgstr "enum_cache_timeout (整数)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1208 +#: sssd.conf.5.xml:1209 msgid "" "Specifies time in seconds for which records in the in-memory cache will be " "valid. Setting this option to zero will disable the in-memory cache." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1216 +#: sssd.conf.5.xml:1217 msgid "" "WARNING: Disabling the in-memory cache will have significant negative impact " "on SSSD's performance and should only be used for testing." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1222 sssd.conf.5.xml:1247 sssd.conf.5.xml:1272 -#: sssd.conf.5.xml:1297 sssd.conf.5.xml:1324 +#: sssd.conf.5.xml:1223 sssd.conf.5.xml:1248 sssd.conf.5.xml:1273 +#: sssd.conf.5.xml:1298 sssd.conf.5.xml:1325 msgid "" "NOTE: If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", " "client applications will not use the fast in-memory cache." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1230 +#: sssd.conf.5.xml:1231 #, fuzzy #| msgid "enum_cache_timeout (integer)" msgid "memcache_size_passwd (integer)" msgstr "enum_cache_timeout (整数)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1233 +#: sssd.conf.5.xml:1234 msgid "" "Size (in megabytes) of the data table allocated inside fast in-memory cache " "for passwd requests. Setting the size to 0 will disable the passwd in-" @@ -1646,27 +1646,27 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1239 sssd.conf.5.xml:2963 sssd-ldap.5.xml:548 +#: sssd.conf.5.xml:1240 sssd.conf.5.xml:2964 sssd-ldap.5.xml:548 msgid "Default: 8" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1242 sssd.conf.5.xml:1267 sssd.conf.5.xml:1292 -#: sssd.conf.5.xml:1319 +#: sssd.conf.5.xml:1243 sssd.conf.5.xml:1268 sssd.conf.5.xml:1293 +#: sssd.conf.5.xml:1320 msgid "" "WARNING: Disabled or too small in-memory cache can have significant negative " "impact on SSSD's performance." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1255 +#: sssd.conf.5.xml:1256 #, fuzzy #| msgid "enum_cache_timeout (integer)" msgid "memcache_size_group (integer)" msgstr "enum_cache_timeout (整数)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1258 +#: sssd.conf.5.xml:1259 msgid "" "Size (in megabytes) of the data table allocated inside fast in-memory cache " "for group requests. Setting the size to 0 will disable the group in-memory " @@ -1674,21 +1674,21 @@ msgid "" msgstr "" #. type: Content of: <variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1264 sssd.conf.5.xml:1316 sssd.conf.5.xml:3729 +#: sssd.conf.5.xml:1265 sssd.conf.5.xml:1317 sssd.conf.5.xml:3730 #: sssd-ldap.5.xml:473 sssd-ldap.5.xml:525 include/failover.xml:116 #: include/krb5_options.xml:11 msgid "Default: 6" msgstr "初期値: 6" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1280 +#: sssd.conf.5.xml:1281 #, fuzzy #| msgid "enum_cache_timeout (integer)" msgid "memcache_size_initgroups (integer)" msgstr "enum_cache_timeout (整数)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1283 +#: sssd.conf.5.xml:1284 msgid "" "Size (in megabytes) of the data table allocated inside fast in-memory cache " "for initgroups requests. Setting the size to 0 will disable the initgroups " @@ -1696,14 +1696,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1305 +#: sssd.conf.5.xml:1306 #, fuzzy #| msgid "enum_cache_timeout (integer)" msgid "memcache_size_sid (integer)" msgstr "enum_cache_timeout (整数)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1308 +#: sssd.conf.5.xml:1309 msgid "" "Size (in megabytes) of the data table allocated inside fast in-memory cache " "for SID related requests. Only SID-by-ID and ID-by-SID requests are " @@ -1712,12 +1712,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1332 sssd-ifp.5.xml:90 +#: sssd.conf.5.xml:1333 sssd-ifp.5.xml:90 msgid "user_attributes (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1335 +#: sssd.conf.5.xml:1336 msgid "" "Some of the additional NSS responder requests can return more attributes " "than just the POSIX ones defined by the NSS interface. The list of " @@ -1728,38 +1728,38 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1348 +#: sssd.conf.5.xml:1349 msgid "" "To make configuration more easy the NSS responder will check the InfoPipe " "option if it is not set for the NSS responder." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1353 +#: sssd.conf.5.xml:1354 msgid "Default: not set, fallback to InfoPipe option" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1358 +#: sssd.conf.5.xml:1359 msgid "pwfield (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1361 +#: sssd.conf.5.xml:1362 msgid "" "The value that NSS operations that return users or groups will return for " "the <quote>password</quote> field." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1366 +#: sssd.conf.5.xml:1367 #, fuzzy #| msgid "Default: <quote>permit</quote>" msgid "Default: <quote>*</quote>" msgstr "初期値: <quote>permit</quote>" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1369 +#: sssd.conf.5.xml:1370 #, fuzzy #| msgid "This option can also be set per-domain." msgid "" @@ -1768,7 +1768,7 @@ msgid "" msgstr "このオプションはドメインごとに設定できます。" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1373 +#: sssd.conf.5.xml:1374 msgid "" "Default: <quote>not set</quote> (remote domains), <phrase " "condition=\"with_files_provider\"> <quote>x</quote> (the files domain), </" @@ -1777,12 +1777,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:1385 +#: sssd.conf.5.xml:1386 msgid "PAM configuration options" msgstr "PAM 設定オプション" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:1387 +#: sssd.conf.5.xml:1388 msgid "" "These options can be used to configure the Pluggable Authentication Module " "(PAM) service." @@ -1791,12 +1791,12 @@ msgstr "" "ために使用できます。" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1392 +#: sssd.conf.5.xml:1393 msgid "offline_credentials_expiration (integer)" msgstr "offline_credentials_expiration (整数)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1395 +#: sssd.conf.5.xml:1396 msgid "" "If the authentication provider is offline, how long should we allow cached " "logins (in days since the last successful online login)." @@ -1805,17 +1805,17 @@ msgstr "" "ラインログインの最終成功からの日数)です。" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1400 sssd.conf.5.xml:1413 +#: sssd.conf.5.xml:1401 sssd.conf.5.xml:1414 msgid "Default: 0 (No limit)" msgstr "初期値: 0 (無制限)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1406 +#: sssd.conf.5.xml:1407 msgid "offline_failed_login_attempts (integer)" msgstr "offline_failed_login_attempts (整数)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1409 +#: sssd.conf.5.xml:1410 msgid "" "If the authentication provider is offline, how many failed login attempts " "are allowed." @@ -1823,12 +1823,12 @@ msgstr "" "認証プロバイダーがオフラインの場合、ログイン試行の失敗が許容される回数です。" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1419 +#: sssd.conf.5.xml:1420 msgid "offline_failed_login_delay (integer)" msgstr "offline_failed_login_delay (整数)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1422 +#: sssd.conf.5.xml:1423 msgid "" "The time in minutes which has to pass after offline_failed_login_attempts " "has been reached before a new login attempt is possible." @@ -1837,7 +1837,7 @@ msgstr "" "渡される分単位の時間です。" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1427 +#: sssd.conf.5.xml:1428 msgid "" "If set to 0 the user cannot authenticate offline if " "offline_failed_login_attempts has been reached. Only a successful online " @@ -1848,17 +1848,17 @@ msgstr "" "効にできます。" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1433 sssd.conf.5.xml:1543 +#: sssd.conf.5.xml:1434 sssd.conf.5.xml:1544 msgid "Default: 5" msgstr "初期値: 5" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1439 +#: sssd.conf.5.xml:1440 msgid "pam_verbosity (integer)" msgstr "pam_verbosity (整数)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1442 +#: sssd.conf.5.xml:1443 msgid "" "Controls what kind of messages are shown to the user during authentication. " "The higher the number to more messages are displayed." @@ -1867,44 +1867,44 @@ msgstr "" "きいほどメッセージが表示されます。" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1447 +#: sssd.conf.5.xml:1448 msgid "Currently sssd supports the following values:" msgstr "現在 sssd は以下の値をサポートします:" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1450 +#: sssd.conf.5.xml:1451 msgid "<emphasis>0</emphasis>: do not show any message" msgstr "<emphasis>0</emphasis>: 何もメッセージを表示しない" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1453 +#: sssd.conf.5.xml:1454 msgid "<emphasis>1</emphasis>: show only important messages" msgstr "<emphasis>1</emphasis>: 重要なメッセージのみを表示する" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1457 +#: sssd.conf.5.xml:1458 msgid "<emphasis>2</emphasis>: show informational messages" msgstr "<emphasis>2</emphasis>: 情報レベルのメッセージを表示する" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1460 +#: sssd.conf.5.xml:1461 msgid "<emphasis>3</emphasis>: show all messages and debug information" msgstr "<emphasis>3</emphasis>: すべてのメッセージとデバッグ情報を表示する" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1464 sssd.8.xml:63 +#: sssd.conf.5.xml:1465 sssd.8.xml:63 msgid "Default: 1" msgstr "初期値: 1" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1470 +#: sssd.conf.5.xml:1471 #, fuzzy #| msgid "ldap_access_filter (string)" msgid "pam_response_filter (string)" msgstr "ldap_access_filter (文字列)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1473 +#: sssd.conf.5.xml:1474 msgid "" "A comma separated list of strings which allows to remove (filter) data sent " "by the PAM responder to pam_sss PAM module. There are different kind of " @@ -1913,51 +1913,51 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1481 +#: sssd.conf.5.xml:1482 msgid "" "While messages already can be controlled with the help of the pam_verbosity " "option this option allows to filter out other kind of responses as well." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1488 +#: sssd.conf.5.xml:1489 msgid "ENV" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1489 +#: sssd.conf.5.xml:1490 msgid "Do not send any environment variables to any service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1492 +#: sssd.conf.5.xml:1493 msgid "ENV:var_name" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1493 +#: sssd.conf.5.xml:1494 msgid "Do not send environment variable var_name to any service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1497 +#: sssd.conf.5.xml:1498 msgid "ENV:var_name:service" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1498 +#: sssd.conf.5.xml:1499 msgid "Do not send environment variable var_name to service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1486 +#: sssd.conf.5.xml:1487 msgid "" "Currently the following filters are supported: <placeholder " "type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1505 +#: sssd.conf.5.xml:1506 msgid "" "The list of strings can either be the list of filters which would set this " "list of filters and overwrite the defaults. Or each element of the list can " @@ -1968,23 +1968,23 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1516 +#: sssd.conf.5.xml:1517 msgid "Default: ENV:KRB5CCNAME:sudo, ENV:KRB5CCNAME:sudo-i" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1519 +#: sssd.conf.5.xml:1520 msgid "" "Example: -ENV:KRB5CCNAME:sudo-i will remove the filter from the default list" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1526 +#: sssd.conf.5.xml:1527 msgid "pam_id_timeout (integer)" msgstr "pam_id_timeout (整数)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1529 +#: sssd.conf.5.xml:1530 msgid "" "For any PAM request while SSSD is online, the SSSD will attempt to " "immediately update the cached identity information for the user in order to " @@ -1994,7 +1994,7 @@ msgstr "" "されるよう、SSSD は直ちにキャッシュされた識別情報を更新しようとします。" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1535 +#: sssd.conf.5.xml:1536 msgid "" "A complete PAM conversation may perform multiple PAM requests, such as " "account management and session opening. This option controls (on a per-" @@ -2007,17 +2007,17 @@ msgstr "" "アプリケーションごとに)制御します。" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1549 +#: sssd.conf.5.xml:1550 msgid "pam_pwd_expiration_warning (integer)" msgstr "pam_pwd_expiration_warning (整数)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1552 sssd.conf.5.xml:2987 +#: sssd.conf.5.xml:1553 sssd.conf.5.xml:2988 msgid "Display a warning N days before the password expires." msgstr "パスワードの期限が切れる前に N 日間警告を表示します。" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1555 +#: sssd.conf.5.xml:1556 msgid "" "Please note that the backend server has to provide information about the " "expiration time of the password. If this information is missing, sssd " @@ -2027,31 +2027,31 @@ msgstr "" "ことに注意してください。この情報がなければ、sssd は警告を表示します。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1561 sssd.conf.5.xml:2990 +#: sssd.conf.5.xml:1562 sssd.conf.5.xml:2991 msgid "" "If zero is set, then this filter is not applied, i.e. if the expiration " "warning was received from backend server, it will automatically be displayed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1566 +#: sssd.conf.5.xml:1567 msgid "" "This setting can be overridden by setting <emphasis>pwd_expiration_warning</" "emphasis> for a particular domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1571 sssd.conf.5.xml:3976 sssd-ldap.5.xml:606 sssd.8.xml:79 +#: sssd.conf.5.xml:1572 sssd.conf.5.xml:3977 sssd-ldap.5.xml:606 sssd.8.xml:79 msgid "Default: 0" msgstr "初期値: 0" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1588 +#: sssd.conf.5.xml:1589 msgid "pam_trusted_users (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1591 +#: sssd.conf.5.xml:1592 msgid "" "Specifies the comma-separated list of UID values or user names that are " "allowed to run PAM conversations against trusted domains. Users not " @@ -2061,75 +2061,75 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1601 +#: sssd.conf.5.xml:1602 msgid "Default: All users are considered trusted by default" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1605 +#: sssd.conf.5.xml:1606 msgid "" "Please note that UID 0 is always allowed to access the PAM responder even in " "case it is not in the pam_trusted_users list." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1612 +#: sssd.conf.5.xml:1613 msgid "pam_public_domains (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1615 +#: sssd.conf.5.xml:1616 msgid "" "Specifies the comma-separated list of domain names that are accessible even " "to untrusted users." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1619 +#: sssd.conf.5.xml:1620 msgid "Two special values for pam_public_domains option are defined:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1623 +#: sssd.conf.5.xml:1624 msgid "" "all (Untrusted users are allowed to access all domains in PAM responder.)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1627 +#: sssd.conf.5.xml:1628 msgid "" "none (Untrusted users are not allowed to access any domains PAM in " "responder.)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1631 sssd.conf.5.xml:1656 sssd.conf.5.xml:1675 -#: sssd.conf.5.xml:1912 sssd.conf.5.xml:2732 sssd.conf.5.xml:3905 +#: sssd.conf.5.xml:1632 sssd.conf.5.xml:1657 sssd.conf.5.xml:1676 +#: sssd.conf.5.xml:1913 sssd.conf.5.xml:2733 sssd.conf.5.xml:3906 #: sssd-ldap.5.xml:1207 msgid "Default: none" msgstr "初期値: none" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1636 +#: sssd.conf.5.xml:1637 msgid "pam_account_expired_message (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1639 +#: sssd.conf.5.xml:1640 msgid "" "Allows a custom expiration message to be set, replacing the default " "'Permission denied' message." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1644 +#: sssd.conf.5.xml:1645 msgid "" "Note: Please be aware that message is only printed for the SSH service " "unless pam_verbosity is set to 3 (show all messages and debug information)." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1652 +#: sssd.conf.5.xml:1653 #, no-wrap msgid "" "pam_account_expired_message = Account expired, please contact help desk.\n" @@ -2137,19 +2137,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1661 +#: sssd.conf.5.xml:1662 msgid "pam_account_locked_message (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1664 +#: sssd.conf.5.xml:1665 msgid "" "Allows a custom lockout message to be set, replacing the default 'Permission " "denied' message." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1671 +#: sssd.conf.5.xml:1672 #, no-wrap msgid "" "pam_account_locked_message = Account locked, please contact help desk.\n" @@ -2157,19 +2157,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1680 +#: sssd.conf.5.xml:1681 #, fuzzy #| msgid "ldap_chpass_update_last_change (bool)" msgid "pam_passkey_auth (bool)" msgstr "ldap_chpass_update_last_change (論理値)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1683 +#: sssd.conf.5.xml:1684 msgid "Enable passkey device based authentication." msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1686 sssd.conf.5.xml:1697 sssd.conf.5.xml:1711 +#: sssd.conf.5.xml:1687 sssd.conf.5.xml:1698 sssd.conf.5.xml:1712 #: sssd-ldap.5.xml:671 sssd-ldap.5.xml:692 sssd-ldap.5.xml:788 #: sssd-ldap.5.xml:1293 sssd-ad.5.xml:505 sssd-ad.5.xml:581 sssd-ad.5.xml:1126 #: sssd-ad.5.xml:1175 include/ldap_id_mapping.xml:250 @@ -2177,22 +2177,22 @@ msgid "Default: False" msgstr "初期値: 偽" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1691 +#: sssd.conf.5.xml:1692 msgid "passkey_debug_libfido2 (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1694 +#: sssd.conf.5.xml:1695 msgid "Enable libfido2 library debug messages." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1702 +#: sssd.conf.5.xml:1703 msgid "pam_cert_auth (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1705 +#: sssd.conf.5.xml:1706 msgid "" "Enable certificate based Smartcard authentication. Since this requires " "additional communication with the Smartcard which will delay the " @@ -2200,36 +2200,36 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1716 +#: sssd.conf.5.xml:1717 msgid "pam_cert_db_path (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1719 +#: sssd.conf.5.xml:1720 msgid "The path to the certificate database." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1722 sssd.conf.5.xml:2247 sssd.conf.5.xml:4308 +#: sssd.conf.5.xml:1723 sssd.conf.5.xml:2248 sssd.conf.5.xml:4354 msgid "Default:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1724 sssd.conf.5.xml:2249 +#: sssd.conf.5.xml:1725 sssd.conf.5.xml:2250 msgid "" "/etc/sssd/pki/sssd_auth_ca_db.pem (path to a file with trusted CA " "certificates in PEM format)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1734 +#: sssd.conf.5.xml:1735 #, fuzzy #| msgid "ipa_automount_location (string)" msgid "pam_cert_verification (string)" msgstr "ipa_automount_location (文字列)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1737 +#: sssd.conf.5.xml:1738 msgid "" "With this parameter the PAM certificate verification can be tuned with a " "comma separated list of options that override the " @@ -2239,7 +2239,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1748 +#: sssd.conf.5.xml:1749 #, fuzzy, no-wrap #| msgid "" #| "fallback_homedir = /home/%u\n" @@ -2252,61 +2252,61 @@ msgstr "" " " #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1752 +#: sssd.conf.5.xml:1753 msgid "" "Default: not set, i.e. use default <quote>certificate_verification</quote> " "option defined in <quote>[sssd]</quote> section." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1759 +#: sssd.conf.5.xml:1760 msgid "p11_child_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1762 +#: sssd.conf.5.xml:1763 msgid "How many seconds will pam_sss wait for p11_child to finish." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1771 +#: sssd.conf.5.xml:1772 #, fuzzy #| msgid "pam_id_timeout (integer)" msgid "passkey_child_timeout (integer)" msgstr "pam_id_timeout (整数)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1774 +#: sssd.conf.5.xml:1775 msgid "" "How many seconds will the PAM responder wait for passkey_child to finish." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1783 +#: sssd.conf.5.xml:1784 msgid "pam_app_services (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1786 +#: sssd.conf.5.xml:1787 msgid "" "Which PAM services are permitted to contact domains of type " "<quote>application</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1795 +#: sssd.conf.5.xml:1796 msgid "pam_p11_allowed_services (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1798 +#: sssd.conf.5.xml:1799 msgid "" "A comma-separated list of PAM service names for which it will be allowed to " "use Smartcards." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1813 +#: sssd.conf.5.xml:1814 #, no-wrap msgid "" "pam_p11_allowed_services = +my_pam_service, -login\n" @@ -2314,7 +2314,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1802 +#: sssd.conf.5.xml:1803 msgid "" "It is possible to add another PAM service name to the default set by using " "<quote>+service_name</quote> or to explicitly remove a PAM service name from " @@ -2326,63 +2326,63 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1817 sssd-ad.5.xml:644 sssd-ad.5.xml:753 sssd-ad.5.xml:811 +#: sssd.conf.5.xml:1818 sssd-ad.5.xml:644 sssd-ad.5.xml:753 sssd-ad.5.xml:811 #: sssd-ad.5.xml:869 sssd-ad.5.xml:947 msgid "Default: the default set of PAM service names includes:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1822 sssd-ad.5.xml:648 +#: sssd.conf.5.xml:1823 sssd-ad.5.xml:648 msgid "login" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1827 sssd-ad.5.xml:653 +#: sssd.conf.5.xml:1828 sssd-ad.5.xml:653 msgid "su" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1832 sssd-ad.5.xml:658 +#: sssd.conf.5.xml:1833 sssd-ad.5.xml:658 msgid "su-l" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1837 sssd-ad.5.xml:673 +#: sssd.conf.5.xml:1838 sssd-ad.5.xml:673 msgid "gdm-smartcard" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1842 sssd-ad.5.xml:668 +#: sssd.conf.5.xml:1843 sssd-ad.5.xml:668 msgid "gdm-password" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1847 sssd-ad.5.xml:678 +#: sssd.conf.5.xml:1848 sssd-ad.5.xml:678 msgid "kdm" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1852 sssd-ad.5.xml:956 +#: sssd.conf.5.xml:1853 sssd-ad.5.xml:956 msgid "sudo" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1857 sssd-ad.5.xml:961 +#: sssd.conf.5.xml:1858 sssd-ad.5.xml:961 msgid "sudo-i" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1862 +#: sssd.conf.5.xml:1863 msgid "gnome-screensaver" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1870 +#: sssd.conf.5.xml:1871 msgid "p11_wait_for_card_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1873 +#: sssd.conf.5.xml:1874 msgid "" "If Smartcard authentication is required how many extra seconds in addition " "to p11_child_timeout should the PAM responder wait until a Smartcard is " @@ -2390,12 +2390,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1884 +#: sssd.conf.5.xml:1885 msgid "p11_uri (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1887 +#: sssd.conf.5.xml:1888 msgid "" "PKCS#11 URI (see RFC-7512 for details) which can be used to restrict the " "selection of devices used for Smartcard authentication. By default SSSD's " @@ -2406,7 +2406,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1900 +#: sssd.conf.5.xml:1901 #, no-wrap msgid "" "p11_uri = pkcs11:slot-description=My%20Smartcard%20Reader\n" @@ -2414,7 +2414,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1904 +#: sssd.conf.5.xml:1905 #, no-wrap msgid "" "p11_uri = pkcs11:library-description=OpenSC%20smartcard%20framework;slot-id=2\n" @@ -2422,7 +2422,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1898 +#: sssd.conf.5.xml:1899 msgid "" "Example: <placeholder type=\"programlisting\" id=\"0\"/> or <placeholder " "type=\"programlisting\" id=\"1\"/> To find suitable URI please check the " @@ -2431,47 +2431,47 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1917 +#: sssd.conf.5.xml:1918 msgid "pam_initgroups_scheme" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1925 +#: sssd.conf.5.xml:1926 msgid "always" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1926 +#: sssd.conf.5.xml:1927 msgid "" "Always do an online lookup, please note that pam_id_timeout still applies" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1930 +#: sssd.conf.5.xml:1931 msgid "no_session" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1931 +#: sssd.conf.5.xml:1932 msgid "" "Only do an online lookup if there is no active session of the user, i.e. if " "the user is currently not logged in" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1936 +#: sssd.conf.5.xml:1937 msgid "never" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1937 +#: sssd.conf.5.xml:1938 msgid "" "Never force an online lookup, use the data from the cache as long as they " "are not expired" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1920 +#: sssd.conf.5.xml:1921 msgid "" "The PAM responder can force an online lookup to get the current group " "memberships of the user trying to log in. This option controls when this " @@ -2480,17 +2480,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1944 +#: sssd.conf.5.xml:1945 msgid "Default: no_session" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1949 sssd.conf.5.xml:4247 +#: sssd.conf.5.xml:1950 sssd.conf.5.xml:4293 msgid "pam_gssapi_services" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1952 +#: sssd.conf.5.xml:1953 #, fuzzy #| msgid "Comma separated list of users who are allowed to log in." msgid "" @@ -2499,13 +2499,13 @@ msgid "" msgstr "ログインが許可されたユーザーのカンマ区切り一覧です。" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1957 +#: sssd.conf.5.xml:1958 msgid "" "To disable GSSAPI authentication, set this option to <quote>-</quote> (dash)." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1961 sssd.conf.5.xml:1992 sssd.conf.5.xml:2030 +#: sssd.conf.5.xml:1962 sssd.conf.5.xml:1993 sssd.conf.5.xml:2031 msgid "" "Note: This option can also be set per-domain which overwrites the value in " "[pam] section. It can also be set for trusted domain which overwrites the " @@ -2513,7 +2513,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1969 +#: sssd.conf.5.xml:1970 #, fuzzy, no-wrap #| msgid "" #| "fallback_homedir = /home/%u\n" @@ -2526,22 +2526,22 @@ msgstr "" " " #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1967 sssd.conf.5.xml:3899 +#: sssd.conf.5.xml:1968 sssd.conf.5.xml:3900 msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1973 +#: sssd.conf.5.xml:1974 msgid "Default: - (GSSAPI authentication is disabled)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1978 sssd.conf.5.xml:4248 +#: sssd.conf.5.xml:1979 sssd.conf.5.xml:4294 msgid "pam_gssapi_check_upn" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1981 +#: sssd.conf.5.xml:1982 msgid "" "If True, SSSD will require that the Kerberos user principal that " "successfully authenticated through GSSAPI can be associated with the user " @@ -2549,25 +2549,25 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1988 +#: sssd.conf.5.xml:1989 msgid "" "If False, every user that is able to obtained required service ticket will " "be authenticated." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1998 sssd-ad.5.xml:1266 sss_rpcidmapd.5.xml:76 +#: sssd.conf.5.xml:1999 sssd-ad.5.xml:1266 sss_rpcidmapd.5.xml:76 #: sssd-files.5.xml:145 msgid "Default: True" msgstr "初期値: True" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2003 +#: sssd.conf.5.xml:2004 msgid "pam_gssapi_indicators_map" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2006 +#: sssd.conf.5.xml:2007 msgid "" "Comma separated list of authentication indicators required to be present in " "a Kerberos ticket to access a PAM service that is allowed to try GSSAPI " @@ -2575,7 +2575,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2012 +#: sssd.conf.5.xml:2013 msgid "" "Each element of the list can be either an authentication indicator name or a " "pair <quote>service:indicator</quote>. Indicators not prefixed with the PAM " @@ -2590,7 +2590,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2025 +#: sssd.conf.5.xml:2026 msgid "" "To disable GSSAPI authentication indicator check, set this option to <quote>-" "</quote> (dash). To disable the check for a specific PAM service, add " @@ -2598,45 +2598,45 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2036 +#: sssd.conf.5.xml:2037 msgid "" "Following authentication indicators are supported by IPA Kerberos " "deployments:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2039 +#: sssd.conf.5.xml:2040 msgid "" "pkinit -- pre-authentication using X.509 certificates -- whether stored in " "files or on smart cards." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2042 +#: sssd.conf.5.xml:2043 msgid "" "hardened -- SPAKE pre-authentication or any pre-authentication wrapped in a " "FAST channel." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2045 +#: sssd.conf.5.xml:2046 msgid "radius -- pre-authentication with the help of a RADIUS server." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2048 +#: sssd.conf.5.xml:2049 msgid "" "otp -- pre-authentication using integrated two-factor authentication (2FA or " "one-time password, OTP) in IPA." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2051 +#: sssd.conf.5.xml:2052 msgid "idp -- pre-authentication using external identity provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:2061 +#: sssd.conf.5.xml:2062 #, no-wrap msgid "" "pam_gssapi_indicators_map = sudo:pkinit, sudo-i:pkinit\n" @@ -2644,7 +2644,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2056 +#: sssd.conf.5.xml:2057 msgid "" "Example: to require access to SUDO services only for users which obtained " "their Kerberos tickets with a X.509 certificate pre-authentication (PKINIT), " @@ -2652,19 +2652,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2065 +#: sssd.conf.5.xml:2066 #, fuzzy #| msgid "Default: not set (no substitution for unset home directories)" msgid "Default: not set (use of authentication indicators is not required)" msgstr "初期値: 設定なし (ホームディレクトリーの設定がない場合は代替なし)" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:2073 +#: sssd.conf.5.xml:2074 msgid "SUDO configuration options" msgstr "SUDO 設定オプション" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2075 +#: sssd.conf.5.xml:2076 msgid "" "These options can be used to configure the sudo service. The detailed " "instructions for configuration of <citerefentry> <refentrytitle>sudo</" @@ -2675,12 +2675,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2092 +#: sssd.conf.5.xml:2093 msgid "sudo_timed (bool)" msgstr "sudo_timed (論理値)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2095 +#: sssd.conf.5.xml:2096 msgid "" "Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes " "that implement time-dependent sudoers entries." @@ -2689,12 +2689,12 @@ msgstr "" "を評価するかしないかです。" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2107 +#: sssd.conf.5.xml:2108 msgid "sudo_threshold (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2110 +#: sssd.conf.5.xml:2111 msgid "" "Maximum number of expired rules that can be refreshed at once. If number of " "expired rules is below threshold, those rules are refreshed with " @@ -2704,22 +2704,22 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:2129 +#: sssd.conf.5.xml:2130 msgid "AUTOFS configuration options" msgstr "Autofs 設定オプション" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2131 +#: sssd.conf.5.xml:2132 msgid "These options can be used to configure the autofs service." msgstr "これらのオプションが autofs サービスを設定するために使用されます。" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2135 +#: sssd.conf.5.xml:2136 msgid "autofs_negative_timeout (integer)" msgstr "autofs_negative_timeout (整数)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2138 +#: sssd.conf.5.xml:2139 msgid "" "Specifies for how many seconds should the autofs responder negative cache " "hits (that is, queries for invalid map entries, like nonexistent ones) " @@ -2730,51 +2730,51 @@ msgstr "" "ヒットする秒数を指定します。" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:2154 +#: sssd.conf.5.xml:2155 msgid "SSH configuration options" msgstr "SSH 設定オプション" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2156 +#: sssd.conf.5.xml:2157 msgid "These options can be used to configure the SSH service." msgstr "これらのオプションは SSH サービスを設定するために使用されます。" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2160 +#: sssd.conf.5.xml:2161 msgid "ssh_hash_known_hosts (bool)" msgstr "ssh_hash_known_hosts (論理値)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2163 +#: sssd.conf.5.xml:2164 msgid "" "Whether or not to hash host names and addresses in the managed known_hosts " "file." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2172 +#: sssd.conf.5.xml:2173 msgid "ssh_known_hosts_timeout (integer)" msgstr "ssh_known_hosts_timeout (整数)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2175 +#: sssd.conf.5.xml:2176 msgid "" "How many seconds to keep a host in the managed known_hosts file after its " "host keys were requested." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2179 +#: sssd.conf.5.xml:2180 msgid "Default: 180" msgstr "初期値: 180" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2184 +#: sssd.conf.5.xml:2185 msgid "ssh_use_certificate_keys (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2187 +#: sssd.conf.5.xml:2188 msgid "" "If set to true the <command>sss_ssh_authorizedkeys</command> will return ssh " "keys derived from the public key of X.509 certificates stored in the user " @@ -2783,12 +2783,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2202 +#: sssd.conf.5.xml:2203 msgid "ssh_use_certificate_matching_rules (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2205 +#: sssd.conf.5.xml:2206 msgid "" "By default the ssh responder will use all available certificate matching " "rules to filter the certificates so that ssh keys are only derived from the " @@ -2798,7 +2798,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2214 +#: sssd.conf.5.xml:2215 msgid "" "There are two special key words 'all_rules' and 'no_rules' which will enable " "all or no rules, respectively. The latter means that no certificates will be " @@ -2806,7 +2806,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2221 +#: sssd.conf.5.xml:2222 msgid "" "If no rules are configured using 'all_rules' will enable a default rule " "which enables all certificates suitable for client authentication. This is " @@ -2815,38 +2815,38 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2228 +#: sssd.conf.5.xml:2229 msgid "" "A non-existing rule name is considered an error. If as a result no rule is " "selected all certificates will be ignored." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2233 +#: sssd.conf.5.xml:2234 msgid "" "Default: not set, equivalent to 'all_rules', all found rules or the default " "rule are used" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2239 +#: sssd.conf.5.xml:2240 msgid "ca_db (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2242 +#: sssd.conf.5.xml:2243 msgid "" "Path to a storage of trusted CA certificates. The option is used to validate " "user certificates before deriving public ssh keys from them." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:2262 +#: sssd.conf.5.xml:2263 msgid "PAC responder configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2264 +#: sssd.conf.5.xml:2265 msgid "" "The PAC responder works together with the authorization data plugin for MIT " "Kerberos sssd_pac_plugin.so and a sub-domain provider. The plugin sends the " @@ -2857,7 +2857,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2273 +#: sssd.conf.5.xml:2274 msgid "" "If the remote user does not exist in the cache, it is created. The UID is " "determined with the help of the SID, trusted domains will have UPGs and the " @@ -2868,24 +2868,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2281 +#: sssd.conf.5.xml:2282 msgid "" "If there are SIDs of groups from domains sssd knows about, the user will be " "added to those groups." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2287 +#: sssd.conf.5.xml:2288 msgid "These options can be used to configure the PAC responder." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2291 sssd-ifp.5.xml:66 +#: sssd.conf.5.xml:2292 sssd-ifp.5.xml:66 msgid "allowed_uids (string)" msgstr "allowed_uids (文字列)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2294 +#: sssd.conf.5.xml:2295 msgid "" "Specifies the comma-separated list of UID values or user names that are " "allowed to access the PAC responder. User names are resolved to UIDs at " @@ -2893,12 +2893,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2300 +#: sssd.conf.5.xml:2301 msgid "Default: 0 (only the root user is allowed to access the PAC responder)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2304 +#: sssd.conf.5.xml:2305 msgid "" "Please note that although the UID 0 is used as the default it will be " "overwritten with this option. If you still want to allow the root user to " @@ -2907,26 +2907,26 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2313 +#: sssd.conf.5.xml:2314 msgid "pac_lifetime (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2316 +#: sssd.conf.5.xml:2317 msgid "" "Lifetime of the PAC entry in seconds. As long as the PAC is valid the PAC " "data can be used to determine the group memberships of a user." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2326 +#: sssd.conf.5.xml:2327 #, fuzzy #| msgid "ldap_schema (string)" msgid "pac_check (string)" msgstr "ldap_schema (文字列)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2329 +#: sssd.conf.5.xml:2330 msgid "" "Apply additional checks on the PAC of the Kerberos ticket which is available " "in Active Directory and FreeIPA domains, if configured. Please note that " @@ -2937,24 +2937,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2343 +#: sssd.conf.5.xml:2344 msgid "no_check" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2345 +#: sssd.conf.5.xml:2346 msgid "" "The PAC must not be present and even if it is present no additional checks " "will be done." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2351 +#: sssd.conf.5.xml:2352 msgid "pac_present" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2353 +#: sssd.conf.5.xml:2354 msgid "" "The PAC must be present in the service ticket which SSSD will request with " "the help of the user's TGT. If the PAC is not available the authentication " @@ -2962,24 +2962,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2361 +#: sssd.conf.5.xml:2362 msgid "check_upn" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2363 +#: sssd.conf.5.xml:2364 msgid "" "If the PAC is present check if the user principal name (UPN) information is " "consistent." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2369 +#: sssd.conf.5.xml:2370 msgid "check_upn_allow_missing" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2371 +#: sssd.conf.5.xml:2372 msgid "" "This option should be used together with 'check_upn' and handles the case " "where a UPN is set on the server-side but is not read by SSSD. The typical " @@ -2991,7 +2991,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2383 +#: sssd.conf.5.xml:2384 msgid "" "Currently this option is set by default to avoid regressions in such " "environments. A log message will be added to the system log and SSSD's debug " @@ -3002,41 +3002,41 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2397 +#: sssd.conf.5.xml:2398 msgid "upn_dns_info_present" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2399 +#: sssd.conf.5.xml:2400 msgid "The PAC must contain the UPN-DNS-INFO buffer, implies 'check_upn'." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2404 +#: sssd.conf.5.xml:2405 msgid "check_upn_dns_info_ex" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2406 +#: sssd.conf.5.xml:2407 msgid "" "If the PAC is present and the extension to the UPN-DNS-INFO buffer is " "available check if the information in the extension is consistent." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2413 +#: sssd.conf.5.xml:2414 msgid "upn_dns_info_ex_present" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2415 +#: sssd.conf.5.xml:2416 msgid "" "The PAC must contain the extension of the UPN-DNS-INFO buffer, implies " "'check_upn_dns_info_ex', 'upn_dns_info_present' and 'check_upn'." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2339 +#: sssd.conf.5.xml:2340 #, fuzzy #| msgid "" #| "The following expansions are supported: <placeholder " @@ -3049,19 +3049,19 @@ msgstr "" "id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2425 +#: sssd.conf.5.xml:2426 msgid "" "Default: no_check (AD and IPA provider 'check_upn, check_upn_allow_missing, " "check_upn_dns_info_ex')" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:2434 +#: sssd.conf.5.xml:2435 msgid "Session recording configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2436 +#: sssd.conf.5.xml:2437 msgid "" "Session recording works in conjunction with <citerefentry> " "<refentrytitle>tlog-rec-session</refentrytitle> <manvolnum>8</manvolnum> </" @@ -3071,66 +3071,66 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2449 +#: sssd.conf.5.xml:2450 msgid "These options can be used to configure session recording." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2453 sssd-session-recording.5.xml:64 +#: sssd.conf.5.xml:2454 sssd-session-recording.5.xml:64 msgid "scope (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2460 sssd-session-recording.5.xml:71 +#: sssd.conf.5.xml:2461 sssd-session-recording.5.xml:71 msgid "\"none\"" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2463 sssd-session-recording.5.xml:74 +#: sssd.conf.5.xml:2464 sssd-session-recording.5.xml:74 msgid "No users are recorded." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2468 sssd-session-recording.5.xml:79 +#: sssd.conf.5.xml:2469 sssd-session-recording.5.xml:79 msgid "\"some\"" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2471 sssd-session-recording.5.xml:82 +#: sssd.conf.5.xml:2472 sssd-session-recording.5.xml:82 msgid "" "Users/groups specified by <replaceable>users</replaceable> and " "<replaceable>groups</replaceable> options are recorded." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2480 sssd-session-recording.5.xml:91 +#: sssd.conf.5.xml:2481 sssd-session-recording.5.xml:91 msgid "\"all\"" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2483 sssd-session-recording.5.xml:94 +#: sssd.conf.5.xml:2484 sssd-session-recording.5.xml:94 msgid "All users are recorded." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2456 sssd-session-recording.5.xml:67 +#: sssd.conf.5.xml:2457 sssd-session-recording.5.xml:67 msgid "" "One of the following strings specifying the scope of session recording: " "<placeholder type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2490 sssd-session-recording.5.xml:101 +#: sssd.conf.5.xml:2491 sssd-session-recording.5.xml:101 msgid "Default: \"none\"" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2495 sssd-session-recording.5.xml:106 +#: sssd.conf.5.xml:2496 sssd-session-recording.5.xml:106 msgid "users (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2498 sssd-session-recording.5.xml:109 +#: sssd.conf.5.xml:2499 sssd-session-recording.5.xml:109 msgid "" "A comma-separated list of users which should have session recording enabled. " "Matches user names as returned by NSS. I.e. after the possible space " @@ -3141,17 +3141,17 @@ msgstr "" "の可能性がある場合には、その後になります。" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2504 sssd-session-recording.5.xml:115 +#: sssd.conf.5.xml:2505 sssd-session-recording.5.xml:115 msgid "Default: Empty. Matches no users." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2509 sssd-session-recording.5.xml:120 +#: sssd.conf.5.xml:2510 sssd-session-recording.5.xml:120 msgid "groups (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2512 sssd-session-recording.5.xml:123 +#: sssd.conf.5.xml:2513 sssd-session-recording.5.xml:123 msgid "" "A comma-separated list of groups, members of which should have session " "recording enabled. Matches group names as returned by NSS. I.e. after the " @@ -3162,7 +3162,7 @@ msgstr "" "文字の変更などの可能性がある場合には、その後になります。" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2518 sssd.conf.5.xml:2550 sssd-session-recording.5.xml:129 +#: sssd.conf.5.xml:2519 sssd.conf.5.xml:2551 sssd-session-recording.5.xml:129 #: sssd-session-recording.5.xml:161 msgid "" "NOTE: using this option (having it set to anything) has a considerable " @@ -3171,64 +3171,64 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2525 sssd-session-recording.5.xml:136 +#: sssd.conf.5.xml:2526 sssd-session-recording.5.xml:136 msgid "Default: Empty. Matches no groups." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2530 sssd-session-recording.5.xml:141 +#: sssd.conf.5.xml:2531 sssd-session-recording.5.xml:141 #, fuzzy #| msgid "simple_deny_users (string)" msgid "exclude_users (string)" msgstr "simple_deny_users (文字列)" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2533 sssd-session-recording.5.xml:144 +#: sssd.conf.5.xml:2534 sssd-session-recording.5.xml:144 msgid "" "A comma-separated list of users to be excluded from recording, only " "applicable with 'scope=all'." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2537 sssd-session-recording.5.xml:148 +#: sssd.conf.5.xml:2538 sssd-session-recording.5.xml:148 #, fuzzy #| msgid "Default: empty, i.e. ldap_uri is used." msgid "Default: Empty. No users excluded." msgstr "初期値: 空、つまり ldap_uri が使用されます。" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2542 sssd-session-recording.5.xml:153 +#: sssd.conf.5.xml:2543 sssd-session-recording.5.xml:153 #, fuzzy #| msgid "simple_deny_groups (string)" msgid "exclude_groups (string)" msgstr "simple_deny_groups (文字列)" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2545 sssd-session-recording.5.xml:156 +#: sssd.conf.5.xml:2546 sssd-session-recording.5.xml:156 msgid "" "A comma-separated list of groups, members of which should be excluded from " "recording. Only applicable with 'scope=all'." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2557 sssd-session-recording.5.xml:168 +#: sssd.conf.5.xml:2558 sssd-session-recording.5.xml:168 #, fuzzy #| msgid "Default: empty, i.e. ldap_uri is used." msgid "Default: Empty. No groups excluded." msgstr "初期値: 空、つまり ldap_uri が使用されます。" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:2567 +#: sssd.conf.5.xml:2568 msgid "DOMAIN SECTIONS" msgstr "ドメインセクション" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2574 +#: sssd.conf.5.xml:2575 msgid "enabled" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2577 +#: sssd.conf.5.xml:2578 msgid "" "Explicitly enable or disable the domain. If <quote>true</quote>, the domain " "is always <quote>enabled</quote>. If <quote>false</quote>, the domain is " @@ -3238,12 +3238,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2589 +#: sssd.conf.5.xml:2590 msgid "domain_type (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2592 +#: sssd.conf.5.xml:2593 msgid "" "Specifies whether the domain is meant to be used by POSIX-aware clients such " "as the Name Service Switch or by applications that do not need POSIX data to " @@ -3252,14 +3252,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2600 +#: sssd.conf.5.xml:2601 msgid "" "Allowed values for this option are <quote>posix</quote> and " "<quote>application</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2604 +#: sssd.conf.5.xml:2605 msgid "" "POSIX domains are reachable by all services. Application domains are only " "reachable from the InfoPipe responder (see <citerefentry> " @@ -3268,31 +3268,31 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2612 +#: sssd.conf.5.xml:2613 msgid "" "NOTE: The application domains are currently well tested with " "<quote>id_provider=ldap</quote> only." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2616 +#: sssd.conf.5.xml:2617 msgid "" "For an easy way to configure a non-POSIX domains, please see the " "<quote>Application domains</quote> section." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2620 +#: sssd.conf.5.xml:2621 msgid "Default: posix" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2626 +#: sssd.conf.5.xml:2627 msgid "min_id,max_id (integer)" msgstr "min_id,max_id (整数)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2629 +#: sssd.conf.5.xml:2630 msgid "" "UID and GID limits for the domain. If a domain contains an entry that is " "outside these limits, it is ignored." @@ -3301,7 +3301,7 @@ msgstr "" "トリーを含む場合、それは無視されます。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2634 +#: sssd.conf.5.xml:2635 msgid "" "For users, this affects the primary GID limit. The user will not be returned " "to NSS if either the UID or the primary GID is outside the range. For non-" @@ -3313,24 +3313,24 @@ msgstr "" "バーに対して、範囲内にあるものは予期されたものとして報告されます。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2641 +#: sssd.conf.5.xml:2642 msgid "" "These ID limits affect even saving entries to cache, not only returning them " "by name or ID." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2645 +#: sssd.conf.5.xml:2646 msgid "Default: 1 for min_id, 0 (no limit) for max_id" msgstr "初期値: min_id は 1, max_id は 0 (無制限)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2651 +#: sssd.conf.5.xml:2652 msgid "enumerate (bool)" msgstr "enumerate (論理値)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2654 +#: sssd.conf.5.xml:2655 msgid "" "Determines if a domain can be enumerated, that is, whether the domain can " "list all the users and group it contains. Note that it is not required to " @@ -3339,29 +3339,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2662 +#: sssd.conf.5.xml:2663 msgid "TRUE = Users and groups are enumerated" msgstr "TRUE = ユーザーとグループが列挙されます" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2665 +#: sssd.conf.5.xml:2666 msgid "FALSE = No enumerations for this domain" msgstr "FALSE = このドメインに対して列挙しません" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2668 sssd.conf.5.xml:2942 sssd.conf.5.xml:3119 +#: sssd.conf.5.xml:2669 sssd.conf.5.xml:2943 sssd.conf.5.xml:3120 msgid "Default: FALSE" msgstr "初期値: FALSE" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2671 +#: sssd.conf.5.xml:2672 msgid "" "Enumerating a domain requires SSSD to download and store ALL user and group " "entries from the remote server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2676 +#: sssd.conf.5.xml:2677 msgid "" "Note: Enabling enumeration has a moderate performance impact on SSSD while " "enumeration is running. It may take up to several minutes after SSSD startup " @@ -3375,7 +3375,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2691 +#: sssd.conf.5.xml:2692 msgid "" "While the first enumeration is running, requests for the complete user or " "group lists may return no results until it completes." @@ -3384,7 +3384,7 @@ msgstr "" "れが完了するまで結果を返しません。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2696 +#: sssd.conf.5.xml:2697 msgid "" "Further, enabling enumeration may increase the time necessary to detect " "network disconnection, as longer timeouts are required to ensure that " @@ -3397,39 +3397,39 @@ msgstr "" "てください。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2704 +#: sssd.conf.5.xml:2705 msgid "" "For the reasons cited above, enabling enumeration is not recommended, " "especially in large environments." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2712 +#: sssd.conf.5.xml:2713 msgid "subdomain_enumerate (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2719 +#: sssd.conf.5.xml:2720 msgid "all" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2720 +#: sssd.conf.5.xml:2721 msgid "All discovered trusted domains will be enumerated" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2723 +#: sssd.conf.5.xml:2724 msgid "none" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2724 +#: sssd.conf.5.xml:2725 msgid "No discovered trusted domains will be enumerated" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2715 +#: sssd.conf.5.xml:2716 msgid "" "Whether any of autodetected trusted domains should be enumerated. The " "supported values are: <placeholder type=\"variablelist\" id=\"0\"/> " @@ -3438,12 +3438,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2738 +#: sssd.conf.5.xml:2739 msgid "entry_cache_timeout (integer)" msgstr "entry_cache_timeout (整数)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2741 +#: sssd.conf.5.xml:2742 msgid "" "How many seconds should nss_sss consider entries valid before asking the " "backend again" @@ -3452,7 +3452,7 @@ msgstr "" "数です。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2745 +#: sssd.conf.5.xml:2746 msgid "" "The cache expiration timestamps are stored as attributes of individual " "objects in the cache. Therefore, changing the cache timeout only has effect " @@ -3463,17 +3463,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2758 +#: sssd.conf.5.xml:2759 msgid "Default: 5400" msgstr "初期値: 5400" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2764 +#: sssd.conf.5.xml:2765 msgid "entry_cache_user_timeout (integer)" msgstr "entry_cache_user_timeout (整数)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2767 +#: sssd.conf.5.xml:2768 msgid "" "How many seconds should nss_sss consider user entries valid before asking " "the backend again" @@ -3482,19 +3482,19 @@ msgstr "" "考える秒数です。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2771 sssd.conf.5.xml:2784 sssd.conf.5.xml:2797 -#: sssd.conf.5.xml:2810 sssd.conf.5.xml:2824 sssd.conf.5.xml:2837 -#: sssd.conf.5.xml:2851 sssd.conf.5.xml:2865 sssd.conf.5.xml:2878 +#: sssd.conf.5.xml:2772 sssd.conf.5.xml:2785 sssd.conf.5.xml:2798 +#: sssd.conf.5.xml:2811 sssd.conf.5.xml:2825 sssd.conf.5.xml:2838 +#: sssd.conf.5.xml:2852 sssd.conf.5.xml:2866 sssd.conf.5.xml:2879 msgid "Default: entry_cache_timeout" msgstr "初期値: entry_cache_timeout" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2777 +#: sssd.conf.5.xml:2778 msgid "entry_cache_group_timeout (integer)" msgstr "entry_cache_group_timeout (整数)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2780 +#: sssd.conf.5.xml:2781 msgid "" "How many seconds should nss_sss consider group entries valid before asking " "the backend again" @@ -3503,12 +3503,12 @@ msgstr "" "考える秒数です。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2790 +#: sssd.conf.5.xml:2791 msgid "entry_cache_netgroup_timeout (integer)" msgstr "entry_cache_netgroup_timeout (整数)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2793 +#: sssd.conf.5.xml:2794 msgid "" "How many seconds should nss_sss consider netgroup entries valid before " "asking the backend again" @@ -3517,12 +3517,12 @@ msgstr "" "有効であると考える秒数です。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2803 +#: sssd.conf.5.xml:2804 msgid "entry_cache_service_timeout (integer)" msgstr "entry_cache_service_timeout (整数)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2806 +#: sssd.conf.5.xml:2807 msgid "" "How many seconds should nss_sss consider service entries valid before asking " "the backend again" @@ -3531,48 +3531,48 @@ msgstr "" "考える秒数です。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2816 +#: sssd.conf.5.xml:2817 msgid "entry_cache_resolver_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2819 +#: sssd.conf.5.xml:2820 msgid "" "How many seconds should nss_sss consider hosts and networks entries valid " "before asking the backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2830 +#: sssd.conf.5.xml:2831 msgid "entry_cache_sudo_timeout (integer)" msgstr "entry_cache_sudo_timeout (integer)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2833 +#: sssd.conf.5.xml:2834 msgid "" "How many seconds should sudo consider rules valid before asking the backend " "again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2843 +#: sssd.conf.5.xml:2844 msgid "entry_cache_autofs_timeout (integer)" msgstr "entry_cache_autofs_timeout (整数)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2846 +#: sssd.conf.5.xml:2847 msgid "" "How many seconds should the autofs service consider automounter maps valid " "before asking the backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2857 +#: sssd.conf.5.xml:2858 msgid "entry_cache_ssh_host_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2860 +#: sssd.conf.5.xml:2861 msgid "" "How many seconds to keep a host ssh key after refresh. IE how long to cache " "the host key for." @@ -3581,31 +3581,31 @@ msgstr "" "秒キャッシュするか。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2871 +#: sssd.conf.5.xml:2872 msgid "entry_cache_computer_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2874 +#: sssd.conf.5.xml:2875 msgid "" "How many seconds to keep the local computer entry before asking the backend " "again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2884 +#: sssd.conf.5.xml:2885 msgid "refresh_expired_interval (integer)" msgstr "refresh_expired_interval (整数)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2887 +#: sssd.conf.5.xml:2888 msgid "" "Specifies how many seconds SSSD has to wait before triggering a background " "refresh task which will refresh all expired or nearly expired records." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2892 +#: sssd.conf.5.xml:2893 msgid "" "The background refresh will process users, groups and netgroups in the " "cache. For users who have performed the initgroups (get group membership for " @@ -3614,17 +3614,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2900 +#: sssd.conf.5.xml:2901 msgid "This option is automatically inherited for all trusted domains." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2904 +#: sssd.conf.5.xml:2905 msgid "You can consider setting this value to 3/4 * entry_cache_timeout." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2908 +#: sssd.conf.5.xml:2909 msgid "" "Cache entry will be refreshed by background task when 2/3 of cache timeout " "has already passed. If there are existing cached entries, the background " @@ -3636,18 +3636,18 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2921 sssd-ldap.5.xml:360 sssd-ldap.5.xml:1736 +#: sssd.conf.5.xml:2922 sssd-ldap.5.xml:360 sssd-ldap.5.xml:1736 #: sssd-ipa.5.xml:270 msgid "Default: 0 (disabled)" msgstr "初期値: 0 (無効)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2927 +#: sssd.conf.5.xml:2928 msgid "cache_credentials (bool)" msgstr "cache_credentials (論理値)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2930 +#: sssd.conf.5.xml:2931 #, fuzzy #| msgid "" #| "Determines if user credentials are also cached in the local LDB cache" @@ -3657,7 +3657,7 @@ msgstr "" "を決めます" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2934 +#: sssd.conf.5.xml:2935 msgid "" "Take a note that while credentials are stored as a salted SHA512 hash, this " "still potentially poses some security risk in case an attacker manages to " @@ -3666,12 +3666,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2948 +#: sssd.conf.5.xml:2949 msgid "cache_credentials_minimal_first_factor_length (int)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2951 +#: sssd.conf.5.xml:2952 msgid "" "If 2-Factor-Authentication (2FA) is used and credentials should be saved " "this value determines the minimal length the first authentication factor " @@ -3682,19 +3682,19 @@ msgstr "" "に保存する必要がある最小の長さを決定します。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2958 +#: sssd.conf.5.xml:2959 msgid "" "This should avoid that the short PINs of a PIN based 2FA scheme are saved in " "the cache which would make them easy targets for brute-force attacks." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2969 +#: sssd.conf.5.xml:2970 msgid "account_cache_expiration (integer)" msgstr "account_cache_expiration (整数)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2972 +#: sssd.conf.5.xml:2973 msgid "" "Number of days entries are left in cache after last successful login before " "being removed during a cleanup of the cache. 0 means keep forever. The " @@ -3706,17 +3706,17 @@ msgstr "" "offline_credentials_expiration と同等以上でなければいけません。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2979 +#: sssd.conf.5.xml:2980 msgid "Default: 0 (unlimited)" msgstr "初期値: 0 (無制限)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2984 +#: sssd.conf.5.xml:2985 msgid "pwd_expiration_warning (integer)" msgstr "pwd_expiration_warning (整数)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2995 +#: sssd.conf.5.xml:2996 msgid "" "Please note that the backend server has to provide information about the " "expiration time of the password. If this information is missing, sssd " @@ -3725,17 +3725,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3002 +#: sssd.conf.5.xml:3003 msgid "Default: 7 (Kerberos), 0 (LDAP)" msgstr "初期値: 7 (Kerberos), 0 (LDAP)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3008 +#: sssd.conf.5.xml:3009 msgid "id_provider (string)" msgstr "id_provider (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3011 +#: sssd.conf.5.xml:3012 msgid "" "The identification provider used for the domain. Supported ID providers are:" msgstr "" @@ -3743,12 +3743,12 @@ msgstr "" "ダーは次のとおりです:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3015 +#: sssd.conf.5.xml:3016 msgid "<quote>proxy</quote>: Support a legacy NSS provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3018 +#: sssd.conf.5.xml:3019 msgid "" "<quote>files</quote>: FILES provider. See <citerefentry> <refentrytitle>sssd-" "files</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more " @@ -3756,7 +3756,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3026 +#: sssd.conf.5.xml:3027 msgid "" "<quote>ldap</quote>: LDAP provider. See <citerefentry> <refentrytitle>sssd-" "ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more " @@ -3767,8 +3767,8 @@ msgstr "" "manvolnum> </citerefentry> を参照してください。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3034 sssd.conf.5.xml:3145 sssd.conf.5.xml:3196 -#: sssd.conf.5.xml:3259 +#: sssd.conf.5.xml:3035 sssd.conf.5.xml:3146 sssd.conf.5.xml:3197 +#: sssd.conf.5.xml:3260 msgid "" "<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management " "provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> " @@ -3781,8 +3781,8 @@ msgstr "" "い。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3043 sssd.conf.5.xml:3154 sssd.conf.5.xml:3205 -#: sssd.conf.5.xml:3268 +#: sssd.conf.5.xml:3044 sssd.conf.5.xml:3155 sssd.conf.5.xml:3206 +#: sssd.conf.5.xml:3269 msgid "" "<quote>ad</quote>: Active Directory provider. See <citerefentry> " "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3793,12 +3793,12 @@ msgstr "" "<manvolnum>5</manvolnum> </citerefentry> を参照してください。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3054 +#: sssd.conf.5.xml:3055 msgid "use_fully_qualified_names (bool)" msgstr "use_fully_qualified_names (論理値)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3057 +#: sssd.conf.5.xml:3058 msgid "" "Use the full name and domain (as formatted by the domain's full_name_format) " "as the user's login name reported to NSS." @@ -3807,7 +3807,7 @@ msgstr "" "名形式により整形されたように) を使用します。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3062 +#: sssd.conf.5.xml:3063 msgid "" "If set to TRUE, all requests to this domain must use fully qualified names. " "For example, if used in LOCAL domain that contains a \"test\" user, " @@ -3820,7 +3820,7 @@ msgstr "" "んが、<command>getent passwd test@LOCAL</command> は見つけられます。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3070 +#: sssd.conf.5.xml:3071 msgid "" "NOTE: This option has no effect on netgroup lookups due to their tendency to " "include nested netgroups without qualified names. For netgroups, all domains " @@ -3828,24 +3828,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3077 +#: sssd.conf.5.xml:3078 msgid "" "Default: FALSE (TRUE for trusted domain/sub-domains or if " "default_domain_suffix is used)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3084 +#: sssd.conf.5.xml:3085 msgid "ignore_group_members (bool)" msgstr "ignore_group_members (論理値)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3087 +#: sssd.conf.5.xml:3088 msgid "Do not return group members for group lookups." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3090 +#: sssd.conf.5.xml:3091 msgid "" "If set to TRUE, the group membership attribute is not requested from the " "ldap server, and group members are not returned when processing group lookup " @@ -3857,7 +3857,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3108 +#: sssd.conf.5.xml:3109 msgid "" "Enabling this option can also make access provider checks for group " "membership significantly faster, especially for groups containing many " @@ -3865,7 +3865,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3114 sssd.conf.5.xml:3821 sssd-ldap.5.xml:326 +#: sssd.conf.5.xml:3115 sssd.conf.5.xml:3822 sssd-ldap.5.xml:326 #: sssd-ldap.5.xml:355 sssd-ldap.5.xml:408 sssd-ldap.5.xml:468 #: sssd-ldap.5.xml:489 sssd-ldap.5.xml:520 sssd-ldap.5.xml:543 #: sssd-ldap.5.xml:582 sssd-ldap.5.xml:601 sssd-ldap.5.xml:625 @@ -3876,12 +3876,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3124 +#: sssd.conf.5.xml:3125 msgid "auth_provider (string)" msgstr "auth_provider (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3127 +#: sssd.conf.5.xml:3128 msgid "" "The authentication provider used for the domain. Supported auth providers " "are:" @@ -3890,7 +3890,7 @@ msgstr "" "ダーは次のとおりです:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3131 sssd.conf.5.xml:3189 +#: sssd.conf.5.xml:3132 sssd.conf.5.xml:3190 msgid "" "<quote>ldap</quote> for native LDAP authentication. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3901,7 +3901,7 @@ msgstr "" "manvolnum> </citerefentry> を参照してください。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3138 +#: sssd.conf.5.xml:3139 msgid "" "<quote>krb5</quote> for Kerberos authentication. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3912,19 +3912,19 @@ msgstr "" "manvolnum> </citerefentry> を参照してください。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3162 +#: sssd.conf.5.xml:3163 msgid "" "<quote>proxy</quote> for relaying authentication to some other PAM target." msgstr "" "<quote>proxy</quote> はいくつかの他の PAM ターゲットに認証を中継します。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3165 +#: sssd.conf.5.xml:3166 msgid "<quote>none</quote> disables authentication explicitly." msgstr "<quote>none</quote> は明示的に認証を無効化します。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3168 +#: sssd.conf.5.xml:3169 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can handle " "authentication requests." @@ -3933,12 +3933,12 @@ msgstr "" "ならば、それが使用されます。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3174 +#: sssd.conf.5.xml:3175 msgid "access_provider (string)" msgstr "access_provider (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3177 +#: sssd.conf.5.xml:3178 msgid "" "The access control provider used for the domain. There are two built-in " "access providers (in addition to any included in installed backends) " @@ -3949,7 +3949,7 @@ msgstr "" "えます)。内部の特別プロバイダーは次のとおりです:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3183 +#: sssd.conf.5.xml:3184 msgid "" "<quote>permit</quote> always allow access. It's the only permitted access " "provider for a local domain." @@ -3958,12 +3958,12 @@ msgstr "" "ロバイダーのみアクセスが許可されます。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3186 +#: sssd.conf.5.xml:3187 msgid "<quote>deny</quote> always deny access." msgstr "<quote>deny</quote> は常にアクセスを拒否します。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3213 +#: sssd.conf.5.xml:3214 msgid "" "<quote>simple</quote> access control based on access or deny lists. See " "<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</" @@ -3976,7 +3976,7 @@ msgstr "" "citerefentry> を参照してください。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3220 +#: sssd.conf.5.xml:3221 msgid "" "<quote>krb5</quote>: .k5login based access control. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum></" @@ -3984,22 +3984,22 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3227 +#: sssd.conf.5.xml:3228 msgid "<quote>proxy</quote> for relaying access control to another PAM module." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3230 +#: sssd.conf.5.xml:3231 msgid "Default: <quote>permit</quote>" msgstr "初期値: <quote>permit</quote>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3235 +#: sssd.conf.5.xml:3236 msgid "chpass_provider (string)" msgstr "chpass_provider (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3238 +#: sssd.conf.5.xml:3239 msgid "" "The provider which should handle change password operations for the domain. " "Supported change password providers are:" @@ -4008,7 +4008,7 @@ msgstr "" "パスワード変更プロバイダーは次のとおりです:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3243 +#: sssd.conf.5.xml:3244 msgid "" "<quote>ldap</quote> to change a password stored in a LDAP server. See " "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" @@ -4016,7 +4016,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3251 +#: sssd.conf.5.xml:3252 msgid "" "<quote>krb5</quote> to change the Kerberos password. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" @@ -4027,7 +4027,7 @@ msgstr "" "<manvolnum>5</manvolnum> </citerefentry> を参照してください。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3276 +#: sssd.conf.5.xml:3277 msgid "" "<quote>proxy</quote> for relaying password changes to some other PAM target." msgstr "" @@ -4035,12 +4035,12 @@ msgstr "" "します。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3280 +#: sssd.conf.5.xml:3281 msgid "<quote>none</quote> disallows password changes explicitly." msgstr "<quote>none</quote> は明示的にパスワードの変更を無効化します。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3283 +#: sssd.conf.5.xml:3284 msgid "" "Default: <quote>auth_provider</quote> is used if it is set and can handle " "change password requests." @@ -4049,19 +4049,19 @@ msgstr "" "うことができるならば、それが使用されます。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3290 +#: sssd.conf.5.xml:3291 msgid "sudo_provider (string)" msgstr "sudo_provider (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3293 +#: sssd.conf.5.xml:3294 msgid "The SUDO provider used for the domain. Supported SUDO providers are:" msgstr "" "ドメインに使用される SUDO プロバイダーです。サポートされる SUDO プロバイダー" "は次のとおりです:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3297 +#: sssd.conf.5.xml:3298 msgid "" "<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" @@ -4072,33 +4072,33 @@ msgstr "" "<manvolnum>5</manvolnum> </citerefentry> を参照します。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3305 +#: sssd.conf.5.xml:3306 msgid "" "<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default " "settings." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3309 +#: sssd.conf.5.xml:3310 msgid "" "<quote>ad</quote> the same as <quote>ldap</quote> but with AD default " "settings." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3313 +#: sssd.conf.5.xml:3314 msgid "<quote>none</quote> disables SUDO explicitly." msgstr "<quote>none</quote> は SUDO を明示的に無効化します。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3316 sssd.conf.5.xml:3402 sssd.conf.5.xml:3472 -#: sssd.conf.5.xml:3497 sssd.conf.5.xml:3533 +#: sssd.conf.5.xml:3317 sssd.conf.5.xml:3403 sssd.conf.5.xml:3473 +#: sssd.conf.5.xml:3498 sssd.conf.5.xml:3534 msgid "Default: The value of <quote>id_provider</quote> is used if it is set." msgstr "" "初期値: <quote>id_provider</quote> の値が設定されていると使用されます。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3320 +#: sssd.conf.5.xml:3321 msgid "" "The detailed instructions for configuration of sudo_provider are in the " "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " @@ -4109,7 +4109,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3335 +#: sssd.conf.5.xml:3336 msgid "" "<emphasis>NOTE:</emphasis> Sudo rules are periodically downloaded in the " "background unless the sudo provider is explicitly disabled. Set " @@ -4118,12 +4118,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3345 +#: sssd.conf.5.xml:3346 msgid "selinux_provider (string)" msgstr "selinux_provider (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3348 +#: sssd.conf.5.xml:3349 msgid "" "The provider which should handle loading of selinux settings. Note that this " "provider will be called right after access provider ends. Supported selinux " @@ -4131,7 +4131,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3354 +#: sssd.conf.5.xml:3355 msgid "" "<quote>ipa</quote> to load selinux settings from an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" @@ -4139,31 +4139,31 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3362 +#: sssd.conf.5.xml:3363 msgid "<quote>none</quote> disallows fetching selinux settings explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3365 +#: sssd.conf.5.xml:3366 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can handle " "selinux loading requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3371 +#: sssd.conf.5.xml:3372 msgid "subdomains_provider (string)" msgstr "subdomains_provider (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3374 +#: sssd.conf.5.xml:3375 msgid "" "The provider which should handle fetching of subdomains. This value should " "be always the same as id_provider. Supported subdomain providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3380 +#: sssd.conf.5.xml:3381 msgid "" "<quote>ipa</quote> to load a list of subdomains from an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" @@ -4171,7 +4171,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3389 +#: sssd.conf.5.xml:3390 msgid "" "<quote>ad</quote> to load a list of subdomains from an Active Directory " "server. See <citerefentry> <refentrytitle>sssd-ad</refentrytitle> " @@ -4180,17 +4180,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3398 +#: sssd.conf.5.xml:3399 msgid "<quote>none</quote> disallows fetching subdomains explicitly." msgstr "<quote>none</quote> はサブドメインの取り出しを明示的に無効化します。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3408 +#: sssd.conf.5.xml:3409 msgid "session_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3411 +#: sssd.conf.5.xml:3412 msgid "" "The provider which configures and manages user session related tasks. The " "only user session task currently provided is the integration with Fleet " @@ -4198,37 +4198,37 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3418 +#: sssd.conf.5.xml:3419 msgid "<quote>ipa</quote> to allow performing user session related tasks." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3422 +#: sssd.conf.5.xml:3423 msgid "" "<quote>none</quote> does not perform any kind of user session related tasks." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3426 +#: sssd.conf.5.xml:3427 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can perform " "session related tasks." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3430 +#: sssd.conf.5.xml:3431 msgid "" "<emphasis>NOTE:</emphasis> In order to have this feature working as expected " "SSSD must be running as \"root\" and not as the unprivileged user." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3438 +#: sssd.conf.5.xml:3439 msgid "autofs_provider (string)" msgstr "autofs_provider (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3441 +#: sssd.conf.5.xml:3442 msgid "" "The autofs provider used for the domain. Supported autofs providers are:" msgstr "" @@ -4236,7 +4236,7 @@ msgstr "" "プロバイダーは次のとおりです:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3445 +#: sssd.conf.5.xml:3446 msgid "" "<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" @@ -4247,7 +4247,7 @@ msgstr "" "<manvolnum>5</manvolnum> </citerefentry> を参照してください。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3452 +#: sssd.conf.5.xml:3453 msgid "" "<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> " "<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </" @@ -4258,7 +4258,7 @@ msgstr "" "<manvolnum>5</manvolnum> </citerefentry> を参照してください。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3460 +#: sssd.conf.5.xml:3461 msgid "" "<quote>ad</quote> to load maps stored in an AD server. See <citerefentry> " "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </" @@ -4266,17 +4266,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3469 +#: sssd.conf.5.xml:3470 msgid "<quote>none</quote> disables autofs explicitly." msgstr "<quote>none</quote> は明示的に autofs を無効にします。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3479 +#: sssd.conf.5.xml:3480 msgid "hostid_provider (string)" msgstr "hostid_provider (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3482 +#: sssd.conf.5.xml:3483 msgid "" "The provider used for retrieving host identity information. Supported " "hostid providers are:" @@ -4285,7 +4285,7 @@ msgstr "" "hostid プロバイダーは次のとおりです:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3486 +#: sssd.conf.5.xml:3487 msgid "" "<quote>ipa</quote> to load host identity stored in an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" @@ -4296,31 +4296,31 @@ msgstr "" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry> を参照してください。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3494 +#: sssd.conf.5.xml:3495 msgid "<quote>none</quote> disables hostid explicitly." msgstr "<quote>none</quote> は明示的に hostid を無効にします。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3504 +#: sssd.conf.5.xml:3505 msgid "resolver_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3507 +#: sssd.conf.5.xml:3508 msgid "" "The provider which should handle hosts and networks lookups. Supported " "resolver providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3511 +#: sssd.conf.5.xml:3512 msgid "" "<quote>proxy</quote> to forward lookups to another NSS library. See " "<quote>proxy_resolver_lib_name</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3515 +#: sssd.conf.5.xml:3516 msgid "" "<quote>ldap</quote> to fetch hosts and networks stored in LDAP. See " "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" @@ -4328,7 +4328,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3522 +#: sssd.conf.5.xml:3523 msgid "" "<quote>ad</quote> to fetch hosts and networks stored in AD. See " "<citerefentry> <refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</" @@ -4337,12 +4337,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3530 +#: sssd.conf.5.xml:3531 msgid "<quote>none</quote> disallows fetching hosts and networks explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3543 +#: sssd.conf.5.xml:3544 msgid "" "Regular expression for this domain that describes how to parse the string " "containing user name and domain into these components. The \"domain\" can " @@ -4352,24 +4352,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3552 +#: sssd.conf.5.xml:3553 msgid "" "Default: <quote>^((?P<name>.+)@(?P<domain>[^@]*)|(?P<name>" "[^@]+))$</quote> which allows two different styles for user names:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:3557 sssd.conf.5.xml:3571 +#: sssd.conf.5.xml:3558 sssd.conf.5.xml:3572 msgid "username" msgstr "username" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:3560 sssd.conf.5.xml:3574 +#: sssd.conf.5.xml:3561 sssd.conf.5.xml:3575 msgid "username@domain.name" msgstr "username@domain.name" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3565 +#: sssd.conf.5.xml:3566 msgid "" "Default for the AD and IPA provider: <quote>^(((?P<domain>[^\\\\]+)\\" "\\(?P<name>.+))|((?P<name>.+)@(?P<domain>[^@]+))|((?P<" @@ -4378,19 +4378,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:3577 +#: sssd.conf.5.xml:3578 msgid "domain\\username" msgstr "domain\\username" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3580 +#: sssd.conf.5.xml:3581 msgid "" "While the first two correspond to the general default the third one is " "introduced to allow easy integration of users from Windows domains." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3585 +#: sssd.conf.5.xml:3586 msgid "" "The default re_expression uses the <quote>@</quote> character as a separator " "between the name and the domain. As a result of this setting the default " @@ -4400,17 +4400,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3637 +#: sssd.conf.5.xml:3638 msgid "Default: <quote>%1$s@%2$s</quote>." msgstr "初期値: <quote>%1$s@%2$s</quote>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3643 +#: sssd.conf.5.xml:3644 msgid "lookup_family_order (string)" msgstr "lookup_family_order (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3646 +#: sssd.conf.5.xml:3647 msgid "" "Provides the ability to select preferred address family to use when " "performing DNS lookups." @@ -4419,80 +4419,80 @@ msgstr "" "します。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3650 +#: sssd.conf.5.xml:3651 msgid "Supported values:" msgstr "サポートする値:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3653 +#: sssd.conf.5.xml:3654 msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6" msgstr "" "ipv4_first: IPv4 アドレスの検索を試行します。失敗すると IPv6 を試行します。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3656 +#: sssd.conf.5.xml:3657 msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses." msgstr "" "ipv4_only: ホスト名を IPv4 アドレスに名前解決することのみを試行します。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3659 +#: sssd.conf.5.xml:3660 msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4" msgstr "" "ipv6_first: IPv6 アドレスの検索を試行します。失敗すると IPv4 を試行します。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3662 +#: sssd.conf.5.xml:3663 msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses." msgstr "" "ipv6_only: ホスト名を IPv6 アドレスに名前解決することのみを試行します。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3665 +#: sssd.conf.5.xml:3666 msgid "Default: ipv4_first" msgstr "初期値: ipv4_first" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3671 +#: sssd.conf.5.xml:3672 #, fuzzy #| msgid "dns_resolver_timeout (integer)" msgid "dns_resolver_server_timeout (integer)" msgstr "dns_resolver_timeout (整数)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3674 +#: sssd.conf.5.xml:3675 msgid "" "Defines the amount of time (in milliseconds) SSSD would try to talk to DNS " "server before trying next DNS server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3679 +#: sssd.conf.5.xml:3680 msgid "" "The AD provider will use this option for the CLDAP ping timeouts as well." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3683 sssd.conf.5.xml:3703 sssd.conf.5.xml:3724 +#: sssd.conf.5.xml:3684 sssd.conf.5.xml:3704 sssd.conf.5.xml:3725 msgid "" "Please see the section <quote>FAILOVER</quote> for more information about " "the service resolution." msgstr "" #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3688 sssd-ldap.5.xml:644 include/failover.xml:84 +#: sssd.conf.5.xml:3689 sssd-ldap.5.xml:644 include/failover.xml:84 msgid "Default: 1000" msgstr "初期値: 1000" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3694 +#: sssd.conf.5.xml:3695 #, fuzzy #| msgid "dns_resolver_timeout (integer)" msgid "dns_resolver_op_timeout (integer)" msgstr "dns_resolver_timeout (整数)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3697 +#: sssd.conf.5.xml:3698 msgid "" "Defines the amount of time (in seconds) to wait to resolve single DNS query " "(e.g. resolution of a hostname or an SRV record) before trying the next " @@ -4500,12 +4500,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3714 +#: sssd.conf.5.xml:3715 msgid "dns_resolver_timeout (integer)" msgstr "dns_resolver_timeout (整数)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3717 +#: sssd.conf.5.xml:3718 msgid "" "Defines the amount of time (in seconds) to wait for a reply from the " "internal fail over service before assuming that the service is unreachable. " @@ -4514,14 +4514,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3735 +#: sssd.conf.5.xml:3736 #, fuzzy #| msgid "dns_resolver_timeout (integer)" msgid "dns_resolver_use_search_list (bool)" msgstr "dns_resolver_timeout (整数)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3738 +#: sssd.conf.5.xml:3739 msgid "" "Normally, the DNS resolver searches the domain list defined in the " "\"search\" directive from the resolv.conf file. This can lead to delays in " @@ -4529,7 +4529,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3744 +#: sssd.conf.5.xml:3745 msgid "" "If fully qualified domain names (or _srv_) are used in the SSSD " "configuration, setting this option to FALSE can prevent unnecessary DNS " @@ -4537,17 +4537,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3750 +#: sssd.conf.5.xml:3751 msgid "Default: TRUE" msgstr "初期値: TRUE" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3756 +#: sssd.conf.5.xml:3757 msgid "dns_discovery_domain (string)" msgstr "dns_discovery_domain (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3759 +#: sssd.conf.5.xml:3760 msgid "" "If service discovery is used in the back end, specifies the domain part of " "the service discovery DNS query." @@ -4556,52 +4556,52 @@ msgstr "" "イン部分を指定します。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3763 +#: sssd.conf.5.xml:3764 msgid "Default: Use the domain part of machine's hostname" msgstr "初期値: マシンのホスト名のドメイン部分を使用します" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3769 +#: sssd.conf.5.xml:3770 msgid "override_gid (integer)" msgstr "override_gid (整数)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3772 +#: sssd.conf.5.xml:3773 msgid "Override the primary GID value with the one specified." msgstr "プライマリー GID の値を指定されたもので上書きします。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3778 +#: sssd.conf.5.xml:3779 msgid "case_sensitive (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3785 +#: sssd.conf.5.xml:3786 msgid "True" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3788 +#: sssd.conf.5.xml:3789 msgid "Case sensitive. This value is invalid for AD provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3794 +#: sssd.conf.5.xml:3795 msgid "False" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3796 +#: sssd.conf.5.xml:3797 msgid "Case insensitive." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3800 +#: sssd.conf.5.xml:3801 msgid "Preserving" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3803 +#: sssd.conf.5.xml:3804 msgid "" "Same as False (case insensitive), but does not lowercase names in the result " "of NSS operations. Note that name aliases (and in case of services also " @@ -4609,14 +4609,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3811 +#: sssd.conf.5.xml:3812 msgid "" "If you want to set this value for trusted domain with IPA provider, you need " "to set it on both the client and SSSD on the server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3781 +#: sssd.conf.5.xml:3782 #, fuzzy #| msgid "" #| "The following expansions are supported: <placeholder " @@ -4629,17 +4629,17 @@ msgstr "" "id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3826 +#: sssd.conf.5.xml:3827 msgid "Default: True (False for AD provider)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3832 +#: sssd.conf.5.xml:3833 msgid "subdomain_inherit (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3835 +#: sssd.conf.5.xml:3836 msgid "" "Specifies a list of configuration parameters that should be inherited by a " "subdomain. Please note that only selected parameters can be inherited. " @@ -4647,128 +4647,128 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3841 +#: sssd.conf.5.xml:3842 #, fuzzy #| msgid "ldap_search_timeout (integer)" msgid "ldap_search_timeout" msgstr "ldap_search_timeout (整数)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3844 +#: sssd.conf.5.xml:3845 #, fuzzy #| msgid "ldap_network_timeout (integer)" msgid "ldap_network_timeout" msgstr "ldap_network_timeout (整数)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3847 +#: sssd.conf.5.xml:3848 #, fuzzy #| msgid "ldap_opt_timeout (integer)" msgid "ldap_opt_timeout" msgstr "ldap_opt_timeout (整数)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3850 +#: sssd.conf.5.xml:3851 #, fuzzy #| msgid "ldap_connection_expire_timeout (integer)" msgid "ldap_offline_timeout" msgstr "ldap_connection_expire_timeout (整数)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3853 +#: sssd.conf.5.xml:3854 #, fuzzy #| msgid "ldap_enumeration_refresh_timeout (integer)" msgid "ldap_enumeration_refresh_timeout" msgstr "ldap_enumeration_refresh_timeout (整数)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3856 +#: sssd.conf.5.xml:3857 #, fuzzy #| msgid "ldap_enumeration_refresh_timeout (integer)" msgid "ldap_enumeration_refresh_offset" msgstr "ldap_enumeration_refresh_timeout (整数)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3859 +#: sssd.conf.5.xml:3860 msgid "ldap_purge_cache_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3862 +#: sssd.conf.5.xml:3863 #, fuzzy #| msgid "ldap_purge_cache_timeout (integer)" msgid "ldap_purge_cache_offset" msgstr "ldap_purge_cache_timeout (整数)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3865 +#: sssd.conf.5.xml:3866 msgid "" "ldap_krb5_keytab (the value of krb5_keytab will be used if ldap_krb5_keytab " "is not set explicitly)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3869 +#: sssd.conf.5.xml:3870 #, fuzzy #| msgid "ldap_krb5_ticket_lifetime (integer)" msgid "ldap_krb5_ticket_lifetime" msgstr "ldap_krb5_ticket_lifetime (整数)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3872 +#: sssd.conf.5.xml:3873 #, fuzzy #| msgid "ldap_enumeration_search_timeout (integer)" msgid "ldap_enumeration_search_timeout" msgstr "ldap_enumeration_search_timeout (整数)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3875 +#: sssd.conf.5.xml:3876 #, fuzzy #| msgid "ldap_connection_expire_timeout (integer)" msgid "ldap_connection_expire_timeout" msgstr "ldap_connection_expire_timeout (整数)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3878 +#: sssd.conf.5.xml:3879 #, fuzzy #| msgid "ldap_connection_expire_timeout (integer)" msgid "ldap_connection_expire_offset" msgstr "ldap_connection_expire_timeout (整数)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3881 +#: sssd.conf.5.xml:3882 #, fuzzy #| msgid "ldap_connection_expire_timeout (integer)" msgid "ldap_connection_idle_timeout" msgstr "ldap_connection_expire_timeout (整数)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3884 sssd-ldap.5.xml:400 +#: sssd.conf.5.xml:3885 sssd-ldap.5.xml:400 msgid "ldap_use_tokengroups" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3887 +#: sssd.conf.5.xml:3888 msgid "ldap_user_principal" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3890 +#: sssd.conf.5.xml:3891 msgid "ignore_group_members" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3893 +#: sssd.conf.5.xml:3894 msgid "auto_private_groups" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3896 +#: sssd.conf.5.xml:3897 msgid "case_sensitive" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:3901 +#: sssd.conf.5.xml:3902 #, no-wrap msgid "" "subdomain_inherit = ldap_purge_cache_timeout\n" @@ -4776,27 +4776,27 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3908 +#: sssd.conf.5.xml:3909 msgid "Note: This option only works with the IPA and AD provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3915 +#: sssd.conf.5.xml:3916 msgid "subdomain_homedir (string)" msgstr "subdomain_homedir (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3926 +#: sssd.conf.5.xml:3927 msgid "%F" msgstr "%F" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3927 +#: sssd.conf.5.xml:3928 msgid "flat (NetBIOS) name of a subdomain." msgstr "サブドメインのフラット (NetBIOS) 名。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3918 +#: sssd.conf.5.xml:3919 msgid "" "Use this homedir as default value for all subdomains within this domain in " "IPA AD trust. See <emphasis>override_homedir</emphasis> for info about " @@ -4806,35 +4806,35 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3932 +#: sssd.conf.5.xml:3933 msgid "" "The value can be overridden by <emphasis>override_homedir</emphasis> option." msgstr "" "値は <emphasis>override_homedir</emphasis> オプションにより上書きできます。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3936 +#: sssd.conf.5.xml:3937 msgid "Default: <filename>/home/%d/%u</filename>" msgstr "初期値: <filename>/home/%d/%u</filename>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3941 +#: sssd.conf.5.xml:3942 msgid "realmd_tags (string)" msgstr "realmd_tags (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3944 +#: sssd.conf.5.xml:3945 msgid "" "Various tags stored by the realmd configuration service for this domain." msgstr "このドメインのための realmd 設定サービスによって格納された様々なタグ。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3950 +#: sssd.conf.5.xml:3951 msgid "cached_auth_timeout (int)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3953 +#: sssd.conf.5.xml:3954 msgid "" "Specifies time in seconds since last successful online authentication for " "which user will be authenticated using cached credentials while SSSD is in " @@ -4843,19 +4843,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3961 +#: sssd.conf.5.xml:3962 msgid "" "This option's value is inherited by all trusted domains. At the moment it is " "not possible to set a different value per trusted domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3966 +#: sssd.conf.5.xml:3967 msgid "Special value 0 implies that this feature is disabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3970 +#: sssd.conf.5.xml:3971 msgid "" "Please note that if <quote>cached_auth_timeout</quote> is longer than " "<quote>pam_id_timeout</quote> then the back end could be called to handle " @@ -4863,24 +4863,87 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3981 +#: sssd.conf.5.xml:3982 +#, fuzzy +#| msgid "ldap_pwd_policy (string)" +msgid "local_auth_policy (string)" +msgstr "ldap_pwd_policy (文字列)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3985 +msgid "" +"Local authentication methods policy. Some backends (i.e. LDAP, proxy " +"provider) only support a password based authentication, while others can " +"handle PKINIT based Smartcard authentication (AD, IPA), two-factor " +"authentication (IPA), or other methods against a central instance. By " +"default in such cases authentication is only performed with the methods " +"supported by the backend." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3995 +msgid "" +"There are three possible values for this option: match, only, enable. " +"<quote>match</quote> is used to match offline and online states for Kerberos " +"methods. <quote>only</quote> ignores the online methods and only offer the " +"local ones. enable allows explicitly defining the methods for local " +"authentication. As an example, <quote>enable:passkey</quote>, only enables " +"passkey for local authentication. Multiple enable values should be comma-" +"separated, such as <quote>enable:passkey, enable:smartcard</quote>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:4011 +#, no-wrap +msgid "" +"[domain/shadowutils]\n" +"id_provider = proxy\n" +"proxy_lib_name = files\n" +"auth_provider = none\n" +"local_auth_policy = only\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4007 +msgid "" +"The following configuration example allows local users to authenticate " +"locally using any enabled method (i.e. smartcard, passkey). <placeholder " +"type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4019 +#, fuzzy +#| msgid "This option is not available in IPA provider." +msgid "This option is ignored for the files provider." +msgstr "このオプションは IPA プロバイダーにおいて利用可能ではありません。" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4022 +#, fuzzy +#| msgid "Default: cn" +msgid "Default: match" +msgstr "初期値: cn" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4027 msgid "auto_private_groups (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3987 +#: sssd.conf.5.xml:4033 msgid "true" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3990 +#: sssd.conf.5.xml:4036 msgid "" "Create user's private group unconditionally from user's UID number. The GID " "number is ignored in this case." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3994 +#: sssd.conf.5.xml:4040 msgid "" "NOTE: Because the GID number and the user private group are inferred from " "the UID number, it is not supported to have multiple entries with the same " @@ -4889,24 +4952,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4003 +#: sssd.conf.5.xml:4049 msgid "false" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4006 +#: sssd.conf.5.xml:4052 msgid "" "Always use the user's primary GID number. The GID number must refer to a " "group object in the LDAP database." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4012 +#: sssd.conf.5.xml:4058 msgid "hybrid" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4015 +#: sssd.conf.5.xml:4061 msgid "" "A primary group is autogenerated for user entries whose UID and GID numbers " "have the same value and at the same time the GID number does not correspond " @@ -4916,14 +4979,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4028 +#: sssd.conf.5.xml:4074 msgid "" "If the UID and GID of a user are different, then the GID must correspond to " "a group entry, otherwise the GID is simply not resolvable." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4035 +#: sssd.conf.5.xml:4081 msgid "" "This feature is useful for environments that wish to stop maintaining a " "separate group objects for the user private groups, but also wish to retain " @@ -4931,21 +4994,21 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3984 +#: sssd.conf.5.xml:4030 msgid "" "This option takes any of three available values: <placeholder " "type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4047 +#: sssd.conf.5.xml:4093 msgid "" "For subdomains, the default value is False for subdomains that use assigned " "POSIX IDs and True for subdomains that use automatic ID-mapping." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:4055 +#: sssd.conf.5.xml:4101 #, no-wrap msgid "" "[domain/forest.domain/sub.domain]\n" @@ -4953,7 +5016,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:4061 +#: sssd.conf.5.xml:4107 #, no-wrap msgid "" "[domain/forest.domain]\n" @@ -4962,7 +5025,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4052 +#: sssd.conf.5.xml:4098 msgid "" "The value of auto_private_groups can either be set per subdomains in a " "subsection, for example: <placeholder type=\"programlisting\" id=\"0\"/> or " @@ -4971,7 +5034,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:2569 +#: sssd.conf.5.xml:2570 msgid "" "These configuration options can be present in a domain configuration " "section, that is, in a section called <quote>[domain/<replaceable>NAME</" @@ -4982,17 +5045,17 @@ msgstr "" "type=\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4076 +#: sssd.conf.5.xml:4122 msgid "proxy_pam_target (string)" msgstr "proxy_pam_target (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4079 +#: sssd.conf.5.xml:4125 msgid "The proxy target PAM proxies to." msgstr "中継するプロキシターゲット PAM です。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4082 +#: sssd.conf.5.xml:4128 msgid "" "Default: not set by default, you have to take an existing pam configuration " "or create a new one and add the service name here." @@ -5001,12 +5064,12 @@ msgstr "" "をここに追加する必要があります。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4090 +#: sssd.conf.5.xml:4136 msgid "proxy_lib_name (string)" msgstr "proxy_lib_name (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4093 +#: sssd.conf.5.xml:4139 msgid "" "The name of the NSS library to use in proxy domains. The NSS functions " "searched for in the library are in the form of _nss_$(libName)_$(function), " @@ -5017,12 +5080,12 @@ msgstr "" "_nss_files_getpwent です。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4103 +#: sssd.conf.5.xml:4149 msgid "proxy_resolver_lib_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4106 +#: sssd.conf.5.xml:4152 msgid "" "The name of the NSS library to use for hosts and networks lookups in proxy " "domains. The NSS functions searched for in the library are in the form of " @@ -5030,12 +5093,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4117 +#: sssd.conf.5.xml:4163 msgid "proxy_fast_alias (boolean)" msgstr "proxy_fast_alias (論理値)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4120 +#: sssd.conf.5.xml:4166 msgid "" "When a user or group is looked up by name in the proxy provider, a second " "lookup by ID is performed to \"canonicalize\" the name in case the requested " @@ -5044,12 +5107,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4134 +#: sssd.conf.5.xml:4180 msgid "proxy_max_children (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4137 +#: sssd.conf.5.xml:4183 msgid "" "This option specifies the number of pre-forked proxy children. It is useful " "for high-load SSSD environments where sssd may run out of available child " @@ -5057,7 +5120,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4072 +#: sssd.conf.5.xml:4118 msgid "" "Options valid for proxy domains. <placeholder type=\"variablelist\" " "id=\"0\"/>" @@ -5066,12 +5129,12 @@ msgstr "" "type=\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:4153 +#: sssd.conf.5.xml:4199 msgid "Application domains" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4155 +#: sssd.conf.5.xml:4201 msgid "" "SSSD, with its D-Bus interface (see <citerefentry> <refentrytitle>sssd-ifp</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry>) is appealing to " @@ -5088,7 +5151,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4175 +#: sssd.conf.5.xml:4221 msgid "" "Please note that the application domain must still be explicitly enabled in " "the <quote>domains</quote> parameter so that the lookup order between the " @@ -5096,17 +5159,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> -#: sssd.conf.5.xml:4181 +#: sssd.conf.5.xml:4227 msgid "Application domain parameters" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4183 +#: sssd.conf.5.xml:4229 msgid "inherit_from (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4186 +#: sssd.conf.5.xml:4232 msgid "" "The SSSD POSIX-type domain the application domain inherits all settings " "from. The application domain can moreover add its own settings to the " @@ -5115,7 +5178,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4200 +#: sssd.conf.5.xml:4246 msgid "" "The following example illustrates the use of an application domain. In this " "setup, the POSIX domain is connected to an LDAP server and is used by the OS " @@ -5125,7 +5188,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><programlisting> -#: sssd.conf.5.xml:4208 +#: sssd.conf.5.xml:4254 #, no-wrap msgid "" "[sssd]\n" @@ -5145,12 +5208,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4228 +#: sssd.conf.5.xml:4274 msgid "TRUSTED DOMAIN SECTION" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4230 +#: sssd.conf.5.xml:4276 msgid "" "Some options used in the domain section can also be used in the trusted " "domain section, that is, in a section called <quote>[domain/" @@ -5161,69 +5224,69 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4237 +#: sssd.conf.5.xml:4283 msgid "ldap_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4238 +#: sssd.conf.5.xml:4284 msgid "ldap_user_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4239 +#: sssd.conf.5.xml:4285 msgid "ldap_group_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4240 +#: sssd.conf.5.xml:4286 msgid "ldap_netgroup_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4241 +#: sssd.conf.5.xml:4287 msgid "ldap_service_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4242 +#: sssd.conf.5.xml:4288 msgid "ldap_sasl_mech," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4243 +#: sssd.conf.5.xml:4289 msgid "ad_server," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4244 +#: sssd.conf.5.xml:4290 msgid "ad_backup_server," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4245 +#: sssd.conf.5.xml:4291 msgid "ad_site," msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4246 sssd-ipa.5.xml:879 +#: sssd.conf.5.xml:4292 sssd-ipa.5.xml:879 msgid "use_fully_qualified_names" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4250 +#: sssd.conf.5.xml:4296 msgid "" "For more details about these options see their individual description in the " "manual page." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4256 +#: sssd.conf.5.xml:4302 msgid "CERTIFICATE MAPPING SECTION" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4258 +#: sssd.conf.5.xml:4304 msgid "" "To allow authentication with Smartcards and certificates SSSD must be able " "to map certificates to users. This can be done by adding the full " @@ -5236,7 +5299,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4272 +#: sssd.conf.5.xml:4318 msgid "" "To make the mapping more flexible mapping and matching rules were added to " "SSSD (see <citerefentry> <refentrytitle>sss-certmap</refentrytitle> " @@ -5244,7 +5307,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4281 +#: sssd.conf.5.xml:4327 msgid "" "A mapping and matching rule can be added to the SSSD configuration in a " "section on its own with a name like <quote>[certmap/" @@ -5253,55 +5316,55 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4288 +#: sssd.conf.5.xml:4334 msgid "matchrule (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4291 +#: sssd.conf.5.xml:4337 msgid "" "Only certificates from the Smartcard which matches this rule will be " "processed, all others are ignored." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4295 +#: sssd.conf.5.xml:4341 msgid "" "Default: KRB5:<EKU>clientAuth, i.e. only certificates which have the " "Extended Key Usage <quote>clientAuth</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4302 +#: sssd.conf.5.xml:4348 msgid "maprule (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4305 +#: sssd.conf.5.xml:4351 msgid "Defines how the user is found for a given certificate." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4311 +#: sssd.conf.5.xml:4357 msgid "" "LDAP:(userCertificate;binary={cert!bin}) for LDAP based providers like " "<quote>ldap</quote>, <quote>AD</quote> or <quote>ipa</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4317 +#: sssd.conf.5.xml:4363 msgid "" "The RULE_NAME for the <quote>files</quote> provider which tries to find a " "user with the same name." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4326 +#: sssd.conf.5.xml:4372 msgid "domains (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4329 +#: sssd.conf.5.xml:4375 msgid "" "Comma separated list of domain names the rule should be applied. By default " "a rule is only valid in the domain configured in sssd.conf. If the provider " @@ -5310,17 +5373,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4336 +#: sssd.conf.5.xml:4382 msgid "Default: the configured domain in sssd.conf" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4341 +#: sssd.conf.5.xml:4387 msgid "priority (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4344 +#: sssd.conf.5.xml:4390 msgid "" "Unsigned integer value defining the priority of the rule. The higher the " "number the lower the priority. <quote>0</quote> stands for the highest " @@ -5328,26 +5391,26 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4350 +#: sssd.conf.5.xml:4396 msgid "Default: the lowest priority" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4356 +#: sssd.conf.5.xml:4402 msgid "" "To make the configuration simple and reduce the amount of configuration " "options the <quote>files</quote> provider has some special properties:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4362 +#: sssd.conf.5.xml:4408 msgid "" "if maprule is not set the RULE_NAME name is assumed to be the name of the " "matching user" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4368 +#: sssd.conf.5.xml:4414 msgid "" "if a maprule is used both a single user name or a template like " "<quote>{subject_rfc822_name.short_name}</quote> must be in braces like e.g. " @@ -5356,17 +5419,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4377 +#: sssd.conf.5.xml:4423 msgid "the <quote>domains</quote> option is ignored" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4385 +#: sssd.conf.5.xml:4431 msgid "PROMPTING CONFIGURATION SECTION" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4387 +#: sssd.conf.5.xml:4433 msgid "" "If a special file (<filename>/var/lib/sss/pubconf/pam_preauth_available</" "filename>) exists SSSD's PAM module pam_sss will ask SSSD to figure out " @@ -5376,7 +5439,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4395 +#: sssd.conf.5.xml:4441 msgid "" "With the growing number of authentication methods and the possibility that " "there are multiple ones for a single user the heuristic used by pam_sss to " @@ -5385,59 +5448,59 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4407 +#: sssd.conf.5.xml:4453 msgid "[prompting/password]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4410 +#: sssd.conf.5.xml:4456 msgid "password_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4411 +#: sssd.conf.5.xml:4457 msgid "to change the string of the password prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4409 +#: sssd.conf.5.xml:4455 msgid "" "to configure password prompting, allowed options are: <placeholder " "type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4419 +#: sssd.conf.5.xml:4465 msgid "[prompting/2fa]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4423 +#: sssd.conf.5.xml:4469 msgid "first_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4424 +#: sssd.conf.5.xml:4470 msgid "to change the string of the prompt for the first factor" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4427 +#: sssd.conf.5.xml:4473 msgid "second_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4428 +#: sssd.conf.5.xml:4474 msgid "to change the string of the prompt for the second factor" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4431 +#: sssd.conf.5.xml:4477 msgid "single_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4432 +#: sssd.conf.5.xml:4478 msgid "" "boolean value, if True there will be only a single prompt using the value of " "first_prompt where it is expected that both factors are entered as a single " @@ -5446,7 +5509,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4421 +#: sssd.conf.5.xml:4467 msgid "" "to configure two-factor authentication prompting, allowed options are: " "<placeholder type=\"variablelist\" id=\"0\"/> If the second factor is " @@ -5455,17 +5518,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4449 +#: sssd.conf.5.xml:4495 msgid "[prompting/passkey]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4455 sssd-ad.5.xml:1021 +#: sssd.conf.5.xml:4501 sssd-ad.5.xml:1021 msgid "interactive" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4457 +#: sssd.conf.5.xml:4503 msgid "" "boolean value, if True prompt a message and wait before testing the presence " "of a passkey device. Recommended if your device doesn’t have a tactile " @@ -5473,39 +5536,39 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4465 +#: sssd.conf.5.xml:4511 msgid "interactive_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4467 +#: sssd.conf.5.xml:4513 msgid "to change the message of the interactive prompt." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4472 +#: sssd.conf.5.xml:4518 msgid "touch" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4474 +#: sssd.conf.5.xml:4520 msgid "" "boolean value, if True prompt a message to remind the user to touch the " "device." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4480 +#: sssd.conf.5.xml:4526 msgid "touch_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4482 +#: sssd.conf.5.xml:4528 msgid "to change the message of the touch prompt." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4451 +#: sssd.conf.5.xml:4497 #, fuzzy #| msgid "" #| "The following expansions are supported: <placeholder " @@ -5518,7 +5581,7 @@ msgstr "" "id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4402 +#: sssd.conf.5.xml:4448 msgid "" "Each supported authentication method has its own configuration subsection " "under <quote>[prompting/...]</quote>. Currently there are: <placeholder " @@ -5527,7 +5590,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4493 +#: sssd.conf.5.xml:4539 msgid "" "It is possible to add a subsection for specific PAM services, e.g. " "<quote>[prompting/password/sshd]</quote> to individual change the prompting " @@ -5535,12 +5598,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4500 pam_sss_gss.8.xml:157 idmap_sss.8.xml:43 +#: sssd.conf.5.xml:4546 pam_sss_gss.8.xml:157 idmap_sss.8.xml:43 msgid "EXAMPLES" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4506 +#: sssd.conf.5.xml:4552 #, no-wrap msgid "" "[sssd]\n" @@ -5594,7 +5657,7 @@ msgstr "" "enumerate = False\n" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4502 +#: sssd.conf.5.xml:4548 msgid "" "1. The following example shows a typical SSSD config. It does not describe " "configuration of the domains themselves - refer to documentation on " @@ -5603,7 +5666,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4539 +#: sssd.conf.5.xml:4585 #, no-wrap msgid "" "[domain/ipa.com/child.ad.com]\n" @@ -5611,7 +5674,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4533 +#: sssd.conf.5.xml:4579 msgid "" "2. The following example shows configuration of IPA AD trust where the AD " "forest consists of two domains in a parent-child structure. Suppose IPA " @@ -5622,7 +5685,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4550 +#: sssd.conf.5.xml:4596 #, no-wrap msgid "" "[certmap/my.domain/rule_name]\n" @@ -5633,7 +5696,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4544 +#: sssd.conf.5.xml:4590 msgid "" "3. The following example shows the configuration of a certificate mapping " "rule. It is valid for the configured domain <quote>my.domain</quote> and " @@ -18265,9 +18328,13 @@ msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: include/ldap_id_mapping.xml:235 +#, fuzzy +#| msgid "" +#| "When this option is configured, domains will be allocated starting with " +#| "slice zero and increasing monatomically with each additional domain." msgid "" "When this option is configured, domains will be allocated starting with " -"slice zero and increasing monatomically with each additional domain." +"slice zero and increasing monotonically with each additional domain." msgstr "" "このオプションが設定されるとき、ドメインはスライス 0 から始まり、各追加ドメイ" "ンに単原子的に増加するよう割り当てられます。" diff --git a/src/man/po/lv.po b/src/man/po/lv.po index dcfe92cd986..9bca29d26d4 100644 --- a/src/man/po/lv.po +++ b/src/man/po/lv.po @@ -9,7 +9,7 @@ msgid "" msgstr "" "Project-Id-Version: sssd-docs 2.3.0\n" "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" -"POT-Creation-Date: 2023-05-05 10:09+0200\n" +"POT-Creation-Date: 2023-09-07 11:47+0200\n" "PO-Revision-Date: 2014-12-15 12:00-0500\n" "Last-Translator: Copied by Zanata <copied-by-zanata@zanata.org>\n" "Language-Team: Latvian (http://www.transifex.com/projects/p/sssd/language/" @@ -207,8 +207,8 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:136 sssd.conf.5.xml:173 sssd.conf.5.xml:358 -#: sssd.conf.5.xml:714 sssd.conf.5.xml:729 sssd.conf.5.xml:951 -#: sssd.conf.5.xml:1069 sssd.conf.5.xml:2197 sssd-ldap.5.xml:1071 +#: sssd.conf.5.xml:714 sssd.conf.5.xml:729 sssd.conf.5.xml:952 +#: sssd.conf.5.xml:1070 sssd.conf.5.xml:2198 sssd-ldap.5.xml:1071 #: sssd-ldap.5.xml:1174 sssd-ldap.5.xml:1243 sssd-ldap.5.xml:1750 #: sssd-ldap.5.xml:1815 sssd-ipa.5.xml:342 sssd-ad.5.xml:252 sssd-ad.5.xml:366 #: sssd-ad.5.xml:1200 sssd-ad.5.xml:1348 sssd-krb5.5.xml:358 @@ -228,8 +228,8 @@ msgid "" msgstr "" #. type: Content of: <variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:149 sssd.conf.5.xml:652 sssd.conf.5.xml:948 -#: sssd.conf.5.xml:2100 sssd.conf.5.xml:2167 sssd.conf.5.xml:4128 +#: sssd.conf.5.xml:149 sssd.conf.5.xml:652 sssd.conf.5.xml:949 +#: sssd.conf.5.xml:2101 sssd.conf.5.xml:2168 sssd.conf.5.xml:4174 #: sssd-ldap.5.xml:312 sssd-ldap.5.xml:917 sssd-ldap.5.xml:936 #: sssd-ldap.5.xml:1146 sssd-ldap.5.xml:1599 sssd-ldap.5.xml:1839 #: sssd-ipa.5.xml:152 sssd-ipa.5.xml:254 sssd-ipa.5.xml:657 sssd-ad.5.xml:1106 @@ -297,8 +297,8 @@ msgid "" msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:196 sssd.conf.5.xml:1289 sssd.conf.5.xml:1766 -#: sssd.conf.5.xml:4144 sssd-ldap.5.xml:765 include/ldap_id_mapping.xml:270 +#: sssd.conf.5.xml:196 sssd.conf.5.xml:1290 sssd.conf.5.xml:1767 +#: sssd.conf.5.xml:4190 sssd-ldap.5.xml:765 include/ldap_id_mapping.xml:270 msgid "Default: 10" msgstr "Noklusējuma: 10" @@ -362,19 +362,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:258 sssd.conf.5.xml:783 +#: sssd.conf.5.xml:258 sssd.conf.5.xml:784 msgid "reconnection_retries (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:261 sssd.conf.5.xml:786 +#: sssd.conf.5.xml:261 sssd.conf.5.xml:787 msgid "" "Number of times services should attempt to reconnect in the event of a Data " "Provider crash or restart before they give up" msgstr "" #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:266 sssd.conf.5.xml:791 sssd.conf.5.xml:3708 +#: sssd.conf.5.xml:266 sssd.conf.5.xml:792 sssd.conf.5.xml:3709 #: include/failover.xml:100 msgid "Default: 3" msgstr "" @@ -396,7 +396,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:287 sssd.conf.5.xml:3540 +#: sssd.conf.5.xml:287 sssd.conf.5.xml:3541 msgid "re_expression (string)" msgstr "" @@ -416,12 +416,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:304 sssd.conf.5.xml:3597 +#: sssd.conf.5.xml:304 sssd.conf.5.xml:3598 msgid "full_name_format (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:307 sssd.conf.5.xml:3600 +#: sssd.conf.5.xml:307 sssd.conf.5.xml:3601 msgid "" "A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</" "manvolnum> </citerefentry>-compatible format that describes how to compose a " @@ -429,39 +429,39 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:318 sssd.conf.5.xml:3611 +#: sssd.conf.5.xml:318 sssd.conf.5.xml:3612 msgid "%1$s" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:319 sssd.conf.5.xml:3612 +#: sssd.conf.5.xml:319 sssd.conf.5.xml:3613 msgid "user name" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:322 sssd.conf.5.xml:3615 +#: sssd.conf.5.xml:322 sssd.conf.5.xml:3616 msgid "%2$s" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:325 sssd.conf.5.xml:3618 +#: sssd.conf.5.xml:325 sssd.conf.5.xml:3619 msgid "domain name as specified in the SSSD config file." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:331 sssd.conf.5.xml:3624 +#: sssd.conf.5.xml:331 sssd.conf.5.xml:3625 msgid "%3$s" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:334 sssd.conf.5.xml:3627 +#: sssd.conf.5.xml:334 sssd.conf.5.xml:3628 msgid "" "domain flat name. Mostly usable for Active Directory domains, both directly " "configured or discovered via IPA trusts." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:315 sssd.conf.5.xml:3608 +#: sssd.conf.5.xml:315 sssd.conf.5.xml:3609 msgid "" "The following expansions are supported: <placeholder type=\"variablelist\" " "id=\"0\"/>" @@ -875,7 +875,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:700 sssd.conf.5.xml:1790 sssd.conf.5.xml:4194 +#: sssd.conf.5.xml:700 sssd.conf.5.xml:1791 sssd.conf.5.xml:4240 #: sssd-ad.5.xml:187 sssd-ad.5.xml:327 sssd-ad.5.xml:341 msgid "Default: Not set" msgstr "" @@ -920,11 +920,11 @@ msgstr "" #: sssd.conf.5.xml:744 msgid "" "Enable or disable the user verification (i.e. PIN, fingerprint) during " -"authentication." +"authentication. If enabled, the PIN will always be requested." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:749 +#: sssd.conf.5.xml:750 msgid "" "The default is that the key settings decide what to do. In the IPA or " "kerberos pre-authentication case, this value will be overwritten by the " @@ -951,12 +951,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:768 +#: sssd.conf.5.xml:769 msgid "SERVICES SECTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:770 +#: sssd.conf.5.xml:771 msgid "" "Settings that can be used to configure different services are described in " "this section. They should reside in the [<replaceable>$NAME</replaceable>] " @@ -965,22 +965,22 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:777 +#: sssd.conf.5.xml:778 msgid "General service configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:779 +#: sssd.conf.5.xml:780 msgid "These options can be used to configure any service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:796 +#: sssd.conf.5.xml:797 msgid "fd_limit" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:799 +#: sssd.conf.5.xml:800 msgid "" "This option specifies the maximum number of file descriptors that may be " "opened at one time by this SSSD process. On systems where SSSD is granted " @@ -990,17 +990,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:808 +#: sssd.conf.5.xml:809 msgid "Default: 8192 (or limits.conf \"hard\" limit)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:813 +#: sssd.conf.5.xml:814 msgid "client_idle_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:816 +#: sssd.conf.5.xml:817 msgid "" "This option specifies the number of seconds that a client of an SSSD process " "can hold onto a file descriptor without communicating on it. This value is " @@ -1010,19 +1010,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:825 +#: sssd.conf.5.xml:826 #, fuzzy #| msgid "Default: 300" msgid "Default: 60, KCM: 300" msgstr "Noklusējuma: 300" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:830 +#: sssd.conf.5.xml:831 msgid "offline_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:833 +#: sssd.conf.5.xml:834 msgid "" "When SSSD switches to offline mode the amount of time before it tries to go " "back online will increase based upon the time spent disconnected. By " @@ -1033,14 +1033,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:844 sssd.conf.5.xml:900 +#: sssd.conf.5.xml:845 sssd.conf.5.xml:901 msgid "" "new_delay = Minimum(old_delay * 2, offline_timeout_max) + random[0..." "offline_timeout_random_offset]" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:847 +#: sssd.conf.5.xml:848 msgid "" "The offline_timeout default value is 60. The offline_timeout_max default " "value is 3600. The offline_timeout_random_offset default value is 30. The " @@ -1048,46 +1048,46 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:853 +#: sssd.conf.5.xml:854 msgid "" "Note that the maximum length of each interval is defined by " "offline_timeout_max (apart of random part)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:857 sssd.conf.5.xml:1200 sssd.conf.5.xml:1583 -#: sssd.conf.5.xml:1879 sssd-ldap.5.xml:494 +#: sssd.conf.5.xml:858 sssd.conf.5.xml:1201 sssd.conf.5.xml:1584 +#: sssd.conf.5.xml:1880 sssd-ldap.5.xml:494 msgid "Default: 60" msgstr "Noklusējuma: 60" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:862 +#: sssd.conf.5.xml:863 #, fuzzy #| msgid "timeout (integer)" msgid "offline_timeout_max (integer)" msgstr "noildze (vesels skaitlis)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:865 +#: sssd.conf.5.xml:866 msgid "" "Controls by how much the time between attempts to go online can be " "incremented following unsuccessful attempts to go online." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:870 +#: sssd.conf.5.xml:871 msgid "A value of 0 disables the incrementing behaviour." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:873 +#: sssd.conf.5.xml:874 msgid "" "The value of this parameter should be set in correlation to offline_timeout " "parameter value." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:877 +#: sssd.conf.5.xml:878 msgid "" "With offline_timeout set to 60 (default value) there is no point in setting " "offlinet_timeout_max to less than 120 as it will saturate instantly. General " @@ -1096,64 +1096,64 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:883 +#: sssd.conf.5.xml:884 msgid "" "Although a value between 0 and offline_timeout may be specified, it has the " "effect of overriding the offline_timeout value so is of little use." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:888 +#: sssd.conf.5.xml:889 #, fuzzy #| msgid "Default: 300" msgid "Default: 3600" msgstr "Noklusējuma: 300" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:893 +#: sssd.conf.5.xml:894 #, fuzzy #| msgid "timeout (integer)" msgid "offline_timeout_random_offset (integer)" msgstr "noildze (vesels skaitlis)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:896 +#: sssd.conf.5.xml:897 msgid "" "When SSSD is in offline mode it keeps probing backend servers in specified " "time intervals:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:903 +#: sssd.conf.5.xml:904 msgid "" "This parameter controls the value of the random offset used for the above " "equation. Final random_offset value will be random number in range:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:908 +#: sssd.conf.5.xml:909 msgid "[0 - offline_timeout_random_offset]" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:911 +#: sssd.conf.5.xml:912 msgid "A value of 0 disables the random offset addition." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:914 +#: sssd.conf.5.xml:915 #, fuzzy #| msgid "Default: 300" msgid "Default: 30" msgstr "Noklusējuma: 300" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:919 +#: sssd.conf.5.xml:920 msgid "responder_idle_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:922 +#: sssd.conf.5.xml:923 msgid "" "This option specifies the number of seconds that an SSSD responder process " "can be up without being used. This value is limited in order to avoid " @@ -1165,58 +1165,58 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:936 sssd.conf.5.xml:1213 sssd.conf.5.xml:2321 +#: sssd.conf.5.xml:937 sssd.conf.5.xml:1214 sssd.conf.5.xml:2322 #: sssd-ldap.5.xml:331 msgid "Default: 300" msgstr "Noklusējuma: 300" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:941 +#: sssd.conf.5.xml:942 msgid "cache_first" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:944 +#: sssd.conf.5.xml:945 msgid "" "This option specifies whether the responder should query all caches before " "querying the Data Providers." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:959 +#: sssd.conf.5.xml:960 msgid "NSS configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:961 +#: sssd.conf.5.xml:962 msgid "" "These options can be used to configure the Name Service Switch (NSS) service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:966 +#: sssd.conf.5.xml:967 msgid "enum_cache_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:969 +#: sssd.conf.5.xml:970 msgid "" "How many seconds should nss_sss cache enumerations (requests for info about " "all users)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:973 +#: sssd.conf.5.xml:974 msgid "Default: 120" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:978 +#: sssd.conf.5.xml:979 msgid "entry_cache_nowait_percentage (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:981 +#: sssd.conf.5.xml:982 msgid "" "The entry cache can be set to automatically update entries in the background " "if they are requested beyond a percentage of the entry_cache_timeout value " @@ -1224,7 +1224,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:987 +#: sssd.conf.5.xml:988 msgid "" "For example, if the domain's entry_cache_timeout is set to 30s and " "entry_cache_nowait_percentage is set to 50 (percent), entries that come in " @@ -1234,7 +1234,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:997 +#: sssd.conf.5.xml:998 msgid "" "Valid values for this option are 0-99 and represent a percentage of the " "entry_cache_timeout for each domain. For performance reasons, this " @@ -1243,17 +1243,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1005 sssd.conf.5.xml:2121 +#: sssd.conf.5.xml:1006 sssd.conf.5.xml:2122 msgid "Default: 50" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1010 +#: sssd.conf.5.xml:1011 msgid "entry_negative_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1013 +#: sssd.conf.5.xml:1014 msgid "" "Specifies for how many seconds nss_sss should cache negative cache hits " "(that is, queries for invalid database entries, like nonexistent ones) " @@ -1261,17 +1261,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1019 sssd.conf.5.xml:1778 sssd.conf.5.xml:2145 +#: sssd.conf.5.xml:1020 sssd.conf.5.xml:1779 sssd.conf.5.xml:2146 msgid "Default: 15" msgstr "Noklusējuma: 15" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1024 +#: sssd.conf.5.xml:1025 msgid "local_negative_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1027 +#: sssd.conf.5.xml:1028 msgid "" "Specifies for how many seconds nss_sss should keep local users and groups in " "negative cache before trying to look it up in the back end again. Setting " @@ -1279,17 +1279,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1033 +#: sssd.conf.5.xml:1034 msgid "Default: 14400 (4 hours)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1038 +#: sssd.conf.5.xml:1039 msgid "filter_users, filter_groups (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1041 +#: sssd.conf.5.xml:1042 msgid "" "Exclude certain users or groups from being fetched from the sss NSS " "database. This is particularly useful for system accounts. This option can " @@ -1298,7 +1298,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1049 +#: sssd.conf.5.xml:1050 msgid "" "NOTE: The filter_groups option doesn't affect inheritance of nested group " "members, since filtering happens after they are propagated for returning via " @@ -1307,41 +1307,41 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1057 +#: sssd.conf.5.xml:1058 msgid "Default: root" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1062 +#: sssd.conf.5.xml:1063 msgid "filter_users_in_groups (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1065 +#: sssd.conf.5.xml:1066 msgid "" "If you want filtered user still be group members set this option to false." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1076 +#: sssd.conf.5.xml:1077 msgid "fallback_homedir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1079 +#: sssd.conf.5.xml:1080 msgid "" "Set a default template for a user's home directory if one is not specified " "explicitly by the domain's data provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1084 +#: sssd.conf.5.xml:1085 msgid "" "The available values for this option are the same as for override_homedir." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1090 +#: sssd.conf.5.xml:1091 #, no-wrap msgid "" "fallback_homedir = /home/%u\n" @@ -1349,23 +1349,23 @@ msgid "" msgstr "" #. type: Content of: <varlistentry><listitem><para> -#: sssd.conf.5.xml:1088 sssd.conf.5.xml:1650 sssd.conf.5.xml:1669 -#: sssd.conf.5.xml:1746 sssd-krb5.5.xml:451 include/override_homedir.xml:66 +#: sssd.conf.5.xml:1089 sssd.conf.5.xml:1651 sssd.conf.5.xml:1670 +#: sssd.conf.5.xml:1747 sssd-krb5.5.xml:451 include/override_homedir.xml:66 msgid "example: <placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1094 +#: sssd.conf.5.xml:1095 msgid "Default: not set (no substitution for unset home directories)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1100 +#: sssd.conf.5.xml:1101 msgid "override_shell (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1103 +#: sssd.conf.5.xml:1104 msgid "" "Override the login shell for all users. This option supersedes any other " "shell options if it takes effect and can be set either in the [nss] section " @@ -1373,47 +1373,47 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1109 +#: sssd.conf.5.xml:1110 msgid "Default: not set (SSSD will use the value retrieved from LDAP)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1115 +#: sssd.conf.5.xml:1116 msgid "allowed_shells (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1118 +#: sssd.conf.5.xml:1119 msgid "" "Restrict user shell to one of the listed values. The order of evaluation is:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1121 +#: sssd.conf.5.xml:1122 msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1125 +#: sssd.conf.5.xml:1126 msgid "" "2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</" "quote>, use the value of the shell_fallback parameter." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1130 +#: sssd.conf.5.xml:1131 msgid "" "3. If the shell is not in the allowed_shells list and not in <quote>/etc/" "shells</quote>, a nologin shell is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1135 +#: sssd.conf.5.xml:1136 msgid "The wildcard (*) can be used to allow any shell." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1138 +#: sssd.conf.5.xml:1139 msgid "" "The (*) is useful if you want to use shell_fallback in case that user's " "shell is not in <quote>/etc/shells</quote> and maintaining list of all " @@ -1421,115 +1421,115 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1145 +#: sssd.conf.5.xml:1146 msgid "An empty string for shell is passed as-is to libc." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1148 +#: sssd.conf.5.xml:1149 msgid "" "The <quote>/etc/shells</quote> is only read on SSSD start up, which means " "that a restart of the SSSD is required in case a new shell is installed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1152 +#: sssd.conf.5.xml:1153 msgid "Default: Not set. The user shell is automatically used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1157 +#: sssd.conf.5.xml:1158 msgid "vetoed_shells (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1160 +#: sssd.conf.5.xml:1161 msgid "Replace any instance of these shells with the shell_fallback" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1165 +#: sssd.conf.5.xml:1166 msgid "shell_fallback (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1168 +#: sssd.conf.5.xml:1169 msgid "" "The default shell to use if an allowed shell is not installed on the machine." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1172 +#: sssd.conf.5.xml:1173 msgid "Default: /bin/sh" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1177 +#: sssd.conf.5.xml:1178 msgid "default_shell" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1180 +#: sssd.conf.5.xml:1181 msgid "" "The default shell to use if the provider does not return one during lookup. " "This option can be specified globally in the [nss] section or per-domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1186 +#: sssd.conf.5.xml:1187 msgid "" "Default: not set (Return NULL if no shell is specified and rely on libc to " "substitute something sensible when necessary, usually /bin/sh)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1193 sssd.conf.5.xml:1576 +#: sssd.conf.5.xml:1194 sssd.conf.5.xml:1577 msgid "get_domains_timeout (int)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1196 sssd.conf.5.xml:1579 +#: sssd.conf.5.xml:1197 sssd.conf.5.xml:1580 msgid "" "Specifies time in seconds for which the list of subdomains will be " "considered valid." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1205 +#: sssd.conf.5.xml:1206 #, fuzzy #| msgid "timeout (integer)" msgid "memcache_timeout (integer)" msgstr "noildze (vesels skaitlis)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1208 +#: sssd.conf.5.xml:1209 msgid "" "Specifies time in seconds for which records in the in-memory cache will be " "valid. Setting this option to zero will disable the in-memory cache." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1216 +#: sssd.conf.5.xml:1217 msgid "" "WARNING: Disabling the in-memory cache will have significant negative impact " "on SSSD's performance and should only be used for testing." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1222 sssd.conf.5.xml:1247 sssd.conf.5.xml:1272 -#: sssd.conf.5.xml:1297 sssd.conf.5.xml:1324 +#: sssd.conf.5.xml:1223 sssd.conf.5.xml:1248 sssd.conf.5.xml:1273 +#: sssd.conf.5.xml:1298 sssd.conf.5.xml:1325 msgid "" "NOTE: If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", " "client applications will not use the fast in-memory cache." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1230 +#: sssd.conf.5.xml:1231 msgid "memcache_size_passwd (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1233 +#: sssd.conf.5.xml:1234 msgid "" "Size (in megabytes) of the data table allocated inside fast in-memory cache " "for passwd requests. Setting the size to 0 will disable the passwd in-" @@ -1537,27 +1537,27 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1239 sssd.conf.5.xml:2963 sssd-ldap.5.xml:548 +#: sssd.conf.5.xml:1240 sssd.conf.5.xml:2964 sssd-ldap.5.xml:548 msgid "Default: 8" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1242 sssd.conf.5.xml:1267 sssd.conf.5.xml:1292 -#: sssd.conf.5.xml:1319 +#: sssd.conf.5.xml:1243 sssd.conf.5.xml:1268 sssd.conf.5.xml:1293 +#: sssd.conf.5.xml:1320 msgid "" "WARNING: Disabled or too small in-memory cache can have significant negative " "impact on SSSD's performance." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1255 +#: sssd.conf.5.xml:1256 #, fuzzy #| msgid "timeout (integer)" msgid "memcache_size_group (integer)" msgstr "noildze (vesels skaitlis)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1258 +#: sssd.conf.5.xml:1259 msgid "" "Size (in megabytes) of the data table allocated inside fast in-memory cache " "for group requests. Setting the size to 0 will disable the group in-memory " @@ -1565,19 +1565,19 @@ msgid "" msgstr "" #. type: Content of: <variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1264 sssd.conf.5.xml:1316 sssd.conf.5.xml:3729 +#: sssd.conf.5.xml:1265 sssd.conf.5.xml:1317 sssd.conf.5.xml:3730 #: sssd-ldap.5.xml:473 sssd-ldap.5.xml:525 include/failover.xml:116 #: include/krb5_options.xml:11 msgid "Default: 6" msgstr "Noklusējuma: 6" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1280 +#: sssd.conf.5.xml:1281 msgid "memcache_size_initgroups (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1283 +#: sssd.conf.5.xml:1284 msgid "" "Size (in megabytes) of the data table allocated inside fast in-memory cache " "for initgroups requests. Setting the size to 0 will disable the initgroups " @@ -1585,14 +1585,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1305 +#: sssd.conf.5.xml:1306 #, fuzzy #| msgid "timeout (integer)" msgid "memcache_size_sid (integer)" msgstr "noildze (vesels skaitlis)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1308 +#: sssd.conf.5.xml:1309 msgid "" "Size (in megabytes) of the data table allocated inside fast in-memory cache " "for SID related requests. Only SID-by-ID and ID-by-SID requests are " @@ -1601,12 +1601,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1332 sssd-ifp.5.xml:90 +#: sssd.conf.5.xml:1333 sssd-ifp.5.xml:90 msgid "user_attributes (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1335 +#: sssd.conf.5.xml:1336 msgid "" "Some of the additional NSS responder requests can return more attributes " "than just the POSIX ones defined by the NSS interface. The list of " @@ -1617,45 +1617,45 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1348 +#: sssd.conf.5.xml:1349 msgid "" "To make configuration more easy the NSS responder will check the InfoPipe " "option if it is not set for the NSS responder." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1353 +#: sssd.conf.5.xml:1354 msgid "Default: not set, fallback to InfoPipe option" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1358 +#: sssd.conf.5.xml:1359 msgid "pwfield (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1361 +#: sssd.conf.5.xml:1362 msgid "" "The value that NSS operations that return users or groups will return for " "the <quote>password</quote> field." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1366 +#: sssd.conf.5.xml:1367 #, fuzzy #| msgid "Default: <quote>permit</quote>" msgid "Default: <quote>*</quote>" msgstr "Noklusējuma: <quote>atļaut</quote>" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1369 +#: sssd.conf.5.xml:1370 msgid "" "Note: This option can also be set per-domain which overwrites the value in " "[nss] section." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1373 +#: sssd.conf.5.xml:1374 msgid "" "Default: <quote>not set</quote> (remote domains), <phrase " "condition=\"with_files_provider\"> <quote>x</quote> (the files domain), </" @@ -1664,60 +1664,60 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:1385 +#: sssd.conf.5.xml:1386 msgid "PAM configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:1387 +#: sssd.conf.5.xml:1388 msgid "" "These options can be used to configure the Pluggable Authentication Module " "(PAM) service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1392 +#: sssd.conf.5.xml:1393 msgid "offline_credentials_expiration (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1395 +#: sssd.conf.5.xml:1396 msgid "" "If the authentication provider is offline, how long should we allow cached " "logins (in days since the last successful online login)." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1400 sssd.conf.5.xml:1413 +#: sssd.conf.5.xml:1401 sssd.conf.5.xml:1414 msgid "Default: 0 (No limit)" msgstr "Noklusējuma: 0 (bez ierobežojuma)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1406 +#: sssd.conf.5.xml:1407 msgid "offline_failed_login_attempts (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1409 +#: sssd.conf.5.xml:1410 msgid "" "If the authentication provider is offline, how many failed login attempts " "are allowed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1419 +#: sssd.conf.5.xml:1420 msgid "offline_failed_login_delay (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1422 +#: sssd.conf.5.xml:1423 msgid "" "The time in minutes which has to pass after offline_failed_login_attempts " "has been reached before a new login attempt is possible." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1427 +#: sssd.conf.5.xml:1428 msgid "" "If set to 0 the user cannot authenticate offline if " "offline_failed_login_attempts has been reached. Only a successful online " @@ -1725,59 +1725,59 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1433 sssd.conf.5.xml:1543 +#: sssd.conf.5.xml:1434 sssd.conf.5.xml:1544 msgid "Default: 5" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1439 +#: sssd.conf.5.xml:1440 msgid "pam_verbosity (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1442 +#: sssd.conf.5.xml:1443 msgid "" "Controls what kind of messages are shown to the user during authentication. " "The higher the number to more messages are displayed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1447 +#: sssd.conf.5.xml:1448 msgid "Currently sssd supports the following values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1450 +#: sssd.conf.5.xml:1451 msgid "<emphasis>0</emphasis>: do not show any message" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1453 +#: sssd.conf.5.xml:1454 msgid "<emphasis>1</emphasis>: show only important messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1457 +#: sssd.conf.5.xml:1458 msgid "<emphasis>2</emphasis>: show informational messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1460 +#: sssd.conf.5.xml:1461 msgid "<emphasis>3</emphasis>: show all messages and debug information" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1464 sssd.8.xml:63 +#: sssd.conf.5.xml:1465 sssd.8.xml:63 msgid "Default: 1" msgstr "Noklusējuma: 1" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1470 +#: sssd.conf.5.xml:1471 msgid "pam_response_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1473 +#: sssd.conf.5.xml:1474 msgid "" "A comma separated list of strings which allows to remove (filter) data sent " "by the PAM responder to pam_sss PAM module. There are different kind of " @@ -1786,51 +1786,51 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1481 +#: sssd.conf.5.xml:1482 msgid "" "While messages already can be controlled with the help of the pam_verbosity " "option this option allows to filter out other kind of responses as well." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1488 +#: sssd.conf.5.xml:1489 msgid "ENV" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1489 +#: sssd.conf.5.xml:1490 msgid "Do not send any environment variables to any service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1492 +#: sssd.conf.5.xml:1493 msgid "ENV:var_name" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1493 +#: sssd.conf.5.xml:1494 msgid "Do not send environment variable var_name to any service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1497 +#: sssd.conf.5.xml:1498 msgid "ENV:var_name:service" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1498 +#: sssd.conf.5.xml:1499 msgid "Do not send environment variable var_name to service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1486 +#: sssd.conf.5.xml:1487 msgid "" "Currently the following filters are supported: <placeholder " "type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1505 +#: sssd.conf.5.xml:1506 msgid "" "The list of strings can either be the list of filters which would set this " "list of filters and overwrite the defaults. Or each element of the list can " @@ -1841,23 +1841,23 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1516 +#: sssd.conf.5.xml:1517 msgid "Default: ENV:KRB5CCNAME:sudo, ENV:KRB5CCNAME:sudo-i" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1519 +#: sssd.conf.5.xml:1520 msgid "" "Example: -ENV:KRB5CCNAME:sudo-i will remove the filter from the default list" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1526 +#: sssd.conf.5.xml:1527 msgid "pam_id_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1529 +#: sssd.conf.5.xml:1530 msgid "" "For any PAM request while SSSD is online, the SSSD will attempt to " "immediately update the cached identity information for the user in order to " @@ -1865,7 +1865,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1535 +#: sssd.conf.5.xml:1536 msgid "" "A complete PAM conversation may perform multiple PAM requests, such as " "account management and session opening. This option controls (on a per-" @@ -1874,17 +1874,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1549 +#: sssd.conf.5.xml:1550 msgid "pam_pwd_expiration_warning (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1552 sssd.conf.5.xml:2987 +#: sssd.conf.5.xml:1553 sssd.conf.5.xml:2988 msgid "Display a warning N days before the password expires." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1555 +#: sssd.conf.5.xml:1556 msgid "" "Please note that the backend server has to provide information about the " "expiration time of the password. If this information is missing, sssd " @@ -1892,31 +1892,31 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1561 sssd.conf.5.xml:2990 +#: sssd.conf.5.xml:1562 sssd.conf.5.xml:2991 msgid "" "If zero is set, then this filter is not applied, i.e. if the expiration " "warning was received from backend server, it will automatically be displayed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1566 +#: sssd.conf.5.xml:1567 msgid "" "This setting can be overridden by setting <emphasis>pwd_expiration_warning</" "emphasis> for a particular domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1571 sssd.conf.5.xml:3976 sssd-ldap.5.xml:606 sssd.8.xml:79 +#: sssd.conf.5.xml:1572 sssd.conf.5.xml:3977 sssd-ldap.5.xml:606 sssd.8.xml:79 msgid "Default: 0" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1588 +#: sssd.conf.5.xml:1589 msgid "pam_trusted_users (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1591 +#: sssd.conf.5.xml:1592 msgid "" "Specifies the comma-separated list of UID values or user names that are " "allowed to run PAM conversations against trusted domains. Users not " @@ -1926,75 +1926,75 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1601 +#: sssd.conf.5.xml:1602 msgid "Default: All users are considered trusted by default" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1605 +#: sssd.conf.5.xml:1606 msgid "" "Please note that UID 0 is always allowed to access the PAM responder even in " "case it is not in the pam_trusted_users list." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1612 +#: sssd.conf.5.xml:1613 msgid "pam_public_domains (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1615 +#: sssd.conf.5.xml:1616 msgid "" "Specifies the comma-separated list of domain names that are accessible even " "to untrusted users." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1619 +#: sssd.conf.5.xml:1620 msgid "Two special values for pam_public_domains option are defined:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1623 +#: sssd.conf.5.xml:1624 msgid "" "all (Untrusted users are allowed to access all domains in PAM responder.)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1627 +#: sssd.conf.5.xml:1628 msgid "" "none (Untrusted users are not allowed to access any domains PAM in " "responder.)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1631 sssd.conf.5.xml:1656 sssd.conf.5.xml:1675 -#: sssd.conf.5.xml:1912 sssd.conf.5.xml:2732 sssd.conf.5.xml:3905 +#: sssd.conf.5.xml:1632 sssd.conf.5.xml:1657 sssd.conf.5.xml:1676 +#: sssd.conf.5.xml:1913 sssd.conf.5.xml:2733 sssd.conf.5.xml:3906 #: sssd-ldap.5.xml:1207 msgid "Default: none" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1636 +#: sssd.conf.5.xml:1637 msgid "pam_account_expired_message (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1639 +#: sssd.conf.5.xml:1640 msgid "" "Allows a custom expiration message to be set, replacing the default " "'Permission denied' message." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1644 +#: sssd.conf.5.xml:1645 msgid "" "Note: Please be aware that message is only printed for the SSH service " "unless pam_verbosity is set to 3 (show all messages and debug information)." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1652 +#: sssd.conf.5.xml:1653 #, no-wrap msgid "" "pam_account_expired_message = Account expired, please contact help desk.\n" @@ -2002,19 +2002,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1661 +#: sssd.conf.5.xml:1662 msgid "pam_account_locked_message (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1664 +#: sssd.conf.5.xml:1665 msgid "" "Allows a custom lockout message to be set, replacing the default 'Permission " "denied' message." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1671 +#: sssd.conf.5.xml:1672 #, no-wrap msgid "" "pam_account_locked_message = Account locked, please contact help desk.\n" @@ -2022,17 +2022,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1680 +#: sssd.conf.5.xml:1681 msgid "pam_passkey_auth (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1683 +#: sssd.conf.5.xml:1684 msgid "Enable passkey device based authentication." msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1686 sssd.conf.5.xml:1697 sssd.conf.5.xml:1711 +#: sssd.conf.5.xml:1687 sssd.conf.5.xml:1698 sssd.conf.5.xml:1712 #: sssd-ldap.5.xml:671 sssd-ldap.5.xml:692 sssd-ldap.5.xml:788 #: sssd-ldap.5.xml:1293 sssd-ad.5.xml:505 sssd-ad.5.xml:581 sssd-ad.5.xml:1126 #: sssd-ad.5.xml:1175 include/ldap_id_mapping.xml:250 @@ -2040,22 +2040,22 @@ msgid "Default: False" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1691 +#: sssd.conf.5.xml:1692 msgid "passkey_debug_libfido2 (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1694 +#: sssd.conf.5.xml:1695 msgid "Enable libfido2 library debug messages." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1702 +#: sssd.conf.5.xml:1703 msgid "pam_cert_auth (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1705 +#: sssd.conf.5.xml:1706 msgid "" "Enable certificate based Smartcard authentication. Since this requires " "additional communication with the Smartcard which will delay the " @@ -2063,34 +2063,34 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1716 +#: sssd.conf.5.xml:1717 msgid "pam_cert_db_path (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1719 +#: sssd.conf.5.xml:1720 msgid "The path to the certificate database." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1722 sssd.conf.5.xml:2247 sssd.conf.5.xml:4308 +#: sssd.conf.5.xml:1723 sssd.conf.5.xml:2248 sssd.conf.5.xml:4354 msgid "Default:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1724 sssd.conf.5.xml:2249 +#: sssd.conf.5.xml:1725 sssd.conf.5.xml:2250 msgid "" "/etc/sssd/pki/sssd_auth_ca_db.pem (path to a file with trusted CA " "certificates in PEM format)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1734 +#: sssd.conf.5.xml:1735 msgid "pam_cert_verification (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1737 +#: sssd.conf.5.xml:1738 msgid "" "With this parameter the PAM certificate verification can be tuned with a " "comma separated list of options that override the " @@ -2100,7 +2100,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1748 +#: sssd.conf.5.xml:1749 #, no-wrap msgid "" "pam_cert_verification = partial_chain\n" @@ -2108,61 +2108,61 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1752 +#: sssd.conf.5.xml:1753 msgid "" "Default: not set, i.e. use default <quote>certificate_verification</quote> " "option defined in <quote>[sssd]</quote> section." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1759 +#: sssd.conf.5.xml:1760 msgid "p11_child_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1762 +#: sssd.conf.5.xml:1763 msgid "How many seconds will pam_sss wait for p11_child to finish." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1771 +#: sssd.conf.5.xml:1772 #, fuzzy #| msgid "timeout (integer)" msgid "passkey_child_timeout (integer)" msgstr "noildze (vesels skaitlis)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1774 +#: sssd.conf.5.xml:1775 msgid "" "How many seconds will the PAM responder wait for passkey_child to finish." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1783 +#: sssd.conf.5.xml:1784 msgid "pam_app_services (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1786 +#: sssd.conf.5.xml:1787 msgid "" "Which PAM services are permitted to contact domains of type " "<quote>application</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1795 +#: sssd.conf.5.xml:1796 msgid "pam_p11_allowed_services (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1798 +#: sssd.conf.5.xml:1799 msgid "" "A comma-separated list of PAM service names for which it will be allowed to " "use Smartcards." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1813 +#: sssd.conf.5.xml:1814 #, no-wrap msgid "" "pam_p11_allowed_services = +my_pam_service, -login\n" @@ -2170,7 +2170,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1802 +#: sssd.conf.5.xml:1803 msgid "" "It is possible to add another PAM service name to the default set by using " "<quote>+service_name</quote> or to explicitly remove a PAM service name from " @@ -2182,63 +2182,63 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1817 sssd-ad.5.xml:644 sssd-ad.5.xml:753 sssd-ad.5.xml:811 +#: sssd.conf.5.xml:1818 sssd-ad.5.xml:644 sssd-ad.5.xml:753 sssd-ad.5.xml:811 #: sssd-ad.5.xml:869 sssd-ad.5.xml:947 msgid "Default: the default set of PAM service names includes:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1822 sssd-ad.5.xml:648 +#: sssd.conf.5.xml:1823 sssd-ad.5.xml:648 msgid "login" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1827 sssd-ad.5.xml:653 +#: sssd.conf.5.xml:1828 sssd-ad.5.xml:653 msgid "su" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1832 sssd-ad.5.xml:658 +#: sssd.conf.5.xml:1833 sssd-ad.5.xml:658 msgid "su-l" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1837 sssd-ad.5.xml:673 +#: sssd.conf.5.xml:1838 sssd-ad.5.xml:673 msgid "gdm-smartcard" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1842 sssd-ad.5.xml:668 +#: sssd.conf.5.xml:1843 sssd-ad.5.xml:668 msgid "gdm-password" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1847 sssd-ad.5.xml:678 +#: sssd.conf.5.xml:1848 sssd-ad.5.xml:678 msgid "kdm" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1852 sssd-ad.5.xml:956 +#: sssd.conf.5.xml:1853 sssd-ad.5.xml:956 msgid "sudo" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1857 sssd-ad.5.xml:961 +#: sssd.conf.5.xml:1858 sssd-ad.5.xml:961 msgid "sudo-i" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1862 +#: sssd.conf.5.xml:1863 msgid "gnome-screensaver" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1870 +#: sssd.conf.5.xml:1871 msgid "p11_wait_for_card_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1873 +#: sssd.conf.5.xml:1874 msgid "" "If Smartcard authentication is required how many extra seconds in addition " "to p11_child_timeout should the PAM responder wait until a Smartcard is " @@ -2246,12 +2246,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1884 +#: sssd.conf.5.xml:1885 msgid "p11_uri (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1887 +#: sssd.conf.5.xml:1888 msgid "" "PKCS#11 URI (see RFC-7512 for details) which can be used to restrict the " "selection of devices used for Smartcard authentication. By default SSSD's " @@ -2262,7 +2262,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1900 +#: sssd.conf.5.xml:1901 #, no-wrap msgid "" "p11_uri = pkcs11:slot-description=My%20Smartcard%20Reader\n" @@ -2270,7 +2270,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1904 +#: sssd.conf.5.xml:1905 #, no-wrap msgid "" "p11_uri = pkcs11:library-description=OpenSC%20smartcard%20framework;slot-id=2\n" @@ -2278,7 +2278,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1898 +#: sssd.conf.5.xml:1899 msgid "" "Example: <placeholder type=\"programlisting\" id=\"0\"/> or <placeholder " "type=\"programlisting\" id=\"1\"/> To find suitable URI please check the " @@ -2287,47 +2287,47 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1917 +#: sssd.conf.5.xml:1918 msgid "pam_initgroups_scheme" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1925 +#: sssd.conf.5.xml:1926 msgid "always" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1926 +#: sssd.conf.5.xml:1927 msgid "" "Always do an online lookup, please note that pam_id_timeout still applies" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1930 +#: sssd.conf.5.xml:1931 msgid "no_session" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1931 +#: sssd.conf.5.xml:1932 msgid "" "Only do an online lookup if there is no active session of the user, i.e. if " "the user is currently not logged in" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1936 +#: sssd.conf.5.xml:1937 msgid "never" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1937 +#: sssd.conf.5.xml:1938 msgid "" "Never force an online lookup, use the data from the cache as long as they " "are not expired" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1920 +#: sssd.conf.5.xml:1921 msgid "" "The PAM responder can force an online lookup to get the current group " "memberships of the user trying to log in. This option controls when this " @@ -2336,30 +2336,30 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1944 +#: sssd.conf.5.xml:1945 msgid "Default: no_session" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1949 sssd.conf.5.xml:4247 +#: sssd.conf.5.xml:1950 sssd.conf.5.xml:4293 msgid "pam_gssapi_services" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1952 +#: sssd.conf.5.xml:1953 msgid "" "Comma separated list of PAM services that are allowed to try GSSAPI " "authentication using pam_sss_gss.so module." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1957 +#: sssd.conf.5.xml:1958 msgid "" "To disable GSSAPI authentication, set this option to <quote>-</quote> (dash)." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1961 sssd.conf.5.xml:1992 sssd.conf.5.xml:2030 +#: sssd.conf.5.xml:1962 sssd.conf.5.xml:1993 sssd.conf.5.xml:2031 msgid "" "Note: This option can also be set per-domain which overwrites the value in " "[pam] section. It can also be set for trusted domain which overwrites the " @@ -2367,7 +2367,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1969 +#: sssd.conf.5.xml:1970 #, no-wrap msgid "" "pam_gssapi_services = sudo, sudo-i\n" @@ -2375,22 +2375,22 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1967 sssd.conf.5.xml:3899 +#: sssd.conf.5.xml:1968 sssd.conf.5.xml:3900 msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1973 +#: sssd.conf.5.xml:1974 msgid "Default: - (GSSAPI authentication is disabled)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1978 sssd.conf.5.xml:4248 +#: sssd.conf.5.xml:1979 sssd.conf.5.xml:4294 msgid "pam_gssapi_check_upn" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1981 +#: sssd.conf.5.xml:1982 msgid "" "If True, SSSD will require that the Kerberos user principal that " "successfully authenticated through GSSAPI can be associated with the user " @@ -2398,25 +2398,25 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1988 +#: sssd.conf.5.xml:1989 msgid "" "If False, every user that is able to obtained required service ticket will " "be authenticated." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1998 sssd-ad.5.xml:1266 sss_rpcidmapd.5.xml:76 +#: sssd.conf.5.xml:1999 sssd-ad.5.xml:1266 sss_rpcidmapd.5.xml:76 #: sssd-files.5.xml:145 msgid "Default: True" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2003 +#: sssd.conf.5.xml:2004 msgid "pam_gssapi_indicators_map" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2006 +#: sssd.conf.5.xml:2007 msgid "" "Comma separated list of authentication indicators required to be present in " "a Kerberos ticket to access a PAM service that is allowed to try GSSAPI " @@ -2424,7 +2424,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2012 +#: sssd.conf.5.xml:2013 msgid "" "Each element of the list can be either an authentication indicator name or a " "pair <quote>service:indicator</quote>. Indicators not prefixed with the PAM " @@ -2439,7 +2439,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2025 +#: sssd.conf.5.xml:2026 msgid "" "To disable GSSAPI authentication indicator check, set this option to <quote>-" "</quote> (dash). To disable the check for a specific PAM service, add " @@ -2447,45 +2447,45 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2036 +#: sssd.conf.5.xml:2037 msgid "" "Following authentication indicators are supported by IPA Kerberos " "deployments:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2039 +#: sssd.conf.5.xml:2040 msgid "" "pkinit -- pre-authentication using X.509 certificates -- whether stored in " "files or on smart cards." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2042 +#: sssd.conf.5.xml:2043 msgid "" "hardened -- SPAKE pre-authentication or any pre-authentication wrapped in a " "FAST channel." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2045 +#: sssd.conf.5.xml:2046 msgid "radius -- pre-authentication with the help of a RADIUS server." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2048 +#: sssd.conf.5.xml:2049 msgid "" "otp -- pre-authentication using integrated two-factor authentication (2FA or " "one-time password, OTP) in IPA." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2051 +#: sssd.conf.5.xml:2052 msgid "idp -- pre-authentication using external identity provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:2061 +#: sssd.conf.5.xml:2062 #, no-wrap msgid "" "pam_gssapi_indicators_map = sudo:pkinit, sudo-i:pkinit\n" @@ -2493,7 +2493,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2056 +#: sssd.conf.5.xml:2057 msgid "" "Example: to require access to SUDO services only for users which obtained " "their Kerberos tickets with a X.509 certificate pre-authentication (PKINIT), " @@ -2501,17 +2501,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2065 +#: sssd.conf.5.xml:2066 msgid "Default: not set (use of authentication indicators is not required)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:2073 +#: sssd.conf.5.xml:2074 msgid "SUDO configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2075 +#: sssd.conf.5.xml:2076 msgid "" "These options can be used to configure the sudo service. The detailed " "instructions for configuration of <citerefentry> <refentrytitle>sudo</" @@ -2522,24 +2522,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2092 +#: sssd.conf.5.xml:2093 msgid "sudo_timed (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2095 +#: sssd.conf.5.xml:2096 msgid "" "Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes " "that implement time-dependent sudoers entries." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2107 +#: sssd.conf.5.xml:2108 msgid "sudo_threshold (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2110 +#: sssd.conf.5.xml:2111 msgid "" "Maximum number of expired rules that can be refreshed at once. If number of " "expired rules is below threshold, those rules are refreshed with " @@ -2549,22 +2549,22 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:2129 +#: sssd.conf.5.xml:2130 msgid "AUTOFS configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2131 +#: sssd.conf.5.xml:2132 msgid "These options can be used to configure the autofs service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2135 +#: sssd.conf.5.xml:2136 msgid "autofs_negative_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2138 +#: sssd.conf.5.xml:2139 msgid "" "Specifies for how many seconds should the autofs responder negative cache " "hits (that is, queries for invalid map entries, like nonexistent ones) " @@ -2572,51 +2572,51 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:2154 +#: sssd.conf.5.xml:2155 msgid "SSH configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2156 +#: sssd.conf.5.xml:2157 msgid "These options can be used to configure the SSH service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2160 +#: sssd.conf.5.xml:2161 msgid "ssh_hash_known_hosts (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2163 +#: sssd.conf.5.xml:2164 msgid "" "Whether or not to hash host names and addresses in the managed known_hosts " "file." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2172 +#: sssd.conf.5.xml:2173 msgid "ssh_known_hosts_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2175 +#: sssd.conf.5.xml:2176 msgid "" "How many seconds to keep a host in the managed known_hosts file after its " "host keys were requested." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2179 +#: sssd.conf.5.xml:2180 msgid "Default: 180" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2184 +#: sssd.conf.5.xml:2185 msgid "ssh_use_certificate_keys (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2187 +#: sssd.conf.5.xml:2188 msgid "" "If set to true the <command>sss_ssh_authorizedkeys</command> will return ssh " "keys derived from the public key of X.509 certificates stored in the user " @@ -2625,12 +2625,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2202 +#: sssd.conf.5.xml:2203 msgid "ssh_use_certificate_matching_rules (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2205 +#: sssd.conf.5.xml:2206 msgid "" "By default the ssh responder will use all available certificate matching " "rules to filter the certificates so that ssh keys are only derived from the " @@ -2640,7 +2640,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2214 +#: sssd.conf.5.xml:2215 msgid "" "There are two special key words 'all_rules' and 'no_rules' which will enable " "all or no rules, respectively. The latter means that no certificates will be " @@ -2648,7 +2648,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2221 +#: sssd.conf.5.xml:2222 msgid "" "If no rules are configured using 'all_rules' will enable a default rule " "which enables all certificates suitable for client authentication. This is " @@ -2657,38 +2657,38 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2228 +#: sssd.conf.5.xml:2229 msgid "" "A non-existing rule name is considered an error. If as a result no rule is " "selected all certificates will be ignored." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2233 +#: sssd.conf.5.xml:2234 msgid "" "Default: not set, equivalent to 'all_rules', all found rules or the default " "rule are used" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2239 +#: sssd.conf.5.xml:2240 msgid "ca_db (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2242 +#: sssd.conf.5.xml:2243 msgid "" "Path to a storage of trusted CA certificates. The option is used to validate " "user certificates before deriving public ssh keys from them." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:2262 +#: sssd.conf.5.xml:2263 msgid "PAC responder configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2264 +#: sssd.conf.5.xml:2265 msgid "" "The PAC responder works together with the authorization data plugin for MIT " "Kerberos sssd_pac_plugin.so and a sub-domain provider. The plugin sends the " @@ -2699,7 +2699,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2273 +#: sssd.conf.5.xml:2274 msgid "" "If the remote user does not exist in the cache, it is created. The UID is " "determined with the help of the SID, trusted domains will have UPGs and the " @@ -2710,24 +2710,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2281 +#: sssd.conf.5.xml:2282 msgid "" "If there are SIDs of groups from domains sssd knows about, the user will be " "added to those groups." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2287 +#: sssd.conf.5.xml:2288 msgid "These options can be used to configure the PAC responder." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2291 sssd-ifp.5.xml:66 +#: sssd.conf.5.xml:2292 sssd-ifp.5.xml:66 msgid "allowed_uids (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2294 +#: sssd.conf.5.xml:2295 msgid "" "Specifies the comma-separated list of UID values or user names that are " "allowed to access the PAC responder. User names are resolved to UIDs at " @@ -2735,12 +2735,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2300 +#: sssd.conf.5.xml:2301 msgid "Default: 0 (only the root user is allowed to access the PAC responder)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2304 +#: sssd.conf.5.xml:2305 msgid "" "Please note that although the UID 0 is used as the default it will be " "overwritten with this option. If you still want to allow the root user to " @@ -2749,24 +2749,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2313 +#: sssd.conf.5.xml:2314 msgid "pac_lifetime (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2316 +#: sssd.conf.5.xml:2317 msgid "" "Lifetime of the PAC entry in seconds. As long as the PAC is valid the PAC " "data can be used to determine the group memberships of a user." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2326 +#: sssd.conf.5.xml:2327 msgid "pac_check (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2329 +#: sssd.conf.5.xml:2330 msgid "" "Apply additional checks on the PAC of the Kerberos ticket which is available " "in Active Directory and FreeIPA domains, if configured. Please note that " @@ -2777,24 +2777,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2343 +#: sssd.conf.5.xml:2344 msgid "no_check" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2345 +#: sssd.conf.5.xml:2346 msgid "" "The PAC must not be present and even if it is present no additional checks " "will be done." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2351 +#: sssd.conf.5.xml:2352 msgid "pac_present" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2353 +#: sssd.conf.5.xml:2354 msgid "" "The PAC must be present in the service ticket which SSSD will request with " "the help of the user's TGT. If the PAC is not available the authentication " @@ -2802,24 +2802,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2361 +#: sssd.conf.5.xml:2362 msgid "check_upn" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2363 +#: sssd.conf.5.xml:2364 msgid "" "If the PAC is present check if the user principal name (UPN) information is " "consistent." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2369 +#: sssd.conf.5.xml:2370 msgid "check_upn_allow_missing" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2371 +#: sssd.conf.5.xml:2372 msgid "" "This option should be used together with 'check_upn' and handles the case " "where a UPN is set on the server-side but is not read by SSSD. The typical " @@ -2831,7 +2831,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2383 +#: sssd.conf.5.xml:2384 msgid "" "Currently this option is set by default to avoid regressions in such " "environments. A log message will be added to the system log and SSSD's debug " @@ -2842,60 +2842,60 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2397 +#: sssd.conf.5.xml:2398 msgid "upn_dns_info_present" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2399 +#: sssd.conf.5.xml:2400 msgid "The PAC must contain the UPN-DNS-INFO buffer, implies 'check_upn'." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2404 +#: sssd.conf.5.xml:2405 msgid "check_upn_dns_info_ex" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2406 +#: sssd.conf.5.xml:2407 msgid "" "If the PAC is present and the extension to the UPN-DNS-INFO buffer is " "available check if the information in the extension is consistent." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2413 +#: sssd.conf.5.xml:2414 msgid "upn_dns_info_ex_present" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2415 +#: sssd.conf.5.xml:2416 msgid "" "The PAC must contain the extension of the UPN-DNS-INFO buffer, implies " "'check_upn_dns_info_ex', 'upn_dns_info_present' and 'check_upn'." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2339 +#: sssd.conf.5.xml:2340 msgid "" "The following options can be used alone or in a comma-separated list: " "<placeholder type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2425 +#: sssd.conf.5.xml:2426 msgid "" "Default: no_check (AD and IPA provider 'check_upn, check_upn_allow_missing, " "check_upn_dns_info_ex')" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:2434 +#: sssd.conf.5.xml:2435 msgid "Session recording configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2436 +#: sssd.conf.5.xml:2437 msgid "" "Session recording works in conjunction with <citerefentry> " "<refentrytitle>tlog-rec-session</refentrytitle> <manvolnum>8</manvolnum> </" @@ -2905,66 +2905,66 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2449 +#: sssd.conf.5.xml:2450 msgid "These options can be used to configure session recording." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2453 sssd-session-recording.5.xml:64 +#: sssd.conf.5.xml:2454 sssd-session-recording.5.xml:64 msgid "scope (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2460 sssd-session-recording.5.xml:71 +#: sssd.conf.5.xml:2461 sssd-session-recording.5.xml:71 msgid "\"none\"" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2463 sssd-session-recording.5.xml:74 +#: sssd.conf.5.xml:2464 sssd-session-recording.5.xml:74 msgid "No users are recorded." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2468 sssd-session-recording.5.xml:79 +#: sssd.conf.5.xml:2469 sssd-session-recording.5.xml:79 msgid "\"some\"" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2471 sssd-session-recording.5.xml:82 +#: sssd.conf.5.xml:2472 sssd-session-recording.5.xml:82 msgid "" "Users/groups specified by <replaceable>users</replaceable> and " "<replaceable>groups</replaceable> options are recorded." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2480 sssd-session-recording.5.xml:91 +#: sssd.conf.5.xml:2481 sssd-session-recording.5.xml:91 msgid "\"all\"" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2483 sssd-session-recording.5.xml:94 +#: sssd.conf.5.xml:2484 sssd-session-recording.5.xml:94 msgid "All users are recorded." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2456 sssd-session-recording.5.xml:67 +#: sssd.conf.5.xml:2457 sssd-session-recording.5.xml:67 msgid "" "One of the following strings specifying the scope of session recording: " "<placeholder type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2490 sssd-session-recording.5.xml:101 +#: sssd.conf.5.xml:2491 sssd-session-recording.5.xml:101 msgid "Default: \"none\"" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2495 sssd-session-recording.5.xml:106 +#: sssd.conf.5.xml:2496 sssd-session-recording.5.xml:106 msgid "users (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2498 sssd-session-recording.5.xml:109 +#: sssd.conf.5.xml:2499 sssd-session-recording.5.xml:109 msgid "" "A comma-separated list of users which should have session recording enabled. " "Matches user names as returned by NSS. I.e. after the possible space " @@ -2972,17 +2972,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2504 sssd-session-recording.5.xml:115 +#: sssd.conf.5.xml:2505 sssd-session-recording.5.xml:115 msgid "Default: Empty. Matches no users." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2509 sssd-session-recording.5.xml:120 +#: sssd.conf.5.xml:2510 sssd-session-recording.5.xml:120 msgid "groups (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2512 sssd-session-recording.5.xml:123 +#: sssd.conf.5.xml:2513 sssd-session-recording.5.xml:123 msgid "" "A comma-separated list of groups, members of which should have session " "recording enabled. Matches group names as returned by NSS. I.e. after the " @@ -2990,7 +2990,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2518 sssd.conf.5.xml:2550 sssd-session-recording.5.xml:129 +#: sssd.conf.5.xml:2519 sssd.conf.5.xml:2551 sssd-session-recording.5.xml:129 #: sssd-session-recording.5.xml:161 msgid "" "NOTE: using this option (having it set to anything) has a considerable " @@ -2999,56 +2999,56 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2525 sssd-session-recording.5.xml:136 +#: sssd.conf.5.xml:2526 sssd-session-recording.5.xml:136 msgid "Default: Empty. Matches no groups." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2530 sssd-session-recording.5.xml:141 +#: sssd.conf.5.xml:2531 sssd-session-recording.5.xml:141 msgid "exclude_users (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2533 sssd-session-recording.5.xml:144 +#: sssd.conf.5.xml:2534 sssd-session-recording.5.xml:144 msgid "" "A comma-separated list of users to be excluded from recording, only " "applicable with 'scope=all'." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2537 sssd-session-recording.5.xml:148 +#: sssd.conf.5.xml:2538 sssd-session-recording.5.xml:148 msgid "Default: Empty. No users excluded." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2542 sssd-session-recording.5.xml:153 +#: sssd.conf.5.xml:2543 sssd-session-recording.5.xml:153 msgid "exclude_groups (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2545 sssd-session-recording.5.xml:156 +#: sssd.conf.5.xml:2546 sssd-session-recording.5.xml:156 msgid "" "A comma-separated list of groups, members of which should be excluded from " "recording. Only applicable with 'scope=all'." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2557 sssd-session-recording.5.xml:168 +#: sssd.conf.5.xml:2558 sssd-session-recording.5.xml:168 msgid "Default: Empty. No groups excluded." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:2567 +#: sssd.conf.5.xml:2568 msgid "DOMAIN SECTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2574 +#: sssd.conf.5.xml:2575 msgid "enabled" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2577 +#: sssd.conf.5.xml:2578 msgid "" "Explicitly enable or disable the domain. If <quote>true</quote>, the domain " "is always <quote>enabled</quote>. If <quote>false</quote>, the domain is " @@ -3058,12 +3058,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2589 +#: sssd.conf.5.xml:2590 msgid "domain_type (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2592 +#: sssd.conf.5.xml:2593 msgid "" "Specifies whether the domain is meant to be used by POSIX-aware clients such " "as the Name Service Switch or by applications that do not need POSIX data to " @@ -3072,14 +3072,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2600 +#: sssd.conf.5.xml:2601 msgid "" "Allowed values for this option are <quote>posix</quote> and " "<quote>application</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2604 +#: sssd.conf.5.xml:2605 msgid "" "POSIX domains are reachable by all services. Application domains are only " "reachable from the InfoPipe responder (see <citerefentry> " @@ -3088,38 +3088,38 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2612 +#: sssd.conf.5.xml:2613 msgid "" "NOTE: The application domains are currently well tested with " "<quote>id_provider=ldap</quote> only." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2616 +#: sssd.conf.5.xml:2617 msgid "" "For an easy way to configure a non-POSIX domains, please see the " "<quote>Application domains</quote> section." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2620 +#: sssd.conf.5.xml:2621 msgid "Default: posix" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2626 +#: sssd.conf.5.xml:2627 msgid "min_id,max_id (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2629 +#: sssd.conf.5.xml:2630 msgid "" "UID and GID limits for the domain. If a domain contains an entry that is " "outside these limits, it is ignored." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2634 +#: sssd.conf.5.xml:2635 msgid "" "For users, this affects the primary GID limit. The user will not be returned " "to NSS if either the UID or the primary GID is outside the range. For non-" @@ -3128,24 +3128,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2641 +#: sssd.conf.5.xml:2642 msgid "" "These ID limits affect even saving entries to cache, not only returning them " "by name or ID." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2645 +#: sssd.conf.5.xml:2646 msgid "Default: 1 for min_id, 0 (no limit) for max_id" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2651 +#: sssd.conf.5.xml:2652 msgid "enumerate (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2654 +#: sssd.conf.5.xml:2655 msgid "" "Determines if a domain can be enumerated, that is, whether the domain can " "list all the users and group it contains. Note that it is not required to " @@ -3154,29 +3154,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2662 +#: sssd.conf.5.xml:2663 msgid "TRUE = Users and groups are enumerated" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2665 +#: sssd.conf.5.xml:2666 msgid "FALSE = No enumerations for this domain" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2668 sssd.conf.5.xml:2942 sssd.conf.5.xml:3119 +#: sssd.conf.5.xml:2669 sssd.conf.5.xml:2943 sssd.conf.5.xml:3120 msgid "Default: FALSE" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2671 +#: sssd.conf.5.xml:2672 msgid "" "Enumerating a domain requires SSSD to download and store ALL user and group " "entries from the remote server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2676 +#: sssd.conf.5.xml:2677 msgid "" "Note: Enabling enumeration has a moderate performance impact on SSSD while " "enumeration is running. It may take up to several minutes after SSSD startup " @@ -3190,14 +3190,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2691 +#: sssd.conf.5.xml:2692 msgid "" "While the first enumeration is running, requests for the complete user or " "group lists may return no results until it completes." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2696 +#: sssd.conf.5.xml:2697 msgid "" "Further, enabling enumeration may increase the time necessary to detect " "network disconnection, as longer timeouts are required to ensure that " @@ -3206,39 +3206,39 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2704 +#: sssd.conf.5.xml:2705 msgid "" "For the reasons cited above, enabling enumeration is not recommended, " "especially in large environments." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2712 +#: sssd.conf.5.xml:2713 msgid "subdomain_enumerate (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2719 +#: sssd.conf.5.xml:2720 msgid "all" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2720 +#: sssd.conf.5.xml:2721 msgid "All discovered trusted domains will be enumerated" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2723 +#: sssd.conf.5.xml:2724 msgid "none" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2724 +#: sssd.conf.5.xml:2725 msgid "No discovered trusted domains will be enumerated" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2715 +#: sssd.conf.5.xml:2716 msgid "" "Whether any of autodetected trusted domains should be enumerated. The " "supported values are: <placeholder type=\"variablelist\" id=\"0\"/> " @@ -3247,19 +3247,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2738 +#: sssd.conf.5.xml:2739 msgid "entry_cache_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2741 +#: sssd.conf.5.xml:2742 msgid "" "How many seconds should nss_sss consider entries valid before asking the " "backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2745 +#: sssd.conf.5.xml:2746 msgid "" "The cache expiration timestamps are stored as attributes of individual " "objects in the cache. Therefore, changing the cache timeout only has effect " @@ -3270,139 +3270,139 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2758 +#: sssd.conf.5.xml:2759 msgid "Default: 5400" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2764 +#: sssd.conf.5.xml:2765 msgid "entry_cache_user_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2767 +#: sssd.conf.5.xml:2768 msgid "" "How many seconds should nss_sss consider user entries valid before asking " "the backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2771 sssd.conf.5.xml:2784 sssd.conf.5.xml:2797 -#: sssd.conf.5.xml:2810 sssd.conf.5.xml:2824 sssd.conf.5.xml:2837 -#: sssd.conf.5.xml:2851 sssd.conf.5.xml:2865 sssd.conf.5.xml:2878 +#: sssd.conf.5.xml:2772 sssd.conf.5.xml:2785 sssd.conf.5.xml:2798 +#: sssd.conf.5.xml:2811 sssd.conf.5.xml:2825 sssd.conf.5.xml:2838 +#: sssd.conf.5.xml:2852 sssd.conf.5.xml:2866 sssd.conf.5.xml:2879 msgid "Default: entry_cache_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2777 +#: sssd.conf.5.xml:2778 msgid "entry_cache_group_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2780 +#: sssd.conf.5.xml:2781 msgid "" "How many seconds should nss_sss consider group entries valid before asking " "the backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2790 +#: sssd.conf.5.xml:2791 msgid "entry_cache_netgroup_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2793 +#: sssd.conf.5.xml:2794 msgid "" "How many seconds should nss_sss consider netgroup entries valid before " "asking the backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2803 +#: sssd.conf.5.xml:2804 msgid "entry_cache_service_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2806 +#: sssd.conf.5.xml:2807 msgid "" "How many seconds should nss_sss consider service entries valid before asking " "the backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2816 +#: sssd.conf.5.xml:2817 msgid "entry_cache_resolver_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2819 +#: sssd.conf.5.xml:2820 msgid "" "How many seconds should nss_sss consider hosts and networks entries valid " "before asking the backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2830 +#: sssd.conf.5.xml:2831 msgid "entry_cache_sudo_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2833 +#: sssd.conf.5.xml:2834 msgid "" "How many seconds should sudo consider rules valid before asking the backend " "again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2843 +#: sssd.conf.5.xml:2844 msgid "entry_cache_autofs_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2846 +#: sssd.conf.5.xml:2847 msgid "" "How many seconds should the autofs service consider automounter maps valid " "before asking the backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2857 +#: sssd.conf.5.xml:2858 msgid "entry_cache_ssh_host_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2860 +#: sssd.conf.5.xml:2861 msgid "" "How many seconds to keep a host ssh key after refresh. IE how long to cache " "the host key for." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2871 +#: sssd.conf.5.xml:2872 msgid "entry_cache_computer_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2874 +#: sssd.conf.5.xml:2875 msgid "" "How many seconds to keep the local computer entry before asking the backend " "again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2884 +#: sssd.conf.5.xml:2885 msgid "refresh_expired_interval (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2887 +#: sssd.conf.5.xml:2888 msgid "" "Specifies how many seconds SSSD has to wait before triggering a background " "refresh task which will refresh all expired or nearly expired records." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2892 +#: sssd.conf.5.xml:2893 msgid "" "The background refresh will process users, groups and netgroups in the " "cache. For users who have performed the initgroups (get group membership for " @@ -3411,17 +3411,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2900 +#: sssd.conf.5.xml:2901 msgid "This option is automatically inherited for all trusted domains." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2904 +#: sssd.conf.5.xml:2905 msgid "You can consider setting this value to 3/4 * entry_cache_timeout." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2908 +#: sssd.conf.5.xml:2909 msgid "" "Cache entry will be refreshed by background task when 2/3 of cache timeout " "has already passed. If there are existing cached entries, the background " @@ -3433,23 +3433,23 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2921 sssd-ldap.5.xml:360 sssd-ldap.5.xml:1736 +#: sssd.conf.5.xml:2922 sssd-ldap.5.xml:360 sssd-ldap.5.xml:1736 #: sssd-ipa.5.xml:270 msgid "Default: 0 (disabled)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2927 +#: sssd.conf.5.xml:2928 msgid "cache_credentials (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2930 +#: sssd.conf.5.xml:2931 msgid "Determines if user credentials are also cached in the local LDB cache." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2934 +#: sssd.conf.5.xml:2935 msgid "" "Take a note that while credentials are stored as a salted SHA512 hash, this " "still potentially poses some security risk in case an attacker manages to " @@ -3458,12 +3458,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2948 +#: sssd.conf.5.xml:2949 msgid "cache_credentials_minimal_first_factor_length (int)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2951 +#: sssd.conf.5.xml:2952 msgid "" "If 2-Factor-Authentication (2FA) is used and credentials should be saved " "this value determines the minimal length the first authentication factor " @@ -3471,19 +3471,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2958 +#: sssd.conf.5.xml:2959 msgid "" "This should avoid that the short PINs of a PIN based 2FA scheme are saved in " "the cache which would make them easy targets for brute-force attacks." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2969 +#: sssd.conf.5.xml:2970 msgid "account_cache_expiration (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2972 +#: sssd.conf.5.xml:2973 msgid "" "Number of days entries are left in cache after last successful login before " "being removed during a cleanup of the cache. 0 means keep forever. The " @@ -3492,17 +3492,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2979 +#: sssd.conf.5.xml:2980 msgid "Default: 0 (unlimited)" msgstr "Noklusējuma: 0 (neierobežots)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2984 +#: sssd.conf.5.xml:2985 msgid "pwd_expiration_warning (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2995 +#: sssd.conf.5.xml:2996 msgid "" "Please note that the backend server has to provide information about the " "expiration time of the password. If this information is missing, sssd " @@ -3511,28 +3511,28 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3002 +#: sssd.conf.5.xml:3003 msgid "Default: 7 (Kerberos), 0 (LDAP)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3008 +#: sssd.conf.5.xml:3009 msgid "id_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3011 +#: sssd.conf.5.xml:3012 msgid "" "The identification provider used for the domain. Supported ID providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3015 +#: sssd.conf.5.xml:3016 msgid "<quote>proxy</quote>: Support a legacy NSS provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3018 +#: sssd.conf.5.xml:3019 msgid "" "<quote>files</quote>: FILES provider. See <citerefentry> <refentrytitle>sssd-" "files</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more " @@ -3540,7 +3540,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3026 +#: sssd.conf.5.xml:3027 msgid "" "<quote>ldap</quote>: LDAP provider. See <citerefentry> <refentrytitle>sssd-" "ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more " @@ -3548,8 +3548,8 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3034 sssd.conf.5.xml:3145 sssd.conf.5.xml:3196 -#: sssd.conf.5.xml:3259 +#: sssd.conf.5.xml:3035 sssd.conf.5.xml:3146 sssd.conf.5.xml:3197 +#: sssd.conf.5.xml:3260 msgid "" "<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management " "provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> " @@ -3558,8 +3558,8 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3043 sssd.conf.5.xml:3154 sssd.conf.5.xml:3205 -#: sssd.conf.5.xml:3268 +#: sssd.conf.5.xml:3044 sssd.conf.5.xml:3155 sssd.conf.5.xml:3206 +#: sssd.conf.5.xml:3269 msgid "" "<quote>ad</quote>: Active Directory provider. See <citerefentry> " "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3567,19 +3567,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3054 +#: sssd.conf.5.xml:3055 msgid "use_fully_qualified_names (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3057 +#: sssd.conf.5.xml:3058 msgid "" "Use the full name and domain (as formatted by the domain's full_name_format) " "as the user's login name reported to NSS." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3062 +#: sssd.conf.5.xml:3063 msgid "" "If set to TRUE, all requests to this domain must use fully qualified names. " "For example, if used in LOCAL domain that contains a \"test\" user, " @@ -3588,7 +3588,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3070 +#: sssd.conf.5.xml:3071 msgid "" "NOTE: This option has no effect on netgroup lookups due to their tendency to " "include nested netgroups without qualified names. For netgroups, all domains " @@ -3596,24 +3596,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3077 +#: sssd.conf.5.xml:3078 msgid "" "Default: FALSE (TRUE for trusted domain/sub-domains or if " "default_domain_suffix is used)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3084 +#: sssd.conf.5.xml:3085 msgid "ignore_group_members (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3087 +#: sssd.conf.5.xml:3088 msgid "Do not return group members for group lookups." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3090 +#: sssd.conf.5.xml:3091 msgid "" "If set to TRUE, the group membership attribute is not requested from the " "ldap server, and group members are not returned when processing group lookup " @@ -3625,7 +3625,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3108 +#: sssd.conf.5.xml:3109 msgid "" "Enabling this option can also make access provider checks for group " "membership significantly faster, especially for groups containing many " @@ -3633,7 +3633,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3114 sssd.conf.5.xml:3821 sssd-ldap.5.xml:326 +#: sssd.conf.5.xml:3115 sssd.conf.5.xml:3822 sssd-ldap.5.xml:326 #: sssd-ldap.5.xml:355 sssd-ldap.5.xml:408 sssd-ldap.5.xml:468 #: sssd-ldap.5.xml:489 sssd-ldap.5.xml:520 sssd-ldap.5.xml:543 #: sssd-ldap.5.xml:582 sssd-ldap.5.xml:601 sssd-ldap.5.xml:625 @@ -3644,19 +3644,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3124 +#: sssd.conf.5.xml:3125 msgid "auth_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3127 +#: sssd.conf.5.xml:3128 msgid "" "The authentication provider used for the domain. Supported auth providers " "are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3131 sssd.conf.5.xml:3189 +#: sssd.conf.5.xml:3132 sssd.conf.5.xml:3190 msgid "" "<quote>ldap</quote> for native LDAP authentication. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3664,7 +3664,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3138 +#: sssd.conf.5.xml:3139 msgid "" "<quote>krb5</quote> for Kerberos authentication. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3672,30 +3672,30 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3162 +#: sssd.conf.5.xml:3163 msgid "" "<quote>proxy</quote> for relaying authentication to some other PAM target." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3165 +#: sssd.conf.5.xml:3166 msgid "<quote>none</quote> disables authentication explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3168 +#: sssd.conf.5.xml:3169 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can handle " "authentication requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3174 +#: sssd.conf.5.xml:3175 msgid "access_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3177 +#: sssd.conf.5.xml:3178 msgid "" "The access control provider used for the domain. There are two built-in " "access providers (in addition to any included in installed backends) " @@ -3703,19 +3703,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3183 +#: sssd.conf.5.xml:3184 msgid "" "<quote>permit</quote> always allow access. It's the only permitted access " "provider for a local domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3186 +#: sssd.conf.5.xml:3187 msgid "<quote>deny</quote> always deny access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3213 +#: sssd.conf.5.xml:3214 msgid "" "<quote>simple</quote> access control based on access or deny lists. See " "<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</" @@ -3724,7 +3724,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3220 +#: sssd.conf.5.xml:3221 msgid "" "<quote>krb5</quote>: .k5login based access control. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum></" @@ -3732,29 +3732,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3227 +#: sssd.conf.5.xml:3228 msgid "<quote>proxy</quote> for relaying access control to another PAM module." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3230 +#: sssd.conf.5.xml:3231 msgid "Default: <quote>permit</quote>" msgstr "Noklusējuma: <quote>atļaut</quote>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3235 +#: sssd.conf.5.xml:3236 msgid "chpass_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3238 +#: sssd.conf.5.xml:3239 msgid "" "The provider which should handle change password operations for the domain. " "Supported change password providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3243 +#: sssd.conf.5.xml:3244 msgid "" "<quote>ldap</quote> to change a password stored in a LDAP server. See " "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" @@ -3762,7 +3762,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3251 +#: sssd.conf.5.xml:3252 msgid "" "<quote>krb5</quote> to change the Kerberos password. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3770,35 +3770,35 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3276 +#: sssd.conf.5.xml:3277 msgid "" "<quote>proxy</quote> for relaying password changes to some other PAM target." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3280 +#: sssd.conf.5.xml:3281 msgid "<quote>none</quote> disallows password changes explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3283 +#: sssd.conf.5.xml:3284 msgid "" "Default: <quote>auth_provider</quote> is used if it is set and can handle " "change password requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3290 +#: sssd.conf.5.xml:3291 msgid "sudo_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3293 +#: sssd.conf.5.xml:3294 msgid "The SUDO provider used for the domain. Supported SUDO providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3297 +#: sssd.conf.5.xml:3298 msgid "" "<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3806,32 +3806,32 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3305 +#: sssd.conf.5.xml:3306 msgid "" "<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default " "settings." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3309 +#: sssd.conf.5.xml:3310 msgid "" "<quote>ad</quote> the same as <quote>ldap</quote> but with AD default " "settings." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3313 +#: sssd.conf.5.xml:3314 msgid "<quote>none</quote> disables SUDO explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3316 sssd.conf.5.xml:3402 sssd.conf.5.xml:3472 -#: sssd.conf.5.xml:3497 sssd.conf.5.xml:3533 +#: sssd.conf.5.xml:3317 sssd.conf.5.xml:3403 sssd.conf.5.xml:3473 +#: sssd.conf.5.xml:3498 sssd.conf.5.xml:3534 msgid "Default: The value of <quote>id_provider</quote> is used if it is set." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3320 +#: sssd.conf.5.xml:3321 msgid "" "The detailed instructions for configuration of sudo_provider are in the " "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " @@ -3842,7 +3842,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3335 +#: sssd.conf.5.xml:3336 msgid "" "<emphasis>NOTE:</emphasis> Sudo rules are periodically downloaded in the " "background unless the sudo provider is explicitly disabled. Set " @@ -3851,12 +3851,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3345 +#: sssd.conf.5.xml:3346 msgid "selinux_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3348 +#: sssd.conf.5.xml:3349 msgid "" "The provider which should handle loading of selinux settings. Note that this " "provider will be called right after access provider ends. Supported selinux " @@ -3864,7 +3864,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3354 +#: sssd.conf.5.xml:3355 msgid "" "<quote>ipa</quote> to load selinux settings from an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" @@ -3872,31 +3872,31 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3362 +#: sssd.conf.5.xml:3363 msgid "<quote>none</quote> disallows fetching selinux settings explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3365 +#: sssd.conf.5.xml:3366 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can handle " "selinux loading requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3371 +#: sssd.conf.5.xml:3372 msgid "subdomains_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3374 +#: sssd.conf.5.xml:3375 msgid "" "The provider which should handle fetching of subdomains. This value should " "be always the same as id_provider. Supported subdomain providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3380 +#: sssd.conf.5.xml:3381 msgid "" "<quote>ipa</quote> to load a list of subdomains from an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" @@ -3904,7 +3904,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3389 +#: sssd.conf.5.xml:3390 msgid "" "<quote>ad</quote> to load a list of subdomains from an Active Directory " "server. See <citerefentry> <refentrytitle>sssd-ad</refentrytitle> " @@ -3913,17 +3913,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3398 +#: sssd.conf.5.xml:3399 msgid "<quote>none</quote> disallows fetching subdomains explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3408 +#: sssd.conf.5.xml:3409 msgid "session_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3411 +#: sssd.conf.5.xml:3412 msgid "" "The provider which configures and manages user session related tasks. The " "only user session task currently provided is the integration with Fleet " @@ -3931,43 +3931,43 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3418 +#: sssd.conf.5.xml:3419 msgid "<quote>ipa</quote> to allow performing user session related tasks." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3422 +#: sssd.conf.5.xml:3423 msgid "" "<quote>none</quote> does not perform any kind of user session related tasks." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3426 +#: sssd.conf.5.xml:3427 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can perform " "session related tasks." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3430 +#: sssd.conf.5.xml:3431 msgid "" "<emphasis>NOTE:</emphasis> In order to have this feature working as expected " "SSSD must be running as \"root\" and not as the unprivileged user." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3438 +#: sssd.conf.5.xml:3439 msgid "autofs_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3441 +#: sssd.conf.5.xml:3442 msgid "" "The autofs provider used for the domain. Supported autofs providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3445 +#: sssd.conf.5.xml:3446 msgid "" "<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3975,7 +3975,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3452 +#: sssd.conf.5.xml:3453 msgid "" "<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> " "<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3983,7 +3983,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3460 +#: sssd.conf.5.xml:3461 msgid "" "<quote>ad</quote> to load maps stored in an AD server. See <citerefentry> " "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3991,24 +3991,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3469 +#: sssd.conf.5.xml:3470 msgid "<quote>none</quote> disables autofs explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3479 +#: sssd.conf.5.xml:3480 msgid "hostid_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3482 +#: sssd.conf.5.xml:3483 msgid "" "The provider used for retrieving host identity information. Supported " "hostid providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3486 +#: sssd.conf.5.xml:3487 msgid "" "<quote>ipa</quote> to load host identity stored in an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" @@ -4016,31 +4016,31 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3494 +#: sssd.conf.5.xml:3495 msgid "<quote>none</quote> disables hostid explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3504 +#: sssd.conf.5.xml:3505 msgid "resolver_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3507 +#: sssd.conf.5.xml:3508 msgid "" "The provider which should handle hosts and networks lookups. Supported " "resolver providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3511 +#: sssd.conf.5.xml:3512 msgid "" "<quote>proxy</quote> to forward lookups to another NSS library. See " "<quote>proxy_resolver_lib_name</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3515 +#: sssd.conf.5.xml:3516 msgid "" "<quote>ldap</quote> to fetch hosts and networks stored in LDAP. See " "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" @@ -4048,7 +4048,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3522 +#: sssd.conf.5.xml:3523 msgid "" "<quote>ad</quote> to fetch hosts and networks stored in AD. See " "<citerefentry> <refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</" @@ -4057,12 +4057,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3530 +#: sssd.conf.5.xml:3531 msgid "<quote>none</quote> disallows fetching hosts and networks explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3543 +#: sssd.conf.5.xml:3544 msgid "" "Regular expression for this domain that describes how to parse the string " "containing user name and domain into these components. The \"domain\" can " @@ -4072,24 +4072,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3552 +#: sssd.conf.5.xml:3553 msgid "" "Default: <quote>^((?P<name>.+)@(?P<domain>[^@]*)|(?P<name>" "[^@]+))$</quote> which allows two different styles for user names:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:3557 sssd.conf.5.xml:3571 +#: sssd.conf.5.xml:3558 sssd.conf.5.xml:3572 msgid "username" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:3560 sssd.conf.5.xml:3574 +#: sssd.conf.5.xml:3561 sssd.conf.5.xml:3575 msgid "username@domain.name" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3565 +#: sssd.conf.5.xml:3566 msgid "" "Default for the AD and IPA provider: <quote>^(((?P<domain>[^\\\\]+)\\" "\\(?P<name>.+))|((?P<name>.+)@(?P<domain>[^@]+))|((?P<" @@ -4098,19 +4098,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:3577 +#: sssd.conf.5.xml:3578 msgid "domain\\username" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3580 +#: sssd.conf.5.xml:3581 msgid "" "While the first two correspond to the general default the third one is " "introduced to allow easy integration of users from Windows domains." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3585 +#: sssd.conf.5.xml:3586 msgid "" "The default re_expression uses the <quote>@</quote> character as a separator " "between the name and the domain. As a result of this setting the default " @@ -4120,93 +4120,93 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3637 +#: sssd.conf.5.xml:3638 msgid "Default: <quote>%1$s@%2$s</quote>." msgstr "Noklusējuma: <quote>%1$s@%2$s</quote>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3643 +#: sssd.conf.5.xml:3644 msgid "lookup_family_order (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3646 +#: sssd.conf.5.xml:3647 msgid "" "Provides the ability to select preferred address family to use when " "performing DNS lookups." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3650 +#: sssd.conf.5.xml:3651 msgid "Supported values:" msgstr "Atbalstītās vērtības:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3653 +#: sssd.conf.5.xml:3654 msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3656 +#: sssd.conf.5.xml:3657 msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3659 +#: sssd.conf.5.xml:3660 msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3662 +#: sssd.conf.5.xml:3663 msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3665 +#: sssd.conf.5.xml:3666 msgid "Default: ipv4_first" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3671 +#: sssd.conf.5.xml:3672 #, fuzzy #| msgid "timeout (integer)" msgid "dns_resolver_server_timeout (integer)" msgstr "noildze (vesels skaitlis)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3674 +#: sssd.conf.5.xml:3675 msgid "" "Defines the amount of time (in milliseconds) SSSD would try to talk to DNS " "server before trying next DNS server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3679 +#: sssd.conf.5.xml:3680 msgid "" "The AD provider will use this option for the CLDAP ping timeouts as well." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3683 sssd.conf.5.xml:3703 sssd.conf.5.xml:3724 +#: sssd.conf.5.xml:3684 sssd.conf.5.xml:3704 sssd.conf.5.xml:3725 msgid "" "Please see the section <quote>FAILOVER</quote> for more information about " "the service resolution." msgstr "" #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3688 sssd-ldap.5.xml:644 include/failover.xml:84 +#: sssd.conf.5.xml:3689 sssd-ldap.5.xml:644 include/failover.xml:84 msgid "Default: 1000" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3694 +#: sssd.conf.5.xml:3695 #, fuzzy #| msgid "timeout (integer)" msgid "dns_resolver_op_timeout (integer)" msgstr "noildze (vesels skaitlis)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3697 +#: sssd.conf.5.xml:3698 msgid "" "Defines the amount of time (in seconds) to wait to resolve single DNS query " "(e.g. resolution of a hostname or an SRV record) before trying the next " @@ -4214,12 +4214,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3714 +#: sssd.conf.5.xml:3715 msgid "dns_resolver_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3717 +#: sssd.conf.5.xml:3718 msgid "" "Defines the amount of time (in seconds) to wait for a reply from the " "internal fail over service before assuming that the service is unreachable. " @@ -4228,14 +4228,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3735 +#: sssd.conf.5.xml:3736 #, fuzzy #| msgid "timeout (integer)" msgid "dns_resolver_use_search_list (bool)" msgstr "noildze (vesels skaitlis)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3738 +#: sssd.conf.5.xml:3739 msgid "" "Normally, the DNS resolver searches the domain list defined in the " "\"search\" directive from the resolv.conf file. This can lead to delays in " @@ -4243,7 +4243,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3744 +#: sssd.conf.5.xml:3745 msgid "" "If fully qualified domain names (or _srv_) are used in the SSSD " "configuration, setting this option to FALSE can prevent unnecessary DNS " @@ -4251,71 +4251,71 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3750 +#: sssd.conf.5.xml:3751 #, fuzzy #| msgid "Default: 6" msgid "Default: TRUE" msgstr "Noklusējuma: 6" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3756 +#: sssd.conf.5.xml:3757 msgid "dns_discovery_domain (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3759 +#: sssd.conf.5.xml:3760 msgid "" "If service discovery is used in the back end, specifies the domain part of " "the service discovery DNS query." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3763 +#: sssd.conf.5.xml:3764 msgid "Default: Use the domain part of machine's hostname" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3769 +#: sssd.conf.5.xml:3770 msgid "override_gid (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3772 +#: sssd.conf.5.xml:3773 msgid "Override the primary GID value with the one specified." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3778 +#: sssd.conf.5.xml:3779 msgid "case_sensitive (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3785 +#: sssd.conf.5.xml:3786 msgid "True" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3788 +#: sssd.conf.5.xml:3789 msgid "Case sensitive. This value is invalid for AD provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3794 +#: sssd.conf.5.xml:3795 msgid "False" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3796 +#: sssd.conf.5.xml:3797 msgid "Case insensitive." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3800 +#: sssd.conf.5.xml:3801 msgid "Preserving" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3803 +#: sssd.conf.5.xml:3804 msgid "" "Same as False (case insensitive), but does not lowercase names in the result " "of NSS operations. Note that name aliases (and in case of services also " @@ -4323,31 +4323,31 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3811 +#: sssd.conf.5.xml:3812 msgid "" "If you want to set this value for trusted domain with IPA provider, you need " "to set it on both the client and SSSD on the server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3781 +#: sssd.conf.5.xml:3782 msgid "" "Treat user and group names as case sensitive. Possible option values are: " "<placeholder type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3826 +#: sssd.conf.5.xml:3827 msgid "Default: True (False for AD provider)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3832 +#: sssd.conf.5.xml:3833 msgid "subdomain_inherit (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3835 +#: sssd.conf.5.xml:3836 msgid "" "Specifies a list of configuration parameters that should be inherited by a " "subdomain. Please note that only selected parameters can be inherited. " @@ -4355,114 +4355,114 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3841 +#: sssd.conf.5.xml:3842 msgid "ldap_search_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3844 +#: sssd.conf.5.xml:3845 msgid "ldap_network_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3847 +#: sssd.conf.5.xml:3848 msgid "ldap_opt_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3850 +#: sssd.conf.5.xml:3851 #, fuzzy #| msgid "timeout (integer)" msgid "ldap_offline_timeout" msgstr "noildze (vesels skaitlis)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3853 +#: sssd.conf.5.xml:3854 #, fuzzy #| msgid "timeout (integer)" msgid "ldap_enumeration_refresh_timeout" msgstr "noildze (vesels skaitlis)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3856 +#: sssd.conf.5.xml:3857 msgid "ldap_enumeration_refresh_offset" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3859 +#: sssd.conf.5.xml:3860 msgid "ldap_purge_cache_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3862 +#: sssd.conf.5.xml:3863 msgid "ldap_purge_cache_offset" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3865 +#: sssd.conf.5.xml:3866 msgid "" "ldap_krb5_keytab (the value of krb5_keytab will be used if ldap_krb5_keytab " "is not set explicitly)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3869 +#: sssd.conf.5.xml:3870 msgid "ldap_krb5_ticket_lifetime" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3872 +#: sssd.conf.5.xml:3873 #, fuzzy #| msgid "timeout (integer)" msgid "ldap_enumeration_search_timeout" msgstr "noildze (vesels skaitlis)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3875 +#: sssd.conf.5.xml:3876 #, fuzzy #| msgid "timeout (integer)" msgid "ldap_connection_expire_timeout" msgstr "noildze (vesels skaitlis)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3878 +#: sssd.conf.5.xml:3879 #, fuzzy #| msgid "timeout (integer)" msgid "ldap_connection_expire_offset" msgstr "noildze (vesels skaitlis)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3881 +#: sssd.conf.5.xml:3882 msgid "ldap_connection_idle_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3884 sssd-ldap.5.xml:400 +#: sssd.conf.5.xml:3885 sssd-ldap.5.xml:400 msgid "ldap_use_tokengroups" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3887 +#: sssd.conf.5.xml:3888 msgid "ldap_user_principal" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3890 +#: sssd.conf.5.xml:3891 msgid "ignore_group_members" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3893 +#: sssd.conf.5.xml:3894 msgid "auto_private_groups" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3896 +#: sssd.conf.5.xml:3897 msgid "case_sensitive" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:3901 +#: sssd.conf.5.xml:3902 #, no-wrap msgid "" "subdomain_inherit = ldap_purge_cache_timeout\n" @@ -4470,27 +4470,27 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3908 +#: sssd.conf.5.xml:3909 msgid "Note: This option only works with the IPA and AD provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3915 +#: sssd.conf.5.xml:3916 msgid "subdomain_homedir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3926 +#: sssd.conf.5.xml:3927 msgid "%F" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3927 +#: sssd.conf.5.xml:3928 msgid "flat (NetBIOS) name of a subdomain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3918 +#: sssd.conf.5.xml:3919 msgid "" "Use this homedir as default value for all subdomains within this domain in " "IPA AD trust. See <emphasis>override_homedir</emphasis> for info about " @@ -4500,34 +4500,34 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3932 +#: sssd.conf.5.xml:3933 msgid "" "The value can be overridden by <emphasis>override_homedir</emphasis> option." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3936 +#: sssd.conf.5.xml:3937 msgid "Default: <filename>/home/%d/%u</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3941 +#: sssd.conf.5.xml:3942 msgid "realmd_tags (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3944 +#: sssd.conf.5.xml:3945 msgid "" "Various tags stored by the realmd configuration service for this domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3950 +#: sssd.conf.5.xml:3951 msgid "cached_auth_timeout (int)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3953 +#: sssd.conf.5.xml:3954 msgid "" "Specifies time in seconds since last successful online authentication for " "which user will be authenticated using cached credentials while SSSD is in " @@ -4536,19 +4536,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3961 +#: sssd.conf.5.xml:3962 msgid "" "This option's value is inherited by all trusted domains. At the moment it is " "not possible to set a different value per trusted domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3966 +#: sssd.conf.5.xml:3967 msgid "Special value 0 implies that this feature is disabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3970 +#: sssd.conf.5.xml:3971 msgid "" "Please note that if <quote>cached_auth_timeout</quote> is longer than " "<quote>pam_id_timeout</quote> then the back end could be called to handle " @@ -4556,24 +4556,83 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3981 +#: sssd.conf.5.xml:3982 +msgid "local_auth_policy (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3985 +msgid "" +"Local authentication methods policy. Some backends (i.e. LDAP, proxy " +"provider) only support a password based authentication, while others can " +"handle PKINIT based Smartcard authentication (AD, IPA), two-factor " +"authentication (IPA), or other methods against a central instance. By " +"default in such cases authentication is only performed with the methods " +"supported by the backend." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3995 +msgid "" +"There are three possible values for this option: match, only, enable. " +"<quote>match</quote> is used to match offline and online states for Kerberos " +"methods. <quote>only</quote> ignores the online methods and only offer the " +"local ones. enable allows explicitly defining the methods for local " +"authentication. As an example, <quote>enable:passkey</quote>, only enables " +"passkey for local authentication. Multiple enable values should be comma-" +"separated, such as <quote>enable:passkey, enable:smartcard</quote>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:4011 +#, no-wrap +msgid "" +"[domain/shadowutils]\n" +"id_provider = proxy\n" +"proxy_lib_name = files\n" +"auth_provider = none\n" +"local_auth_policy = only\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4007 +msgid "" +"The following configuration example allows local users to authenticate " +"locally using any enabled method (i.e. smartcard, passkey). <placeholder " +"type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4019 +msgid "This option is ignored for the files provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4022 +#, fuzzy +#| msgid "Default: 6" +msgid "Default: match" +msgstr "Noklusējuma: 6" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4027 msgid "auto_private_groups (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3987 +#: sssd.conf.5.xml:4033 msgid "true" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3990 +#: sssd.conf.5.xml:4036 msgid "" "Create user's private group unconditionally from user's UID number. The GID " "number is ignored in this case." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3994 +#: sssd.conf.5.xml:4040 msgid "" "NOTE: Because the GID number and the user private group are inferred from " "the UID number, it is not supported to have multiple entries with the same " @@ -4582,24 +4641,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4003 +#: sssd.conf.5.xml:4049 msgid "false" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4006 +#: sssd.conf.5.xml:4052 msgid "" "Always use the user's primary GID number. The GID number must refer to a " "group object in the LDAP database." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4012 +#: sssd.conf.5.xml:4058 msgid "hybrid" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4015 +#: sssd.conf.5.xml:4061 msgid "" "A primary group is autogenerated for user entries whose UID and GID numbers " "have the same value and at the same time the GID number does not correspond " @@ -4609,14 +4668,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4028 +#: sssd.conf.5.xml:4074 msgid "" "If the UID and GID of a user are different, then the GID must correspond to " "a group entry, otherwise the GID is simply not resolvable." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4035 +#: sssd.conf.5.xml:4081 msgid "" "This feature is useful for environments that wish to stop maintaining a " "separate group objects for the user private groups, but also wish to retain " @@ -4624,21 +4683,21 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3984 +#: sssd.conf.5.xml:4030 msgid "" "This option takes any of three available values: <placeholder " "type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4047 +#: sssd.conf.5.xml:4093 msgid "" "For subdomains, the default value is False for subdomains that use assigned " "POSIX IDs and True for subdomains that use automatic ID-mapping." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:4055 +#: sssd.conf.5.xml:4101 #, no-wrap msgid "" "[domain/forest.domain/sub.domain]\n" @@ -4646,7 +4705,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:4061 +#: sssd.conf.5.xml:4107 #, no-wrap msgid "" "[domain/forest.domain]\n" @@ -4655,7 +4714,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4052 +#: sssd.conf.5.xml:4098 msgid "" "The value of auto_private_groups can either be set per subdomains in a " "subsection, for example: <placeholder type=\"programlisting\" id=\"0\"/> or " @@ -4664,7 +4723,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:2569 +#: sssd.conf.5.xml:2570 msgid "" "These configuration options can be present in a domain configuration " "section, that is, in a section called <quote>[domain/<replaceable>NAME</" @@ -4672,29 +4731,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4076 +#: sssd.conf.5.xml:4122 msgid "proxy_pam_target (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4079 +#: sssd.conf.5.xml:4125 msgid "The proxy target PAM proxies to." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4082 +#: sssd.conf.5.xml:4128 msgid "" "Default: not set by default, you have to take an existing pam configuration " "or create a new one and add the service name here." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4090 +#: sssd.conf.5.xml:4136 msgid "proxy_lib_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4093 +#: sssd.conf.5.xml:4139 msgid "" "The name of the NSS library to use in proxy domains. The NSS functions " "searched for in the library are in the form of _nss_$(libName)_$(function), " @@ -4702,12 +4761,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4103 +#: sssd.conf.5.xml:4149 msgid "proxy_resolver_lib_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4106 +#: sssd.conf.5.xml:4152 msgid "" "The name of the NSS library to use for hosts and networks lookups in proxy " "domains. The NSS functions searched for in the library are in the form of " @@ -4715,12 +4774,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4117 +#: sssd.conf.5.xml:4163 msgid "proxy_fast_alias (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4120 +#: sssd.conf.5.xml:4166 msgid "" "When a user or group is looked up by name in the proxy provider, a second " "lookup by ID is performed to \"canonicalize\" the name in case the requested " @@ -4729,12 +4788,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4134 +#: sssd.conf.5.xml:4180 msgid "proxy_max_children (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4137 +#: sssd.conf.5.xml:4183 msgid "" "This option specifies the number of pre-forked proxy children. It is useful " "for high-load SSSD environments where sssd may run out of available child " @@ -4742,19 +4801,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4072 +#: sssd.conf.5.xml:4118 msgid "" "Options valid for proxy domains. <placeholder type=\"variablelist\" " "id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:4153 +#: sssd.conf.5.xml:4199 msgid "Application domains" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4155 +#: sssd.conf.5.xml:4201 msgid "" "SSSD, with its D-Bus interface (see <citerefentry> <refentrytitle>sssd-ifp</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry>) is appealing to " @@ -4771,7 +4830,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4175 +#: sssd.conf.5.xml:4221 msgid "" "Please note that the application domain must still be explicitly enabled in " "the <quote>domains</quote> parameter so that the lookup order between the " @@ -4779,17 +4838,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> -#: sssd.conf.5.xml:4181 +#: sssd.conf.5.xml:4227 msgid "Application domain parameters" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4183 +#: sssd.conf.5.xml:4229 msgid "inherit_from (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4186 +#: sssd.conf.5.xml:4232 msgid "" "The SSSD POSIX-type domain the application domain inherits all settings " "from. The application domain can moreover add its own settings to the " @@ -4798,7 +4857,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4200 +#: sssd.conf.5.xml:4246 msgid "" "The following example illustrates the use of an application domain. In this " "setup, the POSIX domain is connected to an LDAP server and is used by the OS " @@ -4808,7 +4867,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><programlisting> -#: sssd.conf.5.xml:4208 +#: sssd.conf.5.xml:4254 #, no-wrap msgid "" "[sssd]\n" @@ -4828,12 +4887,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4228 +#: sssd.conf.5.xml:4274 msgid "TRUSTED DOMAIN SECTION" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4230 +#: sssd.conf.5.xml:4276 msgid "" "Some options used in the domain section can also be used in the trusted " "domain section, that is, in a section called <quote>[domain/" @@ -4844,69 +4903,69 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4237 +#: sssd.conf.5.xml:4283 msgid "ldap_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4238 +#: sssd.conf.5.xml:4284 msgid "ldap_user_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4239 +#: sssd.conf.5.xml:4285 msgid "ldap_group_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4240 +#: sssd.conf.5.xml:4286 msgid "ldap_netgroup_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4241 +#: sssd.conf.5.xml:4287 msgid "ldap_service_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4242 +#: sssd.conf.5.xml:4288 msgid "ldap_sasl_mech," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4243 +#: sssd.conf.5.xml:4289 msgid "ad_server," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4244 +#: sssd.conf.5.xml:4290 msgid "ad_backup_server," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4245 +#: sssd.conf.5.xml:4291 msgid "ad_site," msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4246 sssd-ipa.5.xml:879 +#: sssd.conf.5.xml:4292 sssd-ipa.5.xml:879 msgid "use_fully_qualified_names" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4250 +#: sssd.conf.5.xml:4296 msgid "" "For more details about these options see their individual description in the " "manual page." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4256 +#: sssd.conf.5.xml:4302 msgid "CERTIFICATE MAPPING SECTION" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4258 +#: sssd.conf.5.xml:4304 msgid "" "To allow authentication with Smartcards and certificates SSSD must be able " "to map certificates to users. This can be done by adding the full " @@ -4919,7 +4978,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4272 +#: sssd.conf.5.xml:4318 msgid "" "To make the mapping more flexible mapping and matching rules were added to " "SSSD (see <citerefentry> <refentrytitle>sss-certmap</refentrytitle> " @@ -4927,7 +4986,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4281 +#: sssd.conf.5.xml:4327 msgid "" "A mapping and matching rule can be added to the SSSD configuration in a " "section on its own with a name like <quote>[certmap/" @@ -4936,55 +4995,55 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4288 +#: sssd.conf.5.xml:4334 msgid "matchrule (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4291 +#: sssd.conf.5.xml:4337 msgid "" "Only certificates from the Smartcard which matches this rule will be " "processed, all others are ignored." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4295 +#: sssd.conf.5.xml:4341 msgid "" "Default: KRB5:<EKU>clientAuth, i.e. only certificates which have the " "Extended Key Usage <quote>clientAuth</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4302 +#: sssd.conf.5.xml:4348 msgid "maprule (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4305 +#: sssd.conf.5.xml:4351 msgid "Defines how the user is found for a given certificate." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4311 +#: sssd.conf.5.xml:4357 msgid "" "LDAP:(userCertificate;binary={cert!bin}) for LDAP based providers like " "<quote>ldap</quote>, <quote>AD</quote> or <quote>ipa</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4317 +#: sssd.conf.5.xml:4363 msgid "" "The RULE_NAME for the <quote>files</quote> provider which tries to find a " "user with the same name." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4326 +#: sssd.conf.5.xml:4372 msgid "domains (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4329 +#: sssd.conf.5.xml:4375 msgid "" "Comma separated list of domain names the rule should be applied. By default " "a rule is only valid in the domain configured in sssd.conf. If the provider " @@ -4993,17 +5052,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4336 +#: sssd.conf.5.xml:4382 msgid "Default: the configured domain in sssd.conf" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4341 +#: sssd.conf.5.xml:4387 msgid "priority (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4344 +#: sssd.conf.5.xml:4390 msgid "" "Unsigned integer value defining the priority of the rule. The higher the " "number the lower the priority. <quote>0</quote> stands for the highest " @@ -5011,26 +5070,26 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4350 +#: sssd.conf.5.xml:4396 msgid "Default: the lowest priority" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4356 +#: sssd.conf.5.xml:4402 msgid "" "To make the configuration simple and reduce the amount of configuration " "options the <quote>files</quote> provider has some special properties:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4362 +#: sssd.conf.5.xml:4408 msgid "" "if maprule is not set the RULE_NAME name is assumed to be the name of the " "matching user" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4368 +#: sssd.conf.5.xml:4414 msgid "" "if a maprule is used both a single user name or a template like " "<quote>{subject_rfc822_name.short_name}</quote> must be in braces like e.g. " @@ -5039,17 +5098,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4377 +#: sssd.conf.5.xml:4423 msgid "the <quote>domains</quote> option is ignored" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4385 +#: sssd.conf.5.xml:4431 msgid "PROMPTING CONFIGURATION SECTION" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4387 +#: sssd.conf.5.xml:4433 msgid "" "If a special file (<filename>/var/lib/sss/pubconf/pam_preauth_available</" "filename>) exists SSSD's PAM module pam_sss will ask SSSD to figure out " @@ -5059,7 +5118,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4395 +#: sssd.conf.5.xml:4441 msgid "" "With the growing number of authentication methods and the possibility that " "there are multiple ones for a single user the heuristic used by pam_sss to " @@ -5068,59 +5127,59 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4407 +#: sssd.conf.5.xml:4453 msgid "[prompting/password]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4410 +#: sssd.conf.5.xml:4456 msgid "password_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4411 +#: sssd.conf.5.xml:4457 msgid "to change the string of the password prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4409 +#: sssd.conf.5.xml:4455 msgid "" "to configure password prompting, allowed options are: <placeholder " "type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4419 +#: sssd.conf.5.xml:4465 msgid "[prompting/2fa]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4423 +#: sssd.conf.5.xml:4469 msgid "first_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4424 +#: sssd.conf.5.xml:4470 msgid "to change the string of the prompt for the first factor" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4427 +#: sssd.conf.5.xml:4473 msgid "second_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4428 +#: sssd.conf.5.xml:4474 msgid "to change the string of the prompt for the second factor" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4431 +#: sssd.conf.5.xml:4477 msgid "single_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4432 +#: sssd.conf.5.xml:4478 msgid "" "boolean value, if True there will be only a single prompt using the value of " "first_prompt where it is expected that both factors are entered as a single " @@ -5129,7 +5188,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4421 +#: sssd.conf.5.xml:4467 msgid "" "to configure two-factor authentication prompting, allowed options are: " "<placeholder type=\"variablelist\" id=\"0\"/> If the second factor is " @@ -5138,17 +5197,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4449 +#: sssd.conf.5.xml:4495 msgid "[prompting/passkey]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4455 sssd-ad.5.xml:1021 +#: sssd.conf.5.xml:4501 sssd-ad.5.xml:1021 msgid "interactive" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4457 +#: sssd.conf.5.xml:4503 msgid "" "boolean value, if True prompt a message and wait before testing the presence " "of a passkey device. Recommended if your device doesn’t have a tactile " @@ -5156,46 +5215,46 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4465 +#: sssd.conf.5.xml:4511 msgid "interactive_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4467 +#: sssd.conf.5.xml:4513 msgid "to change the message of the interactive prompt." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4472 +#: sssd.conf.5.xml:4518 msgid "touch" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4474 +#: sssd.conf.5.xml:4520 msgid "" "boolean value, if True prompt a message to remind the user to touch the " "device." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4480 +#: sssd.conf.5.xml:4526 msgid "touch_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4482 +#: sssd.conf.5.xml:4528 msgid "to change the message of the touch prompt." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4451 +#: sssd.conf.5.xml:4497 msgid "" "to configure passkey authentication prompting, allowed options are: " "<placeholder type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4402 +#: sssd.conf.5.xml:4448 msgid "" "Each supported authentication method has its own configuration subsection " "under <quote>[prompting/...]</quote>. Currently there are: <placeholder " @@ -5204,7 +5263,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4493 +#: sssd.conf.5.xml:4539 msgid "" "It is possible to add a subsection for specific PAM services, e.g. " "<quote>[prompting/password/sshd]</quote> to individual change the prompting " @@ -5212,12 +5271,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4500 pam_sss_gss.8.xml:157 idmap_sss.8.xml:43 +#: sssd.conf.5.xml:4546 pam_sss_gss.8.xml:157 idmap_sss.8.xml:43 msgid "EXAMPLES" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4506 +#: sssd.conf.5.xml:4552 #, no-wrap msgid "" "[sssd]\n" @@ -5247,7 +5306,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4502 +#: sssd.conf.5.xml:4548 msgid "" "1. The following example shows a typical SSSD config. It does not describe " "configuration of the domains themselves - refer to documentation on " @@ -5256,7 +5315,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4539 +#: sssd.conf.5.xml:4585 #, no-wrap msgid "" "[domain/ipa.com/child.ad.com]\n" @@ -5264,7 +5323,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4533 +#: sssd.conf.5.xml:4579 msgid "" "2. The following example shows configuration of IPA AD trust where the AD " "forest consists of two domains in a parent-child structure. Suppose IPA " @@ -5275,7 +5334,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4550 +#: sssd.conf.5.xml:4596 #, no-wrap msgid "" "[certmap/my.domain/rule_name]\n" @@ -5286,7 +5345,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4544 +#: sssd.conf.5.xml:4590 msgid "" "3. The following example shows the configuration of a certificate mapping " "rule. It is valid for the configured domain <quote>my.domain</quote> and " @@ -17295,7 +17354,7 @@ msgstr "" #: include/ldap_id_mapping.xml:235 msgid "" "When this option is configured, domains will be allocated starting with " -"slice zero and increasing monatomically with each additional domain." +"slice zero and increasing monotonically with each additional domain." msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> diff --git a/src/man/po/nl.po b/src/man/po/nl.po index 04937cab6d5..261abf03488 100644 --- a/src/man/po/nl.po +++ b/src/man/po/nl.po @@ -8,7 +8,7 @@ msgid "" msgstr "" "Project-Id-Version: sssd-docs 2.3.0\n" "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" -"POT-Creation-Date: 2023-05-05 10:09+0200\n" +"POT-Creation-Date: 2023-09-07 11:47+0200\n" "PO-Revision-Date: 2014-12-15 12:02-0500\n" "Last-Translator: Copied by Zanata <copied-by-zanata@zanata.org>\n" "Language-Team: Dutch (http://www.transifex.com/projects/p/sssd/language/" @@ -216,8 +216,8 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:136 sssd.conf.5.xml:173 sssd.conf.5.xml:358 -#: sssd.conf.5.xml:714 sssd.conf.5.xml:729 sssd.conf.5.xml:951 -#: sssd.conf.5.xml:1069 sssd.conf.5.xml:2197 sssd-ldap.5.xml:1071 +#: sssd.conf.5.xml:714 sssd.conf.5.xml:729 sssd.conf.5.xml:952 +#: sssd.conf.5.xml:1070 sssd.conf.5.xml:2198 sssd-ldap.5.xml:1071 #: sssd-ldap.5.xml:1174 sssd-ldap.5.xml:1243 sssd-ldap.5.xml:1750 #: sssd-ldap.5.xml:1815 sssd-ipa.5.xml:342 sssd-ad.5.xml:252 sssd-ad.5.xml:366 #: sssd-ad.5.xml:1200 sssd-ad.5.xml:1348 sssd-krb5.5.xml:358 @@ -237,8 +237,8 @@ msgid "" msgstr "" #. type: Content of: <variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:149 sssd.conf.5.xml:652 sssd.conf.5.xml:948 -#: sssd.conf.5.xml:2100 sssd.conf.5.xml:2167 sssd.conf.5.xml:4128 +#: sssd.conf.5.xml:149 sssd.conf.5.xml:652 sssd.conf.5.xml:949 +#: sssd.conf.5.xml:2101 sssd.conf.5.xml:2168 sssd.conf.5.xml:4174 #: sssd-ldap.5.xml:312 sssd-ldap.5.xml:917 sssd-ldap.5.xml:936 #: sssd-ldap.5.xml:1146 sssd-ldap.5.xml:1599 sssd-ldap.5.xml:1839 #: sssd-ipa.5.xml:152 sssd-ipa.5.xml:254 sssd-ipa.5.xml:657 sssd-ad.5.xml:1106 @@ -308,8 +308,8 @@ msgid "" msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:196 sssd.conf.5.xml:1289 sssd.conf.5.xml:1766 -#: sssd.conf.5.xml:4144 sssd-ldap.5.xml:765 include/ldap_id_mapping.xml:270 +#: sssd.conf.5.xml:196 sssd.conf.5.xml:1290 sssd.conf.5.xml:1767 +#: sssd.conf.5.xml:4190 sssd-ldap.5.xml:765 include/ldap_id_mapping.xml:270 msgid "Default: 10" msgstr "" @@ -375,12 +375,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:258 sssd.conf.5.xml:783 +#: sssd.conf.5.xml:258 sssd.conf.5.xml:784 msgid "reconnection_retries (integer)" msgstr "reconnection_retries (numeriek)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:261 sssd.conf.5.xml:786 +#: sssd.conf.5.xml:261 sssd.conf.5.xml:787 msgid "" "Number of times services should attempt to reconnect in the event of a Data " "Provider crash or restart before they give up" @@ -389,7 +389,7 @@ msgstr "" "Data Aanbieder crashed of opnieuw start voordat dit opgegeven wordt" #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:266 sssd.conf.5.xml:791 sssd.conf.5.xml:3708 +#: sssd.conf.5.xml:266 sssd.conf.5.xml:792 sssd.conf.5.xml:3709 #: include/failover.xml:100 msgid "Default: 3" msgstr "Standaard: 3" @@ -411,7 +411,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:287 sssd.conf.5.xml:3540 +#: sssd.conf.5.xml:287 sssd.conf.5.xml:3541 msgid "re_expression (string)" msgstr "re_expression (tekst)" @@ -431,12 +431,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:304 sssd.conf.5.xml:3597 +#: sssd.conf.5.xml:304 sssd.conf.5.xml:3598 msgid "full_name_format (string)" msgstr "full_name_format (tekst)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:307 sssd.conf.5.xml:3600 +#: sssd.conf.5.xml:307 sssd.conf.5.xml:3601 msgid "" "A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</" "manvolnum> </citerefentry>-compatible format that describes how to compose a " @@ -444,39 +444,39 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:318 sssd.conf.5.xml:3611 +#: sssd.conf.5.xml:318 sssd.conf.5.xml:3612 msgid "%1$s" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:319 sssd.conf.5.xml:3612 +#: sssd.conf.5.xml:319 sssd.conf.5.xml:3613 msgid "user name" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:322 sssd.conf.5.xml:3615 +#: sssd.conf.5.xml:322 sssd.conf.5.xml:3616 msgid "%2$s" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:325 sssd.conf.5.xml:3618 +#: sssd.conf.5.xml:325 sssd.conf.5.xml:3619 msgid "domain name as specified in the SSSD config file." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:331 sssd.conf.5.xml:3624 +#: sssd.conf.5.xml:331 sssd.conf.5.xml:3625 msgid "%3$s" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:334 sssd.conf.5.xml:3627 +#: sssd.conf.5.xml:334 sssd.conf.5.xml:3628 msgid "" "domain flat name. Mostly usable for Active Directory domains, both directly " "configured or discovered via IPA trusts." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:315 sssd.conf.5.xml:3608 +#: sssd.conf.5.xml:315 sssd.conf.5.xml:3609 msgid "" "The following expansions are supported: <placeholder type=\"variablelist\" " "id=\"0\"/>" @@ -900,7 +900,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:700 sssd.conf.5.xml:1790 sssd.conf.5.xml:4194 +#: sssd.conf.5.xml:700 sssd.conf.5.xml:1791 sssd.conf.5.xml:4240 #: sssd-ad.5.xml:187 sssd-ad.5.xml:327 sssd-ad.5.xml:341 msgid "Default: Not set" msgstr "" @@ -949,11 +949,11 @@ msgstr "re_expression (tekst)" #: sssd.conf.5.xml:744 msgid "" "Enable or disable the user verification (i.e. PIN, fingerprint) during " -"authentication." +"authentication. If enabled, the PIN will always be requested." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:749 +#: sssd.conf.5.xml:750 msgid "" "The default is that the key settings decide what to do. In the IPA or " "kerberos pre-authentication case, this value will be overwritten by the " @@ -980,12 +980,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:768 +#: sssd.conf.5.xml:769 msgid "SERVICES SECTIONS" msgstr "SERVICES SECTIE" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:770 +#: sssd.conf.5.xml:771 msgid "" "Settings that can be used to configure different services are described in " "this section. They should reside in the [<replaceable>$NAME</replaceable>] " @@ -994,22 +994,22 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:777 +#: sssd.conf.5.xml:778 msgid "General service configuration options" msgstr "Algemene service configuratie-opties" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:779 +#: sssd.conf.5.xml:780 msgid "These options can be used to configure any service." msgstr "Deze opties kunnen gebruikt worden om services te configureren." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:796 +#: sssd.conf.5.xml:797 msgid "fd_limit" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:799 +#: sssd.conf.5.xml:800 msgid "" "This option specifies the maximum number of file descriptors that may be " "opened at one time by this SSSD process. On systems where SSSD is granted " @@ -1019,17 +1019,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:808 +#: sssd.conf.5.xml:809 msgid "Default: 8192 (or limits.conf \"hard\" limit)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:813 +#: sssd.conf.5.xml:814 msgid "client_idle_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:816 +#: sssd.conf.5.xml:817 msgid "" "This option specifies the number of seconds that a client of an SSSD process " "can hold onto a file descriptor without communicating on it. This value is " @@ -1039,19 +1039,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:825 +#: sssd.conf.5.xml:826 #, fuzzy #| msgid "Default: 3" msgid "Default: 60, KCM: 300" msgstr "Standaard: 3" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:830 +#: sssd.conf.5.xml:831 msgid "offline_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:833 +#: sssd.conf.5.xml:834 msgid "" "When SSSD switches to offline mode the amount of time before it tries to go " "back online will increase based upon the time spent disconnected. By " @@ -1062,14 +1062,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:844 sssd.conf.5.xml:900 +#: sssd.conf.5.xml:845 sssd.conf.5.xml:901 msgid "" "new_delay = Minimum(old_delay * 2, offline_timeout_max) + random[0..." "offline_timeout_random_offset]" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:847 +#: sssd.conf.5.xml:848 msgid "" "The offline_timeout default value is 60. The offline_timeout_max default " "value is 3600. The offline_timeout_random_offset default value is 30. The " @@ -1077,46 +1077,46 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:853 +#: sssd.conf.5.xml:854 msgid "" "Note that the maximum length of each interval is defined by " "offline_timeout_max (apart of random part)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:857 sssd.conf.5.xml:1200 sssd.conf.5.xml:1583 -#: sssd.conf.5.xml:1879 sssd-ldap.5.xml:494 +#: sssd.conf.5.xml:858 sssd.conf.5.xml:1201 sssd.conf.5.xml:1584 +#: sssd.conf.5.xml:1880 sssd-ldap.5.xml:494 msgid "Default: 60" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:862 +#: sssd.conf.5.xml:863 #, fuzzy #| msgid "enum_cache_timeout (integer)" msgid "offline_timeout_max (integer)" msgstr "enum_cache_timeout (numeriek)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:865 +#: sssd.conf.5.xml:866 msgid "" "Controls by how much the time between attempts to go online can be " "incremented following unsuccessful attempts to go online." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:870 +#: sssd.conf.5.xml:871 msgid "A value of 0 disables the incrementing behaviour." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:873 +#: sssd.conf.5.xml:874 msgid "" "The value of this parameter should be set in correlation to offline_timeout " "parameter value." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:877 +#: sssd.conf.5.xml:878 msgid "" "With offline_timeout set to 60 (default value) there is no point in setting " "offlinet_timeout_max to less than 120 as it will saturate instantly. General " @@ -1125,62 +1125,62 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:883 +#: sssd.conf.5.xml:884 msgid "" "Although a value between 0 and offline_timeout may be specified, it has the " "effect of overriding the offline_timeout value so is of little use." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:888 +#: sssd.conf.5.xml:889 #, fuzzy #| msgid "Default: 3" msgid "Default: 3600" msgstr "Standaard: 3" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:893 +#: sssd.conf.5.xml:894 msgid "offline_timeout_random_offset (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:896 +#: sssd.conf.5.xml:897 msgid "" "When SSSD is in offline mode it keeps probing backend servers in specified " "time intervals:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:903 +#: sssd.conf.5.xml:904 msgid "" "This parameter controls the value of the random offset used for the above " "equation. Final random_offset value will be random number in range:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:908 +#: sssd.conf.5.xml:909 msgid "[0 - offline_timeout_random_offset]" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:911 +#: sssd.conf.5.xml:912 msgid "A value of 0 disables the random offset addition." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:914 +#: sssd.conf.5.xml:915 #, fuzzy #| msgid "Default: 3" msgid "Default: 30" msgstr "Standaard: 3" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:919 +#: sssd.conf.5.xml:920 msgid "responder_idle_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:922 +#: sssd.conf.5.xml:923 msgid "" "This option specifies the number of seconds that an SSSD responder process " "can be up without being used. This value is limited in order to avoid " @@ -1192,30 +1192,30 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:936 sssd.conf.5.xml:1213 sssd.conf.5.xml:2321 +#: sssd.conf.5.xml:937 sssd.conf.5.xml:1214 sssd.conf.5.xml:2322 #: sssd-ldap.5.xml:331 msgid "Default: 300" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:941 +#: sssd.conf.5.xml:942 msgid "cache_first" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:944 +#: sssd.conf.5.xml:945 msgid "" "This option specifies whether the responder should query all caches before " "querying the Data Providers." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:959 +#: sssd.conf.5.xml:960 msgid "NSS configuration options" msgstr "NSS configuratie-opties" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:961 +#: sssd.conf.5.xml:962 msgid "" "These options can be used to configure the Name Service Switch (NSS) service." msgstr "" @@ -1223,12 +1223,12 @@ msgstr "" "configurere." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:966 +#: sssd.conf.5.xml:967 msgid "enum_cache_timeout (integer)" msgstr "enum_cache_timeout (numeriek)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:969 +#: sssd.conf.5.xml:970 msgid "" "How many seconds should nss_sss cache enumerations (requests for info about " "all users)" @@ -1237,17 +1237,17 @@ msgstr "" "over alle gebruikers)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:973 +#: sssd.conf.5.xml:974 msgid "Default: 120" msgstr "Standaard: 120" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:978 +#: sssd.conf.5.xml:979 msgid "entry_cache_nowait_percentage (integer)" msgstr "entry_cache_nowait_percentage (numeriek)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:981 +#: sssd.conf.5.xml:982 msgid "" "The entry cache can be set to automatically update entries in the background " "if they are requested beyond a percentage of the entry_cache_timeout value " @@ -1255,7 +1255,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:987 +#: sssd.conf.5.xml:988 msgid "" "For example, if the domain's entry_cache_timeout is set to 30s and " "entry_cache_nowait_percentage is set to 50 (percent), entries that come in " @@ -1265,7 +1265,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:997 +#: sssd.conf.5.xml:998 msgid "" "Valid values for this option are 0-99 and represent a percentage of the " "entry_cache_timeout for each domain. For performance reasons, this " @@ -1274,17 +1274,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1005 sssd.conf.5.xml:2121 +#: sssd.conf.5.xml:1006 sssd.conf.5.xml:2122 msgid "Default: 50" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1010 +#: sssd.conf.5.xml:1011 msgid "entry_negative_timeout (integer)" msgstr "entry_negative_timeout (numeriek)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1013 +#: sssd.conf.5.xml:1014 msgid "" "Specifies for how many seconds nss_sss should cache negative cache hits " "(that is, queries for invalid database entries, like nonexistent ones) " @@ -1292,17 +1292,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1019 sssd.conf.5.xml:1778 sssd.conf.5.xml:2145 +#: sssd.conf.5.xml:1020 sssd.conf.5.xml:1779 sssd.conf.5.xml:2146 msgid "Default: 15" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1024 +#: sssd.conf.5.xml:1025 msgid "local_negative_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1027 +#: sssd.conf.5.xml:1028 msgid "" "Specifies for how many seconds nss_sss should keep local users and groups in " "negative cache before trying to look it up in the back end again. Setting " @@ -1310,17 +1310,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1033 +#: sssd.conf.5.xml:1034 msgid "Default: 14400 (4 hours)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1038 +#: sssd.conf.5.xml:1039 msgid "filter_users, filter_groups (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1041 +#: sssd.conf.5.xml:1042 msgid "" "Exclude certain users or groups from being fetched from the sss NSS " "database. This is particularly useful for system accounts. This option can " @@ -1329,7 +1329,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1049 +#: sssd.conf.5.xml:1050 msgid "" "NOTE: The filter_groups option doesn't affect inheritance of nested group " "members, since filtering happens after they are propagated for returning via " @@ -1338,41 +1338,41 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1057 +#: sssd.conf.5.xml:1058 msgid "Default: root" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1062 +#: sssd.conf.5.xml:1063 msgid "filter_users_in_groups (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1065 +#: sssd.conf.5.xml:1066 msgid "" "If you want filtered user still be group members set this option to false." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1076 +#: sssd.conf.5.xml:1077 msgid "fallback_homedir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1079 +#: sssd.conf.5.xml:1080 msgid "" "Set a default template for a user's home directory if one is not specified " "explicitly by the domain's data provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1084 +#: sssd.conf.5.xml:1085 msgid "" "The available values for this option are the same as for override_homedir." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1090 +#: sssd.conf.5.xml:1091 #, no-wrap msgid "" "fallback_homedir = /home/%u\n" @@ -1380,23 +1380,23 @@ msgid "" msgstr "" #. type: Content of: <varlistentry><listitem><para> -#: sssd.conf.5.xml:1088 sssd.conf.5.xml:1650 sssd.conf.5.xml:1669 -#: sssd.conf.5.xml:1746 sssd-krb5.5.xml:451 include/override_homedir.xml:66 +#: sssd.conf.5.xml:1089 sssd.conf.5.xml:1651 sssd.conf.5.xml:1670 +#: sssd.conf.5.xml:1747 sssd-krb5.5.xml:451 include/override_homedir.xml:66 msgid "example: <placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1094 +#: sssd.conf.5.xml:1095 msgid "Default: not set (no substitution for unset home directories)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1100 +#: sssd.conf.5.xml:1101 msgid "override_shell (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1103 +#: sssd.conf.5.xml:1104 msgid "" "Override the login shell for all users. This option supersedes any other " "shell options if it takes effect and can be set either in the [nss] section " @@ -1404,47 +1404,47 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1109 +#: sssd.conf.5.xml:1110 msgid "Default: not set (SSSD will use the value retrieved from LDAP)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1115 +#: sssd.conf.5.xml:1116 msgid "allowed_shells (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1118 +#: sssd.conf.5.xml:1119 msgid "" "Restrict user shell to one of the listed values. The order of evaluation is:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1121 +#: sssd.conf.5.xml:1122 msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1125 +#: sssd.conf.5.xml:1126 msgid "" "2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</" "quote>, use the value of the shell_fallback parameter." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1130 +#: sssd.conf.5.xml:1131 msgid "" "3. If the shell is not in the allowed_shells list and not in <quote>/etc/" "shells</quote>, a nologin shell is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1135 +#: sssd.conf.5.xml:1136 msgid "The wildcard (*) can be used to allow any shell." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1138 +#: sssd.conf.5.xml:1139 msgid "" "The (*) is useful if you want to use shell_fallback in case that user's " "shell is not in <quote>/etc/shells</quote> and maintaining list of all " @@ -1452,117 +1452,117 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1145 +#: sssd.conf.5.xml:1146 msgid "An empty string for shell is passed as-is to libc." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1148 +#: sssd.conf.5.xml:1149 msgid "" "The <quote>/etc/shells</quote> is only read on SSSD start up, which means " "that a restart of the SSSD is required in case a new shell is installed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1152 +#: sssd.conf.5.xml:1153 msgid "Default: Not set. The user shell is automatically used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1157 +#: sssd.conf.5.xml:1158 msgid "vetoed_shells (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1160 +#: sssd.conf.5.xml:1161 msgid "Replace any instance of these shells with the shell_fallback" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1165 +#: sssd.conf.5.xml:1166 msgid "shell_fallback (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1168 +#: sssd.conf.5.xml:1169 msgid "" "The default shell to use if an allowed shell is not installed on the machine." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1172 +#: sssd.conf.5.xml:1173 msgid "Default: /bin/sh" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1177 +#: sssd.conf.5.xml:1178 msgid "default_shell" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1180 +#: sssd.conf.5.xml:1181 msgid "" "The default shell to use if the provider does not return one during lookup. " "This option can be specified globally in the [nss] section or per-domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1186 +#: sssd.conf.5.xml:1187 msgid "" "Default: not set (Return NULL if no shell is specified and rely on libc to " "substitute something sensible when necessary, usually /bin/sh)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1193 sssd.conf.5.xml:1576 +#: sssd.conf.5.xml:1194 sssd.conf.5.xml:1577 msgid "get_domains_timeout (int)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1196 sssd.conf.5.xml:1579 +#: sssd.conf.5.xml:1197 sssd.conf.5.xml:1580 msgid "" "Specifies time in seconds for which the list of subdomains will be " "considered valid." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1205 +#: sssd.conf.5.xml:1206 #, fuzzy #| msgid "enum_cache_timeout (integer)" msgid "memcache_timeout (integer)" msgstr "enum_cache_timeout (numeriek)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1208 +#: sssd.conf.5.xml:1209 msgid "" "Specifies time in seconds for which records in the in-memory cache will be " "valid. Setting this option to zero will disable the in-memory cache." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1216 +#: sssd.conf.5.xml:1217 msgid "" "WARNING: Disabling the in-memory cache will have significant negative impact " "on SSSD's performance and should only be used for testing." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1222 sssd.conf.5.xml:1247 sssd.conf.5.xml:1272 -#: sssd.conf.5.xml:1297 sssd.conf.5.xml:1324 +#: sssd.conf.5.xml:1223 sssd.conf.5.xml:1248 sssd.conf.5.xml:1273 +#: sssd.conf.5.xml:1298 sssd.conf.5.xml:1325 msgid "" "NOTE: If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", " "client applications will not use the fast in-memory cache." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1230 +#: sssd.conf.5.xml:1231 #, fuzzy #| msgid "enum_cache_timeout (integer)" msgid "memcache_size_passwd (integer)" msgstr "enum_cache_timeout (numeriek)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1233 +#: sssd.conf.5.xml:1234 msgid "" "Size (in megabytes) of the data table allocated inside fast in-memory cache " "for passwd requests. Setting the size to 0 will disable the passwd in-" @@ -1570,27 +1570,27 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1239 sssd.conf.5.xml:2963 sssd-ldap.5.xml:548 +#: sssd.conf.5.xml:1240 sssd.conf.5.xml:2964 sssd-ldap.5.xml:548 msgid "Default: 8" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1242 sssd.conf.5.xml:1267 sssd.conf.5.xml:1292 -#: sssd.conf.5.xml:1319 +#: sssd.conf.5.xml:1243 sssd.conf.5.xml:1268 sssd.conf.5.xml:1293 +#: sssd.conf.5.xml:1320 msgid "" "WARNING: Disabled or too small in-memory cache can have significant negative " "impact on SSSD's performance." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1255 +#: sssd.conf.5.xml:1256 #, fuzzy #| msgid "enum_cache_timeout (integer)" msgid "memcache_size_group (integer)" msgstr "enum_cache_timeout (numeriek)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1258 +#: sssd.conf.5.xml:1259 msgid "" "Size (in megabytes) of the data table allocated inside fast in-memory cache " "for group requests. Setting the size to 0 will disable the group in-memory " @@ -1598,21 +1598,21 @@ msgid "" msgstr "" #. type: Content of: <variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1264 sssd.conf.5.xml:1316 sssd.conf.5.xml:3729 +#: sssd.conf.5.xml:1265 sssd.conf.5.xml:1317 sssd.conf.5.xml:3730 #: sssd-ldap.5.xml:473 sssd-ldap.5.xml:525 include/failover.xml:116 #: include/krb5_options.xml:11 msgid "Default: 6" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1280 +#: sssd.conf.5.xml:1281 #, fuzzy #| msgid "enum_cache_timeout (integer)" msgid "memcache_size_initgroups (integer)" msgstr "enum_cache_timeout (numeriek)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1283 +#: sssd.conf.5.xml:1284 msgid "" "Size (in megabytes) of the data table allocated inside fast in-memory cache " "for initgroups requests. Setting the size to 0 will disable the initgroups " @@ -1620,14 +1620,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1305 +#: sssd.conf.5.xml:1306 #, fuzzy #| msgid "enum_cache_timeout (integer)" msgid "memcache_size_sid (integer)" msgstr "enum_cache_timeout (numeriek)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1308 +#: sssd.conf.5.xml:1309 msgid "" "Size (in megabytes) of the data table allocated inside fast in-memory cache " "for SID related requests. Only SID-by-ID and ID-by-SID requests are " @@ -1636,12 +1636,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1332 sssd-ifp.5.xml:90 +#: sssd.conf.5.xml:1333 sssd-ifp.5.xml:90 msgid "user_attributes (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1335 +#: sssd.conf.5.xml:1336 msgid "" "Some of the additional NSS responder requests can return more attributes " "than just the POSIX ones defined by the NSS interface. The list of " @@ -1652,45 +1652,45 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1348 +#: sssd.conf.5.xml:1349 msgid "" "To make configuration more easy the NSS responder will check the InfoPipe " "option if it is not set for the NSS responder." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1353 +#: sssd.conf.5.xml:1354 msgid "Default: not set, fallback to InfoPipe option" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1358 +#: sssd.conf.5.xml:1359 msgid "pwfield (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1361 +#: sssd.conf.5.xml:1362 msgid "" "The value that NSS operations that return users or groups will return for " "the <quote>password</quote> field." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1366 +#: sssd.conf.5.xml:1367 #, fuzzy #| msgid "Default: <quote>%1$s@%2$s</quote>." msgid "Default: <quote>*</quote>" msgstr "Standaard: <quote>%1$s@%2$s</quote>." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1369 +#: sssd.conf.5.xml:1370 msgid "" "Note: This option can also be set per-domain which overwrites the value in " "[nss] section." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1373 +#: sssd.conf.5.xml:1374 msgid "" "Default: <quote>not set</quote> (remote domains), <phrase " "condition=\"with_files_provider\"> <quote>x</quote> (the files domain), </" @@ -1699,60 +1699,60 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:1385 +#: sssd.conf.5.xml:1386 msgid "PAM configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:1387 +#: sssd.conf.5.xml:1388 msgid "" "These options can be used to configure the Pluggable Authentication Module " "(PAM) service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1392 +#: sssd.conf.5.xml:1393 msgid "offline_credentials_expiration (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1395 +#: sssd.conf.5.xml:1396 msgid "" "If the authentication provider is offline, how long should we allow cached " "logins (in days since the last successful online login)." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1400 sssd.conf.5.xml:1413 +#: sssd.conf.5.xml:1401 sssd.conf.5.xml:1414 msgid "Default: 0 (No limit)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1406 +#: sssd.conf.5.xml:1407 msgid "offline_failed_login_attempts (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1409 +#: sssd.conf.5.xml:1410 msgid "" "If the authentication provider is offline, how many failed login attempts " "are allowed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1419 +#: sssd.conf.5.xml:1420 msgid "offline_failed_login_delay (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1422 +#: sssd.conf.5.xml:1423 msgid "" "The time in minutes which has to pass after offline_failed_login_attempts " "has been reached before a new login attempt is possible." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1427 +#: sssd.conf.5.xml:1428 msgid "" "If set to 0 the user cannot authenticate offline if " "offline_failed_login_attempts has been reached. Only a successful online " @@ -1760,61 +1760,61 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1433 sssd.conf.5.xml:1543 +#: sssd.conf.5.xml:1434 sssd.conf.5.xml:1544 msgid "Default: 5" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1439 +#: sssd.conf.5.xml:1440 msgid "pam_verbosity (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1442 +#: sssd.conf.5.xml:1443 msgid "" "Controls what kind of messages are shown to the user during authentication. " "The higher the number to more messages are displayed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1447 +#: sssd.conf.5.xml:1448 msgid "Currently sssd supports the following values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1450 +#: sssd.conf.5.xml:1451 msgid "<emphasis>0</emphasis>: do not show any message" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1453 +#: sssd.conf.5.xml:1454 msgid "<emphasis>1</emphasis>: show only important messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1457 +#: sssd.conf.5.xml:1458 msgid "<emphasis>2</emphasis>: show informational messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1460 +#: sssd.conf.5.xml:1461 msgid "<emphasis>3</emphasis>: show all messages and debug information" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1464 sssd.8.xml:63 +#: sssd.conf.5.xml:1465 sssd.8.xml:63 msgid "Default: 1" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1470 +#: sssd.conf.5.xml:1471 #, fuzzy #| msgid "re_expression (string)" msgid "pam_response_filter (string)" msgstr "re_expression (tekst)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1473 +#: sssd.conf.5.xml:1474 msgid "" "A comma separated list of strings which allows to remove (filter) data sent " "by the PAM responder to pam_sss PAM module. There are different kind of " @@ -1823,51 +1823,51 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1481 +#: sssd.conf.5.xml:1482 msgid "" "While messages already can be controlled with the help of the pam_verbosity " "option this option allows to filter out other kind of responses as well." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1488 +#: sssd.conf.5.xml:1489 msgid "ENV" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1489 +#: sssd.conf.5.xml:1490 msgid "Do not send any environment variables to any service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1492 +#: sssd.conf.5.xml:1493 msgid "ENV:var_name" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1493 +#: sssd.conf.5.xml:1494 msgid "Do not send environment variable var_name to any service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1497 +#: sssd.conf.5.xml:1498 msgid "ENV:var_name:service" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1498 +#: sssd.conf.5.xml:1499 msgid "Do not send environment variable var_name to service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1486 +#: sssd.conf.5.xml:1487 msgid "" "Currently the following filters are supported: <placeholder " "type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1505 +#: sssd.conf.5.xml:1506 msgid "" "The list of strings can either be the list of filters which would set this " "list of filters and overwrite the defaults. Or each element of the list can " @@ -1878,23 +1878,23 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1516 +#: sssd.conf.5.xml:1517 msgid "Default: ENV:KRB5CCNAME:sudo, ENV:KRB5CCNAME:sudo-i" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1519 +#: sssd.conf.5.xml:1520 msgid "" "Example: -ENV:KRB5CCNAME:sudo-i will remove the filter from the default list" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1526 +#: sssd.conf.5.xml:1527 msgid "pam_id_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1529 +#: sssd.conf.5.xml:1530 msgid "" "For any PAM request while SSSD is online, the SSSD will attempt to " "immediately update the cached identity information for the user in order to " @@ -1902,7 +1902,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1535 +#: sssd.conf.5.xml:1536 msgid "" "A complete PAM conversation may perform multiple PAM requests, such as " "account management and session opening. This option controls (on a per-" @@ -1911,17 +1911,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1549 +#: sssd.conf.5.xml:1550 msgid "pam_pwd_expiration_warning (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1552 sssd.conf.5.xml:2987 +#: sssd.conf.5.xml:1553 sssd.conf.5.xml:2988 msgid "Display a warning N days before the password expires." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1555 +#: sssd.conf.5.xml:1556 msgid "" "Please note that the backend server has to provide information about the " "expiration time of the password. If this information is missing, sssd " @@ -1929,31 +1929,31 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1561 sssd.conf.5.xml:2990 +#: sssd.conf.5.xml:1562 sssd.conf.5.xml:2991 msgid "" "If zero is set, then this filter is not applied, i.e. if the expiration " "warning was received from backend server, it will automatically be displayed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1566 +#: sssd.conf.5.xml:1567 msgid "" "This setting can be overridden by setting <emphasis>pwd_expiration_warning</" "emphasis> for a particular domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1571 sssd.conf.5.xml:3976 sssd-ldap.5.xml:606 sssd.8.xml:79 +#: sssd.conf.5.xml:1572 sssd.conf.5.xml:3977 sssd-ldap.5.xml:606 sssd.8.xml:79 msgid "Default: 0" msgstr "Standaard: 0" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1588 +#: sssd.conf.5.xml:1589 msgid "pam_trusted_users (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1591 +#: sssd.conf.5.xml:1592 msgid "" "Specifies the comma-separated list of UID values or user names that are " "allowed to run PAM conversations against trusted domains. Users not " @@ -1963,75 +1963,75 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1601 +#: sssd.conf.5.xml:1602 msgid "Default: All users are considered trusted by default" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1605 +#: sssd.conf.5.xml:1606 msgid "" "Please note that UID 0 is always allowed to access the PAM responder even in " "case it is not in the pam_trusted_users list." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1612 +#: sssd.conf.5.xml:1613 msgid "pam_public_domains (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1615 +#: sssd.conf.5.xml:1616 msgid "" "Specifies the comma-separated list of domain names that are accessible even " "to untrusted users." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1619 +#: sssd.conf.5.xml:1620 msgid "Two special values for pam_public_domains option are defined:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1623 +#: sssd.conf.5.xml:1624 msgid "" "all (Untrusted users are allowed to access all domains in PAM responder.)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1627 +#: sssd.conf.5.xml:1628 msgid "" "none (Untrusted users are not allowed to access any domains PAM in " "responder.)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1631 sssd.conf.5.xml:1656 sssd.conf.5.xml:1675 -#: sssd.conf.5.xml:1912 sssd.conf.5.xml:2732 sssd.conf.5.xml:3905 +#: sssd.conf.5.xml:1632 sssd.conf.5.xml:1657 sssd.conf.5.xml:1676 +#: sssd.conf.5.xml:1913 sssd.conf.5.xml:2733 sssd.conf.5.xml:3906 #: sssd-ldap.5.xml:1207 msgid "Default: none" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1636 +#: sssd.conf.5.xml:1637 msgid "pam_account_expired_message (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1639 +#: sssd.conf.5.xml:1640 msgid "" "Allows a custom expiration message to be set, replacing the default " "'Permission denied' message." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1644 +#: sssd.conf.5.xml:1645 msgid "" "Note: Please be aware that message is only printed for the SSH service " "unless pam_verbosity is set to 3 (show all messages and debug information)." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1652 +#: sssd.conf.5.xml:1653 #, no-wrap msgid "" "pam_account_expired_message = Account expired, please contact help desk.\n" @@ -2039,19 +2039,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1661 +#: sssd.conf.5.xml:1662 msgid "pam_account_locked_message (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1664 +#: sssd.conf.5.xml:1665 msgid "" "Allows a custom lockout message to be set, replacing the default 'Permission " "denied' message." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1671 +#: sssd.conf.5.xml:1672 #, no-wrap msgid "" "pam_account_locked_message = Account locked, please contact help desk.\n" @@ -2059,17 +2059,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1680 +#: sssd.conf.5.xml:1681 msgid "pam_passkey_auth (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1683 +#: sssd.conf.5.xml:1684 msgid "Enable passkey device based authentication." msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1686 sssd.conf.5.xml:1697 sssd.conf.5.xml:1711 +#: sssd.conf.5.xml:1687 sssd.conf.5.xml:1698 sssd.conf.5.xml:1712 #: sssd-ldap.5.xml:671 sssd-ldap.5.xml:692 sssd-ldap.5.xml:788 #: sssd-ldap.5.xml:1293 sssd-ad.5.xml:505 sssd-ad.5.xml:581 sssd-ad.5.xml:1126 #: sssd-ad.5.xml:1175 include/ldap_id_mapping.xml:250 @@ -2077,22 +2077,22 @@ msgid "Default: False" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1691 +#: sssd.conf.5.xml:1692 msgid "passkey_debug_libfido2 (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1694 +#: sssd.conf.5.xml:1695 msgid "Enable libfido2 library debug messages." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1702 +#: sssd.conf.5.xml:1703 msgid "pam_cert_auth (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1705 +#: sssd.conf.5.xml:1706 msgid "" "Enable certificate based Smartcard authentication. Since this requires " "additional communication with the Smartcard which will delay the " @@ -2100,36 +2100,36 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1716 +#: sssd.conf.5.xml:1717 msgid "pam_cert_db_path (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1719 +#: sssd.conf.5.xml:1720 msgid "The path to the certificate database." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1722 sssd.conf.5.xml:2247 sssd.conf.5.xml:4308 +#: sssd.conf.5.xml:1723 sssd.conf.5.xml:2248 sssd.conf.5.xml:4354 msgid "Default:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1724 sssd.conf.5.xml:2249 +#: sssd.conf.5.xml:1725 sssd.conf.5.xml:2250 msgid "" "/etc/sssd/pki/sssd_auth_ca_db.pem (path to a file with trusted CA " "certificates in PEM format)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1734 +#: sssd.conf.5.xml:1735 #, fuzzy #| msgid "re_expression (string)" msgid "pam_cert_verification (string)" msgstr "re_expression (tekst)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1737 +#: sssd.conf.5.xml:1738 msgid "" "With this parameter the PAM certificate verification can be tuned with a " "comma separated list of options that override the " @@ -2139,7 +2139,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1748 +#: sssd.conf.5.xml:1749 #, no-wrap msgid "" "pam_cert_verification = partial_chain\n" @@ -2147,61 +2147,61 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1752 +#: sssd.conf.5.xml:1753 msgid "" "Default: not set, i.e. use default <quote>certificate_verification</quote> " "option defined in <quote>[sssd]</quote> section." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1759 +#: sssd.conf.5.xml:1760 msgid "p11_child_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1762 +#: sssd.conf.5.xml:1763 msgid "How many seconds will pam_sss wait for p11_child to finish." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1771 +#: sssd.conf.5.xml:1772 #, fuzzy #| msgid "enum_cache_timeout (integer)" msgid "passkey_child_timeout (integer)" msgstr "enum_cache_timeout (numeriek)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1774 +#: sssd.conf.5.xml:1775 msgid "" "How many seconds will the PAM responder wait for passkey_child to finish." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1783 +#: sssd.conf.5.xml:1784 msgid "pam_app_services (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1786 +#: sssd.conf.5.xml:1787 msgid "" "Which PAM services are permitted to contact domains of type " "<quote>application</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1795 +#: sssd.conf.5.xml:1796 msgid "pam_p11_allowed_services (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1798 +#: sssd.conf.5.xml:1799 msgid "" "A comma-separated list of PAM service names for which it will be allowed to " "use Smartcards." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1813 +#: sssd.conf.5.xml:1814 #, no-wrap msgid "" "pam_p11_allowed_services = +my_pam_service, -login\n" @@ -2209,7 +2209,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1802 +#: sssd.conf.5.xml:1803 msgid "" "It is possible to add another PAM service name to the default set by using " "<quote>+service_name</quote> or to explicitly remove a PAM service name from " @@ -2221,63 +2221,63 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1817 sssd-ad.5.xml:644 sssd-ad.5.xml:753 sssd-ad.5.xml:811 +#: sssd.conf.5.xml:1818 sssd-ad.5.xml:644 sssd-ad.5.xml:753 sssd-ad.5.xml:811 #: sssd-ad.5.xml:869 sssd-ad.5.xml:947 msgid "Default: the default set of PAM service names includes:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1822 sssd-ad.5.xml:648 +#: sssd.conf.5.xml:1823 sssd-ad.5.xml:648 msgid "login" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1827 sssd-ad.5.xml:653 +#: sssd.conf.5.xml:1828 sssd-ad.5.xml:653 msgid "su" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1832 sssd-ad.5.xml:658 +#: sssd.conf.5.xml:1833 sssd-ad.5.xml:658 msgid "su-l" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1837 sssd-ad.5.xml:673 +#: sssd.conf.5.xml:1838 sssd-ad.5.xml:673 msgid "gdm-smartcard" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1842 sssd-ad.5.xml:668 +#: sssd.conf.5.xml:1843 sssd-ad.5.xml:668 msgid "gdm-password" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1847 sssd-ad.5.xml:678 +#: sssd.conf.5.xml:1848 sssd-ad.5.xml:678 msgid "kdm" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1852 sssd-ad.5.xml:956 +#: sssd.conf.5.xml:1853 sssd-ad.5.xml:956 msgid "sudo" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1857 sssd-ad.5.xml:961 +#: sssd.conf.5.xml:1858 sssd-ad.5.xml:961 msgid "sudo-i" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1862 +#: sssd.conf.5.xml:1863 msgid "gnome-screensaver" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1870 +#: sssd.conf.5.xml:1871 msgid "p11_wait_for_card_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1873 +#: sssd.conf.5.xml:1874 msgid "" "If Smartcard authentication is required how many extra seconds in addition " "to p11_child_timeout should the PAM responder wait until a Smartcard is " @@ -2285,12 +2285,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1884 +#: sssd.conf.5.xml:1885 msgid "p11_uri (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1887 +#: sssd.conf.5.xml:1888 msgid "" "PKCS#11 URI (see RFC-7512 for details) which can be used to restrict the " "selection of devices used for Smartcard authentication. By default SSSD's " @@ -2301,7 +2301,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1900 +#: sssd.conf.5.xml:1901 #, no-wrap msgid "" "p11_uri = pkcs11:slot-description=My%20Smartcard%20Reader\n" @@ -2309,7 +2309,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1904 +#: sssd.conf.5.xml:1905 #, no-wrap msgid "" "p11_uri = pkcs11:library-description=OpenSC%20smartcard%20framework;slot-id=2\n" @@ -2317,7 +2317,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1898 +#: sssd.conf.5.xml:1899 msgid "" "Example: <placeholder type=\"programlisting\" id=\"0\"/> or <placeholder " "type=\"programlisting\" id=\"1\"/> To find suitable URI please check the " @@ -2326,47 +2326,47 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1917 +#: sssd.conf.5.xml:1918 msgid "pam_initgroups_scheme" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1925 +#: sssd.conf.5.xml:1926 msgid "always" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1926 +#: sssd.conf.5.xml:1927 msgid "" "Always do an online lookup, please note that pam_id_timeout still applies" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1930 +#: sssd.conf.5.xml:1931 msgid "no_session" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1931 +#: sssd.conf.5.xml:1932 msgid "" "Only do an online lookup if there is no active session of the user, i.e. if " "the user is currently not logged in" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1936 +#: sssd.conf.5.xml:1937 msgid "never" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1937 +#: sssd.conf.5.xml:1938 msgid "" "Never force an online lookup, use the data from the cache as long as they " "are not expired" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1920 +#: sssd.conf.5.xml:1921 msgid "" "The PAM responder can force an online lookup to get the current group " "memberships of the user trying to log in. This option controls when this " @@ -2375,30 +2375,30 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1944 +#: sssd.conf.5.xml:1945 msgid "Default: no_session" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1949 sssd.conf.5.xml:4247 +#: sssd.conf.5.xml:1950 sssd.conf.5.xml:4293 msgid "pam_gssapi_services" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1952 +#: sssd.conf.5.xml:1953 msgid "" "Comma separated list of PAM services that are allowed to try GSSAPI " "authentication using pam_sss_gss.so module." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1957 +#: sssd.conf.5.xml:1958 msgid "" "To disable GSSAPI authentication, set this option to <quote>-</quote> (dash)." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1961 sssd.conf.5.xml:1992 sssd.conf.5.xml:2030 +#: sssd.conf.5.xml:1962 sssd.conf.5.xml:1993 sssd.conf.5.xml:2031 msgid "" "Note: This option can also be set per-domain which overwrites the value in " "[pam] section. It can also be set for trusted domain which overwrites the " @@ -2406,7 +2406,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1969 +#: sssd.conf.5.xml:1970 #, no-wrap msgid "" "pam_gssapi_services = sudo, sudo-i\n" @@ -2414,22 +2414,22 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1967 sssd.conf.5.xml:3899 +#: sssd.conf.5.xml:1968 sssd.conf.5.xml:3900 msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1973 +#: sssd.conf.5.xml:1974 msgid "Default: - (GSSAPI authentication is disabled)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1978 sssd.conf.5.xml:4248 +#: sssd.conf.5.xml:1979 sssd.conf.5.xml:4294 msgid "pam_gssapi_check_upn" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1981 +#: sssd.conf.5.xml:1982 msgid "" "If True, SSSD will require that the Kerberos user principal that " "successfully authenticated through GSSAPI can be associated with the user " @@ -2437,25 +2437,25 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1988 +#: sssd.conf.5.xml:1989 msgid "" "If False, every user that is able to obtained required service ticket will " "be authenticated." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1998 sssd-ad.5.xml:1266 sss_rpcidmapd.5.xml:76 +#: sssd.conf.5.xml:1999 sssd-ad.5.xml:1266 sss_rpcidmapd.5.xml:76 #: sssd-files.5.xml:145 msgid "Default: True" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2003 +#: sssd.conf.5.xml:2004 msgid "pam_gssapi_indicators_map" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2006 +#: sssd.conf.5.xml:2007 msgid "" "Comma separated list of authentication indicators required to be present in " "a Kerberos ticket to access a PAM service that is allowed to try GSSAPI " @@ -2463,7 +2463,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2012 +#: sssd.conf.5.xml:2013 msgid "" "Each element of the list can be either an authentication indicator name or a " "pair <quote>service:indicator</quote>. Indicators not prefixed with the PAM " @@ -2478,7 +2478,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2025 +#: sssd.conf.5.xml:2026 msgid "" "To disable GSSAPI authentication indicator check, set this option to <quote>-" "</quote> (dash). To disable the check for a specific PAM service, add " @@ -2486,45 +2486,45 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2036 +#: sssd.conf.5.xml:2037 msgid "" "Following authentication indicators are supported by IPA Kerberos " "deployments:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2039 +#: sssd.conf.5.xml:2040 msgid "" "pkinit -- pre-authentication using X.509 certificates -- whether stored in " "files or on smart cards." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2042 +#: sssd.conf.5.xml:2043 msgid "" "hardened -- SPAKE pre-authentication or any pre-authentication wrapped in a " "FAST channel." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2045 +#: sssd.conf.5.xml:2046 msgid "radius -- pre-authentication with the help of a RADIUS server." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2048 +#: sssd.conf.5.xml:2049 msgid "" "otp -- pre-authentication using integrated two-factor authentication (2FA or " "one-time password, OTP) in IPA." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2051 +#: sssd.conf.5.xml:2052 msgid "idp -- pre-authentication using external identity provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:2061 +#: sssd.conf.5.xml:2062 #, no-wrap msgid "" "pam_gssapi_indicators_map = sudo:pkinit, sudo-i:pkinit\n" @@ -2532,7 +2532,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2056 +#: sssd.conf.5.xml:2057 msgid "" "Example: to require access to SUDO services only for users which obtained " "their Kerberos tickets with a X.509 certificate pre-authentication (PKINIT), " @@ -2540,17 +2540,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2065 +#: sssd.conf.5.xml:2066 msgid "Default: not set (use of authentication indicators is not required)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:2073 +#: sssd.conf.5.xml:2074 msgid "SUDO configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2075 +#: sssd.conf.5.xml:2076 msgid "" "These options can be used to configure the sudo service. The detailed " "instructions for configuration of <citerefentry> <refentrytitle>sudo</" @@ -2561,24 +2561,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2092 +#: sssd.conf.5.xml:2093 msgid "sudo_timed (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2095 +#: sssd.conf.5.xml:2096 msgid "" "Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes " "that implement time-dependent sudoers entries." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2107 +#: sssd.conf.5.xml:2108 msgid "sudo_threshold (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2110 +#: sssd.conf.5.xml:2111 msgid "" "Maximum number of expired rules that can be refreshed at once. If number of " "expired rules is below threshold, those rules are refreshed with " @@ -2588,22 +2588,22 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:2129 +#: sssd.conf.5.xml:2130 msgid "AUTOFS configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2131 +#: sssd.conf.5.xml:2132 msgid "These options can be used to configure the autofs service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2135 +#: sssd.conf.5.xml:2136 msgid "autofs_negative_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2138 +#: sssd.conf.5.xml:2139 msgid "" "Specifies for how many seconds should the autofs responder negative cache " "hits (that is, queries for invalid map entries, like nonexistent ones) " @@ -2611,51 +2611,51 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:2154 +#: sssd.conf.5.xml:2155 msgid "SSH configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2156 +#: sssd.conf.5.xml:2157 msgid "These options can be used to configure the SSH service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2160 +#: sssd.conf.5.xml:2161 msgid "ssh_hash_known_hosts (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2163 +#: sssd.conf.5.xml:2164 msgid "" "Whether or not to hash host names and addresses in the managed known_hosts " "file." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2172 +#: sssd.conf.5.xml:2173 msgid "ssh_known_hosts_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2175 +#: sssd.conf.5.xml:2176 msgid "" "How many seconds to keep a host in the managed known_hosts file after its " "host keys were requested." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2179 +#: sssd.conf.5.xml:2180 msgid "Default: 180" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2184 +#: sssd.conf.5.xml:2185 msgid "ssh_use_certificate_keys (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2187 +#: sssd.conf.5.xml:2188 msgid "" "If set to true the <command>sss_ssh_authorizedkeys</command> will return ssh " "keys derived from the public key of X.509 certificates stored in the user " @@ -2664,12 +2664,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2202 +#: sssd.conf.5.xml:2203 msgid "ssh_use_certificate_matching_rules (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2205 +#: sssd.conf.5.xml:2206 msgid "" "By default the ssh responder will use all available certificate matching " "rules to filter the certificates so that ssh keys are only derived from the " @@ -2679,7 +2679,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2214 +#: sssd.conf.5.xml:2215 msgid "" "There are two special key words 'all_rules' and 'no_rules' which will enable " "all or no rules, respectively. The latter means that no certificates will be " @@ -2687,7 +2687,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2221 +#: sssd.conf.5.xml:2222 msgid "" "If no rules are configured using 'all_rules' will enable a default rule " "which enables all certificates suitable for client authentication. This is " @@ -2696,38 +2696,38 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2228 +#: sssd.conf.5.xml:2229 msgid "" "A non-existing rule name is considered an error. If as a result no rule is " "selected all certificates will be ignored." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2233 +#: sssd.conf.5.xml:2234 msgid "" "Default: not set, equivalent to 'all_rules', all found rules or the default " "rule are used" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2239 +#: sssd.conf.5.xml:2240 msgid "ca_db (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2242 +#: sssd.conf.5.xml:2243 msgid "" "Path to a storage of trusted CA certificates. The option is used to validate " "user certificates before deriving public ssh keys from them." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:2262 +#: sssd.conf.5.xml:2263 msgid "PAC responder configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2264 +#: sssd.conf.5.xml:2265 msgid "" "The PAC responder works together with the authorization data plugin for MIT " "Kerberos sssd_pac_plugin.so and a sub-domain provider. The plugin sends the " @@ -2738,7 +2738,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2273 +#: sssd.conf.5.xml:2274 msgid "" "If the remote user does not exist in the cache, it is created. The UID is " "determined with the help of the SID, trusted domains will have UPGs and the " @@ -2749,24 +2749,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2281 +#: sssd.conf.5.xml:2282 msgid "" "If there are SIDs of groups from domains sssd knows about, the user will be " "added to those groups." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2287 +#: sssd.conf.5.xml:2288 msgid "These options can be used to configure the PAC responder." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2291 sssd-ifp.5.xml:66 +#: sssd.conf.5.xml:2292 sssd-ifp.5.xml:66 msgid "allowed_uids (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2294 +#: sssd.conf.5.xml:2295 msgid "" "Specifies the comma-separated list of UID values or user names that are " "allowed to access the PAC responder. User names are resolved to UIDs at " @@ -2774,12 +2774,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2300 +#: sssd.conf.5.xml:2301 msgid "Default: 0 (only the root user is allowed to access the PAC responder)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2304 +#: sssd.conf.5.xml:2305 msgid "" "Please note that although the UID 0 is used as the default it will be " "overwritten with this option. If you still want to allow the root user to " @@ -2788,26 +2788,26 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2313 +#: sssd.conf.5.xml:2314 msgid "pac_lifetime (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2316 +#: sssd.conf.5.xml:2317 msgid "" "Lifetime of the PAC entry in seconds. As long as the PAC is valid the PAC " "data can be used to determine the group memberships of a user." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2326 +#: sssd.conf.5.xml:2327 #, fuzzy #| msgid "re_expression (string)" msgid "pac_check (string)" msgstr "re_expression (tekst)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2329 +#: sssd.conf.5.xml:2330 msgid "" "Apply additional checks on the PAC of the Kerberos ticket which is available " "in Active Directory and FreeIPA domains, if configured. Please note that " @@ -2818,24 +2818,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2343 +#: sssd.conf.5.xml:2344 msgid "no_check" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2345 +#: sssd.conf.5.xml:2346 msgid "" "The PAC must not be present and even if it is present no additional checks " "will be done." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2351 +#: sssd.conf.5.xml:2352 msgid "pac_present" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2353 +#: sssd.conf.5.xml:2354 msgid "" "The PAC must be present in the service ticket which SSSD will request with " "the help of the user's TGT. If the PAC is not available the authentication " @@ -2843,24 +2843,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2361 +#: sssd.conf.5.xml:2362 msgid "check_upn" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2363 +#: sssd.conf.5.xml:2364 msgid "" "If the PAC is present check if the user principal name (UPN) information is " "consistent." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2369 +#: sssd.conf.5.xml:2370 msgid "check_upn_allow_missing" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2371 +#: sssd.conf.5.xml:2372 msgid "" "This option should be used together with 'check_upn' and handles the case " "where a UPN is set on the server-side but is not read by SSSD. The typical " @@ -2872,7 +2872,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2383 +#: sssd.conf.5.xml:2384 msgid "" "Currently this option is set by default to avoid regressions in such " "environments. A log message will be added to the system log and SSSD's debug " @@ -2883,60 +2883,60 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2397 +#: sssd.conf.5.xml:2398 msgid "upn_dns_info_present" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2399 +#: sssd.conf.5.xml:2400 msgid "The PAC must contain the UPN-DNS-INFO buffer, implies 'check_upn'." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2404 +#: sssd.conf.5.xml:2405 msgid "check_upn_dns_info_ex" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2406 +#: sssd.conf.5.xml:2407 msgid "" "If the PAC is present and the extension to the UPN-DNS-INFO buffer is " "available check if the information in the extension is consistent." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2413 +#: sssd.conf.5.xml:2414 msgid "upn_dns_info_ex_present" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2415 +#: sssd.conf.5.xml:2416 msgid "" "The PAC must contain the extension of the UPN-DNS-INFO buffer, implies " "'check_upn_dns_info_ex', 'upn_dns_info_present' and 'check_upn'." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2339 +#: sssd.conf.5.xml:2340 msgid "" "The following options can be used alone or in a comma-separated list: " "<placeholder type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2425 +#: sssd.conf.5.xml:2426 msgid "" "Default: no_check (AD and IPA provider 'check_upn, check_upn_allow_missing, " "check_upn_dns_info_ex')" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:2434 +#: sssd.conf.5.xml:2435 msgid "Session recording configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2436 +#: sssd.conf.5.xml:2437 msgid "" "Session recording works in conjunction with <citerefentry> " "<refentrytitle>tlog-rec-session</refentrytitle> <manvolnum>8</manvolnum> </" @@ -2946,66 +2946,66 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2449 +#: sssd.conf.5.xml:2450 msgid "These options can be used to configure session recording." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2453 sssd-session-recording.5.xml:64 +#: sssd.conf.5.xml:2454 sssd-session-recording.5.xml:64 msgid "scope (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2460 sssd-session-recording.5.xml:71 +#: sssd.conf.5.xml:2461 sssd-session-recording.5.xml:71 msgid "\"none\"" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2463 sssd-session-recording.5.xml:74 +#: sssd.conf.5.xml:2464 sssd-session-recording.5.xml:74 msgid "No users are recorded." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2468 sssd-session-recording.5.xml:79 +#: sssd.conf.5.xml:2469 sssd-session-recording.5.xml:79 msgid "\"some\"" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2471 sssd-session-recording.5.xml:82 +#: sssd.conf.5.xml:2472 sssd-session-recording.5.xml:82 msgid "" "Users/groups specified by <replaceable>users</replaceable> and " "<replaceable>groups</replaceable> options are recorded." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2480 sssd-session-recording.5.xml:91 +#: sssd.conf.5.xml:2481 sssd-session-recording.5.xml:91 msgid "\"all\"" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2483 sssd-session-recording.5.xml:94 +#: sssd.conf.5.xml:2484 sssd-session-recording.5.xml:94 msgid "All users are recorded." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2456 sssd-session-recording.5.xml:67 +#: sssd.conf.5.xml:2457 sssd-session-recording.5.xml:67 msgid "" "One of the following strings specifying the scope of session recording: " "<placeholder type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2490 sssd-session-recording.5.xml:101 +#: sssd.conf.5.xml:2491 sssd-session-recording.5.xml:101 msgid "Default: \"none\"" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2495 sssd-session-recording.5.xml:106 +#: sssd.conf.5.xml:2496 sssd-session-recording.5.xml:106 msgid "users (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2498 sssd-session-recording.5.xml:109 +#: sssd.conf.5.xml:2499 sssd-session-recording.5.xml:109 msgid "" "A comma-separated list of users which should have session recording enabled. " "Matches user names as returned by NSS. I.e. after the possible space " @@ -3013,17 +3013,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2504 sssd-session-recording.5.xml:115 +#: sssd.conf.5.xml:2505 sssd-session-recording.5.xml:115 msgid "Default: Empty. Matches no users." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2509 sssd-session-recording.5.xml:120 +#: sssd.conf.5.xml:2510 sssd-session-recording.5.xml:120 msgid "groups (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2512 sssd-session-recording.5.xml:123 +#: sssd.conf.5.xml:2513 sssd-session-recording.5.xml:123 msgid "" "A comma-separated list of groups, members of which should have session " "recording enabled. Matches group names as returned by NSS. I.e. after the " @@ -3031,7 +3031,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2518 sssd.conf.5.xml:2550 sssd-session-recording.5.xml:129 +#: sssd.conf.5.xml:2519 sssd.conf.5.xml:2551 sssd-session-recording.5.xml:129 #: sssd-session-recording.5.xml:161 msgid "" "NOTE: using this option (having it set to anything) has a considerable " @@ -3040,58 +3040,58 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2525 sssd-session-recording.5.xml:136 +#: sssd.conf.5.xml:2526 sssd-session-recording.5.xml:136 msgid "Default: Empty. Matches no groups." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2530 sssd-session-recording.5.xml:141 +#: sssd.conf.5.xml:2531 sssd-session-recording.5.xml:141 #, fuzzy #| msgid "re_expression (string)" msgid "exclude_users (string)" msgstr "re_expression (tekst)" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2533 sssd-session-recording.5.xml:144 +#: sssd.conf.5.xml:2534 sssd-session-recording.5.xml:144 msgid "" "A comma-separated list of users to be excluded from recording, only " "applicable with 'scope=all'." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2537 sssd-session-recording.5.xml:148 +#: sssd.conf.5.xml:2538 sssd-session-recording.5.xml:148 msgid "Default: Empty. No users excluded." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2542 sssd-session-recording.5.xml:153 +#: sssd.conf.5.xml:2543 sssd-session-recording.5.xml:153 msgid "exclude_groups (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2545 sssd-session-recording.5.xml:156 +#: sssd.conf.5.xml:2546 sssd-session-recording.5.xml:156 msgid "" "A comma-separated list of groups, members of which should be excluded from " "recording. Only applicable with 'scope=all'." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2557 sssd-session-recording.5.xml:168 +#: sssd.conf.5.xml:2558 sssd-session-recording.5.xml:168 msgid "Default: Empty. No groups excluded." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:2567 +#: sssd.conf.5.xml:2568 msgid "DOMAIN SECTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2574 +#: sssd.conf.5.xml:2575 msgid "enabled" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2577 +#: sssd.conf.5.xml:2578 msgid "" "Explicitly enable or disable the domain. If <quote>true</quote>, the domain " "is always <quote>enabled</quote>. If <quote>false</quote>, the domain is " @@ -3101,12 +3101,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2589 +#: sssd.conf.5.xml:2590 msgid "domain_type (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2592 +#: sssd.conf.5.xml:2593 msgid "" "Specifies whether the domain is meant to be used by POSIX-aware clients such " "as the Name Service Switch or by applications that do not need POSIX data to " @@ -3115,14 +3115,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2600 +#: sssd.conf.5.xml:2601 msgid "" "Allowed values for this option are <quote>posix</quote> and " "<quote>application</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2604 +#: sssd.conf.5.xml:2605 msgid "" "POSIX domains are reachable by all services. Application domains are only " "reachable from the InfoPipe responder (see <citerefentry> " @@ -3131,38 +3131,38 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2612 +#: sssd.conf.5.xml:2613 msgid "" "NOTE: The application domains are currently well tested with " "<quote>id_provider=ldap</quote> only." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2616 +#: sssd.conf.5.xml:2617 msgid "" "For an easy way to configure a non-POSIX domains, please see the " "<quote>Application domains</quote> section." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2620 +#: sssd.conf.5.xml:2621 msgid "Default: posix" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2626 +#: sssd.conf.5.xml:2627 msgid "min_id,max_id (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2629 +#: sssd.conf.5.xml:2630 msgid "" "UID and GID limits for the domain. If a domain contains an entry that is " "outside these limits, it is ignored." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2634 +#: sssd.conf.5.xml:2635 msgid "" "For users, this affects the primary GID limit. The user will not be returned " "to NSS if either the UID or the primary GID is outside the range. For non-" @@ -3171,24 +3171,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2641 +#: sssd.conf.5.xml:2642 msgid "" "These ID limits affect even saving entries to cache, not only returning them " "by name or ID." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2645 +#: sssd.conf.5.xml:2646 msgid "Default: 1 for min_id, 0 (no limit) for max_id" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2651 +#: sssd.conf.5.xml:2652 msgid "enumerate (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2654 +#: sssd.conf.5.xml:2655 msgid "" "Determines if a domain can be enumerated, that is, whether the domain can " "list all the users and group it contains. Note that it is not required to " @@ -3197,29 +3197,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2662 +#: sssd.conf.5.xml:2663 msgid "TRUE = Users and groups are enumerated" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2665 +#: sssd.conf.5.xml:2666 msgid "FALSE = No enumerations for this domain" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2668 sssd.conf.5.xml:2942 sssd.conf.5.xml:3119 +#: sssd.conf.5.xml:2669 sssd.conf.5.xml:2943 sssd.conf.5.xml:3120 msgid "Default: FALSE" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2671 +#: sssd.conf.5.xml:2672 msgid "" "Enumerating a domain requires SSSD to download and store ALL user and group " "entries from the remote server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2676 +#: sssd.conf.5.xml:2677 msgid "" "Note: Enabling enumeration has a moderate performance impact on SSSD while " "enumeration is running. It may take up to several minutes after SSSD startup " @@ -3233,14 +3233,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2691 +#: sssd.conf.5.xml:2692 msgid "" "While the first enumeration is running, requests for the complete user or " "group lists may return no results until it completes." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2696 +#: sssd.conf.5.xml:2697 msgid "" "Further, enabling enumeration may increase the time necessary to detect " "network disconnection, as longer timeouts are required to ensure that " @@ -3249,39 +3249,39 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2704 +#: sssd.conf.5.xml:2705 msgid "" "For the reasons cited above, enabling enumeration is not recommended, " "especially in large environments." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2712 +#: sssd.conf.5.xml:2713 msgid "subdomain_enumerate (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2719 +#: sssd.conf.5.xml:2720 msgid "all" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2720 +#: sssd.conf.5.xml:2721 msgid "All discovered trusted domains will be enumerated" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2723 +#: sssd.conf.5.xml:2724 msgid "none" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2724 +#: sssd.conf.5.xml:2725 msgid "No discovered trusted domains will be enumerated" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2715 +#: sssd.conf.5.xml:2716 msgid "" "Whether any of autodetected trusted domains should be enumerated. The " "supported values are: <placeholder type=\"variablelist\" id=\"0\"/> " @@ -3290,19 +3290,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2738 +#: sssd.conf.5.xml:2739 msgid "entry_cache_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2741 +#: sssd.conf.5.xml:2742 msgid "" "How many seconds should nss_sss consider entries valid before asking the " "backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2745 +#: sssd.conf.5.xml:2746 msgid "" "The cache expiration timestamps are stored as attributes of individual " "objects in the cache. Therefore, changing the cache timeout only has effect " @@ -3313,139 +3313,139 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2758 +#: sssd.conf.5.xml:2759 msgid "Default: 5400" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2764 +#: sssd.conf.5.xml:2765 msgid "entry_cache_user_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2767 +#: sssd.conf.5.xml:2768 msgid "" "How many seconds should nss_sss consider user entries valid before asking " "the backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2771 sssd.conf.5.xml:2784 sssd.conf.5.xml:2797 -#: sssd.conf.5.xml:2810 sssd.conf.5.xml:2824 sssd.conf.5.xml:2837 -#: sssd.conf.5.xml:2851 sssd.conf.5.xml:2865 sssd.conf.5.xml:2878 +#: sssd.conf.5.xml:2772 sssd.conf.5.xml:2785 sssd.conf.5.xml:2798 +#: sssd.conf.5.xml:2811 sssd.conf.5.xml:2825 sssd.conf.5.xml:2838 +#: sssd.conf.5.xml:2852 sssd.conf.5.xml:2866 sssd.conf.5.xml:2879 msgid "Default: entry_cache_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2777 +#: sssd.conf.5.xml:2778 msgid "entry_cache_group_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2780 +#: sssd.conf.5.xml:2781 msgid "" "How many seconds should nss_sss consider group entries valid before asking " "the backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2790 +#: sssd.conf.5.xml:2791 msgid "entry_cache_netgroup_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2793 +#: sssd.conf.5.xml:2794 msgid "" "How many seconds should nss_sss consider netgroup entries valid before " "asking the backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2803 +#: sssd.conf.5.xml:2804 msgid "entry_cache_service_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2806 +#: sssd.conf.5.xml:2807 msgid "" "How many seconds should nss_sss consider service entries valid before asking " "the backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2816 +#: sssd.conf.5.xml:2817 msgid "entry_cache_resolver_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2819 +#: sssd.conf.5.xml:2820 msgid "" "How many seconds should nss_sss consider hosts and networks entries valid " "before asking the backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2830 +#: sssd.conf.5.xml:2831 msgid "entry_cache_sudo_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2833 +#: sssd.conf.5.xml:2834 msgid "" "How many seconds should sudo consider rules valid before asking the backend " "again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2843 +#: sssd.conf.5.xml:2844 msgid "entry_cache_autofs_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2846 +#: sssd.conf.5.xml:2847 msgid "" "How many seconds should the autofs service consider automounter maps valid " "before asking the backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2857 +#: sssd.conf.5.xml:2858 msgid "entry_cache_ssh_host_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2860 +#: sssd.conf.5.xml:2861 msgid "" "How many seconds to keep a host ssh key after refresh. IE how long to cache " "the host key for." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2871 +#: sssd.conf.5.xml:2872 msgid "entry_cache_computer_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2874 +#: sssd.conf.5.xml:2875 msgid "" "How many seconds to keep the local computer entry before asking the backend " "again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2884 +#: sssd.conf.5.xml:2885 msgid "refresh_expired_interval (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2887 +#: sssd.conf.5.xml:2888 msgid "" "Specifies how many seconds SSSD has to wait before triggering a background " "refresh task which will refresh all expired or nearly expired records." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2892 +#: sssd.conf.5.xml:2893 msgid "" "The background refresh will process users, groups and netgroups in the " "cache. For users who have performed the initgroups (get group membership for " @@ -3454,17 +3454,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2900 +#: sssd.conf.5.xml:2901 msgid "This option is automatically inherited for all trusted domains." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2904 +#: sssd.conf.5.xml:2905 msgid "You can consider setting this value to 3/4 * entry_cache_timeout." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2908 +#: sssd.conf.5.xml:2909 msgid "" "Cache entry will be refreshed by background task when 2/3 of cache timeout " "has already passed. If there are existing cached entries, the background " @@ -3476,23 +3476,23 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2921 sssd-ldap.5.xml:360 sssd-ldap.5.xml:1736 +#: sssd.conf.5.xml:2922 sssd-ldap.5.xml:360 sssd-ldap.5.xml:1736 #: sssd-ipa.5.xml:270 msgid "Default: 0 (disabled)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2927 +#: sssd.conf.5.xml:2928 msgid "cache_credentials (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2930 +#: sssd.conf.5.xml:2931 msgid "Determines if user credentials are also cached in the local LDB cache." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2934 +#: sssd.conf.5.xml:2935 msgid "" "Take a note that while credentials are stored as a salted SHA512 hash, this " "still potentially poses some security risk in case an attacker manages to " @@ -3501,12 +3501,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2948 +#: sssd.conf.5.xml:2949 msgid "cache_credentials_minimal_first_factor_length (int)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2951 +#: sssd.conf.5.xml:2952 msgid "" "If 2-Factor-Authentication (2FA) is used and credentials should be saved " "this value determines the minimal length the first authentication factor " @@ -3514,19 +3514,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2958 +#: sssd.conf.5.xml:2959 msgid "" "This should avoid that the short PINs of a PIN based 2FA scheme are saved in " "the cache which would make them easy targets for brute-force attacks." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2969 +#: sssd.conf.5.xml:2970 msgid "account_cache_expiration (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2972 +#: sssd.conf.5.xml:2973 msgid "" "Number of days entries are left in cache after last successful login before " "being removed during a cleanup of the cache. 0 means keep forever. The " @@ -3535,17 +3535,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2979 +#: sssd.conf.5.xml:2980 msgid "Default: 0 (unlimited)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2984 +#: sssd.conf.5.xml:2985 msgid "pwd_expiration_warning (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2995 +#: sssd.conf.5.xml:2996 msgid "" "Please note that the backend server has to provide information about the " "expiration time of the password. If this information is missing, sssd " @@ -3554,28 +3554,28 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3002 +#: sssd.conf.5.xml:3003 msgid "Default: 7 (Kerberos), 0 (LDAP)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3008 +#: sssd.conf.5.xml:3009 msgid "id_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3011 +#: sssd.conf.5.xml:3012 msgid "" "The identification provider used for the domain. Supported ID providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3015 +#: sssd.conf.5.xml:3016 msgid "<quote>proxy</quote>: Support a legacy NSS provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3018 +#: sssd.conf.5.xml:3019 msgid "" "<quote>files</quote>: FILES provider. See <citerefentry> <refentrytitle>sssd-" "files</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more " @@ -3583,7 +3583,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3026 +#: sssd.conf.5.xml:3027 msgid "" "<quote>ldap</quote>: LDAP provider. See <citerefentry> <refentrytitle>sssd-" "ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more " @@ -3591,8 +3591,8 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3034 sssd.conf.5.xml:3145 sssd.conf.5.xml:3196 -#: sssd.conf.5.xml:3259 +#: sssd.conf.5.xml:3035 sssd.conf.5.xml:3146 sssd.conf.5.xml:3197 +#: sssd.conf.5.xml:3260 msgid "" "<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management " "provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> " @@ -3601,8 +3601,8 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3043 sssd.conf.5.xml:3154 sssd.conf.5.xml:3205 -#: sssd.conf.5.xml:3268 +#: sssd.conf.5.xml:3044 sssd.conf.5.xml:3155 sssd.conf.5.xml:3206 +#: sssd.conf.5.xml:3269 msgid "" "<quote>ad</quote>: Active Directory provider. See <citerefentry> " "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3610,19 +3610,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3054 +#: sssd.conf.5.xml:3055 msgid "use_fully_qualified_names (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3057 +#: sssd.conf.5.xml:3058 msgid "" "Use the full name and domain (as formatted by the domain's full_name_format) " "as the user's login name reported to NSS." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3062 +#: sssd.conf.5.xml:3063 msgid "" "If set to TRUE, all requests to this domain must use fully qualified names. " "For example, if used in LOCAL domain that contains a \"test\" user, " @@ -3631,7 +3631,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3070 +#: sssd.conf.5.xml:3071 msgid "" "NOTE: This option has no effect on netgroup lookups due to their tendency to " "include nested netgroups without qualified names. For netgroups, all domains " @@ -3639,24 +3639,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3077 +#: sssd.conf.5.xml:3078 msgid "" "Default: FALSE (TRUE for trusted domain/sub-domains or if " "default_domain_suffix is used)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3084 +#: sssd.conf.5.xml:3085 msgid "ignore_group_members (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3087 +#: sssd.conf.5.xml:3088 msgid "Do not return group members for group lookups." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3090 +#: sssd.conf.5.xml:3091 msgid "" "If set to TRUE, the group membership attribute is not requested from the " "ldap server, and group members are not returned when processing group lookup " @@ -3668,7 +3668,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3108 +#: sssd.conf.5.xml:3109 msgid "" "Enabling this option can also make access provider checks for group " "membership significantly faster, especially for groups containing many " @@ -3676,7 +3676,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3114 sssd.conf.5.xml:3821 sssd-ldap.5.xml:326 +#: sssd.conf.5.xml:3115 sssd.conf.5.xml:3822 sssd-ldap.5.xml:326 #: sssd-ldap.5.xml:355 sssd-ldap.5.xml:408 sssd-ldap.5.xml:468 #: sssd-ldap.5.xml:489 sssd-ldap.5.xml:520 sssd-ldap.5.xml:543 #: sssd-ldap.5.xml:582 sssd-ldap.5.xml:601 sssd-ldap.5.xml:625 @@ -3687,19 +3687,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3124 +#: sssd.conf.5.xml:3125 msgid "auth_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3127 +#: sssd.conf.5.xml:3128 msgid "" "The authentication provider used for the domain. Supported auth providers " "are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3131 sssd.conf.5.xml:3189 +#: sssd.conf.5.xml:3132 sssd.conf.5.xml:3190 msgid "" "<quote>ldap</quote> for native LDAP authentication. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3707,7 +3707,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3138 +#: sssd.conf.5.xml:3139 msgid "" "<quote>krb5</quote> for Kerberos authentication. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3715,30 +3715,30 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3162 +#: sssd.conf.5.xml:3163 msgid "" "<quote>proxy</quote> for relaying authentication to some other PAM target." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3165 +#: sssd.conf.5.xml:3166 msgid "<quote>none</quote> disables authentication explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3168 +#: sssd.conf.5.xml:3169 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can handle " "authentication requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3174 +#: sssd.conf.5.xml:3175 msgid "access_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3177 +#: sssd.conf.5.xml:3178 msgid "" "The access control provider used for the domain. There are two built-in " "access providers (in addition to any included in installed backends) " @@ -3746,19 +3746,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3183 +#: sssd.conf.5.xml:3184 msgid "" "<quote>permit</quote> always allow access. It's the only permitted access " "provider for a local domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3186 +#: sssd.conf.5.xml:3187 msgid "<quote>deny</quote> always deny access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3213 +#: sssd.conf.5.xml:3214 msgid "" "<quote>simple</quote> access control based on access or deny lists. See " "<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</" @@ -3767,7 +3767,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3220 +#: sssd.conf.5.xml:3221 msgid "" "<quote>krb5</quote>: .k5login based access control. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum></" @@ -3775,29 +3775,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3227 +#: sssd.conf.5.xml:3228 msgid "<quote>proxy</quote> for relaying access control to another PAM module." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3230 +#: sssd.conf.5.xml:3231 msgid "Default: <quote>permit</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3235 +#: sssd.conf.5.xml:3236 msgid "chpass_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3238 +#: sssd.conf.5.xml:3239 msgid "" "The provider which should handle change password operations for the domain. " "Supported change password providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3243 +#: sssd.conf.5.xml:3244 msgid "" "<quote>ldap</quote> to change a password stored in a LDAP server. See " "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" @@ -3805,7 +3805,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3251 +#: sssd.conf.5.xml:3252 msgid "" "<quote>krb5</quote> to change the Kerberos password. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3813,35 +3813,35 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3276 +#: sssd.conf.5.xml:3277 msgid "" "<quote>proxy</quote> for relaying password changes to some other PAM target." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3280 +#: sssd.conf.5.xml:3281 msgid "<quote>none</quote> disallows password changes explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3283 +#: sssd.conf.5.xml:3284 msgid "" "Default: <quote>auth_provider</quote> is used if it is set and can handle " "change password requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3290 +#: sssd.conf.5.xml:3291 msgid "sudo_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3293 +#: sssd.conf.5.xml:3294 msgid "The SUDO provider used for the domain. Supported SUDO providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3297 +#: sssd.conf.5.xml:3298 msgid "" "<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3849,32 +3849,32 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3305 +#: sssd.conf.5.xml:3306 msgid "" "<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default " "settings." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3309 +#: sssd.conf.5.xml:3310 msgid "" "<quote>ad</quote> the same as <quote>ldap</quote> but with AD default " "settings." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3313 +#: sssd.conf.5.xml:3314 msgid "<quote>none</quote> disables SUDO explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3316 sssd.conf.5.xml:3402 sssd.conf.5.xml:3472 -#: sssd.conf.5.xml:3497 sssd.conf.5.xml:3533 +#: sssd.conf.5.xml:3317 sssd.conf.5.xml:3403 sssd.conf.5.xml:3473 +#: sssd.conf.5.xml:3498 sssd.conf.5.xml:3534 msgid "Default: The value of <quote>id_provider</quote> is used if it is set." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3320 +#: sssd.conf.5.xml:3321 msgid "" "The detailed instructions for configuration of sudo_provider are in the " "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " @@ -3885,7 +3885,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3335 +#: sssd.conf.5.xml:3336 msgid "" "<emphasis>NOTE:</emphasis> Sudo rules are periodically downloaded in the " "background unless the sudo provider is explicitly disabled. Set " @@ -3894,12 +3894,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3345 +#: sssd.conf.5.xml:3346 msgid "selinux_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3348 +#: sssd.conf.5.xml:3349 msgid "" "The provider which should handle loading of selinux settings. Note that this " "provider will be called right after access provider ends. Supported selinux " @@ -3907,7 +3907,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3354 +#: sssd.conf.5.xml:3355 msgid "" "<quote>ipa</quote> to load selinux settings from an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" @@ -3915,31 +3915,31 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3362 +#: sssd.conf.5.xml:3363 msgid "<quote>none</quote> disallows fetching selinux settings explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3365 +#: sssd.conf.5.xml:3366 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can handle " "selinux loading requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3371 +#: sssd.conf.5.xml:3372 msgid "subdomains_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3374 +#: sssd.conf.5.xml:3375 msgid "" "The provider which should handle fetching of subdomains. This value should " "be always the same as id_provider. Supported subdomain providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3380 +#: sssd.conf.5.xml:3381 msgid "" "<quote>ipa</quote> to load a list of subdomains from an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" @@ -3947,7 +3947,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3389 +#: sssd.conf.5.xml:3390 msgid "" "<quote>ad</quote> to load a list of subdomains from an Active Directory " "server. See <citerefentry> <refentrytitle>sssd-ad</refentrytitle> " @@ -3956,17 +3956,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3398 +#: sssd.conf.5.xml:3399 msgid "<quote>none</quote> disallows fetching subdomains explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3408 +#: sssd.conf.5.xml:3409 msgid "session_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3411 +#: sssd.conf.5.xml:3412 msgid "" "The provider which configures and manages user session related tasks. The " "only user session task currently provided is the integration with Fleet " @@ -3974,43 +3974,43 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3418 +#: sssd.conf.5.xml:3419 msgid "<quote>ipa</quote> to allow performing user session related tasks." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3422 +#: sssd.conf.5.xml:3423 msgid "" "<quote>none</quote> does not perform any kind of user session related tasks." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3426 +#: sssd.conf.5.xml:3427 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can perform " "session related tasks." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3430 +#: sssd.conf.5.xml:3431 msgid "" "<emphasis>NOTE:</emphasis> In order to have this feature working as expected " "SSSD must be running as \"root\" and not as the unprivileged user." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3438 +#: sssd.conf.5.xml:3439 msgid "autofs_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3441 +#: sssd.conf.5.xml:3442 msgid "" "The autofs provider used for the domain. Supported autofs providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3445 +#: sssd.conf.5.xml:3446 msgid "" "<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" @@ -4018,7 +4018,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3452 +#: sssd.conf.5.xml:3453 msgid "" "<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> " "<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </" @@ -4026,7 +4026,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3460 +#: sssd.conf.5.xml:3461 msgid "" "<quote>ad</quote> to load maps stored in an AD server. See <citerefentry> " "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </" @@ -4034,24 +4034,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3469 +#: sssd.conf.5.xml:3470 msgid "<quote>none</quote> disables autofs explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3479 +#: sssd.conf.5.xml:3480 msgid "hostid_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3482 +#: sssd.conf.5.xml:3483 msgid "" "The provider used for retrieving host identity information. Supported " "hostid providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3486 +#: sssd.conf.5.xml:3487 msgid "" "<quote>ipa</quote> to load host identity stored in an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" @@ -4059,31 +4059,31 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3494 +#: sssd.conf.5.xml:3495 msgid "<quote>none</quote> disables hostid explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3504 +#: sssd.conf.5.xml:3505 msgid "resolver_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3507 +#: sssd.conf.5.xml:3508 msgid "" "The provider which should handle hosts and networks lookups. Supported " "resolver providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3511 +#: sssd.conf.5.xml:3512 msgid "" "<quote>proxy</quote> to forward lookups to another NSS library. See " "<quote>proxy_resolver_lib_name</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3515 +#: sssd.conf.5.xml:3516 msgid "" "<quote>ldap</quote> to fetch hosts and networks stored in LDAP. See " "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" @@ -4091,7 +4091,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3522 +#: sssd.conf.5.xml:3523 msgid "" "<quote>ad</quote> to fetch hosts and networks stored in AD. See " "<citerefentry> <refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</" @@ -4100,12 +4100,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3530 +#: sssd.conf.5.xml:3531 msgid "<quote>none</quote> disallows fetching hosts and networks explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3543 +#: sssd.conf.5.xml:3544 msgid "" "Regular expression for this domain that describes how to parse the string " "containing user name and domain into these components. The \"domain\" can " @@ -4115,24 +4115,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3552 +#: sssd.conf.5.xml:3553 msgid "" "Default: <quote>^((?P<name>.+)@(?P<domain>[^@]*)|(?P<name>" "[^@]+))$</quote> which allows two different styles for user names:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:3557 sssd.conf.5.xml:3571 +#: sssd.conf.5.xml:3558 sssd.conf.5.xml:3572 msgid "username" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:3560 sssd.conf.5.xml:3574 +#: sssd.conf.5.xml:3561 sssd.conf.5.xml:3575 msgid "username@domain.name" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3565 +#: sssd.conf.5.xml:3566 msgid "" "Default for the AD and IPA provider: <quote>^(((?P<domain>[^\\\\]+)\\" "\\(?P<name>.+))|((?P<name>.+)@(?P<domain>[^@]+))|((?P<" @@ -4141,19 +4141,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:3577 +#: sssd.conf.5.xml:3578 msgid "domain\\username" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3580 +#: sssd.conf.5.xml:3581 msgid "" "While the first two correspond to the general default the third one is " "introduced to allow easy integration of users from Windows domains." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3585 +#: sssd.conf.5.xml:3586 msgid "" "The default re_expression uses the <quote>@</quote> character as a separator " "between the name and the domain. As a result of this setting the default " @@ -4163,93 +4163,93 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3637 +#: sssd.conf.5.xml:3638 msgid "Default: <quote>%1$s@%2$s</quote>." msgstr "Standaard: <quote>%1$s@%2$s</quote>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3643 +#: sssd.conf.5.xml:3644 msgid "lookup_family_order (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3646 +#: sssd.conf.5.xml:3647 msgid "" "Provides the ability to select preferred address family to use when " "performing DNS lookups." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3650 +#: sssd.conf.5.xml:3651 msgid "Supported values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3653 +#: sssd.conf.5.xml:3654 msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3656 +#: sssd.conf.5.xml:3657 msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3659 +#: sssd.conf.5.xml:3660 msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3662 +#: sssd.conf.5.xml:3663 msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3665 +#: sssd.conf.5.xml:3666 msgid "Default: ipv4_first" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3671 +#: sssd.conf.5.xml:3672 #, fuzzy #| msgid "entry_negative_timeout (integer)" msgid "dns_resolver_server_timeout (integer)" msgstr "entry_negative_timeout (numeriek)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3674 +#: sssd.conf.5.xml:3675 msgid "" "Defines the amount of time (in milliseconds) SSSD would try to talk to DNS " "server before trying next DNS server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3679 +#: sssd.conf.5.xml:3680 msgid "" "The AD provider will use this option for the CLDAP ping timeouts as well." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3683 sssd.conf.5.xml:3703 sssd.conf.5.xml:3724 +#: sssd.conf.5.xml:3684 sssd.conf.5.xml:3704 sssd.conf.5.xml:3725 msgid "" "Please see the section <quote>FAILOVER</quote> for more information about " "the service resolution." msgstr "" #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3688 sssd-ldap.5.xml:644 include/failover.xml:84 +#: sssd.conf.5.xml:3689 sssd-ldap.5.xml:644 include/failover.xml:84 msgid "Default: 1000" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3694 +#: sssd.conf.5.xml:3695 #, fuzzy #| msgid "entry_negative_timeout (integer)" msgid "dns_resolver_op_timeout (integer)" msgstr "entry_negative_timeout (numeriek)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3697 +#: sssd.conf.5.xml:3698 msgid "" "Defines the amount of time (in seconds) to wait to resolve single DNS query " "(e.g. resolution of a hostname or an SRV record) before trying the next " @@ -4257,12 +4257,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3714 +#: sssd.conf.5.xml:3715 msgid "dns_resolver_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3717 +#: sssd.conf.5.xml:3718 msgid "" "Defines the amount of time (in seconds) to wait for a reply from the " "internal fail over service before assuming that the service is unreachable. " @@ -4271,14 +4271,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3735 +#: sssd.conf.5.xml:3736 #, fuzzy #| msgid "entry_negative_timeout (integer)" msgid "dns_resolver_use_search_list (bool)" msgstr "entry_negative_timeout (numeriek)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3738 +#: sssd.conf.5.xml:3739 msgid "" "Normally, the DNS resolver searches the domain list defined in the " "\"search\" directive from the resolv.conf file. This can lead to delays in " @@ -4286,7 +4286,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3744 +#: sssd.conf.5.xml:3745 msgid "" "If fully qualified domain names (or _srv_) are used in the SSSD " "configuration, setting this option to FALSE can prevent unnecessary DNS " @@ -4294,71 +4294,71 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3750 +#: sssd.conf.5.xml:3751 #, fuzzy #| msgid "Default: 3" msgid "Default: TRUE" msgstr "Standaard: 3" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3756 +#: sssd.conf.5.xml:3757 msgid "dns_discovery_domain (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3759 +#: sssd.conf.5.xml:3760 msgid "" "If service discovery is used in the back end, specifies the domain part of " "the service discovery DNS query." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3763 +#: sssd.conf.5.xml:3764 msgid "Default: Use the domain part of machine's hostname" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3769 +#: sssd.conf.5.xml:3770 msgid "override_gid (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3772 +#: sssd.conf.5.xml:3773 msgid "Override the primary GID value with the one specified." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3778 +#: sssd.conf.5.xml:3779 msgid "case_sensitive (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3785 +#: sssd.conf.5.xml:3786 msgid "True" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3788 +#: sssd.conf.5.xml:3789 msgid "Case sensitive. This value is invalid for AD provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3794 +#: sssd.conf.5.xml:3795 msgid "False" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3796 +#: sssd.conf.5.xml:3797 msgid "Case insensitive." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3800 +#: sssd.conf.5.xml:3801 msgid "Preserving" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3803 +#: sssd.conf.5.xml:3804 msgid "" "Same as False (case insensitive), but does not lowercase names in the result " "of NSS operations. Note that name aliases (and in case of services also " @@ -4366,31 +4366,31 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3811 +#: sssd.conf.5.xml:3812 msgid "" "If you want to set this value for trusted domain with IPA provider, you need " "to set it on both the client and SSSD on the server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3781 +#: sssd.conf.5.xml:3782 msgid "" "Treat user and group names as case sensitive. Possible option values are: " "<placeholder type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3826 +#: sssd.conf.5.xml:3827 msgid "Default: True (False for AD provider)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3832 +#: sssd.conf.5.xml:3833 msgid "subdomain_inherit (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3835 +#: sssd.conf.5.xml:3836 msgid "" "Specifies a list of configuration parameters that should be inherited by a " "subdomain. Please note that only selected parameters can be inherited. " @@ -4398,114 +4398,114 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3841 +#: sssd.conf.5.xml:3842 msgid "ldap_search_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3844 +#: sssd.conf.5.xml:3845 msgid "ldap_network_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3847 +#: sssd.conf.5.xml:3848 msgid "ldap_opt_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3850 +#: sssd.conf.5.xml:3851 #, fuzzy #| msgid "enum_cache_timeout (integer)" msgid "ldap_offline_timeout" msgstr "enum_cache_timeout (numeriek)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3853 +#: sssd.conf.5.xml:3854 #, fuzzy #| msgid "reconnection_retries (integer)" msgid "ldap_enumeration_refresh_timeout" msgstr "reconnection_retries (numeriek)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3856 +#: sssd.conf.5.xml:3857 msgid "ldap_enumeration_refresh_offset" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3859 +#: sssd.conf.5.xml:3860 msgid "ldap_purge_cache_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3862 +#: sssd.conf.5.xml:3863 msgid "ldap_purge_cache_offset" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3865 +#: sssd.conf.5.xml:3866 msgid "" "ldap_krb5_keytab (the value of krb5_keytab will be used if ldap_krb5_keytab " "is not set explicitly)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3869 +#: sssd.conf.5.xml:3870 msgid "ldap_krb5_ticket_lifetime" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3872 +#: sssd.conf.5.xml:3873 #, fuzzy #| msgid "reconnection_retries (integer)" msgid "ldap_enumeration_search_timeout" msgstr "reconnection_retries (numeriek)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3875 +#: sssd.conf.5.xml:3876 #, fuzzy #| msgid "reconnection_retries (integer)" msgid "ldap_connection_expire_timeout" msgstr "reconnection_retries (numeriek)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3878 +#: sssd.conf.5.xml:3879 #, fuzzy #| msgid "reconnection_retries (integer)" msgid "ldap_connection_expire_offset" msgstr "reconnection_retries (numeriek)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3881 +#: sssd.conf.5.xml:3882 msgid "ldap_connection_idle_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3884 sssd-ldap.5.xml:400 +#: sssd.conf.5.xml:3885 sssd-ldap.5.xml:400 msgid "ldap_use_tokengroups" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3887 +#: sssd.conf.5.xml:3888 msgid "ldap_user_principal" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3890 +#: sssd.conf.5.xml:3891 msgid "ignore_group_members" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3893 +#: sssd.conf.5.xml:3894 msgid "auto_private_groups" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3896 +#: sssd.conf.5.xml:3897 msgid "case_sensitive" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:3901 +#: sssd.conf.5.xml:3902 #, no-wrap msgid "" "subdomain_inherit = ldap_purge_cache_timeout\n" @@ -4513,27 +4513,27 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3908 +#: sssd.conf.5.xml:3909 msgid "Note: This option only works with the IPA and AD provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3915 +#: sssd.conf.5.xml:3916 msgid "subdomain_homedir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3926 +#: sssd.conf.5.xml:3927 msgid "%F" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3927 +#: sssd.conf.5.xml:3928 msgid "flat (NetBIOS) name of a subdomain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3918 +#: sssd.conf.5.xml:3919 msgid "" "Use this homedir as default value for all subdomains within this domain in " "IPA AD trust. See <emphasis>override_homedir</emphasis> for info about " @@ -4543,34 +4543,34 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3932 +#: sssd.conf.5.xml:3933 msgid "" "The value can be overridden by <emphasis>override_homedir</emphasis> option." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3936 +#: sssd.conf.5.xml:3937 msgid "Default: <filename>/home/%d/%u</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3941 +#: sssd.conf.5.xml:3942 msgid "realmd_tags (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3944 +#: sssd.conf.5.xml:3945 msgid "" "Various tags stored by the realmd configuration service for this domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3950 +#: sssd.conf.5.xml:3951 msgid "cached_auth_timeout (int)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3953 +#: sssd.conf.5.xml:3954 msgid "" "Specifies time in seconds since last successful online authentication for " "which user will be authenticated using cached credentials while SSSD is in " @@ -4579,19 +4579,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3961 +#: sssd.conf.5.xml:3962 msgid "" "This option's value is inherited by all trusted domains. At the moment it is " "not possible to set a different value per trusted domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3966 +#: sssd.conf.5.xml:3967 msgid "Special value 0 implies that this feature is disabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3970 +#: sssd.conf.5.xml:3971 msgid "" "Please note that if <quote>cached_auth_timeout</quote> is longer than " "<quote>pam_id_timeout</quote> then the back end could be called to handle " @@ -4599,24 +4599,85 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3981 +#: sssd.conf.5.xml:3982 +#, fuzzy +#| msgid "re_expression (string)" +msgid "local_auth_policy (string)" +msgstr "re_expression (tekst)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3985 +msgid "" +"Local authentication methods policy. Some backends (i.e. LDAP, proxy " +"provider) only support a password based authentication, while others can " +"handle PKINIT based Smartcard authentication (AD, IPA), two-factor " +"authentication (IPA), or other methods against a central instance. By " +"default in such cases authentication is only performed with the methods " +"supported by the backend." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3995 +msgid "" +"There are three possible values for this option: match, only, enable. " +"<quote>match</quote> is used to match offline and online states for Kerberos " +"methods. <quote>only</quote> ignores the online methods and only offer the " +"local ones. enable allows explicitly defining the methods for local " +"authentication. As an example, <quote>enable:passkey</quote>, only enables " +"passkey for local authentication. Multiple enable values should be comma-" +"separated, such as <quote>enable:passkey, enable:smartcard</quote>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:4011 +#, no-wrap +msgid "" +"[domain/shadowutils]\n" +"id_provider = proxy\n" +"proxy_lib_name = files\n" +"auth_provider = none\n" +"local_auth_policy = only\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4007 +msgid "" +"The following configuration example allows local users to authenticate " +"locally using any enabled method (i.e. smartcard, passkey). <placeholder " +"type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4019 +msgid "This option is ignored for the files provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4022 +#, fuzzy +#| msgid "Default: 3" +msgid "Default: match" +msgstr "Standaard: 3" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4027 msgid "auto_private_groups (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3987 +#: sssd.conf.5.xml:4033 msgid "true" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3990 +#: sssd.conf.5.xml:4036 msgid "" "Create user's private group unconditionally from user's UID number. The GID " "number is ignored in this case." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3994 +#: sssd.conf.5.xml:4040 msgid "" "NOTE: Because the GID number and the user private group are inferred from " "the UID number, it is not supported to have multiple entries with the same " @@ -4625,24 +4686,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4003 +#: sssd.conf.5.xml:4049 msgid "false" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4006 +#: sssd.conf.5.xml:4052 msgid "" "Always use the user's primary GID number. The GID number must refer to a " "group object in the LDAP database." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4012 +#: sssd.conf.5.xml:4058 msgid "hybrid" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4015 +#: sssd.conf.5.xml:4061 msgid "" "A primary group is autogenerated for user entries whose UID and GID numbers " "have the same value and at the same time the GID number does not correspond " @@ -4652,14 +4713,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4028 +#: sssd.conf.5.xml:4074 msgid "" "If the UID and GID of a user are different, then the GID must correspond to " "a group entry, otherwise the GID is simply not resolvable." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4035 +#: sssd.conf.5.xml:4081 msgid "" "This feature is useful for environments that wish to stop maintaining a " "separate group objects for the user private groups, but also wish to retain " @@ -4667,21 +4728,21 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3984 +#: sssd.conf.5.xml:4030 msgid "" "This option takes any of three available values: <placeholder " "type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4047 +#: sssd.conf.5.xml:4093 msgid "" "For subdomains, the default value is False for subdomains that use assigned " "POSIX IDs and True for subdomains that use automatic ID-mapping." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:4055 +#: sssd.conf.5.xml:4101 #, no-wrap msgid "" "[domain/forest.domain/sub.domain]\n" @@ -4689,7 +4750,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:4061 +#: sssd.conf.5.xml:4107 #, no-wrap msgid "" "[domain/forest.domain]\n" @@ -4698,7 +4759,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4052 +#: sssd.conf.5.xml:4098 msgid "" "The value of auto_private_groups can either be set per subdomains in a " "subsection, for example: <placeholder type=\"programlisting\" id=\"0\"/> or " @@ -4707,7 +4768,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:2569 +#: sssd.conf.5.xml:2570 msgid "" "These configuration options can be present in a domain configuration " "section, that is, in a section called <quote>[domain/<replaceable>NAME</" @@ -4715,29 +4776,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4076 +#: sssd.conf.5.xml:4122 msgid "proxy_pam_target (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4079 +#: sssd.conf.5.xml:4125 msgid "The proxy target PAM proxies to." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4082 +#: sssd.conf.5.xml:4128 msgid "" "Default: not set by default, you have to take an existing pam configuration " "or create a new one and add the service name here." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4090 +#: sssd.conf.5.xml:4136 msgid "proxy_lib_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4093 +#: sssd.conf.5.xml:4139 msgid "" "The name of the NSS library to use in proxy domains. The NSS functions " "searched for in the library are in the form of _nss_$(libName)_$(function), " @@ -4745,12 +4806,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4103 +#: sssd.conf.5.xml:4149 msgid "proxy_resolver_lib_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4106 +#: sssd.conf.5.xml:4152 msgid "" "The name of the NSS library to use for hosts and networks lookups in proxy " "domains. The NSS functions searched for in the library are in the form of " @@ -4758,12 +4819,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4117 +#: sssd.conf.5.xml:4163 msgid "proxy_fast_alias (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4120 +#: sssd.conf.5.xml:4166 msgid "" "When a user or group is looked up by name in the proxy provider, a second " "lookup by ID is performed to \"canonicalize\" the name in case the requested " @@ -4772,12 +4833,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4134 +#: sssd.conf.5.xml:4180 msgid "proxy_max_children (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4137 +#: sssd.conf.5.xml:4183 msgid "" "This option specifies the number of pre-forked proxy children. It is useful " "for high-load SSSD environments where sssd may run out of available child " @@ -4785,19 +4846,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4072 +#: sssd.conf.5.xml:4118 msgid "" "Options valid for proxy domains. <placeholder type=\"variablelist\" " "id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:4153 +#: sssd.conf.5.xml:4199 msgid "Application domains" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4155 +#: sssd.conf.5.xml:4201 msgid "" "SSSD, with its D-Bus interface (see <citerefentry> <refentrytitle>sssd-ifp</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry>) is appealing to " @@ -4814,7 +4875,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4175 +#: sssd.conf.5.xml:4221 msgid "" "Please note that the application domain must still be explicitly enabled in " "the <quote>domains</quote> parameter so that the lookup order between the " @@ -4822,17 +4883,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> -#: sssd.conf.5.xml:4181 +#: sssd.conf.5.xml:4227 msgid "Application domain parameters" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4183 +#: sssd.conf.5.xml:4229 msgid "inherit_from (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4186 +#: sssd.conf.5.xml:4232 msgid "" "The SSSD POSIX-type domain the application domain inherits all settings " "from. The application domain can moreover add its own settings to the " @@ -4841,7 +4902,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4200 +#: sssd.conf.5.xml:4246 msgid "" "The following example illustrates the use of an application domain. In this " "setup, the POSIX domain is connected to an LDAP server and is used by the OS " @@ -4851,7 +4912,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><programlisting> -#: sssd.conf.5.xml:4208 +#: sssd.conf.5.xml:4254 #, no-wrap msgid "" "[sssd]\n" @@ -4871,12 +4932,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4228 +#: sssd.conf.5.xml:4274 msgid "TRUSTED DOMAIN SECTION" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4230 +#: sssd.conf.5.xml:4276 msgid "" "Some options used in the domain section can also be used in the trusted " "domain section, that is, in a section called <quote>[domain/" @@ -4887,69 +4948,69 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4237 +#: sssd.conf.5.xml:4283 msgid "ldap_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4238 +#: sssd.conf.5.xml:4284 msgid "ldap_user_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4239 +#: sssd.conf.5.xml:4285 msgid "ldap_group_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4240 +#: sssd.conf.5.xml:4286 msgid "ldap_netgroup_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4241 +#: sssd.conf.5.xml:4287 msgid "ldap_service_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4242 +#: sssd.conf.5.xml:4288 msgid "ldap_sasl_mech," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4243 +#: sssd.conf.5.xml:4289 msgid "ad_server," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4244 +#: sssd.conf.5.xml:4290 msgid "ad_backup_server," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4245 +#: sssd.conf.5.xml:4291 msgid "ad_site," msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4246 sssd-ipa.5.xml:879 +#: sssd.conf.5.xml:4292 sssd-ipa.5.xml:879 msgid "use_fully_qualified_names" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4250 +#: sssd.conf.5.xml:4296 msgid "" "For more details about these options see their individual description in the " "manual page." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4256 +#: sssd.conf.5.xml:4302 msgid "CERTIFICATE MAPPING SECTION" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4258 +#: sssd.conf.5.xml:4304 msgid "" "To allow authentication with Smartcards and certificates SSSD must be able " "to map certificates to users. This can be done by adding the full " @@ -4962,7 +5023,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4272 +#: sssd.conf.5.xml:4318 msgid "" "To make the mapping more flexible mapping and matching rules were added to " "SSSD (see <citerefentry> <refentrytitle>sss-certmap</refentrytitle> " @@ -4970,7 +5031,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4281 +#: sssd.conf.5.xml:4327 msgid "" "A mapping and matching rule can be added to the SSSD configuration in a " "section on its own with a name like <quote>[certmap/" @@ -4979,55 +5040,55 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4288 +#: sssd.conf.5.xml:4334 msgid "matchrule (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4291 +#: sssd.conf.5.xml:4337 msgid "" "Only certificates from the Smartcard which matches this rule will be " "processed, all others are ignored." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4295 +#: sssd.conf.5.xml:4341 msgid "" "Default: KRB5:<EKU>clientAuth, i.e. only certificates which have the " "Extended Key Usage <quote>clientAuth</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4302 +#: sssd.conf.5.xml:4348 msgid "maprule (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4305 +#: sssd.conf.5.xml:4351 msgid "Defines how the user is found for a given certificate." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4311 +#: sssd.conf.5.xml:4357 msgid "" "LDAP:(userCertificate;binary={cert!bin}) for LDAP based providers like " "<quote>ldap</quote>, <quote>AD</quote> or <quote>ipa</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4317 +#: sssd.conf.5.xml:4363 msgid "" "The RULE_NAME for the <quote>files</quote> provider which tries to find a " "user with the same name." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4326 +#: sssd.conf.5.xml:4372 msgid "domains (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4329 +#: sssd.conf.5.xml:4375 msgid "" "Comma separated list of domain names the rule should be applied. By default " "a rule is only valid in the domain configured in sssd.conf. If the provider " @@ -5036,17 +5097,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4336 +#: sssd.conf.5.xml:4382 msgid "Default: the configured domain in sssd.conf" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4341 +#: sssd.conf.5.xml:4387 msgid "priority (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4344 +#: sssd.conf.5.xml:4390 msgid "" "Unsigned integer value defining the priority of the rule. The higher the " "number the lower the priority. <quote>0</quote> stands for the highest " @@ -5054,26 +5115,26 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4350 +#: sssd.conf.5.xml:4396 msgid "Default: the lowest priority" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4356 +#: sssd.conf.5.xml:4402 msgid "" "To make the configuration simple and reduce the amount of configuration " "options the <quote>files</quote> provider has some special properties:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4362 +#: sssd.conf.5.xml:4408 msgid "" "if maprule is not set the RULE_NAME name is assumed to be the name of the " "matching user" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4368 +#: sssd.conf.5.xml:4414 msgid "" "if a maprule is used both a single user name or a template like " "<quote>{subject_rfc822_name.short_name}</quote> must be in braces like e.g. " @@ -5082,17 +5143,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4377 +#: sssd.conf.5.xml:4423 msgid "the <quote>domains</quote> option is ignored" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4385 +#: sssd.conf.5.xml:4431 msgid "PROMPTING CONFIGURATION SECTION" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4387 +#: sssd.conf.5.xml:4433 msgid "" "If a special file (<filename>/var/lib/sss/pubconf/pam_preauth_available</" "filename>) exists SSSD's PAM module pam_sss will ask SSSD to figure out " @@ -5102,7 +5163,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4395 +#: sssd.conf.5.xml:4441 msgid "" "With the growing number of authentication methods and the possibility that " "there are multiple ones for a single user the heuristic used by pam_sss to " @@ -5111,59 +5172,59 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4407 +#: sssd.conf.5.xml:4453 msgid "[prompting/password]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4410 +#: sssd.conf.5.xml:4456 msgid "password_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4411 +#: sssd.conf.5.xml:4457 msgid "to change the string of the password prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4409 +#: sssd.conf.5.xml:4455 msgid "" "to configure password prompting, allowed options are: <placeholder " "type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4419 +#: sssd.conf.5.xml:4465 msgid "[prompting/2fa]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4423 +#: sssd.conf.5.xml:4469 msgid "first_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4424 +#: sssd.conf.5.xml:4470 msgid "to change the string of the prompt for the first factor" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4427 +#: sssd.conf.5.xml:4473 msgid "second_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4428 +#: sssd.conf.5.xml:4474 msgid "to change the string of the prompt for the second factor" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4431 +#: sssd.conf.5.xml:4477 msgid "single_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4432 +#: sssd.conf.5.xml:4478 msgid "" "boolean value, if True there will be only a single prompt using the value of " "first_prompt where it is expected that both factors are entered as a single " @@ -5172,7 +5233,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4421 +#: sssd.conf.5.xml:4467 msgid "" "to configure two-factor authentication prompting, allowed options are: " "<placeholder type=\"variablelist\" id=\"0\"/> If the second factor is " @@ -5181,17 +5242,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4449 +#: sssd.conf.5.xml:4495 msgid "[prompting/passkey]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4455 sssd-ad.5.xml:1021 +#: sssd.conf.5.xml:4501 sssd-ad.5.xml:1021 msgid "interactive" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4457 +#: sssd.conf.5.xml:4503 msgid "" "boolean value, if True prompt a message and wait before testing the presence " "of a passkey device. Recommended if your device doesn’t have a tactile " @@ -5199,46 +5260,46 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4465 +#: sssd.conf.5.xml:4511 msgid "interactive_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4467 +#: sssd.conf.5.xml:4513 msgid "to change the message of the interactive prompt." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4472 +#: sssd.conf.5.xml:4518 msgid "touch" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4474 +#: sssd.conf.5.xml:4520 msgid "" "boolean value, if True prompt a message to remind the user to touch the " "device." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4480 +#: sssd.conf.5.xml:4526 msgid "touch_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4482 +#: sssd.conf.5.xml:4528 msgid "to change the message of the touch prompt." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4451 +#: sssd.conf.5.xml:4497 msgid "" "to configure passkey authentication prompting, allowed options are: " "<placeholder type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4402 +#: sssd.conf.5.xml:4448 msgid "" "Each supported authentication method has its own configuration subsection " "under <quote>[prompting/...]</quote>. Currently there are: <placeholder " @@ -5247,7 +5308,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4493 +#: sssd.conf.5.xml:4539 msgid "" "It is possible to add a subsection for specific PAM services, e.g. " "<quote>[prompting/password/sshd]</quote> to individual change the prompting " @@ -5255,12 +5316,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4500 pam_sss_gss.8.xml:157 idmap_sss.8.xml:43 +#: sssd.conf.5.xml:4546 pam_sss_gss.8.xml:157 idmap_sss.8.xml:43 msgid "EXAMPLES" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4506 +#: sssd.conf.5.xml:4552 #, no-wrap msgid "" "[sssd]\n" @@ -5290,7 +5351,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4502 +#: sssd.conf.5.xml:4548 msgid "" "1. The following example shows a typical SSSD config. It does not describe " "configuration of the domains themselves - refer to documentation on " @@ -5299,7 +5360,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4539 +#: sssd.conf.5.xml:4585 #, no-wrap msgid "" "[domain/ipa.com/child.ad.com]\n" @@ -5307,7 +5368,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4533 +#: sssd.conf.5.xml:4579 msgid "" "2. The following example shows configuration of IPA AD trust where the AD " "forest consists of two domains in a parent-child structure. Suppose IPA " @@ -5318,7 +5379,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4550 +#: sssd.conf.5.xml:4596 #, no-wrap msgid "" "[certmap/my.domain/rule_name]\n" @@ -5329,7 +5390,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4544 +#: sssd.conf.5.xml:4590 msgid "" "3. The following example shows the configuration of a certificate mapping " "rule. It is valid for the configured domain <quote>my.domain</quote> and " @@ -17344,7 +17405,7 @@ msgstr "" #: include/ldap_id_mapping.xml:235 msgid "" "When this option is configured, domains will be allocated starting with " -"slice zero and increasing monatomically with each additional domain." +"slice zero and increasing monotonically with each additional domain." msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> diff --git a/src/man/po/pt.po b/src/man/po/pt.po index f443f432319..877b2839667 100644 --- a/src/man/po/pt.po +++ b/src/man/po/pt.po @@ -8,7 +8,7 @@ msgid "" msgstr "" "Project-Id-Version: sssd-docs 2.3.0\n" "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" -"POT-Creation-Date: 2023-05-05 10:09+0200\n" +"POT-Creation-Date: 2023-09-07 11:47+0200\n" "PO-Revision-Date: 2014-12-15 12:05-0500\n" "Last-Translator: Copied by Zanata <copied-by-zanata@zanata.org>\n" "Language-Team: Portuguese (http://www.transifex.com/projects/p/sssd/language/" @@ -211,8 +211,8 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:136 sssd.conf.5.xml:173 sssd.conf.5.xml:358 -#: sssd.conf.5.xml:714 sssd.conf.5.xml:729 sssd.conf.5.xml:951 -#: sssd.conf.5.xml:1069 sssd.conf.5.xml:2197 sssd-ldap.5.xml:1071 +#: sssd.conf.5.xml:714 sssd.conf.5.xml:729 sssd.conf.5.xml:952 +#: sssd.conf.5.xml:1070 sssd.conf.5.xml:2198 sssd-ldap.5.xml:1071 #: sssd-ldap.5.xml:1174 sssd-ldap.5.xml:1243 sssd-ldap.5.xml:1750 #: sssd-ldap.5.xml:1815 sssd-ipa.5.xml:342 sssd-ad.5.xml:252 sssd-ad.5.xml:366 #: sssd-ad.5.xml:1200 sssd-ad.5.xml:1348 sssd-krb5.5.xml:358 @@ -232,8 +232,8 @@ msgid "" msgstr "" #. type: Content of: <variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:149 sssd.conf.5.xml:652 sssd.conf.5.xml:948 -#: sssd.conf.5.xml:2100 sssd.conf.5.xml:2167 sssd.conf.5.xml:4128 +#: sssd.conf.5.xml:149 sssd.conf.5.xml:652 sssd.conf.5.xml:949 +#: sssd.conf.5.xml:2101 sssd.conf.5.xml:2168 sssd.conf.5.xml:4174 #: sssd-ldap.5.xml:312 sssd-ldap.5.xml:917 sssd-ldap.5.xml:936 #: sssd-ldap.5.xml:1146 sssd-ldap.5.xml:1599 sssd-ldap.5.xml:1839 #: sssd-ipa.5.xml:152 sssd-ipa.5.xml:254 sssd-ipa.5.xml:657 sssd-ad.5.xml:1106 @@ -303,8 +303,8 @@ msgid "" msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:196 sssd.conf.5.xml:1289 sssd.conf.5.xml:1766 -#: sssd.conf.5.xml:4144 sssd-ldap.5.xml:765 include/ldap_id_mapping.xml:270 +#: sssd.conf.5.xml:196 sssd.conf.5.xml:1290 sssd.conf.5.xml:1767 +#: sssd.conf.5.xml:4190 sssd-ldap.5.xml:765 include/ldap_id_mapping.xml:270 msgid "Default: 10" msgstr "Padrão: 10" @@ -370,12 +370,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:258 sssd.conf.5.xml:783 +#: sssd.conf.5.xml:258 sssd.conf.5.xml:784 msgid "reconnection_retries (integer)" msgstr "reconnection_retries (integer)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:261 sssd.conf.5.xml:786 +#: sssd.conf.5.xml:261 sssd.conf.5.xml:787 msgid "" "Number of times services should attempt to reconnect in the event of a Data " "Provider crash or restart before they give up" @@ -384,7 +384,7 @@ msgstr "" "falha do provedor de dados ou reiniciar antes de eles desistirem" #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:266 sssd.conf.5.xml:791 sssd.conf.5.xml:3708 +#: sssd.conf.5.xml:266 sssd.conf.5.xml:792 sssd.conf.5.xml:3709 #: include/failover.xml:100 msgid "Default: 3" msgstr "Padrão: 3" @@ -406,7 +406,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:287 sssd.conf.5.xml:3540 +#: sssd.conf.5.xml:287 sssd.conf.5.xml:3541 msgid "re_expression (string)" msgstr "re_expression (string)" @@ -426,12 +426,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:304 sssd.conf.5.xml:3597 +#: sssd.conf.5.xml:304 sssd.conf.5.xml:3598 msgid "full_name_format (string)" msgstr "full_name_format (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:307 sssd.conf.5.xml:3600 +#: sssd.conf.5.xml:307 sssd.conf.5.xml:3601 msgid "" "A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</" "manvolnum> </citerefentry>-compatible format that describes how to compose a " @@ -439,39 +439,39 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:318 sssd.conf.5.xml:3611 +#: sssd.conf.5.xml:318 sssd.conf.5.xml:3612 msgid "%1$s" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:319 sssd.conf.5.xml:3612 +#: sssd.conf.5.xml:319 sssd.conf.5.xml:3613 msgid "user name" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:322 sssd.conf.5.xml:3615 +#: sssd.conf.5.xml:322 sssd.conf.5.xml:3616 msgid "%2$s" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:325 sssd.conf.5.xml:3618 +#: sssd.conf.5.xml:325 sssd.conf.5.xml:3619 msgid "domain name as specified in the SSSD config file." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:331 sssd.conf.5.xml:3624 +#: sssd.conf.5.xml:331 sssd.conf.5.xml:3625 msgid "%3$s" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:334 sssd.conf.5.xml:3627 +#: sssd.conf.5.xml:334 sssd.conf.5.xml:3628 msgid "" "domain flat name. Mostly usable for Active Directory domains, both directly " "configured or discovered via IPA trusts." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:315 sssd.conf.5.xml:3608 +#: sssd.conf.5.xml:315 sssd.conf.5.xml:3609 msgid "" "The following expansions are supported: <placeholder type=\"variablelist\" " "id=\"0\"/>" @@ -885,7 +885,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:700 sssd.conf.5.xml:1790 sssd.conf.5.xml:4194 +#: sssd.conf.5.xml:700 sssd.conf.5.xml:1791 sssd.conf.5.xml:4240 #: sssd-ad.5.xml:187 sssd-ad.5.xml:327 sssd-ad.5.xml:341 msgid "Default: Not set" msgstr "" @@ -938,11 +938,11 @@ msgstr "ldap_user_principal (string)" #: sssd.conf.5.xml:744 msgid "" "Enable or disable the user verification (i.e. PIN, fingerprint) during " -"authentication." +"authentication. If enabled, the PIN will always be requested." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:749 +#: sssd.conf.5.xml:750 msgid "" "The default is that the key settings decide what to do. In the IPA or " "kerberos pre-authentication case, this value will be overwritten by the " @@ -969,12 +969,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:768 +#: sssd.conf.5.xml:769 msgid "SERVICES SECTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:770 +#: sssd.conf.5.xml:771 msgid "" "Settings that can be used to configure different services are described in " "this section. They should reside in the [<replaceable>$NAME</replaceable>] " @@ -983,22 +983,22 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:777 +#: sssd.conf.5.xml:778 msgid "General service configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:779 +#: sssd.conf.5.xml:780 msgid "These options can be used to configure any service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:796 +#: sssd.conf.5.xml:797 msgid "fd_limit" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:799 +#: sssd.conf.5.xml:800 msgid "" "This option specifies the maximum number of file descriptors that may be " "opened at one time by this SSSD process. On systems where SSSD is granted " @@ -1008,17 +1008,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:808 +#: sssd.conf.5.xml:809 msgid "Default: 8192 (or limits.conf \"hard\" limit)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:813 +#: sssd.conf.5.xml:814 msgid "client_idle_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:816 +#: sssd.conf.5.xml:817 msgid "" "This option specifies the number of seconds that a client of an SSSD process " "can hold onto a file descriptor without communicating on it. This value is " @@ -1028,19 +1028,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:825 +#: sssd.conf.5.xml:826 #, fuzzy #| msgid "Default: 300" msgid "Default: 60, KCM: 300" msgstr "Padrão: 300" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:830 +#: sssd.conf.5.xml:831 msgid "offline_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:833 +#: sssd.conf.5.xml:834 msgid "" "When SSSD switches to offline mode the amount of time before it tries to go " "back online will increase based upon the time spent disconnected. By " @@ -1051,14 +1051,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:844 sssd.conf.5.xml:900 +#: sssd.conf.5.xml:845 sssd.conf.5.xml:901 msgid "" "new_delay = Minimum(old_delay * 2, offline_timeout_max) + random[0..." "offline_timeout_random_offset]" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:847 +#: sssd.conf.5.xml:848 msgid "" "The offline_timeout default value is 60. The offline_timeout_max default " "value is 3600. The offline_timeout_random_offset default value is 30. The " @@ -1066,46 +1066,46 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:853 +#: sssd.conf.5.xml:854 msgid "" "Note that the maximum length of each interval is defined by " "offline_timeout_max (apart of random part)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:857 sssd.conf.5.xml:1200 sssd.conf.5.xml:1583 -#: sssd.conf.5.xml:1879 sssd-ldap.5.xml:494 +#: sssd.conf.5.xml:858 sssd.conf.5.xml:1201 sssd.conf.5.xml:1584 +#: sssd.conf.5.xml:1880 sssd-ldap.5.xml:494 msgid "Default: 60" msgstr "Padrão: 60" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:862 +#: sssd.conf.5.xml:863 #, fuzzy #| msgid "timeout (integer)" msgid "offline_timeout_max (integer)" msgstr "timeout (integer)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:865 +#: sssd.conf.5.xml:866 msgid "" "Controls by how much the time between attempts to go online can be " "incremented following unsuccessful attempts to go online." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:870 +#: sssd.conf.5.xml:871 msgid "A value of 0 disables the incrementing behaviour." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:873 +#: sssd.conf.5.xml:874 msgid "" "The value of this parameter should be set in correlation to offline_timeout " "parameter value." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:877 +#: sssd.conf.5.xml:878 msgid "" "With offline_timeout set to 60 (default value) there is no point in setting " "offlinet_timeout_max to less than 120 as it will saturate instantly. General " @@ -1114,64 +1114,64 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:883 +#: sssd.conf.5.xml:884 msgid "" "Although a value between 0 and offline_timeout may be specified, it has the " "effect of overriding the offline_timeout value so is of little use." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:888 +#: sssd.conf.5.xml:889 #, fuzzy #| msgid "Default: 300" msgid "Default: 3600" msgstr "Padrão: 300" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:893 +#: sssd.conf.5.xml:894 #, fuzzy #| msgid "dns_resolver_timeout (integer)" msgid "offline_timeout_random_offset (integer)" msgstr "dns_resolver_timeout (integer)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:896 +#: sssd.conf.5.xml:897 msgid "" "When SSSD is in offline mode it keeps probing backend servers in specified " "time intervals:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:903 +#: sssd.conf.5.xml:904 msgid "" "This parameter controls the value of the random offset used for the above " "equation. Final random_offset value will be random number in range:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:908 +#: sssd.conf.5.xml:909 msgid "[0 - offline_timeout_random_offset]" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:911 +#: sssd.conf.5.xml:912 msgid "A value of 0 disables the random offset addition." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:914 +#: sssd.conf.5.xml:915 #, fuzzy #| msgid "Default: 300" msgid "Default: 30" msgstr "Padrão: 300" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:919 +#: sssd.conf.5.xml:920 msgid "responder_idle_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:922 +#: sssd.conf.5.xml:923 msgid "" "This option specifies the number of seconds that an SSSD responder process " "can be up without being used. This value is limited in order to avoid " @@ -1183,58 +1183,58 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:936 sssd.conf.5.xml:1213 sssd.conf.5.xml:2321 +#: sssd.conf.5.xml:937 sssd.conf.5.xml:1214 sssd.conf.5.xml:2322 #: sssd-ldap.5.xml:331 msgid "Default: 300" msgstr "Padrão: 300" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:941 +#: sssd.conf.5.xml:942 msgid "cache_first" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:944 +#: sssd.conf.5.xml:945 msgid "" "This option specifies whether the responder should query all caches before " "querying the Data Providers." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:959 +#: sssd.conf.5.xml:960 msgid "NSS configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:961 +#: sssd.conf.5.xml:962 msgid "" "These options can be used to configure the Name Service Switch (NSS) service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:966 +#: sssd.conf.5.xml:967 msgid "enum_cache_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:969 +#: sssd.conf.5.xml:970 msgid "" "How many seconds should nss_sss cache enumerations (requests for info about " "all users)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:973 +#: sssd.conf.5.xml:974 msgid "Default: 120" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:978 +#: sssd.conf.5.xml:979 msgid "entry_cache_nowait_percentage (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:981 +#: sssd.conf.5.xml:982 msgid "" "The entry cache can be set to automatically update entries in the background " "if they are requested beyond a percentage of the entry_cache_timeout value " @@ -1242,7 +1242,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:987 +#: sssd.conf.5.xml:988 msgid "" "For example, if the domain's entry_cache_timeout is set to 30s and " "entry_cache_nowait_percentage is set to 50 (percent), entries that come in " @@ -1252,7 +1252,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:997 +#: sssd.conf.5.xml:998 msgid "" "Valid values for this option are 0-99 and represent a percentage of the " "entry_cache_timeout for each domain. For performance reasons, this " @@ -1261,17 +1261,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1005 sssd.conf.5.xml:2121 +#: sssd.conf.5.xml:1006 sssd.conf.5.xml:2122 msgid "Default: 50" msgstr "Padrão: 50" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1010 +#: sssd.conf.5.xml:1011 msgid "entry_negative_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1013 +#: sssd.conf.5.xml:1014 msgid "" "Specifies for how many seconds nss_sss should cache negative cache hits " "(that is, queries for invalid database entries, like nonexistent ones) " @@ -1279,17 +1279,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1019 sssd.conf.5.xml:1778 sssd.conf.5.xml:2145 +#: sssd.conf.5.xml:1020 sssd.conf.5.xml:1779 sssd.conf.5.xml:2146 msgid "Default: 15" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1024 +#: sssd.conf.5.xml:1025 msgid "local_negative_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1027 +#: sssd.conf.5.xml:1028 msgid "" "Specifies for how many seconds nss_sss should keep local users and groups in " "negative cache before trying to look it up in the back end again. Setting " @@ -1297,17 +1297,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1033 +#: sssd.conf.5.xml:1034 msgid "Default: 14400 (4 hours)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1038 +#: sssd.conf.5.xml:1039 msgid "filter_users, filter_groups (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1041 +#: sssd.conf.5.xml:1042 msgid "" "Exclude certain users or groups from being fetched from the sss NSS " "database. This is particularly useful for system accounts. This option can " @@ -1316,7 +1316,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1049 +#: sssd.conf.5.xml:1050 msgid "" "NOTE: The filter_groups option doesn't affect inheritance of nested group " "members, since filtering happens after they are propagated for returning via " @@ -1325,41 +1325,41 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1057 +#: sssd.conf.5.xml:1058 msgid "Default: root" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1062 +#: sssd.conf.5.xml:1063 msgid "filter_users_in_groups (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1065 +#: sssd.conf.5.xml:1066 msgid "" "If you want filtered user still be group members set this option to false." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1076 +#: sssd.conf.5.xml:1077 msgid "fallback_homedir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1079 +#: sssd.conf.5.xml:1080 msgid "" "Set a default template for a user's home directory if one is not specified " "explicitly by the domain's data provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1084 +#: sssd.conf.5.xml:1085 msgid "" "The available values for this option are the same as for override_homedir." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1090 +#: sssd.conf.5.xml:1091 #, no-wrap msgid "" "fallback_homedir = /home/%u\n" @@ -1367,23 +1367,23 @@ msgid "" msgstr "" #. type: Content of: <varlistentry><listitem><para> -#: sssd.conf.5.xml:1088 sssd.conf.5.xml:1650 sssd.conf.5.xml:1669 -#: sssd.conf.5.xml:1746 sssd-krb5.5.xml:451 include/override_homedir.xml:66 +#: sssd.conf.5.xml:1089 sssd.conf.5.xml:1651 sssd.conf.5.xml:1670 +#: sssd.conf.5.xml:1747 sssd-krb5.5.xml:451 include/override_homedir.xml:66 msgid "example: <placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1094 +#: sssd.conf.5.xml:1095 msgid "Default: not set (no substitution for unset home directories)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1100 +#: sssd.conf.5.xml:1101 msgid "override_shell (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1103 +#: sssd.conf.5.xml:1104 msgid "" "Override the login shell for all users. This option supersedes any other " "shell options if it takes effect and can be set either in the [nss] section " @@ -1391,47 +1391,47 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1109 +#: sssd.conf.5.xml:1110 msgid "Default: not set (SSSD will use the value retrieved from LDAP)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1115 +#: sssd.conf.5.xml:1116 msgid "allowed_shells (string)" msgstr "allowed_shells (string)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1118 +#: sssd.conf.5.xml:1119 msgid "" "Restrict user shell to one of the listed values. The order of evaluation is:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1121 +#: sssd.conf.5.xml:1122 msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1125 +#: sssd.conf.5.xml:1126 msgid "" "2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</" "quote>, use the value of the shell_fallback parameter." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1130 +#: sssd.conf.5.xml:1131 msgid "" "3. If the shell is not in the allowed_shells list and not in <quote>/etc/" "shells</quote>, a nologin shell is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1135 +#: sssd.conf.5.xml:1136 msgid "The wildcard (*) can be used to allow any shell." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1138 +#: sssd.conf.5.xml:1139 msgid "" "The (*) is useful if you want to use shell_fallback in case that user's " "shell is not in <quote>/etc/shells</quote> and maintaining list of all " @@ -1439,117 +1439,117 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1145 +#: sssd.conf.5.xml:1146 msgid "An empty string for shell is passed as-is to libc." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1148 +#: sssd.conf.5.xml:1149 msgid "" "The <quote>/etc/shells</quote> is only read on SSSD start up, which means " "that a restart of the SSSD is required in case a new shell is installed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1152 +#: sssd.conf.5.xml:1153 msgid "Default: Not set. The user shell is automatically used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1157 +#: sssd.conf.5.xml:1158 msgid "vetoed_shells (string)" msgstr "vetoed_shells (string)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1160 +#: sssd.conf.5.xml:1161 msgid "Replace any instance of these shells with the shell_fallback" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1165 +#: sssd.conf.5.xml:1166 msgid "shell_fallback (string)" msgstr "shell_fallback (string)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1168 +#: sssd.conf.5.xml:1169 msgid "" "The default shell to use if an allowed shell is not installed on the machine." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1172 +#: sssd.conf.5.xml:1173 msgid "Default: /bin/sh" msgstr "Padrão: /bin/sh" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1177 +#: sssd.conf.5.xml:1178 msgid "default_shell" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1180 +#: sssd.conf.5.xml:1181 msgid "" "The default shell to use if the provider does not return one during lookup. " "This option can be specified globally in the [nss] section or per-domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1186 +#: sssd.conf.5.xml:1187 msgid "" "Default: not set (Return NULL if no shell is specified and rely on libc to " "substitute something sensible when necessary, usually /bin/sh)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1193 sssd.conf.5.xml:1576 +#: sssd.conf.5.xml:1194 sssd.conf.5.xml:1577 msgid "get_domains_timeout (int)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1196 sssd.conf.5.xml:1579 +#: sssd.conf.5.xml:1197 sssd.conf.5.xml:1580 msgid "" "Specifies time in seconds for which the list of subdomains will be " "considered valid." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1205 +#: sssd.conf.5.xml:1206 #, fuzzy #| msgid "entry_cache_timeout (integer)" msgid "memcache_timeout (integer)" msgstr "entry_cache_timeout (integer)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1208 +#: sssd.conf.5.xml:1209 msgid "" "Specifies time in seconds for which records in the in-memory cache will be " "valid. Setting this option to zero will disable the in-memory cache." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1216 +#: sssd.conf.5.xml:1217 msgid "" "WARNING: Disabling the in-memory cache will have significant negative impact " "on SSSD's performance and should only be used for testing." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1222 sssd.conf.5.xml:1247 sssd.conf.5.xml:1272 -#: sssd.conf.5.xml:1297 sssd.conf.5.xml:1324 +#: sssd.conf.5.xml:1223 sssd.conf.5.xml:1248 sssd.conf.5.xml:1273 +#: sssd.conf.5.xml:1298 sssd.conf.5.xml:1325 msgid "" "NOTE: If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", " "client applications will not use the fast in-memory cache." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1230 +#: sssd.conf.5.xml:1231 #, fuzzy #| msgid "entry_cache_timeout (integer)" msgid "memcache_size_passwd (integer)" msgstr "entry_cache_timeout (integer)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1233 +#: sssd.conf.5.xml:1234 msgid "" "Size (in megabytes) of the data table allocated inside fast in-memory cache " "for passwd requests. Setting the size to 0 will disable the passwd in-" @@ -1557,27 +1557,27 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1239 sssd.conf.5.xml:2963 sssd-ldap.5.xml:548 +#: sssd.conf.5.xml:1240 sssd.conf.5.xml:2964 sssd-ldap.5.xml:548 msgid "Default: 8" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1242 sssd.conf.5.xml:1267 sssd.conf.5.xml:1292 -#: sssd.conf.5.xml:1319 +#: sssd.conf.5.xml:1243 sssd.conf.5.xml:1268 sssd.conf.5.xml:1293 +#: sssd.conf.5.xml:1320 msgid "" "WARNING: Disabled or too small in-memory cache can have significant negative " "impact on SSSD's performance." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1255 +#: sssd.conf.5.xml:1256 #, fuzzy #| msgid "entry_cache_timeout (integer)" msgid "memcache_size_group (integer)" msgstr "entry_cache_timeout (integer)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1258 +#: sssd.conf.5.xml:1259 msgid "" "Size (in megabytes) of the data table allocated inside fast in-memory cache " "for group requests. Setting the size to 0 will disable the group in-memory " @@ -1585,21 +1585,21 @@ msgid "" msgstr "" #. type: Content of: <variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1264 sssd.conf.5.xml:1316 sssd.conf.5.xml:3729 +#: sssd.conf.5.xml:1265 sssd.conf.5.xml:1317 sssd.conf.5.xml:3730 #: sssd-ldap.5.xml:473 sssd-ldap.5.xml:525 include/failover.xml:116 #: include/krb5_options.xml:11 msgid "Default: 6" msgstr "Padrão: 6" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1280 +#: sssd.conf.5.xml:1281 #, fuzzy #| msgid "entry_cache_timeout (integer)" msgid "memcache_size_initgroups (integer)" msgstr "entry_cache_timeout (integer)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1283 +#: sssd.conf.5.xml:1284 msgid "" "Size (in megabytes) of the data table allocated inside fast in-memory cache " "for initgroups requests. Setting the size to 0 will disable the initgroups " @@ -1607,14 +1607,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1305 +#: sssd.conf.5.xml:1306 #, fuzzy #| msgid "entry_cache_timeout (integer)" msgid "memcache_size_sid (integer)" msgstr "entry_cache_timeout (integer)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1308 +#: sssd.conf.5.xml:1309 msgid "" "Size (in megabytes) of the data table allocated inside fast in-memory cache " "for SID related requests. Only SID-by-ID and ID-by-SID requests are " @@ -1623,12 +1623,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1332 sssd-ifp.5.xml:90 +#: sssd.conf.5.xml:1333 sssd-ifp.5.xml:90 msgid "user_attributes (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1335 +#: sssd.conf.5.xml:1336 msgid "" "Some of the additional NSS responder requests can return more attributes " "than just the POSIX ones defined by the NSS interface. The list of " @@ -1639,45 +1639,45 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1348 +#: sssd.conf.5.xml:1349 msgid "" "To make configuration more easy the NSS responder will check the InfoPipe " "option if it is not set for the NSS responder." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1353 +#: sssd.conf.5.xml:1354 msgid "Default: not set, fallback to InfoPipe option" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1358 +#: sssd.conf.5.xml:1359 msgid "pwfield (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1361 +#: sssd.conf.5.xml:1362 msgid "" "The value that NSS operations that return users or groups will return for " "the <quote>password</quote> field." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1366 +#: sssd.conf.5.xml:1367 #, fuzzy #| msgid "Default: <quote>%1$s@%2$s</quote>." msgid "Default: <quote>*</quote>" msgstr "Default: <quote>%1$s@%2$s</quote>." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1369 +#: sssd.conf.5.xml:1370 msgid "" "Note: This option can also be set per-domain which overwrites the value in " "[nss] section." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1373 +#: sssd.conf.5.xml:1374 msgid "" "Default: <quote>not set</quote> (remote domains), <phrase " "condition=\"with_files_provider\"> <quote>x</quote> (the files domain), </" @@ -1686,60 +1686,60 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:1385 +#: sssd.conf.5.xml:1386 msgid "PAM configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:1387 +#: sssd.conf.5.xml:1388 msgid "" "These options can be used to configure the Pluggable Authentication Module " "(PAM) service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1392 +#: sssd.conf.5.xml:1393 msgid "offline_credentials_expiration (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1395 +#: sssd.conf.5.xml:1396 msgid "" "If the authentication provider is offline, how long should we allow cached " "logins (in days since the last successful online login)." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1400 sssd.conf.5.xml:1413 +#: sssd.conf.5.xml:1401 sssd.conf.5.xml:1414 msgid "Default: 0 (No limit)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1406 +#: sssd.conf.5.xml:1407 msgid "offline_failed_login_attempts (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1409 +#: sssd.conf.5.xml:1410 msgid "" "If the authentication provider is offline, how many failed login attempts " "are allowed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1419 +#: sssd.conf.5.xml:1420 msgid "offline_failed_login_delay (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1422 +#: sssd.conf.5.xml:1423 msgid "" "The time in minutes which has to pass after offline_failed_login_attempts " "has been reached before a new login attempt is possible." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1427 +#: sssd.conf.5.xml:1428 msgid "" "If set to 0 the user cannot authenticate offline if " "offline_failed_login_attempts has been reached. Only a successful online " @@ -1747,61 +1747,61 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1433 sssd.conf.5.xml:1543 +#: sssd.conf.5.xml:1434 sssd.conf.5.xml:1544 msgid "Default: 5" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1439 +#: sssd.conf.5.xml:1440 msgid "pam_verbosity (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1442 +#: sssd.conf.5.xml:1443 msgid "" "Controls what kind of messages are shown to the user during authentication. " "The higher the number to more messages are displayed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1447 +#: sssd.conf.5.xml:1448 msgid "Currently sssd supports the following values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1450 +#: sssd.conf.5.xml:1451 msgid "<emphasis>0</emphasis>: do not show any message" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1453 +#: sssd.conf.5.xml:1454 msgid "<emphasis>1</emphasis>: show only important messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1457 +#: sssd.conf.5.xml:1458 msgid "<emphasis>2</emphasis>: show informational messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1460 +#: sssd.conf.5.xml:1461 msgid "<emphasis>3</emphasis>: show all messages and debug information" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1464 sssd.8.xml:63 +#: sssd.conf.5.xml:1465 sssd.8.xml:63 msgid "Default: 1" msgstr "Padrão: 1" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1470 +#: sssd.conf.5.xml:1471 #, fuzzy #| msgid "access_provider (string)" msgid "pam_response_filter (string)" msgstr "access_provider (string)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1473 +#: sssd.conf.5.xml:1474 msgid "" "A comma separated list of strings which allows to remove (filter) data sent " "by the PAM responder to pam_sss PAM module. There are different kind of " @@ -1810,51 +1810,51 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1481 +#: sssd.conf.5.xml:1482 msgid "" "While messages already can be controlled with the help of the pam_verbosity " "option this option allows to filter out other kind of responses as well." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1488 +#: sssd.conf.5.xml:1489 msgid "ENV" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1489 +#: sssd.conf.5.xml:1490 msgid "Do not send any environment variables to any service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1492 +#: sssd.conf.5.xml:1493 msgid "ENV:var_name" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1493 +#: sssd.conf.5.xml:1494 msgid "Do not send environment variable var_name to any service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1497 +#: sssd.conf.5.xml:1498 msgid "ENV:var_name:service" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1498 +#: sssd.conf.5.xml:1499 msgid "Do not send environment variable var_name to service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1486 +#: sssd.conf.5.xml:1487 msgid "" "Currently the following filters are supported: <placeholder " "type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1505 +#: sssd.conf.5.xml:1506 msgid "" "The list of strings can either be the list of filters which would set this " "list of filters and overwrite the defaults. Or each element of the list can " @@ -1865,23 +1865,23 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1516 +#: sssd.conf.5.xml:1517 msgid "Default: ENV:KRB5CCNAME:sudo, ENV:KRB5CCNAME:sudo-i" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1519 +#: sssd.conf.5.xml:1520 msgid "" "Example: -ENV:KRB5CCNAME:sudo-i will remove the filter from the default list" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1526 +#: sssd.conf.5.xml:1527 msgid "pam_id_timeout (integer)" msgstr "pam_id_timeout (integer)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1529 +#: sssd.conf.5.xml:1530 msgid "" "For any PAM request while SSSD is online, the SSSD will attempt to " "immediately update the cached identity information for the user in order to " @@ -1889,7 +1889,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1535 +#: sssd.conf.5.xml:1536 msgid "" "A complete PAM conversation may perform multiple PAM requests, such as " "account management and session opening. This option controls (on a per-" @@ -1898,17 +1898,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1549 +#: sssd.conf.5.xml:1550 msgid "pam_pwd_expiration_warning (integer)" msgstr "pam_pwd_expiration_warning (integer)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1552 sssd.conf.5.xml:2987 +#: sssd.conf.5.xml:1553 sssd.conf.5.xml:2988 msgid "Display a warning N days before the password expires." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1555 +#: sssd.conf.5.xml:1556 msgid "" "Please note that the backend server has to provide information about the " "expiration time of the password. If this information is missing, sssd " @@ -1916,31 +1916,31 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1561 sssd.conf.5.xml:2990 +#: sssd.conf.5.xml:1562 sssd.conf.5.xml:2991 msgid "" "If zero is set, then this filter is not applied, i.e. if the expiration " "warning was received from backend server, it will automatically be displayed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1566 +#: sssd.conf.5.xml:1567 msgid "" "This setting can be overridden by setting <emphasis>pwd_expiration_warning</" "emphasis> for a particular domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1571 sssd.conf.5.xml:3976 sssd-ldap.5.xml:606 sssd.8.xml:79 +#: sssd.conf.5.xml:1572 sssd.conf.5.xml:3977 sssd-ldap.5.xml:606 sssd.8.xml:79 msgid "Default: 0" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1588 +#: sssd.conf.5.xml:1589 msgid "pam_trusted_users (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1591 +#: sssd.conf.5.xml:1592 msgid "" "Specifies the comma-separated list of UID values or user names that are " "allowed to run PAM conversations against trusted domains. Users not " @@ -1950,75 +1950,75 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1601 +#: sssd.conf.5.xml:1602 msgid "Default: All users are considered trusted by default" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1605 +#: sssd.conf.5.xml:1606 msgid "" "Please note that UID 0 is always allowed to access the PAM responder even in " "case it is not in the pam_trusted_users list." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1612 +#: sssd.conf.5.xml:1613 msgid "pam_public_domains (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1615 +#: sssd.conf.5.xml:1616 msgid "" "Specifies the comma-separated list of domain names that are accessible even " "to untrusted users." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1619 +#: sssd.conf.5.xml:1620 msgid "Two special values for pam_public_domains option are defined:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1623 +#: sssd.conf.5.xml:1624 msgid "" "all (Untrusted users are allowed to access all domains in PAM responder.)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1627 +#: sssd.conf.5.xml:1628 msgid "" "none (Untrusted users are not allowed to access any domains PAM in " "responder.)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1631 sssd.conf.5.xml:1656 sssd.conf.5.xml:1675 -#: sssd.conf.5.xml:1912 sssd.conf.5.xml:2732 sssd.conf.5.xml:3905 +#: sssd.conf.5.xml:1632 sssd.conf.5.xml:1657 sssd.conf.5.xml:1676 +#: sssd.conf.5.xml:1913 sssd.conf.5.xml:2733 sssd.conf.5.xml:3906 #: sssd-ldap.5.xml:1207 msgid "Default: none" msgstr "Padrão: none" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1636 +#: sssd.conf.5.xml:1637 msgid "pam_account_expired_message (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1639 +#: sssd.conf.5.xml:1640 msgid "" "Allows a custom expiration message to be set, replacing the default " "'Permission denied' message." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1644 +#: sssd.conf.5.xml:1645 msgid "" "Note: Please be aware that message is only printed for the SSH service " "unless pam_verbosity is set to 3 (show all messages and debug information)." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1652 +#: sssd.conf.5.xml:1653 #, no-wrap msgid "" "pam_account_expired_message = Account expired, please contact help desk.\n" @@ -2026,19 +2026,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1661 +#: sssd.conf.5.xml:1662 msgid "pam_account_locked_message (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1664 +#: sssd.conf.5.xml:1665 msgid "" "Allows a custom lockout message to be set, replacing the default 'Permission " "denied' message." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1671 +#: sssd.conf.5.xml:1672 #, no-wrap msgid "" "pam_account_locked_message = Account locked, please contact help desk.\n" @@ -2046,17 +2046,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1680 +#: sssd.conf.5.xml:1681 msgid "pam_passkey_auth (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1683 +#: sssd.conf.5.xml:1684 msgid "Enable passkey device based authentication." msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1686 sssd.conf.5.xml:1697 sssd.conf.5.xml:1711 +#: sssd.conf.5.xml:1687 sssd.conf.5.xml:1698 sssd.conf.5.xml:1712 #: sssd-ldap.5.xml:671 sssd-ldap.5.xml:692 sssd-ldap.5.xml:788 #: sssd-ldap.5.xml:1293 sssd-ad.5.xml:505 sssd-ad.5.xml:581 sssd-ad.5.xml:1126 #: sssd-ad.5.xml:1175 include/ldap_id_mapping.xml:250 @@ -2064,22 +2064,22 @@ msgid "Default: False" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1691 +#: sssd.conf.5.xml:1692 msgid "passkey_debug_libfido2 (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1694 +#: sssd.conf.5.xml:1695 msgid "Enable libfido2 library debug messages." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1702 +#: sssd.conf.5.xml:1703 msgid "pam_cert_auth (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1705 +#: sssd.conf.5.xml:1706 msgid "" "Enable certificate based Smartcard authentication. Since this requires " "additional communication with the Smartcard which will delay the " @@ -2087,36 +2087,36 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1716 +#: sssd.conf.5.xml:1717 msgid "pam_cert_db_path (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1719 +#: sssd.conf.5.xml:1720 msgid "The path to the certificate database." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1722 sssd.conf.5.xml:2247 sssd.conf.5.xml:4308 +#: sssd.conf.5.xml:1723 sssd.conf.5.xml:2248 sssd.conf.5.xml:4354 msgid "Default:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1724 sssd.conf.5.xml:2249 +#: sssd.conf.5.xml:1725 sssd.conf.5.xml:2250 msgid "" "/etc/sssd/pki/sssd_auth_ca_db.pem (path to a file with trusted CA " "certificates in PEM format)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1734 +#: sssd.conf.5.xml:1735 #, fuzzy #| msgid "ldap_user_principal (string)" msgid "pam_cert_verification (string)" msgstr "ldap_user_principal (string)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1737 +#: sssd.conf.5.xml:1738 msgid "" "With this parameter the PAM certificate verification can be tuned with a " "comma separated list of options that override the " @@ -2126,7 +2126,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1748 +#: sssd.conf.5.xml:1749 #, no-wrap msgid "" "pam_cert_verification = partial_chain\n" @@ -2134,61 +2134,61 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1752 +#: sssd.conf.5.xml:1753 msgid "" "Default: not set, i.e. use default <quote>certificate_verification</quote> " "option defined in <quote>[sssd]</quote> section." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1759 +#: sssd.conf.5.xml:1760 msgid "p11_child_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1762 +#: sssd.conf.5.xml:1763 msgid "How many seconds will pam_sss wait for p11_child to finish." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1771 +#: sssd.conf.5.xml:1772 #, fuzzy #| msgid "pam_id_timeout (integer)" msgid "passkey_child_timeout (integer)" msgstr "pam_id_timeout (integer)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1774 +#: sssd.conf.5.xml:1775 msgid "" "How many seconds will the PAM responder wait for passkey_child to finish." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1783 +#: sssd.conf.5.xml:1784 msgid "pam_app_services (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1786 +#: sssd.conf.5.xml:1787 msgid "" "Which PAM services are permitted to contact domains of type " "<quote>application</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1795 +#: sssd.conf.5.xml:1796 msgid "pam_p11_allowed_services (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1798 +#: sssd.conf.5.xml:1799 msgid "" "A comma-separated list of PAM service names for which it will be allowed to " "use Smartcards." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1813 +#: sssd.conf.5.xml:1814 #, no-wrap msgid "" "pam_p11_allowed_services = +my_pam_service, -login\n" @@ -2196,7 +2196,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1802 +#: sssd.conf.5.xml:1803 msgid "" "It is possible to add another PAM service name to the default set by using " "<quote>+service_name</quote> or to explicitly remove a PAM service name from " @@ -2208,63 +2208,63 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1817 sssd-ad.5.xml:644 sssd-ad.5.xml:753 sssd-ad.5.xml:811 +#: sssd.conf.5.xml:1818 sssd-ad.5.xml:644 sssd-ad.5.xml:753 sssd-ad.5.xml:811 #: sssd-ad.5.xml:869 sssd-ad.5.xml:947 msgid "Default: the default set of PAM service names includes:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1822 sssd-ad.5.xml:648 +#: sssd.conf.5.xml:1823 sssd-ad.5.xml:648 msgid "login" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1827 sssd-ad.5.xml:653 +#: sssd.conf.5.xml:1828 sssd-ad.5.xml:653 msgid "su" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1832 sssd-ad.5.xml:658 +#: sssd.conf.5.xml:1833 sssd-ad.5.xml:658 msgid "su-l" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1837 sssd-ad.5.xml:673 +#: sssd.conf.5.xml:1838 sssd-ad.5.xml:673 msgid "gdm-smartcard" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1842 sssd-ad.5.xml:668 +#: sssd.conf.5.xml:1843 sssd-ad.5.xml:668 msgid "gdm-password" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1847 sssd-ad.5.xml:678 +#: sssd.conf.5.xml:1848 sssd-ad.5.xml:678 msgid "kdm" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1852 sssd-ad.5.xml:956 +#: sssd.conf.5.xml:1853 sssd-ad.5.xml:956 msgid "sudo" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1857 sssd-ad.5.xml:961 +#: sssd.conf.5.xml:1858 sssd-ad.5.xml:961 msgid "sudo-i" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1862 +#: sssd.conf.5.xml:1863 msgid "gnome-screensaver" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1870 +#: sssd.conf.5.xml:1871 msgid "p11_wait_for_card_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1873 +#: sssd.conf.5.xml:1874 msgid "" "If Smartcard authentication is required how many extra seconds in addition " "to p11_child_timeout should the PAM responder wait until a Smartcard is " @@ -2272,12 +2272,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1884 +#: sssd.conf.5.xml:1885 msgid "p11_uri (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1887 +#: sssd.conf.5.xml:1888 msgid "" "PKCS#11 URI (see RFC-7512 for details) which can be used to restrict the " "selection of devices used for Smartcard authentication. By default SSSD's " @@ -2288,7 +2288,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1900 +#: sssd.conf.5.xml:1901 #, no-wrap msgid "" "p11_uri = pkcs11:slot-description=My%20Smartcard%20Reader\n" @@ -2296,7 +2296,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1904 +#: sssd.conf.5.xml:1905 #, no-wrap msgid "" "p11_uri = pkcs11:library-description=OpenSC%20smartcard%20framework;slot-id=2\n" @@ -2304,7 +2304,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1898 +#: sssd.conf.5.xml:1899 msgid "" "Example: <placeholder type=\"programlisting\" id=\"0\"/> or <placeholder " "type=\"programlisting\" id=\"1\"/> To find suitable URI please check the " @@ -2313,47 +2313,47 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1917 +#: sssd.conf.5.xml:1918 msgid "pam_initgroups_scheme" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1925 +#: sssd.conf.5.xml:1926 msgid "always" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1926 +#: sssd.conf.5.xml:1927 msgid "" "Always do an online lookup, please note that pam_id_timeout still applies" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1930 +#: sssd.conf.5.xml:1931 msgid "no_session" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1931 +#: sssd.conf.5.xml:1932 msgid "" "Only do an online lookup if there is no active session of the user, i.e. if " "the user is currently not logged in" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1936 +#: sssd.conf.5.xml:1937 msgid "never" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1937 +#: sssd.conf.5.xml:1938 msgid "" "Never force an online lookup, use the data from the cache as long as they " "are not expired" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1920 +#: sssd.conf.5.xml:1921 msgid "" "The PAM responder can force an online lookup to get the current group " "memberships of the user trying to log in. This option controls when this " @@ -2362,30 +2362,30 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1944 +#: sssd.conf.5.xml:1945 msgid "Default: no_session" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1949 sssd.conf.5.xml:4247 +#: sssd.conf.5.xml:1950 sssd.conf.5.xml:4293 msgid "pam_gssapi_services" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1952 +#: sssd.conf.5.xml:1953 msgid "" "Comma separated list of PAM services that are allowed to try GSSAPI " "authentication using pam_sss_gss.so module." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1957 +#: sssd.conf.5.xml:1958 msgid "" "To disable GSSAPI authentication, set this option to <quote>-</quote> (dash)." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1961 sssd.conf.5.xml:1992 sssd.conf.5.xml:2030 +#: sssd.conf.5.xml:1962 sssd.conf.5.xml:1993 sssd.conf.5.xml:2031 msgid "" "Note: This option can also be set per-domain which overwrites the value in " "[pam] section. It can also be set for trusted domain which overwrites the " @@ -2393,7 +2393,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1969 +#: sssd.conf.5.xml:1970 #, no-wrap msgid "" "pam_gssapi_services = sudo, sudo-i\n" @@ -2401,22 +2401,22 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1967 sssd.conf.5.xml:3899 +#: sssd.conf.5.xml:1968 sssd.conf.5.xml:3900 msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1973 +#: sssd.conf.5.xml:1974 msgid "Default: - (GSSAPI authentication is disabled)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1978 sssd.conf.5.xml:4248 +#: sssd.conf.5.xml:1979 sssd.conf.5.xml:4294 msgid "pam_gssapi_check_upn" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1981 +#: sssd.conf.5.xml:1982 msgid "" "If True, SSSD will require that the Kerberos user principal that " "successfully authenticated through GSSAPI can be associated with the user " @@ -2424,25 +2424,25 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1988 +#: sssd.conf.5.xml:1989 msgid "" "If False, every user that is able to obtained required service ticket will " "be authenticated." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1998 sssd-ad.5.xml:1266 sss_rpcidmapd.5.xml:76 +#: sssd.conf.5.xml:1999 sssd-ad.5.xml:1266 sss_rpcidmapd.5.xml:76 #: sssd-files.5.xml:145 msgid "Default: True" msgstr "Padrão: TRUE" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2003 +#: sssd.conf.5.xml:2004 msgid "pam_gssapi_indicators_map" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2006 +#: sssd.conf.5.xml:2007 msgid "" "Comma separated list of authentication indicators required to be present in " "a Kerberos ticket to access a PAM service that is allowed to try GSSAPI " @@ -2450,7 +2450,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2012 +#: sssd.conf.5.xml:2013 msgid "" "Each element of the list can be either an authentication indicator name or a " "pair <quote>service:indicator</quote>. Indicators not prefixed with the PAM " @@ -2465,7 +2465,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2025 +#: sssd.conf.5.xml:2026 msgid "" "To disable GSSAPI authentication indicator check, set this option to <quote>-" "</quote> (dash). To disable the check for a specific PAM service, add " @@ -2473,45 +2473,45 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2036 +#: sssd.conf.5.xml:2037 msgid "" "Following authentication indicators are supported by IPA Kerberos " "deployments:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2039 +#: sssd.conf.5.xml:2040 msgid "" "pkinit -- pre-authentication using X.509 certificates -- whether stored in " "files or on smart cards." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2042 +#: sssd.conf.5.xml:2043 msgid "" "hardened -- SPAKE pre-authentication or any pre-authentication wrapped in a " "FAST channel." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2045 +#: sssd.conf.5.xml:2046 msgid "radius -- pre-authentication with the help of a RADIUS server." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2048 +#: sssd.conf.5.xml:2049 msgid "" "otp -- pre-authentication using integrated two-factor authentication (2FA or " "one-time password, OTP) in IPA." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2051 +#: sssd.conf.5.xml:2052 msgid "idp -- pre-authentication using external identity provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:2061 +#: sssd.conf.5.xml:2062 #, no-wrap msgid "" "pam_gssapi_indicators_map = sudo:pkinit, sudo-i:pkinit\n" @@ -2519,7 +2519,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2056 +#: sssd.conf.5.xml:2057 msgid "" "Example: to require access to SUDO services only for users which obtained " "their Kerberos tickets with a X.509 certificate pre-authentication (PKINIT), " @@ -2527,17 +2527,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2065 +#: sssd.conf.5.xml:2066 msgid "Default: not set (use of authentication indicators is not required)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:2073 +#: sssd.conf.5.xml:2074 msgid "SUDO configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2075 +#: sssd.conf.5.xml:2076 msgid "" "These options can be used to configure the sudo service. The detailed " "instructions for configuration of <citerefentry> <refentrytitle>sudo</" @@ -2548,24 +2548,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2092 +#: sssd.conf.5.xml:2093 msgid "sudo_timed (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2095 +#: sssd.conf.5.xml:2096 msgid "" "Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes " "that implement time-dependent sudoers entries." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2107 +#: sssd.conf.5.xml:2108 msgid "sudo_threshold (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2110 +#: sssd.conf.5.xml:2111 msgid "" "Maximum number of expired rules that can be refreshed at once. If number of " "expired rules is below threshold, those rules are refreshed with " @@ -2575,22 +2575,22 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:2129 +#: sssd.conf.5.xml:2130 msgid "AUTOFS configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2131 +#: sssd.conf.5.xml:2132 msgid "These options can be used to configure the autofs service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2135 +#: sssd.conf.5.xml:2136 msgid "autofs_negative_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2138 +#: sssd.conf.5.xml:2139 msgid "" "Specifies for how many seconds should the autofs responder negative cache " "hits (that is, queries for invalid map entries, like nonexistent ones) " @@ -2598,51 +2598,51 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:2154 +#: sssd.conf.5.xml:2155 msgid "SSH configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2156 +#: sssd.conf.5.xml:2157 msgid "These options can be used to configure the SSH service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2160 +#: sssd.conf.5.xml:2161 msgid "ssh_hash_known_hosts (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2163 +#: sssd.conf.5.xml:2164 msgid "" "Whether or not to hash host names and addresses in the managed known_hosts " "file." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2172 +#: sssd.conf.5.xml:2173 msgid "ssh_known_hosts_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2175 +#: sssd.conf.5.xml:2176 msgid "" "How many seconds to keep a host in the managed known_hosts file after its " "host keys were requested." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2179 +#: sssd.conf.5.xml:2180 msgid "Default: 180" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2184 +#: sssd.conf.5.xml:2185 msgid "ssh_use_certificate_keys (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2187 +#: sssd.conf.5.xml:2188 msgid "" "If set to true the <command>sss_ssh_authorizedkeys</command> will return ssh " "keys derived from the public key of X.509 certificates stored in the user " @@ -2651,12 +2651,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2202 +#: sssd.conf.5.xml:2203 msgid "ssh_use_certificate_matching_rules (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2205 +#: sssd.conf.5.xml:2206 msgid "" "By default the ssh responder will use all available certificate matching " "rules to filter the certificates so that ssh keys are only derived from the " @@ -2666,7 +2666,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2214 +#: sssd.conf.5.xml:2215 msgid "" "There are two special key words 'all_rules' and 'no_rules' which will enable " "all or no rules, respectively. The latter means that no certificates will be " @@ -2674,7 +2674,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2221 +#: sssd.conf.5.xml:2222 msgid "" "If no rules are configured using 'all_rules' will enable a default rule " "which enables all certificates suitable for client authentication. This is " @@ -2683,38 +2683,38 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2228 +#: sssd.conf.5.xml:2229 msgid "" "A non-existing rule name is considered an error. If as a result no rule is " "selected all certificates will be ignored." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2233 +#: sssd.conf.5.xml:2234 msgid "" "Default: not set, equivalent to 'all_rules', all found rules or the default " "rule are used" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2239 +#: sssd.conf.5.xml:2240 msgid "ca_db (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2242 +#: sssd.conf.5.xml:2243 msgid "" "Path to a storage of trusted CA certificates. The option is used to validate " "user certificates before deriving public ssh keys from them." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:2262 +#: sssd.conf.5.xml:2263 msgid "PAC responder configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2264 +#: sssd.conf.5.xml:2265 msgid "" "The PAC responder works together with the authorization data plugin for MIT " "Kerberos sssd_pac_plugin.so and a sub-domain provider. The plugin sends the " @@ -2725,7 +2725,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2273 +#: sssd.conf.5.xml:2274 msgid "" "If the remote user does not exist in the cache, it is created. The UID is " "determined with the help of the SID, trusted domains will have UPGs and the " @@ -2736,24 +2736,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2281 +#: sssd.conf.5.xml:2282 msgid "" "If there are SIDs of groups from domains sssd knows about, the user will be " "added to those groups." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2287 +#: sssd.conf.5.xml:2288 msgid "These options can be used to configure the PAC responder." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2291 sssd-ifp.5.xml:66 +#: sssd.conf.5.xml:2292 sssd-ifp.5.xml:66 msgid "allowed_uids (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2294 +#: sssd.conf.5.xml:2295 msgid "" "Specifies the comma-separated list of UID values or user names that are " "allowed to access the PAC responder. User names are resolved to UIDs at " @@ -2761,12 +2761,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2300 +#: sssd.conf.5.xml:2301 msgid "Default: 0 (only the root user is allowed to access the PAC responder)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2304 +#: sssd.conf.5.xml:2305 msgid "" "Please note that although the UID 0 is used as the default it will be " "overwritten with this option. If you still want to allow the root user to " @@ -2775,26 +2775,26 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2313 +#: sssd.conf.5.xml:2314 msgid "pac_lifetime (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2316 +#: sssd.conf.5.xml:2317 msgid "" "Lifetime of the PAC entry in seconds. As long as the PAC is valid the PAC " "data can be used to determine the group memberships of a user." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2326 +#: sssd.conf.5.xml:2327 #, fuzzy #| msgid "ipa_hostname (string)" msgid "pac_check (string)" msgstr "ipa_hostname (string)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2329 +#: sssd.conf.5.xml:2330 msgid "" "Apply additional checks on the PAC of the Kerberos ticket which is available " "in Active Directory and FreeIPA domains, if configured. Please note that " @@ -2805,24 +2805,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2343 +#: sssd.conf.5.xml:2344 msgid "no_check" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2345 +#: sssd.conf.5.xml:2346 msgid "" "The PAC must not be present and even if it is present no additional checks " "will be done." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2351 +#: sssd.conf.5.xml:2352 msgid "pac_present" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2353 +#: sssd.conf.5.xml:2354 msgid "" "The PAC must be present in the service ticket which SSSD will request with " "the help of the user's TGT. If the PAC is not available the authentication " @@ -2830,24 +2830,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2361 +#: sssd.conf.5.xml:2362 msgid "check_upn" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2363 +#: sssd.conf.5.xml:2364 msgid "" "If the PAC is present check if the user principal name (UPN) information is " "consistent." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2369 +#: sssd.conf.5.xml:2370 msgid "check_upn_allow_missing" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2371 +#: sssd.conf.5.xml:2372 msgid "" "This option should be used together with 'check_upn' and handles the case " "where a UPN is set on the server-side but is not read by SSSD. The typical " @@ -2859,7 +2859,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2383 +#: sssd.conf.5.xml:2384 msgid "" "Currently this option is set by default to avoid regressions in such " "environments. A log message will be added to the system log and SSSD's debug " @@ -2870,60 +2870,60 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2397 +#: sssd.conf.5.xml:2398 msgid "upn_dns_info_present" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2399 +#: sssd.conf.5.xml:2400 msgid "The PAC must contain the UPN-DNS-INFO buffer, implies 'check_upn'." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2404 +#: sssd.conf.5.xml:2405 msgid "check_upn_dns_info_ex" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2406 +#: sssd.conf.5.xml:2407 msgid "" "If the PAC is present and the extension to the UPN-DNS-INFO buffer is " "available check if the information in the extension is consistent." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2413 +#: sssd.conf.5.xml:2414 msgid "upn_dns_info_ex_present" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2415 +#: sssd.conf.5.xml:2416 msgid "" "The PAC must contain the extension of the UPN-DNS-INFO buffer, implies " "'check_upn_dns_info_ex', 'upn_dns_info_present' and 'check_upn'." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2339 +#: sssd.conf.5.xml:2340 msgid "" "The following options can be used alone or in a comma-separated list: " "<placeholder type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2425 +#: sssd.conf.5.xml:2426 msgid "" "Default: no_check (AD and IPA provider 'check_upn, check_upn_allow_missing, " "check_upn_dns_info_ex')" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:2434 +#: sssd.conf.5.xml:2435 msgid "Session recording configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2436 +#: sssd.conf.5.xml:2437 msgid "" "Session recording works in conjunction with <citerefentry> " "<refentrytitle>tlog-rec-session</refentrytitle> <manvolnum>8</manvolnum> </" @@ -2933,66 +2933,66 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2449 +#: sssd.conf.5.xml:2450 msgid "These options can be used to configure session recording." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2453 sssd-session-recording.5.xml:64 +#: sssd.conf.5.xml:2454 sssd-session-recording.5.xml:64 msgid "scope (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2460 sssd-session-recording.5.xml:71 +#: sssd.conf.5.xml:2461 sssd-session-recording.5.xml:71 msgid "\"none\"" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2463 sssd-session-recording.5.xml:74 +#: sssd.conf.5.xml:2464 sssd-session-recording.5.xml:74 msgid "No users are recorded." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2468 sssd-session-recording.5.xml:79 +#: sssd.conf.5.xml:2469 sssd-session-recording.5.xml:79 msgid "\"some\"" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2471 sssd-session-recording.5.xml:82 +#: sssd.conf.5.xml:2472 sssd-session-recording.5.xml:82 msgid "" "Users/groups specified by <replaceable>users</replaceable> and " "<replaceable>groups</replaceable> options are recorded." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2480 sssd-session-recording.5.xml:91 +#: sssd.conf.5.xml:2481 sssd-session-recording.5.xml:91 msgid "\"all\"" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2483 sssd-session-recording.5.xml:94 +#: sssd.conf.5.xml:2484 sssd-session-recording.5.xml:94 msgid "All users are recorded." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2456 sssd-session-recording.5.xml:67 +#: sssd.conf.5.xml:2457 sssd-session-recording.5.xml:67 msgid "" "One of the following strings specifying the scope of session recording: " "<placeholder type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2490 sssd-session-recording.5.xml:101 +#: sssd.conf.5.xml:2491 sssd-session-recording.5.xml:101 msgid "Default: \"none\"" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2495 sssd-session-recording.5.xml:106 +#: sssd.conf.5.xml:2496 sssd-session-recording.5.xml:106 msgid "users (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2498 sssd-session-recording.5.xml:109 +#: sssd.conf.5.xml:2499 sssd-session-recording.5.xml:109 msgid "" "A comma-separated list of users which should have session recording enabled. " "Matches user names as returned by NSS. I.e. after the possible space " @@ -3000,17 +3000,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2504 sssd-session-recording.5.xml:115 +#: sssd.conf.5.xml:2505 sssd-session-recording.5.xml:115 msgid "Default: Empty. Matches no users." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2509 sssd-session-recording.5.xml:120 +#: sssd.conf.5.xml:2510 sssd-session-recording.5.xml:120 msgid "groups (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2512 sssd-session-recording.5.xml:123 +#: sssd.conf.5.xml:2513 sssd-session-recording.5.xml:123 msgid "" "A comma-separated list of groups, members of which should have session " "recording enabled. Matches group names as returned by NSS. I.e. after the " @@ -3018,7 +3018,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2518 sssd.conf.5.xml:2550 sssd-session-recording.5.xml:129 +#: sssd.conf.5.xml:2519 sssd.conf.5.xml:2551 sssd-session-recording.5.xml:129 #: sssd-session-recording.5.xml:161 msgid "" "NOTE: using this option (having it set to anything) has a considerable " @@ -3027,64 +3027,64 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2525 sssd-session-recording.5.xml:136 +#: sssd.conf.5.xml:2526 sssd-session-recording.5.xml:136 msgid "Default: Empty. Matches no groups." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2530 sssd-session-recording.5.xml:141 +#: sssd.conf.5.xml:2531 sssd-session-recording.5.xml:141 #, fuzzy #| msgid "ldap_user_shell (string)" msgid "exclude_users (string)" msgstr "ldap_user_shell (string)" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2533 sssd-session-recording.5.xml:144 +#: sssd.conf.5.xml:2534 sssd-session-recording.5.xml:144 msgid "" "A comma-separated list of users to be excluded from recording, only " "applicable with 'scope=all'." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2537 sssd-session-recording.5.xml:148 +#: sssd.conf.5.xml:2538 sssd-session-recording.5.xml:148 #, fuzzy #| msgid "Default: empty, i.e. ldap_uri is used." msgid "Default: Empty. No users excluded." msgstr "Padrão: empty, ou seja, ldap_uri é usado." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2542 sssd-session-recording.5.xml:153 +#: sssd.conf.5.xml:2543 sssd-session-recording.5.xml:153 #, fuzzy #| msgid "ldap_group_search_base (string)" msgid "exclude_groups (string)" msgstr "ldap_group_search_base (string)" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2545 sssd-session-recording.5.xml:156 +#: sssd.conf.5.xml:2546 sssd-session-recording.5.xml:156 msgid "" "A comma-separated list of groups, members of which should be excluded from " "recording. Only applicable with 'scope=all'." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2557 sssd-session-recording.5.xml:168 +#: sssd.conf.5.xml:2558 sssd-session-recording.5.xml:168 #, fuzzy #| msgid "Default: empty, i.e. ldap_uri is used." msgid "Default: Empty. No groups excluded." msgstr "Padrão: empty, ou seja, ldap_uri é usado." #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:2567 +#: sssd.conf.5.xml:2568 msgid "DOMAIN SECTIONS" msgstr "SECÇÕES DE DOMÍNIO" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2574 +#: sssd.conf.5.xml:2575 msgid "enabled" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2577 +#: sssd.conf.5.xml:2578 msgid "" "Explicitly enable or disable the domain. If <quote>true</quote>, the domain " "is always <quote>enabled</quote>. If <quote>false</quote>, the domain is " @@ -3094,12 +3094,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2589 +#: sssd.conf.5.xml:2590 msgid "domain_type (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2592 +#: sssd.conf.5.xml:2593 msgid "" "Specifies whether the domain is meant to be used by POSIX-aware clients such " "as the Name Service Switch or by applications that do not need POSIX data to " @@ -3108,14 +3108,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2600 +#: sssd.conf.5.xml:2601 msgid "" "Allowed values for this option are <quote>posix</quote> and " "<quote>application</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2604 +#: sssd.conf.5.xml:2605 msgid "" "POSIX domains are reachable by all services. Application domains are only " "reachable from the InfoPipe responder (see <citerefentry> " @@ -3124,38 +3124,38 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2612 +#: sssd.conf.5.xml:2613 msgid "" "NOTE: The application domains are currently well tested with " "<quote>id_provider=ldap</quote> only." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2616 +#: sssd.conf.5.xml:2617 msgid "" "For an easy way to configure a non-POSIX domains, please see the " "<quote>Application domains</quote> section." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2620 +#: sssd.conf.5.xml:2621 msgid "Default: posix" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2626 +#: sssd.conf.5.xml:2627 msgid "min_id,max_id (integer)" msgstr "min_id,max_id (integer)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2629 +#: sssd.conf.5.xml:2630 msgid "" "UID and GID limits for the domain. If a domain contains an entry that is " "outside these limits, it is ignored." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2634 +#: sssd.conf.5.xml:2635 msgid "" "For users, this affects the primary GID limit. The user will not be returned " "to NSS if either the UID or the primary GID is outside the range. For non-" @@ -3164,24 +3164,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2641 +#: sssd.conf.5.xml:2642 msgid "" "These ID limits affect even saving entries to cache, not only returning them " "by name or ID." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2645 +#: sssd.conf.5.xml:2646 msgid "Default: 1 for min_id, 0 (no limit) for max_id" msgstr "Padrão: 1 para min_id, 0 (sem limite) para max_id" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2651 +#: sssd.conf.5.xml:2652 msgid "enumerate (bool)" msgstr "enumerate (bool)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2654 +#: sssd.conf.5.xml:2655 msgid "" "Determines if a domain can be enumerated, that is, whether the domain can " "list all the users and group it contains. Note that it is not required to " @@ -3190,29 +3190,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2662 +#: sssd.conf.5.xml:2663 msgid "TRUE = Users and groups are enumerated" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2665 +#: sssd.conf.5.xml:2666 msgid "FALSE = No enumerations for this domain" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2668 sssd.conf.5.xml:2942 sssd.conf.5.xml:3119 +#: sssd.conf.5.xml:2669 sssd.conf.5.xml:2943 sssd.conf.5.xml:3120 msgid "Default: FALSE" msgstr "Padrão: FALSE" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2671 +#: sssd.conf.5.xml:2672 msgid "" "Enumerating a domain requires SSSD to download and store ALL user and group " "entries from the remote server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2676 +#: sssd.conf.5.xml:2677 msgid "" "Note: Enabling enumeration has a moderate performance impact on SSSD while " "enumeration is running. It may take up to several minutes after SSSD startup " @@ -3226,14 +3226,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2691 +#: sssd.conf.5.xml:2692 msgid "" "While the first enumeration is running, requests for the complete user or " "group lists may return no results until it completes." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2696 +#: sssd.conf.5.xml:2697 msgid "" "Further, enabling enumeration may increase the time necessary to detect " "network disconnection, as longer timeouts are required to ensure that " @@ -3242,39 +3242,39 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2704 +#: sssd.conf.5.xml:2705 msgid "" "For the reasons cited above, enabling enumeration is not recommended, " "especially in large environments." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2712 +#: sssd.conf.5.xml:2713 msgid "subdomain_enumerate (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2719 +#: sssd.conf.5.xml:2720 msgid "all" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2720 +#: sssd.conf.5.xml:2721 msgid "All discovered trusted domains will be enumerated" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2723 +#: sssd.conf.5.xml:2724 msgid "none" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2724 +#: sssd.conf.5.xml:2725 msgid "No discovered trusted domains will be enumerated" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2715 +#: sssd.conf.5.xml:2716 msgid "" "Whether any of autodetected trusted domains should be enumerated. The " "supported values are: <placeholder type=\"variablelist\" id=\"0\"/> " @@ -3283,19 +3283,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2738 +#: sssd.conf.5.xml:2739 msgid "entry_cache_timeout (integer)" msgstr "entry_cache_timeout (integer)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2741 +#: sssd.conf.5.xml:2742 msgid "" "How many seconds should nss_sss consider entries valid before asking the " "backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2745 +#: sssd.conf.5.xml:2746 msgid "" "The cache expiration timestamps are stored as attributes of individual " "objects in the cache. Therefore, changing the cache timeout only has effect " @@ -3306,139 +3306,139 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2758 +#: sssd.conf.5.xml:2759 msgid "Default: 5400" msgstr "Padrão: 5400" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2764 +#: sssd.conf.5.xml:2765 msgid "entry_cache_user_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2767 +#: sssd.conf.5.xml:2768 msgid "" "How many seconds should nss_sss consider user entries valid before asking " "the backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2771 sssd.conf.5.xml:2784 sssd.conf.5.xml:2797 -#: sssd.conf.5.xml:2810 sssd.conf.5.xml:2824 sssd.conf.5.xml:2837 -#: sssd.conf.5.xml:2851 sssd.conf.5.xml:2865 sssd.conf.5.xml:2878 +#: sssd.conf.5.xml:2772 sssd.conf.5.xml:2785 sssd.conf.5.xml:2798 +#: sssd.conf.5.xml:2811 sssd.conf.5.xml:2825 sssd.conf.5.xml:2838 +#: sssd.conf.5.xml:2852 sssd.conf.5.xml:2866 sssd.conf.5.xml:2879 msgid "Default: entry_cache_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2777 +#: sssd.conf.5.xml:2778 msgid "entry_cache_group_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2780 +#: sssd.conf.5.xml:2781 msgid "" "How many seconds should nss_sss consider group entries valid before asking " "the backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2790 +#: sssd.conf.5.xml:2791 msgid "entry_cache_netgroup_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2793 +#: sssd.conf.5.xml:2794 msgid "" "How many seconds should nss_sss consider netgroup entries valid before " "asking the backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2803 +#: sssd.conf.5.xml:2804 msgid "entry_cache_service_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2806 +#: sssd.conf.5.xml:2807 msgid "" "How many seconds should nss_sss consider service entries valid before asking " "the backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2816 +#: sssd.conf.5.xml:2817 msgid "entry_cache_resolver_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2819 +#: sssd.conf.5.xml:2820 msgid "" "How many seconds should nss_sss consider hosts and networks entries valid " "before asking the backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2830 +#: sssd.conf.5.xml:2831 msgid "entry_cache_sudo_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2833 +#: sssd.conf.5.xml:2834 msgid "" "How many seconds should sudo consider rules valid before asking the backend " "again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2843 +#: sssd.conf.5.xml:2844 msgid "entry_cache_autofs_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2846 +#: sssd.conf.5.xml:2847 msgid "" "How many seconds should the autofs service consider automounter maps valid " "before asking the backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2857 +#: sssd.conf.5.xml:2858 msgid "entry_cache_ssh_host_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2860 +#: sssd.conf.5.xml:2861 msgid "" "How many seconds to keep a host ssh key after refresh. IE how long to cache " "the host key for." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2871 +#: sssd.conf.5.xml:2872 msgid "entry_cache_computer_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2874 +#: sssd.conf.5.xml:2875 msgid "" "How many seconds to keep the local computer entry before asking the backend " "again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2884 +#: sssd.conf.5.xml:2885 msgid "refresh_expired_interval (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2887 +#: sssd.conf.5.xml:2888 msgid "" "Specifies how many seconds SSSD has to wait before triggering a background " "refresh task which will refresh all expired or nearly expired records." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2892 +#: sssd.conf.5.xml:2893 msgid "" "The background refresh will process users, groups and netgroups in the " "cache. For users who have performed the initgroups (get group membership for " @@ -3447,17 +3447,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2900 +#: sssd.conf.5.xml:2901 msgid "This option is automatically inherited for all trusted domains." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2904 +#: sssd.conf.5.xml:2905 msgid "You can consider setting this value to 3/4 * entry_cache_timeout." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2908 +#: sssd.conf.5.xml:2909 msgid "" "Cache entry will be refreshed by background task when 2/3 of cache timeout " "has already passed. If there are existing cached entries, the background " @@ -3469,23 +3469,23 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2921 sssd-ldap.5.xml:360 sssd-ldap.5.xml:1736 +#: sssd.conf.5.xml:2922 sssd-ldap.5.xml:360 sssd-ldap.5.xml:1736 #: sssd-ipa.5.xml:270 msgid "Default: 0 (disabled)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2927 +#: sssd.conf.5.xml:2928 msgid "cache_credentials (bool)" msgstr "cache_credentials (bool)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2930 +#: sssd.conf.5.xml:2931 msgid "Determines if user credentials are also cached in the local LDB cache." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2934 +#: sssd.conf.5.xml:2935 msgid "" "Take a note that while credentials are stored as a salted SHA512 hash, this " "still potentially poses some security risk in case an attacker manages to " @@ -3494,12 +3494,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2948 +#: sssd.conf.5.xml:2949 msgid "cache_credentials_minimal_first_factor_length (int)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2951 +#: sssd.conf.5.xml:2952 msgid "" "If 2-Factor-Authentication (2FA) is used and credentials should be saved " "this value determines the minimal length the first authentication factor " @@ -3507,19 +3507,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2958 +#: sssd.conf.5.xml:2959 msgid "" "This should avoid that the short PINs of a PIN based 2FA scheme are saved in " "the cache which would make them easy targets for brute-force attacks." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2969 +#: sssd.conf.5.xml:2970 msgid "account_cache_expiration (integer)" msgstr "account_cache_expiration (integer)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2972 +#: sssd.conf.5.xml:2973 msgid "" "Number of days entries are left in cache after last successful login before " "being removed during a cleanup of the cache. 0 means keep forever. The " @@ -3528,17 +3528,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2979 +#: sssd.conf.5.xml:2980 msgid "Default: 0 (unlimited)" msgstr "Padrão: 0 (ilimitado)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2984 +#: sssd.conf.5.xml:2985 msgid "pwd_expiration_warning (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2995 +#: sssd.conf.5.xml:2996 msgid "" "Please note that the backend server has to provide information about the " "expiration time of the password. If this information is missing, sssd " @@ -3547,28 +3547,28 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3002 +#: sssd.conf.5.xml:3003 msgid "Default: 7 (Kerberos), 0 (LDAP)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3008 +#: sssd.conf.5.xml:3009 msgid "id_provider (string)" msgstr "id_provider (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3011 +#: sssd.conf.5.xml:3012 msgid "" "The identification provider used for the domain. Supported ID providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3015 +#: sssd.conf.5.xml:3016 msgid "<quote>proxy</quote>: Support a legacy NSS provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3018 +#: sssd.conf.5.xml:3019 msgid "" "<quote>files</quote>: FILES provider. See <citerefentry> <refentrytitle>sssd-" "files</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more " @@ -3576,7 +3576,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3026 +#: sssd.conf.5.xml:3027 msgid "" "<quote>ldap</quote>: LDAP provider. See <citerefentry> <refentrytitle>sssd-" "ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more " @@ -3584,8 +3584,8 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3034 sssd.conf.5.xml:3145 sssd.conf.5.xml:3196 -#: sssd.conf.5.xml:3259 +#: sssd.conf.5.xml:3035 sssd.conf.5.xml:3146 sssd.conf.5.xml:3197 +#: sssd.conf.5.xml:3260 msgid "" "<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management " "provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> " @@ -3594,8 +3594,8 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3043 sssd.conf.5.xml:3154 sssd.conf.5.xml:3205 -#: sssd.conf.5.xml:3268 +#: sssd.conf.5.xml:3044 sssd.conf.5.xml:3155 sssd.conf.5.xml:3206 +#: sssd.conf.5.xml:3269 msgid "" "<quote>ad</quote>: Active Directory provider. See <citerefentry> " "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3603,19 +3603,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3054 +#: sssd.conf.5.xml:3055 msgid "use_fully_qualified_names (bool)" msgstr "use_fully_qualified_names (bool)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3057 +#: sssd.conf.5.xml:3058 msgid "" "Use the full name and domain (as formatted by the domain's full_name_format) " "as the user's login name reported to NSS." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3062 +#: sssd.conf.5.xml:3063 msgid "" "If set to TRUE, all requests to this domain must use fully qualified names. " "For example, if used in LOCAL domain that contains a \"test\" user, " @@ -3624,7 +3624,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3070 +#: sssd.conf.5.xml:3071 msgid "" "NOTE: This option has no effect on netgroup lookups due to their tendency to " "include nested netgroups without qualified names. For netgroups, all domains " @@ -3632,24 +3632,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3077 +#: sssd.conf.5.xml:3078 msgid "" "Default: FALSE (TRUE for trusted domain/sub-domains or if " "default_domain_suffix is used)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3084 +#: sssd.conf.5.xml:3085 msgid "ignore_group_members (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3087 +#: sssd.conf.5.xml:3088 msgid "Do not return group members for group lookups." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3090 +#: sssd.conf.5.xml:3091 msgid "" "If set to TRUE, the group membership attribute is not requested from the " "ldap server, and group members are not returned when processing group lookup " @@ -3661,7 +3661,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3108 +#: sssd.conf.5.xml:3109 msgid "" "Enabling this option can also make access provider checks for group " "membership significantly faster, especially for groups containing many " @@ -3669,7 +3669,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3114 sssd.conf.5.xml:3821 sssd-ldap.5.xml:326 +#: sssd.conf.5.xml:3115 sssd.conf.5.xml:3822 sssd-ldap.5.xml:326 #: sssd-ldap.5.xml:355 sssd-ldap.5.xml:408 sssd-ldap.5.xml:468 #: sssd-ldap.5.xml:489 sssd-ldap.5.xml:520 sssd-ldap.5.xml:543 #: sssd-ldap.5.xml:582 sssd-ldap.5.xml:601 sssd-ldap.5.xml:625 @@ -3680,19 +3680,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3124 +#: sssd.conf.5.xml:3125 msgid "auth_provider (string)" msgstr "auth_provider (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3127 +#: sssd.conf.5.xml:3128 msgid "" "The authentication provider used for the domain. Supported auth providers " "are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3131 sssd.conf.5.xml:3189 +#: sssd.conf.5.xml:3132 sssd.conf.5.xml:3190 msgid "" "<quote>ldap</quote> for native LDAP authentication. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3700,7 +3700,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3138 +#: sssd.conf.5.xml:3139 msgid "" "<quote>krb5</quote> for Kerberos authentication. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3708,30 +3708,30 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3162 +#: sssd.conf.5.xml:3163 msgid "" "<quote>proxy</quote> for relaying authentication to some other PAM target." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3165 +#: sssd.conf.5.xml:3166 msgid "<quote>none</quote> disables authentication explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3168 +#: sssd.conf.5.xml:3169 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can handle " "authentication requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3174 +#: sssd.conf.5.xml:3175 msgid "access_provider (string)" msgstr "access_provider (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3177 +#: sssd.conf.5.xml:3178 msgid "" "The access control provider used for the domain. There are two built-in " "access providers (in addition to any included in installed backends) " @@ -3739,19 +3739,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3183 +#: sssd.conf.5.xml:3184 msgid "" "<quote>permit</quote> always allow access. It's the only permitted access " "provider for a local domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3186 +#: sssd.conf.5.xml:3187 msgid "<quote>deny</quote> always deny access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3213 +#: sssd.conf.5.xml:3214 msgid "" "<quote>simple</quote> access control based on access or deny lists. See " "<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</" @@ -3760,7 +3760,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3220 +#: sssd.conf.5.xml:3221 msgid "" "<quote>krb5</quote>: .k5login based access control. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum></" @@ -3768,29 +3768,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3227 +#: sssd.conf.5.xml:3228 msgid "<quote>proxy</quote> for relaying access control to another PAM module." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3230 +#: sssd.conf.5.xml:3231 msgid "Default: <quote>permit</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3235 +#: sssd.conf.5.xml:3236 msgid "chpass_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3238 +#: sssd.conf.5.xml:3239 msgid "" "The provider which should handle change password operations for the domain. " "Supported change password providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3243 +#: sssd.conf.5.xml:3244 msgid "" "<quote>ldap</quote> to change a password stored in a LDAP server. See " "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" @@ -3798,7 +3798,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3251 +#: sssd.conf.5.xml:3252 msgid "" "<quote>krb5</quote> to change the Kerberos password. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3806,35 +3806,35 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3276 +#: sssd.conf.5.xml:3277 msgid "" "<quote>proxy</quote> for relaying password changes to some other PAM target." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3280 +#: sssd.conf.5.xml:3281 msgid "<quote>none</quote> disallows password changes explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3283 +#: sssd.conf.5.xml:3284 msgid "" "Default: <quote>auth_provider</quote> is used if it is set and can handle " "change password requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3290 +#: sssd.conf.5.xml:3291 msgid "sudo_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3293 +#: sssd.conf.5.xml:3294 msgid "The SUDO provider used for the domain. Supported SUDO providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3297 +#: sssd.conf.5.xml:3298 msgid "" "<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3842,32 +3842,32 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3305 +#: sssd.conf.5.xml:3306 msgid "" "<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default " "settings." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3309 +#: sssd.conf.5.xml:3310 msgid "" "<quote>ad</quote> the same as <quote>ldap</quote> but with AD default " "settings." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3313 +#: sssd.conf.5.xml:3314 msgid "<quote>none</quote> disables SUDO explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3316 sssd.conf.5.xml:3402 sssd.conf.5.xml:3472 -#: sssd.conf.5.xml:3497 sssd.conf.5.xml:3533 +#: sssd.conf.5.xml:3317 sssd.conf.5.xml:3403 sssd.conf.5.xml:3473 +#: sssd.conf.5.xml:3498 sssd.conf.5.xml:3534 msgid "Default: The value of <quote>id_provider</quote> is used if it is set." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3320 +#: sssd.conf.5.xml:3321 msgid "" "The detailed instructions for configuration of sudo_provider are in the " "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " @@ -3878,7 +3878,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3335 +#: sssd.conf.5.xml:3336 msgid "" "<emphasis>NOTE:</emphasis> Sudo rules are periodically downloaded in the " "background unless the sudo provider is explicitly disabled. Set " @@ -3887,12 +3887,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3345 +#: sssd.conf.5.xml:3346 msgid "selinux_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3348 +#: sssd.conf.5.xml:3349 msgid "" "The provider which should handle loading of selinux settings. Note that this " "provider will be called right after access provider ends. Supported selinux " @@ -3900,7 +3900,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3354 +#: sssd.conf.5.xml:3355 msgid "" "<quote>ipa</quote> to load selinux settings from an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" @@ -3908,31 +3908,31 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3362 +#: sssd.conf.5.xml:3363 msgid "<quote>none</quote> disallows fetching selinux settings explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3365 +#: sssd.conf.5.xml:3366 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can handle " "selinux loading requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3371 +#: sssd.conf.5.xml:3372 msgid "subdomains_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3374 +#: sssd.conf.5.xml:3375 msgid "" "The provider which should handle fetching of subdomains. This value should " "be always the same as id_provider. Supported subdomain providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3380 +#: sssd.conf.5.xml:3381 msgid "" "<quote>ipa</quote> to load a list of subdomains from an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" @@ -3940,7 +3940,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3389 +#: sssd.conf.5.xml:3390 msgid "" "<quote>ad</quote> to load a list of subdomains from an Active Directory " "server. See <citerefentry> <refentrytitle>sssd-ad</refentrytitle> " @@ -3949,17 +3949,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3398 +#: sssd.conf.5.xml:3399 msgid "<quote>none</quote> disallows fetching subdomains explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3408 +#: sssd.conf.5.xml:3409 msgid "session_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3411 +#: sssd.conf.5.xml:3412 msgid "" "The provider which configures and manages user session related tasks. The " "only user session task currently provided is the integration with Fleet " @@ -3967,43 +3967,43 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3418 +#: sssd.conf.5.xml:3419 msgid "<quote>ipa</quote> to allow performing user session related tasks." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3422 +#: sssd.conf.5.xml:3423 msgid "" "<quote>none</quote> does not perform any kind of user session related tasks." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3426 +#: sssd.conf.5.xml:3427 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can perform " "session related tasks." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3430 +#: sssd.conf.5.xml:3431 msgid "" "<emphasis>NOTE:</emphasis> In order to have this feature working as expected " "SSSD must be running as \"root\" and not as the unprivileged user." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3438 +#: sssd.conf.5.xml:3439 msgid "autofs_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3441 +#: sssd.conf.5.xml:3442 msgid "" "The autofs provider used for the domain. Supported autofs providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3445 +#: sssd.conf.5.xml:3446 msgid "" "<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" @@ -4011,7 +4011,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3452 +#: sssd.conf.5.xml:3453 msgid "" "<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> " "<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </" @@ -4019,7 +4019,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3460 +#: sssd.conf.5.xml:3461 msgid "" "<quote>ad</quote> to load maps stored in an AD server. See <citerefentry> " "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </" @@ -4027,24 +4027,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3469 +#: sssd.conf.5.xml:3470 msgid "<quote>none</quote> disables autofs explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3479 +#: sssd.conf.5.xml:3480 msgid "hostid_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3482 +#: sssd.conf.5.xml:3483 msgid "" "The provider used for retrieving host identity information. Supported " "hostid providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3486 +#: sssd.conf.5.xml:3487 msgid "" "<quote>ipa</quote> to load host identity stored in an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" @@ -4052,31 +4052,31 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3494 +#: sssd.conf.5.xml:3495 msgid "<quote>none</quote> disables hostid explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3504 +#: sssd.conf.5.xml:3505 msgid "resolver_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3507 +#: sssd.conf.5.xml:3508 msgid "" "The provider which should handle hosts and networks lookups. Supported " "resolver providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3511 +#: sssd.conf.5.xml:3512 msgid "" "<quote>proxy</quote> to forward lookups to another NSS library. See " "<quote>proxy_resolver_lib_name</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3515 +#: sssd.conf.5.xml:3516 msgid "" "<quote>ldap</quote> to fetch hosts and networks stored in LDAP. See " "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" @@ -4084,7 +4084,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3522 +#: sssd.conf.5.xml:3523 msgid "" "<quote>ad</quote> to fetch hosts and networks stored in AD. See " "<citerefentry> <refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</" @@ -4093,12 +4093,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3530 +#: sssd.conf.5.xml:3531 msgid "<quote>none</quote> disallows fetching hosts and networks explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3543 +#: sssd.conf.5.xml:3544 msgid "" "Regular expression for this domain that describes how to parse the string " "containing user name and domain into these components. The \"domain\" can " @@ -4108,24 +4108,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3552 +#: sssd.conf.5.xml:3553 msgid "" "Default: <quote>^((?P<name>.+)@(?P<domain>[^@]*)|(?P<name>" "[^@]+))$</quote> which allows two different styles for user names:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:3557 sssd.conf.5.xml:3571 +#: sssd.conf.5.xml:3558 sssd.conf.5.xml:3572 msgid "username" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:3560 sssd.conf.5.xml:3574 +#: sssd.conf.5.xml:3561 sssd.conf.5.xml:3575 msgid "username@domain.name" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3565 +#: sssd.conf.5.xml:3566 msgid "" "Default for the AD and IPA provider: <quote>^(((?P<domain>[^\\\\]+)\\" "\\(?P<name>.+))|((?P<name>.+)@(?P<domain>[^@]+))|((?P<" @@ -4134,19 +4134,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:3577 +#: sssd.conf.5.xml:3578 msgid "domain\\username" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3580 +#: sssd.conf.5.xml:3581 msgid "" "While the first two correspond to the general default the third one is " "introduced to allow easy integration of users from Windows domains." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3585 +#: sssd.conf.5.xml:3586 msgid "" "The default re_expression uses the <quote>@</quote> character as a separator " "between the name and the domain. As a result of this setting the default " @@ -4156,93 +4156,93 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3637 +#: sssd.conf.5.xml:3638 msgid "Default: <quote>%1$s@%2$s</quote>." msgstr "Default: <quote>%1$s@%2$s</quote>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3643 +#: sssd.conf.5.xml:3644 msgid "lookup_family_order (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3646 +#: sssd.conf.5.xml:3647 msgid "" "Provides the ability to select preferred address family to use when " "performing DNS lookups." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3650 +#: sssd.conf.5.xml:3651 msgid "Supported values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3653 +#: sssd.conf.5.xml:3654 msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3656 +#: sssd.conf.5.xml:3657 msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3659 +#: sssd.conf.5.xml:3660 msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3662 +#: sssd.conf.5.xml:3663 msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3665 +#: sssd.conf.5.xml:3666 msgid "Default: ipv4_first" msgstr "Default: ipv4_first" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3671 +#: sssd.conf.5.xml:3672 #, fuzzy #| msgid "dns_resolver_timeout (integer)" msgid "dns_resolver_server_timeout (integer)" msgstr "dns_resolver_timeout (integer)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3674 +#: sssd.conf.5.xml:3675 msgid "" "Defines the amount of time (in milliseconds) SSSD would try to talk to DNS " "server before trying next DNS server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3679 +#: sssd.conf.5.xml:3680 msgid "" "The AD provider will use this option for the CLDAP ping timeouts as well." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3683 sssd.conf.5.xml:3703 sssd.conf.5.xml:3724 +#: sssd.conf.5.xml:3684 sssd.conf.5.xml:3704 sssd.conf.5.xml:3725 msgid "" "Please see the section <quote>FAILOVER</quote> for more information about " "the service resolution." msgstr "" #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3688 sssd-ldap.5.xml:644 include/failover.xml:84 +#: sssd.conf.5.xml:3689 sssd-ldap.5.xml:644 include/failover.xml:84 msgid "Default: 1000" msgstr "Padrão: 1000" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3694 +#: sssd.conf.5.xml:3695 #, fuzzy #| msgid "dns_resolver_timeout (integer)" msgid "dns_resolver_op_timeout (integer)" msgstr "dns_resolver_timeout (integer)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3697 +#: sssd.conf.5.xml:3698 msgid "" "Defines the amount of time (in seconds) to wait to resolve single DNS query " "(e.g. resolution of a hostname or an SRV record) before trying the next " @@ -4250,12 +4250,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3714 +#: sssd.conf.5.xml:3715 msgid "dns_resolver_timeout (integer)" msgstr "dns_resolver_timeout (integer)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3717 +#: sssd.conf.5.xml:3718 msgid "" "Defines the amount of time (in seconds) to wait for a reply from the " "internal fail over service before assuming that the service is unreachable. " @@ -4264,14 +4264,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3735 +#: sssd.conf.5.xml:3736 #, fuzzy #| msgid "dns_resolver_timeout (integer)" msgid "dns_resolver_use_search_list (bool)" msgstr "dns_resolver_timeout (integer)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3738 +#: sssd.conf.5.xml:3739 msgid "" "Normally, the DNS resolver searches the domain list defined in the " "\"search\" directive from the resolv.conf file. This can lead to delays in " @@ -4279,7 +4279,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3744 +#: sssd.conf.5.xml:3745 msgid "" "If fully qualified domain names (or _srv_) are used in the SSSD " "configuration, setting this option to FALSE can prevent unnecessary DNS " @@ -4287,69 +4287,69 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3750 +#: sssd.conf.5.xml:3751 msgid "Default: TRUE" msgstr "Padrão: TRUE" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3756 +#: sssd.conf.5.xml:3757 msgid "dns_discovery_domain (string)" msgstr "dns_discovery_domain (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3759 +#: sssd.conf.5.xml:3760 msgid "" "If service discovery is used in the back end, specifies the domain part of " "the service discovery DNS query." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3763 +#: sssd.conf.5.xml:3764 msgid "Default: Use the domain part of machine's hostname" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3769 +#: sssd.conf.5.xml:3770 msgid "override_gid (integer)" msgstr "override_gid (integer)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3772 +#: sssd.conf.5.xml:3773 msgid "Override the primary GID value with the one specified." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3778 +#: sssd.conf.5.xml:3779 msgid "case_sensitive (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3785 +#: sssd.conf.5.xml:3786 msgid "True" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3788 +#: sssd.conf.5.xml:3789 msgid "Case sensitive. This value is invalid for AD provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3794 +#: sssd.conf.5.xml:3795 msgid "False" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3796 +#: sssd.conf.5.xml:3797 msgid "Case insensitive." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3800 +#: sssd.conf.5.xml:3801 msgid "Preserving" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3803 +#: sssd.conf.5.xml:3804 msgid "" "Same as False (case insensitive), but does not lowercase names in the result " "of NSS operations. Note that name aliases (and in case of services also " @@ -4357,31 +4357,31 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3811 +#: sssd.conf.5.xml:3812 msgid "" "If you want to set this value for trusted domain with IPA provider, you need " "to set it on both the client and SSSD on the server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3781 +#: sssd.conf.5.xml:3782 msgid "" "Treat user and group names as case sensitive. Possible option values are: " "<placeholder type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3826 +#: sssd.conf.5.xml:3827 msgid "Default: True (False for AD provider)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3832 +#: sssd.conf.5.xml:3833 msgid "subdomain_inherit (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3835 +#: sssd.conf.5.xml:3836 msgid "" "Specifies a list of configuration parameters that should be inherited by a " "subdomain. Please note that only selected parameters can be inherited. " @@ -4389,126 +4389,126 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3841 +#: sssd.conf.5.xml:3842 #, fuzzy #| msgid "ldap_search_timeout (integer)" msgid "ldap_search_timeout" msgstr "ldap_search_timeout (integer)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3844 +#: sssd.conf.5.xml:3845 #, fuzzy #| msgid "ldap_network_timeout (integer)" msgid "ldap_network_timeout" msgstr "ldap_network_timeout (integer)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3847 +#: sssd.conf.5.xml:3848 #, fuzzy #| msgid "ldap_opt_timeout (integer)" msgid "ldap_opt_timeout" msgstr "ldap_opt_timeout (integer)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3850 +#: sssd.conf.5.xml:3851 #, fuzzy #| msgid "ldap_enumeration_refresh_timeout (integer)" msgid "ldap_offline_timeout" msgstr "ldap_enumeration_refresh_timeout (integer)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3853 +#: sssd.conf.5.xml:3854 #, fuzzy #| msgid "ldap_enumeration_refresh_timeout (integer)" msgid "ldap_enumeration_refresh_timeout" msgstr "ldap_enumeration_refresh_timeout (integer)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3856 +#: sssd.conf.5.xml:3857 #, fuzzy #| msgid "ldap_enumeration_refresh_timeout (integer)" msgid "ldap_enumeration_refresh_offset" msgstr "ldap_enumeration_refresh_timeout (integer)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3859 +#: sssd.conf.5.xml:3860 msgid "ldap_purge_cache_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3862 +#: sssd.conf.5.xml:3863 msgid "ldap_purge_cache_offset" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3865 +#: sssd.conf.5.xml:3866 msgid "" "ldap_krb5_keytab (the value of krb5_keytab will be used if ldap_krb5_keytab " "is not set explicitly)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3869 +#: sssd.conf.5.xml:3870 #, fuzzy #| msgid "ldap_krb5_ticket_lifetime (integer)" msgid "ldap_krb5_ticket_lifetime" msgstr "ldap_krb5_ticket_lifetime (integer)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3872 +#: sssd.conf.5.xml:3873 #, fuzzy #| msgid "ldap_enumeration_refresh_timeout (integer)" msgid "ldap_enumeration_search_timeout" msgstr "ldap_enumeration_refresh_timeout (integer)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3875 +#: sssd.conf.5.xml:3876 #, fuzzy #| msgid "ldap_enumeration_refresh_timeout (integer)" msgid "ldap_connection_expire_timeout" msgstr "ldap_enumeration_refresh_timeout (integer)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3878 +#: sssd.conf.5.xml:3879 #, fuzzy #| msgid "ldap_enumeration_refresh_timeout (integer)" msgid "ldap_connection_expire_offset" msgstr "ldap_enumeration_refresh_timeout (integer)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3881 +#: sssd.conf.5.xml:3882 #, fuzzy #| msgid "ldap_enumeration_refresh_timeout (integer)" msgid "ldap_connection_idle_timeout" msgstr "ldap_enumeration_refresh_timeout (integer)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3884 sssd-ldap.5.xml:400 +#: sssd.conf.5.xml:3885 sssd-ldap.5.xml:400 msgid "ldap_use_tokengroups" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3887 +#: sssd.conf.5.xml:3888 msgid "ldap_user_principal" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3890 +#: sssd.conf.5.xml:3891 msgid "ignore_group_members" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3893 +#: sssd.conf.5.xml:3894 msgid "auto_private_groups" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3896 +#: sssd.conf.5.xml:3897 msgid "case_sensitive" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:3901 +#: sssd.conf.5.xml:3902 #, no-wrap msgid "" "subdomain_inherit = ldap_purge_cache_timeout\n" @@ -4516,27 +4516,27 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3908 +#: sssd.conf.5.xml:3909 msgid "Note: This option only works with the IPA and AD provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3915 +#: sssd.conf.5.xml:3916 msgid "subdomain_homedir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3926 +#: sssd.conf.5.xml:3927 msgid "%F" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3927 +#: sssd.conf.5.xml:3928 msgid "flat (NetBIOS) name of a subdomain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3918 +#: sssd.conf.5.xml:3919 msgid "" "Use this homedir as default value for all subdomains within this domain in " "IPA AD trust. See <emphasis>override_homedir</emphasis> for info about " @@ -4546,34 +4546,34 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3932 +#: sssd.conf.5.xml:3933 msgid "" "The value can be overridden by <emphasis>override_homedir</emphasis> option." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3936 +#: sssd.conf.5.xml:3937 msgid "Default: <filename>/home/%d/%u</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3941 +#: sssd.conf.5.xml:3942 msgid "realmd_tags (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3944 +#: sssd.conf.5.xml:3945 msgid "" "Various tags stored by the realmd configuration service for this domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3950 +#: sssd.conf.5.xml:3951 msgid "cached_auth_timeout (int)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3953 +#: sssd.conf.5.xml:3954 msgid "" "Specifies time in seconds since last successful online authentication for " "which user will be authenticated using cached credentials while SSSD is in " @@ -4582,19 +4582,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3961 +#: sssd.conf.5.xml:3962 msgid "" "This option's value is inherited by all trusted domains. At the moment it is " "not possible to set a different value per trusted domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3966 +#: sssd.conf.5.xml:3967 msgid "Special value 0 implies that this feature is disabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3970 +#: sssd.conf.5.xml:3971 msgid "" "Please note that if <quote>cached_auth_timeout</quote> is longer than " "<quote>pam_id_timeout</quote> then the back end could be called to handle " @@ -4602,24 +4602,85 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3981 +#: sssd.conf.5.xml:3982 +#, fuzzy +#| msgid "ldap_pwd_policy (string)" +msgid "local_auth_policy (string)" +msgstr "ldap_pwd_policy (string)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3985 +msgid "" +"Local authentication methods policy. Some backends (i.e. LDAP, proxy " +"provider) only support a password based authentication, while others can " +"handle PKINIT based Smartcard authentication (AD, IPA), two-factor " +"authentication (IPA), or other methods against a central instance. By " +"default in such cases authentication is only performed with the methods " +"supported by the backend." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3995 +msgid "" +"There are three possible values for this option: match, only, enable. " +"<quote>match</quote> is used to match offline and online states for Kerberos " +"methods. <quote>only</quote> ignores the online methods and only offer the " +"local ones. enable allows explicitly defining the methods for local " +"authentication. As an example, <quote>enable:passkey</quote>, only enables " +"passkey for local authentication. Multiple enable values should be comma-" +"separated, such as <quote>enable:passkey, enable:smartcard</quote>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:4011 +#, no-wrap +msgid "" +"[domain/shadowutils]\n" +"id_provider = proxy\n" +"proxy_lib_name = files\n" +"auth_provider = none\n" +"local_auth_policy = only\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4007 +msgid "" +"The following configuration example allows local users to authenticate " +"locally using any enabled method (i.e. smartcard, passkey). <placeholder " +"type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4019 +msgid "This option is ignored for the files provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4022 +#, fuzzy +#| msgid "Default: cn" +msgid "Default: match" +msgstr "Padrão: NC" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4027 msgid "auto_private_groups (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3987 +#: sssd.conf.5.xml:4033 msgid "true" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3990 +#: sssd.conf.5.xml:4036 msgid "" "Create user's private group unconditionally from user's UID number. The GID " "number is ignored in this case." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3994 +#: sssd.conf.5.xml:4040 msgid "" "NOTE: Because the GID number and the user private group are inferred from " "the UID number, it is not supported to have multiple entries with the same " @@ -4628,24 +4689,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4003 +#: sssd.conf.5.xml:4049 msgid "false" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4006 +#: sssd.conf.5.xml:4052 msgid "" "Always use the user's primary GID number. The GID number must refer to a " "group object in the LDAP database." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4012 +#: sssd.conf.5.xml:4058 msgid "hybrid" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4015 +#: sssd.conf.5.xml:4061 msgid "" "A primary group is autogenerated for user entries whose UID and GID numbers " "have the same value and at the same time the GID number does not correspond " @@ -4655,14 +4716,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4028 +#: sssd.conf.5.xml:4074 msgid "" "If the UID and GID of a user are different, then the GID must correspond to " "a group entry, otherwise the GID is simply not resolvable." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4035 +#: sssd.conf.5.xml:4081 msgid "" "This feature is useful for environments that wish to stop maintaining a " "separate group objects for the user private groups, but also wish to retain " @@ -4670,21 +4731,21 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3984 +#: sssd.conf.5.xml:4030 msgid "" "This option takes any of three available values: <placeholder " "type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4047 +#: sssd.conf.5.xml:4093 msgid "" "For subdomains, the default value is False for subdomains that use assigned " "POSIX IDs and True for subdomains that use automatic ID-mapping." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:4055 +#: sssd.conf.5.xml:4101 #, no-wrap msgid "" "[domain/forest.domain/sub.domain]\n" @@ -4692,7 +4753,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:4061 +#: sssd.conf.5.xml:4107 #, no-wrap msgid "" "[domain/forest.domain]\n" @@ -4701,7 +4762,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4052 +#: sssd.conf.5.xml:4098 msgid "" "The value of auto_private_groups can either be set per subdomains in a " "subsection, for example: <placeholder type=\"programlisting\" id=\"0\"/> or " @@ -4710,7 +4771,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:2569 +#: sssd.conf.5.xml:2570 msgid "" "These configuration options can be present in a domain configuration " "section, that is, in a section called <quote>[domain/<replaceable>NAME</" @@ -4718,29 +4779,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4076 +#: sssd.conf.5.xml:4122 msgid "proxy_pam_target (string)" msgstr "proxy_pam_target (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4079 +#: sssd.conf.5.xml:4125 msgid "The proxy target PAM proxies to." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4082 +#: sssd.conf.5.xml:4128 msgid "" "Default: not set by default, you have to take an existing pam configuration " "or create a new one and add the service name here." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4090 +#: sssd.conf.5.xml:4136 msgid "proxy_lib_name (string)" msgstr "proxy_lib_name (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4093 +#: sssd.conf.5.xml:4139 msgid "" "The name of the NSS library to use in proxy domains. The NSS functions " "searched for in the library are in the form of _nss_$(libName)_$(function), " @@ -4748,12 +4809,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4103 +#: sssd.conf.5.xml:4149 msgid "proxy_resolver_lib_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4106 +#: sssd.conf.5.xml:4152 msgid "" "The name of the NSS library to use for hosts and networks lookups in proxy " "domains. The NSS functions searched for in the library are in the form of " @@ -4761,12 +4822,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4117 +#: sssd.conf.5.xml:4163 msgid "proxy_fast_alias (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4120 +#: sssd.conf.5.xml:4166 msgid "" "When a user or group is looked up by name in the proxy provider, a second " "lookup by ID is performed to \"canonicalize\" the name in case the requested " @@ -4775,12 +4836,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4134 +#: sssd.conf.5.xml:4180 msgid "proxy_max_children (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4137 +#: sssd.conf.5.xml:4183 msgid "" "This option specifies the number of pre-forked proxy children. It is useful " "for high-load SSSD environments where sssd may run out of available child " @@ -4788,19 +4849,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4072 +#: sssd.conf.5.xml:4118 msgid "" "Options valid for proxy domains. <placeholder type=\"variablelist\" " "id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:4153 +#: sssd.conf.5.xml:4199 msgid "Application domains" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4155 +#: sssd.conf.5.xml:4201 msgid "" "SSSD, with its D-Bus interface (see <citerefentry> <refentrytitle>sssd-ifp</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry>) is appealing to " @@ -4817,7 +4878,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4175 +#: sssd.conf.5.xml:4221 msgid "" "Please note that the application domain must still be explicitly enabled in " "the <quote>domains</quote> parameter so that the lookup order between the " @@ -4825,17 +4886,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> -#: sssd.conf.5.xml:4181 +#: sssd.conf.5.xml:4227 msgid "Application domain parameters" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4183 +#: sssd.conf.5.xml:4229 msgid "inherit_from (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4186 +#: sssd.conf.5.xml:4232 msgid "" "The SSSD POSIX-type domain the application domain inherits all settings " "from. The application domain can moreover add its own settings to the " @@ -4844,7 +4905,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4200 +#: sssd.conf.5.xml:4246 msgid "" "The following example illustrates the use of an application domain. In this " "setup, the POSIX domain is connected to an LDAP server and is used by the OS " @@ -4854,7 +4915,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><programlisting> -#: sssd.conf.5.xml:4208 +#: sssd.conf.5.xml:4254 #, no-wrap msgid "" "[sssd]\n" @@ -4874,12 +4935,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4228 +#: sssd.conf.5.xml:4274 msgid "TRUSTED DOMAIN SECTION" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4230 +#: sssd.conf.5.xml:4276 msgid "" "Some options used in the domain section can also be used in the trusted " "domain section, that is, in a section called <quote>[domain/" @@ -4890,69 +4951,69 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4237 +#: sssd.conf.5.xml:4283 msgid "ldap_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4238 +#: sssd.conf.5.xml:4284 msgid "ldap_user_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4239 +#: sssd.conf.5.xml:4285 msgid "ldap_group_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4240 +#: sssd.conf.5.xml:4286 msgid "ldap_netgroup_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4241 +#: sssd.conf.5.xml:4287 msgid "ldap_service_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4242 +#: sssd.conf.5.xml:4288 msgid "ldap_sasl_mech," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4243 +#: sssd.conf.5.xml:4289 msgid "ad_server," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4244 +#: sssd.conf.5.xml:4290 msgid "ad_backup_server," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4245 +#: sssd.conf.5.xml:4291 msgid "ad_site," msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4246 sssd-ipa.5.xml:879 +#: sssd.conf.5.xml:4292 sssd-ipa.5.xml:879 msgid "use_fully_qualified_names" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4250 +#: sssd.conf.5.xml:4296 msgid "" "For more details about these options see their individual description in the " "manual page." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4256 +#: sssd.conf.5.xml:4302 msgid "CERTIFICATE MAPPING SECTION" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4258 +#: sssd.conf.5.xml:4304 msgid "" "To allow authentication with Smartcards and certificates SSSD must be able " "to map certificates to users. This can be done by adding the full " @@ -4965,7 +5026,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4272 +#: sssd.conf.5.xml:4318 msgid "" "To make the mapping more flexible mapping and matching rules were added to " "SSSD (see <citerefentry> <refentrytitle>sss-certmap</refentrytitle> " @@ -4973,7 +5034,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4281 +#: sssd.conf.5.xml:4327 msgid "" "A mapping and matching rule can be added to the SSSD configuration in a " "section on its own with a name like <quote>[certmap/" @@ -4982,55 +5043,55 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4288 +#: sssd.conf.5.xml:4334 msgid "matchrule (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4291 +#: sssd.conf.5.xml:4337 msgid "" "Only certificates from the Smartcard which matches this rule will be " "processed, all others are ignored." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4295 +#: sssd.conf.5.xml:4341 msgid "" "Default: KRB5:<EKU>clientAuth, i.e. only certificates which have the " "Extended Key Usage <quote>clientAuth</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4302 +#: sssd.conf.5.xml:4348 msgid "maprule (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4305 +#: sssd.conf.5.xml:4351 msgid "Defines how the user is found for a given certificate." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4311 +#: sssd.conf.5.xml:4357 msgid "" "LDAP:(userCertificate;binary={cert!bin}) for LDAP based providers like " "<quote>ldap</quote>, <quote>AD</quote> or <quote>ipa</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4317 +#: sssd.conf.5.xml:4363 msgid "" "The RULE_NAME for the <quote>files</quote> provider which tries to find a " "user with the same name." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4326 +#: sssd.conf.5.xml:4372 msgid "domains (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4329 +#: sssd.conf.5.xml:4375 msgid "" "Comma separated list of domain names the rule should be applied. By default " "a rule is only valid in the domain configured in sssd.conf. If the provider " @@ -5039,17 +5100,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4336 +#: sssd.conf.5.xml:4382 msgid "Default: the configured domain in sssd.conf" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4341 +#: sssd.conf.5.xml:4387 msgid "priority (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4344 +#: sssd.conf.5.xml:4390 msgid "" "Unsigned integer value defining the priority of the rule. The higher the " "number the lower the priority. <quote>0</quote> stands for the highest " @@ -5057,26 +5118,26 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4350 +#: sssd.conf.5.xml:4396 msgid "Default: the lowest priority" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4356 +#: sssd.conf.5.xml:4402 msgid "" "To make the configuration simple and reduce the amount of configuration " "options the <quote>files</quote> provider has some special properties:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4362 +#: sssd.conf.5.xml:4408 msgid "" "if maprule is not set the RULE_NAME name is assumed to be the name of the " "matching user" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4368 +#: sssd.conf.5.xml:4414 msgid "" "if a maprule is used both a single user name or a template like " "<quote>{subject_rfc822_name.short_name}</quote> must be in braces like e.g. " @@ -5085,17 +5146,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4377 +#: sssd.conf.5.xml:4423 msgid "the <quote>domains</quote> option is ignored" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4385 +#: sssd.conf.5.xml:4431 msgid "PROMPTING CONFIGURATION SECTION" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4387 +#: sssd.conf.5.xml:4433 msgid "" "If a special file (<filename>/var/lib/sss/pubconf/pam_preauth_available</" "filename>) exists SSSD's PAM module pam_sss will ask SSSD to figure out " @@ -5105,7 +5166,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4395 +#: sssd.conf.5.xml:4441 msgid "" "With the growing number of authentication methods and the possibility that " "there are multiple ones for a single user the heuristic used by pam_sss to " @@ -5114,59 +5175,59 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4407 +#: sssd.conf.5.xml:4453 msgid "[prompting/password]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4410 +#: sssd.conf.5.xml:4456 msgid "password_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4411 +#: sssd.conf.5.xml:4457 msgid "to change the string of the password prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4409 +#: sssd.conf.5.xml:4455 msgid "" "to configure password prompting, allowed options are: <placeholder " "type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4419 +#: sssd.conf.5.xml:4465 msgid "[prompting/2fa]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4423 +#: sssd.conf.5.xml:4469 msgid "first_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4424 +#: sssd.conf.5.xml:4470 msgid "to change the string of the prompt for the first factor" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4427 +#: sssd.conf.5.xml:4473 msgid "second_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4428 +#: sssd.conf.5.xml:4474 msgid "to change the string of the prompt for the second factor" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4431 +#: sssd.conf.5.xml:4477 msgid "single_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4432 +#: sssd.conf.5.xml:4478 msgid "" "boolean value, if True there will be only a single prompt using the value of " "first_prompt where it is expected that both factors are entered as a single " @@ -5175,7 +5236,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4421 +#: sssd.conf.5.xml:4467 msgid "" "to configure two-factor authentication prompting, allowed options are: " "<placeholder type=\"variablelist\" id=\"0\"/> If the second factor is " @@ -5184,17 +5245,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4449 +#: sssd.conf.5.xml:4495 msgid "[prompting/passkey]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4455 sssd-ad.5.xml:1021 +#: sssd.conf.5.xml:4501 sssd-ad.5.xml:1021 msgid "interactive" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4457 +#: sssd.conf.5.xml:4503 msgid "" "boolean value, if True prompt a message and wait before testing the presence " "of a passkey device. Recommended if your device doesn’t have a tactile " @@ -5202,46 +5263,46 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4465 +#: sssd.conf.5.xml:4511 msgid "interactive_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4467 +#: sssd.conf.5.xml:4513 msgid "to change the message of the interactive prompt." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4472 +#: sssd.conf.5.xml:4518 msgid "touch" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4474 +#: sssd.conf.5.xml:4520 msgid "" "boolean value, if True prompt a message to remind the user to touch the " "device." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4480 +#: sssd.conf.5.xml:4526 msgid "touch_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4482 +#: sssd.conf.5.xml:4528 msgid "to change the message of the touch prompt." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4451 +#: sssd.conf.5.xml:4497 msgid "" "to configure passkey authentication prompting, allowed options are: " "<placeholder type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4402 +#: sssd.conf.5.xml:4448 msgid "" "Each supported authentication method has its own configuration subsection " "under <quote>[prompting/...]</quote>. Currently there are: <placeholder " @@ -5250,7 +5311,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4493 +#: sssd.conf.5.xml:4539 msgid "" "It is possible to add a subsection for specific PAM services, e.g. " "<quote>[prompting/password/sshd]</quote> to individual change the prompting " @@ -5258,12 +5319,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4500 pam_sss_gss.8.xml:157 idmap_sss.8.xml:43 +#: sssd.conf.5.xml:4546 pam_sss_gss.8.xml:157 idmap_sss.8.xml:43 msgid "EXAMPLES" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4506 +#: sssd.conf.5.xml:4552 #, no-wrap msgid "" "[sssd]\n" @@ -5317,7 +5378,7 @@ msgstr "" "enumerate = False\n" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4502 +#: sssd.conf.5.xml:4548 msgid "" "1. The following example shows a typical SSSD config. It does not describe " "configuration of the domains themselves - refer to documentation on " @@ -5326,7 +5387,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4539 +#: sssd.conf.5.xml:4585 #, no-wrap msgid "" "[domain/ipa.com/child.ad.com]\n" @@ -5334,7 +5395,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4533 +#: sssd.conf.5.xml:4579 msgid "" "2. The following example shows configuration of IPA AD trust where the AD " "forest consists of two domains in a parent-child structure. Suppose IPA " @@ -5345,7 +5406,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4550 +#: sssd.conf.5.xml:4596 #, no-wrap msgid "" "[certmap/my.domain/rule_name]\n" @@ -5356,7 +5417,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4544 +#: sssd.conf.5.xml:4590 msgid "" "3. The following example shows the configuration of a certificate mapping " "rule. It is valid for the configured domain <quote>my.domain</quote> and " @@ -17410,7 +17471,7 @@ msgstr "" #: include/ldap_id_mapping.xml:235 msgid "" "When this option is configured, domains will be allocated starting with " -"slice zero and increasing monatomically with each additional domain." +"slice zero and increasing monotonically with each additional domain." msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> diff --git a/src/man/po/pt_BR.po b/src/man/po/pt_BR.po index f8700b9af58..e3bd10dc153 100644 --- a/src/man/po/pt_BR.po +++ b/src/man/po/pt_BR.po @@ -4,7 +4,7 @@ msgid "" msgstr "" "Project-Id-Version: sssd-docs 2.3.0\n" "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" -"POT-Creation-Date: 2023-05-05 10:09+0200\n" +"POT-Creation-Date: 2023-09-07 11:47+0200\n" "PO-Revision-Date: 2017-01-29 10:11-0500\n" "Last-Translator: Rodrigo de Araujo Sousa Fonseca " "<rodrigodearaujo@fedoraproject.org>\n" @@ -201,8 +201,8 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:136 sssd.conf.5.xml:173 sssd.conf.5.xml:358 -#: sssd.conf.5.xml:714 sssd.conf.5.xml:729 sssd.conf.5.xml:951 -#: sssd.conf.5.xml:1069 sssd.conf.5.xml:2197 sssd-ldap.5.xml:1071 +#: sssd.conf.5.xml:714 sssd.conf.5.xml:729 sssd.conf.5.xml:952 +#: sssd.conf.5.xml:1070 sssd.conf.5.xml:2198 sssd-ldap.5.xml:1071 #: sssd-ldap.5.xml:1174 sssd-ldap.5.xml:1243 sssd-ldap.5.xml:1750 #: sssd-ldap.5.xml:1815 sssd-ipa.5.xml:342 sssd-ad.5.xml:252 sssd-ad.5.xml:366 #: sssd-ad.5.xml:1200 sssd-ad.5.xml:1348 sssd-krb5.5.xml:358 @@ -222,8 +222,8 @@ msgid "" msgstr "" #. type: Content of: <variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:149 sssd.conf.5.xml:652 sssd.conf.5.xml:948 -#: sssd.conf.5.xml:2100 sssd.conf.5.xml:2167 sssd.conf.5.xml:4128 +#: sssd.conf.5.xml:149 sssd.conf.5.xml:652 sssd.conf.5.xml:949 +#: sssd.conf.5.xml:2101 sssd.conf.5.xml:2168 sssd.conf.5.xml:4174 #: sssd-ldap.5.xml:312 sssd-ldap.5.xml:917 sssd-ldap.5.xml:936 #: sssd-ldap.5.xml:1146 sssd-ldap.5.xml:1599 sssd-ldap.5.xml:1839 #: sssd-ipa.5.xml:152 sssd-ipa.5.xml:254 sssd-ipa.5.xml:657 sssd-ad.5.xml:1106 @@ -291,8 +291,8 @@ msgid "" msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:196 sssd.conf.5.xml:1289 sssd.conf.5.xml:1766 -#: sssd.conf.5.xml:4144 sssd-ldap.5.xml:765 include/ldap_id_mapping.xml:270 +#: sssd.conf.5.xml:196 sssd.conf.5.xml:1290 sssd.conf.5.xml:1767 +#: sssd.conf.5.xml:4190 sssd-ldap.5.xml:765 include/ldap_id_mapping.xml:270 msgid "Default: 10" msgstr "" @@ -356,19 +356,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:258 sssd.conf.5.xml:783 +#: sssd.conf.5.xml:258 sssd.conf.5.xml:784 msgid "reconnection_retries (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:261 sssd.conf.5.xml:786 +#: sssd.conf.5.xml:261 sssd.conf.5.xml:787 msgid "" "Number of times services should attempt to reconnect in the event of a Data " "Provider crash or restart before they give up" msgstr "" #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:266 sssd.conf.5.xml:791 sssd.conf.5.xml:3708 +#: sssd.conf.5.xml:266 sssd.conf.5.xml:792 sssd.conf.5.xml:3709 #: include/failover.xml:100 msgid "Default: 3" msgstr "" @@ -390,7 +390,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:287 sssd.conf.5.xml:3540 +#: sssd.conf.5.xml:287 sssd.conf.5.xml:3541 msgid "re_expression (string)" msgstr "" @@ -410,12 +410,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:304 sssd.conf.5.xml:3597 +#: sssd.conf.5.xml:304 sssd.conf.5.xml:3598 msgid "full_name_format (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:307 sssd.conf.5.xml:3600 +#: sssd.conf.5.xml:307 sssd.conf.5.xml:3601 msgid "" "A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</" "manvolnum> </citerefentry>-compatible format that describes how to compose a " @@ -423,39 +423,39 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:318 sssd.conf.5.xml:3611 +#: sssd.conf.5.xml:318 sssd.conf.5.xml:3612 msgid "%1$s" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:319 sssd.conf.5.xml:3612 +#: sssd.conf.5.xml:319 sssd.conf.5.xml:3613 msgid "user name" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:322 sssd.conf.5.xml:3615 +#: sssd.conf.5.xml:322 sssd.conf.5.xml:3616 msgid "%2$s" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:325 sssd.conf.5.xml:3618 +#: sssd.conf.5.xml:325 sssd.conf.5.xml:3619 msgid "domain name as specified in the SSSD config file." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:331 sssd.conf.5.xml:3624 +#: sssd.conf.5.xml:331 sssd.conf.5.xml:3625 msgid "%3$s" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:334 sssd.conf.5.xml:3627 +#: sssd.conf.5.xml:334 sssd.conf.5.xml:3628 msgid "" "domain flat name. Mostly usable for Active Directory domains, both directly " "configured or discovered via IPA trusts." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:315 sssd.conf.5.xml:3608 +#: sssd.conf.5.xml:315 sssd.conf.5.xml:3609 msgid "" "The following expansions are supported: <placeholder type=\"variablelist\" " "id=\"0\"/>" @@ -869,7 +869,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:700 sssd.conf.5.xml:1790 sssd.conf.5.xml:4194 +#: sssd.conf.5.xml:700 sssd.conf.5.xml:1791 sssd.conf.5.xml:4240 #: sssd-ad.5.xml:187 sssd-ad.5.xml:327 sssd-ad.5.xml:341 msgid "Default: Not set" msgstr "" @@ -914,11 +914,11 @@ msgstr "" #: sssd.conf.5.xml:744 msgid "" "Enable or disable the user verification (i.e. PIN, fingerprint) during " -"authentication." +"authentication. If enabled, the PIN will always be requested." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:749 +#: sssd.conf.5.xml:750 msgid "" "The default is that the key settings decide what to do. In the IPA or " "kerberos pre-authentication case, this value will be overwritten by the " @@ -945,12 +945,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:768 +#: sssd.conf.5.xml:769 msgid "SERVICES SECTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:770 +#: sssd.conf.5.xml:771 msgid "" "Settings that can be used to configure different services are described in " "this section. They should reside in the [<replaceable>$NAME</replaceable>] " @@ -959,22 +959,22 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:777 +#: sssd.conf.5.xml:778 msgid "General service configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:779 +#: sssd.conf.5.xml:780 msgid "These options can be used to configure any service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:796 +#: sssd.conf.5.xml:797 msgid "fd_limit" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:799 +#: sssd.conf.5.xml:800 msgid "" "This option specifies the maximum number of file descriptors that may be " "opened at one time by this SSSD process. On systems where SSSD is granted " @@ -984,17 +984,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:808 +#: sssd.conf.5.xml:809 msgid "Default: 8192 (or limits.conf \"hard\" limit)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:813 +#: sssd.conf.5.xml:814 msgid "client_idle_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:816 +#: sssd.conf.5.xml:817 msgid "" "This option specifies the number of seconds that a client of an SSSD process " "can hold onto a file descriptor without communicating on it. This value is " @@ -1004,17 +1004,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:825 +#: sssd.conf.5.xml:826 msgid "Default: 60, KCM: 300" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:830 +#: sssd.conf.5.xml:831 msgid "offline_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:833 +#: sssd.conf.5.xml:834 msgid "" "When SSSD switches to offline mode the amount of time before it tries to go " "back online will increase based upon the time spent disconnected. By " @@ -1025,14 +1025,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:844 sssd.conf.5.xml:900 +#: sssd.conf.5.xml:845 sssd.conf.5.xml:901 msgid "" "new_delay = Minimum(old_delay * 2, offline_timeout_max) + random[0..." "offline_timeout_random_offset]" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:847 +#: sssd.conf.5.xml:848 msgid "" "The offline_timeout default value is 60. The offline_timeout_max default " "value is 3600. The offline_timeout_random_offset default value is 30. The " @@ -1040,44 +1040,44 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:853 +#: sssd.conf.5.xml:854 msgid "" "Note that the maximum length of each interval is defined by " "offline_timeout_max (apart of random part)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:857 sssd.conf.5.xml:1200 sssd.conf.5.xml:1583 -#: sssd.conf.5.xml:1879 sssd-ldap.5.xml:494 +#: sssd.conf.5.xml:858 sssd.conf.5.xml:1201 sssd.conf.5.xml:1584 +#: sssd.conf.5.xml:1880 sssd-ldap.5.xml:494 msgid "Default: 60" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:862 +#: sssd.conf.5.xml:863 msgid "offline_timeout_max (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:865 +#: sssd.conf.5.xml:866 msgid "" "Controls by how much the time between attempts to go online can be " "incremented following unsuccessful attempts to go online." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:870 +#: sssd.conf.5.xml:871 msgid "A value of 0 disables the incrementing behaviour." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:873 +#: sssd.conf.5.xml:874 msgid "" "The value of this parameter should be set in correlation to offline_timeout " "parameter value." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:877 +#: sssd.conf.5.xml:878 msgid "" "With offline_timeout set to 60 (default value) there is no point in setting " "offlinet_timeout_max to less than 120 as it will saturate instantly. General " @@ -1086,58 +1086,58 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:883 +#: sssd.conf.5.xml:884 msgid "" "Although a value between 0 and offline_timeout may be specified, it has the " "effect of overriding the offline_timeout value so is of little use." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:888 +#: sssd.conf.5.xml:889 msgid "Default: 3600" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:893 +#: sssd.conf.5.xml:894 msgid "offline_timeout_random_offset (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:896 +#: sssd.conf.5.xml:897 msgid "" "When SSSD is in offline mode it keeps probing backend servers in specified " "time intervals:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:903 +#: sssd.conf.5.xml:904 msgid "" "This parameter controls the value of the random offset used for the above " "equation. Final random_offset value will be random number in range:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:908 +#: sssd.conf.5.xml:909 msgid "[0 - offline_timeout_random_offset]" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:911 +#: sssd.conf.5.xml:912 msgid "A value of 0 disables the random offset addition." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:914 +#: sssd.conf.5.xml:915 msgid "Default: 30" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:919 +#: sssd.conf.5.xml:920 msgid "responder_idle_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:922 +#: sssd.conf.5.xml:923 msgid "" "This option specifies the number of seconds that an SSSD responder process " "can be up without being used. This value is limited in order to avoid " @@ -1149,58 +1149,58 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:936 sssd.conf.5.xml:1213 sssd.conf.5.xml:2321 +#: sssd.conf.5.xml:937 sssd.conf.5.xml:1214 sssd.conf.5.xml:2322 #: sssd-ldap.5.xml:331 msgid "Default: 300" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:941 +#: sssd.conf.5.xml:942 msgid "cache_first" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:944 +#: sssd.conf.5.xml:945 msgid "" "This option specifies whether the responder should query all caches before " "querying the Data Providers." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:959 +#: sssd.conf.5.xml:960 msgid "NSS configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:961 +#: sssd.conf.5.xml:962 msgid "" "These options can be used to configure the Name Service Switch (NSS) service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:966 +#: sssd.conf.5.xml:967 msgid "enum_cache_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:969 +#: sssd.conf.5.xml:970 msgid "" "How many seconds should nss_sss cache enumerations (requests for info about " "all users)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:973 +#: sssd.conf.5.xml:974 msgid "Default: 120" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:978 +#: sssd.conf.5.xml:979 msgid "entry_cache_nowait_percentage (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:981 +#: sssd.conf.5.xml:982 msgid "" "The entry cache can be set to automatically update entries in the background " "if they are requested beyond a percentage of the entry_cache_timeout value " @@ -1208,7 +1208,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:987 +#: sssd.conf.5.xml:988 msgid "" "For example, if the domain's entry_cache_timeout is set to 30s and " "entry_cache_nowait_percentage is set to 50 (percent), entries that come in " @@ -1218,7 +1218,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:997 +#: sssd.conf.5.xml:998 msgid "" "Valid values for this option are 0-99 and represent a percentage of the " "entry_cache_timeout for each domain. For performance reasons, this " @@ -1227,17 +1227,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1005 sssd.conf.5.xml:2121 +#: sssd.conf.5.xml:1006 sssd.conf.5.xml:2122 msgid "Default: 50" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1010 +#: sssd.conf.5.xml:1011 msgid "entry_negative_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1013 +#: sssd.conf.5.xml:1014 msgid "" "Specifies for how many seconds nss_sss should cache negative cache hits " "(that is, queries for invalid database entries, like nonexistent ones) " @@ -1245,17 +1245,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1019 sssd.conf.5.xml:1778 sssd.conf.5.xml:2145 +#: sssd.conf.5.xml:1020 sssd.conf.5.xml:1779 sssd.conf.5.xml:2146 msgid "Default: 15" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1024 +#: sssd.conf.5.xml:1025 msgid "local_negative_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1027 +#: sssd.conf.5.xml:1028 msgid "" "Specifies for how many seconds nss_sss should keep local users and groups in " "negative cache before trying to look it up in the back end again. Setting " @@ -1263,17 +1263,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1033 +#: sssd.conf.5.xml:1034 msgid "Default: 14400 (4 hours)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1038 +#: sssd.conf.5.xml:1039 msgid "filter_users, filter_groups (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1041 +#: sssd.conf.5.xml:1042 msgid "" "Exclude certain users or groups from being fetched from the sss NSS " "database. This is particularly useful for system accounts. This option can " @@ -1282,7 +1282,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1049 +#: sssd.conf.5.xml:1050 msgid "" "NOTE: The filter_groups option doesn't affect inheritance of nested group " "members, since filtering happens after they are propagated for returning via " @@ -1291,41 +1291,41 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1057 +#: sssd.conf.5.xml:1058 msgid "Default: root" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1062 +#: sssd.conf.5.xml:1063 msgid "filter_users_in_groups (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1065 +#: sssd.conf.5.xml:1066 msgid "" "If you want filtered user still be group members set this option to false." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1076 +#: sssd.conf.5.xml:1077 msgid "fallback_homedir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1079 +#: sssd.conf.5.xml:1080 msgid "" "Set a default template for a user's home directory if one is not specified " "explicitly by the domain's data provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1084 +#: sssd.conf.5.xml:1085 msgid "" "The available values for this option are the same as for override_homedir." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1090 +#: sssd.conf.5.xml:1091 #, no-wrap msgid "" "fallback_homedir = /home/%u\n" @@ -1333,23 +1333,23 @@ msgid "" msgstr "" #. type: Content of: <varlistentry><listitem><para> -#: sssd.conf.5.xml:1088 sssd.conf.5.xml:1650 sssd.conf.5.xml:1669 -#: sssd.conf.5.xml:1746 sssd-krb5.5.xml:451 include/override_homedir.xml:66 +#: sssd.conf.5.xml:1089 sssd.conf.5.xml:1651 sssd.conf.5.xml:1670 +#: sssd.conf.5.xml:1747 sssd-krb5.5.xml:451 include/override_homedir.xml:66 msgid "example: <placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1094 +#: sssd.conf.5.xml:1095 msgid "Default: not set (no substitution for unset home directories)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1100 +#: sssd.conf.5.xml:1101 msgid "override_shell (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1103 +#: sssd.conf.5.xml:1104 msgid "" "Override the login shell for all users. This option supersedes any other " "shell options if it takes effect and can be set either in the [nss] section " @@ -1357,47 +1357,47 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1109 +#: sssd.conf.5.xml:1110 msgid "Default: not set (SSSD will use the value retrieved from LDAP)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1115 +#: sssd.conf.5.xml:1116 msgid "allowed_shells (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1118 +#: sssd.conf.5.xml:1119 msgid "" "Restrict user shell to one of the listed values. The order of evaluation is:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1121 +#: sssd.conf.5.xml:1122 msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1125 +#: sssd.conf.5.xml:1126 msgid "" "2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</" "quote>, use the value of the shell_fallback parameter." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1130 +#: sssd.conf.5.xml:1131 msgid "" "3. If the shell is not in the allowed_shells list and not in <quote>/etc/" "shells</quote>, a nologin shell is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1135 +#: sssd.conf.5.xml:1136 msgid "The wildcard (*) can be used to allow any shell." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1138 +#: sssd.conf.5.xml:1139 msgid "" "The (*) is useful if you want to use shell_fallback in case that user's " "shell is not in <quote>/etc/shells</quote> and maintaining list of all " @@ -1405,113 +1405,113 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1145 +#: sssd.conf.5.xml:1146 msgid "An empty string for shell is passed as-is to libc." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1148 +#: sssd.conf.5.xml:1149 msgid "" "The <quote>/etc/shells</quote> is only read on SSSD start up, which means " "that a restart of the SSSD is required in case a new shell is installed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1152 +#: sssd.conf.5.xml:1153 msgid "Default: Not set. The user shell is automatically used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1157 +#: sssd.conf.5.xml:1158 msgid "vetoed_shells (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1160 +#: sssd.conf.5.xml:1161 msgid "Replace any instance of these shells with the shell_fallback" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1165 +#: sssd.conf.5.xml:1166 msgid "shell_fallback (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1168 +#: sssd.conf.5.xml:1169 msgid "" "The default shell to use if an allowed shell is not installed on the machine." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1172 +#: sssd.conf.5.xml:1173 msgid "Default: /bin/sh" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1177 +#: sssd.conf.5.xml:1178 msgid "default_shell" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1180 +#: sssd.conf.5.xml:1181 msgid "" "The default shell to use if the provider does not return one during lookup. " "This option can be specified globally in the [nss] section or per-domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1186 +#: sssd.conf.5.xml:1187 msgid "" "Default: not set (Return NULL if no shell is specified and rely on libc to " "substitute something sensible when necessary, usually /bin/sh)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1193 sssd.conf.5.xml:1576 +#: sssd.conf.5.xml:1194 sssd.conf.5.xml:1577 msgid "get_domains_timeout (int)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1196 sssd.conf.5.xml:1579 +#: sssd.conf.5.xml:1197 sssd.conf.5.xml:1580 msgid "" "Specifies time in seconds for which the list of subdomains will be " "considered valid." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1205 +#: sssd.conf.5.xml:1206 msgid "memcache_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1208 +#: sssd.conf.5.xml:1209 msgid "" "Specifies time in seconds for which records in the in-memory cache will be " "valid. Setting this option to zero will disable the in-memory cache." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1216 +#: sssd.conf.5.xml:1217 msgid "" "WARNING: Disabling the in-memory cache will have significant negative impact " "on SSSD's performance and should only be used for testing." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1222 sssd.conf.5.xml:1247 sssd.conf.5.xml:1272 -#: sssd.conf.5.xml:1297 sssd.conf.5.xml:1324 +#: sssd.conf.5.xml:1223 sssd.conf.5.xml:1248 sssd.conf.5.xml:1273 +#: sssd.conf.5.xml:1298 sssd.conf.5.xml:1325 msgid "" "NOTE: If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", " "client applications will not use the fast in-memory cache." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1230 +#: sssd.conf.5.xml:1231 msgid "memcache_size_passwd (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1233 +#: sssd.conf.5.xml:1234 msgid "" "Size (in megabytes) of the data table allocated inside fast in-memory cache " "for passwd requests. Setting the size to 0 will disable the passwd in-" @@ -1519,25 +1519,25 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1239 sssd.conf.5.xml:2963 sssd-ldap.5.xml:548 +#: sssd.conf.5.xml:1240 sssd.conf.5.xml:2964 sssd-ldap.5.xml:548 msgid "Default: 8" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1242 sssd.conf.5.xml:1267 sssd.conf.5.xml:1292 -#: sssd.conf.5.xml:1319 +#: sssd.conf.5.xml:1243 sssd.conf.5.xml:1268 sssd.conf.5.xml:1293 +#: sssd.conf.5.xml:1320 msgid "" "WARNING: Disabled or too small in-memory cache can have significant negative " "impact on SSSD's performance." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1255 +#: sssd.conf.5.xml:1256 msgid "memcache_size_group (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1258 +#: sssd.conf.5.xml:1259 msgid "" "Size (in megabytes) of the data table allocated inside fast in-memory cache " "for group requests. Setting the size to 0 will disable the group in-memory " @@ -1545,19 +1545,19 @@ msgid "" msgstr "" #. type: Content of: <variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1264 sssd.conf.5.xml:1316 sssd.conf.5.xml:3729 +#: sssd.conf.5.xml:1265 sssd.conf.5.xml:1317 sssd.conf.5.xml:3730 #: sssd-ldap.5.xml:473 sssd-ldap.5.xml:525 include/failover.xml:116 #: include/krb5_options.xml:11 msgid "Default: 6" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1280 +#: sssd.conf.5.xml:1281 msgid "memcache_size_initgroups (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1283 +#: sssd.conf.5.xml:1284 msgid "" "Size (in megabytes) of the data table allocated inside fast in-memory cache " "for initgroups requests. Setting the size to 0 will disable the initgroups " @@ -1565,12 +1565,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1305 +#: sssd.conf.5.xml:1306 msgid "memcache_size_sid (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1308 +#: sssd.conf.5.xml:1309 msgid "" "Size (in megabytes) of the data table allocated inside fast in-memory cache " "for SID related requests. Only SID-by-ID and ID-by-SID requests are " @@ -1579,12 +1579,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1332 sssd-ifp.5.xml:90 +#: sssd.conf.5.xml:1333 sssd-ifp.5.xml:90 msgid "user_attributes (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1335 +#: sssd.conf.5.xml:1336 msgid "" "Some of the additional NSS responder requests can return more attributes " "than just the POSIX ones defined by the NSS interface. The list of " @@ -1595,43 +1595,43 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1348 +#: sssd.conf.5.xml:1349 msgid "" "To make configuration more easy the NSS responder will check the InfoPipe " "option if it is not set for the NSS responder." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1353 +#: sssd.conf.5.xml:1354 msgid "Default: not set, fallback to InfoPipe option" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1358 +#: sssd.conf.5.xml:1359 msgid "pwfield (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1361 +#: sssd.conf.5.xml:1362 msgid "" "The value that NSS operations that return users or groups will return for " "the <quote>password</quote> field." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1366 +#: sssd.conf.5.xml:1367 msgid "Default: <quote>*</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1369 +#: sssd.conf.5.xml:1370 msgid "" "Note: This option can also be set per-domain which overwrites the value in " "[nss] section." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1373 +#: sssd.conf.5.xml:1374 msgid "" "Default: <quote>not set</quote> (remote domains), <phrase " "condition=\"with_files_provider\"> <quote>x</quote> (the files domain), </" @@ -1640,60 +1640,60 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:1385 +#: sssd.conf.5.xml:1386 msgid "PAM configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:1387 +#: sssd.conf.5.xml:1388 msgid "" "These options can be used to configure the Pluggable Authentication Module " "(PAM) service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1392 +#: sssd.conf.5.xml:1393 msgid "offline_credentials_expiration (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1395 +#: sssd.conf.5.xml:1396 msgid "" "If the authentication provider is offline, how long should we allow cached " "logins (in days since the last successful online login)." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1400 sssd.conf.5.xml:1413 +#: sssd.conf.5.xml:1401 sssd.conf.5.xml:1414 msgid "Default: 0 (No limit)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1406 +#: sssd.conf.5.xml:1407 msgid "offline_failed_login_attempts (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1409 +#: sssd.conf.5.xml:1410 msgid "" "If the authentication provider is offline, how many failed login attempts " "are allowed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1419 +#: sssd.conf.5.xml:1420 msgid "offline_failed_login_delay (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1422 +#: sssd.conf.5.xml:1423 msgid "" "The time in minutes which has to pass after offline_failed_login_attempts " "has been reached before a new login attempt is possible." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1427 +#: sssd.conf.5.xml:1428 msgid "" "If set to 0 the user cannot authenticate offline if " "offline_failed_login_attempts has been reached. Only a successful online " @@ -1701,59 +1701,59 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1433 sssd.conf.5.xml:1543 +#: sssd.conf.5.xml:1434 sssd.conf.5.xml:1544 msgid "Default: 5" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1439 +#: sssd.conf.5.xml:1440 msgid "pam_verbosity (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1442 +#: sssd.conf.5.xml:1443 msgid "" "Controls what kind of messages are shown to the user during authentication. " "The higher the number to more messages are displayed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1447 +#: sssd.conf.5.xml:1448 msgid "Currently sssd supports the following values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1450 +#: sssd.conf.5.xml:1451 msgid "<emphasis>0</emphasis>: do not show any message" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1453 +#: sssd.conf.5.xml:1454 msgid "<emphasis>1</emphasis>: show only important messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1457 +#: sssd.conf.5.xml:1458 msgid "<emphasis>2</emphasis>: show informational messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1460 +#: sssd.conf.5.xml:1461 msgid "<emphasis>3</emphasis>: show all messages and debug information" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1464 sssd.8.xml:63 +#: sssd.conf.5.xml:1465 sssd.8.xml:63 msgid "Default: 1" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1470 +#: sssd.conf.5.xml:1471 msgid "pam_response_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1473 +#: sssd.conf.5.xml:1474 msgid "" "A comma separated list of strings which allows to remove (filter) data sent " "by the PAM responder to pam_sss PAM module. There are different kind of " @@ -1762,51 +1762,51 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1481 +#: sssd.conf.5.xml:1482 msgid "" "While messages already can be controlled with the help of the pam_verbosity " "option this option allows to filter out other kind of responses as well." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1488 +#: sssd.conf.5.xml:1489 msgid "ENV" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1489 +#: sssd.conf.5.xml:1490 msgid "Do not send any environment variables to any service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1492 +#: sssd.conf.5.xml:1493 msgid "ENV:var_name" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1493 +#: sssd.conf.5.xml:1494 msgid "Do not send environment variable var_name to any service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1497 +#: sssd.conf.5.xml:1498 msgid "ENV:var_name:service" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1498 +#: sssd.conf.5.xml:1499 msgid "Do not send environment variable var_name to service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1486 +#: sssd.conf.5.xml:1487 msgid "" "Currently the following filters are supported: <placeholder " "type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1505 +#: sssd.conf.5.xml:1506 msgid "" "The list of strings can either be the list of filters which would set this " "list of filters and overwrite the defaults. Or each element of the list can " @@ -1817,23 +1817,23 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1516 +#: sssd.conf.5.xml:1517 msgid "Default: ENV:KRB5CCNAME:sudo, ENV:KRB5CCNAME:sudo-i" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1519 +#: sssd.conf.5.xml:1520 msgid "" "Example: -ENV:KRB5CCNAME:sudo-i will remove the filter from the default list" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1526 +#: sssd.conf.5.xml:1527 msgid "pam_id_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1529 +#: sssd.conf.5.xml:1530 msgid "" "For any PAM request while SSSD is online, the SSSD will attempt to " "immediately update the cached identity information for the user in order to " @@ -1841,7 +1841,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1535 +#: sssd.conf.5.xml:1536 msgid "" "A complete PAM conversation may perform multiple PAM requests, such as " "account management and session opening. This option controls (on a per-" @@ -1850,17 +1850,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1549 +#: sssd.conf.5.xml:1550 msgid "pam_pwd_expiration_warning (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1552 sssd.conf.5.xml:2987 +#: sssd.conf.5.xml:1553 sssd.conf.5.xml:2988 msgid "Display a warning N days before the password expires." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1555 +#: sssd.conf.5.xml:1556 msgid "" "Please note that the backend server has to provide information about the " "expiration time of the password. If this information is missing, sssd " @@ -1868,31 +1868,31 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1561 sssd.conf.5.xml:2990 +#: sssd.conf.5.xml:1562 sssd.conf.5.xml:2991 msgid "" "If zero is set, then this filter is not applied, i.e. if the expiration " "warning was received from backend server, it will automatically be displayed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1566 +#: sssd.conf.5.xml:1567 msgid "" "This setting can be overridden by setting <emphasis>pwd_expiration_warning</" "emphasis> for a particular domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1571 sssd.conf.5.xml:3976 sssd-ldap.5.xml:606 sssd.8.xml:79 +#: sssd.conf.5.xml:1572 sssd.conf.5.xml:3977 sssd-ldap.5.xml:606 sssd.8.xml:79 msgid "Default: 0" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1588 +#: sssd.conf.5.xml:1589 msgid "pam_trusted_users (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1591 +#: sssd.conf.5.xml:1592 msgid "" "Specifies the comma-separated list of UID values or user names that are " "allowed to run PAM conversations against trusted domains. Users not " @@ -1902,75 +1902,75 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1601 +#: sssd.conf.5.xml:1602 msgid "Default: All users are considered trusted by default" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1605 +#: sssd.conf.5.xml:1606 msgid "" "Please note that UID 0 is always allowed to access the PAM responder even in " "case it is not in the pam_trusted_users list." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1612 +#: sssd.conf.5.xml:1613 msgid "pam_public_domains (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1615 +#: sssd.conf.5.xml:1616 msgid "" "Specifies the comma-separated list of domain names that are accessible even " "to untrusted users." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1619 +#: sssd.conf.5.xml:1620 msgid "Two special values for pam_public_domains option are defined:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1623 +#: sssd.conf.5.xml:1624 msgid "" "all (Untrusted users are allowed to access all domains in PAM responder.)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1627 +#: sssd.conf.5.xml:1628 msgid "" "none (Untrusted users are not allowed to access any domains PAM in " "responder.)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1631 sssd.conf.5.xml:1656 sssd.conf.5.xml:1675 -#: sssd.conf.5.xml:1912 sssd.conf.5.xml:2732 sssd.conf.5.xml:3905 +#: sssd.conf.5.xml:1632 sssd.conf.5.xml:1657 sssd.conf.5.xml:1676 +#: sssd.conf.5.xml:1913 sssd.conf.5.xml:2733 sssd.conf.5.xml:3906 #: sssd-ldap.5.xml:1207 msgid "Default: none" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1636 +#: sssd.conf.5.xml:1637 msgid "pam_account_expired_message (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1639 +#: sssd.conf.5.xml:1640 msgid "" "Allows a custom expiration message to be set, replacing the default " "'Permission denied' message." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1644 +#: sssd.conf.5.xml:1645 msgid "" "Note: Please be aware that message is only printed for the SSH service " "unless pam_verbosity is set to 3 (show all messages and debug information)." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1652 +#: sssd.conf.5.xml:1653 #, no-wrap msgid "" "pam_account_expired_message = Account expired, please contact help desk.\n" @@ -1978,19 +1978,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1661 +#: sssd.conf.5.xml:1662 msgid "pam_account_locked_message (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1664 +#: sssd.conf.5.xml:1665 msgid "" "Allows a custom lockout message to be set, replacing the default 'Permission " "denied' message." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1671 +#: sssd.conf.5.xml:1672 #, no-wrap msgid "" "pam_account_locked_message = Account locked, please contact help desk.\n" @@ -1998,17 +1998,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1680 +#: sssd.conf.5.xml:1681 msgid "pam_passkey_auth (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1683 +#: sssd.conf.5.xml:1684 msgid "Enable passkey device based authentication." msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1686 sssd.conf.5.xml:1697 sssd.conf.5.xml:1711 +#: sssd.conf.5.xml:1687 sssd.conf.5.xml:1698 sssd.conf.5.xml:1712 #: sssd-ldap.5.xml:671 sssd-ldap.5.xml:692 sssd-ldap.5.xml:788 #: sssd-ldap.5.xml:1293 sssd-ad.5.xml:505 sssd-ad.5.xml:581 sssd-ad.5.xml:1126 #: sssd-ad.5.xml:1175 include/ldap_id_mapping.xml:250 @@ -2016,22 +2016,22 @@ msgid "Default: False" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1691 +#: sssd.conf.5.xml:1692 msgid "passkey_debug_libfido2 (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1694 +#: sssd.conf.5.xml:1695 msgid "Enable libfido2 library debug messages." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1702 +#: sssd.conf.5.xml:1703 msgid "pam_cert_auth (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1705 +#: sssd.conf.5.xml:1706 msgid "" "Enable certificate based Smartcard authentication. Since this requires " "additional communication with the Smartcard which will delay the " @@ -2039,34 +2039,34 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1716 +#: sssd.conf.5.xml:1717 msgid "pam_cert_db_path (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1719 +#: sssd.conf.5.xml:1720 msgid "The path to the certificate database." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1722 sssd.conf.5.xml:2247 sssd.conf.5.xml:4308 +#: sssd.conf.5.xml:1723 sssd.conf.5.xml:2248 sssd.conf.5.xml:4354 msgid "Default:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1724 sssd.conf.5.xml:2249 +#: sssd.conf.5.xml:1725 sssd.conf.5.xml:2250 msgid "" "/etc/sssd/pki/sssd_auth_ca_db.pem (path to a file with trusted CA " "certificates in PEM format)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1734 +#: sssd.conf.5.xml:1735 msgid "pam_cert_verification (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1737 +#: sssd.conf.5.xml:1738 msgid "" "With this parameter the PAM certificate verification can be tuned with a " "comma separated list of options that override the " @@ -2076,7 +2076,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1748 +#: sssd.conf.5.xml:1749 #, no-wrap msgid "" "pam_cert_verification = partial_chain\n" @@ -2084,59 +2084,59 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1752 +#: sssd.conf.5.xml:1753 msgid "" "Default: not set, i.e. use default <quote>certificate_verification</quote> " "option defined in <quote>[sssd]</quote> section." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1759 +#: sssd.conf.5.xml:1760 msgid "p11_child_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1762 +#: sssd.conf.5.xml:1763 msgid "How many seconds will pam_sss wait for p11_child to finish." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1771 +#: sssd.conf.5.xml:1772 msgid "passkey_child_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1774 +#: sssd.conf.5.xml:1775 msgid "" "How many seconds will the PAM responder wait for passkey_child to finish." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1783 +#: sssd.conf.5.xml:1784 msgid "pam_app_services (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1786 +#: sssd.conf.5.xml:1787 msgid "" "Which PAM services are permitted to contact domains of type " "<quote>application</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1795 +#: sssd.conf.5.xml:1796 msgid "pam_p11_allowed_services (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1798 +#: sssd.conf.5.xml:1799 msgid "" "A comma-separated list of PAM service names for which it will be allowed to " "use Smartcards." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1813 +#: sssd.conf.5.xml:1814 #, no-wrap msgid "" "pam_p11_allowed_services = +my_pam_service, -login\n" @@ -2144,7 +2144,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1802 +#: sssd.conf.5.xml:1803 msgid "" "It is possible to add another PAM service name to the default set by using " "<quote>+service_name</quote> or to explicitly remove a PAM service name from " @@ -2156,63 +2156,63 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1817 sssd-ad.5.xml:644 sssd-ad.5.xml:753 sssd-ad.5.xml:811 +#: sssd.conf.5.xml:1818 sssd-ad.5.xml:644 sssd-ad.5.xml:753 sssd-ad.5.xml:811 #: sssd-ad.5.xml:869 sssd-ad.5.xml:947 msgid "Default: the default set of PAM service names includes:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1822 sssd-ad.5.xml:648 +#: sssd.conf.5.xml:1823 sssd-ad.5.xml:648 msgid "login" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1827 sssd-ad.5.xml:653 +#: sssd.conf.5.xml:1828 sssd-ad.5.xml:653 msgid "su" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1832 sssd-ad.5.xml:658 +#: sssd.conf.5.xml:1833 sssd-ad.5.xml:658 msgid "su-l" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1837 sssd-ad.5.xml:673 +#: sssd.conf.5.xml:1838 sssd-ad.5.xml:673 msgid "gdm-smartcard" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1842 sssd-ad.5.xml:668 +#: sssd.conf.5.xml:1843 sssd-ad.5.xml:668 msgid "gdm-password" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1847 sssd-ad.5.xml:678 +#: sssd.conf.5.xml:1848 sssd-ad.5.xml:678 msgid "kdm" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1852 sssd-ad.5.xml:956 +#: sssd.conf.5.xml:1853 sssd-ad.5.xml:956 msgid "sudo" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1857 sssd-ad.5.xml:961 +#: sssd.conf.5.xml:1858 sssd-ad.5.xml:961 msgid "sudo-i" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1862 +#: sssd.conf.5.xml:1863 msgid "gnome-screensaver" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1870 +#: sssd.conf.5.xml:1871 msgid "p11_wait_for_card_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1873 +#: sssd.conf.5.xml:1874 msgid "" "If Smartcard authentication is required how many extra seconds in addition " "to p11_child_timeout should the PAM responder wait until a Smartcard is " @@ -2220,12 +2220,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1884 +#: sssd.conf.5.xml:1885 msgid "p11_uri (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1887 +#: sssd.conf.5.xml:1888 msgid "" "PKCS#11 URI (see RFC-7512 for details) which can be used to restrict the " "selection of devices used for Smartcard authentication. By default SSSD's " @@ -2236,7 +2236,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1900 +#: sssd.conf.5.xml:1901 #, no-wrap msgid "" "p11_uri = pkcs11:slot-description=My%20Smartcard%20Reader\n" @@ -2244,7 +2244,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1904 +#: sssd.conf.5.xml:1905 #, no-wrap msgid "" "p11_uri = pkcs11:library-description=OpenSC%20smartcard%20framework;slot-id=2\n" @@ -2252,7 +2252,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1898 +#: sssd.conf.5.xml:1899 msgid "" "Example: <placeholder type=\"programlisting\" id=\"0\"/> or <placeholder " "type=\"programlisting\" id=\"1\"/> To find suitable URI please check the " @@ -2261,47 +2261,47 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1917 +#: sssd.conf.5.xml:1918 msgid "pam_initgroups_scheme" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1925 +#: sssd.conf.5.xml:1926 msgid "always" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1926 +#: sssd.conf.5.xml:1927 msgid "" "Always do an online lookup, please note that pam_id_timeout still applies" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1930 +#: sssd.conf.5.xml:1931 msgid "no_session" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1931 +#: sssd.conf.5.xml:1932 msgid "" "Only do an online lookup if there is no active session of the user, i.e. if " "the user is currently not logged in" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1936 +#: sssd.conf.5.xml:1937 msgid "never" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1937 +#: sssd.conf.5.xml:1938 msgid "" "Never force an online lookup, use the data from the cache as long as they " "are not expired" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1920 +#: sssd.conf.5.xml:1921 msgid "" "The PAM responder can force an online lookup to get the current group " "memberships of the user trying to log in. This option controls when this " @@ -2310,30 +2310,30 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1944 +#: sssd.conf.5.xml:1945 msgid "Default: no_session" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1949 sssd.conf.5.xml:4247 +#: sssd.conf.5.xml:1950 sssd.conf.5.xml:4293 msgid "pam_gssapi_services" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1952 +#: sssd.conf.5.xml:1953 msgid "" "Comma separated list of PAM services that are allowed to try GSSAPI " "authentication using pam_sss_gss.so module." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1957 +#: sssd.conf.5.xml:1958 msgid "" "To disable GSSAPI authentication, set this option to <quote>-</quote> (dash)." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1961 sssd.conf.5.xml:1992 sssd.conf.5.xml:2030 +#: sssd.conf.5.xml:1962 sssd.conf.5.xml:1993 sssd.conf.5.xml:2031 msgid "" "Note: This option can also be set per-domain which overwrites the value in " "[pam] section. It can also be set for trusted domain which overwrites the " @@ -2341,7 +2341,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1969 +#: sssd.conf.5.xml:1970 #, no-wrap msgid "" "pam_gssapi_services = sudo, sudo-i\n" @@ -2349,22 +2349,22 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1967 sssd.conf.5.xml:3899 +#: sssd.conf.5.xml:1968 sssd.conf.5.xml:3900 msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1973 +#: sssd.conf.5.xml:1974 msgid "Default: - (GSSAPI authentication is disabled)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1978 sssd.conf.5.xml:4248 +#: sssd.conf.5.xml:1979 sssd.conf.5.xml:4294 msgid "pam_gssapi_check_upn" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1981 +#: sssd.conf.5.xml:1982 msgid "" "If True, SSSD will require that the Kerberos user principal that " "successfully authenticated through GSSAPI can be associated with the user " @@ -2372,25 +2372,25 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1988 +#: sssd.conf.5.xml:1989 msgid "" "If False, every user that is able to obtained required service ticket will " "be authenticated." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1998 sssd-ad.5.xml:1266 sss_rpcidmapd.5.xml:76 +#: sssd.conf.5.xml:1999 sssd-ad.5.xml:1266 sss_rpcidmapd.5.xml:76 #: sssd-files.5.xml:145 msgid "Default: True" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2003 +#: sssd.conf.5.xml:2004 msgid "pam_gssapi_indicators_map" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2006 +#: sssd.conf.5.xml:2007 msgid "" "Comma separated list of authentication indicators required to be present in " "a Kerberos ticket to access a PAM service that is allowed to try GSSAPI " @@ -2398,7 +2398,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2012 +#: sssd.conf.5.xml:2013 msgid "" "Each element of the list can be either an authentication indicator name or a " "pair <quote>service:indicator</quote>. Indicators not prefixed with the PAM " @@ -2413,7 +2413,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2025 +#: sssd.conf.5.xml:2026 msgid "" "To disable GSSAPI authentication indicator check, set this option to <quote>-" "</quote> (dash). To disable the check for a specific PAM service, add " @@ -2421,45 +2421,45 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2036 +#: sssd.conf.5.xml:2037 msgid "" "Following authentication indicators are supported by IPA Kerberos " "deployments:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2039 +#: sssd.conf.5.xml:2040 msgid "" "pkinit -- pre-authentication using X.509 certificates -- whether stored in " "files or on smart cards." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2042 +#: sssd.conf.5.xml:2043 msgid "" "hardened -- SPAKE pre-authentication or any pre-authentication wrapped in a " "FAST channel." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2045 +#: sssd.conf.5.xml:2046 msgid "radius -- pre-authentication with the help of a RADIUS server." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2048 +#: sssd.conf.5.xml:2049 msgid "" "otp -- pre-authentication using integrated two-factor authentication (2FA or " "one-time password, OTP) in IPA." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2051 +#: sssd.conf.5.xml:2052 msgid "idp -- pre-authentication using external identity provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:2061 +#: sssd.conf.5.xml:2062 #, no-wrap msgid "" "pam_gssapi_indicators_map = sudo:pkinit, sudo-i:pkinit\n" @@ -2467,7 +2467,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2056 +#: sssd.conf.5.xml:2057 msgid "" "Example: to require access to SUDO services only for users which obtained " "their Kerberos tickets with a X.509 certificate pre-authentication (PKINIT), " @@ -2475,17 +2475,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2065 +#: sssd.conf.5.xml:2066 msgid "Default: not set (use of authentication indicators is not required)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:2073 +#: sssd.conf.5.xml:2074 msgid "SUDO configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2075 +#: sssd.conf.5.xml:2076 msgid "" "These options can be used to configure the sudo service. The detailed " "instructions for configuration of <citerefentry> <refentrytitle>sudo</" @@ -2496,24 +2496,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2092 +#: sssd.conf.5.xml:2093 msgid "sudo_timed (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2095 +#: sssd.conf.5.xml:2096 msgid "" "Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes " "that implement time-dependent sudoers entries." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2107 +#: sssd.conf.5.xml:2108 msgid "sudo_threshold (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2110 +#: sssd.conf.5.xml:2111 msgid "" "Maximum number of expired rules that can be refreshed at once. If number of " "expired rules is below threshold, those rules are refreshed with " @@ -2523,22 +2523,22 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:2129 +#: sssd.conf.5.xml:2130 msgid "AUTOFS configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2131 +#: sssd.conf.5.xml:2132 msgid "These options can be used to configure the autofs service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2135 +#: sssd.conf.5.xml:2136 msgid "autofs_negative_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2138 +#: sssd.conf.5.xml:2139 msgid "" "Specifies for how many seconds should the autofs responder negative cache " "hits (that is, queries for invalid map entries, like nonexistent ones) " @@ -2546,51 +2546,51 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:2154 +#: sssd.conf.5.xml:2155 msgid "SSH configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2156 +#: sssd.conf.5.xml:2157 msgid "These options can be used to configure the SSH service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2160 +#: sssd.conf.5.xml:2161 msgid "ssh_hash_known_hosts (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2163 +#: sssd.conf.5.xml:2164 msgid "" "Whether or not to hash host names and addresses in the managed known_hosts " "file." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2172 +#: sssd.conf.5.xml:2173 msgid "ssh_known_hosts_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2175 +#: sssd.conf.5.xml:2176 msgid "" "How many seconds to keep a host in the managed known_hosts file after its " "host keys were requested." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2179 +#: sssd.conf.5.xml:2180 msgid "Default: 180" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2184 +#: sssd.conf.5.xml:2185 msgid "ssh_use_certificate_keys (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2187 +#: sssd.conf.5.xml:2188 msgid "" "If set to true the <command>sss_ssh_authorizedkeys</command> will return ssh " "keys derived from the public key of X.509 certificates stored in the user " @@ -2599,12 +2599,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2202 +#: sssd.conf.5.xml:2203 msgid "ssh_use_certificate_matching_rules (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2205 +#: sssd.conf.5.xml:2206 msgid "" "By default the ssh responder will use all available certificate matching " "rules to filter the certificates so that ssh keys are only derived from the " @@ -2614,7 +2614,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2214 +#: sssd.conf.5.xml:2215 msgid "" "There are two special key words 'all_rules' and 'no_rules' which will enable " "all or no rules, respectively. The latter means that no certificates will be " @@ -2622,7 +2622,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2221 +#: sssd.conf.5.xml:2222 msgid "" "If no rules are configured using 'all_rules' will enable a default rule " "which enables all certificates suitable for client authentication. This is " @@ -2631,38 +2631,38 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2228 +#: sssd.conf.5.xml:2229 msgid "" "A non-existing rule name is considered an error. If as a result no rule is " "selected all certificates will be ignored." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2233 +#: sssd.conf.5.xml:2234 msgid "" "Default: not set, equivalent to 'all_rules', all found rules or the default " "rule are used" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2239 +#: sssd.conf.5.xml:2240 msgid "ca_db (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2242 +#: sssd.conf.5.xml:2243 msgid "" "Path to a storage of trusted CA certificates. The option is used to validate " "user certificates before deriving public ssh keys from them." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:2262 +#: sssd.conf.5.xml:2263 msgid "PAC responder configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2264 +#: sssd.conf.5.xml:2265 msgid "" "The PAC responder works together with the authorization data plugin for MIT " "Kerberos sssd_pac_plugin.so and a sub-domain provider. The plugin sends the " @@ -2673,7 +2673,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2273 +#: sssd.conf.5.xml:2274 msgid "" "If the remote user does not exist in the cache, it is created. The UID is " "determined with the help of the SID, trusted domains will have UPGs and the " @@ -2684,24 +2684,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2281 +#: sssd.conf.5.xml:2282 msgid "" "If there are SIDs of groups from domains sssd knows about, the user will be " "added to those groups." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2287 +#: sssd.conf.5.xml:2288 msgid "These options can be used to configure the PAC responder." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2291 sssd-ifp.5.xml:66 +#: sssd.conf.5.xml:2292 sssd-ifp.5.xml:66 msgid "allowed_uids (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2294 +#: sssd.conf.5.xml:2295 msgid "" "Specifies the comma-separated list of UID values or user names that are " "allowed to access the PAC responder. User names are resolved to UIDs at " @@ -2709,12 +2709,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2300 +#: sssd.conf.5.xml:2301 msgid "Default: 0 (only the root user is allowed to access the PAC responder)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2304 +#: sssd.conf.5.xml:2305 msgid "" "Please note that although the UID 0 is used as the default it will be " "overwritten with this option. If you still want to allow the root user to " @@ -2723,24 +2723,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2313 +#: sssd.conf.5.xml:2314 msgid "pac_lifetime (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2316 +#: sssd.conf.5.xml:2317 msgid "" "Lifetime of the PAC entry in seconds. As long as the PAC is valid the PAC " "data can be used to determine the group memberships of a user." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2326 +#: sssd.conf.5.xml:2327 msgid "pac_check (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2329 +#: sssd.conf.5.xml:2330 msgid "" "Apply additional checks on the PAC of the Kerberos ticket which is available " "in Active Directory and FreeIPA domains, if configured. Please note that " @@ -2751,24 +2751,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2343 +#: sssd.conf.5.xml:2344 msgid "no_check" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2345 +#: sssd.conf.5.xml:2346 msgid "" "The PAC must not be present and even if it is present no additional checks " "will be done." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2351 +#: sssd.conf.5.xml:2352 msgid "pac_present" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2353 +#: sssd.conf.5.xml:2354 msgid "" "The PAC must be present in the service ticket which SSSD will request with " "the help of the user's TGT. If the PAC is not available the authentication " @@ -2776,24 +2776,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2361 +#: sssd.conf.5.xml:2362 msgid "check_upn" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2363 +#: sssd.conf.5.xml:2364 msgid "" "If the PAC is present check if the user principal name (UPN) information is " "consistent." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2369 +#: sssd.conf.5.xml:2370 msgid "check_upn_allow_missing" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2371 +#: sssd.conf.5.xml:2372 msgid "" "This option should be used together with 'check_upn' and handles the case " "where a UPN is set on the server-side but is not read by SSSD. The typical " @@ -2805,7 +2805,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2383 +#: sssd.conf.5.xml:2384 msgid "" "Currently this option is set by default to avoid regressions in such " "environments. A log message will be added to the system log and SSSD's debug " @@ -2816,60 +2816,60 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2397 +#: sssd.conf.5.xml:2398 msgid "upn_dns_info_present" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2399 +#: sssd.conf.5.xml:2400 msgid "The PAC must contain the UPN-DNS-INFO buffer, implies 'check_upn'." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2404 +#: sssd.conf.5.xml:2405 msgid "check_upn_dns_info_ex" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2406 +#: sssd.conf.5.xml:2407 msgid "" "If the PAC is present and the extension to the UPN-DNS-INFO buffer is " "available check if the information in the extension is consistent." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2413 +#: sssd.conf.5.xml:2414 msgid "upn_dns_info_ex_present" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2415 +#: sssd.conf.5.xml:2416 msgid "" "The PAC must contain the extension of the UPN-DNS-INFO buffer, implies " "'check_upn_dns_info_ex', 'upn_dns_info_present' and 'check_upn'." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2339 +#: sssd.conf.5.xml:2340 msgid "" "The following options can be used alone or in a comma-separated list: " "<placeholder type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2425 +#: sssd.conf.5.xml:2426 msgid "" "Default: no_check (AD and IPA provider 'check_upn, check_upn_allow_missing, " "check_upn_dns_info_ex')" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:2434 +#: sssd.conf.5.xml:2435 msgid "Session recording configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2436 +#: sssd.conf.5.xml:2437 msgid "" "Session recording works in conjunction with <citerefentry> " "<refentrytitle>tlog-rec-session</refentrytitle> <manvolnum>8</manvolnum> </" @@ -2879,66 +2879,66 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2449 +#: sssd.conf.5.xml:2450 msgid "These options can be used to configure session recording." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2453 sssd-session-recording.5.xml:64 +#: sssd.conf.5.xml:2454 sssd-session-recording.5.xml:64 msgid "scope (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2460 sssd-session-recording.5.xml:71 +#: sssd.conf.5.xml:2461 sssd-session-recording.5.xml:71 msgid "\"none\"" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2463 sssd-session-recording.5.xml:74 +#: sssd.conf.5.xml:2464 sssd-session-recording.5.xml:74 msgid "No users are recorded." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2468 sssd-session-recording.5.xml:79 +#: sssd.conf.5.xml:2469 sssd-session-recording.5.xml:79 msgid "\"some\"" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2471 sssd-session-recording.5.xml:82 +#: sssd.conf.5.xml:2472 sssd-session-recording.5.xml:82 msgid "" "Users/groups specified by <replaceable>users</replaceable> and " "<replaceable>groups</replaceable> options are recorded." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2480 sssd-session-recording.5.xml:91 +#: sssd.conf.5.xml:2481 sssd-session-recording.5.xml:91 msgid "\"all\"" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2483 sssd-session-recording.5.xml:94 +#: sssd.conf.5.xml:2484 sssd-session-recording.5.xml:94 msgid "All users are recorded." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2456 sssd-session-recording.5.xml:67 +#: sssd.conf.5.xml:2457 sssd-session-recording.5.xml:67 msgid "" "One of the following strings specifying the scope of session recording: " "<placeholder type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2490 sssd-session-recording.5.xml:101 +#: sssd.conf.5.xml:2491 sssd-session-recording.5.xml:101 msgid "Default: \"none\"" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2495 sssd-session-recording.5.xml:106 +#: sssd.conf.5.xml:2496 sssd-session-recording.5.xml:106 msgid "users (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2498 sssd-session-recording.5.xml:109 +#: sssd.conf.5.xml:2499 sssd-session-recording.5.xml:109 msgid "" "A comma-separated list of users which should have session recording enabled. " "Matches user names as returned by NSS. I.e. after the possible space " @@ -2946,17 +2946,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2504 sssd-session-recording.5.xml:115 +#: sssd.conf.5.xml:2505 sssd-session-recording.5.xml:115 msgid "Default: Empty. Matches no users." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2509 sssd-session-recording.5.xml:120 +#: sssd.conf.5.xml:2510 sssd-session-recording.5.xml:120 msgid "groups (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2512 sssd-session-recording.5.xml:123 +#: sssd.conf.5.xml:2513 sssd-session-recording.5.xml:123 msgid "" "A comma-separated list of groups, members of which should have session " "recording enabled. Matches group names as returned by NSS. I.e. after the " @@ -2964,7 +2964,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2518 sssd.conf.5.xml:2550 sssd-session-recording.5.xml:129 +#: sssd.conf.5.xml:2519 sssd.conf.5.xml:2551 sssd-session-recording.5.xml:129 #: sssd-session-recording.5.xml:161 msgid "" "NOTE: using this option (having it set to anything) has a considerable " @@ -2973,56 +2973,56 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2525 sssd-session-recording.5.xml:136 +#: sssd.conf.5.xml:2526 sssd-session-recording.5.xml:136 msgid "Default: Empty. Matches no groups." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2530 sssd-session-recording.5.xml:141 +#: sssd.conf.5.xml:2531 sssd-session-recording.5.xml:141 msgid "exclude_users (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2533 sssd-session-recording.5.xml:144 +#: sssd.conf.5.xml:2534 sssd-session-recording.5.xml:144 msgid "" "A comma-separated list of users to be excluded from recording, only " "applicable with 'scope=all'." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2537 sssd-session-recording.5.xml:148 +#: sssd.conf.5.xml:2538 sssd-session-recording.5.xml:148 msgid "Default: Empty. No users excluded." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2542 sssd-session-recording.5.xml:153 +#: sssd.conf.5.xml:2543 sssd-session-recording.5.xml:153 msgid "exclude_groups (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2545 sssd-session-recording.5.xml:156 +#: sssd.conf.5.xml:2546 sssd-session-recording.5.xml:156 msgid "" "A comma-separated list of groups, members of which should be excluded from " "recording. Only applicable with 'scope=all'." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2557 sssd-session-recording.5.xml:168 +#: sssd.conf.5.xml:2558 sssd-session-recording.5.xml:168 msgid "Default: Empty. No groups excluded." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:2567 +#: sssd.conf.5.xml:2568 msgid "DOMAIN SECTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2574 +#: sssd.conf.5.xml:2575 msgid "enabled" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2577 +#: sssd.conf.5.xml:2578 msgid "" "Explicitly enable or disable the domain. If <quote>true</quote>, the domain " "is always <quote>enabled</quote>. If <quote>false</quote>, the domain is " @@ -3032,12 +3032,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2589 +#: sssd.conf.5.xml:2590 msgid "domain_type (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2592 +#: sssd.conf.5.xml:2593 msgid "" "Specifies whether the domain is meant to be used by POSIX-aware clients such " "as the Name Service Switch or by applications that do not need POSIX data to " @@ -3046,14 +3046,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2600 +#: sssd.conf.5.xml:2601 msgid "" "Allowed values for this option are <quote>posix</quote> and " "<quote>application</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2604 +#: sssd.conf.5.xml:2605 msgid "" "POSIX domains are reachable by all services. Application domains are only " "reachable from the InfoPipe responder (see <citerefentry> " @@ -3062,38 +3062,38 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2612 +#: sssd.conf.5.xml:2613 msgid "" "NOTE: The application domains are currently well tested with " "<quote>id_provider=ldap</quote> only." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2616 +#: sssd.conf.5.xml:2617 msgid "" "For an easy way to configure a non-POSIX domains, please see the " "<quote>Application domains</quote> section." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2620 +#: sssd.conf.5.xml:2621 msgid "Default: posix" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2626 +#: sssd.conf.5.xml:2627 msgid "min_id,max_id (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2629 +#: sssd.conf.5.xml:2630 msgid "" "UID and GID limits for the domain. If a domain contains an entry that is " "outside these limits, it is ignored." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2634 +#: sssd.conf.5.xml:2635 msgid "" "For users, this affects the primary GID limit. The user will not be returned " "to NSS if either the UID or the primary GID is outside the range. For non-" @@ -3102,24 +3102,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2641 +#: sssd.conf.5.xml:2642 msgid "" "These ID limits affect even saving entries to cache, not only returning them " "by name or ID." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2645 +#: sssd.conf.5.xml:2646 msgid "Default: 1 for min_id, 0 (no limit) for max_id" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2651 +#: sssd.conf.5.xml:2652 msgid "enumerate (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2654 +#: sssd.conf.5.xml:2655 msgid "" "Determines if a domain can be enumerated, that is, whether the domain can " "list all the users and group it contains. Note that it is not required to " @@ -3128,29 +3128,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2662 +#: sssd.conf.5.xml:2663 msgid "TRUE = Users and groups are enumerated" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2665 +#: sssd.conf.5.xml:2666 msgid "FALSE = No enumerations for this domain" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2668 sssd.conf.5.xml:2942 sssd.conf.5.xml:3119 +#: sssd.conf.5.xml:2669 sssd.conf.5.xml:2943 sssd.conf.5.xml:3120 msgid "Default: FALSE" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2671 +#: sssd.conf.5.xml:2672 msgid "" "Enumerating a domain requires SSSD to download and store ALL user and group " "entries from the remote server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2676 +#: sssd.conf.5.xml:2677 msgid "" "Note: Enabling enumeration has a moderate performance impact on SSSD while " "enumeration is running. It may take up to several minutes after SSSD startup " @@ -3164,14 +3164,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2691 +#: sssd.conf.5.xml:2692 msgid "" "While the first enumeration is running, requests for the complete user or " "group lists may return no results until it completes." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2696 +#: sssd.conf.5.xml:2697 msgid "" "Further, enabling enumeration may increase the time necessary to detect " "network disconnection, as longer timeouts are required to ensure that " @@ -3180,39 +3180,39 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2704 +#: sssd.conf.5.xml:2705 msgid "" "For the reasons cited above, enabling enumeration is not recommended, " "especially in large environments." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2712 +#: sssd.conf.5.xml:2713 msgid "subdomain_enumerate (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2719 +#: sssd.conf.5.xml:2720 msgid "all" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2720 +#: sssd.conf.5.xml:2721 msgid "All discovered trusted domains will be enumerated" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2723 +#: sssd.conf.5.xml:2724 msgid "none" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2724 +#: sssd.conf.5.xml:2725 msgid "No discovered trusted domains will be enumerated" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2715 +#: sssd.conf.5.xml:2716 msgid "" "Whether any of autodetected trusted domains should be enumerated. The " "supported values are: <placeholder type=\"variablelist\" id=\"0\"/> " @@ -3221,19 +3221,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2738 +#: sssd.conf.5.xml:2739 msgid "entry_cache_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2741 +#: sssd.conf.5.xml:2742 msgid "" "How many seconds should nss_sss consider entries valid before asking the " "backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2745 +#: sssd.conf.5.xml:2746 msgid "" "The cache expiration timestamps are stored as attributes of individual " "objects in the cache. Therefore, changing the cache timeout only has effect " @@ -3244,139 +3244,139 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2758 +#: sssd.conf.5.xml:2759 msgid "Default: 5400" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2764 +#: sssd.conf.5.xml:2765 msgid "entry_cache_user_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2767 +#: sssd.conf.5.xml:2768 msgid "" "How many seconds should nss_sss consider user entries valid before asking " "the backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2771 sssd.conf.5.xml:2784 sssd.conf.5.xml:2797 -#: sssd.conf.5.xml:2810 sssd.conf.5.xml:2824 sssd.conf.5.xml:2837 -#: sssd.conf.5.xml:2851 sssd.conf.5.xml:2865 sssd.conf.5.xml:2878 +#: sssd.conf.5.xml:2772 sssd.conf.5.xml:2785 sssd.conf.5.xml:2798 +#: sssd.conf.5.xml:2811 sssd.conf.5.xml:2825 sssd.conf.5.xml:2838 +#: sssd.conf.5.xml:2852 sssd.conf.5.xml:2866 sssd.conf.5.xml:2879 msgid "Default: entry_cache_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2777 +#: sssd.conf.5.xml:2778 msgid "entry_cache_group_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2780 +#: sssd.conf.5.xml:2781 msgid "" "How many seconds should nss_sss consider group entries valid before asking " "the backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2790 +#: sssd.conf.5.xml:2791 msgid "entry_cache_netgroup_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2793 +#: sssd.conf.5.xml:2794 msgid "" "How many seconds should nss_sss consider netgroup entries valid before " "asking the backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2803 +#: sssd.conf.5.xml:2804 msgid "entry_cache_service_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2806 +#: sssd.conf.5.xml:2807 msgid "" "How many seconds should nss_sss consider service entries valid before asking " "the backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2816 +#: sssd.conf.5.xml:2817 msgid "entry_cache_resolver_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2819 +#: sssd.conf.5.xml:2820 msgid "" "How many seconds should nss_sss consider hosts and networks entries valid " "before asking the backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2830 +#: sssd.conf.5.xml:2831 msgid "entry_cache_sudo_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2833 +#: sssd.conf.5.xml:2834 msgid "" "How many seconds should sudo consider rules valid before asking the backend " "again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2843 +#: sssd.conf.5.xml:2844 msgid "entry_cache_autofs_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2846 +#: sssd.conf.5.xml:2847 msgid "" "How many seconds should the autofs service consider automounter maps valid " "before asking the backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2857 +#: sssd.conf.5.xml:2858 msgid "entry_cache_ssh_host_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2860 +#: sssd.conf.5.xml:2861 msgid "" "How many seconds to keep a host ssh key after refresh. IE how long to cache " "the host key for." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2871 +#: sssd.conf.5.xml:2872 msgid "entry_cache_computer_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2874 +#: sssd.conf.5.xml:2875 msgid "" "How many seconds to keep the local computer entry before asking the backend " "again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2884 +#: sssd.conf.5.xml:2885 msgid "refresh_expired_interval (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2887 +#: sssd.conf.5.xml:2888 msgid "" "Specifies how many seconds SSSD has to wait before triggering a background " "refresh task which will refresh all expired or nearly expired records." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2892 +#: sssd.conf.5.xml:2893 msgid "" "The background refresh will process users, groups and netgroups in the " "cache. For users who have performed the initgroups (get group membership for " @@ -3385,17 +3385,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2900 +#: sssd.conf.5.xml:2901 msgid "This option is automatically inherited for all trusted domains." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2904 +#: sssd.conf.5.xml:2905 msgid "You can consider setting this value to 3/4 * entry_cache_timeout." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2908 +#: sssd.conf.5.xml:2909 msgid "" "Cache entry will be refreshed by background task when 2/3 of cache timeout " "has already passed. If there are existing cached entries, the background " @@ -3407,23 +3407,23 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2921 sssd-ldap.5.xml:360 sssd-ldap.5.xml:1736 +#: sssd.conf.5.xml:2922 sssd-ldap.5.xml:360 sssd-ldap.5.xml:1736 #: sssd-ipa.5.xml:270 msgid "Default: 0 (disabled)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2927 +#: sssd.conf.5.xml:2928 msgid "cache_credentials (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2930 +#: sssd.conf.5.xml:2931 msgid "Determines if user credentials are also cached in the local LDB cache." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2934 +#: sssd.conf.5.xml:2935 msgid "" "Take a note that while credentials are stored as a salted SHA512 hash, this " "still potentially poses some security risk in case an attacker manages to " @@ -3432,12 +3432,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2948 +#: sssd.conf.5.xml:2949 msgid "cache_credentials_minimal_first_factor_length (int)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2951 +#: sssd.conf.5.xml:2952 msgid "" "If 2-Factor-Authentication (2FA) is used and credentials should be saved " "this value determines the minimal length the first authentication factor " @@ -3445,19 +3445,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2958 +#: sssd.conf.5.xml:2959 msgid "" "This should avoid that the short PINs of a PIN based 2FA scheme are saved in " "the cache which would make them easy targets for brute-force attacks." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2969 +#: sssd.conf.5.xml:2970 msgid "account_cache_expiration (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2972 +#: sssd.conf.5.xml:2973 msgid "" "Number of days entries are left in cache after last successful login before " "being removed during a cleanup of the cache. 0 means keep forever. The " @@ -3466,17 +3466,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2979 +#: sssd.conf.5.xml:2980 msgid "Default: 0 (unlimited)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2984 +#: sssd.conf.5.xml:2985 msgid "pwd_expiration_warning (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2995 +#: sssd.conf.5.xml:2996 msgid "" "Please note that the backend server has to provide information about the " "expiration time of the password. If this information is missing, sssd " @@ -3485,28 +3485,28 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3002 +#: sssd.conf.5.xml:3003 msgid "Default: 7 (Kerberos), 0 (LDAP)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3008 +#: sssd.conf.5.xml:3009 msgid "id_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3011 +#: sssd.conf.5.xml:3012 msgid "" "The identification provider used for the domain. Supported ID providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3015 +#: sssd.conf.5.xml:3016 msgid "<quote>proxy</quote>: Support a legacy NSS provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3018 +#: sssd.conf.5.xml:3019 msgid "" "<quote>files</quote>: FILES provider. See <citerefentry> <refentrytitle>sssd-" "files</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more " @@ -3514,7 +3514,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3026 +#: sssd.conf.5.xml:3027 msgid "" "<quote>ldap</quote>: LDAP provider. See <citerefentry> <refentrytitle>sssd-" "ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more " @@ -3522,8 +3522,8 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3034 sssd.conf.5.xml:3145 sssd.conf.5.xml:3196 -#: sssd.conf.5.xml:3259 +#: sssd.conf.5.xml:3035 sssd.conf.5.xml:3146 sssd.conf.5.xml:3197 +#: sssd.conf.5.xml:3260 msgid "" "<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management " "provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> " @@ -3532,8 +3532,8 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3043 sssd.conf.5.xml:3154 sssd.conf.5.xml:3205 -#: sssd.conf.5.xml:3268 +#: sssd.conf.5.xml:3044 sssd.conf.5.xml:3155 sssd.conf.5.xml:3206 +#: sssd.conf.5.xml:3269 msgid "" "<quote>ad</quote>: Active Directory provider. See <citerefentry> " "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3541,19 +3541,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3054 +#: sssd.conf.5.xml:3055 msgid "use_fully_qualified_names (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3057 +#: sssd.conf.5.xml:3058 msgid "" "Use the full name and domain (as formatted by the domain's full_name_format) " "as the user's login name reported to NSS." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3062 +#: sssd.conf.5.xml:3063 msgid "" "If set to TRUE, all requests to this domain must use fully qualified names. " "For example, if used in LOCAL domain that contains a \"test\" user, " @@ -3562,7 +3562,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3070 +#: sssd.conf.5.xml:3071 msgid "" "NOTE: This option has no effect on netgroup lookups due to their tendency to " "include nested netgroups without qualified names. For netgroups, all domains " @@ -3570,24 +3570,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3077 +#: sssd.conf.5.xml:3078 msgid "" "Default: FALSE (TRUE for trusted domain/sub-domains or if " "default_domain_suffix is used)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3084 +#: sssd.conf.5.xml:3085 msgid "ignore_group_members (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3087 +#: sssd.conf.5.xml:3088 msgid "Do not return group members for group lookups." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3090 +#: sssd.conf.5.xml:3091 msgid "" "If set to TRUE, the group membership attribute is not requested from the " "ldap server, and group members are not returned when processing group lookup " @@ -3599,7 +3599,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3108 +#: sssd.conf.5.xml:3109 msgid "" "Enabling this option can also make access provider checks for group " "membership significantly faster, especially for groups containing many " @@ -3607,7 +3607,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3114 sssd.conf.5.xml:3821 sssd-ldap.5.xml:326 +#: sssd.conf.5.xml:3115 sssd.conf.5.xml:3822 sssd-ldap.5.xml:326 #: sssd-ldap.5.xml:355 sssd-ldap.5.xml:408 sssd-ldap.5.xml:468 #: sssd-ldap.5.xml:489 sssd-ldap.5.xml:520 sssd-ldap.5.xml:543 #: sssd-ldap.5.xml:582 sssd-ldap.5.xml:601 sssd-ldap.5.xml:625 @@ -3618,19 +3618,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3124 +#: sssd.conf.5.xml:3125 msgid "auth_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3127 +#: sssd.conf.5.xml:3128 msgid "" "The authentication provider used for the domain. Supported auth providers " "are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3131 sssd.conf.5.xml:3189 +#: sssd.conf.5.xml:3132 sssd.conf.5.xml:3190 msgid "" "<quote>ldap</quote> for native LDAP authentication. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3638,7 +3638,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3138 +#: sssd.conf.5.xml:3139 msgid "" "<quote>krb5</quote> for Kerberos authentication. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3646,30 +3646,30 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3162 +#: sssd.conf.5.xml:3163 msgid "" "<quote>proxy</quote> for relaying authentication to some other PAM target." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3165 +#: sssd.conf.5.xml:3166 msgid "<quote>none</quote> disables authentication explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3168 +#: sssd.conf.5.xml:3169 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can handle " "authentication requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3174 +#: sssd.conf.5.xml:3175 msgid "access_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3177 +#: sssd.conf.5.xml:3178 msgid "" "The access control provider used for the domain. There are two built-in " "access providers (in addition to any included in installed backends) " @@ -3677,19 +3677,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3183 +#: sssd.conf.5.xml:3184 msgid "" "<quote>permit</quote> always allow access. It's the only permitted access " "provider for a local domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3186 +#: sssd.conf.5.xml:3187 msgid "<quote>deny</quote> always deny access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3213 +#: sssd.conf.5.xml:3214 msgid "" "<quote>simple</quote> access control based on access or deny lists. See " "<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</" @@ -3698,7 +3698,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3220 +#: sssd.conf.5.xml:3221 msgid "" "<quote>krb5</quote>: .k5login based access control. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum></" @@ -3706,29 +3706,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3227 +#: sssd.conf.5.xml:3228 msgid "<quote>proxy</quote> for relaying access control to another PAM module." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3230 +#: sssd.conf.5.xml:3231 msgid "Default: <quote>permit</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3235 +#: sssd.conf.5.xml:3236 msgid "chpass_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3238 +#: sssd.conf.5.xml:3239 msgid "" "The provider which should handle change password operations for the domain. " "Supported change password providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3243 +#: sssd.conf.5.xml:3244 msgid "" "<quote>ldap</quote> to change a password stored in a LDAP server. See " "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" @@ -3736,7 +3736,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3251 +#: sssd.conf.5.xml:3252 msgid "" "<quote>krb5</quote> to change the Kerberos password. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3744,35 +3744,35 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3276 +#: sssd.conf.5.xml:3277 msgid "" "<quote>proxy</quote> for relaying password changes to some other PAM target." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3280 +#: sssd.conf.5.xml:3281 msgid "<quote>none</quote> disallows password changes explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3283 +#: sssd.conf.5.xml:3284 msgid "" "Default: <quote>auth_provider</quote> is used if it is set and can handle " "change password requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3290 +#: sssd.conf.5.xml:3291 msgid "sudo_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3293 +#: sssd.conf.5.xml:3294 msgid "The SUDO provider used for the domain. Supported SUDO providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3297 +#: sssd.conf.5.xml:3298 msgid "" "<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3780,32 +3780,32 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3305 +#: sssd.conf.5.xml:3306 msgid "" "<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default " "settings." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3309 +#: sssd.conf.5.xml:3310 msgid "" "<quote>ad</quote> the same as <quote>ldap</quote> but with AD default " "settings." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3313 +#: sssd.conf.5.xml:3314 msgid "<quote>none</quote> disables SUDO explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3316 sssd.conf.5.xml:3402 sssd.conf.5.xml:3472 -#: sssd.conf.5.xml:3497 sssd.conf.5.xml:3533 +#: sssd.conf.5.xml:3317 sssd.conf.5.xml:3403 sssd.conf.5.xml:3473 +#: sssd.conf.5.xml:3498 sssd.conf.5.xml:3534 msgid "Default: The value of <quote>id_provider</quote> is used if it is set." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3320 +#: sssd.conf.5.xml:3321 msgid "" "The detailed instructions for configuration of sudo_provider are in the " "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " @@ -3816,7 +3816,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3335 +#: sssd.conf.5.xml:3336 msgid "" "<emphasis>NOTE:</emphasis> Sudo rules are periodically downloaded in the " "background unless the sudo provider is explicitly disabled. Set " @@ -3825,12 +3825,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3345 +#: sssd.conf.5.xml:3346 msgid "selinux_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3348 +#: sssd.conf.5.xml:3349 msgid "" "The provider which should handle loading of selinux settings. Note that this " "provider will be called right after access provider ends. Supported selinux " @@ -3838,7 +3838,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3354 +#: sssd.conf.5.xml:3355 msgid "" "<quote>ipa</quote> to load selinux settings from an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" @@ -3846,31 +3846,31 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3362 +#: sssd.conf.5.xml:3363 msgid "<quote>none</quote> disallows fetching selinux settings explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3365 +#: sssd.conf.5.xml:3366 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can handle " "selinux loading requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3371 +#: sssd.conf.5.xml:3372 msgid "subdomains_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3374 +#: sssd.conf.5.xml:3375 msgid "" "The provider which should handle fetching of subdomains. This value should " "be always the same as id_provider. Supported subdomain providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3380 +#: sssd.conf.5.xml:3381 msgid "" "<quote>ipa</quote> to load a list of subdomains from an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" @@ -3878,7 +3878,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3389 +#: sssd.conf.5.xml:3390 msgid "" "<quote>ad</quote> to load a list of subdomains from an Active Directory " "server. See <citerefentry> <refentrytitle>sssd-ad</refentrytitle> " @@ -3887,17 +3887,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3398 +#: sssd.conf.5.xml:3399 msgid "<quote>none</quote> disallows fetching subdomains explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3408 +#: sssd.conf.5.xml:3409 msgid "session_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3411 +#: sssd.conf.5.xml:3412 msgid "" "The provider which configures and manages user session related tasks. The " "only user session task currently provided is the integration with Fleet " @@ -3905,43 +3905,43 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3418 +#: sssd.conf.5.xml:3419 msgid "<quote>ipa</quote> to allow performing user session related tasks." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3422 +#: sssd.conf.5.xml:3423 msgid "" "<quote>none</quote> does not perform any kind of user session related tasks." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3426 +#: sssd.conf.5.xml:3427 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can perform " "session related tasks." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3430 +#: sssd.conf.5.xml:3431 msgid "" "<emphasis>NOTE:</emphasis> In order to have this feature working as expected " "SSSD must be running as \"root\" and not as the unprivileged user." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3438 +#: sssd.conf.5.xml:3439 msgid "autofs_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3441 +#: sssd.conf.5.xml:3442 msgid "" "The autofs provider used for the domain. Supported autofs providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3445 +#: sssd.conf.5.xml:3446 msgid "" "<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3949,7 +3949,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3452 +#: sssd.conf.5.xml:3453 msgid "" "<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> " "<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3957,7 +3957,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3460 +#: sssd.conf.5.xml:3461 msgid "" "<quote>ad</quote> to load maps stored in an AD server. See <citerefentry> " "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3965,24 +3965,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3469 +#: sssd.conf.5.xml:3470 msgid "<quote>none</quote> disables autofs explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3479 +#: sssd.conf.5.xml:3480 msgid "hostid_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3482 +#: sssd.conf.5.xml:3483 msgid "" "The provider used for retrieving host identity information. Supported " "hostid providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3486 +#: sssd.conf.5.xml:3487 msgid "" "<quote>ipa</quote> to load host identity stored in an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" @@ -3990,31 +3990,31 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3494 +#: sssd.conf.5.xml:3495 msgid "<quote>none</quote> disables hostid explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3504 +#: sssd.conf.5.xml:3505 msgid "resolver_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3507 +#: sssd.conf.5.xml:3508 msgid "" "The provider which should handle hosts and networks lookups. Supported " "resolver providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3511 +#: sssd.conf.5.xml:3512 msgid "" "<quote>proxy</quote> to forward lookups to another NSS library. See " "<quote>proxy_resolver_lib_name</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3515 +#: sssd.conf.5.xml:3516 msgid "" "<quote>ldap</quote> to fetch hosts and networks stored in LDAP. See " "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" @@ -4022,7 +4022,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3522 +#: sssd.conf.5.xml:3523 msgid "" "<quote>ad</quote> to fetch hosts and networks stored in AD. See " "<citerefentry> <refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</" @@ -4031,12 +4031,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3530 +#: sssd.conf.5.xml:3531 msgid "<quote>none</quote> disallows fetching hosts and networks explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3543 +#: sssd.conf.5.xml:3544 msgid "" "Regular expression for this domain that describes how to parse the string " "containing user name and domain into these components. The \"domain\" can " @@ -4046,24 +4046,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3552 +#: sssd.conf.5.xml:3553 msgid "" "Default: <quote>^((?P<name>.+)@(?P<domain>[^@]*)|(?P<name>" "[^@]+))$</quote> which allows two different styles for user names:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:3557 sssd.conf.5.xml:3571 +#: sssd.conf.5.xml:3558 sssd.conf.5.xml:3572 msgid "username" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:3560 sssd.conf.5.xml:3574 +#: sssd.conf.5.xml:3561 sssd.conf.5.xml:3575 msgid "username@domain.name" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3565 +#: sssd.conf.5.xml:3566 msgid "" "Default for the AD and IPA provider: <quote>^(((?P<domain>[^\\\\]+)\\" "\\(?P<name>.+))|((?P<name>.+)@(?P<domain>[^@]+))|((?P<" @@ -4072,19 +4072,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:3577 +#: sssd.conf.5.xml:3578 msgid "domain\\username" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3580 +#: sssd.conf.5.xml:3581 msgid "" "While the first two correspond to the general default the third one is " "introduced to allow easy integration of users from Windows domains." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3585 +#: sssd.conf.5.xml:3586 msgid "" "The default re_expression uses the <quote>@</quote> character as a separator " "between the name and the domain. As a result of this setting the default " @@ -4094,89 +4094,89 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3637 +#: sssd.conf.5.xml:3638 msgid "Default: <quote>%1$s@%2$s</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3643 +#: sssd.conf.5.xml:3644 msgid "lookup_family_order (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3646 +#: sssd.conf.5.xml:3647 msgid "" "Provides the ability to select preferred address family to use when " "performing DNS lookups." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3650 +#: sssd.conf.5.xml:3651 msgid "Supported values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3653 +#: sssd.conf.5.xml:3654 msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3656 +#: sssd.conf.5.xml:3657 msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3659 +#: sssd.conf.5.xml:3660 msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3662 +#: sssd.conf.5.xml:3663 msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3665 +#: sssd.conf.5.xml:3666 msgid "Default: ipv4_first" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3671 +#: sssd.conf.5.xml:3672 msgid "dns_resolver_server_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3674 +#: sssd.conf.5.xml:3675 msgid "" "Defines the amount of time (in milliseconds) SSSD would try to talk to DNS " "server before trying next DNS server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3679 +#: sssd.conf.5.xml:3680 msgid "" "The AD provider will use this option for the CLDAP ping timeouts as well." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3683 sssd.conf.5.xml:3703 sssd.conf.5.xml:3724 +#: sssd.conf.5.xml:3684 sssd.conf.5.xml:3704 sssd.conf.5.xml:3725 msgid "" "Please see the section <quote>FAILOVER</quote> for more information about " "the service resolution." msgstr "" #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3688 sssd-ldap.5.xml:644 include/failover.xml:84 +#: sssd.conf.5.xml:3689 sssd-ldap.5.xml:644 include/failover.xml:84 msgid "Default: 1000" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3694 +#: sssd.conf.5.xml:3695 msgid "dns_resolver_op_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3697 +#: sssd.conf.5.xml:3698 msgid "" "Defines the amount of time (in seconds) to wait to resolve single DNS query " "(e.g. resolution of a hostname or an SRV record) before trying the next " @@ -4184,12 +4184,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3714 +#: sssd.conf.5.xml:3715 msgid "dns_resolver_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3717 +#: sssd.conf.5.xml:3718 msgid "" "Defines the amount of time (in seconds) to wait for a reply from the " "internal fail over service before assuming that the service is unreachable. " @@ -4198,12 +4198,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3735 +#: sssd.conf.5.xml:3736 msgid "dns_resolver_use_search_list (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3738 +#: sssd.conf.5.xml:3739 msgid "" "Normally, the DNS resolver searches the domain list defined in the " "\"search\" directive from the resolv.conf file. This can lead to delays in " @@ -4211,7 +4211,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3744 +#: sssd.conf.5.xml:3745 msgid "" "If fully qualified domain names (or _srv_) are used in the SSSD " "configuration, setting this option to FALSE can prevent unnecessary DNS " @@ -4219,69 +4219,69 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3750 +#: sssd.conf.5.xml:3751 msgid "Default: TRUE" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3756 +#: sssd.conf.5.xml:3757 msgid "dns_discovery_domain (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3759 +#: sssd.conf.5.xml:3760 msgid "" "If service discovery is used in the back end, specifies the domain part of " "the service discovery DNS query." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3763 +#: sssd.conf.5.xml:3764 msgid "Default: Use the domain part of machine's hostname" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3769 +#: sssd.conf.5.xml:3770 msgid "override_gid (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3772 +#: sssd.conf.5.xml:3773 msgid "Override the primary GID value with the one specified." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3778 +#: sssd.conf.5.xml:3779 msgid "case_sensitive (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3785 +#: sssd.conf.5.xml:3786 msgid "True" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3788 +#: sssd.conf.5.xml:3789 msgid "Case sensitive. This value is invalid for AD provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3794 +#: sssd.conf.5.xml:3795 msgid "False" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3796 +#: sssd.conf.5.xml:3797 msgid "Case insensitive." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3800 +#: sssd.conf.5.xml:3801 msgid "Preserving" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3803 +#: sssd.conf.5.xml:3804 msgid "" "Same as False (case insensitive), but does not lowercase names in the result " "of NSS operations. Note that name aliases (and in case of services also " @@ -4289,31 +4289,31 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3811 +#: sssd.conf.5.xml:3812 msgid "" "If you want to set this value for trusted domain with IPA provider, you need " "to set it on both the client and SSSD on the server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3781 +#: sssd.conf.5.xml:3782 msgid "" "Treat user and group names as case sensitive. Possible option values are: " "<placeholder type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3826 +#: sssd.conf.5.xml:3827 msgid "Default: True (False for AD provider)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3832 +#: sssd.conf.5.xml:3833 msgid "subdomain_inherit (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3835 +#: sssd.conf.5.xml:3836 msgid "" "Specifies a list of configuration parameters that should be inherited by a " "subdomain. Please note that only selected parameters can be inherited. " @@ -4321,104 +4321,104 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3841 +#: sssd.conf.5.xml:3842 msgid "ldap_search_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3844 +#: sssd.conf.5.xml:3845 msgid "ldap_network_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3847 +#: sssd.conf.5.xml:3848 msgid "ldap_opt_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3850 +#: sssd.conf.5.xml:3851 msgid "ldap_offline_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3853 +#: sssd.conf.5.xml:3854 msgid "ldap_enumeration_refresh_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3856 +#: sssd.conf.5.xml:3857 msgid "ldap_enumeration_refresh_offset" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3859 +#: sssd.conf.5.xml:3860 msgid "ldap_purge_cache_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3862 +#: sssd.conf.5.xml:3863 msgid "ldap_purge_cache_offset" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3865 +#: sssd.conf.5.xml:3866 msgid "" "ldap_krb5_keytab (the value of krb5_keytab will be used if ldap_krb5_keytab " "is not set explicitly)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3869 +#: sssd.conf.5.xml:3870 msgid "ldap_krb5_ticket_lifetime" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3872 +#: sssd.conf.5.xml:3873 msgid "ldap_enumeration_search_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3875 +#: sssd.conf.5.xml:3876 msgid "ldap_connection_expire_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3878 +#: sssd.conf.5.xml:3879 msgid "ldap_connection_expire_offset" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3881 +#: sssd.conf.5.xml:3882 msgid "ldap_connection_idle_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3884 sssd-ldap.5.xml:400 +#: sssd.conf.5.xml:3885 sssd-ldap.5.xml:400 msgid "ldap_use_tokengroups" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3887 +#: sssd.conf.5.xml:3888 msgid "ldap_user_principal" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3890 +#: sssd.conf.5.xml:3891 msgid "ignore_group_members" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3893 +#: sssd.conf.5.xml:3894 msgid "auto_private_groups" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3896 +#: sssd.conf.5.xml:3897 msgid "case_sensitive" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:3901 +#: sssd.conf.5.xml:3902 #, no-wrap msgid "" "subdomain_inherit = ldap_purge_cache_timeout\n" @@ -4426,27 +4426,27 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3908 +#: sssd.conf.5.xml:3909 msgid "Note: This option only works with the IPA and AD provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3915 +#: sssd.conf.5.xml:3916 msgid "subdomain_homedir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3926 +#: sssd.conf.5.xml:3927 msgid "%F" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3927 +#: sssd.conf.5.xml:3928 msgid "flat (NetBIOS) name of a subdomain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3918 +#: sssd.conf.5.xml:3919 msgid "" "Use this homedir as default value for all subdomains within this domain in " "IPA AD trust. See <emphasis>override_homedir</emphasis> for info about " @@ -4456,34 +4456,34 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3932 +#: sssd.conf.5.xml:3933 msgid "" "The value can be overridden by <emphasis>override_homedir</emphasis> option." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3936 +#: sssd.conf.5.xml:3937 msgid "Default: <filename>/home/%d/%u</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3941 +#: sssd.conf.5.xml:3942 msgid "realmd_tags (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3944 +#: sssd.conf.5.xml:3945 msgid "" "Various tags stored by the realmd configuration service for this domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3950 +#: sssd.conf.5.xml:3951 msgid "cached_auth_timeout (int)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3953 +#: sssd.conf.5.xml:3954 msgid "" "Specifies time in seconds since last successful online authentication for " "which user will be authenticated using cached credentials while SSSD is in " @@ -4492,19 +4492,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3961 +#: sssd.conf.5.xml:3962 msgid "" "This option's value is inherited by all trusted domains. At the moment it is " "not possible to set a different value per trusted domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3966 +#: sssd.conf.5.xml:3967 msgid "Special value 0 implies that this feature is disabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3970 +#: sssd.conf.5.xml:3971 msgid "" "Please note that if <quote>cached_auth_timeout</quote> is longer than " "<quote>pam_id_timeout</quote> then the back end could be called to handle " @@ -4512,24 +4512,81 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3981 +#: sssd.conf.5.xml:3982 +msgid "local_auth_policy (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3985 +msgid "" +"Local authentication methods policy. Some backends (i.e. LDAP, proxy " +"provider) only support a password based authentication, while others can " +"handle PKINIT based Smartcard authentication (AD, IPA), two-factor " +"authentication (IPA), or other methods against a central instance. By " +"default in such cases authentication is only performed with the methods " +"supported by the backend." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3995 +msgid "" +"There are three possible values for this option: match, only, enable. " +"<quote>match</quote> is used to match offline and online states for Kerberos " +"methods. <quote>only</quote> ignores the online methods and only offer the " +"local ones. enable allows explicitly defining the methods for local " +"authentication. As an example, <quote>enable:passkey</quote>, only enables " +"passkey for local authentication. Multiple enable values should be comma-" +"separated, such as <quote>enable:passkey, enable:smartcard</quote>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:4011 +#, no-wrap +msgid "" +"[domain/shadowutils]\n" +"id_provider = proxy\n" +"proxy_lib_name = files\n" +"auth_provider = none\n" +"local_auth_policy = only\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4007 +msgid "" +"The following configuration example allows local users to authenticate " +"locally using any enabled method (i.e. smartcard, passkey). <placeholder " +"type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4019 +msgid "This option is ignored for the files provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4022 +msgid "Default: match" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4027 msgid "auto_private_groups (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3987 +#: sssd.conf.5.xml:4033 msgid "true" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3990 +#: sssd.conf.5.xml:4036 msgid "" "Create user's private group unconditionally from user's UID number. The GID " "number is ignored in this case." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3994 +#: sssd.conf.5.xml:4040 msgid "" "NOTE: Because the GID number and the user private group are inferred from " "the UID number, it is not supported to have multiple entries with the same " @@ -4538,24 +4595,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4003 +#: sssd.conf.5.xml:4049 msgid "false" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4006 +#: sssd.conf.5.xml:4052 msgid "" "Always use the user's primary GID number. The GID number must refer to a " "group object in the LDAP database." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4012 +#: sssd.conf.5.xml:4058 msgid "hybrid" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4015 +#: sssd.conf.5.xml:4061 msgid "" "A primary group is autogenerated for user entries whose UID and GID numbers " "have the same value and at the same time the GID number does not correspond " @@ -4565,14 +4622,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4028 +#: sssd.conf.5.xml:4074 msgid "" "If the UID and GID of a user are different, then the GID must correspond to " "a group entry, otherwise the GID is simply not resolvable." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4035 +#: sssd.conf.5.xml:4081 msgid "" "This feature is useful for environments that wish to stop maintaining a " "separate group objects for the user private groups, but also wish to retain " @@ -4580,21 +4637,21 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3984 +#: sssd.conf.5.xml:4030 msgid "" "This option takes any of three available values: <placeholder " "type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4047 +#: sssd.conf.5.xml:4093 msgid "" "For subdomains, the default value is False for subdomains that use assigned " "POSIX IDs and True for subdomains that use automatic ID-mapping." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:4055 +#: sssd.conf.5.xml:4101 #, no-wrap msgid "" "[domain/forest.domain/sub.domain]\n" @@ -4602,7 +4659,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:4061 +#: sssd.conf.5.xml:4107 #, no-wrap msgid "" "[domain/forest.domain]\n" @@ -4611,7 +4668,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4052 +#: sssd.conf.5.xml:4098 msgid "" "The value of auto_private_groups can either be set per subdomains in a " "subsection, for example: <placeholder type=\"programlisting\" id=\"0\"/> or " @@ -4620,7 +4677,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:2569 +#: sssd.conf.5.xml:2570 msgid "" "These configuration options can be present in a domain configuration " "section, that is, in a section called <quote>[domain/<replaceable>NAME</" @@ -4628,29 +4685,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4076 +#: sssd.conf.5.xml:4122 msgid "proxy_pam_target (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4079 +#: sssd.conf.5.xml:4125 msgid "The proxy target PAM proxies to." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4082 +#: sssd.conf.5.xml:4128 msgid "" "Default: not set by default, you have to take an existing pam configuration " "or create a new one and add the service name here." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4090 +#: sssd.conf.5.xml:4136 msgid "proxy_lib_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4093 +#: sssd.conf.5.xml:4139 msgid "" "The name of the NSS library to use in proxy domains. The NSS functions " "searched for in the library are in the form of _nss_$(libName)_$(function), " @@ -4658,12 +4715,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4103 +#: sssd.conf.5.xml:4149 msgid "proxy_resolver_lib_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4106 +#: sssd.conf.5.xml:4152 msgid "" "The name of the NSS library to use for hosts and networks lookups in proxy " "domains. The NSS functions searched for in the library are in the form of " @@ -4671,12 +4728,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4117 +#: sssd.conf.5.xml:4163 msgid "proxy_fast_alias (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4120 +#: sssd.conf.5.xml:4166 msgid "" "When a user or group is looked up by name in the proxy provider, a second " "lookup by ID is performed to \"canonicalize\" the name in case the requested " @@ -4685,12 +4742,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4134 +#: sssd.conf.5.xml:4180 msgid "proxy_max_children (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4137 +#: sssd.conf.5.xml:4183 msgid "" "This option specifies the number of pre-forked proxy children. It is useful " "for high-load SSSD environments where sssd may run out of available child " @@ -4698,19 +4755,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4072 +#: sssd.conf.5.xml:4118 msgid "" "Options valid for proxy domains. <placeholder type=\"variablelist\" " "id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:4153 +#: sssd.conf.5.xml:4199 msgid "Application domains" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4155 +#: sssd.conf.5.xml:4201 msgid "" "SSSD, with its D-Bus interface (see <citerefentry> <refentrytitle>sssd-ifp</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry>) is appealing to " @@ -4727,7 +4784,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4175 +#: sssd.conf.5.xml:4221 msgid "" "Please note that the application domain must still be explicitly enabled in " "the <quote>domains</quote> parameter so that the lookup order between the " @@ -4735,17 +4792,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> -#: sssd.conf.5.xml:4181 +#: sssd.conf.5.xml:4227 msgid "Application domain parameters" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4183 +#: sssd.conf.5.xml:4229 msgid "inherit_from (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4186 +#: sssd.conf.5.xml:4232 msgid "" "The SSSD POSIX-type domain the application domain inherits all settings " "from. The application domain can moreover add its own settings to the " @@ -4754,7 +4811,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4200 +#: sssd.conf.5.xml:4246 msgid "" "The following example illustrates the use of an application domain. In this " "setup, the POSIX domain is connected to an LDAP server and is used by the OS " @@ -4764,7 +4821,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><programlisting> -#: sssd.conf.5.xml:4208 +#: sssd.conf.5.xml:4254 #, no-wrap msgid "" "[sssd]\n" @@ -4784,12 +4841,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4228 +#: sssd.conf.5.xml:4274 msgid "TRUSTED DOMAIN SECTION" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4230 +#: sssd.conf.5.xml:4276 msgid "" "Some options used in the domain section can also be used in the trusted " "domain section, that is, in a section called <quote>[domain/" @@ -4800,69 +4857,69 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4237 +#: sssd.conf.5.xml:4283 msgid "ldap_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4238 +#: sssd.conf.5.xml:4284 msgid "ldap_user_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4239 +#: sssd.conf.5.xml:4285 msgid "ldap_group_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4240 +#: sssd.conf.5.xml:4286 msgid "ldap_netgroup_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4241 +#: sssd.conf.5.xml:4287 msgid "ldap_service_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4242 +#: sssd.conf.5.xml:4288 msgid "ldap_sasl_mech," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4243 +#: sssd.conf.5.xml:4289 msgid "ad_server," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4244 +#: sssd.conf.5.xml:4290 msgid "ad_backup_server," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4245 +#: sssd.conf.5.xml:4291 msgid "ad_site," msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4246 sssd-ipa.5.xml:879 +#: sssd.conf.5.xml:4292 sssd-ipa.5.xml:879 msgid "use_fully_qualified_names" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4250 +#: sssd.conf.5.xml:4296 msgid "" "For more details about these options see their individual description in the " "manual page." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4256 +#: sssd.conf.5.xml:4302 msgid "CERTIFICATE MAPPING SECTION" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4258 +#: sssd.conf.5.xml:4304 msgid "" "To allow authentication with Smartcards and certificates SSSD must be able " "to map certificates to users. This can be done by adding the full " @@ -4875,7 +4932,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4272 +#: sssd.conf.5.xml:4318 msgid "" "To make the mapping more flexible mapping and matching rules were added to " "SSSD (see <citerefentry> <refentrytitle>sss-certmap</refentrytitle> " @@ -4883,7 +4940,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4281 +#: sssd.conf.5.xml:4327 msgid "" "A mapping and matching rule can be added to the SSSD configuration in a " "section on its own with a name like <quote>[certmap/" @@ -4892,55 +4949,55 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4288 +#: sssd.conf.5.xml:4334 msgid "matchrule (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4291 +#: sssd.conf.5.xml:4337 msgid "" "Only certificates from the Smartcard which matches this rule will be " "processed, all others are ignored." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4295 +#: sssd.conf.5.xml:4341 msgid "" "Default: KRB5:<EKU>clientAuth, i.e. only certificates which have the " "Extended Key Usage <quote>clientAuth</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4302 +#: sssd.conf.5.xml:4348 msgid "maprule (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4305 +#: sssd.conf.5.xml:4351 msgid "Defines how the user is found for a given certificate." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4311 +#: sssd.conf.5.xml:4357 msgid "" "LDAP:(userCertificate;binary={cert!bin}) for LDAP based providers like " "<quote>ldap</quote>, <quote>AD</quote> or <quote>ipa</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4317 +#: sssd.conf.5.xml:4363 msgid "" "The RULE_NAME for the <quote>files</quote> provider which tries to find a " "user with the same name." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4326 +#: sssd.conf.5.xml:4372 msgid "domains (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4329 +#: sssd.conf.5.xml:4375 msgid "" "Comma separated list of domain names the rule should be applied. By default " "a rule is only valid in the domain configured in sssd.conf. If the provider " @@ -4949,17 +5006,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4336 +#: sssd.conf.5.xml:4382 msgid "Default: the configured domain in sssd.conf" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4341 +#: sssd.conf.5.xml:4387 msgid "priority (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4344 +#: sssd.conf.5.xml:4390 msgid "" "Unsigned integer value defining the priority of the rule. The higher the " "number the lower the priority. <quote>0</quote> stands for the highest " @@ -4967,26 +5024,26 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4350 +#: sssd.conf.5.xml:4396 msgid "Default: the lowest priority" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4356 +#: sssd.conf.5.xml:4402 msgid "" "To make the configuration simple and reduce the amount of configuration " "options the <quote>files</quote> provider has some special properties:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4362 +#: sssd.conf.5.xml:4408 msgid "" "if maprule is not set the RULE_NAME name is assumed to be the name of the " "matching user" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4368 +#: sssd.conf.5.xml:4414 msgid "" "if a maprule is used both a single user name or a template like " "<quote>{subject_rfc822_name.short_name}</quote> must be in braces like e.g. " @@ -4995,17 +5052,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4377 +#: sssd.conf.5.xml:4423 msgid "the <quote>domains</quote> option is ignored" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4385 +#: sssd.conf.5.xml:4431 msgid "PROMPTING CONFIGURATION SECTION" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4387 +#: sssd.conf.5.xml:4433 msgid "" "If a special file (<filename>/var/lib/sss/pubconf/pam_preauth_available</" "filename>) exists SSSD's PAM module pam_sss will ask SSSD to figure out " @@ -5015,7 +5072,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4395 +#: sssd.conf.5.xml:4441 msgid "" "With the growing number of authentication methods and the possibility that " "there are multiple ones for a single user the heuristic used by pam_sss to " @@ -5024,59 +5081,59 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4407 +#: sssd.conf.5.xml:4453 msgid "[prompting/password]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4410 +#: sssd.conf.5.xml:4456 msgid "password_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4411 +#: sssd.conf.5.xml:4457 msgid "to change the string of the password prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4409 +#: sssd.conf.5.xml:4455 msgid "" "to configure password prompting, allowed options are: <placeholder " "type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4419 +#: sssd.conf.5.xml:4465 msgid "[prompting/2fa]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4423 +#: sssd.conf.5.xml:4469 msgid "first_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4424 +#: sssd.conf.5.xml:4470 msgid "to change the string of the prompt for the first factor" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4427 +#: sssd.conf.5.xml:4473 msgid "second_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4428 +#: sssd.conf.5.xml:4474 msgid "to change the string of the prompt for the second factor" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4431 +#: sssd.conf.5.xml:4477 msgid "single_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4432 +#: sssd.conf.5.xml:4478 msgid "" "boolean value, if True there will be only a single prompt using the value of " "first_prompt where it is expected that both factors are entered as a single " @@ -5085,7 +5142,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4421 +#: sssd.conf.5.xml:4467 msgid "" "to configure two-factor authentication prompting, allowed options are: " "<placeholder type=\"variablelist\" id=\"0\"/> If the second factor is " @@ -5094,17 +5151,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4449 +#: sssd.conf.5.xml:4495 msgid "[prompting/passkey]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4455 sssd-ad.5.xml:1021 +#: sssd.conf.5.xml:4501 sssd-ad.5.xml:1021 msgid "interactive" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4457 +#: sssd.conf.5.xml:4503 msgid "" "boolean value, if True prompt a message and wait before testing the presence " "of a passkey device. Recommended if your device doesn’t have a tactile " @@ -5112,46 +5169,46 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4465 +#: sssd.conf.5.xml:4511 msgid "interactive_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4467 +#: sssd.conf.5.xml:4513 msgid "to change the message of the interactive prompt." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4472 +#: sssd.conf.5.xml:4518 msgid "touch" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4474 +#: sssd.conf.5.xml:4520 msgid "" "boolean value, if True prompt a message to remind the user to touch the " "device." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4480 +#: sssd.conf.5.xml:4526 msgid "touch_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4482 +#: sssd.conf.5.xml:4528 msgid "to change the message of the touch prompt." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4451 +#: sssd.conf.5.xml:4497 msgid "" "to configure passkey authentication prompting, allowed options are: " "<placeholder type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4402 +#: sssd.conf.5.xml:4448 msgid "" "Each supported authentication method has its own configuration subsection " "under <quote>[prompting/...]</quote>. Currently there are: <placeholder " @@ -5160,7 +5217,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4493 +#: sssd.conf.5.xml:4539 msgid "" "It is possible to add a subsection for specific PAM services, e.g. " "<quote>[prompting/password/sshd]</quote> to individual change the prompting " @@ -5168,12 +5225,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4500 pam_sss_gss.8.xml:157 idmap_sss.8.xml:43 +#: sssd.conf.5.xml:4546 pam_sss_gss.8.xml:157 idmap_sss.8.xml:43 msgid "EXAMPLES" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4506 +#: sssd.conf.5.xml:4552 #, no-wrap msgid "" "[sssd]\n" @@ -5203,7 +5260,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4502 +#: sssd.conf.5.xml:4548 msgid "" "1. The following example shows a typical SSSD config. It does not describe " "configuration of the domains themselves - refer to documentation on " @@ -5212,7 +5269,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4539 +#: sssd.conf.5.xml:4585 #, no-wrap msgid "" "[domain/ipa.com/child.ad.com]\n" @@ -5220,7 +5277,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4533 +#: sssd.conf.5.xml:4579 msgid "" "2. The following example shows configuration of IPA AD trust where the AD " "forest consists of two domains in a parent-child structure. Suppose IPA " @@ -5231,7 +5288,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4550 +#: sssd.conf.5.xml:4596 #, no-wrap msgid "" "[certmap/my.domain/rule_name]\n" @@ -5242,7 +5299,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4544 +#: sssd.conf.5.xml:4590 msgid "" "3. The following example shows the configuration of a certificate mapping " "rule. It is valid for the configured domain <quote>my.domain</quote> and " @@ -17237,7 +17294,7 @@ msgstr "" #: include/ldap_id_mapping.xml:235 msgid "" "When this option is configured, domains will be allocated starting with " -"slice zero and increasing monatomically with each additional domain." +"slice zero and increasing monotonically with each additional domain." msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> diff --git a/src/man/po/ru.po b/src/man/po/ru.po index e0933c85adb..37d9de874de 100644 --- a/src/man/po/ru.po +++ b/src/man/po/ru.po @@ -8,7 +8,7 @@ msgid "" msgstr "" "Project-Id-Version: sssd-docs 2.3.0\n" "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" -"POT-Creation-Date: 2023-05-05 10:09+0200\n" +"POT-Creation-Date: 2023-09-07 11:47+0200\n" "PO-Revision-Date: 2022-12-14 19:20+0000\n" "Last-Translator: Elena Mishina <lepata@basealt.ru>\n" "Language-Team: Russian <https://translate.fedoraproject.org/projects/sssd/" @@ -252,8 +252,8 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:136 sssd.conf.5.xml:173 sssd.conf.5.xml:358 -#: sssd.conf.5.xml:714 sssd.conf.5.xml:729 sssd.conf.5.xml:951 -#: sssd.conf.5.xml:1069 sssd.conf.5.xml:2197 sssd-ldap.5.xml:1071 +#: sssd.conf.5.xml:714 sssd.conf.5.xml:729 sssd.conf.5.xml:952 +#: sssd.conf.5.xml:1070 sssd.conf.5.xml:2198 sssd-ldap.5.xml:1071 #: sssd-ldap.5.xml:1174 sssd-ldap.5.xml:1243 sssd-ldap.5.xml:1750 #: sssd-ldap.5.xml:1815 sssd-ipa.5.xml:342 sssd-ad.5.xml:252 sssd-ad.5.xml:366 #: sssd-ad.5.xml:1200 sssd-ad.5.xml:1348 sssd-krb5.5.xml:358 @@ -276,8 +276,8 @@ msgstr "" "игнорироваться." #. type: Content of: <variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:149 sssd.conf.5.xml:652 sssd.conf.5.xml:948 -#: sssd.conf.5.xml:2100 sssd.conf.5.xml:2167 sssd.conf.5.xml:4128 +#: sssd.conf.5.xml:149 sssd.conf.5.xml:652 sssd.conf.5.xml:949 +#: sssd.conf.5.xml:2101 sssd.conf.5.xml:2168 sssd.conf.5.xml:4174 #: sssd-ldap.5.xml:312 sssd-ldap.5.xml:917 sssd-ldap.5.xml:936 #: sssd-ldap.5.xml:1146 sssd-ldap.5.xml:1599 sssd-ldap.5.xml:1839 #: sssd-ipa.5.xml:152 sssd-ipa.5.xml:254 sssd-ipa.5.xml:657 sssd-ad.5.xml:1106 @@ -357,8 +357,8 @@ msgstr "" "завершит свою работу." #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:196 sssd.conf.5.xml:1289 sssd.conf.5.xml:1766 -#: sssd.conf.5.xml:4144 sssd-ldap.5.xml:765 include/ldap_id_mapping.xml:270 +#: sssd.conf.5.xml:196 sssd.conf.5.xml:1290 sssd.conf.5.xml:1767 +#: sssd.conf.5.xml:4190 sssd-ldap.5.xml:765 include/ldap_id_mapping.xml:270 msgid "Default: 10" msgstr "По умолчанию: 10" @@ -436,12 +436,12 @@ msgstr "" "следующей команды: «systemctl enable sssd-@service@.socket». </phrase>" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:258 sssd.conf.5.xml:783 +#: sssd.conf.5.xml:258 sssd.conf.5.xml:784 msgid "reconnection_retries (integer)" msgstr "reconnection_retries (целое число)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:261 sssd.conf.5.xml:786 +#: sssd.conf.5.xml:261 sssd.conf.5.xml:787 msgid "" "Number of times services should attempt to reconnect in the event of a Data " "Provider crash or restart before they give up" @@ -450,7 +450,7 @@ msgstr "" "перезапуска поставщика данных" #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:266 sssd.conf.5.xml:791 sssd.conf.5.xml:3708 +#: sssd.conf.5.xml:266 sssd.conf.5.xml:792 sssd.conf.5.xml:3709 #: include/failover.xml:100 msgid "Default: 3" msgstr "По умолчанию: 3" @@ -479,7 +479,7 @@ msgstr "" "Символ «/» использовать нельзя." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:287 sssd.conf.5.xml:3540 +#: sssd.conf.5.xml:287 sssd.conf.5.xml:3541 msgid "re_expression (string)" msgstr "re_expression (строка)" @@ -505,12 +505,12 @@ msgstr "" "разделе справки «РАЗДЕЛЫ ДОМЕНА»." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:304 sssd.conf.5.xml:3597 +#: sssd.conf.5.xml:304 sssd.conf.5.xml:3598 msgid "full_name_format (string)" msgstr "full_name_format (строка)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:307 sssd.conf.5.xml:3600 +#: sssd.conf.5.xml:307 sssd.conf.5.xml:3601 msgid "" "A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</" "manvolnum> </citerefentry>-compatible format that describes how to compose a " @@ -521,32 +521,32 @@ msgstr "" "создания полностью определённого имени из имени пользователя и имени домена." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:318 sssd.conf.5.xml:3611 +#: sssd.conf.5.xml:318 sssd.conf.5.xml:3612 msgid "%1$s" msgstr "%1$s" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:319 sssd.conf.5.xml:3612 +#: sssd.conf.5.xml:319 sssd.conf.5.xml:3613 msgid "user name" msgstr "имя пользователя" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:322 sssd.conf.5.xml:3615 +#: sssd.conf.5.xml:322 sssd.conf.5.xml:3616 msgid "%2$s" msgstr "%2$s" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:325 sssd.conf.5.xml:3618 +#: sssd.conf.5.xml:325 sssd.conf.5.xml:3619 msgid "domain name as specified in the SSSD config file." msgstr "имя домена, указанное в файле конфигурации SSSD." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:331 sssd.conf.5.xml:3624 +#: sssd.conf.5.xml:331 sssd.conf.5.xml:3625 msgid "%3$s" msgstr "%3$s" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:334 sssd.conf.5.xml:3627 +#: sssd.conf.5.xml:334 sssd.conf.5.xml:3628 msgid "" "domain flat name. Mostly usable for Active Directory domains, both directly " "configured or discovered via IPA trusts." @@ -556,7 +556,7 @@ msgstr "" "доверия IPA." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:315 sssd.conf.5.xml:3608 +#: sssd.conf.5.xml:315 sssd.conf.5.xml:3609 msgid "" "The following expansions are supported: <placeholder type=\"variablelist\" " "id=\"0\"/>" @@ -1124,7 +1124,7 @@ msgstr "" "пользователей в разных доменах могут быть одинаковыми." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:700 sssd.conf.5.xml:1790 sssd.conf.5.xml:4194 +#: sssd.conf.5.xml:700 sssd.conf.5.xml:1791 sssd.conf.5.xml:4240 #: sssd-ad.5.xml:187 sssd-ad.5.xml:327 sssd-ad.5.xml:341 msgid "Default: Not set" msgstr "По умолчанию: не задано" @@ -1180,11 +1180,11 @@ msgstr "pam_cert_verification (строка)" #: sssd.conf.5.xml:744 msgid "" "Enable or disable the user verification (i.e. PIN, fingerprint) during " -"authentication." +"authentication. If enabled, the PIN will always be requested." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:749 +#: sssd.conf.5.xml:750 msgid "" "The default is that the key settings decide what to do. In the IPA or " "kerberos pre-authentication case, this value will be overwritten by the " @@ -1225,12 +1225,12 @@ msgstr "" "<quote>[sssd]</quote>. <placeholder type=\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:768 +#: sssd.conf.5.xml:769 msgid "SERVICES SECTIONS" msgstr "РАЗДЕЛЫ СЛУЖБ" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:770 +#: sssd.conf.5.xml:771 msgid "" "Settings that can be used to configure different services are described in " "this section. They should reside in the [<replaceable>$NAME</replaceable>] " @@ -1243,22 +1243,22 @@ msgstr "" "раздел <quote>[nss]</quote>" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:777 +#: sssd.conf.5.xml:778 msgid "General service configuration options" msgstr "Общие параметры настройки служб" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:779 +#: sssd.conf.5.xml:780 msgid "These options can be used to configure any service." msgstr "Эти параметры можно использовать для настройки любых служб." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:796 +#: sssd.conf.5.xml:797 msgid "fd_limit" msgstr "fd_limit" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:799 +#: sssd.conf.5.xml:800 msgid "" "This option specifies the maximum number of file descriptors that may be " "opened at one time by this SSSD process. On systems where SSSD is granted " @@ -1274,17 +1274,17 @@ msgstr "" "ограничением «hard» в limits.conf." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:808 +#: sssd.conf.5.xml:809 msgid "Default: 8192 (or limits.conf \"hard\" limit)" msgstr "По умолчанию: 8192 (или ограничение «hard» в limits.conf)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:813 +#: sssd.conf.5.xml:814 msgid "client_idle_timeout" msgstr "client_idle_timeout" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:816 +#: sssd.conf.5.xml:817 msgid "" "This option specifies the number of seconds that a client of an SSSD process " "can hold onto a file descriptor without communicating on it. This value is " @@ -1299,17 +1299,17 @@ msgstr "" "на 10 секунд." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:825 +#: sssd.conf.5.xml:826 msgid "Default: 60, KCM: 300" msgstr "По умолчанию: 60, KCM: 300" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:830 +#: sssd.conf.5.xml:831 msgid "offline_timeout (integer)" msgstr "offline_timeout (целое число)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:833 +#: sssd.conf.5.xml:834 msgid "" "When SSSD switches to offline mode the amount of time before it tries to go " "back online will increase based upon the time spent disconnected. By " @@ -1327,7 +1327,7 @@ msgstr "" "следующей формуле:" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:844 sssd.conf.5.xml:900 +#: sssd.conf.5.xml:845 sssd.conf.5.xml:901 msgid "" "new_delay = Minimum(old_delay * 2, offline_timeout_max) + random[0..." "offline_timeout_random_offset]" @@ -1336,7 +1336,7 @@ msgstr "" "offline_timeout_random_offset]" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:847 +#: sssd.conf.5.xml:848 msgid "" "The offline_timeout default value is 60. The offline_timeout_max default " "value is 3600. The offline_timeout_random_offset default value is 30. The " @@ -1348,7 +1348,7 @@ msgstr "" "количество секунд до следующей попытки." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:853 +#: sssd.conf.5.xml:854 msgid "" "Note that the maximum length of each interval is defined by " "offline_timeout_max (apart of random part)." @@ -1357,18 +1357,18 @@ msgstr "" "параметром offline_timeout_max (кроме случайной части)." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:857 sssd.conf.5.xml:1200 sssd.conf.5.xml:1583 -#: sssd.conf.5.xml:1879 sssd-ldap.5.xml:494 +#: sssd.conf.5.xml:858 sssd.conf.5.xml:1201 sssd.conf.5.xml:1584 +#: sssd.conf.5.xml:1880 sssd-ldap.5.xml:494 msgid "Default: 60" msgstr "По умолчанию: 60" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:862 +#: sssd.conf.5.xml:863 msgid "offline_timeout_max (integer)" msgstr "offline_timeout_max (целое число)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:865 +#: sssd.conf.5.xml:866 msgid "" "Controls by how much the time between attempts to go online can be " "incremented following unsuccessful attempts to go online." @@ -1377,12 +1377,12 @@ msgstr "" "сеть после неудачных попыток восстановления подключения." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:870 +#: sssd.conf.5.xml:871 msgid "A value of 0 disables the incrementing behaviour." msgstr "Значение «0» отключает использование приращения." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:873 +#: sssd.conf.5.xml:874 msgid "" "The value of this parameter should be set in correlation to offline_timeout " "parameter value." @@ -1391,7 +1391,7 @@ msgstr "" "offline_timeout." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:877 +#: sssd.conf.5.xml:878 msgid "" "With offline_timeout set to 60 (default value) there is no point in setting " "offlinet_timeout_max to less than 120 as it will saturate instantly. General " @@ -1405,7 +1405,7 @@ msgstr "" "4 раза превышать значение offline_timeout." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:883 +#: sssd.conf.5.xml:884 msgid "" "Although a value between 0 and offline_timeout may be specified, it has the " "effect of overriding the offline_timeout value so is of little use." @@ -1415,17 +1415,17 @@ msgstr "" "имеет практического смысла." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:888 +#: sssd.conf.5.xml:889 msgid "Default: 3600" msgstr "По умолчанию: 3600" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:893 +#: sssd.conf.5.xml:894 msgid "offline_timeout_random_offset (integer)" msgstr "offline_timeout_random_offset (целое число)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:896 +#: sssd.conf.5.xml:897 msgid "" "When SSSD is in offline mode it keeps probing backend servers in specified " "time intervals:" @@ -1434,7 +1434,7 @@ msgstr "" "внутренним серверам через заданные промежутки времени:" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:903 +#: sssd.conf.5.xml:904 msgid "" "This parameter controls the value of the random offset used for the above " "equation. Final random_offset value will be random number in range:" @@ -1444,27 +1444,27 @@ msgstr "" "случайное число, принадлежащее диапазону:" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:908 +#: sssd.conf.5.xml:909 msgid "[0 - offline_timeout_random_offset]" msgstr "[0 - offline_timeout_random_offset]" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:911 +#: sssd.conf.5.xml:912 msgid "A value of 0 disables the random offset addition." msgstr "Значение «0» отключает добавление случайной задержки." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:914 +#: sssd.conf.5.xml:915 msgid "Default: 30" msgstr "По умолчанию: 30" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:919 +#: sssd.conf.5.xml:920 msgid "responder_idle_timeout" msgstr "responder_idle_timeout" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:922 +#: sssd.conf.5.xml:923 msgid "" "This option specifies the number of seconds that an SSSD responder process " "can be up without being used. This value is limited in order to avoid " @@ -1483,18 +1483,18 @@ msgstr "" "активируются с помощью сокетов или D-Bus." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:936 sssd.conf.5.xml:1213 sssd.conf.5.xml:2321 +#: sssd.conf.5.xml:937 sssd.conf.5.xml:1214 sssd.conf.5.xml:2322 #: sssd-ldap.5.xml:331 msgid "Default: 300" msgstr "По умолчанию: 300" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:941 +#: sssd.conf.5.xml:942 msgid "cache_first" msgstr "cache_first" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:944 +#: sssd.conf.5.xml:945 msgid "" "This option specifies whether the responder should query all caches before " "querying the Data Providers." @@ -1503,12 +1503,12 @@ msgstr "" "опросом поставщиков данных." #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:959 +#: sssd.conf.5.xml:960 msgid "NSS configuration options" msgstr "Параметры настройки NSS" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:961 +#: sssd.conf.5.xml:962 msgid "" "These options can be used to configure the Name Service Switch (NSS) service." msgstr "" @@ -1516,12 +1516,12 @@ msgstr "" "(NSS)." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:966 +#: sssd.conf.5.xml:967 msgid "enum_cache_timeout (integer)" msgstr "enum_cache_timeout (целое число)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:969 +#: sssd.conf.5.xml:970 msgid "" "How many seconds should nss_sss cache enumerations (requests for info about " "all users)" @@ -1530,17 +1530,17 @@ msgstr "" "пользователях) в кэше nss_sss в секундах" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:973 +#: sssd.conf.5.xml:974 msgid "Default: 120" msgstr "По умолчанию: 120" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:978 +#: sssd.conf.5.xml:979 msgid "entry_cache_nowait_percentage (integer)" msgstr "entry_cache_nowait_percentage (целое число)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:981 +#: sssd.conf.5.xml:982 msgid "" "The entry cache can be set to automatically update entries in the background " "if they are requested beyond a percentage of the entry_cache_timeout value " @@ -1551,7 +1551,7 @@ msgstr "" "значения entry_cache_timeout для домена." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:987 +#: sssd.conf.5.xml:988 msgid "" "For example, if the domain's entry_cache_timeout is set to 30s and " "entry_cache_nowait_percentage is set to 50 (percent), entries that come in " @@ -1567,7 +1567,7 @@ msgstr "" "ожидании обновления кэша." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:997 +#: sssd.conf.5.xml:998 msgid "" "Valid values for this option are 0-99 and represent a percentage of the " "entry_cache_timeout for each domain. For performance reasons, this " @@ -1581,17 +1581,17 @@ msgstr "" "значения «0» отключает эту возможность." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1005 sssd.conf.5.xml:2121 +#: sssd.conf.5.xml:1006 sssd.conf.5.xml:2122 msgid "Default: 50" msgstr "По умолчанию: 50" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1010 +#: sssd.conf.5.xml:1011 msgid "entry_negative_timeout (integer)" msgstr "entry_negative_timeout (целое число)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1013 +#: sssd.conf.5.xml:1014 msgid "" "Specifies for how many seconds nss_sss should cache negative cache hits " "(that is, queries for invalid database entries, like nonexistent ones) " @@ -1603,17 +1603,17 @@ msgstr "" "серверу." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1019 sssd.conf.5.xml:1778 sssd.conf.5.xml:2145 +#: sssd.conf.5.xml:1020 sssd.conf.5.xml:1779 sssd.conf.5.xml:2146 msgid "Default: 15" msgstr "По умолчанию: 15" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1024 +#: sssd.conf.5.xml:1025 msgid "local_negative_timeout (integer)" msgstr "local_negative_timeout (целое число)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1027 +#: sssd.conf.5.xml:1028 msgid "" "Specifies for how many seconds nss_sss should keep local users and groups in " "negative cache before trying to look it up in the back end again. Setting " @@ -1625,17 +1625,17 @@ msgstr "" "возможность." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1033 +#: sssd.conf.5.xml:1034 msgid "Default: 14400 (4 hours)" msgstr "По умолчанию: 14400 (4 часа)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1038 +#: sssd.conf.5.xml:1039 msgid "filter_users, filter_groups (string)" msgstr "filter_users, filter_groups (строка)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1041 +#: sssd.conf.5.xml:1042 msgid "" "Exclude certain users or groups from being fetched from the sss NSS " "database. This is particularly useful for system accounts. This option can " @@ -1650,7 +1650,7 @@ msgstr "" "(UPN)." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1049 +#: sssd.conf.5.xml:1050 msgid "" "NOTE: The filter_groups option doesn't affect inheritance of nested group " "members, since filtering happens after they are propagated for returning via " @@ -1664,17 +1664,17 @@ msgstr "" "отфильтрованной вложенной группы." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1057 +#: sssd.conf.5.xml:1058 msgid "Default: root" msgstr "По умолчанию: root" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1062 +#: sssd.conf.5.xml:1063 msgid "filter_users_in_groups (bool)" msgstr "filter_users_in_groups (логическое значение)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1065 +#: sssd.conf.5.xml:1066 msgid "" "If you want filtered user still be group members set this option to false." msgstr "" @@ -1682,12 +1682,12 @@ msgstr "" "установите этот параметр в значение «false»." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1076 +#: sssd.conf.5.xml:1077 msgid "fallback_homedir (string)" msgstr "fallback_homedir (строка)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1079 +#: sssd.conf.5.xml:1080 msgid "" "Set a default template for a user's home directory if one is not specified " "explicitly by the domain's data provider." @@ -1696,7 +1696,7 @@ msgstr "" "явно не указан поставщиком данных домена." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1084 +#: sssd.conf.5.xml:1085 msgid "" "The available values for this option are the same as for override_homedir." msgstr "" @@ -1704,7 +1704,7 @@ msgstr "" "параметра override_homedir." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1090 +#: sssd.conf.5.xml:1091 #, no-wrap msgid "" "fallback_homedir = /home/%u\n" @@ -1714,23 +1714,23 @@ msgstr "" " " #. type: Content of: <varlistentry><listitem><para> -#: sssd.conf.5.xml:1088 sssd.conf.5.xml:1650 sssd.conf.5.xml:1669 -#: sssd.conf.5.xml:1746 sssd-krb5.5.xml:451 include/override_homedir.xml:66 +#: sssd.conf.5.xml:1089 sssd.conf.5.xml:1651 sssd.conf.5.xml:1670 +#: sssd.conf.5.xml:1747 sssd-krb5.5.xml:451 include/override_homedir.xml:66 msgid "example: <placeholder type=\"programlisting\" id=\"0\"/>" msgstr "пример: <placeholder type=\"programlisting\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1094 +#: sssd.conf.5.xml:1095 msgid "Default: not set (no substitution for unset home directories)" msgstr "По умолчанию: не задано (без замен для незаданных домашних каталогов)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1100 +#: sssd.conf.5.xml:1101 msgid "override_shell (string)" msgstr "override_shell (строка)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1103 +#: sssd.conf.5.xml:1104 msgid "" "Override the login shell for all users. This option supersedes any other " "shell options if it takes effect and can be set either in the [nss] section " @@ -1742,19 +1742,19 @@ msgstr "" "домена отдельно." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1109 +#: sssd.conf.5.xml:1110 msgid "Default: not set (SSSD will use the value retrieved from LDAP)" msgstr "" "По умолчанию: не задано (SSSD будет использовать значение, полученное от " "LDAP)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1115 +#: sssd.conf.5.xml:1116 msgid "allowed_shells (string)" msgstr "allowed_shells (строка)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1118 +#: sssd.conf.5.xml:1119 msgid "" "Restrict user shell to one of the listed values. The order of evaluation is:" msgstr "" @@ -1762,14 +1762,14 @@ msgstr "" "Порядок вычисления:" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1121 +#: sssd.conf.5.xml:1122 msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used." msgstr "" "1. Если оболочка присутствует в файле <quote>/etc/shells</quote>, будет " "использована она." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1125 +#: sssd.conf.5.xml:1126 msgid "" "2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</" "quote>, use the value of the shell_fallback parameter." @@ -1778,7 +1778,7 @@ msgstr "" "etc/shells</quote>, использовать значение параметра shell_fallback." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1130 +#: sssd.conf.5.xml:1131 msgid "" "3. If the shell is not in the allowed_shells list and not in <quote>/etc/" "shells</quote>, a nologin shell is used." @@ -1787,14 +1787,14 @@ msgstr "" "shells</quote>, будет использована оболочка, которая не требует входа." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1135 +#: sssd.conf.5.xml:1136 msgid "The wildcard (*) can be used to allow any shell." msgstr "" "Чтобы разрешить использование любой оболочки, можно использовать " "подстановочный знак (*)." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1138 +#: sssd.conf.5.xml:1139 msgid "" "The (*) is useful if you want to use shell_fallback in case that user's " "shell is not in <quote>/etc/shells</quote> and maintaining list of all " @@ -1805,12 +1805,12 @@ msgstr "" "ведение списка всех разрешённых оболочек в allowed_shells было бы излишним." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1145 +#: sssd.conf.5.xml:1146 msgid "An empty string for shell is passed as-is to libc." msgstr "Пустая строка оболочки передаётся libc «как есть»." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1148 +#: sssd.conf.5.xml:1149 msgid "" "The <quote>/etc/shells</quote> is only read on SSSD start up, which means " "that a restart of the SSSD is required in case a new shell is installed." @@ -1819,28 +1819,28 @@ msgstr "" "Следовательно, в случае установки новой оболочки потребуется перезапуск SSSD." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1152 +#: sssd.conf.5.xml:1153 msgid "Default: Not set. The user shell is automatically used." msgstr "" "По умолчанию: не задано. Автоматически используется оболочка пользователя." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1157 +#: sssd.conf.5.xml:1158 msgid "vetoed_shells (string)" msgstr "vetoed_shells (строка)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1160 +#: sssd.conf.5.xml:1161 msgid "Replace any instance of these shells with the shell_fallback" msgstr "Заменять все экземпляры этих оболочек на shell_fallback" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1165 +#: sssd.conf.5.xml:1166 msgid "shell_fallback (string)" msgstr "shell_fallback (строка)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1168 +#: sssd.conf.5.xml:1169 msgid "" "The default shell to use if an allowed shell is not installed on the machine." msgstr "" @@ -1848,17 +1848,17 @@ msgstr "" "оболочка не установлена на компьютере." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1172 +#: sssd.conf.5.xml:1173 msgid "Default: /bin/sh" msgstr "По умолчанию: /bin/sh" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1177 +#: sssd.conf.5.xml:1178 msgid "default_shell" msgstr "default_shell" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1180 +#: sssd.conf.5.xml:1181 msgid "" "The default shell to use if the provider does not return one during lookup. " "This option can be specified globally in the [nss] section or per-domain." @@ -1868,7 +1868,7 @@ msgstr "" "разделе [nss] или для каждого домена отдельно." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1186 +#: sssd.conf.5.xml:1187 msgid "" "Default: not set (Return NULL if no shell is specified and rely on libc to " "substitute something sensible when necessary, usually /bin/sh)" @@ -1877,12 +1877,12 @@ msgstr "" "положиться на libc в плане подстановки подходящего варианта, обычно /bin/sh)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1193 sssd.conf.5.xml:1576 +#: sssd.conf.5.xml:1194 sssd.conf.5.xml:1577 msgid "get_domains_timeout (int)" msgstr "get_domains_timeout (целое число)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1196 sssd.conf.5.xml:1579 +#: sssd.conf.5.xml:1197 sssd.conf.5.xml:1580 msgid "" "Specifies time in seconds for which the list of subdomains will be " "considered valid." @@ -1891,12 +1891,12 @@ msgstr "" "действительным." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1205 +#: sssd.conf.5.xml:1206 msgid "memcache_timeout (integer)" msgstr "memcache_timeout (целое число)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1208 +#: sssd.conf.5.xml:1209 msgid "" "Specifies time in seconds for which records in the in-memory cache will be " "valid. Setting this option to zero will disable the in-memory cache." @@ -1906,7 +1906,7 @@ msgstr "" "отключит кэш в памяти." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1216 +#: sssd.conf.5.xml:1217 msgid "" "WARNING: Disabling the in-memory cache will have significant negative impact " "on SSSD's performance and should only be used for testing." @@ -1916,8 +1916,8 @@ msgstr "" "только для тестирования." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1222 sssd.conf.5.xml:1247 sssd.conf.5.xml:1272 -#: sssd.conf.5.xml:1297 sssd.conf.5.xml:1324 +#: sssd.conf.5.xml:1223 sssd.conf.5.xml:1248 sssd.conf.5.xml:1273 +#: sssd.conf.5.xml:1298 sssd.conf.5.xml:1325 msgid "" "NOTE: If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", " "client applications will not use the fast in-memory cache." @@ -1927,12 +1927,12 @@ msgstr "" "памяти." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1230 +#: sssd.conf.5.xml:1231 msgid "memcache_size_passwd (integer)" msgstr "memcache_size_passwd (целое число)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1233 +#: sssd.conf.5.xml:1234 msgid "" "Size (in megabytes) of the data table allocated inside fast in-memory cache " "for passwd requests. Setting the size to 0 will disable the passwd in-" @@ -1943,13 +1943,13 @@ msgstr "" "памяти для запросов passwd." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1239 sssd.conf.5.xml:2963 sssd-ldap.5.xml:548 +#: sssd.conf.5.xml:1240 sssd.conf.5.xml:2964 sssd-ldap.5.xml:548 msgid "Default: 8" msgstr "По умолчанию: 8" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1242 sssd.conf.5.xml:1267 sssd.conf.5.xml:1292 -#: sssd.conf.5.xml:1319 +#: sssd.conf.5.xml:1243 sssd.conf.5.xml:1268 sssd.conf.5.xml:1293 +#: sssd.conf.5.xml:1320 msgid "" "WARNING: Disabled or too small in-memory cache can have significant negative " "impact on SSSD's performance." @@ -1958,12 +1958,12 @@ msgstr "" "значительное негативное воздействие на производительность SSSD." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1255 +#: sssd.conf.5.xml:1256 msgid "memcache_size_group (integer)" msgstr "memcache_size_group (целое число)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1258 +#: sssd.conf.5.xml:1259 msgid "" "Size (in megabytes) of the data table allocated inside fast in-memory cache " "for group requests. Setting the size to 0 will disable the group in-memory " @@ -1974,19 +1974,19 @@ msgstr "" "памяти для запросов group." #. type: Content of: <variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1264 sssd.conf.5.xml:1316 sssd.conf.5.xml:3729 +#: sssd.conf.5.xml:1265 sssd.conf.5.xml:1317 sssd.conf.5.xml:3730 #: sssd-ldap.5.xml:473 sssd-ldap.5.xml:525 include/failover.xml:116 #: include/krb5_options.xml:11 msgid "Default: 6" msgstr "По умолчанию: 6" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1280 +#: sssd.conf.5.xml:1281 msgid "memcache_size_initgroups (integer)" msgstr "memcache_size_initgroups (целое число)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1283 +#: sssd.conf.5.xml:1284 msgid "" "Size (in megabytes) of the data table allocated inside fast in-memory cache " "for initgroups requests. Setting the size to 0 will disable the initgroups " @@ -1997,12 +1997,12 @@ msgstr "" "отключит кэш в памяти для запросов групп инициализации." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1305 +#: sssd.conf.5.xml:1306 msgid "memcache_size_sid (integer)" msgstr "memcache_size_sid (целое число)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1308 +#: sssd.conf.5.xml:1309 msgid "" "Size (in megabytes) of the data table allocated inside fast in-memory cache " "for SID related requests. Only SID-by-ID and ID-by-SID requests are " @@ -2015,12 +2015,12 @@ msgstr "" "размера в значение «0» отключит кэш SID в памяти." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1332 sssd-ifp.5.xml:90 +#: sssd.conf.5.xml:1333 sssd-ifp.5.xml:90 msgid "user_attributes (string)" msgstr "user_attributes (строка)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1335 +#: sssd.conf.5.xml:1336 msgid "" "Some of the additional NSS responder requests can return more attributes " "than just the POSIX ones defined by the NSS interface. The list of " @@ -2037,7 +2037,7 @@ msgstr "" "manvolnum> </citerefentry>), но без стандартных значений." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1348 +#: sssd.conf.5.xml:1349 msgid "" "To make configuration more easy the NSS responder will check the InfoPipe " "option if it is not set for the NSS responder." @@ -2046,17 +2046,17 @@ msgstr "" "ли он для ответчика NSS." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1353 +#: sssd.conf.5.xml:1354 msgid "Default: not set, fallback to InfoPipe option" msgstr "По умолчанию: не задано, использовать параметр InfoPipe" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1358 +#: sssd.conf.5.xml:1359 msgid "pwfield (string)" msgstr "pwfield (строка)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1361 +#: sssd.conf.5.xml:1362 msgid "" "The value that NSS operations that return users or groups will return for " "the <quote>password</quote> field." @@ -2065,12 +2065,12 @@ msgstr "" "вернут для поля <quote>password</quote>." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1366 +#: sssd.conf.5.xml:1367 msgid "Default: <quote>*</quote>" msgstr "По умолчанию: <quote>*</quote>" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1369 +#: sssd.conf.5.xml:1370 msgid "" "Note: This option can also be set per-domain which overwrites the value in " "[nss] section." @@ -2079,7 +2079,7 @@ msgstr "" "что будет иметь приоритет над значением в разделе [nss]." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1373 +#: sssd.conf.5.xml:1374 #, fuzzy #| msgid "" #| "Default: <quote>not set</quote> (remote domains), <quote>x</quote> (the " @@ -2096,12 +2096,12 @@ msgstr "" "shadowutils)" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:1385 +#: sssd.conf.5.xml:1386 msgid "PAM configuration options" msgstr "Параметры настройки PAM" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:1387 +#: sssd.conf.5.xml:1388 msgid "" "These options can be used to configure the Pluggable Authentication Module " "(PAM) service." @@ -2110,12 +2110,12 @@ msgstr "" "проверки подлинности (PAM)." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1392 +#: sssd.conf.5.xml:1393 msgid "offline_credentials_expiration (integer)" msgstr "offline_credentials_expiration (целое число)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1395 +#: sssd.conf.5.xml:1396 msgid "" "If the authentication provider is offline, how long should we allow cached " "logins (in days since the last successful online login)." @@ -2125,17 +2125,17 @@ msgstr "" "момента последнего успешного входа)." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1400 sssd.conf.5.xml:1413 +#: sssd.conf.5.xml:1401 sssd.conf.5.xml:1414 msgid "Default: 0 (No limit)" msgstr "По умолчанию: 0 (без ограничений)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1406 +#: sssd.conf.5.xml:1407 msgid "offline_failed_login_attempts (integer)" msgstr "offline_failed_login_attempts (целое число)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1409 +#: sssd.conf.5.xml:1410 msgid "" "If the authentication provider is offline, how many failed login attempts " "are allowed." @@ -2144,12 +2144,12 @@ msgstr "" "режиме, сколько следует допускать неудачных попыток входа." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1419 +#: sssd.conf.5.xml:1420 msgid "offline_failed_login_delay (integer)" msgstr "offline_failed_login_delay (целое число)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1422 +#: sssd.conf.5.xml:1423 msgid "" "The time in minutes which has to pass after offline_failed_login_attempts " "has been reached before a new login attempt is possible." @@ -2159,7 +2159,7 @@ msgstr "" "входа." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1427 +#: sssd.conf.5.xml:1428 msgid "" "If set to 0 the user cannot authenticate offline if " "offline_failed_login_attempts has been reached. Only a successful online " @@ -2171,17 +2171,17 @@ msgstr "" "возможной, необходимо успешно пройти проверку подлинности в сетевом режиме." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1433 sssd.conf.5.xml:1543 +#: sssd.conf.5.xml:1434 sssd.conf.5.xml:1544 msgid "Default: 5" msgstr "По умолчанию: 5" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1439 +#: sssd.conf.5.xml:1440 msgid "pam_verbosity (integer)" msgstr "pam_verbosity (целое число)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1442 +#: sssd.conf.5.xml:1443 msgid "" "Controls what kind of messages are shown to the user during authentication. " "The higher the number to more messages are displayed." @@ -2190,43 +2190,43 @@ msgstr "" "подлинности. Чем больше число, тем больше сообщений будет показано." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1447 +#: sssd.conf.5.xml:1448 msgid "Currently sssd supports the following values:" msgstr "В настоящее время sssd поддерживает следующие значения:" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1450 +#: sssd.conf.5.xml:1451 msgid "<emphasis>0</emphasis>: do not show any message" msgstr "<emphasis>0</emphasis>: не показывать никаких сообщений" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1453 +#: sssd.conf.5.xml:1454 msgid "<emphasis>1</emphasis>: show only important messages" msgstr "<emphasis>1</emphasis>: показывать только важные сообщения" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1457 +#: sssd.conf.5.xml:1458 msgid "<emphasis>2</emphasis>: show informational messages" msgstr "<emphasis>2</emphasis>: показывать информационные сообщения" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1460 +#: sssd.conf.5.xml:1461 msgid "<emphasis>3</emphasis>: show all messages and debug information" msgstr "" "<emphasis>3</emphasis>: показывать все сообщения и отладочную информацию" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1464 sssd.8.xml:63 +#: sssd.conf.5.xml:1465 sssd.8.xml:63 msgid "Default: 1" msgstr "По умолчанию: 1" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1470 +#: sssd.conf.5.xml:1471 msgid "pam_response_filter (string)" msgstr "pam_response_filter (строка)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1473 +#: sssd.conf.5.xml:1474 msgid "" "A comma separated list of strings which allows to remove (filter) data sent " "by the PAM responder to pam_sss PAM module. There are different kind of " @@ -2240,7 +2240,7 @@ msgstr "" "установлены pam_sss)." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1481 +#: sssd.conf.5.xml:1482 msgid "" "While messages already can be controlled with the help of the pam_verbosity " "option this option allows to filter out other kind of responses as well." @@ -2249,37 +2249,37 @@ msgstr "" "параметр позволяет отфильтровать также и другие типы ответов." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1488 +#: sssd.conf.5.xml:1489 msgid "ENV" msgstr "ENV" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1489 +#: sssd.conf.5.xml:1490 msgid "Do not send any environment variables to any service." msgstr "Не отправлять никаким службам никакие переменные среды." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1492 +#: sssd.conf.5.xml:1493 msgid "ENV:var_name" msgstr "ENV:var_name" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1493 +#: sssd.conf.5.xml:1494 msgid "Do not send environment variable var_name to any service." msgstr "Не отправлять переменную среды var_name никаким службам." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1497 +#: sssd.conf.5.xml:1498 msgid "ENV:var_name:service" msgstr "ENV:var_name:service" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1498 +#: sssd.conf.5.xml:1499 msgid "Do not send environment variable var_name to service." msgstr "Не отправлять переменную среды var_name указанной службе." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1486 +#: sssd.conf.5.xml:1487 msgid "" "Currently the following filters are supported: <placeholder " "type=\"variablelist\" id=\"0\"/>" @@ -2288,7 +2288,7 @@ msgstr "" "type=\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1505 +#: sssd.conf.5.xml:1506 msgid "" "The list of strings can either be the list of filters which would set this " "list of filters and overwrite the defaults. Or each element of the list can " @@ -2306,23 +2306,23 @@ msgstr "" "префикса только для части элементов списка считается ошибкой." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1516 +#: sssd.conf.5.xml:1517 msgid "Default: ENV:KRB5CCNAME:sudo, ENV:KRB5CCNAME:sudo-i" msgstr "По умолчанию: ENV:KRB5CCNAME:sudo, ENV:KRB5CCNAME:sudo-i" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1519 +#: sssd.conf.5.xml:1520 msgid "" "Example: -ENV:KRB5CCNAME:sudo-i will remove the filter from the default list" msgstr "Пример: -ENV:KRB5CCNAME:sudo-i удалит фильтр из списка стандартных" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1526 +#: sssd.conf.5.xml:1527 msgid "pam_id_timeout (integer)" msgstr "pam_id_timeout (целое число)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1529 +#: sssd.conf.5.xml:1530 msgid "" "For any PAM request while SSSD is online, the SSSD will attempt to " "immediately update the cached identity information for the user in order to " @@ -2334,7 +2334,7 @@ msgstr "" "данные." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1535 +#: sssd.conf.5.xml:1536 msgid "" "A complete PAM conversation may perform multiple PAM requests, such as " "account management and session opening. This option controls (on a per-" @@ -2348,17 +2348,17 @@ msgstr "" "обменов данными с поставщиком данных идентификации." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1549 +#: sssd.conf.5.xml:1550 msgid "pam_pwd_expiration_warning (integer)" msgstr "pam_pwd_expiration_warning (целое число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1552 sssd.conf.5.xml:2987 +#: sssd.conf.5.xml:1553 sssd.conf.5.xml:2988 msgid "Display a warning N days before the password expires." msgstr "Показать предупреждение за N дней до истечения срока действия пароля." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1555 +#: sssd.conf.5.xml:1556 msgid "" "Please note that the backend server has to provide information about the " "expiration time of the password. If this information is missing, sssd " @@ -2369,7 +2369,7 @@ msgstr "" "сможет показать предупреждение." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1561 sssd.conf.5.xml:2990 +#: sssd.conf.5.xml:1562 sssd.conf.5.xml:2991 msgid "" "If zero is set, then this filter is not applied, i.e. if the expiration " "warning was received from backend server, it will automatically be displayed." @@ -2379,7 +2379,7 @@ msgstr "" "показано автоматически." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1566 +#: sssd.conf.5.xml:1567 msgid "" "This setting can be overridden by setting <emphasis>pwd_expiration_warning</" "emphasis> for a particular domain." @@ -2388,17 +2388,17 @@ msgstr "" "<emphasis>pwd_expiration_warning</emphasis> для конкретного домена." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1571 sssd.conf.5.xml:3976 sssd-ldap.5.xml:606 sssd.8.xml:79 +#: sssd.conf.5.xml:1572 sssd.conf.5.xml:3977 sssd-ldap.5.xml:606 sssd.8.xml:79 msgid "Default: 0" msgstr "По умолчанию: 0" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1588 +#: sssd.conf.5.xml:1589 msgid "pam_trusted_users (string)" msgstr "pam_trusted_users (строка)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1591 +#: sssd.conf.5.xml:1592 msgid "" "Specifies the comma-separated list of UID values or user names that are " "allowed to run PAM conversations against trusted domains. Users not " @@ -2413,12 +2413,12 @@ msgstr "" "quote>. Имена пользователей разрешаются в UID при запуске." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1601 +#: sssd.conf.5.xml:1602 msgid "Default: All users are considered trusted by default" msgstr "По умолчанию: все пользователи считаются доверенными по умолчанию" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1605 +#: sssd.conf.5.xml:1606 msgid "" "Please note that UID 0 is always allowed to access the PAM responder even in " "case it is not in the pam_trusted_users list." @@ -2427,12 +2427,12 @@ msgstr "" "если этот идентификатор пользователя отсутствует в списке pam_trusted_users." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1612 +#: sssd.conf.5.xml:1613 msgid "pam_public_domains (string)" msgstr "pam_public_domains (строка)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1615 +#: sssd.conf.5.xml:1616 msgid "" "Specifies the comma-separated list of domain names that are accessible even " "to untrusted users." @@ -2441,12 +2441,12 @@ msgstr "" "недоверенных пользователей." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1619 +#: sssd.conf.5.xml:1620 msgid "Two special values for pam_public_domains option are defined:" msgstr "Для параметра pam_public_domains определены два специальных значения:" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1623 +#: sssd.conf.5.xml:1624 msgid "" "all (Untrusted users are allowed to access all domains in PAM responder.)" msgstr "" @@ -2454,7 +2454,7 @@ msgstr "" "PAM)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1627 +#: sssd.conf.5.xml:1628 msgid "" "none (Untrusted users are not allowed to access any domains PAM in " "responder.)" @@ -2463,19 +2463,19 @@ msgstr "" "PAM)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1631 sssd.conf.5.xml:1656 sssd.conf.5.xml:1675 -#: sssd.conf.5.xml:1912 sssd.conf.5.xml:2732 sssd.conf.5.xml:3905 +#: sssd.conf.5.xml:1632 sssd.conf.5.xml:1657 sssd.conf.5.xml:1676 +#: sssd.conf.5.xml:1913 sssd.conf.5.xml:2733 sssd.conf.5.xml:3906 #: sssd-ldap.5.xml:1207 msgid "Default: none" msgstr "По умолчанию: none" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1636 +#: sssd.conf.5.xml:1637 msgid "pam_account_expired_message (string)" msgstr "pam_account_expired_message (строка)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1639 +#: sssd.conf.5.xml:1640 msgid "" "Allows a custom expiration message to be set, replacing the default " "'Permission denied' message." @@ -2484,7 +2484,7 @@ msgstr "" "которое заменит стандартное сообщение «Доступ запрещён»." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1644 +#: sssd.conf.5.xml:1645 msgid "" "Note: Please be aware that message is only printed for the SSH service " "unless pam_verbosity is set to 3 (show all messages and debug information)." @@ -2494,7 +2494,7 @@ msgstr "" "«3» (показывать все сообщения и отладочную информацию)." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1652 +#: sssd.conf.5.xml:1653 #, no-wrap msgid "" "pam_account_expired_message = Account expired, please contact help desk.\n" @@ -2504,12 +2504,12 @@ msgstr "" " " #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1661 +#: sssd.conf.5.xml:1662 msgid "pam_account_locked_message (string)" msgstr "pam_account_locked_message (строка)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1664 +#: sssd.conf.5.xml:1665 msgid "" "Allows a custom lockout message to be set, replacing the default 'Permission " "denied' message." @@ -2518,7 +2518,7 @@ msgstr "" "стандартное сообщение «Доступ запрещён»." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1671 +#: sssd.conf.5.xml:1672 #, no-wrap msgid "" "pam_account_locked_message = Account locked, please contact help desk.\n" @@ -2528,19 +2528,19 @@ msgstr "" " " #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1680 +#: sssd.conf.5.xml:1681 #, fuzzy #| msgid "pam_cert_auth (bool)" msgid "pam_passkey_auth (bool)" msgstr "pam_cert_auth (логическое значение)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1683 +#: sssd.conf.5.xml:1684 msgid "Enable passkey device based authentication." msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1686 sssd.conf.5.xml:1697 sssd.conf.5.xml:1711 +#: sssd.conf.5.xml:1687 sssd.conf.5.xml:1698 sssd.conf.5.xml:1712 #: sssd-ldap.5.xml:671 sssd-ldap.5.xml:692 sssd-ldap.5.xml:788 #: sssd-ldap.5.xml:1293 sssd-ad.5.xml:505 sssd-ad.5.xml:581 sssd-ad.5.xml:1126 #: sssd-ad.5.xml:1175 include/ldap_id_mapping.xml:250 @@ -2548,22 +2548,22 @@ msgid "Default: False" msgstr "По умолчанию: false" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1691 +#: sssd.conf.5.xml:1692 msgid "passkey_debug_libfido2 (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1694 +#: sssd.conf.5.xml:1695 msgid "Enable libfido2 library debug messages." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1702 +#: sssd.conf.5.xml:1703 msgid "pam_cert_auth (bool)" msgstr "pam_cert_auth (логическое значение)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1705 +#: sssd.conf.5.xml:1706 msgid "" "Enable certificate based Smartcard authentication. Since this requires " "additional communication with the Smartcard which will delay the " @@ -2574,22 +2574,22 @@ msgstr "" "задержит процесс проверки подлинности, по умолчанию этот параметр отключён." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1716 +#: sssd.conf.5.xml:1717 msgid "pam_cert_db_path (string)" msgstr "pam_cert_db_path (строка)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1719 +#: sssd.conf.5.xml:1720 msgid "The path to the certificate database." msgstr "Путь к базе данных сертификатов." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1722 sssd.conf.5.xml:2247 sssd.conf.5.xml:4308 +#: sssd.conf.5.xml:1723 sssd.conf.5.xml:2248 sssd.conf.5.xml:4354 msgid "Default:" msgstr "По умолчанию:" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1724 sssd.conf.5.xml:2249 +#: sssd.conf.5.xml:1725 sssd.conf.5.xml:2250 msgid "" "/etc/sssd/pki/sssd_auth_ca_db.pem (path to a file with trusted CA " "certificates in PEM format)" @@ -2598,12 +2598,12 @@ msgstr "" "CA в формате PEM)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1734 +#: sssd.conf.5.xml:1735 msgid "pam_cert_verification (string)" msgstr "pam_cert_verification (строка)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1737 +#: sssd.conf.5.xml:1738 msgid "" "With this parameter the PAM certificate verification can be tuned with a " "comma separated list of options that override the " @@ -2618,7 +2618,7 @@ msgstr "" "<quote>certificate_verification</quote>." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1748 +#: sssd.conf.5.xml:1749 #, no-wrap msgid "" "pam_cert_verification = partial_chain\n" @@ -2628,7 +2628,7 @@ msgstr "" " " #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1752 +#: sssd.conf.5.xml:1753 msgid "" "Default: not set, i.e. use default <quote>certificate_verification</quote> " "option defined in <quote>[sssd]</quote> section." @@ -2638,26 +2638,26 @@ msgstr "" "quote>." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1759 +#: sssd.conf.5.xml:1760 msgid "p11_child_timeout (integer)" msgstr "p11_child_timeout (целое число)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1762 +#: sssd.conf.5.xml:1763 msgid "How many seconds will pam_sss wait for p11_child to finish." msgstr "" "Разрешённое количество секунд, в течение которого pam_sss ожидает завершения " "работы p11_child." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1771 +#: sssd.conf.5.xml:1772 #, fuzzy #| msgid "p11_child_timeout (integer)" msgid "passkey_child_timeout (integer)" msgstr "p11_child_timeout (целое число)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1774 +#: sssd.conf.5.xml:1775 #, fuzzy #| msgid "How many seconds will pam_sss wait for p11_child to finish." msgid "" @@ -2667,12 +2667,12 @@ msgstr "" "работы p11_child." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1783 +#: sssd.conf.5.xml:1784 msgid "pam_app_services (string)" msgstr "pam_app_services (строка)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1786 +#: sssd.conf.5.xml:1787 msgid "" "Which PAM services are permitted to contact domains of type " "<quote>application</quote>" @@ -2681,12 +2681,12 @@ msgstr "" "типа <quote>application</quote>" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1795 +#: sssd.conf.5.xml:1796 msgid "pam_p11_allowed_services (integer)" msgstr "pam_p11_allowed_services (целое число)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1798 +#: sssd.conf.5.xml:1799 msgid "" "A comma-separated list of PAM service names for which it will be allowed to " "use Smartcards." @@ -2695,7 +2695,7 @@ msgstr "" "использовать смарт-карты." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1813 +#: sssd.conf.5.xml:1814 #, no-wrap msgid "" "pam_p11_allowed_services = +my_pam_service, -login\n" @@ -2705,7 +2705,7 @@ msgstr "" " " #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1802 +#: sssd.conf.5.xml:1803 msgid "" "It is possible to add another PAM service name to the default set by using " "<quote>+service_name</quote> or to explicitly remove a PAM service name from " @@ -2724,63 +2724,63 @@ msgstr "" "конфигурацию: <placeholder type=\"programlisting\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1817 sssd-ad.5.xml:644 sssd-ad.5.xml:753 sssd-ad.5.xml:811 +#: sssd.conf.5.xml:1818 sssd-ad.5.xml:644 sssd-ad.5.xml:753 sssd-ad.5.xml:811 #: sssd-ad.5.xml:869 sssd-ad.5.xml:947 msgid "Default: the default set of PAM service names includes:" msgstr "По умолчанию: стандартный набор имён служб PAM включает:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1822 sssd-ad.5.xml:648 +#: sssd.conf.5.xml:1823 sssd-ad.5.xml:648 msgid "login" msgstr "login" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1827 sssd-ad.5.xml:653 +#: sssd.conf.5.xml:1828 sssd-ad.5.xml:653 msgid "su" msgstr "su" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1832 sssd-ad.5.xml:658 +#: sssd.conf.5.xml:1833 sssd-ad.5.xml:658 msgid "su-l" msgstr "su-l" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1837 sssd-ad.5.xml:673 +#: sssd.conf.5.xml:1838 sssd-ad.5.xml:673 msgid "gdm-smartcard" msgstr "gdm-smartcard" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1842 sssd-ad.5.xml:668 +#: sssd.conf.5.xml:1843 sssd-ad.5.xml:668 msgid "gdm-password" msgstr "gdm-password" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1847 sssd-ad.5.xml:678 +#: sssd.conf.5.xml:1848 sssd-ad.5.xml:678 msgid "kdm" msgstr "kdm" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1852 sssd-ad.5.xml:956 +#: sssd.conf.5.xml:1853 sssd-ad.5.xml:956 msgid "sudo" msgstr "sudo" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1857 sssd-ad.5.xml:961 +#: sssd.conf.5.xml:1858 sssd-ad.5.xml:961 msgid "sudo-i" msgstr "sudo-i" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1862 +#: sssd.conf.5.xml:1863 msgid "gnome-screensaver" msgstr "gnome-screensaver" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1870 +#: sssd.conf.5.xml:1871 msgid "p11_wait_for_card_timeout (integer)" msgstr "p11_wait_for_card_timeout (целое число)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1873 +#: sssd.conf.5.xml:1874 msgid "" "If Smartcard authentication is required how many extra seconds in addition " "to p11_child_timeout should the PAM responder wait until a Smartcard is " @@ -2791,12 +2791,12 @@ msgstr "" "p11_child_timeout) ответчик PAM должен ожидать вставки смарт-карты." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1884 +#: sssd.conf.5.xml:1885 msgid "p11_uri (string)" msgstr "p11_uri (строка)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1887 +#: sssd.conf.5.xml:1888 msgid "" "PKCS#11 URI (see RFC-7512 for details) which can be used to restrict the " "selection of devices used for Smartcard authentication. By default SSSD's " @@ -2814,7 +2814,7 @@ msgstr "" "чтения." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1900 +#: sssd.conf.5.xml:1901 #, no-wrap msgid "" "p11_uri = pkcs11:slot-description=My%20Smartcard%20Reader\n" @@ -2824,7 +2824,7 @@ msgstr "" " " #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1904 +#: sssd.conf.5.xml:1905 #, no-wrap msgid "" "p11_uri = pkcs11:library-description=OpenSC%20smartcard%20framework;slot-id=2\n" @@ -2834,7 +2834,7 @@ msgstr "" " " #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1898 +#: sssd.conf.5.xml:1899 msgid "" "Example: <placeholder type=\"programlisting\" id=\"0\"/> or <placeholder " "type=\"programlisting\" id=\"1\"/> To find suitable URI please check the " @@ -2848,17 +2848,17 @@ msgstr "" "URI PKCS#11." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1917 +#: sssd.conf.5.xml:1918 msgid "pam_initgroups_scheme" msgstr "pam_initgroups_scheme" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1925 +#: sssd.conf.5.xml:1926 msgid "always" msgstr "always" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1926 +#: sssd.conf.5.xml:1927 msgid "" "Always do an online lookup, please note that pam_id_timeout still applies" msgstr "" @@ -2866,12 +2866,12 @@ msgstr "" "pam_id_timeout всё равно применяется)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1930 +#: sssd.conf.5.xml:1931 msgid "no_session" msgstr "no_session" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1931 +#: sssd.conf.5.xml:1932 msgid "" "Only do an online lookup if there is no active session of the user, i.e. if " "the user is currently not logged in" @@ -2880,12 +2880,12 @@ msgstr "" "то есть тогда, когда пользователь не находится в системе" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1936 +#: sssd.conf.5.xml:1937 msgid "never" msgstr "never" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1937 +#: sssd.conf.5.xml:1938 msgid "" "Never force an online lookup, use the data from the cache as long as they " "are not expired" @@ -2894,7 +2894,7 @@ msgstr "" "до тех пор, пока они не устареют" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1920 +#: sssd.conf.5.xml:1921 msgid "" "The PAM responder can force an online lookup to get the current group " "memberships of the user trying to log in. This option controls when this " @@ -2907,17 +2907,17 @@ msgstr "" "допустимые значения: <placeholder type=\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1944 +#: sssd.conf.5.xml:1945 msgid "Default: no_session" msgstr "По умолчанию: no_session" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1949 sssd.conf.5.xml:4247 +#: sssd.conf.5.xml:1950 sssd.conf.5.xml:4293 msgid "pam_gssapi_services" msgstr "pam_gssapi_services" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1952 +#: sssd.conf.5.xml:1953 msgid "" "Comma separated list of PAM services that are allowed to try GSSAPI " "authentication using pam_sss_gss.so module." @@ -2926,7 +2926,7 @@ msgstr "" "проверку подлинности по GSSAPI с помощью модуля pam_sss_gss.so." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1957 +#: sssd.conf.5.xml:1958 msgid "" "To disable GSSAPI authentication, set this option to <quote>-</quote> (dash)." msgstr "" @@ -2934,7 +2934,7 @@ msgstr "" "параметр в значение <quote>-</quote> (дефис)." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1961 sssd.conf.5.xml:1992 sssd.conf.5.xml:2030 +#: sssd.conf.5.xml:1962 sssd.conf.5.xml:1993 sssd.conf.5.xml:2031 msgid "" "Note: This option can also be set per-domain which overwrites the value in " "[pam] section. It can also be set for trusted domain which overwrites the " @@ -2946,7 +2946,7 @@ msgstr "" "в разделе домена." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1969 +#: sssd.conf.5.xml:1970 #, no-wrap msgid "" "pam_gssapi_services = sudo, sudo-i\n" @@ -2956,22 +2956,22 @@ msgstr "" " " #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1967 sssd.conf.5.xml:3899 +#: sssd.conf.5.xml:1968 sssd.conf.5.xml:3900 msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>" msgstr "Пример: <placeholder type=\"programlisting\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1973 +#: sssd.conf.5.xml:1974 msgid "Default: - (GSSAPI authentication is disabled)" msgstr "По умолчанию: - (проверка подлинности с помощью GSSAPI отключена)" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1978 sssd.conf.5.xml:4248 +#: sssd.conf.5.xml:1979 sssd.conf.5.xml:4294 msgid "pam_gssapi_check_upn" msgstr "pam_gssapi_check_upn" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1981 +#: sssd.conf.5.xml:1982 msgid "" "If True, SSSD will require that the Kerberos user principal that " "successfully authenticated through GSSAPI can be associated with the user " @@ -2983,7 +2983,7 @@ msgstr "" "такой привязки нет, проверка подлинности завершится ошибкой." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1988 +#: sssd.conf.5.xml:1989 msgid "" "If False, every user that is able to obtained required service ticket will " "be authenticated." @@ -2992,18 +2992,18 @@ msgstr "" "пользователей, получивших необходимый билет службы." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1998 sssd-ad.5.xml:1266 sss_rpcidmapd.5.xml:76 +#: sssd.conf.5.xml:1999 sssd-ad.5.xml:1266 sss_rpcidmapd.5.xml:76 #: sssd-files.5.xml:145 msgid "Default: True" msgstr "По умолчанию: true" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2003 +#: sssd.conf.5.xml:2004 msgid "pam_gssapi_indicators_map" msgstr "pam_gssapi_indicators_map" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2006 +#: sssd.conf.5.xml:2007 msgid "" "Comma separated list of authentication indicators required to be present in " "a Kerberos ticket to access a PAM service that is allowed to try GSSAPI " @@ -3015,7 +3015,7 @@ msgstr "" "pam_sss_gss.so." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2012 +#: sssd.conf.5.xml:2013 msgid "" "Each element of the list can be either an authentication indicator name or a " "pair <quote>service:indicator</quote>. Indicators not prefixed with the PAM " @@ -3042,7 +3042,7 @@ msgstr "" "доступ." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2025 +#: sssd.conf.5.xml:2026 msgid "" "To disable GSSAPI authentication indicator check, set this option to <quote>-" "</quote> (dash). To disable the check for a specific PAM service, add " @@ -3054,7 +3054,7 @@ msgstr "" "<quote>service:-</quote>." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2036 +#: sssd.conf.5.xml:2037 msgid "" "Following authentication indicators are supported by IPA Kerberos " "deployments:" @@ -3063,7 +3063,7 @@ msgstr "" "индикаторов проверки подлинности:" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2039 +#: sssd.conf.5.xml:2040 msgid "" "pkinit -- pre-authentication using X.509 certificates -- whether stored in " "files or on smart cards." @@ -3072,7 +3072,7 @@ msgstr "" "которые хранятся в файлах или на смарт-картах." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2042 +#: sssd.conf.5.xml:2043 msgid "" "hardened -- SPAKE pre-authentication or any pre-authentication wrapped in a " "FAST channel." @@ -3081,13 +3081,13 @@ msgstr "" "предварительная проверка подлинности, помещённая в канал FAST." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2045 +#: sssd.conf.5.xml:2046 msgid "radius -- pre-authentication with the help of a RADIUS server." msgstr "" "radius — предварительная проверка подлинности с помощью сервера RADIUS." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2048 +#: sssd.conf.5.xml:2049 msgid "" "otp -- pre-authentication using integrated two-factor authentication (2FA or " "one-time password, OTP) in IPA." @@ -3096,14 +3096,14 @@ msgstr "" "двухфакторной аутентификации (2FA или одноразовый пароль, OTP) в IPA." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2051 +#: sssd.conf.5.xml:2052 msgid "idp -- pre-authentication using external identity provider." msgstr "" "idp -- предварительная аутентификация с использованием внешнего поставщика " "удостоверений." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:2061 +#: sssd.conf.5.xml:2062 #, no-wrap msgid "" "pam_gssapi_indicators_map = sudo:pkinit, sudo-i:pkinit\n" @@ -3113,7 +3113,7 @@ msgstr "" " " #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2056 +#: sssd.conf.5.xml:2057 msgid "" "Example: to require access to SUDO services only for users which obtained " "their Kerberos tickets with a X.509 certificate pre-authentication (PKINIT), " @@ -3125,19 +3125,19 @@ msgstr "" "type=\"programlisting\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2065 +#: sssd.conf.5.xml:2066 msgid "Default: not set (use of authentication indicators is not required)" msgstr "" "По умолчанию: не задано (использование индикаторов проверки подлинности не " "требуется)" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:2073 +#: sssd.conf.5.xml:2074 msgid "SUDO configuration options" msgstr "Параметры настройки SUDO" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2075 +#: sssd.conf.5.xml:2076 msgid "" "These options can be used to configure the sudo service. The detailed " "instructions for configuration of <citerefentry> <refentrytitle>sudo</" @@ -3154,12 +3154,12 @@ msgstr "" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2092 +#: sssd.conf.5.xml:2093 msgid "sudo_timed (bool)" msgstr "sudo_timed (логическое значение)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2095 +#: sssd.conf.5.xml:2096 msgid "" "Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes " "that implement time-dependent sudoers entries." @@ -3168,12 +3168,12 @@ msgstr "" "предназначенные для определения временных ограничений для записей sudoers." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2107 +#: sssd.conf.5.xml:2108 msgid "sudo_threshold (integer)" msgstr "sudo_threshold (целое число)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2110 +#: sssd.conf.5.xml:2111 msgid "" "Maximum number of expired rules that can be refreshed at once. If number of " "expired rules is below threshold, those rules are refreshed with " @@ -3189,22 +3189,22 @@ msgstr "" "к поискам команд и групп команд sudo IPA." #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:2129 +#: sssd.conf.5.xml:2130 msgid "AUTOFS configuration options" msgstr "Параметры настройки AUTOFS" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2131 +#: sssd.conf.5.xml:2132 msgid "These options can be used to configure the autofs service." msgstr "Эти параметры можно использовать для настройки службы autofs." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2135 +#: sssd.conf.5.xml:2136 msgid "autofs_negative_timeout (integer)" msgstr "autofs_negative_timeout (целое число)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2138 +#: sssd.conf.5.xml:2139 msgid "" "Specifies for how many seconds should the autofs responder negative cache " "hits (that is, queries for invalid map entries, like nonexistent ones) " @@ -3215,22 +3215,22 @@ msgstr "" "например, несуществующих) перед повторным запросом к внутреннему серверу." #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:2154 +#: sssd.conf.5.xml:2155 msgid "SSH configuration options" msgstr "Параметры настройки SSH" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2156 +#: sssd.conf.5.xml:2157 msgid "These options can be used to configure the SSH service." msgstr "Эти параметры можно использовать для настройки службы SSH." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2160 +#: sssd.conf.5.xml:2161 msgid "ssh_hash_known_hosts (bool)" msgstr "ssh_hash_known_hosts (логическое значение)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2163 +#: sssd.conf.5.xml:2164 msgid "" "Whether or not to hash host names and addresses in the managed known_hosts " "file." @@ -3238,12 +3238,12 @@ msgstr "" "Следует ли хэшировать имена и адреса узлов в управляемом файле known_hosts." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2172 +#: sssd.conf.5.xml:2173 msgid "ssh_known_hosts_timeout (integer)" msgstr "ssh_known_hosts_timeout (целое число)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2175 +#: sssd.conf.5.xml:2176 msgid "" "How many seconds to keep a host in the managed known_hosts file after its " "host keys were requested." @@ -3252,17 +3252,17 @@ msgstr "" "управляемом файле known_hosts после запроса ключей этого узла." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2179 +#: sssd.conf.5.xml:2180 msgid "Default: 180" msgstr "По умолчанию: 180" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2184 +#: sssd.conf.5.xml:2185 msgid "ssh_use_certificate_keys (bool)" msgstr "ssh_use_certificate_keys (логическое значение)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2187 +#: sssd.conf.5.xml:2188 msgid "" "If set to true the <command>sss_ssh_authorizedkeys</command> will return ssh " "keys derived from the public key of X.509 certificates stored in the user " @@ -3276,12 +3276,12 @@ msgstr "" "<manvolnum>1</manvolnum> </citerefentry>." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2202 +#: sssd.conf.5.xml:2203 msgid "ssh_use_certificate_matching_rules (string)" msgstr "ssh_use_certificate_matching_rules (строка)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2205 +#: sssd.conf.5.xml:2206 msgid "" "By default the ssh responder will use all available certificate matching " "rules to filter the certificates so that ssh keys are only derived from the " @@ -3297,7 +3297,7 @@ msgstr "" "другие правила будут игнорироваться." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2214 +#: sssd.conf.5.xml:2215 msgid "" "There are two special key words 'all_rules' and 'no_rules' which will enable " "all or no rules, respectively. The latter means that no certificates will be " @@ -3309,7 +3309,7 @@ msgstr "" "ключи SSH будут создаваться на основе всех действительных сертификатов." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2221 +#: sssd.conf.5.xml:2222 msgid "" "If no rules are configured using 'all_rules' will enable a default rule " "which enables all certificates suitable for client authentication. This is " @@ -3323,7 +3323,7 @@ msgstr "" "подлинности сертификатов." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2228 +#: sssd.conf.5.xml:2229 msgid "" "A non-existing rule name is considered an error. If as a result no rule is " "selected all certificates will be ignored." @@ -3332,7 +3332,7 @@ msgstr "" "выбрано ни одного правила, все сертификаты будут проигнорированы." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2233 +#: sssd.conf.5.xml:2234 msgid "" "Default: not set, equivalent to 'all_rules', all found rules or the default " "rule are used" @@ -3341,12 +3341,12 @@ msgstr "" "правила или правило по умолчанию" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2239 +#: sssd.conf.5.xml:2240 msgid "ca_db (string)" msgstr "ca_db (строка)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2242 +#: sssd.conf.5.xml:2243 msgid "" "Path to a storage of trusted CA certificates. The option is used to validate " "user certificates before deriving public ssh keys from them." @@ -3356,12 +3356,12 @@ msgstr "" "SSH." #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:2262 +#: sssd.conf.5.xml:2263 msgid "PAC responder configuration options" msgstr "Параметры настройки ответчика PAC" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2264 +#: sssd.conf.5.xml:2265 msgid "" "The PAC responder works together with the authorization data plugin for MIT " "Kerberos sssd_pac_plugin.so and a sub-domain provider. The plugin sends the " @@ -3379,7 +3379,7 @@ msgstr "" "обрабатывается, выполняются некоторые из следующих операций:" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2273 +#: sssd.conf.5.xml:2274 msgid "" "If the remote user does not exist in the cache, it is created. The UID is " "determined with the help of the SID, trusted domains will have UPGs and the " @@ -3396,7 +3396,7 @@ msgstr "" "можно переопределить с помощью параметра default_shell." #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2281 +#: sssd.conf.5.xml:2282 msgid "" "If there are SIDs of groups from domains sssd knows about, the user will be " "added to those groups." @@ -3405,17 +3405,17 @@ msgstr "" "добавлен в эти группы." #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2287 +#: sssd.conf.5.xml:2288 msgid "These options can be used to configure the PAC responder." msgstr "Эти параметры можно использовать для настройки ответчика PAC." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2291 sssd-ifp.5.xml:66 +#: sssd.conf.5.xml:2292 sssd-ifp.5.xml:66 msgid "allowed_uids (string)" msgstr "allowed_uids (строка)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2294 +#: sssd.conf.5.xml:2295 msgid "" "Specifies the comma-separated list of UID values or user names that are " "allowed to access the PAC responder. User names are resolved to UIDs at " @@ -3426,13 +3426,13 @@ msgstr "" "запуске." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2300 +#: sssd.conf.5.xml:2301 msgid "Default: 0 (only the root user is allowed to access the PAC responder)" msgstr "" "По умолчанию: 0 (доступ к ответчику PAC разрешён только пользователю root)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2304 +#: sssd.conf.5.xml:2305 msgid "" "Please note that although the UID 0 is used as the default it will be " "overwritten with this option. If you still want to allow the root user to " @@ -3446,12 +3446,12 @@ msgstr "" "доступ." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2313 +#: sssd.conf.5.xml:2314 msgid "pac_lifetime (integer)" msgstr "pac_lifetime (целое число)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2316 +#: sssd.conf.5.xml:2317 msgid "" "Lifetime of the PAC entry in seconds. As long as the PAC is valid the PAC " "data can be used to determine the group memberships of a user." @@ -3460,12 +3460,12 @@ msgstr "" "PAC можно использовать для определения участия пользователя в группах." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2326 +#: sssd.conf.5.xml:2327 msgid "pac_check (string)" msgstr "pac_check (строка)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2329 +#: sssd.conf.5.xml:2330 msgid "" "Apply additional checks on the PAC of the Kerberos ticket which is available " "in Active Directory and FreeIPA domains, if configured. Please note that " @@ -3483,12 +3483,12 @@ msgstr "" "пропущена." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2343 +#: sssd.conf.5.xml:2344 msgid "no_check" msgstr "no_check" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2345 +#: sssd.conf.5.xml:2346 msgid "" "The PAC must not be present and even if it is present no additional checks " "will be done." @@ -3497,12 +3497,12 @@ msgstr "" "проверки выполняться не будут." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2351 +#: sssd.conf.5.xml:2352 msgid "pac_present" msgstr "pac_present" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2353 +#: sssd.conf.5.xml:2354 msgid "" "The PAC must be present in the service ticket which SSSD will request with " "the help of the user's TGT. If the PAC is not available the authentication " @@ -3513,12 +3513,12 @@ msgstr "" "ошибкой." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2361 +#: sssd.conf.5.xml:2362 msgid "check_upn" msgstr "check_upn" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2363 +#: sssd.conf.5.xml:2364 msgid "" "If the PAC is present check if the user principal name (UPN) information is " "consistent." @@ -3527,12 +3527,12 @@ msgstr "" "пользователя (UPN) верна." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2369 +#: sssd.conf.5.xml:2370 msgid "check_upn_allow_missing" msgstr "check_upn_allow_missing" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2371 +#: sssd.conf.5.xml:2372 msgid "" "This option should be used together with 'check_upn' and handles the case " "where a UPN is set on the server-side but is not read by SSSD. The typical " @@ -3552,7 +3552,7 @@ msgstr "" "устанавливать 'ldap_user_principal'." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2383 +#: sssd.conf.5.xml:2384 msgid "" "Currently this option is set by default to avoid regressions in such " "environments. A log message will be added to the system log and SSSD's debug " @@ -3569,24 +3569,24 @@ msgstr "" "пропуску проверки и сообщение не появится в журнале." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2397 +#: sssd.conf.5.xml:2398 msgid "upn_dns_info_present" msgstr "upn_dns_info_present" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2399 +#: sssd.conf.5.xml:2400 msgid "The PAC must contain the UPN-DNS-INFO buffer, implies 'check_upn'." msgstr "" "PAC должен содержать буфер UPN-DNS-INFO, неявным образом устанавливает " "'check_upn'." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2404 +#: sssd.conf.5.xml:2405 msgid "check_upn_dns_info_ex" msgstr "check_upn_dns_info_ex" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2406 +#: sssd.conf.5.xml:2407 msgid "" "If the PAC is present and the extension to the UPN-DNS-INFO buffer is " "available check if the information in the extension is consistent." @@ -3595,12 +3595,12 @@ msgstr "" "согласованы ли данные в расширении." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2413 +#: sssd.conf.5.xml:2414 msgid "upn_dns_info_ex_present" msgstr "upn_dns_info_ex_present" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2415 +#: sssd.conf.5.xml:2416 msgid "" "The PAC must contain the extension of the UPN-DNS-INFO buffer, implies " "'check_upn_dns_info_ex', 'upn_dns_info_present' and 'check_upn'." @@ -3609,7 +3609,7 @@ msgstr "" "устанавливает 'check_upn_dns_info_ex', 'upn_dns_info_present' и 'check_upn'." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2339 +#: sssd.conf.5.xml:2340 msgid "" "The following options can be used alone or in a comma-separated list: " "<placeholder type=\"variablelist\" id=\"0\"/>" @@ -3618,7 +3618,7 @@ msgstr "" "запятыми списка: <placeholder type=\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2425 +#: sssd.conf.5.xml:2426 msgid "" "Default: no_check (AD and IPA provider 'check_upn, check_upn_allow_missing, " "check_upn_dns_info_ex')" @@ -3627,12 +3627,12 @@ msgstr "" "check_upn_allow_missing, check_upn_dns_info_ex')" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:2434 +#: sssd.conf.5.xml:2435 msgid "Session recording configuration options" msgstr "Параметры настройки записи сеансов" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2436 +#: sssd.conf.5.xml:2437 msgid "" "Session recording works in conjunction with <citerefentry> " "<refentrytitle>tlog-rec-session</refentrytitle> <manvolnum>8</manvolnum> </" @@ -3648,32 +3648,32 @@ msgstr "" "manvolnum> </citerefentry>." #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2449 +#: sssd.conf.5.xml:2450 msgid "These options can be used to configure session recording." msgstr "Эти параметры можно использовать для настройки записи сеансов." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2453 sssd-session-recording.5.xml:64 +#: sssd.conf.5.xml:2454 sssd-session-recording.5.xml:64 msgid "scope (string)" msgstr "scope (строка)" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2460 sssd-session-recording.5.xml:71 +#: sssd.conf.5.xml:2461 sssd-session-recording.5.xml:71 msgid "\"none\"" msgstr "«none»" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2463 sssd-session-recording.5.xml:74 +#: sssd.conf.5.xml:2464 sssd-session-recording.5.xml:74 msgid "No users are recorded." msgstr "Пользователи не записываются." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2468 sssd-session-recording.5.xml:79 +#: sssd.conf.5.xml:2469 sssd-session-recording.5.xml:79 msgid "\"some\"" msgstr "«some»" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2471 sssd-session-recording.5.xml:82 +#: sssd.conf.5.xml:2472 sssd-session-recording.5.xml:82 msgid "" "Users/groups specified by <replaceable>users</replaceable> and " "<replaceable>groups</replaceable> options are recorded." @@ -3682,17 +3682,17 @@ msgstr "" "<replaceable>users</replaceable> и <replaceable>groups</replaceable>." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2480 sssd-session-recording.5.xml:91 +#: sssd.conf.5.xml:2481 sssd-session-recording.5.xml:91 msgid "\"all\"" msgstr "«all»" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2483 sssd-session-recording.5.xml:94 +#: sssd.conf.5.xml:2484 sssd-session-recording.5.xml:94 msgid "All users are recorded." msgstr "Записываются все пользователи." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2456 sssd-session-recording.5.xml:67 +#: sssd.conf.5.xml:2457 sssd-session-recording.5.xml:67 msgid "" "One of the following strings specifying the scope of session recording: " "<placeholder type=\"variablelist\" id=\"0\"/>" @@ -3701,17 +3701,17 @@ msgstr "" "<placeholder type=\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2490 sssd-session-recording.5.xml:101 +#: sssd.conf.5.xml:2491 sssd-session-recording.5.xml:101 msgid "Default: \"none\"" msgstr "По умолчанию: «none»" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2495 sssd-session-recording.5.xml:106 +#: sssd.conf.5.xml:2496 sssd-session-recording.5.xml:106 msgid "users (string)" msgstr "users (строка)" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2498 sssd-session-recording.5.xml:109 +#: sssd.conf.5.xml:2499 sssd-session-recording.5.xml:109 msgid "" "A comma-separated list of users which should have session recording enabled. " "Matches user names as returned by NSS. I.e. after the possible space " @@ -3723,17 +3723,17 @@ msgstr "" "так далее." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2504 sssd-session-recording.5.xml:115 +#: sssd.conf.5.xml:2505 sssd-session-recording.5.xml:115 msgid "Default: Empty. Matches no users." msgstr "По умолчанию: пусто. Не соответствует ни одному пользователю." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2509 sssd-session-recording.5.xml:120 +#: sssd.conf.5.xml:2510 sssd-session-recording.5.xml:120 msgid "groups (string)" msgstr "groups (строка)" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2512 sssd-session-recording.5.xml:123 +#: sssd.conf.5.xml:2513 sssd-session-recording.5.xml:123 msgid "" "A comma-separated list of groups, members of which should have session " "recording enabled. Matches group names as returned by NSS. I.e. after the " @@ -3744,7 +3744,7 @@ msgstr "" "NSS, то есть после возможной замены пробелов, смены регистра и так далее." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2518 sssd.conf.5.xml:2550 sssd-session-recording.5.xml:129 +#: sssd.conf.5.xml:2519 sssd.conf.5.xml:2551 sssd-session-recording.5.xml:129 #: sssd-session-recording.5.xml:161 msgid "" "NOTE: using this option (having it set to anything) has a considerable " @@ -3757,17 +3757,17 @@ msgstr "" "установление соответствия групп, участником которых он является." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2525 sssd-session-recording.5.xml:136 +#: sssd.conf.5.xml:2526 sssd-session-recording.5.xml:136 msgid "Default: Empty. Matches no groups." msgstr "По умолчанию: пусто. Не соответствует ни одной группе." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2530 sssd-session-recording.5.xml:141 +#: sssd.conf.5.xml:2531 sssd-session-recording.5.xml:141 msgid "exclude_users (string)" msgstr "exclude_users (строка)" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2533 sssd-session-recording.5.xml:144 +#: sssd.conf.5.xml:2534 sssd-session-recording.5.xml:144 msgid "" "A comma-separated list of users to be excluded from recording, only " "applicable with 'scope=all'." @@ -3776,17 +3776,17 @@ msgstr "" "применимо только при «scope=all»." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2537 sssd-session-recording.5.xml:148 +#: sssd.conf.5.xml:2538 sssd-session-recording.5.xml:148 msgid "Default: Empty. No users excluded." msgstr "По умолчанию: пусто. Не исключается ни один пользователь." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2542 sssd-session-recording.5.xml:153 +#: sssd.conf.5.xml:2543 sssd-session-recording.5.xml:153 msgid "exclude_groups (string)" msgstr "exclude_groups (строка)" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2545 sssd-session-recording.5.xml:156 +#: sssd.conf.5.xml:2546 sssd-session-recording.5.xml:156 msgid "" "A comma-separated list of groups, members of which should be excluded from " "recording. Only applicable with 'scope=all'." @@ -3795,22 +3795,22 @@ msgstr "" "применимо только при «scope=all»." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2557 sssd-session-recording.5.xml:168 +#: sssd.conf.5.xml:2558 sssd-session-recording.5.xml:168 msgid "Default: Empty. No groups excluded." msgstr "По умолчанию: пусто. Не исключается ни одна группа." #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:2567 +#: sssd.conf.5.xml:2568 msgid "DOMAIN SECTIONS" msgstr "РАЗДЕЛЫ ДОМЕНА" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2574 +#: sssd.conf.5.xml:2575 msgid "enabled" msgstr "enabled" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2577 +#: sssd.conf.5.xml:2578 msgid "" "Explicitly enable or disable the domain. If <quote>true</quote>, the domain " "is always <quote>enabled</quote>. If <quote>false</quote>, the domain is " @@ -3825,12 +3825,12 @@ msgstr "" "параметра domains в разделе <quote>[sssd]</quote>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2589 +#: sssd.conf.5.xml:2590 msgid "domain_type (string)" msgstr "domain_type (строка)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2592 +#: sssd.conf.5.xml:2593 msgid "" "Specifies whether the domain is meant to be used by POSIX-aware clients such " "as the Name Service Switch or by applications that do not need POSIX data to " @@ -3843,7 +3843,7 @@ msgstr "" "операционной системы доступны только объекты из доменов POSIX." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2600 +#: sssd.conf.5.xml:2601 msgid "" "Allowed values for this option are <quote>posix</quote> and " "<quote>application</quote>." @@ -3852,7 +3852,7 @@ msgstr "" "<quote>application</quote>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2604 +#: sssd.conf.5.xml:2605 msgid "" "POSIX domains are reachable by all services. Application domains are only " "reachable from the InfoPipe responder (see <citerefentry> " @@ -3864,7 +3864,7 @@ msgstr "" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry>) и ответчика PAM." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2612 +#: sssd.conf.5.xml:2613 msgid "" "NOTE: The application domains are currently well tested with " "<quote>id_provider=ldap</quote> only." @@ -3873,7 +3873,7 @@ msgstr "" "с <quote>id_provider=ldap</quote>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2616 +#: sssd.conf.5.xml:2617 msgid "" "For an easy way to configure a non-POSIX domains, please see the " "<quote>Application domains</quote> section." @@ -3882,17 +3882,17 @@ msgstr "" "<quote>Домены приложений</quote>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2620 +#: sssd.conf.5.xml:2621 msgid "Default: posix" msgstr "По умолчанию: posix" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2626 +#: sssd.conf.5.xml:2627 msgid "min_id,max_id (integer)" msgstr "min_id,max_id (целое число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2629 +#: sssd.conf.5.xml:2630 msgid "" "UID and GID limits for the domain. If a domain contains an entry that is " "outside these limits, it is ignored." @@ -3901,7 +3901,7 @@ msgstr "" "находящуюся вне указанного диапазона, она будет проигнорирована." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2634 +#: sssd.conf.5.xml:2635 msgid "" "For users, this affects the primary GID limit. The user will not be returned " "to NSS if either the UID or the primary GID is outside the range. For non-" @@ -3915,7 +3915,7 @@ msgstr "" "группы, будут выведены в обычном режиме." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2641 +#: sssd.conf.5.xml:2642 msgid "" "These ID limits affect even saving entries to cache, not only returning them " "by name or ID." @@ -3924,17 +3924,17 @@ msgstr "" "кэш, а не только на их возврат по имени или идентификатору." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2645 +#: sssd.conf.5.xml:2646 msgid "Default: 1 for min_id, 0 (no limit) for max_id" msgstr "По умолчанию: 1 для min_id, 0 (без ограничений) для max_id" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2651 +#: sssd.conf.5.xml:2652 msgid "enumerate (bool)" msgstr "enumerate (логическое значение)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2654 +#: sssd.conf.5.xml:2655 msgid "" "Determines if a domain can be enumerated, that is, whether the domain can " "list all the users and group it contains. Note that it is not required to " @@ -3947,22 +3947,22 @@ msgstr "" "вторичных групп. Этот параметр может иметь одно из следующих значений:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2662 +#: sssd.conf.5.xml:2663 msgid "TRUE = Users and groups are enumerated" msgstr "TRUE = пользователи и группы перечисляются" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2665 +#: sssd.conf.5.xml:2666 msgid "FALSE = No enumerations for this domain" msgstr "FALSE = для этого домена не выполняется перечисление" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2668 sssd.conf.5.xml:2942 sssd.conf.5.xml:3119 +#: sssd.conf.5.xml:2669 sssd.conf.5.xml:2943 sssd.conf.5.xml:3120 msgid "Default: FALSE" msgstr "По умолчанию: FALSE" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2671 +#: sssd.conf.5.xml:2672 msgid "" "Enumerating a domain requires SSSD to download and store ALL user and group " "entries from the remote server." @@ -3971,7 +3971,7 @@ msgstr "" "сохранить ВСЕ записи пользователей и групп с удалённого сервера." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2676 +#: sssd.conf.5.xml:2677 msgid "" "Note: Enabling enumeration has a moderate performance impact on SSSD while " "enumeration is running. It may take up to several minutes after SSSD startup " @@ -3995,7 +3995,7 @@ msgstr "" "перезапущен внутренним сторожевым таймером." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2691 +#: sssd.conf.5.xml:2692 msgid "" "While the first enumeration is running, requests for the complete user or " "group lists may return no results until it completes." @@ -4004,7 +4004,7 @@ msgstr "" "или групп могут не вернуть результатов до момента завершения перечисления." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2696 +#: sssd.conf.5.xml:2697 msgid "" "Further, enabling enumeration may increase the time necessary to detect " "network disconnection, as longer timeouts are required to ensure that " @@ -4018,7 +4018,7 @@ msgstr "" "идентификаторов (id_provider)." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2704 +#: sssd.conf.5.xml:2705 msgid "" "For the reasons cited above, enabling enumeration is not recommended, " "especially in large environments." @@ -4027,32 +4027,32 @@ msgstr "" "средах большого размера." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2712 +#: sssd.conf.5.xml:2713 msgid "subdomain_enumerate (string)" msgstr "subdomain_enumerate (строка)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2719 +#: sssd.conf.5.xml:2720 msgid "all" msgstr "all" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2720 +#: sssd.conf.5.xml:2721 msgid "All discovered trusted domains will be enumerated" msgstr "Выполнить перечисление для всех обнаруженных доверенных доменов" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2723 +#: sssd.conf.5.xml:2724 msgid "none" msgstr "none" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2724 +#: sssd.conf.5.xml:2725 msgid "No discovered trusted domains will be enumerated" msgstr "Не выполнять перечисление для обнаруженных доверенных доменов" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2715 +#: sssd.conf.5.xml:2716 msgid "" "Whether any of autodetected trusted domains should be enumerated. The " "supported values are: <placeholder type=\"variablelist\" id=\"0\"/> " @@ -4066,12 +4066,12 @@ msgstr "" "только для них." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2738 +#: sssd.conf.5.xml:2739 msgid "entry_cache_timeout (integer)" msgstr "entry_cache_timeout (целое число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2741 +#: sssd.conf.5.xml:2742 msgid "" "How many seconds should nss_sss consider entries valid before asking the " "backend again" @@ -4080,7 +4080,7 @@ msgstr "" "действительными, прежде чем снова обратиться к внутреннему серверу" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2745 +#: sssd.conf.5.xml:2746 msgid "" "The cache expiration timestamps are stored as attributes of individual " "objects in the cache. Therefore, changing the cache timeout only has effect " @@ -4097,17 +4097,17 @@ msgstr "" "уже были кэшированы." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2758 +#: sssd.conf.5.xml:2759 msgid "Default: 5400" msgstr "По умолчанию: 5400" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2764 +#: sssd.conf.5.xml:2765 msgid "entry_cache_user_timeout (integer)" msgstr "entry_cache_user_timeout (целое число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2767 +#: sssd.conf.5.xml:2768 msgid "" "How many seconds should nss_sss consider user entries valid before asking " "the backend again" @@ -4117,19 +4117,19 @@ msgstr "" "серверу" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2771 sssd.conf.5.xml:2784 sssd.conf.5.xml:2797 -#: sssd.conf.5.xml:2810 sssd.conf.5.xml:2824 sssd.conf.5.xml:2837 -#: sssd.conf.5.xml:2851 sssd.conf.5.xml:2865 sssd.conf.5.xml:2878 +#: sssd.conf.5.xml:2772 sssd.conf.5.xml:2785 sssd.conf.5.xml:2798 +#: sssd.conf.5.xml:2811 sssd.conf.5.xml:2825 sssd.conf.5.xml:2838 +#: sssd.conf.5.xml:2852 sssd.conf.5.xml:2866 sssd.conf.5.xml:2879 msgid "Default: entry_cache_timeout" msgstr "По умолчанию: entry_cache_timeout" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2777 +#: sssd.conf.5.xml:2778 msgid "entry_cache_group_timeout (integer)" msgstr "entry_cache_group_timeout (целое число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2780 +#: sssd.conf.5.xml:2781 msgid "" "How many seconds should nss_sss consider group entries valid before asking " "the backend again" @@ -4138,12 +4138,12 @@ msgstr "" "действительными, прежде чем снова обратиться к внутреннему серверу" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2790 +#: sssd.conf.5.xml:2791 msgid "entry_cache_netgroup_timeout (integer)" msgstr "entry_cache_netgroup_timeout (целое число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2793 +#: sssd.conf.5.xml:2794 msgid "" "How many seconds should nss_sss consider netgroup entries valid before " "asking the backend again" @@ -4152,12 +4152,12 @@ msgstr "" "групп действительными, прежде чем снова обратиться к внутреннему серверу" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2803 +#: sssd.conf.5.xml:2804 msgid "entry_cache_service_timeout (integer)" msgstr "entry_cache_service_timeout (целое число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2806 +#: sssd.conf.5.xml:2807 msgid "" "How many seconds should nss_sss consider service entries valid before asking " "the backend again" @@ -4166,12 +4166,12 @@ msgstr "" "действительными, прежде чем снова обратиться к внутреннему серверу" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2816 +#: sssd.conf.5.xml:2817 msgid "entry_cache_resolver_timeout (integer)" msgstr "entry_cache_resolver_timeout (целое число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2819 +#: sssd.conf.5.xml:2820 msgid "" "How many seconds should nss_sss consider hosts and networks entries valid " "before asking the backend again" @@ -4180,12 +4180,12 @@ msgstr "" "сетей действительными, прежде чем снова обратиться к внутреннему серверу" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2830 +#: sssd.conf.5.xml:2831 msgid "entry_cache_sudo_timeout (integer)" msgstr "entry_cache_sudo_timeout (целое число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2833 +#: sssd.conf.5.xml:2834 msgid "" "How many seconds should sudo consider rules valid before asking the backend " "again" @@ -4194,12 +4194,12 @@ msgstr "" "действительными, прежде чем снова обратиться к внутреннему серверу" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2843 +#: sssd.conf.5.xml:2844 msgid "entry_cache_autofs_timeout (integer)" msgstr "entry_cache_autofs_timeout (целое число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2846 +#: sssd.conf.5.xml:2847 msgid "" "How many seconds should the autofs service consider automounter maps valid " "before asking the backend again" @@ -4209,12 +4209,12 @@ msgstr "" "внутреннему серверу" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2857 +#: sssd.conf.5.xml:2858 msgid "entry_cache_ssh_host_timeout (integer)" msgstr "entry_cache_ssh_host_timeout (целое число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2860 +#: sssd.conf.5.xml:2861 msgid "" "How many seconds to keep a host ssh key after refresh. IE how long to cache " "the host key for." @@ -4224,12 +4224,12 @@ msgstr "" "узла в кэше." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2871 +#: sssd.conf.5.xml:2872 msgid "entry_cache_computer_timeout (integer)" msgstr "entry_cache_computer_timeout (целое число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2874 +#: sssd.conf.5.xml:2875 msgid "" "How many seconds to keep the local computer entry before asking the backend " "again" @@ -4238,12 +4238,12 @@ msgstr "" "компьютера, прежде чем снова обратиться к внутреннему серверу" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2884 +#: sssd.conf.5.xml:2885 msgid "refresh_expired_interval (integer)" msgstr "refresh_expired_interval (целое число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2887 +#: sssd.conf.5.xml:2888 msgid "" "Specifies how many seconds SSSD has to wait before triggering a background " "refresh task which will refresh all expired or nearly expired records." @@ -4252,7 +4252,7 @@ msgstr "" "обновления всех устаревших или почти устаревших записей." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2892 +#: sssd.conf.5.xml:2893 msgid "" "The background refresh will process users, groups and netgroups in the " "cache. For users who have performed the initgroups (get group membership for " @@ -4266,18 +4266,18 @@ msgstr "" "пользователя в группах, обычно выполняется при запуске)." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2900 +#: sssd.conf.5.xml:2901 msgid "This option is automatically inherited for all trusted domains." msgstr "Этот параметр автоматически наследуется для всех доверенных доменов." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2904 +#: sssd.conf.5.xml:2905 msgid "You can consider setting this value to 3/4 * entry_cache_timeout." msgstr "" "Рекомендуется установить это значение равным 3/4 * entry_cache_timeout." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2908 +#: sssd.conf.5.xml:2909 msgid "" "Cache entry will be refreshed by background task when 2/3 of cache timeout " "has already passed. If there are existing cached entries, the background " @@ -4298,18 +4298,18 @@ msgstr "" "существующего кэша." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2921 sssd-ldap.5.xml:360 sssd-ldap.5.xml:1736 +#: sssd.conf.5.xml:2922 sssd-ldap.5.xml:360 sssd-ldap.5.xml:1736 #: sssd-ipa.5.xml:270 msgid "Default: 0 (disabled)" msgstr "По умолчанию: 0 (отключено)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2927 +#: sssd.conf.5.xml:2928 msgid "cache_credentials (bool)" msgstr "cache_credentials (логическое значение)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2930 +#: sssd.conf.5.xml:2931 #, fuzzy #| msgid "" #| "Determines if user credentials are also cached in the local LDB cache" @@ -4319,7 +4319,7 @@ msgstr "" "локальном кэше LDB" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2934 +#: sssd.conf.5.xml:2935 msgid "" "Take a note that while credentials are stored as a salted SHA512 hash, this " "still potentially poses some security risk in case an attacker manages to " @@ -4328,12 +4328,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2948 +#: sssd.conf.5.xml:2949 msgid "cache_credentials_minimal_first_factor_length (int)" msgstr "cache_credentials_minimal_first_factor_length (целое число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2951 +#: sssd.conf.5.xml:2952 msgid "" "If 2-Factor-Authentication (2FA) is used and credentials should be saved " "this value determines the minimal length the first authentication factor " @@ -4345,7 +4345,7 @@ msgstr "" "сохранён в формате контрольной суммы SHA512 в кэше." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2958 +#: sssd.conf.5.xml:2959 msgid "" "This should avoid that the short PINs of a PIN based 2FA scheme are saved in " "the cache which would make them easy targets for brute-force attacks." @@ -4355,12 +4355,12 @@ msgstr "" "мишенью для атак методом подбора." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2969 +#: sssd.conf.5.xml:2970 msgid "account_cache_expiration (integer)" msgstr "account_cache_expiration (целое число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2972 +#: sssd.conf.5.xml:2973 msgid "" "Number of days entries are left in cache after last successful login before " "being removed during a cleanup of the cache. 0 means keep forever. The " @@ -4373,17 +4373,17 @@ msgstr "" "быть больше или равно значению offline_credentials_expiration." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2979 +#: sssd.conf.5.xml:2980 msgid "Default: 0 (unlimited)" msgstr "По умолчанию: 0 (без ограничений)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2984 +#: sssd.conf.5.xml:2985 msgid "pwd_expiration_warning (integer)" msgstr "pwd_expiration_warning (целое число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2995 +#: sssd.conf.5.xml:2996 msgid "" "Please note that the backend server has to provide information about the " "expiration time of the password. If this information is missing, sssd " @@ -4396,17 +4396,17 @@ msgstr "" "настроить поставщика данных проверки подлинности." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3002 +#: sssd.conf.5.xml:3003 msgid "Default: 7 (Kerberos), 0 (LDAP)" msgstr "По умолчанию: 7 (Kerberos), 0 (LDAP)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3008 +#: sssd.conf.5.xml:3009 msgid "id_provider (string)" msgstr "id_provider (строка)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3011 +#: sssd.conf.5.xml:3012 msgid "" "The identification provider used for the domain. Supported ID providers are:" msgstr "" @@ -4414,12 +4414,12 @@ msgstr "" "Поддерживаемые поставщики ID:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3015 +#: sssd.conf.5.xml:3016 msgid "<quote>proxy</quote>: Support a legacy NSS provider." msgstr "<quote>proxy</quote>: поддержка устаревшего поставщика NSS." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3018 +#: sssd.conf.5.xml:3019 msgid "" "<quote>files</quote>: FILES provider. See <citerefentry> <refentrytitle>sssd-" "files</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more " @@ -4431,7 +4431,7 @@ msgstr "" "citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3026 +#: sssd.conf.5.xml:3027 msgid "" "<quote>ldap</quote>: LDAP provider. See <citerefentry> <refentrytitle>sssd-" "ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more " @@ -4442,8 +4442,8 @@ msgstr "" "<manvolnum>5</manvolnum> </citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3034 sssd.conf.5.xml:3145 sssd.conf.5.xml:3196 -#: sssd.conf.5.xml:3259 +#: sssd.conf.5.xml:3035 sssd.conf.5.xml:3146 sssd.conf.5.xml:3197 +#: sssd.conf.5.xml:3260 msgid "" "<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management " "provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> " @@ -4456,8 +4456,8 @@ msgstr "" "citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3043 sssd.conf.5.xml:3154 sssd.conf.5.xml:3205 -#: sssd.conf.5.xml:3268 +#: sssd.conf.5.xml:3044 sssd.conf.5.xml:3155 sssd.conf.5.xml:3206 +#: sssd.conf.5.xml:3269 msgid "" "<quote>ad</quote>: Active Directory provider. See <citerefentry> " "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </" @@ -4468,12 +4468,12 @@ msgstr "" "ad</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3054 +#: sssd.conf.5.xml:3055 msgid "use_fully_qualified_names (bool)" msgstr "use_fully_qualified_names (логическое значение)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3057 +#: sssd.conf.5.xml:3058 msgid "" "Use the full name and domain (as formatted by the domain's full_name_format) " "as the user's login name reported to NSS." @@ -4482,7 +4482,7 @@ msgstr "" "домена) в качестве имени для входа пользователя, которое сообщается NSS." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3062 +#: sssd.conf.5.xml:3063 msgid "" "If set to TRUE, all requests to this domain must use fully qualified names. " "For example, if used in LOCAL domain that contains a \"test\" user, " @@ -4496,7 +4496,7 @@ msgstr "" "passwd test@LOCAL</command> получится это сделать." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3070 +#: sssd.conf.5.xml:3071 msgid "" "NOTE: This option has no effect on netgroup lookups due to their tendency to " "include nested netgroups without qualified names. For netgroups, all domains " @@ -4507,7 +4507,7 @@ msgstr "" "групп выполняется поиск во всех доменах, когда запрашивается неполное имя." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3077 +#: sssd.conf.5.xml:3078 msgid "" "Default: FALSE (TRUE for trusted domain/sub-domains or if " "default_domain_suffix is used)" @@ -4516,17 +4516,17 @@ msgstr "" "использования default_domain_suffix)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3084 +#: sssd.conf.5.xml:3085 msgid "ignore_group_members (bool)" msgstr "ignore_group_members (логическое значение)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3087 +#: sssd.conf.5.xml:3088 msgid "Do not return group members for group lookups." msgstr "Не возвращать участников групп для поиска групп." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3090 +#: sssd.conf.5.xml:3091 msgid "" "If set to TRUE, the group membership attribute is not requested from the " "ldap server, and group members are not returned when processing group lookup " @@ -4545,7 +4545,7 @@ msgstr "" "запрошенную группу так, как будто она пуста." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3108 +#: sssd.conf.5.xml:3109 msgid "" "Enabling this option can also make access provider checks for group " "membership significantly faster, especially for groups containing many " @@ -4556,7 +4556,7 @@ msgstr "" "количество участников)." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3114 sssd.conf.5.xml:3821 sssd-ldap.5.xml:326 +#: sssd.conf.5.xml:3115 sssd.conf.5.xml:3822 sssd-ldap.5.xml:326 #: sssd-ldap.5.xml:355 sssd-ldap.5.xml:408 sssd-ldap.5.xml:468 #: sssd-ldap.5.xml:489 sssd-ldap.5.xml:520 sssd-ldap.5.xml:543 #: sssd-ldap.5.xml:582 sssd-ldap.5.xml:601 sssd-ldap.5.xml:625 @@ -4569,12 +4569,12 @@ msgstr "" "унаследован с помощью <emphasis>subdomain_inherit</emphasis>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3124 +#: sssd.conf.5.xml:3125 msgid "auth_provider (string)" msgstr "auth_provider (строка)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3127 +#: sssd.conf.5.xml:3128 msgid "" "The authentication provider used for the domain. Supported auth providers " "are:" @@ -4583,7 +4583,7 @@ msgstr "" "Поддерживаемые поставщики данных для проверки подлинности:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3131 sssd.conf.5.xml:3189 +#: sssd.conf.5.xml:3132 sssd.conf.5.xml:3190 msgid "" "<quote>ldap</quote> for native LDAP authentication. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" @@ -4594,7 +4594,7 @@ msgstr "" "ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3138 +#: sssd.conf.5.xml:3139 msgid "" "<quote>krb5</quote> for Kerberos authentication. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" @@ -4606,7 +4606,7 @@ msgstr "" "citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3162 +#: sssd.conf.5.xml:3163 msgid "" "<quote>proxy</quote> for relaying authentication to some other PAM target." msgstr "" @@ -4614,12 +4614,12 @@ msgstr "" "PAM." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3165 +#: sssd.conf.5.xml:3166 msgid "<quote>none</quote> disables authentication explicitly." msgstr "<quote>none</quote> — явно отключить проверку подлинности." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3168 +#: sssd.conf.5.xml:3169 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can handle " "authentication requests." @@ -4628,12 +4628,12 @@ msgstr "" "задан и поддерживает обработку запросов проверки подлинности." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3174 +#: sssd.conf.5.xml:3175 msgid "access_provider (string)" msgstr "access_provider (строка)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3177 +#: sssd.conf.5.xml:3178 msgid "" "The access control provider used for the domain. There are two built-in " "access providers (in addition to any included in installed backends) " @@ -4644,7 +4644,7 @@ msgstr "" "включены в установленные внутренние серверы). Внутренние особые поставщики:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3183 +#: sssd.conf.5.xml:3184 msgid "" "<quote>permit</quote> always allow access. It's the only permitted access " "provider for a local domain." @@ -4653,12 +4653,12 @@ msgstr "" "разрешённого доступа для локального домена." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3186 +#: sssd.conf.5.xml:3187 msgid "<quote>deny</quote> always deny access." msgstr "<quote>deny</quote> — всегда отказывать в доступе." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3213 +#: sssd.conf.5.xml:3214 msgid "" "<quote>simple</quote> access control based on access or deny lists. See " "<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</" @@ -4671,7 +4671,7 @@ msgstr "" "<manvolnum>5</manvolnum></citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3220 +#: sssd.conf.5.xml:3221 msgid "" "<quote>krb5</quote>: .k5login based access control. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum></" @@ -4682,23 +4682,23 @@ msgstr "" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3227 +#: sssd.conf.5.xml:3228 msgid "<quote>proxy</quote> for relaying access control to another PAM module." msgstr "" "<quote>proxy</quote> — передать управление доступом другому модулю PAM." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3230 +#: sssd.conf.5.xml:3231 msgid "Default: <quote>permit</quote>" msgstr "По умолчанию: <quote>permit</quote>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3235 +#: sssd.conf.5.xml:3236 msgid "chpass_provider (string)" msgstr "chpass_provider (строка)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3238 +#: sssd.conf.5.xml:3239 msgid "" "The provider which should handle change password operations for the domain. " "Supported change password providers are:" @@ -4707,7 +4707,7 @@ msgstr "" "домена. Поддерживаемые поставщики данных смены пароля:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3243 +#: sssd.conf.5.xml:3244 msgid "" "<quote>ldap</quote> to change a password stored in a LDAP server. See " "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" @@ -4718,7 +4718,7 @@ msgstr "" "ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3251 +#: sssd.conf.5.xml:3252 msgid "" "<quote>krb5</quote> to change the Kerberos password. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" @@ -4729,19 +4729,19 @@ msgstr "" "<manvolnum>5</manvolnum> </citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3276 +#: sssd.conf.5.xml:3277 msgid "" "<quote>proxy</quote> for relaying password changes to some other PAM target." msgstr "" "<quote>proxy</quote> — передать смену пароля какой-либо другой цели PAM." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3280 +#: sssd.conf.5.xml:3281 msgid "<quote>none</quote> disallows password changes explicitly." msgstr "<quote>none</quote> — явно запретить смену пароля." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3283 +#: sssd.conf.5.xml:3284 msgid "" "Default: <quote>auth_provider</quote> is used if it is set and can handle " "change password requests." @@ -4750,19 +4750,19 @@ msgstr "" "задан и поддерживает обработку запросов смены пароля." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3290 +#: sssd.conf.5.xml:3291 msgid "sudo_provider (string)" msgstr "sudo_provider (строка)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3293 +#: sssd.conf.5.xml:3294 msgid "The SUDO provider used for the domain. Supported SUDO providers are:" msgstr "" "Поставщик данных SUDO, который используется для домена. Поддерживаемые " "поставщики данных SUDO:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3297 +#: sssd.conf.5.xml:3298 msgid "" "<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" @@ -4773,7 +4773,7 @@ msgstr "" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3305 +#: sssd.conf.5.xml:3306 msgid "" "<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default " "settings." @@ -4782,7 +4782,7 @@ msgstr "" "параметрами IPA." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3309 +#: sssd.conf.5.xml:3310 msgid "" "<quote>ad</quote> the same as <quote>ldap</quote> but with AD default " "settings." @@ -4791,20 +4791,20 @@ msgstr "" "параметрами AD." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3313 +#: sssd.conf.5.xml:3314 msgid "<quote>none</quote> disables SUDO explicitly." msgstr "<quote>none</quote> — явно отключить SUDO." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3316 sssd.conf.5.xml:3402 sssd.conf.5.xml:3472 -#: sssd.conf.5.xml:3497 sssd.conf.5.xml:3533 +#: sssd.conf.5.xml:3317 sssd.conf.5.xml:3403 sssd.conf.5.xml:3473 +#: sssd.conf.5.xml:3498 sssd.conf.5.xml:3534 msgid "Default: The value of <quote>id_provider</quote> is used if it is set." msgstr "" "По умолчанию: использовать значение <quote>id_provider</quote>, если этот " "параметр задан." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3320 +#: sssd.conf.5.xml:3321 msgid "" "The detailed instructions for configuration of sudo_provider are in the " "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " @@ -4822,7 +4822,7 @@ msgstr "" "citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3335 +#: sssd.conf.5.xml:3336 msgid "" "<emphasis>NOTE:</emphasis> Sudo rules are periodically downloaded in the " "background unless the sudo provider is explicitly disabled. Set " @@ -4836,12 +4836,12 @@ msgstr "" "планируется использовать sudo." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3345 +#: sssd.conf.5.xml:3346 msgid "selinux_provider (string)" msgstr "selinux_provider (строка)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3348 +#: sssd.conf.5.xml:3349 msgid "" "The provider which should handle loading of selinux settings. Note that this " "provider will be called right after access provider ends. Supported selinux " @@ -4852,7 +4852,7 @@ msgstr "" "работы поставщика доступа. Поддерживаемые поставщики данных SELinux:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3354 +#: sssd.conf.5.xml:3355 msgid "" "<quote>ipa</quote> to load selinux settings from an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" @@ -4863,12 +4863,12 @@ msgstr "" "ipa</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3362 +#: sssd.conf.5.xml:3363 msgid "<quote>none</quote> disallows fetching selinux settings explicitly." msgstr "<quote>none</quote> — явно отключает получение параметров SELinux." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3365 +#: sssd.conf.5.xml:3366 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can handle " "selinux loading requests." @@ -4877,12 +4877,12 @@ msgstr "" "задан и поддерживает обработку запросов загрузки параметров SELinux." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3371 +#: sssd.conf.5.xml:3372 msgid "subdomains_provider (string)" msgstr "subdomains_provider (строка)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3374 +#: sssd.conf.5.xml:3375 msgid "" "The provider which should handle fetching of subdomains. This value should " "be always the same as id_provider. Supported subdomain providers are:" @@ -4892,7 +4892,7 @@ msgstr "" "Поддерживаемые поставщики данных поддоменов:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3380 +#: sssd.conf.5.xml:3381 msgid "" "<quote>ipa</quote> to load a list of subdomains from an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" @@ -4903,7 +4903,7 @@ msgstr "" "ipa</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3389 +#: sssd.conf.5.xml:3390 msgid "" "<quote>ad</quote> to load a list of subdomains from an Active Directory " "server. See <citerefentry> <refentrytitle>sssd-ad</refentrytitle> " @@ -4916,17 +4916,17 @@ msgstr "" "citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3398 +#: sssd.conf.5.xml:3399 msgid "<quote>none</quote> disallows fetching subdomains explicitly." msgstr "<quote>none</quote> — явно отключает получение данных поддоменов." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3408 +#: sssd.conf.5.xml:3409 msgid "session_provider (string)" msgstr "session_provider (строка)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3411 +#: sssd.conf.5.xml:3412 msgid "" "The provider which configures and manages user session related tasks. The " "only user session task currently provided is the integration with Fleet " @@ -4938,14 +4938,14 @@ msgstr "" "Commander (работает только c IPA). Поддерживаемые поставщики данных сеансов:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3418 +#: sssd.conf.5.xml:3419 msgid "<quote>ipa</quote> to allow performing user session related tasks." msgstr "" "<quote>ipa</quote> — разрешить выполнение заданий, связанных с сеансами " "пользователей." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3422 +#: sssd.conf.5.xml:3423 msgid "" "<quote>none</quote> does not perform any kind of user session related tasks." msgstr "" @@ -4953,7 +4953,7 @@ msgstr "" "пользователей." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3426 +#: sssd.conf.5.xml:3427 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can perform " "session related tasks." @@ -4962,7 +4962,7 @@ msgstr "" "задан и поддерживает выполнение заданий, связанных с сеансами." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3430 +#: sssd.conf.5.xml:3431 msgid "" "<emphasis>NOTE:</emphasis> In order to have this feature working as expected " "SSSD must be running as \"root\" and not as the unprivileged user." @@ -4972,12 +4972,12 @@ msgstr "" "пользователя без привилегий." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3438 +#: sssd.conf.5.xml:3439 msgid "autofs_provider (string)" msgstr "autofs_provider (строка)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3441 +#: sssd.conf.5.xml:3442 msgid "" "The autofs provider used for the domain. Supported autofs providers are:" msgstr "" @@ -4985,7 +4985,7 @@ msgstr "" "поставщики данных autofs:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3445 +#: sssd.conf.5.xml:3446 msgid "" "<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" @@ -4996,7 +4996,7 @@ msgstr "" "ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3452 +#: sssd.conf.5.xml:3453 msgid "" "<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> " "<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </" @@ -5007,7 +5007,7 @@ msgstr "" "ipa</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3460 +#: sssd.conf.5.xml:3461 msgid "" "<quote>ad</quote> to load maps stored in an AD server. See <citerefentry> " "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </" @@ -5019,17 +5019,17 @@ msgstr "" "citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3469 +#: sssd.conf.5.xml:3470 msgid "<quote>none</quote> disables autofs explicitly." msgstr "<quote>none</quote> — явно отключить autofs." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3479 +#: sssd.conf.5.xml:3480 msgid "hostid_provider (string)" msgstr "hostid_provider (строка)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3482 +#: sssd.conf.5.xml:3483 msgid "" "The provider used for retrieving host identity information. Supported " "hostid providers are:" @@ -5038,7 +5038,7 @@ msgstr "" "узла. Поддерживаемые поставщики hostid:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3486 +#: sssd.conf.5.xml:3487 msgid "" "<quote>ipa</quote> to load host identity stored in an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" @@ -5050,17 +5050,17 @@ msgstr "" "citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3494 +#: sssd.conf.5.xml:3495 msgid "<quote>none</quote> disables hostid explicitly." msgstr "<quote>none</quote> — явно отключить hostid." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3504 +#: sssd.conf.5.xml:3505 msgid "resolver_provider (string)" msgstr "resolver_provider (строка)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3507 +#: sssd.conf.5.xml:3508 msgid "" "The provider which should handle hosts and networks lookups. Supported " "resolver providers are:" @@ -5069,7 +5069,7 @@ msgstr "" "Поддерживаемые поставщики данных сопоставления:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3511 +#: sssd.conf.5.xml:3512 msgid "" "<quote>proxy</quote> to forward lookups to another NSS library. See " "<quote>proxy_resolver_lib_name</quote>" @@ -5078,7 +5078,7 @@ msgstr "" "NSS. См. <quote>proxy_resolver_lib_name</quote>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3515 +#: sssd.conf.5.xml:3516 msgid "" "<quote>ldap</quote> to fetch hosts and networks stored in LDAP. See " "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" @@ -5090,7 +5090,7 @@ msgstr "" "citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3522 +#: sssd.conf.5.xml:3523 msgid "" "<quote>ad</quote> to fetch hosts and networks stored in AD. See " "<citerefentry> <refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</" @@ -5103,12 +5103,12 @@ msgstr "" "manvolnum> </citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3530 +#: sssd.conf.5.xml:3531 msgid "<quote>none</quote> disallows fetching hosts and networks explicitly." msgstr "<quote>none</quote> — явно отключает получение записей узлов и сетей." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3543 +#: sssd.conf.5.xml:3544 msgid "" "Regular expression for this domain that describes how to parse the string " "containing user name and domain into these components. The \"domain\" can " @@ -5123,7 +5123,7 @@ msgstr "" "домена." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3552 +#: sssd.conf.5.xml:3553 #, fuzzy #| msgid "" #| "Default for the AD and IPA provider: <quote>(((?P<domain>[^\\\\]+)\\" @@ -5140,17 +5140,17 @@ msgstr "" "назначать три разных стиля записи имён пользователей:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:3557 sssd.conf.5.xml:3571 +#: sssd.conf.5.xml:3558 sssd.conf.5.xml:3572 msgid "username" msgstr "username" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:3560 sssd.conf.5.xml:3574 +#: sssd.conf.5.xml:3561 sssd.conf.5.xml:3575 msgid "username@domain.name" msgstr "username@domain.name" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3565 +#: sssd.conf.5.xml:3566 #, fuzzy #| msgid "" #| "Default for the AD and IPA provider: <quote>(((?P<domain>[^\\\\]+)\\" @@ -5169,12 +5169,12 @@ msgstr "" "назначать три разных стиля записи имён пользователей:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:3577 +#: sssd.conf.5.xml:3578 msgid "domain\\username" msgstr "domain\\username" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3580 +#: sssd.conf.5.xml:3581 msgid "" "While the first two correspond to the general default the third one is " "introduced to allow easy integration of users from Windows domains." @@ -5183,7 +5183,7 @@ msgstr "" "обеспечения простой интеграции пользователей из доменов Windows." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3585 +#: sssd.conf.5.xml:3586 msgid "" "The default re_expression uses the <quote>@</quote> character as a separator " "between the name and the domain. As a result of this setting the default " @@ -5193,17 +5193,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3637 +#: sssd.conf.5.xml:3638 msgid "Default: <quote>%1$s@%2$s</quote>." msgstr "По умолчанию: <quote>%1$s@%2$s</quote>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3643 +#: sssd.conf.5.xml:3644 msgid "lookup_family_order (string)" msgstr "lookup_family_order (строка)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3646 +#: sssd.conf.5.xml:3647 msgid "" "Provides the ability to select preferred address family to use when " "performing DNS lookups." @@ -5212,46 +5212,46 @@ msgstr "" "следует использовать при выполнении запросов DNS." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3650 +#: sssd.conf.5.xml:3651 msgid "Supported values:" msgstr "Поддерживаемые значения:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3653 +#: sssd.conf.5.xml:3654 msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6" msgstr "" "ipv4_first: попытаться найти адрес IPv4, в случае неудачи попытаться найти " "адрес IPv6" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3656 +#: sssd.conf.5.xml:3657 msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses." msgstr "ipv4_only: пытаться разрешать имена узлов только в адреса IPv4." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3659 +#: sssd.conf.5.xml:3660 msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4" msgstr "" "ipv6_first: попытаться найти адрес IPv6, в случае неудачи попытаться найти " "адрес IPv4" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3662 +#: sssd.conf.5.xml:3663 msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses." msgstr "ipv6_only: пытаться разрешать имена узлов только в адреса IPv6." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3665 +#: sssd.conf.5.xml:3666 msgid "Default: ipv4_first" msgstr "По умолчанию: ipv4_first" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3671 +#: sssd.conf.5.xml:3672 msgid "dns_resolver_server_timeout (integer)" msgstr "dns_resolver_server_timeout (целое число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3674 +#: sssd.conf.5.xml:3675 msgid "" "Defines the amount of time (in milliseconds) SSSD would try to talk to DNS " "server before trying next DNS server." @@ -5261,7 +5261,7 @@ msgstr "" "следующему." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3679 +#: sssd.conf.5.xml:3680 msgid "" "The AD provider will use this option for the CLDAP ping timeouts as well." msgstr "" @@ -5269,7 +5269,7 @@ msgstr "" "времени проверки связи CLDAP." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3683 sssd.conf.5.xml:3703 sssd.conf.5.xml:3724 +#: sssd.conf.5.xml:3684 sssd.conf.5.xml:3704 sssd.conf.5.xml:3725 msgid "" "Please see the section <quote>FAILOVER</quote> for more information about " "the service resolution." @@ -5278,17 +5278,17 @@ msgstr "" "<quote>ОБРАБОТКА ОТКАЗА</quote>." #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3688 sssd-ldap.5.xml:644 include/failover.xml:84 +#: sssd.conf.5.xml:3689 sssd-ldap.5.xml:644 include/failover.xml:84 msgid "Default: 1000" msgstr "По умолчанию: 1000" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3694 +#: sssd.conf.5.xml:3695 msgid "dns_resolver_op_timeout (integer)" msgstr "dns_resolver_op_timeout (целое число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3697 +#: sssd.conf.5.xml:3698 msgid "" "Defines the amount of time (in seconds) to wait to resolve single DNS query " "(e.g. resolution of a hostname or an SRV record) before trying the next " @@ -5300,12 +5300,12 @@ msgstr "" "следующего DNS." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3714 +#: sssd.conf.5.xml:3715 msgid "dns_resolver_timeout (integer)" msgstr "dns_resolver_timeout (целое число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3717 +#: sssd.conf.5.xml:3718 msgid "" "Defines the amount of time (in seconds) to wait for a reply from the " "internal fail over service before assuming that the service is unreachable. " @@ -5318,12 +5318,12 @@ msgstr "" "работу в автономном режиме." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3735 +#: sssd.conf.5.xml:3736 msgid "dns_resolver_use_search_list (bool)" msgstr "dns_resolver_use_search_list (логическое значение)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3738 +#: sssd.conf.5.xml:3739 msgid "" "Normally, the DNS resolver searches the domain list defined in the " "\"search\" directive from the resolv.conf file. This can lead to delays in " @@ -5334,7 +5334,7 @@ msgstr "" "средах с неправильно настроенным DNS." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3744 +#: sssd.conf.5.xml:3745 msgid "" "If fully qualified domain names (or _srv_) are used in the SSSD " "configuration, setting this option to FALSE can prevent unnecessary DNS " @@ -5345,17 +5345,17 @@ msgstr "" "запросы DNS в таких средах." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3750 +#: sssd.conf.5.xml:3751 msgid "Default: TRUE" msgstr "По умолчанию: TRUE" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3756 +#: sssd.conf.5.xml:3757 msgid "dns_discovery_domain (string)" msgstr "dns_discovery_domain (строка)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3759 +#: sssd.conf.5.xml:3760 msgid "" "If service discovery is used in the back end, specifies the domain part of " "the service discovery DNS query." @@ -5364,54 +5364,54 @@ msgstr "" "доменную часть запроса обнаружения служб DNS." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3763 +#: sssd.conf.5.xml:3764 msgid "Default: Use the domain part of machine's hostname" msgstr "По умолчанию: использовать доменную часть имени узла компьютера" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3769 +#: sssd.conf.5.xml:3770 msgid "override_gid (integer)" msgstr "override_gid (целое число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3772 +#: sssd.conf.5.xml:3773 msgid "Override the primary GID value with the one specified." msgstr "Переопределить значение основного GID указанным значением." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3778 +#: sssd.conf.5.xml:3779 msgid "case_sensitive (string)" msgstr "case_sensitive (строка)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3785 +#: sssd.conf.5.xml:3786 msgid "True" msgstr "True" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3788 +#: sssd.conf.5.xml:3789 msgid "Case sensitive. This value is invalid for AD provider." msgstr "" "С учётом регистра. Это значение не является корректным для поставщика данных " "AD." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3794 +#: sssd.conf.5.xml:3795 msgid "False" msgstr "False" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3796 +#: sssd.conf.5.xml:3797 msgid "Case insensitive." msgstr "Без учёта регистра." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3800 +#: sssd.conf.5.xml:3801 msgid "Preserving" msgstr "Preserving" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3803 +#: sssd.conf.5.xml:3804 msgid "" "Same as False (case insensitive), but does not lowercase names in the result " "of NSS operations. Note that name aliases (and in case of services also " @@ -5423,7 +5423,7 @@ msgstr "" "регистр в выведенных данных." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3811 +#: sssd.conf.5.xml:3812 msgid "" "If you want to set this value for trusted domain with IPA provider, you need " "to set it on both the client and SSSD on the server." @@ -5433,7 +5433,7 @@ msgstr "" "на сервере." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3781 +#: sssd.conf.5.xml:3782 msgid "" "Treat user and group names as case sensitive. Possible option values are: " "<placeholder type=\"variablelist\" id=\"0\"/>" @@ -5442,17 +5442,17 @@ msgstr "" "значения: <placeholder type=\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3826 +#: sssd.conf.5.xml:3827 msgid "Default: True (False for AD provider)" msgstr "По умолчанию: True (False для поставщика данных AD)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3832 +#: sssd.conf.5.xml:3833 msgid "subdomain_inherit (string)" msgstr "subdomain_inherit (строка)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3835 +#: sssd.conf.5.xml:3836 msgid "" "Specifies a list of configuration parameters that should be inherited by a " "subdomain. Please note that only selected parameters can be inherited. " @@ -5464,47 +5464,47 @@ msgstr "" "параметров:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3841 +#: sssd.conf.5.xml:3842 msgid "ldap_search_timeout" msgstr "ldap_search_timeout" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3844 +#: sssd.conf.5.xml:3845 msgid "ldap_network_timeout" msgstr "ldap_network_timeout" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3847 +#: sssd.conf.5.xml:3848 msgid "ldap_opt_timeout" msgstr "ldap_opt_timeout" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3850 +#: sssd.conf.5.xml:3851 msgid "ldap_offline_timeout" msgstr "ldap_offline_timeout" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3853 +#: sssd.conf.5.xml:3854 msgid "ldap_enumeration_refresh_timeout" msgstr "ldap_enumeration_refresh_timeout" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3856 +#: sssd.conf.5.xml:3857 msgid "ldap_enumeration_refresh_offset" msgstr "ldap_enumeration_refresh_offset" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3859 +#: sssd.conf.5.xml:3860 msgid "ldap_purge_cache_timeout" msgstr "ldap_purge_cache_timeout" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3862 +#: sssd.conf.5.xml:3863 msgid "ldap_purge_cache_offset" msgstr "ldap_purge_cache_offset" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3865 +#: sssd.conf.5.xml:3866 msgid "" "ldap_krb5_keytab (the value of krb5_keytab will be used if ldap_krb5_keytab " "is not set explicitly)" @@ -5513,57 +5513,57 @@ msgstr "" "ldap_krb5_keytab не задан явно)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3869 +#: sssd.conf.5.xml:3870 msgid "ldap_krb5_ticket_lifetime" msgstr "ldap_krb5_ticket_lifetime" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3872 +#: sssd.conf.5.xml:3873 msgid "ldap_enumeration_search_timeout" msgstr "ldap_enumeration_search_timeout" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3875 +#: sssd.conf.5.xml:3876 msgid "ldap_connection_expire_timeout" msgstr "ldap_connection_expire_timeout" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3878 +#: sssd.conf.5.xml:3879 msgid "ldap_connection_expire_offset" msgstr "ldap_connection_expire_offset" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3881 +#: sssd.conf.5.xml:3882 msgid "ldap_connection_idle_timeout" msgstr "ldap_connection_idle_timeout" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3884 sssd-ldap.5.xml:400 +#: sssd.conf.5.xml:3885 sssd-ldap.5.xml:400 msgid "ldap_use_tokengroups" msgstr "ldap_use_tokengroups" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3887 +#: sssd.conf.5.xml:3888 msgid "ldap_user_principal" msgstr "ldap_user_principal" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3890 +#: sssd.conf.5.xml:3891 msgid "ignore_group_members" msgstr "ignore_group_members" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3893 +#: sssd.conf.5.xml:3894 msgid "auto_private_groups" msgstr "auto_private_groups" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3896 +#: sssd.conf.5.xml:3897 msgid "case_sensitive" msgstr "case_sensitive" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:3901 +#: sssd.conf.5.xml:3902 #, no-wrap msgid "" "subdomain_inherit = ldap_purge_cache_timeout\n" @@ -5573,28 +5573,28 @@ msgstr "" " " #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3908 +#: sssd.conf.5.xml:3909 msgid "Note: This option only works with the IPA and AD provider." msgstr "" "Примечание: этот параметр работает только для поставщиков данных IPA и AD." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3915 +#: sssd.conf.5.xml:3916 msgid "subdomain_homedir (string)" msgstr "subdomain_homedir (строка)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3926 +#: sssd.conf.5.xml:3927 msgid "%F" msgstr "%F" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3927 +#: sssd.conf.5.xml:3928 msgid "flat (NetBIOS) name of a subdomain." msgstr "плоское (NetBIOS) имя поддомена." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3918 +#: sssd.conf.5.xml:3919 msgid "" "Use this homedir as default value for all subdomains within this domain in " "IPA AD trust. See <emphasis>override_homedir</emphasis> for info about " @@ -5610,7 +5610,7 @@ msgstr "" "id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3932 +#: sssd.conf.5.xml:3933 msgid "" "The value can be overridden by <emphasis>override_homedir</emphasis> option." msgstr "" @@ -5618,29 +5618,29 @@ msgstr "" "<emphasis>override_homedir</emphasis>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3936 +#: sssd.conf.5.xml:3937 msgid "Default: <filename>/home/%d/%u</filename>" msgstr "По умолчанию: <filename>/home/%d/%u</filename>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3941 +#: sssd.conf.5.xml:3942 msgid "realmd_tags (string)" msgstr "realmd_tags (строка)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3944 +#: sssd.conf.5.xml:3945 msgid "" "Various tags stored by the realmd configuration service for this domain." msgstr "" "Различные метки, сохранённые службой настройки realmd для этого домена." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3950 +#: sssd.conf.5.xml:3951 msgid "cached_auth_timeout (int)" msgstr "cached_auth_timeout (целое число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3953 +#: sssd.conf.5.xml:3954 msgid "" "Specifies time in seconds since last successful online authentication for " "which user will be authenticated using cached credentials while SSSD is in " @@ -5654,7 +5654,7 @@ msgstr "" "сетевом режиме." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3961 +#: sssd.conf.5.xml:3962 msgid "" "This option's value is inherited by all trusted domains. At the moment it is " "not possible to set a different value per trusted domain." @@ -5664,12 +5664,12 @@ msgstr "" "значения." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3966 +#: sssd.conf.5.xml:3967 msgid "Special value 0 implies that this feature is disabled." msgstr "Специальное значение «0» подразумевает, что эта возможность отключена." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3970 +#: sssd.conf.5.xml:3971 msgid "" "Please note that if <quote>cached_auth_timeout</quote> is longer than " "<quote>pam_id_timeout</quote> then the back end could be called to handle " @@ -5680,17 +5680,86 @@ msgstr "" "обработки <quote>initgroups.</quote>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3981 +#: sssd.conf.5.xml:3982 +#, fuzzy +#| msgid "ldap_pwd_policy (string)" +msgid "local_auth_policy (string)" +msgstr "ldap_pwd_policy (строка)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3985 +msgid "" +"Local authentication methods policy. Some backends (i.e. LDAP, proxy " +"provider) only support a password based authentication, while others can " +"handle PKINIT based Smartcard authentication (AD, IPA), two-factor " +"authentication (IPA), or other methods against a central instance. By " +"default in such cases authentication is only performed with the methods " +"supported by the backend." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3995 +msgid "" +"There are three possible values for this option: match, only, enable. " +"<quote>match</quote> is used to match offline and online states for Kerberos " +"methods. <quote>only</quote> ignores the online methods and only offer the " +"local ones. enable allows explicitly defining the methods for local " +"authentication. As an example, <quote>enable:passkey</quote>, only enables " +"passkey for local authentication. Multiple enable values should be comma-" +"separated, such as <quote>enable:passkey, enable:smartcard</quote>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:4011 +#, no-wrap +msgid "" +"[domain/shadowutils]\n" +"id_provider = proxy\n" +"proxy_lib_name = files\n" +"auth_provider = none\n" +"local_auth_policy = only\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4007 +#, fuzzy +#| msgid "" +#| "The following example creates a container named 'mycontainer': " +#| "<placeholder type=\"programlisting\" id=\"0\"/>" +msgid "" +"The following configuration example allows local users to authenticate " +"locally using any enabled method (i.e. smartcard, passkey). <placeholder " +"type=\"programlisting\" id=\"0\"/>" +msgstr "" +"В следующем примере создаётся контейнер с именем «mycontainer»: <placeholder " +"type=\"programlisting\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4019 +#, fuzzy +#| msgid "This option is not available in IPA provider." +msgid "This option is ignored for the files provider." +msgstr "Этот параметр недоступен в поставщике данных IPA." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4022 +#, fuzzy +#| msgid "Default: mail" +msgid "Default: match" +msgstr "По умолчанию: mail" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4027 msgid "auto_private_groups (string)" msgstr "auto_private_groups (строка)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3987 +#: sssd.conf.5.xml:4033 msgid "true" msgstr "true" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3990 +#: sssd.conf.5.xml:4036 msgid "" "Create user's private group unconditionally from user's UID number. The GID " "number is ignored in this case." @@ -5699,7 +5768,7 @@ msgstr "" "UID пользователя. Номер GID в этом случае игнорируется." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3994 +#: sssd.conf.5.xml:4040 msgid "" "NOTE: Because the GID number and the user private group are inferred from " "the UID number, it is not supported to have multiple entries with the same " @@ -5713,12 +5782,12 @@ msgstr "" "пространстве идентификаторов." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4003 +#: sssd.conf.5.xml:4049 msgid "false" msgstr "false" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4006 +#: sssd.conf.5.xml:4052 msgid "" "Always use the user's primary GID number. The GID number must refer to a " "group object in the LDAP database." @@ -5727,12 +5796,12 @@ msgstr "" "ссылаться на объект группы в базе данных LDAP." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4012 +#: sssd.conf.5.xml:4058 msgid "hybrid" msgstr "hybrid" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4015 +#: sssd.conf.5.xml:4061 msgid "" "A primary group is autogenerated for user entries whose UID and GID numbers " "have the same value and at the same time the GID number does not correspond " @@ -5747,7 +5816,7 @@ msgstr "" "основной GID этого пользователя разрешается в этот объект группы." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4028 +#: sssd.conf.5.xml:4074 msgid "" "If the UID and GID of a user are different, then the GID must correspond to " "a group entry, otherwise the GID is simply not resolvable." @@ -5756,7 +5825,7 @@ msgstr "" "группы; в ином случае GID просто будет невозможно разрешить." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4035 +#: sssd.conf.5.xml:4081 msgid "" "This feature is useful for environments that wish to stop maintaining a " "separate group objects for the user private groups, but also wish to retain " @@ -5767,7 +5836,7 @@ msgstr "" "сохранить существующие закрытые группы пользователей." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3984 +#: sssd.conf.5.xml:4030 msgid "" "This option takes any of three available values: <placeholder " "type=\"variablelist\" id=\"0\"/>" @@ -5776,7 +5845,7 @@ msgstr "" "type=\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4047 +#: sssd.conf.5.xml:4093 msgid "" "For subdomains, the default value is False for subdomains that use assigned " "POSIX IDs and True for subdomains that use automatic ID-mapping." @@ -5786,7 +5855,7 @@ msgstr "" "поддоменов, которые используют автоматическое сопоставление идентификаторов." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:4055 +#: sssd.conf.5.xml:4101 #, no-wrap msgid "" "[domain/forest.domain/sub.domain]\n" @@ -5796,7 +5865,7 @@ msgstr "" "auto_private_groups = false\n" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:4061 +#: sssd.conf.5.xml:4107 #, no-wrap msgid "" "[domain/forest.domain]\n" @@ -5808,7 +5877,7 @@ msgstr "" "auto_private_groups = false\n" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4052 +#: sssd.conf.5.xml:4098 msgid "" "The value of auto_private_groups can either be set per subdomains in a " "subsection, for example: <placeholder type=\"programlisting\" id=\"0\"/> or " @@ -5822,7 +5891,7 @@ msgstr "" "type=\"programlisting\" id=\"1\"/>" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:2569 +#: sssd.conf.5.xml:2570 msgid "" "These configuration options can be present in a domain configuration " "section, that is, in a section called <quote>[domain/<replaceable>NAME</" @@ -5833,17 +5902,17 @@ msgstr "" "replaceable>]</quote> <placeholder type=\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4076 +#: sssd.conf.5.xml:4122 msgid "proxy_pam_target (string)" msgstr "proxy_pam_target (строка)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4079 +#: sssd.conf.5.xml:4125 msgid "The proxy target PAM proxies to." msgstr "Цель, которой пересылает данные прокси PAM." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4082 +#: sssd.conf.5.xml:4128 msgid "" "Default: not set by default, you have to take an existing pam configuration " "or create a new one and add the service name here." @@ -5852,12 +5921,12 @@ msgstr "" "конфигурацией PAM или создать новую и добавить здесь имя службы." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4090 +#: sssd.conf.5.xml:4136 msgid "proxy_lib_name (string)" msgstr "proxy_lib_name (строка)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4093 +#: sssd.conf.5.xml:4139 msgid "" "The name of the NSS library to use in proxy domains. The NSS functions " "searched for in the library are in the form of _nss_$(libName)_$(function), " @@ -5868,12 +5937,12 @@ msgstr "" "_nss_$(libName)_$(function), например: _nss_files_getpwent." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4103 +#: sssd.conf.5.xml:4149 msgid "proxy_resolver_lib_name (string)" msgstr "proxy_resolver_lib_name (строка)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4106 +#: sssd.conf.5.xml:4152 msgid "" "The name of the NSS library to use for hosts and networks lookups in proxy " "domains. The NSS functions searched for in the library are in the form of " @@ -5884,12 +5953,12 @@ msgstr "" "вид _nss_$(libName)_$(function), например: _nss_dns_gethostbyname2_r." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4117 +#: sssd.conf.5.xml:4163 msgid "proxy_fast_alias (boolean)" msgstr "proxy_fast_alias (логическое значение)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4120 +#: sssd.conf.5.xml:4166 msgid "" "When a user or group is looked up by name in the proxy provider, a second " "lookup by ID is performed to \"canonicalize\" the name in case the requested " @@ -5903,12 +5972,12 @@ msgstr "" "идентификатора в кэше в целях ускорения предоставления результатов." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4134 +#: sssd.conf.5.xml:4180 msgid "proxy_max_children (integer)" msgstr "proxy_max_children (целое число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4137 +#: sssd.conf.5.xml:4183 msgid "" "This option specifies the number of pre-forked proxy children. It is useful " "for high-load SSSD environments where sssd may run out of available child " @@ -5920,7 +5989,7 @@ msgstr "" "постановки запросов в очередь." #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4072 +#: sssd.conf.5.xml:4118 msgid "" "Options valid for proxy domains. <placeholder type=\"variablelist\" " "id=\"0\"/>" @@ -5929,12 +5998,12 @@ msgstr "" "<placeholder type=\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:4153 +#: sssd.conf.5.xml:4199 msgid "Application domains" msgstr "Домены приложений" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4155 +#: sssd.conf.5.xml:4201 msgid "" "SSSD, with its D-Bus interface (see <citerefentry> <refentrytitle>sssd-ifp</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry>) is appealing to " @@ -5963,7 +6032,7 @@ msgstr "" "традиционного домена SSSD." #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4175 +#: sssd.conf.5.xml:4221 msgid "" "Please note that the application domain must still be explicitly enabled in " "the <quote>domains</quote> parameter so that the lookup order between the " @@ -5974,17 +6043,17 @@ msgstr "" "порядок поиска для домена приложений и его родственного домена POSIX." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> -#: sssd.conf.5.xml:4181 +#: sssd.conf.5.xml:4227 msgid "Application domain parameters" msgstr "Параметры доменов приложений" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4183 +#: sssd.conf.5.xml:4229 msgid "inherit_from (string)" msgstr "inherit_from (строка)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4186 +#: sssd.conf.5.xml:4232 msgid "" "The SSSD POSIX-type domain the application domain inherits all settings " "from. The application domain can moreover add its own settings to the " @@ -5997,7 +6066,7 @@ msgstr "" "<quote>родственного</quote> домена." #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4200 +#: sssd.conf.5.xml:4246 msgid "" "The following example illustrates the use of an application domain. In this " "setup, the POSIX domain is connected to an LDAP server and is used by the OS " @@ -6012,7 +6081,7 @@ msgstr "" "атрибут phone доступным через интерфейс D-Bus." #. type: Content of: <reference><refentry><refsect1><refsect2><programlisting> -#: sssd.conf.5.xml:4208 +#: sssd.conf.5.xml:4254 #, no-wrap msgid "" "[sssd]\n" @@ -6046,12 +6115,12 @@ msgstr "" "ldap_user_extra_attrs = phone:telephoneNumber\n" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4228 +#: sssd.conf.5.xml:4274 msgid "TRUSTED DOMAIN SECTION" msgstr "РАЗДЕЛ ДОВЕРЕННЫХ ДОМЕНОВ" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4230 +#: sssd.conf.5.xml:4276 msgid "" "Some options used in the domain section can also be used in the trusted " "domain section, that is, in a section called <quote>[domain/" @@ -6069,57 +6138,57 @@ msgstr "" "поддерживаются следующие параметры:" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4237 +#: sssd.conf.5.xml:4283 msgid "ldap_search_base," msgstr "ldap_search_base," #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4238 +#: sssd.conf.5.xml:4284 msgid "ldap_user_search_base," msgstr "ldap_user_search_base," #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4239 +#: sssd.conf.5.xml:4285 msgid "ldap_group_search_base," msgstr "ldap_group_search_base," #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4240 +#: sssd.conf.5.xml:4286 msgid "ldap_netgroup_search_base," msgstr "ldap_netgroup_search_base," #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4241 +#: sssd.conf.5.xml:4287 msgid "ldap_service_search_base," msgstr "ldap_service_search_base," #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4242 +#: sssd.conf.5.xml:4288 msgid "ldap_sasl_mech," msgstr "ldap_sasl_mech," #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4243 +#: sssd.conf.5.xml:4289 msgid "ad_server," msgstr "ad_server," #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4244 +#: sssd.conf.5.xml:4290 msgid "ad_backup_server," msgstr "ad_backup_server," #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4245 +#: sssd.conf.5.xml:4291 msgid "ad_site," msgstr "ad_site," #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4246 sssd-ipa.5.xml:879 +#: sssd.conf.5.xml:4292 sssd-ipa.5.xml:879 msgid "use_fully_qualified_names" msgstr "use_fully_qualified_names" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4250 +#: sssd.conf.5.xml:4296 msgid "" "For more details about these options see their individual description in the " "manual page." @@ -6128,12 +6197,12 @@ msgstr "" "справочной странице." #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4256 +#: sssd.conf.5.xml:4302 msgid "CERTIFICATE MAPPING SECTION" msgstr "РАЗДЕЛ СОПОСТАВЛЕНИЯ СЕРТИФИКАТОВ" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4258 +#: sssd.conf.5.xml:4304 msgid "" "To allow authentication with Smartcards and certificates SSSD must be able " "to map certificates to users. This can be done by adding the full " @@ -6156,7 +6225,7 @@ msgstr "" "проверки подлинности." #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4272 +#: sssd.conf.5.xml:4318 msgid "" "To make the mapping more flexible mapping and matching rules were added to " "SSSD (see <citerefentry> <refentrytitle>sss-certmap</refentrytitle> " @@ -6167,7 +6236,7 @@ msgstr "" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry>)." #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4281 +#: sssd.conf.5.xml:4327 msgid "" "A mapping and matching rule can be added to the SSSD configuration in a " "section on its own with a name like <quote>[certmap/" @@ -6180,12 +6249,12 @@ msgstr "" "replaceable>]</quote>. В этом разделе допустимы следующие параметры:" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4288 +#: sssd.conf.5.xml:4334 msgid "matchrule (string)" msgstr "matchrule (строка)" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4291 +#: sssd.conf.5.xml:4337 msgid "" "Only certificates from the Smartcard which matches this rule will be " "processed, all others are ignored." @@ -6194,7 +6263,7 @@ msgstr "" "соответствуют этому правилу. Все остальные будут игнорироваться." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4295 +#: sssd.conf.5.xml:4341 msgid "" "Default: KRB5:<EKU>clientAuth, i.e. only certificates which have the " "Extended Key Usage <quote>clientAuth</quote>" @@ -6204,17 +6273,17 @@ msgstr "" "<quote>clientAuth</quote>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4302 +#: sssd.conf.5.xml:4348 msgid "maprule (string)" msgstr "maprule (строка)" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4305 +#: sssd.conf.5.xml:4351 msgid "Defines how the user is found for a given certificate." msgstr "Определяет способ поиска пользователя для указанного сертификата." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4311 +#: sssd.conf.5.xml:4357 msgid "" "LDAP:(userCertificate;binary={cert!bin}) for LDAP based providers like " "<quote>ldap</quote>, <quote>AD</quote> or <quote>ipa</quote>." @@ -6224,7 +6293,7 @@ msgstr "" "quote>." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4317 +#: sssd.conf.5.xml:4363 msgid "" "The RULE_NAME for the <quote>files</quote> provider which tries to find a " "user with the same name." @@ -6233,12 +6302,12 @@ msgstr "" "пользователя с таким же именем." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4326 +#: sssd.conf.5.xml:4372 msgid "domains (string)" msgstr "domains (строка)" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4329 +#: sssd.conf.5.xml:4375 msgid "" "Comma separated list of domain names the rule should be applied. By default " "a rule is only valid in the domain configured in sssd.conf. If the provider " @@ -6251,17 +6320,17 @@ msgstr "" "параметра можно добавить правило также и в поддомены." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4336 +#: sssd.conf.5.xml:4382 msgid "Default: the configured domain in sssd.conf" msgstr "По умолчанию: настроенный домен в sssd.conf" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4341 +#: sssd.conf.5.xml:4387 msgid "priority (integer)" msgstr "priority (целое число)" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4344 +#: sssd.conf.5.xml:4390 msgid "" "Unsigned integer value defining the priority of the rule. The higher the " "number the lower the priority. <quote>0</quote> stands for the highest " @@ -6272,12 +6341,12 @@ msgstr "" "приоритет, а <quote>4294967295</quote> — самый низкий." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4350 +#: sssd.conf.5.xml:4396 msgid "Default: the lowest priority" msgstr "По умолчанию: самый низкий приоритет" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4356 +#: sssd.conf.5.xml:4402 msgid "" "To make the configuration simple and reduce the amount of configuration " "options the <quote>files</quote> provider has some special properties:" @@ -6287,7 +6356,7 @@ msgstr "" "свойства:" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4362 +#: sssd.conf.5.xml:4408 msgid "" "if maprule is not set the RULE_NAME name is assumed to be the name of the " "matching user" @@ -6296,7 +6365,7 @@ msgstr "" "RULE_NAME" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4368 +#: sssd.conf.5.xml:4414 msgid "" "if a maprule is used both a single user name or a template like " "<quote>{subject_rfc822_name.short_name}</quote> must be in braces like e.g. " @@ -6309,17 +6378,17 @@ msgstr "" "<quote>({subject_rfc822_name.short_name})</quote>" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4377 +#: sssd.conf.5.xml:4423 msgid "the <quote>domains</quote> option is ignored" msgstr "параметр <quote>domains</quote> игнорируется" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4385 +#: sssd.conf.5.xml:4431 msgid "PROMPTING CONFIGURATION SECTION" msgstr "РАЗДЕЛ НАСТРОЙКИ ЗАПРОСОВ" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4387 +#: sssd.conf.5.xml:4433 msgid "" "If a special file (<filename>/var/lib/sss/pubconf/pam_preauth_available</" "filename>) exists SSSD's PAM module pam_sss will ask SSSD to figure out " @@ -6334,7 +6403,7 @@ msgstr "" "запросит у пользователя соответствующие учётные данные." #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4395 +#: sssd.conf.5.xml:4441 msgid "" "With the growing number of authentication methods and the possibility that " "there are multiple ones for a single user the heuristic used by pam_sss to " @@ -6347,22 +6416,22 @@ msgstr "" "Следующие параметры обеспечивают более гибкую настройку." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4407 +#: sssd.conf.5.xml:4453 msgid "[prompting/password]" msgstr "[prompting/password]" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4410 +#: sssd.conf.5.xml:4456 msgid "password_prompt" msgstr "password_prompt" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4411 +#: sssd.conf.5.xml:4457 msgid "to change the string of the password prompt" msgstr "изменить строку запроса пароля" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4409 +#: sssd.conf.5.xml:4455 msgid "" "to configure password prompting, allowed options are: <placeholder " "type=\"variablelist\" id=\"0\"/>" @@ -6371,37 +6440,37 @@ msgstr "" "type=\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4419 +#: sssd.conf.5.xml:4465 msgid "[prompting/2fa]" msgstr "[prompting/2fa]" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4423 +#: sssd.conf.5.xml:4469 msgid "first_prompt" msgstr "first_prompt" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4424 +#: sssd.conf.5.xml:4470 msgid "to change the string of the prompt for the first factor" msgstr "изменить строку запроса первого фактора" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4427 +#: sssd.conf.5.xml:4473 msgid "second_prompt" msgstr "second_prompt" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4428 +#: sssd.conf.5.xml:4474 msgid "to change the string of the prompt for the second factor" msgstr "изменить строку запроса второго фактора" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4431 +#: sssd.conf.5.xml:4477 msgid "single_prompt" msgstr "single_prompt" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4432 +#: sssd.conf.5.xml:4478 msgid "" "boolean value, if True there will be only a single prompt using the value of " "first_prompt where it is expected that both factors are entered as a single " @@ -6414,7 +6483,7 @@ msgstr "" "фактора, даже если второй фактор является необязательным." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4421 +#: sssd.conf.5.xml:4467 msgid "" "to configure two-factor authentication prompting, allowed options are: " "<placeholder type=\"variablelist\" id=\"0\"/> If the second factor is " @@ -6427,19 +6496,19 @@ msgstr "" "пароль, либо оба фактора, следует использовать двухэтапный запрос." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4449 +#: sssd.conf.5.xml:4495 #, fuzzy #| msgid "[prompting/password]" msgid "[prompting/passkey]" msgstr "[prompting/password]" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4455 sssd-ad.5.xml:1021 +#: sssd.conf.5.xml:4501 sssd-ad.5.xml:1021 msgid "interactive" msgstr "interactive" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4457 +#: sssd.conf.5.xml:4503 msgid "" "boolean value, if True prompt a message and wait before testing the presence " "of a passkey device. Recommended if your device doesn’t have a tactile " @@ -6447,47 +6516,47 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4465 +#: sssd.conf.5.xml:4511 #, fuzzy #| msgid "interactive" msgid "interactive_prompt" msgstr "interactive" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4467 +#: sssd.conf.5.xml:4513 #, fuzzy #| msgid "to change the string of the password prompt" msgid "to change the message of the interactive prompt." msgstr "изменить строку запроса пароля" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4472 +#: sssd.conf.5.xml:4518 msgid "touch" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4474 +#: sssd.conf.5.xml:4520 msgid "" "boolean value, if True prompt a message to remind the user to touch the " "device." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4480 +#: sssd.conf.5.xml:4526 #, fuzzy #| msgid "first_prompt" msgid "touch_prompt" msgstr "first_prompt" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4482 +#: sssd.conf.5.xml:4528 #, fuzzy #| msgid "to change the string of the password prompt" msgid "to change the message of the touch prompt." msgstr "изменить строку запроса пароля" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4451 +#: sssd.conf.5.xml:4497 #, fuzzy #| msgid "" #| "to configure password prompting, allowed options are: <placeholder " @@ -6500,7 +6569,7 @@ msgstr "" "type=\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4402 +#: sssd.conf.5.xml:4448 #, fuzzy #| msgid "" #| "Each supported authentication method has its own configuration subsection " @@ -6519,7 +6588,7 @@ msgstr "" "<placeholder type=\"variablelist\" id=\"1\"/>" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4493 +#: sssd.conf.5.xml:4539 msgid "" "It is possible to add a subsection for specific PAM services, e.g. " "<quote>[prompting/password/sshd]</quote> to individual change the prompting " @@ -6530,12 +6599,12 @@ msgstr "" "конкретно для этой службы." #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4500 pam_sss_gss.8.xml:157 idmap_sss.8.xml:43 +#: sssd.conf.5.xml:4546 pam_sss_gss.8.xml:157 idmap_sss.8.xml:43 msgid "EXAMPLES" msgstr "ПРИМЕРЫ" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4506 +#: sssd.conf.5.xml:4552 #, no-wrap msgid "" "[sssd]\n" @@ -6589,7 +6658,7 @@ msgstr "" "enumerate = False\n" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4502 +#: sssd.conf.5.xml:4548 msgid "" "1. The following example shows a typical SSSD config. It does not describe " "configuration of the domains themselves - refer to documentation on " @@ -6601,7 +6670,7 @@ msgstr "" "документации. <placeholder type=\"programlisting\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4539 +#: sssd.conf.5.xml:4585 #, no-wrap msgid "" "[domain/ipa.com/child.ad.com]\n" @@ -6611,7 +6680,7 @@ msgstr "" "use_fully_qualified_names = false\n" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4533 +#: sssd.conf.5.xml:4579 msgid "" "2. The following example shows configuration of IPA AD trust where the AD " "forest consists of two domains in a parent-child structure. Suppose IPA " @@ -6628,7 +6697,7 @@ msgstr "" "type=\"programlisting\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4550 +#: sssd.conf.5.xml:4596 #, fuzzy, no-wrap #| msgid "" #| "[certmap/my.domain/rule_name]\n" @@ -6656,7 +6725,7 @@ msgstr "" "matchrule = <ISSUER>^CN=My-CA,DC=MY,DC=DOMAIN$<SUBJECT>^CN=User.Name,DC=MY,DC=DOMAIN$\n" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4544 +#: sssd.conf.5.xml:4590 #, fuzzy #| msgid "" #| "3. The following example shows the configuration for two certificate " @@ -21868,9 +21937,13 @@ msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: include/ldap_id_mapping.xml:235 +#, fuzzy +#| msgid "" +#| "When this option is configured, domains will be allocated starting with " +#| "slice zero and increasing monatomically with each additional domain." msgid "" "When this option is configured, domains will be allocated starting with " -"slice zero and increasing monatomically with each additional domain." +"slice zero and increasing monotonically with each additional domain." msgstr "" "Когда настроен этот параметр, домены будут выделяться, начиная с нулевого " "среза, с постепенным увеличением для каждого дополнительного домена." @@ -23770,13 +23843,6 @@ msgstr "" #~ " -XPOST http://localhost/secrets/mycontainer/\n" #~ " " -#~ msgid "" -#~ "The following example creates a container named 'mycontainer': " -#~ "<placeholder type=\"programlisting\" id=\"0\"/>" -#~ msgstr "" -#~ "В следующем примере создаётся контейнер с именем «mycontainer»: " -#~ "<placeholder type=\"programlisting\" id=\"0\"/>" - #, no-wrap #~ msgid "" #~ "http://localhost/secrets/mycontainer/mysecret\n" diff --git a/src/man/po/sssd-docs.pot b/src/man/po/sssd-docs.pot index f9e07cba149..84998664a7d 100644 --- a/src/man/po/sssd-docs.pot +++ b/src/man/po/sssd-docs.pot @@ -6,9 +6,9 @@ #, fuzzy msgid "" msgstr "" -"Project-Id-Version: sssd-docs 2.9.0\n" +"Project-Id-Version: sssd-docs 2.9.1\n" "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" -"POT-Creation-Date: 2023-06-23 14:53+0200\n" +"POT-Creation-Date: 2023-09-07 11:47+0200\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" "Language-Team: LANGUAGE <LL@li.org>\n" @@ -202,8 +202,8 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:136 sssd.conf.5.xml:173 sssd.conf.5.xml:358 -#: sssd.conf.5.xml:714 sssd.conf.5.xml:729 sssd.conf.5.xml:951 -#: sssd.conf.5.xml:1069 sssd.conf.5.xml:2197 sssd-ldap.5.xml:1071 +#: sssd.conf.5.xml:714 sssd.conf.5.xml:729 sssd.conf.5.xml:952 +#: sssd.conf.5.xml:1070 sssd.conf.5.xml:2198 sssd-ldap.5.xml:1071 #: sssd-ldap.5.xml:1174 sssd-ldap.5.xml:1243 sssd-ldap.5.xml:1750 #: sssd-ldap.5.xml:1815 sssd-ipa.5.xml:342 sssd-ad.5.xml:252 sssd-ad.5.xml:366 #: sssd-ad.5.xml:1200 sssd-ad.5.xml:1348 sssd-krb5.5.xml:358 @@ -223,8 +223,8 @@ msgid "" msgstr "" #. type: Content of: <variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:149 sssd.conf.5.xml:652 sssd.conf.5.xml:948 -#: sssd.conf.5.xml:2100 sssd.conf.5.xml:2167 sssd.conf.5.xml:4128 +#: sssd.conf.5.xml:149 sssd.conf.5.xml:652 sssd.conf.5.xml:949 +#: sssd.conf.5.xml:2101 sssd.conf.5.xml:2168 sssd.conf.5.xml:4174 #: sssd-ldap.5.xml:312 sssd-ldap.5.xml:917 sssd-ldap.5.xml:936 #: sssd-ldap.5.xml:1146 sssd-ldap.5.xml:1599 sssd-ldap.5.xml:1839 #: sssd-ipa.5.xml:152 sssd-ipa.5.xml:254 sssd-ipa.5.xml:657 sssd-ad.5.xml:1106 @@ -292,8 +292,8 @@ msgid "" msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:196 sssd.conf.5.xml:1289 sssd.conf.5.xml:1766 -#: sssd.conf.5.xml:4144 sssd-ldap.5.xml:765 include/ldap_id_mapping.xml:270 +#: sssd.conf.5.xml:196 sssd.conf.5.xml:1290 sssd.conf.5.xml:1767 +#: sssd.conf.5.xml:4190 sssd-ldap.5.xml:765 include/ldap_id_mapping.xml:270 msgid "Default: 10" msgstr "" @@ -357,19 +357,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:258 sssd.conf.5.xml:783 +#: sssd.conf.5.xml:258 sssd.conf.5.xml:784 msgid "reconnection_retries (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:261 sssd.conf.5.xml:786 +#: sssd.conf.5.xml:261 sssd.conf.5.xml:787 msgid "" "Number of times services should attempt to reconnect in the event of a Data " "Provider crash or restart before they give up" msgstr "" #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:266 sssd.conf.5.xml:791 sssd.conf.5.xml:3708 +#: sssd.conf.5.xml:266 sssd.conf.5.xml:792 sssd.conf.5.xml:3709 #: include/failover.xml:100 msgid "Default: 3" msgstr "" @@ -391,7 +391,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:287 sssd.conf.5.xml:3540 +#: sssd.conf.5.xml:287 sssd.conf.5.xml:3541 msgid "re_expression (string)" msgstr "" @@ -411,12 +411,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:304 sssd.conf.5.xml:3597 +#: sssd.conf.5.xml:304 sssd.conf.5.xml:3598 msgid "full_name_format (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:307 sssd.conf.5.xml:3600 +#: sssd.conf.5.xml:307 sssd.conf.5.xml:3601 msgid "" "A <citerefentry> <refentrytitle>printf</refentrytitle> " "<manvolnum>3</manvolnum> </citerefentry>-compatible format that describes " @@ -425,39 +425,39 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:318 sssd.conf.5.xml:3611 +#: sssd.conf.5.xml:318 sssd.conf.5.xml:3612 msgid "%1$s" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:319 sssd.conf.5.xml:3612 +#: sssd.conf.5.xml:319 sssd.conf.5.xml:3613 msgid "user name" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:322 sssd.conf.5.xml:3615 +#: sssd.conf.5.xml:322 sssd.conf.5.xml:3616 msgid "%2$s" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:325 sssd.conf.5.xml:3618 +#: sssd.conf.5.xml:325 sssd.conf.5.xml:3619 msgid "domain name as specified in the SSSD config file." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:331 sssd.conf.5.xml:3624 +#: sssd.conf.5.xml:331 sssd.conf.5.xml:3625 msgid "%3$s" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:334 sssd.conf.5.xml:3627 +#: sssd.conf.5.xml:334 sssd.conf.5.xml:3628 msgid "" "domain flat name. Mostly usable for Active Directory domains, both directly " "configured or discovered via IPA trusts." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:315 sssd.conf.5.xml:3608 +#: sssd.conf.5.xml:315 sssd.conf.5.xml:3609 msgid "" "The following expansions are supported: <placeholder type=\"variablelist\" " "id=\"0\"/>" @@ -872,7 +872,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:700 sssd.conf.5.xml:1790 sssd.conf.5.xml:4194 +#: sssd.conf.5.xml:700 sssd.conf.5.xml:1791 sssd.conf.5.xml:4240 #: sssd-ad.5.xml:187 sssd-ad.5.xml:327 sssd-ad.5.xml:341 msgid "Default: Not set" msgstr "" @@ -917,11 +917,11 @@ msgstr "" #: sssd.conf.5.xml:744 msgid "" "Enable or disable the user verification (i.e. PIN, fingerprint) during " -"authentication." +"authentication. If enabled, the PIN will always be requested." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:749 +#: sssd.conf.5.xml:750 msgid "" "The default is that the key settings decide what to do. In the IPA or " "kerberos pre-authentication case, this value will be overwritten by the " @@ -948,12 +948,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:768 +#: sssd.conf.5.xml:769 msgid "SERVICES SECTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:770 +#: sssd.conf.5.xml:771 msgid "" "Settings that can be used to configure different services are described in " "this section. They should reside in the [<replaceable>$NAME</replaceable>] " @@ -962,22 +962,22 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:777 +#: sssd.conf.5.xml:778 msgid "General service configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:779 +#: sssd.conf.5.xml:780 msgid "These options can be used to configure any service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:796 +#: sssd.conf.5.xml:797 msgid "fd_limit" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:799 +#: sssd.conf.5.xml:800 msgid "" "This option specifies the maximum number of file descriptors that may be " "opened at one time by this SSSD process. On systems where SSSD is granted " @@ -987,17 +987,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:808 +#: sssd.conf.5.xml:809 msgid "Default: 8192 (or limits.conf \"hard\" limit)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:813 +#: sssd.conf.5.xml:814 msgid "client_idle_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:816 +#: sssd.conf.5.xml:817 msgid "" "This option specifies the number of seconds that a client of an SSSD process " "can hold onto a file descriptor without communicating on it. This value is " @@ -1007,17 +1007,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:825 +#: sssd.conf.5.xml:826 msgid "Default: 60, KCM: 300" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:830 +#: sssd.conf.5.xml:831 msgid "offline_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:833 +#: sssd.conf.5.xml:834 msgid "" "When SSSD switches to offline mode the amount of time before it tries to go " "back online will increase based upon the time spent disconnected. By " @@ -1028,14 +1028,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:844 sssd.conf.5.xml:900 +#: sssd.conf.5.xml:845 sssd.conf.5.xml:901 msgid "" "new_delay = Minimum(old_delay * 2, offline_timeout_max) + " "random[0...offline_timeout_random_offset]" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:847 +#: sssd.conf.5.xml:848 msgid "" "The offline_timeout default value is 60. The offline_timeout_max default " "value is 3600. The offline_timeout_random_offset default value is 30. The " @@ -1043,44 +1043,44 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:853 +#: sssd.conf.5.xml:854 msgid "" "Note that the maximum length of each interval is defined by " "offline_timeout_max (apart of random part)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:857 sssd.conf.5.xml:1200 sssd.conf.5.xml:1583 -#: sssd.conf.5.xml:1879 sssd-ldap.5.xml:494 +#: sssd.conf.5.xml:858 sssd.conf.5.xml:1201 sssd.conf.5.xml:1584 +#: sssd.conf.5.xml:1880 sssd-ldap.5.xml:494 msgid "Default: 60" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:862 +#: sssd.conf.5.xml:863 msgid "offline_timeout_max (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:865 +#: sssd.conf.5.xml:866 msgid "" "Controls by how much the time between attempts to go online can be " "incremented following unsuccessful attempts to go online." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:870 +#: sssd.conf.5.xml:871 msgid "A value of 0 disables the incrementing behaviour." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:873 +#: sssd.conf.5.xml:874 msgid "" "The value of this parameter should be set in correlation to offline_timeout " "parameter value." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:877 +#: sssd.conf.5.xml:878 msgid "" "With offline_timeout set to 60 (default value) there is no point in setting " "offlinet_timeout_max to less than 120 as it will saturate instantly. General " @@ -1089,58 +1089,58 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:883 +#: sssd.conf.5.xml:884 msgid "" "Although a value between 0 and offline_timeout may be specified, it has the " "effect of overriding the offline_timeout value so is of little use." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:888 +#: sssd.conf.5.xml:889 msgid "Default: 3600" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:893 +#: sssd.conf.5.xml:894 msgid "offline_timeout_random_offset (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:896 +#: sssd.conf.5.xml:897 msgid "" "When SSSD is in offline mode it keeps probing backend servers in specified " "time intervals:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:903 +#: sssd.conf.5.xml:904 msgid "" "This parameter controls the value of the random offset used for the above " "equation. Final random_offset value will be random number in range:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:908 +#: sssd.conf.5.xml:909 msgid "[0 - offline_timeout_random_offset]" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:911 +#: sssd.conf.5.xml:912 msgid "A value of 0 disables the random offset addition." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:914 +#: sssd.conf.5.xml:915 msgid "Default: 30" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:919 +#: sssd.conf.5.xml:920 msgid "responder_idle_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:922 +#: sssd.conf.5.xml:923 msgid "" "This option specifies the number of seconds that an SSSD responder process " "can be up without being used. This value is limited in order to avoid " @@ -1152,59 +1152,59 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:936 sssd.conf.5.xml:1213 sssd.conf.5.xml:2321 +#: sssd.conf.5.xml:937 sssd.conf.5.xml:1214 sssd.conf.5.xml:2322 #: sssd-ldap.5.xml:331 msgid "Default: 300" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:941 +#: sssd.conf.5.xml:942 msgid "cache_first" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:944 +#: sssd.conf.5.xml:945 msgid "" "This option specifies whether the responder should query all caches before " "querying the Data Providers." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:959 +#: sssd.conf.5.xml:960 msgid "NSS configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:961 +#: sssd.conf.5.xml:962 msgid "" "These options can be used to configure the Name Service Switch (NSS) " "service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:966 +#: sssd.conf.5.xml:967 msgid "enum_cache_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:969 +#: sssd.conf.5.xml:970 msgid "" "How many seconds should nss_sss cache enumerations (requests for info about " "all users)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:973 +#: sssd.conf.5.xml:974 msgid "Default: 120" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:978 +#: sssd.conf.5.xml:979 msgid "entry_cache_nowait_percentage (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:981 +#: sssd.conf.5.xml:982 msgid "" "The entry cache can be set to automatically update entries in the background " "if they are requested beyond a percentage of the entry_cache_timeout value " @@ -1212,7 +1212,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:987 +#: sssd.conf.5.xml:988 msgid "" "For example, if the domain's entry_cache_timeout is set to 30s and " "entry_cache_nowait_percentage is set to 50 (percent), entries that come in " @@ -1222,7 +1222,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:997 +#: sssd.conf.5.xml:998 msgid "" "Valid values for this option are 0-99 and represent a percentage of the " "entry_cache_timeout for each domain. For performance reasons, this " @@ -1231,17 +1231,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1005 sssd.conf.5.xml:2121 +#: sssd.conf.5.xml:1006 sssd.conf.5.xml:2122 msgid "Default: 50" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1010 +#: sssd.conf.5.xml:1011 msgid "entry_negative_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1013 +#: sssd.conf.5.xml:1014 msgid "" "Specifies for how many seconds nss_sss should cache negative cache hits " "(that is, queries for invalid database entries, like nonexistent ones) " @@ -1249,17 +1249,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1019 sssd.conf.5.xml:1778 sssd.conf.5.xml:2145 +#: sssd.conf.5.xml:1020 sssd.conf.5.xml:1779 sssd.conf.5.xml:2146 msgid "Default: 15" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1024 +#: sssd.conf.5.xml:1025 msgid "local_negative_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1027 +#: sssd.conf.5.xml:1028 msgid "" "Specifies for how many seconds nss_sss should keep local users and groups in " "negative cache before trying to look it up in the back end again. Setting " @@ -1267,17 +1267,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1033 +#: sssd.conf.5.xml:1034 msgid "Default: 14400 (4 hours)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1038 +#: sssd.conf.5.xml:1039 msgid "filter_users, filter_groups (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1041 +#: sssd.conf.5.xml:1042 msgid "" "Exclude certain users or groups from being fetched from the sss NSS " "database. This is particularly useful for system accounts. This option can " @@ -1286,7 +1286,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1049 +#: sssd.conf.5.xml:1050 msgid "" "NOTE: The filter_groups option doesn't affect inheritance of nested group " "members, since filtering happens after they are propagated for returning via " @@ -1295,39 +1295,39 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1057 +#: sssd.conf.5.xml:1058 msgid "Default: root" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1062 +#: sssd.conf.5.xml:1063 msgid "filter_users_in_groups (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1065 +#: sssd.conf.5.xml:1066 msgid "If you want filtered user still be group members set this option to false." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1076 +#: sssd.conf.5.xml:1077 msgid "fallback_homedir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1079 +#: sssd.conf.5.xml:1080 msgid "" "Set a default template for a user's home directory if one is not specified " "explicitly by the domain's data provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1084 +#: sssd.conf.5.xml:1085 msgid "The available values for this option are the same as for override_homedir." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1090 +#: sssd.conf.5.xml:1091 #, no-wrap msgid "" "fallback_homedir = /home/%u\n" @@ -1335,23 +1335,23 @@ msgid "" msgstr "" #. type: Content of: <varlistentry><listitem><para> -#: sssd.conf.5.xml:1088 sssd.conf.5.xml:1650 sssd.conf.5.xml:1669 -#: sssd.conf.5.xml:1746 sssd-krb5.5.xml:451 include/override_homedir.xml:66 +#: sssd.conf.5.xml:1089 sssd.conf.5.xml:1651 sssd.conf.5.xml:1670 +#: sssd.conf.5.xml:1747 sssd-krb5.5.xml:451 include/override_homedir.xml:66 msgid "example: <placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1094 +#: sssd.conf.5.xml:1095 msgid "Default: not set (no substitution for unset home directories)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1100 +#: sssd.conf.5.xml:1101 msgid "override_shell (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1103 +#: sssd.conf.5.xml:1104 msgid "" "Override the login shell for all users. This option supersedes any other " "shell options if it takes effect and can be set either in the [nss] section " @@ -1359,46 +1359,46 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1109 +#: sssd.conf.5.xml:1110 msgid "Default: not set (SSSD will use the value retrieved from LDAP)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1115 +#: sssd.conf.5.xml:1116 msgid "allowed_shells (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1118 +#: sssd.conf.5.xml:1119 msgid "Restrict user shell to one of the listed values. The order of evaluation is:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1121 +#: sssd.conf.5.xml:1122 msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1125 +#: sssd.conf.5.xml:1126 msgid "" "2. If the shell is in the allowed_shells list but not in " "<quote>/etc/shells</quote>, use the value of the shell_fallback parameter." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1130 +#: sssd.conf.5.xml:1131 msgid "" "3. If the shell is not in the allowed_shells list and not in " "<quote>/etc/shells</quote>, a nologin shell is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1135 +#: sssd.conf.5.xml:1136 msgid "The wildcard (*) can be used to allow any shell." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1138 +#: sssd.conf.5.xml:1139 msgid "" "The (*) is useful if you want to use shell_fallback in case that user's " "shell is not in <quote>/etc/shells</quote> and maintaining list of all " @@ -1406,56 +1406,56 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1145 +#: sssd.conf.5.xml:1146 msgid "An empty string for shell is passed as-is to libc." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1148 +#: sssd.conf.5.xml:1149 msgid "" "The <quote>/etc/shells</quote> is only read on SSSD start up, which means " "that a restart of the SSSD is required in case a new shell is installed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1152 +#: sssd.conf.5.xml:1153 msgid "Default: Not set. The user shell is automatically used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1157 +#: sssd.conf.5.xml:1158 msgid "vetoed_shells (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1160 +#: sssd.conf.5.xml:1161 msgid "Replace any instance of these shells with the shell_fallback" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1165 +#: sssd.conf.5.xml:1166 msgid "shell_fallback (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1168 +#: sssd.conf.5.xml:1169 msgid "" "The default shell to use if an allowed shell is not installed on the " "machine." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1172 +#: sssd.conf.5.xml:1173 msgid "Default: /bin/sh" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1177 +#: sssd.conf.5.xml:1178 msgid "default_shell" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1180 +#: sssd.conf.5.xml:1181 msgid "" "The default shell to use if the provider does not return one during " "lookup. This option can be specified globally in the [nss] section or " @@ -1463,58 +1463,58 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1186 +#: sssd.conf.5.xml:1187 msgid "" "Default: not set (Return NULL if no shell is specified and rely on libc to " "substitute something sensible when necessary, usually /bin/sh)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1193 sssd.conf.5.xml:1576 +#: sssd.conf.5.xml:1194 sssd.conf.5.xml:1577 msgid "get_domains_timeout (int)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1196 sssd.conf.5.xml:1579 +#: sssd.conf.5.xml:1197 sssd.conf.5.xml:1580 msgid "" "Specifies time in seconds for which the list of subdomains will be " "considered valid." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1205 +#: sssd.conf.5.xml:1206 msgid "memcache_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1208 +#: sssd.conf.5.xml:1209 msgid "" "Specifies time in seconds for which records in the in-memory cache will be " "valid. Setting this option to zero will disable the in-memory cache." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1216 +#: sssd.conf.5.xml:1217 msgid "" "WARNING: Disabling the in-memory cache will have significant negative impact " "on SSSD's performance and should only be used for testing." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1222 sssd.conf.5.xml:1247 sssd.conf.5.xml:1272 -#: sssd.conf.5.xml:1297 sssd.conf.5.xml:1324 +#: sssd.conf.5.xml:1223 sssd.conf.5.xml:1248 sssd.conf.5.xml:1273 +#: sssd.conf.5.xml:1298 sssd.conf.5.xml:1325 msgid "" "NOTE: If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", " "client applications will not use the fast in-memory cache." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1230 +#: sssd.conf.5.xml:1231 msgid "memcache_size_passwd (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1233 +#: sssd.conf.5.xml:1234 msgid "" "Size (in megabytes) of the data table allocated inside fast in-memory cache " "for passwd requests. Setting the size to 0 will disable the passwd " @@ -1522,25 +1522,25 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1239 sssd.conf.5.xml:2963 sssd-ldap.5.xml:548 +#: sssd.conf.5.xml:1240 sssd.conf.5.xml:2964 sssd-ldap.5.xml:548 msgid "Default: 8" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1242 sssd.conf.5.xml:1267 sssd.conf.5.xml:1292 -#: sssd.conf.5.xml:1319 +#: sssd.conf.5.xml:1243 sssd.conf.5.xml:1268 sssd.conf.5.xml:1293 +#: sssd.conf.5.xml:1320 msgid "" "WARNING: Disabled or too small in-memory cache can have significant negative " "impact on SSSD's performance." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1255 +#: sssd.conf.5.xml:1256 msgid "memcache_size_group (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1258 +#: sssd.conf.5.xml:1259 msgid "" "Size (in megabytes) of the data table allocated inside fast in-memory cache " "for group requests. Setting the size to 0 will disable the group in-memory " @@ -1548,19 +1548,19 @@ msgid "" msgstr "" #. type: Content of: <variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1264 sssd.conf.5.xml:1316 sssd.conf.5.xml:3729 +#: sssd.conf.5.xml:1265 sssd.conf.5.xml:1317 sssd.conf.5.xml:3730 #: sssd-ldap.5.xml:473 sssd-ldap.5.xml:525 include/failover.xml:116 #: include/krb5_options.xml:11 msgid "Default: 6" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1280 +#: sssd.conf.5.xml:1281 msgid "memcache_size_initgroups (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1283 +#: sssd.conf.5.xml:1284 msgid "" "Size (in megabytes) of the data table allocated inside fast in-memory cache " "for initgroups requests. Setting the size to 0 will disable the initgroups " @@ -1568,12 +1568,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1305 +#: sssd.conf.5.xml:1306 msgid "memcache_size_sid (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1308 +#: sssd.conf.5.xml:1309 msgid "" "Size (in megabytes) of the data table allocated inside fast in-memory cache " "for SID related requests. Only SID-by-ID and ID-by-SID requests are " @@ -1582,12 +1582,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1332 sssd-ifp.5.xml:90 +#: sssd.conf.5.xml:1333 sssd-ifp.5.xml:90 msgid "user_attributes (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1335 +#: sssd.conf.5.xml:1336 msgid "" "Some of the additional NSS responder requests can return more attributes " "than just the POSIX ones defined by the NSS interface. The list of " @@ -1599,43 +1599,43 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1348 +#: sssd.conf.5.xml:1349 msgid "" "To make configuration more easy the NSS responder will check the InfoPipe " "option if it is not set for the NSS responder." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1353 +#: sssd.conf.5.xml:1354 msgid "Default: not set, fallback to InfoPipe option" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1358 +#: sssd.conf.5.xml:1359 msgid "pwfield (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1361 +#: sssd.conf.5.xml:1362 msgid "" "The value that NSS operations that return users or groups will return for " "the <quote>password</quote> field." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1366 +#: sssd.conf.5.xml:1367 msgid "Default: <quote>*</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1369 +#: sssd.conf.5.xml:1370 msgid "" "Note: This option can also be set per-domain which overwrites the value in " "[nss] section." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1373 +#: sssd.conf.5.xml:1374 msgid "" "Default: <quote>not set</quote> (remote domains), <phrase " "condition=\"with_files_provider\"> <quote>x</quote> (the files domain), " @@ -1644,60 +1644,60 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:1385 +#: sssd.conf.5.xml:1386 msgid "PAM configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:1387 +#: sssd.conf.5.xml:1388 msgid "" "These options can be used to configure the Pluggable Authentication Module " "(PAM) service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1392 +#: sssd.conf.5.xml:1393 msgid "offline_credentials_expiration (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1395 +#: sssd.conf.5.xml:1396 msgid "" "If the authentication provider is offline, how long should we allow cached " "logins (in days since the last successful online login)." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1400 sssd.conf.5.xml:1413 +#: sssd.conf.5.xml:1401 sssd.conf.5.xml:1414 msgid "Default: 0 (No limit)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1406 +#: sssd.conf.5.xml:1407 msgid "offline_failed_login_attempts (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1409 +#: sssd.conf.5.xml:1410 msgid "" "If the authentication provider is offline, how many failed login attempts " "are allowed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1419 +#: sssd.conf.5.xml:1420 msgid "offline_failed_login_delay (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1422 +#: sssd.conf.5.xml:1423 msgid "" "The time in minutes which has to pass after offline_failed_login_attempts " "has been reached before a new login attempt is possible." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1427 +#: sssd.conf.5.xml:1428 msgid "" "If set to 0 the user cannot authenticate offline if " "offline_failed_login_attempts has been reached. Only a successful online " @@ -1705,59 +1705,59 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1433 sssd.conf.5.xml:1543 +#: sssd.conf.5.xml:1434 sssd.conf.5.xml:1544 msgid "Default: 5" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1439 +#: sssd.conf.5.xml:1440 msgid "pam_verbosity (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1442 +#: sssd.conf.5.xml:1443 msgid "" "Controls what kind of messages are shown to the user during " "authentication. The higher the number to more messages are displayed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1447 +#: sssd.conf.5.xml:1448 msgid "Currently sssd supports the following values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1450 +#: sssd.conf.5.xml:1451 msgid "<emphasis>0</emphasis>: do not show any message" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1453 +#: sssd.conf.5.xml:1454 msgid "<emphasis>1</emphasis>: show only important messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1457 +#: sssd.conf.5.xml:1458 msgid "<emphasis>2</emphasis>: show informational messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1460 +#: sssd.conf.5.xml:1461 msgid "<emphasis>3</emphasis>: show all messages and debug information" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1464 sssd.8.xml:63 +#: sssd.conf.5.xml:1465 sssd.8.xml:63 msgid "Default: 1" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1470 +#: sssd.conf.5.xml:1471 msgid "pam_response_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1473 +#: sssd.conf.5.xml:1474 msgid "" "A comma separated list of strings which allows to remove (filter) data sent " "by the PAM responder to pam_sss PAM module. There are different kind of " @@ -1766,51 +1766,51 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1481 +#: sssd.conf.5.xml:1482 msgid "" "While messages already can be controlled with the help of the pam_verbosity " "option this option allows to filter out other kind of responses as well." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1488 +#: sssd.conf.5.xml:1489 msgid "ENV" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1489 +#: sssd.conf.5.xml:1490 msgid "Do not send any environment variables to any service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1492 +#: sssd.conf.5.xml:1493 msgid "ENV:var_name" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1493 +#: sssd.conf.5.xml:1494 msgid "Do not send environment variable var_name to any service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1497 +#: sssd.conf.5.xml:1498 msgid "ENV:var_name:service" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1498 +#: sssd.conf.5.xml:1499 msgid "Do not send environment variable var_name to service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1486 +#: sssd.conf.5.xml:1487 msgid "" "Currently the following filters are supported: <placeholder " "type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1505 +#: sssd.conf.5.xml:1506 msgid "" "The list of strings can either be the list of filters which would set this " "list of filters and overwrite the defaults. Or each element of the list can " @@ -1821,22 +1821,22 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1516 +#: sssd.conf.5.xml:1517 msgid "Default: ENV:KRB5CCNAME:sudo, ENV:KRB5CCNAME:sudo-i" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1519 +#: sssd.conf.5.xml:1520 msgid "Example: -ENV:KRB5CCNAME:sudo-i will remove the filter from the default list" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1526 +#: sssd.conf.5.xml:1527 msgid "pam_id_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1529 +#: sssd.conf.5.xml:1530 msgid "" "For any PAM request while SSSD is online, the SSSD will attempt to " "immediately update the cached identity information for the user in order to " @@ -1844,7 +1844,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1535 +#: sssd.conf.5.xml:1536 msgid "" "A complete PAM conversation may perform multiple PAM requests, such as " "account management and session opening. This option controls (on a " @@ -1854,17 +1854,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1549 +#: sssd.conf.5.xml:1550 msgid "pam_pwd_expiration_warning (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1552 sssd.conf.5.xml:2987 +#: sssd.conf.5.xml:1553 sssd.conf.5.xml:2988 msgid "Display a warning N days before the password expires." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1555 +#: sssd.conf.5.xml:1556 msgid "" "Please note that the backend server has to provide information about the " "expiration time of the password. If this information is missing, sssd " @@ -1872,7 +1872,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1561 sssd.conf.5.xml:2990 +#: sssd.conf.5.xml:1562 sssd.conf.5.xml:2991 msgid "" "If zero is set, then this filter is not applied, i.e. if the expiration " "warning was received from backend server, it will automatically be " @@ -1880,24 +1880,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1566 +#: sssd.conf.5.xml:1567 msgid "" "This setting can be overridden by setting " "<emphasis>pwd_expiration_warning</emphasis> for a particular domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1571 sssd.conf.5.xml:3976 sssd-ldap.5.xml:606 sssd.8.xml:79 +#: sssd.conf.5.xml:1572 sssd.conf.5.xml:3977 sssd-ldap.5.xml:606 sssd.8.xml:79 msgid "Default: 0" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1588 +#: sssd.conf.5.xml:1589 msgid "pam_trusted_users (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1591 +#: sssd.conf.5.xml:1592 msgid "" "Specifies the comma-separated list of UID values or user names that are " "allowed to run PAM conversations against trusted domains. Users not " @@ -1907,74 +1907,74 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1601 +#: sssd.conf.5.xml:1602 msgid "Default: All users are considered trusted by default" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1605 +#: sssd.conf.5.xml:1606 msgid "" "Please note that UID 0 is always allowed to access the PAM responder even in " "case it is not in the pam_trusted_users list." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1612 +#: sssd.conf.5.xml:1613 msgid "pam_public_domains (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1615 +#: sssd.conf.5.xml:1616 msgid "" "Specifies the comma-separated list of domain names that are accessible even " "to untrusted users." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1619 +#: sssd.conf.5.xml:1620 msgid "Two special values for pam_public_domains option are defined:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1623 +#: sssd.conf.5.xml:1624 msgid "all (Untrusted users are allowed to access all domains in PAM responder.)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1627 +#: sssd.conf.5.xml:1628 msgid "" "none (Untrusted users are not allowed to access any domains PAM in " "responder.)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1631 sssd.conf.5.xml:1656 sssd.conf.5.xml:1675 -#: sssd.conf.5.xml:1912 sssd.conf.5.xml:2732 sssd.conf.5.xml:3905 +#: sssd.conf.5.xml:1632 sssd.conf.5.xml:1657 sssd.conf.5.xml:1676 +#: sssd.conf.5.xml:1913 sssd.conf.5.xml:2733 sssd.conf.5.xml:3906 #: sssd-ldap.5.xml:1207 msgid "Default: none" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1636 +#: sssd.conf.5.xml:1637 msgid "pam_account_expired_message (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1639 +#: sssd.conf.5.xml:1640 msgid "" "Allows a custom expiration message to be set, replacing the default " "'Permission denied' message." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1644 +#: sssd.conf.5.xml:1645 msgid "" "Note: Please be aware that message is only printed for the SSH service " "unless pam_verbosity is set to 3 (show all messages and debug information)." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1652 +#: sssd.conf.5.xml:1653 #, no-wrap msgid "" "pam_account_expired_message = Account expired, please contact help desk.\n" @@ -1982,19 +1982,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1661 +#: sssd.conf.5.xml:1662 msgid "pam_account_locked_message (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1664 +#: sssd.conf.5.xml:1665 msgid "" "Allows a custom lockout message to be set, replacing the default 'Permission " "denied' message." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1671 +#: sssd.conf.5.xml:1672 #, no-wrap msgid "" "pam_account_locked_message = Account locked, please contact help desk.\n" @@ -2002,17 +2002,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1680 +#: sssd.conf.5.xml:1681 msgid "pam_passkey_auth (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1683 +#: sssd.conf.5.xml:1684 msgid "Enable passkey device based authentication." msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1686 sssd.conf.5.xml:1697 sssd.conf.5.xml:1711 +#: sssd.conf.5.xml:1687 sssd.conf.5.xml:1698 sssd.conf.5.xml:1712 #: sssd-ldap.5.xml:671 sssd-ldap.5.xml:692 sssd-ldap.5.xml:788 #: sssd-ldap.5.xml:1293 sssd-ad.5.xml:505 sssd-ad.5.xml:581 sssd-ad.5.xml:1126 #: sssd-ad.5.xml:1175 include/ldap_id_mapping.xml:250 @@ -2020,22 +2020,22 @@ msgid "Default: False" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1691 +#: sssd.conf.5.xml:1692 msgid "passkey_debug_libfido2 (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1694 +#: sssd.conf.5.xml:1695 msgid "Enable libfido2 library debug messages." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1702 +#: sssd.conf.5.xml:1703 msgid "pam_cert_auth (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1705 +#: sssd.conf.5.xml:1706 msgid "" "Enable certificate based Smartcard authentication. Since this requires " "additional communication with the Smartcard which will delay the " @@ -2043,34 +2043,34 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1716 +#: sssd.conf.5.xml:1717 msgid "pam_cert_db_path (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1719 +#: sssd.conf.5.xml:1720 msgid "The path to the certificate database." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1722 sssd.conf.5.xml:2247 sssd.conf.5.xml:4308 +#: sssd.conf.5.xml:1723 sssd.conf.5.xml:2248 sssd.conf.5.xml:4354 msgid "Default:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1724 sssd.conf.5.xml:2249 +#: sssd.conf.5.xml:1725 sssd.conf.5.xml:2250 msgid "" "/etc/sssd/pki/sssd_auth_ca_db.pem (path to a file with trusted CA " "certificates in PEM format)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1734 +#: sssd.conf.5.xml:1735 msgid "pam_cert_verification (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1737 +#: sssd.conf.5.xml:1738 msgid "" "With this parameter the PAM certificate verification can be tuned with a " "comma separated list of options that override the " @@ -2080,7 +2080,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1748 +#: sssd.conf.5.xml:1749 #, no-wrap msgid "" "pam_cert_verification = partial_chain\n" @@ -2088,58 +2088,58 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1752 +#: sssd.conf.5.xml:1753 msgid "" "Default: not set, i.e. use default <quote>certificate_verification</quote> " "option defined in <quote>[sssd]</quote> section." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1759 +#: sssd.conf.5.xml:1760 msgid "p11_child_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1762 +#: sssd.conf.5.xml:1763 msgid "How many seconds will pam_sss wait for p11_child to finish." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1771 +#: sssd.conf.5.xml:1772 msgid "passkey_child_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1774 +#: sssd.conf.5.xml:1775 msgid "How many seconds will the PAM responder wait for passkey_child to finish." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1783 +#: sssd.conf.5.xml:1784 msgid "pam_app_services (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1786 +#: sssd.conf.5.xml:1787 msgid "" "Which PAM services are permitted to contact domains of type " "<quote>application</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1795 +#: sssd.conf.5.xml:1796 msgid "pam_p11_allowed_services (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1798 +#: sssd.conf.5.xml:1799 msgid "" "A comma-separated list of PAM service names for which it will be allowed to " "use Smartcards." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1813 +#: sssd.conf.5.xml:1814 #, no-wrap msgid "" "pam_p11_allowed_services = +my_pam_service, -login\n" @@ -2147,7 +2147,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1802 +#: sssd.conf.5.xml:1803 msgid "" "It is possible to add another PAM service name to the default set by using " "<quote>+service_name</quote> or to explicitly remove a PAM service name from " @@ -2159,63 +2159,63 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1817 sssd-ad.5.xml:644 sssd-ad.5.xml:753 sssd-ad.5.xml:811 +#: sssd.conf.5.xml:1818 sssd-ad.5.xml:644 sssd-ad.5.xml:753 sssd-ad.5.xml:811 #: sssd-ad.5.xml:869 sssd-ad.5.xml:947 msgid "Default: the default set of PAM service names includes:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1822 sssd-ad.5.xml:648 +#: sssd.conf.5.xml:1823 sssd-ad.5.xml:648 msgid "login" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1827 sssd-ad.5.xml:653 +#: sssd.conf.5.xml:1828 sssd-ad.5.xml:653 msgid "su" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1832 sssd-ad.5.xml:658 +#: sssd.conf.5.xml:1833 sssd-ad.5.xml:658 msgid "su-l" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1837 sssd-ad.5.xml:673 +#: sssd.conf.5.xml:1838 sssd-ad.5.xml:673 msgid "gdm-smartcard" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1842 sssd-ad.5.xml:668 +#: sssd.conf.5.xml:1843 sssd-ad.5.xml:668 msgid "gdm-password" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1847 sssd-ad.5.xml:678 +#: sssd.conf.5.xml:1848 sssd-ad.5.xml:678 msgid "kdm" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1852 sssd-ad.5.xml:956 +#: sssd.conf.5.xml:1853 sssd-ad.5.xml:956 msgid "sudo" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1857 sssd-ad.5.xml:961 +#: sssd.conf.5.xml:1858 sssd-ad.5.xml:961 msgid "sudo-i" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1862 +#: sssd.conf.5.xml:1863 msgid "gnome-screensaver" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1870 +#: sssd.conf.5.xml:1871 msgid "p11_wait_for_card_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1873 +#: sssd.conf.5.xml:1874 msgid "" "If Smartcard authentication is required how many extra seconds in addition " "to p11_child_timeout should the PAM responder wait until a Smartcard is " @@ -2223,12 +2223,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1884 +#: sssd.conf.5.xml:1885 msgid "p11_uri (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1887 +#: sssd.conf.5.xml:1888 msgid "" "PKCS#11 URI (see RFC-7512 for details) which can be used to restrict the " "selection of devices used for Smartcard authentication. By default SSSD's " @@ -2239,7 +2239,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1900 +#: sssd.conf.5.xml:1901 #, no-wrap msgid "" "p11_uri = pkcs11:slot-description=My%20Smartcard%20Reader\n" @@ -2247,7 +2247,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1904 +#: sssd.conf.5.xml:1905 #, no-wrap msgid "" "p11_uri = " @@ -2256,7 +2256,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1898 +#: sssd.conf.5.xml:1899 msgid "" "Example: <placeholder type=\"programlisting\" id=\"0\"/> or <placeholder " "type=\"programlisting\" id=\"1\"/> To find suitable URI please check the " @@ -2265,46 +2265,46 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1917 +#: sssd.conf.5.xml:1918 msgid "pam_initgroups_scheme" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1925 +#: sssd.conf.5.xml:1926 msgid "always" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1926 +#: sssd.conf.5.xml:1927 msgid "Always do an online lookup, please note that pam_id_timeout still applies" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1930 +#: sssd.conf.5.xml:1931 msgid "no_session" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1931 +#: sssd.conf.5.xml:1932 msgid "" "Only do an online lookup if there is no active session of the user, i.e. if " "the user is currently not logged in" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1936 +#: sssd.conf.5.xml:1937 msgid "never" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1937 +#: sssd.conf.5.xml:1938 msgid "" "Never force an online lookup, use the data from the cache as long as they " "are not expired" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1920 +#: sssd.conf.5.xml:1921 msgid "" "The PAM responder can force an online lookup to get the current group " "memberships of the user trying to log in. This option controls when this " @@ -2313,31 +2313,31 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1944 +#: sssd.conf.5.xml:1945 msgid "Default: no_session" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1949 sssd.conf.5.xml:4247 +#: sssd.conf.5.xml:1950 sssd.conf.5.xml:4293 msgid "pam_gssapi_services" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1952 +#: sssd.conf.5.xml:1953 msgid "" "Comma separated list of PAM services that are allowed to try GSSAPI " "authentication using pam_sss_gss.so module." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1957 +#: sssd.conf.5.xml:1958 msgid "" "To disable GSSAPI authentication, set this option to <quote>-</quote> " "(dash)." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1961 sssd.conf.5.xml:1992 sssd.conf.5.xml:2030 +#: sssd.conf.5.xml:1962 sssd.conf.5.xml:1993 sssd.conf.5.xml:2031 msgid "" "Note: This option can also be set per-domain which overwrites the value in " "[pam] section. It can also be set for trusted domain which overwrites the " @@ -2345,7 +2345,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1969 +#: sssd.conf.5.xml:1970 #, no-wrap msgid "" "pam_gssapi_services = sudo, sudo-i\n" @@ -2353,22 +2353,22 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1967 sssd.conf.5.xml:3899 +#: sssd.conf.5.xml:1968 sssd.conf.5.xml:3900 msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1973 +#: sssd.conf.5.xml:1974 msgid "Default: - (GSSAPI authentication is disabled)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1978 sssd.conf.5.xml:4248 +#: sssd.conf.5.xml:1979 sssd.conf.5.xml:4294 msgid "pam_gssapi_check_upn" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1981 +#: sssd.conf.5.xml:1982 msgid "" "If True, SSSD will require that the Kerberos user principal that " "successfully authenticated through GSSAPI can be associated with the user " @@ -2376,25 +2376,25 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1988 +#: sssd.conf.5.xml:1989 msgid "" "If False, every user that is able to obtained required service ticket will " "be authenticated." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1998 sssd-ad.5.xml:1266 sss_rpcidmapd.5.xml:76 +#: sssd.conf.5.xml:1999 sssd-ad.5.xml:1266 sss_rpcidmapd.5.xml:76 #: sssd-files.5.xml:145 msgid "Default: True" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2003 +#: sssd.conf.5.xml:2004 msgid "pam_gssapi_indicators_map" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2006 +#: sssd.conf.5.xml:2007 msgid "" "Comma separated list of authentication indicators required to be present in " "a Kerberos ticket to access a PAM service that is allowed to try GSSAPI " @@ -2402,7 +2402,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2012 +#: sssd.conf.5.xml:2013 msgid "" "Each element of the list can be either an authentication indicator name or a " "pair <quote>service:indicator</quote>. Indicators not prefixed with the PAM " @@ -2417,7 +2417,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2025 +#: sssd.conf.5.xml:2026 msgid "" "To disable GSSAPI authentication indicator check, set this option to " "<quote>-</quote> (dash). To disable the check for a specific PAM service, " @@ -2425,45 +2425,45 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2036 +#: sssd.conf.5.xml:2037 msgid "" "Following authentication indicators are supported by IPA Kerberos " "deployments:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2039 +#: sssd.conf.5.xml:2040 msgid "" "pkinit -- pre-authentication using X.509 certificates -- whether stored in " "files or on smart cards." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2042 +#: sssd.conf.5.xml:2043 msgid "" "hardened -- SPAKE pre-authentication or any pre-authentication wrapped in a " "FAST channel." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2045 +#: sssd.conf.5.xml:2046 msgid "radius -- pre-authentication with the help of a RADIUS server." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2048 +#: sssd.conf.5.xml:2049 msgid "" "otp -- pre-authentication using integrated two-factor authentication (2FA or " "one-time password, OTP) in IPA." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2051 +#: sssd.conf.5.xml:2052 msgid "idp -- pre-authentication using external identity provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:2061 +#: sssd.conf.5.xml:2062 #, no-wrap msgid "" "pam_gssapi_indicators_map = sudo:pkinit, sudo-i:pkinit\n" @@ -2471,7 +2471,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2056 +#: sssd.conf.5.xml:2057 msgid "" "Example: to require access to SUDO services only for users which obtained " "their Kerberos tickets with a X.509 certificate pre-authentication (PKINIT), " @@ -2479,17 +2479,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2065 +#: sssd.conf.5.xml:2066 msgid "Default: not set (use of authentication indicators is not required)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:2073 +#: sssd.conf.5.xml:2074 msgid "SUDO configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2075 +#: sssd.conf.5.xml:2076 msgid "" "These options can be used to configure the sudo service. The detailed " "instructions for configuration of <citerefentry> " @@ -2501,24 +2501,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2092 +#: sssd.conf.5.xml:2093 msgid "sudo_timed (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2095 +#: sssd.conf.5.xml:2096 msgid "" "Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes " "that implement time-dependent sudoers entries." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2107 +#: sssd.conf.5.xml:2108 msgid "sudo_threshold (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2110 +#: sssd.conf.5.xml:2111 msgid "" "Maximum number of expired rules that can be refreshed at once. If number of " "expired rules is below threshold, those rules are refreshed with " @@ -2529,22 +2529,22 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:2129 +#: sssd.conf.5.xml:2130 msgid "AUTOFS configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2131 +#: sssd.conf.5.xml:2132 msgid "These options can be used to configure the autofs service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2135 +#: sssd.conf.5.xml:2136 msgid "autofs_negative_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2138 +#: sssd.conf.5.xml:2139 msgid "" "Specifies for how many seconds should the autofs responder negative cache " "hits (that is, queries for invalid map entries, like nonexistent ones) " @@ -2552,51 +2552,51 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:2154 +#: sssd.conf.5.xml:2155 msgid "SSH configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2156 +#: sssd.conf.5.xml:2157 msgid "These options can be used to configure the SSH service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2160 +#: sssd.conf.5.xml:2161 msgid "ssh_hash_known_hosts (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2163 +#: sssd.conf.5.xml:2164 msgid "" "Whether or not to hash host names and addresses in the managed known_hosts " "file." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2172 +#: sssd.conf.5.xml:2173 msgid "ssh_known_hosts_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2175 +#: sssd.conf.5.xml:2176 msgid "" "How many seconds to keep a host in the managed known_hosts file after its " "host keys were requested." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2179 +#: sssd.conf.5.xml:2180 msgid "Default: 180" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2184 +#: sssd.conf.5.xml:2185 msgid "ssh_use_certificate_keys (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2187 +#: sssd.conf.5.xml:2188 msgid "" "If set to true the <command>sss_ssh_authorizedkeys</command> will return ssh " "keys derived from the public key of X.509 certificates stored in the user " @@ -2606,12 +2606,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2202 +#: sssd.conf.5.xml:2203 msgid "ssh_use_certificate_matching_rules (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2205 +#: sssd.conf.5.xml:2206 msgid "" "By default the ssh responder will use all available certificate matching " "rules to filter the certificates so that ssh keys are only derived from the " @@ -2621,7 +2621,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2214 +#: sssd.conf.5.xml:2215 msgid "" "There are two special key words 'all_rules' and 'no_rules' which will enable " "all or no rules, respectively. The latter means that no certificates will be " @@ -2629,7 +2629,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2221 +#: sssd.conf.5.xml:2222 msgid "" "If no rules are configured using 'all_rules' will enable a default rule " "which enables all certificates suitable for client authentication. This is " @@ -2638,38 +2638,38 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2228 +#: sssd.conf.5.xml:2229 msgid "" "A non-existing rule name is considered an error. If as a result no rule is " "selected all certificates will be ignored." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2233 +#: sssd.conf.5.xml:2234 msgid "" "Default: not set, equivalent to 'all_rules', all found rules or the default " "rule are used" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2239 +#: sssd.conf.5.xml:2240 msgid "ca_db (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2242 +#: sssd.conf.5.xml:2243 msgid "" "Path to a storage of trusted CA certificates. The option is used to validate " "user certificates before deriving public ssh keys from them." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:2262 +#: sssd.conf.5.xml:2263 msgid "PAC responder configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2264 +#: sssd.conf.5.xml:2265 msgid "" "The PAC responder works together with the authorization data plugin for MIT " "Kerberos sssd_pac_plugin.so and a sub-domain provider. The plugin sends the " @@ -2680,7 +2680,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2273 +#: sssd.conf.5.xml:2274 msgid "" "If the remote user does not exist in the cache, it is created. The UID is " "determined with the help of the SID, trusted domains will have UPGs and the " @@ -2691,24 +2691,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2281 +#: sssd.conf.5.xml:2282 msgid "" "If there are SIDs of groups from domains sssd knows about, the user will be " "added to those groups." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2287 +#: sssd.conf.5.xml:2288 msgid "These options can be used to configure the PAC responder." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2291 sssd-ifp.5.xml:66 +#: sssd.conf.5.xml:2292 sssd-ifp.5.xml:66 msgid "allowed_uids (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2294 +#: sssd.conf.5.xml:2295 msgid "" "Specifies the comma-separated list of UID values or user names that are " "allowed to access the PAC responder. User names are resolved to UIDs at " @@ -2716,12 +2716,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2300 +#: sssd.conf.5.xml:2301 msgid "Default: 0 (only the root user is allowed to access the PAC responder)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2304 +#: sssd.conf.5.xml:2305 msgid "" "Please note that although the UID 0 is used as the default it will be " "overwritten with this option. If you still want to allow the root user to " @@ -2730,24 +2730,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2313 +#: sssd.conf.5.xml:2314 msgid "pac_lifetime (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2316 +#: sssd.conf.5.xml:2317 msgid "" "Lifetime of the PAC entry in seconds. As long as the PAC is valid the PAC " "data can be used to determine the group memberships of a user." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2326 +#: sssd.conf.5.xml:2327 msgid "pac_check (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2329 +#: sssd.conf.5.xml:2330 msgid "" "Apply additional checks on the PAC of the Kerberos ticket which is available " "in Active Directory and FreeIPA domains, if configured. Please note that " @@ -2758,24 +2758,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2343 +#: sssd.conf.5.xml:2344 msgid "no_check" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2345 +#: sssd.conf.5.xml:2346 msgid "" "The PAC must not be present and even if it is present no additional checks " "will be done." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2351 +#: sssd.conf.5.xml:2352 msgid "pac_present" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2353 +#: sssd.conf.5.xml:2354 msgid "" "The PAC must be present in the service ticket which SSSD will request with " "the help of the user's TGT. If the PAC is not available the authentication " @@ -2783,24 +2783,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2361 +#: sssd.conf.5.xml:2362 msgid "check_upn" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2363 +#: sssd.conf.5.xml:2364 msgid "" "If the PAC is present check if the user principal name (UPN) information is " "consistent." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2369 +#: sssd.conf.5.xml:2370 msgid "check_upn_allow_missing" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2371 +#: sssd.conf.5.xml:2372 msgid "" "This option should be used together with 'check_upn' and handles the case " "where a UPN is set on the server-side but is not read by SSSD. The typical " @@ -2812,7 +2812,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2383 +#: sssd.conf.5.xml:2384 msgid "" "Currently this option is set by default to avoid regressions in such " "environments. A log message will be added to the system log and SSSD's debug " @@ -2823,60 +2823,60 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2397 +#: sssd.conf.5.xml:2398 msgid "upn_dns_info_present" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2399 +#: sssd.conf.5.xml:2400 msgid "The PAC must contain the UPN-DNS-INFO buffer, implies 'check_upn'." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2404 +#: sssd.conf.5.xml:2405 msgid "check_upn_dns_info_ex" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2406 +#: sssd.conf.5.xml:2407 msgid "" "If the PAC is present and the extension to the UPN-DNS-INFO buffer is " "available check if the information in the extension is consistent." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2413 +#: sssd.conf.5.xml:2414 msgid "upn_dns_info_ex_present" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2415 +#: sssd.conf.5.xml:2416 msgid "" "The PAC must contain the extension of the UPN-DNS-INFO buffer, implies " "'check_upn_dns_info_ex', 'upn_dns_info_present' and 'check_upn'." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2339 +#: sssd.conf.5.xml:2340 msgid "" "The following options can be used alone or in a comma-separated list: " "<placeholder type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2425 +#: sssd.conf.5.xml:2426 msgid "" "Default: no_check (AD and IPA provider 'check_upn, check_upn_allow_missing, " "check_upn_dns_info_ex')" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:2434 +#: sssd.conf.5.xml:2435 msgid "Session recording configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2436 +#: sssd.conf.5.xml:2437 msgid "" "Session recording works in conjunction with <citerefentry> " "<refentrytitle>tlog-rec-session</refentrytitle> <manvolnum>8</manvolnum> " @@ -2887,66 +2887,66 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2449 +#: sssd.conf.5.xml:2450 msgid "These options can be used to configure session recording." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2453 sssd-session-recording.5.xml:64 +#: sssd.conf.5.xml:2454 sssd-session-recording.5.xml:64 msgid "scope (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2460 sssd-session-recording.5.xml:71 +#: sssd.conf.5.xml:2461 sssd-session-recording.5.xml:71 msgid "\"none\"" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2463 sssd-session-recording.5.xml:74 +#: sssd.conf.5.xml:2464 sssd-session-recording.5.xml:74 msgid "No users are recorded." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2468 sssd-session-recording.5.xml:79 +#: sssd.conf.5.xml:2469 sssd-session-recording.5.xml:79 msgid "\"some\"" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2471 sssd-session-recording.5.xml:82 +#: sssd.conf.5.xml:2472 sssd-session-recording.5.xml:82 msgid "" "Users/groups specified by <replaceable>users</replaceable> and " "<replaceable>groups</replaceable> options are recorded." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2480 sssd-session-recording.5.xml:91 +#: sssd.conf.5.xml:2481 sssd-session-recording.5.xml:91 msgid "\"all\"" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2483 sssd-session-recording.5.xml:94 +#: sssd.conf.5.xml:2484 sssd-session-recording.5.xml:94 msgid "All users are recorded." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2456 sssd-session-recording.5.xml:67 +#: sssd.conf.5.xml:2457 sssd-session-recording.5.xml:67 msgid "" "One of the following strings specifying the scope of session recording: " "<placeholder type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2490 sssd-session-recording.5.xml:101 +#: sssd.conf.5.xml:2491 sssd-session-recording.5.xml:101 msgid "Default: \"none\"" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2495 sssd-session-recording.5.xml:106 +#: sssd.conf.5.xml:2496 sssd-session-recording.5.xml:106 msgid "users (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2498 sssd-session-recording.5.xml:109 +#: sssd.conf.5.xml:2499 sssd-session-recording.5.xml:109 msgid "" "A comma-separated list of users which should have session recording " "enabled. Matches user names as returned by NSS. I.e. after the possible " @@ -2954,17 +2954,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2504 sssd-session-recording.5.xml:115 +#: sssd.conf.5.xml:2505 sssd-session-recording.5.xml:115 msgid "Default: Empty. Matches no users." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2509 sssd-session-recording.5.xml:120 +#: sssd.conf.5.xml:2510 sssd-session-recording.5.xml:120 msgid "groups (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2512 sssd-session-recording.5.xml:123 +#: sssd.conf.5.xml:2513 sssd-session-recording.5.xml:123 msgid "" "A comma-separated list of groups, members of which should have session " "recording enabled. Matches group names as returned by NSS. I.e. after the " @@ -2972,7 +2972,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2518 sssd.conf.5.xml:2550 sssd-session-recording.5.xml:129 +#: sssd.conf.5.xml:2519 sssd.conf.5.xml:2551 sssd-session-recording.5.xml:129 #: sssd-session-recording.5.xml:161 msgid "" "NOTE: using this option (having it set to anything) has a considerable " @@ -2981,56 +2981,56 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2525 sssd-session-recording.5.xml:136 +#: sssd.conf.5.xml:2526 sssd-session-recording.5.xml:136 msgid "Default: Empty. Matches no groups." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2530 sssd-session-recording.5.xml:141 +#: sssd.conf.5.xml:2531 sssd-session-recording.5.xml:141 msgid "exclude_users (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2533 sssd-session-recording.5.xml:144 +#: sssd.conf.5.xml:2534 sssd-session-recording.5.xml:144 msgid "" "A comma-separated list of users to be excluded from recording, only " "applicable with 'scope=all'." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2537 sssd-session-recording.5.xml:148 +#: sssd.conf.5.xml:2538 sssd-session-recording.5.xml:148 msgid "Default: Empty. No users excluded." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2542 sssd-session-recording.5.xml:153 +#: sssd.conf.5.xml:2543 sssd-session-recording.5.xml:153 msgid "exclude_groups (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2545 sssd-session-recording.5.xml:156 +#: sssd.conf.5.xml:2546 sssd-session-recording.5.xml:156 msgid "" "A comma-separated list of groups, members of which should be excluded from " "recording. Only applicable with 'scope=all'." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2557 sssd-session-recording.5.xml:168 +#: sssd.conf.5.xml:2558 sssd-session-recording.5.xml:168 msgid "Default: Empty. No groups excluded." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:2567 +#: sssd.conf.5.xml:2568 msgid "DOMAIN SECTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2574 +#: sssd.conf.5.xml:2575 msgid "enabled" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2577 +#: sssd.conf.5.xml:2578 msgid "" "Explicitly enable or disable the domain. If <quote>true</quote>, the domain " "is always <quote>enabled</quote>. If <quote>false</quote>, the domain is " @@ -3040,12 +3040,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2589 +#: sssd.conf.5.xml:2590 msgid "domain_type (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2592 +#: sssd.conf.5.xml:2593 msgid "" "Specifies whether the domain is meant to be used by POSIX-aware clients such " "as the Name Service Switch or by applications that do not need POSIX data to " @@ -3054,14 +3054,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2600 +#: sssd.conf.5.xml:2601 msgid "" "Allowed values for this option are <quote>posix</quote> and " "<quote>application</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2604 +#: sssd.conf.5.xml:2605 msgid "" "POSIX domains are reachable by all services. Application domains are only " "reachable from the InfoPipe responder (see <citerefentry> " @@ -3070,38 +3070,38 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2612 +#: sssd.conf.5.xml:2613 msgid "" "NOTE: The application domains are currently well tested with " "<quote>id_provider=ldap</quote> only." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2616 +#: sssd.conf.5.xml:2617 msgid "" "For an easy way to configure a non-POSIX domains, please see the " "<quote>Application domains</quote> section." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2620 +#: sssd.conf.5.xml:2621 msgid "Default: posix" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2626 +#: sssd.conf.5.xml:2627 msgid "min_id,max_id (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2629 +#: sssd.conf.5.xml:2630 msgid "" "UID and GID limits for the domain. If a domain contains an entry that is " "outside these limits, it is ignored." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2634 +#: sssd.conf.5.xml:2635 msgid "" "For users, this affects the primary GID limit. The user will not be returned " "to NSS if either the UID or the primary GID is outside the range. For " @@ -3110,24 +3110,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2641 +#: sssd.conf.5.xml:2642 msgid "" "These ID limits affect even saving entries to cache, not only returning them " "by name or ID." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2645 +#: sssd.conf.5.xml:2646 msgid "Default: 1 for min_id, 0 (no limit) for max_id" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2651 +#: sssd.conf.5.xml:2652 msgid "enumerate (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2654 +#: sssd.conf.5.xml:2655 msgid "" "Determines if a domain can be enumerated, that is, whether the domain can " "list all the users and group it contains. Note that it is not required to " @@ -3136,29 +3136,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2662 +#: sssd.conf.5.xml:2663 msgid "TRUE = Users and groups are enumerated" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2665 +#: sssd.conf.5.xml:2666 msgid "FALSE = No enumerations for this domain" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2668 sssd.conf.5.xml:2942 sssd.conf.5.xml:3119 +#: sssd.conf.5.xml:2669 sssd.conf.5.xml:2943 sssd.conf.5.xml:3120 msgid "Default: FALSE" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2671 +#: sssd.conf.5.xml:2672 msgid "" "Enumerating a domain requires SSSD to download and store ALL user and group " "entries from the remote server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2676 +#: sssd.conf.5.xml:2677 msgid "" "Note: Enabling enumeration has a moderate performance impact on SSSD while " "enumeration is running. It may take up to several minutes after SSSD startup " @@ -3172,14 +3172,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2691 +#: sssd.conf.5.xml:2692 msgid "" "While the first enumeration is running, requests for the complete user or " "group lists may return no results until it completes." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2696 +#: sssd.conf.5.xml:2697 msgid "" "Further, enabling enumeration may increase the time necessary to detect " "network disconnection, as longer timeouts are required to ensure that " @@ -3188,39 +3188,39 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2704 +#: sssd.conf.5.xml:2705 msgid "" "For the reasons cited above, enabling enumeration is not recommended, " "especially in large environments." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2712 +#: sssd.conf.5.xml:2713 msgid "subdomain_enumerate (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2719 +#: sssd.conf.5.xml:2720 msgid "all" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2720 +#: sssd.conf.5.xml:2721 msgid "All discovered trusted domains will be enumerated" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2723 +#: sssd.conf.5.xml:2724 msgid "none" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2724 +#: sssd.conf.5.xml:2725 msgid "No discovered trusted domains will be enumerated" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2715 +#: sssd.conf.5.xml:2716 msgid "" "Whether any of autodetected trusted domains should be enumerated. The " "supported values are: <placeholder type=\"variablelist\" id=\"0\"/> " @@ -3229,19 +3229,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2738 +#: sssd.conf.5.xml:2739 msgid "entry_cache_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2741 +#: sssd.conf.5.xml:2742 msgid "" "How many seconds should nss_sss consider entries valid before asking the " "backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2745 +#: sssd.conf.5.xml:2746 msgid "" "The cache expiration timestamps are stored as attributes of individual " "objects in the cache. Therefore, changing the cache timeout only has effect " @@ -3252,139 +3252,139 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2758 +#: sssd.conf.5.xml:2759 msgid "Default: 5400" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2764 +#: sssd.conf.5.xml:2765 msgid "entry_cache_user_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2767 +#: sssd.conf.5.xml:2768 msgid "" "How many seconds should nss_sss consider user entries valid before asking " "the backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2771 sssd.conf.5.xml:2784 sssd.conf.5.xml:2797 -#: sssd.conf.5.xml:2810 sssd.conf.5.xml:2824 sssd.conf.5.xml:2837 -#: sssd.conf.5.xml:2851 sssd.conf.5.xml:2865 sssd.conf.5.xml:2878 +#: sssd.conf.5.xml:2772 sssd.conf.5.xml:2785 sssd.conf.5.xml:2798 +#: sssd.conf.5.xml:2811 sssd.conf.5.xml:2825 sssd.conf.5.xml:2838 +#: sssd.conf.5.xml:2852 sssd.conf.5.xml:2866 sssd.conf.5.xml:2879 msgid "Default: entry_cache_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2777 +#: sssd.conf.5.xml:2778 msgid "entry_cache_group_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2780 +#: sssd.conf.5.xml:2781 msgid "" "How many seconds should nss_sss consider group entries valid before asking " "the backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2790 +#: sssd.conf.5.xml:2791 msgid "entry_cache_netgroup_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2793 +#: sssd.conf.5.xml:2794 msgid "" "How many seconds should nss_sss consider netgroup entries valid before " "asking the backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2803 +#: sssd.conf.5.xml:2804 msgid "entry_cache_service_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2806 +#: sssd.conf.5.xml:2807 msgid "" "How many seconds should nss_sss consider service entries valid before asking " "the backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2816 +#: sssd.conf.5.xml:2817 msgid "entry_cache_resolver_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2819 +#: sssd.conf.5.xml:2820 msgid "" "How many seconds should nss_sss consider hosts and networks entries valid " "before asking the backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2830 +#: sssd.conf.5.xml:2831 msgid "entry_cache_sudo_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2833 +#: sssd.conf.5.xml:2834 msgid "" "How many seconds should sudo consider rules valid before asking the backend " "again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2843 +#: sssd.conf.5.xml:2844 msgid "entry_cache_autofs_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2846 +#: sssd.conf.5.xml:2847 msgid "" "How many seconds should the autofs service consider automounter maps valid " "before asking the backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2857 +#: sssd.conf.5.xml:2858 msgid "entry_cache_ssh_host_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2860 +#: sssd.conf.5.xml:2861 msgid "" "How many seconds to keep a host ssh key after refresh. IE how long to cache " "the host key for." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2871 +#: sssd.conf.5.xml:2872 msgid "entry_cache_computer_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2874 +#: sssd.conf.5.xml:2875 msgid "" "How many seconds to keep the local computer entry before asking the backend " "again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2884 +#: sssd.conf.5.xml:2885 msgid "refresh_expired_interval (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2887 +#: sssd.conf.5.xml:2888 msgid "" "Specifies how many seconds SSSD has to wait before triggering a background " "refresh task which will refresh all expired or nearly expired records." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2892 +#: sssd.conf.5.xml:2893 msgid "" "The background refresh will process users, groups and netgroups in the " "cache. For users who have performed the initgroups (get group membership for " @@ -3393,17 +3393,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2900 +#: sssd.conf.5.xml:2901 msgid "This option is automatically inherited for all trusted domains." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2904 +#: sssd.conf.5.xml:2905 msgid "You can consider setting this value to 3/4 * entry_cache_timeout." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2908 +#: sssd.conf.5.xml:2909 msgid "" "Cache entry will be refreshed by background task when 2/3 of cache timeout " "has already passed. If there are existing cached entries, the background " @@ -3415,23 +3415,23 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2921 sssd-ldap.5.xml:360 sssd-ldap.5.xml:1736 +#: sssd.conf.5.xml:2922 sssd-ldap.5.xml:360 sssd-ldap.5.xml:1736 #: sssd-ipa.5.xml:270 msgid "Default: 0 (disabled)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2927 +#: sssd.conf.5.xml:2928 msgid "cache_credentials (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2930 +#: sssd.conf.5.xml:2931 msgid "Determines if user credentials are also cached in the local LDB cache." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2934 +#: sssd.conf.5.xml:2935 msgid "" "Take a note that while credentials are stored as a salted SHA512 hash, this " "still potentially poses some security risk in case an attacker manages to " @@ -3440,12 +3440,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2948 +#: sssd.conf.5.xml:2949 msgid "cache_credentials_minimal_first_factor_length (int)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2951 +#: sssd.conf.5.xml:2952 msgid "" "If 2-Factor-Authentication (2FA) is used and credentials should be saved " "this value determines the minimal length the first authentication factor " @@ -3453,19 +3453,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2958 +#: sssd.conf.5.xml:2959 msgid "" "This should avoid that the short PINs of a PIN based 2FA scheme are saved in " "the cache which would make them easy targets for brute-force attacks." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2969 +#: sssd.conf.5.xml:2970 msgid "account_cache_expiration (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2972 +#: sssd.conf.5.xml:2973 msgid "" "Number of days entries are left in cache after last successful login before " "being removed during a cleanup of the cache. 0 means keep forever. The " @@ -3474,17 +3474,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2979 +#: sssd.conf.5.xml:2980 msgid "Default: 0 (unlimited)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2984 +#: sssd.conf.5.xml:2985 msgid "pwd_expiration_warning (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2995 +#: sssd.conf.5.xml:2996 msgid "" "Please note that the backend server has to provide information about the " "expiration time of the password. If this information is missing, sssd " @@ -3493,29 +3493,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3002 +#: sssd.conf.5.xml:3003 msgid "Default: 7 (Kerberos), 0 (LDAP)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3008 +#: sssd.conf.5.xml:3009 msgid "id_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3011 +#: sssd.conf.5.xml:3012 msgid "" "The identification provider used for the domain. Supported ID providers " "are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3015 +#: sssd.conf.5.xml:3016 msgid "<quote>proxy</quote>: Support a legacy NSS provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3018 +#: sssd.conf.5.xml:3019 msgid "" "<quote>files</quote>: FILES provider. See <citerefentry> " "<refentrytitle>sssd-files</refentrytitle> <manvolnum>5</manvolnum> " @@ -3524,7 +3524,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3026 +#: sssd.conf.5.xml:3027 msgid "" "<quote>ldap</quote>: LDAP provider. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> " @@ -3532,8 +3532,8 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3034 sssd.conf.5.xml:3145 sssd.conf.5.xml:3196 -#: sssd.conf.5.xml:3259 +#: sssd.conf.5.xml:3035 sssd.conf.5.xml:3146 sssd.conf.5.xml:3197 +#: sssd.conf.5.xml:3260 msgid "" "<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management " "provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> " @@ -3542,8 +3542,8 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3043 sssd.conf.5.xml:3154 sssd.conf.5.xml:3205 -#: sssd.conf.5.xml:3268 +#: sssd.conf.5.xml:3044 sssd.conf.5.xml:3155 sssd.conf.5.xml:3206 +#: sssd.conf.5.xml:3269 msgid "" "<quote>ad</quote>: Active Directory provider. See <citerefentry> " "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> " @@ -3551,19 +3551,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3054 +#: sssd.conf.5.xml:3055 msgid "use_fully_qualified_names (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3057 +#: sssd.conf.5.xml:3058 msgid "" "Use the full name and domain (as formatted by the domain's full_name_format) " "as the user's login name reported to NSS." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3062 +#: sssd.conf.5.xml:3063 msgid "" "If set to TRUE, all requests to this domain must use fully qualified " "names. For example, if used in LOCAL domain that contains a \"test\" user, " @@ -3572,7 +3572,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3070 +#: sssd.conf.5.xml:3071 msgid "" "NOTE: This option has no effect on netgroup lookups due to their tendency to " "include nested netgroups without qualified names. For netgroups, all domains " @@ -3580,24 +3580,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3077 +#: sssd.conf.5.xml:3078 msgid "" "Default: FALSE (TRUE for trusted domain/sub-domains or if " "default_domain_suffix is used)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3084 +#: sssd.conf.5.xml:3085 msgid "ignore_group_members (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3087 +#: sssd.conf.5.xml:3088 msgid "Do not return group members for group lookups." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3090 +#: sssd.conf.5.xml:3091 msgid "" "If set to TRUE, the group membership attribute is not requested from the " "ldap server, and group members are not returned when processing group lookup " @@ -3609,7 +3609,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3108 +#: sssd.conf.5.xml:3109 msgid "" "Enabling this option can also make access provider checks for group " "membership significantly faster, especially for groups containing many " @@ -3617,7 +3617,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3114 sssd.conf.5.xml:3821 sssd-ldap.5.xml:326 +#: sssd.conf.5.xml:3115 sssd.conf.5.xml:3822 sssd-ldap.5.xml:326 #: sssd-ldap.5.xml:355 sssd-ldap.5.xml:408 sssd-ldap.5.xml:468 #: sssd-ldap.5.xml:489 sssd-ldap.5.xml:520 sssd-ldap.5.xml:543 #: sssd-ldap.5.xml:582 sssd-ldap.5.xml:601 sssd-ldap.5.xml:625 @@ -3628,19 +3628,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3124 +#: sssd.conf.5.xml:3125 msgid "auth_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3127 +#: sssd.conf.5.xml:3128 msgid "" "The authentication provider used for the domain. Supported auth providers " "are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3131 sssd.conf.5.xml:3189 +#: sssd.conf.5.xml:3132 sssd.conf.5.xml:3190 msgid "" "<quote>ldap</quote> for native LDAP authentication. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> " @@ -3648,7 +3648,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3138 +#: sssd.conf.5.xml:3139 msgid "" "<quote>krb5</quote> for Kerberos authentication. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> " @@ -3656,29 +3656,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3162 +#: sssd.conf.5.xml:3163 msgid "<quote>proxy</quote> for relaying authentication to some other PAM target." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3165 +#: sssd.conf.5.xml:3166 msgid "<quote>none</quote> disables authentication explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3168 +#: sssd.conf.5.xml:3169 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can handle " "authentication requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3174 +#: sssd.conf.5.xml:3175 msgid "access_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3177 +#: sssd.conf.5.xml:3178 msgid "" "The access control provider used for the domain. There are two built-in " "access providers (in addition to any included in installed backends) " @@ -3686,19 +3686,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3183 +#: sssd.conf.5.xml:3184 msgid "" "<quote>permit</quote> always allow access. It's the only permitted access " "provider for a local domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3186 +#: sssd.conf.5.xml:3187 msgid "<quote>deny</quote> always deny access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3213 +#: sssd.conf.5.xml:3214 msgid "" "<quote>simple</quote> access control based on access or deny lists. See " "<citerefentry> <refentrytitle>sssd-simple</refentrytitle> " @@ -3707,7 +3707,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3220 +#: sssd.conf.5.xml:3221 msgid "" "<quote>krb5</quote>: .k5login based access control. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> " @@ -3716,29 +3716,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3227 +#: sssd.conf.5.xml:3228 msgid "<quote>proxy</quote> for relaying access control to another PAM module." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3230 +#: sssd.conf.5.xml:3231 msgid "Default: <quote>permit</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3235 +#: sssd.conf.5.xml:3236 msgid "chpass_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3238 +#: sssd.conf.5.xml:3239 msgid "" "The provider which should handle change password operations for the domain. " "Supported change password providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3243 +#: sssd.conf.5.xml:3244 msgid "" "<quote>ldap</quote> to change a password stored in a LDAP server. See " "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> " @@ -3747,7 +3747,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3251 +#: sssd.conf.5.xml:3252 msgid "" "<quote>krb5</quote> to change the Kerberos password. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> " @@ -3755,34 +3755,34 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3276 +#: sssd.conf.5.xml:3277 msgid "<quote>proxy</quote> for relaying password changes to some other PAM target." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3280 +#: sssd.conf.5.xml:3281 msgid "<quote>none</quote> disallows password changes explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3283 +#: sssd.conf.5.xml:3284 msgid "" "Default: <quote>auth_provider</quote> is used if it is set and can handle " "change password requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3290 +#: sssd.conf.5.xml:3291 msgid "sudo_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3293 +#: sssd.conf.5.xml:3294 msgid "The SUDO provider used for the domain. Supported SUDO providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3297 +#: sssd.conf.5.xml:3298 msgid "" "<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> " @@ -3790,32 +3790,32 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3305 +#: sssd.conf.5.xml:3306 msgid "" "<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default " "settings." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3309 +#: sssd.conf.5.xml:3310 msgid "" "<quote>ad</quote> the same as <quote>ldap</quote> but with AD default " "settings." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3313 +#: sssd.conf.5.xml:3314 msgid "<quote>none</quote> disables SUDO explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3316 sssd.conf.5.xml:3402 sssd.conf.5.xml:3472 -#: sssd.conf.5.xml:3497 sssd.conf.5.xml:3533 +#: sssd.conf.5.xml:3317 sssd.conf.5.xml:3403 sssd.conf.5.xml:3473 +#: sssd.conf.5.xml:3498 sssd.conf.5.xml:3534 msgid "Default: The value of <quote>id_provider</quote> is used if it is set." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3320 +#: sssd.conf.5.xml:3321 msgid "" "The detailed instructions for configuration of sudo_provider are in the " "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " @@ -3826,7 +3826,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3335 +#: sssd.conf.5.xml:3336 msgid "" "<emphasis>NOTE:</emphasis> Sudo rules are periodically downloaded in the " "background unless the sudo provider is explicitly disabled. Set " @@ -3835,12 +3835,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3345 +#: sssd.conf.5.xml:3346 msgid "selinux_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3348 +#: sssd.conf.5.xml:3349 msgid "" "The provider which should handle loading of selinux settings. Note that this " "provider will be called right after access provider ends. Supported selinux " @@ -3848,7 +3848,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3354 +#: sssd.conf.5.xml:3355 msgid "" "<quote>ipa</quote> to load selinux settings from an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> " @@ -3857,31 +3857,31 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3362 +#: sssd.conf.5.xml:3363 msgid "<quote>none</quote> disallows fetching selinux settings explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3365 +#: sssd.conf.5.xml:3366 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can handle " "selinux loading requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3371 +#: sssd.conf.5.xml:3372 msgid "subdomains_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3374 +#: sssd.conf.5.xml:3375 msgid "" "The provider which should handle fetching of subdomains. This value should " "be always the same as id_provider. Supported subdomain providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3380 +#: sssd.conf.5.xml:3381 msgid "" "<quote>ipa</quote> to load a list of subdomains from an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> " @@ -3890,7 +3890,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3389 +#: sssd.conf.5.xml:3390 msgid "" "<quote>ad</quote> to load a list of subdomains from an Active Directory " "server. See <citerefentry> <refentrytitle>sssd-ad</refentrytitle> " @@ -3899,17 +3899,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3398 +#: sssd.conf.5.xml:3399 msgid "<quote>none</quote> disallows fetching subdomains explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3408 +#: sssd.conf.5.xml:3409 msgid "session_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3411 +#: sssd.conf.5.xml:3412 msgid "" "The provider which configures and manages user session related tasks. The " "only user session task currently provided is the integration with Fleet " @@ -3917,41 +3917,41 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3418 +#: sssd.conf.5.xml:3419 msgid "<quote>ipa</quote> to allow performing user session related tasks." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3422 +#: sssd.conf.5.xml:3423 msgid "<quote>none</quote> does not perform any kind of user session related tasks." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3426 +#: sssd.conf.5.xml:3427 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can perform " "session related tasks." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3430 +#: sssd.conf.5.xml:3431 msgid "" "<emphasis>NOTE:</emphasis> In order to have this feature working as expected " "SSSD must be running as \"root\" and not as the unprivileged user." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3438 +#: sssd.conf.5.xml:3439 msgid "autofs_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3441 +#: sssd.conf.5.xml:3442 msgid "The autofs provider used for the domain. Supported autofs providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3445 +#: sssd.conf.5.xml:3446 msgid "" "<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> " @@ -3959,7 +3959,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3452 +#: sssd.conf.5.xml:3453 msgid "" "<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> " "<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> " @@ -3967,7 +3967,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3460 +#: sssd.conf.5.xml:3461 msgid "" "<quote>ad</quote> to load maps stored in an AD server. See <citerefentry> " "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> " @@ -3975,24 +3975,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3469 +#: sssd.conf.5.xml:3470 msgid "<quote>none</quote> disables autofs explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3479 +#: sssd.conf.5.xml:3480 msgid "hostid_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3482 +#: sssd.conf.5.xml:3483 msgid "" "The provider used for retrieving host identity information. Supported " "hostid providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3486 +#: sssd.conf.5.xml:3487 msgid "" "<quote>ipa</quote> to load host identity stored in an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> " @@ -4001,31 +4001,31 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3494 +#: sssd.conf.5.xml:3495 msgid "<quote>none</quote> disables hostid explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3504 +#: sssd.conf.5.xml:3505 msgid "resolver_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3507 +#: sssd.conf.5.xml:3508 msgid "" "The provider which should handle hosts and networks lookups. Supported " "resolver providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3511 +#: sssd.conf.5.xml:3512 msgid "" "<quote>proxy</quote> to forward lookups to another NSS library. See " "<quote>proxy_resolver_lib_name</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3515 +#: sssd.conf.5.xml:3516 msgid "" "<quote>ldap</quote> to fetch hosts and networks stored in LDAP. See " "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> " @@ -4034,7 +4034,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3522 +#: sssd.conf.5.xml:3523 msgid "" "<quote>ad</quote> to fetch hosts and networks stored in AD. See " "<citerefentry> <refentrytitle>sssd-ad</refentrytitle> " @@ -4043,12 +4043,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3530 +#: sssd.conf.5.xml:3531 msgid "<quote>none</quote> disallows fetching hosts and networks explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3543 +#: sssd.conf.5.xml:3544 msgid "" "Regular expression for this domain that describes how to parse the string " "containing user name and domain into these components. The \"domain\" can " @@ -4058,7 +4058,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3552 +#: sssd.conf.5.xml:3553 msgid "" "Default: " "<quote>^((?P<name>.+)@(?P<domain>[^@]*)|(?P<name>[^@]+))$</quote> " @@ -4066,17 +4066,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:3557 sssd.conf.5.xml:3571 +#: sssd.conf.5.xml:3558 sssd.conf.5.xml:3572 msgid "username" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:3560 sssd.conf.5.xml:3574 +#: sssd.conf.5.xml:3561 sssd.conf.5.xml:3575 msgid "username@domain.name" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3565 +#: sssd.conf.5.xml:3566 msgid "" "Default for the AD and IPA provider: " "<quote>^(((?P<domain>[^\\\\]+)\\\\(?P<name>.+))|((?P<name>.+)@(?P<domain>[^@]+))|((?P<name>[^@\\\\]+)))$</quote> " @@ -4084,19 +4084,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:3577 +#: sssd.conf.5.xml:3578 msgid "domain\\username" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3580 +#: sssd.conf.5.xml:3581 msgid "" "While the first two correspond to the general default the third one is " "introduced to allow easy integration of users from Windows domains." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3585 +#: sssd.conf.5.xml:3586 msgid "" "The default re_expression uses the <quote>@</quote> character as a separator " "between the name and the domain. As a result of this setting the default " @@ -4106,88 +4106,88 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3637 +#: sssd.conf.5.xml:3638 msgid "Default: <quote>%1$s@%2$s</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3643 +#: sssd.conf.5.xml:3644 msgid "lookup_family_order (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3646 +#: sssd.conf.5.xml:3647 msgid "" "Provides the ability to select preferred address family to use when " "performing DNS lookups." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3650 +#: sssd.conf.5.xml:3651 msgid "Supported values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3653 +#: sssd.conf.5.xml:3654 msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3656 +#: sssd.conf.5.xml:3657 msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3659 +#: sssd.conf.5.xml:3660 msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3662 +#: sssd.conf.5.xml:3663 msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3665 +#: sssd.conf.5.xml:3666 msgid "Default: ipv4_first" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3671 +#: sssd.conf.5.xml:3672 msgid "dns_resolver_server_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3674 +#: sssd.conf.5.xml:3675 msgid "" "Defines the amount of time (in milliseconds) SSSD would try to talk to DNS " "server before trying next DNS server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3679 +#: sssd.conf.5.xml:3680 msgid "The AD provider will use this option for the CLDAP ping timeouts as well." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3683 sssd.conf.5.xml:3703 sssd.conf.5.xml:3724 +#: sssd.conf.5.xml:3684 sssd.conf.5.xml:3704 sssd.conf.5.xml:3725 msgid "" "Please see the section <quote>FAILOVER</quote> for more information about " "the service resolution." msgstr "" #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3688 sssd-ldap.5.xml:644 include/failover.xml:84 +#: sssd.conf.5.xml:3689 sssd-ldap.5.xml:644 include/failover.xml:84 msgid "Default: 1000" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3694 +#: sssd.conf.5.xml:3695 msgid "dns_resolver_op_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3697 +#: sssd.conf.5.xml:3698 msgid "" "Defines the amount of time (in seconds) to wait to resolve single DNS query " "(e.g. resolution of a hostname or an SRV record) before trying the next " @@ -4195,12 +4195,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3714 +#: sssd.conf.5.xml:3715 msgid "dns_resolver_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3717 +#: sssd.conf.5.xml:3718 msgid "" "Defines the amount of time (in seconds) to wait for a reply from the " "internal fail over service before assuming that the service is " @@ -4209,12 +4209,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3735 +#: sssd.conf.5.xml:3736 msgid "dns_resolver_use_search_list (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3738 +#: sssd.conf.5.xml:3739 msgid "" "Normally, the DNS resolver searches the domain list defined in the " "\"search\" directive from the resolv.conf file. This can lead to delays in " @@ -4222,7 +4222,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3744 +#: sssd.conf.5.xml:3745 msgid "" "If fully qualified domain names (or _srv_) are used in the SSSD " "configuration, setting this option to FALSE can prevent unnecessary DNS " @@ -4230,69 +4230,69 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3750 +#: sssd.conf.5.xml:3751 msgid "Default: TRUE" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3756 +#: sssd.conf.5.xml:3757 msgid "dns_discovery_domain (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3759 +#: sssd.conf.5.xml:3760 msgid "" "If service discovery is used in the back end, specifies the domain part of " "the service discovery DNS query." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3763 +#: sssd.conf.5.xml:3764 msgid "Default: Use the domain part of machine's hostname" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3769 +#: sssd.conf.5.xml:3770 msgid "override_gid (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3772 +#: sssd.conf.5.xml:3773 msgid "Override the primary GID value with the one specified." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3778 +#: sssd.conf.5.xml:3779 msgid "case_sensitive (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3785 +#: sssd.conf.5.xml:3786 msgid "True" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3788 +#: sssd.conf.5.xml:3789 msgid "Case sensitive. This value is invalid for AD provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3794 +#: sssd.conf.5.xml:3795 msgid "False" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3796 +#: sssd.conf.5.xml:3797 msgid "Case insensitive." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3800 +#: sssd.conf.5.xml:3801 msgid "Preserving" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3803 +#: sssd.conf.5.xml:3804 msgid "" "Same as False (case insensitive), but does not lowercase names in the result " "of NSS operations. Note that name aliases (and in case of services also " @@ -4300,31 +4300,31 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3811 +#: sssd.conf.5.xml:3812 msgid "" "If you want to set this value for trusted domain with IPA provider, you need " "to set it on both the client and SSSD on the server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3781 +#: sssd.conf.5.xml:3782 msgid "" "Treat user and group names as case sensitive. Possible option values are: " "<placeholder type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3826 +#: sssd.conf.5.xml:3827 msgid "Default: True (False for AD provider)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3832 +#: sssd.conf.5.xml:3833 msgid "subdomain_inherit (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3835 +#: sssd.conf.5.xml:3836 msgid "" "Specifies a list of configuration parameters that should be inherited by a " "subdomain. Please note that only selected parameters can be inherited. " @@ -4332,104 +4332,104 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3841 +#: sssd.conf.5.xml:3842 msgid "ldap_search_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3844 +#: sssd.conf.5.xml:3845 msgid "ldap_network_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3847 +#: sssd.conf.5.xml:3848 msgid "ldap_opt_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3850 +#: sssd.conf.5.xml:3851 msgid "ldap_offline_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3853 +#: sssd.conf.5.xml:3854 msgid "ldap_enumeration_refresh_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3856 +#: sssd.conf.5.xml:3857 msgid "ldap_enumeration_refresh_offset" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3859 +#: sssd.conf.5.xml:3860 msgid "ldap_purge_cache_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3862 +#: sssd.conf.5.xml:3863 msgid "ldap_purge_cache_offset" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3865 +#: sssd.conf.5.xml:3866 msgid "" "ldap_krb5_keytab (the value of krb5_keytab will be used if ldap_krb5_keytab " "is not set explicitly)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3869 +#: sssd.conf.5.xml:3870 msgid "ldap_krb5_ticket_lifetime" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3872 +#: sssd.conf.5.xml:3873 msgid "ldap_enumeration_search_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3875 +#: sssd.conf.5.xml:3876 msgid "ldap_connection_expire_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3878 +#: sssd.conf.5.xml:3879 msgid "ldap_connection_expire_offset" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3881 +#: sssd.conf.5.xml:3882 msgid "ldap_connection_idle_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3884 sssd-ldap.5.xml:400 +#: sssd.conf.5.xml:3885 sssd-ldap.5.xml:400 msgid "ldap_use_tokengroups" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3887 +#: sssd.conf.5.xml:3888 msgid "ldap_user_principal" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3890 +#: sssd.conf.5.xml:3891 msgid "ignore_group_members" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3893 +#: sssd.conf.5.xml:3894 msgid "auto_private_groups" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3896 +#: sssd.conf.5.xml:3897 msgid "case_sensitive" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:3901 +#: sssd.conf.5.xml:3902 #, no-wrap msgid "" "subdomain_inherit = ldap_purge_cache_timeout\n" @@ -4437,27 +4437,27 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3908 +#: sssd.conf.5.xml:3909 msgid "Note: This option only works with the IPA and AD provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3915 +#: sssd.conf.5.xml:3916 msgid "subdomain_homedir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3926 +#: sssd.conf.5.xml:3927 msgid "%F" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3927 +#: sssd.conf.5.xml:3928 msgid "flat (NetBIOS) name of a subdomain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3918 +#: sssd.conf.5.xml:3919 msgid "" "Use this homedir as default value for all subdomains within this domain in " "IPA AD trust. See <emphasis>override_homedir</emphasis> for info about " @@ -4467,32 +4467,32 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3932 +#: sssd.conf.5.xml:3933 msgid "The value can be overridden by <emphasis>override_homedir</emphasis> option." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3936 +#: sssd.conf.5.xml:3937 msgid "Default: <filename>/home/%d/%u</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3941 +#: sssd.conf.5.xml:3942 msgid "realmd_tags (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3944 +#: sssd.conf.5.xml:3945 msgid "Various tags stored by the realmd configuration service for this domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3950 +#: sssd.conf.5.xml:3951 msgid "cached_auth_timeout (int)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3953 +#: sssd.conf.5.xml:3954 msgid "" "Specifies time in seconds since last successful online authentication for " "which user will be authenticated using cached credentials while SSSD is in " @@ -4501,19 +4501,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3961 +#: sssd.conf.5.xml:3962 msgid "" "This option's value is inherited by all trusted domains. At the moment it is " "not possible to set a different value per trusted domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3966 +#: sssd.conf.5.xml:3967 msgid "Special value 0 implies that this feature is disabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3970 +#: sssd.conf.5.xml:3971 msgid "" "Please note that if <quote>cached_auth_timeout</quote> is longer than " "<quote>pam_id_timeout</quote> then the back end could be called to handle " @@ -4521,24 +4521,81 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3981 +#: sssd.conf.5.xml:3982 +msgid "local_auth_policy (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3985 +msgid "" +"Local authentication methods policy. Some backends (i.e. LDAP, proxy " +"provider) only support a password based authentication, while others can " +"handle PKINIT based Smartcard authentication (AD, IPA), two-factor " +"authentication (IPA), or other methods against a central instance. By " +"default in such cases authentication is only performed with the methods " +"supported by the backend." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3995 +msgid "" +"There are three possible values for this option: match, only, " +"enable. <quote>match</quote> is used to match offline and online states for " +"Kerberos methods. <quote>only</quote> ignores the online methods and only " +"offer the local ones. enable allows explicitly defining the methods for " +"local authentication. As an example, <quote>enable:passkey</quote>, only " +"enables passkey for local authentication. Multiple enable values should be " +"comma-separated, such as <quote>enable:passkey, enable:smartcard</quote>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:4011 +#, no-wrap +msgid "" +"[domain/shadowutils]\n" +"id_provider = proxy\n" +"proxy_lib_name = files\n" +"auth_provider = none\n" +"local_auth_policy = only\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4007 +msgid "" +"The following configuration example allows local users to authenticate " +"locally using any enabled method (i.e. smartcard, passkey). <placeholder " +"type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4019 +msgid "This option is ignored for the files provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4022 +msgid "Default: match" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4027 msgid "auto_private_groups (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3987 +#: sssd.conf.5.xml:4033 msgid "true" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3990 +#: sssd.conf.5.xml:4036 msgid "" "Create user's private group unconditionally from user's UID number. The GID " "number is ignored in this case." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3994 +#: sssd.conf.5.xml:4040 msgid "" "NOTE: Because the GID number and the user private group are inferred from " "the UID number, it is not supported to have multiple entries with the same " @@ -4547,24 +4604,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4003 +#: sssd.conf.5.xml:4049 msgid "false" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4006 +#: sssd.conf.5.xml:4052 msgid "" "Always use the user's primary GID number. The GID number must refer to a " "group object in the LDAP database." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4012 +#: sssd.conf.5.xml:4058 msgid "hybrid" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4015 +#: sssd.conf.5.xml:4061 msgid "" "A primary group is autogenerated for user entries whose UID and GID numbers " "have the same value and at the same time the GID number does not correspond " @@ -4574,14 +4631,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4028 +#: sssd.conf.5.xml:4074 msgid "" "If the UID and GID of a user are different, then the GID must correspond to " "a group entry, otherwise the GID is simply not resolvable." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4035 +#: sssd.conf.5.xml:4081 msgid "" "This feature is useful for environments that wish to stop maintaining a " "separate group objects for the user private groups, but also wish to retain " @@ -4589,21 +4646,21 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3984 +#: sssd.conf.5.xml:4030 msgid "" "This option takes any of three available values: <placeholder " "type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4047 +#: sssd.conf.5.xml:4093 msgid "" "For subdomains, the default value is False for subdomains that use assigned " "POSIX IDs and True for subdomains that use automatic ID-mapping." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:4055 +#: sssd.conf.5.xml:4101 #, no-wrap msgid "" "[domain/forest.domain/sub.domain]\n" @@ -4611,7 +4668,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:4061 +#: sssd.conf.5.xml:4107 #, no-wrap msgid "" "[domain/forest.domain]\n" @@ -4620,7 +4677,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4052 +#: sssd.conf.5.xml:4098 msgid "" "The value of auto_private_groups can either be set per subdomains in a " "subsection, for example: <placeholder type=\"programlisting\" id=\"0\"/> or " @@ -4629,7 +4686,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:2569 +#: sssd.conf.5.xml:2570 msgid "" "These configuration options can be present in a domain configuration " "section, that is, in a section called " @@ -4638,29 +4695,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4076 +#: sssd.conf.5.xml:4122 msgid "proxy_pam_target (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4079 +#: sssd.conf.5.xml:4125 msgid "The proxy target PAM proxies to." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4082 +#: sssd.conf.5.xml:4128 msgid "" "Default: not set by default, you have to take an existing pam configuration " "or create a new one and add the service name here." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4090 +#: sssd.conf.5.xml:4136 msgid "proxy_lib_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4093 +#: sssd.conf.5.xml:4139 msgid "" "The name of the NSS library to use in proxy domains. The NSS functions " "searched for in the library are in the form of _nss_$(libName)_$(function), " @@ -4668,12 +4725,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4103 +#: sssd.conf.5.xml:4149 msgid "proxy_resolver_lib_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4106 +#: sssd.conf.5.xml:4152 msgid "" "The name of the NSS library to use for hosts and networks lookups in proxy " "domains. The NSS functions searched for in the library are in the form of " @@ -4681,12 +4738,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4117 +#: sssd.conf.5.xml:4163 msgid "proxy_fast_alias (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4120 +#: sssd.conf.5.xml:4166 msgid "" "When a user or group is looked up by name in the proxy provider, a second " "lookup by ID is performed to \"canonicalize\" the name in case the requested " @@ -4695,12 +4752,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4134 +#: sssd.conf.5.xml:4180 msgid "proxy_max_children (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4137 +#: sssd.conf.5.xml:4183 msgid "" "This option specifies the number of pre-forked proxy children. It is useful " "for high-load SSSD environments where sssd may run out of available child " @@ -4708,19 +4765,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4072 +#: sssd.conf.5.xml:4118 msgid "" "Options valid for proxy domains. <placeholder type=\"variablelist\" " "id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:4153 +#: sssd.conf.5.xml:4199 msgid "Application domains" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4155 +#: sssd.conf.5.xml:4201 msgid "" "SSSD, with its D-Bus interface (see <citerefentry> " "<refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</manvolnum> " @@ -4738,7 +4795,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4175 +#: sssd.conf.5.xml:4221 msgid "" "Please note that the application domain must still be explicitly enabled in " "the <quote>domains</quote> parameter so that the lookup order between the " @@ -4746,17 +4803,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> -#: sssd.conf.5.xml:4181 +#: sssd.conf.5.xml:4227 msgid "Application domain parameters" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4183 +#: sssd.conf.5.xml:4229 msgid "inherit_from (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4186 +#: sssd.conf.5.xml:4232 msgid "" "The SSSD POSIX-type domain the application domain inherits all settings " "from. The application domain can moreover add its own settings to the " @@ -4765,7 +4822,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4200 +#: sssd.conf.5.xml:4246 msgid "" "The following example illustrates the use of an application domain. In this " "setup, the POSIX domain is connected to an LDAP server and is used by the OS " @@ -4775,7 +4832,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><programlisting> -#: sssd.conf.5.xml:4208 +#: sssd.conf.5.xml:4254 #, no-wrap msgid "" "[sssd]\n" @@ -4795,12 +4852,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4228 +#: sssd.conf.5.xml:4274 msgid "TRUSTED DOMAIN SECTION" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4230 +#: sssd.conf.5.xml:4276 msgid "" "Some options used in the domain section can also be used in the trusted " "domain section, that is, in a section called " @@ -4811,69 +4868,69 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4237 +#: sssd.conf.5.xml:4283 msgid "ldap_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4238 +#: sssd.conf.5.xml:4284 msgid "ldap_user_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4239 +#: sssd.conf.5.xml:4285 msgid "ldap_group_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4240 +#: sssd.conf.5.xml:4286 msgid "ldap_netgroup_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4241 +#: sssd.conf.5.xml:4287 msgid "ldap_service_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4242 +#: sssd.conf.5.xml:4288 msgid "ldap_sasl_mech," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4243 +#: sssd.conf.5.xml:4289 msgid "ad_server," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4244 +#: sssd.conf.5.xml:4290 msgid "ad_backup_server," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4245 +#: sssd.conf.5.xml:4291 msgid "ad_site," msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4246 sssd-ipa.5.xml:879 +#: sssd.conf.5.xml:4292 sssd-ipa.5.xml:879 msgid "use_fully_qualified_names" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4250 +#: sssd.conf.5.xml:4296 msgid "" "For more details about these options see their individual description in the " "manual page." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4256 +#: sssd.conf.5.xml:4302 msgid "CERTIFICATE MAPPING SECTION" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4258 +#: sssd.conf.5.xml:4304 msgid "" "To allow authentication with Smartcards and certificates SSSD must be able " "to map certificates to users. This can be done by adding the full " @@ -4887,7 +4944,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4272 +#: sssd.conf.5.xml:4318 msgid "" "To make the mapping more flexible mapping and matching rules were added to " "SSSD (see <citerefentry> <refentrytitle>sss-certmap</refentrytitle> " @@ -4895,7 +4952,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4281 +#: sssd.conf.5.xml:4327 msgid "" "A mapping and matching rule can be added to the SSSD configuration in a " "section on its own with a name like " @@ -4904,55 +4961,55 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4288 +#: sssd.conf.5.xml:4334 msgid "matchrule (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4291 +#: sssd.conf.5.xml:4337 msgid "" "Only certificates from the Smartcard which matches this rule will be " "processed, all others are ignored." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4295 +#: sssd.conf.5.xml:4341 msgid "" "Default: KRB5:<EKU>clientAuth, i.e. only certificates which have the " "Extended Key Usage <quote>clientAuth</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4302 +#: sssd.conf.5.xml:4348 msgid "maprule (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4305 +#: sssd.conf.5.xml:4351 msgid "Defines how the user is found for a given certificate." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4311 +#: sssd.conf.5.xml:4357 msgid "" "LDAP:(userCertificate;binary={cert!bin}) for LDAP based providers like " "<quote>ldap</quote>, <quote>AD</quote> or <quote>ipa</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4317 +#: sssd.conf.5.xml:4363 msgid "" "The RULE_NAME for the <quote>files</quote> provider which tries to find a " "user with the same name." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4326 +#: sssd.conf.5.xml:4372 msgid "domains (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4329 +#: sssd.conf.5.xml:4375 msgid "" "Comma separated list of domain names the rule should be applied. By default " "a rule is only valid in the domain configured in sssd.conf. If the provider " @@ -4961,17 +5018,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4336 +#: sssd.conf.5.xml:4382 msgid "Default: the configured domain in sssd.conf" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4341 +#: sssd.conf.5.xml:4387 msgid "priority (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4344 +#: sssd.conf.5.xml:4390 msgid "" "Unsigned integer value defining the priority of the rule. The higher the " "number the lower the priority. <quote>0</quote> stands for the highest " @@ -4979,26 +5036,26 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4350 +#: sssd.conf.5.xml:4396 msgid "Default: the lowest priority" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4356 +#: sssd.conf.5.xml:4402 msgid "" "To make the configuration simple and reduce the amount of configuration " "options the <quote>files</quote> provider has some special properties:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4362 +#: sssd.conf.5.xml:4408 msgid "" "if maprule is not set the RULE_NAME name is assumed to be the name of the " "matching user" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4368 +#: sssd.conf.5.xml:4414 msgid "" "if a maprule is used both a single user name or a template like " "<quote>{subject_rfc822_name.short_name}</quote> must be in braces like " @@ -5007,17 +5064,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4377 +#: sssd.conf.5.xml:4423 msgid "the <quote>domains</quote> option is ignored" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4385 +#: sssd.conf.5.xml:4431 msgid "PROMPTING CONFIGURATION SECTION" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4387 +#: sssd.conf.5.xml:4433 msgid "" "If a special file " "(<filename>/var/lib/sss/pubconf/pam_preauth_available</filename>) exists " @@ -5027,7 +5084,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4395 +#: sssd.conf.5.xml:4441 msgid "" "With the growing number of authentication methods and the possibility that " "there are multiple ones for a single user the heuristic used by pam_sss to " @@ -5036,59 +5093,59 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4407 +#: sssd.conf.5.xml:4453 msgid "[prompting/password]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4410 +#: sssd.conf.5.xml:4456 msgid "password_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4411 +#: sssd.conf.5.xml:4457 msgid "to change the string of the password prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4409 +#: sssd.conf.5.xml:4455 msgid "" "to configure password prompting, allowed options are: <placeholder " "type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4419 +#: sssd.conf.5.xml:4465 msgid "[prompting/2fa]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4423 +#: sssd.conf.5.xml:4469 msgid "first_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4424 +#: sssd.conf.5.xml:4470 msgid "to change the string of the prompt for the first factor" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4427 +#: sssd.conf.5.xml:4473 msgid "second_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4428 +#: sssd.conf.5.xml:4474 msgid "to change the string of the prompt for the second factor" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4431 +#: sssd.conf.5.xml:4477 msgid "single_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4432 +#: sssd.conf.5.xml:4478 msgid "" "boolean value, if True there will be only a single prompt using the value of " "first_prompt where it is expected that both factors are entered as a single " @@ -5097,7 +5154,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4421 +#: sssd.conf.5.xml:4467 msgid "" "to configure two-factor authentication prompting, allowed options are: " "<placeholder type=\"variablelist\" id=\"0\"/> If the second factor is " @@ -5106,17 +5163,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4449 +#: sssd.conf.5.xml:4495 msgid "[prompting/passkey]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4455 sssd-ad.5.xml:1021 +#: sssd.conf.5.xml:4501 sssd-ad.5.xml:1021 msgid "interactive" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4457 +#: sssd.conf.5.xml:4503 msgid "" "boolean value, if True prompt a message and wait before testing the presence " "of a passkey device. Recommended if your device doesn’t have a tactile " @@ -5124,46 +5181,46 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4465 +#: sssd.conf.5.xml:4511 msgid "interactive_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4467 +#: sssd.conf.5.xml:4513 msgid "to change the message of the interactive prompt." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4472 +#: sssd.conf.5.xml:4518 msgid "touch" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4474 +#: sssd.conf.5.xml:4520 msgid "" "boolean value, if True prompt a message to remind the user to touch the " "device." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4480 +#: sssd.conf.5.xml:4526 msgid "touch_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4482 +#: sssd.conf.5.xml:4528 msgid "to change the message of the touch prompt." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4451 +#: sssd.conf.5.xml:4497 msgid "" "to configure passkey authentication prompting, allowed options are: " "<placeholder type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4402 +#: sssd.conf.5.xml:4448 msgid "" "Each supported authentication method has its own configuration subsection " "under <quote>[prompting/...]</quote>. Currently there are: <placeholder " @@ -5172,7 +5229,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4493 +#: sssd.conf.5.xml:4539 msgid "" "It is possible to add a subsection for specific PAM services, " "e.g. <quote>[prompting/password/sshd]</quote> to individual change the " @@ -5180,12 +5237,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4500 pam_sss_gss.8.xml:157 idmap_sss.8.xml:43 +#: sssd.conf.5.xml:4546 pam_sss_gss.8.xml:157 idmap_sss.8.xml:43 msgid "EXAMPLES" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4506 +#: sssd.conf.5.xml:4552 #, no-wrap msgid "" "[sssd]\n" @@ -5215,7 +5272,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4502 +#: sssd.conf.5.xml:4548 msgid "" "1. The following example shows a typical SSSD config. It does not describe " "configuration of the domains themselves - refer to documentation on " @@ -5224,7 +5281,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4539 +#: sssd.conf.5.xml:4585 #, no-wrap msgid "" "[domain/ipa.com/child.ad.com]\n" @@ -5232,7 +5289,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4533 +#: sssd.conf.5.xml:4579 msgid "" "2. The following example shows configuration of IPA AD trust where the AD " "forest consists of two domains in a parent-child structure. Suppose IPA " @@ -5243,7 +5300,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4550 +#: sssd.conf.5.xml:4596 #, no-wrap msgid "" "[certmap/my.domain/rule_name]\n" @@ -5254,7 +5311,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4544 +#: sssd.conf.5.xml:4590 msgid "" "3. The following example shows the configuration of a certificate mapping " "rule. It is valid for the configured domain <quote>my.domain</quote> and " @@ -17290,7 +17347,7 @@ msgstr "" #: include/ldap_id_mapping.xml:235 msgid "" "When this option is configured, domains will be allocated starting with " -"slice zero and increasing monatomically with each additional domain." +"slice zero and increasing monotonically with each additional domain." msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> diff --git a/src/man/po/sv.po b/src/man/po/sv.po index 92dc370dc52..49d01be5baa 100644 --- a/src/man/po/sv.po +++ b/src/man/po/sv.po @@ -6,7 +6,7 @@ msgid "" msgstr "" "Project-Id-Version: sssd-docs 2.3.0\n" "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" -"POT-Creation-Date: 2023-05-05 10:09+0200\n" +"POT-Creation-Date: 2023-09-07 11:47+0200\n" "PO-Revision-Date: 2023-02-15 14:20+0000\n" "Last-Translator: Göran Uddeborg <goeran@uddeborg.se>\n" "Language-Team: Swedish <https://translate.fedoraproject.org/projects/sssd/" @@ -243,8 +243,8 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:136 sssd.conf.5.xml:173 sssd.conf.5.xml:358 -#: sssd.conf.5.xml:714 sssd.conf.5.xml:729 sssd.conf.5.xml:951 -#: sssd.conf.5.xml:1069 sssd.conf.5.xml:2197 sssd-ldap.5.xml:1071 +#: sssd.conf.5.xml:714 sssd.conf.5.xml:729 sssd.conf.5.xml:952 +#: sssd.conf.5.xml:1070 sssd.conf.5.xml:2198 sssd-ldap.5.xml:1071 #: sssd-ldap.5.xml:1174 sssd-ldap.5.xml:1243 sssd-ldap.5.xml:1750 #: sssd-ldap.5.xml:1815 sssd-ipa.5.xml:342 sssd-ad.5.xml:252 sssd-ad.5.xml:366 #: sssd-ad.5.xml:1200 sssd-ad.5.xml:1348 sssd-krb5.5.xml:358 @@ -266,8 +266,8 @@ msgstr "" "journald är aktiverat för SSSD-felsökningsloggning ignoreras denna flagga." #. type: Content of: <variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:149 sssd.conf.5.xml:652 sssd.conf.5.xml:948 -#: sssd.conf.5.xml:2100 sssd.conf.5.xml:2167 sssd.conf.5.xml:4128 +#: sssd.conf.5.xml:149 sssd.conf.5.xml:652 sssd.conf.5.xml:949 +#: sssd.conf.5.xml:2101 sssd.conf.5.xml:2168 sssd.conf.5.xml:4174 #: sssd-ldap.5.xml:312 sssd-ldap.5.xml:917 sssd-ldap.5.xml:936 #: sssd-ldap.5.xml:1146 sssd-ldap.5.xml:1599 sssd-ldap.5.xml:1839 #: sssd-ipa.5.xml:152 sssd-ipa.5.xml:254 sssd-ipa.5.xml:657 sssd-ad.5.xml:1106 @@ -345,8 +345,8 @@ msgstr "" "att efter tre missade hjärtslag kommer processen avsluta sig själv." #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:196 sssd.conf.5.xml:1289 sssd.conf.5.xml:1766 -#: sssd.conf.5.xml:4144 sssd-ldap.5.xml:765 include/ldap_id_mapping.xml:270 +#: sssd.conf.5.xml:196 sssd.conf.5.xml:1290 sssd.conf.5.xml:1767 +#: sssd.conf.5.xml:4190 sssd-ldap.5.xml:765 include/ldap_id_mapping.xml:270 msgid "Default: 10" msgstr "Standard: 10" @@ -424,12 +424,12 @@ msgstr "" "”systemctl enable sssd-@service@.socket\". </phrase>" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:258 sssd.conf.5.xml:783 +#: sssd.conf.5.xml:258 sssd.conf.5.xml:784 msgid "reconnection_retries (integer)" msgstr "reconnection_retries (heltal)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:261 sssd.conf.5.xml:786 +#: sssd.conf.5.xml:261 sssd.conf.5.xml:787 msgid "" "Number of times services should attempt to reconnect in the event of a Data " "Provider crash or restart before they give up" @@ -438,7 +438,7 @@ msgstr "" "dataleverantörskrasch eller -omstart innan de ger upp" #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:266 sssd.conf.5.xml:791 sssd.conf.5.xml:3708 +#: sssd.conf.5.xml:266 sssd.conf.5.xml:792 sssd.conf.5.xml:3709 #: include/failover.xml:100 msgid "Default: 3" msgstr "Standard: 3" @@ -466,7 +466,7 @@ msgstr "" "understrykningstecken. Tecknet ”/” är förbjudet." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:287 sssd.conf.5.xml:3540 +#: sssd.conf.5.xml:287 sssd.conf.5.xml:3541 msgid "re_expression (string)" msgstr "re_expression (sträng)" @@ -491,12 +491,12 @@ msgstr "" "för mer information om dessa reguljära uttryck." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:304 sssd.conf.5.xml:3597 +#: sssd.conf.5.xml:304 sssd.conf.5.xml:3598 msgid "full_name_format (string)" msgstr "full_name_format (sträng)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:307 sssd.conf.5.xml:3600 +#: sssd.conf.5.xml:307 sssd.conf.5.xml:3601 msgid "" "A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</" "manvolnum> </citerefentry>-compatible format that describes how to compose a " @@ -507,32 +507,32 @@ msgstr "" "samman ett fullständigt kvalificerat namn från namn- och domänkomponenter." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:318 sssd.conf.5.xml:3611 +#: sssd.conf.5.xml:318 sssd.conf.5.xml:3612 msgid "%1$s" msgstr "%1$s" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:319 sssd.conf.5.xml:3612 +#: sssd.conf.5.xml:319 sssd.conf.5.xml:3613 msgid "user name" msgstr "användarnamn" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:322 sssd.conf.5.xml:3615 +#: sssd.conf.5.xml:322 sssd.conf.5.xml:3616 msgid "%2$s" msgstr "%2$s" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:325 sssd.conf.5.xml:3618 +#: sssd.conf.5.xml:325 sssd.conf.5.xml:3619 msgid "domain name as specified in the SSSD config file." msgstr "domännamn som det anges i SSSD-konfigurationsfilen." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:331 sssd.conf.5.xml:3624 +#: sssd.conf.5.xml:331 sssd.conf.5.xml:3625 msgid "%3$s" msgstr "%3$s" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:334 sssd.conf.5.xml:3627 +#: sssd.conf.5.xml:334 sssd.conf.5.xml:3628 msgid "" "domain flat name. Mostly usable for Active Directory domains, both directly " "configured or discovered via IPA trusts." @@ -541,7 +541,7 @@ msgstr "" "direkt konfigurerade eller hittade via IPA-förtroenden." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:315 sssd.conf.5.xml:3608 +#: sssd.conf.5.xml:315 sssd.conf.5.xml:3609 msgid "" "The following expansions are supported: <placeholder type=\"variablelist\" " "id=\"0\"/>" @@ -1098,7 +1098,7 @@ msgstr "" "användarnamn kan överlappa mellan domäner." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:700 sssd.conf.5.xml:1790 sssd.conf.5.xml:4194 +#: sssd.conf.5.xml:700 sssd.conf.5.xml:1791 sssd.conf.5.xml:4240 #: sssd-ad.5.xml:187 sssd-ad.5.xml:327 sssd-ad.5.xml:341 msgid "Default: Not set" msgstr "Standard: inte satt" @@ -1153,11 +1153,11 @@ msgstr "pam_cert_verification (sträng)" #: sssd.conf.5.xml:744 msgid "" "Enable or disable the user verification (i.e. PIN, fingerprint) during " -"authentication." +"authentication. If enabled, the PIN will always be requested." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:749 +#: sssd.conf.5.xml:750 msgid "" "The default is that the key settings decide what to do. In the IPA or " "kerberos pre-authentication case, this value will be overwritten by the " @@ -1198,12 +1198,12 @@ msgstr "" "type=\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:768 +#: sssd.conf.5.xml:769 msgid "SERVICES SECTIONS" msgstr "TJÄNSTESEKTIONER" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:770 +#: sssd.conf.5.xml:771 msgid "" "Settings that can be used to configure different services are described in " "this section. They should reside in the [<replaceable>$NAME</replaceable>] " @@ -1216,22 +1216,22 @@ msgstr "" "<quote>[nss]</quote>" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:777 +#: sssd.conf.5.xml:778 msgid "General service configuration options" msgstr "Allmänna alternativ för tjänstekonfiguration" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:779 +#: sssd.conf.5.xml:780 msgid "These options can be used to configure any service." msgstr "Dessa alternativ kan användas för att konfigurera alla tjänster." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:796 +#: sssd.conf.5.xml:797 msgid "fd_limit" msgstr "fd_limit" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:799 +#: sssd.conf.5.xml:800 msgid "" "This option specifies the maximum number of file descriptors that may be " "opened at one time by this SSSD process. On systems where SSSD is granted " @@ -1246,17 +1246,17 @@ msgstr "" "och den ”hårda” gränsen i limits.conf." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:808 +#: sssd.conf.5.xml:809 msgid "Default: 8192 (or limits.conf \"hard\" limit)" msgstr "Standard: 8192 (eller den ”hårda” gränsen i limits.conf)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:813 +#: sssd.conf.5.xml:814 msgid "client_idle_timeout" msgstr "client_idle_timeout" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:816 +#: sssd.conf.5.xml:817 msgid "" "This option specifies the number of seconds that a client of an SSSD process " "can hold onto a file descriptor without communicating on it. This value is " @@ -1271,17 +1271,17 @@ msgstr "" "konfigureras kommer det att justeras till 10 sekunder." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:825 +#: sssd.conf.5.xml:826 msgid "Default: 60, KCM: 300" msgstr "Standard: 60, KCM: 300" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:830 +#: sssd.conf.5.xml:831 msgid "offline_timeout (integer)" msgstr "offline_timeout (heltal)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:833 +#: sssd.conf.5.xml:834 msgid "" "When SSSD switches to offline mode the amount of time before it tries to go " "back online will increase based upon the time spent disconnected. By " @@ -1298,7 +1298,7 @@ msgstr "" "försök att bli uppkopplat beräknas det nya intervallet om enligt följande:" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:844 sssd.conf.5.xml:900 +#: sssd.conf.5.xml:845 sssd.conf.5.xml:901 msgid "" "new_delay = Minimum(old_delay * 2, offline_timeout_max) + random[0..." "offline_timeout_random_offset]" @@ -1307,7 +1307,7 @@ msgstr "" "slumpvärde[0…offline_timeout_random_offset]" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:847 +#: sssd.conf.5.xml:848 msgid "" "The offline_timeout default value is 60. The offline_timeout_max default " "value is 3600. The offline_timeout_random_offset default value is 30. The " @@ -1318,7 +1318,7 @@ msgstr "" "är 30. Slutresultatet är antalet sekunder före nästa omförsök." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:853 +#: sssd.conf.5.xml:854 msgid "" "Note that the maximum length of each interval is defined by " "offline_timeout_max (apart of random part)." @@ -1327,18 +1327,18 @@ msgstr "" "offline_timeout_max (förutom slumpdelen)." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:857 sssd.conf.5.xml:1200 sssd.conf.5.xml:1583 -#: sssd.conf.5.xml:1879 sssd-ldap.5.xml:494 +#: sssd.conf.5.xml:858 sssd.conf.5.xml:1201 sssd.conf.5.xml:1584 +#: sssd.conf.5.xml:1880 sssd-ldap.5.xml:494 msgid "Default: 60" msgstr "Standard: 60" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:862 +#: sssd.conf.5.xml:863 msgid "offline_timeout_max (integer)" msgstr "offline_timeout_max (heltal)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:865 +#: sssd.conf.5.xml:866 msgid "" "Controls by how much the time between attempts to go online can be " "incremented following unsuccessful attempts to go online." @@ -1347,12 +1347,12 @@ msgstr "" "misslyckat försök att koppla upp." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:870 +#: sssd.conf.5.xml:871 msgid "A value of 0 disables the incrementing behaviour." msgstr "Ett värde på 0 avaktiverar det ökande beteendet." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:873 +#: sssd.conf.5.xml:874 msgid "" "The value of this parameter should be set in correlation to offline_timeout " "parameter value." @@ -1361,7 +1361,7 @@ msgstr "" "offline_timeout." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:877 +#: sssd.conf.5.xml:878 msgid "" "With offline_timeout set to 60 (default value) there is no point in setting " "offlinet_timeout_max to less than 120 as it will saturate instantly. General " @@ -1374,7 +1374,7 @@ msgstr "" "åtminstone 4 gånger offline_timeout." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:883 +#: sssd.conf.5.xml:884 msgid "" "Although a value between 0 and offline_timeout may be specified, it has the " "effect of overriding the offline_timeout value so is of little use." @@ -1383,17 +1383,17 @@ msgstr "" "att åsidosätta värdet offline_timeout så det är inte så användbart." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:888 +#: sssd.conf.5.xml:889 msgid "Default: 3600" msgstr "Standard: 3600" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:893 +#: sssd.conf.5.xml:894 msgid "offline_timeout_random_offset (integer)" msgstr "offline_timeout_random_offset (heltal)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:896 +#: sssd.conf.5.xml:897 msgid "" "When SSSD is in offline mode it keeps probing backend servers in specified " "time intervals:" @@ -1402,7 +1402,7 @@ msgstr "" "angivna tidsintervall:" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:903 +#: sssd.conf.5.xml:904 msgid "" "This parameter controls the value of the random offset used for the above " "equation. Final random_offset value will be random number in range:" @@ -1412,27 +1412,27 @@ msgstr "" "slumptal i intervallet:" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:908 +#: sssd.conf.5.xml:909 msgid "[0 - offline_timeout_random_offset]" msgstr "[0 – offline_timeout_random_offset]" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:911 +#: sssd.conf.5.xml:912 msgid "A value of 0 disables the random offset addition." msgstr "Ett värde på 0 avaktiverar tillägget av en slumpfördröjning." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:914 +#: sssd.conf.5.xml:915 msgid "Default: 30" msgstr "Standard: 30" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:919 +#: sssd.conf.5.xml:920 msgid "responder_idle_timeout" msgstr "responder_idle_timeout" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:922 +#: sssd.conf.5.xml:923 msgid "" "This option specifies the number of seconds that an SSSD responder process " "can be up without being used. This value is limited in order to avoid " @@ -1451,18 +1451,18 @@ msgstr "" "antingen uttags- eller D-Bus-aktiverade." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:936 sssd.conf.5.xml:1213 sssd.conf.5.xml:2321 +#: sssd.conf.5.xml:937 sssd.conf.5.xml:1214 sssd.conf.5.xml:2322 #: sssd-ldap.5.xml:331 msgid "Default: 300" msgstr "Standard: 300" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:941 +#: sssd.conf.5.xml:942 msgid "cache_first" msgstr "cache_first" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:944 +#: sssd.conf.5.xml:945 msgid "" "This option specifies whether the responder should query all caches before " "querying the Data Providers." @@ -1471,12 +1471,12 @@ msgstr "" "den frågar dataleverantörerna." #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:959 +#: sssd.conf.5.xml:960 msgid "NSS configuration options" msgstr "NSS-konfigurationsalternativ" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:961 +#: sssd.conf.5.xml:962 msgid "" "These options can be used to configure the Name Service Switch (NSS) service." msgstr "" @@ -1484,12 +1484,12 @@ msgstr "" "Switch (NSS)." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:966 +#: sssd.conf.5.xml:967 msgid "enum_cache_timeout (integer)" msgstr "enum_cache_timeout (heltal)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:969 +#: sssd.conf.5.xml:970 msgid "" "How many seconds should nss_sss cache enumerations (requests for info about " "all users)" @@ -1498,17 +1498,17 @@ msgstr "" "information om alla användare)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:973 +#: sssd.conf.5.xml:974 msgid "Default: 120" msgstr "Standard: 120" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:978 +#: sssd.conf.5.xml:979 msgid "entry_cache_nowait_percentage (integer)" msgstr "entry_cache_nowait_percentage (heltal)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:981 +#: sssd.conf.5.xml:982 msgid "" "The entry cache can be set to automatically update entries in the background " "if they are requested beyond a percentage of the entry_cache_timeout value " @@ -1519,7 +1519,7 @@ msgstr "" "för domänen." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:987 +#: sssd.conf.5.xml:988 msgid "" "For example, if the domain's entry_cache_timeout is set to 30s and " "entry_cache_nowait_percentage is set to 50 (percent), entries that come in " @@ -1534,7 +1534,7 @@ msgstr "" "framtida begäranden kommer behöva blockera i väntan på en cacheuppdatering." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:997 +#: sssd.conf.5.xml:998 msgid "" "Valid values for this option are 0-99 and represent a percentage of the " "entry_cache_timeout for each domain. For performance reasons, this " @@ -1547,17 +1547,17 @@ msgstr "" "(0 avaktiverar denna funktion)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1005 sssd.conf.5.xml:2121 +#: sssd.conf.5.xml:1006 sssd.conf.5.xml:2122 msgid "Default: 50" msgstr "Standard: 50" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1010 +#: sssd.conf.5.xml:1011 msgid "entry_negative_timeout (integer)" msgstr "entry_negative_timeout (heltal)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1013 +#: sssd.conf.5.xml:1014 msgid "" "Specifies for how many seconds nss_sss should cache negative cache hits " "(that is, queries for invalid database entries, like nonexistent ones) " @@ -1568,17 +1568,17 @@ msgstr "" "bakänden tillfrågas igen." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1019 sssd.conf.5.xml:1778 sssd.conf.5.xml:2145 +#: sssd.conf.5.xml:1020 sssd.conf.5.xml:1779 sssd.conf.5.xml:2146 msgid "Default: 15" msgstr "Standard: 15" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1024 +#: sssd.conf.5.xml:1025 msgid "local_negative_timeout (integer)" msgstr "local_negative_timeout (heltal)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1027 +#: sssd.conf.5.xml:1028 msgid "" "Specifies for how many seconds nss_sss should keep local users and groups in " "negative cache before trying to look it up in the back end again. Setting " @@ -1589,17 +1589,17 @@ msgstr "" "in alternativet till 0 avaktiverar denna funktion." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1033 +#: sssd.conf.5.xml:1034 msgid "Default: 14400 (4 hours)" msgstr "Standard: 14400 (4 timmar)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1038 +#: sssd.conf.5.xml:1039 msgid "filter_users, filter_groups (string)" msgstr "filter_users, filter_groups (sträng)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1041 +#: sssd.conf.5.xml:1042 msgid "" "Exclude certain users or groups from being fetched from the sss NSS " "database. This is particularly useful for system accounts. This option can " @@ -1613,7 +1613,7 @@ msgstr "" "användarhuvudmansnamn (UPN)." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1049 +#: sssd.conf.5.xml:1050 msgid "" "NOTE: The filter_groups option doesn't affect inheritance of nested group " "members, since filtering happens after they are propagated for returning via " @@ -1626,17 +1626,17 @@ msgstr "" "kommer fortfarande ha medlemsanvändarna i den senare listade." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1057 +#: sssd.conf.5.xml:1058 msgid "Default: root" msgstr "Standard: root" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1062 +#: sssd.conf.5.xml:1063 msgid "filter_users_in_groups (bool)" msgstr "filter_users_in_groups (bool)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1065 +#: sssd.conf.5.xml:1066 msgid "" "If you want filtered user still be group members set this option to false." msgstr "" @@ -1644,12 +1644,12 @@ msgstr "" "sätt då detta alternativ till false." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1076 +#: sssd.conf.5.xml:1077 msgid "fallback_homedir (string)" msgstr "fallback_homedir (sträng)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1079 +#: sssd.conf.5.xml:1080 msgid "" "Set a default template for a user's home directory if one is not specified " "explicitly by the domain's data provider." @@ -1658,7 +1658,7 @@ msgstr "" "anges av domänens dataleverantör." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1084 +#: sssd.conf.5.xml:1085 msgid "" "The available values for this option are the same as for override_homedir." msgstr "" @@ -1666,7 +1666,7 @@ msgstr "" "override_homedir." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1090 +#: sssd.conf.5.xml:1091 #, no-wrap msgid "" "fallback_homedir = /home/%u\n" @@ -1676,23 +1676,23 @@ msgstr "" " " #. type: Content of: <varlistentry><listitem><para> -#: sssd.conf.5.xml:1088 sssd.conf.5.xml:1650 sssd.conf.5.xml:1669 -#: sssd.conf.5.xml:1746 sssd-krb5.5.xml:451 include/override_homedir.xml:66 +#: sssd.conf.5.xml:1089 sssd.conf.5.xml:1651 sssd.conf.5.xml:1670 +#: sssd.conf.5.xml:1747 sssd-krb5.5.xml:451 include/override_homedir.xml:66 msgid "example: <placeholder type=\"programlisting\" id=\"0\"/>" msgstr "exempel: <placeholder type=\"programlisting\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1094 +#: sssd.conf.5.xml:1095 msgid "Default: not set (no substitution for unset home directories)" msgstr "Standard: inte satt (ingen ersättning för ej angivna hemkataloger)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1100 +#: sssd.conf.5.xml:1101 msgid "override_shell (string)" msgstr "override_shell (sträng)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1103 +#: sssd.conf.5.xml:1104 msgid "" "Override the login shell for all users. This option supersedes any other " "shell options if it takes effect and can be set either in the [nss] section " @@ -1703,30 +1703,30 @@ msgstr "" "sektionen [nss] eller per domän." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1109 +#: sssd.conf.5.xml:1110 msgid "Default: not set (SSSD will use the value retrieved from LDAP)" msgstr "" "Standard: inte angivet (SSSD kommer använda värdet som hämtats från LDAP)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1115 +#: sssd.conf.5.xml:1116 msgid "allowed_shells (string)" msgstr "allowed_shells (sträng)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1118 +#: sssd.conf.5.xml:1119 msgid "" "Restrict user shell to one of the listed values. The order of evaluation is:" msgstr "" "Begränsa användarskal till ett av de listade värdena. Beräkningsordningen är:" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1121 +#: sssd.conf.5.xml:1122 msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used." msgstr "1. Om skalet finns i <quote>/etc/shells</quote> används det." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1125 +#: sssd.conf.5.xml:1126 msgid "" "2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</" "quote>, use the value of the shell_fallback parameter." @@ -1735,7 +1735,7 @@ msgstr "" "quote>, använd värdet på parametern shell_fallback." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1130 +#: sssd.conf.5.xml:1131 msgid "" "3. If the shell is not in the allowed_shells list and not in <quote>/etc/" "shells</quote>, a nologin shell is used." @@ -1744,12 +1744,12 @@ msgstr "" "shells</quote> används ett nologin-skal." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1135 +#: sssd.conf.5.xml:1136 msgid "The wildcard (*) can be used to allow any shell." msgstr "Jokertecknet (*) kan användas för att tillåta godtyckligt skal." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1138 +#: sssd.conf.5.xml:1139 msgid "" "The (*) is useful if you want to use shell_fallback in case that user's " "shell is not in <quote>/etc/shells</quote> and maintaining list of all " @@ -1760,12 +1760,12 @@ msgstr "" "alla skal i allowed_shells skulle vara för mycket overhead." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1145 +#: sssd.conf.5.xml:1146 msgid "An empty string for shell is passed as-is to libc." msgstr "En tom sträng som skal skickas som den är till libc." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1148 +#: sssd.conf.5.xml:1149 msgid "" "The <quote>/etc/shells</quote> is only read on SSSD start up, which means " "that a restart of the SSSD is required in case a new shell is installed." @@ -1774,27 +1774,27 @@ msgstr "" "att en omstart av SSSD behövs ifall ett nytt skal installeras." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1152 +#: sssd.conf.5.xml:1153 msgid "Default: Not set. The user shell is automatically used." msgstr "Standard: inte satt. Användarens skal används automatiskt." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1157 +#: sssd.conf.5.xml:1158 msgid "vetoed_shells (string)" msgstr "vetoed_shells (sträng)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1160 +#: sssd.conf.5.xml:1161 msgid "Replace any instance of these shells with the shell_fallback" msgstr "Ersätt alla instanser av dessa skal med shell_fallback" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1165 +#: sssd.conf.5.xml:1166 msgid "shell_fallback (string)" msgstr "shell_fallback (sträng)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1168 +#: sssd.conf.5.xml:1169 msgid "" "The default shell to use if an allowed shell is not installed on the machine." msgstr "" @@ -1802,17 +1802,17 @@ msgstr "" "maskinen." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1172 +#: sssd.conf.5.xml:1173 msgid "Default: /bin/sh" msgstr "Standard: /bin/sh" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1177 +#: sssd.conf.5.xml:1178 msgid "default_shell" msgstr "default_shell" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1180 +#: sssd.conf.5.xml:1181 msgid "" "The default shell to use if the provider does not return one during lookup. " "This option can be specified globally in the [nss] section or per-domain." @@ -1822,7 +1822,7 @@ msgstr "" "per domän." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1186 +#: sssd.conf.5.xml:1187 msgid "" "Default: not set (Return NULL if no shell is specified and rely on libc to " "substitute something sensible when necessary, usually /bin/sh)" @@ -1831,12 +1831,12 @@ msgstr "" "libc ersätter med något rimligt när nödvändigt, vanligen /bin/sh)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1193 sssd.conf.5.xml:1576 +#: sssd.conf.5.xml:1194 sssd.conf.5.xml:1577 msgid "get_domains_timeout (int)" msgstr "get_domains_timeout (heltal)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1196 sssd.conf.5.xml:1579 +#: sssd.conf.5.xml:1197 sssd.conf.5.xml:1580 msgid "" "Specifies time in seconds for which the list of subdomains will be " "considered valid." @@ -1845,12 +1845,12 @@ msgstr "" "som giltiga." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1205 +#: sssd.conf.5.xml:1206 msgid "memcache_timeout (integer)" msgstr "memcache_timeout (heltal)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1208 +#: sssd.conf.5.xml:1209 msgid "" "Specifies time in seconds for which records in the in-memory cache will be " "valid. Setting this option to zero will disable the in-memory cache." @@ -1860,7 +1860,7 @@ msgstr "" "minnet." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1216 +#: sssd.conf.5.xml:1217 msgid "" "WARNING: Disabling the in-memory cache will have significant negative impact " "on SSSD's performance and should only be used for testing." @@ -1869,8 +1869,8 @@ msgstr "" "påverkan på SSSD:s prestanda och skall bara användas för testning." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1222 sssd.conf.5.xml:1247 sssd.conf.5.xml:1272 -#: sssd.conf.5.xml:1297 sssd.conf.5.xml:1324 +#: sssd.conf.5.xml:1223 sssd.conf.5.xml:1248 sssd.conf.5.xml:1273 +#: sssd.conf.5.xml:1298 sssd.conf.5.xml:1325 msgid "" "NOTE: If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", " "client applications will not use the fast in-memory cache." @@ -1879,12 +1879,12 @@ msgstr "" "klientprogram inte använda den snabba cachen i minnet." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1230 +#: sssd.conf.5.xml:1231 msgid "memcache_size_passwd (integer)" msgstr "memcache_size_passwd (heltal)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1233 +#: sssd.conf.5.xml:1234 msgid "" "Size (in megabytes) of the data table allocated inside fast in-memory cache " "for passwd requests. Setting the size to 0 will disable the passwd in-" @@ -1895,13 +1895,13 @@ msgstr "" "lösenords-cachen i minnet." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1239 sssd.conf.5.xml:2963 sssd-ldap.5.xml:548 +#: sssd.conf.5.xml:1240 sssd.conf.5.xml:2964 sssd-ldap.5.xml:548 msgid "Default: 8" msgstr "Standard: 8" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1242 sssd.conf.5.xml:1267 sssd.conf.5.xml:1292 -#: sssd.conf.5.xml:1319 +#: sssd.conf.5.xml:1243 sssd.conf.5.xml:1268 sssd.conf.5.xml:1293 +#: sssd.conf.5.xml:1320 msgid "" "WARNING: Disabled or too small in-memory cache can have significant negative " "impact on SSSD's performance." @@ -1910,12 +1910,12 @@ msgstr "" "negativ påverkan på SSSD:s prestanda." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1255 +#: sssd.conf.5.xml:1256 msgid "memcache_size_group (integer)" msgstr "memcache_size_group (heltal)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1258 +#: sssd.conf.5.xml:1259 msgid "" "Size (in megabytes) of the data table allocated inside fast in-memory cache " "for group requests. Setting the size to 0 will disable the group in-memory " @@ -1926,19 +1926,19 @@ msgstr "" "grupp-cachen i minnet." #. type: Content of: <variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1264 sssd.conf.5.xml:1316 sssd.conf.5.xml:3729 +#: sssd.conf.5.xml:1265 sssd.conf.5.xml:1317 sssd.conf.5.xml:3730 #: sssd-ldap.5.xml:473 sssd-ldap.5.xml:525 include/failover.xml:116 #: include/krb5_options.xml:11 msgid "Default: 6" msgstr "Standard: 6" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1280 +#: sssd.conf.5.xml:1281 msgid "memcache_size_initgroups (integer)" msgstr "memcache_size_initgroups (heltal)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1283 +#: sssd.conf.5.xml:1284 msgid "" "Size (in megabytes) of the data table allocated inside fast in-memory cache " "for initgroups requests. Setting the size to 0 will disable the initgroups " @@ -1949,12 +1949,12 @@ msgstr "" "initgrupp-cachen i minnet." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1305 +#: sssd.conf.5.xml:1306 msgid "memcache_size_sid (integer)" msgstr "memcache_size_sid (integer)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1308 +#: sssd.conf.5.xml:1309 msgid "" "Size (in megabytes) of the data table allocated inside fast in-memory cache " "for SID related requests. Only SID-by-ID and ID-by-SID requests are " @@ -1967,12 +1967,12 @@ msgstr "" "storleken till 0 kommer avaktivera SID-cachen i minnet." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1332 sssd-ifp.5.xml:90 +#: sssd.conf.5.xml:1333 sssd-ifp.5.xml:90 msgid "user_attributes (string)" msgstr "user_attributes (sträng)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1335 +#: sssd.conf.5.xml:1336 msgid "" "Some of the additional NSS responder requests can return more attributes " "than just the POSIX ones defined by the NSS interface. The list of " @@ -1989,7 +1989,7 @@ msgstr "" "citerefentry> för detaljer) men utan standardvärden." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1348 +#: sssd.conf.5.xml:1349 msgid "" "To make configuration more easy the NSS responder will check the InfoPipe " "option if it is not set for the NSS responder." @@ -1998,17 +1998,17 @@ msgstr "" "InfoPipe-alternativet om det inte är satt för NSS-respondenten." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1353 +#: sssd.conf.5.xml:1354 msgid "Default: not set, fallback to InfoPipe option" msgstr "Standard: inte satt, gå tillbaka till InfoPipe-alternativet" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1358 +#: sssd.conf.5.xml:1359 msgid "pwfield (string)" msgstr "pwfield (sträng)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1361 +#: sssd.conf.5.xml:1362 msgid "" "The value that NSS operations that return users or groups will return for " "the <quote>password</quote> field." @@ -2017,12 +2017,12 @@ msgstr "" "returnera i fältet <quote>password</quote>." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1366 +#: sssd.conf.5.xml:1367 msgid "Default: <quote>*</quote>" msgstr "Standard: <quote>*</quote>" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1369 +#: sssd.conf.5.xml:1370 msgid "" "Note: This option can also be set per-domain which overwrites the value in " "[nss] section." @@ -2031,7 +2031,7 @@ msgstr "" "värdet i [nss]-sektionen." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1373 +#: sssd.conf.5.xml:1374 #, fuzzy #| msgid "" #| "Default: <quote>not set</quote> (remote domains), <quote>x</quote> (the " @@ -2048,12 +2048,12 @@ msgstr "" "shadowutils)" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:1385 +#: sssd.conf.5.xml:1386 msgid "PAM configuration options" msgstr "PAM-konfigurationsalternativ" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:1387 +#: sssd.conf.5.xml:1388 msgid "" "These options can be used to configure the Pluggable Authentication Module " "(PAM) service." @@ -2062,12 +2062,12 @@ msgstr "" "Authentication Module (PAM)." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1392 +#: sssd.conf.5.xml:1393 msgid "offline_credentials_expiration (integer)" msgstr "offline_credentials_expiration (heltal)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1395 +#: sssd.conf.5.xml:1396 msgid "" "If the authentication provider is offline, how long should we allow cached " "logins (in days since the last successful online login)." @@ -2077,17 +2077,17 @@ msgstr "" "inloggningen)." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1400 sssd.conf.5.xml:1413 +#: sssd.conf.5.xml:1401 sssd.conf.5.xml:1414 msgid "Default: 0 (No limit)" msgstr "Standard: 0 (ingen gräns)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1406 +#: sssd.conf.5.xml:1407 msgid "offline_failed_login_attempts (integer)" msgstr "offline_failed_login_attempts (heltal)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1409 +#: sssd.conf.5.xml:1410 msgid "" "If the authentication provider is offline, how many failed login attempts " "are allowed." @@ -2096,12 +2096,12 @@ msgstr "" "inloggningsförsök är tillåtna." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1419 +#: sssd.conf.5.xml:1420 msgid "offline_failed_login_delay (integer)" msgstr "offline_failed_login_delay (heltal)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1422 +#: sssd.conf.5.xml:1423 msgid "" "The time in minutes which has to pass after offline_failed_login_attempts " "has been reached before a new login attempt is possible." @@ -2110,7 +2110,7 @@ msgstr "" "har nåtts före ett nytt inloggningsförsök är möjligt." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1427 +#: sssd.conf.5.xml:1428 msgid "" "If set to 0 the user cannot authenticate offline if " "offline_failed_login_attempts has been reached. Only a successful online " @@ -2121,17 +2121,17 @@ msgstr "" "autentisering kan aktivera autentisering utan uppkoppling igen." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1433 sssd.conf.5.xml:1543 +#: sssd.conf.5.xml:1434 sssd.conf.5.xml:1544 msgid "Default: 5" msgstr "Standard: 5" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1439 +#: sssd.conf.5.xml:1440 msgid "pam_verbosity (integer)" msgstr "pam_verbosity (heltal)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1442 +#: sssd.conf.5.xml:1443 msgid "" "Controls what kind of messages are shown to the user during authentication. " "The higher the number to more messages are displayed." @@ -2140,43 +2140,43 @@ msgstr "" "Ju högre tal desto fler meddelanden visas." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1447 +#: sssd.conf.5.xml:1448 msgid "Currently sssd supports the following values:" msgstr "För närvarande stödjs följande värden:" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1450 +#: sssd.conf.5.xml:1451 msgid "<emphasis>0</emphasis>: do not show any message" msgstr "<emphasis>0</emphasis>: visa inte några meddelanden" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1453 +#: sssd.conf.5.xml:1454 msgid "<emphasis>1</emphasis>: show only important messages" msgstr "<emphasis>1</emphasis>: visa endast viktiga meddelanden" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1457 +#: sssd.conf.5.xml:1458 msgid "<emphasis>2</emphasis>: show informational messages" msgstr "<emphasis>2</emphasis>: visa informationsmeddelanden" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1460 +#: sssd.conf.5.xml:1461 msgid "<emphasis>3</emphasis>: show all messages and debug information" msgstr "" "<emphasis>3</emphasis>: visa alla meddelanden och felsökningsinformation" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1464 sssd.8.xml:63 +#: sssd.conf.5.xml:1465 sssd.8.xml:63 msgid "Default: 1" msgstr "Standard: 1" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1470 +#: sssd.conf.5.xml:1471 msgid "pam_response_filter (string)" msgstr "pam_response_filter (sträng)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1473 +#: sssd.conf.5.xml:1474 msgid "" "A comma separated list of strings which allows to remove (filter) data sent " "by the PAM responder to pam_sss PAM module. There are different kind of " @@ -2189,7 +2189,7 @@ msgstr "" "användaren eller miljövariabler som skall sättas av pam_sss." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1481 +#: sssd.conf.5.xml:1482 msgid "" "While messages already can be controlled with the help of the pam_verbosity " "option this option allows to filter out other kind of responses as well." @@ -2198,37 +2198,37 @@ msgstr "" "gör detta alternativ att man kan filtrera ut andra sorters svar dessutom." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1488 +#: sssd.conf.5.xml:1489 msgid "ENV" msgstr "ENV" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1489 +#: sssd.conf.5.xml:1490 msgid "Do not send any environment variables to any service." msgstr "Skicka inte några miljövariabler till någon tjänst." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1492 +#: sssd.conf.5.xml:1493 msgid "ENV:var_name" msgstr "ENV:varnamn" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1493 +#: sssd.conf.5.xml:1494 msgid "Do not send environment variable var_name to any service." msgstr "Skicka inte miljövariabeln varnamn till någon tjänst." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1497 +#: sssd.conf.5.xml:1498 msgid "ENV:var_name:service" msgstr "ENV:varnamn:tjänst" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1498 +#: sssd.conf.5.xml:1499 msgid "Do not send environment variable var_name to service." msgstr "Skicka inte miljövariabeln varnamn till tjänst." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1486 +#: sssd.conf.5.xml:1487 msgid "" "Currently the following filters are supported: <placeholder " "type=\"variablelist\" id=\"0\"/>" @@ -2237,7 +2237,7 @@ msgstr "" "id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1505 +#: sssd.conf.5.xml:1506 msgid "" "The list of strings can either be the list of filters which would set this " "list of filters and overwrite the defaults. Or each element of the list can " @@ -2254,12 +2254,12 @@ msgstr "" "eller ”-” eller inget av dem. Det ses som ett fel att blanda båda sätten." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1516 +#: sssd.conf.5.xml:1517 msgid "Default: ENV:KRB5CCNAME:sudo, ENV:KRB5CCNAME:sudo-i" msgstr "Standard: ENV:KRB5CCNAME:sudo, ENV:KRB5CCNAME:sudo-i" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1519 +#: sssd.conf.5.xml:1520 msgid "" "Example: -ENV:KRB5CCNAME:sudo-i will remove the filter from the default list" msgstr "" @@ -2267,12 +2267,12 @@ msgstr "" "standardlistan" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1526 +#: sssd.conf.5.xml:1527 msgid "pam_id_timeout (integer)" msgstr "pam_id_timeout (heltal)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1529 +#: sssd.conf.5.xml:1530 msgid "" "For any PAM request while SSSD is online, the SSSD will attempt to " "immediately update the cached identity information for the user in order to " @@ -2283,7 +2283,7 @@ msgstr "" "till att autentisering sker med den senaste informationen." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1535 +#: sssd.conf.5.xml:1536 msgid "" "A complete PAM conversation may perform multiple PAM requests, such as " "account management and session opening. This option controls (on a per-" @@ -2297,17 +2297,17 @@ msgstr "" "identitetsleverantören." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1549 +#: sssd.conf.5.xml:1550 msgid "pam_pwd_expiration_warning (integer)" msgstr "pam_pwd_expiration_warning (heltal)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1552 sssd.conf.5.xml:2987 +#: sssd.conf.5.xml:1553 sssd.conf.5.xml:2988 msgid "Display a warning N days before the password expires." msgstr "Visa en varning N dagar före lösenordet går ut." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1555 +#: sssd.conf.5.xml:1556 msgid "" "Please note that the backend server has to provide information about the " "expiration time of the password. If this information is missing, sssd " @@ -2317,7 +2317,7 @@ msgstr "" "lösenordet. Om denna information saknas kan sssd inte visa någon varning." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1561 sssd.conf.5.xml:2990 +#: sssd.conf.5.xml:1562 sssd.conf.5.xml:2991 msgid "" "If zero is set, then this filter is not applied, i.e. if the expiration " "warning was received from backend server, it will automatically be displayed." @@ -2326,7 +2326,7 @@ msgstr "" "mottogs från bakändeserver kommer den automatiskt visas." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1566 +#: sssd.conf.5.xml:1567 msgid "" "This setting can be overridden by setting <emphasis>pwd_expiration_warning</" "emphasis> for a particular domain." @@ -2335,17 +2335,17 @@ msgstr "" "<emphasis>pwd_expiration_warning</emphasis> för en viss domän." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1571 sssd.conf.5.xml:3976 sssd-ldap.5.xml:606 sssd.8.xml:79 +#: sssd.conf.5.xml:1572 sssd.conf.5.xml:3977 sssd-ldap.5.xml:606 sssd.8.xml:79 msgid "Default: 0" msgstr "Standard: 0" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1588 +#: sssd.conf.5.xml:1589 msgid "pam_trusted_users (string)" msgstr "pam_trusted_users (sträng)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1591 +#: sssd.conf.5.xml:1592 msgid "" "Specifies the comma-separated list of UID values or user names that are " "allowed to run PAM conversations against trusted domains. Users not " @@ -2360,12 +2360,12 @@ msgstr "" "UID vid uppstart." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1601 +#: sssd.conf.5.xml:1602 msgid "Default: All users are considered trusted by default" msgstr "Standard: alla användare betraktas som betrodda som standard" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1605 +#: sssd.conf.5.xml:1606 msgid "" "Please note that UID 0 is always allowed to access the PAM responder even in " "case it is not in the pam_trusted_users list." @@ -2374,12 +2374,12 @@ msgstr "" "inte är i listan pam_trusted_users." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1612 +#: sssd.conf.5.xml:1613 msgid "pam_public_domains (string)" msgstr "pam_public_domains (sträng)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1615 +#: sssd.conf.5.xml:1616 msgid "" "Specifies the comma-separated list of domain names that are accessible even " "to untrusted users." @@ -2388,20 +2388,20 @@ msgstr "" "betrodda användare." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1619 +#: sssd.conf.5.xml:1620 msgid "Two special values for pam_public_domains option are defined:" msgstr "" "Två speciella värden för alternativet pam_public_domains är definierade:" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1623 +#: sssd.conf.5.xml:1624 msgid "" "all (Untrusted users are allowed to access all domains in PAM responder.)" msgstr "" "all (Ej betrodda användare tillåts komma åt alla domäner i PAM-respondenten.)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1627 +#: sssd.conf.5.xml:1628 msgid "" "none (Untrusted users are not allowed to access any domains PAM in " "responder.)" @@ -2410,19 +2410,19 @@ msgstr "" "respondenten.)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1631 sssd.conf.5.xml:1656 sssd.conf.5.xml:1675 -#: sssd.conf.5.xml:1912 sssd.conf.5.xml:2732 sssd.conf.5.xml:3905 +#: sssd.conf.5.xml:1632 sssd.conf.5.xml:1657 sssd.conf.5.xml:1676 +#: sssd.conf.5.xml:1913 sssd.conf.5.xml:2733 sssd.conf.5.xml:3906 #: sssd-ldap.5.xml:1207 msgid "Default: none" msgstr "Standard: none" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1636 +#: sssd.conf.5.xml:1637 msgid "pam_account_expired_message (string)" msgstr "pam_account_expired_message (sträng)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1639 +#: sssd.conf.5.xml:1640 msgid "" "Allows a custom expiration message to be set, replacing the default " "'Permission denied' message." @@ -2431,7 +2431,7 @@ msgstr "" "standardmeddelandet ”åtkomst nekas”." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1644 +#: sssd.conf.5.xml:1645 msgid "" "Note: Please be aware that message is only printed for the SSH service " "unless pam_verbosity is set to 3 (show all messages and debug information)." @@ -2441,7 +2441,7 @@ msgstr "" "felsökningsinformation)." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1652 +#: sssd.conf.5.xml:1653 #, no-wrap msgid "" "pam_account_expired_message = Account expired, please contact help desk.\n" @@ -2451,12 +2451,12 @@ msgstr "" " " #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1661 +#: sssd.conf.5.xml:1662 msgid "pam_account_locked_message (string)" msgstr "pam_account_locked_message (sträng)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1664 +#: sssd.conf.5.xml:1665 msgid "" "Allows a custom lockout message to be set, replacing the default 'Permission " "denied' message." @@ -2465,7 +2465,7 @@ msgstr "" "standardmeddelandet ”åtkomst nekas”." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1671 +#: sssd.conf.5.xml:1672 #, no-wrap msgid "" "pam_account_locked_message = Account locked, please contact help desk.\n" @@ -2475,19 +2475,19 @@ msgstr "" " " #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1680 +#: sssd.conf.5.xml:1681 #, fuzzy #| msgid "pam_cert_auth (bool)" msgid "pam_passkey_auth (bool)" msgstr "pam_cert_auth (bool)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1683 +#: sssd.conf.5.xml:1684 msgid "Enable passkey device based authentication." msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1686 sssd.conf.5.xml:1697 sssd.conf.5.xml:1711 +#: sssd.conf.5.xml:1687 sssd.conf.5.xml:1698 sssd.conf.5.xml:1712 #: sssd-ldap.5.xml:671 sssd-ldap.5.xml:692 sssd-ldap.5.xml:788 #: sssd-ldap.5.xml:1293 sssd-ad.5.xml:505 sssd-ad.5.xml:581 sssd-ad.5.xml:1126 #: sssd-ad.5.xml:1175 include/ldap_id_mapping.xml:250 @@ -2495,22 +2495,22 @@ msgid "Default: False" msgstr "Standard: False" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1691 +#: sssd.conf.5.xml:1692 msgid "passkey_debug_libfido2 (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1694 +#: sssd.conf.5.xml:1695 msgid "Enable libfido2 library debug messages." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1702 +#: sssd.conf.5.xml:1703 msgid "pam_cert_auth (bool)" msgstr "pam_cert_auth (bool)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1705 +#: sssd.conf.5.xml:1706 msgid "" "Enable certificate based Smartcard authentication. Since this requires " "additional communication with the Smartcard which will delay the " @@ -2521,22 +2521,22 @@ msgstr "" "autentiseringsprocessen är detta alternativ avaktiverat som standard." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1716 +#: sssd.conf.5.xml:1717 msgid "pam_cert_db_path (string)" msgstr "pam_cert_db_path (sträng)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1719 +#: sssd.conf.5.xml:1720 msgid "The path to the certificate database." msgstr "Sökvägen till certifikatdatabasen." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1722 sssd.conf.5.xml:2247 sssd.conf.5.xml:4308 +#: sssd.conf.5.xml:1723 sssd.conf.5.xml:2248 sssd.conf.5.xml:4354 msgid "Default:" msgstr "Standard:" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1724 sssd.conf.5.xml:2249 +#: sssd.conf.5.xml:1725 sssd.conf.5.xml:2250 msgid "" "/etc/sssd/pki/sssd_auth_ca_db.pem (path to a file with trusted CA " "certificates in PEM format)" @@ -2545,12 +2545,12 @@ msgstr "" "certifikat i PEM-format)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1734 +#: sssd.conf.5.xml:1735 msgid "pam_cert_verification (string)" msgstr "pam_cert_verification (sträng)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1737 +#: sssd.conf.5.xml:1738 msgid "" "With this parameter the PAM certificate verification can be tuned with a " "comma separated list of options that override the " @@ -2564,7 +2564,7 @@ msgstr "" "Flaggor som stödjs är samma som för <quote>certificate_verification</quote>." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1748 +#: sssd.conf.5.xml:1749 #, no-wrap msgid "" "pam_cert_verification = partial_chain\n" @@ -2574,7 +2574,7 @@ msgstr "" " " #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1752 +#: sssd.conf.5.xml:1753 msgid "" "Default: not set, i.e. use default <quote>certificate_verification</quote> " "option defined in <quote>[sssd]</quote> section." @@ -2584,24 +2584,24 @@ msgstr "" "<quote>[sssd]</quote>." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1759 +#: sssd.conf.5.xml:1760 msgid "p11_child_timeout (integer)" msgstr "p11_child_timeout (heltal)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1762 +#: sssd.conf.5.xml:1763 msgid "How many seconds will pam_sss wait for p11_child to finish." msgstr "Hur många sekunder pam_sss kommer vänta på p11_child att avsluta." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1771 +#: sssd.conf.5.xml:1772 #, fuzzy #| msgid "p11_child_timeout (integer)" msgid "passkey_child_timeout (integer)" msgstr "p11_child_timeout (heltal)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1774 +#: sssd.conf.5.xml:1775 #, fuzzy #| msgid "How many seconds will pam_sss wait for p11_child to finish." msgid "" @@ -2609,12 +2609,12 @@ msgid "" msgstr "Hur många sekunder pam_sss kommer vänta på p11_child att avsluta." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1783 +#: sssd.conf.5.xml:1784 msgid "pam_app_services (string)" msgstr "pam_app_services (sträng)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1786 +#: sssd.conf.5.xml:1787 msgid "" "Which PAM services are permitted to contact domains of type " "<quote>application</quote>" @@ -2623,12 +2623,12 @@ msgstr "" "<quote>application</quote>" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1795 +#: sssd.conf.5.xml:1796 msgid "pam_p11_allowed_services (integer)" msgstr "pam_p11_allowed_services (heltal)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1798 +#: sssd.conf.5.xml:1799 msgid "" "A comma-separated list of PAM service names for which it will be allowed to " "use Smartcards." @@ -2637,7 +2637,7 @@ msgstr "" "tillåtet att använda smarta kort." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1813 +#: sssd.conf.5.xml:1814 #, no-wrap msgid "" "pam_p11_allowed_services = +my_pam_service, -login\n" @@ -2647,7 +2647,7 @@ msgstr "" " " #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1802 +#: sssd.conf.5.xml:1803 msgid "" "It is possible to add another PAM service name to the default set by using " "<quote>+service_name</quote> or to explicitly remove a PAM service name from " @@ -2667,63 +2667,63 @@ msgstr "" "type=\"programlisting\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1817 sssd-ad.5.xml:644 sssd-ad.5.xml:753 sssd-ad.5.xml:811 +#: sssd.conf.5.xml:1818 sssd-ad.5.xml:644 sssd-ad.5.xml:753 sssd-ad.5.xml:811 #: sssd-ad.5.xml:869 sssd-ad.5.xml:947 msgid "Default: the default set of PAM service names includes:" msgstr "Standard: standarduppsättningen av PAM-tjänstenamn innefattar:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1822 sssd-ad.5.xml:648 +#: sssd.conf.5.xml:1823 sssd-ad.5.xml:648 msgid "login" msgstr "login" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1827 sssd-ad.5.xml:653 +#: sssd.conf.5.xml:1828 sssd-ad.5.xml:653 msgid "su" msgstr "su" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1832 sssd-ad.5.xml:658 +#: sssd.conf.5.xml:1833 sssd-ad.5.xml:658 msgid "su-l" msgstr "su-l" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1837 sssd-ad.5.xml:673 +#: sssd.conf.5.xml:1838 sssd-ad.5.xml:673 msgid "gdm-smartcard" msgstr "gdm-smartcard" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1842 sssd-ad.5.xml:668 +#: sssd.conf.5.xml:1843 sssd-ad.5.xml:668 msgid "gdm-password" msgstr "gdm-password" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1847 sssd-ad.5.xml:678 +#: sssd.conf.5.xml:1848 sssd-ad.5.xml:678 msgid "kdm" msgstr "kdm" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1852 sssd-ad.5.xml:956 +#: sssd.conf.5.xml:1853 sssd-ad.5.xml:956 msgid "sudo" msgstr "sudo" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1857 sssd-ad.5.xml:961 +#: sssd.conf.5.xml:1858 sssd-ad.5.xml:961 msgid "sudo-i" msgstr "sudo-i" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1862 +#: sssd.conf.5.xml:1863 msgid "gnome-screensaver" msgstr "gnome-screensaver" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1870 +#: sssd.conf.5.xml:1871 msgid "p11_wait_for_card_timeout (integer)" msgstr "p11_wait_for_card_timeout (heltal)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1873 +#: sssd.conf.5.xml:1874 msgid "" "If Smartcard authentication is required how many extra seconds in addition " "to p11_child_timeout should the PAM responder wait until a Smartcard is " @@ -2733,12 +2733,12 @@ msgstr "" "p11_child_timeout PAM-respondenten skall vänta på att ett smartkort sätts in." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1884 +#: sssd.conf.5.xml:1885 msgid "p11_uri (string)" msgstr "p11_uri (sträng)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1887 +#: sssd.conf.5.xml:1888 msgid "" "PKCS#11 URI (see RFC-7512 for details) which can be used to restrict the " "selection of devices used for Smartcard authentication. By default SSSD's " @@ -2755,7 +2755,7 @@ msgstr "" "användas för att säga till p11_child att använda en specifik läsare." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1900 +#: sssd.conf.5.xml:1901 #, no-wrap msgid "" "p11_uri = pkcs11:slot-description=My%20Smartcard%20Reader\n" @@ -2765,7 +2765,7 @@ msgstr "" " " #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1904 +#: sssd.conf.5.xml:1905 #, no-wrap msgid "" "p11_uri = pkcs11:library-description=OpenSC%20smartcard%20framework;slot-id=2\n" @@ -2775,7 +2775,7 @@ msgstr "" " " #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1898 +#: sssd.conf.5.xml:1899 msgid "" "Example: <placeholder type=\"programlisting\" id=\"0\"/> or <placeholder " "type=\"programlisting\" id=\"1\"/> To find suitable URI please check the " @@ -2788,17 +2788,17 @@ msgstr "" "”p11tool” med t.ex. ”--list-all” visa även PKCS#11 URI:er." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1917 +#: sssd.conf.5.xml:1918 msgid "pam_initgroups_scheme" msgstr "pam_initgroups_scheme" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1925 +#: sssd.conf.5.xml:1926 msgid "always" msgstr "always" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1926 +#: sssd.conf.5.xml:1927 msgid "" "Always do an online lookup, please note that pam_id_timeout still applies" msgstr "" @@ -2806,12 +2806,12 @@ msgstr "" "fortfarande gäller" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1930 +#: sssd.conf.5.xml:1931 msgid "no_session" msgstr "no_session" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1931 +#: sssd.conf.5.xml:1932 msgid "" "Only do an online lookup if there is no active session of the user, i.e. if " "the user is currently not logged in" @@ -2820,12 +2820,12 @@ msgstr "" "användaren, d.v.s. om användaren inte är inloggad för närvarande" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1936 +#: sssd.conf.5.xml:1937 msgid "never" msgstr "never" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1937 +#: sssd.conf.5.xml:1938 msgid "" "Never force an online lookup, use the data from the cache as long as they " "are not expired" @@ -2834,7 +2834,7 @@ msgstr "" "inte har gått ut" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1920 +#: sssd.conf.5.xml:1921 msgid "" "The PAM responder can force an online lookup to get the current group " "memberships of the user trying to log in. This option controls when this " @@ -2847,17 +2847,17 @@ msgstr "" "<placeholder type=\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1944 +#: sssd.conf.5.xml:1945 msgid "Default: no_session" msgstr "Standard: no_session" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1949 sssd.conf.5.xml:4247 +#: sssd.conf.5.xml:1950 sssd.conf.5.xml:4293 msgid "pam_gssapi_services" msgstr "pam_gssapi_services" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1952 +#: sssd.conf.5.xml:1953 msgid "" "Comma separated list of PAM services that are allowed to try GSSAPI " "authentication using pam_sss_gss.so module." @@ -2866,7 +2866,7 @@ msgstr "" "autentisering med modulen pam_sss_gss.so." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1957 +#: sssd.conf.5.xml:1958 msgid "" "To disable GSSAPI authentication, set this option to <quote>-</quote> (dash)." msgstr "" @@ -2874,7 +2874,7 @@ msgstr "" "quote> (streck)." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1961 sssd.conf.5.xml:1992 sssd.conf.5.xml:2030 +#: sssd.conf.5.xml:1962 sssd.conf.5.xml:1993 sssd.conf.5.xml:2031 msgid "" "Note: This option can also be set per-domain which overwrites the value in " "[pam] section. It can also be set for trusted domain which overwrites the " @@ -2885,7 +2885,7 @@ msgstr "" "över värdet i domänsektionen." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1969 +#: sssd.conf.5.xml:1970 #, no-wrap msgid "" "pam_gssapi_services = sudo, sudo-i\n" @@ -2895,22 +2895,22 @@ msgstr "" " " #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1967 sssd.conf.5.xml:3899 +#: sssd.conf.5.xml:1968 sssd.conf.5.xml:3900 msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>" msgstr "Exempel: <placeholder type=\"programlisting\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1973 +#: sssd.conf.5.xml:1974 msgid "Default: - (GSSAPI authentication is disabled)" msgstr "Standard: - (GSSAPI-autentisering är avaktiverat)" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1978 sssd.conf.5.xml:4248 +#: sssd.conf.5.xml:1979 sssd.conf.5.xml:4294 msgid "pam_gssapi_check_upn" msgstr "pam_gssapi_check_upn" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1981 +#: sssd.conf.5.xml:1982 msgid "" "If True, SSSD will require that the Kerberos user principal that " "successfully authenticated through GSSAPI can be associated with the user " @@ -2921,7 +2921,7 @@ msgstr "" "Autentisering kommer misslyckas om kontrollen misslyckas." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1988 +#: sssd.conf.5.xml:1989 msgid "" "If False, every user that is able to obtained required service ticket will " "be authenticated." @@ -2930,18 +2930,18 @@ msgstr "" "autentiseras." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1998 sssd-ad.5.xml:1266 sss_rpcidmapd.5.xml:76 +#: sssd.conf.5.xml:1999 sssd-ad.5.xml:1266 sss_rpcidmapd.5.xml:76 #: sssd-files.5.xml:145 msgid "Default: True" msgstr "Standard: True" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2003 +#: sssd.conf.5.xml:2004 msgid "pam_gssapi_indicators_map" msgstr "pam_gssapi_indicators_map" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2006 +#: sssd.conf.5.xml:2007 msgid "" "Comma separated list of authentication indicators required to be present in " "a Kerberos ticket to access a PAM service that is allowed to try GSSAPI " @@ -2952,7 +2952,7 @@ msgstr "" "autentisering med modulen pam_sss_gss.so." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2012 +#: sssd.conf.5.xml:2013 msgid "" "Each element of the list can be either an authentication indicator name or a " "pair <quote>service:indicator</quote>. Indicators not prefixed with the PAM " @@ -2978,7 +2978,7 @@ msgstr "" "åtkomsten." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2025 +#: sssd.conf.5.xml:2026 msgid "" "To disable GSSAPI authentication indicator check, set this option to <quote>-" "</quote> (dash). To disable the check for a specific PAM service, add " @@ -2989,7 +2989,7 @@ msgstr "" "specifik PAM-tjänst, lägg till <quote>tjänst:-</quote>." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2036 +#: sssd.conf.5.xml:2037 msgid "" "Following authentication indicators are supported by IPA Kerberos " "deployments:" @@ -2997,7 +2997,7 @@ msgstr "" "Följande autentiseringsindikatorer stödjs av IPA-Kerberosinstallationer:" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2039 +#: sssd.conf.5.xml:2040 msgid "" "pkinit -- pre-authentication using X.509 certificates -- whether stored in " "files or on smart cards." @@ -3006,7 +3006,7 @@ msgstr "" "filer eller på smarta kort." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2042 +#: sssd.conf.5.xml:2043 msgid "" "hardened -- SPAKE pre-authentication or any pre-authentication wrapped in a " "FAST channel." @@ -3015,12 +3015,12 @@ msgstr "" "i en FAST-kanal." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2045 +#: sssd.conf.5.xml:2046 msgid "radius -- pre-authentication with the help of a RADIUS server." msgstr "radius — förautentisering med hjälp av en RADIUS-server." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2048 +#: sssd.conf.5.xml:2049 msgid "" "otp -- pre-authentication using integrated two-factor authentication (2FA or " "one-time password, OTP) in IPA." @@ -3029,12 +3029,12 @@ msgstr "" "(2FA eller engångslösenord, OTP) i IPA." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2051 +#: sssd.conf.5.xml:2052 msgid "idp -- pre-authentication using external identity provider." msgstr "idp — förautentisering med extern identitetsleverantör." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:2061 +#: sssd.conf.5.xml:2062 #, no-wrap msgid "" "pam_gssapi_indicators_map = sudo:pkinit, sudo-i:pkinit\n" @@ -3044,7 +3044,7 @@ msgstr "" " " #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2056 +#: sssd.conf.5.xml:2057 msgid "" "Example: to require access to SUDO services only for users which obtained " "their Kerberos tickets with a X.509 certificate pre-authentication (PKINIT), " @@ -3055,18 +3055,18 @@ msgstr "" "(PKINIT), sätt <placeholder type=\"programlisting\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2065 +#: sssd.conf.5.xml:2066 msgid "Default: not set (use of authentication indicators is not required)" msgstr "" "Standard: inte satt (användning av autentiseringsindikatorer krävs inte)" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:2073 +#: sssd.conf.5.xml:2074 msgid "SUDO configuration options" msgstr "SUDO-konfigurationsalternativ" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2075 +#: sssd.conf.5.xml:2076 msgid "" "These options can be used to configure the sudo service. The detailed " "instructions for configuration of <citerefentry> <refentrytitle>sudo</" @@ -3084,12 +3084,12 @@ msgstr "" "citerefentry>." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2092 +#: sssd.conf.5.xml:2093 msgid "sudo_timed (bool)" msgstr "sudo_timed (bool)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2095 +#: sssd.conf.5.xml:2096 msgid "" "Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes " "that implement time-dependent sudoers entries." @@ -3098,12 +3098,12 @@ msgstr "" "tidsberoende sudoers-poster skall evalueras eller inte." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2107 +#: sssd.conf.5.xml:2108 msgid "sudo_threshold (integer)" msgstr "sudo_threshold (heltal)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2110 +#: sssd.conf.5.xml:2111 msgid "" "Maximum number of expired rules that can be refreshed at once. If number of " "expired rules is below threshold, those rules are refreshed with " @@ -3118,22 +3118,22 @@ msgstr "" "gränsvärde gäller även IPA-sudo-kommandon och kommandogruppsökningar." #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:2129 +#: sssd.conf.5.xml:2130 msgid "AUTOFS configuration options" msgstr "AUTOFS-konfigurationsalternativ" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2131 +#: sssd.conf.5.xml:2132 msgid "These options can be used to configure the autofs service." msgstr "Dessa alternativ kan användas för att konfigurera tjänsten autofs." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2135 +#: sssd.conf.5.xml:2136 msgid "autofs_negative_timeout (integer)" msgstr "autofs_negative_timeout (heltal)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2138 +#: sssd.conf.5.xml:2139 msgid "" "Specifies for how many seconds should the autofs responder negative cache " "hits (that is, queries for invalid map entries, like nonexistent ones) " @@ -3144,22 +3144,22 @@ msgstr "" "finns) innan bakänden tillfrågas igen." #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:2154 +#: sssd.conf.5.xml:2155 msgid "SSH configuration options" msgstr "SSH-konfigurationsalternativ" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2156 +#: sssd.conf.5.xml:2157 msgid "These options can be used to configure the SSH service." msgstr "Dessa alternativ kan användas för att konfigurera tjänsten SSH." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2160 +#: sssd.conf.5.xml:2161 msgid "ssh_hash_known_hosts (bool)" msgstr "ssh_hash_known_hosts (bool)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2163 +#: sssd.conf.5.xml:2164 msgid "" "Whether or not to hash host names and addresses in the managed known_hosts " "file." @@ -3168,12 +3168,12 @@ msgstr "" "till kontrollsummor eller inte." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2172 +#: sssd.conf.5.xml:2173 msgid "ssh_known_hosts_timeout (integer)" msgstr "ssh_known_hosts_timeout (heltal)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2175 +#: sssd.conf.5.xml:2176 msgid "" "How many seconds to keep a host in the managed known_hosts file after its " "host keys were requested." @@ -3182,17 +3182,17 @@ msgstr "" "att dess värdnycklar begärdes." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2179 +#: sssd.conf.5.xml:2180 msgid "Default: 180" msgstr "Standard: 180" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2184 +#: sssd.conf.5.xml:2185 msgid "ssh_use_certificate_keys (bool)" msgstr "ssh_use_certificate_keys (bool)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2187 +#: sssd.conf.5.xml:2188 msgid "" "If set to true the <command>sss_ssh_authorizedkeys</command> will return ssh " "keys derived from the public key of X.509 certificates stored in the user " @@ -3206,12 +3206,12 @@ msgstr "" "manvolnum> </citerefentry> för detaljer." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2202 +#: sssd.conf.5.xml:2203 msgid "ssh_use_certificate_matching_rules (string)" msgstr "ssh_use_certificate_matching_rules (sträng)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2205 +#: sssd.conf.5.xml:2206 msgid "" "By default the ssh responder will use all available certificate matching " "rules to filter the certificates so that ssh keys are only derived from the " @@ -3226,7 +3226,7 @@ msgstr "" "regelnamn. Alla andra regler kommer ignoreras." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2214 +#: sssd.conf.5.xml:2215 msgid "" "There are two special key words 'all_rules' and 'no_rules' which will enable " "all or no rules, respectively. The latter means that no certificates will be " @@ -3238,7 +3238,7 @@ msgstr "" "certifikat." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2221 +#: sssd.conf.5.xml:2222 msgid "" "If no rules are configured using 'all_rules' will enable a default rule " "which enables all certificates suitable for client authentication. This is " @@ -3251,7 +3251,7 @@ msgstr "" "certifikatautentisering är aktiverat." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2228 +#: sssd.conf.5.xml:2229 msgid "" "A non-existing rule name is considered an error. If as a result no rule is " "selected all certificates will be ignored." @@ -3260,7 +3260,7 @@ msgstr "" "ingen regel blir vald kommer alla certifikat ignoreras." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2233 +#: sssd.conf.5.xml:2234 msgid "" "Default: not set, equivalent to 'all_rules', all found rules or the default " "rule are used" @@ -3269,12 +3269,12 @@ msgstr "" "standardregeln används" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2239 +#: sssd.conf.5.xml:2240 msgid "ca_db (string)" msgstr "ca_db (sträng)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2242 +#: sssd.conf.5.xml:2243 msgid "" "Path to a storage of trusted CA certificates. The option is used to validate " "user certificates before deriving public ssh keys from them." @@ -3283,12 +3283,12 @@ msgstr "" "validera användarcertifikat före publika ssh-nycklar härleds från dem." #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:2262 +#: sssd.conf.5.xml:2263 msgid "PAC responder configuration options" msgstr "PAC-respondentskonfigurationsalternativ" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2264 +#: sssd.conf.5.xml:2265 msgid "" "The PAC responder works together with the authorization data plugin for MIT " "Kerberos sssd_pac_plugin.so and a sub-domain provider. The plugin sends the " @@ -3306,7 +3306,7 @@ msgstr "" "kommer några av följande operationer att göras:" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2273 +#: sssd.conf.5.xml:2274 msgid "" "If the remote user does not exist in the cache, it is created. The UID is " "determined with the help of the SID, trusted domains will have UPGs and the " @@ -3322,7 +3322,7 @@ msgstr "" "skrivas över med parametern default_shell." #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2281 +#: sssd.conf.5.xml:2282 msgid "" "If there are SIDs of groups from domains sssd knows about, the user will be " "added to those groups." @@ -3331,17 +3331,17 @@ msgstr "" "användaren läggas till i dessa grupper." #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2287 +#: sssd.conf.5.xml:2288 msgid "These options can be used to configure the PAC responder." msgstr "Dessa alternativ kan användas för att konfigurera PAC-respondenten." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2291 sssd-ifp.5.xml:66 +#: sssd.conf.5.xml:2292 sssd-ifp.5.xml:66 msgid "allowed_uids (string)" msgstr "allowed_uids (sträng)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2294 +#: sssd.conf.5.xml:2295 msgid "" "Specifies the comma-separated list of UID values or user names that are " "allowed to access the PAC responder. User names are resolved to UIDs at " @@ -3352,12 +3352,12 @@ msgstr "" "uppstart." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2300 +#: sssd.conf.5.xml:2301 msgid "Default: 0 (only the root user is allowed to access the PAC responder)" msgstr "Standard: 0 (endast root-användaren tillåts komma åt PAC-respondenten)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2304 +#: sssd.conf.5.xml:2305 msgid "" "Please note that although the UID 0 is used as the default it will be " "overwritten with this option. If you still want to allow the root user to " @@ -3370,12 +3370,12 @@ msgstr "" "0 i listan av tillåtna AID:er." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2313 +#: sssd.conf.5.xml:2314 msgid "pac_lifetime (integer)" msgstr "pac_lifetime (heltal)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2316 +#: sssd.conf.5.xml:2317 msgid "" "Lifetime of the PAC entry in seconds. As long as the PAC is valid the PAC " "data can be used to determine the group memberships of a user." @@ -3384,12 +3384,12 @@ msgstr "" "datan användas för att avgöra gruppmedlemskap för en användare." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2326 +#: sssd.conf.5.xml:2327 msgid "pac_check (string)" msgstr "pac_check (sträng)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2329 +#: sssd.conf.5.xml:2330 msgid "" "Apply additional checks on the PAC of the Kerberos ticket which is available " "in Active Directory and FreeIPA domains, if configured. Please note that " @@ -3406,12 +3406,12 @@ msgstr "" "krb5_validate är satt till ”False” kommer PAC-kontrollerna hoppas över." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2343 +#: sssd.conf.5.xml:2344 msgid "no_check" msgstr "no_check" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2345 +#: sssd.conf.5.xml:2346 msgid "" "The PAC must not be present and even if it is present no additional checks " "will be done." @@ -3420,12 +3420,12 @@ msgstr "" "kontroller att göras." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2351 +#: sssd.conf.5.xml:2352 msgid "pac_present" msgstr "pac_present" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2353 +#: sssd.conf.5.xml:2354 msgid "" "The PAC must be present in the service ticket which SSSD will request with " "the help of the user's TGT. If the PAC is not available the authentication " @@ -3436,12 +3436,12 @@ msgstr "" "misslyckas." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2361 +#: sssd.conf.5.xml:2362 msgid "check_upn" msgstr "check_upn" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2363 +#: sssd.conf.5.xml:2364 msgid "" "If the PAC is present check if the user principal name (UPN) information is " "consistent." @@ -3450,12 +3450,12 @@ msgstr "" "(UPN) är konsistent." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2369 +#: sssd.conf.5.xml:2370 msgid "check_upn_allow_missing" msgstr "check_upn_allow_missing" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2371 +#: sssd.conf.5.xml:2372 msgid "" "This option should be used together with 'check_upn' and handles the case " "where a UPN is set on the server-side but is not read by SSSD. The typical " @@ -3474,7 +3474,7 @@ msgstr "" "inte längre någon anledning att sätta ”ldap_user_principal”." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2383 +#: sssd.conf.5.xml:2384 msgid "" "Currently this option is set by default to avoid regressions in such " "environments. A log message will be added to the system log and SSSD's debug " @@ -3492,22 +3492,22 @@ msgstr "" "loggmeddelandet." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2397 +#: sssd.conf.5.xml:2398 msgid "upn_dns_info_present" msgstr "upn_dns_info_present" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2399 +#: sssd.conf.5.xml:2400 msgid "The PAC must contain the UPN-DNS-INFO buffer, implies 'check_upn'." msgstr "PAC:en måste innehålla bufferten UPN-DNS-INFO, implicerar ”check_upn”." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2404 +#: sssd.conf.5.xml:2405 msgid "check_upn_dns_info_ex" msgstr "check_upn_dns_info_ex" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2406 +#: sssd.conf.5.xml:2407 msgid "" "If the PAC is present and the extension to the UPN-DNS-INFO buffer is " "available check if the information in the extension is consistent." @@ -3516,12 +3516,12 @@ msgstr "" "kontrollera om informationen i utökningen är konsistent." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2413 +#: sssd.conf.5.xml:2414 msgid "upn_dns_info_ex_present" msgstr "upn_dns_info_ex_present" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2415 +#: sssd.conf.5.xml:2416 msgid "" "The PAC must contain the extension of the UPN-DNS-INFO buffer, implies " "'check_upn_dns_info_ex', 'upn_dns_info_present' and 'check_upn'." @@ -3530,7 +3530,7 @@ msgstr "" "”check_upn_dns_info_ex”, ”upn_dns_info_present” och ”check_upn”." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2339 +#: sssd.conf.5.xml:2340 msgid "" "The following options can be used alone or in a comma-separated list: " "<placeholder type=\"variablelist\" id=\"0\"/>" @@ -3539,7 +3539,7 @@ msgstr "" "<placeholder type=\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2425 +#: sssd.conf.5.xml:2426 msgid "" "Default: no_check (AD and IPA provider 'check_upn, check_upn_allow_missing, " "check_upn_dns_info_ex')" @@ -3548,12 +3548,12 @@ msgstr "" "check_upn_allow_missing, check_upn_dns_info_ex”)" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:2434 +#: sssd.conf.5.xml:2435 msgid "Session recording configuration options" msgstr "Konfigurationsalternativ för inspelning av sessioner" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2436 +#: sssd.conf.5.xml:2437 msgid "" "Session recording works in conjunction with <citerefentry> " "<refentrytitle>tlog-rec-session</refentrytitle> <manvolnum>8</manvolnum> </" @@ -3569,33 +3569,33 @@ msgstr "" "manvolnum> </citerefentry>." #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2449 +#: sssd.conf.5.xml:2450 msgid "These options can be used to configure session recording." msgstr "" "Dessa alternativ kan användas för att konfigurera inspelning av sessioner." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2453 sssd-session-recording.5.xml:64 +#: sssd.conf.5.xml:2454 sssd-session-recording.5.xml:64 msgid "scope (string)" msgstr "scope (sträng)" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2460 sssd-session-recording.5.xml:71 +#: sssd.conf.5.xml:2461 sssd-session-recording.5.xml:71 msgid "\"none\"" msgstr "”none”" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2463 sssd-session-recording.5.xml:74 +#: sssd.conf.5.xml:2464 sssd-session-recording.5.xml:74 msgid "No users are recorded." msgstr "Inga användare spelas in." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2468 sssd-session-recording.5.xml:79 +#: sssd.conf.5.xml:2469 sssd-session-recording.5.xml:79 msgid "\"some\"" msgstr "”some”" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2471 sssd-session-recording.5.xml:82 +#: sssd.conf.5.xml:2472 sssd-session-recording.5.xml:82 msgid "" "Users/groups specified by <replaceable>users</replaceable> and " "<replaceable>groups</replaceable> options are recorded." @@ -3604,17 +3604,17 @@ msgstr "" "och <replaceable>groups</replaceable> spelas in." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2480 sssd-session-recording.5.xml:91 +#: sssd.conf.5.xml:2481 sssd-session-recording.5.xml:91 msgid "\"all\"" msgstr "”all”" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2483 sssd-session-recording.5.xml:94 +#: sssd.conf.5.xml:2484 sssd-session-recording.5.xml:94 msgid "All users are recorded." msgstr "Alla användare spelas in." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2456 sssd-session-recording.5.xml:67 +#: sssd.conf.5.xml:2457 sssd-session-recording.5.xml:67 msgid "" "One of the following strings specifying the scope of session recording: " "<placeholder type=\"variablelist\" id=\"0\"/>" @@ -3623,17 +3623,17 @@ msgstr "" "<placeholder type=\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2490 sssd-session-recording.5.xml:101 +#: sssd.conf.5.xml:2491 sssd-session-recording.5.xml:101 msgid "Default: \"none\"" msgstr "Standard: ”none”" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2495 sssd-session-recording.5.xml:106 +#: sssd.conf.5.xml:2496 sssd-session-recording.5.xml:106 msgid "users (string)" msgstr "users (sträng)" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2498 sssd-session-recording.5.xml:109 +#: sssd.conf.5.xml:2499 sssd-session-recording.5.xml:109 msgid "" "A comma-separated list of users which should have session recording enabled. " "Matches user names as returned by NSS. I.e. after the possible space " @@ -3644,17 +3644,17 @@ msgstr "" "efter eventuellt utbyte av mellanslag, ändring av skiftläge, etc." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2504 sssd-session-recording.5.xml:115 +#: sssd.conf.5.xml:2505 sssd-session-recording.5.xml:115 msgid "Default: Empty. Matches no users." msgstr "Standard: Tomt. Matchar inte några användare." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2509 sssd-session-recording.5.xml:120 +#: sssd.conf.5.xml:2510 sssd-session-recording.5.xml:120 msgid "groups (string)" msgstr "groups (sträng)" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2512 sssd-session-recording.5.xml:123 +#: sssd.conf.5.xml:2513 sssd-session-recording.5.xml:123 msgid "" "A comma-separated list of groups, members of which should have session " "recording enabled. Matches group names as returned by NSS. I.e. after the " @@ -3665,7 +3665,7 @@ msgstr "" "efter eventuellt utbyte av mellanslag, ändring av skiftläge, etc." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2518 sssd.conf.5.xml:2550 sssd-session-recording.5.xml:129 +#: sssd.conf.5.xml:2519 sssd.conf.5.xml:2551 sssd-session-recording.5.xml:129 #: sssd-session-recording.5.xml:161 msgid "" "NOTE: using this option (having it set to anything) has a considerable " @@ -3677,17 +3677,17 @@ msgstr "" "användare måste hämtas och matchas mot grupperna användaren är en medlem i." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2525 sssd-session-recording.5.xml:136 +#: sssd.conf.5.xml:2526 sssd-session-recording.5.xml:136 msgid "Default: Empty. Matches no groups." msgstr "Standard: Tom. Matchar inga grupper." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2530 sssd-session-recording.5.xml:141 +#: sssd.conf.5.xml:2531 sssd-session-recording.5.xml:141 msgid "exclude_users (string)" msgstr "exclude_users (sträng)" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2533 sssd-session-recording.5.xml:144 +#: sssd.conf.5.xml:2534 sssd-session-recording.5.xml:144 msgid "" "A comma-separated list of users to be excluded from recording, only " "applicable with 'scope=all'." @@ -3696,17 +3696,17 @@ msgstr "" "tillämpligt med ”scope=all”." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2537 sssd-session-recording.5.xml:148 +#: sssd.conf.5.xml:2538 sssd-session-recording.5.xml:148 msgid "Default: Empty. No users excluded." msgstr "Standard: Tomt. Inga användare uteslutna." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2542 sssd-session-recording.5.xml:153 +#: sssd.conf.5.xml:2543 sssd-session-recording.5.xml:153 msgid "exclude_groups (string)" msgstr "exclude_groups (sträng)" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2545 sssd-session-recording.5.xml:156 +#: sssd.conf.5.xml:2546 sssd-session-recording.5.xml:156 msgid "" "A comma-separated list of groups, members of which should be excluded from " "recording. Only applicable with 'scope=all'." @@ -3715,22 +3715,22 @@ msgstr "" "inspelning. Endast tillämpligt med ”scope=all”." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2557 sssd-session-recording.5.xml:168 +#: sssd.conf.5.xml:2558 sssd-session-recording.5.xml:168 msgid "Default: Empty. No groups excluded." msgstr "Standard: Tom. Inga grupper uteslutna." #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:2567 +#: sssd.conf.5.xml:2568 msgid "DOMAIN SECTIONS" msgstr "DOMÄNSEKTIONER" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2574 +#: sssd.conf.5.xml:2575 msgid "enabled" msgstr "aktiverat" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2577 +#: sssd.conf.5.xml:2578 msgid "" "Explicitly enable or disable the domain. If <quote>true</quote>, the domain " "is always <quote>enabled</quote>. If <quote>false</quote>, the domain is " @@ -3745,12 +3745,12 @@ msgstr "" "quote>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2589 +#: sssd.conf.5.xml:2590 msgid "domain_type (string)" msgstr "domain_type (sträng)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2592 +#: sssd.conf.5.xml:2593 msgid "" "Specifies whether the domain is meant to be used by POSIX-aware clients such " "as the Name Service Switch or by applications that do not need POSIX data to " @@ -3763,7 +3763,7 @@ msgstr "" "operativsystemets gränssnitt och verktyg." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2600 +#: sssd.conf.5.xml:2601 msgid "" "Allowed values for this option are <quote>posix</quote> and " "<quote>application</quote>." @@ -3772,7 +3772,7 @@ msgstr "" "<quote>application</quote>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2604 +#: sssd.conf.5.xml:2605 msgid "" "POSIX domains are reachable by all services. Application domains are only " "reachable from the InfoPipe responder (see <citerefentry> " @@ -3785,7 +3785,7 @@ msgstr "" "respondenten." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2612 +#: sssd.conf.5.xml:2613 msgid "" "NOTE: The application domains are currently well tested with " "<quote>id_provider=ldap</quote> only." @@ -3794,7 +3794,7 @@ msgstr "" "<quote>id_provider=ldap</quote>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2616 +#: sssd.conf.5.xml:2617 msgid "" "For an easy way to configure a non-POSIX domains, please see the " "<quote>Application domains</quote> section." @@ -3803,17 +3803,17 @@ msgstr "" "<quote>Programdomäner</quote>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2620 +#: sssd.conf.5.xml:2621 msgid "Default: posix" msgstr "Standard: posix" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2626 +#: sssd.conf.5.xml:2627 msgid "min_id,max_id (integer)" msgstr "min_id,max_id (heltal)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2629 +#: sssd.conf.5.xml:2630 msgid "" "UID and GID limits for the domain. If a domain contains an entry that is " "outside these limits, it is ignored." @@ -3822,7 +3822,7 @@ msgstr "" "utanför dessa gränser ignoreras den." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2634 +#: sssd.conf.5.xml:2635 msgid "" "For users, this affects the primary GID limit. The user will not be returned " "to NSS if either the UID or the primary GID is outside the range. For non-" @@ -3835,7 +3835,7 @@ msgstr "" "ligger i intervallet rapporteras som förväntat." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2641 +#: sssd.conf.5.xml:2642 msgid "" "These ID limits affect even saving entries to cache, not only returning them " "by name or ID." @@ -3844,17 +3844,17 @@ msgstr "" "när de returneras via namn eller ID." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2645 +#: sssd.conf.5.xml:2646 msgid "Default: 1 for min_id, 0 (no limit) for max_id" msgstr "Standard: 1 för min_id, 0 (ingen gräns) för max_id" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2651 +#: sssd.conf.5.xml:2652 msgid "enumerate (bool)" msgstr "enumerate (bool)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2654 +#: sssd.conf.5.xml:2655 msgid "" "Determines if a domain can be enumerated, that is, whether the domain can " "list all the users and group it contains. Note that it is not required to " @@ -3867,22 +3867,22 @@ msgstr "" "Denna parameter kan ha ett av följande värden:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2662 +#: sssd.conf.5.xml:2663 msgid "TRUE = Users and groups are enumerated" msgstr "TRUE = Användare och grupper räknas upp" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2665 +#: sssd.conf.5.xml:2666 msgid "FALSE = No enumerations for this domain" msgstr "FALSE = Inga uppräkningar för denna domän" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2668 sssd.conf.5.xml:2942 sssd.conf.5.xml:3119 +#: sssd.conf.5.xml:2669 sssd.conf.5.xml:2943 sssd.conf.5.xml:3120 msgid "Default: FALSE" msgstr "Standard: FALSE" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2671 +#: sssd.conf.5.xml:2672 msgid "" "Enumerating a domain requires SSSD to download and store ALL user and group " "entries from the remote server." @@ -3891,7 +3891,7 @@ msgstr "" "grupposter från fjärrservern." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2676 +#: sssd.conf.5.xml:2677 msgid "" "Note: Enabling enumeration has a moderate performance impact on SSSD while " "enumeration is running. It may take up to several minutes after SSSD startup " @@ -3914,7 +3914,7 @@ msgstr "" "med startas om av den interna vakthunden." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2691 +#: sssd.conf.5.xml:2692 msgid "" "While the first enumeration is running, requests for the complete user or " "group lists may return no results until it completes." @@ -3923,7 +3923,7 @@ msgstr "" "användar- eller grupplistan returnera utan resultat tills den är färdig." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2696 +#: sssd.conf.5.xml:2697 msgid "" "Further, enabling enumeration may increase the time necessary to detect " "network disconnection, as longer timeouts are required to ensure that " @@ -3936,7 +3936,7 @@ msgstr "" "information, se manualsidorna för den specifika id-leverantören som används." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2704 +#: sssd.conf.5.xml:2705 msgid "" "For the reasons cited above, enabling enumeration is not recommended, " "especially in large environments." @@ -3945,32 +3945,32 @@ msgstr "" "stora miljöer." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2712 +#: sssd.conf.5.xml:2713 msgid "subdomain_enumerate (string)" msgstr "subdomain_enumerate (sträng)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2719 +#: sssd.conf.5.xml:2720 msgid "all" msgstr "all" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2720 +#: sssd.conf.5.xml:2721 msgid "All discovered trusted domains will be enumerated" msgstr "Alla upptäckta betrodda domäner kommer räknas upp" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2723 +#: sssd.conf.5.xml:2724 msgid "none" msgstr "none" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2724 +#: sssd.conf.5.xml:2725 msgid "No discovered trusted domains will be enumerated" msgstr "Inga upptäckta betrodda domäner kommer räknas upp" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2715 +#: sssd.conf.5.xml:2716 msgid "" "Whether any of autodetected trusted domains should be enumerated. The " "supported values are: <placeholder type=\"variablelist\" id=\"0\"/> " @@ -3983,12 +3983,12 @@ msgstr "" "bara för dessa betrodda domäner." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2738 +#: sssd.conf.5.xml:2739 msgid "entry_cache_timeout (integer)" msgstr "entry_cache_timeout (heltal)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2741 +#: sssd.conf.5.xml:2742 msgid "" "How many seconds should nss_sss consider entries valid before asking the " "backend again" @@ -3997,7 +3997,7 @@ msgstr "" "bakänden igen" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2745 +#: sssd.conf.5.xml:2746 msgid "" "The cache expiration timestamps are stored as attributes of individual " "objects in the cache. Therefore, changing the cache timeout only has effect " @@ -4014,17 +4014,17 @@ msgstr "" "redan har cachats." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2758 +#: sssd.conf.5.xml:2759 msgid "Default: 5400" msgstr "Standard: 5400" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2764 +#: sssd.conf.5.xml:2765 msgid "entry_cache_user_timeout (integer)" msgstr "entry_cache_user_timeout (heltal)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2767 +#: sssd.conf.5.xml:2768 msgid "" "How many seconds should nss_sss consider user entries valid before asking " "the backend again" @@ -4033,19 +4033,19 @@ msgstr "" "bakänden igen" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2771 sssd.conf.5.xml:2784 sssd.conf.5.xml:2797 -#: sssd.conf.5.xml:2810 sssd.conf.5.xml:2824 sssd.conf.5.xml:2837 -#: sssd.conf.5.xml:2851 sssd.conf.5.xml:2865 sssd.conf.5.xml:2878 +#: sssd.conf.5.xml:2772 sssd.conf.5.xml:2785 sssd.conf.5.xml:2798 +#: sssd.conf.5.xml:2811 sssd.conf.5.xml:2825 sssd.conf.5.xml:2838 +#: sssd.conf.5.xml:2852 sssd.conf.5.xml:2866 sssd.conf.5.xml:2879 msgid "Default: entry_cache_timeout" msgstr "Standard: entry_cache_timeout" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2777 +#: sssd.conf.5.xml:2778 msgid "entry_cache_group_timeout (integer)" msgstr "entry_cache_group_timeout (heltal)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2780 +#: sssd.conf.5.xml:2781 msgid "" "How many seconds should nss_sss consider group entries valid before asking " "the backend again" @@ -4054,12 +4054,12 @@ msgstr "" "bakänden igen" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2790 +#: sssd.conf.5.xml:2791 msgid "entry_cache_netgroup_timeout (integer)" msgstr "entry_cache_netgroup_timeout (heltal)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2793 +#: sssd.conf.5.xml:2794 msgid "" "How many seconds should nss_sss consider netgroup entries valid before " "asking the backend again" @@ -4068,12 +4068,12 @@ msgstr "" "frågar bakänden igen" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2803 +#: sssd.conf.5.xml:2804 msgid "entry_cache_service_timeout (integer)" msgstr "entry_cache_service_timeout (heltal)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2806 +#: sssd.conf.5.xml:2807 msgid "" "How many seconds should nss_sss consider service entries valid before asking " "the backend again" @@ -4082,12 +4082,12 @@ msgstr "" "bakänden igen" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2816 +#: sssd.conf.5.xml:2817 msgid "entry_cache_resolver_timeout (integer)" msgstr "entry_cache_resolver_timeout (heltal)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2819 +#: sssd.conf.5.xml:2820 msgid "" "How many seconds should nss_sss consider hosts and networks entries valid " "before asking the backend again" @@ -4096,12 +4096,12 @@ msgstr "" "den frågar bakänden igen" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2830 +#: sssd.conf.5.xml:2831 msgid "entry_cache_sudo_timeout (integer)" msgstr "entry_cache_sudo_timeout (heltal)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2833 +#: sssd.conf.5.xml:2834 msgid "" "How many seconds should sudo consider rules valid before asking the backend " "again" @@ -4110,12 +4110,12 @@ msgstr "" "igen" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2843 +#: sssd.conf.5.xml:2844 msgid "entry_cache_autofs_timeout (integer)" msgstr "entry_cache_autofs_timeout (heltal)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2846 +#: sssd.conf.5.xml:2847 msgid "" "How many seconds should the autofs service consider automounter maps valid " "before asking the backend again" @@ -4124,12 +4124,12 @@ msgstr "" "giltiga före den frågar bakänden igen" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2857 +#: sssd.conf.5.xml:2858 msgid "entry_cache_ssh_host_timeout (integer)" msgstr "entry_cache_ssh_host_timeout (heltal)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2860 +#: sssd.conf.5.xml:2861 msgid "" "How many seconds to keep a host ssh key after refresh. IE how long to cache " "the host key for." @@ -4138,12 +4138,12 @@ msgstr "" "hur länge värdnyckeln skall cachas." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2871 +#: sssd.conf.5.xml:2872 msgid "entry_cache_computer_timeout (integer)" msgstr "entry_cache_computer_timeout (heltal)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2874 +#: sssd.conf.5.xml:2875 msgid "" "How many seconds to keep the local computer entry before asking the backend " "again" @@ -4152,12 +4152,12 @@ msgstr "" "igen" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2884 +#: sssd.conf.5.xml:2885 msgid "refresh_expired_interval (integer)" msgstr "refresh_expired_interval (heltal)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2887 +#: sssd.conf.5.xml:2888 msgid "" "Specifies how many seconds SSSD has to wait before triggering a background " "refresh task which will refresh all expired or nearly expired records." @@ -4167,7 +4167,7 @@ msgstr "" "utgångna poster." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2892 +#: sssd.conf.5.xml:2893 msgid "" "The background refresh will process users, groups and netgroups in the " "cache. For users who have performed the initgroups (get group membership for " @@ -4180,17 +4180,17 @@ msgstr "" "uppdateras både användarposten och gruppmedlemskapet." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2900 +#: sssd.conf.5.xml:2901 msgid "This option is automatically inherited for all trusted domains." msgstr "Denna flagga ärvs automatiskt för alla betrodda domäner." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2904 +#: sssd.conf.5.xml:2905 msgid "You can consider setting this value to 3/4 * entry_cache_timeout." msgstr "Du kan överväga att sätta detta värde till ¾ · entry_cache_timeout." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2908 +#: sssd.conf.5.xml:2909 msgid "" "Cache entry will be refreshed by background task when 2/3 of cache timeout " "has already passed. If there are existing cached entries, the background " @@ -4210,18 +4210,18 @@ msgstr "" "vilja manuellt invalidera den befintliga cachen." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2921 sssd-ldap.5.xml:360 sssd-ldap.5.xml:1736 +#: sssd.conf.5.xml:2922 sssd-ldap.5.xml:360 sssd-ldap.5.xml:1736 #: sssd-ipa.5.xml:270 msgid "Default: 0 (disabled)" msgstr "Standard: 0 (avaktiverat)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2927 +#: sssd.conf.5.xml:2928 msgid "cache_credentials (bool)" msgstr "cache_credentials (bool)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2930 +#: sssd.conf.5.xml:2931 #, fuzzy #| msgid "" #| "Determines if user credentials are also cached in the local LDB cache" @@ -4229,7 +4229,7 @@ msgid "Determines if user credentials are also cached in the local LDB cache." msgstr "Bestämmer om användarkreditiv också cachas i den lokala LDB-cachen" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2934 +#: sssd.conf.5.xml:2935 msgid "" "Take a note that while credentials are stored as a salted SHA512 hash, this " "still potentially poses some security risk in case an attacker manages to " @@ -4238,12 +4238,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2948 +#: sssd.conf.5.xml:2949 msgid "cache_credentials_minimal_first_factor_length (int)" msgstr "cache_credentials_minimal_first_factor_length (heltal)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2951 +#: sssd.conf.5.xml:2952 msgid "" "If 2-Factor-Authentication (2FA) is used and credentials should be saved " "this value determines the minimal length the first authentication factor " @@ -4254,7 +4254,7 @@ msgstr "" "lösenord) måste ha för att sparas som en SHA512-kontrollsumma i cachen." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2958 +#: sssd.conf.5.xml:2959 msgid "" "This should avoid that the short PINs of a PIN based 2FA scheme are saved in " "the cache which would make them easy targets for brute-force attacks." @@ -4264,12 +4264,12 @@ msgstr "" "attacker." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2969 +#: sssd.conf.5.xml:2970 msgid "account_cache_expiration (integer)" msgstr "account_cache_expiration (heltal)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2972 +#: sssd.conf.5.xml:2973 msgid "" "Number of days entries are left in cache after last successful login before " "being removed during a cleanup of the cache. 0 means keep forever. The " @@ -4282,17 +4282,17 @@ msgstr "" "offline_credentials_expiration." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2979 +#: sssd.conf.5.xml:2980 msgid "Default: 0 (unlimited)" msgstr "Standard: 0 (obegränsat)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2984 +#: sssd.conf.5.xml:2985 msgid "pwd_expiration_warning (integer)" msgstr "pwd_expiration_warning (heltal)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2995 +#: sssd.conf.5.xml:2996 msgid "" "Please note that the backend server has to provide information about the " "expiration time of the password. If this information is missing, sssd " @@ -4304,17 +4304,17 @@ msgstr "" "Dessutom måste en autentiseringsleverantör ha konfigurerats för bakänden." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3002 +#: sssd.conf.5.xml:3003 msgid "Default: 7 (Kerberos), 0 (LDAP)" msgstr "Standard: 7 (Kerberos), 0 (LDAP)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3008 +#: sssd.conf.5.xml:3009 msgid "id_provider (string)" msgstr "id_provider (sträng)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3011 +#: sssd.conf.5.xml:3012 msgid "" "The identification provider used for the domain. Supported ID providers are:" msgstr "" @@ -4322,12 +4322,12 @@ msgstr "" "stödjs är:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3015 +#: sssd.conf.5.xml:3016 msgid "<quote>proxy</quote>: Support a legacy NSS provider." msgstr "<quote>proxy</quote>: Stöd en tidigare NSS-leverantör." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3018 +#: sssd.conf.5.xml:3019 msgid "" "<quote>files</quote>: FILES provider. See <citerefentry> <refentrytitle>sssd-" "files</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more " @@ -4338,7 +4338,7 @@ msgstr "" "information om hur lokala användare och grupper kan speglas in i SSSD." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3026 +#: sssd.conf.5.xml:3027 msgid "" "<quote>ldap</quote>: LDAP provider. See <citerefentry> <refentrytitle>sssd-" "ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more " @@ -4349,8 +4349,8 @@ msgstr "" "information om att konfigurera LDAP." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3034 sssd.conf.5.xml:3145 sssd.conf.5.xml:3196 -#: sssd.conf.5.xml:3259 +#: sssd.conf.5.xml:3035 sssd.conf.5.xml:3146 sssd.conf.5.xml:3197 +#: sssd.conf.5.xml:3260 msgid "" "<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management " "provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> " @@ -4363,8 +4363,8 @@ msgstr "" "konfigurera FreeIPA." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3043 sssd.conf.5.xml:3154 sssd.conf.5.xml:3205 -#: sssd.conf.5.xml:3268 +#: sssd.conf.5.xml:3044 sssd.conf.5.xml:3155 sssd.conf.5.xml:3206 +#: sssd.conf.5.xml:3269 msgid "" "<quote>ad</quote>: Active Directory provider. See <citerefentry> " "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </" @@ -4375,12 +4375,12 @@ msgstr "" "citerefentry> för mer information om att konfigurera Active Directory." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3054 +#: sssd.conf.5.xml:3055 msgid "use_fully_qualified_names (bool)" msgstr "use_fully_qualified_names (bool)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3057 +#: sssd.conf.5.xml:3058 msgid "" "Use the full name and domain (as formatted by the domain's full_name_format) " "as the user's login name reported to NSS." @@ -4389,7 +4389,7 @@ msgstr "" "full_name_format) som användarens inloggningsnamn rapporterat till NSS." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3062 +#: sssd.conf.5.xml:3063 msgid "" "If set to TRUE, all requests to this domain must use fully qualified names. " "For example, if used in LOCAL domain that contains a \"test\" user, " @@ -4403,7 +4403,7 @@ msgstr "" "command> skulle det." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3070 +#: sssd.conf.5.xml:3071 msgid "" "NOTE: This option has no effect on netgroup lookups due to their tendency to " "include nested netgroups without qualified names. For netgroups, all domains " @@ -4415,7 +4415,7 @@ msgstr "" "namn begärs." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3077 +#: sssd.conf.5.xml:3078 msgid "" "Default: FALSE (TRUE for trusted domain/sub-domains or if " "default_domain_suffix is used)" @@ -4424,17 +4424,17 @@ msgstr "" "default_domain_suffix används)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3084 +#: sssd.conf.5.xml:3085 msgid "ignore_group_members (bool)" msgstr "ignore_group_members (bool)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3087 +#: sssd.conf.5.xml:3088 msgid "Do not return group members for group lookups." msgstr "Returnera inte gruppmedlemmar för gruppuppslagningar." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3090 +#: sssd.conf.5.xml:3091 msgid "" "If set to TRUE, the group membership attribute is not requested from the " "ldap server, and group members are not returned when processing group lookup " @@ -4453,7 +4453,7 @@ msgstr "" "som om den vore tom." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3108 +#: sssd.conf.5.xml:3109 msgid "" "Enabling this option can also make access provider checks for group " "membership significantly faster, especially for groups containing many " @@ -4464,7 +4464,7 @@ msgstr "" "innehåller många medlemmar." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3114 sssd.conf.5.xml:3821 sssd-ldap.5.xml:326 +#: sssd.conf.5.xml:3115 sssd.conf.5.xml:3822 sssd-ldap.5.xml:326 #: sssd-ldap.5.xml:355 sssd-ldap.5.xml:408 sssd-ldap.5.xml:468 #: sssd-ldap.5.xml:489 sssd-ldap.5.xml:520 sssd-ldap.5.xml:543 #: sssd-ldap.5.xml:582 sssd-ldap.5.xml:601 sssd-ldap.5.xml:625 @@ -4477,12 +4477,12 @@ msgstr "" "<emphasis>subdomain_inherit</emphasis>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3124 +#: sssd.conf.5.xml:3125 msgid "auth_provider (string)" msgstr "auth_provider (sträng)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3127 +#: sssd.conf.5.xml:3128 msgid "" "The authentication provider used for the domain. Supported auth providers " "are:" @@ -4491,7 +4491,7 @@ msgstr "" "är:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3131 sssd.conf.5.xml:3189 +#: sssd.conf.5.xml:3132 sssd.conf.5.xml:3190 msgid "" "<quote>ldap</quote> for native LDAP authentication. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" @@ -4502,7 +4502,7 @@ msgstr "" "citerefentry> för mer information om att konfigurera LDAP." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3138 +#: sssd.conf.5.xml:3139 msgid "" "<quote>krb5</quote> for Kerberos authentication. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" @@ -4513,7 +4513,7 @@ msgstr "" "citerefentry> för mer information om att konfigurera Kerberos." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3162 +#: sssd.conf.5.xml:3163 msgid "" "<quote>proxy</quote> for relaying authentication to some other PAM target." msgstr "" @@ -4521,12 +4521,12 @@ msgstr "" "PAM-mål." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3165 +#: sssd.conf.5.xml:3166 msgid "<quote>none</quote> disables authentication explicitly." msgstr "<quote>none</quote> avaktiverar explicit autentisering." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3168 +#: sssd.conf.5.xml:3169 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can handle " "authentication requests." @@ -4535,12 +4535,12 @@ msgstr "" "autentiseringsbegäranden." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3174 +#: sssd.conf.5.xml:3175 msgid "access_provider (string)" msgstr "access_provider (sträng)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3177 +#: sssd.conf.5.xml:3178 msgid "" "The access control provider used for the domain. There are two built-in " "access providers (in addition to any included in installed backends) " @@ -4551,7 +4551,7 @@ msgstr "" "Interna specialleverantörer är:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3183 +#: sssd.conf.5.xml:3184 msgid "" "<quote>permit</quote> always allow access. It's the only permitted access " "provider for a local domain." @@ -4560,12 +4560,12 @@ msgstr "" "åtkomstleverantören för en lokal domän." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3186 +#: sssd.conf.5.xml:3187 msgid "<quote>deny</quote> always deny access." msgstr "<quote>deny</quote> neka alltid åtkomst." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3213 +#: sssd.conf.5.xml:3214 msgid "" "<quote>simple</quote> access control based on access or deny lists. See " "<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</" @@ -4578,7 +4578,7 @@ msgstr "" "konfigurera åtkomstmodulen simple." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3220 +#: sssd.conf.5.xml:3221 msgid "" "<quote>krb5</quote>: .k5login based access control. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum></" @@ -4589,24 +4589,24 @@ msgstr "" "citerefentry> för mer information om att konfigurera Kerberos." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3227 +#: sssd.conf.5.xml:3228 msgid "<quote>proxy</quote> for relaying access control to another PAM module." msgstr "" "<quote>proxy</quote> för att skicka vidare åtkomstkontroll till någon annan " "PAM-modul." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3230 +#: sssd.conf.5.xml:3231 msgid "Default: <quote>permit</quote>" msgstr "Standard: <quote>permit</quote>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3235 +#: sssd.conf.5.xml:3236 msgid "chpass_provider (string)" msgstr "chpass_provider (sträng)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3238 +#: sssd.conf.5.xml:3239 msgid "" "The provider which should handle change password operations for the domain. " "Supported change password providers are:" @@ -4615,7 +4615,7 @@ msgstr "" "av lösenordsändring som stödjs är:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3243 +#: sssd.conf.5.xml:3244 msgid "" "<quote>ldap</quote> to change a password stored in a LDAP server. See " "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" @@ -4626,7 +4626,7 @@ msgstr "" "manvolnum> </citerefentry> för mer information om att konfigurera LDAP." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3251 +#: sssd.conf.5.xml:3252 msgid "" "<quote>krb5</quote> to change the Kerberos password. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" @@ -4637,7 +4637,7 @@ msgstr "" "citerefentry> för mer information om att konfigurera Kerberos." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3276 +#: sssd.conf.5.xml:3277 msgid "" "<quote>proxy</quote> for relaying password changes to some other PAM target." msgstr "" @@ -4645,12 +4645,12 @@ msgstr "" "annat PAM-mål." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3280 +#: sssd.conf.5.xml:3281 msgid "<quote>none</quote> disallows password changes explicitly." msgstr "<quote>none</quote> tillåter uttryckligen inte lösenordsändringar." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3283 +#: sssd.conf.5.xml:3284 msgid "" "Default: <quote>auth_provider</quote> is used if it is set and can handle " "change password requests." @@ -4659,18 +4659,18 @@ msgstr "" "hantera begäranden om ändring av lösenord." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3290 +#: sssd.conf.5.xml:3291 msgid "sudo_provider (string)" msgstr "sudo_provider (sträng)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3293 +#: sssd.conf.5.xml:3294 msgid "The SUDO provider used for the domain. Supported SUDO providers are:" msgstr "" "SUDO-leverantören som används för domänen. SUDO-leverantörer som stödjs är:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3297 +#: sssd.conf.5.xml:3298 msgid "" "<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" @@ -4681,7 +4681,7 @@ msgstr "" "citerefentry> för mer information om att konfigurera LDAP." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3305 +#: sssd.conf.5.xml:3306 msgid "" "<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default " "settings." @@ -4690,7 +4690,7 @@ msgstr "" "standardsinställningar för IPA." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3309 +#: sssd.conf.5.xml:3310 msgid "" "<quote>ad</quote> the same as <quote>ldap</quote> but with AD default " "settings." @@ -4699,18 +4699,18 @@ msgstr "" "standardsinställningar för AD." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3313 +#: sssd.conf.5.xml:3314 msgid "<quote>none</quote> disables SUDO explicitly." msgstr "<quote>none</quote> avaktiverar explicit SUDO." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3316 sssd.conf.5.xml:3402 sssd.conf.5.xml:3472 -#: sssd.conf.5.xml:3497 sssd.conf.5.xml:3533 +#: sssd.conf.5.xml:3317 sssd.conf.5.xml:3403 sssd.conf.5.xml:3473 +#: sssd.conf.5.xml:3498 sssd.conf.5.xml:3534 msgid "Default: The value of <quote>id_provider</quote> is used if it is set." msgstr "Standard: värdet på <quote>id_provider</quote> används om det är satt." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3320 +#: sssd.conf.5.xml:3321 msgid "" "The detailed instructions for configuration of sudo_provider are in the " "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " @@ -4727,7 +4727,7 @@ msgstr "" "<manvolnum>5</manvolnum> </citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3335 +#: sssd.conf.5.xml:3336 msgid "" "<emphasis>NOTE:</emphasis> Sudo rules are periodically downloaded in the " "background unless the sudo provider is explicitly disabled. Set " @@ -4740,12 +4740,12 @@ msgstr "" "relaterad aktivitet i SSSD om du inte vill använda sudo med SSSD alls." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3345 +#: sssd.conf.5.xml:3346 msgid "selinux_provider (string)" msgstr "selinux_provider (sträng)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3348 +#: sssd.conf.5.xml:3349 msgid "" "The provider which should handle loading of selinux settings. Note that this " "provider will be called right after access provider ends. Supported selinux " @@ -4756,7 +4756,7 @@ msgstr "" "åtkomstleverantören avslutar. Selinux-leverantörer som stödjs är:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3354 +#: sssd.conf.5.xml:3355 msgid "" "<quote>ipa</quote> to load selinux settings from an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" @@ -4767,14 +4767,14 @@ msgstr "" "manvolnum> </citerefentry> för mer information om att konfigurera IPA." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3362 +#: sssd.conf.5.xml:3363 msgid "<quote>none</quote> disallows fetching selinux settings explicitly." msgstr "" "<quote>none</quote> tillåter uttryckligen inte att hämta selinux-" "inställningar." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3365 +#: sssd.conf.5.xml:3366 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can handle " "selinux loading requests." @@ -4783,12 +4783,12 @@ msgstr "" "begäranden om inläsning av selinux." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3371 +#: sssd.conf.5.xml:3372 msgid "subdomains_provider (string)" msgstr "subdomains_provider (sträng)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3374 +#: sssd.conf.5.xml:3375 msgid "" "The provider which should handle fetching of subdomains. This value should " "be always the same as id_provider. Supported subdomain providers are:" @@ -4797,7 +4797,7 @@ msgstr "" "alltid vara samma som id_provider. Underdomänsleverantörer som stödjs är:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3380 +#: sssd.conf.5.xml:3381 msgid "" "<quote>ipa</quote> to load a list of subdomains from an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" @@ -4809,7 +4809,7 @@ msgstr "" "konfigurera IPA." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3389 +#: sssd.conf.5.xml:3390 msgid "" "<quote>ad</quote> to load a list of subdomains from an Active Directory " "server. See <citerefentry> <refentrytitle>sssd-ad</refentrytitle> " @@ -4822,17 +4822,17 @@ msgstr "" "konfigurera AD-leverantören." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3398 +#: sssd.conf.5.xml:3399 msgid "<quote>none</quote> disallows fetching subdomains explicitly." msgstr "<quote>none</quote> tillåter uttryckligen inte att hämta underdomäner." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3408 +#: sssd.conf.5.xml:3409 msgid "session_provider (string)" msgstr "session_provider (sträng)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3411 +#: sssd.conf.5.xml:3412 msgid "" "The provider which configures and manages user session related tasks. The " "only user session task currently provided is the integration with Fleet " @@ -4844,14 +4844,14 @@ msgstr "" "med IPA. Sessionsleverantörer som stödjs är:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3418 +#: sssd.conf.5.xml:3419 msgid "<quote>ipa</quote> to allow performing user session related tasks." msgstr "" "<quote>ipa</quote> för att utföra uppgifter relaterade till " "användarsessioner." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3422 +#: sssd.conf.5.xml:3423 msgid "" "<quote>none</quote> does not perform any kind of user session related tasks." msgstr "" @@ -4859,7 +4859,7 @@ msgstr "" "användarsessioner." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3426 +#: sssd.conf.5.xml:3427 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can perform " "session related tasks." @@ -4868,7 +4868,7 @@ msgstr "" "sessionsrelaterade uppgifter." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3430 +#: sssd.conf.5.xml:3431 msgid "" "<emphasis>NOTE:</emphasis> In order to have this feature working as expected " "SSSD must be running as \"root\" and not as the unprivileged user." @@ -4878,12 +4878,12 @@ msgstr "" "användaren." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3438 +#: sssd.conf.5.xml:3439 msgid "autofs_provider (string)" msgstr "autofs_provider (sträng)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3441 +#: sssd.conf.5.xml:3442 msgid "" "The autofs provider used for the domain. Supported autofs providers are:" msgstr "" @@ -4891,7 +4891,7 @@ msgstr "" "är:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3445 +#: sssd.conf.5.xml:3446 msgid "" "<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" @@ -4902,7 +4902,7 @@ msgstr "" "citerefentry> för mer information om att konfigurera LDAP." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3452 +#: sssd.conf.5.xml:3453 msgid "" "<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> " "<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </" @@ -4913,7 +4913,7 @@ msgstr "" "manvolnum> </citerefentry> för mer information om att konfigurera IPA." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3460 +#: sssd.conf.5.xml:3461 msgid "" "<quote>ad</quote> to load maps stored in an AD server. See <citerefentry> " "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </" @@ -4925,17 +4925,17 @@ msgstr "" "leverantören." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3469 +#: sssd.conf.5.xml:3470 msgid "<quote>none</quote> disables autofs explicitly." msgstr "<quote>none</quote> avaktiverar explicit autofs." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3479 +#: sssd.conf.5.xml:3480 msgid "hostid_provider (string)" msgstr "hostid_provider (sträng)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3482 +#: sssd.conf.5.xml:3483 msgid "" "The provider used for retrieving host identity information. Supported " "hostid providers are:" @@ -4944,7 +4944,7 @@ msgstr "" "leverantörer som stödjs är:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3486 +#: sssd.conf.5.xml:3487 msgid "" "<quote>ipa</quote> to load host identity stored in an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" @@ -4955,17 +4955,17 @@ msgstr "" "manvolnum> </citerefentry> för mer information om att konfigurera IPA." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3494 +#: sssd.conf.5.xml:3495 msgid "<quote>none</quote> disables hostid explicitly." msgstr "<quote>none</quote> avaktiverar explicit värd-id:n." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3504 +#: sssd.conf.5.xml:3505 msgid "resolver_provider (string)" msgstr "resolver_provider (sträng)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3507 +#: sssd.conf.5.xml:3508 msgid "" "The provider which should handle hosts and networks lookups. Supported " "resolver providers are:" @@ -4974,7 +4974,7 @@ msgstr "" "Uppslagsleverantörer som stödjs är:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3511 +#: sssd.conf.5.xml:3512 msgid "" "<quote>proxy</quote> to forward lookups to another NSS library. See " "<quote>proxy_resolver_lib_name</quote>" @@ -4983,7 +4983,7 @@ msgstr "" "bibliotek. Se <quote>proxy_resolver_lib_name</quote>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3515 +#: sssd.conf.5.xml:3516 msgid "" "<quote>ldap</quote> to fetch hosts and networks stored in LDAP. See " "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" @@ -4994,7 +4994,7 @@ msgstr "" "manvolnum> </citerefentry> för mer information om att konfigurera LDAP." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3522 +#: sssd.conf.5.xml:3523 msgid "" "<quote>ad</quote> to fetch hosts and networks stored in AD. See " "<citerefentry> <refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</" @@ -5007,13 +5007,13 @@ msgstr "" "leverantören." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3530 +#: sssd.conf.5.xml:3531 msgid "<quote>none</quote> disallows fetching hosts and networks explicitly." msgstr "" "<quote>none</quote> tillåter uttryckligen inte att hämta värdar och nätverk." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3543 +#: sssd.conf.5.xml:3544 msgid "" "Regular expression for this domain that describes how to parse the string " "containing user name and domain into these components. The \"domain\" can " @@ -5028,7 +5028,7 @@ msgstr "" "(NetBIOS) namnet på domänen." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3552 +#: sssd.conf.5.xml:3553 #, fuzzy #| msgid "" #| "Default for the AD and IPA provider: <quote>(((?P<domain>[^\\\\]+)\\" @@ -5045,17 +5045,17 @@ msgstr "" "användarnamn:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:3557 sssd.conf.5.xml:3571 +#: sssd.conf.5.xml:3558 sssd.conf.5.xml:3572 msgid "username" msgstr "användarnamn" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:3560 sssd.conf.5.xml:3574 +#: sssd.conf.5.xml:3561 sssd.conf.5.xml:3575 msgid "username@domain.name" msgstr "användarnamn@domän.namn" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3565 +#: sssd.conf.5.xml:3566 #, fuzzy #| msgid "" #| "Default for the AD and IPA provider: <quote>(((?P<domain>[^\\\\]+)\\" @@ -5074,12 +5074,12 @@ msgstr "" "användarnamn:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:3577 +#: sssd.conf.5.xml:3578 msgid "domain\\username" msgstr "domän\\användarnamn" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3580 +#: sssd.conf.5.xml:3581 msgid "" "While the first two correspond to the general default the third one is " "introduced to allow easy integration of users from Windows domains." @@ -5088,7 +5088,7 @@ msgstr "" "tredje för att tillåta enkel integration av användare från Windows-domäner." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3585 +#: sssd.conf.5.xml:3586 msgid "" "The default re_expression uses the <quote>@</quote> character as a separator " "between the name and the domain. As a result of this setting the default " @@ -5098,17 +5098,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3637 +#: sssd.conf.5.xml:3638 msgid "Default: <quote>%1$s@%2$s</quote>." msgstr "Standard: <quote>%1$s@%2$s</quote>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3643 +#: sssd.conf.5.xml:3644 msgid "lookup_family_order (string)" msgstr "lookup_family_order (sträng)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3646 +#: sssd.conf.5.xml:3647 msgid "" "Provides the ability to select preferred address family to use when " "performing DNS lookups." @@ -5117,44 +5117,44 @@ msgstr "" "uppslagningar." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3650 +#: sssd.conf.5.xml:3651 msgid "Supported values:" msgstr "Värden som stödjs:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3653 +#: sssd.conf.5.xml:3654 msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6" msgstr "" "ipv4_first: Försök slå upp IPv4-adresser, om det misslyckas, prova IPv6" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3656 +#: sssd.conf.5.xml:3657 msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses." msgstr "ipv4_only: Försök endast slå upp värdnamn som IPv4-adresser." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3659 +#: sssd.conf.5.xml:3660 msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4" msgstr "" "ipv6_first: Försök slå upp IPv6-adresser, om det misslyckas, prova IPv4" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3662 +#: sssd.conf.5.xml:3663 msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses." msgstr "ipv6_only: Försök endast slå upp värdnamn som IPv6-adresser." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3665 +#: sssd.conf.5.xml:3666 msgid "Default: ipv4_first" msgstr "Standard: ipv4_first" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3671 +#: sssd.conf.5.xml:3672 msgid "dns_resolver_server_timeout (integer)" msgstr "dns_resolver_server_timeout (heltal)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3674 +#: sssd.conf.5.xml:3675 msgid "" "Defines the amount of time (in milliseconds) SSSD would try to talk to DNS " "server before trying next DNS server." @@ -5163,7 +5163,7 @@ msgstr "" "DNS-server före den provar nästa DNS-server." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3679 +#: sssd.conf.5.xml:3680 msgid "" "The AD provider will use this option for the CLDAP ping timeouts as well." msgstr "" @@ -5171,7 +5171,7 @@ msgstr "" "pingtidsgränsen." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3683 sssd.conf.5.xml:3703 sssd.conf.5.xml:3724 +#: sssd.conf.5.xml:3684 sssd.conf.5.xml:3704 sssd.conf.5.xml:3725 msgid "" "Please see the section <quote>FAILOVER</quote> for more information about " "the service resolution." @@ -5179,17 +5179,17 @@ msgstr "" "Se avsnittet <quote>RESERVER</quote> för mer information om tjänstevalet." #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3688 sssd-ldap.5.xml:644 include/failover.xml:84 +#: sssd.conf.5.xml:3689 sssd-ldap.5.xml:644 include/failover.xml:84 msgid "Default: 1000" msgstr "Standard: 1000" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3694 +#: sssd.conf.5.xml:3695 msgid "dns_resolver_op_timeout (integer)" msgstr "dns_resolver_op_timeout (heltal)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3697 +#: sssd.conf.5.xml:3698 msgid "" "Defines the amount of time (in seconds) to wait to resolve single DNS query " "(e.g. resolution of a hostname or an SRV record) before trying the next " @@ -5200,12 +5200,12 @@ msgstr "" "nästa värdnamn eller DNS-upptäckt." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3714 +#: sssd.conf.5.xml:3715 msgid "dns_resolver_timeout (integer)" msgstr "dns_resolver_timeout (heltal)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3717 +#: sssd.conf.5.xml:3718 msgid "" "Defines the amount of time (in seconds) to wait for a reply from the " "internal fail over service before assuming that the service is unreachable. " @@ -5217,12 +5217,12 @@ msgstr "" "nås kommer domänen fortsätta att fungera i frånkopplat läge." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3735 +#: sssd.conf.5.xml:3736 msgid "dns_resolver_use_search_list (bool)" msgstr "dns_resolver_use_search_list (bool)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3738 +#: sssd.conf.5.xml:3739 msgid "" "Normally, the DNS resolver searches the domain list defined in the " "\"search\" directive from the resolv.conf file. This can lead to delays in " @@ -5233,7 +5233,7 @@ msgstr "" "med felaktigt konfigurerad DNS." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3744 +#: sssd.conf.5.xml:3745 msgid "" "If fully qualified domain names (or _srv_) are used in the SSSD " "configuration, setting this option to FALSE can prevent unnecessary DNS " @@ -5244,17 +5244,17 @@ msgstr "" "DNS-uppslagningar i sådana miljöer." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3750 +#: sssd.conf.5.xml:3751 msgid "Default: TRUE" msgstr "Standard: TRUE" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3756 +#: sssd.conf.5.xml:3757 msgid "dns_discovery_domain (string)" msgstr "dns_discovery_domain (sträng)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3759 +#: sssd.conf.5.xml:3760 msgid "" "If service discovery is used in the back end, specifies the domain part of " "the service discovery DNS query." @@ -5263,52 +5263,52 @@ msgstr "" "fråga om tjänsteupptäckt." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3763 +#: sssd.conf.5.xml:3764 msgid "Default: Use the domain part of machine's hostname" msgstr "Standard: använd domändelen av maskinens värdnamn" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3769 +#: sssd.conf.5.xml:3770 msgid "override_gid (integer)" msgstr "override_gid (heltal)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3772 +#: sssd.conf.5.xml:3773 msgid "Override the primary GID value with the one specified." msgstr "Ersätt det primära GID-värdet med det angivna." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3778 +#: sssd.conf.5.xml:3779 msgid "case_sensitive (string)" msgstr "case_sensitive (sträng)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3785 +#: sssd.conf.5.xml:3786 msgid "True" msgstr "True" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3788 +#: sssd.conf.5.xml:3789 msgid "Case sensitive. This value is invalid for AD provider." msgstr "Skiftlägeskänsligt. Detta värde är inte giltigt för AD-leverantörer." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3794 +#: sssd.conf.5.xml:3795 msgid "False" msgstr "False" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3796 +#: sssd.conf.5.xml:3797 msgid "Case insensitive." msgstr "Skiftlägesokänsligt." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3800 +#: sssd.conf.5.xml:3801 msgid "Preserving" msgstr "Preserving" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3803 +#: sssd.conf.5.xml:3804 msgid "" "Same as False (case insensitive), but does not lowercase names in the result " "of NSS operations. Note that name aliases (and in case of services also " @@ -5319,7 +5319,7 @@ msgstr "" "tjänster även protokollnamn) fortfarande skiftas ner i utdata." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3811 +#: sssd.conf.5.xml:3812 msgid "" "If you want to set this value for trusted domain with IPA provider, you need " "to set it on both the client and SSSD on the server." @@ -5328,7 +5328,7 @@ msgstr "" "du sätta det på både klienten och SSSD på servern." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3781 +#: sssd.conf.5.xml:3782 msgid "" "Treat user and group names as case sensitive. Possible option values are: " "<placeholder type=\"variablelist\" id=\"0\"/>" @@ -5337,17 +5337,17 @@ msgstr "" "värdena på alternativen är: <placeholder type=\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3826 +#: sssd.conf.5.xml:3827 msgid "Default: True (False for AD provider)" msgstr "Standard: True (False för AD-leverantören)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3832 +#: sssd.conf.5.xml:3833 msgid "subdomain_inherit (string)" msgstr "subdomain_inherit (sträng)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3835 +#: sssd.conf.5.xml:3836 msgid "" "Specifies a list of configuration parameters that should be inherited by a " "subdomain. Please note that only selected parameters can be inherited. " @@ -5358,47 +5358,47 @@ msgstr "" "följande alternativ ärvas:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3841 +#: sssd.conf.5.xml:3842 msgid "ldap_search_timeout" msgstr "ldap_search_timeout" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3844 +#: sssd.conf.5.xml:3845 msgid "ldap_network_timeout" msgstr "ldap_network_timeout" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3847 +#: sssd.conf.5.xml:3848 msgid "ldap_opt_timeout" msgstr "ldap_opt_timeout" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3850 +#: sssd.conf.5.xml:3851 msgid "ldap_offline_timeout" msgstr "ldap_offline_timeout" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3853 +#: sssd.conf.5.xml:3854 msgid "ldap_enumeration_refresh_timeout" msgstr "ldap_enumeration_refresh_timeout" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3856 +#: sssd.conf.5.xml:3857 msgid "ldap_enumeration_refresh_offset" msgstr "ldap_enumeration_refresh_offset" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3859 +#: sssd.conf.5.xml:3860 msgid "ldap_purge_cache_timeout" msgstr "ldap_purge_cache_timeout" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3862 +#: sssd.conf.5.xml:3863 msgid "ldap_purge_cache_offset" msgstr "ldap_purge_cache_offset" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3865 +#: sssd.conf.5.xml:3866 msgid "" "ldap_krb5_keytab (the value of krb5_keytab will be used if ldap_krb5_keytab " "is not set explicitly)" @@ -5407,57 +5407,57 @@ msgstr "" "ldap_krb5_keytab sätts särskilt)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3869 +#: sssd.conf.5.xml:3870 msgid "ldap_krb5_ticket_lifetime" msgstr "ldap_krb5_ticket_lifetime" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3872 +#: sssd.conf.5.xml:3873 msgid "ldap_enumeration_search_timeout" msgstr "ldap_enumeration_search_timeout" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3875 +#: sssd.conf.5.xml:3876 msgid "ldap_connection_expire_timeout" msgstr "ldap_connection_expire_timeout" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3878 +#: sssd.conf.5.xml:3879 msgid "ldap_connection_expire_offset" msgstr "ldap_connection_expire_offset" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3881 +#: sssd.conf.5.xml:3882 msgid "ldap_connection_idle_timeout" msgstr "ldap_connection_idle_timeout" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3884 sssd-ldap.5.xml:400 +#: sssd.conf.5.xml:3885 sssd-ldap.5.xml:400 msgid "ldap_use_tokengroups" msgstr "ldap_use_tokengroups" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3887 +#: sssd.conf.5.xml:3888 msgid "ldap_user_principal" msgstr "ldap_user_principal" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3890 +#: sssd.conf.5.xml:3891 msgid "ignore_group_members" msgstr "ignore_group_members" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3893 +#: sssd.conf.5.xml:3894 msgid "auto_private_groups" msgstr "auto_private_groups" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3896 +#: sssd.conf.5.xml:3897 msgid "case_sensitive" msgstr "case_sensitive" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:3901 +#: sssd.conf.5.xml:3902 #, no-wrap msgid "" "subdomain_inherit = ldap_purge_cache_timeout\n" @@ -5467,28 +5467,28 @@ msgstr "" " " #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3908 +#: sssd.conf.5.xml:3909 msgid "Note: This option only works with the IPA and AD provider." msgstr "" "Observera: detta alternativ fungerar endast med leverantörerna IPA och AD." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3915 +#: sssd.conf.5.xml:3916 msgid "subdomain_homedir (string)" msgstr "subdomain_homedir (sträng)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3926 +#: sssd.conf.5.xml:3927 msgid "%F" msgstr "%F" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3927 +#: sssd.conf.5.xml:3928 msgid "flat (NetBIOS) name of a subdomain." msgstr "platt (NetBIOS) namn på en underdomän." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3918 +#: sssd.conf.5.xml:3919 msgid "" "Use this homedir as default value for all subdomains within this domain in " "IPA AD trust. See <emphasis>override_homedir</emphasis> for info about " @@ -5503,36 +5503,36 @@ msgstr "" "type=\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3932 +#: sssd.conf.5.xml:3933 msgid "" "The value can be overridden by <emphasis>override_homedir</emphasis> option." msgstr "" "Värdet kan åsidosättas av alternativet <emphasis>override_homedir</emphasis>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3936 +#: sssd.conf.5.xml:3937 msgid "Default: <filename>/home/%d/%u</filename>" msgstr "Standard: <filename>/home/%d/%u</filename>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3941 +#: sssd.conf.5.xml:3942 msgid "realmd_tags (string)" msgstr "realmd_tags (sträng)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3944 +#: sssd.conf.5.xml:3945 msgid "" "Various tags stored by the realmd configuration service for this domain." msgstr "" "Diverse taggar lagrade av realmd-konfigurationstjänsten för denna domän." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3950 +#: sssd.conf.5.xml:3951 msgid "cached_auth_timeout (int)" msgstr "cached_auth_timeout (heltal)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3953 +#: sssd.conf.5.xml:3954 msgid "" "Specifies time in seconds since last successful online authentication for " "which user will be authenticated using cached credentials while SSSD is in " @@ -5545,7 +5545,7 @@ msgstr "" "uppkopplad autentisering." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3961 +#: sssd.conf.5.xml:3962 msgid "" "This option's value is inherited by all trusted domains. At the moment it is " "not possible to set a different value per trusted domain." @@ -5554,12 +5554,12 @@ msgstr "" "inte möjligt att ange olika värden för varje betrodd domän." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3966 +#: sssd.conf.5.xml:3967 msgid "Special value 0 implies that this feature is disabled." msgstr "Specialvärdet 0 betyder att denna funktion är avaktiverad." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3970 +#: sssd.conf.5.xml:3971 msgid "" "Please note that if <quote>cached_auth_timeout</quote> is longer than " "<quote>pam_id_timeout</quote> then the back end could be called to handle " @@ -5570,17 +5570,86 @@ msgstr "" "<quote>initgroups.</quote>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3981 +#: sssd.conf.5.xml:3982 +#, fuzzy +#| msgid "ldap_pwd_policy (string)" +msgid "local_auth_policy (string)" +msgstr "ldap_pwd_policy (sträng)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3985 +msgid "" +"Local authentication methods policy. Some backends (i.e. LDAP, proxy " +"provider) only support a password based authentication, while others can " +"handle PKINIT based Smartcard authentication (AD, IPA), two-factor " +"authentication (IPA), or other methods against a central instance. By " +"default in such cases authentication is only performed with the methods " +"supported by the backend." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3995 +msgid "" +"There are three possible values for this option: match, only, enable. " +"<quote>match</quote> is used to match offline and online states for Kerberos " +"methods. <quote>only</quote> ignores the online methods and only offer the " +"local ones. enable allows explicitly defining the methods for local " +"authentication. As an example, <quote>enable:passkey</quote>, only enables " +"passkey for local authentication. Multiple enable values should be comma-" +"separated, such as <quote>enable:passkey, enable:smartcard</quote>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:4011 +#, no-wrap +msgid "" +"[domain/shadowutils]\n" +"id_provider = proxy\n" +"proxy_lib_name = files\n" +"auth_provider = none\n" +"local_auth_policy = only\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4007 +#, fuzzy +#| msgid "" +#| "The following example creates a container named 'mycontainer': " +#| "<placeholder type=\"programlisting\" id=\"0\"/>" +msgid "" +"The following configuration example allows local users to authenticate " +"locally using any enabled method (i.e. smartcard, passkey). <placeholder " +"type=\"programlisting\" id=\"0\"/>" +msgstr "" +"Följande exempel skapar en behållare som heter ”minbehållare”:<placeholder " +"type=\"programlisting\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4019 +#, fuzzy +#| msgid "This option is not available in IPA provider." +msgid "This option is ignored for the files provider." +msgstr "Detta alternativ är inte tillgängligt i IPA-leverantören." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4022 +#, fuzzy +#| msgid "Default: mail" +msgid "Default: match" +msgstr "Standard: mail" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4027 msgid "auto_private_groups (string)" msgstr "auto_private_groups (sträng)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3987 +#: sssd.conf.5.xml:4033 msgid "true" msgstr "true" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3990 +#: sssd.conf.5.xml:4036 msgid "" "Create user's private group unconditionally from user's UID number. The GID " "number is ignored in this case." @@ -5589,7 +5658,7 @@ msgstr "" "GID-numret ignoreras i detta läge." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3994 +#: sssd.conf.5.xml:4040 msgid "" "NOTE: Because the GID number and the user private group are inferred from " "the UID number, it is not supported to have multiple entries with the same " @@ -5602,12 +5671,12 @@ msgstr "" "framtvingar unika nummer över hela ID-rymden." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4003 +#: sssd.conf.5.xml:4049 msgid "false" msgstr "false" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4006 +#: sssd.conf.5.xml:4052 msgid "" "Always use the user's primary GID number. The GID number must refer to a " "group object in the LDAP database." @@ -5616,12 +5685,12 @@ msgstr "" "ett gruppobjekt i LDAP-databasen." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4012 +#: sssd.conf.5.xml:4058 msgid "hybrid" msgstr "hybrid" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4015 +#: sssd.conf.5.xml:4061 msgid "" "A primary group is autogenerated for user entries whose UID and GID numbers " "have the same value and at the same time the GID number does not correspond " @@ -5636,7 +5705,7 @@ msgstr "" "upp till det gruppobjektet." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4028 +#: sssd.conf.5.xml:4074 msgid "" "If the UID and GID of a user are different, then the GID must correspond to " "a group entry, otherwise the GID is simply not resolvable." @@ -5645,7 +5714,7 @@ msgstr "" "kan GID:t helt enkelt inte slås upp." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4035 +#: sssd.conf.5.xml:4081 msgid "" "This feature is useful for environments that wish to stop maintaining a " "separate group objects for the user private groups, but also wish to retain " @@ -5656,7 +5725,7 @@ msgstr "" "befintliga användarnas privata grupper." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3984 +#: sssd.conf.5.xml:4030 msgid "" "This option takes any of three available values: <placeholder " "type=\"variablelist\" id=\"0\"/>" @@ -5665,7 +5734,7 @@ msgstr "" "type=\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4047 +#: sssd.conf.5.xml:4093 msgid "" "For subdomains, the default value is False for subdomains that use assigned " "POSIX IDs and True for subdomains that use automatic ID-mapping." @@ -5675,7 +5744,7 @@ msgstr "" "översättning." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:4055 +#: sssd.conf.5.xml:4101 #, no-wrap msgid "" "[domain/forest.domain/sub.domain]\n" @@ -5685,7 +5754,7 @@ msgstr "" "auto_private_groups = false\n" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:4061 +#: sssd.conf.5.xml:4107 #, no-wrap msgid "" "[domain/forest.domain]\n" @@ -5697,7 +5766,7 @@ msgstr "" "auto_private_groups = false\n" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4052 +#: sssd.conf.5.xml:4098 msgid "" "The value of auto_private_groups can either be set per subdomains in a " "subsection, for example: <placeholder type=\"programlisting\" id=\"0\"/> or " @@ -5711,7 +5780,7 @@ msgstr "" "id=\"1\"/>" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:2569 +#: sssd.conf.5.xml:2570 msgid "" "These configuration options can be present in a domain configuration " "section, that is, in a section called <quote>[domain/<replaceable>NAME</" @@ -5722,17 +5791,17 @@ msgstr "" "replaceable>]</quote> <placeholder type=\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4076 +#: sssd.conf.5.xml:4122 msgid "proxy_pam_target (string)" msgstr "proxy_pam_target (sträng)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4079 +#: sssd.conf.5.xml:4125 msgid "The proxy target PAM proxies to." msgstr "Proxymålet PAM är en proxy för." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4082 +#: sssd.conf.5.xml:4128 msgid "" "Default: not set by default, you have to take an existing pam configuration " "or create a new one and add the service name here." @@ -5741,12 +5810,12 @@ msgstr "" "eller skapa en ny och lägga till tjänstenamnet här." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4090 +#: sssd.conf.5.xml:4136 msgid "proxy_lib_name (string)" msgstr "proxy_lib_name (sträng)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4093 +#: sssd.conf.5.xml:4139 msgid "" "The name of the NSS library to use in proxy domains. The NSS functions " "searched for in the library are in the form of _nss_$(libName)_$(function), " @@ -5757,12 +5826,12 @@ msgstr "" "exempel _nss_files_getpwent." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4103 +#: sssd.conf.5.xml:4149 msgid "proxy_resolver_lib_name (string)" msgstr "proxy_resolver_lib_name (sträng)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4106 +#: sssd.conf.5.xml:4152 msgid "" "The name of the NSS library to use for hosts and networks lookups in proxy " "domains. The NSS functions searched for in the library are in the form of " @@ -5773,12 +5842,12 @@ msgstr "" "_nss_$(libName)_$(function), till exempel _nss_dns_gethostbyname2_r." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4117 +#: sssd.conf.5.xml:4163 msgid "proxy_fast_alias (boolean)" msgstr "proxy_fast_alias (boolean)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4120 +#: sssd.conf.5.xml:4166 msgid "" "When a user or group is looked up by name in the proxy provider, a second " "lookup by ID is performed to \"canonicalize\" the name in case the requested " @@ -5791,12 +5860,12 @@ msgstr "" "SSSD att utföra ID-uppslagningen från cachen av prestandaskäl." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4134 +#: sssd.conf.5.xml:4180 msgid "proxy_max_children (integer)" msgstr "proxy_max_children (heltal)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4137 +#: sssd.conf.5.xml:4183 msgid "" "This option specifies the number of pre-forked proxy children. It is useful " "for high-load SSSD environments where sssd may run out of available child " @@ -5808,7 +5877,7 @@ msgstr "" "begäranden skulle köas upp." #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4072 +#: sssd.conf.5.xml:4118 msgid "" "Options valid for proxy domains. <placeholder type=\"variablelist\" " "id=\"0\"/>" @@ -5817,12 +5886,12 @@ msgstr "" "id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:4153 +#: sssd.conf.5.xml:4199 msgid "Application domains" msgstr "Programdomäner" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4155 +#: sssd.conf.5.xml:4201 msgid "" "SSSD, with its D-Bus interface (see <citerefentry> <refentrytitle>sssd-ifp</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry>) is appealing to " @@ -5851,7 +5920,7 @@ msgstr "" "traditionell SSSD-domän." #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4175 +#: sssd.conf.5.xml:4221 msgid "" "Please note that the application domain must still be explicitly enabled in " "the <quote>domains</quote> parameter so that the lookup order between the " @@ -5862,17 +5931,17 @@ msgstr "" "programdomänen och dess POSIX-syskondomän sätts korrekt." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> -#: sssd.conf.5.xml:4181 +#: sssd.conf.5.xml:4227 msgid "Application domain parameters" msgstr "Programdomänparametrar" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4183 +#: sssd.conf.5.xml:4229 msgid "inherit_from (string)" msgstr "inherit_from (sträng)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4186 +#: sssd.conf.5.xml:4232 msgid "" "The SSSD POSIX-type domain the application domain inherits all settings " "from. The application domain can moreover add its own settings to the " @@ -5885,7 +5954,7 @@ msgstr "" "quote>domänens inställningar." #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4200 +#: sssd.conf.5.xml:4246 msgid "" "The following example illustrates the use of an application domain. In this " "setup, the POSIX domain is connected to an LDAP server and is used by the OS " @@ -5900,7 +5969,7 @@ msgstr "" "attributet telefon nåbart via D-Bus-gränssnittet." #. type: Content of: <reference><refentry><refsect1><refsect2><programlisting> -#: sssd.conf.5.xml:4208 +#: sssd.conf.5.xml:4254 #, no-wrap msgid "" "[sssd]\n" @@ -5934,12 +6003,12 @@ msgstr "" "ldap_user_extra_attrs = telefon:telephoneNumber\n" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4228 +#: sssd.conf.5.xml:4274 msgid "TRUSTED DOMAIN SECTION" msgstr "SEKTIONEN BETRODDA DOMÄNER" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4230 +#: sssd.conf.5.xml:4276 msgid "" "Some options used in the domain section can also be used in the trusted " "domain section, that is, in a section called <quote>[domain/" @@ -5956,57 +6025,57 @@ msgstr "" "alternativ i sektionen för betrodda domäner är:" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4237 +#: sssd.conf.5.xml:4283 msgid "ldap_search_base," msgstr "ldap_search_base," #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4238 +#: sssd.conf.5.xml:4284 msgid "ldap_user_search_base," msgstr "ldap_user_search_base," #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4239 +#: sssd.conf.5.xml:4285 msgid "ldap_group_search_base," msgstr "ldap_group_search_base," #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4240 +#: sssd.conf.5.xml:4286 msgid "ldap_netgroup_search_base," msgstr "ldap_netgroup_search_base," #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4241 +#: sssd.conf.5.xml:4287 msgid "ldap_service_search_base," msgstr "ldap_service_search_base," #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4242 +#: sssd.conf.5.xml:4288 msgid "ldap_sasl_mech," msgstr "ldap_sasl_mech," #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4243 +#: sssd.conf.5.xml:4289 msgid "ad_server," msgstr "ad_server," #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4244 +#: sssd.conf.5.xml:4290 msgid "ad_backup_server," msgstr "ad_backup_server," #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4245 +#: sssd.conf.5.xml:4291 msgid "ad_site," msgstr "ad_site," #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4246 sssd-ipa.5.xml:879 +#: sssd.conf.5.xml:4292 sssd-ipa.5.xml:879 msgid "use_fully_qualified_names" msgstr "use_fully_qualified_names" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4250 +#: sssd.conf.5.xml:4296 msgid "" "For more details about these options see their individual description in the " "manual page." @@ -6015,12 +6084,12 @@ msgstr "" "manualsidan." #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4256 +#: sssd.conf.5.xml:4302 msgid "CERTIFICATE MAPPING SECTION" msgstr "CERTIFIKATSMAPPNINGSSEKTION" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4258 +#: sssd.conf.5.xml:4304 msgid "" "To allow authentication with Smartcards and certificates SSSD must be able " "to map certificates to users. This can be done by adding the full " @@ -6042,7 +6111,7 @@ msgstr "" "fallet när lokala tjänster använder PAM för autentisering." #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4272 +#: sssd.conf.5.xml:4318 msgid "" "To make the mapping more flexible mapping and matching rules were added to " "SSSD (see <citerefentry> <refentrytitle>sss-certmap</refentrytitle> " @@ -6054,7 +6123,7 @@ msgstr "" "detaljer)." #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4281 +#: sssd.conf.5.xml:4327 msgid "" "A mapping and matching rule can be added to the SSSD configuration in a " "section on its own with a name like <quote>[certmap/" @@ -6067,12 +6136,12 @@ msgstr "" "replaceable>]</quote>. I denna sektion är följande alternativ tillåtna:" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4288 +#: sssd.conf.5.xml:4334 msgid "matchrule (string)" msgstr "matchrule (sträng)" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4291 +#: sssd.conf.5.xml:4337 msgid "" "Only certificates from the Smartcard which matches this rule will be " "processed, all others are ignored." @@ -6081,7 +6150,7 @@ msgstr "" "alla andra ignoreras." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4295 +#: sssd.conf.5.xml:4341 msgid "" "Default: KRB5:<EKU>clientAuth, i.e. only certificates which have the " "Extended Key Usage <quote>clientAuth</quote>" @@ -6090,17 +6159,17 @@ msgstr "" "Extended Key Usage <quote>clientAuth</quote>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4302 +#: sssd.conf.5.xml:4348 msgid "maprule (string)" msgstr "maprule (sträng)" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4305 +#: sssd.conf.5.xml:4351 msgid "Defines how the user is found for a given certificate." msgstr "Definierar hur användaren hittas för ett givet certifikat." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4311 +#: sssd.conf.5.xml:4357 msgid "" "LDAP:(userCertificate;binary={cert!bin}) for LDAP based providers like " "<quote>ldap</quote>, <quote>AD</quote> or <quote>ipa</quote>." @@ -6109,7 +6178,7 @@ msgstr "" "<quote>ldap</quote>, <quote>AD</quote> eller <quote>ipa</quote>." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4317 +#: sssd.conf.5.xml:4363 msgid "" "The RULE_NAME for the <quote>files</quote> provider which tries to find a " "user with the same name." @@ -6118,12 +6187,12 @@ msgstr "" "användare med samma namn." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4326 +#: sssd.conf.5.xml:4372 msgid "domains (string)" msgstr "domains (sträng)" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4329 +#: sssd.conf.5.xml:4375 msgid "" "Comma separated list of domain names the rule should be applied. By default " "a rule is only valid in the domain configured in sssd.conf. If the provider " @@ -6136,17 +6205,17 @@ msgstr "" "lägga till regeln till underdomäner också." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4336 +#: sssd.conf.5.xml:4382 msgid "Default: the configured domain in sssd.conf" msgstr "Standard: den konfigurerade domänen i sssd.conf" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4341 +#: sssd.conf.5.xml:4387 msgid "priority (integer)" msgstr "priority (heltal)" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4344 +#: sssd.conf.5.xml:4390 msgid "" "Unsigned integer value defining the priority of the rule. The higher the " "number the lower the priority. <quote>0</quote> stands for the highest " @@ -6157,12 +6226,12 @@ msgstr "" "prioriteten medan <quote>4294967295</quote> är den lägsta." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4350 +#: sssd.conf.5.xml:4396 msgid "Default: the lowest priority" msgstr "Standard: den lägsta prioriteten" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4356 +#: sssd.conf.5.xml:4402 msgid "" "To make the configuration simple and reduce the amount of configuration " "options the <quote>files</quote> provider has some special properties:" @@ -6172,7 +6241,7 @@ msgstr "" "speciella egenskaper:" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4362 +#: sssd.conf.5.xml:4408 msgid "" "if maprule is not set the RULE_NAME name is assumed to be the name of the " "matching user" @@ -6181,7 +6250,7 @@ msgstr "" "användaren" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4368 +#: sssd.conf.5.xml:4414 msgid "" "if a maprule is used both a single user name or a template like " "<quote>{subject_rfc822_name.short_name}</quote> must be in braces like e.g. " @@ -6194,17 +6263,17 @@ msgstr "" "short_name})</quote>" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4377 +#: sssd.conf.5.xml:4423 msgid "the <quote>domains</quote> option is ignored" msgstr "alternativet <quote>domains</quote> ignoreras" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4385 +#: sssd.conf.5.xml:4431 msgid "PROMPTING CONFIGURATION SECTION" msgstr "SEKTIONEN FÖR FRÅGEKONFIGURATION" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4387 +#: sssd.conf.5.xml:4433 msgid "" "If a special file (<filename>/var/lib/sss/pubconf/pam_preauth_available</" "filename>) exists SSSD's PAM module pam_sss will ask SSSD to figure out " @@ -6219,7 +6288,7 @@ msgstr "" "tillämpliga kreditiv." #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4395 +#: sssd.conf.5.xml:4441 msgid "" "With the growing number of authentication methods and the possibility that " "there are multiple ones for a single user the heuristic used by pam_sss to " @@ -6232,22 +6301,22 @@ msgstr "" "användarfall. Följande alternativ bör ge en bättre flexibilitet här." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4407 +#: sssd.conf.5.xml:4453 msgid "[prompting/password]" msgstr "[prompting/password]" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4410 +#: sssd.conf.5.xml:4456 msgid "password_prompt" msgstr "password_prompt" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4411 +#: sssd.conf.5.xml:4457 msgid "to change the string of the password prompt" msgstr "för att ändra strängen i lösenordsfrågan" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4409 +#: sssd.conf.5.xml:4455 msgid "" "to configure password prompting, allowed options are: <placeholder " "type=\"variablelist\" id=\"0\"/>" @@ -6256,37 +6325,37 @@ msgstr "" "type=\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4419 +#: sssd.conf.5.xml:4465 msgid "[prompting/2fa]" msgstr "[prompting/2fa]" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4423 +#: sssd.conf.5.xml:4469 msgid "first_prompt" msgstr "first_prompt" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4424 +#: sssd.conf.5.xml:4470 msgid "to change the string of the prompt for the first factor" msgstr "för att ändra strängen som frågar efter den första faktorn" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4427 +#: sssd.conf.5.xml:4473 msgid "second_prompt" msgstr "second_prompt" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4428 +#: sssd.conf.5.xml:4474 msgid "to change the string of the prompt for the second factor" msgstr "för att ändra strängen som frågar efter den andra faktorn" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4431 +#: sssd.conf.5.xml:4477 msgid "single_prompt" msgstr "single_prompt" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4432 +#: sssd.conf.5.xml:4478 msgid "" "boolean value, if True there will be only a single prompt using the value of " "first_prompt where it is expected that both factors are entered as a single " @@ -6299,7 +6368,7 @@ msgstr "" "faktorn är frivillig." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4421 +#: sssd.conf.5.xml:4467 msgid "" "to configure two-factor authentication prompting, allowed options are: " "<placeholder type=\"variablelist\" id=\"0\"/> If the second factor is " @@ -6312,19 +6381,19 @@ msgstr "" "med lösenordet eller med båda faktorerna måste tvåstegsförfrågan användas." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4449 +#: sssd.conf.5.xml:4495 #, fuzzy #| msgid "[prompting/password]" msgid "[prompting/passkey]" msgstr "[prompting/password]" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4455 sssd-ad.5.xml:1021 +#: sssd.conf.5.xml:4501 sssd-ad.5.xml:1021 msgid "interactive" msgstr "interactive" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4457 +#: sssd.conf.5.xml:4503 msgid "" "boolean value, if True prompt a message and wait before testing the presence " "of a passkey device. Recommended if your device doesn’t have a tactile " @@ -6332,47 +6401,47 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4465 +#: sssd.conf.5.xml:4511 #, fuzzy #| msgid "interactive" msgid "interactive_prompt" msgstr "interactive" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4467 +#: sssd.conf.5.xml:4513 #, fuzzy #| msgid "to change the string of the password prompt" msgid "to change the message of the interactive prompt." msgstr "för att ändra strängen i lösenordsfrågan" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4472 +#: sssd.conf.5.xml:4518 msgid "touch" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4474 +#: sssd.conf.5.xml:4520 msgid "" "boolean value, if True prompt a message to remind the user to touch the " "device." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4480 +#: sssd.conf.5.xml:4526 #, fuzzy #| msgid "first_prompt" msgid "touch_prompt" msgstr "first_prompt" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4482 +#: sssd.conf.5.xml:4528 #, fuzzy #| msgid "to change the string of the password prompt" msgid "to change the message of the touch prompt." msgstr "för att ändra strängen i lösenordsfrågan" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4451 +#: sssd.conf.5.xml:4497 #, fuzzy #| msgid "" #| "to configure two-factor authentication prompting, allowed options are: " @@ -6385,7 +6454,7 @@ msgstr "" "alternativen: <placeholder type=\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4402 +#: sssd.conf.5.xml:4448 #, fuzzy #| msgid "" #| "Each supported authentication method has its own configuration subsection " @@ -6404,7 +6473,7 @@ msgstr "" ">" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4493 +#: sssd.conf.5.xml:4539 msgid "" "It is possible to add a subsection for specific PAM services, e.g. " "<quote>[prompting/password/sshd]</quote> to individual change the prompting " @@ -6415,12 +6484,12 @@ msgstr "" "enskilt för denna tjänst." #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4500 pam_sss_gss.8.xml:157 idmap_sss.8.xml:43 +#: sssd.conf.5.xml:4546 pam_sss_gss.8.xml:157 idmap_sss.8.xml:43 msgid "EXAMPLES" msgstr "EXEMPEL" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4506 +#: sssd.conf.5.xml:4552 #, no-wrap msgid "" "[sssd]\n" @@ -6474,7 +6543,7 @@ msgstr "" "enumerate = False\n" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4502 +#: sssd.conf.5.xml:4548 msgid "" "1. The following example shows a typical SSSD config. It does not describe " "configuration of the domains themselves - refer to documentation on " @@ -6486,7 +6555,7 @@ msgstr "" "domäner för fler detaljer. <placeholder type=\"programlisting\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4539 +#: sssd.conf.5.xml:4585 #, no-wrap msgid "" "[domain/ipa.com/child.ad.com]\n" @@ -6496,7 +6565,7 @@ msgstr "" "use_fully_qualified_names = false\n" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4533 +#: sssd.conf.5.xml:4579 msgid "" "2. The following example shows configuration of IPA AD trust where the AD " "forest consists of two domains in a parent-child structure. Suppose IPA " @@ -6512,7 +6581,7 @@ msgstr "" "type=\"programlisting\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4550 +#: sssd.conf.5.xml:4596 #, fuzzy, no-wrap #| msgid "" #| "[certmap/my.domain/rule_name]\n" @@ -6540,7 +6609,7 @@ msgstr "" "matchrule = <ISSUER>^CN=My-CA,DC=MIN,DC=DOMÄN$<SUBJECT>^CN=User.Name,DC=MIN,DC=DOMÄN$\n" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4544 +#: sssd.conf.5.xml:4590 #, fuzzy #| msgid "" #| "3. The following example shows the configuration for two certificate " @@ -21479,9 +21548,13 @@ msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: include/ldap_id_mapping.xml:235 +#, fuzzy +#| msgid "" +#| "When this option is configured, domains will be allocated starting with " +#| "slice zero and increasing monatomically with each additional domain." msgid "" "When this option is configured, domains will be allocated starting with " -"slice zero and increasing monatomically with each additional domain." +"slice zero and increasing monotonically with each additional domain." msgstr "" "När detta alternativ konfigureras kommer domäner allokeras med början med " "skiva noll och ökar monatomärt med varje ytterligare domän." @@ -23364,13 +23437,6 @@ msgstr "" #~ " -XPOST http://localhost/secrets/minbeh%C3%A5llare/\n" #~ " " -#~ msgid "" -#~ "The following example creates a container named 'mycontainer': " -#~ "<placeholder type=\"programlisting\" id=\"0\"/>" -#~ msgstr "" -#~ "Följande exempel skapar en behållare som heter ”minbehållare”:" -#~ "<placeholder type=\"programlisting\" id=\"0\"/>" - #, no-wrap #~ msgid "" #~ "http://localhost/secrets/mycontainer/mysecret\n" diff --git a/src/man/po/tg.po b/src/man/po/tg.po index 59d2c5a469f..4f5a324a804 100644 --- a/src/man/po/tg.po +++ b/src/man/po/tg.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: sssd-docs 2.3.0\n" "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" -"POT-Creation-Date: 2023-05-05 10:09+0200\n" +"POT-Creation-Date: 2023-09-07 11:47+0200\n" "PO-Revision-Date: 2014-12-15 12:10-0500\n" "Last-Translator: Copied by Zanata <copied-by-zanata@zanata.org>\n" "Language-Team: Tajik (http://www.transifex.com/projects/p/sssd/language/" @@ -204,8 +204,8 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:136 sssd.conf.5.xml:173 sssd.conf.5.xml:358 -#: sssd.conf.5.xml:714 sssd.conf.5.xml:729 sssd.conf.5.xml:951 -#: sssd.conf.5.xml:1069 sssd.conf.5.xml:2197 sssd-ldap.5.xml:1071 +#: sssd.conf.5.xml:714 sssd.conf.5.xml:729 sssd.conf.5.xml:952 +#: sssd.conf.5.xml:1070 sssd.conf.5.xml:2198 sssd-ldap.5.xml:1071 #: sssd-ldap.5.xml:1174 sssd-ldap.5.xml:1243 sssd-ldap.5.xml:1750 #: sssd-ldap.5.xml:1815 sssd-ipa.5.xml:342 sssd-ad.5.xml:252 sssd-ad.5.xml:366 #: sssd-ad.5.xml:1200 sssd-ad.5.xml:1348 sssd-krb5.5.xml:358 @@ -225,8 +225,8 @@ msgid "" msgstr "" #. type: Content of: <variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:149 sssd.conf.5.xml:652 sssd.conf.5.xml:948 -#: sssd.conf.5.xml:2100 sssd.conf.5.xml:2167 sssd.conf.5.xml:4128 +#: sssd.conf.5.xml:149 sssd.conf.5.xml:652 sssd.conf.5.xml:949 +#: sssd.conf.5.xml:2101 sssd.conf.5.xml:2168 sssd.conf.5.xml:4174 #: sssd-ldap.5.xml:312 sssd-ldap.5.xml:917 sssd-ldap.5.xml:936 #: sssd-ldap.5.xml:1146 sssd-ldap.5.xml:1599 sssd-ldap.5.xml:1839 #: sssd-ipa.5.xml:152 sssd-ipa.5.xml:254 sssd-ipa.5.xml:657 sssd-ad.5.xml:1106 @@ -294,8 +294,8 @@ msgid "" msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:196 sssd.conf.5.xml:1289 sssd.conf.5.xml:1766 -#: sssd.conf.5.xml:4144 sssd-ldap.5.xml:765 include/ldap_id_mapping.xml:270 +#: sssd.conf.5.xml:196 sssd.conf.5.xml:1290 sssd.conf.5.xml:1767 +#: sssd.conf.5.xml:4190 sssd-ldap.5.xml:765 include/ldap_id_mapping.xml:270 msgid "Default: 10" msgstr "Пешфарз: 10" @@ -359,19 +359,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:258 sssd.conf.5.xml:783 +#: sssd.conf.5.xml:258 sssd.conf.5.xml:784 msgid "reconnection_retries (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:261 sssd.conf.5.xml:786 +#: sssd.conf.5.xml:261 sssd.conf.5.xml:787 msgid "" "Number of times services should attempt to reconnect in the event of a Data " "Provider crash or restart before they give up" msgstr "" #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:266 sssd.conf.5.xml:791 sssd.conf.5.xml:3708 +#: sssd.conf.5.xml:266 sssd.conf.5.xml:792 sssd.conf.5.xml:3709 #: include/failover.xml:100 msgid "Default: 3" msgstr "Пешфарз: 3" @@ -393,7 +393,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:287 sssd.conf.5.xml:3540 +#: sssd.conf.5.xml:287 sssd.conf.5.xml:3541 msgid "re_expression (string)" msgstr "" @@ -413,12 +413,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:304 sssd.conf.5.xml:3597 +#: sssd.conf.5.xml:304 sssd.conf.5.xml:3598 msgid "full_name_format (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:307 sssd.conf.5.xml:3600 +#: sssd.conf.5.xml:307 sssd.conf.5.xml:3601 msgid "" "A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</" "manvolnum> </citerefentry>-compatible format that describes how to compose a " @@ -426,39 +426,39 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:318 sssd.conf.5.xml:3611 +#: sssd.conf.5.xml:318 sssd.conf.5.xml:3612 msgid "%1$s" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:319 sssd.conf.5.xml:3612 +#: sssd.conf.5.xml:319 sssd.conf.5.xml:3613 msgid "user name" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:322 sssd.conf.5.xml:3615 +#: sssd.conf.5.xml:322 sssd.conf.5.xml:3616 msgid "%2$s" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:325 sssd.conf.5.xml:3618 +#: sssd.conf.5.xml:325 sssd.conf.5.xml:3619 msgid "domain name as specified in the SSSD config file." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:331 sssd.conf.5.xml:3624 +#: sssd.conf.5.xml:331 sssd.conf.5.xml:3625 msgid "%3$s" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:334 sssd.conf.5.xml:3627 +#: sssd.conf.5.xml:334 sssd.conf.5.xml:3628 msgid "" "domain flat name. Mostly usable for Active Directory domains, both directly " "configured or discovered via IPA trusts." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:315 sssd.conf.5.xml:3608 +#: sssd.conf.5.xml:315 sssd.conf.5.xml:3609 msgid "" "The following expansions are supported: <placeholder type=\"variablelist\" " "id=\"0\"/>" @@ -872,7 +872,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:700 sssd.conf.5.xml:1790 sssd.conf.5.xml:4194 +#: sssd.conf.5.xml:700 sssd.conf.5.xml:1791 sssd.conf.5.xml:4240 #: sssd-ad.5.xml:187 sssd-ad.5.xml:327 sssd-ad.5.xml:341 msgid "Default: Not set" msgstr "" @@ -917,11 +917,11 @@ msgstr "" #: sssd.conf.5.xml:744 msgid "" "Enable or disable the user verification (i.e. PIN, fingerprint) during " -"authentication." +"authentication. If enabled, the PIN will always be requested." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:749 +#: sssd.conf.5.xml:750 msgid "" "The default is that the key settings decide what to do. In the IPA or " "kerberos pre-authentication case, this value will be overwritten by the " @@ -948,12 +948,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:768 +#: sssd.conf.5.xml:769 msgid "SERVICES SECTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:770 +#: sssd.conf.5.xml:771 msgid "" "Settings that can be used to configure different services are described in " "this section. They should reside in the [<replaceable>$NAME</replaceable>] " @@ -962,22 +962,22 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:777 +#: sssd.conf.5.xml:778 msgid "General service configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:779 +#: sssd.conf.5.xml:780 msgid "These options can be used to configure any service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:796 +#: sssd.conf.5.xml:797 msgid "fd_limit" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:799 +#: sssd.conf.5.xml:800 msgid "" "This option specifies the maximum number of file descriptors that may be " "opened at one time by this SSSD process. On systems where SSSD is granted " @@ -987,17 +987,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:808 +#: sssd.conf.5.xml:809 msgid "Default: 8192 (or limits.conf \"hard\" limit)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:813 +#: sssd.conf.5.xml:814 msgid "client_idle_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:816 +#: sssd.conf.5.xml:817 msgid "" "This option specifies the number of seconds that a client of an SSSD process " "can hold onto a file descriptor without communicating on it. This value is " @@ -1007,19 +1007,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:825 +#: sssd.conf.5.xml:826 #, fuzzy #| msgid "Default: 5400" msgid "Default: 60, KCM: 300" msgstr "Пешфарз: 5400" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:830 +#: sssd.conf.5.xml:831 msgid "offline_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:833 +#: sssd.conf.5.xml:834 msgid "" "When SSSD switches to offline mode the amount of time before it tries to go " "back online will increase based upon the time spent disconnected. By " @@ -1030,14 +1030,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:844 sssd.conf.5.xml:900 +#: sssd.conf.5.xml:845 sssd.conf.5.xml:901 msgid "" "new_delay = Minimum(old_delay * 2, offline_timeout_max) + random[0..." "offline_timeout_random_offset]" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:847 +#: sssd.conf.5.xml:848 msgid "" "The offline_timeout default value is 60. The offline_timeout_max default " "value is 3600. The offline_timeout_random_offset default value is 30. The " @@ -1045,44 +1045,44 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:853 +#: sssd.conf.5.xml:854 msgid "" "Note that the maximum length of each interval is defined by " "offline_timeout_max (apart of random part)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:857 sssd.conf.5.xml:1200 sssd.conf.5.xml:1583 -#: sssd.conf.5.xml:1879 sssd-ldap.5.xml:494 +#: sssd.conf.5.xml:858 sssd.conf.5.xml:1201 sssd.conf.5.xml:1584 +#: sssd.conf.5.xml:1880 sssd-ldap.5.xml:494 msgid "Default: 60" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:862 +#: sssd.conf.5.xml:863 msgid "offline_timeout_max (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:865 +#: sssd.conf.5.xml:866 msgid "" "Controls by how much the time between attempts to go online can be " "incremented following unsuccessful attempts to go online." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:870 +#: sssd.conf.5.xml:871 msgid "A value of 0 disables the incrementing behaviour." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:873 +#: sssd.conf.5.xml:874 msgid "" "The value of this parameter should be set in correlation to offline_timeout " "parameter value." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:877 +#: sssd.conf.5.xml:878 msgid "" "With offline_timeout set to 60 (default value) there is no point in setting " "offlinet_timeout_max to less than 120 as it will saturate instantly. General " @@ -1091,62 +1091,62 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:883 +#: sssd.conf.5.xml:884 msgid "" "Although a value between 0 and offline_timeout may be specified, it has the " "effect of overriding the offline_timeout value so is of little use." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:888 +#: sssd.conf.5.xml:889 #, fuzzy #| msgid "Default: 3" msgid "Default: 3600" msgstr "Пешфарз: 3" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:893 +#: sssd.conf.5.xml:894 msgid "offline_timeout_random_offset (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:896 +#: sssd.conf.5.xml:897 msgid "" "When SSSD is in offline mode it keeps probing backend servers in specified " "time intervals:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:903 +#: sssd.conf.5.xml:904 msgid "" "This parameter controls the value of the random offset used for the above " "equation. Final random_offset value will be random number in range:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:908 +#: sssd.conf.5.xml:909 msgid "[0 - offline_timeout_random_offset]" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:911 +#: sssd.conf.5.xml:912 msgid "A value of 0 disables the random offset addition." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:914 +#: sssd.conf.5.xml:915 #, fuzzy #| msgid "Default: 3" msgid "Default: 30" msgstr "Пешфарз: 3" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:919 +#: sssd.conf.5.xml:920 msgid "responder_idle_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:922 +#: sssd.conf.5.xml:923 msgid "" "This option specifies the number of seconds that an SSSD responder process " "can be up without being used. This value is limited in order to avoid " @@ -1158,58 +1158,58 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:936 sssd.conf.5.xml:1213 sssd.conf.5.xml:2321 +#: sssd.conf.5.xml:937 sssd.conf.5.xml:1214 sssd.conf.5.xml:2322 #: sssd-ldap.5.xml:331 msgid "Default: 300" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:941 +#: sssd.conf.5.xml:942 msgid "cache_first" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:944 +#: sssd.conf.5.xml:945 msgid "" "This option specifies whether the responder should query all caches before " "querying the Data Providers." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:959 +#: sssd.conf.5.xml:960 msgid "NSS configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:961 +#: sssd.conf.5.xml:962 msgid "" "These options can be used to configure the Name Service Switch (NSS) service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:966 +#: sssd.conf.5.xml:967 msgid "enum_cache_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:969 +#: sssd.conf.5.xml:970 msgid "" "How many seconds should nss_sss cache enumerations (requests for info about " "all users)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:973 +#: sssd.conf.5.xml:974 msgid "Default: 120" msgstr "Пешфарз: 120" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:978 +#: sssd.conf.5.xml:979 msgid "entry_cache_nowait_percentage (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:981 +#: sssd.conf.5.xml:982 msgid "" "The entry cache can be set to automatically update entries in the background " "if they are requested beyond a percentage of the entry_cache_timeout value " @@ -1217,7 +1217,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:987 +#: sssd.conf.5.xml:988 msgid "" "For example, if the domain's entry_cache_timeout is set to 30s and " "entry_cache_nowait_percentage is set to 50 (percent), entries that come in " @@ -1227,7 +1227,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:997 +#: sssd.conf.5.xml:998 msgid "" "Valid values for this option are 0-99 and represent a percentage of the " "entry_cache_timeout for each domain. For performance reasons, this " @@ -1236,17 +1236,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1005 sssd.conf.5.xml:2121 +#: sssd.conf.5.xml:1006 sssd.conf.5.xml:2122 msgid "Default: 50" msgstr "Пешфарз: 50" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1010 +#: sssd.conf.5.xml:1011 msgid "entry_negative_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1013 +#: sssd.conf.5.xml:1014 msgid "" "Specifies for how many seconds nss_sss should cache negative cache hits " "(that is, queries for invalid database entries, like nonexistent ones) " @@ -1254,17 +1254,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1019 sssd.conf.5.xml:1778 sssd.conf.5.xml:2145 +#: sssd.conf.5.xml:1020 sssd.conf.5.xml:1779 sssd.conf.5.xml:2146 msgid "Default: 15" msgstr "Пешфарз: 15" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1024 +#: sssd.conf.5.xml:1025 msgid "local_negative_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1027 +#: sssd.conf.5.xml:1028 msgid "" "Specifies for how many seconds nss_sss should keep local users and groups in " "negative cache before trying to look it up in the back end again. Setting " @@ -1272,17 +1272,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1033 +#: sssd.conf.5.xml:1034 msgid "Default: 14400 (4 hours)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1038 +#: sssd.conf.5.xml:1039 msgid "filter_users, filter_groups (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1041 +#: sssd.conf.5.xml:1042 msgid "" "Exclude certain users or groups from being fetched from the sss NSS " "database. This is particularly useful for system accounts. This option can " @@ -1291,7 +1291,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1049 +#: sssd.conf.5.xml:1050 msgid "" "NOTE: The filter_groups option doesn't affect inheritance of nested group " "members, since filtering happens after they are propagated for returning via " @@ -1300,41 +1300,41 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1057 +#: sssd.conf.5.xml:1058 msgid "Default: root" msgstr "Пешфарз: root" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1062 +#: sssd.conf.5.xml:1063 msgid "filter_users_in_groups (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1065 +#: sssd.conf.5.xml:1066 msgid "" "If you want filtered user still be group members set this option to false." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1076 +#: sssd.conf.5.xml:1077 msgid "fallback_homedir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1079 +#: sssd.conf.5.xml:1080 msgid "" "Set a default template for a user's home directory if one is not specified " "explicitly by the domain's data provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1084 +#: sssd.conf.5.xml:1085 msgid "" "The available values for this option are the same as for override_homedir." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1090 +#: sssd.conf.5.xml:1091 #, no-wrap msgid "" "fallback_homedir = /home/%u\n" @@ -1342,23 +1342,23 @@ msgid "" msgstr "" #. type: Content of: <varlistentry><listitem><para> -#: sssd.conf.5.xml:1088 sssd.conf.5.xml:1650 sssd.conf.5.xml:1669 -#: sssd.conf.5.xml:1746 sssd-krb5.5.xml:451 include/override_homedir.xml:66 +#: sssd.conf.5.xml:1089 sssd.conf.5.xml:1651 sssd.conf.5.xml:1670 +#: sssd.conf.5.xml:1747 sssd-krb5.5.xml:451 include/override_homedir.xml:66 msgid "example: <placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1094 +#: sssd.conf.5.xml:1095 msgid "Default: not set (no substitution for unset home directories)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1100 +#: sssd.conf.5.xml:1101 msgid "override_shell (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1103 +#: sssd.conf.5.xml:1104 msgid "" "Override the login shell for all users. This option supersedes any other " "shell options if it takes effect and can be set either in the [nss] section " @@ -1366,47 +1366,47 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1109 +#: sssd.conf.5.xml:1110 msgid "Default: not set (SSSD will use the value retrieved from LDAP)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1115 +#: sssd.conf.5.xml:1116 msgid "allowed_shells (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1118 +#: sssd.conf.5.xml:1119 msgid "" "Restrict user shell to one of the listed values. The order of evaluation is:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1121 +#: sssd.conf.5.xml:1122 msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1125 +#: sssd.conf.5.xml:1126 msgid "" "2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</" "quote>, use the value of the shell_fallback parameter." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1130 +#: sssd.conf.5.xml:1131 msgid "" "3. If the shell is not in the allowed_shells list and not in <quote>/etc/" "shells</quote>, a nologin shell is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1135 +#: sssd.conf.5.xml:1136 msgid "The wildcard (*) can be used to allow any shell." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1138 +#: sssd.conf.5.xml:1139 msgid "" "The (*) is useful if you want to use shell_fallback in case that user's " "shell is not in <quote>/etc/shells</quote> and maintaining list of all " @@ -1414,113 +1414,113 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1145 +#: sssd.conf.5.xml:1146 msgid "An empty string for shell is passed as-is to libc." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1148 +#: sssd.conf.5.xml:1149 msgid "" "The <quote>/etc/shells</quote> is only read on SSSD start up, which means " "that a restart of the SSSD is required in case a new shell is installed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1152 +#: sssd.conf.5.xml:1153 msgid "Default: Not set. The user shell is automatically used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1157 +#: sssd.conf.5.xml:1158 msgid "vetoed_shells (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1160 +#: sssd.conf.5.xml:1161 msgid "Replace any instance of these shells with the shell_fallback" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1165 +#: sssd.conf.5.xml:1166 msgid "shell_fallback (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1168 +#: sssd.conf.5.xml:1169 msgid "" "The default shell to use if an allowed shell is not installed on the machine." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1172 +#: sssd.conf.5.xml:1173 msgid "Default: /bin/sh" msgstr "Пешфарз: /bin/sh" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1177 +#: sssd.conf.5.xml:1178 msgid "default_shell" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1180 +#: sssd.conf.5.xml:1181 msgid "" "The default shell to use if the provider does not return one during lookup. " "This option can be specified globally in the [nss] section or per-domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1186 +#: sssd.conf.5.xml:1187 msgid "" "Default: not set (Return NULL if no shell is specified and rely on libc to " "substitute something sensible when necessary, usually /bin/sh)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1193 sssd.conf.5.xml:1576 +#: sssd.conf.5.xml:1194 sssd.conf.5.xml:1577 msgid "get_domains_timeout (int)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1196 sssd.conf.5.xml:1579 +#: sssd.conf.5.xml:1197 sssd.conf.5.xml:1580 msgid "" "Specifies time in seconds for which the list of subdomains will be " "considered valid." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1205 +#: sssd.conf.5.xml:1206 msgid "memcache_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1208 +#: sssd.conf.5.xml:1209 msgid "" "Specifies time in seconds for which records in the in-memory cache will be " "valid. Setting this option to zero will disable the in-memory cache." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1216 +#: sssd.conf.5.xml:1217 msgid "" "WARNING: Disabling the in-memory cache will have significant negative impact " "on SSSD's performance and should only be used for testing." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1222 sssd.conf.5.xml:1247 sssd.conf.5.xml:1272 -#: sssd.conf.5.xml:1297 sssd.conf.5.xml:1324 +#: sssd.conf.5.xml:1223 sssd.conf.5.xml:1248 sssd.conf.5.xml:1273 +#: sssd.conf.5.xml:1298 sssd.conf.5.xml:1325 msgid "" "NOTE: If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", " "client applications will not use the fast in-memory cache." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1230 +#: sssd.conf.5.xml:1231 msgid "memcache_size_passwd (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1233 +#: sssd.conf.5.xml:1234 msgid "" "Size (in megabytes) of the data table allocated inside fast in-memory cache " "for passwd requests. Setting the size to 0 will disable the passwd in-" @@ -1528,25 +1528,25 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1239 sssd.conf.5.xml:2963 sssd-ldap.5.xml:548 +#: sssd.conf.5.xml:1240 sssd.conf.5.xml:2964 sssd-ldap.5.xml:548 msgid "Default: 8" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1242 sssd.conf.5.xml:1267 sssd.conf.5.xml:1292 -#: sssd.conf.5.xml:1319 +#: sssd.conf.5.xml:1243 sssd.conf.5.xml:1268 sssd.conf.5.xml:1293 +#: sssd.conf.5.xml:1320 msgid "" "WARNING: Disabled or too small in-memory cache can have significant negative " "impact on SSSD's performance." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1255 +#: sssd.conf.5.xml:1256 msgid "memcache_size_group (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1258 +#: sssd.conf.5.xml:1259 msgid "" "Size (in megabytes) of the data table allocated inside fast in-memory cache " "for group requests. Setting the size to 0 will disable the group in-memory " @@ -1554,19 +1554,19 @@ msgid "" msgstr "" #. type: Content of: <variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1264 sssd.conf.5.xml:1316 sssd.conf.5.xml:3729 +#: sssd.conf.5.xml:1265 sssd.conf.5.xml:1317 sssd.conf.5.xml:3730 #: sssd-ldap.5.xml:473 sssd-ldap.5.xml:525 include/failover.xml:116 #: include/krb5_options.xml:11 msgid "Default: 6" msgstr "Пешфарз: 6" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1280 +#: sssd.conf.5.xml:1281 msgid "memcache_size_initgroups (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1283 +#: sssd.conf.5.xml:1284 msgid "" "Size (in megabytes) of the data table allocated inside fast in-memory cache " "for initgroups requests. Setting the size to 0 will disable the initgroups " @@ -1574,12 +1574,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1305 +#: sssd.conf.5.xml:1306 msgid "memcache_size_sid (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1308 +#: sssd.conf.5.xml:1309 msgid "" "Size (in megabytes) of the data table allocated inside fast in-memory cache " "for SID related requests. Only SID-by-ID and ID-by-SID requests are " @@ -1588,12 +1588,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1332 sssd-ifp.5.xml:90 +#: sssd.conf.5.xml:1333 sssd-ifp.5.xml:90 msgid "user_attributes (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1335 +#: sssd.conf.5.xml:1336 msgid "" "Some of the additional NSS responder requests can return more attributes " "than just the POSIX ones defined by the NSS interface. The list of " @@ -1604,45 +1604,45 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1348 +#: sssd.conf.5.xml:1349 msgid "" "To make configuration more easy the NSS responder will check the InfoPipe " "option if it is not set for the NSS responder." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1353 +#: sssd.conf.5.xml:1354 msgid "Default: not set, fallback to InfoPipe option" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1358 +#: sssd.conf.5.xml:1359 msgid "pwfield (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1361 +#: sssd.conf.5.xml:1362 msgid "" "The value that NSS operations that return users or groups will return for " "the <quote>password</quote> field." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1366 +#: sssd.conf.5.xml:1367 #, fuzzy #| msgid "Default: true" msgid "Default: <quote>*</quote>" msgstr "Пешфарз: true" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1369 +#: sssd.conf.5.xml:1370 msgid "" "Note: This option can also be set per-domain which overwrites the value in " "[nss] section." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1373 +#: sssd.conf.5.xml:1374 msgid "" "Default: <quote>not set</quote> (remote domains), <phrase " "condition=\"with_files_provider\"> <quote>x</quote> (the files domain), </" @@ -1651,60 +1651,60 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:1385 +#: sssd.conf.5.xml:1386 msgid "PAM configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:1387 +#: sssd.conf.5.xml:1388 msgid "" "These options can be used to configure the Pluggable Authentication Module " "(PAM) service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1392 +#: sssd.conf.5.xml:1393 msgid "offline_credentials_expiration (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1395 +#: sssd.conf.5.xml:1396 msgid "" "If the authentication provider is offline, how long should we allow cached " "logins (in days since the last successful online login)." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1400 sssd.conf.5.xml:1413 +#: sssd.conf.5.xml:1401 sssd.conf.5.xml:1414 msgid "Default: 0 (No limit)" msgstr "Пешфарз: 0 (Номаҳдуд)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1406 +#: sssd.conf.5.xml:1407 msgid "offline_failed_login_attempts (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1409 +#: sssd.conf.5.xml:1410 msgid "" "If the authentication provider is offline, how many failed login attempts " "are allowed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1419 +#: sssd.conf.5.xml:1420 msgid "offline_failed_login_delay (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1422 +#: sssd.conf.5.xml:1423 msgid "" "The time in minutes which has to pass after offline_failed_login_attempts " "has been reached before a new login attempt is possible." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1427 +#: sssd.conf.5.xml:1428 msgid "" "If set to 0 the user cannot authenticate offline if " "offline_failed_login_attempts has been reached. Only a successful online " @@ -1712,59 +1712,59 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1433 sssd.conf.5.xml:1543 +#: sssd.conf.5.xml:1434 sssd.conf.5.xml:1544 msgid "Default: 5" msgstr "Пешфарз: 5" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1439 +#: sssd.conf.5.xml:1440 msgid "pam_verbosity (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1442 +#: sssd.conf.5.xml:1443 msgid "" "Controls what kind of messages are shown to the user during authentication. " "The higher the number to more messages are displayed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1447 +#: sssd.conf.5.xml:1448 msgid "Currently sssd supports the following values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1450 +#: sssd.conf.5.xml:1451 msgid "<emphasis>0</emphasis>: do not show any message" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1453 +#: sssd.conf.5.xml:1454 msgid "<emphasis>1</emphasis>: show only important messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1457 +#: sssd.conf.5.xml:1458 msgid "<emphasis>2</emphasis>: show informational messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1460 +#: sssd.conf.5.xml:1461 msgid "<emphasis>3</emphasis>: show all messages and debug information" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1464 sssd.8.xml:63 +#: sssd.conf.5.xml:1465 sssd.8.xml:63 msgid "Default: 1" msgstr "Пешфарз: 1" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1470 +#: sssd.conf.5.xml:1471 msgid "pam_response_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1473 +#: sssd.conf.5.xml:1474 msgid "" "A comma separated list of strings which allows to remove (filter) data sent " "by the PAM responder to pam_sss PAM module. There are different kind of " @@ -1773,51 +1773,51 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1481 +#: sssd.conf.5.xml:1482 msgid "" "While messages already can be controlled with the help of the pam_verbosity " "option this option allows to filter out other kind of responses as well." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1488 +#: sssd.conf.5.xml:1489 msgid "ENV" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1489 +#: sssd.conf.5.xml:1490 msgid "Do not send any environment variables to any service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1492 +#: sssd.conf.5.xml:1493 msgid "ENV:var_name" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1493 +#: sssd.conf.5.xml:1494 msgid "Do not send environment variable var_name to any service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1497 +#: sssd.conf.5.xml:1498 msgid "ENV:var_name:service" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1498 +#: sssd.conf.5.xml:1499 msgid "Do not send environment variable var_name to service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1486 +#: sssd.conf.5.xml:1487 msgid "" "Currently the following filters are supported: <placeholder " "type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1505 +#: sssd.conf.5.xml:1506 msgid "" "The list of strings can either be the list of filters which would set this " "list of filters and overwrite the defaults. Or each element of the list can " @@ -1828,23 +1828,23 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1516 +#: sssd.conf.5.xml:1517 msgid "Default: ENV:KRB5CCNAME:sudo, ENV:KRB5CCNAME:sudo-i" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1519 +#: sssd.conf.5.xml:1520 msgid "" "Example: -ENV:KRB5CCNAME:sudo-i will remove the filter from the default list" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1526 +#: sssd.conf.5.xml:1527 msgid "pam_id_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1529 +#: sssd.conf.5.xml:1530 msgid "" "For any PAM request while SSSD is online, the SSSD will attempt to " "immediately update the cached identity information for the user in order to " @@ -1852,7 +1852,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1535 +#: sssd.conf.5.xml:1536 msgid "" "A complete PAM conversation may perform multiple PAM requests, such as " "account management and session opening. This option controls (on a per-" @@ -1861,17 +1861,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1549 +#: sssd.conf.5.xml:1550 msgid "pam_pwd_expiration_warning (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1552 sssd.conf.5.xml:2987 +#: sssd.conf.5.xml:1553 sssd.conf.5.xml:2988 msgid "Display a warning N days before the password expires." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1555 +#: sssd.conf.5.xml:1556 msgid "" "Please note that the backend server has to provide information about the " "expiration time of the password. If this information is missing, sssd " @@ -1879,31 +1879,31 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1561 sssd.conf.5.xml:2990 +#: sssd.conf.5.xml:1562 sssd.conf.5.xml:2991 msgid "" "If zero is set, then this filter is not applied, i.e. if the expiration " "warning was received from backend server, it will automatically be displayed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1566 +#: sssd.conf.5.xml:1567 msgid "" "This setting can be overridden by setting <emphasis>pwd_expiration_warning</" "emphasis> for a particular domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1571 sssd.conf.5.xml:3976 sssd-ldap.5.xml:606 sssd.8.xml:79 +#: sssd.conf.5.xml:1572 sssd.conf.5.xml:3977 sssd-ldap.5.xml:606 sssd.8.xml:79 msgid "Default: 0" msgstr "Пешфарз: 0" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1588 +#: sssd.conf.5.xml:1589 msgid "pam_trusted_users (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1591 +#: sssd.conf.5.xml:1592 msgid "" "Specifies the comma-separated list of UID values or user names that are " "allowed to run PAM conversations against trusted domains. Users not " @@ -1913,75 +1913,75 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1601 +#: sssd.conf.5.xml:1602 msgid "Default: All users are considered trusted by default" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1605 +#: sssd.conf.5.xml:1606 msgid "" "Please note that UID 0 is always allowed to access the PAM responder even in " "case it is not in the pam_trusted_users list." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1612 +#: sssd.conf.5.xml:1613 msgid "pam_public_domains (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1615 +#: sssd.conf.5.xml:1616 msgid "" "Specifies the comma-separated list of domain names that are accessible even " "to untrusted users." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1619 +#: sssd.conf.5.xml:1620 msgid "Two special values for pam_public_domains option are defined:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1623 +#: sssd.conf.5.xml:1624 msgid "" "all (Untrusted users are allowed to access all domains in PAM responder.)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1627 +#: sssd.conf.5.xml:1628 msgid "" "none (Untrusted users are not allowed to access any domains PAM in " "responder.)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1631 sssd.conf.5.xml:1656 sssd.conf.5.xml:1675 -#: sssd.conf.5.xml:1912 sssd.conf.5.xml:2732 sssd.conf.5.xml:3905 +#: sssd.conf.5.xml:1632 sssd.conf.5.xml:1657 sssd.conf.5.xml:1676 +#: sssd.conf.5.xml:1913 sssd.conf.5.xml:2733 sssd.conf.5.xml:3906 #: sssd-ldap.5.xml:1207 msgid "Default: none" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1636 +#: sssd.conf.5.xml:1637 msgid "pam_account_expired_message (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1639 +#: sssd.conf.5.xml:1640 msgid "" "Allows a custom expiration message to be set, replacing the default " "'Permission denied' message." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1644 +#: sssd.conf.5.xml:1645 msgid "" "Note: Please be aware that message is only printed for the SSH service " "unless pam_verbosity is set to 3 (show all messages and debug information)." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1652 +#: sssd.conf.5.xml:1653 #, no-wrap msgid "" "pam_account_expired_message = Account expired, please contact help desk.\n" @@ -1989,19 +1989,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1661 +#: sssd.conf.5.xml:1662 msgid "pam_account_locked_message (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1664 +#: sssd.conf.5.xml:1665 msgid "" "Allows a custom lockout message to be set, replacing the default 'Permission " "denied' message." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1671 +#: sssd.conf.5.xml:1672 #, no-wrap msgid "" "pam_account_locked_message = Account locked, please contact help desk.\n" @@ -2009,17 +2009,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1680 +#: sssd.conf.5.xml:1681 msgid "pam_passkey_auth (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1683 +#: sssd.conf.5.xml:1684 msgid "Enable passkey device based authentication." msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1686 sssd.conf.5.xml:1697 sssd.conf.5.xml:1711 +#: sssd.conf.5.xml:1687 sssd.conf.5.xml:1698 sssd.conf.5.xml:1712 #: sssd-ldap.5.xml:671 sssd-ldap.5.xml:692 sssd-ldap.5.xml:788 #: sssd-ldap.5.xml:1293 sssd-ad.5.xml:505 sssd-ad.5.xml:581 sssd-ad.5.xml:1126 #: sssd-ad.5.xml:1175 include/ldap_id_mapping.xml:250 @@ -2027,22 +2027,22 @@ msgid "Default: False" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1691 +#: sssd.conf.5.xml:1692 msgid "passkey_debug_libfido2 (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1694 +#: sssd.conf.5.xml:1695 msgid "Enable libfido2 library debug messages." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1702 +#: sssd.conf.5.xml:1703 msgid "pam_cert_auth (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1705 +#: sssd.conf.5.xml:1706 msgid "" "Enable certificate based Smartcard authentication. Since this requires " "additional communication with the Smartcard which will delay the " @@ -2050,34 +2050,34 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1716 +#: sssd.conf.5.xml:1717 msgid "pam_cert_db_path (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1719 +#: sssd.conf.5.xml:1720 msgid "The path to the certificate database." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1722 sssd.conf.5.xml:2247 sssd.conf.5.xml:4308 +#: sssd.conf.5.xml:1723 sssd.conf.5.xml:2248 sssd.conf.5.xml:4354 msgid "Default:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1724 sssd.conf.5.xml:2249 +#: sssd.conf.5.xml:1725 sssd.conf.5.xml:2250 msgid "" "/etc/sssd/pki/sssd_auth_ca_db.pem (path to a file with trusted CA " "certificates in PEM format)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1734 +#: sssd.conf.5.xml:1735 msgid "pam_cert_verification (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1737 +#: sssd.conf.5.xml:1738 msgid "" "With this parameter the PAM certificate verification can be tuned with a " "comma separated list of options that override the " @@ -2087,7 +2087,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1748 +#: sssd.conf.5.xml:1749 #, no-wrap msgid "" "pam_cert_verification = partial_chain\n" @@ -2095,59 +2095,59 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1752 +#: sssd.conf.5.xml:1753 msgid "" "Default: not set, i.e. use default <quote>certificate_verification</quote> " "option defined in <quote>[sssd]</quote> section." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1759 +#: sssd.conf.5.xml:1760 msgid "p11_child_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1762 +#: sssd.conf.5.xml:1763 msgid "How many seconds will pam_sss wait for p11_child to finish." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1771 +#: sssd.conf.5.xml:1772 msgid "passkey_child_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1774 +#: sssd.conf.5.xml:1775 msgid "" "How many seconds will the PAM responder wait for passkey_child to finish." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1783 +#: sssd.conf.5.xml:1784 msgid "pam_app_services (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1786 +#: sssd.conf.5.xml:1787 msgid "" "Which PAM services are permitted to contact domains of type " "<quote>application</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1795 +#: sssd.conf.5.xml:1796 msgid "pam_p11_allowed_services (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1798 +#: sssd.conf.5.xml:1799 msgid "" "A comma-separated list of PAM service names for which it will be allowed to " "use Smartcards." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1813 +#: sssd.conf.5.xml:1814 #, no-wrap msgid "" "pam_p11_allowed_services = +my_pam_service, -login\n" @@ -2155,7 +2155,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1802 +#: sssd.conf.5.xml:1803 msgid "" "It is possible to add another PAM service name to the default set by using " "<quote>+service_name</quote> or to explicitly remove a PAM service name from " @@ -2167,63 +2167,63 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1817 sssd-ad.5.xml:644 sssd-ad.5.xml:753 sssd-ad.5.xml:811 +#: sssd.conf.5.xml:1818 sssd-ad.5.xml:644 sssd-ad.5.xml:753 sssd-ad.5.xml:811 #: sssd-ad.5.xml:869 sssd-ad.5.xml:947 msgid "Default: the default set of PAM service names includes:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1822 sssd-ad.5.xml:648 +#: sssd.conf.5.xml:1823 sssd-ad.5.xml:648 msgid "login" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1827 sssd-ad.5.xml:653 +#: sssd.conf.5.xml:1828 sssd-ad.5.xml:653 msgid "su" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1832 sssd-ad.5.xml:658 +#: sssd.conf.5.xml:1833 sssd-ad.5.xml:658 msgid "su-l" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1837 sssd-ad.5.xml:673 +#: sssd.conf.5.xml:1838 sssd-ad.5.xml:673 msgid "gdm-smartcard" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1842 sssd-ad.5.xml:668 +#: sssd.conf.5.xml:1843 sssd-ad.5.xml:668 msgid "gdm-password" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1847 sssd-ad.5.xml:678 +#: sssd.conf.5.xml:1848 sssd-ad.5.xml:678 msgid "kdm" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1852 sssd-ad.5.xml:956 +#: sssd.conf.5.xml:1853 sssd-ad.5.xml:956 msgid "sudo" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1857 sssd-ad.5.xml:961 +#: sssd.conf.5.xml:1858 sssd-ad.5.xml:961 msgid "sudo-i" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1862 +#: sssd.conf.5.xml:1863 msgid "gnome-screensaver" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1870 +#: sssd.conf.5.xml:1871 msgid "p11_wait_for_card_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1873 +#: sssd.conf.5.xml:1874 msgid "" "If Smartcard authentication is required how many extra seconds in addition " "to p11_child_timeout should the PAM responder wait until a Smartcard is " @@ -2231,12 +2231,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1884 +#: sssd.conf.5.xml:1885 msgid "p11_uri (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1887 +#: sssd.conf.5.xml:1888 msgid "" "PKCS#11 URI (see RFC-7512 for details) which can be used to restrict the " "selection of devices used for Smartcard authentication. By default SSSD's " @@ -2247,7 +2247,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1900 +#: sssd.conf.5.xml:1901 #, no-wrap msgid "" "p11_uri = pkcs11:slot-description=My%20Smartcard%20Reader\n" @@ -2255,7 +2255,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1904 +#: sssd.conf.5.xml:1905 #, no-wrap msgid "" "p11_uri = pkcs11:library-description=OpenSC%20smartcard%20framework;slot-id=2\n" @@ -2263,7 +2263,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1898 +#: sssd.conf.5.xml:1899 msgid "" "Example: <placeholder type=\"programlisting\" id=\"0\"/> or <placeholder " "type=\"programlisting\" id=\"1\"/> To find suitable URI please check the " @@ -2272,47 +2272,47 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1917 +#: sssd.conf.5.xml:1918 msgid "pam_initgroups_scheme" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1925 +#: sssd.conf.5.xml:1926 msgid "always" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1926 +#: sssd.conf.5.xml:1927 msgid "" "Always do an online lookup, please note that pam_id_timeout still applies" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1930 +#: sssd.conf.5.xml:1931 msgid "no_session" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1931 +#: sssd.conf.5.xml:1932 msgid "" "Only do an online lookup if there is no active session of the user, i.e. if " "the user is currently not logged in" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1936 +#: sssd.conf.5.xml:1937 msgid "never" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1937 +#: sssd.conf.5.xml:1938 msgid "" "Never force an online lookup, use the data from the cache as long as they " "are not expired" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1920 +#: sssd.conf.5.xml:1921 msgid "" "The PAM responder can force an online lookup to get the current group " "memberships of the user trying to log in. This option controls when this " @@ -2321,30 +2321,30 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1944 +#: sssd.conf.5.xml:1945 msgid "Default: no_session" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1949 sssd.conf.5.xml:4247 +#: sssd.conf.5.xml:1950 sssd.conf.5.xml:4293 msgid "pam_gssapi_services" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1952 +#: sssd.conf.5.xml:1953 msgid "" "Comma separated list of PAM services that are allowed to try GSSAPI " "authentication using pam_sss_gss.so module." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1957 +#: sssd.conf.5.xml:1958 msgid "" "To disable GSSAPI authentication, set this option to <quote>-</quote> (dash)." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1961 sssd.conf.5.xml:1992 sssd.conf.5.xml:2030 +#: sssd.conf.5.xml:1962 sssd.conf.5.xml:1993 sssd.conf.5.xml:2031 msgid "" "Note: This option can also be set per-domain which overwrites the value in " "[pam] section. It can also be set for trusted domain which overwrites the " @@ -2352,7 +2352,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1969 +#: sssd.conf.5.xml:1970 #, no-wrap msgid "" "pam_gssapi_services = sudo, sudo-i\n" @@ -2360,22 +2360,22 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1967 sssd.conf.5.xml:3899 +#: sssd.conf.5.xml:1968 sssd.conf.5.xml:3900 msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1973 +#: sssd.conf.5.xml:1974 msgid "Default: - (GSSAPI authentication is disabled)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1978 sssd.conf.5.xml:4248 +#: sssd.conf.5.xml:1979 sssd.conf.5.xml:4294 msgid "pam_gssapi_check_upn" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1981 +#: sssd.conf.5.xml:1982 msgid "" "If True, SSSD will require that the Kerberos user principal that " "successfully authenticated through GSSAPI can be associated with the user " @@ -2383,25 +2383,25 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1988 +#: sssd.conf.5.xml:1989 msgid "" "If False, every user that is able to obtained required service ticket will " "be authenticated." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1998 sssd-ad.5.xml:1266 sss_rpcidmapd.5.xml:76 +#: sssd.conf.5.xml:1999 sssd-ad.5.xml:1266 sss_rpcidmapd.5.xml:76 #: sssd-files.5.xml:145 msgid "Default: True" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2003 +#: sssd.conf.5.xml:2004 msgid "pam_gssapi_indicators_map" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2006 +#: sssd.conf.5.xml:2007 msgid "" "Comma separated list of authentication indicators required to be present in " "a Kerberos ticket to access a PAM service that is allowed to try GSSAPI " @@ -2409,7 +2409,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2012 +#: sssd.conf.5.xml:2013 msgid "" "Each element of the list can be either an authentication indicator name or a " "pair <quote>service:indicator</quote>. Indicators not prefixed with the PAM " @@ -2424,7 +2424,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2025 +#: sssd.conf.5.xml:2026 msgid "" "To disable GSSAPI authentication indicator check, set this option to <quote>-" "</quote> (dash). To disable the check for a specific PAM service, add " @@ -2432,45 +2432,45 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2036 +#: sssd.conf.5.xml:2037 msgid "" "Following authentication indicators are supported by IPA Kerberos " "deployments:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2039 +#: sssd.conf.5.xml:2040 msgid "" "pkinit -- pre-authentication using X.509 certificates -- whether stored in " "files or on smart cards." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2042 +#: sssd.conf.5.xml:2043 msgid "" "hardened -- SPAKE pre-authentication or any pre-authentication wrapped in a " "FAST channel." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2045 +#: sssd.conf.5.xml:2046 msgid "radius -- pre-authentication with the help of a RADIUS server." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2048 +#: sssd.conf.5.xml:2049 msgid "" "otp -- pre-authentication using integrated two-factor authentication (2FA or " "one-time password, OTP) in IPA." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2051 +#: sssd.conf.5.xml:2052 msgid "idp -- pre-authentication using external identity provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:2061 +#: sssd.conf.5.xml:2062 #, no-wrap msgid "" "pam_gssapi_indicators_map = sudo:pkinit, sudo-i:pkinit\n" @@ -2478,7 +2478,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2056 +#: sssd.conf.5.xml:2057 msgid "" "Example: to require access to SUDO services only for users which obtained " "their Kerberos tickets with a X.509 certificate pre-authentication (PKINIT), " @@ -2486,17 +2486,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2065 +#: sssd.conf.5.xml:2066 msgid "Default: not set (use of authentication indicators is not required)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:2073 +#: sssd.conf.5.xml:2074 msgid "SUDO configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2075 +#: sssd.conf.5.xml:2076 msgid "" "These options can be used to configure the sudo service. The detailed " "instructions for configuration of <citerefentry> <refentrytitle>sudo</" @@ -2507,24 +2507,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2092 +#: sssd.conf.5.xml:2093 msgid "sudo_timed (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2095 +#: sssd.conf.5.xml:2096 msgid "" "Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes " "that implement time-dependent sudoers entries." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2107 +#: sssd.conf.5.xml:2108 msgid "sudo_threshold (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2110 +#: sssd.conf.5.xml:2111 msgid "" "Maximum number of expired rules that can be refreshed at once. If number of " "expired rules is below threshold, those rules are refreshed with " @@ -2534,22 +2534,22 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:2129 +#: sssd.conf.5.xml:2130 msgid "AUTOFS configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2131 +#: sssd.conf.5.xml:2132 msgid "These options can be used to configure the autofs service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2135 +#: sssd.conf.5.xml:2136 msgid "autofs_negative_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2138 +#: sssd.conf.5.xml:2139 msgid "" "Specifies for how many seconds should the autofs responder negative cache " "hits (that is, queries for invalid map entries, like nonexistent ones) " @@ -2557,51 +2557,51 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:2154 +#: sssd.conf.5.xml:2155 msgid "SSH configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2156 +#: sssd.conf.5.xml:2157 msgid "These options can be used to configure the SSH service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2160 +#: sssd.conf.5.xml:2161 msgid "ssh_hash_known_hosts (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2163 +#: sssd.conf.5.xml:2164 msgid "" "Whether or not to hash host names and addresses in the managed known_hosts " "file." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2172 +#: sssd.conf.5.xml:2173 msgid "ssh_known_hosts_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2175 +#: sssd.conf.5.xml:2176 msgid "" "How many seconds to keep a host in the managed known_hosts file after its " "host keys were requested." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2179 +#: sssd.conf.5.xml:2180 msgid "Default: 180" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2184 +#: sssd.conf.5.xml:2185 msgid "ssh_use_certificate_keys (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2187 +#: sssd.conf.5.xml:2188 msgid "" "If set to true the <command>sss_ssh_authorizedkeys</command> will return ssh " "keys derived from the public key of X.509 certificates stored in the user " @@ -2610,12 +2610,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2202 +#: sssd.conf.5.xml:2203 msgid "ssh_use_certificate_matching_rules (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2205 +#: sssd.conf.5.xml:2206 msgid "" "By default the ssh responder will use all available certificate matching " "rules to filter the certificates so that ssh keys are only derived from the " @@ -2625,7 +2625,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2214 +#: sssd.conf.5.xml:2215 msgid "" "There are two special key words 'all_rules' and 'no_rules' which will enable " "all or no rules, respectively. The latter means that no certificates will be " @@ -2633,7 +2633,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2221 +#: sssd.conf.5.xml:2222 msgid "" "If no rules are configured using 'all_rules' will enable a default rule " "which enables all certificates suitable for client authentication. This is " @@ -2642,38 +2642,38 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2228 +#: sssd.conf.5.xml:2229 msgid "" "A non-existing rule name is considered an error. If as a result no rule is " "selected all certificates will be ignored." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2233 +#: sssd.conf.5.xml:2234 msgid "" "Default: not set, equivalent to 'all_rules', all found rules or the default " "rule are used" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2239 +#: sssd.conf.5.xml:2240 msgid "ca_db (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2242 +#: sssd.conf.5.xml:2243 msgid "" "Path to a storage of trusted CA certificates. The option is used to validate " "user certificates before deriving public ssh keys from them." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:2262 +#: sssd.conf.5.xml:2263 msgid "PAC responder configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2264 +#: sssd.conf.5.xml:2265 msgid "" "The PAC responder works together with the authorization data plugin for MIT " "Kerberos sssd_pac_plugin.so and a sub-domain provider. The plugin sends the " @@ -2684,7 +2684,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2273 +#: sssd.conf.5.xml:2274 msgid "" "If the remote user does not exist in the cache, it is created. The UID is " "determined with the help of the SID, trusted domains will have UPGs and the " @@ -2695,24 +2695,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2281 +#: sssd.conf.5.xml:2282 msgid "" "If there are SIDs of groups from domains sssd knows about, the user will be " "added to those groups." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2287 +#: sssd.conf.5.xml:2288 msgid "These options can be used to configure the PAC responder." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2291 sssd-ifp.5.xml:66 +#: sssd.conf.5.xml:2292 sssd-ifp.5.xml:66 msgid "allowed_uids (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2294 +#: sssd.conf.5.xml:2295 msgid "" "Specifies the comma-separated list of UID values or user names that are " "allowed to access the PAC responder. User names are resolved to UIDs at " @@ -2720,12 +2720,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2300 +#: sssd.conf.5.xml:2301 msgid "Default: 0 (only the root user is allowed to access the PAC responder)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2304 +#: sssd.conf.5.xml:2305 msgid "" "Please note that although the UID 0 is used as the default it will be " "overwritten with this option. If you still want to allow the root user to " @@ -2734,24 +2734,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2313 +#: sssd.conf.5.xml:2314 msgid "pac_lifetime (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2316 +#: sssd.conf.5.xml:2317 msgid "" "Lifetime of the PAC entry in seconds. As long as the PAC is valid the PAC " "data can be used to determine the group memberships of a user." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2326 +#: sssd.conf.5.xml:2327 msgid "pac_check (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2329 +#: sssd.conf.5.xml:2330 msgid "" "Apply additional checks on the PAC of the Kerberos ticket which is available " "in Active Directory and FreeIPA domains, if configured. Please note that " @@ -2762,24 +2762,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2343 +#: sssd.conf.5.xml:2344 msgid "no_check" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2345 +#: sssd.conf.5.xml:2346 msgid "" "The PAC must not be present and even if it is present no additional checks " "will be done." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2351 +#: sssd.conf.5.xml:2352 msgid "pac_present" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2353 +#: sssd.conf.5.xml:2354 msgid "" "The PAC must be present in the service ticket which SSSD will request with " "the help of the user's TGT. If the PAC is not available the authentication " @@ -2787,24 +2787,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2361 +#: sssd.conf.5.xml:2362 msgid "check_upn" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2363 +#: sssd.conf.5.xml:2364 msgid "" "If the PAC is present check if the user principal name (UPN) information is " "consistent." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2369 +#: sssd.conf.5.xml:2370 msgid "check_upn_allow_missing" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2371 +#: sssd.conf.5.xml:2372 msgid "" "This option should be used together with 'check_upn' and handles the case " "where a UPN is set on the server-side but is not read by SSSD. The typical " @@ -2816,7 +2816,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2383 +#: sssd.conf.5.xml:2384 msgid "" "Currently this option is set by default to avoid regressions in such " "environments. A log message will be added to the system log and SSSD's debug " @@ -2827,60 +2827,60 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2397 +#: sssd.conf.5.xml:2398 msgid "upn_dns_info_present" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2399 +#: sssd.conf.5.xml:2400 msgid "The PAC must contain the UPN-DNS-INFO buffer, implies 'check_upn'." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2404 +#: sssd.conf.5.xml:2405 msgid "check_upn_dns_info_ex" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2406 +#: sssd.conf.5.xml:2407 msgid "" "If the PAC is present and the extension to the UPN-DNS-INFO buffer is " "available check if the information in the extension is consistent." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2413 +#: sssd.conf.5.xml:2414 msgid "upn_dns_info_ex_present" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2415 +#: sssd.conf.5.xml:2416 msgid "" "The PAC must contain the extension of the UPN-DNS-INFO buffer, implies " "'check_upn_dns_info_ex', 'upn_dns_info_present' and 'check_upn'." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2339 +#: sssd.conf.5.xml:2340 msgid "" "The following options can be used alone or in a comma-separated list: " "<placeholder type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2425 +#: sssd.conf.5.xml:2426 msgid "" "Default: no_check (AD and IPA provider 'check_upn, check_upn_allow_missing, " "check_upn_dns_info_ex')" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:2434 +#: sssd.conf.5.xml:2435 msgid "Session recording configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2436 +#: sssd.conf.5.xml:2437 msgid "" "Session recording works in conjunction with <citerefentry> " "<refentrytitle>tlog-rec-session</refentrytitle> <manvolnum>8</manvolnum> </" @@ -2890,66 +2890,66 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2449 +#: sssd.conf.5.xml:2450 msgid "These options can be used to configure session recording." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2453 sssd-session-recording.5.xml:64 +#: sssd.conf.5.xml:2454 sssd-session-recording.5.xml:64 msgid "scope (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2460 sssd-session-recording.5.xml:71 +#: sssd.conf.5.xml:2461 sssd-session-recording.5.xml:71 msgid "\"none\"" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2463 sssd-session-recording.5.xml:74 +#: sssd.conf.5.xml:2464 sssd-session-recording.5.xml:74 msgid "No users are recorded." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2468 sssd-session-recording.5.xml:79 +#: sssd.conf.5.xml:2469 sssd-session-recording.5.xml:79 msgid "\"some\"" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2471 sssd-session-recording.5.xml:82 +#: sssd.conf.5.xml:2472 sssd-session-recording.5.xml:82 msgid "" "Users/groups specified by <replaceable>users</replaceable> and " "<replaceable>groups</replaceable> options are recorded." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2480 sssd-session-recording.5.xml:91 +#: sssd.conf.5.xml:2481 sssd-session-recording.5.xml:91 msgid "\"all\"" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2483 sssd-session-recording.5.xml:94 +#: sssd.conf.5.xml:2484 sssd-session-recording.5.xml:94 msgid "All users are recorded." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2456 sssd-session-recording.5.xml:67 +#: sssd.conf.5.xml:2457 sssd-session-recording.5.xml:67 msgid "" "One of the following strings specifying the scope of session recording: " "<placeholder type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2490 sssd-session-recording.5.xml:101 +#: sssd.conf.5.xml:2491 sssd-session-recording.5.xml:101 msgid "Default: \"none\"" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2495 sssd-session-recording.5.xml:106 +#: sssd.conf.5.xml:2496 sssd-session-recording.5.xml:106 msgid "users (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2498 sssd-session-recording.5.xml:109 +#: sssd.conf.5.xml:2499 sssd-session-recording.5.xml:109 msgid "" "A comma-separated list of users which should have session recording enabled. " "Matches user names as returned by NSS. I.e. after the possible space " @@ -2957,17 +2957,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2504 sssd-session-recording.5.xml:115 +#: sssd.conf.5.xml:2505 sssd-session-recording.5.xml:115 msgid "Default: Empty. Matches no users." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2509 sssd-session-recording.5.xml:120 +#: sssd.conf.5.xml:2510 sssd-session-recording.5.xml:120 msgid "groups (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2512 sssd-session-recording.5.xml:123 +#: sssd.conf.5.xml:2513 sssd-session-recording.5.xml:123 msgid "" "A comma-separated list of groups, members of which should have session " "recording enabled. Matches group names as returned by NSS. I.e. after the " @@ -2975,7 +2975,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2518 sssd.conf.5.xml:2550 sssd-session-recording.5.xml:129 +#: sssd.conf.5.xml:2519 sssd.conf.5.xml:2551 sssd-session-recording.5.xml:129 #: sssd-session-recording.5.xml:161 msgid "" "NOTE: using this option (having it set to anything) has a considerable " @@ -2984,56 +2984,56 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2525 sssd-session-recording.5.xml:136 +#: sssd.conf.5.xml:2526 sssd-session-recording.5.xml:136 msgid "Default: Empty. Matches no groups." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2530 sssd-session-recording.5.xml:141 +#: sssd.conf.5.xml:2531 sssd-session-recording.5.xml:141 msgid "exclude_users (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2533 sssd-session-recording.5.xml:144 +#: sssd.conf.5.xml:2534 sssd-session-recording.5.xml:144 msgid "" "A comma-separated list of users to be excluded from recording, only " "applicable with 'scope=all'." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2537 sssd-session-recording.5.xml:148 +#: sssd.conf.5.xml:2538 sssd-session-recording.5.xml:148 msgid "Default: Empty. No users excluded." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2542 sssd-session-recording.5.xml:153 +#: sssd.conf.5.xml:2543 sssd-session-recording.5.xml:153 msgid "exclude_groups (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2545 sssd-session-recording.5.xml:156 +#: sssd.conf.5.xml:2546 sssd-session-recording.5.xml:156 msgid "" "A comma-separated list of groups, members of which should be excluded from " "recording. Only applicable with 'scope=all'." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2557 sssd-session-recording.5.xml:168 +#: sssd.conf.5.xml:2558 sssd-session-recording.5.xml:168 msgid "Default: Empty. No groups excluded." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:2567 +#: sssd.conf.5.xml:2568 msgid "DOMAIN SECTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2574 +#: sssd.conf.5.xml:2575 msgid "enabled" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2577 +#: sssd.conf.5.xml:2578 msgid "" "Explicitly enable or disable the domain. If <quote>true</quote>, the domain " "is always <quote>enabled</quote>. If <quote>false</quote>, the domain is " @@ -3043,12 +3043,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2589 +#: sssd.conf.5.xml:2590 msgid "domain_type (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2592 +#: sssd.conf.5.xml:2593 msgid "" "Specifies whether the domain is meant to be used by POSIX-aware clients such " "as the Name Service Switch or by applications that do not need POSIX data to " @@ -3057,14 +3057,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2600 +#: sssd.conf.5.xml:2601 msgid "" "Allowed values for this option are <quote>posix</quote> and " "<quote>application</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2604 +#: sssd.conf.5.xml:2605 msgid "" "POSIX domains are reachable by all services. Application domains are only " "reachable from the InfoPipe responder (see <citerefentry> " @@ -3073,38 +3073,38 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2612 +#: sssd.conf.5.xml:2613 msgid "" "NOTE: The application domains are currently well tested with " "<quote>id_provider=ldap</quote> only." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2616 +#: sssd.conf.5.xml:2617 msgid "" "For an easy way to configure a non-POSIX domains, please see the " "<quote>Application domains</quote> section." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2620 +#: sssd.conf.5.xml:2621 msgid "Default: posix" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2626 +#: sssd.conf.5.xml:2627 msgid "min_id,max_id (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2629 +#: sssd.conf.5.xml:2630 msgid "" "UID and GID limits for the domain. If a domain contains an entry that is " "outside these limits, it is ignored." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2634 +#: sssd.conf.5.xml:2635 msgid "" "For users, this affects the primary GID limit. The user will not be returned " "to NSS if either the UID or the primary GID is outside the range. For non-" @@ -3113,24 +3113,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2641 +#: sssd.conf.5.xml:2642 msgid "" "These ID limits affect even saving entries to cache, not only returning them " "by name or ID." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2645 +#: sssd.conf.5.xml:2646 msgid "Default: 1 for min_id, 0 (no limit) for max_id" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2651 +#: sssd.conf.5.xml:2652 msgid "enumerate (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2654 +#: sssd.conf.5.xml:2655 msgid "" "Determines if a domain can be enumerated, that is, whether the domain can " "list all the users and group it contains. Note that it is not required to " @@ -3139,29 +3139,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2662 +#: sssd.conf.5.xml:2663 msgid "TRUE = Users and groups are enumerated" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2665 +#: sssd.conf.5.xml:2666 msgid "FALSE = No enumerations for this domain" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2668 sssd.conf.5.xml:2942 sssd.conf.5.xml:3119 +#: sssd.conf.5.xml:2669 sssd.conf.5.xml:2943 sssd.conf.5.xml:3120 msgid "Default: FALSE" msgstr "Пешфарз: FALSE" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2671 +#: sssd.conf.5.xml:2672 msgid "" "Enumerating a domain requires SSSD to download and store ALL user and group " "entries from the remote server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2676 +#: sssd.conf.5.xml:2677 msgid "" "Note: Enabling enumeration has a moderate performance impact on SSSD while " "enumeration is running. It may take up to several minutes after SSSD startup " @@ -3175,14 +3175,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2691 +#: sssd.conf.5.xml:2692 msgid "" "While the first enumeration is running, requests for the complete user or " "group lists may return no results until it completes." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2696 +#: sssd.conf.5.xml:2697 msgid "" "Further, enabling enumeration may increase the time necessary to detect " "network disconnection, as longer timeouts are required to ensure that " @@ -3191,39 +3191,39 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2704 +#: sssd.conf.5.xml:2705 msgid "" "For the reasons cited above, enabling enumeration is not recommended, " "especially in large environments." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2712 +#: sssd.conf.5.xml:2713 msgid "subdomain_enumerate (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2719 +#: sssd.conf.5.xml:2720 msgid "all" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2720 +#: sssd.conf.5.xml:2721 msgid "All discovered trusted domains will be enumerated" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2723 +#: sssd.conf.5.xml:2724 msgid "none" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2724 +#: sssd.conf.5.xml:2725 msgid "No discovered trusted domains will be enumerated" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2715 +#: sssd.conf.5.xml:2716 msgid "" "Whether any of autodetected trusted domains should be enumerated. The " "supported values are: <placeholder type=\"variablelist\" id=\"0\"/> " @@ -3232,19 +3232,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2738 +#: sssd.conf.5.xml:2739 msgid "entry_cache_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2741 +#: sssd.conf.5.xml:2742 msgid "" "How many seconds should nss_sss consider entries valid before asking the " "backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2745 +#: sssd.conf.5.xml:2746 msgid "" "The cache expiration timestamps are stored as attributes of individual " "objects in the cache. Therefore, changing the cache timeout only has effect " @@ -3255,139 +3255,139 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2758 +#: sssd.conf.5.xml:2759 msgid "Default: 5400" msgstr "Пешфарз: 5400" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2764 +#: sssd.conf.5.xml:2765 msgid "entry_cache_user_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2767 +#: sssd.conf.5.xml:2768 msgid "" "How many seconds should nss_sss consider user entries valid before asking " "the backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2771 sssd.conf.5.xml:2784 sssd.conf.5.xml:2797 -#: sssd.conf.5.xml:2810 sssd.conf.5.xml:2824 sssd.conf.5.xml:2837 -#: sssd.conf.5.xml:2851 sssd.conf.5.xml:2865 sssd.conf.5.xml:2878 +#: sssd.conf.5.xml:2772 sssd.conf.5.xml:2785 sssd.conf.5.xml:2798 +#: sssd.conf.5.xml:2811 sssd.conf.5.xml:2825 sssd.conf.5.xml:2838 +#: sssd.conf.5.xml:2852 sssd.conf.5.xml:2866 sssd.conf.5.xml:2879 msgid "Default: entry_cache_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2777 +#: sssd.conf.5.xml:2778 msgid "entry_cache_group_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2780 +#: sssd.conf.5.xml:2781 msgid "" "How many seconds should nss_sss consider group entries valid before asking " "the backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2790 +#: sssd.conf.5.xml:2791 msgid "entry_cache_netgroup_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2793 +#: sssd.conf.5.xml:2794 msgid "" "How many seconds should nss_sss consider netgroup entries valid before " "asking the backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2803 +#: sssd.conf.5.xml:2804 msgid "entry_cache_service_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2806 +#: sssd.conf.5.xml:2807 msgid "" "How many seconds should nss_sss consider service entries valid before asking " "the backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2816 +#: sssd.conf.5.xml:2817 msgid "entry_cache_resolver_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2819 +#: sssd.conf.5.xml:2820 msgid "" "How many seconds should nss_sss consider hosts and networks entries valid " "before asking the backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2830 +#: sssd.conf.5.xml:2831 msgid "entry_cache_sudo_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2833 +#: sssd.conf.5.xml:2834 msgid "" "How many seconds should sudo consider rules valid before asking the backend " "again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2843 +#: sssd.conf.5.xml:2844 msgid "entry_cache_autofs_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2846 +#: sssd.conf.5.xml:2847 msgid "" "How many seconds should the autofs service consider automounter maps valid " "before asking the backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2857 +#: sssd.conf.5.xml:2858 msgid "entry_cache_ssh_host_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2860 +#: sssd.conf.5.xml:2861 msgid "" "How many seconds to keep a host ssh key after refresh. IE how long to cache " "the host key for." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2871 +#: sssd.conf.5.xml:2872 msgid "entry_cache_computer_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2874 +#: sssd.conf.5.xml:2875 msgid "" "How many seconds to keep the local computer entry before asking the backend " "again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2884 +#: sssd.conf.5.xml:2885 msgid "refresh_expired_interval (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2887 +#: sssd.conf.5.xml:2888 msgid "" "Specifies how many seconds SSSD has to wait before triggering a background " "refresh task which will refresh all expired or nearly expired records." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2892 +#: sssd.conf.5.xml:2893 msgid "" "The background refresh will process users, groups and netgroups in the " "cache. For users who have performed the initgroups (get group membership for " @@ -3396,17 +3396,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2900 +#: sssd.conf.5.xml:2901 msgid "This option is automatically inherited for all trusted domains." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2904 +#: sssd.conf.5.xml:2905 msgid "You can consider setting this value to 3/4 * entry_cache_timeout." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2908 +#: sssd.conf.5.xml:2909 msgid "" "Cache entry will be refreshed by background task when 2/3 of cache timeout " "has already passed. If there are existing cached entries, the background " @@ -3418,23 +3418,23 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2921 sssd-ldap.5.xml:360 sssd-ldap.5.xml:1736 +#: sssd.conf.5.xml:2922 sssd-ldap.5.xml:360 sssd-ldap.5.xml:1736 #: sssd-ipa.5.xml:270 msgid "Default: 0 (disabled)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2927 +#: sssd.conf.5.xml:2928 msgid "cache_credentials (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2930 +#: sssd.conf.5.xml:2931 msgid "Determines if user credentials are also cached in the local LDB cache." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2934 +#: sssd.conf.5.xml:2935 msgid "" "Take a note that while credentials are stored as a salted SHA512 hash, this " "still potentially poses some security risk in case an attacker manages to " @@ -3443,12 +3443,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2948 +#: sssd.conf.5.xml:2949 msgid "cache_credentials_minimal_first_factor_length (int)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2951 +#: sssd.conf.5.xml:2952 msgid "" "If 2-Factor-Authentication (2FA) is used and credentials should be saved " "this value determines the minimal length the first authentication factor " @@ -3456,19 +3456,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2958 +#: sssd.conf.5.xml:2959 msgid "" "This should avoid that the short PINs of a PIN based 2FA scheme are saved in " "the cache which would make them easy targets for brute-force attacks." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2969 +#: sssd.conf.5.xml:2970 msgid "account_cache_expiration (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2972 +#: sssd.conf.5.xml:2973 msgid "" "Number of days entries are left in cache after last successful login before " "being removed during a cleanup of the cache. 0 means keep forever. The " @@ -3477,17 +3477,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2979 +#: sssd.conf.5.xml:2980 msgid "Default: 0 (unlimited)" msgstr "Пешфарз: 0 (номаҳдуд)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2984 +#: sssd.conf.5.xml:2985 msgid "pwd_expiration_warning (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2995 +#: sssd.conf.5.xml:2996 msgid "" "Please note that the backend server has to provide information about the " "expiration time of the password. If this information is missing, sssd " @@ -3496,28 +3496,28 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3002 +#: sssd.conf.5.xml:3003 msgid "Default: 7 (Kerberos), 0 (LDAP)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3008 +#: sssd.conf.5.xml:3009 msgid "id_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3011 +#: sssd.conf.5.xml:3012 msgid "" "The identification provider used for the domain. Supported ID providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3015 +#: sssd.conf.5.xml:3016 msgid "<quote>proxy</quote>: Support a legacy NSS provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3018 +#: sssd.conf.5.xml:3019 msgid "" "<quote>files</quote>: FILES provider. See <citerefentry> <refentrytitle>sssd-" "files</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more " @@ -3525,7 +3525,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3026 +#: sssd.conf.5.xml:3027 msgid "" "<quote>ldap</quote>: LDAP provider. See <citerefentry> <refentrytitle>sssd-" "ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more " @@ -3533,8 +3533,8 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3034 sssd.conf.5.xml:3145 sssd.conf.5.xml:3196 -#: sssd.conf.5.xml:3259 +#: sssd.conf.5.xml:3035 sssd.conf.5.xml:3146 sssd.conf.5.xml:3197 +#: sssd.conf.5.xml:3260 msgid "" "<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management " "provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> " @@ -3543,8 +3543,8 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3043 sssd.conf.5.xml:3154 sssd.conf.5.xml:3205 -#: sssd.conf.5.xml:3268 +#: sssd.conf.5.xml:3044 sssd.conf.5.xml:3155 sssd.conf.5.xml:3206 +#: sssd.conf.5.xml:3269 msgid "" "<quote>ad</quote>: Active Directory provider. See <citerefentry> " "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3552,19 +3552,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3054 +#: sssd.conf.5.xml:3055 msgid "use_fully_qualified_names (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3057 +#: sssd.conf.5.xml:3058 msgid "" "Use the full name and domain (as formatted by the domain's full_name_format) " "as the user's login name reported to NSS." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3062 +#: sssd.conf.5.xml:3063 msgid "" "If set to TRUE, all requests to this domain must use fully qualified names. " "For example, if used in LOCAL domain that contains a \"test\" user, " @@ -3573,7 +3573,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3070 +#: sssd.conf.5.xml:3071 msgid "" "NOTE: This option has no effect on netgroup lookups due to their tendency to " "include nested netgroups without qualified names. For netgroups, all domains " @@ -3581,24 +3581,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3077 +#: sssd.conf.5.xml:3078 msgid "" "Default: FALSE (TRUE for trusted domain/sub-domains or if " "default_domain_suffix is used)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3084 +#: sssd.conf.5.xml:3085 msgid "ignore_group_members (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3087 +#: sssd.conf.5.xml:3088 msgid "Do not return group members for group lookups." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3090 +#: sssd.conf.5.xml:3091 msgid "" "If set to TRUE, the group membership attribute is not requested from the " "ldap server, and group members are not returned when processing group lookup " @@ -3610,7 +3610,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3108 +#: sssd.conf.5.xml:3109 msgid "" "Enabling this option can also make access provider checks for group " "membership significantly faster, especially for groups containing many " @@ -3618,7 +3618,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3114 sssd.conf.5.xml:3821 sssd-ldap.5.xml:326 +#: sssd.conf.5.xml:3115 sssd.conf.5.xml:3822 sssd-ldap.5.xml:326 #: sssd-ldap.5.xml:355 sssd-ldap.5.xml:408 sssd-ldap.5.xml:468 #: sssd-ldap.5.xml:489 sssd-ldap.5.xml:520 sssd-ldap.5.xml:543 #: sssd-ldap.5.xml:582 sssd-ldap.5.xml:601 sssd-ldap.5.xml:625 @@ -3629,19 +3629,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3124 +#: sssd.conf.5.xml:3125 msgid "auth_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3127 +#: sssd.conf.5.xml:3128 msgid "" "The authentication provider used for the domain. Supported auth providers " "are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3131 sssd.conf.5.xml:3189 +#: sssd.conf.5.xml:3132 sssd.conf.5.xml:3190 msgid "" "<quote>ldap</quote> for native LDAP authentication. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3649,7 +3649,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3138 +#: sssd.conf.5.xml:3139 msgid "" "<quote>krb5</quote> for Kerberos authentication. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3657,30 +3657,30 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3162 +#: sssd.conf.5.xml:3163 msgid "" "<quote>proxy</quote> for relaying authentication to some other PAM target." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3165 +#: sssd.conf.5.xml:3166 msgid "<quote>none</quote> disables authentication explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3168 +#: sssd.conf.5.xml:3169 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can handle " "authentication requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3174 +#: sssd.conf.5.xml:3175 msgid "access_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3177 +#: sssd.conf.5.xml:3178 msgid "" "The access control provider used for the domain. There are two built-in " "access providers (in addition to any included in installed backends) " @@ -3688,19 +3688,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3183 +#: sssd.conf.5.xml:3184 msgid "" "<quote>permit</quote> always allow access. It's the only permitted access " "provider for a local domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3186 +#: sssd.conf.5.xml:3187 msgid "<quote>deny</quote> always deny access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3213 +#: sssd.conf.5.xml:3214 msgid "" "<quote>simple</quote> access control based on access or deny lists. See " "<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</" @@ -3709,7 +3709,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3220 +#: sssd.conf.5.xml:3221 msgid "" "<quote>krb5</quote>: .k5login based access control. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum></" @@ -3717,29 +3717,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3227 +#: sssd.conf.5.xml:3228 msgid "<quote>proxy</quote> for relaying access control to another PAM module." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3230 +#: sssd.conf.5.xml:3231 msgid "Default: <quote>permit</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3235 +#: sssd.conf.5.xml:3236 msgid "chpass_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3238 +#: sssd.conf.5.xml:3239 msgid "" "The provider which should handle change password operations for the domain. " "Supported change password providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3243 +#: sssd.conf.5.xml:3244 msgid "" "<quote>ldap</quote> to change a password stored in a LDAP server. See " "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" @@ -3747,7 +3747,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3251 +#: sssd.conf.5.xml:3252 msgid "" "<quote>krb5</quote> to change the Kerberos password. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3755,35 +3755,35 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3276 +#: sssd.conf.5.xml:3277 msgid "" "<quote>proxy</quote> for relaying password changes to some other PAM target." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3280 +#: sssd.conf.5.xml:3281 msgid "<quote>none</quote> disallows password changes explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3283 +#: sssd.conf.5.xml:3284 msgid "" "Default: <quote>auth_provider</quote> is used if it is set and can handle " "change password requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3290 +#: sssd.conf.5.xml:3291 msgid "sudo_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3293 +#: sssd.conf.5.xml:3294 msgid "The SUDO provider used for the domain. Supported SUDO providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3297 +#: sssd.conf.5.xml:3298 msgid "" "<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3791,32 +3791,32 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3305 +#: sssd.conf.5.xml:3306 msgid "" "<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default " "settings." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3309 +#: sssd.conf.5.xml:3310 msgid "" "<quote>ad</quote> the same as <quote>ldap</quote> but with AD default " "settings." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3313 +#: sssd.conf.5.xml:3314 msgid "<quote>none</quote> disables SUDO explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3316 sssd.conf.5.xml:3402 sssd.conf.5.xml:3472 -#: sssd.conf.5.xml:3497 sssd.conf.5.xml:3533 +#: sssd.conf.5.xml:3317 sssd.conf.5.xml:3403 sssd.conf.5.xml:3473 +#: sssd.conf.5.xml:3498 sssd.conf.5.xml:3534 msgid "Default: The value of <quote>id_provider</quote> is used if it is set." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3320 +#: sssd.conf.5.xml:3321 msgid "" "The detailed instructions for configuration of sudo_provider are in the " "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " @@ -3827,7 +3827,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3335 +#: sssd.conf.5.xml:3336 msgid "" "<emphasis>NOTE:</emphasis> Sudo rules are periodically downloaded in the " "background unless the sudo provider is explicitly disabled. Set " @@ -3836,12 +3836,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3345 +#: sssd.conf.5.xml:3346 msgid "selinux_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3348 +#: sssd.conf.5.xml:3349 msgid "" "The provider which should handle loading of selinux settings. Note that this " "provider will be called right after access provider ends. Supported selinux " @@ -3849,7 +3849,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3354 +#: sssd.conf.5.xml:3355 msgid "" "<quote>ipa</quote> to load selinux settings from an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" @@ -3857,31 +3857,31 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3362 +#: sssd.conf.5.xml:3363 msgid "<quote>none</quote> disallows fetching selinux settings explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3365 +#: sssd.conf.5.xml:3366 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can handle " "selinux loading requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3371 +#: sssd.conf.5.xml:3372 msgid "subdomains_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3374 +#: sssd.conf.5.xml:3375 msgid "" "The provider which should handle fetching of subdomains. This value should " "be always the same as id_provider. Supported subdomain providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3380 +#: sssd.conf.5.xml:3381 msgid "" "<quote>ipa</quote> to load a list of subdomains from an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" @@ -3889,7 +3889,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3389 +#: sssd.conf.5.xml:3390 msgid "" "<quote>ad</quote> to load a list of subdomains from an Active Directory " "server. See <citerefentry> <refentrytitle>sssd-ad</refentrytitle> " @@ -3898,17 +3898,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3398 +#: sssd.conf.5.xml:3399 msgid "<quote>none</quote> disallows fetching subdomains explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3408 +#: sssd.conf.5.xml:3409 msgid "session_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3411 +#: sssd.conf.5.xml:3412 msgid "" "The provider which configures and manages user session related tasks. The " "only user session task currently provided is the integration with Fleet " @@ -3916,43 +3916,43 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3418 +#: sssd.conf.5.xml:3419 msgid "<quote>ipa</quote> to allow performing user session related tasks." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3422 +#: sssd.conf.5.xml:3423 msgid "" "<quote>none</quote> does not perform any kind of user session related tasks." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3426 +#: sssd.conf.5.xml:3427 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can perform " "session related tasks." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3430 +#: sssd.conf.5.xml:3431 msgid "" "<emphasis>NOTE:</emphasis> In order to have this feature working as expected " "SSSD must be running as \"root\" and not as the unprivileged user." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3438 +#: sssd.conf.5.xml:3439 msgid "autofs_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3441 +#: sssd.conf.5.xml:3442 msgid "" "The autofs provider used for the domain. Supported autofs providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3445 +#: sssd.conf.5.xml:3446 msgid "" "<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3960,7 +3960,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3452 +#: sssd.conf.5.xml:3453 msgid "" "<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> " "<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3968,7 +3968,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3460 +#: sssd.conf.5.xml:3461 msgid "" "<quote>ad</quote> to load maps stored in an AD server. See <citerefentry> " "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3976,24 +3976,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3469 +#: sssd.conf.5.xml:3470 msgid "<quote>none</quote> disables autofs explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3479 +#: sssd.conf.5.xml:3480 msgid "hostid_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3482 +#: sssd.conf.5.xml:3483 msgid "" "The provider used for retrieving host identity information. Supported " "hostid providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3486 +#: sssd.conf.5.xml:3487 msgid "" "<quote>ipa</quote> to load host identity stored in an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" @@ -4001,31 +4001,31 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3494 +#: sssd.conf.5.xml:3495 msgid "<quote>none</quote> disables hostid explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3504 +#: sssd.conf.5.xml:3505 msgid "resolver_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3507 +#: sssd.conf.5.xml:3508 msgid "" "The provider which should handle hosts and networks lookups. Supported " "resolver providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3511 +#: sssd.conf.5.xml:3512 msgid "" "<quote>proxy</quote> to forward lookups to another NSS library. See " "<quote>proxy_resolver_lib_name</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3515 +#: sssd.conf.5.xml:3516 msgid "" "<quote>ldap</quote> to fetch hosts and networks stored in LDAP. See " "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" @@ -4033,7 +4033,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3522 +#: sssd.conf.5.xml:3523 msgid "" "<quote>ad</quote> to fetch hosts and networks stored in AD. See " "<citerefentry> <refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</" @@ -4042,12 +4042,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3530 +#: sssd.conf.5.xml:3531 msgid "<quote>none</quote> disallows fetching hosts and networks explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3543 +#: sssd.conf.5.xml:3544 msgid "" "Regular expression for this domain that describes how to parse the string " "containing user name and domain into these components. The \"domain\" can " @@ -4057,24 +4057,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3552 +#: sssd.conf.5.xml:3553 msgid "" "Default: <quote>^((?P<name>.+)@(?P<domain>[^@]*)|(?P<name>" "[^@]+))$</quote> which allows two different styles for user names:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:3557 sssd.conf.5.xml:3571 +#: sssd.conf.5.xml:3558 sssd.conf.5.xml:3572 msgid "username" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:3560 sssd.conf.5.xml:3574 +#: sssd.conf.5.xml:3561 sssd.conf.5.xml:3575 msgid "username@domain.name" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3565 +#: sssd.conf.5.xml:3566 msgid "" "Default for the AD and IPA provider: <quote>^(((?P<domain>[^\\\\]+)\\" "\\(?P<name>.+))|((?P<name>.+)@(?P<domain>[^@]+))|((?P<" @@ -4083,19 +4083,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:3577 +#: sssd.conf.5.xml:3578 msgid "domain\\username" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3580 +#: sssd.conf.5.xml:3581 msgid "" "While the first two correspond to the general default the third one is " "introduced to allow easy integration of users from Windows domains." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3585 +#: sssd.conf.5.xml:3586 msgid "" "The default re_expression uses the <quote>@</quote> character as a separator " "between the name and the domain. As a result of this setting the default " @@ -4105,89 +4105,89 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3637 +#: sssd.conf.5.xml:3638 msgid "Default: <quote>%1$s@%2$s</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3643 +#: sssd.conf.5.xml:3644 msgid "lookup_family_order (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3646 +#: sssd.conf.5.xml:3647 msgid "" "Provides the ability to select preferred address family to use when " "performing DNS lookups." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3650 +#: sssd.conf.5.xml:3651 msgid "Supported values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3653 +#: sssd.conf.5.xml:3654 msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3656 +#: sssd.conf.5.xml:3657 msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3659 +#: sssd.conf.5.xml:3660 msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3662 +#: sssd.conf.5.xml:3663 msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3665 +#: sssd.conf.5.xml:3666 msgid "Default: ipv4_first" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3671 +#: sssd.conf.5.xml:3672 msgid "dns_resolver_server_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3674 +#: sssd.conf.5.xml:3675 msgid "" "Defines the amount of time (in milliseconds) SSSD would try to talk to DNS " "server before trying next DNS server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3679 +#: sssd.conf.5.xml:3680 msgid "" "The AD provider will use this option for the CLDAP ping timeouts as well." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3683 sssd.conf.5.xml:3703 sssd.conf.5.xml:3724 +#: sssd.conf.5.xml:3684 sssd.conf.5.xml:3704 sssd.conf.5.xml:3725 msgid "" "Please see the section <quote>FAILOVER</quote> for more information about " "the service resolution." msgstr "" #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3688 sssd-ldap.5.xml:644 include/failover.xml:84 +#: sssd.conf.5.xml:3689 sssd-ldap.5.xml:644 include/failover.xml:84 msgid "Default: 1000" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3694 +#: sssd.conf.5.xml:3695 msgid "dns_resolver_op_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3697 +#: sssd.conf.5.xml:3698 msgid "" "Defines the amount of time (in seconds) to wait to resolve single DNS query " "(e.g. resolution of a hostname or an SRV record) before trying the next " @@ -4195,12 +4195,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3714 +#: sssd.conf.5.xml:3715 msgid "dns_resolver_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3717 +#: sssd.conf.5.xml:3718 msgid "" "Defines the amount of time (in seconds) to wait for a reply from the " "internal fail over service before assuming that the service is unreachable. " @@ -4209,12 +4209,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3735 +#: sssd.conf.5.xml:3736 msgid "dns_resolver_use_search_list (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3738 +#: sssd.conf.5.xml:3739 msgid "" "Normally, the DNS resolver searches the domain list defined in the " "\"search\" directive from the resolv.conf file. This can lead to delays in " @@ -4222,7 +4222,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3744 +#: sssd.conf.5.xml:3745 msgid "" "If fully qualified domain names (or _srv_) are used in the SSSD " "configuration, setting this option to FALSE can prevent unnecessary DNS " @@ -4230,69 +4230,69 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3750 +#: sssd.conf.5.xml:3751 msgid "Default: TRUE" msgstr "Пешфарз: TRUE" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3756 +#: sssd.conf.5.xml:3757 msgid "dns_discovery_domain (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3759 +#: sssd.conf.5.xml:3760 msgid "" "If service discovery is used in the back end, specifies the domain part of " "the service discovery DNS query." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3763 +#: sssd.conf.5.xml:3764 msgid "Default: Use the domain part of machine's hostname" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3769 +#: sssd.conf.5.xml:3770 msgid "override_gid (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3772 +#: sssd.conf.5.xml:3773 msgid "Override the primary GID value with the one specified." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3778 +#: sssd.conf.5.xml:3779 msgid "case_sensitive (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3785 +#: sssd.conf.5.xml:3786 msgid "True" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3788 +#: sssd.conf.5.xml:3789 msgid "Case sensitive. This value is invalid for AD provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3794 +#: sssd.conf.5.xml:3795 msgid "False" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3796 +#: sssd.conf.5.xml:3797 msgid "Case insensitive." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3800 +#: sssd.conf.5.xml:3801 msgid "Preserving" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3803 +#: sssd.conf.5.xml:3804 msgid "" "Same as False (case insensitive), but does not lowercase names in the result " "of NSS operations. Note that name aliases (and in case of services also " @@ -4300,31 +4300,31 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3811 +#: sssd.conf.5.xml:3812 msgid "" "If you want to set this value for trusted domain with IPA provider, you need " "to set it on both the client and SSSD on the server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3781 +#: sssd.conf.5.xml:3782 msgid "" "Treat user and group names as case sensitive. Possible option values are: " "<placeholder type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3826 +#: sssd.conf.5.xml:3827 msgid "Default: True (False for AD provider)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3832 +#: sssd.conf.5.xml:3833 msgid "subdomain_inherit (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3835 +#: sssd.conf.5.xml:3836 msgid "" "Specifies a list of configuration parameters that should be inherited by a " "subdomain. Please note that only selected parameters can be inherited. " @@ -4332,104 +4332,104 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3841 +#: sssd.conf.5.xml:3842 msgid "ldap_search_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3844 +#: sssd.conf.5.xml:3845 msgid "ldap_network_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3847 +#: sssd.conf.5.xml:3848 msgid "ldap_opt_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3850 +#: sssd.conf.5.xml:3851 msgid "ldap_offline_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3853 +#: sssd.conf.5.xml:3854 msgid "ldap_enumeration_refresh_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3856 +#: sssd.conf.5.xml:3857 msgid "ldap_enumeration_refresh_offset" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3859 +#: sssd.conf.5.xml:3860 msgid "ldap_purge_cache_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3862 +#: sssd.conf.5.xml:3863 msgid "ldap_purge_cache_offset" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3865 +#: sssd.conf.5.xml:3866 msgid "" "ldap_krb5_keytab (the value of krb5_keytab will be used if ldap_krb5_keytab " "is not set explicitly)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3869 +#: sssd.conf.5.xml:3870 msgid "ldap_krb5_ticket_lifetime" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3872 +#: sssd.conf.5.xml:3873 msgid "ldap_enumeration_search_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3875 +#: sssd.conf.5.xml:3876 msgid "ldap_connection_expire_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3878 +#: sssd.conf.5.xml:3879 msgid "ldap_connection_expire_offset" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3881 +#: sssd.conf.5.xml:3882 msgid "ldap_connection_idle_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3884 sssd-ldap.5.xml:400 +#: sssd.conf.5.xml:3885 sssd-ldap.5.xml:400 msgid "ldap_use_tokengroups" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3887 +#: sssd.conf.5.xml:3888 msgid "ldap_user_principal" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3890 +#: sssd.conf.5.xml:3891 msgid "ignore_group_members" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3893 +#: sssd.conf.5.xml:3894 msgid "auto_private_groups" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3896 +#: sssd.conf.5.xml:3897 msgid "case_sensitive" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:3901 +#: sssd.conf.5.xml:3902 #, no-wrap msgid "" "subdomain_inherit = ldap_purge_cache_timeout\n" @@ -4437,27 +4437,27 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3908 +#: sssd.conf.5.xml:3909 msgid "Note: This option only works with the IPA and AD provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3915 +#: sssd.conf.5.xml:3916 msgid "subdomain_homedir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3926 +#: sssd.conf.5.xml:3927 msgid "%F" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3927 +#: sssd.conf.5.xml:3928 msgid "flat (NetBIOS) name of a subdomain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3918 +#: sssd.conf.5.xml:3919 msgid "" "Use this homedir as default value for all subdomains within this domain in " "IPA AD trust. See <emphasis>override_homedir</emphasis> for info about " @@ -4467,34 +4467,34 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3932 +#: sssd.conf.5.xml:3933 msgid "" "The value can be overridden by <emphasis>override_homedir</emphasis> option." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3936 +#: sssd.conf.5.xml:3937 msgid "Default: <filename>/home/%d/%u</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3941 +#: sssd.conf.5.xml:3942 msgid "realmd_tags (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3944 +#: sssd.conf.5.xml:3945 msgid "" "Various tags stored by the realmd configuration service for this domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3950 +#: sssd.conf.5.xml:3951 msgid "cached_auth_timeout (int)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3953 +#: sssd.conf.5.xml:3954 msgid "" "Specifies time in seconds since last successful online authentication for " "which user will be authenticated using cached credentials while SSSD is in " @@ -4503,19 +4503,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3961 +#: sssd.conf.5.xml:3962 msgid "" "This option's value is inherited by all trusted domains. At the moment it is " "not possible to set a different value per trusted domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3966 +#: sssd.conf.5.xml:3967 msgid "Special value 0 implies that this feature is disabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3970 +#: sssd.conf.5.xml:3971 msgid "" "Please note that if <quote>cached_auth_timeout</quote> is longer than " "<quote>pam_id_timeout</quote> then the back end could be called to handle " @@ -4523,24 +4523,83 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3981 +#: sssd.conf.5.xml:3982 +msgid "local_auth_policy (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3985 +msgid "" +"Local authentication methods policy. Some backends (i.e. LDAP, proxy " +"provider) only support a password based authentication, while others can " +"handle PKINIT based Smartcard authentication (AD, IPA), two-factor " +"authentication (IPA), or other methods against a central instance. By " +"default in such cases authentication is only performed with the methods " +"supported by the backend." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3995 +msgid "" +"There are three possible values for this option: match, only, enable. " +"<quote>match</quote> is used to match offline and online states for Kerberos " +"methods. <quote>only</quote> ignores the online methods and only offer the " +"local ones. enable allows explicitly defining the methods for local " +"authentication. As an example, <quote>enable:passkey</quote>, only enables " +"passkey for local authentication. Multiple enable values should be comma-" +"separated, such as <quote>enable:passkey, enable:smartcard</quote>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:4011 +#, no-wrap +msgid "" +"[domain/shadowutils]\n" +"id_provider = proxy\n" +"proxy_lib_name = files\n" +"auth_provider = none\n" +"local_auth_policy = only\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4007 +msgid "" +"The following configuration example allows local users to authenticate " +"locally using any enabled method (i.e. smartcard, passkey). <placeholder " +"type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4019 +msgid "This option is ignored for the files provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4022 +#, fuzzy +#| msgid "Default: 3" +msgid "Default: match" +msgstr "Пешфарз: 3" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4027 msgid "auto_private_groups (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3987 +#: sssd.conf.5.xml:4033 msgid "true" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3990 +#: sssd.conf.5.xml:4036 msgid "" "Create user's private group unconditionally from user's UID number. The GID " "number is ignored in this case." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3994 +#: sssd.conf.5.xml:4040 msgid "" "NOTE: Because the GID number and the user private group are inferred from " "the UID number, it is not supported to have multiple entries with the same " @@ -4549,24 +4608,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4003 +#: sssd.conf.5.xml:4049 msgid "false" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4006 +#: sssd.conf.5.xml:4052 msgid "" "Always use the user's primary GID number. The GID number must refer to a " "group object in the LDAP database." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4012 +#: sssd.conf.5.xml:4058 msgid "hybrid" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4015 +#: sssd.conf.5.xml:4061 msgid "" "A primary group is autogenerated for user entries whose UID and GID numbers " "have the same value and at the same time the GID number does not correspond " @@ -4576,14 +4635,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4028 +#: sssd.conf.5.xml:4074 msgid "" "If the UID and GID of a user are different, then the GID must correspond to " "a group entry, otherwise the GID is simply not resolvable." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4035 +#: sssd.conf.5.xml:4081 msgid "" "This feature is useful for environments that wish to stop maintaining a " "separate group objects for the user private groups, but also wish to retain " @@ -4591,21 +4650,21 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3984 +#: sssd.conf.5.xml:4030 msgid "" "This option takes any of three available values: <placeholder " "type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4047 +#: sssd.conf.5.xml:4093 msgid "" "For subdomains, the default value is False for subdomains that use assigned " "POSIX IDs and True for subdomains that use automatic ID-mapping." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:4055 +#: sssd.conf.5.xml:4101 #, no-wrap msgid "" "[domain/forest.domain/sub.domain]\n" @@ -4613,7 +4672,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:4061 +#: sssd.conf.5.xml:4107 #, no-wrap msgid "" "[domain/forest.domain]\n" @@ -4622,7 +4681,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4052 +#: sssd.conf.5.xml:4098 msgid "" "The value of auto_private_groups can either be set per subdomains in a " "subsection, for example: <placeholder type=\"programlisting\" id=\"0\"/> or " @@ -4631,7 +4690,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:2569 +#: sssd.conf.5.xml:2570 msgid "" "These configuration options can be present in a domain configuration " "section, that is, in a section called <quote>[domain/<replaceable>NAME</" @@ -4639,29 +4698,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4076 +#: sssd.conf.5.xml:4122 msgid "proxy_pam_target (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4079 +#: sssd.conf.5.xml:4125 msgid "The proxy target PAM proxies to." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4082 +#: sssd.conf.5.xml:4128 msgid "" "Default: not set by default, you have to take an existing pam configuration " "or create a new one and add the service name here." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4090 +#: sssd.conf.5.xml:4136 msgid "proxy_lib_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4093 +#: sssd.conf.5.xml:4139 msgid "" "The name of the NSS library to use in proxy domains. The NSS functions " "searched for in the library are in the form of _nss_$(libName)_$(function), " @@ -4669,12 +4728,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4103 +#: sssd.conf.5.xml:4149 msgid "proxy_resolver_lib_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4106 +#: sssd.conf.5.xml:4152 msgid "" "The name of the NSS library to use for hosts and networks lookups in proxy " "domains. The NSS functions searched for in the library are in the form of " @@ -4682,12 +4741,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4117 +#: sssd.conf.5.xml:4163 msgid "proxy_fast_alias (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4120 +#: sssd.conf.5.xml:4166 msgid "" "When a user or group is looked up by name in the proxy provider, a second " "lookup by ID is performed to \"canonicalize\" the name in case the requested " @@ -4696,12 +4755,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4134 +#: sssd.conf.5.xml:4180 msgid "proxy_max_children (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4137 +#: sssd.conf.5.xml:4183 msgid "" "This option specifies the number of pre-forked proxy children. It is useful " "for high-load SSSD environments where sssd may run out of available child " @@ -4709,19 +4768,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4072 +#: sssd.conf.5.xml:4118 msgid "" "Options valid for proxy domains. <placeholder type=\"variablelist\" " "id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:4153 +#: sssd.conf.5.xml:4199 msgid "Application domains" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4155 +#: sssd.conf.5.xml:4201 msgid "" "SSSD, with its D-Bus interface (see <citerefentry> <refentrytitle>sssd-ifp</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry>) is appealing to " @@ -4738,7 +4797,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4175 +#: sssd.conf.5.xml:4221 msgid "" "Please note that the application domain must still be explicitly enabled in " "the <quote>domains</quote> parameter so that the lookup order between the " @@ -4746,17 +4805,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> -#: sssd.conf.5.xml:4181 +#: sssd.conf.5.xml:4227 msgid "Application domain parameters" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4183 +#: sssd.conf.5.xml:4229 msgid "inherit_from (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4186 +#: sssd.conf.5.xml:4232 msgid "" "The SSSD POSIX-type domain the application domain inherits all settings " "from. The application domain can moreover add its own settings to the " @@ -4765,7 +4824,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4200 +#: sssd.conf.5.xml:4246 msgid "" "The following example illustrates the use of an application domain. In this " "setup, the POSIX domain is connected to an LDAP server and is used by the OS " @@ -4775,7 +4834,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><programlisting> -#: sssd.conf.5.xml:4208 +#: sssd.conf.5.xml:4254 #, no-wrap msgid "" "[sssd]\n" @@ -4795,12 +4854,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4228 +#: sssd.conf.5.xml:4274 msgid "TRUSTED DOMAIN SECTION" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4230 +#: sssd.conf.5.xml:4276 msgid "" "Some options used in the domain section can also be used in the trusted " "domain section, that is, in a section called <quote>[domain/" @@ -4811,69 +4870,69 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4237 +#: sssd.conf.5.xml:4283 msgid "ldap_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4238 +#: sssd.conf.5.xml:4284 msgid "ldap_user_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4239 +#: sssd.conf.5.xml:4285 msgid "ldap_group_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4240 +#: sssd.conf.5.xml:4286 msgid "ldap_netgroup_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4241 +#: sssd.conf.5.xml:4287 msgid "ldap_service_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4242 +#: sssd.conf.5.xml:4288 msgid "ldap_sasl_mech," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4243 +#: sssd.conf.5.xml:4289 msgid "ad_server," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4244 +#: sssd.conf.5.xml:4290 msgid "ad_backup_server," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4245 +#: sssd.conf.5.xml:4291 msgid "ad_site," msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4246 sssd-ipa.5.xml:879 +#: sssd.conf.5.xml:4292 sssd-ipa.5.xml:879 msgid "use_fully_qualified_names" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4250 +#: sssd.conf.5.xml:4296 msgid "" "For more details about these options see their individual description in the " "manual page." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4256 +#: sssd.conf.5.xml:4302 msgid "CERTIFICATE MAPPING SECTION" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4258 +#: sssd.conf.5.xml:4304 msgid "" "To allow authentication with Smartcards and certificates SSSD must be able " "to map certificates to users. This can be done by adding the full " @@ -4886,7 +4945,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4272 +#: sssd.conf.5.xml:4318 msgid "" "To make the mapping more flexible mapping and matching rules were added to " "SSSD (see <citerefentry> <refentrytitle>sss-certmap</refentrytitle> " @@ -4894,7 +4953,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4281 +#: sssd.conf.5.xml:4327 msgid "" "A mapping and matching rule can be added to the SSSD configuration in a " "section on its own with a name like <quote>[certmap/" @@ -4903,55 +4962,55 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4288 +#: sssd.conf.5.xml:4334 msgid "matchrule (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4291 +#: sssd.conf.5.xml:4337 msgid "" "Only certificates from the Smartcard which matches this rule will be " "processed, all others are ignored." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4295 +#: sssd.conf.5.xml:4341 msgid "" "Default: KRB5:<EKU>clientAuth, i.e. only certificates which have the " "Extended Key Usage <quote>clientAuth</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4302 +#: sssd.conf.5.xml:4348 msgid "maprule (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4305 +#: sssd.conf.5.xml:4351 msgid "Defines how the user is found for a given certificate." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4311 +#: sssd.conf.5.xml:4357 msgid "" "LDAP:(userCertificate;binary={cert!bin}) for LDAP based providers like " "<quote>ldap</quote>, <quote>AD</quote> or <quote>ipa</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4317 +#: sssd.conf.5.xml:4363 msgid "" "The RULE_NAME for the <quote>files</quote> provider which tries to find a " "user with the same name." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4326 +#: sssd.conf.5.xml:4372 msgid "domains (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4329 +#: sssd.conf.5.xml:4375 msgid "" "Comma separated list of domain names the rule should be applied. By default " "a rule is only valid in the domain configured in sssd.conf. If the provider " @@ -4960,17 +5019,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4336 +#: sssd.conf.5.xml:4382 msgid "Default: the configured domain in sssd.conf" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4341 +#: sssd.conf.5.xml:4387 msgid "priority (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4344 +#: sssd.conf.5.xml:4390 msgid "" "Unsigned integer value defining the priority of the rule. The higher the " "number the lower the priority. <quote>0</quote> stands for the highest " @@ -4978,26 +5037,26 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4350 +#: sssd.conf.5.xml:4396 msgid "Default: the lowest priority" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4356 +#: sssd.conf.5.xml:4402 msgid "" "To make the configuration simple and reduce the amount of configuration " "options the <quote>files</quote> provider has some special properties:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4362 +#: sssd.conf.5.xml:4408 msgid "" "if maprule is not set the RULE_NAME name is assumed to be the name of the " "matching user" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4368 +#: sssd.conf.5.xml:4414 msgid "" "if a maprule is used both a single user name or a template like " "<quote>{subject_rfc822_name.short_name}</quote> must be in braces like e.g. " @@ -5006,17 +5065,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4377 +#: sssd.conf.5.xml:4423 msgid "the <quote>domains</quote> option is ignored" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4385 +#: sssd.conf.5.xml:4431 msgid "PROMPTING CONFIGURATION SECTION" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4387 +#: sssd.conf.5.xml:4433 msgid "" "If a special file (<filename>/var/lib/sss/pubconf/pam_preauth_available</" "filename>) exists SSSD's PAM module pam_sss will ask SSSD to figure out " @@ -5026,7 +5085,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4395 +#: sssd.conf.5.xml:4441 msgid "" "With the growing number of authentication methods and the possibility that " "there are multiple ones for a single user the heuristic used by pam_sss to " @@ -5035,59 +5094,59 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4407 +#: sssd.conf.5.xml:4453 msgid "[prompting/password]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4410 +#: sssd.conf.5.xml:4456 msgid "password_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4411 +#: sssd.conf.5.xml:4457 msgid "to change the string of the password prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4409 +#: sssd.conf.5.xml:4455 msgid "" "to configure password prompting, allowed options are: <placeholder " "type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4419 +#: sssd.conf.5.xml:4465 msgid "[prompting/2fa]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4423 +#: sssd.conf.5.xml:4469 msgid "first_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4424 +#: sssd.conf.5.xml:4470 msgid "to change the string of the prompt for the first factor" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4427 +#: sssd.conf.5.xml:4473 msgid "second_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4428 +#: sssd.conf.5.xml:4474 msgid "to change the string of the prompt for the second factor" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4431 +#: sssd.conf.5.xml:4477 msgid "single_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4432 +#: sssd.conf.5.xml:4478 msgid "" "boolean value, if True there will be only a single prompt using the value of " "first_prompt where it is expected that both factors are entered as a single " @@ -5096,7 +5155,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4421 +#: sssd.conf.5.xml:4467 msgid "" "to configure two-factor authentication prompting, allowed options are: " "<placeholder type=\"variablelist\" id=\"0\"/> If the second factor is " @@ -5105,17 +5164,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4449 +#: sssd.conf.5.xml:4495 msgid "[prompting/passkey]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4455 sssd-ad.5.xml:1021 +#: sssd.conf.5.xml:4501 sssd-ad.5.xml:1021 msgid "interactive" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4457 +#: sssd.conf.5.xml:4503 msgid "" "boolean value, if True prompt a message and wait before testing the presence " "of a passkey device. Recommended if your device doesn’t have a tactile " @@ -5123,46 +5182,46 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4465 +#: sssd.conf.5.xml:4511 msgid "interactive_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4467 +#: sssd.conf.5.xml:4513 msgid "to change the message of the interactive prompt." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4472 +#: sssd.conf.5.xml:4518 msgid "touch" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4474 +#: sssd.conf.5.xml:4520 msgid "" "boolean value, if True prompt a message to remind the user to touch the " "device." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4480 +#: sssd.conf.5.xml:4526 msgid "touch_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4482 +#: sssd.conf.5.xml:4528 msgid "to change the message of the touch prompt." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4451 +#: sssd.conf.5.xml:4497 msgid "" "to configure passkey authentication prompting, allowed options are: " "<placeholder type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4402 +#: sssd.conf.5.xml:4448 msgid "" "Each supported authentication method has its own configuration subsection " "under <quote>[prompting/...]</quote>. Currently there are: <placeholder " @@ -5171,7 +5230,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4493 +#: sssd.conf.5.xml:4539 msgid "" "It is possible to add a subsection for specific PAM services, e.g. " "<quote>[prompting/password/sshd]</quote> to individual change the prompting " @@ -5179,12 +5238,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4500 pam_sss_gss.8.xml:157 idmap_sss.8.xml:43 +#: sssd.conf.5.xml:4546 pam_sss_gss.8.xml:157 idmap_sss.8.xml:43 msgid "EXAMPLES" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4506 +#: sssd.conf.5.xml:4552 #, no-wrap msgid "" "[sssd]\n" @@ -5214,7 +5273,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4502 +#: sssd.conf.5.xml:4548 msgid "" "1. The following example shows a typical SSSD config. It does not describe " "configuration of the domains themselves - refer to documentation on " @@ -5223,7 +5282,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4539 +#: sssd.conf.5.xml:4585 #, no-wrap msgid "" "[domain/ipa.com/child.ad.com]\n" @@ -5231,7 +5290,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4533 +#: sssd.conf.5.xml:4579 msgid "" "2. The following example shows configuration of IPA AD trust where the AD " "forest consists of two domains in a parent-child structure. Suppose IPA " @@ -5242,7 +5301,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4550 +#: sssd.conf.5.xml:4596 #, no-wrap msgid "" "[certmap/my.domain/rule_name]\n" @@ -5253,7 +5312,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4544 +#: sssd.conf.5.xml:4590 msgid "" "3. The following example shows the configuration of a certificate mapping " "rule. It is valid for the configured domain <quote>my.domain</quote> and " @@ -17250,7 +17309,7 @@ msgstr "" #: include/ldap_id_mapping.xml:235 msgid "" "When this option is configured, domains will be allocated starting with " -"slice zero and increasing monatomically with each additional domain." +"slice zero and increasing monotonically with each additional domain." msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> diff --git a/src/man/po/uk.po b/src/man/po/uk.po index 500939ae8bc..873fc756ac2 100644 --- a/src/man/po/uk.po +++ b/src/man/po/uk.po @@ -15,7 +15,7 @@ msgid "" msgstr "" "Project-Id-Version: sssd-docs 2.3.0\n" "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" -"POT-Creation-Date: 2023-05-05 10:09+0200\n" +"POT-Creation-Date: 2023-09-07 11:47+0200\n" "PO-Revision-Date: 2022-12-13 18:20+0000\n" "Last-Translator: Yuri Chornoivan <yurchor@ukr.net>\n" "Language-Team: Ukrainian <https://translate.fedoraproject.org/projects/sssd/" @@ -259,8 +259,8 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:136 sssd.conf.5.xml:173 sssd.conf.5.xml:358 -#: sssd.conf.5.xml:714 sssd.conf.5.xml:729 sssd.conf.5.xml:951 -#: sssd.conf.5.xml:1069 sssd.conf.5.xml:2197 sssd-ldap.5.xml:1071 +#: sssd.conf.5.xml:714 sssd.conf.5.xml:729 sssd.conf.5.xml:952 +#: sssd.conf.5.xml:1070 sssd.conf.5.xml:2198 sssd-ldap.5.xml:1071 #: sssd-ldap.5.xml:1174 sssd-ldap.5.xml:1243 sssd-ldap.5.xml:1750 #: sssd-ldap.5.xml:1815 sssd-ipa.5.xml:342 sssd-ad.5.xml:252 sssd-ad.5.xml:366 #: sssd-ad.5.xml:1200 sssd-ad.5.xml:1348 sssd-krb5.5.xml:358 @@ -283,8 +283,8 @@ msgstr "" "journald, цей параметр буде проігноровано." #. type: Content of: <variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:149 sssd.conf.5.xml:652 sssd.conf.5.xml:948 -#: sssd.conf.5.xml:2100 sssd.conf.5.xml:2167 sssd.conf.5.xml:4128 +#: sssd.conf.5.xml:149 sssd.conf.5.xml:652 sssd.conf.5.xml:949 +#: sssd.conf.5.xml:2101 sssd.conf.5.xml:2168 sssd.conf.5.xml:4174 #: sssd-ldap.5.xml:312 sssd-ldap.5.xml:917 sssd-ldap.5.xml:936 #: sssd-ldap.5.xml:1146 sssd-ldap.5.xml:1599 sssd-ldap.5.xml:1839 #: sssd-ipa.5.xml:152 sssd-ipa.5.xml:254 sssd-ipa.5.xml:657 sssd-ad.5.xml:1106 @@ -364,8 +364,8 @@ msgstr "" "самостійно." #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:196 sssd.conf.5.xml:1289 sssd.conf.5.xml:1766 -#: sssd.conf.5.xml:4144 sssd-ldap.5.xml:765 include/ldap_id_mapping.xml:270 +#: sssd.conf.5.xml:196 sssd.conf.5.xml:1290 sssd.conf.5.xml:1767 +#: sssd.conf.5.xml:4190 sssd-ldap.5.xml:765 include/ldap_id_mapping.xml:270 msgid "Default: 10" msgstr "Типове значення: 10" @@ -443,12 +443,12 @@ msgstr "" "\"systemctl enable sssd-@service@.socket\". </phrase>" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:258 sssd.conf.5.xml:783 +#: sssd.conf.5.xml:258 sssd.conf.5.xml:784 msgid "reconnection_retries (integer)" msgstr "reconnection_retries (ціле число)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:261 sssd.conf.5.xml:786 +#: sssd.conf.5.xml:261 sssd.conf.5.xml:787 msgid "" "Number of times services should attempt to reconnect in the event of a Data " "Provider crash or restart before they give up" @@ -458,7 +458,7 @@ msgstr "" "визнання подальших спроб безнадійними." #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:266 sssd.conf.5.xml:791 sssd.conf.5.xml:3708 +#: sssd.conf.5.xml:266 sssd.conf.5.xml:792 sssd.conf.5.xml:3709 #: include/failover.xml:100 msgid "Default: 3" msgstr "Типове значення: 3" @@ -487,7 +487,7 @@ msgstr "" "використовувати символ «/»." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:287 sssd.conf.5.xml:3540 +#: sssd.conf.5.xml:287 sssd.conf.5.xml:3541 msgid "re_expression (string)" msgstr "re_expression (рядок)" @@ -513,12 +513,12 @@ msgstr "" "ДОМЕНІВ." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:304 sssd.conf.5.xml:3597 +#: sssd.conf.5.xml:304 sssd.conf.5.xml:3598 msgid "full_name_format (string)" msgstr "full_name_format (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:307 sssd.conf.5.xml:3600 +#: sssd.conf.5.xml:307 sssd.conf.5.xml:3601 msgid "" "A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</" "manvolnum> </citerefentry>-compatible format that describes how to compose a " @@ -530,32 +530,32 @@ msgstr "" "домену." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:318 sssd.conf.5.xml:3611 +#: sssd.conf.5.xml:318 sssd.conf.5.xml:3612 msgid "%1$s" msgstr "%1$s" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:319 sssd.conf.5.xml:3612 +#: sssd.conf.5.xml:319 sssd.conf.5.xml:3613 msgid "user name" msgstr "ім’я користувача" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:322 sssd.conf.5.xml:3615 +#: sssd.conf.5.xml:322 sssd.conf.5.xml:3616 msgid "%2$s" msgstr "%2$s" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:325 sssd.conf.5.xml:3618 +#: sssd.conf.5.xml:325 sssd.conf.5.xml:3619 msgid "domain name as specified in the SSSD config file." msgstr "назва домену у форматі, вказаному у файлі налаштувань SSSD." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:331 sssd.conf.5.xml:3624 +#: sssd.conf.5.xml:331 sssd.conf.5.xml:3625 msgid "%3$s" msgstr "%3$s" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:334 sssd.conf.5.xml:3627 +#: sssd.conf.5.xml:334 sssd.conf.5.xml:3628 msgid "" "domain flat name. Mostly usable for Active Directory domains, both directly " "configured or discovered via IPA trusts." @@ -564,7 +564,7 @@ msgstr "" "Directory, налаштованих та автоматично виявлених за зв’язками довіри IPA." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:315 sssd.conf.5.xml:3608 +#: sssd.conf.5.xml:315 sssd.conf.5.xml:3609 msgid "" "The following expansions are supported: <placeholder type=\"variablelist\" " "id=\"0\"/>" @@ -1133,7 +1133,7 @@ msgstr "" "різних доменах можуть бути однаковими." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:700 sssd.conf.5.xml:1790 sssd.conf.5.xml:4194 +#: sssd.conf.5.xml:700 sssd.conf.5.xml:1791 sssd.conf.5.xml:4240 #: sssd-ad.5.xml:187 sssd-ad.5.xml:327 sssd-ad.5.xml:341 msgid "Default: Not set" msgstr "Типове значення: не встановлено" @@ -1190,11 +1190,11 @@ msgstr "pam_cert_verification (рядок)" #: sssd.conf.5.xml:744 msgid "" "Enable or disable the user verification (i.e. PIN, fingerprint) during " -"authentication." +"authentication. If enabled, the PIN will always be requested." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:749 +#: sssd.conf.5.xml:750 msgid "" "The default is that the key settings decide what to do. In the IPA or " "kerberos pre-authentication case, this value will be overwritten by the " @@ -1234,12 +1234,12 @@ msgstr "" "профілів. <placeholder type=\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:768 +#: sssd.conf.5.xml:769 msgid "SERVICES SECTIONS" msgstr "РОЗДІЛИ СЛУЖБ" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:770 +#: sssd.conf.5.xml:771 msgid "" "Settings that can be used to configure different services are described in " "this section. They should reside in the [<replaceable>$NAME</replaceable>] " @@ -1252,22 +1252,22 @@ msgstr "" "у розділі <quote>[nss]</quote>" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:777 +#: sssd.conf.5.xml:778 msgid "General service configuration options" msgstr "Загальні параметри налаштування служб" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:779 +#: sssd.conf.5.xml:780 msgid "These options can be used to configure any service." msgstr "Цими параметрами можна скористатися для налаштування будь-яких служб." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:796 +#: sssd.conf.5.xml:797 msgid "fd_limit" msgstr "fd_limit" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:799 +#: sssd.conf.5.xml:800 msgid "" "This option specifies the maximum number of file descriptors that may be " "opened at one time by this SSSD process. On systems where SSSD is granted " @@ -1283,17 +1283,17 @@ msgstr "" "цього параметра і обмеженням \"hard\" у limits.conf." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:808 +#: sssd.conf.5.xml:809 msgid "Default: 8192 (or limits.conf \"hard\" limit)" msgstr "Типове значення: 8192 (або обмеження у limits.conf \"hard\")" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:813 +#: sssd.conf.5.xml:814 msgid "client_idle_timeout" msgstr "client_idle_timeout" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:816 +#: sssd.conf.5.xml:817 msgid "" "This option specifies the number of seconds that a client of an SSSD process " "can hold onto a file descriptor without communicating on it. This value is " @@ -1309,17 +1309,17 @@ msgstr "" "до 10 секунд." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:825 +#: sssd.conf.5.xml:826 msgid "Default: 60, KCM: 300" msgstr "Типове значення: 60, KCM: 300" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:830 +#: sssd.conf.5.xml:831 msgid "offline_timeout (integer)" msgstr "offline_timeout (ціле число)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:833 +#: sssd.conf.5.xml:834 msgid "" "When SSSD switches to offline mode the amount of time before it tries to go " "back online will increase based upon the time spent disconnected. By " @@ -1337,7 +1337,7 @@ msgstr "" "із мережею нове значення обчислюється за такою формулою:" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:844 sssd.conf.5.xml:900 +#: sssd.conf.5.xml:845 sssd.conf.5.xml:901 msgid "" "new_delay = Minimum(old_delay * 2, offline_timeout_max) + random[0..." "offline_timeout_random_offset]" @@ -1346,7 +1346,7 @@ msgstr "" "offline_timeout_random_offset]" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:847 +#: sssd.conf.5.xml:848 msgid "" "The offline_timeout default value is 60. The offline_timeout_max default " "value is 3600. The offline_timeout_random_offset default value is 30. The " @@ -1357,7 +1357,7 @@ msgstr "" "є 30. Кінцевий результат є кількістю секунд до наступної повторної спроби." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:853 +#: sssd.conf.5.xml:854 msgid "" "Note that the maximum length of each interval is defined by " "offline_timeout_max (apart of random part)." @@ -1366,18 +1366,18 @@ msgstr "" "offline_timeout_max (окрім випадкової частини)." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:857 sssd.conf.5.xml:1200 sssd.conf.5.xml:1583 -#: sssd.conf.5.xml:1879 sssd-ldap.5.xml:494 +#: sssd.conf.5.xml:858 sssd.conf.5.xml:1201 sssd.conf.5.xml:1584 +#: sssd.conf.5.xml:1880 sssd-ldap.5.xml:494 msgid "Default: 60" msgstr "Типове значення: 60" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:862 +#: sssd.conf.5.xml:863 msgid "offline_timeout_max (integer)" msgstr "offline_timeout_max (ціле число)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:865 +#: sssd.conf.5.xml:866 msgid "" "Controls by how much the time between attempts to go online can be " "incremented following unsuccessful attempts to go online." @@ -1386,12 +1386,12 @@ msgstr "" "з'єднання із мережею після неуспішних спроби відновити з'єднання." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:870 +#: sssd.conf.5.xml:871 msgid "A value of 0 disables the incrementing behaviour." msgstr "Значення 0 вимикає збільшення проміжку часу." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:873 +#: sssd.conf.5.xml:874 msgid "" "The value of this parameter should be set in correlation to offline_timeout " "parameter value." @@ -1400,7 +1400,7 @@ msgstr "" "параметра offline_timeout." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:877 +#: sssd.conf.5.xml:878 msgid "" "With offline_timeout set to 60 (default value) there is no point in setting " "offlinet_timeout_max to less than 120 as it will saturate instantly. General " @@ -1414,7 +1414,7 @@ msgstr "" "offline_timeout_max, яке є принаймні учетверо більшим за offline_timeout." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:883 +#: sssd.conf.5.xml:884 msgid "" "Although a value between 0 and offline_timeout may be specified, it has the " "effect of overriding the offline_timeout value so is of little use." @@ -1423,17 +1423,17 @@ msgstr "" "стане перевизначення значення offline_timeout, тому не варто цього робити." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:888 +#: sssd.conf.5.xml:889 msgid "Default: 3600" msgstr "Типове значення: 3600" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:893 +#: sssd.conf.5.xml:894 msgid "offline_timeout_random_offset (integer)" msgstr "offline_timeout_random_offset (ціле число)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:896 +#: sssd.conf.5.xml:897 msgid "" "When SSSD is in offline mode it keeps probing backend servers in specified " "time intervals:" @@ -1442,7 +1442,7 @@ msgstr "" "обробників із вказаними інтервалами часу:" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:903 +#: sssd.conf.5.xml:904 msgid "" "This parameter controls the value of the random offset used for the above " "equation. Final random_offset value will be random number in range:" @@ -1452,27 +1452,27 @@ msgstr "" "числом у такому діапазоні:" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:908 +#: sssd.conf.5.xml:909 msgid "[0 - offline_timeout_random_offset]" msgstr "[0 - offline_timeout_random_offset]" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:911 +#: sssd.conf.5.xml:912 msgid "A value of 0 disables the random offset addition." msgstr "Значення 0 призводить до вимикання додавання випадкового зсуву." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:914 +#: sssd.conf.5.xml:915 msgid "Default: 30" msgstr "Типове значення: 30" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:919 +#: sssd.conf.5.xml:920 msgid "responder_idle_timeout" msgstr "responder_idle_timeout" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:922 +#: sssd.conf.5.xml:923 msgid "" "This option specifies the number of seconds that an SSSD responder process " "can be up without being used. This value is limited in order to avoid " @@ -1491,18 +1491,18 @@ msgstr "" "і якщо служби активуються за допомогою або сокетів або D-Bus." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:936 sssd.conf.5.xml:1213 sssd.conf.5.xml:2321 +#: sssd.conf.5.xml:937 sssd.conf.5.xml:1214 sssd.conf.5.xml:2322 #: sssd-ldap.5.xml:331 msgid "Default: 300" msgstr "Типове значення: 300" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:941 +#: sssd.conf.5.xml:942 msgid "cache_first" msgstr "cache_first" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:944 +#: sssd.conf.5.xml:945 msgid "" "This option specifies whether the responder should query all caches before " "querying the Data Providers." @@ -1511,12 +1511,12 @@ msgstr "" "запису до модулів засобів надання даних." #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:959 +#: sssd.conf.5.xml:960 msgid "NSS configuration options" msgstr "Параметри налаштування NSS" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:961 +#: sssd.conf.5.xml:962 msgid "" "These options can be used to configure the Name Service Switch (NSS) service." msgstr "" @@ -1524,12 +1524,12 @@ msgstr "" "Switch (NSS або перемикання служби визначення назв)." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:966 +#: sssd.conf.5.xml:967 msgid "enum_cache_timeout (integer)" msgstr "enum_cache_timeout (ціле число)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:969 +#: sssd.conf.5.xml:970 msgid "" "How many seconds should nss_sss cache enumerations (requests for info about " "all users)" @@ -1538,17 +1538,17 @@ msgstr "" "кеші nss_sss у секундах" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:973 +#: sssd.conf.5.xml:974 msgid "Default: 120" msgstr "Типове значення: 120" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:978 +#: sssd.conf.5.xml:979 msgid "entry_cache_nowait_percentage (integer)" msgstr "entry_cache_nowait_percentage (ціле число)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:981 +#: sssd.conf.5.xml:982 msgid "" "The entry cache can be set to automatically update entries in the background " "if they are requested beyond a percentage of the entry_cache_timeout value " @@ -1559,7 +1559,7 @@ msgstr "" "entry_cache_timeout для домену період часу." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:987 +#: sssd.conf.5.xml:988 msgid "" "For example, if the domain's entry_cache_timeout is set to 30s and " "entry_cache_nowait_percentage is set to 50 (percent), entries that come in " @@ -1574,7 +1574,7 @@ msgstr "" "розблокування після оновлення кешу." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:997 +#: sssd.conf.5.xml:998 msgid "" "Valid values for this option are 0-99 and represent a percentage of the " "entry_cache_timeout for each domain. For performance reasons, this " @@ -1588,17 +1588,17 @@ msgstr "" "можливість." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1005 sssd.conf.5.xml:2121 +#: sssd.conf.5.xml:1006 sssd.conf.5.xml:2122 msgid "Default: 50" msgstr "Типове значення: 50" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1010 +#: sssd.conf.5.xml:1011 msgid "entry_negative_timeout (integer)" msgstr "entry_negative_timeout (ціле число)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1013 +#: sssd.conf.5.xml:1014 msgid "" "Specifies for how many seconds nss_sss should cache negative cache hits " "(that is, queries for invalid database entries, like nonexistent ones) " @@ -1609,17 +1609,17 @@ msgstr "" "даних, зокрема неіснуючих) перед повторним запитом до сервера обробки." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1019 sssd.conf.5.xml:1778 sssd.conf.5.xml:2145 +#: sssd.conf.5.xml:1020 sssd.conf.5.xml:1779 sssd.conf.5.xml:2146 msgid "Default: 15" msgstr "Типове значення: 15" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1024 +#: sssd.conf.5.xml:1025 msgid "local_negative_timeout (integer)" msgstr "local_negative_timeout (ціле число)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1027 +#: sssd.conf.5.xml:1028 msgid "" "Specifies for how many seconds nss_sss should keep local users and groups in " "negative cache before trying to look it up in the back end again. Setting " @@ -1631,17 +1631,17 @@ msgstr "" "цю можливість." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1033 +#: sssd.conf.5.xml:1034 msgid "Default: 14400 (4 hours)" msgstr "Типове значення: 14400 (4 години)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1038 +#: sssd.conf.5.xml:1039 msgid "filter_users, filter_groups (string)" msgstr "filter_users, filter_groups (рядок)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1041 +#: sssd.conf.5.xml:1042 msgid "" "Exclude certain users or groups from being fetched from the sss NSS " "database. This is particularly useful for system accounts. This option can " @@ -1656,7 +1656,7 @@ msgstr "" "реєстраційного запису користувача (UPN)." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1049 +#: sssd.conf.5.xml:1050 msgid "" "NOTE: The filter_groups option doesn't affect inheritance of nested group " "members, since filtering happens after they are propagated for returning via " @@ -1670,17 +1670,17 @@ msgstr "" "відфільтрованої групи." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1057 +#: sssd.conf.5.xml:1058 msgid "Default: root" msgstr "Типове значення: root" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1062 +#: sssd.conf.5.xml:1063 msgid "filter_users_in_groups (bool)" msgstr "filter_users_in_groups (булеве значення)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1065 +#: sssd.conf.5.xml:1066 msgid "" "If you want filtered user still be group members set this option to false." msgstr "" @@ -1688,12 +1688,12 @@ msgstr "" "встановіть для цього параметра значення «false»." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1076 +#: sssd.conf.5.xml:1077 msgid "fallback_homedir (string)" msgstr "fallback_homedir (рядок)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1079 +#: sssd.conf.5.xml:1080 msgid "" "Set a default template for a user's home directory if one is not specified " "explicitly by the domain's data provider." @@ -1702,7 +1702,7 @@ msgstr "" "каталог не вказано явним чином засобом надання даних домену." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1084 +#: sssd.conf.5.xml:1085 msgid "" "The available values for this option are the same as for override_homedir." msgstr "" @@ -1710,7 +1710,7 @@ msgstr "" "для параметра override_homedir." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1090 +#: sssd.conf.5.xml:1091 #, no-wrap msgid "" "fallback_homedir = /home/%u\n" @@ -1720,25 +1720,25 @@ msgstr "" " " #. type: Content of: <varlistentry><listitem><para> -#: sssd.conf.5.xml:1088 sssd.conf.5.xml:1650 sssd.conf.5.xml:1669 -#: sssd.conf.5.xml:1746 sssd-krb5.5.xml:451 include/override_homedir.xml:66 +#: sssd.conf.5.xml:1089 sssd.conf.5.xml:1651 sssd.conf.5.xml:1670 +#: sssd.conf.5.xml:1747 sssd-krb5.5.xml:451 include/override_homedir.xml:66 msgid "example: <placeholder type=\"programlisting\" id=\"0\"/>" msgstr "приклад: <placeholder type=\"programlisting\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1094 +#: sssd.conf.5.xml:1095 msgid "Default: not set (no substitution for unset home directories)" msgstr "" "Типове значення: не встановлено (без замін для невстановлених домашніх " "каталогів)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1100 +#: sssd.conf.5.xml:1101 msgid "override_shell (string)" msgstr "override_shell (рядок)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1103 +#: sssd.conf.5.xml:1104 msgid "" "Override the login shell for all users. This option supersedes any other " "shell options if it takes effect and can be set either in the [nss] section " @@ -1750,19 +1750,19 @@ msgstr "" "або для кожного з доменів окремо." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1109 +#: sssd.conf.5.xml:1110 msgid "Default: not set (SSSD will use the value retrieved from LDAP)" msgstr "" "Типове значення: не встановлено (SSSD використовуватиме значення, отримане " "від LDAP)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1115 +#: sssd.conf.5.xml:1116 msgid "allowed_shells (string)" msgstr "allowed_shells (рядок)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1118 +#: sssd.conf.5.xml:1119 msgid "" "Restrict user shell to one of the listed values. The order of evaluation is:" msgstr "" @@ -1770,13 +1770,13 @@ msgstr "" "визначення оболонки є таким:" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1121 +#: sssd.conf.5.xml:1122 msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used." msgstr "" "1. Якщо оболонку вказано у <quote>/etc/shells</quote>, її буде використано." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1125 +#: sssd.conf.5.xml:1126 msgid "" "2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</" "quote>, use the value of the shell_fallback parameter." @@ -1786,7 +1786,7 @@ msgstr "" "shell_fallback." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1130 +#: sssd.conf.5.xml:1131 msgid "" "3. If the shell is not in the allowed_shells list and not in <quote>/etc/" "shells</quote>, a nologin shell is used." @@ -1795,14 +1795,14 @@ msgstr "" "<quote>/etc/shells</quote>, буде використано оболонку nologin." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1135 +#: sssd.conf.5.xml:1136 msgid "The wildcard (*) can be used to allow any shell." msgstr "" "Для визначення будь-якої командної оболонки можна скористатися шаблоном " "заміни (*)." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1138 +#: sssd.conf.5.xml:1139 msgid "" "The (*) is useful if you want to use shell_fallback in case that user's " "shell is not in <quote>/etc/shells</quote> and maintaining list of all " @@ -1814,12 +1814,12 @@ msgstr "" "справою." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1145 +#: sssd.conf.5.xml:1146 msgid "An empty string for shell is passed as-is to libc." msgstr "Порожній рядок оболонки буде передано без обробки до libc." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1148 +#: sssd.conf.5.xml:1149 msgid "" "The <quote>/etc/shells</quote> is only read on SSSD start up, which means " "that a restart of the SSSD is required in case a new shell is installed." @@ -1828,29 +1828,29 @@ msgstr "" "тобто у разі встановлення нової оболонки слід перезапустити SSSD." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1152 +#: sssd.conf.5.xml:1153 msgid "Default: Not set. The user shell is automatically used." msgstr "" "Типове значення: не встановлено. Автоматично використовується оболонка " "користувача." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1157 +#: sssd.conf.5.xml:1158 msgid "vetoed_shells (string)" msgstr "vetoed_shells (рядок)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1160 +#: sssd.conf.5.xml:1161 msgid "Replace any instance of these shells with the shell_fallback" msgstr "Замінити всі записи цих оболонок на shell_fallback" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1165 +#: sssd.conf.5.xml:1166 msgid "shell_fallback (string)" msgstr "shell_fallback (рядок)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1168 +#: sssd.conf.5.xml:1169 msgid "" "The default shell to use if an allowed shell is not installed on the machine." msgstr "" @@ -1858,17 +1858,17 @@ msgstr "" "системі не встановлено." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1172 +#: sssd.conf.5.xml:1173 msgid "Default: /bin/sh" msgstr "Типове значення: /bin/sh" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1177 +#: sssd.conf.5.xml:1178 msgid "default_shell" msgstr "default_shell" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1180 +#: sssd.conf.5.xml:1181 msgid "" "The default shell to use if the provider does not return one during lookup. " "This option can be specified globally in the [nss] section or per-domain." @@ -1878,7 +1878,7 @@ msgstr "" "або на загальному рівні у розділі [nss], або окремо для кожного з доменів." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1186 +#: sssd.conf.5.xml:1187 msgid "" "Default: not set (Return NULL if no shell is specified and rely on libc to " "substitute something sensible when necessary, usually /bin/sh)" @@ -1888,12 +1888,12 @@ msgstr "" "зазвичай /bin/sh)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1193 sssd.conf.5.xml:1576 +#: sssd.conf.5.xml:1194 sssd.conf.5.xml:1577 msgid "get_domains_timeout (int)" msgstr "get_domains_timeout (ціле число)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1196 sssd.conf.5.xml:1579 +#: sssd.conf.5.xml:1197 sssd.conf.5.xml:1580 msgid "" "Specifies time in seconds for which the list of subdomains will be " "considered valid." @@ -1902,12 +1902,12 @@ msgstr "" "чинним." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1205 +#: sssd.conf.5.xml:1206 msgid "memcache_timeout (integer)" msgstr "memcache_timeout (ціле число)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1208 +#: sssd.conf.5.xml:1209 msgid "" "Specifies time in seconds for which records in the in-memory cache will be " "valid. Setting this option to zero will disable the in-memory cache." @@ -1917,7 +1917,7 @@ msgstr "" "пам'яті." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1216 +#: sssd.conf.5.xml:1217 msgid "" "WARNING: Disabling the in-memory cache will have significant negative impact " "on SSSD's performance and should only be used for testing." @@ -1926,8 +1926,8 @@ msgstr "" "варто користуватися лише для тестування." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1222 sssd.conf.5.xml:1247 sssd.conf.5.xml:1272 -#: sssd.conf.5.xml:1297 sssd.conf.5.xml:1324 +#: sssd.conf.5.xml:1223 sssd.conf.5.xml:1248 sssd.conf.5.xml:1273 +#: sssd.conf.5.xml:1298 sssd.conf.5.xml:1325 msgid "" "NOTE: If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", " "client applications will not use the fast in-memory cache." @@ -1937,12 +1937,12 @@ msgstr "" "пам’яті." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1230 +#: sssd.conf.5.xml:1231 msgid "memcache_size_passwd (integer)" msgstr "memcache_size_passwd (ціле число)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1233 +#: sssd.conf.5.xml:1234 msgid "" "Size (in megabytes) of the data table allocated inside fast in-memory cache " "for passwd requests. Setting the size to 0 will disable the passwd in-" @@ -1952,13 +1952,13 @@ msgstr "" "для запитів passwd. Встановлення розміру 0 вимкне кеш у пам'яті для passwd." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1239 sssd.conf.5.xml:2963 sssd-ldap.5.xml:548 +#: sssd.conf.5.xml:1240 sssd.conf.5.xml:2964 sssd-ldap.5.xml:548 msgid "Default: 8" msgstr "Типове значення: 8" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1242 sssd.conf.5.xml:1267 sssd.conf.5.xml:1292 -#: sssd.conf.5.xml:1319 +#: sssd.conf.5.xml:1243 sssd.conf.5.xml:1268 sssd.conf.5.xml:1293 +#: sssd.conf.5.xml:1320 msgid "" "WARNING: Disabled or too small in-memory cache can have significant negative " "impact on SSSD's performance." @@ -1967,12 +1967,12 @@ msgstr "" "значно погіршити швидкодію SSSD." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1255 +#: sssd.conf.5.xml:1256 msgid "memcache_size_group (integer)" msgstr "memcache_size_group (ціле число)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1258 +#: sssd.conf.5.xml:1259 msgid "" "Size (in megabytes) of the data table allocated inside fast in-memory cache " "for group requests. Setting the size to 0 will disable the group in-memory " @@ -1982,19 +1982,19 @@ msgstr "" "для запитів group. Встановлення розміру 0 вимкне кеш у пам'яті для group." #. type: Content of: <variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1264 sssd.conf.5.xml:1316 sssd.conf.5.xml:3729 +#: sssd.conf.5.xml:1265 sssd.conf.5.xml:1317 sssd.conf.5.xml:3730 #: sssd-ldap.5.xml:473 sssd-ldap.5.xml:525 include/failover.xml:116 #: include/krb5_options.xml:11 msgid "Default: 6" msgstr "Типове значення: 6" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1280 +#: sssd.conf.5.xml:1281 msgid "memcache_size_initgroups (integer)" msgstr "memcache_size_initgroups (ціле число)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1283 +#: sssd.conf.5.xml:1284 msgid "" "Size (in megabytes) of the data table allocated inside fast in-memory cache " "for initgroups requests. Setting the size to 0 will disable the initgroups " @@ -2005,12 +2005,12 @@ msgstr "" "initgroups." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1305 +#: sssd.conf.5.xml:1306 msgid "memcache_size_sid (integer)" msgstr "memcache_size_sid (ціле число)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1308 +#: sssd.conf.5.xml:1309 msgid "" "Size (in megabytes) of the data table allocated inside fast in-memory cache " "for SID related requests. Only SID-by-ID and ID-by-SID requests are " @@ -2023,12 +2023,12 @@ msgstr "" "0 вимкне кеш у пам'яті для SID." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1332 sssd-ifp.5.xml:90 +#: sssd.conf.5.xml:1333 sssd-ifp.5.xml:90 msgid "user_attributes (string)" msgstr "user_attributes (рядок)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1335 +#: sssd.conf.5.xml:1336 msgid "" "Some of the additional NSS responder requests can return more attributes " "than just the POSIX ones defined by the NSS interface. The list of " @@ -2045,7 +2045,7 @@ msgstr "" "manvolnum> </citerefentry>, щоб дізнатися більше), але без типових значень." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1348 +#: sssd.conf.5.xml:1349 msgid "" "To make configuration more easy the NSS responder will check the InfoPipe " "option if it is not set for the NSS responder." @@ -2054,19 +2054,19 @@ msgstr "" "на те, чи не встановлено його для відповідача NSS." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1353 +#: sssd.conf.5.xml:1354 msgid "Default: not set, fallback to InfoPipe option" msgstr "" "Типове значення: не встановлено, резервне значення визначається за " "параметром InfoPipe" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1358 +#: sssd.conf.5.xml:1359 msgid "pwfield (string)" msgstr "pwfield (рядок)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1361 +#: sssd.conf.5.xml:1362 msgid "" "The value that NSS operations that return users or groups will return for " "the <quote>password</quote> field." @@ -2075,12 +2075,12 @@ msgstr "" "груп, для поля <quote>password</quote>." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1366 +#: sssd.conf.5.xml:1367 msgid "Default: <quote>*</quote>" msgstr "Типове значення: <quote>*</quote>" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1369 +#: sssd.conf.5.xml:1370 msgid "" "Note: This option can also be set per-domain which overwrites the value in " "[nss] section." @@ -2090,7 +2090,7 @@ msgstr "" "розділі [nss]." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1373 +#: sssd.conf.5.xml:1374 #, fuzzy #| msgid "" #| "Default: <quote>not set</quote> (remote domains), <quote>x</quote> (the " @@ -2107,12 +2107,12 @@ msgstr "" "nss_files і sssd-shadowutils)" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:1385 +#: sssd.conf.5.xml:1386 msgid "PAM configuration options" msgstr "Параметри налаштування PAM" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:1387 +#: sssd.conf.5.xml:1388 msgid "" "These options can be used to configure the Pluggable Authentication Module " "(PAM) service." @@ -2121,12 +2121,12 @@ msgstr "" "Authentication Module (PAM або блокового модуля розпізнавання)." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1392 +#: sssd.conf.5.xml:1393 msgid "offline_credentials_expiration (integer)" msgstr "offline_credentials_expiration (ціле число)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1395 +#: sssd.conf.5.xml:1396 msgid "" "If the authentication provider is offline, how long should we allow cached " "logins (in days since the last successful online login)." @@ -2136,17 +2136,17 @@ msgstr "" "входу до системи)." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1400 sssd.conf.5.xml:1413 +#: sssd.conf.5.xml:1401 sssd.conf.5.xml:1414 msgid "Default: 0 (No limit)" msgstr "Типове значення: 0 (без обмежень)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1406 +#: sssd.conf.5.xml:1407 msgid "offline_failed_login_attempts (integer)" msgstr "offline_failed_login_attempts (ціле число)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1409 +#: sssd.conf.5.xml:1410 msgid "" "If the authentication provider is offline, how many failed login attempts " "are allowed." @@ -2155,12 +2155,12 @@ msgstr "" "дозволену кількість спроб входу з визначенням помилкового пароля." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1419 +#: sssd.conf.5.xml:1420 msgid "offline_failed_login_delay (integer)" msgstr "offline_failed_login_delay (ціле число)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1422 +#: sssd.conf.5.xml:1423 msgid "" "The time in minutes which has to pass after offline_failed_login_attempts " "has been reached before a new login attempt is possible." @@ -2170,7 +2170,7 @@ msgstr "" "системи." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1427 +#: sssd.conf.5.xml:1428 msgid "" "If set to 0 the user cannot authenticate offline if " "offline_failed_login_attempts has been reached. Only a successful online " @@ -2182,17 +2182,17 @@ msgstr "" "увімкнути можливість автономного розпізнавання." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1433 sssd.conf.5.xml:1543 +#: sssd.conf.5.xml:1434 sssd.conf.5.xml:1544 msgid "Default: 5" msgstr "Типове значення: 5" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1439 +#: sssd.conf.5.xml:1440 msgid "pam_verbosity (integer)" msgstr "pam_verbosity (ціле число)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1442 +#: sssd.conf.5.xml:1443 msgid "" "Controls what kind of messages are shown to the user during authentication. " "The higher the number to more messages are displayed." @@ -2201,43 +2201,43 @@ msgstr "" "розпізнавання. Чим більшим є значення, тим більше повідомлень буде показано." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1447 +#: sssd.conf.5.xml:1448 msgid "Currently sssd supports the following values:" msgstr "У поточній версії sssd передбачено підтримку таких значень:" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1450 +#: sssd.conf.5.xml:1451 msgid "<emphasis>0</emphasis>: do not show any message" msgstr "<emphasis>0</emphasis>: не показувати жодних повідомлень" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1453 +#: sssd.conf.5.xml:1454 msgid "<emphasis>1</emphasis>: show only important messages" msgstr "<emphasis>1</emphasis>: показувати лише важливі повідомлення" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1457 +#: sssd.conf.5.xml:1458 msgid "<emphasis>2</emphasis>: show informational messages" msgstr "<emphasis>2</emphasis>: показувати всі інформаційні повідомлення" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1460 +#: sssd.conf.5.xml:1461 msgid "<emphasis>3</emphasis>: show all messages and debug information" msgstr "" "<emphasis>3</emphasis>: показувати всі повідомлення та діагностичні дані" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1464 sssd.8.xml:63 +#: sssd.conf.5.xml:1465 sssd.8.xml:63 msgid "Default: 1" msgstr "Типове значення: 1" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1470 +#: sssd.conf.5.xml:1471 msgid "pam_response_filter (string)" msgstr "pam_response_filter (рядок)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1473 +#: sssd.conf.5.xml:1474 msgid "" "A comma separated list of strings which allows to remove (filter) data sent " "by the PAM responder to pam_sss PAM module. There are different kind of " @@ -2251,7 +2251,7 @@ msgstr "" "встановлювати за допомогою pam_sss." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1481 +#: sssd.conf.5.xml:1482 msgid "" "While messages already can be controlled with the help of the pam_verbosity " "option this option allows to filter out other kind of responses as well." @@ -2261,37 +2261,37 @@ msgstr "" "повідомлень." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1488 +#: sssd.conf.5.xml:1489 msgid "ENV" msgstr "ENV" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1489 +#: sssd.conf.5.xml:1490 msgid "Do not send any environment variables to any service." msgstr "Не надсилати жодних змінних середовища до жодної служби." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1492 +#: sssd.conf.5.xml:1493 msgid "ENV:var_name" msgstr "ENV:назва_змінної" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1493 +#: sssd.conf.5.xml:1494 msgid "Do not send environment variable var_name to any service." msgstr "Не надсилати змінної середовища назва_змінної до жодної служби." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1497 +#: sssd.conf.5.xml:1498 msgid "ENV:var_name:service" msgstr "ENV:назва_змінної:служба" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1498 +#: sssd.conf.5.xml:1499 msgid "Do not send environment variable var_name to service." msgstr "Не надсилати змінної середовища назва_змінної до вказаної служби." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1486 +#: sssd.conf.5.xml:1487 msgid "" "Currently the following filters are supported: <placeholder " "type=\"variablelist\" id=\"0\"/>" @@ -2300,7 +2300,7 @@ msgstr "" "type=\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1505 +#: sssd.conf.5.xml:1506 msgid "" "The list of strings can either be the list of filters which would set this " "list of filters and overwrite the defaults. Or each element of the list can " @@ -2318,23 +2318,23 @@ msgstr "" "Змішування стилів вважається помилкою." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1516 +#: sssd.conf.5.xml:1517 msgid "Default: ENV:KRB5CCNAME:sudo, ENV:KRB5CCNAME:sudo-i" msgstr "Типове значення: ENV:KRB5CCNAME:sudo, ENV:KRB5CCNAME:sudo-i" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1519 +#: sssd.conf.5.xml:1520 msgid "" "Example: -ENV:KRB5CCNAME:sudo-i will remove the filter from the default list" msgstr "Приклад: -ENV:KRB5CCNAME:sudo-i вилучає фільтр зі списку типових" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1526 +#: sssd.conf.5.xml:1527 msgid "pam_id_timeout (integer)" msgstr "pam_id_timeout (ціле число)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1529 +#: sssd.conf.5.xml:1530 msgid "" "For any PAM request while SSSD is online, the SSSD will attempt to " "immediately update the cached identity information for the user in order to " @@ -2345,7 +2345,7 @@ msgstr "" "що розпізнавання виконується на основі найсвіжіших даних." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1535 +#: sssd.conf.5.xml:1536 msgid "" "A complete PAM conversation may perform multiple PAM requests, such as " "account management and session opening. This option controls (on a per-" @@ -2359,18 +2359,18 @@ msgstr "" "надання даних профілів." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1549 +#: sssd.conf.5.xml:1550 msgid "pam_pwd_expiration_warning (integer)" msgstr "pam_pwd_expiration_warning (ціле число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1552 sssd.conf.5.xml:2987 +#: sssd.conf.5.xml:1553 sssd.conf.5.xml:2988 msgid "Display a warning N days before the password expires." msgstr "" "Показати попередження за вказану кількість днів перед завершенням дії пароля." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1555 +#: sssd.conf.5.xml:1556 msgid "" "Please note that the backend server has to provide information about the " "expiration time of the password. If this information is missing, sssd " @@ -2381,7 +2381,7 @@ msgstr "" "попередження." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1561 sssd.conf.5.xml:2990 +#: sssd.conf.5.xml:1562 sssd.conf.5.xml:2991 msgid "" "If zero is set, then this filter is not applied, i.e. if the expiration " "warning was received from backend server, it will automatically be displayed." @@ -2391,7 +2391,7 @@ msgstr "" "буде автоматично показано." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1566 +#: sssd.conf.5.xml:1567 msgid "" "This setting can be overridden by setting <emphasis>pwd_expiration_warning</" "emphasis> for a particular domain." @@ -2400,17 +2400,17 @@ msgstr "" "<emphasis>pwd_expiration_warning</emphasis> для окремого домену." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1571 sssd.conf.5.xml:3976 sssd-ldap.5.xml:606 sssd.8.xml:79 +#: sssd.conf.5.xml:1572 sssd.conf.5.xml:3977 sssd-ldap.5.xml:606 sssd.8.xml:79 msgid "Default: 0" msgstr "Типове значення: 0" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1588 +#: sssd.conf.5.xml:1589 msgid "pam_trusted_users (string)" msgstr "pam_trusted_users (рядок)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1591 +#: sssd.conf.5.xml:1592 msgid "" "Specifies the comma-separated list of UID values or user names that are " "allowed to run PAM conversations against trusted domains. Users not " @@ -2426,13 +2426,13 @@ msgstr "" "під час запуску системи." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1601 +#: sssd.conf.5.xml:1602 msgid "Default: All users are considered trusted by default" msgstr "" "Типове значення: типово усі користувачі вважаються надійними (довіреними)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1605 +#: sssd.conf.5.xml:1606 msgid "" "Please note that UID 0 is always allowed to access the PAM responder even in " "case it is not in the pam_trusted_users list." @@ -2441,12 +2441,12 @@ msgstr "" "відповідача PAM, навіть якщо користувача немає у списку pam_trusted_users." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1612 +#: sssd.conf.5.xml:1613 msgid "pam_public_domains (string)" msgstr "pam_public_domains (рядок)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1615 +#: sssd.conf.5.xml:1616 msgid "" "Specifies the comma-separated list of domain names that are accessible even " "to untrusted users." @@ -2455,12 +2455,12 @@ msgstr "" "отримувати навіть ненадійні користувачі." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1619 +#: sssd.conf.5.xml:1620 msgid "Two special values for pam_public_domains option are defined:" msgstr "Визначено два спеціальних значення параметра pam_public_domains:" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1623 +#: sssd.conf.5.xml:1624 msgid "" "all (Untrusted users are allowed to access all domains in PAM responder.)" msgstr "" @@ -2468,7 +2468,7 @@ msgstr "" "PAM.)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1627 +#: sssd.conf.5.xml:1628 msgid "" "none (Untrusted users are not allowed to access any domains PAM in " "responder.)" @@ -2477,19 +2477,19 @@ msgstr "" "відповідачі.)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1631 sssd.conf.5.xml:1656 sssd.conf.5.xml:1675 -#: sssd.conf.5.xml:1912 sssd.conf.5.xml:2732 sssd.conf.5.xml:3905 +#: sssd.conf.5.xml:1632 sssd.conf.5.xml:1657 sssd.conf.5.xml:1676 +#: sssd.conf.5.xml:1913 sssd.conf.5.xml:2733 sssd.conf.5.xml:3906 #: sssd-ldap.5.xml:1207 msgid "Default: none" msgstr "Типове значення: none" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1636 +#: sssd.conf.5.xml:1637 msgid "pam_account_expired_message (string)" msgstr "pam_account_expired_message (рядок)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1639 +#: sssd.conf.5.xml:1640 msgid "" "Allows a custom expiration message to be set, replacing the default " "'Permission denied' message." @@ -2498,7 +2498,7 @@ msgstr "" "замінити типове повідомлення «Доступ заборонено» («Permission denied»)." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1644 +#: sssd.conf.5.xml:1645 msgid "" "Note: Please be aware that message is only printed for the SSH service " "unless pam_verbosity is set to 3 (show all messages and debug information)." @@ -2508,7 +2508,7 @@ msgstr "" "(показувати усі повідомлення і діагностичні дані)." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1652 +#: sssd.conf.5.xml:1653 #, no-wrap msgid "" "pam_account_expired_message = Account expired, please contact help desk.\n" @@ -2518,12 +2518,12 @@ msgstr "" " " #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1661 +#: sssd.conf.5.xml:1662 msgid "pam_account_locked_message (string)" msgstr "pam_account_locked_message (рядок)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1664 +#: sssd.conf.5.xml:1665 msgid "" "Allows a custom lockout message to be set, replacing the default 'Permission " "denied' message." @@ -2532,7 +2532,7 @@ msgstr "" "типове повідомлення «Доступ заборонено» («Permission denied»)." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1671 +#: sssd.conf.5.xml:1672 #, no-wrap msgid "" "pam_account_locked_message = Account locked, please contact help desk.\n" @@ -2542,19 +2542,19 @@ msgstr "" " " #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1680 +#: sssd.conf.5.xml:1681 #, fuzzy #| msgid "pam_cert_auth (bool)" msgid "pam_passkey_auth (bool)" msgstr "pam_cert_auth (булеве значення)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1683 +#: sssd.conf.5.xml:1684 msgid "Enable passkey device based authentication." msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1686 sssd.conf.5.xml:1697 sssd.conf.5.xml:1711 +#: sssd.conf.5.xml:1687 sssd.conf.5.xml:1698 sssd.conf.5.xml:1712 #: sssd-ldap.5.xml:671 sssd-ldap.5.xml:692 sssd-ldap.5.xml:788 #: sssd-ldap.5.xml:1293 sssd-ad.5.xml:505 sssd-ad.5.xml:581 sssd-ad.5.xml:1126 #: sssd-ad.5.xml:1175 include/ldap_id_mapping.xml:250 @@ -2562,22 +2562,22 @@ msgid "Default: False" msgstr "Типове значення: False" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1691 +#: sssd.conf.5.xml:1692 msgid "passkey_debug_libfido2 (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1694 +#: sssd.conf.5.xml:1695 msgid "Enable libfido2 library debug messages." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1702 +#: sssd.conf.5.xml:1703 msgid "pam_cert_auth (bool)" msgstr "pam_cert_auth (булеве значення)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1705 +#: sssd.conf.5.xml:1706 msgid "" "Enable certificate based Smartcard authentication. Since this requires " "additional communication with the Smartcard which will delay the " @@ -2588,22 +2588,22 @@ msgstr "" "розпізнавання, типово таку сертифікацію вимкнено." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1716 +#: sssd.conf.5.xml:1717 msgid "pam_cert_db_path (string)" msgstr "pam_cert_db_path (рядок)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1719 +#: sssd.conf.5.xml:1720 msgid "The path to the certificate database." msgstr "Шлях до бази даних сертифікатів." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1722 sssd.conf.5.xml:2247 sssd.conf.5.xml:4308 +#: sssd.conf.5.xml:1723 sssd.conf.5.xml:2248 sssd.conf.5.xml:4354 msgid "Default:" msgstr "Типове значення:" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1724 sssd.conf.5.xml:2249 +#: sssd.conf.5.xml:1725 sssd.conf.5.xml:2250 msgid "" "/etc/sssd/pki/sssd_auth_ca_db.pem (path to a file with trusted CA " "certificates in PEM format)" @@ -2612,12 +2612,12 @@ msgstr "" "служб сертифікації у форматі PEM)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1734 +#: sssd.conf.5.xml:1735 msgid "pam_cert_verification (string)" msgstr "pam_cert_verification (рядок)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1737 +#: sssd.conf.5.xml:1738 msgid "" "With this parameter the PAM certificate verification can be tuned with a " "comma separated list of options that override the " @@ -2632,7 +2632,7 @@ msgstr "" "<quote>certificate_verification</quote>." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1748 +#: sssd.conf.5.xml:1749 #, no-wrap msgid "" "pam_cert_verification = partial_chain\n" @@ -2642,7 +2642,7 @@ msgstr "" " " #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1752 +#: sssd.conf.5.xml:1753 msgid "" "Default: not set, i.e. use default <quote>certificate_verification</quote> " "option defined in <quote>[sssd]</quote> section." @@ -2652,26 +2652,26 @@ msgstr "" "<quote>[sssd]</quote>." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1759 +#: sssd.conf.5.xml:1760 msgid "p11_child_timeout (integer)" msgstr "p11_child_timeout (ціле число)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1762 +#: sssd.conf.5.xml:1763 msgid "How many seconds will pam_sss wait for p11_child to finish." msgstr "" "Час у секундах, протягом якого pam_sss очікуватиме на завершення роботи " "p11_child." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1771 +#: sssd.conf.5.xml:1772 #, fuzzy #| msgid "p11_child_timeout (integer)" msgid "passkey_child_timeout (integer)" msgstr "p11_child_timeout (ціле число)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1774 +#: sssd.conf.5.xml:1775 #, fuzzy #| msgid "How many seconds will pam_sss wait for p11_child to finish." msgid "" @@ -2681,12 +2681,12 @@ msgstr "" "p11_child." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1783 +#: sssd.conf.5.xml:1784 msgid "pam_app_services (string)" msgstr "pam_app_services (рядок)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1786 +#: sssd.conf.5.xml:1787 msgid "" "Which PAM services are permitted to contact domains of type " "<quote>application</quote>" @@ -2695,12 +2695,12 @@ msgstr "" "типу <quote>application</quote>" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1795 +#: sssd.conf.5.xml:1796 msgid "pam_p11_allowed_services (integer)" msgstr "pam_p11_allowed_services (ціле число)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1798 +#: sssd.conf.5.xml:1799 msgid "" "A comma-separated list of PAM service names for which it will be allowed to " "use Smartcards." @@ -2709,7 +2709,7 @@ msgstr "" "використання смарткарток." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1813 +#: sssd.conf.5.xml:1814 #, no-wrap msgid "" "pam_p11_allowed_services = +my_pam_service, -login\n" @@ -2719,7 +2719,7 @@ msgstr "" " " #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1802 +#: sssd.conf.5.xml:1803 msgid "" "It is possible to add another PAM service name to the default set by using " "<quote>+service_name</quote> or to explicitly remove a PAM service name from " @@ -2738,64 +2738,64 @@ msgstr "" "type=\"programlisting\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1817 sssd-ad.5.xml:644 sssd-ad.5.xml:753 sssd-ad.5.xml:811 +#: sssd.conf.5.xml:1818 sssd-ad.5.xml:644 sssd-ad.5.xml:753 sssd-ad.5.xml:811 #: sssd-ad.5.xml:869 sssd-ad.5.xml:947 msgid "Default: the default set of PAM service names includes:" msgstr "" "Типове значення: типовий набір назв служб PAM складається з таких значень:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1822 sssd-ad.5.xml:648 +#: sssd.conf.5.xml:1823 sssd-ad.5.xml:648 msgid "login" msgstr "login" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1827 sssd-ad.5.xml:653 +#: sssd.conf.5.xml:1828 sssd-ad.5.xml:653 msgid "su" msgstr "su" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1832 sssd-ad.5.xml:658 +#: sssd.conf.5.xml:1833 sssd-ad.5.xml:658 msgid "su-l" msgstr "su-l" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1837 sssd-ad.5.xml:673 +#: sssd.conf.5.xml:1838 sssd-ad.5.xml:673 msgid "gdm-smartcard" msgstr "gdm-smartcard" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1842 sssd-ad.5.xml:668 +#: sssd.conf.5.xml:1843 sssd-ad.5.xml:668 msgid "gdm-password" msgstr "gdm-password" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1847 sssd-ad.5.xml:678 +#: sssd.conf.5.xml:1848 sssd-ad.5.xml:678 msgid "kdm" msgstr "kdm" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1852 sssd-ad.5.xml:956 +#: sssd.conf.5.xml:1853 sssd-ad.5.xml:956 msgid "sudo" msgstr "sudo" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1857 sssd-ad.5.xml:961 +#: sssd.conf.5.xml:1858 sssd-ad.5.xml:961 msgid "sudo-i" msgstr "sudo-i" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1862 +#: sssd.conf.5.xml:1863 msgid "gnome-screensaver" msgstr "gnome-screensaver" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1870 +#: sssd.conf.5.xml:1871 msgid "p11_wait_for_card_timeout (integer)" msgstr "p11_wait_for_card_timeout (ціле число)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1873 +#: sssd.conf.5.xml:1874 msgid "" "If Smartcard authentication is required how many extra seconds in addition " "to p11_child_timeout should the PAM responder wait until a Smartcard is " @@ -2806,12 +2806,12 @@ msgstr "" "має чекати на вставлення смарткартки." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1884 +#: sssd.conf.5.xml:1885 msgid "p11_uri (string)" msgstr "p11_uri (рядок)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1887 +#: sssd.conf.5.xml:1888 msgid "" "PKCS#11 URI (see RFC-7512 for details) which can be used to restrict the " "selection of devices used for Smartcard authentication. By default SSSD's " @@ -2830,7 +2830,7 @@ msgstr "" "слід використовувати вказаний зчитувач." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1900 +#: sssd.conf.5.xml:1901 #, no-wrap msgid "" "p11_uri = pkcs11:slot-description=My%20Smartcard%20Reader\n" @@ -2840,7 +2840,7 @@ msgstr "" " " #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1904 +#: sssd.conf.5.xml:1905 #, no-wrap msgid "" "p11_uri = pkcs11:library-description=OpenSC%20smartcard%20framework;slot-id=2\n" @@ -2850,7 +2850,7 @@ msgstr "" " " #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1898 +#: sssd.conf.5.xml:1899 msgid "" "Example: <placeholder type=\"programlisting\" id=\"0\"/> or <placeholder " "type=\"programlisting\" id=\"1\"/> To find suitable URI please check the " @@ -2864,17 +2864,17 @@ msgstr "" "який покаже і адреси PKCS#11." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1917 +#: sssd.conf.5.xml:1918 msgid "pam_initgroups_scheme" msgstr "pam_initgroups_scheme" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1925 +#: sssd.conf.5.xml:1926 msgid "always" msgstr "always" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1926 +#: sssd.conf.5.xml:1927 msgid "" "Always do an online lookup, please note that pam_id_timeout still applies" msgstr "" @@ -2882,12 +2882,12 @@ msgstr "" "буде все одно застосовано" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1930 +#: sssd.conf.5.xml:1931 msgid "no_session" msgstr "no_session" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1931 +#: sssd.conf.5.xml:1932 msgid "" "Only do an online lookup if there is no active session of the user, i.e. if " "the user is currently not logged in" @@ -2896,12 +2896,12 @@ msgstr "" "тобто якщо користувач не працює у системі" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1936 +#: sssd.conf.5.xml:1937 msgid "never" msgstr "never" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1937 +#: sssd.conf.5.xml:1938 msgid "" "Never force an online lookup, use the data from the cache as long as they " "are not expired" @@ -2910,7 +2910,7 @@ msgstr "" "аж доки вони не застаріють" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1920 +#: sssd.conf.5.xml:1921 msgid "" "The PAM responder can force an online lookup to get the current group " "memberships of the user trying to log in. This option controls when this " @@ -2923,17 +2923,17 @@ msgstr "" "таких значень: <placeholder type=\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1944 +#: sssd.conf.5.xml:1945 msgid "Default: no_session" msgstr "Типове значення: no_session" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1949 sssd.conf.5.xml:4247 +#: sssd.conf.5.xml:1950 sssd.conf.5.xml:4293 msgid "pam_gssapi_services" msgstr "pam_gssapi_services" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1952 +#: sssd.conf.5.xml:1953 msgid "" "Comma separated list of PAM services that are allowed to try GSSAPI " "authentication using pam_sss_gss.so module." @@ -2942,7 +2942,7 @@ msgstr "" "розпізнавання за GSSAPI за допомогою модуля pam_sss_gss.so." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1957 +#: sssd.conf.5.xml:1958 msgid "" "To disable GSSAPI authentication, set this option to <quote>-</quote> (dash)." msgstr "" @@ -2950,7 +2950,7 @@ msgstr "" "значення <quote>-</quote> (дефіс)." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1961 sssd.conf.5.xml:1992 sssd.conf.5.xml:2030 +#: sssd.conf.5.xml:1962 sssd.conf.5.xml:1993 sssd.conf.5.xml:2031 msgid "" "Note: This option can also be set per-domain which overwrites the value in " "[pam] section. It can also be set for trusted domain which overwrites the " @@ -2962,7 +2962,7 @@ msgstr "" "вищий пріоритет за значення у розділі домену." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1969 +#: sssd.conf.5.xml:1970 #, no-wrap msgid "" "pam_gssapi_services = sudo, sudo-i\n" @@ -2972,22 +2972,22 @@ msgstr "" " " #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1967 sssd.conf.5.xml:3899 +#: sssd.conf.5.xml:1968 sssd.conf.5.xml:3900 msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>" msgstr "Приклад: <placeholder type=\"programlisting\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1973 +#: sssd.conf.5.xml:1974 msgid "Default: - (GSSAPI authentication is disabled)" msgstr "Типове значення: - (розпізнавання за GSSAPI вимкнено)" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1978 sssd.conf.5.xml:4248 +#: sssd.conf.5.xml:1979 sssd.conf.5.xml:4294 msgid "pam_gssapi_check_upn" msgstr "pam_gssapi_check_upn" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1981 +#: sssd.conf.5.xml:1982 msgid "" "If True, SSSD will require that the Kerberos user principal that " "successfully authenticated through GSSAPI can be associated with the user " @@ -2999,7 +2999,7 @@ msgstr "" "вважатиметься неуспішним, якщо перевірку не буде пройдено." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1988 +#: sssd.conf.5.xml:1989 msgid "" "If False, every user that is able to obtained required service ticket will " "be authenticated." @@ -3008,18 +3008,18 @@ msgstr "" "зможуть отримати бажаний квиток служби." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1998 sssd-ad.5.xml:1266 sss_rpcidmapd.5.xml:76 +#: sssd.conf.5.xml:1999 sssd-ad.5.xml:1266 sss_rpcidmapd.5.xml:76 #: sssd-files.5.xml:145 msgid "Default: True" msgstr "Типове значення: True" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2003 +#: sssd.conf.5.xml:2004 msgid "pam_gssapi_indicators_map" msgstr "pam_gssapi_indicators_map" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2006 +#: sssd.conf.5.xml:2007 msgid "" "Comma separated list of authentication indicators required to be present in " "a Kerberos ticket to access a PAM service that is allowed to try GSSAPI " @@ -3030,7 +3030,7 @@ msgstr "" "відокремлених комами індикаторів розпізнавання." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2012 +#: sssd.conf.5.xml:2013 msgid "" "Each element of the list can be either an authentication indicator name or a " "pair <quote>service:indicator</quote>. Indicators not prefixed with the PAM " @@ -3055,7 +3055,7 @@ msgstr "" "служби PAM є порожнім, перевірка не закриватиме доступ для жодного запису." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2025 +#: sssd.conf.5.xml:2026 msgid "" "To disable GSSAPI authentication indicator check, set this option to <quote>-" "</quote> (dash). To disable the check for a specific PAM service, add " @@ -3066,7 +3066,7 @@ msgstr "" "вимкнути перевірку для певної служби PAM, додайте <quote>служба:-</quote>." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2036 +#: sssd.conf.5.xml:2037 msgid "" "Following authentication indicators are supported by IPA Kerberos " "deployments:" @@ -3075,7 +3075,7 @@ msgstr "" "індикаторів розпізнавання:" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2039 +#: sssd.conf.5.xml:2040 msgid "" "pkinit -- pre-authentication using X.509 certificates -- whether stored in " "files or on smart cards." @@ -3084,7 +3084,7 @@ msgstr "" "зберігаються у файлах або на смарткартках." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2042 +#: sssd.conf.5.xml:2043 msgid "" "hardened -- SPAKE pre-authentication or any pre-authentication wrapped in a " "FAST channel." @@ -3093,12 +3093,12 @@ msgstr "" "розпізнавання у обгортці каналу FAST." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2045 +#: sssd.conf.5.xml:2046 msgid "radius -- pre-authentication with the help of a RADIUS server." msgstr "radius — попереднє розпізнавання за допомогою сервера RADIUS." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2048 +#: sssd.conf.5.xml:2049 msgid "" "otp -- pre-authentication using integrated two-factor authentication (2FA or " "one-time password, OTP) in IPA." @@ -3107,14 +3107,14 @@ msgstr "" "розпізнавання (2FA або одноразовий пароль, OTP) в IPA." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2051 +#: sssd.conf.5.xml:2052 msgid "idp -- pre-authentication using external identity provider." msgstr "" "idp — попереднє розпізнавання за допомогою зовнішнього надавача даних " "профілів." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:2061 +#: sssd.conf.5.xml:2062 #, no-wrap msgid "" "pam_gssapi_indicators_map = sudo:pkinit, sudo-i:pkinit\n" @@ -3124,7 +3124,7 @@ msgstr "" " " #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2056 +#: sssd.conf.5.xml:2057 msgid "" "Example: to require access to SUDO services only for users which obtained " "their Kerberos tickets with a X.509 certificate pre-authentication (PKINIT), " @@ -3136,19 +3136,19 @@ msgstr "" "id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2065 +#: sssd.conf.5.xml:2066 msgid "Default: not set (use of authentication indicators is not required)" msgstr "" "Типове значення: не встановлено (немає потреби у використанні індикаторів " "розпізнавання)" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:2073 +#: sssd.conf.5.xml:2074 msgid "SUDO configuration options" msgstr "Параметри налаштування SUDO" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2075 +#: sssd.conf.5.xml:2076 msgid "" "These options can be used to configure the sudo service. The detailed " "instructions for configuration of <citerefentry> <refentrytitle>sudo</" @@ -3166,12 +3166,12 @@ msgstr "" "citerefentry>." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2092 +#: sssd.conf.5.xml:2093 msgid "sudo_timed (bool)" msgstr "sudo_timed (булеве значення)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2095 +#: sssd.conf.5.xml:2096 msgid "" "Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes " "that implement time-dependent sudoers entries." @@ -3180,12 +3180,12 @@ msgstr "" "призначені для визначення часових обмежень для записів sudoers." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2107 +#: sssd.conf.5.xml:2108 msgid "sudo_threshold (integer)" msgstr "sudo_threshold (ціле число)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2110 +#: sssd.conf.5.xml:2111 msgid "" "Maximum number of expired rules that can be refreshed at once. If number of " "expired rules is below threshold, those rules are refreshed with " @@ -3201,22 +3201,22 @@ msgstr "" "sudo IPA та групових пошуків команд." #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:2129 +#: sssd.conf.5.xml:2130 msgid "AUTOFS configuration options" msgstr "Параметри налаштування AUTOFS" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2131 +#: sssd.conf.5.xml:2132 msgid "These options can be used to configure the autofs service." msgstr "Цими параметрами можна скористатися для налаштування служби autofs." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2135 +#: sssd.conf.5.xml:2136 msgid "autofs_negative_timeout (integer)" msgstr "autofs_negative_timeout (ціле число)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2138 +#: sssd.conf.5.xml:2139 msgid "" "Specifies for how many seconds should the autofs responder negative cache " "hits (that is, queries for invalid map entries, like nonexistent ones) " @@ -3227,22 +3227,22 @@ msgstr "" "базі даних, зокрема неіснуючих) перед повторним запитом до сервера обробки." #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:2154 +#: sssd.conf.5.xml:2155 msgid "SSH configuration options" msgstr "Параметри налаштувань SSH" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2156 +#: sssd.conf.5.xml:2157 msgid "These options can be used to configure the SSH service." msgstr "Цими параметрами можна скористатися для налаштування служби SSH." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2160 +#: sssd.conf.5.xml:2161 msgid "ssh_hash_known_hosts (bool)" msgstr "ssh_hash_known_hosts (булеве значення)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2163 +#: sssd.conf.5.xml:2164 msgid "" "Whether or not to hash host names and addresses in the managed known_hosts " "file." @@ -3250,12 +3250,12 @@ msgstr "" "Чи слід хешувати назви та адреси вузлів у керованому файлі known_hosts." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2172 +#: sssd.conf.5.xml:2173 msgid "ssh_known_hosts_timeout (integer)" msgstr "ssh_known_hosts_timeout (ціле число)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2175 +#: sssd.conf.5.xml:2176 msgid "" "How many seconds to keep a host in the managed known_hosts file after its " "host keys were requested." @@ -3264,17 +3264,17 @@ msgstr "" "файлі known_hosts після надсилання запиту щодо ключів вузла." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2179 +#: sssd.conf.5.xml:2180 msgid "Default: 180" msgstr "Типове значення: 180" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2184 +#: sssd.conf.5.xml:2185 msgid "ssh_use_certificate_keys (bool)" msgstr "ssh_use_certificate_keys (булеве значення)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2187 +#: sssd.conf.5.xml:2188 msgid "" "If set to true the <command>sss_ssh_authorizedkeys</command> will return ssh " "keys derived from the public key of X.509 certificates stored in the user " @@ -3288,12 +3288,12 @@ msgstr "" "refentrytitle> <manvolnum>1</manvolnum> </citerefentry>." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2202 +#: sssd.conf.5.xml:2203 msgid "ssh_use_certificate_matching_rules (string)" msgstr "ssh_use_certificate_matching_rules (рядок)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2205 +#: sssd.conf.5.xml:2206 msgid "" "By default the ssh responder will use all available certificate matching " "rules to filter the certificates so that ssh keys are only derived from the " @@ -3309,7 +3309,7 @@ msgstr "" "відокремлених комами. Усі інші правила буде проігноровано." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2214 +#: sssd.conf.5.xml:2215 msgid "" "There are two special key words 'all_rules' and 'no_rules' which will enable " "all or no rules, respectively. The latter means that no certificates will be " @@ -3321,7 +3321,7 @@ msgstr "" "сертифікатів." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2221 +#: sssd.conf.5.xml:2222 msgid "" "If no rules are configured using 'all_rules' will enable a default rule " "which enables all certificates suitable for client authentication. This is " @@ -3334,7 +3334,7 @@ msgstr "" "розпізнавання за сертифікатом." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2228 +#: sssd.conf.5.xml:2229 msgid "" "A non-existing rule name is considered an error. If as a result no rule is " "selected all certificates will be ignored." @@ -3344,7 +3344,7 @@ msgstr "" "проігноровано." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2233 +#: sssd.conf.5.xml:2234 msgid "" "Default: not set, equivalent to 'all_rules', all found rules or the default " "rule are used" @@ -3353,12 +3353,12 @@ msgstr "" "використано усі знайдені правила або типове правило" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2239 +#: sssd.conf.5.xml:2240 msgid "ca_db (string)" msgstr "ca_db (рядок)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2242 +#: sssd.conf.5.xml:2243 msgid "" "Path to a storage of trusted CA certificates. The option is used to validate " "user certificates before deriving public ssh keys from them." @@ -3367,12 +3367,12 @@ msgstr "" "перевірки сертифікатів користувачів до отримання з них відкритих ключів ssh." #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:2262 +#: sssd.conf.5.xml:2263 msgid "PAC responder configuration options" msgstr "Параметри налаштування відповідача PAC" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2264 +#: sssd.conf.5.xml:2265 msgid "" "The PAC responder works together with the authorization data plugin for MIT " "Kerberos sssd_pac_plugin.so and a sub-domain provider. The plugin sends the " @@ -3390,7 +3390,7 @@ msgstr "" "декодовано і визначено, виконуються деякі з таких дій:" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2273 +#: sssd.conf.5.xml:2274 msgid "" "If the remote user does not exist in the cache, it is created. The UID is " "determined with the help of the SID, trusted domains will have UPGs and the " @@ -3408,7 +3408,7 @@ msgstr "" "параметра default_shell." #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2281 +#: sssd.conf.5.xml:2282 msgid "" "If there are SIDs of groups from domains sssd knows about, the user will be " "added to those groups." @@ -3417,18 +3417,18 @@ msgstr "" "додано до цих груп." #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2287 +#: sssd.conf.5.xml:2288 msgid "These options can be used to configure the PAC responder." msgstr "" "Цими параметрами можна скористатися для налаштовування відповідача PAC." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2291 sssd-ifp.5.xml:66 +#: sssd.conf.5.xml:2292 sssd-ifp.5.xml:66 msgid "allowed_uids (string)" msgstr "allowed_uids (рядок)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2294 +#: sssd.conf.5.xml:2295 msgid "" "Specifies the comma-separated list of UID values or user names that are " "allowed to access the PAC responder. User names are resolved to UIDs at " @@ -3439,14 +3439,14 @@ msgstr "" "іменами користувачів визначатимуться під час запуску." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2300 +#: sssd.conf.5.xml:2301 msgid "Default: 0 (only the root user is allowed to access the PAC responder)" msgstr "" "Типове значення: 0 (доступ до відповідача PAC має лише адміністративний " "користувач (root))" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2304 +#: sssd.conf.5.xml:2305 msgid "" "Please note that although the UID 0 is used as the default it will be " "overwritten with this option. If you still want to allow the root user to " @@ -3460,12 +3460,12 @@ msgstr "" "запис 0." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2313 +#: sssd.conf.5.xml:2314 msgid "pac_lifetime (integer)" msgstr "pac_lifetime (ціле число)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2316 +#: sssd.conf.5.xml:2317 msgid "" "Lifetime of the PAC entry in seconds. As long as the PAC is valid the PAC " "data can be used to determine the group memberships of a user." @@ -3474,12 +3474,12 @@ msgstr "" "використовувати для визначення членства користувача у групі." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2326 +#: sssd.conf.5.xml:2327 msgid "pac_check (string)" msgstr "pac_check (рядок)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2329 +#: sssd.conf.5.xml:2330 msgid "" "Apply additional checks on the PAC of the Kerberos ticket which is available " "in Active Directory and FreeIPA domains, if configured. Please note that " @@ -3496,12 +3496,12 @@ msgstr "" "krb5_validate встановлено значення «False», перевірки PAC буде пропущено." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2343 +#: sssd.conf.5.xml:2344 msgid "no_check" msgstr "no_check" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2345 +#: sssd.conf.5.xml:2346 msgid "" "The PAC must not be present and even if it is present no additional checks " "will be done." @@ -3510,12 +3510,12 @@ msgstr "" "виконано не буде." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2351 +#: sssd.conf.5.xml:2352 msgid "pac_present" msgstr "pac_present" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2353 +#: sssd.conf.5.xml:2354 msgid "" "The PAC must be present in the service ticket which SSSD will request with " "the help of the user's TGT. If the PAC is not available the authentication " @@ -3526,12 +3526,12 @@ msgstr "" "зазнає невдачі." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2361 +#: sssd.conf.5.xml:2362 msgid "check_upn" msgstr "check_upn" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2363 +#: sssd.conf.5.xml:2364 msgid "" "If the PAC is present check if the user principal name (UPN) information is " "consistent." @@ -3540,12 +3540,12 @@ msgstr "" "користувача (UPN)." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2369 +#: sssd.conf.5.xml:2370 msgid "check_upn_allow_missing" msgstr "check_upn_allow_missing" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2371 +#: sssd.conf.5.xml:2372 msgid "" "This option should be used together with 'check_upn' and handles the case " "where a UPN is set on the server-side but is not read by SSSD. The typical " @@ -3565,7 +3565,7 @@ msgstr "" "потреби." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2383 +#: sssd.conf.5.xml:2384 msgid "" "Currently this option is set by default to avoid regressions in such " "environments. A log message will be added to the system log and SSSD's debug " @@ -3582,23 +3582,23 @@ msgstr "" "призведе до пропускання перевірки, і повідомлення зникне з журналу." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2397 +#: sssd.conf.5.xml:2398 msgid "upn_dns_info_present" msgstr "upn_dns_info_present" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2399 +#: sssd.conf.5.xml:2400 msgid "The PAC must contain the UPN-DNS-INFO buffer, implies 'check_upn'." msgstr "" "PAC має містити буфер UPN-DNS-INFO; неявним чином встановлює «check_upn»." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2404 +#: sssd.conf.5.xml:2405 msgid "check_upn_dns_info_ex" msgstr "check_upn_dns_info_ex" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2406 +#: sssd.conf.5.xml:2407 msgid "" "If the PAC is present and the extension to the UPN-DNS-INFO buffer is " "available check if the information in the extension is consistent." @@ -3607,12 +3607,12 @@ msgstr "" "узгодженими дані у розширенні." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2413 +#: sssd.conf.5.xml:2414 msgid "upn_dns_info_ex_present" msgstr "upn_dns_info_ex_present" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2415 +#: sssd.conf.5.xml:2416 msgid "" "The PAC must contain the extension of the UPN-DNS-INFO buffer, implies " "'check_upn_dns_info_ex', 'upn_dns_info_present' and 'check_upn'." @@ -3621,7 +3621,7 @@ msgstr "" "«check_upn_dns_info_ex», «upn_dns_info_present» і «check_upn»." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2339 +#: sssd.conf.5.xml:2340 msgid "" "The following options can be used alone or in a comma-separated list: " "<placeholder type=\"variablelist\" id=\"0\"/>" @@ -3630,7 +3630,7 @@ msgstr "" "відокремлених комами значень: <placeholder type=\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2425 +#: sssd.conf.5.xml:2426 msgid "" "Default: no_check (AD and IPA provider 'check_upn, check_upn_allow_missing, " "check_upn_dns_info_ex')" @@ -3639,12 +3639,12 @@ msgstr "" "check_upn_allow_missing, check_upn_dns_info_ex»)" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:2434 +#: sssd.conf.5.xml:2435 msgid "Session recording configuration options" msgstr "Параметри налаштовування запису сеансів" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2436 +#: sssd.conf.5.xml:2437 msgid "" "Session recording works in conjunction with <citerefentry> " "<refentrytitle>tlog-rec-session</refentrytitle> <manvolnum>8</manvolnum> </" @@ -3659,32 +3659,32 @@ msgstr "" "session-recording</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2449 +#: sssd.conf.5.xml:2450 msgid "These options can be used to configure session recording." msgstr "Цими параметрами можна скористатися для налаштовування запису сеансів." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2453 sssd-session-recording.5.xml:64 +#: sssd.conf.5.xml:2454 sssd-session-recording.5.xml:64 msgid "scope (string)" msgstr "scope (рядок)" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2460 sssd-session-recording.5.xml:71 +#: sssd.conf.5.xml:2461 sssd-session-recording.5.xml:71 msgid "\"none\"" msgstr "\"none\"" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2463 sssd-session-recording.5.xml:74 +#: sssd.conf.5.xml:2464 sssd-session-recording.5.xml:74 msgid "No users are recorded." msgstr "Користувачі не записуються." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2468 sssd-session-recording.5.xml:79 +#: sssd.conf.5.xml:2469 sssd-session-recording.5.xml:79 msgid "\"some\"" msgstr "\"some\"" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2471 sssd-session-recording.5.xml:82 +#: sssd.conf.5.xml:2472 sssd-session-recording.5.xml:82 msgid "" "Users/groups specified by <replaceable>users</replaceable> and " "<replaceable>groups</replaceable> options are recorded." @@ -3693,17 +3693,17 @@ msgstr "" "<replaceable>користувачі</replaceable> і <replaceable>групи</replaceable>." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2480 sssd-session-recording.5.xml:91 +#: sssd.conf.5.xml:2481 sssd-session-recording.5.xml:91 msgid "\"all\"" msgstr "\"all\"" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2483 sssd-session-recording.5.xml:94 +#: sssd.conf.5.xml:2484 sssd-session-recording.5.xml:94 msgid "All users are recorded." msgstr "Усі користувачі записуються." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2456 sssd-session-recording.5.xml:67 +#: sssd.conf.5.xml:2457 sssd-session-recording.5.xml:67 msgid "" "One of the following strings specifying the scope of session recording: " "<placeholder type=\"variablelist\" id=\"0\"/>" @@ -3712,17 +3712,17 @@ msgstr "" "<placeholder type=\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2490 sssd-session-recording.5.xml:101 +#: sssd.conf.5.xml:2491 sssd-session-recording.5.xml:101 msgid "Default: \"none\"" msgstr "Типове значення: none" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2495 sssd-session-recording.5.xml:106 +#: sssd.conf.5.xml:2496 sssd-session-recording.5.xml:106 msgid "users (string)" msgstr "users (рядок)" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2498 sssd-session-recording.5.xml:109 +#: sssd.conf.5.xml:2499 sssd-session-recording.5.xml:109 msgid "" "A comma-separated list of users which should have session recording enabled. " "Matches user names as returned by NSS. I.e. after the possible space " @@ -3734,17 +3734,17 @@ msgstr "" "тощо." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2504 sssd-session-recording.5.xml:115 +#: sssd.conf.5.xml:2505 sssd-session-recording.5.xml:115 msgid "Default: Empty. Matches no users." msgstr "Типове значення: порожнє. Не відповідає жодному користувачу." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2509 sssd-session-recording.5.xml:120 +#: sssd.conf.5.xml:2510 sssd-session-recording.5.xml:120 msgid "groups (string)" msgstr "groups (рядок)" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2512 sssd-session-recording.5.xml:123 +#: sssd.conf.5.xml:2513 sssd-session-recording.5.xml:123 msgid "" "A comma-separated list of groups, members of which should have session " "recording enabled. Matches group names as returned by NSS. I.e. after the " @@ -3756,7 +3756,7 @@ msgstr "" "символів тощо." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2518 sssd.conf.5.xml:2550 sssd-session-recording.5.xml:129 +#: sssd.conf.5.xml:2519 sssd.conf.5.xml:2551 sssd-session-recording.5.xml:129 #: sssd-session-recording.5.xml:161 msgid "" "NOTE: using this option (having it set to anything) has a considerable " @@ -3769,17 +3769,17 @@ msgstr "" "належить користувач." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2525 sssd-session-recording.5.xml:136 +#: sssd.conf.5.xml:2526 sssd-session-recording.5.xml:136 msgid "Default: Empty. Matches no groups." msgstr "Типове значення: порожнє. Не відповідає жодній групі." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2530 sssd-session-recording.5.xml:141 +#: sssd.conf.5.xml:2531 sssd-session-recording.5.xml:141 msgid "exclude_users (string)" msgstr "exclude_users (рядок)" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2533 sssd-session-recording.5.xml:144 +#: sssd.conf.5.xml:2534 sssd-session-recording.5.xml:144 msgid "" "A comma-separated list of users to be excluded from recording, only " "applicable with 'scope=all'." @@ -3788,17 +3788,17 @@ msgstr "" "записування. Може бути застосовано лише разом із «scope=all»." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2537 sssd-session-recording.5.xml:148 +#: sssd.conf.5.xml:2538 sssd-session-recording.5.xml:148 msgid "Default: Empty. No users excluded." msgstr "Типове значення: порожнє. Не виключати жодного користувача." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2542 sssd-session-recording.5.xml:153 +#: sssd.conf.5.xml:2543 sssd-session-recording.5.xml:153 msgid "exclude_groups (string)" msgstr "exclude_groups (рядок)" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2545 sssd-session-recording.5.xml:156 +#: sssd.conf.5.xml:2546 sssd-session-recording.5.xml:156 msgid "" "A comma-separated list of groups, members of which should be excluded from " "recording. Only applicable with 'scope=all'." @@ -3807,22 +3807,22 @@ msgstr "" "із записування. Може бути застосовано лише разом із «scope=all»." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2557 sssd-session-recording.5.xml:168 +#: sssd.conf.5.xml:2558 sssd-session-recording.5.xml:168 msgid "Default: Empty. No groups excluded." msgstr "Типове значення: порожнє. Не виключати жодної групи." #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:2567 +#: sssd.conf.5.xml:2568 msgid "DOMAIN SECTIONS" msgstr "РОЗДІЛИ ДОМЕНІВ" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2574 +#: sssd.conf.5.xml:2575 msgid "enabled" msgstr "enabled" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2577 +#: sssd.conf.5.xml:2578 msgid "" "Explicitly enable or disable the domain. If <quote>true</quote>, the domain " "is always <quote>enabled</quote>. If <quote>false</quote>, the domain is " @@ -3837,12 +3837,12 @@ msgstr "" "параметрі доменів у розділі <quote>[sssd]</quote>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2589 +#: sssd.conf.5.xml:2590 msgid "domain_type (string)" msgstr "domain_type (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2592 +#: sssd.conf.5.xml:2593 msgid "" "Specifies whether the domain is meant to be used by POSIX-aware clients such " "as the Name Service Switch or by applications that do not need POSIX data to " @@ -3855,7 +3855,7 @@ msgstr "" "з доменів POSIX." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2600 +#: sssd.conf.5.xml:2601 msgid "" "Allowed values for this option are <quote>posix</quote> and " "<quote>application</quote>." @@ -3864,7 +3864,7 @@ msgstr "" "<quote>application</quote>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2604 +#: sssd.conf.5.xml:2605 msgid "" "POSIX domains are reachable by all services. Application domains are only " "reachable from the InfoPipe responder (see <citerefentry> " @@ -3876,7 +3876,7 @@ msgstr "" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry>) і відповідача PAM." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2612 +#: sssd.conf.5.xml:2613 msgid "" "NOTE: The application domains are currently well tested with " "<quote>id_provider=ldap</quote> only." @@ -3885,7 +3885,7 @@ msgstr "" "application з <quote>id_provider=ldap</quote>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2616 +#: sssd.conf.5.xml:2617 msgid "" "For an easy way to configure a non-POSIX domains, please see the " "<quote>Application domains</quote> section." @@ -3894,17 +3894,17 @@ msgstr "" "ласка, ознайомтеся із розділом <quote>Домени програм</quote>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2620 +#: sssd.conf.5.xml:2621 msgid "Default: posix" msgstr "Типове значення: posix" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2626 +#: sssd.conf.5.xml:2627 msgid "min_id,max_id (integer)" msgstr "min_id,max_id (ціле значення)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2629 +#: sssd.conf.5.xml:2630 msgid "" "UID and GID limits for the domain. If a domain contains an entry that is " "outside these limits, it is ignored." @@ -3913,7 +3913,7 @@ msgstr "" "відповідає цим обмеженням, його буде проігноровано." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2634 +#: sssd.conf.5.xml:2635 msgid "" "For users, this affects the primary GID limit. The user will not be returned " "to NSS if either the UID or the primary GID is outside the range. For non-" @@ -3926,7 +3926,7 @@ msgstr "" "основної групи і належать діапазону, буде виведено у звичайному режимі." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2641 +#: sssd.conf.5.xml:2642 msgid "" "These ID limits affect even saving entries to cache, not only returning them " "by name or ID." @@ -3935,17 +3935,17 @@ msgstr "" "лише повернення записів за назвою або ідентифікатором." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2645 +#: sssd.conf.5.xml:2646 msgid "Default: 1 for min_id, 0 (no limit) for max_id" msgstr "Типові значення: 1 для min_id, 0 (без обмежень) для max_id" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2651 +#: sssd.conf.5.xml:2652 msgid "enumerate (bool)" msgstr "enumerate (булеве значення)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2654 +#: sssd.conf.5.xml:2655 msgid "" "Determines if a domain can be enumerated, that is, whether the domain can " "list all the users and group it contains. Note that it is not required to " @@ -3958,22 +3958,22 @@ msgstr "" "мати такі значення:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2662 +#: sssd.conf.5.xml:2663 msgid "TRUE = Users and groups are enumerated" msgstr "TRUE = користувачі і групи нумеруються" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2665 +#: sssd.conf.5.xml:2666 msgid "FALSE = No enumerations for this domain" msgstr "FALSE = не використовувати нумерацію для цього домену" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2668 sssd.conf.5.xml:2942 sssd.conf.5.xml:3119 +#: sssd.conf.5.xml:2669 sssd.conf.5.xml:2943 sssd.conf.5.xml:3120 msgid "Default: FALSE" msgstr "Типове значення: FALSE" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2671 +#: sssd.conf.5.xml:2672 msgid "" "Enumerating a domain requires SSSD to download and store ALL user and group " "entries from the remote server." @@ -3982,7 +3982,7 @@ msgstr "" "користувачів і груп із віддаленого сервера." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2676 +#: sssd.conf.5.xml:2677 msgid "" "Note: Enabling enumeration has a moderate performance impact on SSSD while " "enumeration is running. It may take up to several minutes after SSSD startup " @@ -4005,7 +4005,7 @@ msgstr "" "<quote>sssd_be</quote> або навіть перезапуску усього засобу стеження." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2691 +#: sssd.conf.5.xml:2692 msgid "" "While the first enumeration is running, requests for the complete user or " "group lists may return no results until it completes." @@ -4015,7 +4015,7 @@ msgstr "" "завершено." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2696 +#: sssd.conf.5.xml:2697 msgid "" "Further, enabling enumeration may increase the time necessary to detect " "network disconnection, as longer timeouts are required to ensure that " @@ -4029,7 +4029,7 @@ msgstr "" "відповідного використаного засобу обробки ідентифікаторів (id_provider)." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2704 +#: sssd.conf.5.xml:2705 msgid "" "For the reasons cited above, enabling enumeration is not recommended, " "especially in large environments." @@ -4038,32 +4038,32 @@ msgstr "" "об’ємних середовищах." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2712 +#: sssd.conf.5.xml:2713 msgid "subdomain_enumerate (string)" msgstr "subdomain_enumerate (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2719 +#: sssd.conf.5.xml:2720 msgid "all" msgstr "all" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2720 +#: sssd.conf.5.xml:2721 msgid "All discovered trusted domains will be enumerated" msgstr "Усі виявлені надійні домени буде пронумеровано" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2723 +#: sssd.conf.5.xml:2724 msgid "none" msgstr "none" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2724 +#: sssd.conf.5.xml:2725 msgid "No discovered trusted domains will be enumerated" msgstr "Нумерація виявлених надійних доменів не виконуватиметься" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2715 +#: sssd.conf.5.xml:2716 msgid "" "Whether any of autodetected trusted domains should be enumerated. The " "supported values are: <placeholder type=\"variablelist\" id=\"0\"/> " @@ -4076,12 +4076,12 @@ msgstr "" "доменів, для яких буде увімкнено нумерацію." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2738 +#: sssd.conf.5.xml:2739 msgid "entry_cache_timeout (integer)" msgstr "entry_cache_timeout (ціле число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2741 +#: sssd.conf.5.xml:2742 msgid "" "How many seconds should nss_sss consider entries valid before asking the " "backend again" @@ -4090,7 +4090,7 @@ msgstr "" "надсилати повторний запит до сервера" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2745 +#: sssd.conf.5.xml:2746 msgid "" "The cache expiration timestamps are stored as attributes of individual " "objects in the cache. Therefore, changing the cache timeout only has effect " @@ -4107,17 +4107,17 @@ msgstr "" "<manvolnum>8</manvolnum> </citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2758 +#: sssd.conf.5.xml:2759 msgid "Default: 5400" msgstr "Типове значення: 5400" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2764 +#: sssd.conf.5.xml:2765 msgid "entry_cache_user_timeout (integer)" msgstr "entry_cache_user_timeout (ціле число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2767 +#: sssd.conf.5.xml:2768 msgid "" "How many seconds should nss_sss consider user entries valid before asking " "the backend again" @@ -4126,19 +4126,19 @@ msgstr "" "чинними, перш ніж надсилати повторний запит до сервера" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2771 sssd.conf.5.xml:2784 sssd.conf.5.xml:2797 -#: sssd.conf.5.xml:2810 sssd.conf.5.xml:2824 sssd.conf.5.xml:2837 -#: sssd.conf.5.xml:2851 sssd.conf.5.xml:2865 sssd.conf.5.xml:2878 +#: sssd.conf.5.xml:2772 sssd.conf.5.xml:2785 sssd.conf.5.xml:2798 +#: sssd.conf.5.xml:2811 sssd.conf.5.xml:2825 sssd.conf.5.xml:2838 +#: sssd.conf.5.xml:2852 sssd.conf.5.xml:2866 sssd.conf.5.xml:2879 msgid "Default: entry_cache_timeout" msgstr "Типове значення: entry_cache_timeout" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2777 +#: sssd.conf.5.xml:2778 msgid "entry_cache_group_timeout (integer)" msgstr "entry_cache_group_timeout (ціле число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2780 +#: sssd.conf.5.xml:2781 msgid "" "How many seconds should nss_sss consider group entries valid before asking " "the backend again" @@ -4147,12 +4147,12 @@ msgstr "" "ніж надсилати повторний запит до сервера" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2790 +#: sssd.conf.5.xml:2791 msgid "entry_cache_netgroup_timeout (integer)" msgstr "entry_cache_netgroup_timeout (ціле число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2793 +#: sssd.conf.5.xml:2794 msgid "" "How many seconds should nss_sss consider netgroup entries valid before " "asking the backend again" @@ -4161,12 +4161,12 @@ msgstr "" "чинними, перш ніж надсилати повторний запит до сервера" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2803 +#: sssd.conf.5.xml:2804 msgid "entry_cache_service_timeout (integer)" msgstr "entry_cache_service_timeout (ціле число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2806 +#: sssd.conf.5.xml:2807 msgid "" "How many seconds should nss_sss consider service entries valid before asking " "the backend again" @@ -4175,12 +4175,12 @@ msgstr "" "ніж надсилати повторний запит до сервера" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2816 +#: sssd.conf.5.xml:2817 msgid "entry_cache_resolver_timeout (integer)" msgstr "entry_cache_resolver_timeout (ціле число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2819 +#: sssd.conf.5.xml:2820 msgid "" "How many seconds should nss_sss consider hosts and networks entries valid " "before asking the backend again" @@ -4189,12 +4189,12 @@ msgstr "" "чинними, перш ніж надсилати повторний запит до сервера" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2830 +#: sssd.conf.5.xml:2831 msgid "entry_cache_sudo_timeout (integer)" msgstr "entry_cache_sudo_timeout (ціле число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2833 +#: sssd.conf.5.xml:2834 msgid "" "How many seconds should sudo consider rules valid before asking the backend " "again" @@ -4203,12 +4203,12 @@ msgstr "" "надсилати повторний запит до сервера" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2843 +#: sssd.conf.5.xml:2844 msgid "entry_cache_autofs_timeout (integer)" msgstr "entry_cache_autofs_timeout (ціле число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2846 +#: sssd.conf.5.xml:2847 msgid "" "How many seconds should the autofs service consider automounter maps valid " "before asking the backend again" @@ -4217,12 +4217,12 @@ msgstr "" "чинними, перш ніж надсилати повторний запит до сервера" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2857 +#: sssd.conf.5.xml:2858 msgid "entry_cache_ssh_host_timeout (integer)" msgstr "entry_cache_ssh_host_timeout (ціле число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2860 +#: sssd.conf.5.xml:2861 msgid "" "How many seconds to keep a host ssh key after refresh. IE how long to cache " "the host key for." @@ -4232,12 +4232,12 @@ msgstr "" "вузла у кеші." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2871 +#: sssd.conf.5.xml:2872 msgid "entry_cache_computer_timeout (integer)" msgstr "entry_cache_computer_timeout (ціле число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2874 +#: sssd.conf.5.xml:2875 msgid "" "How many seconds to keep the local computer entry before asking the backend " "again" @@ -4246,12 +4246,12 @@ msgstr "" "перш ніж надсилати запит до модуля обробки даних знову" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2884 +#: sssd.conf.5.xml:2885 msgid "refresh_expired_interval (integer)" msgstr "refresh_expired_interval (ціле число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2887 +#: sssd.conf.5.xml:2888 msgid "" "Specifies how many seconds SSSD has to wait before triggering a background " "refresh task which will refresh all expired or nearly expired records." @@ -4261,7 +4261,7 @@ msgstr "" "вичерпано або майже вичерпано." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2892 +#: sssd.conf.5.xml:2893 msgid "" "The background refresh will process users, groups and netgroups in the " "cache. For users who have performed the initgroups (get group membership for " @@ -4275,18 +4275,18 @@ msgstr "" "запис користувача, і дані щодо участі у групах." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2900 +#: sssd.conf.5.xml:2901 msgid "This option is automatically inherited for all trusted domains." msgstr "Цей параметр автоматично успадковується для усіх довірених доменів." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2904 +#: sssd.conf.5.xml:2905 msgid "You can consider setting this value to 3/4 * entry_cache_timeout." msgstr "" "Варто визначити для цього параметра значення 3/4 * entry_cache_timeout." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2908 +#: sssd.conf.5.xml:2909 msgid "" "Cache entry will be refreshed by background task when 2/3 of cache timeout " "has already passed. If there are existing cached entries, the background " @@ -4307,18 +4307,18 @@ msgstr "" "чинність наявного кешу." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2921 sssd-ldap.5.xml:360 sssd-ldap.5.xml:1736 +#: sssd.conf.5.xml:2922 sssd-ldap.5.xml:360 sssd-ldap.5.xml:1736 #: sssd-ipa.5.xml:270 msgid "Default: 0 (disabled)" msgstr "Типове значення: 0 (вимкнено)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2927 +#: sssd.conf.5.xml:2928 msgid "cache_credentials (bool)" msgstr "cache_credentials (булеве значення)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2930 +#: sssd.conf.5.xml:2931 #, fuzzy #| msgid "" #| "Determines if user credentials are also cached in the local LDB cache" @@ -4328,7 +4328,7 @@ msgstr "" "кеші LDB" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2934 +#: sssd.conf.5.xml:2935 msgid "" "Take a note that while credentials are stored as a salted SHA512 hash, this " "still potentially poses some security risk in case an attacker manages to " @@ -4337,12 +4337,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2948 +#: sssd.conf.5.xml:2949 msgid "cache_credentials_minimal_first_factor_length (int)" msgstr "cache_credentials_minimal_first_factor_length (ціле число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2951 +#: sssd.conf.5.xml:2952 msgid "" "If 2-Factor-Authentication (2FA) is used and credentials should be saved " "this value determines the minimal length the first authentication factor " @@ -4354,7 +4354,7 @@ msgstr "" "контрольної суми SHA512 у кеші." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2958 +#: sssd.conf.5.xml:2959 msgid "" "This should avoid that the short PINs of a PIN based 2FA scheme are saved in " "the cache which would make them easy targets for brute-force attacks." @@ -4364,12 +4364,12 @@ msgstr "" "мішенню атак із перебиранням паролів." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2969 +#: sssd.conf.5.xml:2970 msgid "account_cache_expiration (integer)" msgstr "account_cache_expiration (ціле число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2972 +#: sssd.conf.5.xml:2973 msgid "" "Number of days entries are left in cache after last successful login before " "being removed during a cleanup of the cache. 0 means keep forever. The " @@ -4382,17 +4382,17 @@ msgstr "" "offline_credentials_expiration." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2979 +#: sssd.conf.5.xml:2980 msgid "Default: 0 (unlimited)" msgstr "Типове значення: 0 (без обмежень)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2984 +#: sssd.conf.5.xml:2985 msgid "pwd_expiration_warning (integer)" msgstr "pwd_expiration_warning (ціле число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2995 +#: sssd.conf.5.xml:2996 msgid "" "Please note that the backend server has to provide information about the " "expiration time of the password. If this information is missing, sssd " @@ -4405,17 +4405,17 @@ msgstr "" "даних розпізнавання." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3002 +#: sssd.conf.5.xml:3003 msgid "Default: 7 (Kerberos), 0 (LDAP)" msgstr "Типове значення: 7 (Kerberos), 0 (LDAP)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3008 +#: sssd.conf.5.xml:3009 msgid "id_provider (string)" msgstr "id_provider (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3011 +#: sssd.conf.5.xml:3012 msgid "" "The identification provider used for the domain. Supported ID providers are:" msgstr "" @@ -4423,12 +4423,12 @@ msgstr "" "Серед підтримуваних засобів такі:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3015 +#: sssd.conf.5.xml:3016 msgid "<quote>proxy</quote>: Support a legacy NSS provider." msgstr "«proxy»: підтримка застарілого модуля надання даних NSS." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3018 +#: sssd.conf.5.xml:3019 msgid "" "<quote>files</quote>: FILES provider. See <citerefentry> <refentrytitle>sssd-" "files</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more " @@ -4440,7 +4440,7 @@ msgstr "" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3026 +#: sssd.conf.5.xml:3027 msgid "" "<quote>ldap</quote>: LDAP provider. See <citerefentry> <refentrytitle>sssd-" "ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more " @@ -4451,8 +4451,8 @@ msgstr "" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3034 sssd.conf.5.xml:3145 sssd.conf.5.xml:3196 -#: sssd.conf.5.xml:3259 +#: sssd.conf.5.xml:3035 sssd.conf.5.xml:3146 sssd.conf.5.xml:3197 +#: sssd.conf.5.xml:3260 msgid "" "<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management " "provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> " @@ -4465,8 +4465,8 @@ msgstr "" "manvolnum> </citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3043 sssd.conf.5.xml:3154 sssd.conf.5.xml:3205 -#: sssd.conf.5.xml:3268 +#: sssd.conf.5.xml:3044 sssd.conf.5.xml:3155 sssd.conf.5.xml:3206 +#: sssd.conf.5.xml:3269 msgid "" "<quote>ad</quote>: Active Directory provider. See <citerefentry> " "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </" @@ -4478,12 +4478,12 @@ msgstr "" "citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3054 +#: sssd.conf.5.xml:3055 msgid "use_fully_qualified_names (bool)" msgstr "use_fully_qualified_names (булеве значення)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3057 +#: sssd.conf.5.xml:3058 msgid "" "Use the full name and domain (as formatted by the domain's full_name_format) " "as the user's login name reported to NSS." @@ -4493,7 +4493,7 @@ msgstr "" "NSS." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3062 +#: sssd.conf.5.xml:3063 msgid "" "If set to TRUE, all requests to this domain must use fully qualified names. " "For example, if used in LOCAL domain that contains a \"test\" user, " @@ -4506,7 +4506,7 @@ msgstr "" "не покаже користувача, а <command>getent passwd test@LOCAL</command> покаже." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3070 +#: sssd.conf.5.xml:3071 msgid "" "NOTE: This option has no effect on netgroup lookups due to their tendency to " "include nested netgroups without qualified names. For netgroups, all domains " @@ -4517,7 +4517,7 @@ msgstr "" "груп, якщо задано неповну назву, буде виконано пошук у всіх доменах." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3077 +#: sssd.conf.5.xml:3078 msgid "" "Default: FALSE (TRUE for trusted domain/sub-domains or if " "default_domain_suffix is used)" @@ -4526,17 +4526,17 @@ msgstr "" "використано default_domain_suffix)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3084 +#: sssd.conf.5.xml:3085 msgid "ignore_group_members (bool)" msgstr "ignore_group_members (булеве значення)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3087 +#: sssd.conf.5.xml:3088 msgid "Do not return group members for group lookups." msgstr "Не повертати записи учасників груп для пошуків груп." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3090 +#: sssd.conf.5.xml:3091 msgid "" "If set to TRUE, the group membership attribute is not requested from the " "ldap server, and group members are not returned when processing group lookup " @@ -4555,7 +4555,7 @@ msgstr "" "$groupname</quote> поверне запитану групу так, наче вона була порожня." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3108 +#: sssd.conf.5.xml:3109 msgid "" "Enabling this option can also make access provider checks for group " "membership significantly faster, especially for groups containing many " @@ -4566,7 +4566,7 @@ msgstr "" "учасників." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3114 sssd.conf.5.xml:3821 sssd-ldap.5.xml:326 +#: sssd.conf.5.xml:3115 sssd.conf.5.xml:3822 sssd-ldap.5.xml:326 #: sssd-ldap.5.xml:355 sssd-ldap.5.xml:408 sssd-ldap.5.xml:468 #: sssd-ldap.5.xml:489 sssd-ldap.5.xml:520 sssd-ldap.5.xml:543 #: sssd-ldap.5.xml:582 sssd-ldap.5.xml:601 sssd-ldap.5.xml:625 @@ -4579,12 +4579,12 @@ msgstr "" "успадковано за допомогою <emphasis>subdomain_inherit</emphasis>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3124 +#: sssd.conf.5.xml:3125 msgid "auth_provider (string)" msgstr "auth_provider (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3127 +#: sssd.conf.5.xml:3128 msgid "" "The authentication provider used for the domain. Supported auth providers " "are:" @@ -4593,7 +4593,7 @@ msgstr "" "служб розпізнавання:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3131 sssd.conf.5.xml:3189 +#: sssd.conf.5.xml:3132 sssd.conf.5.xml:3190 msgid "" "<quote>ldap</quote> for native LDAP authentication. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" @@ -4605,7 +4605,7 @@ msgstr "" "citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3138 +#: sssd.conf.5.xml:3139 msgid "" "<quote>krb5</quote> for Kerberos authentication. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" @@ -4617,18 +4617,18 @@ msgstr "" "citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3162 +#: sssd.conf.5.xml:3163 msgid "" "<quote>proxy</quote> for relaying authentication to some other PAM target." msgstr "<quote>proxy</quote> — трансльоване розпізнавання у іншій системі PAM." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3165 +#: sssd.conf.5.xml:3166 msgid "<quote>none</quote> disables authentication explicitly." msgstr "<quote>none</quote> — вимкнути розпізнавання повністю." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3168 +#: sssd.conf.5.xml:3169 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can handle " "authentication requests." @@ -4637,12 +4637,12 @@ msgstr "" "спосіб встановлено і можлива обробка запитів щодо розпізнавання." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3174 +#: sssd.conf.5.xml:3175 msgid "access_provider (string)" msgstr "access_provider (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3177 +#: sssd.conf.5.xml:3178 msgid "" "The access control provider used for the domain. There are two built-in " "access providers (in addition to any included in installed backends) " @@ -4653,7 +4653,7 @@ msgstr "" "Вбудованими програмами є:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3183 +#: sssd.conf.5.xml:3184 msgid "" "<quote>permit</quote> always allow access. It's the only permitted access " "provider for a local domain." @@ -4662,12 +4662,12 @@ msgstr "" "доступу для локального домену." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3186 +#: sssd.conf.5.xml:3187 msgid "<quote>deny</quote> always deny access." msgstr "<quote>deny</quote> — завжди забороняти доступ." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3213 +#: sssd.conf.5.xml:3214 msgid "" "<quote>simple</quote> access control based on access or deny lists. See " "<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</" @@ -4680,7 +4680,7 @@ msgstr "" "refentrytitle> <manvolnum>5</manvolnum></citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3220 +#: sssd.conf.5.xml:3221 msgid "" "<quote>krb5</quote>: .k5login based access control. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum></" @@ -4692,24 +4692,24 @@ msgstr "" "manvolnum> </citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3227 +#: sssd.conf.5.xml:3228 msgid "<quote>proxy</quote> for relaying access control to another PAM module." msgstr "" "<quote>proxy</quote> — для трансляції керування доступом до іншого модуля " "PAM." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3230 +#: sssd.conf.5.xml:3231 msgid "Default: <quote>permit</quote>" msgstr "Типове значення: <quote>permit</quote>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3235 +#: sssd.conf.5.xml:3236 msgid "chpass_provider (string)" msgstr "chpass_provider (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3238 +#: sssd.conf.5.xml:3239 msgid "" "The provider which should handle change password operations for the domain. " "Supported change password providers are:" @@ -4718,7 +4718,7 @@ msgstr "" "підтримку таких систем зміни паролів:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3243 +#: sssd.conf.5.xml:3244 msgid "" "<quote>ldap</quote> to change a password stored in a LDAP server. See " "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" @@ -4730,7 +4730,7 @@ msgstr "" "manvolnum> </citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3251 +#: sssd.conf.5.xml:3252 msgid "" "<quote>krb5</quote> to change the Kerberos password. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" @@ -4742,18 +4742,18 @@ msgstr "" "citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3276 +#: sssd.conf.5.xml:3277 msgid "" "<quote>proxy</quote> for relaying password changes to some other PAM target." msgstr "<quote>proxy</quote> — трансльована зміна пароля у іншій системі PAM." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3280 +#: sssd.conf.5.xml:3281 msgid "<quote>none</quote> disallows password changes explicitly." msgstr "<quote>none</quote> — явно вимкнути можливість зміни пароля." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3283 +#: sssd.conf.5.xml:3284 msgid "" "Default: <quote>auth_provider</quote> is used if it is set and can handle " "change password requests." @@ -4762,19 +4762,19 @@ msgstr "" "цього параметра і якщо система здатна обробляти запити щодо паролів." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3290 +#: sssd.conf.5.xml:3291 msgid "sudo_provider (string)" msgstr "sudo_provider (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3293 +#: sssd.conf.5.xml:3294 msgid "The SUDO provider used for the domain. Supported SUDO providers are:" msgstr "" "Служба SUDO, яку використано для цього домену. Серед підтримуваних служб " "SUDO:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3297 +#: sssd.conf.5.xml:3298 msgid "" "<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" @@ -4786,7 +4786,7 @@ msgstr "" "citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3305 +#: sssd.conf.5.xml:3306 msgid "" "<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default " "settings." @@ -4795,7 +4795,7 @@ msgstr "" "параметрами IPA." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3309 +#: sssd.conf.5.xml:3310 msgid "" "<quote>ad</quote> the same as <quote>ldap</quote> but with AD default " "settings." @@ -4804,20 +4804,20 @@ msgstr "" "параметрами AD." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3313 +#: sssd.conf.5.xml:3314 msgid "<quote>none</quote> disables SUDO explicitly." msgstr "<quote>none</quote> явним чином вимикає SUDO." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3316 sssd.conf.5.xml:3402 sssd.conf.5.xml:3472 -#: sssd.conf.5.xml:3497 sssd.conf.5.xml:3533 +#: sssd.conf.5.xml:3317 sssd.conf.5.xml:3403 sssd.conf.5.xml:3473 +#: sssd.conf.5.xml:3498 sssd.conf.5.xml:3534 msgid "Default: The value of <quote>id_provider</quote> is used if it is set." msgstr "" "Типове значення: використовується значення <quote>id_provider</quote>, якщо " "його встановлено." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3320 +#: sssd.conf.5.xml:3321 msgid "" "The detailed instructions for configuration of sudo_provider are in the " "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " @@ -4836,7 +4836,7 @@ msgstr "" "citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3335 +#: sssd.conf.5.xml:3336 msgid "" "<emphasis>NOTE:</emphasis> Sudo rules are periodically downloaded in the " "background unless the sudo provider is explicitly disabled. Set " @@ -4850,12 +4850,12 @@ msgstr "" "sudo у SSSD." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3345 +#: sssd.conf.5.xml:3346 msgid "selinux_provider (string)" msgstr "selinux_provider (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3348 +#: sssd.conf.5.xml:3349 msgid "" "The provider which should handle loading of selinux settings. Note that this " "provider will be called right after access provider ends. Supported selinux " @@ -4866,7 +4866,7 @@ msgstr "" "доступу. Передбачено підтримку таких засобів надання даних SELinux:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3354 +#: sssd.conf.5.xml:3355 msgid "" "<quote>ipa</quote> to load selinux settings from an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" @@ -4878,14 +4878,14 @@ msgstr "" "manvolnum> </citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3362 +#: sssd.conf.5.xml:3363 msgid "<quote>none</quote> disallows fetching selinux settings explicitly." msgstr "" "<quote>none</quote> явним чином забороняє отримання даних щодо параметрів " "SELinux." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3365 +#: sssd.conf.5.xml:3366 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can handle " "selinux loading requests." @@ -4894,12 +4894,12 @@ msgstr "" "спосіб встановлено і можлива обробка запитів щодо завантаження SELinux." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3371 +#: sssd.conf.5.xml:3372 msgid "subdomains_provider (string)" msgstr "subdomains_provider (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3374 +#: sssd.conf.5.xml:3375 msgid "" "The provider which should handle fetching of subdomains. This value should " "be always the same as id_provider. Supported subdomain providers are:" @@ -4909,7 +4909,7 @@ msgstr "" "підтримку таких засобів надання даних піддоменів:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3380 +#: sssd.conf.5.xml:3381 msgid "" "<quote>ipa</quote> to load a list of subdomains from an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" @@ -4921,7 +4921,7 @@ msgstr "" "manvolnum> </citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3389 +#: sssd.conf.5.xml:3390 msgid "" "<quote>ad</quote> to load a list of subdomains from an Active Directory " "server. See <citerefentry> <refentrytitle>sssd-ad</refentrytitle> " @@ -4934,17 +4934,17 @@ msgstr "" "налаштовування засобу надання даних AD." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3398 +#: sssd.conf.5.xml:3399 msgid "<quote>none</quote> disallows fetching subdomains explicitly." msgstr "<quote>none</quote> забороняє ячним чином отримання даних піддоменів." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3408 +#: sssd.conf.5.xml:3409 msgid "session_provider (string)" msgstr "session_provider (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3411 +#: sssd.conf.5.xml:3412 msgid "" "The provider which configures and manages user session related tasks. The " "only user session task currently provided is the integration with Fleet " @@ -4956,14 +4956,14 @@ msgstr "" "постачальники даних сеансів:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3418 +#: sssd.conf.5.xml:3419 msgid "<quote>ipa</quote> to allow performing user session related tasks." msgstr "" "<quote>ipa</quote>, щоб дозволити пов'язані із сеансами користувачів " "завдання." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3422 +#: sssd.conf.5.xml:3423 msgid "" "<quote>none</quote> does not perform any kind of user session related tasks." msgstr "" @@ -4971,7 +4971,7 @@ msgstr "" "користувачів завдань." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3426 +#: sssd.conf.5.xml:3427 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can perform " "session related tasks." @@ -4980,7 +4980,7 @@ msgstr "" "його встановлено і дозволено виконувати пов'язані із сеансами завдання." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3430 +#: sssd.conf.5.xml:3431 msgid "" "<emphasis>NOTE:</emphasis> In order to have this feature working as expected " "SSSD must be running as \"root\" and not as the unprivileged user." @@ -4990,12 +4990,12 @@ msgstr "" "непривілейованого користувача." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3438 +#: sssd.conf.5.xml:3439 msgid "autofs_provider (string)" msgstr "autofs_provider (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3441 +#: sssd.conf.5.xml:3442 msgid "" "The autofs provider used for the domain. Supported autofs providers are:" msgstr "" @@ -5003,7 +5003,7 @@ msgstr "" "autofs:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3445 +#: sssd.conf.5.xml:3446 msgid "" "<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" @@ -5015,7 +5015,7 @@ msgstr "" "citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3452 +#: sssd.conf.5.xml:3453 msgid "" "<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> " "<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </" @@ -5027,7 +5027,7 @@ msgstr "" "manvolnum> </citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3460 +#: sssd.conf.5.xml:3461 msgid "" "<quote>ad</quote> to load maps stored in an AD server. See <citerefentry> " "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </" @@ -5039,17 +5039,17 @@ msgstr "" "надання даних AD." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3469 +#: sssd.conf.5.xml:3470 msgid "<quote>none</quote> disables autofs explicitly." msgstr "<quote>none</quote> вимикає autofs повністю." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3479 +#: sssd.conf.5.xml:3480 msgid "hostid_provider (string)" msgstr "hostid_provider (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3482 +#: sssd.conf.5.xml:3483 msgid "" "The provider used for retrieving host identity information. Supported " "hostid providers are:" @@ -5058,7 +5058,7 @@ msgstr "" "вузла. Серед підтримуваних засобів надання hostid:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3486 +#: sssd.conf.5.xml:3487 msgid "" "<quote>ipa</quote> to load host identity stored in an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" @@ -5070,17 +5070,17 @@ msgstr "" "manvolnum> </citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3494 +#: sssd.conf.5.xml:3495 msgid "<quote>none</quote> disables hostid explicitly." msgstr "<quote>none</quote> вимикає hostid повністю." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3504 +#: sssd.conf.5.xml:3505 msgid "resolver_provider (string)" msgstr "resolver_provider (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3507 +#: sssd.conf.5.xml:3508 msgid "" "The provider which should handle hosts and networks lookups. Supported " "resolver providers are:" @@ -5089,7 +5089,7 @@ msgstr "" "підтримку таких надавачів даних для визначення:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3511 +#: sssd.conf.5.xml:3512 msgid "" "<quote>proxy</quote> to forward lookups to another NSS library. See " "<quote>proxy_resolver_lib_name</quote>" @@ -5098,7 +5098,7 @@ msgstr "" "Див. <quote>proxy_resolver_lib_name</quote>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3515 +#: sssd.conf.5.xml:3516 msgid "" "<quote>ldap</quote> to fetch hosts and networks stored in LDAP. See " "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" @@ -5110,7 +5110,7 @@ msgstr "" "manvolnum> </citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3522 +#: sssd.conf.5.xml:3523 msgid "" "<quote>ad</quote> to fetch hosts and networks stored in AD. See " "<citerefentry> <refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</" @@ -5123,13 +5123,13 @@ msgstr "" "налаштовування засобу надання даних AD." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3530 +#: sssd.conf.5.xml:3531 msgid "<quote>none</quote> disallows fetching hosts and networks explicitly." msgstr "" "<quote>none</quote> забороняє ячним чином отримання даних вузлів і мереж." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3543 +#: sssd.conf.5.xml:3544 msgid "" "Regular expression for this domain that describes how to parse the string " "containing user name and domain into these components. The \"domain\" can " @@ -5143,7 +5143,7 @@ msgstr "" "IPA та доменів Active Directory, простій назві (NetBIOS) домену." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3552 +#: sssd.conf.5.xml:3553 #, fuzzy #| msgid "" #| "Default for the AD and IPA provider: <quote>(((?P<domain>[^\\\\]+)\\" @@ -5160,17 +5160,17 @@ msgstr "" "різні стилі запису імен користувачів:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:3557 sssd.conf.5.xml:3571 +#: sssd.conf.5.xml:3558 sssd.conf.5.xml:3572 msgid "username" msgstr "користувач" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:3560 sssd.conf.5.xml:3574 +#: sssd.conf.5.xml:3561 sssd.conf.5.xml:3575 msgid "username@domain.name" msgstr "користувач@назва.домену" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3565 +#: sssd.conf.5.xml:3566 #, fuzzy #| msgid "" #| "Default for the AD and IPA provider: <quote>(((?P<domain>[^\\\\]+)\\" @@ -5189,12 +5189,12 @@ msgstr "" "різні стилі запису імен користувачів:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:3577 +#: sssd.conf.5.xml:3578 msgid "domain\\username" msgstr "домен\\користувач" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3580 +#: sssd.conf.5.xml:3581 msgid "" "While the first two correspond to the general default the third one is " "introduced to allow easy integration of users from Windows domains." @@ -5203,7 +5203,7 @@ msgstr "" "того, щоб полегшити інтеграцію користувачів з доменів Windows." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3585 +#: sssd.conf.5.xml:3586 msgid "" "The default re_expression uses the <quote>@</quote> character as a separator " "between the name and the domain. As a result of this setting the default " @@ -5213,17 +5213,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3637 +#: sssd.conf.5.xml:3638 msgid "Default: <quote>%1$s@%2$s</quote>." msgstr "Типове значення: <quote>%1$s@%2$s</quote>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3643 +#: sssd.conf.5.xml:3644 msgid "lookup_family_order (string)" msgstr "lookup_family_order (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3646 +#: sssd.conf.5.xml:3647 msgid "" "Provides the ability to select preferred address family to use when " "performing DNS lookups." @@ -5232,48 +5232,48 @@ msgstr "" "під час виконання пошуків у DNS." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3650 +#: sssd.conf.5.xml:3651 msgid "Supported values:" msgstr "Передбачено підтримку таких значень:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3653 +#: sssd.conf.5.xml:3654 msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6" msgstr "" "ipv4_first: спробувати визначити адресу у форматі IPv4, у разі невдачі " "спробувати формат IPv6" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3656 +#: sssd.conf.5.xml:3657 msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses." msgstr "" "ipv4_only: намагатися визначити назви вузлів лише у форматі адрес IPv4." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3659 +#: sssd.conf.5.xml:3660 msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4" msgstr "" "ipv6_first: спробувати визначити адресу у форматі IPv6, у разі невдачі " "спробувати формат IPv4" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3662 +#: sssd.conf.5.xml:3663 msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses." msgstr "" "ipv6_only: намагатися визначити назви вузлів лише у форматі адрес IPv6." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3665 +#: sssd.conf.5.xml:3666 msgid "Default: ipv4_first" msgstr "Типове значення: ipv4_first" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3671 +#: sssd.conf.5.xml:3672 msgid "dns_resolver_server_timeout (integer)" msgstr "dns_resolver_server_timeout (ціле число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3674 +#: sssd.conf.5.xml:3675 msgid "" "Defines the amount of time (in milliseconds) SSSD would try to talk to DNS " "server before trying next DNS server." @@ -5282,7 +5282,7 @@ msgstr "" "обмінятися даними із сервером DNS, перш ніж пробувати наступний сервер DNS." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3679 +#: sssd.conf.5.xml:3680 msgid "" "The AD provider will use this option for the CLDAP ping timeouts as well." msgstr "" @@ -5290,7 +5290,7 @@ msgstr "" "очікування на відгук на луна-імпульс CLDAP." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3683 sssd.conf.5.xml:3703 sssd.conf.5.xml:3724 +#: sssd.conf.5.xml:3684 sssd.conf.5.xml:3704 sssd.conf.5.xml:3725 msgid "" "Please see the section <quote>FAILOVER</quote> for more information about " "the service resolution." @@ -5299,17 +5299,17 @@ msgstr "" "більше про розв'язування питань, пов'язаних із службами." #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3688 sssd-ldap.5.xml:644 include/failover.xml:84 +#: sssd.conf.5.xml:3689 sssd-ldap.5.xml:644 include/failover.xml:84 msgid "Default: 1000" msgstr "Типове значення: 1000" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3694 +#: sssd.conf.5.xml:3695 msgid "dns_resolver_op_timeout (integer)" msgstr "dns_resolver_op_timeout (ціле число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3697 +#: sssd.conf.5.xml:3698 msgid "" "Defines the amount of time (in seconds) to wait to resolve single DNS query " "(e.g. resolution of a hostname or an SRV record) before trying the next " @@ -5321,12 +5321,12 @@ msgstr "" "наступного DNS." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3714 +#: sssd.conf.5.xml:3715 msgid "dns_resolver_timeout (integer)" msgstr "dns_resolver_timeout (ціле число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3717 +#: sssd.conf.5.xml:3718 msgid "" "Defines the amount of time (in seconds) to wait for a reply from the " "internal fail over service before assuming that the service is unreachable. " @@ -5339,12 +5339,12 @@ msgstr "" "роботу у автономному режимі." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3735 +#: sssd.conf.5.xml:3736 msgid "dns_resolver_use_search_list (bool)" msgstr "dns_resolver_use_search_list (булеве значення)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3738 +#: sssd.conf.5.xml:3739 msgid "" "Normally, the DNS resolver searches the domain list defined in the " "\"search\" directive from the resolv.conf file. This can lead to delays in " @@ -5355,7 +5355,7 @@ msgstr "" "затримок у середовищах, де DNS не налаштовано належним чином." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3744 +#: sssd.conf.5.xml:3745 msgid "" "If fully qualified domain names (or _srv_) are used in the SSSD " "configuration, setting this option to FALSE can prevent unnecessary DNS " @@ -5366,17 +5366,17 @@ msgstr "" "пошукам DNS у таких середовищах." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3750 +#: sssd.conf.5.xml:3751 msgid "Default: TRUE" msgstr "Типове значення: TRUE" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3756 +#: sssd.conf.5.xml:3757 msgid "dns_discovery_domain (string)" msgstr "dns_discovery_domain (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3759 +#: sssd.conf.5.xml:3760 msgid "" "If service discovery is used in the back end, specifies the domain part of " "the service discovery DNS query." @@ -5385,54 +5385,54 @@ msgstr "" "частину запиту визначення служб DNS." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3763 +#: sssd.conf.5.xml:3764 msgid "Default: Use the domain part of machine's hostname" msgstr "" "Типова поведінка: використовувати назву домену з назви вузла комп’ютера." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3769 +#: sssd.conf.5.xml:3770 msgid "override_gid (integer)" msgstr "override_gid (ціле число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3772 +#: sssd.conf.5.xml:3773 msgid "Override the primary GID value with the one specified." msgstr "Замірити значення основного GID на вказане." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3778 +#: sssd.conf.5.xml:3779 msgid "case_sensitive (string)" msgstr "case_sensitive (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3785 +#: sssd.conf.5.xml:3786 msgid "True" msgstr "True" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3788 +#: sssd.conf.5.xml:3789 msgid "Case sensitive. This value is invalid for AD provider." msgstr "" "Враховується регістр. Це значення є некоректним для засобу надання даних AD." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3794 +#: sssd.conf.5.xml:3795 msgid "False" msgstr "False" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3796 +#: sssd.conf.5.xml:3797 msgid "Case insensitive." msgstr "Без врахування регістру." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3800 +#: sssd.conf.5.xml:3801 msgid "Preserving" msgstr "Preserving" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3803 +#: sssd.conf.5.xml:3804 msgid "" "Same as False (case insensitive), but does not lowercase names in the result " "of NSS operations. Note that name aliases (and in case of services also " @@ -5444,7 +5444,7 @@ msgstr "" "буде переведено у нижній регістр." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3811 +#: sssd.conf.5.xml:3812 msgid "" "If you want to set this value for trusted domain with IPA provider, you need " "to set it on both the client and SSSD on the server." @@ -5453,7 +5453,7 @@ msgstr "" "даних IPA, вам доведеться встановити його на боці клієнта і SSSD на сервері." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3781 +#: sssd.conf.5.xml:3782 msgid "" "Treat user and group names as case sensitive. Possible option values are: " "<placeholder type=\"variablelist\" id=\"0\"/>" @@ -5462,17 +5462,17 @@ msgstr "" "значення: <placeholder type=\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3826 +#: sssd.conf.5.xml:3827 msgid "Default: True (False for AD provider)" msgstr "Типове значення: True (False для засобу надання даних AD)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3832 +#: sssd.conf.5.xml:3833 msgid "subdomain_inherit (string)" msgstr "subdomain_inherit (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3835 +#: sssd.conf.5.xml:3836 msgid "" "Specifies a list of configuration parameters that should be inherited by a " "subdomain. Please note that only selected parameters can be inherited. " @@ -5484,47 +5484,47 @@ msgstr "" "параметрів:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3841 +#: sssd.conf.5.xml:3842 msgid "ldap_search_timeout" msgstr "ldap_search_timeout" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3844 +#: sssd.conf.5.xml:3845 msgid "ldap_network_timeout" msgstr "ldap_network_timeout" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3847 +#: sssd.conf.5.xml:3848 msgid "ldap_opt_timeout" msgstr "ldap_opt_timeout" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3850 +#: sssd.conf.5.xml:3851 msgid "ldap_offline_timeout" msgstr "ldap_offline_timeout" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3853 +#: sssd.conf.5.xml:3854 msgid "ldap_enumeration_refresh_timeout" msgstr "ldap_enumeration_refresh_timeout" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3856 +#: sssd.conf.5.xml:3857 msgid "ldap_enumeration_refresh_offset" msgstr "ldap_enumeration_refresh_offset" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3859 +#: sssd.conf.5.xml:3860 msgid "ldap_purge_cache_timeout" msgstr "ldap_purge_cache_timeout" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3862 +#: sssd.conf.5.xml:3863 msgid "ldap_purge_cache_offset" msgstr "ldap_purge_cache_offset" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3865 +#: sssd.conf.5.xml:3866 msgid "" "ldap_krb5_keytab (the value of krb5_keytab will be used if ldap_krb5_keytab " "is not set explicitly)" @@ -5533,57 +5533,57 @@ msgstr "" "ldap_krb5_keytab не встановлено явним чином)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3869 +#: sssd.conf.5.xml:3870 msgid "ldap_krb5_ticket_lifetime" msgstr "ldap_krb5_ticket_lifetime" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3872 +#: sssd.conf.5.xml:3873 msgid "ldap_enumeration_search_timeout" msgstr "ldap_enumeration_search_timeout" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3875 +#: sssd.conf.5.xml:3876 msgid "ldap_connection_expire_timeout" msgstr "ldap_connection_expire_timeout" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3878 +#: sssd.conf.5.xml:3879 msgid "ldap_connection_expire_offset" msgstr "ldap_connection_expire_offset" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3881 +#: sssd.conf.5.xml:3882 msgid "ldap_connection_idle_timeout" msgstr "ldap_connection_idle_timeout" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3884 sssd-ldap.5.xml:400 +#: sssd.conf.5.xml:3885 sssd-ldap.5.xml:400 msgid "ldap_use_tokengroups" msgstr "ldap_use_tokengroups" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3887 +#: sssd.conf.5.xml:3888 msgid "ldap_user_principal" msgstr "ldap_user_principal" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3890 +#: sssd.conf.5.xml:3891 msgid "ignore_group_members" msgstr "ignore_group_members" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3893 +#: sssd.conf.5.xml:3894 msgid "auto_private_groups" msgstr "auto_private_groups" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3896 +#: sssd.conf.5.xml:3897 msgid "case_sensitive" msgstr "case_sensitive" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:3901 +#: sssd.conf.5.xml:3902 #, no-wrap msgid "" "subdomain_inherit = ldap_purge_cache_timeout\n" @@ -5593,28 +5593,28 @@ msgstr "" " " #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3908 +#: sssd.conf.5.xml:3909 msgid "Note: This option only works with the IPA and AD provider." msgstr "" "Зауваження: цей параметр працює лише для засобів надання даних IPA і AD." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3915 +#: sssd.conf.5.xml:3916 msgid "subdomain_homedir (string)" msgstr "subdomain_homedir (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3926 +#: sssd.conf.5.xml:3927 msgid "%F" msgstr "%F" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3927 +#: sssd.conf.5.xml:3928 msgid "flat (NetBIOS) name of a subdomain." msgstr "спрощена (NetBIOS) назва піддомену." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3918 +#: sssd.conf.5.xml:3919 msgid "" "Use this homedir as default value for all subdomains within this domain in " "IPA AD trust. See <emphasis>override_homedir</emphasis> for info about " @@ -5629,7 +5629,7 @@ msgstr "" "emphasis>. <placeholder type=\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3932 +#: sssd.conf.5.xml:3933 msgid "" "The value can be overridden by <emphasis>override_homedir</emphasis> option." msgstr "" @@ -5637,17 +5637,17 @@ msgstr "" "emphasis>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3936 +#: sssd.conf.5.xml:3937 msgid "Default: <filename>/home/%d/%u</filename>" msgstr "Типове значення: <filename>/home/%d/%u</filename>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3941 +#: sssd.conf.5.xml:3942 msgid "realmd_tags (string)" msgstr "realmd_tags (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3944 +#: sssd.conf.5.xml:3945 msgid "" "Various tags stored by the realmd configuration service for this domain." msgstr "" @@ -5655,12 +5655,12 @@ msgstr "" "домену." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3950 +#: sssd.conf.5.xml:3951 msgid "cached_auth_timeout (int)" msgstr "cached_auth_timeout (ціле число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3953 +#: sssd.conf.5.xml:3954 msgid "" "Specifies time in seconds since last successful online authentication for " "which user will be authenticated using cached credentials while SSSD is in " @@ -5674,7 +5674,7 @@ msgstr "" "розпізнавання." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3961 +#: sssd.conf.5.xml:3962 msgid "" "This option's value is inherited by all trusted domains. At the moment it is " "not possible to set a different value per trusted domain." @@ -5684,12 +5684,12 @@ msgstr "" "значення для різних довірених доменів." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3966 +#: sssd.conf.5.xml:3967 msgid "Special value 0 implies that this feature is disabled." msgstr "Спеціальне значення 0 означає, що цю можливість вимкнено." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3970 +#: sssd.conf.5.xml:3971 msgid "" "Please note that if <quote>cached_auth_timeout</quote> is longer than " "<quote>pam_id_timeout</quote> then the back end could be called to handle " @@ -5700,17 +5700,86 @@ msgstr "" "обробки <quote>initgroups</quote>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3981 +#: sssd.conf.5.xml:3982 +#, fuzzy +#| msgid "ldap_pwd_policy (string)" +msgid "local_auth_policy (string)" +msgstr "ldap_pwd_policy (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3985 +msgid "" +"Local authentication methods policy. Some backends (i.e. LDAP, proxy " +"provider) only support a password based authentication, while others can " +"handle PKINIT based Smartcard authentication (AD, IPA), two-factor " +"authentication (IPA), or other methods against a central instance. By " +"default in such cases authentication is only performed with the methods " +"supported by the backend." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3995 +msgid "" +"There are three possible values for this option: match, only, enable. " +"<quote>match</quote> is used to match offline and online states for Kerberos " +"methods. <quote>only</quote> ignores the online methods and only offer the " +"local ones. enable allows explicitly defining the methods for local " +"authentication. As an example, <quote>enable:passkey</quote>, only enables " +"passkey for local authentication. Multiple enable values should be comma-" +"separated, such as <quote>enable:passkey, enable:smartcard</quote>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:4011 +#, no-wrap +msgid "" +"[domain/shadowutils]\n" +"id_provider = proxy\n" +"proxy_lib_name = files\n" +"auth_provider = none\n" +"local_auth_policy = only\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4007 +#, fuzzy +#| msgid "" +#| "The following example creates a container named 'mycontainer': " +#| "<placeholder type=\"programlisting\" id=\"0\"/>" +msgid "" +"The following configuration example allows local users to authenticate " +"locally using any enabled method (i.e. smartcard, passkey). <placeholder " +"type=\"programlisting\" id=\"0\"/>" +msgstr "" +"У наступному прикладі створюємо контейнер із назвою «mycontainer»: " +"<placeholder type=\"programlisting\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4019 +#, fuzzy +#| msgid "This option is not available in IPA provider." +msgid "This option is ignored for the files provider." +msgstr "Цим параметром не можна скористатися у надавачі даних IPA." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4022 +#, fuzzy +#| msgid "Default: mail" +msgid "Default: match" +msgstr "Типове значення: mail" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4027 msgid "auto_private_groups (string)" msgstr "auto_private_groups (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3987 +#: sssd.conf.5.xml:4033 msgid "true" msgstr "true" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3990 +#: sssd.conf.5.xml:4036 msgid "" "Create user's private group unconditionally from user's UID number. The GID " "number is ignored in this case." @@ -5719,7 +5788,7 @@ msgstr "" "користувача. У цьому випадку номер GID буде проігноровано." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3994 +#: sssd.conf.5.xml:4040 msgid "" "NOTE: Because the GID number and the user private group are inferred from " "the UID number, it is not supported to have multiple entries with the same " @@ -5732,12 +5801,12 @@ msgstr "" "примусово встановлює унікальність записів у просторі ідентифікаторів." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4003 +#: sssd.conf.5.xml:4049 msgid "false" msgstr "false" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4006 +#: sssd.conf.5.xml:4052 msgid "" "Always use the user's primary GID number. The GID number must refer to a " "group object in the LDAP database." @@ -5746,12 +5815,12 @@ msgstr "" "вказувати на об'єкт групи у базі даних LDAP." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4012 +#: sssd.conf.5.xml:4058 msgid "hybrid" msgstr "hybrid" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4015 +#: sssd.conf.5.xml:4061 msgid "" "A primary group is autogenerated for user entries whose UID and GID numbers " "have the same value and at the same time the GID number does not correspond " @@ -5766,7 +5835,7 @@ msgstr "" "цього користувача визначатиме цей об'єкт групи." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4028 +#: sssd.conf.5.xml:4074 msgid "" "If the UID and GID of a user are different, then the GID must correspond to " "a group entry, otherwise the GID is simply not resolvable." @@ -5775,7 +5844,7 @@ msgstr "" "групи, інакше надійне визначення GID буде просто неможливим." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4035 +#: sssd.conf.5.xml:4081 msgid "" "This feature is useful for environments that wish to stop maintaining a " "separate group objects for the user private groups, but also wish to retain " @@ -5786,7 +5855,7 @@ msgstr "" "збереженням наявних приватних груп для користувачів." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3984 +#: sssd.conf.5.xml:4030 msgid "" "This option takes any of three available values: <placeholder " "type=\"variablelist\" id=\"0\"/>" @@ -5795,7 +5864,7 @@ msgstr "" "type=\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4047 +#: sssd.conf.5.xml:4093 msgid "" "For subdomains, the default value is False for subdomains that use assigned " "POSIX IDs and True for subdomains that use automatic ID-mapping." @@ -5805,7 +5874,7 @@ msgstr "" "використовується автоматична прив'язка до ідентифікаторів." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:4055 +#: sssd.conf.5.xml:4101 #, no-wrap msgid "" "[domain/forest.domain/sub.domain]\n" @@ -5815,7 +5884,7 @@ msgstr "" "auto_private_groups = false\n" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:4061 +#: sssd.conf.5.xml:4107 #, no-wrap msgid "" "[domain/forest.domain]\n" @@ -5827,7 +5896,7 @@ msgstr "" "auto_private_groups = false\n" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4052 +#: sssd.conf.5.xml:4098 msgid "" "The value of auto_private_groups can either be set per subdomains in a " "subsection, for example: <placeholder type=\"programlisting\" id=\"0\"/> or " @@ -5841,7 +5910,7 @@ msgstr "" "subdomain_inherit: <placeholder type=\"programlisting\" id=\"1\"/>" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:2569 +#: sssd.conf.5.xml:2570 msgid "" "These configuration options can be present in a domain configuration " "section, that is, in a section called <quote>[domain/<replaceable>NAME</" @@ -5852,17 +5921,17 @@ msgstr "" "quote> <placeholder type=\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4076 +#: sssd.conf.5.xml:4122 msgid "proxy_pam_target (string)" msgstr "proxy_pam_target (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4079 +#: sssd.conf.5.xml:4125 msgid "The proxy target PAM proxies to." msgstr "Комп’ютер, для якого виконує проксі-сервер PAM." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4082 +#: sssd.conf.5.xml:4128 msgid "" "Default: not set by default, you have to take an existing pam configuration " "or create a new one and add the service name here." @@ -5871,12 +5940,12 @@ msgstr "" "налаштуваннями pam або створити нові і тут додати назву служби." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4090 +#: sssd.conf.5.xml:4136 msgid "proxy_lib_name (string)" msgstr "proxy_lib_name (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4093 +#: sssd.conf.5.xml:4139 msgid "" "The name of the NSS library to use in proxy domains. The NSS functions " "searched for in the library are in the form of _nss_$(libName)_$(function), " @@ -5887,12 +5956,12 @@ msgstr "" "наприклад _nss_files_getpwent." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4103 +#: sssd.conf.5.xml:4149 msgid "proxy_resolver_lib_name (string)" msgstr "proxy_resolver_lib_name (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4106 +#: sssd.conf.5.xml:4152 msgid "" "The name of the NSS library to use for hosts and networks lookups in proxy " "domains. The NSS functions searched for in the library are in the form of " @@ -5903,12 +5972,12 @@ msgstr "" "_nss_$(назва_бібліотеки)_$(функція), наприклад _nss_dns_gethostbyname2_r." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4117 +#: sssd.conf.5.xml:4163 msgid "proxy_fast_alias (boolean)" msgstr "proxy_fast_alias (булеве значення)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4120 +#: sssd.conf.5.xml:4166 msgid "" "When a user or group is looked up by name in the proxy provider, a second " "lookup by ID is performed to \"canonicalize\" the name in case the requested " @@ -5923,12 +5992,12 @@ msgstr "" "у кеші, щоб пришвидшити надання результатів." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4134 +#: sssd.conf.5.xml:4180 msgid "proxy_max_children (integer)" msgstr "proxy_max_children (ціле число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4137 +#: sssd.conf.5.xml:4183 msgid "" "This option specifies the number of pre-forked proxy children. It is useful " "for high-load SSSD environments where sssd may run out of available child " @@ -5940,7 +6009,7 @@ msgstr "" "використання черги запитів." #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4072 +#: sssd.conf.5.xml:4118 msgid "" "Options valid for proxy domains. <placeholder type=\"variablelist\" " "id=\"0\"/>" @@ -5949,12 +6018,12 @@ msgstr "" "type=\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:4153 +#: sssd.conf.5.xml:4199 msgid "Application domains" msgstr "Домени програм (application)" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4155 +#: sssd.conf.5.xml:4201 msgid "" "SSSD, with its D-Bus interface (see <citerefentry> <refentrytitle>sssd-ifp</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry>) is appealing to " @@ -5982,7 +6051,7 @@ msgstr "" "який може успадковувати параметр з традиційного домену SSSD." #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4175 +#: sssd.conf.5.xml:4221 msgid "" "Please note that the application domain must still be explicitly enabled in " "the <quote>domains</quote> parameter so that the lookup order between the " @@ -5993,17 +6062,17 @@ msgstr "" "його доменом-близнюком у POSIX має бути встановлено належним чином." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> -#: sssd.conf.5.xml:4181 +#: sssd.conf.5.xml:4227 msgid "Application domain parameters" msgstr "Параметри доменів програм" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4183 +#: sssd.conf.5.xml:4229 msgid "inherit_from (string)" msgstr "inherit_from (рядок)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4186 +#: sssd.conf.5.xml:4232 msgid "" "The SSSD POSIX-type domain the application domain inherits all settings " "from. The application domain can moreover add its own settings to the " @@ -6015,7 +6084,7 @@ msgstr "" "розширюють або перевизначають параметри домену-<quote>близнюка</quote>." #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4200 +#: sssd.conf.5.xml:4246 msgid "" "The following example illustrates the use of an application domain. In this " "setup, the POSIX domain is connected to an LDAP server and is used by the OS " @@ -6030,7 +6099,7 @@ msgstr "" "у кеші і робить атрибут phone доступним через інтерфейс D-Bus." #. type: Content of: <reference><refentry><refsect1><refsect2><programlisting> -#: sssd.conf.5.xml:4208 +#: sssd.conf.5.xml:4254 #, no-wrap msgid "" "[sssd]\n" @@ -6064,12 +6133,12 @@ msgstr "" "ldap_user_extra_attrs = phone:telephoneNumber\n" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4228 +#: sssd.conf.5.xml:4274 msgid "TRUSTED DOMAIN SECTION" msgstr "РОЗДІЛ ДОВІРЕНИХ ДОМЕНІВ" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4230 +#: sssd.conf.5.xml:4276 msgid "" "Some options used in the domain section can also be used in the trusted " "domain section, that is, in a section called <quote>[domain/" @@ -6087,57 +6156,57 @@ msgstr "" "такі параметри:" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4237 +#: sssd.conf.5.xml:4283 msgid "ldap_search_base," msgstr "ldap_search_base," #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4238 +#: sssd.conf.5.xml:4284 msgid "ldap_user_search_base," msgstr "ldap_user_search_base," #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4239 +#: sssd.conf.5.xml:4285 msgid "ldap_group_search_base," msgstr "ldap_group_search_base," #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4240 +#: sssd.conf.5.xml:4286 msgid "ldap_netgroup_search_base," msgstr "ldap_netgroup_search_base," #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4241 +#: sssd.conf.5.xml:4287 msgid "ldap_service_search_base," msgstr "ldap_service_search_base," #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4242 +#: sssd.conf.5.xml:4288 msgid "ldap_sasl_mech," msgstr "ldap_sasl_mech," #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4243 +#: sssd.conf.5.xml:4289 msgid "ad_server," msgstr "ad_server," #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4244 +#: sssd.conf.5.xml:4290 msgid "ad_backup_server," msgstr "ad_backup_server," #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4245 +#: sssd.conf.5.xml:4291 msgid "ad_site," msgstr "ad_site," #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4246 sssd-ipa.5.xml:879 +#: sssd.conf.5.xml:4292 sssd-ipa.5.xml:879 msgid "use_fully_qualified_names" msgstr "use_fully_qualified_names" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4250 +#: sssd.conf.5.xml:4296 msgid "" "For more details about these options see their individual description in the " "manual page." @@ -6146,12 +6215,12 @@ msgstr "" "підручника." #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4256 +#: sssd.conf.5.xml:4302 msgid "CERTIFICATE MAPPING SECTION" msgstr "РОЗДІЛ ПРИВ'ЯЗКИ СЕРТИФІКАТІВ" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4258 +#: sssd.conf.5.xml:4304 msgid "" "To allow authentication with Smartcards and certificates SSSD must be able " "to map certificates to users. This can be done by adding the full " @@ -6174,7 +6243,7 @@ msgstr "" "використовують для розпізнавання PAM." #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4272 +#: sssd.conf.5.xml:4318 msgid "" "To make the mapping more flexible mapping and matching rules were added to " "SSSD (see <citerefentry> <refentrytitle>sss-certmap</refentrytitle> " @@ -6186,7 +6255,7 @@ msgstr "" "citerefentry>)." #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4281 +#: sssd.conf.5.xml:4327 msgid "" "A mapping and matching rule can be added to the SSSD configuration in a " "section on its own with a name like <quote>[certmap/" @@ -6199,12 +6268,12 @@ msgstr "" "replaceable>]</quote>. У цьому розділі можна використовувати такі параметри:" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4288 +#: sssd.conf.5.xml:4334 msgid "matchrule (string)" msgstr "matchrule (рядок)" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4291 +#: sssd.conf.5.xml:4337 msgid "" "Only certificates from the Smartcard which matches this rule will be " "processed, all others are ignored." @@ -6213,7 +6282,7 @@ msgstr "" "цьому правилу. Усі інші сертифікати буде проігноровано." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4295 +#: sssd.conf.5.xml:4341 msgid "" "Default: KRB5:<EKU>clientAuth, i.e. only certificates which have the " "Extended Key Usage <quote>clientAuth</quote>" @@ -6223,17 +6292,17 @@ msgstr "" "<quote>clientAuth</quote>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4302 +#: sssd.conf.5.xml:4348 msgid "maprule (string)" msgstr "maprule (рядок)" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4305 +#: sssd.conf.5.xml:4351 msgid "Defines how the user is found for a given certificate." msgstr "Визначає спосіб пошуку користувача для вказаного сертифіката." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4311 +#: sssd.conf.5.xml:4357 msgid "" "LDAP:(userCertificate;binary={cert!bin}) for LDAP based providers like " "<quote>ldap</quote>, <quote>AD</quote> or <quote>ipa</quote>." @@ -6242,7 +6311,7 @@ msgstr "" "даних, зокрема <quote>ldap</quote>, <quote>AD</quote> та <quote>ipa</quote>." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4317 +#: sssd.conf.5.xml:4363 msgid "" "The RULE_NAME for the <quote>files</quote> provider which tries to find a " "user with the same name." @@ -6251,12 +6320,12 @@ msgstr "" "запис користувача і такою самою назвою." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4326 +#: sssd.conf.5.xml:4372 msgid "domains (string)" msgstr "domains (рядок)" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4329 +#: sssd.conf.5.xml:4375 msgid "" "Comma separated list of domain names the rule should be applied. By default " "a rule is only valid in the domain configured in sssd.conf. If the provider " @@ -6269,17 +6338,17 @@ msgstr "" "параметр можна використати і для додавання правила до піддоменів." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4336 +#: sssd.conf.5.xml:4382 msgid "Default: the configured domain in sssd.conf" msgstr "Типове значення: домен, який налаштовано у sssd.conf" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4341 +#: sssd.conf.5.xml:4387 msgid "priority (integer)" msgstr "priority (ціле число)" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4344 +#: sssd.conf.5.xml:4390 msgid "" "Unsigned integer value defining the priority of the rule. The higher the " "number the lower the priority. <quote>0</quote> stands for the highest " @@ -6290,12 +6359,12 @@ msgstr "" "пріоритетність, а <quote>4294967295</quote> — найнижча." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4350 +#: sssd.conf.5.xml:4396 msgid "Default: the lowest priority" msgstr "Типове значення: найнижча пріоритетність" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4356 +#: sssd.conf.5.xml:4402 msgid "" "To make the configuration simple and reduce the amount of configuration " "options the <quote>files</quote> provider has some special properties:" @@ -6305,7 +6374,7 @@ msgstr "" "спеціальних властивостей:" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4362 +#: sssd.conf.5.xml:4408 msgid "" "if maprule is not set the RULE_NAME name is assumed to be the name of the " "matching user" @@ -6314,7 +6383,7 @@ msgstr "" "відповідного облікового запису користувача" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4368 +#: sssd.conf.5.xml:4414 msgid "" "if a maprule is used both a single user name or a template like " "<quote>{subject_rfc822_name.short_name}</quote> must be in braces like e.g. " @@ -6327,17 +6396,17 @@ msgstr "" "quote> або <quote>({назва_об'єкта_rfc822.коротка_назва})</quote>" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4377 +#: sssd.conf.5.xml:4423 msgid "the <quote>domains</quote> option is ignored" msgstr "параметр <quote>domains</quote> буде проігноровано" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4385 +#: sssd.conf.5.xml:4431 msgid "PROMPTING CONFIGURATION SECTION" msgstr "РОЗДІЛ НАЛАШТОВУВАННЯ ЗАПИТІВ" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4387 +#: sssd.conf.5.xml:4433 msgid "" "If a special file (<filename>/var/lib/sss/pubconf/pam_preauth_available</" "filename>) exists SSSD's PAM module pam_sss will ask SSSD to figure out " @@ -6353,7 +6422,7 @@ msgstr "" "реєстраційних даних." #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4395 +#: sssd.conf.5.xml:4441 msgid "" "With the growing number of authentication methods and the possibility that " "there are multiple ones for a single user the heuristic used by pam_sss to " @@ -6367,22 +6436,22 @@ msgstr "" "випадках мають забезпечити описані нижче параметри." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4407 +#: sssd.conf.5.xml:4453 msgid "[prompting/password]" msgstr "[prompting/password]" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4410 +#: sssd.conf.5.xml:4456 msgid "password_prompt" msgstr "password_prompt" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4411 +#: sssd.conf.5.xml:4457 msgid "to change the string of the password prompt" msgstr "для зміни рядка запиту пароля" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4409 +#: sssd.conf.5.xml:4455 msgid "" "to configure password prompting, allowed options are: <placeholder " "type=\"variablelist\" id=\"0\"/>" @@ -6391,37 +6460,37 @@ msgstr "" "type=\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4419 +#: sssd.conf.5.xml:4465 msgid "[prompting/2fa]" msgstr "[prompting/2fa]" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4423 +#: sssd.conf.5.xml:4469 msgid "first_prompt" msgstr "first_prompt" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4424 +#: sssd.conf.5.xml:4470 msgid "to change the string of the prompt for the first factor" msgstr "для зміни рядка запиту для першого фактора" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4427 +#: sssd.conf.5.xml:4473 msgid "second_prompt" msgstr "second_prompt" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4428 +#: sssd.conf.5.xml:4474 msgid "to change the string of the prompt for the second factor" msgstr "для зміни рядка запиту для другого фактора" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4431 +#: sssd.conf.5.xml:4477 msgid "single_prompt" msgstr "single_prompt" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4432 +#: sssd.conf.5.xml:4478 msgid "" "boolean value, if True there will be only a single prompt using the value of " "first_prompt where it is expected that both factors are entered as a single " @@ -6434,7 +6503,7 @@ msgstr "" "якщо другий фактор не є обов'язковим." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4421 +#: sssd.conf.5.xml:4467 msgid "" "to configure two-factor authentication prompting, allowed options are: " "<placeholder type=\"variablelist\" id=\"0\"/> If the second factor is " @@ -6447,19 +6516,19 @@ msgstr "" "паролем, або за двома факторами, має бути використано двокроковий запит." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4449 +#: sssd.conf.5.xml:4495 #, fuzzy #| msgid "[prompting/password]" msgid "[prompting/passkey]" msgstr "[prompting/password]" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4455 sssd-ad.5.xml:1021 +#: sssd.conf.5.xml:4501 sssd-ad.5.xml:1021 msgid "interactive" msgstr "interactive" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4457 +#: sssd.conf.5.xml:4503 msgid "" "boolean value, if True prompt a message and wait before testing the presence " "of a passkey device. Recommended if your device doesn’t have a tactile " @@ -6467,47 +6536,47 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4465 +#: sssd.conf.5.xml:4511 #, fuzzy #| msgid "interactive" msgid "interactive_prompt" msgstr "interactive" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4467 +#: sssd.conf.5.xml:4513 #, fuzzy #| msgid "to change the string of the password prompt" msgid "to change the message of the interactive prompt." msgstr "для зміни рядка запиту пароля" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4472 +#: sssd.conf.5.xml:4518 msgid "touch" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4474 +#: sssd.conf.5.xml:4520 msgid "" "boolean value, if True prompt a message to remind the user to touch the " "device." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4480 +#: sssd.conf.5.xml:4526 #, fuzzy #| msgid "first_prompt" msgid "touch_prompt" msgstr "first_prompt" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4482 +#: sssd.conf.5.xml:4528 #, fuzzy #| msgid "to change the string of the password prompt" msgid "to change the message of the touch prompt." msgstr "для зміни рядка запиту пароля" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4451 +#: sssd.conf.5.xml:4497 #, fuzzy #| msgid "" #| "to configure two-factor authentication prompting, allowed options are: " @@ -6520,7 +6589,7 @@ msgstr "" "параметри: <placeholder type=\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4402 +#: sssd.conf.5.xml:4448 #, fuzzy #| msgid "" #| "Each supported authentication method has its own configuration subsection " @@ -6539,7 +6608,7 @@ msgstr "" "type=\"variablelist\" id=\"1\"/>" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4493 +#: sssd.conf.5.xml:4539 msgid "" "It is possible to add a subsection for specific PAM services, e.g. " "<quote>[prompting/password/sshd]</quote> to individual change the prompting " @@ -6550,12 +6619,12 @@ msgstr "" "для цієї служби." #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4500 pam_sss_gss.8.xml:157 idmap_sss.8.xml:43 +#: sssd.conf.5.xml:4546 pam_sss_gss.8.xml:157 idmap_sss.8.xml:43 msgid "EXAMPLES" msgstr "ПРИКЛАДИ" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4506 +#: sssd.conf.5.xml:4552 #, no-wrap msgid "" "[sssd]\n" @@ -6609,7 +6678,7 @@ msgstr "" "enumerate = False\n" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4502 +#: sssd.conf.5.xml:4548 msgid "" "1. The following example shows a typical SSSD config. It does not describe " "configuration of the domains themselves - refer to documentation on " @@ -6622,7 +6691,7 @@ msgstr "" "type=\"programlisting\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4539 +#: sssd.conf.5.xml:4585 #, no-wrap msgid "" "[domain/ipa.com/child.ad.com]\n" @@ -6632,7 +6701,7 @@ msgstr "" "use_fully_qualified_names = false\n" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4533 +#: sssd.conf.5.xml:4579 msgid "" "2. The following example shows configuration of IPA AD trust where the AD " "forest consists of two domains in a parent-child structure. Suppose IPA " @@ -6649,7 +6718,7 @@ msgstr "" "type=\"programlisting\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4550 +#: sssd.conf.5.xml:4596 #, fuzzy, no-wrap #| msgid "" #| "[certmap/my.domain/rule_name]\n" @@ -6677,7 +6746,7 @@ msgstr "" "matchrule = <ISSUER>^CN=My-CA,DC=MY,DC=DOMAIN$<SUBJECT>^CN=User.Name,DC=MY,DC=DOMAIN$\n" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4544 +#: sssd.conf.5.xml:4590 #, fuzzy #| msgid "" #| "3. The following example shows the configuration for two certificate " @@ -21904,9 +21973,13 @@ msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: include/ldap_id_mapping.xml:235 +#, fuzzy +#| msgid "" +#| "When this option is configured, domains will be allocated starting with " +#| "slice zero and increasing monatomically with each additional domain." msgid "" "When this option is configured, domains will be allocated starting with " -"slice zero and increasing monatomically with each additional domain." +"slice zero and increasing monotonically with each additional domain." msgstr "" "Якщо встановлено цей параметр, домени призначатимуться, починаючи з " "нульового зрізу з поступовим зростанням номерів на кожен додатковий домен." @@ -23830,13 +23903,6 @@ msgstr "" #~ " -XPOST http://localhost/secrets/mycontainer/\n" #~ " " -#~ msgid "" -#~ "The following example creates a container named 'mycontainer': " -#~ "<placeholder type=\"programlisting\" id=\"0\"/>" -#~ msgstr "" -#~ "У наступному прикладі створюємо контейнер із назвою «mycontainer»: " -#~ "<placeholder type=\"programlisting\" id=\"0\"/>" - #, no-wrap #~ msgid "" #~ "http://localhost/secrets/mycontainer/mysecret\n" diff --git a/src/man/po/zh_CN.po b/src/man/po/zh_CN.po index 2c17d3e4cca..c6bf97afb57 100644 --- a/src/man/po/zh_CN.po +++ b/src/man/po/zh_CN.po @@ -9,7 +9,7 @@ msgid "" msgstr "" "Project-Id-Version: sssd-docs 2.3.0\n" "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" -"POT-Creation-Date: 2023-05-05 10:09+0200\n" +"POT-Creation-Date: 2023-09-07 11:47+0200\n" "PO-Revision-Date: 2020-07-22 07:51-0400\n" "Last-Translator: Copied by Zanata <copied-by-zanata@zanata.org>\n" "Language-Team: Chinese (China) (http://www.transifex.com/projects/p/sssd/" @@ -206,8 +206,8 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:136 sssd.conf.5.xml:173 sssd.conf.5.xml:358 -#: sssd.conf.5.xml:714 sssd.conf.5.xml:729 sssd.conf.5.xml:951 -#: sssd.conf.5.xml:1069 sssd.conf.5.xml:2197 sssd-ldap.5.xml:1071 +#: sssd.conf.5.xml:714 sssd.conf.5.xml:729 sssd.conf.5.xml:952 +#: sssd.conf.5.xml:1070 sssd.conf.5.xml:2198 sssd-ldap.5.xml:1071 #: sssd-ldap.5.xml:1174 sssd-ldap.5.xml:1243 sssd-ldap.5.xml:1750 #: sssd-ldap.5.xml:1815 sssd-ipa.5.xml:342 sssd-ad.5.xml:252 sssd-ad.5.xml:366 #: sssd-ad.5.xml:1200 sssd-ad.5.xml:1348 sssd-krb5.5.xml:358 @@ -227,8 +227,8 @@ msgid "" msgstr "" #. type: Content of: <variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:149 sssd.conf.5.xml:652 sssd.conf.5.xml:948 -#: sssd.conf.5.xml:2100 sssd.conf.5.xml:2167 sssd.conf.5.xml:4128 +#: sssd.conf.5.xml:149 sssd.conf.5.xml:652 sssd.conf.5.xml:949 +#: sssd.conf.5.xml:2101 sssd.conf.5.xml:2168 sssd.conf.5.xml:4174 #: sssd-ldap.5.xml:312 sssd-ldap.5.xml:917 sssd-ldap.5.xml:936 #: sssd-ldap.5.xml:1146 sssd-ldap.5.xml:1599 sssd-ldap.5.xml:1839 #: sssd-ipa.5.xml:152 sssd-ipa.5.xml:254 sssd-ipa.5.xml:657 sssd-ad.5.xml:1106 @@ -296,8 +296,8 @@ msgid "" msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:196 sssd.conf.5.xml:1289 sssd.conf.5.xml:1766 -#: sssd.conf.5.xml:4144 sssd-ldap.5.xml:765 include/ldap_id_mapping.xml:270 +#: sssd.conf.5.xml:196 sssd.conf.5.xml:1290 sssd.conf.5.xml:1767 +#: sssd.conf.5.xml:4190 sssd-ldap.5.xml:765 include/ldap_id_mapping.xml:270 msgid "Default: 10" msgstr "" @@ -361,19 +361,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:258 sssd.conf.5.xml:783 +#: sssd.conf.5.xml:258 sssd.conf.5.xml:784 msgid "reconnection_retries (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:261 sssd.conf.5.xml:786 +#: sssd.conf.5.xml:261 sssd.conf.5.xml:787 msgid "" "Number of times services should attempt to reconnect in the event of a Data " "Provider crash or restart before they give up" msgstr "" #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:266 sssd.conf.5.xml:791 sssd.conf.5.xml:3708 +#: sssd.conf.5.xml:266 sssd.conf.5.xml:792 sssd.conf.5.xml:3709 #: include/failover.xml:100 msgid "Default: 3" msgstr "默认: 3" @@ -395,7 +395,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:287 sssd.conf.5.xml:3540 +#: sssd.conf.5.xml:287 sssd.conf.5.xml:3541 msgid "re_expression (string)" msgstr "" @@ -415,12 +415,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:304 sssd.conf.5.xml:3597 +#: sssd.conf.5.xml:304 sssd.conf.5.xml:3598 msgid "full_name_format (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:307 sssd.conf.5.xml:3600 +#: sssd.conf.5.xml:307 sssd.conf.5.xml:3601 msgid "" "A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</" "manvolnum> </citerefentry>-compatible format that describes how to compose a " @@ -428,39 +428,39 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:318 sssd.conf.5.xml:3611 +#: sssd.conf.5.xml:318 sssd.conf.5.xml:3612 msgid "%1$s" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:319 sssd.conf.5.xml:3612 +#: sssd.conf.5.xml:319 sssd.conf.5.xml:3613 msgid "user name" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:322 sssd.conf.5.xml:3615 +#: sssd.conf.5.xml:322 sssd.conf.5.xml:3616 msgid "%2$s" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:325 sssd.conf.5.xml:3618 +#: sssd.conf.5.xml:325 sssd.conf.5.xml:3619 msgid "domain name as specified in the SSSD config file." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:331 sssd.conf.5.xml:3624 +#: sssd.conf.5.xml:331 sssd.conf.5.xml:3625 msgid "%3$s" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:334 sssd.conf.5.xml:3627 +#: sssd.conf.5.xml:334 sssd.conf.5.xml:3628 msgid "" "domain flat name. Mostly usable for Active Directory domains, both directly " "configured or discovered via IPA trusts." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:315 sssd.conf.5.xml:3608 +#: sssd.conf.5.xml:315 sssd.conf.5.xml:3609 msgid "" "The following expansions are supported: <placeholder type=\"variablelist\" " "id=\"0\"/>" @@ -874,7 +874,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:700 sssd.conf.5.xml:1790 sssd.conf.5.xml:4194 +#: sssd.conf.5.xml:700 sssd.conf.5.xml:1791 sssd.conf.5.xml:4240 #: sssd-ad.5.xml:187 sssd-ad.5.xml:327 sssd-ad.5.xml:341 msgid "Default: Not set" msgstr "" @@ -919,11 +919,11 @@ msgstr "" #: sssd.conf.5.xml:744 msgid "" "Enable or disable the user verification (i.e. PIN, fingerprint) during " -"authentication." +"authentication. If enabled, the PIN will always be requested." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:749 +#: sssd.conf.5.xml:750 msgid "" "The default is that the key settings decide what to do. In the IPA or " "kerberos pre-authentication case, this value will be overwritten by the " @@ -950,12 +950,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:768 +#: sssd.conf.5.xml:769 msgid "SERVICES SECTIONS" msgstr "服务部分" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:770 +#: sssd.conf.5.xml:771 msgid "" "Settings that can be used to configure different services are described in " "this section. They should reside in the [<replaceable>$NAME</replaceable>] " @@ -964,22 +964,22 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:777 +#: sssd.conf.5.xml:778 msgid "General service configuration options" msgstr "基本服务配置选项" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:779 +#: sssd.conf.5.xml:780 msgid "These options can be used to configure any service." msgstr "这些选项可被用于配置任何服务。" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:796 +#: sssd.conf.5.xml:797 msgid "fd_limit" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:799 +#: sssd.conf.5.xml:800 msgid "" "This option specifies the maximum number of file descriptors that may be " "opened at one time by this SSSD process. On systems where SSSD is granted " @@ -989,17 +989,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:808 +#: sssd.conf.5.xml:809 msgid "Default: 8192 (or limits.conf \"hard\" limit)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:813 +#: sssd.conf.5.xml:814 msgid "client_idle_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:816 +#: sssd.conf.5.xml:817 msgid "" "This option specifies the number of seconds that a client of an SSSD process " "can hold onto a file descriptor without communicating on it. This value is " @@ -1009,19 +1009,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:825 +#: sssd.conf.5.xml:826 #, fuzzy #| msgid "Default: 3" msgid "Default: 60, KCM: 300" msgstr "默认: 3" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:830 +#: sssd.conf.5.xml:831 msgid "offline_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:833 +#: sssd.conf.5.xml:834 msgid "" "When SSSD switches to offline mode the amount of time before it tries to go " "back online will increase based upon the time spent disconnected. By " @@ -1032,14 +1032,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:844 sssd.conf.5.xml:900 +#: sssd.conf.5.xml:845 sssd.conf.5.xml:901 msgid "" "new_delay = Minimum(old_delay * 2, offline_timeout_max) + random[0..." "offline_timeout_random_offset]" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:847 +#: sssd.conf.5.xml:848 msgid "" "The offline_timeout default value is 60. The offline_timeout_max default " "value is 3600. The offline_timeout_random_offset default value is 30. The " @@ -1047,44 +1047,44 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:853 +#: sssd.conf.5.xml:854 msgid "" "Note that the maximum length of each interval is defined by " "offline_timeout_max (apart of random part)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:857 sssd.conf.5.xml:1200 sssd.conf.5.xml:1583 -#: sssd.conf.5.xml:1879 sssd-ldap.5.xml:494 +#: sssd.conf.5.xml:858 sssd.conf.5.xml:1201 sssd.conf.5.xml:1584 +#: sssd.conf.5.xml:1880 sssd-ldap.5.xml:494 msgid "Default: 60" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:862 +#: sssd.conf.5.xml:863 msgid "offline_timeout_max (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:865 +#: sssd.conf.5.xml:866 msgid "" "Controls by how much the time between attempts to go online can be " "incremented following unsuccessful attempts to go online." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:870 +#: sssd.conf.5.xml:871 msgid "A value of 0 disables the incrementing behaviour." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:873 +#: sssd.conf.5.xml:874 msgid "" "The value of this parameter should be set in correlation to offline_timeout " "parameter value." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:877 +#: sssd.conf.5.xml:878 msgid "" "With offline_timeout set to 60 (default value) there is no point in setting " "offlinet_timeout_max to less than 120 as it will saturate instantly. General " @@ -1093,62 +1093,62 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:883 +#: sssd.conf.5.xml:884 msgid "" "Although a value between 0 and offline_timeout may be specified, it has the " "effect of overriding the offline_timeout value so is of little use." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:888 +#: sssd.conf.5.xml:889 #, fuzzy #| msgid "Default: 3" msgid "Default: 3600" msgstr "默认: 3" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:893 +#: sssd.conf.5.xml:894 msgid "offline_timeout_random_offset (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:896 +#: sssd.conf.5.xml:897 msgid "" "When SSSD is in offline mode it keeps probing backend servers in specified " "time intervals:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:903 +#: sssd.conf.5.xml:904 msgid "" "This parameter controls the value of the random offset used for the above " "equation. Final random_offset value will be random number in range:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:908 +#: sssd.conf.5.xml:909 msgid "[0 - offline_timeout_random_offset]" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:911 +#: sssd.conf.5.xml:912 msgid "A value of 0 disables the random offset addition." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:914 +#: sssd.conf.5.xml:915 #, fuzzy #| msgid "Default: 3" msgid "Default: 30" msgstr "默认: 3" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:919 +#: sssd.conf.5.xml:920 msgid "responder_idle_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:922 +#: sssd.conf.5.xml:923 msgid "" "This option specifies the number of seconds that an SSSD responder process " "can be up without being used. This value is limited in order to avoid " @@ -1160,58 +1160,58 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:936 sssd.conf.5.xml:1213 sssd.conf.5.xml:2321 +#: sssd.conf.5.xml:937 sssd.conf.5.xml:1214 sssd.conf.5.xml:2322 #: sssd-ldap.5.xml:331 msgid "Default: 300" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:941 +#: sssd.conf.5.xml:942 msgid "cache_first" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:944 +#: sssd.conf.5.xml:945 msgid "" "This option specifies whether the responder should query all caches before " "querying the Data Providers." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:959 +#: sssd.conf.5.xml:960 msgid "NSS configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:961 +#: sssd.conf.5.xml:962 msgid "" "These options can be used to configure the Name Service Switch (NSS) service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:966 +#: sssd.conf.5.xml:967 msgid "enum_cache_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:969 +#: sssd.conf.5.xml:970 msgid "" "How many seconds should nss_sss cache enumerations (requests for info about " "all users)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:973 +#: sssd.conf.5.xml:974 msgid "Default: 120" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:978 +#: sssd.conf.5.xml:979 msgid "entry_cache_nowait_percentage (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:981 +#: sssd.conf.5.xml:982 msgid "" "The entry cache can be set to automatically update entries in the background " "if they are requested beyond a percentage of the entry_cache_timeout value " @@ -1219,7 +1219,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:987 +#: sssd.conf.5.xml:988 msgid "" "For example, if the domain's entry_cache_timeout is set to 30s and " "entry_cache_nowait_percentage is set to 50 (percent), entries that come in " @@ -1229,7 +1229,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:997 +#: sssd.conf.5.xml:998 msgid "" "Valid values for this option are 0-99 and represent a percentage of the " "entry_cache_timeout for each domain. For performance reasons, this " @@ -1238,17 +1238,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1005 sssd.conf.5.xml:2121 +#: sssd.conf.5.xml:1006 sssd.conf.5.xml:2122 msgid "Default: 50" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1010 +#: sssd.conf.5.xml:1011 msgid "entry_negative_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1013 +#: sssd.conf.5.xml:1014 msgid "" "Specifies for how many seconds nss_sss should cache negative cache hits " "(that is, queries for invalid database entries, like nonexistent ones) " @@ -1256,17 +1256,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1019 sssd.conf.5.xml:1778 sssd.conf.5.xml:2145 +#: sssd.conf.5.xml:1020 sssd.conf.5.xml:1779 sssd.conf.5.xml:2146 msgid "Default: 15" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1024 +#: sssd.conf.5.xml:1025 msgid "local_negative_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1027 +#: sssd.conf.5.xml:1028 msgid "" "Specifies for how many seconds nss_sss should keep local users and groups in " "negative cache before trying to look it up in the back end again. Setting " @@ -1274,17 +1274,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1033 +#: sssd.conf.5.xml:1034 msgid "Default: 14400 (4 hours)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1038 +#: sssd.conf.5.xml:1039 msgid "filter_users, filter_groups (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1041 +#: sssd.conf.5.xml:1042 msgid "" "Exclude certain users or groups from being fetched from the sss NSS " "database. This is particularly useful for system accounts. This option can " @@ -1293,7 +1293,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1049 +#: sssd.conf.5.xml:1050 msgid "" "NOTE: The filter_groups option doesn't affect inheritance of nested group " "members, since filtering happens after they are propagated for returning via " @@ -1302,41 +1302,41 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1057 +#: sssd.conf.5.xml:1058 msgid "Default: root" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1062 +#: sssd.conf.5.xml:1063 msgid "filter_users_in_groups (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1065 +#: sssd.conf.5.xml:1066 msgid "" "If you want filtered user still be group members set this option to false." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1076 +#: sssd.conf.5.xml:1077 msgid "fallback_homedir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1079 +#: sssd.conf.5.xml:1080 msgid "" "Set a default template for a user's home directory if one is not specified " "explicitly by the domain's data provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1084 +#: sssd.conf.5.xml:1085 msgid "" "The available values for this option are the same as for override_homedir." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1090 +#: sssd.conf.5.xml:1091 #, no-wrap msgid "" "fallback_homedir = /home/%u\n" @@ -1344,23 +1344,23 @@ msgid "" msgstr "" #. type: Content of: <varlistentry><listitem><para> -#: sssd.conf.5.xml:1088 sssd.conf.5.xml:1650 sssd.conf.5.xml:1669 -#: sssd.conf.5.xml:1746 sssd-krb5.5.xml:451 include/override_homedir.xml:66 +#: sssd.conf.5.xml:1089 sssd.conf.5.xml:1651 sssd.conf.5.xml:1670 +#: sssd.conf.5.xml:1747 sssd-krb5.5.xml:451 include/override_homedir.xml:66 msgid "example: <placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1094 +#: sssd.conf.5.xml:1095 msgid "Default: not set (no substitution for unset home directories)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1100 +#: sssd.conf.5.xml:1101 msgid "override_shell (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1103 +#: sssd.conf.5.xml:1104 msgid "" "Override the login shell for all users. This option supersedes any other " "shell options if it takes effect and can be set either in the [nss] section " @@ -1368,47 +1368,47 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1109 +#: sssd.conf.5.xml:1110 msgid "Default: not set (SSSD will use the value retrieved from LDAP)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1115 +#: sssd.conf.5.xml:1116 msgid "allowed_shells (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1118 +#: sssd.conf.5.xml:1119 msgid "" "Restrict user shell to one of the listed values. The order of evaluation is:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1121 +#: sssd.conf.5.xml:1122 msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1125 +#: sssd.conf.5.xml:1126 msgid "" "2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</" "quote>, use the value of the shell_fallback parameter." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1130 +#: sssd.conf.5.xml:1131 msgid "" "3. If the shell is not in the allowed_shells list and not in <quote>/etc/" "shells</quote>, a nologin shell is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1135 +#: sssd.conf.5.xml:1136 msgid "The wildcard (*) can be used to allow any shell." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1138 +#: sssd.conf.5.xml:1139 msgid "" "The (*) is useful if you want to use shell_fallback in case that user's " "shell is not in <quote>/etc/shells</quote> and maintaining list of all " @@ -1416,113 +1416,113 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1145 +#: sssd.conf.5.xml:1146 msgid "An empty string for shell is passed as-is to libc." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1148 +#: sssd.conf.5.xml:1149 msgid "" "The <quote>/etc/shells</quote> is only read on SSSD start up, which means " "that a restart of the SSSD is required in case a new shell is installed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1152 +#: sssd.conf.5.xml:1153 msgid "Default: Not set. The user shell is automatically used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1157 +#: sssd.conf.5.xml:1158 msgid "vetoed_shells (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1160 +#: sssd.conf.5.xml:1161 msgid "Replace any instance of these shells with the shell_fallback" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1165 +#: sssd.conf.5.xml:1166 msgid "shell_fallback (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1168 +#: sssd.conf.5.xml:1169 msgid "" "The default shell to use if an allowed shell is not installed on the machine." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1172 +#: sssd.conf.5.xml:1173 msgid "Default: /bin/sh" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1177 +#: sssd.conf.5.xml:1178 msgid "default_shell" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1180 +#: sssd.conf.5.xml:1181 msgid "" "The default shell to use if the provider does not return one during lookup. " "This option can be specified globally in the [nss] section or per-domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1186 +#: sssd.conf.5.xml:1187 msgid "" "Default: not set (Return NULL if no shell is specified and rely on libc to " "substitute something sensible when necessary, usually /bin/sh)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1193 sssd.conf.5.xml:1576 +#: sssd.conf.5.xml:1194 sssd.conf.5.xml:1577 msgid "get_domains_timeout (int)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1196 sssd.conf.5.xml:1579 +#: sssd.conf.5.xml:1197 sssd.conf.5.xml:1580 msgid "" "Specifies time in seconds for which the list of subdomains will be " "considered valid." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1205 +#: sssd.conf.5.xml:1206 msgid "memcache_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1208 +#: sssd.conf.5.xml:1209 msgid "" "Specifies time in seconds for which records in the in-memory cache will be " "valid. Setting this option to zero will disable the in-memory cache." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1216 +#: sssd.conf.5.xml:1217 msgid "" "WARNING: Disabling the in-memory cache will have significant negative impact " "on SSSD's performance and should only be used for testing." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1222 sssd.conf.5.xml:1247 sssd.conf.5.xml:1272 -#: sssd.conf.5.xml:1297 sssd.conf.5.xml:1324 +#: sssd.conf.5.xml:1223 sssd.conf.5.xml:1248 sssd.conf.5.xml:1273 +#: sssd.conf.5.xml:1298 sssd.conf.5.xml:1325 msgid "" "NOTE: If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", " "client applications will not use the fast in-memory cache." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1230 +#: sssd.conf.5.xml:1231 msgid "memcache_size_passwd (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1233 +#: sssd.conf.5.xml:1234 msgid "" "Size (in megabytes) of the data table allocated inside fast in-memory cache " "for passwd requests. Setting the size to 0 will disable the passwd in-" @@ -1530,25 +1530,25 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1239 sssd.conf.5.xml:2963 sssd-ldap.5.xml:548 +#: sssd.conf.5.xml:1240 sssd.conf.5.xml:2964 sssd-ldap.5.xml:548 msgid "Default: 8" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1242 sssd.conf.5.xml:1267 sssd.conf.5.xml:1292 -#: sssd.conf.5.xml:1319 +#: sssd.conf.5.xml:1243 sssd.conf.5.xml:1268 sssd.conf.5.xml:1293 +#: sssd.conf.5.xml:1320 msgid "" "WARNING: Disabled or too small in-memory cache can have significant negative " "impact on SSSD's performance." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1255 +#: sssd.conf.5.xml:1256 msgid "memcache_size_group (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1258 +#: sssd.conf.5.xml:1259 msgid "" "Size (in megabytes) of the data table allocated inside fast in-memory cache " "for group requests. Setting the size to 0 will disable the group in-memory " @@ -1556,19 +1556,19 @@ msgid "" msgstr "" #. type: Content of: <variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1264 sssd.conf.5.xml:1316 sssd.conf.5.xml:3729 +#: sssd.conf.5.xml:1265 sssd.conf.5.xml:1317 sssd.conf.5.xml:3730 #: sssd-ldap.5.xml:473 sssd-ldap.5.xml:525 include/failover.xml:116 #: include/krb5_options.xml:11 msgid "Default: 6" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1280 +#: sssd.conf.5.xml:1281 msgid "memcache_size_initgroups (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1283 +#: sssd.conf.5.xml:1284 msgid "" "Size (in megabytes) of the data table allocated inside fast in-memory cache " "for initgroups requests. Setting the size to 0 will disable the initgroups " @@ -1576,12 +1576,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1305 +#: sssd.conf.5.xml:1306 msgid "memcache_size_sid (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1308 +#: sssd.conf.5.xml:1309 msgid "" "Size (in megabytes) of the data table allocated inside fast in-memory cache " "for SID related requests. Only SID-by-ID and ID-by-SID requests are " @@ -1590,12 +1590,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1332 sssd-ifp.5.xml:90 +#: sssd.conf.5.xml:1333 sssd-ifp.5.xml:90 msgid "user_attributes (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1335 +#: sssd.conf.5.xml:1336 msgid "" "Some of the additional NSS responder requests can return more attributes " "than just the POSIX ones defined by the NSS interface. The list of " @@ -1606,43 +1606,43 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1348 +#: sssd.conf.5.xml:1349 msgid "" "To make configuration more easy the NSS responder will check the InfoPipe " "option if it is not set for the NSS responder." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1353 +#: sssd.conf.5.xml:1354 msgid "Default: not set, fallback to InfoPipe option" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1358 +#: sssd.conf.5.xml:1359 msgid "pwfield (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1361 +#: sssd.conf.5.xml:1362 msgid "" "The value that NSS operations that return users or groups will return for " "the <quote>password</quote> field." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1366 +#: sssd.conf.5.xml:1367 msgid "Default: <quote>*</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1369 +#: sssd.conf.5.xml:1370 msgid "" "Note: This option can also be set per-domain which overwrites the value in " "[nss] section." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1373 +#: sssd.conf.5.xml:1374 msgid "" "Default: <quote>not set</quote> (remote domains), <phrase " "condition=\"with_files_provider\"> <quote>x</quote> (the files domain), </" @@ -1651,60 +1651,60 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:1385 +#: sssd.conf.5.xml:1386 msgid "PAM configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:1387 +#: sssd.conf.5.xml:1388 msgid "" "These options can be used to configure the Pluggable Authentication Module " "(PAM) service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1392 +#: sssd.conf.5.xml:1393 msgid "offline_credentials_expiration (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1395 +#: sssd.conf.5.xml:1396 msgid "" "If the authentication provider is offline, how long should we allow cached " "logins (in days since the last successful online login)." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1400 sssd.conf.5.xml:1413 +#: sssd.conf.5.xml:1401 sssd.conf.5.xml:1414 msgid "Default: 0 (No limit)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1406 +#: sssd.conf.5.xml:1407 msgid "offline_failed_login_attempts (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1409 +#: sssd.conf.5.xml:1410 msgid "" "If the authentication provider is offline, how many failed login attempts " "are allowed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1419 +#: sssd.conf.5.xml:1420 msgid "offline_failed_login_delay (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1422 +#: sssd.conf.5.xml:1423 msgid "" "The time in minutes which has to pass after offline_failed_login_attempts " "has been reached before a new login attempt is possible." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1427 +#: sssd.conf.5.xml:1428 msgid "" "If set to 0 the user cannot authenticate offline if " "offline_failed_login_attempts has been reached. Only a successful online " @@ -1712,59 +1712,59 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1433 sssd.conf.5.xml:1543 +#: sssd.conf.5.xml:1434 sssd.conf.5.xml:1544 msgid "Default: 5" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1439 +#: sssd.conf.5.xml:1440 msgid "pam_verbosity (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1442 +#: sssd.conf.5.xml:1443 msgid "" "Controls what kind of messages are shown to the user during authentication. " "The higher the number to more messages are displayed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1447 +#: sssd.conf.5.xml:1448 msgid "Currently sssd supports the following values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1450 +#: sssd.conf.5.xml:1451 msgid "<emphasis>0</emphasis>: do not show any message" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1453 +#: sssd.conf.5.xml:1454 msgid "<emphasis>1</emphasis>: show only important messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1457 +#: sssd.conf.5.xml:1458 msgid "<emphasis>2</emphasis>: show informational messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1460 +#: sssd.conf.5.xml:1461 msgid "<emphasis>3</emphasis>: show all messages and debug information" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1464 sssd.8.xml:63 +#: sssd.conf.5.xml:1465 sssd.8.xml:63 msgid "Default: 1" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1470 +#: sssd.conf.5.xml:1471 msgid "pam_response_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1473 +#: sssd.conf.5.xml:1474 msgid "" "A comma separated list of strings which allows to remove (filter) data sent " "by the PAM responder to pam_sss PAM module. There are different kind of " @@ -1773,51 +1773,51 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1481 +#: sssd.conf.5.xml:1482 msgid "" "While messages already can be controlled with the help of the pam_verbosity " "option this option allows to filter out other kind of responses as well." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1488 +#: sssd.conf.5.xml:1489 msgid "ENV" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1489 +#: sssd.conf.5.xml:1490 msgid "Do not send any environment variables to any service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1492 +#: sssd.conf.5.xml:1493 msgid "ENV:var_name" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1493 +#: sssd.conf.5.xml:1494 msgid "Do not send environment variable var_name to any service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1497 +#: sssd.conf.5.xml:1498 msgid "ENV:var_name:service" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1498 +#: sssd.conf.5.xml:1499 msgid "Do not send environment variable var_name to service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1486 +#: sssd.conf.5.xml:1487 msgid "" "Currently the following filters are supported: <placeholder " "type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1505 +#: sssd.conf.5.xml:1506 msgid "" "The list of strings can either be the list of filters which would set this " "list of filters and overwrite the defaults. Or each element of the list can " @@ -1828,23 +1828,23 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1516 +#: sssd.conf.5.xml:1517 msgid "Default: ENV:KRB5CCNAME:sudo, ENV:KRB5CCNAME:sudo-i" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1519 +#: sssd.conf.5.xml:1520 msgid "" "Example: -ENV:KRB5CCNAME:sudo-i will remove the filter from the default list" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1526 +#: sssd.conf.5.xml:1527 msgid "pam_id_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1529 +#: sssd.conf.5.xml:1530 msgid "" "For any PAM request while SSSD is online, the SSSD will attempt to " "immediately update the cached identity information for the user in order to " @@ -1852,7 +1852,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1535 +#: sssd.conf.5.xml:1536 msgid "" "A complete PAM conversation may perform multiple PAM requests, such as " "account management and session opening. This option controls (on a per-" @@ -1861,17 +1861,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1549 +#: sssd.conf.5.xml:1550 msgid "pam_pwd_expiration_warning (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1552 sssd.conf.5.xml:2987 +#: sssd.conf.5.xml:1553 sssd.conf.5.xml:2988 msgid "Display a warning N days before the password expires." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1555 +#: sssd.conf.5.xml:1556 msgid "" "Please note that the backend server has to provide information about the " "expiration time of the password. If this information is missing, sssd " @@ -1879,31 +1879,31 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1561 sssd.conf.5.xml:2990 +#: sssd.conf.5.xml:1562 sssd.conf.5.xml:2991 msgid "" "If zero is set, then this filter is not applied, i.e. if the expiration " "warning was received from backend server, it will automatically be displayed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1566 +#: sssd.conf.5.xml:1567 msgid "" "This setting can be overridden by setting <emphasis>pwd_expiration_warning</" "emphasis> for a particular domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1571 sssd.conf.5.xml:3976 sssd-ldap.5.xml:606 sssd.8.xml:79 +#: sssd.conf.5.xml:1572 sssd.conf.5.xml:3977 sssd-ldap.5.xml:606 sssd.8.xml:79 msgid "Default: 0" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1588 +#: sssd.conf.5.xml:1589 msgid "pam_trusted_users (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1591 +#: sssd.conf.5.xml:1592 msgid "" "Specifies the comma-separated list of UID values or user names that are " "allowed to run PAM conversations against trusted domains. Users not " @@ -1913,75 +1913,75 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1601 +#: sssd.conf.5.xml:1602 msgid "Default: All users are considered trusted by default" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1605 +#: sssd.conf.5.xml:1606 msgid "" "Please note that UID 0 is always allowed to access the PAM responder even in " "case it is not in the pam_trusted_users list." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1612 +#: sssd.conf.5.xml:1613 msgid "pam_public_domains (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1615 +#: sssd.conf.5.xml:1616 msgid "" "Specifies the comma-separated list of domain names that are accessible even " "to untrusted users." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1619 +#: sssd.conf.5.xml:1620 msgid "Two special values for pam_public_domains option are defined:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1623 +#: sssd.conf.5.xml:1624 msgid "" "all (Untrusted users are allowed to access all domains in PAM responder.)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1627 +#: sssd.conf.5.xml:1628 msgid "" "none (Untrusted users are not allowed to access any domains PAM in " "responder.)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1631 sssd.conf.5.xml:1656 sssd.conf.5.xml:1675 -#: sssd.conf.5.xml:1912 sssd.conf.5.xml:2732 sssd.conf.5.xml:3905 +#: sssd.conf.5.xml:1632 sssd.conf.5.xml:1657 sssd.conf.5.xml:1676 +#: sssd.conf.5.xml:1913 sssd.conf.5.xml:2733 sssd.conf.5.xml:3906 #: sssd-ldap.5.xml:1207 msgid "Default: none" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1636 +#: sssd.conf.5.xml:1637 msgid "pam_account_expired_message (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1639 +#: sssd.conf.5.xml:1640 msgid "" "Allows a custom expiration message to be set, replacing the default " "'Permission denied' message." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1644 +#: sssd.conf.5.xml:1645 msgid "" "Note: Please be aware that message is only printed for the SSH service " "unless pam_verbosity is set to 3 (show all messages and debug information)." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1652 +#: sssd.conf.5.xml:1653 #, no-wrap msgid "" "pam_account_expired_message = Account expired, please contact help desk.\n" @@ -1989,19 +1989,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1661 +#: sssd.conf.5.xml:1662 msgid "pam_account_locked_message (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1664 +#: sssd.conf.5.xml:1665 msgid "" "Allows a custom lockout message to be set, replacing the default 'Permission " "denied' message." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1671 +#: sssd.conf.5.xml:1672 #, no-wrap msgid "" "pam_account_locked_message = Account locked, please contact help desk.\n" @@ -2009,17 +2009,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1680 +#: sssd.conf.5.xml:1681 msgid "pam_passkey_auth (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1683 +#: sssd.conf.5.xml:1684 msgid "Enable passkey device based authentication." msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1686 sssd.conf.5.xml:1697 sssd.conf.5.xml:1711 +#: sssd.conf.5.xml:1687 sssd.conf.5.xml:1698 sssd.conf.5.xml:1712 #: sssd-ldap.5.xml:671 sssd-ldap.5.xml:692 sssd-ldap.5.xml:788 #: sssd-ldap.5.xml:1293 sssd-ad.5.xml:505 sssd-ad.5.xml:581 sssd-ad.5.xml:1126 #: sssd-ad.5.xml:1175 include/ldap_id_mapping.xml:250 @@ -2027,22 +2027,22 @@ msgid "Default: False" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1691 +#: sssd.conf.5.xml:1692 msgid "passkey_debug_libfido2 (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1694 +#: sssd.conf.5.xml:1695 msgid "Enable libfido2 library debug messages." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1702 +#: sssd.conf.5.xml:1703 msgid "pam_cert_auth (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1705 +#: sssd.conf.5.xml:1706 msgid "" "Enable certificate based Smartcard authentication. Since this requires " "additional communication with the Smartcard which will delay the " @@ -2050,34 +2050,34 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1716 +#: sssd.conf.5.xml:1717 msgid "pam_cert_db_path (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1719 +#: sssd.conf.5.xml:1720 msgid "The path to the certificate database." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1722 sssd.conf.5.xml:2247 sssd.conf.5.xml:4308 +#: sssd.conf.5.xml:1723 sssd.conf.5.xml:2248 sssd.conf.5.xml:4354 msgid "Default:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1724 sssd.conf.5.xml:2249 +#: sssd.conf.5.xml:1725 sssd.conf.5.xml:2250 msgid "" "/etc/sssd/pki/sssd_auth_ca_db.pem (path to a file with trusted CA " "certificates in PEM format)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1734 +#: sssd.conf.5.xml:1735 msgid "pam_cert_verification (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1737 +#: sssd.conf.5.xml:1738 msgid "" "With this parameter the PAM certificate verification can be tuned with a " "comma separated list of options that override the " @@ -2087,7 +2087,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1748 +#: sssd.conf.5.xml:1749 #, no-wrap msgid "" "pam_cert_verification = partial_chain\n" @@ -2095,59 +2095,59 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1752 +#: sssd.conf.5.xml:1753 msgid "" "Default: not set, i.e. use default <quote>certificate_verification</quote> " "option defined in <quote>[sssd]</quote> section." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1759 +#: sssd.conf.5.xml:1760 msgid "p11_child_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1762 +#: sssd.conf.5.xml:1763 msgid "How many seconds will pam_sss wait for p11_child to finish." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1771 +#: sssd.conf.5.xml:1772 msgid "passkey_child_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1774 +#: sssd.conf.5.xml:1775 msgid "" "How many seconds will the PAM responder wait for passkey_child to finish." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1783 +#: sssd.conf.5.xml:1784 msgid "pam_app_services (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1786 +#: sssd.conf.5.xml:1787 msgid "" "Which PAM services are permitted to contact domains of type " "<quote>application</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1795 +#: sssd.conf.5.xml:1796 msgid "pam_p11_allowed_services (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1798 +#: sssd.conf.5.xml:1799 msgid "" "A comma-separated list of PAM service names for which it will be allowed to " "use Smartcards." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1813 +#: sssd.conf.5.xml:1814 #, no-wrap msgid "" "pam_p11_allowed_services = +my_pam_service, -login\n" @@ -2155,7 +2155,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1802 +#: sssd.conf.5.xml:1803 msgid "" "It is possible to add another PAM service name to the default set by using " "<quote>+service_name</quote> or to explicitly remove a PAM service name from " @@ -2167,63 +2167,63 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1817 sssd-ad.5.xml:644 sssd-ad.5.xml:753 sssd-ad.5.xml:811 +#: sssd.conf.5.xml:1818 sssd-ad.5.xml:644 sssd-ad.5.xml:753 sssd-ad.5.xml:811 #: sssd-ad.5.xml:869 sssd-ad.5.xml:947 msgid "Default: the default set of PAM service names includes:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1822 sssd-ad.5.xml:648 +#: sssd.conf.5.xml:1823 sssd-ad.5.xml:648 msgid "login" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1827 sssd-ad.5.xml:653 +#: sssd.conf.5.xml:1828 sssd-ad.5.xml:653 msgid "su" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1832 sssd-ad.5.xml:658 +#: sssd.conf.5.xml:1833 sssd-ad.5.xml:658 msgid "su-l" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1837 sssd-ad.5.xml:673 +#: sssd.conf.5.xml:1838 sssd-ad.5.xml:673 msgid "gdm-smartcard" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1842 sssd-ad.5.xml:668 +#: sssd.conf.5.xml:1843 sssd-ad.5.xml:668 msgid "gdm-password" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1847 sssd-ad.5.xml:678 +#: sssd.conf.5.xml:1848 sssd-ad.5.xml:678 msgid "kdm" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1852 sssd-ad.5.xml:956 +#: sssd.conf.5.xml:1853 sssd-ad.5.xml:956 msgid "sudo" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1857 sssd-ad.5.xml:961 +#: sssd.conf.5.xml:1858 sssd-ad.5.xml:961 msgid "sudo-i" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:1862 +#: sssd.conf.5.xml:1863 msgid "gnome-screensaver" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1870 +#: sssd.conf.5.xml:1871 msgid "p11_wait_for_card_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1873 +#: sssd.conf.5.xml:1874 msgid "" "If Smartcard authentication is required how many extra seconds in addition " "to p11_child_timeout should the PAM responder wait until a Smartcard is " @@ -2231,12 +2231,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1884 +#: sssd.conf.5.xml:1885 msgid "p11_uri (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1887 +#: sssd.conf.5.xml:1888 msgid "" "PKCS#11 URI (see RFC-7512 for details) which can be used to restrict the " "selection of devices used for Smartcard authentication. By default SSSD's " @@ -2247,7 +2247,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1900 +#: sssd.conf.5.xml:1901 #, no-wrap msgid "" "p11_uri = pkcs11:slot-description=My%20Smartcard%20Reader\n" @@ -2255,7 +2255,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1904 +#: sssd.conf.5.xml:1905 #, no-wrap msgid "" "p11_uri = pkcs11:library-description=OpenSC%20smartcard%20framework;slot-id=2\n" @@ -2263,7 +2263,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1898 +#: sssd.conf.5.xml:1899 msgid "" "Example: <placeholder type=\"programlisting\" id=\"0\"/> or <placeholder " "type=\"programlisting\" id=\"1\"/> To find suitable URI please check the " @@ -2272,47 +2272,47 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1917 +#: sssd.conf.5.xml:1918 msgid "pam_initgroups_scheme" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1925 +#: sssd.conf.5.xml:1926 msgid "always" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1926 +#: sssd.conf.5.xml:1927 msgid "" "Always do an online lookup, please note that pam_id_timeout still applies" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1930 +#: sssd.conf.5.xml:1931 msgid "no_session" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1931 +#: sssd.conf.5.xml:1932 msgid "" "Only do an online lookup if there is no active session of the user, i.e. if " "the user is currently not logged in" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1936 +#: sssd.conf.5.xml:1937 msgid "never" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1937 +#: sssd.conf.5.xml:1938 msgid "" "Never force an online lookup, use the data from the cache as long as they " "are not expired" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1920 +#: sssd.conf.5.xml:1921 msgid "" "The PAM responder can force an online lookup to get the current group " "memberships of the user trying to log in. This option controls when this " @@ -2321,30 +2321,30 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1944 +#: sssd.conf.5.xml:1945 msgid "Default: no_session" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1949 sssd.conf.5.xml:4247 +#: sssd.conf.5.xml:1950 sssd.conf.5.xml:4293 msgid "pam_gssapi_services" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1952 +#: sssd.conf.5.xml:1953 msgid "" "Comma separated list of PAM services that are allowed to try GSSAPI " "authentication using pam_sss_gss.so module." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1957 +#: sssd.conf.5.xml:1958 msgid "" "To disable GSSAPI authentication, set this option to <quote>-</quote> (dash)." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1961 sssd.conf.5.xml:1992 sssd.conf.5.xml:2030 +#: sssd.conf.5.xml:1962 sssd.conf.5.xml:1993 sssd.conf.5.xml:2031 msgid "" "Note: This option can also be set per-domain which overwrites the value in " "[pam] section. It can also be set for trusted domain which overwrites the " @@ -2352,7 +2352,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:1969 +#: sssd.conf.5.xml:1970 #, no-wrap msgid "" "pam_gssapi_services = sudo, sudo-i\n" @@ -2360,22 +2360,22 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1967 sssd.conf.5.xml:3899 +#: sssd.conf.5.xml:1968 sssd.conf.5.xml:3900 msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1973 +#: sssd.conf.5.xml:1974 msgid "Default: - (GSSAPI authentication is disabled)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1978 sssd.conf.5.xml:4248 +#: sssd.conf.5.xml:1979 sssd.conf.5.xml:4294 msgid "pam_gssapi_check_upn" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1981 +#: sssd.conf.5.xml:1982 msgid "" "If True, SSSD will require that the Kerberos user principal that " "successfully authenticated through GSSAPI can be associated with the user " @@ -2383,25 +2383,25 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1988 +#: sssd.conf.5.xml:1989 msgid "" "If False, every user that is able to obtained required service ticket will " "be authenticated." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1998 sssd-ad.5.xml:1266 sss_rpcidmapd.5.xml:76 +#: sssd.conf.5.xml:1999 sssd-ad.5.xml:1266 sss_rpcidmapd.5.xml:76 #: sssd-files.5.xml:145 msgid "Default: True" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2003 +#: sssd.conf.5.xml:2004 msgid "pam_gssapi_indicators_map" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2006 +#: sssd.conf.5.xml:2007 msgid "" "Comma separated list of authentication indicators required to be present in " "a Kerberos ticket to access a PAM service that is allowed to try GSSAPI " @@ -2409,7 +2409,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2012 +#: sssd.conf.5.xml:2013 msgid "" "Each element of the list can be either an authentication indicator name or a " "pair <quote>service:indicator</quote>. Indicators not prefixed with the PAM " @@ -2424,7 +2424,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2025 +#: sssd.conf.5.xml:2026 msgid "" "To disable GSSAPI authentication indicator check, set this option to <quote>-" "</quote> (dash). To disable the check for a specific PAM service, add " @@ -2432,45 +2432,45 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2036 +#: sssd.conf.5.xml:2037 msgid "" "Following authentication indicators are supported by IPA Kerberos " "deployments:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2039 +#: sssd.conf.5.xml:2040 msgid "" "pkinit -- pre-authentication using X.509 certificates -- whether stored in " "files or on smart cards." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2042 +#: sssd.conf.5.xml:2043 msgid "" "hardened -- SPAKE pre-authentication or any pre-authentication wrapped in a " "FAST channel." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2045 +#: sssd.conf.5.xml:2046 msgid "radius -- pre-authentication with the help of a RADIUS server." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2048 +#: sssd.conf.5.xml:2049 msgid "" "otp -- pre-authentication using integrated two-factor authentication (2FA or " "one-time password, OTP) in IPA." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2051 +#: sssd.conf.5.xml:2052 msgid "idp -- pre-authentication using external identity provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:2061 +#: sssd.conf.5.xml:2062 #, no-wrap msgid "" "pam_gssapi_indicators_map = sudo:pkinit, sudo-i:pkinit\n" @@ -2478,7 +2478,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2056 +#: sssd.conf.5.xml:2057 msgid "" "Example: to require access to SUDO services only for users which obtained " "their Kerberos tickets with a X.509 certificate pre-authentication (PKINIT), " @@ -2486,17 +2486,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2065 +#: sssd.conf.5.xml:2066 msgid "Default: not set (use of authentication indicators is not required)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:2073 +#: sssd.conf.5.xml:2074 msgid "SUDO configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2075 +#: sssd.conf.5.xml:2076 msgid "" "These options can be used to configure the sudo service. The detailed " "instructions for configuration of <citerefentry> <refentrytitle>sudo</" @@ -2507,24 +2507,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2092 +#: sssd.conf.5.xml:2093 msgid "sudo_timed (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2095 +#: sssd.conf.5.xml:2096 msgid "" "Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes " "that implement time-dependent sudoers entries." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2107 +#: sssd.conf.5.xml:2108 msgid "sudo_threshold (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2110 +#: sssd.conf.5.xml:2111 msgid "" "Maximum number of expired rules that can be refreshed at once. If number of " "expired rules is below threshold, those rules are refreshed with " @@ -2534,22 +2534,22 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:2129 +#: sssd.conf.5.xml:2130 msgid "AUTOFS configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2131 +#: sssd.conf.5.xml:2132 msgid "These options can be used to configure the autofs service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2135 +#: sssd.conf.5.xml:2136 msgid "autofs_negative_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2138 +#: sssd.conf.5.xml:2139 msgid "" "Specifies for how many seconds should the autofs responder negative cache " "hits (that is, queries for invalid map entries, like nonexistent ones) " @@ -2557,51 +2557,51 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:2154 +#: sssd.conf.5.xml:2155 msgid "SSH configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2156 +#: sssd.conf.5.xml:2157 msgid "These options can be used to configure the SSH service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2160 +#: sssd.conf.5.xml:2161 msgid "ssh_hash_known_hosts (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2163 +#: sssd.conf.5.xml:2164 msgid "" "Whether or not to hash host names and addresses in the managed known_hosts " "file." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2172 +#: sssd.conf.5.xml:2173 msgid "ssh_known_hosts_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2175 +#: sssd.conf.5.xml:2176 msgid "" "How many seconds to keep a host in the managed known_hosts file after its " "host keys were requested." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2179 +#: sssd.conf.5.xml:2180 msgid "Default: 180" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2184 +#: sssd.conf.5.xml:2185 msgid "ssh_use_certificate_keys (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2187 +#: sssd.conf.5.xml:2188 msgid "" "If set to true the <command>sss_ssh_authorizedkeys</command> will return ssh " "keys derived from the public key of X.509 certificates stored in the user " @@ -2610,12 +2610,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2202 +#: sssd.conf.5.xml:2203 msgid "ssh_use_certificate_matching_rules (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2205 +#: sssd.conf.5.xml:2206 msgid "" "By default the ssh responder will use all available certificate matching " "rules to filter the certificates so that ssh keys are only derived from the " @@ -2625,7 +2625,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2214 +#: sssd.conf.5.xml:2215 msgid "" "There are two special key words 'all_rules' and 'no_rules' which will enable " "all or no rules, respectively. The latter means that no certificates will be " @@ -2633,7 +2633,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2221 +#: sssd.conf.5.xml:2222 msgid "" "If no rules are configured using 'all_rules' will enable a default rule " "which enables all certificates suitable for client authentication. This is " @@ -2642,38 +2642,38 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2228 +#: sssd.conf.5.xml:2229 msgid "" "A non-existing rule name is considered an error. If as a result no rule is " "selected all certificates will be ignored." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2233 +#: sssd.conf.5.xml:2234 msgid "" "Default: not set, equivalent to 'all_rules', all found rules or the default " "rule are used" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2239 +#: sssd.conf.5.xml:2240 msgid "ca_db (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2242 +#: sssd.conf.5.xml:2243 msgid "" "Path to a storage of trusted CA certificates. The option is used to validate " "user certificates before deriving public ssh keys from them." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:2262 +#: sssd.conf.5.xml:2263 msgid "PAC responder configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2264 +#: sssd.conf.5.xml:2265 msgid "" "The PAC responder works together with the authorization data plugin for MIT " "Kerberos sssd_pac_plugin.so and a sub-domain provider. The plugin sends the " @@ -2684,7 +2684,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2273 +#: sssd.conf.5.xml:2274 msgid "" "If the remote user does not exist in the cache, it is created. The UID is " "determined with the help of the SID, trusted domains will have UPGs and the " @@ -2695,24 +2695,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:2281 +#: sssd.conf.5.xml:2282 msgid "" "If there are SIDs of groups from domains sssd knows about, the user will be " "added to those groups." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2287 +#: sssd.conf.5.xml:2288 msgid "These options can be used to configure the PAC responder." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2291 sssd-ifp.5.xml:66 +#: sssd.conf.5.xml:2292 sssd-ifp.5.xml:66 msgid "allowed_uids (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2294 +#: sssd.conf.5.xml:2295 msgid "" "Specifies the comma-separated list of UID values or user names that are " "allowed to access the PAC responder. User names are resolved to UIDs at " @@ -2720,12 +2720,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2300 +#: sssd.conf.5.xml:2301 msgid "Default: 0 (only the root user is allowed to access the PAC responder)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2304 +#: sssd.conf.5.xml:2305 msgid "" "Please note that although the UID 0 is used as the default it will be " "overwritten with this option. If you still want to allow the root user to " @@ -2734,24 +2734,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2313 +#: sssd.conf.5.xml:2314 msgid "pac_lifetime (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2316 +#: sssd.conf.5.xml:2317 msgid "" "Lifetime of the PAC entry in seconds. As long as the PAC is valid the PAC " "data can be used to determine the group memberships of a user." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2326 +#: sssd.conf.5.xml:2327 msgid "pac_check (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2329 +#: sssd.conf.5.xml:2330 msgid "" "Apply additional checks on the PAC of the Kerberos ticket which is available " "in Active Directory and FreeIPA domains, if configured. Please note that " @@ -2762,24 +2762,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2343 +#: sssd.conf.5.xml:2344 msgid "no_check" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2345 +#: sssd.conf.5.xml:2346 msgid "" "The PAC must not be present and even if it is present no additional checks " "will be done." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2351 +#: sssd.conf.5.xml:2352 msgid "pac_present" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2353 +#: sssd.conf.5.xml:2354 msgid "" "The PAC must be present in the service ticket which SSSD will request with " "the help of the user's TGT. If the PAC is not available the authentication " @@ -2787,24 +2787,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2361 +#: sssd.conf.5.xml:2362 msgid "check_upn" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2363 +#: sssd.conf.5.xml:2364 msgid "" "If the PAC is present check if the user principal name (UPN) information is " "consistent." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2369 +#: sssd.conf.5.xml:2370 msgid "check_upn_allow_missing" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2371 +#: sssd.conf.5.xml:2372 msgid "" "This option should be used together with 'check_upn' and handles the case " "where a UPN is set on the server-side but is not read by SSSD. The typical " @@ -2816,7 +2816,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2383 +#: sssd.conf.5.xml:2384 msgid "" "Currently this option is set by default to avoid regressions in such " "environments. A log message will be added to the system log and SSSD's debug " @@ -2827,60 +2827,60 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2397 +#: sssd.conf.5.xml:2398 msgid "upn_dns_info_present" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2399 +#: sssd.conf.5.xml:2400 msgid "The PAC must contain the UPN-DNS-INFO buffer, implies 'check_upn'." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2404 +#: sssd.conf.5.xml:2405 msgid "check_upn_dns_info_ex" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2406 +#: sssd.conf.5.xml:2407 msgid "" "If the PAC is present and the extension to the UPN-DNS-INFO buffer is " "available check if the information in the extension is consistent." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2413 +#: sssd.conf.5.xml:2414 msgid "upn_dns_info_ex_present" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2415 +#: sssd.conf.5.xml:2416 msgid "" "The PAC must contain the extension of the UPN-DNS-INFO buffer, implies " "'check_upn_dns_info_ex', 'upn_dns_info_present' and 'check_upn'." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2339 +#: sssd.conf.5.xml:2340 msgid "" "The following options can be used alone or in a comma-separated list: " "<placeholder type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2425 +#: sssd.conf.5.xml:2426 msgid "" "Default: no_check (AD and IPA provider 'check_upn, check_upn_allow_missing, " "check_upn_dns_info_ex')" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:2434 +#: sssd.conf.5.xml:2435 msgid "Session recording configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2436 +#: sssd.conf.5.xml:2437 msgid "" "Session recording works in conjunction with <citerefentry> " "<refentrytitle>tlog-rec-session</refentrytitle> <manvolnum>8</manvolnum> </" @@ -2890,66 +2890,66 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:2449 +#: sssd.conf.5.xml:2450 msgid "These options can be used to configure session recording." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2453 sssd-session-recording.5.xml:64 +#: sssd.conf.5.xml:2454 sssd-session-recording.5.xml:64 msgid "scope (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2460 sssd-session-recording.5.xml:71 +#: sssd.conf.5.xml:2461 sssd-session-recording.5.xml:71 msgid "\"none\"" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2463 sssd-session-recording.5.xml:74 +#: sssd.conf.5.xml:2464 sssd-session-recording.5.xml:74 msgid "No users are recorded." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2468 sssd-session-recording.5.xml:79 +#: sssd.conf.5.xml:2469 sssd-session-recording.5.xml:79 msgid "\"some\"" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2471 sssd-session-recording.5.xml:82 +#: sssd.conf.5.xml:2472 sssd-session-recording.5.xml:82 msgid "" "Users/groups specified by <replaceable>users</replaceable> and " "<replaceable>groups</replaceable> options are recorded." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2480 sssd-session-recording.5.xml:91 +#: sssd.conf.5.xml:2481 sssd-session-recording.5.xml:91 msgid "\"all\"" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2483 sssd-session-recording.5.xml:94 +#: sssd.conf.5.xml:2484 sssd-session-recording.5.xml:94 msgid "All users are recorded." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2456 sssd-session-recording.5.xml:67 +#: sssd.conf.5.xml:2457 sssd-session-recording.5.xml:67 msgid "" "One of the following strings specifying the scope of session recording: " "<placeholder type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2490 sssd-session-recording.5.xml:101 +#: sssd.conf.5.xml:2491 sssd-session-recording.5.xml:101 msgid "Default: \"none\"" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2495 sssd-session-recording.5.xml:106 +#: sssd.conf.5.xml:2496 sssd-session-recording.5.xml:106 msgid "users (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2498 sssd-session-recording.5.xml:109 +#: sssd.conf.5.xml:2499 sssd-session-recording.5.xml:109 msgid "" "A comma-separated list of users which should have session recording enabled. " "Matches user names as returned by NSS. I.e. after the possible space " @@ -2957,17 +2957,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2504 sssd-session-recording.5.xml:115 +#: sssd.conf.5.xml:2505 sssd-session-recording.5.xml:115 msgid "Default: Empty. Matches no users." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2509 sssd-session-recording.5.xml:120 +#: sssd.conf.5.xml:2510 sssd-session-recording.5.xml:120 msgid "groups (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2512 sssd-session-recording.5.xml:123 +#: sssd.conf.5.xml:2513 sssd-session-recording.5.xml:123 msgid "" "A comma-separated list of groups, members of which should have session " "recording enabled. Matches group names as returned by NSS. I.e. after the " @@ -2975,7 +2975,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2518 sssd.conf.5.xml:2550 sssd-session-recording.5.xml:129 +#: sssd.conf.5.xml:2519 sssd.conf.5.xml:2551 sssd-session-recording.5.xml:129 #: sssd-session-recording.5.xml:161 msgid "" "NOTE: using this option (having it set to anything) has a considerable " @@ -2984,56 +2984,56 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2525 sssd-session-recording.5.xml:136 +#: sssd.conf.5.xml:2526 sssd-session-recording.5.xml:136 msgid "Default: Empty. Matches no groups." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2530 sssd-session-recording.5.xml:141 +#: sssd.conf.5.xml:2531 sssd-session-recording.5.xml:141 msgid "exclude_users (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2533 sssd-session-recording.5.xml:144 +#: sssd.conf.5.xml:2534 sssd-session-recording.5.xml:144 msgid "" "A comma-separated list of users to be excluded from recording, only " "applicable with 'scope=all'." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2537 sssd-session-recording.5.xml:148 +#: sssd.conf.5.xml:2538 sssd-session-recording.5.xml:148 msgid "Default: Empty. No users excluded." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2542 sssd-session-recording.5.xml:153 +#: sssd.conf.5.xml:2543 sssd-session-recording.5.xml:153 msgid "exclude_groups (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2545 sssd-session-recording.5.xml:156 +#: sssd.conf.5.xml:2546 sssd-session-recording.5.xml:156 msgid "" "A comma-separated list of groups, members of which should be excluded from " "recording. Only applicable with 'scope=all'." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2557 sssd-session-recording.5.xml:168 +#: sssd.conf.5.xml:2558 sssd-session-recording.5.xml:168 msgid "Default: Empty. No groups excluded." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:2567 +#: sssd.conf.5.xml:2568 msgid "DOMAIN SECTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2574 +#: sssd.conf.5.xml:2575 msgid "enabled" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2577 +#: sssd.conf.5.xml:2578 msgid "" "Explicitly enable or disable the domain. If <quote>true</quote>, the domain " "is always <quote>enabled</quote>. If <quote>false</quote>, the domain is " @@ -3043,12 +3043,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2589 +#: sssd.conf.5.xml:2590 msgid "domain_type (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2592 +#: sssd.conf.5.xml:2593 msgid "" "Specifies whether the domain is meant to be used by POSIX-aware clients such " "as the Name Service Switch or by applications that do not need POSIX data to " @@ -3057,14 +3057,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2600 +#: sssd.conf.5.xml:2601 msgid "" "Allowed values for this option are <quote>posix</quote> and " "<quote>application</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2604 +#: sssd.conf.5.xml:2605 msgid "" "POSIX domains are reachable by all services. Application domains are only " "reachable from the InfoPipe responder (see <citerefentry> " @@ -3073,38 +3073,38 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2612 +#: sssd.conf.5.xml:2613 msgid "" "NOTE: The application domains are currently well tested with " "<quote>id_provider=ldap</quote> only." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2616 +#: sssd.conf.5.xml:2617 msgid "" "For an easy way to configure a non-POSIX domains, please see the " "<quote>Application domains</quote> section." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2620 +#: sssd.conf.5.xml:2621 msgid "Default: posix" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2626 +#: sssd.conf.5.xml:2627 msgid "min_id,max_id (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2629 +#: sssd.conf.5.xml:2630 msgid "" "UID and GID limits for the domain. If a domain contains an entry that is " "outside these limits, it is ignored." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2634 +#: sssd.conf.5.xml:2635 msgid "" "For users, this affects the primary GID limit. The user will not be returned " "to NSS if either the UID or the primary GID is outside the range. For non-" @@ -3113,24 +3113,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2641 +#: sssd.conf.5.xml:2642 msgid "" "These ID limits affect even saving entries to cache, not only returning them " "by name or ID." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2645 +#: sssd.conf.5.xml:2646 msgid "Default: 1 for min_id, 0 (no limit) for max_id" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2651 +#: sssd.conf.5.xml:2652 msgid "enumerate (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2654 +#: sssd.conf.5.xml:2655 msgid "" "Determines if a domain can be enumerated, that is, whether the domain can " "list all the users and group it contains. Note that it is not required to " @@ -3139,29 +3139,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2662 +#: sssd.conf.5.xml:2663 msgid "TRUE = Users and groups are enumerated" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2665 +#: sssd.conf.5.xml:2666 msgid "FALSE = No enumerations for this domain" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2668 sssd.conf.5.xml:2942 sssd.conf.5.xml:3119 +#: sssd.conf.5.xml:2669 sssd.conf.5.xml:2943 sssd.conf.5.xml:3120 msgid "Default: FALSE" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2671 +#: sssd.conf.5.xml:2672 msgid "" "Enumerating a domain requires SSSD to download and store ALL user and group " "entries from the remote server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2676 +#: sssd.conf.5.xml:2677 msgid "" "Note: Enabling enumeration has a moderate performance impact on SSSD while " "enumeration is running. It may take up to several minutes after SSSD startup " @@ -3175,14 +3175,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2691 +#: sssd.conf.5.xml:2692 msgid "" "While the first enumeration is running, requests for the complete user or " "group lists may return no results until it completes." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2696 +#: sssd.conf.5.xml:2697 msgid "" "Further, enabling enumeration may increase the time necessary to detect " "network disconnection, as longer timeouts are required to ensure that " @@ -3191,39 +3191,39 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2704 +#: sssd.conf.5.xml:2705 msgid "" "For the reasons cited above, enabling enumeration is not recommended, " "especially in large environments." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2712 +#: sssd.conf.5.xml:2713 msgid "subdomain_enumerate (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2719 +#: sssd.conf.5.xml:2720 msgid "all" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2720 +#: sssd.conf.5.xml:2721 msgid "All discovered trusted domains will be enumerated" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2723 +#: sssd.conf.5.xml:2724 msgid "none" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2724 +#: sssd.conf.5.xml:2725 msgid "No discovered trusted domains will be enumerated" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2715 +#: sssd.conf.5.xml:2716 msgid "" "Whether any of autodetected trusted domains should be enumerated. The " "supported values are: <placeholder type=\"variablelist\" id=\"0\"/> " @@ -3232,19 +3232,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2738 +#: sssd.conf.5.xml:2739 msgid "entry_cache_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2741 +#: sssd.conf.5.xml:2742 msgid "" "How many seconds should nss_sss consider entries valid before asking the " "backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2745 +#: sssd.conf.5.xml:2746 msgid "" "The cache expiration timestamps are stored as attributes of individual " "objects in the cache. Therefore, changing the cache timeout only has effect " @@ -3255,139 +3255,139 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2758 +#: sssd.conf.5.xml:2759 msgid "Default: 5400" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2764 +#: sssd.conf.5.xml:2765 msgid "entry_cache_user_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2767 +#: sssd.conf.5.xml:2768 msgid "" "How many seconds should nss_sss consider user entries valid before asking " "the backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2771 sssd.conf.5.xml:2784 sssd.conf.5.xml:2797 -#: sssd.conf.5.xml:2810 sssd.conf.5.xml:2824 sssd.conf.5.xml:2837 -#: sssd.conf.5.xml:2851 sssd.conf.5.xml:2865 sssd.conf.5.xml:2878 +#: sssd.conf.5.xml:2772 sssd.conf.5.xml:2785 sssd.conf.5.xml:2798 +#: sssd.conf.5.xml:2811 sssd.conf.5.xml:2825 sssd.conf.5.xml:2838 +#: sssd.conf.5.xml:2852 sssd.conf.5.xml:2866 sssd.conf.5.xml:2879 msgid "Default: entry_cache_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2777 +#: sssd.conf.5.xml:2778 msgid "entry_cache_group_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2780 +#: sssd.conf.5.xml:2781 msgid "" "How many seconds should nss_sss consider group entries valid before asking " "the backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2790 +#: sssd.conf.5.xml:2791 msgid "entry_cache_netgroup_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2793 +#: sssd.conf.5.xml:2794 msgid "" "How many seconds should nss_sss consider netgroup entries valid before " "asking the backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2803 +#: sssd.conf.5.xml:2804 msgid "entry_cache_service_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2806 +#: sssd.conf.5.xml:2807 msgid "" "How many seconds should nss_sss consider service entries valid before asking " "the backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2816 +#: sssd.conf.5.xml:2817 msgid "entry_cache_resolver_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2819 +#: sssd.conf.5.xml:2820 msgid "" "How many seconds should nss_sss consider hosts and networks entries valid " "before asking the backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2830 +#: sssd.conf.5.xml:2831 msgid "entry_cache_sudo_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2833 +#: sssd.conf.5.xml:2834 msgid "" "How many seconds should sudo consider rules valid before asking the backend " "again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2843 +#: sssd.conf.5.xml:2844 msgid "entry_cache_autofs_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2846 +#: sssd.conf.5.xml:2847 msgid "" "How many seconds should the autofs service consider automounter maps valid " "before asking the backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2857 +#: sssd.conf.5.xml:2858 msgid "entry_cache_ssh_host_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2860 +#: sssd.conf.5.xml:2861 msgid "" "How many seconds to keep a host ssh key after refresh. IE how long to cache " "the host key for." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2871 +#: sssd.conf.5.xml:2872 msgid "entry_cache_computer_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2874 +#: sssd.conf.5.xml:2875 msgid "" "How many seconds to keep the local computer entry before asking the backend " "again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2884 +#: sssd.conf.5.xml:2885 msgid "refresh_expired_interval (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2887 +#: sssd.conf.5.xml:2888 msgid "" "Specifies how many seconds SSSD has to wait before triggering a background " "refresh task which will refresh all expired or nearly expired records." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2892 +#: sssd.conf.5.xml:2893 msgid "" "The background refresh will process users, groups and netgroups in the " "cache. For users who have performed the initgroups (get group membership for " @@ -3396,17 +3396,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2900 +#: sssd.conf.5.xml:2901 msgid "This option is automatically inherited for all trusted domains." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2904 +#: sssd.conf.5.xml:2905 msgid "You can consider setting this value to 3/4 * entry_cache_timeout." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2908 +#: sssd.conf.5.xml:2909 msgid "" "Cache entry will be refreshed by background task when 2/3 of cache timeout " "has already passed. If there are existing cached entries, the background " @@ -3418,23 +3418,23 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2921 sssd-ldap.5.xml:360 sssd-ldap.5.xml:1736 +#: sssd.conf.5.xml:2922 sssd-ldap.5.xml:360 sssd-ldap.5.xml:1736 #: sssd-ipa.5.xml:270 msgid "Default: 0 (disabled)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2927 +#: sssd.conf.5.xml:2928 msgid "cache_credentials (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2930 +#: sssd.conf.5.xml:2931 msgid "Determines if user credentials are also cached in the local LDB cache." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2934 +#: sssd.conf.5.xml:2935 msgid "" "Take a note that while credentials are stored as a salted SHA512 hash, this " "still potentially poses some security risk in case an attacker manages to " @@ -3443,12 +3443,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2948 +#: sssd.conf.5.xml:2949 msgid "cache_credentials_minimal_first_factor_length (int)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2951 +#: sssd.conf.5.xml:2952 msgid "" "If 2-Factor-Authentication (2FA) is used and credentials should be saved " "this value determines the minimal length the first authentication factor " @@ -3456,19 +3456,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2958 +#: sssd.conf.5.xml:2959 msgid "" "This should avoid that the short PINs of a PIN based 2FA scheme are saved in " "the cache which would make them easy targets for brute-force attacks." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2969 +#: sssd.conf.5.xml:2970 msgid "account_cache_expiration (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2972 +#: sssd.conf.5.xml:2973 msgid "" "Number of days entries are left in cache after last successful login before " "being removed during a cleanup of the cache. 0 means keep forever. The " @@ -3477,17 +3477,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2979 +#: sssd.conf.5.xml:2980 msgid "Default: 0 (unlimited)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2984 +#: sssd.conf.5.xml:2985 msgid "pwd_expiration_warning (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2995 +#: sssd.conf.5.xml:2996 msgid "" "Please note that the backend server has to provide information about the " "expiration time of the password. If this information is missing, sssd " @@ -3496,28 +3496,28 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3002 +#: sssd.conf.5.xml:3003 msgid "Default: 7 (Kerberos), 0 (LDAP)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3008 +#: sssd.conf.5.xml:3009 msgid "id_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3011 +#: sssd.conf.5.xml:3012 msgid "" "The identification provider used for the domain. Supported ID providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3015 +#: sssd.conf.5.xml:3016 msgid "<quote>proxy</quote>: Support a legacy NSS provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3018 +#: sssd.conf.5.xml:3019 msgid "" "<quote>files</quote>: FILES provider. See <citerefentry> <refentrytitle>sssd-" "files</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more " @@ -3525,7 +3525,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3026 +#: sssd.conf.5.xml:3027 msgid "" "<quote>ldap</quote>: LDAP provider. See <citerefentry> <refentrytitle>sssd-" "ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more " @@ -3533,8 +3533,8 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3034 sssd.conf.5.xml:3145 sssd.conf.5.xml:3196 -#: sssd.conf.5.xml:3259 +#: sssd.conf.5.xml:3035 sssd.conf.5.xml:3146 sssd.conf.5.xml:3197 +#: sssd.conf.5.xml:3260 msgid "" "<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management " "provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> " @@ -3543,8 +3543,8 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3043 sssd.conf.5.xml:3154 sssd.conf.5.xml:3205 -#: sssd.conf.5.xml:3268 +#: sssd.conf.5.xml:3044 sssd.conf.5.xml:3155 sssd.conf.5.xml:3206 +#: sssd.conf.5.xml:3269 msgid "" "<quote>ad</quote>: Active Directory provider. See <citerefentry> " "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3552,19 +3552,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3054 +#: sssd.conf.5.xml:3055 msgid "use_fully_qualified_names (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3057 +#: sssd.conf.5.xml:3058 msgid "" "Use the full name and domain (as formatted by the domain's full_name_format) " "as the user's login name reported to NSS." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3062 +#: sssd.conf.5.xml:3063 msgid "" "If set to TRUE, all requests to this domain must use fully qualified names. " "For example, if used in LOCAL domain that contains a \"test\" user, " @@ -3573,7 +3573,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3070 +#: sssd.conf.5.xml:3071 msgid "" "NOTE: This option has no effect on netgroup lookups due to their tendency to " "include nested netgroups without qualified names. For netgroups, all domains " @@ -3581,24 +3581,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3077 +#: sssd.conf.5.xml:3078 msgid "" "Default: FALSE (TRUE for trusted domain/sub-domains or if " "default_domain_suffix is used)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3084 +#: sssd.conf.5.xml:3085 msgid "ignore_group_members (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3087 +#: sssd.conf.5.xml:3088 msgid "Do not return group members for group lookups." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3090 +#: sssd.conf.5.xml:3091 msgid "" "If set to TRUE, the group membership attribute is not requested from the " "ldap server, and group members are not returned when processing group lookup " @@ -3610,7 +3610,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3108 +#: sssd.conf.5.xml:3109 msgid "" "Enabling this option can also make access provider checks for group " "membership significantly faster, especially for groups containing many " @@ -3618,7 +3618,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3114 sssd.conf.5.xml:3821 sssd-ldap.5.xml:326 +#: sssd.conf.5.xml:3115 sssd.conf.5.xml:3822 sssd-ldap.5.xml:326 #: sssd-ldap.5.xml:355 sssd-ldap.5.xml:408 sssd-ldap.5.xml:468 #: sssd-ldap.5.xml:489 sssd-ldap.5.xml:520 sssd-ldap.5.xml:543 #: sssd-ldap.5.xml:582 sssd-ldap.5.xml:601 sssd-ldap.5.xml:625 @@ -3629,19 +3629,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3124 +#: sssd.conf.5.xml:3125 msgid "auth_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3127 +#: sssd.conf.5.xml:3128 msgid "" "The authentication provider used for the domain. Supported auth providers " "are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3131 sssd.conf.5.xml:3189 +#: sssd.conf.5.xml:3132 sssd.conf.5.xml:3190 msgid "" "<quote>ldap</quote> for native LDAP authentication. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3649,7 +3649,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3138 +#: sssd.conf.5.xml:3139 msgid "" "<quote>krb5</quote> for Kerberos authentication. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3657,30 +3657,30 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3162 +#: sssd.conf.5.xml:3163 msgid "" "<quote>proxy</quote> for relaying authentication to some other PAM target." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3165 +#: sssd.conf.5.xml:3166 msgid "<quote>none</quote> disables authentication explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3168 +#: sssd.conf.5.xml:3169 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can handle " "authentication requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3174 +#: sssd.conf.5.xml:3175 msgid "access_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3177 +#: sssd.conf.5.xml:3178 msgid "" "The access control provider used for the domain. There are two built-in " "access providers (in addition to any included in installed backends) " @@ -3688,19 +3688,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3183 +#: sssd.conf.5.xml:3184 msgid "" "<quote>permit</quote> always allow access. It's the only permitted access " "provider for a local domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3186 +#: sssd.conf.5.xml:3187 msgid "<quote>deny</quote> always deny access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3213 +#: sssd.conf.5.xml:3214 msgid "" "<quote>simple</quote> access control based on access or deny lists. See " "<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</" @@ -3709,7 +3709,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3220 +#: sssd.conf.5.xml:3221 msgid "" "<quote>krb5</quote>: .k5login based access control. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum></" @@ -3717,29 +3717,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3227 +#: sssd.conf.5.xml:3228 msgid "<quote>proxy</quote> for relaying access control to another PAM module." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3230 +#: sssd.conf.5.xml:3231 msgid "Default: <quote>permit</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3235 +#: sssd.conf.5.xml:3236 msgid "chpass_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3238 +#: sssd.conf.5.xml:3239 msgid "" "The provider which should handle change password operations for the domain. " "Supported change password providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3243 +#: sssd.conf.5.xml:3244 msgid "" "<quote>ldap</quote> to change a password stored in a LDAP server. See " "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" @@ -3747,7 +3747,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3251 +#: sssd.conf.5.xml:3252 msgid "" "<quote>krb5</quote> to change the Kerberos password. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3755,35 +3755,35 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3276 +#: sssd.conf.5.xml:3277 msgid "" "<quote>proxy</quote> for relaying password changes to some other PAM target." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3280 +#: sssd.conf.5.xml:3281 msgid "<quote>none</quote> disallows password changes explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3283 +#: sssd.conf.5.xml:3284 msgid "" "Default: <quote>auth_provider</quote> is used if it is set and can handle " "change password requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3290 +#: sssd.conf.5.xml:3291 msgid "sudo_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3293 +#: sssd.conf.5.xml:3294 msgid "The SUDO provider used for the domain. Supported SUDO providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3297 +#: sssd.conf.5.xml:3298 msgid "" "<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3791,32 +3791,32 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3305 +#: sssd.conf.5.xml:3306 msgid "" "<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default " "settings." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3309 +#: sssd.conf.5.xml:3310 msgid "" "<quote>ad</quote> the same as <quote>ldap</quote> but with AD default " "settings." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3313 +#: sssd.conf.5.xml:3314 msgid "<quote>none</quote> disables SUDO explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3316 sssd.conf.5.xml:3402 sssd.conf.5.xml:3472 -#: sssd.conf.5.xml:3497 sssd.conf.5.xml:3533 +#: sssd.conf.5.xml:3317 sssd.conf.5.xml:3403 sssd.conf.5.xml:3473 +#: sssd.conf.5.xml:3498 sssd.conf.5.xml:3534 msgid "Default: The value of <quote>id_provider</quote> is used if it is set." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3320 +#: sssd.conf.5.xml:3321 msgid "" "The detailed instructions for configuration of sudo_provider are in the " "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " @@ -3827,7 +3827,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3335 +#: sssd.conf.5.xml:3336 msgid "" "<emphasis>NOTE:</emphasis> Sudo rules are periodically downloaded in the " "background unless the sudo provider is explicitly disabled. Set " @@ -3836,12 +3836,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3345 +#: sssd.conf.5.xml:3346 msgid "selinux_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3348 +#: sssd.conf.5.xml:3349 msgid "" "The provider which should handle loading of selinux settings. Note that this " "provider will be called right after access provider ends. Supported selinux " @@ -3849,7 +3849,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3354 +#: sssd.conf.5.xml:3355 msgid "" "<quote>ipa</quote> to load selinux settings from an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" @@ -3857,31 +3857,31 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3362 +#: sssd.conf.5.xml:3363 msgid "<quote>none</quote> disallows fetching selinux settings explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3365 +#: sssd.conf.5.xml:3366 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can handle " "selinux loading requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3371 +#: sssd.conf.5.xml:3372 msgid "subdomains_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3374 +#: sssd.conf.5.xml:3375 msgid "" "The provider which should handle fetching of subdomains. This value should " "be always the same as id_provider. Supported subdomain providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3380 +#: sssd.conf.5.xml:3381 msgid "" "<quote>ipa</quote> to load a list of subdomains from an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" @@ -3889,7 +3889,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3389 +#: sssd.conf.5.xml:3390 msgid "" "<quote>ad</quote> to load a list of subdomains from an Active Directory " "server. See <citerefentry> <refentrytitle>sssd-ad</refentrytitle> " @@ -3898,17 +3898,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3398 +#: sssd.conf.5.xml:3399 msgid "<quote>none</quote> disallows fetching subdomains explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3408 +#: sssd.conf.5.xml:3409 msgid "session_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3411 +#: sssd.conf.5.xml:3412 msgid "" "The provider which configures and manages user session related tasks. The " "only user session task currently provided is the integration with Fleet " @@ -3916,43 +3916,43 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3418 +#: sssd.conf.5.xml:3419 msgid "<quote>ipa</quote> to allow performing user session related tasks." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3422 +#: sssd.conf.5.xml:3423 msgid "" "<quote>none</quote> does not perform any kind of user session related tasks." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3426 +#: sssd.conf.5.xml:3427 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can perform " "session related tasks." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3430 +#: sssd.conf.5.xml:3431 msgid "" "<emphasis>NOTE:</emphasis> In order to have this feature working as expected " "SSSD must be running as \"root\" and not as the unprivileged user." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3438 +#: sssd.conf.5.xml:3439 msgid "autofs_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3441 +#: sssd.conf.5.xml:3442 msgid "" "The autofs provider used for the domain. Supported autofs providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3445 +#: sssd.conf.5.xml:3446 msgid "" "<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3960,7 +3960,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3452 +#: sssd.conf.5.xml:3453 msgid "" "<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> " "<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3968,7 +3968,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3460 +#: sssd.conf.5.xml:3461 msgid "" "<quote>ad</quote> to load maps stored in an AD server. See <citerefentry> " "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3976,24 +3976,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3469 +#: sssd.conf.5.xml:3470 msgid "<quote>none</quote> disables autofs explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3479 +#: sssd.conf.5.xml:3480 msgid "hostid_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3482 +#: sssd.conf.5.xml:3483 msgid "" "The provider used for retrieving host identity information. Supported " "hostid providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3486 +#: sssd.conf.5.xml:3487 msgid "" "<quote>ipa</quote> to load host identity stored in an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" @@ -4001,31 +4001,31 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3494 +#: sssd.conf.5.xml:3495 msgid "<quote>none</quote> disables hostid explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3504 +#: sssd.conf.5.xml:3505 msgid "resolver_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3507 +#: sssd.conf.5.xml:3508 msgid "" "The provider which should handle hosts and networks lookups. Supported " "resolver providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3511 +#: sssd.conf.5.xml:3512 msgid "" "<quote>proxy</quote> to forward lookups to another NSS library. See " "<quote>proxy_resolver_lib_name</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3515 +#: sssd.conf.5.xml:3516 msgid "" "<quote>ldap</quote> to fetch hosts and networks stored in LDAP. See " "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" @@ -4033,7 +4033,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3522 +#: sssd.conf.5.xml:3523 msgid "" "<quote>ad</quote> to fetch hosts and networks stored in AD. See " "<citerefentry> <refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</" @@ -4042,12 +4042,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3530 +#: sssd.conf.5.xml:3531 msgid "<quote>none</quote> disallows fetching hosts and networks explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3543 +#: sssd.conf.5.xml:3544 msgid "" "Regular expression for this domain that describes how to parse the string " "containing user name and domain into these components. The \"domain\" can " @@ -4057,24 +4057,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3552 +#: sssd.conf.5.xml:3553 msgid "" "Default: <quote>^((?P<name>.+)@(?P<domain>[^@]*)|(?P<name>" "[^@]+))$</quote> which allows two different styles for user names:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:3557 sssd.conf.5.xml:3571 +#: sssd.conf.5.xml:3558 sssd.conf.5.xml:3572 msgid "username" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:3560 sssd.conf.5.xml:3574 +#: sssd.conf.5.xml:3561 sssd.conf.5.xml:3575 msgid "username@domain.name" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3565 +#: sssd.conf.5.xml:3566 msgid "" "Default for the AD and IPA provider: <quote>^(((?P<domain>[^\\\\]+)\\" "\\(?P<name>.+))|((?P<name>.+)@(?P<domain>[^@]+))|((?P<" @@ -4083,19 +4083,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:3577 +#: sssd.conf.5.xml:3578 msgid "domain\\username" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3580 +#: sssd.conf.5.xml:3581 msgid "" "While the first two correspond to the general default the third one is " "introduced to allow easy integration of users from Windows domains." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3585 +#: sssd.conf.5.xml:3586 msgid "" "The default re_expression uses the <quote>@</quote> character as a separator " "between the name and the domain. As a result of this setting the default " @@ -4105,89 +4105,89 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3637 +#: sssd.conf.5.xml:3638 msgid "Default: <quote>%1$s@%2$s</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3643 +#: sssd.conf.5.xml:3644 msgid "lookup_family_order (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3646 +#: sssd.conf.5.xml:3647 msgid "" "Provides the ability to select preferred address family to use when " "performing DNS lookups." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3650 +#: sssd.conf.5.xml:3651 msgid "Supported values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3653 +#: sssd.conf.5.xml:3654 msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3656 +#: sssd.conf.5.xml:3657 msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3659 +#: sssd.conf.5.xml:3660 msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3662 +#: sssd.conf.5.xml:3663 msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3665 +#: sssd.conf.5.xml:3666 msgid "Default: ipv4_first" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3671 +#: sssd.conf.5.xml:3672 msgid "dns_resolver_server_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3674 +#: sssd.conf.5.xml:3675 msgid "" "Defines the amount of time (in milliseconds) SSSD would try to talk to DNS " "server before trying next DNS server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3679 +#: sssd.conf.5.xml:3680 msgid "" "The AD provider will use this option for the CLDAP ping timeouts as well." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3683 sssd.conf.5.xml:3703 sssd.conf.5.xml:3724 +#: sssd.conf.5.xml:3684 sssd.conf.5.xml:3704 sssd.conf.5.xml:3725 msgid "" "Please see the section <quote>FAILOVER</quote> for more information about " "the service resolution." msgstr "" #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3688 sssd-ldap.5.xml:644 include/failover.xml:84 +#: sssd.conf.5.xml:3689 sssd-ldap.5.xml:644 include/failover.xml:84 msgid "Default: 1000" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3694 +#: sssd.conf.5.xml:3695 msgid "dns_resolver_op_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3697 +#: sssd.conf.5.xml:3698 msgid "" "Defines the amount of time (in seconds) to wait to resolve single DNS query " "(e.g. resolution of a hostname or an SRV record) before trying the next " @@ -4195,12 +4195,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3714 +#: sssd.conf.5.xml:3715 msgid "dns_resolver_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3717 +#: sssd.conf.5.xml:3718 msgid "" "Defines the amount of time (in seconds) to wait for a reply from the " "internal fail over service before assuming that the service is unreachable. " @@ -4209,12 +4209,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3735 +#: sssd.conf.5.xml:3736 msgid "dns_resolver_use_search_list (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3738 +#: sssd.conf.5.xml:3739 msgid "" "Normally, the DNS resolver searches the domain list defined in the " "\"search\" directive from the resolv.conf file. This can lead to delays in " @@ -4222,7 +4222,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3744 +#: sssd.conf.5.xml:3745 msgid "" "If fully qualified domain names (or _srv_) are used in the SSSD " "configuration, setting this option to FALSE can prevent unnecessary DNS " @@ -4230,71 +4230,71 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3750 +#: sssd.conf.5.xml:3751 #, fuzzy #| msgid "Default: 3" msgid "Default: TRUE" msgstr "默认: 3" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3756 +#: sssd.conf.5.xml:3757 msgid "dns_discovery_domain (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3759 +#: sssd.conf.5.xml:3760 msgid "" "If service discovery is used in the back end, specifies the domain part of " "the service discovery DNS query." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3763 +#: sssd.conf.5.xml:3764 msgid "Default: Use the domain part of machine's hostname" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3769 +#: sssd.conf.5.xml:3770 msgid "override_gid (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3772 +#: sssd.conf.5.xml:3773 msgid "Override the primary GID value with the one specified." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3778 +#: sssd.conf.5.xml:3779 msgid "case_sensitive (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3785 +#: sssd.conf.5.xml:3786 msgid "True" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3788 +#: sssd.conf.5.xml:3789 msgid "Case sensitive. This value is invalid for AD provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3794 +#: sssd.conf.5.xml:3795 msgid "False" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3796 +#: sssd.conf.5.xml:3797 msgid "Case insensitive." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3800 +#: sssd.conf.5.xml:3801 msgid "Preserving" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3803 +#: sssd.conf.5.xml:3804 msgid "" "Same as False (case insensitive), but does not lowercase names in the result " "of NSS operations. Note that name aliases (and in case of services also " @@ -4302,31 +4302,31 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3811 +#: sssd.conf.5.xml:3812 msgid "" "If you want to set this value for trusted domain with IPA provider, you need " "to set it on both the client and SSSD on the server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3781 +#: sssd.conf.5.xml:3782 msgid "" "Treat user and group names as case sensitive. Possible option values are: " "<placeholder type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3826 +#: sssd.conf.5.xml:3827 msgid "Default: True (False for AD provider)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3832 +#: sssd.conf.5.xml:3833 msgid "subdomain_inherit (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3835 +#: sssd.conf.5.xml:3836 msgid "" "Specifies a list of configuration parameters that should be inherited by a " "subdomain. Please note that only selected parameters can be inherited. " @@ -4334,104 +4334,104 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3841 +#: sssd.conf.5.xml:3842 msgid "ldap_search_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3844 +#: sssd.conf.5.xml:3845 msgid "ldap_network_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3847 +#: sssd.conf.5.xml:3848 msgid "ldap_opt_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3850 +#: sssd.conf.5.xml:3851 msgid "ldap_offline_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3853 +#: sssd.conf.5.xml:3854 msgid "ldap_enumeration_refresh_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3856 +#: sssd.conf.5.xml:3857 msgid "ldap_enumeration_refresh_offset" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3859 +#: sssd.conf.5.xml:3860 msgid "ldap_purge_cache_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3862 +#: sssd.conf.5.xml:3863 msgid "ldap_purge_cache_offset" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3865 +#: sssd.conf.5.xml:3866 msgid "" "ldap_krb5_keytab (the value of krb5_keytab will be used if ldap_krb5_keytab " "is not set explicitly)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3869 +#: sssd.conf.5.xml:3870 msgid "ldap_krb5_ticket_lifetime" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3872 +#: sssd.conf.5.xml:3873 msgid "ldap_enumeration_search_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3875 +#: sssd.conf.5.xml:3876 msgid "ldap_connection_expire_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3878 +#: sssd.conf.5.xml:3879 msgid "ldap_connection_expire_offset" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3881 +#: sssd.conf.5.xml:3882 msgid "ldap_connection_idle_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3884 sssd-ldap.5.xml:400 +#: sssd.conf.5.xml:3885 sssd-ldap.5.xml:400 msgid "ldap_use_tokengroups" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3887 +#: sssd.conf.5.xml:3888 msgid "ldap_user_principal" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3890 +#: sssd.conf.5.xml:3891 msgid "ignore_group_members" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3893 +#: sssd.conf.5.xml:3894 msgid "auto_private_groups" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3896 +#: sssd.conf.5.xml:3897 msgid "case_sensitive" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:3901 +#: sssd.conf.5.xml:3902 #, no-wrap msgid "" "subdomain_inherit = ldap_purge_cache_timeout\n" @@ -4439,27 +4439,27 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3908 +#: sssd.conf.5.xml:3909 msgid "Note: This option only works with the IPA and AD provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3915 +#: sssd.conf.5.xml:3916 msgid "subdomain_homedir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3926 +#: sssd.conf.5.xml:3927 msgid "%F" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3927 +#: sssd.conf.5.xml:3928 msgid "flat (NetBIOS) name of a subdomain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3918 +#: sssd.conf.5.xml:3919 msgid "" "Use this homedir as default value for all subdomains within this domain in " "IPA AD trust. See <emphasis>override_homedir</emphasis> for info about " @@ -4469,34 +4469,34 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3932 +#: sssd.conf.5.xml:3933 msgid "" "The value can be overridden by <emphasis>override_homedir</emphasis> option." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3936 +#: sssd.conf.5.xml:3937 msgid "Default: <filename>/home/%d/%u</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3941 +#: sssd.conf.5.xml:3942 msgid "realmd_tags (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3944 +#: sssd.conf.5.xml:3945 msgid "" "Various tags stored by the realmd configuration service for this domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3950 +#: sssd.conf.5.xml:3951 msgid "cached_auth_timeout (int)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3953 +#: sssd.conf.5.xml:3954 msgid "" "Specifies time in seconds since last successful online authentication for " "which user will be authenticated using cached credentials while SSSD is in " @@ -4505,19 +4505,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3961 +#: sssd.conf.5.xml:3962 msgid "" "This option's value is inherited by all trusted domains. At the moment it is " "not possible to set a different value per trusted domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3966 +#: sssd.conf.5.xml:3967 msgid "Special value 0 implies that this feature is disabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3970 +#: sssd.conf.5.xml:3971 msgid "" "Please note that if <quote>cached_auth_timeout</quote> is longer than " "<quote>pam_id_timeout</quote> then the back end could be called to handle " @@ -4525,24 +4525,83 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3981 +#: sssd.conf.5.xml:3982 +msgid "local_auth_policy (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3985 +msgid "" +"Local authentication methods policy. Some backends (i.e. LDAP, proxy " +"provider) only support a password based authentication, while others can " +"handle PKINIT based Smartcard authentication (AD, IPA), two-factor " +"authentication (IPA), or other methods against a central instance. By " +"default in such cases authentication is only performed with the methods " +"supported by the backend." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:3995 +msgid "" +"There are three possible values for this option: match, only, enable. " +"<quote>match</quote> is used to match offline and online states for Kerberos " +"methods. <quote>only</quote> ignores the online methods and only offer the " +"local ones. enable allows explicitly defining the methods for local " +"authentication. As an example, <quote>enable:passkey</quote>, only enables " +"passkey for local authentication. Multiple enable values should be comma-" +"separated, such as <quote>enable:passkey, enable:smartcard</quote>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> +#: sssd.conf.5.xml:4011 +#, no-wrap +msgid "" +"[domain/shadowutils]\n" +"id_provider = proxy\n" +"proxy_lib_name = files\n" +"auth_provider = none\n" +"local_auth_policy = only\n" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4007 +msgid "" +"The following configuration example allows local users to authenticate " +"locally using any enabled method (i.e. smartcard, passkey). <placeholder " +"type=\"programlisting\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4019 +msgid "This option is ignored for the files provider." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4022 +#, fuzzy +#| msgid "Default: 3" +msgid "Default: match" +msgstr "默认: 3" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:4027 msgid "auto_private_groups (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3987 +#: sssd.conf.5.xml:4033 msgid "true" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3990 +#: sssd.conf.5.xml:4036 msgid "" "Create user's private group unconditionally from user's UID number. The GID " "number is ignored in this case." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3994 +#: sssd.conf.5.xml:4040 msgid "" "NOTE: Because the GID number and the user private group are inferred from " "the UID number, it is not supported to have multiple entries with the same " @@ -4551,24 +4610,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4003 +#: sssd.conf.5.xml:4049 msgid "false" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4006 +#: sssd.conf.5.xml:4052 msgid "" "Always use the user's primary GID number. The GID number must refer to a " "group object in the LDAP database." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4012 +#: sssd.conf.5.xml:4058 msgid "hybrid" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4015 +#: sssd.conf.5.xml:4061 msgid "" "A primary group is autogenerated for user entries whose UID and GID numbers " "have the same value and at the same time the GID number does not correspond " @@ -4578,14 +4637,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4028 +#: sssd.conf.5.xml:4074 msgid "" "If the UID and GID of a user are different, then the GID must correspond to " "a group entry, otherwise the GID is simply not resolvable." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4035 +#: sssd.conf.5.xml:4081 msgid "" "This feature is useful for environments that wish to stop maintaining a " "separate group objects for the user private groups, but also wish to retain " @@ -4593,21 +4652,21 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3984 +#: sssd.conf.5.xml:4030 msgid "" "This option takes any of three available values: <placeholder " "type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4047 +#: sssd.conf.5.xml:4093 msgid "" "For subdomains, the default value is False for subdomains that use assigned " "POSIX IDs and True for subdomains that use automatic ID-mapping." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:4055 +#: sssd.conf.5.xml:4101 #, no-wrap msgid "" "[domain/forest.domain/sub.domain]\n" @@ -4615,7 +4674,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:4061 +#: sssd.conf.5.xml:4107 #, no-wrap msgid "" "[domain/forest.domain]\n" @@ -4624,7 +4683,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4052 +#: sssd.conf.5.xml:4098 msgid "" "The value of auto_private_groups can either be set per subdomains in a " "subsection, for example: <placeholder type=\"programlisting\" id=\"0\"/> or " @@ -4633,7 +4692,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:2569 +#: sssd.conf.5.xml:2570 msgid "" "These configuration options can be present in a domain configuration " "section, that is, in a section called <quote>[domain/<replaceable>NAME</" @@ -4641,29 +4700,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4076 +#: sssd.conf.5.xml:4122 msgid "proxy_pam_target (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4079 +#: sssd.conf.5.xml:4125 msgid "The proxy target PAM proxies to." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4082 +#: sssd.conf.5.xml:4128 msgid "" "Default: not set by default, you have to take an existing pam configuration " "or create a new one and add the service name here." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4090 +#: sssd.conf.5.xml:4136 msgid "proxy_lib_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4093 +#: sssd.conf.5.xml:4139 msgid "" "The name of the NSS library to use in proxy domains. The NSS functions " "searched for in the library are in the form of _nss_$(libName)_$(function), " @@ -4671,12 +4730,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4103 +#: sssd.conf.5.xml:4149 msgid "proxy_resolver_lib_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4106 +#: sssd.conf.5.xml:4152 msgid "" "The name of the NSS library to use for hosts and networks lookups in proxy " "domains. The NSS functions searched for in the library are in the form of " @@ -4684,12 +4743,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4117 +#: sssd.conf.5.xml:4163 msgid "proxy_fast_alias (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4120 +#: sssd.conf.5.xml:4166 msgid "" "When a user or group is looked up by name in the proxy provider, a second " "lookup by ID is performed to \"canonicalize\" the name in case the requested " @@ -4698,12 +4757,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4134 +#: sssd.conf.5.xml:4180 msgid "proxy_max_children (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4137 +#: sssd.conf.5.xml:4183 msgid "" "This option specifies the number of pre-forked proxy children. It is useful " "for high-load SSSD environments where sssd may run out of available child " @@ -4711,19 +4770,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4072 +#: sssd.conf.5.xml:4118 msgid "" "Options valid for proxy domains. <placeholder type=\"variablelist\" " "id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:4153 +#: sssd.conf.5.xml:4199 msgid "Application domains" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4155 +#: sssd.conf.5.xml:4201 msgid "" "SSSD, with its D-Bus interface (see <citerefentry> <refentrytitle>sssd-ifp</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry>) is appealing to " @@ -4740,7 +4799,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4175 +#: sssd.conf.5.xml:4221 msgid "" "Please note that the application domain must still be explicitly enabled in " "the <quote>domains</quote> parameter so that the lookup order between the " @@ -4748,17 +4807,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> -#: sssd.conf.5.xml:4181 +#: sssd.conf.5.xml:4227 msgid "Application domain parameters" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4183 +#: sssd.conf.5.xml:4229 msgid "inherit_from (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4186 +#: sssd.conf.5.xml:4232 msgid "" "The SSSD POSIX-type domain the application domain inherits all settings " "from. The application domain can moreover add its own settings to the " @@ -4767,7 +4826,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4200 +#: sssd.conf.5.xml:4246 msgid "" "The following example illustrates the use of an application domain. In this " "setup, the POSIX domain is connected to an LDAP server and is used by the OS " @@ -4777,7 +4836,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><programlisting> -#: sssd.conf.5.xml:4208 +#: sssd.conf.5.xml:4254 #, no-wrap msgid "" "[sssd]\n" @@ -4797,12 +4856,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4228 +#: sssd.conf.5.xml:4274 msgid "TRUSTED DOMAIN SECTION" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4230 +#: sssd.conf.5.xml:4276 msgid "" "Some options used in the domain section can also be used in the trusted " "domain section, that is, in a section called <quote>[domain/" @@ -4813,69 +4872,69 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4237 +#: sssd.conf.5.xml:4283 msgid "ldap_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4238 +#: sssd.conf.5.xml:4284 msgid "ldap_user_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4239 +#: sssd.conf.5.xml:4285 msgid "ldap_group_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4240 +#: sssd.conf.5.xml:4286 msgid "ldap_netgroup_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4241 +#: sssd.conf.5.xml:4287 msgid "ldap_service_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4242 +#: sssd.conf.5.xml:4288 msgid "ldap_sasl_mech," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4243 +#: sssd.conf.5.xml:4289 msgid "ad_server," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4244 +#: sssd.conf.5.xml:4290 msgid "ad_backup_server," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4245 +#: sssd.conf.5.xml:4291 msgid "ad_site," msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4246 sssd-ipa.5.xml:879 +#: sssd.conf.5.xml:4292 sssd-ipa.5.xml:879 msgid "use_fully_qualified_names" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4250 +#: sssd.conf.5.xml:4296 msgid "" "For more details about these options see their individual description in the " "manual page." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4256 +#: sssd.conf.5.xml:4302 msgid "CERTIFICATE MAPPING SECTION" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4258 +#: sssd.conf.5.xml:4304 msgid "" "To allow authentication with Smartcards and certificates SSSD must be able " "to map certificates to users. This can be done by adding the full " @@ -4888,7 +4947,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4272 +#: sssd.conf.5.xml:4318 msgid "" "To make the mapping more flexible mapping and matching rules were added to " "SSSD (see <citerefentry> <refentrytitle>sss-certmap</refentrytitle> " @@ -4896,7 +4955,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4281 +#: sssd.conf.5.xml:4327 msgid "" "A mapping and matching rule can be added to the SSSD configuration in a " "section on its own with a name like <quote>[certmap/" @@ -4905,55 +4964,55 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4288 +#: sssd.conf.5.xml:4334 msgid "matchrule (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4291 +#: sssd.conf.5.xml:4337 msgid "" "Only certificates from the Smartcard which matches this rule will be " "processed, all others are ignored." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4295 +#: sssd.conf.5.xml:4341 msgid "" "Default: KRB5:<EKU>clientAuth, i.e. only certificates which have the " "Extended Key Usage <quote>clientAuth</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4302 +#: sssd.conf.5.xml:4348 msgid "maprule (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4305 +#: sssd.conf.5.xml:4351 msgid "Defines how the user is found for a given certificate." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4311 +#: sssd.conf.5.xml:4357 msgid "" "LDAP:(userCertificate;binary={cert!bin}) for LDAP based providers like " "<quote>ldap</quote>, <quote>AD</quote> or <quote>ipa</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4317 +#: sssd.conf.5.xml:4363 msgid "" "The RULE_NAME for the <quote>files</quote> provider which tries to find a " "user with the same name." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4326 +#: sssd.conf.5.xml:4372 msgid "domains (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4329 +#: sssd.conf.5.xml:4375 msgid "" "Comma separated list of domain names the rule should be applied. By default " "a rule is only valid in the domain configured in sssd.conf. If the provider " @@ -4962,17 +5021,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4336 +#: sssd.conf.5.xml:4382 msgid "Default: the configured domain in sssd.conf" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4341 +#: sssd.conf.5.xml:4387 msgid "priority (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4344 +#: sssd.conf.5.xml:4390 msgid "" "Unsigned integer value defining the priority of the rule. The higher the " "number the lower the priority. <quote>0</quote> stands for the highest " @@ -4980,26 +5039,26 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4350 +#: sssd.conf.5.xml:4396 msgid "Default: the lowest priority" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4356 +#: sssd.conf.5.xml:4402 msgid "" "To make the configuration simple and reduce the amount of configuration " "options the <quote>files</quote> provider has some special properties:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4362 +#: sssd.conf.5.xml:4408 msgid "" "if maprule is not set the RULE_NAME name is assumed to be the name of the " "matching user" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4368 +#: sssd.conf.5.xml:4414 msgid "" "if a maprule is used both a single user name or a template like " "<quote>{subject_rfc822_name.short_name}</quote> must be in braces like e.g. " @@ -5008,17 +5067,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4377 +#: sssd.conf.5.xml:4423 msgid "the <quote>domains</quote> option is ignored" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4385 +#: sssd.conf.5.xml:4431 msgid "PROMPTING CONFIGURATION SECTION" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4387 +#: sssd.conf.5.xml:4433 msgid "" "If a special file (<filename>/var/lib/sss/pubconf/pam_preauth_available</" "filename>) exists SSSD's PAM module pam_sss will ask SSSD to figure out " @@ -5028,7 +5087,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4395 +#: sssd.conf.5.xml:4441 msgid "" "With the growing number of authentication methods and the possibility that " "there are multiple ones for a single user the heuristic used by pam_sss to " @@ -5037,59 +5096,59 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4407 +#: sssd.conf.5.xml:4453 msgid "[prompting/password]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4410 +#: sssd.conf.5.xml:4456 msgid "password_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4411 +#: sssd.conf.5.xml:4457 msgid "to change the string of the password prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4409 +#: sssd.conf.5.xml:4455 msgid "" "to configure password prompting, allowed options are: <placeholder " "type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4419 +#: sssd.conf.5.xml:4465 msgid "[prompting/2fa]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4423 +#: sssd.conf.5.xml:4469 msgid "first_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4424 +#: sssd.conf.5.xml:4470 msgid "to change the string of the prompt for the first factor" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4427 +#: sssd.conf.5.xml:4473 msgid "second_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4428 +#: sssd.conf.5.xml:4474 msgid "to change the string of the prompt for the second factor" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4431 +#: sssd.conf.5.xml:4477 msgid "single_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4432 +#: sssd.conf.5.xml:4478 msgid "" "boolean value, if True there will be only a single prompt using the value of " "first_prompt where it is expected that both factors are entered as a single " @@ -5098,7 +5157,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4421 +#: sssd.conf.5.xml:4467 msgid "" "to configure two-factor authentication prompting, allowed options are: " "<placeholder type=\"variablelist\" id=\"0\"/> If the second factor is " @@ -5107,17 +5166,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4449 +#: sssd.conf.5.xml:4495 msgid "[prompting/passkey]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4455 sssd-ad.5.xml:1021 +#: sssd.conf.5.xml:4501 sssd-ad.5.xml:1021 msgid "interactive" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4457 +#: sssd.conf.5.xml:4503 msgid "" "boolean value, if True prompt a message and wait before testing the presence " "of a passkey device. Recommended if your device doesn’t have a tactile " @@ -5125,46 +5184,46 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4465 +#: sssd.conf.5.xml:4511 msgid "interactive_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4467 +#: sssd.conf.5.xml:4513 msgid "to change the message of the interactive prompt." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4472 +#: sssd.conf.5.xml:4518 msgid "touch" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4474 +#: sssd.conf.5.xml:4520 msgid "" "boolean value, if True prompt a message to remind the user to touch the " "device." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4480 +#: sssd.conf.5.xml:4526 msgid "touch_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4482 +#: sssd.conf.5.xml:4528 msgid "to change the message of the touch prompt." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4451 +#: sssd.conf.5.xml:4497 msgid "" "to configure passkey authentication prompting, allowed options are: " "<placeholder type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4402 +#: sssd.conf.5.xml:4448 msgid "" "Each supported authentication method has its own configuration subsection " "under <quote>[prompting/...]</quote>. Currently there are: <placeholder " @@ -5173,7 +5232,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4493 +#: sssd.conf.5.xml:4539 msgid "" "It is possible to add a subsection for specific PAM services, e.g. " "<quote>[prompting/password/sshd]</quote> to individual change the prompting " @@ -5181,12 +5240,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4500 pam_sss_gss.8.xml:157 idmap_sss.8.xml:43 +#: sssd.conf.5.xml:4546 pam_sss_gss.8.xml:157 idmap_sss.8.xml:43 msgid "EXAMPLES" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4506 +#: sssd.conf.5.xml:4552 #, no-wrap msgid "" "[sssd]\n" @@ -5216,7 +5275,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4502 +#: sssd.conf.5.xml:4548 msgid "" "1. The following example shows a typical SSSD config. It does not describe " "configuration of the domains themselves - refer to documentation on " @@ -5225,7 +5284,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4539 +#: sssd.conf.5.xml:4585 #, no-wrap msgid "" "[domain/ipa.com/child.ad.com]\n" @@ -5233,7 +5292,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4533 +#: sssd.conf.5.xml:4579 msgid "" "2. The following example shows configuration of IPA AD trust where the AD " "forest consists of two domains in a parent-child structure. Suppose IPA " @@ -5244,7 +5303,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4550 +#: sssd.conf.5.xml:4596 #, no-wrap msgid "" "[certmap/my.domain/rule_name]\n" @@ -5255,7 +5314,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4544 +#: sssd.conf.5.xml:4590 msgid "" "3. The following example shows the configuration of a certificate mapping " "rule. It is valid for the configured domain <quote>my.domain</quote> and " @@ -17252,7 +17311,7 @@ msgstr "" #: include/ldap_id_mapping.xml:235 msgid "" "When this option is configured, domains will be allocated starting with " -"slice zero and increasing monatomically with each additional domain." +"slice zero and increasing monotonically with each additional domain." msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> From a62efb76eec01ebe748bf202025fc1b29a337dd7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com> Date: Thu, 7 Sep 2023 12:07:11 +0200 Subject: [PATCH 140/280] tests: include passkey test code only if passkey is built Otherwise `make check` fails. Reviewed-by: Alexey Tikhonov <atikhono@redhat.com> Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com> (cherry picked from commit 725c5541d4ee8b47b3877ede2599cf60d7de21d3) --- src/tests/cmocka/test_pam_srv.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/tests/cmocka/test_pam_srv.c b/src/tests/cmocka/test_pam_srv.c index 6c60a5aca6a..6578a7cdab9 100644 --- a/src/tests/cmocka/test_pam_srv.c +++ b/src/tests/cmocka/test_pam_srv.c @@ -337,6 +337,7 @@ static int pam_test_setup(void **state) return 0; } +#ifdef BUILD_PASSKEY static int pam_test_setup_passkey(void **state) { struct sss_test_conf_param dom_params[] = { @@ -364,6 +365,7 @@ static int pam_test_setup_passkey(void **state) pam_test_setup_common(); return 0; } +#endif #ifdef HAVE_TEST_CA static int pam_test_setup_no_verification(void **state) From 644cd599fd9a96ea5c445c830e09f53701d5900d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com> Date: Thu, 7 Sep 2023 12:23:33 +0200 Subject: [PATCH 141/280] Release sssd-2.9.2 --- version.m4 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/version.m4 b/version.m4 index d970b4a1318..fc6ee2b6d28 100644 --- a/version.m4 +++ b/version.m4 @@ -1,5 +1,5 @@ # Primary version number -m4_define([VERSION_NUMBER], [2.9.1]) +m4_define([VERSION_NUMBER], [2.9.2]) # If the PRERELEASE_VERSION_NUMBER is set, we'll append # it to the release tag when creating an RPM or SRPM From 0a429107a4133760d042586a9ae80ef06ffb96e1 Mon Sep 17 00:00:00 2001 From: Patrik Rosecky <prosecky@redhat.com> Date: Tue, 25 Jul 2023 14:03:23 +0200 Subject: [PATCH 142/280] tests: convert multihost/basic/test_basic to test_kcm and test_authentication MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Reviewed-by: Alejandro López <allopez@redhat.com> Reviewed-by: Jakub Vávra <jvavra@redhat.com> Reviewed-by: Pavel Březina <pbrezina@redhat.com> (cherry picked from commit 376534022aebf11d23ee2b70ef13d17ca3842aea) --- src/tests/multihost/basic/test_basic.py | 4 + src/tests/system/tests/test_authentication.py | 86 +++++++++++++++++++ src/tests/system/tests/test_kcm.py | 38 ++++++++ 3 files changed, 128 insertions(+) create mode 100644 src/tests/system/tests/test_authentication.py diff --git a/src/tests/multihost/basic/test_basic.py b/src/tests/multihost/basic/test_basic.py index 214cecc48e5..72f092eba2f 100644 --- a/src/tests/multihost/basic/test_basic.py +++ b/src/tests/multihost/basic/test_basic.py @@ -6,6 +6,7 @@ :upstream: yes :status: approved """ +import pytest import time import configparser as ConfigParser from sssd.testlib.common.utils import sssdTools @@ -13,6 +14,7 @@ class TestSanitySSSD(object): """ Basic Sanity Test cases """ + @pytest.mark.converted('test_authentication.py', 'test_authentication__login') @staticmethod def test_ssh_user_login(multihost): """ @@ -23,6 +25,7 @@ def test_ssh_user_login(multihost): ssh0 = client.auth_from_client("foo1", 'Secret123') == 3 assert ssh0, "Authentication Failed as user foo1" + @pytest.mark.converted('test_kcm.py', 'test_kcm__simple_kinit') @staticmethod def test_kinit(multihost): """ @@ -39,6 +42,7 @@ def test_kinit(multihost): f'su - {user} -c "klist"', raiseonerr=False) assert cmd2.returncode == 0, "klist failed!" + @pytest.mark.converted('test_authentication.py', 'test_authentication__offline_login') @staticmethod def test_offline_ssh_login(multihost): """ diff --git a/src/tests/system/tests/test_authentication.py b/src/tests/system/tests/test_authentication.py new file mode 100644 index 00000000000..bf30c180f54 --- /dev/null +++ b/src/tests/system/tests/test_authentication.py @@ -0,0 +1,86 @@ +""" +SSSD Sanity Test Cases + +:requirement: offline +""" +from __future__ import annotations + +import pytest +from sssd_test_framework.roles.client import Client +from sssd_test_framework.roles.generic import GenericProvider +from sssd_test_framework.topology import KnownTopologyGroup + + +@pytest.mark.topology(KnownTopologyGroup.AnyProvider) +@pytest.mark.parametrize("method", ["su", "ssh"]) +def test_authentication__login(client: Client, provider: GenericProvider, method: str): + """ + :title: ssh/su login + :setup: + 1. Add user to SSSD + 2. Set password for user + 3. Start SSSD + :steps: + 1. Authenticate user with correct password + 2. Authenticate user with incorrect password + :expectedresults: + 1. User is authenticated + 2. User is not authenticated + :customerscenario: False + """ + provider.user("user1").add(password="Secret123") + + client.sssd.start() + + assert client.auth.parametrize(method).password("user1", "Secret123"), "login with correct password failed" + assert not client.auth.parametrize(method).password("user1", "NOTSecret123"), "login with wrong password succeeded" + + +@pytest.mark.topology(KnownTopologyGroup.AnyProvider) +@pytest.mark.parametrize("method", ["su", "ssh"]) +def test_authentication__offline_login(client: Client, provider: GenericProvider, method: str): + """ + :title: Offline ssh/su login + :setup: + 1. Add user to SSSD and set its password + 2. In SSSD domain change "cache_credentials" and "krb5_store_password_if_offline" to "True" + 3. In SSSD pam change "offline_credentials_expiration" to "0" + 4. Start SSSD + :steps: + 1. Authenticate user with wrong password + 2. Authenticate user with correct password + 3. Make server offline (by removing firewall rules for LDAP, KDC and Global Catalog ports) + 4. Bring SSSD offline explicitly + 5. Offline authentication of user with correct password + 6. Offline authentication of user with wrong password + :expectedresults: + 1. User is not authenticated + 2. User is authenticated + 3. Firewall rules dropped + 4. SSSD is offline + 5. Offline authentication is successful + 6. Offline authentication is not successful + :customerscenario: False + """ + user = "user1" + correct = "Secret123" + wrong = "Wrong123" + provider.user(user).add(password=correct) + + client.sssd.domain["cache_credentials"] = "True" + client.sssd.domain["krb5_store_password_if_offline"] = "True" + client.sssd.pam["offline_credentials_expiration"] = "0" + client.sssd.start() + + assert not client.auth.parametrize(method).password(user, wrong), "login with wrong password succeeded" + assert client.auth.parametrize(method).password(user, correct), "login with correct password failed" + + # Block KDC, LDAP and Global Catalog ports. + provider.firewall.drop([88, 389, 3268]) + + # There might be active connections that are not terminated by creating firewall rule. + # We need to terminated it by bringing SSSD to offline state explicitly. + client.sssd.bring_offline() + + assert client.auth.parametrize(method).password(user, correct), "offline login with correct password failed" + assert not client.auth.parametrize(method).password(user, wrong), "offline login with wrong password succeeded" diff --git a/src/tests/system/tests/test_kcm.py b/src/tests/system/tests/test_kcm.py index aa7b61608c5..6a6ed020f5d 100644 --- a/src/tests/system/tests/test_kcm.py +++ b/src/tests/system/tests/test_kcm.py @@ -9,6 +9,7 @@ import time import pytest +from pytest_mh.ssh import SSHProcessError from sssd_test_framework.roles.client import Client from sssd_test_framework.roles.kdc import KDC from sssd_test_framework.topology import KnownTopology @@ -363,3 +364,40 @@ def test_kcm__tgt_renewal(client: Client, kdc: KDC): (renew_start, _) = krb.list_tgt_times(kdc.realm) assert init_start < renew_start + + +@pytest.mark.topology(KnownTopology.Client) +def test_kcm__simple_kinit(client: Client, kdc: KDC): + """ + :title: kinit is successfull after user login + :setup: + 1. Add 'user1' to kdc and set its password + 2. Add 'user1' to local and set its password + 3. Configure Kerberos to allow KCM tests + :steps: + 1. Authenticate user with ssh + 2. Authenticate to kerberos + 3. Call "kinit" with correct password + 4. Call "kinit" with wrong password + 5. Call "klist" + :expectedresults: + 1. User is authenticated + 2. User is authenticated + 3. Call is successful + 4. Call is not successful + 5. Call is successful + :customerscenario: False + """ + username = "user1" + password = "Secret123" + + kdc.principal(username).add(password=password) + client.local.user(username).add(password=password) + client.sssd.common.kcm(kdc) + + with client.ssh(username, password) as ssh: + with client.auth.kerberos(ssh) as krb: + assert krb.kinit(username, password=password).rc == 0, "Kinit with correct password failed" + with pytest.raises(SSHProcessError): + krb.kinit(username, password="wrong") + assert krb.klist().rc == 0, "Klist failed" From f1a11708aeddf39cdb0bef547e62eff3d9f6bf48 Mon Sep 17 00:00:00 2001 From: Jakub Vavra <jvavra@redhat.com> Date: Tue, 5 Sep 2023 13:26:01 +0200 Subject: [PATCH 143/280] Tests: Print krb5.conf when joining realm. Reviewed-by: Madhuri Upadhye <mupadhye@redhat.com> (cherry picked from commit 6540a67c9dac1c4b1c313797b169a32d94702819) --- src/tests/multihost/sssd/testlib/common/utils.py | 1 + 1 file changed, 1 insertion(+) diff --git a/src/tests/multihost/sssd/testlib/common/utils.py b/src/tests/multihost/sssd/testlib/common/utils.py index 38d9833d755..f32509d9ff0 100644 --- a/src/tests/multihost/sssd/testlib/common/utils.py +++ b/src/tests/multihost/sssd/testlib/common/utils.py @@ -392,6 +392,7 @@ def realm_join(self, domainname, admin_password, f'--server-software={server_software} ' \ f'--membership-software={membership_software} -v' print(realm_cmd) + self.multihost.run_command("cat /etc/krb5.conf", raiseonerr=False) cmd = self.multihost.run_command(realm_cmd, stdin_text=admin_password, raiseonerr=False) if cmd.returncode == 124: From cb1c59c7a71b5cf19877a4018befb445118f343d Mon Sep 17 00:00:00 2001 From: Jakub Vavra <jvavra@redhat.com> Date: Wed, 6 Sep 2023 08:11:21 +0200 Subject: [PATCH 144/280] Tests: Split package installation to different transactions. When package is missing/broken the dnf does not install anything on fedora this prevented automation working properly. This way the "optional" packages are installed separately. Reviewed-by: Madhuri Upadhye <mupadhye@redhat.com> (cherry picked from commit 8fc5aadb1fbdf3ae1fdacc9dc9855db87f521650) --- .../multihost/sssd/testlib/common/utils.py | 36 ++++++++++++------- 1 file changed, 23 insertions(+), 13 deletions(-) diff --git a/src/tests/multihost/sssd/testlib/common/utils.py b/src/tests/multihost/sssd/testlib/common/utils.py index f32509d9ff0..534e85b831e 100644 --- a/src/tests/multihost/sssd/testlib/common/utils.py +++ b/src/tests/multihost/sssd/testlib/common/utils.py @@ -78,32 +78,42 @@ def client_install_pkgs(self): """ Install common required packages """ pkgs = 'adcli realmd samba samba-common-tools krb5-workstation '\ 'oddjob oddjob-mkhomedir ldb-tools samba-winbind '\ - 'samba-winbind-clients autofs nfs-utils authconfig '\ - 'authselect cifs-utils openldap-clients firewalld '\ - 'tcpdump wireshark-cli expect rsyslog gcc gcc-c++ pam-devel '\ - 'tdb-tools libkcapi-hmaccalc strace iproute-tc python3-libsss_nss_idmap ' + 'samba-winbind-clients autofs nfs-utils rsyslog '\ + 'cifs-utils openldap-clients tdb-tools '\ + 'tcpdump wireshark-cli expect gcc gcc-c++ pam-devel '\ + 'libkcapi-hmaccalc strace iproute-tc python3-libsss_nss_idmap' sssd_pkgs = 'sssd sssd-tools sssd-proxy sssd-winbind-idmap '\ 'libsss_autofs sssd-kcm sssd-dbus' - extra_pkg = ' nss-pam-ldapd krb5-pkinit' - distro = self.multihost.distro - if '8.' in distro: - pkgs = pkgs + extra_pkg - if '7.' in distro or '8.' in distro or '9.' in distro: - sssd_pkgs = sssd_pkgs + " libsss_simpleifp" + # Packages that might or might not be available depending on distro + # are installed in own transactions not to prevent others + # to be installed. It is due to difference between yum and dnf when dnf + # does not install anything when one of the packages is missing. + # It can be changed in dnf config by strict=0, but it would be hard to + # do here without a massive refactoring. + standalalone_pkgs = [ + 'authselect', 'authconfig', 'firewalld', 'libsss_simpleifp', + 'nss-pam-ldapd', 'krb5-pkinit' + ] + for pkg in standalalone_pkgs: + self.multihost.package_mgmt(pkg, action='install') self.multihost.package_mgmt(pkgs, action='install') self.multihost.package_mgmt(sssd_pkgs, action='install') def server_install_pkgs(self): """ Install common required packages on server""" pkgs = 'adcli realmd samba samba-common-tools krb5-workstation '\ - 'samba-winbind-clients nfs-utils authconfig openldap-clients '\ - 'authselect krb5-server cifs-utils expect rsyslog 389-ds-base' + 'samba-winbind-clients nfs-utils openldap-clients '\ + 'krb5-server cifs-utils expect 389-ds-base rsyslog' sssd_pkgs = 'sssd sssd-tools sssd-proxy sssd-winbind-idmap '\ - 'libsss_autofs libsss_simpleifp sssd-kcm sssd-dbus' + 'libsss_autofs sssd-kcm sssd-dbus' + # See comment in client_install_pkgs + standalalone_pkgs = ['authselect', 'authconfig', 'libsss_simpleifp'] distro = self.multihost.distro if '8.' in distro: enable_idm = 'yum module enable idm:DL1 -y' self.multihost.run_command(enable_idm) + for pkg in standalalone_pkgs: + self.multihost.package_mgmt(pkg, action='install') self.multihost.package_mgmt(pkgs, action='install') self.multihost.package_mgmt(sssd_pkgs, action='install') From f117da5a0447cf1879244b70916efe6f0e7875e0 Mon Sep 17 00:00:00 2001 From: Jakub Vavra <jvavra@redhat.com> Date: Wed, 6 Sep 2023 08:55:40 +0200 Subject: [PATCH 145/280] Tests: Handle dns with systemd resolved. Reviewed-by: Madhuri Upadhye <mupadhye@redhat.com> (cherry picked from commit e73efe153dd2e9ee753cf416030e135700434a67) --- src/tests/multihost/sssd/testlib/common/utils.py | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/src/tests/multihost/sssd/testlib/common/utils.py b/src/tests/multihost/sssd/testlib/common/utils.py index 534e85b831e..5816270f553 100644 --- a/src/tests/multihost/sssd/testlib/common/utils.py +++ b/src/tests/multihost/sssd/testlib/common/utils.py @@ -153,6 +153,12 @@ def update_resolv_conf(self, ip_addr): self.multihost.run_command("chattr -i /etc/resolv.conf", raiseonerr=False) self.multihost.put_file_contents('/etc/resolv.conf', contents) self.multihost.run_command("chattr +i /etc/resolv.conf", raiseonerr=False) + # Try to change dns settings on a machine with systemd.resolved + change_stub = f"sed -ie 's/#\?DNS=.*/DNS={ip_addr}/' /etc/systemd/resolved.conf" + self.multihost.run_command(change_stub, raiseonerr=False) + self.multihost.run_command( + "systemctl restart systemd-resolved", raiseonerr=False + ) def update_etc_hosts(self, ip_addr, hostname): """ Update /etc/hosts with ipaddress and hostname @@ -402,7 +408,6 @@ def realm_join(self, domainname, admin_password, f'--server-software={server_software} ' \ f'--membership-software={membership_software} -v' print(realm_cmd) - self.multihost.run_command("cat /etc/krb5.conf", raiseonerr=False) cmd = self.multihost.run_command(realm_cmd, stdin_text=admin_password, raiseonerr=False) if cmd.returncode == 124: @@ -412,6 +417,8 @@ def realm_join(self, domainname, admin_password, self.service_ctrl('stop', 'realmd') raise SSSDException(f"realm join timed out! {cmd.stderr_text}") elif cmd.returncode != 0: + self.multihost.run_command("cat /etc/krb5.conf", raiseonerr=False) + self.multihost.run_command("resolvectl dns", raiseonerr=False) raise SSSDException("Error: %s" % cmd.stderr_text) else: return cmd.stderr_text From 71ca2053bfb6d67bf074936fa03df1602a8951fa Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com> Date: Thu, 10 Aug 2023 13:16:51 +0200 Subject: [PATCH 146/280] tests: add sssd_test_framework.markers plugin This loads additional markers defined in the sssd_test_framework. Currently, there is only `builtwith` to check if SSSD was built with particular feature (files-provider only at this moment). Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com> Reviewed-by: Justin Stephenson <jstephen@redhat.com> (cherry picked from commit 233a846e864fe2a364e05d08c3ae91475b5916d1) --- src/tests/system/conftest.py | 1 + 1 file changed, 1 insertion(+) diff --git a/src/tests/system/conftest.py b/src/tests/system/conftest.py index 1c94ceec4d0..c53ae5f5fe8 100644 --- a/src/tests/system/conftest.py +++ b/src/tests/system/conftest.py @@ -11,6 +11,7 @@ "pytest_mh", "pytest_ticket", "sssd_test_framework.fixtures", + "sssd_test_framework.markers", ) From 674ee267c63222427297d66a8719b75e381e39ae Mon Sep 17 00:00:00 2001 From: Dan Lavu <dlavu@redhat.com> Date: Thu, 24 Aug 2023 22:20:28 -0400 Subject: [PATCH 147/280] tests: adding group and importance markers MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Reviewed-by: Jakub Vávra <jvavra@redhat.com> Reviewed-by: Pavel Březina <pbrezina@redhat.com> (cherry picked from commit f05d4ec1ecdaef90f3272504dbd9ac6c2e7aa8d8) --- src/tests/system/pytest.ini | 12 +++- src/tests/system/tests/test_autofs.py | 4 ++ src/tests/system/tests/test_config.py | 5 ++ src/tests/system/tests/test_id.py | 12 ++++ src/tests/system/tests/test_kcm.py | 12 ++++ src/tests/system/tests/test_ldap.py | 2 + .../system/tests/test_ldap_extra_attrs.py | 2 + src/tests/system/tests/test_memory_cache.py | 56 +++++++++++++++++++ src/tests/system/tests/test_netgroups.py | 4 ++ src/tests/system/tests/test_shadow.py | 2 + src/tests/system/tests/test_sssctl.py | 4 ++ .../system/tests/test_sssctl_config_check.py | 6 ++ src/tests/system/tests/test_sudo.py | 26 ++++++++- 13 files changed, 143 insertions(+), 4 deletions(-) diff --git a/src/tests/system/pytest.ini b/src/tests/system/pytest.ini index 92e4ce31eef..ecc40bc8518 100644 --- a/src/tests/system/pytest.ini +++ b/src/tests/system/pytest.ini @@ -2,6 +2,14 @@ addopts = --strict-markers testpaths = tests markers = - slow: marks tests as slow (deselect with '-m "not slow"') - contains_workaround_for(gh=...,bz=...): test requires workaround for an existing bug + authentication: + authorization: + cache: + contains_workaround_for(gh=...,bz=...): + identity: + schema: + slow: + tools: ticket_tools = bz,gh,jira + +# For marker descriptions please look at https://tests.sssd.io/en/latest/marks.html diff --git a/src/tests/system/tests/test_autofs.py b/src/tests/system/tests/test_autofs.py index efe112231a3..c756b9a2e27 100644 --- a/src/tests/system/tests/test_autofs.py +++ b/src/tests/system/tests/test_autofs.py @@ -13,6 +13,7 @@ from sssd_test_framework.topology import KnownTopologyGroup +@pytest.mark.importance("critical") @pytest.mark.ticket(gh=6739) @pytest.mark.parametrize("cache_first", [False, True]) @pytest.mark.topology(KnownTopologyGroup.AnyProvider) @@ -60,6 +61,7 @@ def test_autofs__cache_first(client: Client, nfs: NFS, provider: GenericProvider } +@pytest.mark.importance("medium") @pytest.mark.topology(KnownTopologyGroup.AnyProvider) def test_autofs__propagate_offline__single_domain(client: Client, provider: GenericProvider): """ @@ -97,6 +99,7 @@ def test_autofs__propagate_offline__single_domain(client: Client, provider: Gene assert offline_status_propagated +@pytest.mark.importance("critical") @pytest.mark.topology(KnownTopologyGroup.AnyProvider) def test_autofs__propagate_offline__multi_domain(client: Client): """ @@ -144,6 +147,7 @@ def test_autofs__propagate_offline__multi_domain(client: Client): assert offline_status_propagated +@pytest.mark.importance("critical") @pytest.mark.topology(KnownTopologyGroup.AnyProvider) def test_autofs__offline_domains(client: Client, nfs: NFS, provider: GenericProvider): """ diff --git a/src/tests/system/tests/test_config.py b/src/tests/system/tests/test_config.py index 080be6911ed..b4a522a05ee 100644 --- a/src/tests/system/tests/test_config.py +++ b/src/tests/system/tests/test_config.py @@ -11,6 +11,7 @@ from sssd_test_framework.topology import KnownTopologyGroup +@pytest.mark.importance("critical") @pytest.mark.topology(KnownTopologyGroup.AnyProvider) def test_config__change_config_while_sssd_running(client: Client): """ @@ -46,6 +47,8 @@ def test_config__change_config_while_sssd_running(client: Client): assert result["cn=pam,cn=config"]["debug_level"] == ["1"] +@pytest.mark.importance("critical") +@pytest.mark.config @pytest.mark.topology(KnownTopologyGroup.AnyProvider) def test_config__genconf_particular_section(client: Client): """ @@ -91,6 +94,7 @@ def test_config__genconf_particular_section(client: Client): assert result["cn=nss,cn=config"]["debug_level"] == ["9"] +@pytest.mark.importance("critical") @pytest.mark.topology(KnownTopologyGroup.AnyProvider) def test_config__add_remove_section(client: Client): """ @@ -149,6 +153,7 @@ def test_config__add_remove_section(client: Client): assert result["cn=new_section,cn=config"]["key"] != ["value"] +@pytest.mark.importance("critical") @pytest.mark.topology(KnownTopologyGroup.AnyProvider) def test_config__genconf_no_such_section(client: Client): """ diff --git a/src/tests/system/tests/test_id.py b/src/tests/system/tests/test_id.py index dc759ef17fe..8ee34b6f729 100644 --- a/src/tests/system/tests/test_id.py +++ b/src/tests/system/tests/test_id.py @@ -12,6 +12,7 @@ from sssd_test_framework.topology import KnownTopologyGroup +@pytest.mark.importance("critical") @pytest.mark.topology(KnownTopologyGroup.AnyProvider) def test_id__getpwnam(client: Client, provider: GenericProvider): """ @@ -44,6 +45,7 @@ def test_id__getpwnam(client: Client, provider: GenericProvider): assert result.user.id == uid, f"User id {result.user.id} is incorrect, {uid} expected" +@pytest.mark.importance("critical") @pytest.mark.topology(KnownTopologyGroup.AnyProvider) def test_id__getpwuid(client: Client, provider: GenericProvider): """ @@ -76,6 +78,7 @@ def test_id__getpwuid(client: Client, provider: GenericProvider): assert result.user.id == uid, f"User id {result.user.id} is incorrect, {uid} expected" +@pytest.mark.importance("critical") @pytest.mark.topology(KnownTopologyGroup.AnyProvider) def test_id__getgrnam(client: Client, provider: GenericProvider): """ @@ -108,6 +111,7 @@ def test_id__getgrnam(client: Client, provider: GenericProvider): assert result.gid == gid, f"Group gid {result.gid} is incorrect, {gid} expected" +@pytest.mark.importance("critical") @pytest.mark.topology(KnownTopologyGroup.AnyProvider) def test_id__getgrgid(client: Client, provider: GenericProvider): """ @@ -140,6 +144,7 @@ def test_id__getgrgid(client: Client, provider: GenericProvider): assert result.gid == gid, f"Group gid {result.gid} is incorrect, {gid} expected" +@pytest.mark.importance("critical") @pytest.mark.topology(KnownTopologyGroup.AnyProvider) def test_id__getent_passwd(client: Client, provider: GenericProvider): """ @@ -181,6 +186,7 @@ def test_id__getent_passwd(client: Client, provider: GenericProvider): assert result.uid == uid, f"User id {result.uid} is incorrect, {uid} expected" +@pytest.mark.importance("critical") @pytest.mark.topology(KnownTopologyGroup.AnyProvider) def test_id__getent_group(client: Client, provider: GenericProvider): """ @@ -220,6 +226,7 @@ def test_id__getent_group(client: Client, provider: GenericProvider): assert result.gid == id, f"Group gid {result.gid} is incorrect, {id} expected" +@pytest.mark.importance("critical") @pytest.mark.topology(KnownTopologyGroup.AnyProvider) def test_id__membership_by_group_name(client: Client, provider: GenericProvider): """ @@ -252,6 +259,7 @@ def test_id__membership_by_group_name(client: Client, provider: GenericProvider) assert result.memberof(groups), f"User {name} is member of wrong groups" +@pytest.mark.importance("critical") @pytest.mark.topology(KnownTopologyGroup.AnyProvider) def test_id__membership_by_group_id(client: Client, provider: GenericProvider): """ @@ -285,6 +293,7 @@ def test_id__membership_by_group_id(client: Client, provider: GenericProvider): assert result.memberof(gids), f"User {name} is member of wrong groups" +@pytest.mark.importance("critical") @pytest.mark.topology(KnownTopologyGroup.AnyProvider) def test_id__initgroups(client: Client, provider: GenericProvider): """ @@ -323,6 +332,7 @@ def test_id__initgroups(client: Client, provider: GenericProvider): assert result.memberof([10001, 10002, 10003]), f"User {name} is member of wrong groups" +@pytest.mark.importance("critical") @pytest.mark.topology(KnownTopologyGroup.AnyProvider) def test_id__getpwnam_fully_qualified_names(client: Client, provider: GenericProvider): """ @@ -365,6 +375,7 @@ def test_id__getpwnam_fully_qualified_names(client: Client, provider: GenericPro assert result.user.id == 10002, f"User id {result.user.id} is incorrect, 10002 expected" +@pytest.mark.importance("critical") @pytest.mark.topology(KnownTopologyGroup.AnyProvider) def test_id__case_insensitive(client: Client, provider: GenericProvider): """ @@ -409,6 +420,7 @@ def test_id__case_insensitive(client: Client, provider: GenericProvider): assert result.user.id == uid, f"User id {result.user.id} is incorrect, {uid} expected" +@pytest.mark.importance("critical") @pytest.mark.topology(KnownTopologyGroup.AnyProvider) def test_id__fq_names_case_insensitive(client: Client, provider: GenericProvider): """ diff --git a/src/tests/system/tests/test_kcm.py b/src/tests/system/tests/test_kcm.py index 6a6ed020f5d..942e8675010 100644 --- a/src/tests/system/tests/test_kcm.py +++ b/src/tests/system/tests/test_kcm.py @@ -15,6 +15,8 @@ from sssd_test_framework.topology import KnownTopology +@pytest.mark.importance("critical") +@pytest.mark.authentication @pytest.mark.topology(KnownTopology.Client) @pytest.mark.parametrize("ccache_storage", ["memory", "secdb"]) def test_kcm__kinit_overwrite(client: Client, kdc: KDC, ccache_storage: str): @@ -61,6 +63,8 @@ def test_kcm__kinit_overwrite(client: Client, kdc: KDC, ccache_storage: str): assert krb.cache_count() == 1 +@pytest.mark.importance("critical") +@pytest.mark.authentication @pytest.mark.topology(KnownTopology.Client) @pytest.mark.parametrize("ccache_storage", ["memory", "secdb"]) def test_kcm__kinit_collection(client: Client, kdc: KDC, ccache_storage: str): @@ -150,6 +154,8 @@ def test_kcm__kinit_collection(client: Client, kdc: KDC, ccache_storage: str): assert krb.cache_count() == 0 +@pytest.mark.importance("critical") +@pytest.mark.authentication @pytest.mark.topology(KnownTopology.Client) @pytest.mark.parametrize("ccache_storage", ["memory", "secdb"]) def test_kcm__kswitch(client: Client, kdc: KDC, ccache_storage: str): @@ -218,6 +224,8 @@ def test_kcm__kswitch(client: Client, kdc: KDC, ccache_storage: str): assert krb.has_tickets("bob", kdc.realm, [kdc.tgt, kdc.qualify("host/bob")]) +@pytest.mark.importance("critical") +@pytest.mark.authentication @pytest.mark.topology(KnownTopology.Client) @pytest.mark.parametrize("ccache_storage", ["memory", "secdb"]) def test_kcm__subsidiaries(client: Client, kdc: KDC, ccache_storage: str): @@ -293,6 +301,8 @@ def test_kcm__subsidiaries(client: Client, kdc: KDC, ccache_storage: str): assert principals[kdc.qualify("bob")] == expected[kdc.qualify("bob")] +@pytest.mark.importance("critical") +@pytest.mark.authentication @pytest.mark.topology(KnownTopology.Client) @pytest.mark.parametrize("ccache_storage", ["memory", "secdb"]) def test_kcm__kdestroy_nocache(client: Client, kdc: KDC, ccache_storage: str): @@ -327,6 +337,8 @@ def test_kcm__kdestroy_nocache(client: Client, kdc: KDC, ccache_storage: str): assert False, f"kdestroy raised an error: {e}" +@pytest.mark.importance("critical") +@pytest.mark.authentication @pytest.mark.topology(KnownTopology.Client) def test_kcm__tgt_renewal(client: Client, kdc: KDC): """ diff --git a/src/tests/system/tests/test_ldap.py b/src/tests/system/tests/test_ldap.py index 00f7522e728..d3c007e3d3e 100644 --- a/src/tests/system/tests/test_ldap.py +++ b/src/tests/system/tests/test_ldap.py @@ -12,6 +12,8 @@ from sssd_test_framework.topology import KnownTopology +@pytest.mark.importance("critical") +@pytest.mark.authentication @pytest.mark.parametrize("modify_mode", ["exop", "ldap_modify"]) @pytest.mark.topology(KnownTopology.LDAP) def test_ldap__change_password(client: Client, ldap: LDAP, modify_mode: str): diff --git a/src/tests/system/tests/test_ldap_extra_attrs.py b/src/tests/system/tests/test_ldap_extra_attrs.py index 7f1e2778000..cf3e6ce097a 100644 --- a/src/tests/system/tests/test_ldap_extra_attrs.py +++ b/src/tests/system/tests/test_ldap_extra_attrs.py @@ -12,6 +12,8 @@ from sssd_test_framework.topology import KnownTopologyGroup +@pytest.mark.importance("high") +@pytest.mark.schema @pytest.mark.ticket(gh=4153, bz=1362023) @pytest.mark.topology(KnownTopologyGroup.AnyProvider) @pytest.mark.parametrize("attrs", ["mail, firstname:givenname, lastname:sn", "given_email:mail"]) diff --git a/src/tests/system/tests/test_memory_cache.py b/src/tests/system/tests/test_memory_cache.py index 3099d6af0e1..ad35d1d1876 100644 --- a/src/tests/system/tests/test_memory_cache.py +++ b/src/tests/system/tests/test_memory_cache.py @@ -13,6 +13,8 @@ from sssd_test_framework.topology import KnownTopology, KnownTopologyGroup +@pytest.mark.importance("critical") +@pytest.mark.cache @pytest.mark.topology(KnownTopologyGroup.AnyProvider) def test_memory_cache__getpwnam(client: Client, provider: GenericProvider): """ @@ -52,6 +54,8 @@ def check(users): check(users) +@pytest.mark.importance("critical") +@pytest.mark.cache @pytest.mark.topology(KnownTopologyGroup.AnyProvider) def test_memory_cache__getgrnam(client: Client, provider: GenericProvider): """ @@ -91,6 +95,8 @@ def check(groups): check(groups) +@pytest.mark.importance("high") +@pytest.mark.cache @pytest.mark.topology(KnownTopologyGroup.AnyProvider) def test_memory_cache__disabled_passwd_getgrnam(client: Client, provider: GenericProvider): """ @@ -132,6 +138,8 @@ def check(groups): check(groups) +@pytest.mark.importance("high") +@pytest.mark.cache @pytest.mark.topology(KnownTopologyGroup.AnyProvider) def test_memory_cache__disabled_passwd_getpwnam(client: Client, provider: GenericProvider): """ @@ -177,6 +185,8 @@ def test_memory_cache__disabled_passwd_getpwnam(client: Client, provider: Generi assert client.tools.id(id) is None, f"User with id {id} was found which is not expected" +@pytest.mark.importance("high") +@pytest.mark.cache @pytest.mark.topology(KnownTopologyGroup.AnyProvider) def test_memory_cache__disabled_intitgroups_getgrnam(client: Client, provider: GenericProvider): """ @@ -218,6 +228,8 @@ def check(groups): check(groups) +@pytest.mark.importance("high") +@pytest.mark.cache @pytest.mark.topology(KnownTopologyGroup.AnyProvider) def test_memory_cache__disabled_intitgroups_getpwnam(client: Client, provider: GenericProvider): """ @@ -271,6 +283,8 @@ def check(ids): check(ids) +@pytest.mark.importance("high") +@pytest.mark.cache @pytest.mark.topology(KnownTopologyGroup.AnyProvider) def test_memory_cache__disabled_group(client: Client, provider: GenericProvider): """ @@ -343,6 +357,8 @@ def check(users): assert client.tools.id(2222) is None, "Group with gid 2222 was found which is not expected" +@pytest.mark.importance("high") +@pytest.mark.cache @pytest.mark.topology(KnownTopologyGroup.AnyProvider) def test_memory_cache__disabled_cache(client: Client, provider: GenericProvider): """ @@ -418,6 +434,8 @@ def test_memory_cache__disabled_cache(client: Client, provider: GenericProvider) assert client.tools.getent.group(2222) is None, "Group with gid 2222 was found which is not expected" +@pytest.mark.importance("critical") +@pytest.mark.cache @pytest.mark.topology(KnownTopologyGroup.AnyProvider) def test_memory_cache__membership_by_group_name(client: Client, provider: GenericProvider): """ @@ -469,6 +487,8 @@ def check(): check() +@pytest.mark.importance("critical") +@pytest.mark.cache @pytest.mark.topology(KnownTopologyGroup.AnyProvider) def test_memory_cache__membership_by_group_id(client: Client, provider: GenericProvider): """ @@ -523,6 +543,8 @@ def check(): check() +@pytest.mark.importance("critical") +@pytest.mark.cache @pytest.mark.topology(KnownTopologyGroup.AnyProvider) def test_memory_cache__user_gids(client: Client, provider: GenericProvider): """ @@ -577,6 +599,8 @@ def check(): check() +@pytest.mark.importance("critical") +@pytest.mark.cache @pytest.mark.topology(KnownTopologyGroup.AnyProvider) def test_memory_cache__getpwnam_fully_qualified_names(client: Client, provider: GenericProvider): """ @@ -628,6 +652,8 @@ def check(): check() +@pytest.mark.importance("critical") +@pytest.mark.cache @pytest.mark.topology(KnownTopologyGroup.AnyProvider) def test_memory_cache__case_insensitive(client: Client, provider: GenericProvider): """ @@ -689,6 +715,8 @@ def test_memory_cache__case_insensitive(client: Client, provider: GenericProvide assert client.tools.getent.initgroups("user1").groups == [], "User user1 should not be found in cache" +@pytest.mark.importance("critical") +@pytest.mark.cache @pytest.mark.topology(KnownTopologyGroup.AnyProvider) def test_memory_cache__fq_names_case_insensitive(client: Client, provider: GenericProvider): """ @@ -747,6 +775,8 @@ def test_memory_cache__fq_names_case_insensitive(client: Client, provider: Gener assert client.tools.getent.initgroups("uSer1").groups == [], "User uSer1 should be found only with fq name" +@pytest.mark.importance("high") +@pytest.mark.cache @pytest.mark.topology(KnownTopologyGroup.AnyProvider) def test_memory_cache__invalidation_of_gids_after_initgroups(client: Client, provider: GenericProvider): """ @@ -825,6 +855,8 @@ def check_group(name, gid): assert client.tools.getent.group("group1_") is None, "Group group1_ was found which is not expected" +@pytest.mark.importance("high") +@pytest.mark.cache @pytest.mark.topology(KnownTopologyGroup.AnyProvider) def test_memory_cache__initgroups_without_change_in_membership(client: Client, provider: GenericProvider): """ @@ -912,6 +944,8 @@ def check(): check() +@pytest.mark.importance("critical") +@pytest.mark.cache @pytest.mark.topology(KnownTopologyGroup.AnyProvider) def test_memory_cache__invalidate_user_before_stop(client: Client, provider: GenericProvider): """ @@ -966,6 +1000,8 @@ def test_memory_cache__invalidate_user_before_stop(client: Client, provider: Gen assert client.tools.getent.group(202020) is None, "Group with gid 202020 was found which is not expected" +@pytest.mark.importance("critical") +@pytest.mark.cache @pytest.mark.topology(KnownTopologyGroup.AnyProvider) def test_memory_cache__invalidate_user_after_stop(client: Client, provider: GenericProvider): """ @@ -1020,6 +1056,8 @@ def test_memory_cache__invalidate_user_after_stop(client: Client, provider: Gene assert client.tools.getent.group(202020) is None, "Group with gid 202020 was found which is not expected" +@pytest.mark.importance("critical") +@pytest.mark.cache @pytest.mark.topology(KnownTopologyGroup.AnyProvider) def test_memory_cache__invalidate_users_before_stop(client: Client, provider: GenericProvider): """ @@ -1082,6 +1120,8 @@ def test_memory_cache__invalidate_users_before_stop(client: Client, provider: Ge assert client.tools.getent.group(222222) is None, "Group with gid 222222 was found which is not expected" +@pytest.mark.importance("critical") +@pytest.mark.cache @pytest.mark.topology(KnownTopologyGroup.AnyProvider) def test_memory_cache__invalidate_users_after_stop(client: Client, provider: GenericProvider): """ @@ -1144,6 +1184,8 @@ def test_memory_cache__invalidate_users_after_stop(client: Client, provider: Gen assert client.tools.getent.group(222222) is None, "Group with gid 222222 was found which is not expected" +@pytest.mark.importance("critical") +@pytest.mark.cache @pytest.mark.topology(KnownTopologyGroup.AnyProvider) def test_memory_cache__invalidate_group_before_stop(client: Client, provider: GenericProvider): """ @@ -1185,6 +1227,8 @@ def test_memory_cache__invalidate_group_before_stop(client: Client, provider: Ge assert client.tools.getent.group(110011) is None, "Group with gid 110011 was found which is not expected" +@pytest.mark.importance("critical") +@pytest.mark.cache @pytest.mark.topology(KnownTopologyGroup.AnyProvider) def test_memory_cache__invalidate_group_after_stop(client: Client, provider: GenericProvider): """ @@ -1226,6 +1270,8 @@ def test_memory_cache__invalidate_group_after_stop(client: Client, provider: Gen assert client.tools.getent.group(110011) is None, "Group with gid 110011 was found which is not expected" +@pytest.mark.importance("high") +@pytest.mark.cache @pytest.mark.topology(KnownTopologyGroup.AnyProvider) def test_memory_cache__invalidate_groups_before_stop(client: Client, provider: GenericProvider): """ @@ -1271,6 +1317,8 @@ def test_memory_cache__invalidate_groups_before_stop(client: Client, provider: G assert client.tools.getent.group(202020) is None, "Group with gid 202020 was found which is not expected" +@pytest.mark.importance("high") +@pytest.mark.cache @pytest.mark.topology(KnownTopologyGroup.AnyProvider) def test_memory_cache__invalidate_groups_after_stop(client: Client, provider: GenericProvider): """ @@ -1316,6 +1364,8 @@ def test_memory_cache__invalidate_groups_after_stop(client: Client, provider: Ge assert client.tools.getent.group(202020) is None, "Group with gid 202020 was found which is not expected" +@pytest.mark.importance("critical") +@pytest.mark.cache @pytest.mark.topology(KnownTopologyGroup.AnyProvider) def test_memory_cache__invalidate_everything_before_stop(client: Client, provider: GenericProvider): """ @@ -1385,6 +1435,8 @@ def test_memory_cache__invalidate_everything_before_stop(client: Client, provide assert client.tools.getent.group(202020) is None, "Group with gid 202020 was found which is not expected" +@pytest.mark.importance("critical") +@pytest.mark.cache @pytest.mark.topology(KnownTopologyGroup.AnyProvider) def test_memory_cache__invalidate_everything_after_stop(client: Client, provider: GenericProvider): """ @@ -1454,6 +1506,8 @@ def test_memory_cache__invalidate_everything_after_stop(client: Client, provider assert client.tools.getent.group(202020) is None, "Group with gid 202020 was found which is not expected" +@pytest.mark.importance("critical") +@pytest.mark.cache @pytest.mark.topology(KnownTopologyGroup.AnyProvider) def test_memory_cache__memcache_timeout_zero(client: Client, provider: GenericProvider): """ @@ -1512,6 +1566,8 @@ def test_memory_cache__memcache_timeout_zero(client: Client, provider: GenericPr assert client.tools.getent.group(10001) is None, "Group with gid 10001 was found which is not expected" +@pytest.mark.importance("critical") +@pytest.mark.cache @pytest.mark.topology(KnownTopologyGroup.AnyProvider) def test_memory_cache__removed_cache_without_invalidation(client: Client, provider: GenericProvider): """ diff --git a/src/tests/system/tests/test_netgroups.py b/src/tests/system/tests/test_netgroups.py index 9d874f1828f..87ebafd21f2 100644 --- a/src/tests/system/tests/test_netgroups.py +++ b/src/tests/system/tests/test_netgroups.py @@ -12,6 +12,8 @@ from sssd_test_framework.topology import KnownTopologyGroup +@pytest.mark.importance("medium") +@pytest.mark.cache @pytest.mark.ticket(gh=6652, bz=2162552) @pytest.mark.topology(KnownTopologyGroup.AnyProvider) def test_netgroups__add_remove_netgroup_triple(client: Client, provider: GenericProvider): @@ -54,6 +56,8 @@ def test_netgroups__add_remove_netgroup_triple(client: Client, provider: Generic assert len(result.members) == 0 +@pytest.mark.importance("medium") +@pytest.mark.cache @pytest.mark.ticket(gh=6652, bz=2162552) @pytest.mark.topology(KnownTopologyGroup.AnyProvider) def test_netgroups__add_remove_netgroup_member(client: Client, provider: GenericProvider): diff --git a/src/tests/system/tests/test_shadow.py b/src/tests/system/tests/test_shadow.py index 0bccc3cfdb6..018a0f21835 100644 --- a/src/tests/system/tests/test_shadow.py +++ b/src/tests/system/tests/test_shadow.py @@ -12,6 +12,8 @@ from sssd_test_framework.topology import KnownTopology +@pytest.mark.importance("high") +@pytest.mark.schema @pytest.mark.ticket(bz=1507035) @pytest.mark.topology(KnownTopology.LDAP) @pytest.mark.parametrize("method", ["su", "ssh"]) diff --git a/src/tests/system/tests/test_sssctl.py b/src/tests/system/tests/test_sssctl.py index 4383ee99cc8..26cae37fddf 100644 --- a/src/tests/system/tests/test_sssctl.py +++ b/src/tests/system/tests/test_sssctl.py @@ -11,6 +11,8 @@ from sssd_test_framework.topology import KnownTopology +@pytest.mark.importance("high") +@pytest.mark.tools @pytest.mark.ticket(bz=2100789) @pytest.mark.topology(KnownTopology.LDAP) def test_sssctl__check_id_provider(client: Client): @@ -38,6 +40,8 @@ def test_sssctl__check_id_provider(client: Client): assert "[rule/sssd_checks]: Attribute 'id_provider' is missing in section 'domain/test'." in output.stdout_lines[1] +@pytest.mark.importance("high") +@pytest.mark.tools @pytest.mark.ticket(bz=2100789) @pytest.mark.topology(KnownTopology.LDAP) def test_sssctl__check_invalid_id_provider(client: Client): diff --git a/src/tests/system/tests/test_sssctl_config_check.py b/src/tests/system/tests/test_sssctl_config_check.py index ee594a6b089..b1b5faa0743 100644 --- a/src/tests/system/tests/test_sssctl_config_check.py +++ b/src/tests/system/tests/test_sssctl_config_check.py @@ -14,6 +14,8 @@ from sssd_test_framework.topology import KnownTopology +@pytest.mark.importance("high") +@pytest.mark.tools @pytest.mark.topology(KnownTopology.Client) def test_sssctl_config_check__typo_option_name(client: Client): """ @@ -41,6 +43,8 @@ def test_sssctl_config_check__typo_option_name(client: Client): assert pattern.search(result.stdout), "Wrong error message was returned" +@pytest.mark.importance("high") +@pytest.mark.tools @pytest.mark.topology(KnownTopology.Client) def test_sssctl_config_check__typo_domain_name(client: Client): """ @@ -64,6 +68,8 @@ def test_sssctl_config_check__typo_domain_name(client: Client): assert ex.match(r"Section \[domain\/\] is not allowed. Check for typos.*"), "Wrong error message was returned" +@pytest.mark.importance("high") +@pytest.mark.tools @pytest.mark.topology(KnownTopology.Client) def test_sssctl_config_check__misplaced_option(client: Client): """ diff --git a/src/tests/system/tests/test_sudo.py b/src/tests/system/tests/test_sudo.py index f32205d1ef7..cf53e56f54d 100644 --- a/src/tests/system/tests/test_sudo.py +++ b/src/tests/system/tests/test_sudo.py @@ -19,6 +19,8 @@ from sssd_test_framework.topology import KnownTopology, KnownTopologyGroup +@pytest.mark.importance("critical") +@pytest.mark.authorization @pytest.mark.topology(KnownTopologyGroup.AnyProvider) def test_sudo__user_allowed(client: Client, provider: GenericProvider): """ @@ -55,6 +57,8 @@ def test_sudo__user_allowed(client: Client, provider: GenericProvider): assert not client.auth.sudo.run("user-2", "Secret123", command="/bin/ls /root") +@pytest.mark.importance("critical") +@pytest.mark.authorization @pytest.mark.topology(KnownTopology.AD) @pytest.mark.topology(KnownTopology.LDAP) @pytest.mark.topology(KnownTopology.Samba) @@ -100,6 +104,8 @@ def test_sudo__duplicate_sudo_user(client: Client, provider: GenericProvider): assert not client.auth.sudo.run("user-4", "Secret123", command="/bin/ls /root") +@pytest.mark.importance("critical") +@pytest.mark.authorization @pytest.mark.ticket(bz=1380436, gh=4236) @pytest.mark.topology(KnownTopologyGroup.AnyProvider) def test_sudo__case_sensitive_false(client: Client, provider: GenericProvider): @@ -146,6 +152,8 @@ def test_sudo__case_sensitive_false(client: Client, provider: GenericProvider): assert client.auth.sudo.run("USER-1", "Secret123", command="/bin/more /root/test") +@pytest.mark.importance("critical") +@pytest.mark.authorization @pytest.mark.topology(KnownTopologyGroup.AnyProvider) def test_sudo__rules_refresh(client: Client, provider: GenericProvider): """ @@ -181,6 +189,8 @@ def test_sudo__rules_refresh(client: Client, provider: GenericProvider): assert client.auth.sudo.list("user-1", "Secret123", expected=["(root) /bin/less"]) +@pytest.mark.importance("critical") +@pytest.mark.authorization @pytest.mark.ticket(bz=1372440, gh=4236) @pytest.mark.contains_workaround_for(gh=4483) @pytest.mark.topology(KnownTopologyGroup.AnyProvider) @@ -217,6 +227,8 @@ def test_sudo__sudo_user_is_group(client: Client, provider: GenericProvider): assert client.auth.sudo.run("user-1", "Secret123", command="/bin/ls /root") +@pytest.mark.importance("critical") +@pytest.mark.authorization @pytest.mark.ticket(bz=1826272, gh=5119) @pytest.mark.topology(KnownTopologyGroup.AnyAD) def test_sudo__sudo_user_is_nonposix_group(client: Client, provider: GenericADProvider): @@ -249,6 +261,8 @@ def test_sudo__sudo_user_is_nonposix_group(client: Client, provider: GenericADPr assert client.auth.sudo.run("user-1", "Secret123", command="/bin/ls /root") +@pytest.mark.importance("critical") +@pytest.mark.authorization @pytest.mark.ticket(bz=1910131) @pytest.mark.topology(KnownTopologyGroup.AnyProvider) def test_sudo__runasuser_shortname(client: Client, provider: GenericADProvider): @@ -276,6 +290,8 @@ def test_sudo__runasuser_shortname(client: Client, provider: GenericADProvider): assert client.auth.sudo.list("user-1", "Secret123", expected=["(user-2) /bin/ls"]) +@pytest.mark.importance("critical") +@pytest.mark.authorization @pytest.mark.topology(KnownTopology.AD) @pytest.mark.topology(KnownTopology.LDAP) @pytest.mark.topology(KnownTopology.Samba) @@ -308,6 +324,8 @@ def test_sudo__runasuser_fqn(client: Client, provider: GenericProvider): assert client.auth.sudo.list("user-1", "Secret123", expected=["(user-2) /bin/ls"]) +@pytest.mark.importance("low") +@pytest.mark.authorization @pytest.mark.topology(KnownTopology.LDAP) def test_sudo__sudonotbefore_shorttime(client: Client, provider: LDAP): """ @@ -362,8 +380,9 @@ def fulltime(t: datetime) -> str: ) -@pytest.mark.slow(seconds=15) @pytest.mark.importance("low") +@pytest.mark.authorization +@pytest.mark.slow(seconds=15) @pytest.mark.ticket(bz=1925514, gh=5609) @pytest.mark.topology(KnownTopologyGroup.AnyProvider) def test_sudo__refresh_random_offset(client: Client): @@ -403,8 +422,9 @@ def test_sudo__refresh_random_offset(client: Client): assert len(full) > 1 -@pytest.mark.slow(seconds=10) @pytest.mark.importance("low") +@pytest.mark.authorization +@pytest.mark.slow(seconds=10) @pytest.mark.ticket(bz=1925505, gh=5604) @pytest.mark.topology(KnownTopologyGroup.AnyProvider) @pytest.mark.parametrize(["full_interval", "smart_interval"], [(2, 1), (3, 2)]) @@ -471,6 +491,8 @@ def is_smart_skipped(line: str) -> bool: is_skipped = True +@pytest.mark.importance("high") +@pytest.mark.authorization @pytest.mark.ticket(bz=1294670, gh=3969) @pytest.mark.topology(KnownTopologyGroup.AnyProvider) def test_sudo__local_users_negative_cache(client: Client, provider: LDAP): From ec8f0269c2ef1d1f174a3b1df3671ca01cd390d4 Mon Sep 17 00:00:00 2001 From: Jakub Vavra <jvavra@redhat.com> Date: Tue, 26 Sep 2023 07:25:14 +0200 Subject: [PATCH 148/280] tests: Add missing pytest marker config. Reviewed-by: Patrik Rosecky <prosecky@redhat.com> (cherry picked from commit 39dde256e5e9d226e63898e910b8ffda4428f933) --- src/tests/system/pytest.ini | 1 + 1 file changed, 1 insertion(+) diff --git a/src/tests/system/pytest.ini b/src/tests/system/pytest.ini index ecc40bc8518..1f0d2c7d363 100644 --- a/src/tests/system/pytest.ini +++ b/src/tests/system/pytest.ini @@ -5,6 +5,7 @@ markers = authentication: authorization: cache: + config: contains_workaround_for(gh=...,bz=...): identity: schema: From a4de653f5b1086f642fba6bdec7743bbda4a9572 Mon Sep 17 00:00:00 2001 From: Sumit Bose <sbose@redhat.com> Date: Fri, 15 Sep 2023 12:52:36 +0200 Subject: [PATCH 149/280] ci: remove unused clang-analyzer from dependencies MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com> Reviewed-by: Tomáš Halman <thalman@redhat.com> (cherry picked from commit 9474e0f4f42375b40e302da727401b9a5e28c2f5) --- contrib/ci/deps.sh | 2 -- 1 file changed, 2 deletions(-) diff --git a/contrib/ci/deps.sh b/contrib/ci/deps.sh index c49ddb51e5f..16d3aff8a7a 100644 --- a/contrib/ci/deps.sh +++ b/contrib/ci/deps.sh @@ -33,7 +33,6 @@ declare DEPS_INTGCHECK_SATISFIED=true if [[ "$DISTRO_BRANCH" == -redhat-* ]]; then declare _DEPS_LIST_SPEC DEPS_LIST+=( - clang-analyzer fakeroot libfaketime libcmocka-devel @@ -108,7 +107,6 @@ if [[ "$DISTRO_BRANCH" == -debian-* ]]; then autopoint check cifs-utils - clang dh-apparmor dnsutils docbook-xml From 02bd1d7e76b3f173eb6edfc893bd139a2d6154ce Mon Sep 17 00:00:00 2001 From: Justin Stephenson <jstephen@redhat.com> Date: Fri, 8 Sep 2023 10:36:17 -0400 Subject: [PATCH 150/280] Passkey: Allow kerberos preauth for "false" UV MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit When IPA passkey configuration sets require-user-verification=false then the user verification value will be 0. We need to allow this configuration within the plugin. Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com> Reviewed-by: Pavel Březina <pbrezina@redhat.com> Reviewed-by: Sumit Bose <sbose@redhat.com> (cherry picked from commit 57dac1e29f040a8c65ff815b15b1a8c9b70c276c) --- src/krb5_plugin/passkey/passkey_utils.c | 2 +- src/tests/cmocka/test_krb5_passkey_plugin.c | 10 ---------- 2 files changed, 1 insertion(+), 11 deletions(-) diff --git a/src/krb5_plugin/passkey/passkey_utils.c b/src/krb5_plugin/passkey/passkey_utils.c index 3e777aedc68..c41b9c00e72 100644 --- a/src/krb5_plugin/passkey/passkey_utils.c +++ b/src/krb5_plugin/passkey/passkey_utils.c @@ -211,7 +211,7 @@ sss_passkey_challenge_to_json_object(const struct sss_passkey_challenge *data) /* These are required fields. */ if (data->domain == NULL || data->credential_id_list == NULL - || data->user_verification == 0 || data->cryptographic_challenge == NULL) { + || data->cryptographic_challenge == NULL) { return NULL; } diff --git a/src/tests/cmocka/test_krb5_passkey_plugin.c b/src/tests/cmocka/test_krb5_passkey_plugin.c index 1a0c87adcba..9593a65468c 100644 --- a/src/tests/cmocka/test_krb5_passkey_plugin.c +++ b/src/tests/cmocka/test_krb5_passkey_plugin.c @@ -120,16 +120,6 @@ void test_sss_passkey_message_encode__challenge(void **state) str = sss_passkey_message_encode(&message); assert_null(str); - challenge.domain = discard_const("domain"); - challenge.credential_id_list = discard_const(id_list); - challenge.user_verification = 0; - challenge.cryptographic_challenge = discard_const("crypto-challenge"); - message.phase = SSS_PASSKEY_PHASE_CHALLENGE; - message.state = discard_const("abcd"); - message.data.challenge = &challenge; - str = sss_passkey_message_encode(&message); - assert_null(str); - challenge.domain = discard_const("domain"); challenge.credential_id_list = discard_const(id_list); challenge.user_verification = 1; From a3111338995d91c721fcd0a616f0ee1a69302607 Mon Sep 17 00:00:00 2001 From: Iker Pedrosa <ipedrosa@redhat.com> Date: Mon, 18 Sep 2023 10:22:17 +0200 Subject: [PATCH 151/280] passkey: omit user-verification MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit If user-verification is disabled and the key doesn't support it, then omit it. Otherwise, the authentication will produce an error and the user will be unable to authenticate. I have also added a unit-test to check this condition. Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com> (cherry picked from commit a8daf9790906b7321024fef8e636f9c1b14343ab) Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com> Reviewed-by: Pavel Březina <pbrezina@redhat.com> Reviewed-by: Sumit Bose <sbose@redhat.com> (cherry picked from commit 2c05926ed1fa4deab74b80d9faf6e4c26f31f46f) --- Makefile.am | 1 + src/passkey_child/passkey_child_devices.c | 12 +++++++++ src/tests/cmocka/test_passkey_child.c | 32 +++++++++++++++++++++++ 3 files changed, 45 insertions(+) diff --git a/Makefile.am b/Makefile.am index c68461675f0..5eea8179b27 100644 --- a/Makefile.am +++ b/Makefile.am @@ -3851,6 +3851,7 @@ test_passkey_LDFLAGS = \ -Wl,-wrap,fido_dev_open \ -Wl,-wrap,fido_dev_has_uv \ -Wl,-wrap,fido_dev_has_pin \ + -Wl,-wrap,fido_dev_supports_uv \ -Wl,-wrap,fido_dev_make_cred \ -Wl,-wrap,fido_cred_x5c_ptr \ -Wl,-wrap,fido_cred_verify \ diff --git a/src/passkey_child/passkey_child_devices.c b/src/passkey_child/passkey_child_devices.c index a91ab9ca11d..2011b12f661 100644 --- a/src/passkey_child/passkey_child_devices.c +++ b/src/passkey_child/passkey_child_devices.c @@ -201,10 +201,12 @@ get_device_options(fido_dev_t *dev, struct passkey_data *_data) { bool has_pin; bool has_uv; + bool supports_uv; errno_t ret; has_uv = fido_dev_has_uv(dev); has_pin = fido_dev_has_pin(dev); + supports_uv = fido_dev_supports_uv(dev); if (_data->user_verification == FIDO_OPT_TRUE && has_pin != true && has_uv != true) { @@ -226,6 +228,16 @@ get_device_options(fido_dev_t *dev, struct passkey_data *_data) goto done; } + if (_data->user_verification == FIDO_OPT_FALSE + && supports_uv == false) { + DEBUG(SSSDBG_CONF_SETTINGS, + "Policy disabled user-verification but the key doesn't support " + "it. Thus, omitting the user-verification.\n"); + _data->user_verification = FIDO_OPT_OMIT; + ret = EOK; + goto done; + } + ret = EOK; done: diff --git a/src/tests/cmocka/test_passkey_child.c b/src/tests/cmocka/test_passkey_child.c index 187b3c49ead..5003152c453 100644 --- a/src/tests/cmocka/test_passkey_child.c +++ b/src/tests/cmocka/test_passkey_child.c @@ -278,6 +278,16 @@ __wrap_fido_dev_has_pin(fido_dev_t *dev) return ret; } +bool +__wrap_fido_dev_supports_uv(fido_dev_t *dev) +{ + bool ret; + + ret = mock(); + + return ret; +} + int __wrap_fido_dev_make_cred(fido_dev_t *dev, fido_cred_t *cred, const char *pin) { @@ -1090,6 +1100,7 @@ void test_get_device_options(void **state) ts->data.user_verification = FIDO_OPT_TRUE; will_return(__wrap_fido_dev_has_uv, true); will_return(__wrap_fido_dev_has_pin, true); + will_return(__wrap_fido_dev_supports_uv, true); ret = get_device_options(dev, &ts->data); @@ -1106,12 +1117,30 @@ void test_get_device_options_user_verification_unmatch(void **state) ts->data.user_verification = FIDO_OPT_TRUE; will_return(__wrap_fido_dev_has_uv, false); will_return(__wrap_fido_dev_has_pin, false); + will_return(__wrap_fido_dev_supports_uv, false); ret = get_device_options(dev, &ts->data); assert_int_equal(ret, EINVAL); } +void test_get_device_options_user_verification_false_not_supported(void **state) +{ + struct test_state *ts = talloc_get_type_abort(*state, struct test_state); + fido_dev_t *dev = NULL; + errno_t ret; + + ts->data.user_verification = FIDO_OPT_FALSE; + will_return(__wrap_fido_dev_has_uv, false); + will_return(__wrap_fido_dev_has_pin, false); + will_return(__wrap_fido_dev_supports_uv, false); + + ret = get_device_options(dev, &ts->data); + + assert_int_equal(ret, FIDO_OK); + assert_int_equal(ts->data.user_verification, FIDO_OPT_OMIT); +} + void test_request_assert(void **state) { struct test_state *ts = talloc_get_type_abort(*state, struct test_state); @@ -1206,6 +1235,7 @@ void test_authenticate_integration(void **state) } will_return(__wrap_fido_dev_has_uv, false); will_return(__wrap_fido_dev_has_pin, false); + will_return(__wrap_fido_dev_supports_uv, false); will_return(__wrap_fido_assert_set_uv, FIDO_OK); will_return(__wrap_fido_assert_set_clientdata_hash, FIDO_OK); will_return(__wrap_fido_dev_has_uv, false); @@ -1256,6 +1286,7 @@ void test_get_assert_data_integration(void **state) } will_return(__wrap_fido_dev_has_uv, false); will_return(__wrap_fido_dev_has_pin, false); + will_return(__wrap_fido_dev_supports_uv, false); will_return(__wrap_fido_assert_set_uv, FIDO_OK); will_return(__wrap_fido_dev_has_uv, false); will_return(__wrap_fido_dev_has_pin, false); @@ -1358,6 +1389,7 @@ int main(int argc, const char *argv[]) cmocka_unit_test_setup_teardown(test_get_authenticator_data_multiple_keys_assert_not_found, setup, teardown), cmocka_unit_test_setup_teardown(test_get_device_options, setup, teardown), cmocka_unit_test_setup_teardown(test_get_device_options_user_verification_unmatch, setup, teardown), + cmocka_unit_test_setup_teardown(test_get_device_options_user_verification_false_not_supported, setup, teardown), cmocka_unit_test_setup_teardown(test_request_assert, setup, teardown), cmocka_unit_test_setup_teardown(test_verify_assert, setup, teardown), cmocka_unit_test_setup_teardown(test_verify_assert_failed, setup, teardown), From 45fbcd93c2aef0bc3e2ba96609302eeceb2b90e6 Mon Sep 17 00:00:00 2001 From: aborah <aborah@redhat.com> Date: Fri, 11 Aug 2023 10:09:40 +0530 Subject: [PATCH 152/280] Tests: Enabling proxy_fast_alias shows "ldb_modify failed: [Invalid attribute syntax]" for id lookups. Enabling proxy_fast_alias shows "ldb_modify failed: [Invalid attribute syntax]" for id lookups. Reviewed-by: Justin Stephenson <jstephen@redhat.com> Reviewed-by: Shridhar Gadekar <sgadekar@redhat.com> (cherry picked from commit bcbc0b3190e01895ccdce48c60b4966d204bd2f0) --- src/tests/system/tests/test_proxy.py | 64 ++++++++++++++++++++++++++++ 1 file changed, 64 insertions(+) create mode 100644 src/tests/system/tests/test_proxy.py diff --git a/src/tests/system/tests/test_proxy.py b/src/tests/system/tests/test_proxy.py new file mode 100644 index 00000000000..6ea95c8f92a --- /dev/null +++ b/src/tests/system/tests/test_proxy.py @@ -0,0 +1,64 @@ +""" +Proxy Provider tests. + +:requirement: Ldap Provider - nss-pam-ldapd +""" + + +from __future__ import annotations + +import pytest +from sssd_test_framework.roles.client import Client +from sssd_test_framework.roles.ldap import LDAP +from sssd_test_framework.topology import KnownTopology + + +@pytest.mark.topology(KnownTopology.LDAP) +@pytest.mark.ticket(bz=895570) +def test_invalid_attribute_syntax(client: Client, ldap: LDAP): + """ + :title: Enabling proxy_fast_alias shows "ldb_modify failed: + [Invalid attribute syntax]" for id lookups. + :setup: + 1. Setup sssd for proxy provider. + 2. Enable proxy_fast_alias. + 3. Setup nslcd services. + 4. Add Ou and User. + :steps: + 1. id lookup a user. + 2. Check logs for "ldb_modify failed". + :expectedresults: + 1. id look up should success. + 2. Errors should not be seen on enabling proxy_fast_alias. + :customerscenario: True + """ + client.sssd.config["domain/test"] = { + "id_provider": "proxy", + "debug_level": "0xFFF0", + "proxy_lib_name": "ldap", + "proxy_pam_target": "sssdproxyldap", + "proxy_fast_alias": "true", + } + client.fs.write( + "/etc/pam.d/sssdproxyldap", + """ + auth required pam_ldap.so + account required pam_ldap.so + password required pam_ldap.so + session required pam_ldap.so + """, + ) + client.fs.write( + "/etc/nslcd.conf", + f"uid nslcd\ngid ldap\nuri " f"ldap://{ldap.host.hostname}\nbase " f"{ldap.ldap.naming_context}\n", + dedent=False, + ) + client.sssd.svc.restart("nslcd") + client.sssd.restart() + ou_users = ldap.ou("users").add() + user = ldap.user("user-1", basedn=ou_users).add(uid=10001, gid=10001, password="Secret123") + result = client.tools.id(user.name) + assert result is not None + assert result.user.name == user.name + log = client.fs.read(client.sssd.logs.domain()) + assert "ldb_modify failed: [Invalid attribute syntax]" not in log From 7e45b32a321d6ebda817831b4151b567edab2abf Mon Sep 17 00:00:00 2001 From: aborah <aborah@redhat.com> Date: Mon, 21 Aug 2023 11:08:58 +0530 Subject: [PATCH 153/280] Tests: Port rootdse test suit to new test framework. Port rootdse test suit to new test framework. Reviewed-by: Madhuri Upadhye <mupadhye@redhat.com> Reviewed-by: Shridhar Gadekar <sgadekar@redhat.com> (cherry picked from commit 5f3c82d3c9e7ef999ebc2e754be64c81194d68a4) --- src/tests/system/tests/test_rootdse.py | 236 +++++++++++++++++++++++++ 1 file changed, 236 insertions(+) create mode 100644 src/tests/system/tests/test_rootdse.py diff --git a/src/tests/system/tests/test_rootdse.py b/src/tests/system/tests/test_rootdse.py new file mode 100644 index 00000000000..5d292eb5dfc --- /dev/null +++ b/src/tests/system/tests/test_rootdse.py @@ -0,0 +1,236 @@ +""" +SSSD Log tests. + +:requirement: Ldap Provider - ldap_id_ldap_auth +""" + +from __future__ import annotations + +import time + +import pytest +from sssd_test_framework.roles.client import Client +from sssd_test_framework.roles.ldap import LDAP +from sssd_test_framework.topology import KnownTopology + + +@pytest.mark.topology(KnownTopology.LDAP) +def test_ldap_search_base(client: Client, ldap: LDAP): + """ + :title: Without ldapsearch base specified in sssd conf and rootDSE exists + :setup: + 1. With sssd config set enumerate = True. + 2. Set sssd config nss part with filter_groups and filter_users to root. + 3. Add test user with password and make sure it can authenticate. + :steps: + 1. Without ldap_search_base set when user authenticates certain logs + should appear in sssd domain logs. + 2. Now set ldap_search_base in sssd config try with user authentication , + in sssd domain logs sdap_set_config_options_with_rootdse should not appear. + :expectedresults: + 1. Certain logs should appear in sssd domain logs + 2. In sssd domain logs sdap_set_config_options_with_rootdse should not appear. + :customerscenario: False + """ + base = ldap.ldap.naming_context + + client.sssd.dom("test")["enumerate"] = "true" + client.sssd.config["nss"] = { + "filter_groups": "root", + "filter_users": "root", + } + + ou_users = ldap.ou("users").add() + user = ldap.user("puser1", basedn=ou_users).add(uid=10001, gid=10001, password="Secret123") + + client.sssd.stop() + client.sssd.clear() + client.sssd.start() + + assert client.auth.ssh.password(user.name, "Secret123") + time.sleep(3) + + log = client.fs.read(client.sssd.logs.domain()) + for doc in [ + f"Setting option [ldap_search_base] to [{base}]", + f"Setting option [ldap_user_search_base] to [{base}]", + f"Setting option [ldap_group_search_base] to [{base}]", + f"Setting option [ldap_netgroup_search_base] to [{base}]", + ]: + assert doc in str(log) + client.sssd.dom("test")["ldap_search_base"] = ldap.ldap.naming_context + + client.sssd.stop() + client.sssd.clear() + client.sssd.start() + + assert client.auth.ssh.password("puser1", "Secret123") + time.sleep(3) + + log = client.fs.read(client.sssd.logs.domain()) + assert "sdap_set_config_options_with_rootdse" not in log + + +@pytest.mark.topology(KnownTopology.LDAP) +@pytest.mark.parametrize( + "user_search_base, search_base", + [ + ("ldap_user_search_base", "ou=People,dc=ldap,dc=test"), + ("ldap_group_search_base", "ou=Groups,dc=ldap,dc=test"), + ("ldap_netgroup_search_base", "ou=Netgroup,dc=ldap,dc=test"), + ], +) +def test_ldap_user_search_base_set(client: Client, ldap: LDAP, user_search_base, search_base): + """ + :title: Without ldapsearch base and with ldap user search base specified + :setup: + 1. With sssd config set enumerate = True. + 2. Set sssd config nss part with filter_groups and filter_users to root. + 3. Add test user with password and make sure it can authenticate. + :steps: + 1. Set user_search_base to sssd config. + 2. Set ldap_group_search_base to sssd config. + 3. Set ldap_netgroup_search_base to sssd config. + 4. With each search base there will be different logs generated in sssd domain logs. + :expectedresults: + 1. User_search_base should be set to sssd config. + 2. Ldap_group_search_base should be set to sssd config. + 3. Ldap_netgroup_search_base should be set to sssd config. + 4. There will be different logs generated in sssd domain logs. + :customerscenario: False + """ + base = ldap.ldap.naming_context + + client.sssd.dom("test")["enumerate"] = "true" + client.sssd.dom("test")[user_search_base] = search_base + client.sssd.config["nss"] = { + "filter_groups": "root", + "filter_users": "root", + } + + ou_users = ldap.ou("People").add() + user = ldap.user("puser1", basedn=ou_users).add(uid=10001, gid=10001, password="Secret123") + + client.sssd.stop() + client.sssd.clear() + client.sssd.start() + + result = client.tools.getent.passwd(user.name) + assert result is not None + assert result.name == user.name + + assert client.auth.ssh.password(user.name, "Secret123") + time.sleep(3) + + log = client.fs.read(client.sssd.logs.domain()) + match user_search_base: + case "ldap_user_search_base": + for doc in [ + "Got rootdse", + f"Setting option [ldap_search_base] to [{base}]", + f"Setting option [ldap_group_search_base] to [{base}]", + f"Setting option [ldap_netgroup_search_base] to [{base}]", + ]: + assert doc in str(log) + case "ldap_group_search_base": + for doc in [ + "Got rootdse", + f"Setting option [ldap_search_base] to [{base}]", + f"Setting option [ldap_user_search_base] to [{base}]", + f"Setting option [ldap_netgroup_search_base] to [{base}]", + ]: + assert doc in str(log) + case "ldap_netgroup_search_base": + for doc in [ + "Got rootdse", + f"Setting option [ldap_search_base] to [{base}]", + f"Setting option [ldap_user_search_base] to [{base}]", + f"Setting option [ldap_group_search_base] to [{base}]", + ]: + assert doc in str(log) + + +@pytest.mark.topology(KnownTopology.LDAP) +def test_default_naming_context(client: Client, ldap: LDAP): + """ + :title: Without ldapsearch base and default namingContexts + :setup: + 1. With sssd config set enumerate = True. + 2. Set sssd config nss part with filter_groups and filter_users to root. + 3. Add test user with password and make sure it can authenticate. + :steps: + 1. Sssd without ldapsearch base and default namingContexts. + 2. Sssd should generate some logs when try to authenticate with users. + :expectedresults: + 1. Sssd should work without ldapsearch base and default namingContexts. + 2. Sssd should generate some logs when try to authenticate with users. + :customerscenario: False + """ + base = ldap.ldap.naming_context + + client.sssd.dom("test")["enumerate"] = "true" + client.sssd.config["nss"] = { + "filter_groups": "root", + "filter_users": "root", + } + + ou_users = ldap.ou("People").add() + user = ldap.user("puser1", basedn=ou_users).add(uid=10001, gid=10001, password="Secret123") + + client.sssd.stop() + client.sssd.clear() + client.sssd.start() + + result = client.tools.getent.passwd(user.name) + assert result is not None + assert result.name == user.name + time.sleep(3) + + log = client.fs.read(client.sssd.logs.domain()) + assert "Got rootdse" in log + assert "Using value from [defaultNamingContext] as naming context" in log + assert f"Setting option [ldap_search_base] to [{base}]" in log + + +@pytest.mark.topology(KnownTopology.LDAP) +@pytest.mark.parametrize("user_search_base", ["dc=ldap,dc=test", "dc=shanks,dc=com"]) +def test_multiple_naming_contexts(client: Client, ldap: LDAP, user_search_base): + """ + :title: Without ldapsearch base and multiple namingContexts + :setup: + 1. With sssd config set enumerate = True. + 2. Set sssd config nss part with filter_groups and filter_users to root. + 3. Add test user with password and make sure it can authenticate. + :steps: + 1. Sssd with user_search_base "dc=ldap,dc=test" + 2. Sssd with user_search_base "dc=shanks,dc=com" + 3. With both the cases sssd authentication should work when we configure it with ldap_search_base, + ldap_user_search_base, ldap_group_search_base. + :expectedresults: + 1. Sssd should be configured user_search_base "dc=ldap,dc=test" + 2. Sssd should be configured user_search_base "dc=shanks,dc=com" + 3. User authentication should be success with both the cases. + :customerscenario: False + """ + base = ldap.ldap.naming_context + + ou_users = ldap.ou("People").add() + user = ldap.user("puser1", basedn=ou_users).add(uid=10001, gid=10001, password="Secret123") + + client.sssd.dom("test")["enumerate"] = "true" + client.sssd.dom("test")["ldap_search_base"] = user_search_base + client.sssd.dom("test")["ldap_user_search_base"] = f"ou=People,{base}" + client.sssd.dom("test")["ldap_group_search_base"] = f"ou=Groups,{base}" + client.sssd.config["nss"] = { + "filter_groups": "root", + "filter_users": "root", + } + + client.sssd.stop() + client.sssd.clear() + client.sssd.start() + + result = client.tools.getent.passwd(user.name) + assert result is not None + assert result.name == user.name + assert client.auth.ssh.password(user.name, "Secret123") From b86d301c18d71bd28787f94ba741d0a46f1aa12e Mon Sep 17 00:00:00 2001 From: Alexey Tikhonov <atikhono@redhat.com> Date: Sat, 9 Sep 2023 14:04:05 +0200 Subject: [PATCH 154/280] SUDO service: ${DEBUG_LOGGER} was missed for 'sudo' MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit service in a7277fecf7a65ab6c83b36f009c558cdfbf997d2 Resolves: https://github.com/SSSD/sssd/issues/6920 Reviewed-by: Alejandro López <allopez@redhat.com> Reviewed-by: Sumit Bose <sbose@redhat.com> (cherry picked from commit 01bee47a1557c0d21c9f35384c53758c70cf97c5) Reviewed-by: Alejandro López <allopez@redhat.com> --- src/sysv/systemd/sssd-sudo.service.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/sysv/systemd/sssd-sudo.service.in b/src/sysv/systemd/sssd-sudo.service.in index f13d88107ec..539fd994411 100644 --- a/src/sysv/systemd/sssd-sudo.service.in +++ b/src/sysv/systemd/sssd-sudo.service.in @@ -12,7 +12,7 @@ Also=sssd-sudo.socket Environment=DEBUG_LOGGER=--logger=files EnvironmentFile=-@environment_file@ ExecStartPre=-/bin/chown @SSSD_USER@:@SSSD_USER@ @logpath@/sssd_sudo.log -ExecStart=@libexecdir@/sssd/sssd_sudo --socket-activated +ExecStart=@libexecdir@/sssd/sssd_sudo ${DEBUG_LOGGER} --socket-activated Restart=on-failure User=@SSSD_USER@ Group=@SSSD_USER@ From 5469de2fada3ca868c386a3de734914c9c298384 Mon Sep 17 00:00:00 2001 From: Justin Stephenson <jstephen@redhat.com> Date: Fri, 22 Sep 2023 10:37:41 -0400 Subject: [PATCH 155/280] tests: Improve read write pipe child tests Add test for multiple reads with a large message, and add tests for child read/write safe calls. Reviewed-by: Alexey Tikhonov <atikhono@redhat.com> Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com> Reviewed-by: Sumit Bose <sbose@redhat.com> (cherry picked from commit ae920b9ab3ddb107611f21b842bfddb6077290f1) --- src/tests/cmocka/test_child_common.c | 91 +++++++++++++++++++++++----- 1 file changed, 77 insertions(+), 14 deletions(-) diff --git a/src/tests/cmocka/test_child_common.c b/src/tests/cmocka/test_child_common.c index 189d62cd93a..18d5b0b6a2a 100644 --- a/src/tests/cmocka/test_child_common.c +++ b/src/tests/cmocka/test_child_common.c @@ -30,6 +30,8 @@ #define TEST_BIN "dummy-child" #define ECHO_STR "Hello child" +#define ECHO_LARGE_STR "Lorem ipsum dolor sit amet consectetur adipiscing elit, urna consequat felis vehicula class ultricies mollis dictumst, aenean non a in donec nulla. Phasellus ante pellentesque erat cum risus consequat imperdiet aliquam, integer placerat et turpis mi eros nec lobortis taciti, vehicula nisl litora tellus ligula porttitor metus. Vivamus integer non suscipit taciti mus etiam at primis tempor sagittis sit, euismod libero facilisi aptent elementum felis blandit cursus gravida sociis erat ante, eleifend lectus nullam dapibus netus feugiat curae curabitur est ad. Massa curae fringilla porttitor quam sollicitudin iaculis aptent leo ligula euismod dictumst, orci penatibus mauris eros etiam praesent erat volutpat posuere hac. Metus fringilla nec ullamcorper odio aliquam lacinia conubia mauris tempor, etiam ultricies proin quisque lectus sociis id tristique, integer phasellus taciti pretium adipiscing tortor sagittis ligula. Mollis pretium lorem primis senectus habitasse lectus scelerisque donec, ultricies tortor suspendisse adipiscing fusce morbi volutpat pellentesque, consectetur mi risus molestie curae malesuada cum. Dignissim lacus convallis massa mauris enim ad mattis magnis senectus montes, mollis taciti phasellus accumsan bibendum semper blandit suspendisse faucibus nibh est, metus lobortis morbi cras magna vivamus per risus fermentum. Dapibus imperdiet praesent magnis ridiculus congue gravida curabitur dictum sagittis, enim et magna sit inceptos sodales parturient pharetra mollis, aenean vel nostra tellus commodo pretium sapien sociosqu." + static int destructor_called; @@ -220,7 +222,8 @@ void test_exec_child_only_extra_args_neg(void **state) struct tevent_req *echo_child_write_send(TALLOC_CTX *mem_ctx, struct child_test_ctx *child_tctx, struct child_io_fds *io_fds, - const char *input); + const char *input, + bool safe); static void echo_child_write_done(struct tevent_req *subreq); static void echo_child_read_done(struct tevent_req *subreq); @@ -317,9 +320,11 @@ void test_child_cb(int child_status, child_ctx->test_ctx->done = true; } -/* Test that writing to the pipes works as expected */ -void test_exec_child_echo(void **state) +void test_exec_child_echo(void **state, + const char *msg, + bool safe) { + errno_t ret; pid_t child_pid; struct child_test_ctx *child_tctx = talloc_get_type(*state, @@ -359,7 +364,7 @@ void test_exec_child_echo(void **state) NULL, NULL, NULL); assert_int_equal(ret, EOK); - req = echo_child_write_send(child_tctx, child_tctx, io_fds, ECHO_STR); + req = echo_child_write_send(child_tctx, child_tctx, io_fds, msg, safe); assert_non_null(req); ret = test_ev_loop(child_tctx->test_ctx); @@ -367,16 +372,41 @@ void test_exec_child_echo(void **state) assert_int_equal(ret, EOK); } +/* Test that writing a small message to the pipes works as expected */ +void test_exec_child_echo_small(void **state) +{ + test_exec_child_echo(state, ECHO_STR, false); +} + +void test_exec_child_echo_small_safe(void **state) +{ + test_exec_child_echo(state, ECHO_STR, true); +} + +/* Test that writing a large message to the pipes works as expected, + * test will still fail if message exceeds IN_BUF_SIZE */ +void test_exec_child_echo_large(void **state) +{ + test_exec_child_echo(state, ECHO_LARGE_STR, false); +} + +void test_exec_child_echo_large_safe(void **state) +{ + test_exec_child_echo(state, ECHO_LARGE_STR, true); +} + struct test_exec_echo_state { struct child_io_fds *io_fds; struct io_buffer buf; struct child_test_ctx *child_test_ctx; + bool safe; }; struct tevent_req *echo_child_write_send(TALLOC_CTX *mem_ctx, struct child_test_ctx *child_tctx, struct child_io_fds *io_fds, - const char *input) + const char *input, + bool safe) { struct tevent_req *req; struct tevent_req *subreq; @@ -391,11 +421,18 @@ struct tevent_req *echo_child_write_send(TALLOC_CTX *mem_ctx, assert_non_null(echo_state->buf.data); echo_state->buf.size = strlen(input) + 1; echo_state->io_fds = io_fds; + echo_state->safe = safe; DEBUG(SSSDBG_TRACE_INTERNAL, "Writing..\n"); - subreq = write_pipe_send(child_tctx, child_tctx->test_ctx->ev, - echo_state->buf.data, echo_state->buf.size, - echo_state->io_fds->write_to_child_fd); + if (echo_state->safe) { + subreq = write_pipe_safe_send(child_tctx, child_tctx->test_ctx->ev, + echo_state->buf.data, echo_state->buf.size, + echo_state->io_fds->write_to_child_fd); + } else { + subreq = write_pipe_send(child_tctx, child_tctx->test_ctx->ev, + echo_state->buf.data, echo_state->buf.size, + echo_state->io_fds->write_to_child_fd); + } assert_non_null(subreq); tevent_req_set_callback(subreq, echo_child_write_done, req); @@ -411,7 +448,12 @@ static void echo_child_write_done(struct tevent_req *subreq) req = tevent_req_callback_data(subreq, struct tevent_req); echo_state = tevent_req_data(req, struct test_exec_echo_state); - ret = write_pipe_recv(subreq); + if (echo_state->safe) { + ret = write_pipe_safe_recv(subreq); + } else { + ret = write_pipe_recv(subreq); + } + DEBUG(SSSDBG_TRACE_INTERNAL, "Writing OK\n"); talloc_zfree(subreq); assert_int_equal(ret, EOK); @@ -420,9 +462,16 @@ static void echo_child_write_done(struct tevent_req *subreq) echo_state->io_fds->write_to_child_fd = -1; DEBUG(SSSDBG_TRACE_INTERNAL, "Reading..\n"); - subreq = read_pipe_send(echo_state, - echo_state->child_test_ctx->test_ctx->ev, - echo_state->io_fds->read_from_child_fd); + if (echo_state->safe) { + subreq = read_pipe_safe_send(echo_state, + echo_state->child_test_ctx->test_ctx->ev, + echo_state->io_fds->read_from_child_fd); + } else { + subreq = read_pipe_send(echo_state, + echo_state->child_test_ctx->test_ctx->ev, + echo_state->io_fds->read_from_child_fd); + } + assert_non_null(subreq); tevent_req_set_callback(subreq, echo_child_read_done, req); } @@ -438,7 +487,12 @@ static void echo_child_read_done(struct tevent_req *subreq) req = tevent_req_callback_data(subreq, struct tevent_req); echo_state = tevent_req_data(req, struct test_exec_echo_state); - ret = read_pipe_recv(subreq, echo_state, &buf, &len); + if (echo_state->safe) { + ret = read_pipe_safe_recv(subreq, echo_state, &buf, &len); + } else { + ret = read_pipe_recv(subreq, echo_state, &buf, &len); + } + talloc_zfree(subreq); DEBUG(SSSDBG_TRACE_INTERNAL, "Reading OK\n"); assert_int_equal(ret, EOK); @@ -524,7 +578,16 @@ int main(int argc, const char *argv[]) cmocka_unit_test_setup_teardown(test_exec_child_handler, child_test_setup, child_test_teardown), - cmocka_unit_test_setup_teardown(test_exec_child_echo, + cmocka_unit_test_setup_teardown(test_exec_child_echo_small, + child_test_setup, + child_test_teardown), + cmocka_unit_test_setup_teardown(test_exec_child_echo_large, + child_test_setup, + child_test_teardown), + cmocka_unit_test_setup_teardown(test_exec_child_echo_small_safe, + child_test_setup, + child_test_teardown), + cmocka_unit_test_setup_teardown(test_exec_child_echo_large_safe, child_test_setup, child_test_teardown), cmocka_unit_test_setup_teardown(test_sss_child, From 00479693900711cf4ffb0f34db4673b9ebcde0ab Mon Sep 17 00:00:00 2001 From: Justin Stephenson <jstephen@redhat.com> Date: Fri, 22 Sep 2023 10:42:38 -0400 Subject: [PATCH 156/280] util: Realloc buffer size for atomic safe read Realloc and increase the buffer size when safe read returns more than CHILD_MSG_CHUNK size bytes. This handles multiple passkey mappings returned from the krb5 child in kerberos pre-authentication. Reviewed-by: Alexey Tikhonov <atikhono@redhat.com> Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com> Reviewed-by: Sumit Bose <sbose@redhat.com> (cherry picked from commit 1f4fffdb7f57d70151741ea7d844d020250fd309) --- src/util/atomic_io.c | 6 +++++- src/util/child_common.c | 18 ++++++++++++++++-- 2 files changed, 21 insertions(+), 3 deletions(-) diff --git a/src/util/atomic_io.c b/src/util/atomic_io.c index 589dfa4d4e4..7cc4304d184 100644 --- a/src/util/atomic_io.c +++ b/src/util/atomic_io.c @@ -87,7 +87,11 @@ ssize_t sss_atomic_read_safe_s(int fd, void *buf, size_t buf_len, size_t *_len) } if (ulen > buf_len) { - return ERANGE; + if (_len != NULL) { + *_len = ulen; + } + errno = ERANGE; + return -1; } if (_len != NULL) { diff --git a/src/util/child_common.c b/src/util/child_common.c index 6f950614f08..1dbf95b7a7e 100644 --- a/src/util/child_common.c +++ b/src/util/child_common.c @@ -509,7 +509,7 @@ static void _read_pipe_handler(struct tevent_context *ev, struct _read_pipe_state *state; ssize_t size; errno_t err; - uint8_t buf[CHILD_MSG_CHUNK]; + uint8_t *buf; size_t len = 0; state = tevent_req_data(req, struct _read_pipe_state); @@ -521,8 +521,23 @@ static void _read_pipe_handler(struct tevent_context *ev, return; } + buf = talloc_array(state, uint8_t, CHILD_MSG_CHUNK); + if (buf == NULL) { + tevent_req_error(req, ENOMEM); + return; + } + if (state->safe) { size = sss_atomic_read_safe_s(state->fd, buf, CHILD_MSG_CHUNK, &len); + if (size == -1 && errno == ERANGE) { + buf = talloc_realloc(state, buf, uint8_t, len); + if(!buf) { + tevent_req_error(req, ENOMEM); + return; + } + + size = sss_atomic_read_s(state->fd, buf, len); + } } else { size = sss_atomic_read_s(state->fd, buf, CHILD_MSG_CHUNK); } @@ -532,7 +547,6 @@ static void _read_pipe_handler(struct tevent_context *ev, "read failed [%d][%s].\n", err, strerror(err)); tevent_req_error(req, err); return; - } else if (size > 0) { state->buf = talloc_realloc(state, state->buf, uint8_t, state->len + size); From 0705145c6301dfda0b6d5f579c2898366f68e527 Mon Sep 17 00:00:00 2001 From: Alexey Tikhonov <atikhono@redhat.com> Date: Mon, 25 Sep 2023 12:36:09 +0200 Subject: [PATCH 157/280] MC: a couple of additions to 'recover from invalid memory cache size' patch MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Additions to 641e5f73d3bd5b3d32cafd551013d3bfd2a52732 : - handle all invalidations consistently - supply a valid pointer to `sss_mmap_cache_validate_or_reinit()`, not a pointer to a local var Reviewed-by: Pavel Březina <pbrezina@redhat.com> Reviewed-by: Sumit Bose <sbose@redhat.com> (cherry picked from commit 88d8afbb115f18007dcc11f7ebac1b238c3ebd98) --- src/responder/nss/nss_get_object.c | 10 ++--- src/responder/nss/nss_iface.c | 8 ++-- src/responder/nss/nsssrv_mmap_cache.c | 64 ++++++++++++++++++--------- src/responder/nss/nsssrv_mmap_cache.h | 10 ++--- 4 files changed, 56 insertions(+), 36 deletions(-) diff --git a/src/responder/nss/nss_get_object.c b/src/responder/nss/nss_get_object.c index 5d62dd09851..29f9cb59b5a 100644 --- a/src/responder/nss/nss_get_object.c +++ b/src/responder/nss/nss_get_object.c @@ -34,13 +34,13 @@ memcache_delete_entry_by_name(struct sss_nss_ctx *nss_ctx, switch (type) { case SSS_MC_PASSWD: - ret = sss_mmap_cache_pw_invalidate(nss_ctx->pwd_mc_ctx, name); + ret = sss_mmap_cache_pw_invalidate(&nss_ctx->pwd_mc_ctx, name); break; case SSS_MC_GROUP: - ret = sss_mmap_cache_gr_invalidate(nss_ctx->grp_mc_ctx, name); + ret = sss_mmap_cache_gr_invalidate(&nss_ctx->grp_mc_ctx, name); break; case SSS_MC_INITGROUPS: - ret = sss_mmap_cache_initgr_invalidate(nss_ctx->initgr_mc_ctx, name); + ret = sss_mmap_cache_initgr_invalidate(&nss_ctx->initgr_mc_ctx, name); break; default: return EINVAL; @@ -66,10 +66,10 @@ memcache_delete_entry_by_id(struct sss_nss_ctx *nss_ctx, switch (type) { case SSS_MC_PASSWD: - ret = sss_mmap_cache_pw_invalidate_uid(nss_ctx->pwd_mc_ctx, (uid_t)id); + ret = sss_mmap_cache_pw_invalidate_uid(&nss_ctx->pwd_mc_ctx, (uid_t)id); break; case SSS_MC_GROUP: - ret = sss_mmap_cache_gr_invalidate_gid(nss_ctx->grp_mc_ctx, (gid_t)id); + ret = sss_mmap_cache_gr_invalidate_gid(&nss_ctx->grp_mc_ctx, (gid_t)id); break; default: return EINVAL; diff --git a/src/responder/nss/nss_iface.c b/src/responder/nss/nss_iface.c index 07e91aa811b..db743f8b7e6 100644 --- a/src/responder/nss/nss_iface.c +++ b/src/responder/nss/nss_iface.c @@ -78,7 +78,7 @@ sss_nss_update_initgr_memcache(struct sss_nss_ctx *nctx, if (ret == ENOENT || res->count == 0) { /* The user is gone. Invalidate the mc record */ - ret = sss_mmap_cache_pw_invalidate(nctx->pwd_mc_ctx, delete_name); + ret = sss_mmap_cache_pw_invalidate(&nctx->pwd_mc_ctx, delete_name); if (ret != EOK && ret != ENOENT) { DEBUG(SSSDBG_CRIT_FAILURE, "Internal failure in memory cache code: %d [%s]\n", @@ -125,7 +125,7 @@ sss_nss_update_initgr_memcache(struct sss_nss_ctx *nctx, for (i = 0; i < gnum; i++) { id = groups[i]; - ret = sss_mmap_cache_gr_invalidate_gid(nctx->grp_mc_ctx, id); + ret = sss_mmap_cache_gr_invalidate_gid(&nctx->grp_mc_ctx, id); if (ret != EOK && ret != ENOENT) { DEBUG(SSSDBG_CRIT_FAILURE, "Internal failure in memory cache code: %d [%s]\n", @@ -134,7 +134,7 @@ sss_nss_update_initgr_memcache(struct sss_nss_ctx *nctx, } to_sized_string(delete_name, fq_name); - ret = sss_mmap_cache_initgr_invalidate(nctx->initgr_mc_ctx, + ret = sss_mmap_cache_initgr_invalidate(&nctx->initgr_mc_ctx, delete_name); if (ret != EOK && ret != ENOENT) { DEBUG(SSSDBG_CRIT_FAILURE, @@ -208,7 +208,7 @@ sss_nss_memorycache_invalidate_group_by_id(TALLOC_CTX *mem_ctx, DEBUG(SSSDBG_TRACE_LIBS, "Invalidating group %u from memory cache\n", gid); - sss_mmap_cache_gr_invalidate_gid(nctx->grp_mc_ctx, gid); + sss_mmap_cache_gr_invalidate_gid(&nctx->grp_mc_ctx, gid); return EOK; } diff --git a/src/responder/nss/nsssrv_mmap_cache.c b/src/responder/nss/nsssrv_mmap_cache.c index bd814f3bc78..cacdc7cc5f5 100644 --- a/src/responder/nss/nsssrv_mmap_cache.c +++ b/src/responder/nss/nsssrv_mmap_cache.c @@ -701,16 +701,22 @@ static inline void sss_mmap_chain_in_rec(struct sss_mc_ctx *mcc, * generic invalidation ***************************************************************************/ -static errno_t sss_mmap_cache_invalidate(struct sss_mc_ctx *mcc, +static errno_t sss_mmap_cache_validate_or_reinit(struct sss_mc_ctx **_mcc); + +static errno_t sss_mmap_cache_invalidate(struct sss_mc_ctx **_mcc, const struct sized_string *key) { + struct sss_mc_ctx *mcc; struct sss_mc_rec *rec; + int ret; - if (mcc == NULL) { - /* cache not initialized? */ - return EINVAL; + ret = sss_mmap_cache_validate_or_reinit(_mcc); + if (ret != EOK) { + return ret; } + mcc = *_mcc; + rec = sss_mc_find_record(mcc, key); if (rec == NULL) { /* nothing to invalidate */ @@ -785,7 +791,7 @@ errno_t sss_mmap_cache_pw_store(struct sss_mc_ctx **_mcc, const struct sized_string *homedir, const struct sized_string *shell) { - struct sss_mc_ctx *mcc = *_mcc; + struct sss_mc_ctx *mcc; struct sss_mc_rec *rec; struct sss_mc_pwd_data *data; struct sized_string uidkey; @@ -795,11 +801,13 @@ errno_t sss_mmap_cache_pw_store(struct sss_mc_ctx **_mcc, size_t pos; int ret; - ret = sss_mmap_cache_validate_or_reinit(&mcc); + ret = sss_mmap_cache_validate_or_reinit(_mcc); if (ret != EOK) { return ret; } + mcc = *_mcc; + ret = snprintf(uidstr, 11, "%ld", (long)uid); if (ret > 10) { return EINVAL; @@ -851,14 +859,15 @@ errno_t sss_mmap_cache_pw_store(struct sss_mc_ctx **_mcc, return EOK; } -errno_t sss_mmap_cache_pw_invalidate(struct sss_mc_ctx *mcc, +errno_t sss_mmap_cache_pw_invalidate(struct sss_mc_ctx **_mcc, const struct sized_string *name) { - return sss_mmap_cache_invalidate(mcc, name); + return sss_mmap_cache_invalidate(_mcc, name); } -errno_t sss_mmap_cache_pw_invalidate_uid(struct sss_mc_ctx *mcc, uid_t uid) +errno_t sss_mmap_cache_pw_invalidate_uid(struct sss_mc_ctx **_mcc, uid_t uid) { + struct sss_mc_ctx *mcc; struct sss_mc_rec *rec = NULL; struct sss_mc_pwd_data *data; uint32_t hash; @@ -866,11 +875,13 @@ errno_t sss_mmap_cache_pw_invalidate_uid(struct sss_mc_ctx *mcc, uid_t uid) char *uidstr; errno_t ret; - ret = sss_mmap_cache_validate_or_reinit(&mcc); + ret = sss_mmap_cache_validate_or_reinit(_mcc); if (ret != EOK) { return ret; } + mcc = *_mcc; + uidstr = talloc_asprintf(NULL, "%ld", (long)uid); if (!uidstr) { return ENOMEM; @@ -927,7 +938,7 @@ int sss_mmap_cache_gr_store(struct sss_mc_ctx **_mcc, gid_t gid, size_t memnum, const char *membuf, size_t memsize) { - struct sss_mc_ctx *mcc = *_mcc; + struct sss_mc_ctx *mcc; struct sss_mc_rec *rec; struct sss_mc_grp_data *data; struct sized_string gidkey; @@ -937,11 +948,13 @@ int sss_mmap_cache_gr_store(struct sss_mc_ctx **_mcc, size_t pos; int ret; - ret = sss_mmap_cache_validate_or_reinit(&mcc); + ret = sss_mmap_cache_validate_or_reinit(_mcc); if (ret != EOK) { return ret; } + mcc = *_mcc; + ret = snprintf(gidstr, 11, "%ld", (long)gid); if (ret > 10) { return EINVAL; @@ -989,14 +1002,15 @@ int sss_mmap_cache_gr_store(struct sss_mc_ctx **_mcc, return EOK; } -errno_t sss_mmap_cache_gr_invalidate(struct sss_mc_ctx *mcc, +errno_t sss_mmap_cache_gr_invalidate(struct sss_mc_ctx **_mcc, const struct sized_string *name) { - return sss_mmap_cache_invalidate(mcc, name); + return sss_mmap_cache_invalidate(_mcc, name); } -errno_t sss_mmap_cache_gr_invalidate_gid(struct sss_mc_ctx *mcc, gid_t gid) +errno_t sss_mmap_cache_gr_invalidate_gid(struct sss_mc_ctx **_mcc, gid_t gid) { + struct sss_mc_ctx *mcc; struct sss_mc_rec *rec = NULL; struct sss_mc_grp_data *data; uint32_t hash; @@ -1004,11 +1018,13 @@ errno_t sss_mmap_cache_gr_invalidate_gid(struct sss_mc_ctx *mcc, gid_t gid) char *gidstr; errno_t ret; - ret = sss_mmap_cache_validate_or_reinit(&mcc); + ret = sss_mmap_cache_validate_or_reinit(_mcc); if (ret != EOK) { return ret; } + mcc = *_mcc; + gidstr = talloc_asprintf(NULL, "%ld", (long)gid); if (!gidstr) { return ENOMEM; @@ -1061,7 +1077,7 @@ errno_t sss_mmap_cache_initgr_store(struct sss_mc_ctx **_mcc, uint32_t num_groups, const uint8_t *gids_buf) { - struct sss_mc_ctx *mcc = *_mcc; + struct sss_mc_ctx *mcc; struct sss_mc_rec *rec; struct sss_mc_initgr_data *data; size_t data_len; @@ -1069,11 +1085,13 @@ errno_t sss_mmap_cache_initgr_store(struct sss_mc_ctx **_mcc, size_t pos; int ret; - ret = sss_mmap_cache_validate_or_reinit(&mcc); + ret = sss_mmap_cache_validate_or_reinit(_mcc); if (ret != EOK) { return ret; } + mcc = *_mcc; + /* array of gids + name + unique_name */ data_len = num_groups * sizeof(uint32_t) + name->len + unique_name->len; rec_len = sizeof(struct sss_mc_rec) + sizeof(struct sss_mc_initgr_data) @@ -1119,10 +1137,10 @@ errno_t sss_mmap_cache_initgr_store(struct sss_mc_ctx **_mcc, return EOK; } -errno_t sss_mmap_cache_initgr_invalidate(struct sss_mc_ctx *mcc, +errno_t sss_mmap_cache_initgr_invalidate(struct sss_mc_ctx **_mcc, const struct sized_string *name) { - return sss_mmap_cache_invalidate(mcc, name); + return sss_mmap_cache_invalidate(_mcc, name); } errno_t sss_mmap_cache_sid_store(struct sss_mc_ctx **_mcc, @@ -1131,18 +1149,20 @@ errno_t sss_mmap_cache_sid_store(struct sss_mc_ctx **_mcc, uint32_t type, bool explicit_lookup) { - struct sss_mc_ctx *mcc = *_mcc; + struct sss_mc_ctx *mcc; struct sss_mc_rec *rec; struct sss_mc_sid_data *data; char idkey[16]; size_t rec_len; int ret; - ret = sss_mmap_cache_validate_or_reinit(&mcc); + ret = sss_mmap_cache_validate_or_reinit(_mcc); if (ret != EOK) { return ret; } + mcc = *_mcc; + ret = snprintf(idkey, sizeof(idkey), "%d-%ld", (type == SSS_ID_TYPE_GID) ? SSS_ID_TYPE_GID : SSS_ID_TYPE_UID, (long)id); diff --git a/src/responder/nss/nsssrv_mmap_cache.h b/src/responder/nss/nsssrv_mmap_cache.h index 686b8e1b219..28ee5adb643 100644 --- a/src/responder/nss/nsssrv_mmap_cache.h +++ b/src/responder/nss/nsssrv_mmap_cache.h @@ -63,17 +63,17 @@ errno_t sss_mmap_cache_sid_store(struct sss_mc_ctx **_mcc, uint32_t type, /* enum sss_id_type*/ bool explicit_lookup); /* false ~ by_id(), true ~ by_uid/gid() */ -errno_t sss_mmap_cache_pw_invalidate(struct sss_mc_ctx *mcc, +errno_t sss_mmap_cache_pw_invalidate(struct sss_mc_ctx **_mcc, const struct sized_string *name); -errno_t sss_mmap_cache_pw_invalidate_uid(struct sss_mc_ctx *mcc, uid_t uid); +errno_t sss_mmap_cache_pw_invalidate_uid(struct sss_mc_ctx **_mcc, uid_t uid); -errno_t sss_mmap_cache_gr_invalidate(struct sss_mc_ctx *mcc, +errno_t sss_mmap_cache_gr_invalidate(struct sss_mc_ctx **_mcc, const struct sized_string *name); -errno_t sss_mmap_cache_gr_invalidate_gid(struct sss_mc_ctx *mcc, gid_t gid); +errno_t sss_mmap_cache_gr_invalidate_gid(struct sss_mc_ctx **_mcc, gid_t gid); -errno_t sss_mmap_cache_initgr_invalidate(struct sss_mc_ctx *mcc, +errno_t sss_mmap_cache_initgr_invalidate(struct sss_mc_ctx **_mcc, const struct sized_string *name); errno_t sss_mmap_cache_reinit(TALLOC_CTX *mem_ctx, From ede391c26fc4c5610e30726adf937cff47b17b41 Mon Sep 17 00:00:00 2001 From: Justin Stephenson <jstephen@redhat.com> Date: Tue, 26 Sep 2023 16:24:16 -0400 Subject: [PATCH 158/280] Passkey: Increase conv message size for prompting Size needs to handle the prompts for interactive, touch, pin prompt, and kerberos pre-auth warning message which could all be displayed. Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com> Reviewed-by: Sumit Bose <sbose@redhat.com> (cherry picked from commit 6f8f7c82b2b38220d99395d5d2732281b3cf1867) --- src/sss_client/pam_sss.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/sss_client/pam_sss.c b/src/sss_client/pam_sss.c index 2cc43c3ff77..a1c35360484 100644 --- a/src/sss_client/pam_sss.c +++ b/src/sss_client/pam_sss.c @@ -1849,8 +1849,8 @@ static int prompt_passkey(pam_handle_t *pamh, struct pam_items *pi, { int ret; const struct pam_conv *conv; - const struct pam_message *mesg[3] = { NULL, NULL, NULL }; - struct pam_message m[3] = { {0}, {0}, {0} }; + const struct pam_message *mesg[4] = { NULL, NULL, NULL, NULL }; + struct pam_message m[4] = { {0}, {0}, {0}, {0} }; struct pam_response *resp = NULL; bool kerberos_preauth; bool prompt_pin; From 583daff7d84c253132b360ce5123d1c76c5981a4 Mon Sep 17 00:00:00 2001 From: Patrik Rosecky <prosecky@redhat.com> Date: Tue, 26 Sep 2023 07:30:11 +0200 Subject: [PATCH 159/280] Tests: converted alltests/test_pasword_policy.py to tests/test_ldap.py MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com> Reviewed-by: Jakub Vávra <jvavra@redhat.com> (cherry picked from commit 64422699aed9a0024d39af00462c22dc47a8dfac) --- .../alltests/test_password_policy.py | 4 + src/tests/system/tests/test_ldap.py | 96 ++++++++++++++++++- 2 files changed, 98 insertions(+), 2 deletions(-) diff --git a/src/tests/multihost/alltests/test_password_policy.py b/src/tests/multihost/alltests/test_password_policy.py index 3d9ef2b6d4d..418258be497 100644 --- a/src/tests/multihost/alltests/test_password_policy.py +++ b/src/tests/multihost/alltests/test_password_policy.py @@ -22,6 +22,7 @@ class TestPasswordCheck(object): """ This is test case class for password policy test suite """ + @pytest.mark.converted('test_ldap.py', 'test_ldap__change_password') @staticmethod @pytest.mark.tier2 def test_0001_changeuserpass(multihost): @@ -58,6 +59,7 @@ def test_0001_changeuserpass(multihost): assert ssh, f'{user} is not able to login.' assert change_pass_old == 3 + @pytest.mark.converted('test_ldap.py', 'test_ldap__change_password_new_pass_not_match') @staticmethod @pytest.mark.tier2 def test_0002_newpassnotmatch(multihost): @@ -84,6 +86,7 @@ def test_0002_newpassnotmatch(multihost): 'bumblebee') assert change_pass == 5 + @pytest.mark.converted('test_ldap.py', 'test_ldap__change_password_lowercase') @staticmethod @pytest.mark.tier2 def test_0003_smallnewpass(multihost): @@ -116,6 +119,7 @@ def test_0003_smallnewpass(multihost): '/var/log/secure') assert log1.search(test_str_log.decode()) + @pytest.mark.converted('test_ldap.py', 'test_ldap__change_password_wrong_current') @staticmethod @pytest.mark.tier2 def test_0004_wrongcurrentpass(multihost): diff --git a/src/tests/system/tests/test_ldap.py b/src/tests/system/tests/test_ldap.py index d3c007e3d3e..b94a7c6a96f 100644 --- a/src/tests/system/tests/test_ldap.py +++ b/src/tests/system/tests/test_ldap.py @@ -12,6 +12,7 @@ from sssd_test_framework.topology import KnownTopology +@pytest.mark.ticket(bz=[795044, 1695574]) @pytest.mark.importance("critical") @pytest.mark.authentication @pytest.mark.parametrize("modify_mode", ["exop", "ldap_modify"]) @@ -20,7 +21,7 @@ def test_ldap__change_password(client: Client, ldap: LDAP, modify_mode: str): """ :title: Change password with "ldap_pwmodify_mode" set to @modify_mode :setup: - 1. Add user to SSSD, set his password + 1. Add user to LDAP, set his password 2. Allow user to change his password 3. Set "ldap_pwmodify_mode" 4. Start SSSD @@ -34,7 +35,7 @@ def test_ldap__change_password(client: Client, ldap: LDAP, modify_mode: str): 2. Password is changed successfully 3. User is authenticated 4. User is not authenticated - :customerscenario: False + :customerscenario: True """ user = "user1" old_pass = "Secret123" @@ -52,3 +53,94 @@ def test_ldap__change_password(client: Client, ldap: LDAP, modify_mode: str): assert client.auth.ssh.password(user, new_pass), "Authentication with new correct password failed" assert not client.auth.ssh.password(user, old_pass), "Authentication with old incorrect password did not fail" + + +@pytest.mark.ticket(bz=[795044, 1695574]) +@pytest.mark.parametrize("modify_mode", ["exop", "ldap_modify"]) +@pytest.mark.topology(KnownTopology.LDAP) +def test_ldap__change_password_new_pass_not_match(client: Client, ldap: LDAP, modify_mode: str): + """ + :title: Change password with "ldap_pwmodify_mode" set to @modify_mode, but retyped password do not match + :setup: + 1. Add user to LDAP, set his password + 2. Allow user to change his password + 3. Set "ldap_pwmodify_mode" + 4. Start SSSD + :steps: + 1. Change password to new password, but retyped password is different + :expectedresults: + 1. Password change is not successful + :customerscenario: True + """ + ldap.user("user1").add(password="Secret123") + ldap.aci.add('(targetattr="userpassword")(version 3.0; acl "pwp test"; allow (all) userdn="ldap:///self";)') + + client.sssd.domain["ldap_pwmodify_mode"] = modify_mode + client.sssd.start() + + assert not client.auth.passwd.password( + "user1", "Secret123", "Red123", "Hat000" + ), "Password changed successfully, which is not expected" + + +@pytest.mark.ticket(bz=[795044, 1695574, 1795220]) +@pytest.mark.parametrize("modify_mode", ["exop", "ldap_modify"]) +@pytest.mark.topology(KnownTopology.LDAP) +def test_ldap__change_password_lowercase(client: Client, ldap: LDAP, modify_mode: str): + """ + :title: Change password to lower-case letters, password check fail + :setup: + 1. Add user to LDAP, set his password + 2. Allow user to change his password + 3. Set "passwordCheckSyntax" to "on" + 4. Set "ldap_pwmodify_mode" + 5. Start SSSD + :steps: + 1. Change password to new password, but all letters are lower-case + 2. Check logs + :expectedresults: + 1. Password change failed + 2. Password change failure is logged + :customerscenario: True + """ + ldap.user("user1").add(password="Secret123") + ldap.aci.add('(targetattr="userpassword")(version 3.0; acl "pwp test"; allow (all) userdn="ldap:///self";)') + ldap.ldap.modify("cn=config", replace={"passwordCheckSyntax": "on"}) + + client.sssd.domain["ldap_pwmodify_mode"] = modify_mode + client.sssd.start() + + assert not client.auth.passwd.password( + "user1", "Secret123", "red_32" + ), "Password changed successfully, which is not expected" + + assert ( + "pam_sss(passwd:chauthtok): User info message: Password change failed." + in client.host.ssh.run("journalctl").stdout + ) + + +@pytest.mark.ticket(bz=[1695574, 1795220]) +@pytest.mark.parametrize("modify_mode", ["exop", "ldap_modify"]) +@pytest.mark.topology(KnownTopology.LDAP) +def test_ldap__change_password_wrong_current(client: Client, ldap: LDAP, modify_mode: str): + """ + :title: Password change failed because an incorrect password was used + :setup: + 1. Add user to LDAP, set his password + 2. Allow user to change his password + 3. Set "ldap_pwmodify_mode" + 4. Start SSSD + :steps: + 1. Change password to new password, but enter wrong password + :expectedresults: + 1. Password change is not successful + :customerscenario: True + """ + ldap.user("user1").add(password="Secret123") + ldap.aci.add('(targetattr="userpassword")(version 3.0; acl "pwp test"; allow (all) userdn="ldap:///self";)') + + client.sssd.domain["ldap_pwmodify_mode"] = modify_mode + client.sssd.start() + + assert not client.auth.passwd.password("user1", "wrong123", "Newpass123"), "Password change did not fail" From 6bba653c62982c2467851f3cc1f32756ace115bd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com> Date: Mon, 25 Sep 2023 18:01:32 +0200 Subject: [PATCH 160/280] ci: install latest SSSD code on IPA server This allows us to test changes to the server mode as well. Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com> Reviewed-by: Justin Stephenson <jstephen@redhat.com> (cherry picked from commit 9dccf7ff61c6dda89300cd36c62830dfff1687ad) --- .github/workflows/ci.yml | 29 ++++++++++++++++++++++++++--- 1 file changed, 26 insertions(+), 3 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 95b0732116c..4da87e45562 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -276,12 +276,22 @@ jobs: - /dev/shm volumes: - ../sssd:/sssd:rw + ipa: + image: ${REGISTRY}/ci-ipa-devel:${TAG} + shm_size: 4G + tmpfs: + - /dev/shm + volumes: + - ../sssd:/sssd:rw - - name: Build SSSD on the client + - name: Build SSSD on the client and IPA uses: SSSD/sssd-ci-containers/actions/exec@master with: log-file: build.log working-directory: /sssd + where: | + client + ipa script: | #!/bin/bash set -ex @@ -294,22 +304,35 @@ jobs: /sssd/configure --enable-silent-rules make rpms - - name: Install SSSD on the client + - name: Install SSSD on the client and IPA uses: SSSD/sssd-ci-containers/actions/exec@master with: log-file: install.log user: root + where: | + client + ipa script: | #!/bin/bash set -ex - dnf remove -y --noautoremove sssd\* dnf install -y /dev/shm/sssd/rpmbuild/RPMS/*/*.rpm rm -fr /dev/shm/sssd # We need to reenable sssd-kcm since it was disabled by removing sssd not not enabled again systemctl enable --now sssd-kcm.socket + - name: Restart SSSD on IPA server + uses: SSSD/sssd-ci-containers/actions/exec@master + with: + user: root + where: ipa + script: | + #!/bin/bash + set -ex + + systemctl restart sssd || systemctl status sssd + - name: Install system tests dependencies shell: bash working-directory: ./sssd/src/tests/system From b8b2bfaf1e1ae64c647fa6bd35feb56226c436ad Mon Sep 17 00:00:00 2001 From: Patrik Rosecky <prosecky@redhat.com> Date: Tue, 5 Sep 2023 11:08:32 +0200 Subject: [PATCH 161/280] Tests: alltest/test_sssctl_local.py converted to system/tests/sssctl.py MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Reviewed-by: Justin Stephenson <jstephen@redhat.com> Reviewed-by: Tomáš Halman <thalman@redhat.com> (cherry picked from commit 620af3b3fe160199fa92f49bd03abc91a37a04d7) --- .../multihost/alltests/test_sssctl_local.py | 3 + src/tests/system/tests/test_sss_cache.py | 45 ++++++++++++ src/tests/system/tests/test_sssctl.py | 69 +++++++++++++++++++ 3 files changed, 117 insertions(+) create mode 100644 src/tests/system/tests/test_sss_cache.py diff --git a/src/tests/multihost/alltests/test_sssctl_local.py b/src/tests/multihost/alltests/test_sssctl_local.py index bd322e46cbf..274c2cdb9c7 100644 --- a/src/tests/multihost/alltests/test_sssctl_local.py +++ b/src/tests/multihost/alltests/test_sssctl_local.py @@ -23,6 +23,7 @@ class Testsssctl(object): """ This is test case class for sssctl suite """ + @pytest.mark.converted('test_sssctl.py', 'test_sssctl__user_show_cache_expiration_time') @pytest.mark.tier1_2 def test_0001_bz1640576(self, multihost, backupsssdconf, @@ -50,6 +51,7 @@ def test_0001_bz1640576(self, multihost, assert 'Cache entry expiration time: Never'\ in cmd.stdout_text + @pytest.mark.converted('test_sssctl.py', 'test_sssctl__handle_implicit_domain') @pytest.mark.tier1_2 def test_0002_bz1599207(self, multihost, backupsssdconf, @@ -79,6 +81,7 @@ def test_0002_bz1599207(self, multihost, assert 'Cache entry creation date' in \ cmd.stdout_text and cmd.returncode == 0 + @pytest.mark.converted('test_sss_cache.py', 'test_sss_cache__cache_expire_message') @pytest.mark.tier1_2 def test_0003_bz1661182(self, multihost, backupsssdconf): diff --git a/src/tests/system/tests/test_sss_cache.py b/src/tests/system/tests/test_sss_cache.py new file mode 100644 index 00000000000..88f0a93a295 --- /dev/null +++ b/src/tests/system/tests/test_sss_cache.py @@ -0,0 +1,45 @@ +""" +sss_cache tests. + +:requirement: IDM-SSSD-REQ: Status utility +""" + +from __future__ import annotations + +import pytest +from pytest_mh.ssh import SSHProcessError +from sssd_test_framework.roles.client import Client +from sssd_test_framework.topology import KnownTopology + + +@pytest.mark.ticket(bz=1661182) +@pytest.mark.topology(KnownTopology.Client) +def test_sss_cache__cache_expire_message(client: Client): + """ + :title: sss_cache do not print fake error messages + :setup: + 1. Configure SSSD without any domain + 2. Set to sssd section "enable_files_domain" to "false" + 3. Create local user + :steps: + 1. Restart SSSD + 2. Modify existing local user + 3. Expire cache with specific options + :expectedresults: + 1. Error is raised, SSSD is not running + 2. Modified successfully + 3. Output did not contain wrong messages + :customerscenario: True + """ + client.sssd.sssd["enable_files_domain"] = "false" + client.local.user("user1").add() + + with pytest.raises(SSHProcessError): + client.sssd.restart() + + res = client.host.ssh.run("usermod -a -G wheel user1") + assert "No domains configured, fatal error!" not in res.stdout + + for cmd in ("sss_cache -U", "sss_cache -G", "sss_cache -E", "sss_cache --user=nonexisting"): + res = client.host.ssh.run(cmd) + assert "No domains configured, fatal error!" not in res.stdout diff --git a/src/tests/system/tests/test_sssctl.py b/src/tests/system/tests/test_sssctl.py index 26cae37fddf..1af1db55cc3 100644 --- a/src/tests/system/tests/test_sssctl.py +++ b/src/tests/system/tests/test_sssctl.py @@ -71,3 +71,72 @@ def test_sssctl__check_invalid_id_provider(client: Client): "[rule/sssd_checks]: Attribute 'id_provider' in section 'domain/test' has an invalid value: invalid" in output.stdout_lines[1] ) + + +@pytest.mark.ticket(bz=1640576) +@pytest.mark.builtwith("files-provider") +@pytest.mark.topology(KnownTopology.Client) +def test_sssctl__user_show_cache_expiration_time(client: Client): + """ + :title: sssctl user-show reports correct expiration time of local user + :setup: + 1. Add local users + 2. Configure local domain + 3. Start SSSD + :steps: + 1. Call sssctl user-show $user + 2. Check correct output + :expectedresults: + 1. Called successfully + 2. Output is as expected + :customerscenario: True + """ + client.local.user("local1").add() + client.local.user("local2").add() + client.local.user("local3").add() + + client.sssd.common.local() + client.sssd.default_domain = "local" + client.sssd.domain["id_provider"] = "files" + client.sssd.domain["passwd_files"] = "/etc/passwd" + + client.sssd.start() + + for user in {"local1", "local2", "local3"}: + cmd = client.sssctl.user_show(user=user) + assert cmd.rc == 0, "Command call failed" + assert "Cache entry expiration time: Never" in cmd.stdout, "Wrong output" + + +@pytest.mark.ticket(bz=1599207) +@pytest.mark.builtwith("files-provider") +@pytest.mark.topology(KnownTopology.Client) +def test_sssctl__handle_implicit_domain(client: Client): + """ + :title: sssctl handle implicit domain + :setup: + 1. Add local users + 2. Set sssd "enable_files_domain" to "true" + 3. Start SSSD + :steps: + 1. Call getent passwd user -s sss + 2. Call sssctl user-show --user=$user + 3. Check correct output + :expectedresults: + 1. Called successfully + 2. Called successfully + 3. Output is correct + :customerscenario: True + """ + client.local.user("local1").add() + client.local.user("local2").add() + client.local.user("local3").add() + + client.sssd.sssd["enable_files_domain"] = "true" + client.sssd.start() + + for user in {"local1", "local2", "local3"}: + assert client.tools.getent.passwd(user, service="sss") is not None + cmd = client.sssctl.user_show(user=user) + assert cmd.rc == 0 + assert "Cache entry creation date" in cmd.stdout From 7a53c7ac74c7b5a11b53621be993ce1c7779c088 Mon Sep 17 00:00:00 2001 From: Patrik Rosecky <prosecky@redhat.com> Date: Thu, 20 Jul 2023 09:39:42 +0200 Subject: [PATCH 162/280] Tests: multihost/basic/test_files converted Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com> Reviewed-by: Sumit Bose <sbose@redhat.com> (cherry picked from commit ea7273b3d4e93f7cdf5bb6f5defcf1bd38659f8d) --- src/tests/multihost/basic/test_files.py | 4 + src/tests/system/tests/test_files.py | 120 ++++++++++++++++++++++++ 2 files changed, 124 insertions(+) create mode 100644 src/tests/system/tests/test_files.py diff --git a/src/tests/multihost/basic/test_files.py b/src/tests/multihost/basic/test_files.py index f4ab938f7e4..5a1c8c2672c 100644 --- a/src/tests/multihost/basic/test_files.py +++ b/src/tests/multihost/basic/test_files.py @@ -29,6 +29,7 @@ class TestImplicitFilesProvider(object): Test the files provider. This test runs the implicit files provider together with another domain to stick close to what users use in Fedora """ + @pytest.mark.converted('test_files.py', 'test_files__getent_does_not_handle_root') def test_files_does_not_handle_root(self, multihost): """ :title: files: files provider does not handle root @@ -39,6 +40,7 @@ def test_files_does_not_handle_root(self, multihost): exit_status, _ = get_sss_user(multihost, 'root') assert exit_status == 2 + @pytest.mark.converted('test_files.py', 'test_files__simple_getent') def test_files_sanity(self, multihost): """ :title: files: Test that the files provider can resolve a user @@ -49,6 +51,7 @@ def test_files_sanity(self, multihost): exit_status, _ = get_sss_user(multihost, 'lcl1') assert exit_status == 0 + @pytest.mark.converted('test_files.py', 'test_files__enumeration') def test_files_enumeration(self, multihost): """ :title: files: Verify files provider do not enumerate @@ -62,6 +65,7 @@ def test_files_enumeration(self, multihost): cmd = multihost.master[0].run_command('getent passwd -s sss') assert len(cmd.stdout_text) == 0 + @pytest.mark.converted('test_files.py', 'test_files__user_modify') def test_updated_homedir(self, multihost): """ :title: files: Test that homedir is updated diff --git a/src/tests/system/tests/test_files.py b/src/tests/system/tests/test_files.py new file mode 100644 index 00000000000..e6e8d53ea5e --- /dev/null +++ b/src/tests/system/tests/test_files.py @@ -0,0 +1,120 @@ +""" +Files test provider cases + +:requirement: IDM-SSSD-REQ :: SSSD is default for local resolution +""" + +from __future__ import annotations + +import time + +import pytest +from sssd_test_framework.roles.client import Client +from sssd_test_framework.topology import KnownTopology + + +@pytest.mark.builtwith("files-provider") +@pytest.mark.topology(KnownTopology.Client) +def test_files__getent_does_not_handle_root(client: Client): + """ + :title: Getent call doesnt work on root, when service specified as "sss" + :setup: + 1. Enable files domain + 2. Start SSSD + :steps: + 1. getent passwd -s sss root + :expectedresults: + 1. Call failed + :customerscenario: False + """ + client.sssd.sssd["enable_files_domain"] = "true" + client.sssd.start() + + result = client.tools.getent.passwd("root", service="sss") + assert result is None, "Getent call was successful, which is not expected" + + +@pytest.mark.builtwith("files-provider") +@pytest.mark.topology(KnownTopology.Client) +def test_files__simple_getent(client: Client): + """ + :title: Simple getent call + :setup: + 1. Add local user "user1" + 2. Enable files domain + 3. Start SSSD + :steps: + 1. getent passwd -s sss user1 + 2. Check uid of result + :expectedresults: + 1. Call was successful + 2. Uid is correct + :customerscenario: False + """ + client.local.user("user1").add(uid=10001) + client.sssd.sssd["enable_files_domain"] = "true" + client.sssd.start() + + result = client.tools.getent.passwd("user1", service="sss") + assert result is not None, "Getent failed" + assert result.uid == 10001, "Uid is not correct" + + +@pytest.mark.builtwith("files-provider") +@pytest.mark.topology(KnownTopology.Client) +def test_files__enumeration(client: Client): + """ + :title: Files provider should not enumerate + :setup: + 1. Enable files domain + 2. Start SSSD + :steps: + 1. getent passwd -s sss without specified user + :expectedresults: + 1. Output is empty + :customerscenario: False + """ + client.sssd.sssd["enable_files_domain"] = "true" + client.sssd.start() + + result = client.host.ssh.run("getent passwd -s sss") + assert not result.stdout + + +@pytest.mark.builtwith("files-provider") +@pytest.mark.topology(KnownTopology.Client) +def test_files__user_modify(client: Client): + """ + :title: User have his homedir updated, after passwd + :setup: + 1. Add local user "user1" with specified homedir + 2. Enable files domain + 3. Start SSSD + :steps: + 1. getent passwd -s sss user1 + 2. Check that homedir is correct + 3. Modify user1's homedir + 4. Wait for changes to be propagated + 5. Check that homedir is correct + :expectedresults: + 1. Call is successful + 2. homedir is correct + 3. homedir modified successfully + 4. Slept well + 5. homedir is updated correctly + :customerscenario: False + """ + client.local.user("user1").add(password="Secret123", home="/tmp") + client.sssd.sssd["enable_files_domain"] = "true" + client.sssd.start() + + result = client.tools.getent.passwd("user1", service="sss") + assert result is not None + assert result.home == "/tmp" + + client.local.user("user1").modify(home="/home/user1") + + time.sleep(1) + result = client.tools.getent.passwd("user1", service="sss") + assert result is not None + assert result.home == "/home/user1" From df709da527f94a89fdc297fa162035f1a75cb139 Mon Sep 17 00:00:00 2001 From: Madhuri Upadhye <mupadhye@redhat.com> Date: Tue, 21 Mar 2023 00:44:08 +0530 Subject: [PATCH 163/280] tests: add passkey tests for sssctl and non-kerberos authentication MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit 1. Register a key with sssctl 2. Register a key with IPA sssctl command 3. Check authentication of user with IPA, LDAP, AD and Samba All tests cases automated with umockdev. Signed-off-by: Madhuri Upadhye <mupadhye@redhat.com> Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com> Reviewed-by: Pavel Březina <pbrezina@redhat.com> Reviewed-by: Jakub Vávra <jvavra@redhat.com> Reviewed-by: Justin Stephenson <jstephen@redhat.com> Reviewed-by: Scott Poore <spoore@redhat.com> (cherry picked from commit 66c0a2d00b872db77d59efb41bac66df0cf04c26) --- .../passkey-mapping | 1 + .../umockdev.script | 23 ++ .../passkey-mapping | 1 + .../umockdev.script | 19 ++ .../test_passkey__su/passkey-mapping.ad | 1 + .../test_passkey__su/passkey-mapping.ipa | 1 + .../test_passkey__su/passkey-mapping.ldap | 1 + .../test_passkey__su/passkey-mapping.samba | 1 + .../test_passkey__su/umockdev.script.ad | 19 ++ .../test_passkey__su/umockdev.script.ipa | 22 ++ .../test_passkey__su/umockdev.script.ldap | 21 ++ .../test_passkey__su/umockdev.script.samba | 19 ++ .../system/data/test_passkey/umockdev.device | 232 ++++++++++++++++++ .../system/data/test_passkey/umockdev.ioctl | 4 + src/tests/system/tests/test_passkey.py | 110 +++++++++ 15 files changed, 475 insertions(+) create mode 100644 src/tests/system/data/test_passkey/test_passkey__register__ipa/passkey-mapping create mode 100644 src/tests/system/data/test_passkey/test_passkey__register__ipa/umockdev.script create mode 100644 src/tests/system/data/test_passkey/test_passkey__register__sssctl/passkey-mapping create mode 100644 src/tests/system/data/test_passkey/test_passkey__register__sssctl/umockdev.script create mode 100644 src/tests/system/data/test_passkey/test_passkey__su/passkey-mapping.ad create mode 100644 src/tests/system/data/test_passkey/test_passkey__su/passkey-mapping.ipa create mode 100644 src/tests/system/data/test_passkey/test_passkey__su/passkey-mapping.ldap create mode 100644 src/tests/system/data/test_passkey/test_passkey__su/passkey-mapping.samba create mode 100644 src/tests/system/data/test_passkey/test_passkey__su/umockdev.script.ad create mode 100644 src/tests/system/data/test_passkey/test_passkey__su/umockdev.script.ipa create mode 100644 src/tests/system/data/test_passkey/test_passkey__su/umockdev.script.ldap create mode 100644 src/tests/system/data/test_passkey/test_passkey__su/umockdev.script.samba create mode 100644 src/tests/system/data/test_passkey/umockdev.device create mode 100644 src/tests/system/data/test_passkey/umockdev.ioctl create mode 100644 src/tests/system/tests/test_passkey.py diff --git a/src/tests/system/data/test_passkey/test_passkey__register__ipa/passkey-mapping b/src/tests/system/data/test_passkey/test_passkey__register__ipa/passkey-mapping new file mode 100644 index 00000000000..384aaefda0c --- /dev/null +++ b/src/tests/system/data/test_passkey/test_passkey__register__ipa/passkey-mapping @@ -0,0 +1 @@ +Passkey mapping: passkey:DxUk04JimrbcKKTdjqP8vRMQLA9zCqm/uoHW3HRDIr7ztTbcXzsV2oEc4QCZIMlbEc0ZWiA4HnkEwbzAuOCMDg==,MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEyrxaekpIX7AMw72mH7ZcWpwP4t0GCLccSbMse6HOYvfIatpWJC/oeWJnd4ei7XxpGu7MO2atlupS03kbKFr7VQ== diff --git a/src/tests/system/data/test_passkey/test_passkey__register__ipa/umockdev.script b/src/tests/system/data/test_passkey/test_passkey__register__ipa/umockdev.script new file mode 100644 index 00000000000..f46e9072d68 --- /dev/null +++ b/src/tests/system/data/test_passkey/test_passkey__register__ipa/umockdev.script @@ -0,0 +1,23 @@ +d 0 /dev/hidraw1 + +w 3 ^@^@^H^A^A^A^A^A^A^A^A^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 2 ^@^Q^A^A^A^A^A^A^A^Ag8^B^E^D^C^E^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 2 ^@g8^@^A^D^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 3 g8^@^@^AfU2F_V2hFIDO_2_0lFIDO_2_1_PRE^BkcredProtectkhmac-secrg8^@et^CP/W^SG^VZ *^DbrkbupdplaticlientPinucredentialMg8^AgmtPreview^E^Y^D^F^B^A^G^H^H^X^Icnfccusb^Jcalg&dtypejpublic-keyg8^Bcalg'dtypejpublic-key^M^D^N^Z^@^E^D^C^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 3582 ^@g8^@^F^F^A^B^B^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 2 g8^@Q^@^A^A^B^C8^X ^A!X m^W-(l9۝W`^B{eNȈeT@=^\"X >^Rg8^@^OOP^H6^K4^Y^JMn^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 6 ^@g8^@x^F^A^B^B^E^C^A^B^C8^X ^A!X 3B1ˠ^S^\^Ev,^P<Rij,Q\b"X [^M^J^@g8^@G85Q\^\^U^EQ!^FX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^I^K^RBc^@g8^Ah^F"^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 79 g8^@5^@^BX0D͖J?^OG{lD^O^@^DDO`^[^W!5^@^@^@^@ +w 1 ^@g8^@^A^AX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^Bbidhipa.testdnameh^@g8^@ipa.test^CbidX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^Adnameeuser1^D^@g8^Acalg&dtypejpublic-key^HX 4Asa2.^F؎^\2@z30̲^I^@g8^B^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 199 g8^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 287 g8^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 289 g8^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 290 g8^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 g8^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 287 g8^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 289 g8^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 289 g8^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 g8^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 289 g8^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 g8^@^A^A^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 291 g8^@^A^A^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@g8^D^H^@^Afpacked^BXĜ^@|Dږ^Qx??d^Q/N4/oC}.[E^@^@^@^B/W^SGg8^@^VZ *^@@^O^U$ӂb(ݎ^S^P,^Os^JtC"6_;^Uځ^\^@ [g8^A^Q^YZ 8^^y^D^N^A^B^C& ^A!X ʼZzJH_^Lý^_\Z^O^F^H^\I,{b"g8^BX jV$/ybgw|i^Z;fRy^[(ZU^Ccalg&csigXF0D^B >]^KRg8^C$wJˡƲ婟Cx^RV^B ^A>nnUU0Q\]՟^CGcg8^Dx5cY^B0^B0^A^C^B^A^B^B^I^@9*7_80^M^F^I*H^M^A^A^K^E^@0.1,0*^F^CU^D^C^S#g8^EYubico U2F Root CA Serial 4572006310 ^W^M140801000000Z^X^O20500g8^F904000000Z0n1^K0^I^F^CU^D^F^S^BSE1^R0^P^F^CU^D^J^L^IYubico AB1"0 ^F^CU^D^K^L^YAutg8^Ghenticator Attestation1'0%^F^CU^D^C^L^^Yubico U2F EE Serial 92551g8^H41600Y0^S^F^G*H=^B^A^F^H*H=^C^A^G^CB^@^DS0^Nȣ\^G2V^FL$]^MSX^Kg8^IsG^O^W^Uyyhp\^W^C&oۆ^U#£00^S^F^J+^F^A^D^A^J^M^A^D^E^D^Cg8^J^E^D^C0"^F^I+^F^A^D^A^J^B^D^U1.3.6.1.4.1.41482.1.70^S^F^K+^F^A^D^A^\^B^A^A^D^D^C^B^Dg8^K00!^F^K+^F^A^D^A^\^A^A^D^D^R^D^P/W^SG^VZ *0^L^F^CU^]^S^A^A^D^B0^@0^M^F^I*Hg8^L^M^A^A^K^E^@^C^A^A^@^Ai1d;I^O!/X,H^\_^X"t9e>3J]^KbP^N^D<ԓg8^MpI^Hw^J^P=^VN^Rr`C6"̜j^G-x'^_^A^^jE| {V^Rg|%51g8^NKөuԼd~^R,޵/u^T^@\b^_*G^Hۨy%M^V:E*DN^T^YvX6^N^M^`g8^OE^V^N)"L^HP`nw<\S~rOoL*2r?Q^H.k[]ȊLDNEg8^P;31V^P~#6!^K((g!B^Kv^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ \ No newline at end of file diff --git a/src/tests/system/data/test_passkey/test_passkey__register__sssctl/passkey-mapping b/src/tests/system/data/test_passkey/test_passkey__register__sssctl/passkey-mapping new file mode 100644 index 00000000000..69c3757b81c --- /dev/null +++ b/src/tests/system/data/test_passkey/test_passkey__register__sssctl/passkey-mapping @@ -0,0 +1 @@ +passkey:P4FxRBaZKEWiwC9bUt4TSsEla4S3S5rRNsQ5uZQjNO6R7hcBQkE52/v7CUXA6Jm/pXcU3XesaslZGiV+RswjkA==,MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE6n4ktkd2yTcxqcQhXpHhs1AXLQGXAB1fWwFmb9gYOngjkT+ENUZGbA78IqVrRZBWGu2YJBPWo7UuamPsLcYCww== diff --git a/src/tests/system/data/test_passkey/test_passkey__register__sssctl/umockdev.script b/src/tests/system/data/test_passkey/test_passkey__register__sssctl/umockdev.script new file mode 100644 index 00000000000..9e04a725cc5 --- /dev/null +++ b/src/tests/system/data/test_passkey/test_passkey__register__sssctl/umockdev.script @@ -0,0 +1,19 @@ +d 0 /dev/hidraw1 + +w 2 ^@^@^H^A^A^A^A^A^A^A^A^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 3 ^@^Q^A^A^A^A^A^A^A^A2qu^B^E^D^C^E^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 1 ^@2qu^@^A^D^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 3 2qu^@^@^AfU2F_V2hFIDO_2_0lFIDO_2_1_PRE^BkcredProtectkhmac-secr2qu^@et^CP/W^SG^VZ *^DbrkbupdplaticlientPinucredentialM2qu^AgmtPreview^E^Y^D^F^B^A^G^H^H^X^Icnfccusb^Jcalg&dtypejpublic-key2qu^Bcalg'dtypejpublic-key^M^D^N^Z^@^E^D^C^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 3645 ^@2qu^@^F^F^A^B^B^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 3 2qu^@Q^@^A^A^B^C8^X ^A!X m^W-(l9۝W`^B{eNȈeT@=^\"X >^R2qu^@^OOP^H6^K4^Y^JMn^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 5 ^@2qu^@x^F^A^B^B^E^C^A^B^C8^X ^A!X 3B1ˠ^S^\^Ev,^P<Rij,Q\b"X [^M^J^@2qu^@G85Q\^\^U^EQ!^FX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^I^K^RBc^@2qu^Ah^F"^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 79 2qu^@5^@^BX0H^E^K%_^CKESA˿nÿI^G^Dj^XA^K^M;\Yxp^@^@^@^@ +w 1 ^@2qu^@^A^AX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^Bbidildap.testdname^@2qu^@ildap.test^CbidX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^Adnameeuser^@2qu^A1^Dcalg&dtypejpublic-key^HX 4Asa2.^F؎^\2@z30̲^@2qu^B^I^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 231 2qu^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 290 2qu^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 2qu^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 2qu^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 290 2qu^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 2qu^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 290 2qu^@^A^A^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 170 2qu^D^H^@^Afpacked^BXD^^^W^D@+0w7-яD^I^E^H7E^@^@^@^A/W^SG2qu^@^VZ *^@@?qD^V(E/[R^SJ%kK69#4^W^ABA9^IE虿2qu^Aw^TwjY^Z%~F#^A^B^C& ^A!X ~$Gv71!^`P^W-^A^@^]_[^Afo^X:x"2qu^BX #?5FFl^N"kEV^Z$^S֣.jc-^B^Ccalg&csigXF0D^B ^Y1Q]2qu^CC^I>^PyIlr}^A\^L.?^B X9S^N鵭8t^\"2:[c2qu^Dx5cY^B0^B0^A^C^B^A^B^B^I^@9*7_80^M^F^I*H^M^A^A^K^E^@0.1,0*^F^CU^D^C^S#2qu^EYubico U2F Root CA Serial 4572006310 ^W^M140801000000Z^X^O205002qu^F904000000Z0n1^K0^I^F^CU^D^F^S^BSE1^R0^P^F^CU^D^J^L^IYubico AB1"0 ^F^CU^D^K^L^YAut2qu^Ghenticator Attestation1'0%^F^CU^D^C^L^^Yubico U2F EE Serial 925512qu^H41600Y0^S^F^G*H=^B^A^F^H*H=^C^A^G^CB^@^DS0^Nȣ\^G2V^FL$]^MSX^K2qu^IsG^O^W^Uyyhp\^W^C&oۆ^U#£00^S^F^J+^F^A^D^A^J^M^A^D^E^D^C2qu^J^E^D^C0"^F^I+^F^A^D^A^J^B^D^U1.3.6.1.4.1.41482.1.70^S^F^K+^F^A^D^A^\^B^A^A^D^D^C^B^D2qu^K00!^F^K+^F^A^D^A^\^A^A^D^D^R^D^P/W^SG^VZ *0^L^F^CU^]^S^A^A^D^B0^@0^M^F^I*H2qu^L^M^A^A^K^E^@^C^A^A^@^Ai1d;I^O!/X,H^\_^X"t9e>3J]^KbP^N^D<ԓ2qu^MpI^Hw^J^P=^VN^Rr`C6"̜j^G-x'^_^A^^jE| {V^Rg|%512qu^NKөuԼd~^R,޵/u^T^@\b^_*G^Hۨy%M^V:E*DN^T^YvX6^N^M^`2qu^OE^V^N)"L^HP`nw<\S~rOoL*2r?Q^H.k[]ȊLDNE2qu^P;31V^P~#6!^K((g!B^Kv^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ \ No newline at end of file diff --git a/src/tests/system/data/test_passkey/test_passkey__su/passkey-mapping.ad b/src/tests/system/data/test_passkey/test_passkey__su/passkey-mapping.ad new file mode 100644 index 00000000000..58f3e1045d6 --- /dev/null +++ b/src/tests/system/data/test_passkey/test_passkey__su/passkey-mapping.ad @@ -0,0 +1 @@ +passkey:Wp075+YqPw9bn3UhyNUa1u0wu8I982JVRxR/cd3KRplwD12NweMI15fMSTclruHiTPdi7i7y9IRGbTRtDWPt4w==,MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEh+6kmCDkIaUiHUx1SobhNo7jP6wUJCBocQP9jxhpM/uBRKNXWUUKNMJwiOp0Nkj/OeSP2xdtLNazs4KEPBk15A== diff --git a/src/tests/system/data/test_passkey/test_passkey__su/passkey-mapping.ipa b/src/tests/system/data/test_passkey/test_passkey__su/passkey-mapping.ipa new file mode 100644 index 00000000000..915689bd654 --- /dev/null +++ b/src/tests/system/data/test_passkey/test_passkey__su/passkey-mapping.ipa @@ -0,0 +1 @@ +passkey:NUZMRUXIb/W8Ij1GqwCDHSCWxt/SxWxckwtQjLYi/X6Y1qZFB+HI8WO6khzAjzsz248kHbaeAf9qfmqfCky1Jg==,MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIasAa8ogjPCKXeA4KY3t0W3xBRmG+E4D+MNoRIAJrYuNLSYtAcOL7DCbIfgc+7c5Y4Mh/FzoEyeumKGYMoyTfg== diff --git a/src/tests/system/data/test_passkey/test_passkey__su/passkey-mapping.ldap b/src/tests/system/data/test_passkey/test_passkey__su/passkey-mapping.ldap new file mode 100644 index 00000000000..82d76d9b590 --- /dev/null +++ b/src/tests/system/data/test_passkey/test_passkey__su/passkey-mapping.ldap @@ -0,0 +1 @@ +passkey:mQEUTWdtDJPELQNTDdxXNHlfIO1qXFf0LVZjWEfyDALFzvLZ4e4XD5bemqq+o3ThrzT6k1I1n3Z2N00GvLSmjQ==,MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEqk7K5VAI7Evr4ar8X82L/sxm/Bnm5Ti31xnLfGO0BipwHucw8+/wT4+6T9j5gdMwZKUcXR4BILpmULEyrcZUfw== diff --git a/src/tests/system/data/test_passkey/test_passkey__su/passkey-mapping.samba b/src/tests/system/data/test_passkey/test_passkey__su/passkey-mapping.samba new file mode 100644 index 00000000000..f602626971f --- /dev/null +++ b/src/tests/system/data/test_passkey/test_passkey__su/passkey-mapping.samba @@ -0,0 +1 @@ +passkey:xYBuvCazxVg5VJ/D2yRI2/3ji86a+yft0W2S/BOF/pIZcwaxJLP1bZjWN7oJa3PP8p2N26yG2Erd90yIGOXocQ==,MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEC1cAEJJW5SVDrCL62BYgtilv4DgkeiEXpNrdsMRk5+Iv5ddP6lgMH5hD98ddFlJX/YhEXdty6UibztVmgO7asQ== diff --git a/src/tests/system/data/test_passkey/test_passkey__su/umockdev.script.ad b/src/tests/system/data/test_passkey/test_passkey__su/umockdev.script.ad new file mode 100644 index 00000000000..e9864e7f2da --- /dev/null +++ b/src/tests/system/data/test_passkey/test_passkey__su/umockdev.script.ad @@ -0,0 +1,19 @@ +d 0 /dev/hidraw1 + +w 4 ^@^@^H^A^A^A^A^A^A^A^A^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 3 ^@^Q^A^A^A^A^A^A^A^A^B^E^D^C^E^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 1 ^@^@^A^D^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 3 ^@^@^AfU2F_V2hFIDO_2_0lFIDO_2_1_PRE^BkcredProtectkhmac-secr^@et^CP/W^SG^VZ *^DbrkbupdplaticlientPinucredentialM^AgmtPreview^E^Y^D^F^B^A^G^H^H^X^Icnfccusb^Jcalg&dtypejpublic-key^Bcalg'dtypejpublic-key^M^D^N^Z^@^E^D^C^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 1 ^@^@^B^Agad.test^BX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^CbidX@Z;^@^@*?^O[u!^Z0=bUG^TqFp^O]^HחI7%Lb.Fm4m^Mc^@^Adtypejpublic-key^Ebup^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 83 ^@^@^AbidX@Z;*?^O[u!^Z0=bUG^TqFp^O]^HחI7%^@Lb.Fm4m^Mcdtypejpublic-key^BX%fCȣ܀ɽ5~^G^A-YD^AA,K!^@^@^@^@^T^CXG0E^B t.F^^^]^AG^U@]/<*r^On^Z^B!^@^KX^B4ߚ>nut^Z^EXWn^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 8 ^@^@^F^F^A^B^B^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 2 ^@Q^@^A^A^B^C8^X ^A!X <H*!Ó^M!^S[;s1c^Z%^H"X _^K^NE<^@^Et[v^WG'ħS^[^E^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 5 ^@^@x^F^A^B^B^E^C^A^B^C8^X ^A!X 3B1ˠ^S^\^Ev,^P<Rij,Q\b"X [^M^J^@^@G85Q\^\^U^EQ!^FX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^Avz^IRZ^@^Ak^[+^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 79 ^@5^@^BX0k*|e^OK^S^QyЇkC@^R6mo!^QOfQ.^@^@^@^@ +w 1 ^@^@^B^Agad.test^BX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^CbidX@Z;^@^@*?^O[u!^Z0=bUG^TqFp^O]^HחI7%Lb.Fm4m^Mc^@^Adtypejpublic-key^Ebup^FX 2^N^Czf^R^@^PZ^L^A:K^IUhT^A><I^@^B^G^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 251 ^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 ^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 ^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 290 ^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 ^@^A^A^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 52 ^@^@^AbidX@Z;*?^O[u!^Z0=bUG^TqFp^O]^HחI7%^@Lb.Fm4m^Mcdtypejpublic-key^BX%fCȣ܀ɽ5~^G^A-YD^AA,K!^E^@^@^@^X^CXF0D^B ^N^A^Zb;u.^S^_v}v{^K'Y{^B 4^H^BɩXû^DAe3A'bU_^M`[Ay^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ \ No newline at end of file diff --git a/src/tests/system/data/test_passkey/test_passkey__su/umockdev.script.ipa b/src/tests/system/data/test_passkey/test_passkey__su/umockdev.script.ipa new file mode 100644 index 00000000000..1bc651a4465 --- /dev/null +++ b/src/tests/system/data/test_passkey/test_passkey__su/umockdev.script.ipa @@ -0,0 +1,22 @@ +d 0 /dev/hidraw1 + +w 3 ^@^@^H^A^A^A^A^A^A^A^A^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 3 ^@^Q^A^A^A^A^A^A^A^Ap^B^E^D^C^E^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 1 ^@p^@^A^D^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 3 p^@^@^AfU2F_V2hFIDO_2_0lFIDO_2_1_PRE^BkcredProtectkhmac-secrp^@et^CP/W^SG^VZ *^DbrkbupdplaticlientPinucredentialMp^AgmtPreview^E^Y^D^F^B^A^G^H^H^X^Icnfccusb^Jcalg&dtypejpublic-keyp^Bcalg'dtypejpublic-key^M^D^N^Z^@^E^D^C^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 1 ^@p^@^B^Ahipa.test^BX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^CbidX@5F^@p^@LEEo"=F^@^] l\^KP"~֦E^Gc^\;3ۏ$^]^Aj~j^J^@p^AL&dtypejpublic-key^Ebup^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 83 p^@^@^AbidX@5FLEEo"=F^@^] l\^KP"~֦E^Gc^\;3p^@ۏ$^]^Aj~j^JL&dtypejpublic-key^BX%^@|Dږ^Qx??d^Q/N4/op^AC}.[^@^@^@^@^X^CXG0E^B!^@m$^MJ*;\^V=tjx9cа,^B kYp^B^_^GnrT": *^L^Rwr]!Zxf^C^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 5 ^@p^@^F^F^A^B^B^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 3 p^@Q^@^A^A^B^C8^X ^A!X ^_9;^CEBQ&(W3h^]F^A%"X ^^s5p^@o6^@izdF m+35^P^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 5 ^@p^@x^F^A^B^B^E^C^A^B^C8^X ^A!X 3B1ˠ^S^\^Ev,^P<Rij,Q\b"X [^M^J^@p^@G85Q\^\^U^EQ!^FX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A2asչ^T"tw^@p^Aq^K^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 79 p^@5^@^BX0޺^Y<l^Qűk^B^A^`^Z^G^^^Fcޞ^Si^J^Erߨ]^@^@^@^@ +w 1 ^@p^@^B^Ahipa.test^BX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^CbidX@5F^@p^@LEEo"=F^@^] l\^KP"~֦E^Gc^\;3ۏ$^]^Aj~j^J^@p^AL&dtypejpublic-key^Ebup^FX ȎRJs>7DB1f_о*^@p^BL^G^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 285 p^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 290 p^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 p^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 p^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 p^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 290 p^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 p^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 p^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 174 p^@^@^AbidX@5FLEEo"=F^@^] l\^KP"~֦E^Gc^\;3p^@ۏ$^]^Aj~j^JL&dtypejpublic-key^BX%^@|Dږ^Qx??d^Q/N4/op^AC}.[^E^@^@^@^\^CXG0E^B Eo]Wk%^H$-^W^BR^`x^P׀^B!^@ёqp^Bu9\^ZKR&>/͎[`t,^^eg^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ \ No newline at end of file diff --git a/src/tests/system/data/test_passkey/test_passkey__su/umockdev.script.ldap b/src/tests/system/data/test_passkey/test_passkey__su/umockdev.script.ldap new file mode 100644 index 00000000000..db026662951 --- /dev/null +++ b/src/tests/system/data/test_passkey/test_passkey__su/umockdev.script.ldap @@ -0,0 +1,21 @@ +d 0 /dev/hidraw1 + +w 4 ^@^@^H^A^A^A^A^A^A^A^A^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 2 ^@^Q^A^A^A^A^A^A^A^A^S=^B^E^D^C^E^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 2 ^@^S=^@^A^D^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 2 ^S=^@^@^AfU2F_V2hFIDO_2_0lFIDO_2_1_PRE^BkcredProtectkhmac-secr^S=^@et^CP/W^SG^VZ *^DbrkbupdplaticlientPinucredentialM^S=^AgmtPreview^E^Y^D^F^B^A^G^H^H^X^Icnfccusb^Jcalg&dtypejpublic-key^S=^Bcalg'dtypejpublic-key^M^D^N^Z^@^E^D^C^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 2 ^@^S=^@^B^Adtest^BX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^CbidX@^A^TMgm^@^S=^@^L-^CS^MW4y_ j\W-VcXG^L^B^W^Oޚt4R5vv7M^Fd^@^S=^Atypejpublic-key^Ebup^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 82 ^S=^@^@^AbidX@^A^TMgm^L-^CS^MW4y_ j\W-VcXG^L^B^W^Oޚt^S=^@4R5vv7M^Fdtypejpublic-key^BX%ЁL}e/Z^UO^[+^K,^S=^A]l^U^J^H^@^@^@^@^C^CXH0F^B!^@9}K:N^M^PraX^D^CxM^B!^@z^A^S=^B􊲳^P+q^@^P|^XM$Fw^]6P3^[wq^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 6 ^@^S=^@^F^F^A^B^B^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 2 ^S=^@Q^@^A^A^B^C8^X ^A!X H^GTd^Aڒ8X^T<IEiwֹI^Y^I^IFsܺ"X <^AHS^S=^@6^N9^JU@^\k)W^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 6 ^@^S=^@x^F^A^B^B^E^C^A^B^C8^X ^A!X 3B1ˠ^S^\^Ev,^P<Rij,Q\b"X [^M^J^@^S=^@G85Q\^\^U^EQ!^FX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^AoYqgNu'^T^@^S=^A^U^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 78 ^S=^@5^@^BX0RC^_K*"+f^`z;XO@"MM3\L$Ή^K+M^@^@^@^@ +w 2 ^@^S=^@^B^Adtest^BX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^CbidX@^A^TMgm^@^S=^@^L-^CS^MW4y_ j\W-VcXG^L^B^W^Oޚt4R5vv7M^Fd^@^S=^Atypejpublic-key^Ebup^FX ('^H(rZf2>֞{^_uLd^S^G^B^@ +r 240 ^S=^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 ^S=^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 290 ^S=^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 ^S=^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 ^S=^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 ^S=^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 290 ^S=^@^A^A^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 28 ^S=^@^@^AbidX@^A^TMgm^L-^CS^MW4y_ j\W-VcXG^L^B^W^Oޚt^S=^@4R5vv7M^Fdtypejpublic-key^BX%ЁL}e/Z^UO^[+^K,^S=^A]l^U^J^H^E^@^@^@^G^CXF0D^B j8^M\:H^O@%qt(^\/Ǻ~$$!>;^B u^S=^B{9AbF6^Xs5^K*ywv^L^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ \ No newline at end of file diff --git a/src/tests/system/data/test_passkey/test_passkey__su/umockdev.script.samba b/src/tests/system/data/test_passkey/test_passkey__su/umockdev.script.samba new file mode 100644 index 00000000000..4c0b6e23e92 --- /dev/null +++ b/src/tests/system/data/test_passkey/test_passkey__su/umockdev.script.samba @@ -0,0 +1,19 @@ +d 0 /dev/hidraw1 + +w 1 ^@^@^H^A^A^A^A^A^A^A^A^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 2 ^@^Q^A^A^A^A^A^A^A^An5^B^E^D^C^E^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 2 ^@n5Ő^@^A^D^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 2 n5Ő^@^@^AfU2F_V2hFIDO_2_0lFIDO_2_1_PRE^BkcredProtectkhmac-secrn5^@et^CP/W^SG^VZ *^DbrkbupdplaticlientPinucredentialMn5^AgmtPreview^E^Y^D^F^B^A^G^H^H^X^Icnfccusb^Jcalg&dtypejpublic-keyn5^Bcalg'dtypejpublic-key^M^D^N^Z^@^E^D^C^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 2 ^@n5Ő^@^B^Ajsamba.test^BX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^CbidX@^@n5^@ŀn&X9T$HΚ'm^S^Ys^F$m7^Iks۬JL^@n5^A^Xqdtypejpublic-key^Ebup^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 82 n5Ő^@^@^AbidX@ŀn&X9T$HΚ'm^S^Ys^F$m7^Iksn5^@۬JL^Xqdtypejpublic-key^BX% ^S@^_n1n;Qm\<ִ>n5^A`^_W^@^@^@^@C^CXG0E^B ^]^TM^]^W4yZ٢@ޝ^@^B!^@(^HSn5^B^EV^]+^X3YW3C7HD^D$^\^D^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 4 ^@n5Ő^@^F^F^A^B^B^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 2 n5Ő^@Q^@^A^A^B^C8^X ^A!X $xܰXy,ҟ^E@~$h@^P"X }^V%^Ovpn5^@iu\E^M'^@@Υj.0bZ^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 4 ^@n5Ő^@x^F^A^B^B^E^C^A^B^C8^X ^A!X 3B1ˠ^S^\^Ev,^P<Rij,Q\b"X [^M^J^@n5^@G85Q\^\^U^EQ!^FX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^NV-Q^P^K^@n5^Ap^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 79 n5Ő^@5^@^BX0^L[{cHUK^@M^Rƫ^[gY[`b,u^F;1jBۀ^OŶ_^@^@^@^@ +w 3 ^@n5Ő^@^B^Ajsamba.test^BX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^CbidX@^@n5^@ŀn&X9T$HΚ'm^S^Ys^F$m7^Iks۬JL +w 10 ^@n5^A^Xqdtypejpublic-key^Ebup^FX ^R~GؿB_],pSvA3*^Ut^@n5^B4^G^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 246 n5Ż^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 289 n5Ż^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 287 n5Ż^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 289 n5Ż^@^A^A^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 75 n5Ő^@^@^AbidX@ŀn&X9T$HΚ'm^S^Ys^F$m7^Iksn5^@۬JL^Xqdtypejpublic-key^BX% ^S@^_n1n;Qm\<ִ>n5^A`^_W^E^@^@^@F^CXH0F^B!^@/2^_1,,0^ABd^FKZ@m^B!^@^S&n5^BO|FoзN$<ˣ!W\^V^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ \ No newline at end of file diff --git a/src/tests/system/data/test_passkey/umockdev.device b/src/tests/system/data/test_passkey/umockdev.device new file mode 100644 index 00000000000..114e71f5d7b --- /dev/null +++ b/src/tests/system/data/test_passkey/umockdev.device @@ -0,0 +1,232 @@ +P: /devices/pci0000:00/0000:00:14.0/usb1/1-3/1-3:1.1/0003:1050:0407.0002/hidraw/hidraw1 +N: hidraw1 +E: DEVNAME=/dev/hidraw1 +E: MAJOR=241 +E: MINOR=1 +E: SUBSYSTEM=hidraw +A: dev=241:1\n +L: device=../../../0003:1050:0407.0002 +A: power/control=auto\n +A: power/runtime_active_time=0\n +A: power/runtime_status=unsupported\n +A: power/runtime_suspended_time=0\n + +P: /devices/pci0000:00/0000:00:14.0/usb1/1-3/1-3:1.1/0003:1050:0407.0002 +E: DRIVER=hid-generic +E: HID_ID=0003:00001050:00000407 +E: HID_NAME=Yubico YubiKey OTP+FIDO+CCID +E: HID_PHYS=usb-0000:00:14.0-3/input1 +E: HID_UNIQ= +E: MODALIAS=hid:b0003g0001v00001050p00000407 +E: SUBSYSTEM=hid +A: country=00\n +L: driver=../../../../../../../bus/hid/drivers/hid-generic +A: modalias=hid:b0003g0001v00001050p00000407\n +A: power/control=auto\n +A: power/runtime_active_time=0\n +A: power/runtime_status=unsupported\n +A: power/runtime_suspended_time=0\n +H: report_descriptor=06D0F10901A1010920150026FF007508954081020921150026FF00750895409102C0 + +P: /devices/pci0000:00/0000:00:14.0/usb1/1-3/1-3:1.1 +E: DEVTYPE=usb_interface +E: DRIVER=usbhid +E: INTERFACE=3/0/0 +E: MODALIAS=usb:v1050p0407d0543dc00dsc00dp00ic03isc00ip00in01 +E: PRODUCT=1050/407/543 +E: SUBSYSTEM=usb +E: TYPE=0/0/0 +A: authorized=1\n +A: bAlternateSetting= 0\n +A: bInterfaceClass=03\n +A: bInterfaceNumber=01\n +A: bInterfaceProtocol=00\n +A: bInterfaceSubClass=00\n +A: bNumEndpoints=02\n +L: driver=../../../../../../bus/usb/drivers/usbhid +L: firmware_node=../../../../../LNXSYSTM:00/LNXSYBUS:00/PNP0A08:00/device:2c/device:2d/device:30 +A: modalias=usb:v1050p0407d0543dc00dsc00dp00ic03isc00ip00in01\n +A: physical_location/dock=no\n +A: physical_location/horizontal_position=left\n +A: physical_location/lid=no\n +A: physical_location/panel=right\n +A: physical_location/vertical_position=lower\n +A: supports_autosuspend=1\n + +P: /devices/pci0000:00/0000:00:14.0/usb1/1-3 +N: bus/usb/001/002 +E: BUSNUM=001 +E: DEVNAME=/dev/bus/usb/001/002 +E: DEVNUM=002 +E: DEVTYPE=usb_device +E: DRIVER=usb +E: MAJOR=189 +E: MINOR=1 +E: PRODUCT=1050/407/543 +E: SUBSYSTEM=usb +E: TYPE=0/0/0 +A: authorized=1\n +A: avoid_reset_quirk=0\n +A: bConfigurationValue=1\n +A: bDeviceClass=00\n +A: bDeviceProtocol=00\n +A: bDeviceSubClass=00\n +A: bMaxPacketSize0=64\n +A: bMaxPower=30mA\n +A: bNumConfigurations=1\n +A: bNumInterfaces= 3\n +A: bcdDevice=0543\n +A: bmAttributes=80\n +A: busnum=1\n +A: configuration= +H: descriptors=12010002000000405010070443050102000109029600030100800F0904000001030101000921100100012247000705810308000A090401000203000000092110010001222200070504034000020705840340000209040200030B00000036210001000702000000A00F0000A00F00000000B0040000B0040000F60B00000000000000000000FE000400000C0000FFFF00000001070502024000000705820240000007058303080020 +A: dev=189:1\n +A: devnum=2\n +A: devpath=3\n +L: driver=../../../../../bus/usb/drivers/usb +L: firmware_node=../../../../LNXSYSTM:00/LNXSYBUS:00/PNP0A08:00/device:2c/device:2d/device:30 +A: idProduct=0407\n +A: idVendor=1050\n +A: ltm_capable=no\n +A: manufacturer=Yubico\n +A: maxchild=0\n +A: physical_location/dock=no\n +A: physical_location/horizontal_position=left\n +A: physical_location/lid=no\n +A: physical_location/panel=right\n +A: physical_location/vertical_position=lower\n +L: port=../1-0:1.0/usb1-port3 +A: power/active_duration=9041365\n +A: power/autosuspend=2\n +A: power/autosuspend_delay_ms=2000\n +A: power/connected_duration=9041365\n +A: power/control=on\n +A: power/level=on\n +A: power/persist=1\n +A: power/runtime_active_time=9041123\n +A: power/runtime_status=active\n +A: power/runtime_suspended_time=0\n +A: product=YubiKey OTP+FIDO+CCID\n +A: quirks=0x0\n +A: removable=removable\n +A: rx_lanes=1\n +A: speed=12\n +A: tx_lanes=1\n +A: urbnum=1850\n +A: version= 2.00\n + +P: /devices/pci0000:00/0000:00:14.0/usb1 +N: bus/usb/001/001 +E: BUSNUM=001 +E: DEVNAME=/dev/bus/usb/001/001 +E: DEVNUM=001 +E: DEVTYPE=usb_device +E: DRIVER=usb +E: MAJOR=189 +E: MINOR=0 +E: PRODUCT=1d6b/2/601 +E: SUBSYSTEM=usb +E: TYPE=9/0/1 +A: authorized=1\n +A: authorized_default=1\n +A: avoid_reset_quirk=0\n +A: bConfigurationValue=1\n +A: bDeviceClass=09\n +A: bDeviceProtocol=01\n +A: bDeviceSubClass=00\n +A: bMaxPacketSize0=64\n +A: bMaxPower=0mA\n +A: bNumConfigurations=1\n +A: bNumInterfaces= 1\n +A: bcdDevice=0601\n +A: bmAttributes=e0\n +A: busnum=1\n +A: configuration= +H: descriptors=12010002090001406B1D020001060302010109021900010100E0000904000001090000000705810304000C +A: dev=189:0\n +A: devnum=1\n +A: devpath=0\n +L: driver=../../../../bus/usb/drivers/usb +L: firmware_node=../../../LNXSYSTM:00/LNXSYBUS:00/PNP0A08:00/device:2c/device:2d +A: idProduct=0002\n +A: idVendor=1d6b\n +A: interface_authorized_default=1\n +A: ltm_capable=no\n +A: manufacturer=Linux 6.1.11-200.fc37.x86_64 xhci-hcd\n +A: maxchild=12\n +A: power/active_duration=9041508\n +A: power/autosuspend=0\n +A: power/autosuspend_delay_ms=0\n +A: power/connected_duration=9041508\n +A: power/control=auto\n +A: power/level=auto\n +A: power/runtime_active_time=9041506\n +A: power/runtime_status=active\n +A: power/runtime_suspended_time=0\n +A: power/wakeup=disabled\n +A: power/wakeup_abort_count=\n +A: power/wakeup_active=\n +A: power/wakeup_active_count=\n +A: power/wakeup_count=\n +A: power/wakeup_expire_count=\n +A: power/wakeup_last_time_ms=\n +A: power/wakeup_max_time_ms=\n +A: power/wakeup_total_time_ms=\n +A: product=xHCI Host Controller\n +A: quirks=0x0\n +A: removable=unknown\n +A: rx_lanes=1\n +A: serial=0000:00:14.0\n +A: speed=480\n +A: tx_lanes=1\n +A: urbnum=117\n +A: version= 2.00\n + +P: /devices/pci0000:00/0000:00:14.0 +E: DRIVER=xhci_hcd +E: MODALIAS=pci:v00008086d00009D2Fsv000017AAsd00002233bc0Csc03i30 +E: PCI_CLASS=C0330 +E: PCI_ID=8086:9D2F +E: PCI_SLOT_NAME=0000:00:14.0 +E: PCI_SUBSYS_ID=17AA:2233 +E: SUBSYSTEM=pci +A: ari_enabled=0\n +A: broken_parity_status=0\n +A: class=0x0c0330\n +H: config=86802F9D060490022130030C00008000040022F1000000000000000000000000000000000000000000000000AA173322000000007000000000000000FF010000FD01348088C60F8000000000000000005F6ECE0F000000000000000000000000306000000000000000000000000000000180C2C108000000000000000000000005008700B802E0FE0000000000000000090014F01000400100000000C10A080000080400001800008F40020000010400010000000001000012000000000000000000000000000000000000000000000001000000080000000000000000000000000000000000000000000000000000000000000000000000B30F300800000000 +A: consistent_dma_mask_bits=64\n +A: d3cold_allowed=1\n +A: dbc=disabled\n +A: device=0x9d2f\n +A: dma_mask_bits=64\n +L: driver=../../../bus/pci/drivers/xhci_hcd +A: driver_override=(null)\n +A: enable=1\n +L: firmware_node=../../LNXSYSTM:00/LNXSYBUS:00/PNP0A08:00/device:2c +A: irq=125\n +A: local_cpulist=0-3\n +A: local_cpus=f\n +A: modalias=pci:v00008086d00009D2Fsv000017AAsd00002233bc0Csc03i30\n +A: msi_bus=1\n +A: msi_irqs/125=msi\n +A: numa_node=-1\n +A: pools=poolinfo - 0.1\nbuffer-2048 0 0 2048 0\nbuffer-512 0 0 512 0\nbuffer-128 0 0 128 0\nbuffer-32 0 0 32 0\nxHCI 1KB stream ctx arrays 0 0 1024 0\nxHCI 256 byte stream ctx arrays 0 0 256 0\nxHCI input/output contexts 8 9 2112 9\nxHCI ring segments 38 42 4096 42\nbuffer-2048 0 0 2048 0\nbuffer-512 0 0 512 0\nbuffer-128 12 32 128 1\nbuffer-32 0 0 32 0\n +A: power/control=auto\n +A: power/runtime_active_time=9042111\n +A: power/runtime_status=active\n +A: power/runtime_suspended_time=0\n +A: power/wakeup=enabled\n +A: power/wakeup_abort_count=0\n +A: power/wakeup_active=0\n +A: power/wakeup_active_count=0\n +A: power/wakeup_count=0\n +A: power/wakeup_expire_count=0\n +A: power/wakeup_last_time_ms=0\n +A: power/wakeup_max_time_ms=0\n +A: power/wakeup_total_time_ms=0\n +A: power_state=D0\n +A: resource=0x00000000f1220000 0x00000000f122ffff 0x0000000000140204\n0x0000000000000000 0x0000000000000000 0x0000000000000000\n0x0000000000000000 0x0000000000000000 0x0000000000000000\n0x0000000000000000 0x0000000000000000 0x0000000000000000\n0x0000000000000000 0x0000000000000000 0x0000000000000000\n0x0000000000000000 0x0000000000000000 0x0000000000000000\n0x0000000000000000 0x0000000000000000 0x0000000000000000\n0x0000000000000000 0x0000000000000000 0x0000000000000000\n0x0000000000000000 0x0000000000000000 0x0000000000000000\n0x0000000000000000 0x0000000000000000 0x0000000000000000\n0x0000000000000000 0x0000000000000000 0x0000000000000000\n0x0000000000000000 0x0000000000000000 0x0000000000000000\n0x0000000000000000 0x0000000000000000 0x0000000000000000\n +A: revision=0x21\n +A: subsystem_device=0x2233\n +A: subsystem_vendor=0x17aa\n +A: vendor=0x8086\n diff --git a/src/tests/system/data/test_passkey/umockdev.ioctl b/src/tests/system/data/test_passkey/umockdev.ioctl new file mode 100644 index 00000000000..e9c4719c431 --- /dev/null +++ b/src/tests/system/data/test_passkey/umockdev.ioctl @@ -0,0 +1,4 @@ +@DEV /dev/hidraw1 +HIDIOCGRDESCSIZE 0 22000000 +HIDIOCGRDESC 0 2200000006D0F10901A1010920150026FF007508954081020921150026FF00750895409102C0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 +HIDIOCGRDESC 0 2200000006D0F10901A1010920150026FF007508954081020921150026FF00750895409102C00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000EE952D42C555000000000000000000000000000000000000601EF2A6377F0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000D69E7A6377F00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000F0E7E2A6377F00000000000000000000E0ACF6A6377F00000000000000000000000000000000000080B02B42C555000010010000000000000000000000000000408000000000000080ACF6A6377F0000308000000000000076000000000000003F0000000000000010832D42C55500005412E3A6377F0000A06100000000000030800000000000007600000000000000F59BE6A6377F0000000000000000000080ACF6A6377F0000D8952D42C5550000408D2D42C555000030C878A6377F00000000000000000000408D2D42C55500001A84D6A6377F00000000000000000000000000000000000000800000000000000600000000000000C06E4CA7377F00008598E6A6377F000000000000000000000600000000000000A047F93CFE7F0000F298E6A6377F000081000000000000000A000000000000004900000000000000ED4100000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000E2D1066400000000C240E13200000000E2D1066400000000C240E13200000000E2D1066400000000C240E132000000000000000000000000000000000000000000000000000000000000000000000000001E7173D69F706EE0A34BA7377F0000001E7173D69F706E2049F93CFE7F0000B9A74AA7377F0000FFFFFF7FFEFFFFFF7BFBE2A6377F0000F048F93C01000000B0652B42C55500000049F93C01000000001E7173D69F706E4018D8A6377F0000001E7173D69F706ED048F93CFE7F000070FFFFFFFFFFFFFF0000000000000000DCA6D6A6377F00000000000000000000408D2D42C5550000000000000000000030BC2B42C55500006049F93CFE7F0000001E7173D69F706E30722D42C555000070FFFFFFFFFFFFFF3D000000000000006049F93CFE7F000030BC2B42C5550000FF5348A7377F000010832D42C55500006323E3A6377F00000000000000000000001E7173D69F706E6049F93CFE7F0000989349A7377F000000000000000000008B7849A7377F0000D09449A7377F00004018D8A6377F00008B7849A7377F0000001E7173D69F706E3D0000000000000070FFFFFFFFFFFFFF3D000000000000006F7E49A7377F00008B7849A7377F00003F0000000000000010832D42C5550000001E7173D69F706E10B52B42C55500000000000000000000784BF93CFE7F00000F0000000000000070592D42C555000058805D41C555000060A35D41C55500002AD54CA7377F0000104AF93C0800000010802D42C5550000404AF93C diff --git a/src/tests/system/tests/test_passkey.py b/src/tests/system/tests/test_passkey.py new file mode 100644 index 00000000000..c310ffe07f3 --- /dev/null +++ b/src/tests/system/tests/test_passkey.py @@ -0,0 +1,110 @@ +""" +Passkey Tests. + +:requirement: passkey +""" + +from __future__ import annotations + +import pytest +from sssd_test_framework.roles.client import Client +from sssd_test_framework.roles.generic import GenericProvider +from sssd_test_framework.roles.ipa import IPA +from sssd_test_framework.topology import KnownTopology + + +@pytest.mark.importance("high") +@pytest.mark.topology(KnownTopology.Client) +@pytest.mark.builtwith(client="passkey") +def test_passkey__register__sssctl(client: Client, moduledatadir: str, testdatadir: str): + """ + :title: Register a key with sssctl + :setup: + 1. Setup IDM client with FIDO and umockdev setup + :steps: + 1. Use sssctl to register a FIDO2 key. + 2. Check the output. + :expectedresults: + 1. New key is registered + 2. Output contains key mapping data. + :customerscenario: False + """ + mapping = client.sssctl.passkey_register( + username="user1", + domain="ldap.test", + pin=123456, + device=f"{moduledatadir}/umockdev.device", + ioctl=f"{moduledatadir}/umockdev.ioctl", + script=f"{testdatadir}/umockdev.script", + ) + + with open(f"{testdatadir}/passkey-mapping") as f: + assert mapping == f.read().strip(), "Failed to register a key with sssctl" + + +@pytest.mark.importance("high") +@pytest.mark.topology(KnownTopology.IPA) +@pytest.mark.builtwith(client="passkey", ipa="passkey") +def test_passkey__register__ipa(ipa: IPA, moduledatadir: str, testdatadir: str): + """ + :title: Register a passkey with the IPA command + :setup: + 1. Setup IDM client with FIDO and umockdev setup + :steps: + 1. Use ipa command to register a FIDO2 key. + 2. Check the output that contains the user key mapping data. + :expectedresults: + 1. New key is registered with IPA command. + 2. Output contains key mapping data. + :customerscenario: False + """ + mapping = ( + ipa.user("user1") + .add() + .passkey_add_register( + pin=123456, + device=f"{moduledatadir}/umockdev.device", + ioctl=f"{moduledatadir}/umockdev.ioctl", + script=f"{testdatadir}/umockdev.script", + ) + ) + + with open(f"{testdatadir}/passkey-mapping") as f: + assert mapping == f.read().strip(), "Failed to register a key with the IPA command" + + +@pytest.mark.importance("critical") +@pytest.mark.topology(KnownTopology.LDAP) +@pytest.mark.topology(KnownTopology.IPA) +@pytest.mark.topology(KnownTopology.AD) +@pytest.mark.topology(KnownTopology.Samba) +@pytest.mark.builtwith(client="passkey", provider="passkey") +def test_passkey__su(client: Client, provider: GenericProvider, moduledatadir: str, testdatadir: str): + """ + :title: Check authentication of user with LDAP, IPA, AD and Samba + :setup: + 1. Add a user in LDAP, IPA, AD and Samba with passkey_mapping. + 2. Setup SSSD client with FIDO and umockdev, start SSSD service. + :steps: + 1. Check authentication of the user. + :expectedresults: + 1. User authenticates successfully. + :customerscenario: False + """ + suffix = type(provider).__name__.lower() + + if suffix == "ldap": + client.sssd.domain["local_auth_policy"] = "only" + + with open(f"{testdatadir}/passkey-mapping.{suffix}") as f: + provider.user("user1").add().passkey_add(f.read().strip()) + + client.sssd.start() + + assert client.auth.su.passkey( + username="user1", + pin=123456, + device=f"{moduledatadir}/umockdev.device", + ioctl=f"{moduledatadir}/umockdev.ioctl", + script=f"{testdatadir}/umockdev.script.{suffix}", + ) From c6ea805ee3ac63c06be22472db7c1edb16c965be Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Alejandro=20L=C3=B3pez?= <allopez@redhat.com> Date: Wed, 4 Oct 2023 19:59:45 +0200 Subject: [PATCH 164/280] NSS: Replace notification message by a less scary one Replace the message "Unable to find primary gid" by another one that sounds less scary and is a little bit clearer for users. Reviewed-by: Alexey Tikhonov <atikhono@redhat.com> Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com> Reviewed-by: Sumit Bose <sbose@redhat.com> (cherry picked from commit 2c59fd211a6b35022fb2a4683918d77610f76660) --- src/responder/nss/nss_protocol_grent.c | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/src/responder/nss/nss_protocol_grent.c b/src/responder/nss/nss_protocol_grent.c index e0e56cd65ad..887501ab3cc 100644 --- a/src/responder/nss/nss_protocol_grent.c +++ b/src/responder/nss/nss_protocol_grent.c @@ -19,6 +19,7 @@ */ #include "responder/nss/nss_protocol.h" +#include "util/sss_format.h" static errno_t sss_nss_get_grent(TALLOC_CTX *mem_ctx, @@ -402,9 +403,16 @@ sss_nss_protocol_fill_initgr(struct sss_nss_ctx *nss_ctx, ret = sysdb_search_group_by_origgid(NULL, domain, orig_gid, NULL, &primary_group_msg); if (ret != EOK) { - DEBUG((ret == ENOENT ? SSSDBG_FUNC_DATA : SSSDBG_MINOR_FAILURE), - "Unable to find primary gid [%d]: %s\n", - ret, sss_strerror(ret)); + if (ret == ENOENT) { + DEBUG(SSSDBG_FUNC_DATA, + "There is no override for group %" SPRIgid "\n", + orig_gid); + } else { + DEBUG(SSSDBG_MINOR_FAILURE, + "Unable to find the original group id attribute for %" SPRIgid + ". Assuming there is none. [%d] %s\n", + orig_gid, ret, sss_strerror(ret)); + } /* Just continue with what we have. */ } else { orig_gid = ldb_msg_find_attr_as_uint64(primary_group_msg, SYSDB_GIDNUM, From a9617cff81c8a6352e2cbc3cf3fbef1a46123b3d Mon Sep 17 00:00:00 2001 From: Patrik Rosecky <prosecky@redhat.com> Date: Thu, 21 Sep 2023 12:42:45 +0200 Subject: [PATCH 165/280] Tests:alltests/test_rfc2307.py converted to test_ldap.py MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com> Reviewed-by: Jakub Vávra <jvavra@redhat.com> (cherry picked from commit 8ecfe20efca6696e94f64fbd2a024f6bcd7bb26d) --- src/tests/multihost/alltests/test_rfc2307.py | 1 + src/tests/system/tests/test_ldap.py | 44 ++++++++++++++++++++ 2 files changed, 45 insertions(+) diff --git a/src/tests/multihost/alltests/test_rfc2307.py b/src/tests/multihost/alltests/test_rfc2307.py index a4f92aa0857..39fb4dfeea2 100644 --- a/src/tests/multihost/alltests/test_rfc2307.py +++ b/src/tests/multihost/alltests/test_rfc2307.py @@ -51,6 +51,7 @@ class Testrfc2307(object): 1. Configure SSSD to authenticate against directory server 2. Enable debug_level to 9 in the 'nss', 'pam' and domain section """ + @pytest.mark.converted('test_ldap.py', 'test_ldap__user_with_whitespace') @pytest.mark.tier2 def test_0001_bz1362023(self, multihost, backupsssdconf): """ diff --git a/src/tests/system/tests/test_ldap.py b/src/tests/system/tests/test_ldap.py index b94a7c6a96f..0c31963ff67 100644 --- a/src/tests/system/tests/test_ldap.py +++ b/src/tests/system/tests/test_ldap.py @@ -144,3 +144,47 @@ def test_ldap__change_password_wrong_current(client: Client, ldap: LDAP, modify_ client.sssd.start() assert not client.auth.passwd.password("user1", "wrong123", "Newpass123"), "Password change did not fail" + + +@pytest.mark.ticket(bz=[1067476, 1065534]) +@pytest.mark.topology(KnownTopology.LDAP) +def test_ldap__user_with_whitespace(client: Client, ldap: LDAP): + """ + :title: user with a whitespace at beginning is able to login and "id" + :setup: + 1. Add users " space1" and "user1" to LDAP + 2. Set uids and passwords to users + 3. Clear memcache, logs and db + 4. Start SSSD + :steps: + 1. Fetch user " space1" information using 'id' + 2. Login user " space1" via ssh + 3. Login user "space1" via ssh + 4. Fetch "user1" user information using 'id' + 5. Fetch " user1" user information using 'id' + :expectedresults: + 1. " space1" is fetched and has correct id + 2. " space1" is able to login + 3. "space1" is not able to login + 4. "user1" is fetched and has correct id + 5. " user1" is not fetched + :customerscenario: True + """ + ldap.user(" space1").add(uid=10011, password="Secret123") + ldap.user("user1").add(uid=10012, password="Secret123") + client.sssd.clear(db=True, memcache=True, logs=True) + client.sssd.start() + + result = client.tools.id(" space1") + assert result is not None, "User ' space1' was not found" + assert result.user.id == 10011, "User ' space1' has wrong id" + + assert client.auth.ssh.password(" space1", "Secret123"), "Authentication for user ' space1' failed" + assert not client.auth.ssh.password("space1", "Secret123"), "Authentication for user 'space1' did not fail" + + result = client.tools.id("user1") + assert result is not None, "User 'user1' was not found" + assert result.user.id == 10012, "User 'user1' has wrong id" + + result = client.tools.id(" user1") + assert result is None, "User ' user1' was found, not expected" From 8d5752f44f6265cc1dd81933af5276c2b4b0a924 Mon Sep 17 00:00:00 2001 From: Patrik Rosecky <prosecky@redhat.com> Date: Thu, 7 Sep 2023 11:29:28 +0200 Subject: [PATCH 166/280] Tests: alltests/test_sss_cache.py converted to multihost/test_sssctl.py Reviewed-by: Justin Stephenson <jstephen@redhat.com> Reviewed-by: Madhuri Upadhye <mupadhye@redhat.com> (cherry picked from commit b07a7552aac1a1bb4985c31e6005771032d9cad6) --- .../multihost/alltests/test_sss_cache.py | 1 + src/tests/system/tests/test_sssctl.py | 43 +++++++++++++++++++ 2 files changed, 44 insertions(+) diff --git a/src/tests/multihost/alltests/test_sss_cache.py b/src/tests/multihost/alltests/test_sss_cache.py index 6e7b34b8cd0..4215f9aca29 100644 --- a/src/tests/multihost/alltests/test_sss_cache.py +++ b/src/tests/multihost/alltests/test_sss_cache.py @@ -14,6 +14,7 @@ @pytest.mark.usefixtures('setup_sssd_krb', 'create_posix_usersgroups') @pytest.mark.sss_cache class TestSssCache(object): + @pytest.mark.converted('test_sssctl.py', 'test_sssctl__reset_cached_timestamps') @pytest.mark.tier1_2 def test_sss_cache_reset(self, multihost, backupsssdconf): """ diff --git a/src/tests/system/tests/test_sssctl.py b/src/tests/system/tests/test_sssctl.py index 1af1db55cc3..6a2135dbe9b 100644 --- a/src/tests/system/tests/test_sssctl.py +++ b/src/tests/system/tests/test_sssctl.py @@ -8,6 +8,7 @@ import pytest from sssd_test_framework.roles.client import Client +from sssd_test_framework.roles.ldap import LDAP from sssd_test_framework.topology import KnownTopology @@ -140,3 +141,45 @@ def test_sssctl__handle_implicit_domain(client: Client): cmd = client.sssctl.user_show(user=user) assert cmd.rc == 0 assert "Cache entry creation date" in cmd.stdout + + +@pytest.mark.ticket(bz=1902280) +@pytest.mark.topology(KnownTopology.LDAP) +def test_sssctl__reset_cached_timestamps(client: Client, ldap: LDAP): + """ + :title: fix sssctl cache-expire to also reset cached timestamp + :setup: + 1. Add user to LDAP + 2. Add group to LDAP + 3. Set proper domain config options in sssd.conf file + 4. Start SSSD + :steps: + 1. Call getent group + 2. Modify group entry in LDAP + 3. Call 'sssctl cache-expire -E' + 4. Call getent group + :expectedresults: + 1. Group is properly cached, user is its member + 2. Member of group is removed, group entry changed + 3. Whole cache is invalidated + 4. User is not member of group anymore + :customerscenario: True + """ + u = ldap.user("user1").add() + ldap.group("group1", rfc2307bis=True).add().add_member(u) + + client.sssd.domain["ldap_schema"] = "rfc2307bis" + client.sssd.domain["ldap_group_member"] = "member" + + client.sssd.start() + + res1 = client.tools.getent.group("group1") + assert res1 is not None + assert "user1" in res1.members + + ldap.group("group1", rfc2307bis=True).remove_member(ldap.user("user1")) + client.sssctl.cache_expire(everything=True) + + res1 = client.tools.getent.group("group1") + assert res1 is not None + assert "user1" not in res1.members From 129ceaed82fc47ce9ef8d5cd0dc3af81fe035233 Mon Sep 17 00:00:00 2001 From: licunlong <shenxiaogll@163.com> Date: Fri, 29 Sep 2023 12:24:45 +0800 Subject: [PATCH 167/280] cli: caculate the wait_time in milliseconds MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The timeout we pass in is 300000ms, and we sleep 1s every time we get a EAGAIN error, so we need to multiply 1000 for sleep_time. Reviewed-by: Alejandro López <allopez@redhat.com> Reviewed-by: Alexey Tikhonov <atikhono@redhat.com> (cherry picked from commit a997ee7bd9d259e7faf654cb94145c0135df02f8) --- src/sss_client/common.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/sss_client/common.c b/src/sss_client/common.c index 53ff6e8e9a8..c80c8e74b77 100644 --- a/src/sss_client/common.c +++ b/src/sss_client/common.c @@ -617,7 +617,7 @@ static int sss_cli_open_socket(int *errnop, const char *socket_name, int timeout socklen_t errnosize; struct pollfd pfd; - wait_time += sleep_time; + wait_time += sleep_time * 1000; ret = connect(sd, (struct sockaddr *)&nssaddr, sizeof(nssaddr)); From 3b939ce9c81eee1244b9852fcf6caa13dd7e12f4 Mon Sep 17 00:00:00 2001 From: Scott Poore <spoore@redhat.com> Date: Thu, 5 Oct 2023 11:06:51 -0500 Subject: [PATCH 168/280] Tests: add follow-symlinks to sed for nsswitch MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The multihost/alltests/test_automount_from_bash.py test module runs a sed against /etc/nsswitch.conf which convers it from a link to a file. This causes issues with authselect in later tests resulting in test errors. This can be fixed by adding the --follow-symlinks option. The restore() from the fixture should return the config to it's original content. Reviewed-by: Jakub Vávra <jvavra@redhat.com> (cherry picked from commit 1082f2563f5cdc7d4f019c3a85bd0c717fc6fd16) --- src/tests/multihost/alltests/test_automount_from_bash.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/tests/multihost/alltests/test_automount_from_bash.py b/src/tests/multihost/alltests/test_automount_from_bash.py index 913b66a1586..fdab6b3b012 100644 --- a/src/tests/multihost/alltests/test_automount_from_bash.py +++ b/src/tests/multihost/alltests/test_automount_from_bash.py @@ -103,7 +103,7 @@ def create_users(multihost, request): client.run_command("authselect select sssd --force") client.run_command("cp -f /etc/nsswitch.conf /etc/nsswitch.conf.backup") client.run_command("cp -f /etc/sysconfig/autofs /etc/sysconfig/autofs_bkp") - client.run_command("sed -i 's/automount: files/automount: sss files/g' /etc/nsswitch.conf") + client.run_command("sed --follow-symlinks -i 's/automount: files/automount: sss files/g' /etc/nsswitch.conf") ldap_uri = f'ldap://{multihost.master[0].sys_hostname}' ldap_inst = LdapOperations(ldap_uri, ds_rootdn, ds_rootpw) ldap_inst.org_unit("mount", ds_suffix) From 1fa72109e2e90479de1bf8b1222f587e9886ad58 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Alejandro=20L=C3=B3pez?= <allopez@redhat.com> Date: Tue, 3 Oct 2023 12:39:49 +0200 Subject: [PATCH 169/280] KCM: Remove the oldest expired credential if no more space. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit :feature: When adding a new credential to KCM and the user has already reached their limit, the oldest expired credential will be removed to free some space. If no expired credential is found to be removed, the operation will fail as it happened in the previous versions. Resolves: https://github.com/SSSD/sssd/issues/6667 Reviewed-by: Sumit Bose <sbose@redhat.com> Reviewed-by: Tomáš Halman <thalman@redhat.com> (cherry picked from commit 93ee0159a0f467ced3412d034ec706dd3508901e) --- src/responder/kcm/secrets/secrets.c | 203 +++++++++++++++++++++++++--- 1 file changed, 186 insertions(+), 17 deletions(-) diff --git a/src/responder/kcm/secrets/secrets.c b/src/responder/kcm/secrets/secrets.c index 025d1c42136..4dc748c3b55 100644 --- a/src/responder/kcm/secrets/secrets.c +++ b/src/responder/kcm/secrets/secrets.c @@ -18,15 +18,18 @@ You should have received a copy of the GNU General Public License along with this program. If not, see <http://www.gnu.org/licenses/>. */ +#include "config.h" +#include <fcntl.h> #include <sys/types.h> #include <sys/stat.h> -#include <fcntl.h> +#include <time.h> #include <uuid/uuid.h> -#include "config.h" - +#include "responder/kcm/kcmsrv_ccache.h" #include "util/util.h" +#include "util/util_creds.h" +#include "util/sss_iobuf.h" #include "util/strtonum.h" #include "util/crypto/sss_crypto.h" #include "sec_pvt.h" @@ -50,6 +53,10 @@ static struct sss_sec_quota default_kcm_quota = { .containers_nest_level = DEFAULT_SEC_CONTAINERS_NEST_LEVEL, }; +static char *local_dn_to_path(TALLOC_CTX *mem_ctx, + struct ldb_dn *basedn, + struct ldb_dn *dn); + static int local_db_check_containers(TALLOC_CTX *mem_ctx, struct sss_sec_ctx *sec_ctx, struct ldb_dn *leaf_dn) @@ -181,11 +188,166 @@ static struct ldb_dn *per_uid_container(TALLOC_CTX *mem_ctx, return uid_base_dn; } +static errno_t get_secret_expiration_time(uint8_t *key, size_t key_length, + uint8_t *sec, size_t sec_length, + time_t *_expiration) +{ + errno_t ret; + TALLOC_CTX *tmp_ctx; + time_t expiration = 0; + struct cli_creds client = {}; + struct kcm_ccache *cc; + struct sss_iobuf *iobuf; + krb5_creds **cred_list, **cred; + const char *key_str; + + if (_expiration == NULL) { + return EINVAL; + } + + tmp_ctx = talloc_new(NULL); + if (tmp_ctx == NULL) { + return ENOMEM; + } + + key_str = talloc_strndup(tmp_ctx, (const char *) key, key_length); + if (key_str == NULL) { + ret = ENOMEM; + goto done; + } + + iobuf = sss_iobuf_init_readonly(tmp_ctx, sec, sec_length); + if (iobuf == NULL) { + ret = ENOMEM; + goto done; + } + + ret = sec_kv_to_ccache_binary(tmp_ctx, key_str, iobuf, &client, &cc); + if (ret != EOK) { + goto done; + } + + cred_list = kcm_cc_unmarshal(tmp_ctx, NULL, cc); + if (cred_list == NULL) { + ret = ENOMEM; + goto done; + } + + for (cred = cred_list; *cred != NULL; cred++) { + if ((*cred)->times.endtime != 0) { + expiration = (time_t) (*cred)->times.endtime; + break; + } + } + + *_expiration = expiration; + ret = EOK; + +done: + talloc_free(tmp_ctx); + return ret; +} + +static errno_t local_db_remove_oldest_expired_secret(struct ldb_result *res, + struct sss_sec_req *req) +{ + struct sss_sec_req *new_req = NULL; + const struct ldb_val *val; + const struct ldb_val *rdn; + struct ldb_message *msg; + struct ldb_message_element *elem; + struct ldb_dn *basedn; + struct ldb_dn *oldest_dn = NULL; + time_t oldest_time = time(NULL); + time_t expiration; + unsigned int i; + int ret; + + DEBUG(SSSDBG_TRACE_INTERNAL, "Removing the oldest expired credential\n"); + /* Between all the messages in result, there is also the key we are + * currently treating, but because yet it doesn't have an expiration time, + * it will be skipped. + */ + for (i = 0; i < res->count; i++) { + msg = res->msgs[i]; + + /* Skip cn=default,... or any non cn=... */ + rdn = ldb_dn_get_rdn_val(msg->dn); + if (strcmp(ldb_dn_get_rdn_name(msg->dn), "cn") != 0 + || strncmp("default", (char *) rdn->data, rdn->length) == 0) { + continue; + } + + elem = ldb_msg_find_element(msg, SEC_ATTR_SECRET); + if (elem != NULL) { + if (elem->num_values != 1) { + DEBUG(SSSDBG_MINOR_FAILURE, + "Element %s has %u values. Ignoring it.\n", + SEC_ATTR_SECRET, elem->num_values); + ret = ERR_MALFORMED_ENTRY; + goto done; + } + + val = &elem->values[0]; + ret = get_secret_expiration_time(rdn->data, rdn->length, + val->data, val->length, + &expiration); + if (ret != EOK) { + goto done; + } + if (expiration > 0 && expiration < oldest_time) { + oldest_dn = msg->dn; + oldest_time = expiration; + } + } + } + + if (oldest_dn == NULL) { + DEBUG(SSSDBG_TRACE_INTERNAL, "Found no expired credential to remove\n"); + ret = ERR_NO_MATCHING_CREDS; + goto done; + } + + new_req = talloc_zero(NULL, struct sss_sec_req); + if (new_req == NULL) { + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to allocate the new request\n"); + ret = ENOMEM; + goto done; + } + + basedn = ldb_dn_new(new_req, req->sctx->ldb, req->basedn); + if (basedn == NULL) { + DEBUG(SSSDBG_OP_FAILURE, "Failed to create a dn: %s\n", req->basedn); + ret = EINVAL; + goto done; + } + + new_req->basedn = req->basedn; + new_req->quota = req->quota; + new_req->req_dn = oldest_dn; + new_req->sctx = req->sctx; + new_req->path = local_dn_to_path(new_req, basedn, oldest_dn); + if (new_req->path == NULL) { + DEBUG(SSSDBG_OP_FAILURE, "Failed to create the path\n"); + ret = EINVAL; + goto done; + } + + ret = sss_sec_delete(new_req); + +done: + if (new_req != NULL) + talloc_free(new_req); + + return ret; +} + + static int local_db_check_peruid_number_of_secrets(TALLOC_CTX *mem_ctx, struct sss_sec_req *req) { TALLOC_CTX *tmp_ctx; - static const char *attrs[] = { NULL }; + static const char *attrs[] = { SEC_ATTR_SECRET, NULL }; struct ldb_result *res = NULL; struct ldb_dn *cli_basedn = NULL; int ret; @@ -214,13 +376,20 @@ static int local_db_check_peruid_number_of_secrets(TALLOC_CTX *mem_ctx, } if (res->count >= req->quota->max_uid_secrets) { - DEBUG(SSSDBG_OP_FAILURE, - "Cannot store any more secrets for this client (basedn %s) " - "as the maximum allowed limit (%d) has been reached\n", - ldb_dn_get_linearized(cli_basedn), - req->quota->max_uid_secrets); - ret = ERR_SEC_INVALID_TOO_MANY_SECRETS; - goto done; + /* We reached the limit. Let's try to removed the + * oldest expired credential to free some space. */ + ret = local_db_remove_oldest_expired_secret(res, req); + if (ret != EOK) { + if (ret == ERR_NO_MATCHING_CREDS) { + DEBUG(SSSDBG_OP_FAILURE, + "Cannot store any more secrets for this client (basedn %s) " + "as the maximum allowed limit (%d) has been reached\n", + ldb_dn_get_linearized(cli_basedn), + req->quota->max_uid_secrets); + ret = ERR_SEC_INVALID_TOO_MANY_SECRETS; + } + goto done; + } } ret = EOK; @@ -808,15 +977,15 @@ errno_t sss_sec_put(struct sss_sec_req *req, goto done; } - ret = local_db_check_number_of_secrets(msg, req); + ret = local_db_check_peruid_number_of_secrets(msg, req); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, - "local_db_check_number_of_secrets failed [%d]: %s\n", + "local_db_check_peruid_number_of_secrets failed [%d]: %s\n", ret, sss_strerror(ret)); goto done; } - ret = local_db_check_peruid_number_of_secrets(msg, req); + ret = local_db_check_number_of_secrets(msg, req); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, "local_db_check_number_of_secrets failed [%d]: %s\n", @@ -905,15 +1074,15 @@ errno_t sss_sec_update(struct sss_sec_req *req, goto done; } - ret = local_db_check_number_of_secrets(msg, req); + ret = local_db_check_peruid_number_of_secrets(msg, req); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, - "local_db_check_number_of_secrets failed [%d]: %s\n", + "local_db_check_peruid_number_of_secrets failed [%d]: %s\n", ret, sss_strerror(ret)); goto done; } - ret = local_db_check_peruid_number_of_secrets(msg, req); + ret = local_db_check_number_of_secrets(msg, req); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, "local_db_check_number_of_secrets failed [%d]: %s\n", From 834b53697420fa0d3c536c8cacff0294a4a451f9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Alejandro=20L=C3=B3pez?= <allopez@redhat.com> Date: Mon, 9 Oct 2023 10:56:08 +0200 Subject: [PATCH 170/280] KCM: Display in the log the limit as set by the user MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit max_uid_ccaches is unconditionally incremented by 2 in ccdb_secdb_init() to create space for some internal entries. We cannot just show this value as it is not what the user configured. Reviewed-by: Sumit Bose <sbose@redhat.com> Reviewed-by: Tomáš Halman <thalman@redhat.com> (cherry picked from commit 96d8b77ae6e7d1dd72b9add553935fc4aa6ab2c5) --- src/responder/kcm/secrets/secrets.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/responder/kcm/secrets/secrets.c b/src/responder/kcm/secrets/secrets.c index 4dc748c3b55..8f32c63e934 100644 --- a/src/responder/kcm/secrets/secrets.c +++ b/src/responder/kcm/secrets/secrets.c @@ -381,11 +381,12 @@ static int local_db_check_peruid_number_of_secrets(TALLOC_CTX *mem_ctx, ret = local_db_remove_oldest_expired_secret(res, req); if (ret != EOK) { if (ret == ERR_NO_MATCHING_CREDS) { + /* max_uid_secrets is incremented by 2 for internal entries. */ DEBUG(SSSDBG_OP_FAILURE, "Cannot store any more secrets for this client (basedn %s) " "as the maximum allowed limit (%d) has been reached\n", ldb_dn_get_linearized(cli_basedn), - req->quota->max_uid_secrets); + req->quota->max_uid_secrets - 2); ret = ERR_SEC_INVALID_TOO_MANY_SECRETS; } goto done; From 6218b40fb0d962d36b81e43ac0739d9de73f38e9 Mon Sep 17 00:00:00 2001 From: Jakub Vavra <jvavra@redhat.com> Date: Tue, 3 Oct 2023 13:56:41 +0200 Subject: [PATCH 171/280] Tests: Skip tests unstable on other archs and tweak realm join. Unify realm join for AD params tests to use code with timeout to prevent suite freezing in sasl authid tests. Set the whole suite as flaky to retry when realm join freezes. Reviewed-by: Shridhar Gadekar <sgadekar@redhat.com> (cherry picked from commit 88a386e12a11287771d5429b11b066bf6e75e42f) --- .../multihost/ad/test_adparameters_ported.py | 35 ++++++------------- .../multihost/sssd/testlib/common/utils.py | 7 ++++ 2 files changed, 17 insertions(+), 25 deletions(-) diff --git a/src/tests/multihost/ad/test_adparameters_ported.py b/src/tests/multihost/ad/test_adparameters_ported.py index cc7bb5677b3..6d2e57fbdde 100644 --- a/src/tests/multihost/ad/test_adparameters_ported.py +++ b/src/tests/multihost/ad/test_adparameters_ported.py @@ -185,6 +185,7 @@ def set_ssh_key_ldap(session_multihost, user, pubkey, operation="replace"): return cmd.returncode == 0 +@pytest.mark.flaky(reruns=5, reruns_delay=30) @pytest.mark.adparameters @pytest.mark.usefixtures("change_client_hostname") class TestADParamsPorted: @@ -491,6 +492,10 @@ def test_0004_ad_parameters_valid_domain_shorthost( :bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=892197 """ + arch = multihost.client[0].run_command( + 'uname -m', raiseonerr=False).stdout_text + if 'x86_64' not in arch: + pytest.skip("Test is unstable on architectures other than x68_64.") adjoin(membersw='adcli') client = sssdTools(multihost.client[0], multihost.ad[0]) # Create AD user with posix attributes @@ -751,7 +756,7 @@ def test_0008_ad_parameters_homedir_override_both( @pytest.mark.tier1_2 @pytest.mark.c_ares def test_0009_ad_parameters_ldap_sasl_full( - multihost, create_aduser_group): + multihost, adjoin, create_aduser_group): """ :title: IDM-SSSD-TC: ad_provider: ad_parameters: Using full principal bz877972 @@ -778,17 +783,12 @@ def test_0009_ad_parameters_ldap_sasl_full( """ hostname = multihost.client[0].run_command( 'hostname', raiseonerr=False).stdout_text.rstrip() + client = sssdTools(multihost.client[0], multihost.ad[0]) ad_realm = multihost.ad[0].domainname.upper() - # Join AD manually to set the user-principal for sasl - joincmd = f"realm join --user=Administrator --user-principal=host/" \ - f"{hostname}@{ad_realm} {multihost.ad[0].domainname.lower()}" - multihost.client[0].run_command( - joincmd, stdin_text=multihost.ad[0].ssh_password, - raiseonerr=False) + # Create AD user (aduser, _) = create_aduser_group # Configure sssd - client = sssdTools(multihost.client[0], multihost.ad[0]) client.backup_sssd_conf() dom_section = f'domain/{client.get_domain_section_name()}' sssd_params = { @@ -817,8 +817,6 @@ def test_0009_ad_parameters_ldap_sasl_full( # TEARDOWN client.restore_sssd_conf() client.clear_sssd_cache() - multihost.client[0].run_command( - f"realm leave {ad_realm}", raiseonerr=False) # EVALUATION assert f"Option ldap_sasl_authid has value " \ @@ -836,7 +834,7 @@ def test_0009_ad_parameters_ldap_sasl_full( @pytest.mark.tier2 @pytest.mark.c_ares def test_0010_ad_parameters_ldap_sasl_short( - multihost, create_aduser_group): + multihost, adjoin, create_aduser_group): """ :title: IDM-SSSD-TC: ad_provider: ad_parameters: Using short principal :id: 6f1cc204-0dd3-40eb-a3e2-a113cc7c2df3 @@ -860,21 +858,14 @@ def test_0010_ad_parameters_ldap_sasl_short( :customerscenario: False :bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1137015 """ - hostname = multihost.client[0].run_command( 'hostname', raiseonerr=False).stdout_text.rstrip() ad_realm = multihost.ad[0].domainname.upper() + client = sssdTools(multihost.client[0], multihost.ad[0]) - # Join AD manually to set the user-principal for sasl - joincmd = f"realm join --user=Administrator --user-principal=host/" \ - f"{hostname}@{ad_realm} {multihost.ad[0].domainname.lower()}" - multihost.client[0].run_command( - joincmd, stdin_text=multihost.ad[0].ssh_password, - raiseonerr=False) # Create AD user (aduser, _) = create_aduser_group # Configure sssd - client = sssdTools(multihost.client[0], multihost.ad[0]) client.backup_sssd_conf() dom_section = f'domain/{client.get_domain_section_name()}' sssd_params = { @@ -904,8 +895,6 @@ def test_0010_ad_parameters_ldap_sasl_short( # TEARDOWN client.restore_sssd_conf() client.clear_sssd_cache() - multihost.client[0].run_command( - f"realm leave {ad_realm}", raiseonerr=False) # EVALUATION assert f"Option ldap_sasl_authid has value " \ @@ -1173,7 +1162,6 @@ def test_0014_ad_parameters_server_blank( assert su_result, "The su command failed!" @staticmethod - @pytest.mark.flaky(reruns=5, reruns_delay=30) @pytest.mark.tier2 def test_0015_ad_parameters_ad_hostname_machine( multihost, adjoin, create_aduser_group): @@ -2205,7 +2193,6 @@ def test_0027_ad_parameters_group_membership_empty( assert aduser in grp_cmd.stdout_text, f"{aduser} not in getent out." @staticmethod - @pytest.mark.flaky(reruns=5, reruns_delay=30) @pytest.mark.tier2 def test_0028_ad_parameters_nested_in_nonposix_group( multihost, adjoin, create_aduser_group): @@ -2277,7 +2264,6 @@ def test_0028_ad_parameters_nested_in_nonposix_group( assert group_2 in usr_cmd.stdout_text, f"{group_2} not in id output." @staticmethod - @pytest.mark.flaky(reruns=5, reruns_delay=30) @pytest.mark.tier2 def test_0029_ad_parameters_tokengroups_with_ldap( multihost, adjoin, create_aduser_group): @@ -2339,7 +2325,6 @@ def test_0029_ad_parameters_tokengroups_with_ldap( not in log_str @staticmethod - @pytest.mark.flaky(reruns=5, reruns_delay=30) @pytest.mark.tier2 def test_0030_ad_parameters_tokengroups_searchbase( multihost, adjoin, create_aduser_group): diff --git a/src/tests/multihost/sssd/testlib/common/utils.py b/src/tests/multihost/sssd/testlib/common/utils.py index 5816270f553..fd11c7f050e 100644 --- a/src/tests/multihost/sssd/testlib/common/utils.py +++ b/src/tests/multihost/sssd/testlib/common/utils.py @@ -407,6 +407,13 @@ def realm_join(self, domainname, admin_password, f'--client-software={client_software} ' \ f'--server-software={server_software} ' \ f'--membership-software={membership_software} -v' + # For AD sasl authid tests we need to have user-principal populated. + if server_software == 'active-directory': + hostname = self.multihost.run_command( + 'hostname', raiseonerr=False).stdout_text.rstrip() + ad_realm = self.adhost.domainname.upper() + realm_cmd += f' --user-principal=host/{hostname}@{ad_realm}' + print(realm_cmd) cmd = self.multihost.run_command(realm_cmd, stdin_text=admin_password, raiseonerr=False) From c799b75dada96c57ff2652f09252bd0e28bd860c Mon Sep 17 00:00:00 2001 From: Jakub Vavra <jvavra@redhat.com> Date: Mon, 16 Oct 2023 08:58:59 +0200 Subject: [PATCH 172/280] Tests: Fix AD param sasl tests. Reviewed-by: Shridhar Gadekar <sgadekar@redhat.com> (cherry picked from commit 8264cb573637c08b26c4ff8abcc44e09fd77fec0) --- src/tests/multihost/ad/test_adparameters_ported.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/tests/multihost/ad/test_adparameters_ported.py b/src/tests/multihost/ad/test_adparameters_ported.py index 6d2e57fbdde..86fc2dcdf19 100644 --- a/src/tests/multihost/ad/test_adparameters_ported.py +++ b/src/tests/multihost/ad/test_adparameters_ported.py @@ -785,7 +785,7 @@ def test_0009_ad_parameters_ldap_sasl_full( 'hostname', raiseonerr=False).stdout_text.rstrip() client = sssdTools(multihost.client[0], multihost.ad[0]) ad_realm = multihost.ad[0].domainname.upper() - + adjoin(membersw='adcli') # Create AD user (aduser, _) = create_aduser_group # Configure sssd @@ -862,7 +862,7 @@ def test_0010_ad_parameters_ldap_sasl_short( 'hostname', raiseonerr=False).stdout_text.rstrip() ad_realm = multihost.ad[0].domainname.upper() client = sssdTools(multihost.client[0], multihost.ad[0]) - + adjoin(membersw='adcli') # Create AD user (aduser, _) = create_aduser_group # Configure sssd From 5e35a695b377db6ecf154864ce6f88854c3c25fc Mon Sep 17 00:00:00 2001 From: Alexey Tikhonov <atikhono@redhat.com> Date: Tue, 10 Oct 2023 20:32:35 +0200 Subject: [PATCH 173/280] configure: use 'LDB_CFLAGS' MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Also add all common *_CFLAGS to cwrap tests. Reviewed-by: Alejandro Lopez <allopez@redhat.com> Reviewed-by: Tomáš Halman <thalman@redhat.com> (cherry picked from commit 421a818f8be269a72c1d78653885ee171ac7c5f5) --- src/external/libldb.m4 | 3 +++ src/tests/cwrap/Makefile.am | 10 ++++++++++ 2 files changed, 13 insertions(+) diff --git a/src/external/libldb.m4 b/src/external/libldb.m4 index c400add372c..e8285a9f1c4 100644 --- a/src/external/libldb.m4 +++ b/src/external/libldb.m4 @@ -3,10 +3,13 @@ AC_SUBST(LDB_LIBS) PKG_CHECK_MODULES(LDB, ldb >= 0.9.2) +SAVE_CFLAGS=$CFLAGS +CFLAGS="$CFLAGS $LDB_CFLAGS" AC_CHECK_HEADERS(ldb.h ldb_module.h, [AC_CHECK_LIB(ldb, ldb_init, [LDB_LIBS="-lldb"], , -ltevent -ltdb -ldl -lldap) ], [AC_MSG_ERROR([LDB header files are not installed])] ) +CFLAGS=$SAVE_CFLAGS AC_ARG_WITH([ldb-lib-dir], [AC_HELP_STRING([--with-ldb-lib-dir=PATH], diff --git a/src/tests/cwrap/Makefile.am b/src/tests/cwrap/Makefile.am index f25d2e3c6e0..797d9e64073 100644 --- a/src/tests/cwrap/Makefile.am +++ b/src/tests/cwrap/Makefile.am @@ -9,7 +9,17 @@ AM_CPPFLAGS = \ -DRUNDIR=\"$(runstatedir)\" \ -DSSS_STATEDIR=\"$(localstatedir)/lib/sss\" \ -DSYSCONFDIR=\"$(sysconfdir)\" \ + $(POPT_CFLAGS) \ + $(TALLOC_CFLAGS) \ + $(TDB_CFLAGS) \ + $(TEVENT_CFLAGS) \ + $(LDB_CFLAGS) \ $(DBUS_CFLAGS) \ + $(PCRE_CFLAGS) \ + $(INI_CONFIG_CFLAGS) \ + $(DHASH_CFLAGS) \ + $(LIBNL_CFLAGS) \ + $(OPENLDAP_CFLAGS) \ $(GLIB2_CFLAGS) \ $(NULL) From c99f684c73fd23a95e2713f494de0f6bad305195 Mon Sep 17 00:00:00 2001 From: Jakub Vavra <jvavra@redhat.com> Date: Mon, 16 Oct 2023 10:13:01 +0200 Subject: [PATCH 174/280] Tests: adjoin in test_00015_authselect_cannot_validate_its_own_files Switch test_00015_authselect_cannot_validate_its_own_files to use adjoin fixture instead of joining manually. Reviewed-by: Shridhar Gadekar <sgadekar@redhat.com> (cherry picked from commit 4a9f8ebb8032df4b2e8dffb2be80fbd6575b0e7b) --- src/tests/multihost/ad/test_adparameters.py | 14 +++----------- 1 file changed, 3 insertions(+), 11 deletions(-) diff --git a/src/tests/multihost/ad/test_adparameters.py b/src/tests/multihost/ad/test_adparameters.py index 9614e6b0481..fe68ea5ddd7 100644 --- a/src/tests/multihost/ad/test_adparameters.py +++ b/src/tests/multihost/ad/test_adparameters.py @@ -135,7 +135,7 @@ def test_0003_bz1421622(self, multihost, adjoin, create_aduser_group): assert False @pytest.mark.tier1 - def test_00015_authselect_cannot_validate_its_own_files(self, multihost): + def test_00015_authselect_cannot_validate_its_own_files(self, multihost, adjoin): """ :title: authselect: authselect cannot validate its own files :id: 67bec814-d67b-4469-9662-58354889d549 @@ -143,10 +143,7 @@ def test_00015_authselect_cannot_validate_its_own_files(self, multihost): :casecomponent: authselect :bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1734302 """ - password = multihost.ad[0].ssh_password - client = sssdTools(multihost.client[0]) - domainname = multihost.ad[0].domainname.strip().upper() - client.realm_join(domainname, password) + adjoin(membersw='adcli') multihost.client[0].run_command("service sssd restart") multihost.client[0].run_command("yum install -y gdb") multihost.client[0].run_command("gdb -quiet authselect -ex " @@ -156,12 +153,7 @@ def test_00015_authselect_cannot_validate_its_own_files(self, multihost): "'shell sleep 1' -ex 'detach' -ex " "'quit'") cmd_check = multihost.client[0].run_command("authselect check") - client.realm_leave(domainname) - if "Current configuration is valid." in cmd_check.stdout_text: - result = "PASS" - else: - result = "FAIL" - assert result == "PASS" + assert "Current configuration is valid." in cmd_check.stdout_text @pytest.mark.tier1 def test_0005_BZ1527149_BZ1549675(self, multihost, adjoin, create_adgrp): From 7d73571edb429e9f23c84ef2ef10b191ee15e782 Mon Sep 17 00:00:00 2001 From: Sumit Bose <sbose@redhat.com> Date: Wed, 11 Oct 2023 16:19:25 +0200 Subject: [PATCH 175/280] utils: enable talloc null tracking MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit With this patch talloc_enable_null_tracking() is called during `server_setup()` to make talloc memory usage reports more useful. Reviewed-by: Alejandro López <allopez@redhat.com> Reviewed-by: Alexey Tikhonov <atikhono@redhat.com> (cherry picked from commit 7601918757910994894b9547647602b8c2ac806c) --- src/util/server.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/util/server.c b/src/util/server.c index 76a558fb512..34e8a6df722 100644 --- a/src/util/server.c +++ b/src/util/server.c @@ -502,6 +502,8 @@ int server_setup(const char *name, bool is_responder, sss_chain_id_set_format(DEBUG_CHAIN_ID_FMT_RID); } + talloc_enable_null_tracking(); + autofree_ctx = talloc_named_const(NULL, 0, "autofree_context"); if (autofree_ctx == NULL) { return ENOMEM; From 42face74ea5bacafce84b63b7cc42505fcc0ccae Mon Sep 17 00:00:00 2001 From: Sumit Bose <sbose@redhat.com> Date: Fri, 1 Sep 2023 14:55:40 +0200 Subject: [PATCH 176/280] proxy: add support for certificate mapping rules MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit To be able to do local Smartcard authenticate the backend must be able to map a certificate to a user based on the provided mapping rules. With this patch the proxy provider is able to handle the certificate mapping rules and users handled by the proxy provider can be configured for Smartcard authentication. Besides the mapping rule local Smartcard authentication should be enable with the 'local_auth_policy' option in the backend and with 'pam_cert_auth' in the PAM responder. :relnote: The proxy provider is now able to handle certificate mapping and matching rules and users handled by the proxy provider can be configured for local Smartcard authentication. Besides the mapping rule local Smartcard authentication should be enable with the 'local_auth_policy' option in the backend and with 'pam_cert_auth' in the PAM responder. Reviewed-by: Alexey Tikhonov <atikhono@redhat.com> Reviewed-by: Pavel Březina <pbrezina@redhat.com> Reviewed-by: Scott Poore <spoore@redhat.com> (cherry picked from commit c38699232594b8bdd79dbeed36b7afa5ba9b0512) --- Makefile.am | 3 + src/confdb/confdb.c | 14 +- src/man/sssd.conf.5.xml | 12 +- src/providers/proxy/proxy.h | 10 ++ src/providers/proxy/proxy_auth.c | 8 +- src/providers/proxy/proxy_certmap.c | 191 ++++++++++++++++++++++++++++ src/providers/proxy/proxy_id.c | 28 +++- src/providers/proxy/proxy_init.c | 58 ++++++++- 8 files changed, 314 insertions(+), 10 deletions(-) create mode 100644 src/providers/proxy/proxy_certmap.c diff --git a/Makefile.am b/Makefile.am index 5eea8179b27..5b7158eeab0 100644 --- a/Makefile.am +++ b/Makefile.am @@ -4402,6 +4402,8 @@ libsss_proxy_la_SOURCES = \ src/providers/proxy/proxy_hosts.c \ src/providers/proxy/proxy_ipnetworks.c \ src/providers/proxy/proxy_auth.c \ + src/providers/proxy/proxy_certmap.c \ + src/util/cert_derb64_to_ldap_filter.c \ src//util/nss_dl_load.c \ $(NULL) libsss_proxy_la_CFLAGS = \ @@ -4417,6 +4419,7 @@ libsss_proxy_la_LIBADD = \ $(SSSD_INTERNAL_LTLIBS) \ libsss_iface.la \ libsss_sbus.la \ + libsss_certmap.la \ $(NULL) libsss_proxy_la_LDFLAGS = \ -avoid-version \ diff --git a/src/confdb/confdb.c b/src/confdb/confdb.c index 5aebefcae1f..d88ca1f6091 100644 --- a/src/confdb/confdb.c +++ b/src/confdb/confdb.c @@ -2521,7 +2521,6 @@ int confdb_expand_app_domains(struct confdb_ctx *cdb) return ret; } -#ifdef BUILD_FILES_PROVIDER static errno_t certmap_local_check(struct ldb_message *msg) { const char *rule_name; @@ -2571,7 +2570,6 @@ static errno_t certmap_local_check(struct ldb_message *msg) return EOK; } -#endif static errno_t confdb_get_all_certmaps(TALLOC_CTX *mem_ctx, struct confdb_ctx *cdb, @@ -2632,6 +2630,18 @@ static errno_t confdb_get_all_certmaps(TALLOC_CTX *mem_ctx, } } #endif + /* It might be better to not check the provider name but add a new + * option to confdb_certmap_to_sysdb() and here to call + * certmap_local_check(). */ + if (dom != NULL && dom->provider != NULL && strcasecmp(dom->provider, "proxy") == 0) { + ret = certmap_local_check(res->msgs[c]); + if (ret != EOK) { + DEBUG(SSSDBG_CONF_SETTINGS, + "Invalid certificate mapping [%s] for local user, " + "ignored.\n", ldb_dn_get_linearized(res->msgs[c]->dn)); + continue; + } + } ret = sysdb_ldb_msg_attr_to_certmap_info(certmap_list, res->msgs[c], attrs, &certmap_list[c]); if (ret != EOK) { diff --git a/src/man/sssd.conf.5.xml b/src/man/sssd.conf.5.xml index ba8ac7551c1..537bc201f10 100644 --- a/src/man/sssd.conf.5.xml +++ b/src/man/sssd.conf.5.xml @@ -4003,6 +4003,14 @@ subdomain_inherit = ldap_purge_cache_timeout should be comma-separated, such as <quote>enable:passkey, enable:smartcard</quote> </para> + <para> + Please note that if local Smartcard authentication + is enabled and a Smartcard is present, Smartcard + authentication will be preferred over the + authentication methods supported by the backend. + I.e. there will be a PIN prompt instead of e.g. a + password prompt. + </para> <para> The following configuration example allows local users to authenticate locally using any enabled method @@ -4127,7 +4135,9 @@ auto_private_groups = false <para> Default: not set by default, you have to take an existing pam configuration or create a new one and - add the service name here. + add the service name here. As an alternative you + can enable local authentication with the + local_auth_policy option. </para> </listitem> </varlistentry> diff --git a/src/providers/proxy/proxy.h b/src/providers/proxy/proxy.h index 50b29b1b1fb..6246eba1873 100644 --- a/src/providers/proxy/proxy.h +++ b/src/providers/proxy/proxy.h @@ -52,6 +52,7 @@ struct proxy_id_ctx { struct be_ctx *be; bool fast_alias; struct sss_nss_ops ops; + struct sss_certmap_ctx *sss_certmap_ctx; }; struct proxy_auth_ctx { @@ -174,4 +175,13 @@ errno_t proxy_client_init(struct sbus_connection *conn, struct proxy_auth_ctx *auth_ctx); +errno_t proxy_init_certmap(TALLOC_CTX *mem_ctx, struct proxy_id_ctx *id_ctx); + + +errno_t proxy_map_cert_to_user(struct proxy_id_ctx *id_ctx, + struct dp_id_data *data); + +int get_pw_name(struct proxy_id_ctx *ctx, + struct sss_domain_info *dom, + const char *i_name); #endif /* __PROXY_H__ */ diff --git a/src/providers/proxy/proxy_auth.c b/src/providers/proxy/proxy_auth.c index 94451a7ffab..7f6f3f252d6 100644 --- a/src/providers/proxy/proxy_auth.c +++ b/src/providers/proxy/proxy_auth.c @@ -748,7 +748,13 @@ proxy_pam_handler_send(TALLOC_CTX *mem_ctx, /* Tell frontend that we do not support Smartcard authentication */ if (sss_authtok_get_type(pd->authtok) == SSS_AUTHTOK_TYPE_SC_PIN || sss_authtok_get_type(pd->authtok) == SSS_AUTHTOK_TYPE_SC_KEYPAD) { - pd->pam_status = PAM_BAD_ITEM; + if (pd->cmd == SSS_PAM_PREAUTH) { + /* just return success and let the PAM responder figure out if + * local Smartcard authentication is available. */ + pd->pam_status = PAM_SUCCESS; + } else { + pd->pam_status = PAM_BAD_ITEM; + } goto immediately; } diff --git a/src/providers/proxy/proxy_certmap.c b/src/providers/proxy/proxy_certmap.c new file mode 100644 index 00000000000..55fe39fe7ef --- /dev/null +++ b/src/providers/proxy/proxy_certmap.c @@ -0,0 +1,191 @@ +/* + SSSD + + Map certificates to users from the proxy provider + + Copyright (C) 2023 Red Hat + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see <http://www.gnu.org/licenses/>. +*/ + +#include "providers/proxy/proxy.h" +#include "util/util.h" +#include "util/cert.h" +#include "lib/certmap/sss_certmap.h" + +struct priv_sss_debug { + int level; +}; + +static void ext_debug(void *private, const char *file, long line, + const char *function, const char *format, ...) +{ + va_list ap; + struct priv_sss_debug *data = private; + int level = SSSDBG_OP_FAILURE; + + if (data != NULL) { + level = data->level; + } + + va_start(ap, format); + sss_vdebug_fn(file, line, function, level, APPEND_LINE_FEED, format, ap); + va_end(ap); +} + +errno_t proxy_init_certmap(TALLOC_CTX *mem_ctx, struct proxy_id_ctx *id_ctx) +{ + int ret; + bool hint; + struct certmap_info **certmap_list = NULL; + size_t c; + + ret = sysdb_get_certmap(mem_ctx, id_ctx->be->domain->sysdb, + &certmap_list, &hint); + if (ret != EOK) { + DEBUG(SSSDBG_OP_FAILURE, "sysdb_get_certmap failed.\n"); + goto done; + } + + if (certmap_list == NULL || *certmap_list == NULL) { + DEBUG(SSSDBG_TRACE_ALL, "No certmap data, nothing to do.\n"); + ret = EOK; + goto done; + } + + ret = sss_certmap_init(mem_ctx, ext_debug, NULL, &id_ctx->sss_certmap_ctx); + if (ret != EOK) { + DEBUG(SSSDBG_OP_FAILURE, "sss_certmap_init failed.\n"); + goto done; + } + + for (c = 0; certmap_list[c] != NULL; c++) { + DEBUG(SSSDBG_TRACE_ALL, "Trying to add rule [%s][%d][%s][%s].\n", + certmap_list[c]->name, + certmap_list[c]->priority, + certmap_list[c]->match_rule, + certmap_list[c]->map_rule); + + ret = sss_certmap_add_rule(id_ctx->sss_certmap_ctx, + certmap_list[c]->priority, + certmap_list[c]->match_rule, + certmap_list[c]->map_rule, + certmap_list[c]->domains); + if (ret != 0) { + DEBUG(SSSDBG_CRIT_FAILURE, + "sss_certmap_add_rule failed for rule [%s] " + "with error [%d][%s], skipping. " + "Please check for typos and if rule syntax is supported.\n", + certmap_list[c]->name, ret, sss_strerror(ret)); + continue; + } + } + + ret = EOK; + +done: + talloc_free(certmap_list); + + return ret; +} + +errno_t proxy_map_cert_to_user(struct proxy_id_ctx *id_ctx, + struct dp_id_data *data) +{ + errno_t ret; + char *filter; + char *user; + struct ldb_message *msg = NULL; + struct sysdb_attrs *attrs = NULL; + TALLOC_CTX *tmp_ctx; + + tmp_ctx = talloc_new(NULL); + if (tmp_ctx == NULL) { + DEBUG(SSSDBG_OP_FAILURE, "talloc_new failed.\n"); + return ENOMEM; + } + + ret = sss_cert_derb64_to_ldap_filter(tmp_ctx, data->filter_value, "", + id_ctx->sss_certmap_ctx, + id_ctx->be->domain, &filter); + if (ret != EOK) { + DEBUG(SSSDBG_OP_FAILURE, + "sss_cert_derb64_to_ldap_filter failed.\n"); + goto done; + } + if (filter == NULL || filter[0] != '(' + || filter[strlen(filter) - 1] != ')') { + DEBUG(SSSDBG_OP_FAILURE, + "sss_cert_derb64_to_ldap_filter returned bad filter [%s].\n", + filter); + ret = EINVAL; + goto done; + } + + filter[strlen(filter) - 1] = '\0'; + user = sss_create_internal_fqname(tmp_ctx, &filter[1], + id_ctx->be->domain->name); + if (user == NULL) { + DEBUG(SSSDBG_OP_FAILURE, "sss_create_internal_fqname failed.\n"); + ret = ENOMEM; + goto done; + } + DEBUG(SSSDBG_TRACE_ALL, "Certificate mapped to user: [%s].\n", user); + + ret = sysdb_search_user_by_name(tmp_ctx, id_ctx->be->domain, user, NULL, &msg); + if (ret == ENOENT) { + DEBUG(SSSDBG_TRACE_ALL, "Mapped user [%s] not found in cache.\n", user); + ret = get_pw_name(id_ctx, id_ctx->be->domain, user); + if (ret != EOK) { + DEBUG(SSSDBG_OP_FAILURE, "get_pw_name() failed.\n"); + } + ret = sysdb_search_user_by_name(tmp_ctx, id_ctx->be->domain, user, NULL, &msg); + } + + if (ret == EOK) { + attrs = sysdb_new_attrs(tmp_ctx); + if (attrs == NULL) { + DEBUG(SSSDBG_OP_FAILURE, "sysdb_new_attrs failed.\n"); + ret = ENOMEM; + goto done; + } + + ret = sysdb_attrs_add_base64_blob(attrs, SYSDB_USER_MAPPED_CERT, + data->filter_value); + if (ret != EOK) { + DEBUG(SSSDBG_OP_FAILURE, "sysdb_attrs_add_base64_blob failed.\n"); + goto done; + } + + ret = sysdb_set_entry_attr(id_ctx->be->domain->sysdb, msg->dn, attrs, + SYSDB_MOD_ADD); + if (ret != EOK) { + DEBUG(SSSDBG_OP_FAILURE, "sysdb_set_entry_attr failed.\n"); + goto done; + } + } else if (ret == ENOENT) { + DEBUG(SSSDBG_TRACE_ALL, "Mapped user [%s] not found.\n", user); + goto done; + } else { + DEBUG(SSSDBG_OP_FAILURE, "sysdb_search_user_by_name failed.\n"); + goto done; + } + + ret = EOK; + +done: + talloc_free(tmp_ctx); + + return ret; +} diff --git a/src/providers/proxy/proxy_id.c b/src/providers/proxy/proxy_id.c index 9e7722eb001..b1d0c22ad13 100644 --- a/src/providers/proxy/proxy_id.c +++ b/src/providers/proxy/proxy_id.c @@ -43,9 +43,9 @@ static int delete_user(struct sss_domain_info *domain, const char *name, uid_t uid); -static int get_pw_name(struct proxy_id_ctx *ctx, - struct sss_domain_info *dom, - const char *i_name) +int get_pw_name(struct proxy_id_ctx *ctx, + struct sss_domain_info *dom, + const char *i_name) { TALLOC_CTX *tmpctx; struct passwd *pwd; @@ -1873,6 +1873,28 @@ proxy_account_info(TALLOC_CTX *mem_ctx, } break; + case BE_REQ_BY_CERT: + if (data->filter_type != BE_FILTER_CERT) { + DEBUG(SSSDBG_CRIT_FAILURE, + "Unexpected filter type for lookup by cert: %d\n", + data->filter_type); + dp_reply_std_set(&reply, DP_ERR_FATAL, EINVAL, + "Unexpected filter type for lookup by cert"); + return reply; + } + + if (ctx->sss_certmap_ctx == NULL) { + DEBUG(SSSDBG_TRACE_ALL, "Certificate mapping not configured.\n"); + ret = EOK; + break; + } + + ret = proxy_map_cert_to_user(ctx, data); + if (ret != EOK) { + DEBUG(SSSDBG_OP_FAILURE, "proxy_map_cert_to_user failed\n"); + } + break; + default: /*fail*/ dp_reply_std_set(&reply, DP_ERR_FATAL, EINVAL, "Invalid filter type"); diff --git a/src/providers/proxy/proxy_init.c b/src/providers/proxy/proxy_init.c index a0919a1c835..2fa73f6680e 100644 --- a/src/providers/proxy/proxy_init.c +++ b/src/providers/proxy/proxy_init.c @@ -76,6 +76,33 @@ static errno_t proxy_id_conf(TALLOC_CTX *mem_ctx, return ret; } +#define LOCAL_AUTH_POLICY_MATCH "match" +#define LOCAL_AUTH_POLICY_ONLY "only" +#define LOCAL_AUTH_POLICY_ENABLE "enable" + +static bool local_auth_enabled(struct be_ctx *be_ctx) +{ + int ret; + char *local_policy = NULL; + bool res; + + ret = confdb_get_string(be_ctx->cdb, NULL, be_ctx->conf_path, + CONFDB_DOMAIN_LOCAL_AUTH_POLICY, + LOCAL_AUTH_POLICY_MATCH, &local_policy); + if (ret != EOK) { + DEBUG(SSSDBG_FATAL_FAILURE, + "Failed to get the confdb local_auth_policy\n"); + return false; + } + + res = (strcasecmp(local_policy, LOCAL_AUTH_POLICY_ONLY) == 0 + || strcasestr(local_policy, LOCAL_AUTH_POLICY_ENABLE":") != NULL); + + talloc_free(local_policy); + + return res; +} + static errno_t proxy_auth_conf(TALLOC_CTX *mem_ctx, struct be_ctx *be_ctx, char **_pam_target) @@ -92,9 +119,17 @@ static errno_t proxy_auth_conf(TALLOC_CTX *mem_ctx, } if (pam_target == NULL) { - DEBUG(SSSDBG_CRIT_FAILURE, "Missing option %s.\n", - CONFDB_PROXY_PAM_TARGET); - return EINVAL; + if (local_auth_enabled(be_ctx)) { + DEBUG(SSSDBG_TRACE_FUNC, + "Option ["CONFDB_PROXY_PAM_TARGET"] is missing but local " \ + "authentication is enabled.\n"); + return EOK; + } else { + DEBUG(SSSDBG_CRIT_FAILURE, + "Missing option "CONFDB_PROXY_PAM_TARGET" and local " \ + "authentication isn't enable as well.\n"); + return EINVAL; + } } *_pam_target = pam_target; @@ -347,6 +382,23 @@ errno_t sssm_proxy_id_init(TALLOC_CTX *mem_ctx, goto done; } + ret = confdb_certmap_to_sysdb(be_ctx->cdb, be_ctx->domain); + if (ret != EOK) { + DEBUG(SSSDBG_CRIT_FAILURE, + "Failed to initialize certificate mapping rules. " + "Authentication with certificates/Smartcards might not work " + "as expected.\n"); + /* not fatal, ignored */ + } else { + ret = proxy_init_certmap(module_ctx->id_ctx, module_ctx->id_ctx); + if (ret != EOK) { + DEBUG(SSSDBG_CRIT_FAILURE, "files_init_certmap failed. " + "Authentication with certificates/Smartcards might not work " + "as expected.\n"); + /* not fatal, ignored */ + } + } + dp_set_method(dp_methods, DPM_ACCOUNT_HANDLER, proxy_account_info_handler_send, proxy_account_info_handler_recv, module_ctx->id_ctx, struct proxy_id_ctx, struct dp_id_data, From 351aab979b92c7286d1e1271787acb78562d01e1 Mon Sep 17 00:00:00 2001 From: Sumit Bose <sbose@redhat.com> Date: Fri, 1 Sep 2023 14:52:52 +0200 Subject: [PATCH 177/280] intg: add NSS module for nss-wrapper support MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The main use case of this NSS module is to run proxy provider tests with cwrap's nss-wrapper. The proxy provider loads the NSS modules directly with dlopen() and is not using glibc's NSS mechanism. Since nss-wrapper just wraps the standard glibc calls and does not provide an NSS module on its own we have to use this workaround to make proxy provider work with nss-wrapper. DO NOT USE THIS IN /etc/nsswitch.conf, it will cause an infinite loop. Reviewed-by: Alexey Tikhonov <atikhono@redhat.com> Reviewed-by: Pavel Březina <pbrezina@redhat.com> Reviewed-by: Scott Poore <spoore@redhat.com> (cherry picked from commit ffd467430310f0671ba78fa0ef0385426f37d51f) --- src/tests/intg/Makefile.am | 9 +++ src/tests/intg/nss_call.c | 162 +++++++++++++++++++++++++++++++++++++ 2 files changed, 171 insertions(+) create mode 100644 src/tests/intg/nss_call.c diff --git a/src/tests/intg/Makefile.am b/src/tests/intg/Makefile.am index fcf71049498..3866d3ca63c 100644 --- a/src/tests/intg/Makefile.am +++ b/src/tests/intg/Makefile.am @@ -78,6 +78,15 @@ sss_netgroup_thread_test_LDADD = \ -lpthread \ $(NULL) +nsslib_LTLIBRARIES = libnss_call.la +libnss_call_la_SOURCES = \ + nss_call.c \ + $(NULL) +libnss_call_la_LDFLAGS = \ + -module \ + -version-info 2:0:0 \ + $(NULL) + dist_dbussysconf_DATA = cwrap-dbus-system.conf install-data-hook: diff --git a/src/tests/intg/nss_call.c b/src/tests/intg/nss_call.c new file mode 100644 index 00000000000..ef25e6faf31 --- /dev/null +++ b/src/tests/intg/nss_call.c @@ -0,0 +1,162 @@ +/* + NSS module which calls glibc's user and group lookup functions again + + DO NOT USE THIS IN /etc/nsswitch.conf, it will cause an infinite loop. + + The main use case is to run proxy provider tests with cwrap's nss-wrapper. + The proxy provider loads the NSS modules directly with dlopen() and is not + using glibc's NSS mechanism. Since nss-wrapper just wraps the standard + glibc calls and does not provide an NSS module on its own we have to use + this workaround to make proxy provider work with nss-wrapper. + + Authors: + Sumit Bose <sbose@redhat.com> + + Copyright (c) 2023 Red Hat, Inc. + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see <http://www.gnu.org/licenses/>. +*/ + +#define _DEFAULT_SOURCE +#define _GNU_SOURCE + +#include <stdlib.h> +#include <nss.h> +#include <sys/types.h> +#include <pwd.h> +#include <grp.h> + + + +#define NSSRET(r) return (((r) == 0) ? NSS_STATUS_SUCCESS : NSS_STATUS_NOTFOUND ) + +enum nss_status _nss_call_getpwnam_r(const char *name, struct passwd *result, + char *buffer, size_t buflen, int *errnop) +{ + struct passwd *res; + int ret = getpwnam_r(name, result, buffer, buflen, &res); + NSSRET(ret); +} + +enum nss_status _nss_call_getpwuid_r(uid_t uid, struct passwd *result, + char *buffer, size_t buflen, int *errnop) +{ + struct passwd *res; + int ret = getpwuid_r(uid, result, buffer, buflen, &res); + NSSRET(ret); +} + +enum nss_status _nss_call_setpwent(void) +{ + setpwent(); +} + +enum nss_status _nss_call_getpwent_r(struct passwd *result, + char *buffer, size_t buflen, + int *errnop) +{ + struct passwd *res; + int ret = getpwent_r(result, buffer, buflen, &res); + NSSRET(ret); +} + +enum nss_status _nss_call_endpwent(void) +{ + endpwent(); +} + +enum nss_status _nss_call_getgrnam_r(const char *name, struct group *result, + char *buffer, size_t buflen, int *errnop) +{ + struct group *res; + int ret = getgrnam_r(name, result, buffer, buflen, &res); + NSSRET(ret); +} + +enum nss_status _nss_call_getgrgid_r(gid_t gid, struct group *result, + char *buffer, size_t buflen, int *errnop) +{ + struct group *res; + int ret = getgrgid_r(gid, result, buffer, buflen, &res); + NSSRET(ret); +} + +enum nss_status _nss_call_setgrent(void) +{ + setgrent(); +} + +enum nss_status _nss_call_getgrent_r(struct group *result, + char *buffer, size_t buflen, int *errnop) +{ + struct group *res; + int ret = getgrent_r(result, buffer, buflen, &res); + NSSRET(ret); +} + +enum nss_status _nss_call_endgrent(void) +{ + endgrent(); +} + +enum nss_status _nss_call_initgroups_dyn(const char *user, gid_t group, + long int *start, long int *size, + gid_t **groups, long int limit, + int *errnop) +{ + int ngroups = 0; + gid_t *grps = NULL; + long int max_ret; + long int i; + int ret; + + ret = getgrouplist(user, group, grps, &ngroups); + if (ret != -1) { + return NSS_STATUS_UNAVAIL; + } + + grps = malloc(ngroups * sizeof(gid_t)); + if (grps == NULL) { + return NSS_STATUS_UNAVAIL; + } + + max_ret = ngroups; + /* check we have enough space in the buffer */ + if ((*size - *start) < ngroups) { + long int newsize; + gid_t *newgroups; + + newsize = *size + ngroups; + if ((limit > 0) && (newsize > limit)) { + newsize = limit; + max_ret = newsize - *start; + } + + newgroups = (gid_t *)realloc((*groups), newsize * sizeof(**groups)); + if (!newgroups) { + free(grps); + return NSS_STATUS_UNAVAIL; + } + *groups = newgroups; + *size = newsize; + } + + for (i = 0; i < max_ret; i++) { + (*groups)[*start] = grps[i]; + *start += 1; + } + free(grps); + + return NSS_STATUS_SUCCESS; +} From d36491435fb67a06a970078537526edbb13e0f40 Mon Sep 17 00:00:00 2001 From: Sumit Bose <sbose@redhat.com> Date: Fri, 1 Sep 2023 14:56:24 +0200 Subject: [PATCH 178/280] intg: replace files with proxy provider in PAM responder test MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This patch replaces the deprecated files provider in the PAM responder tests with the proxy provider. The straight-forward replacement would be 'proxy_lib_name = files' to use libnss_files.so.2 with the proxy provider. But the tests are using nss-wrapper which wraps the plain glibc calls. Because of this the test is using a dedicated NSS module to work with nss-wrapper. Reviewed-by: Alexey Tikhonov <atikhono@redhat.com> Reviewed-by: Pavel Březina <pbrezina@redhat.com> Reviewed-by: Scott Poore <spoore@redhat.com> (cherry picked from commit 54f558966aa515370ee6218793a36d4148c80a73) --- src/tests/intg/test_pam_responder.py | 66 +++++++--------------------- 1 file changed, 16 insertions(+), 50 deletions(-) diff --git a/src/tests/intg/test_pam_responder.py b/src/tests/intg/test_pam_responder.py index c64ad903236..e56502e9479 100644 --- a/src/tests/intg/test_pam_responder.py +++ b/src/tests/intg/test_pam_responder.py @@ -39,10 +39,6 @@ LDAP_BASE_DN = "dc=example,dc=com" -def have_files_provider(): - return os.environ['FILES_PROVIDER'] == "enabled" - - @pytest.fixture(scope="module") def ad_inst(request): """Fake AD server instance fixture""" @@ -144,9 +140,9 @@ def format_pam_cert_auth_conf(config): [domain/auth_only] debug_level = 10 - id_provider = files - fallback_to_nss = False - local_auth_policy = enable:smartcard + id_provider = proxy + local_auth_policy = only + proxy_lib_name = call [certmap/auth_only/user1] matchrule = <SUBJECT>.*CN=SSSD test cert 0001.* @@ -179,9 +175,9 @@ def format_pam_cert_auth_conf_name_format(config): use_fully_qualified_names = True full_name_format = %2$s\\%1$s debug_level = 10 - id_provider = files - fallback_to_nss = False - local_auth_policy = enable:smartcard + id_provider = proxy + local_auth_policy = only + proxy_lib_name = call [certmap/auth_only/user1] matchrule = <SUBJECT>.*CN=SSSD test cert 0001.* @@ -204,8 +200,8 @@ def format_pam_krb5_auth(config, kdc_instance): [domain/krb5_auth] debug_level = 10 - id_provider = files - fallback_to_nss = False + id_provider = proxy + proxy_lib_name = call auth_provider = krb5 krb5_realm = PAMKRB5TEST @@ -229,8 +225,8 @@ def format_pam_krb5_auth_domains(config, kdc_instance): [domain/wrong.dom1] debug_level = 10 - id_provider = files - fallback_to_nss = False + id_provider = proxy + proxy_lib_name = call auth_provider = krb5 krb5_realm = WRONG1REALM @@ -238,8 +234,8 @@ def format_pam_krb5_auth_domains(config, kdc_instance): [domain/wrong.dom2] debug_level = 10 - id_provider = files - fallback_to_nss = False + id_provider = proxy + proxy_lib_name = call auth_provider = krb5 krb5_realm = WRONG2REALM @@ -247,8 +243,8 @@ def format_pam_krb5_auth_domains(config, kdc_instance): [domain/wrong.dom3] debug_level = 10 - id_provider = files - fallback_to_nss = False + id_provider = proxy + proxy_lib_name = call auth_provider = krb5 krb5_realm = WRONG3REALM @@ -256,8 +252,8 @@ def format_pam_krb5_auth_domains(config, kdc_instance): [domain/krb5_auth] debug_level = 10 - id_provider = files - fallback_to_nss = False + id_provider = proxy + proxy_lib_name = call auth_provider = krb5 krb5_realm = PAMKRB5TEST @@ -375,8 +371,6 @@ def simple_pam_cert_auth_name_format(request, passwd_ops_setup): return None -@pytest.mark.skipif(not have_files_provider(), - reason="'files provider' disabled, skipping") def test_preauth_indicator(simple_pam_cert_auth): """Check if preauth indicator file is created""" statinfo = os.stat(config.PUBCONF_PATH + "/pam_preauth_available") @@ -392,8 +386,6 @@ def pam_prompting_config(request, ldap_conn): return None -@pytest.mark.skipif(not have_files_provider(), - reason="'files provider' disabled, skipping") def test_password_prompting_config_global(ldap_conn, pam_prompting_config, env_for_sssctl): """Check global change of the password prompt""" @@ -419,8 +411,6 @@ def test_password_prompting_config_global(ldap_conn, pam_prompting_config, assert err.find("My global prompt") != -1 -@pytest.mark.skipif(not have_files_provider(), - reason="'files provider' disabled, skipping") def test_password_prompting_config_srv(ldap_conn, pam_prompting_config, env_for_sssctl): """Check change of the password prompt for dedicated service""" @@ -462,8 +452,6 @@ def env_for_sssctl(request): return env_for_sssctl -@pytest.mark.skipif(not have_files_provider(), - reason="'files provider' disabled, skipping") def test_sc_auth_wrong_pin(simple_pam_cert_auth, env_for_sssctl): sssctl = subprocess.Popen(["sssctl", "user-checks", "user1", @@ -488,8 +476,6 @@ def test_sc_auth_wrong_pin(simple_pam_cert_auth, env_for_sssctl): "Authentication failure") != -1 -@pytest.mark.skipif(not have_files_provider(), - reason="'files provider' disabled, skipping") def test_sc_auth(simple_pam_cert_auth, env_for_sssctl): sssctl = subprocess.Popen(["sssctl", "user-checks", "user1", @@ -513,8 +499,6 @@ def test_sc_auth(simple_pam_cert_auth, env_for_sssctl): assert err.find("pam_authenticate for user [user1]: Success") != -1 -@pytest.mark.skipif(not have_files_provider(), - reason="'files provider' disabled, skipping") def test_require_sc_auth(simple_pam_cert_auth, env_for_sssctl): sssctl = subprocess.Popen(["sssctl", "user-checks", "user1", @@ -539,8 +523,6 @@ def test_require_sc_auth(simple_pam_cert_auth, env_for_sssctl): assert err.find("pam_authenticate for user [user1]: Success") != -1 -@pytest.mark.skipif(not have_files_provider(), - reason="'files provider' disabled, skipping") def test_require_sc_auth_no_cert(simple_pam_cert_auth_no_cert, env_for_sssctl): # We have to wait about 20s before the command returns because there will @@ -576,8 +558,6 @@ def test_require_sc_auth_no_cert(simple_pam_cert_auth_no_cert, env_for_sssctl): "service cannot retrieve authentication info") != -1 -@pytest.mark.skipif(not have_files_provider(), - reason="'files provider' disabled, skipping") def test_try_sc_auth_no_map(simple_pam_cert_auth, env_for_sssctl): sssctl = subprocess.Popen(["sssctl", "user-checks", "user2", @@ -603,8 +583,6 @@ def test_try_sc_auth_no_map(simple_pam_cert_auth, env_for_sssctl): "service cannot retrieve authentication info") != -1 -@pytest.mark.skipif(not have_files_provider(), - reason="'files provider' disabled, skipping") def test_try_sc_auth(simple_pam_cert_auth, env_for_sssctl): sssctl = subprocess.Popen(["sssctl", "user-checks", "user1", @@ -629,8 +607,6 @@ def test_try_sc_auth(simple_pam_cert_auth, env_for_sssctl): assert err.find("pam_authenticate for user [user1]: Success") != -1 -@pytest.mark.skipif(not have_files_provider(), - reason="'files provider' disabled, skipping") def test_try_sc_auth_root(simple_pam_cert_auth, env_for_sssctl): """ Make sure pam_sss returns PAM_AUTHINFO_UNAVAIL even for root if @@ -659,8 +635,6 @@ def test_try_sc_auth_root(simple_pam_cert_auth, env_for_sssctl): "service cannot retrieve authentication info") != -1 -@pytest.mark.skipif(not have_files_provider(), - reason="'files provider' disabled, skipping") def test_sc_auth_missing_name(simple_pam_cert_auth, env_for_sssctl): """ Test pam_sss allow_missing_name feature. @@ -688,8 +662,6 @@ def test_sc_auth_missing_name(simple_pam_cert_auth, env_for_sssctl): assert err.find("pam_authenticate for user [user1]: Success") != -1 -@pytest.mark.skipif(not have_files_provider(), - reason="'files provider' disabled, skipping") def test_sc_auth_missing_name_whitespace(simple_pam_cert_auth, env_for_sssctl): """ Test pam_sss allow_missing_name feature. @@ -717,8 +689,6 @@ def test_sc_auth_missing_name_whitespace(simple_pam_cert_auth, env_for_sssctl): assert err.find("pam_authenticate for user [user1]: Success") != -1 -@pytest.mark.skipif(not have_files_provider(), - reason="'files provider' disabled, skipping") def test_sc_auth_name_format(simple_pam_cert_auth_name_format, env_for_sssctl): """ Test that full_name_format is respected with pam_sss allow_missing_name @@ -779,8 +749,6 @@ def setup_krb5(request, kdc_instance, passwd_ops_setup): return None -@pytest.mark.skipif(not have_files_provider(), - reason="'files provider' disabled, skipping") def test_krb5_auth(setup_krb5, env_for_sssctl): """ Test basic Kerberos authentication, check for authentication failure when @@ -847,8 +815,6 @@ def setup_krb5_domains(request, kdc_instance, passwd_ops_setup): return None -@pytest.mark.skipif(not have_files_provider(), - reason="'files provider' disabled, skipping") def test_krb5_auth_domains(setup_krb5_domains, env_for_sssctl): """ Test basic Kerberos authentication with pam_sss 'domains' option, make From 25a913eae4e1703f621b195e02dd80dc2c48ca14 Mon Sep 17 00:00:00 2001 From: Sumit Bose <sbose@redhat.com> Date: Mon, 4 Sep 2023 14:13:25 +0200 Subject: [PATCH 179/280] confdb: add new option for confdb_certmap_to_sysdb() MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit With this new boolean options the backends calling confdb_certmap_to_sysdb() can indicate if the certificate mapping rules should be applied for local users or not, which currently means LDAP based mapping with a search filter string. Reviewed-by: Alexey Tikhonov <atikhono@redhat.com> Reviewed-by: Pavel Březina <pbrezina@redhat.com> Reviewed-by: Scott Poore <spoore@redhat.com> (cherry picked from commit 8952f6d8fea4a0e7e18eebf9e6a9f35d32de93bd) --- src/confdb/confdb.c | 23 ++++++----------------- src/confdb/confdb.h | 3 ++- src/providers/ad/ad_init.c | 2 +- src/providers/files/files_init.c | 2 +- src/providers/ldap/ldap_init.c | 2 +- src/providers/proxy/proxy_init.c | 2 +- 6 files changed, 12 insertions(+), 22 deletions(-) diff --git a/src/confdb/confdb.c b/src/confdb/confdb.c index d88ca1f6091..a7344e1668f 100644 --- a/src/confdb/confdb.c +++ b/src/confdb/confdb.c @@ -2574,6 +2574,7 @@ static errno_t certmap_local_check(struct ldb_message *msg) static errno_t confdb_get_all_certmaps(TALLOC_CTX *mem_ctx, struct confdb_ctx *cdb, struct sss_domain_info *dom, + bool certmaps_for_local_users, struct certmap_info ***_certmap_list) { TALLOC_CTX *tmp_ctx = NULL; @@ -2619,21 +2620,7 @@ static errno_t confdb_get_all_certmaps(TALLOC_CTX *mem_ctx, } for (c = 0; c < res->count; c++) { -#ifdef BUILD_FILES_PROVIDER - if (is_files_provider(dom)) { - ret = certmap_local_check(res->msgs[c]); - if (ret != EOK) { - DEBUG(SSSDBG_CONF_SETTINGS, - "Invalid certificate mapping [%s] for local user, " - "ignored.\n", ldb_dn_get_linearized(res->msgs[c]->dn)); - continue; - } - } -#endif - /* It might be better to not check the provider name but add a new - * option to confdb_certmap_to_sysdb() and here to call - * certmap_local_check(). */ - if (dom != NULL && dom->provider != NULL && strcasecmp(dom->provider, "proxy") == 0) { + if (certmaps_for_local_users) { ret = certmap_local_check(res->msgs[c]); if (ret != EOK) { DEBUG(SSSDBG_CONF_SETTINGS, @@ -2661,7 +2648,8 @@ static errno_t confdb_get_all_certmaps(TALLOC_CTX *mem_ctx, } int confdb_certmap_to_sysdb(struct confdb_ctx *cdb, - struct sss_domain_info *dom) + struct sss_domain_info *dom, + bool certmaps_for_local_users) { int ret; TALLOC_CTX *tmp_ctx; @@ -2673,7 +2661,8 @@ int confdb_certmap_to_sysdb(struct confdb_ctx *cdb, return ENOMEM; } - ret = confdb_get_all_certmaps(tmp_ctx, cdb, dom, &certmap_list); + ret = confdb_get_all_certmaps(tmp_ctx, cdb, dom, certmaps_for_local_users, + &certmap_list); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, "confdb_get_all_certmaps failed.\n"); goto done; diff --git a/src/confdb/confdb.h b/src/confdb/confdb.h index 23b4be814be..4487d78ef57 100644 --- a/src/confdb/confdb.h +++ b/src/confdb/confdb.h @@ -776,7 +776,8 @@ int confdb_get_sub_sections(TALLOC_CTX *mem_ctx, * @return EINVAL - Typically internal processing error */ int confdb_certmap_to_sysdb(struct confdb_ctx *cdb, - struct sss_domain_info *dom); + struct sss_domain_info *dom, + bool certmaps_for_local_users); /** * @} diff --git a/src/providers/ad/ad_init.c b/src/providers/ad/ad_init.c index 2d686eca05d..f452f285a24 100644 --- a/src/providers/ad/ad_init.c +++ b/src/providers/ad/ad_init.c @@ -421,7 +421,7 @@ static errno_t ad_init_misc(struct be_ctx *be_ctx, return ret; } - ret = confdb_certmap_to_sysdb(be_ctx->cdb, be_ctx->domain); + ret = confdb_certmap_to_sysdb(be_ctx->cdb, be_ctx->domain, false); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, "Failed to initialize certificate mapping rules. " diff --git a/src/providers/files/files_init.c b/src/providers/files/files_init.c index 54f3600a2ff..ab6fa870b4f 100644 --- a/src/providers/files/files_init.c +++ b/src/providers/files/files_init.c @@ -195,7 +195,7 @@ int sssm_files_init(TALLOC_CTX *mem_ctx, goto done; } - ret = confdb_certmap_to_sysdb(be_ctx->cdb, be_ctx->domain); + ret = confdb_certmap_to_sysdb(be_ctx->cdb, be_ctx->domain, true); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, "Failed to initialize certificate mapping rules. " diff --git a/src/providers/ldap/ldap_init.c b/src/providers/ldap/ldap_init.c index 0be3467fb2e..8d96ea16ce9 100644 --- a/src/providers/ldap/ldap_init.c +++ b/src/providers/ldap/ldap_init.c @@ -220,7 +220,7 @@ static errno_t ldap_init_misc(struct be_ctx *be_ctx, "[%d]: %s\n", ret, sss_strerror(ret)); } - ret = confdb_certmap_to_sysdb(be_ctx->cdb, be_ctx->domain); + ret = confdb_certmap_to_sysdb(be_ctx->cdb, be_ctx->domain, false); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, "Failed to initialize certificate mapping rules. " diff --git a/src/providers/proxy/proxy_init.c b/src/providers/proxy/proxy_init.c index 2fa73f6680e..b3ffad8aa02 100644 --- a/src/providers/proxy/proxy_init.c +++ b/src/providers/proxy/proxy_init.c @@ -382,7 +382,7 @@ errno_t sssm_proxy_id_init(TALLOC_CTX *mem_ctx, goto done; } - ret = confdb_certmap_to_sysdb(be_ctx->cdb, be_ctx->domain); + ret = confdb_certmap_to_sysdb(be_ctx->cdb, be_ctx->domain, true); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, "Failed to initialize certificate mapping rules. " From 7668ed6eb7b3c2b8270a970f3cbac58c4e05df76 Mon Sep 17 00:00:00 2001 From: Sumit Bose <sbose@redhat.com> Date: Mon, 18 Sep 2023 13:37:43 +0200 Subject: [PATCH 180/280] intg: use file and proxy provider in PAM responder test MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit All Smartcard authentication related tests are run now with the proxy provider and the deprecated files provider. If the files provider will be removed the tests can be removed by reverting this patch. Reviewed-by: Alexey Tikhonov <atikhono@redhat.com> Reviewed-by: Pavel Březina <pbrezina@redhat.com> Reviewed-by: Scott Poore <spoore@redhat.com> (cherry picked from commit f5f8030ad7bc469130ed69abec4c2563eca52e17) --- src/tests/intg/test_pam_responder.py | 49 +++++++++++++++++++++------- 1 file changed, 37 insertions(+), 12 deletions(-) diff --git a/src/tests/intg/test_pam_responder.py b/src/tests/intg/test_pam_responder.py index e56502e9479..9387b938646 100644 --- a/src/tests/intg/test_pam_responder.py +++ b/src/tests/intg/test_pam_responder.py @@ -38,6 +38,25 @@ LDAP_BASE_DN = "dc=example,dc=com" +def provider_list(): + if os.environ['FILES_PROVIDER'] == "enabled": + return ('files', 'proxy') + else: + # The comma is required to indicate a list with the string 'proxy' as + # only item, without it the string 'proxy' will be interpreted as list + # with five letters. + return ('proxy',) + + +class provider_switch: + def __init__(self, p): + if p == 'files': + self.p = "id_provider = files\nfallback_to_nss = False\nlocal_auth_policy = enable:smartcard\n" + elif p == 'proxy': + self.p = "id_provider = proxy\nlocal_auth_policy = only\nproxy_lib_name = call\n" + else: + self.p = none + @pytest.fixture(scope="module") def ad_inst(request): @@ -116,7 +135,7 @@ def format_basic_conf(ldap_conn): shell='/bin/bash') -def format_pam_cert_auth_conf(config): +def format_pam_cert_auth_conf(config, provider): """Format a basic SSSD configuration""" return unindent("""\ [sssd] @@ -140,16 +159,14 @@ def format_pam_cert_auth_conf(config): [domain/auth_only] debug_level = 10 - id_provider = proxy - local_auth_policy = only - proxy_lib_name = call + {provider.p} [certmap/auth_only/user1] matchrule = <SUBJECT>.*CN=SSSD test cert 0001.* """).format(**locals()) -def format_pam_cert_auth_conf_name_format(config): +def format_pam_cert_auth_conf_name_format(config, provider): """Format SSSD configuration with full_name_format""" return unindent("""\ [sssd] @@ -175,9 +192,7 @@ def format_pam_cert_auth_conf_name_format(config): use_fully_qualified_names = True full_name_format = %2$s\\%1$s debug_level = 10 - id_provider = proxy - local_auth_policy = only - proxy_lib_name = call + {provider.p} [certmap/auth_only/user1] matchrule = <SUBJECT>.*CN=SSSD test cert 0001.* @@ -331,7 +346,7 @@ def create_sssd_fixture(request, krb5_conf_path=None): def simple_pam_cert_auth(request, passwd_ops_setup): """Setup SSSD with pam_cert_auth=True""" config.PAM_CERT_DB_PATH = os.environ['PAM_CERT_DB_PATH'] - conf = format_pam_cert_auth_conf(config) + conf = format_pam_cert_auth_conf(config, provider_switch(request.param)) create_conf_fixture(request, conf) create_sssd_fixture(request) passwd_ops_setup.useradd(**USER1) @@ -347,7 +362,7 @@ def simple_pam_cert_auth_no_cert(request, passwd_ops_setup): old_softhsm2_conf = os.environ['SOFTHSM2_CONF'] del os.environ['SOFTHSM2_CONF'] - conf = format_pam_cert_auth_conf(config) + conf = format_pam_cert_auth_conf(config, provider_switch(request.param)) create_conf_fixture(request, conf) create_sssd_fixture(request) @@ -363,14 +378,14 @@ def simple_pam_cert_auth_no_cert(request, passwd_ops_setup): def simple_pam_cert_auth_name_format(request, passwd_ops_setup): """Setup SSSD with pam_cert_auth=True and full_name_format""" config.PAM_CERT_DB_PATH = os.environ['PAM_CERT_DB_PATH'] - conf = format_pam_cert_auth_conf_name_format(config) + conf = format_pam_cert_auth_conf_name_format(config, provider_switch(request.param)) create_conf_fixture(request, conf) create_sssd_fixture(request) passwd_ops_setup.useradd(**USER1) passwd_ops_setup.useradd(**USER2) return None - +@pytest.mark.parametrize('simple_pam_cert_auth', provider_list(), indirect=True) def test_preauth_indicator(simple_pam_cert_auth): """Check if preauth indicator file is created""" statinfo = os.stat(config.PUBCONF_PATH + "/pam_preauth_available") @@ -452,6 +467,7 @@ def env_for_sssctl(request): return env_for_sssctl +@pytest.mark.parametrize('simple_pam_cert_auth', provider_list(), indirect=True) def test_sc_auth_wrong_pin(simple_pam_cert_auth, env_for_sssctl): sssctl = subprocess.Popen(["sssctl", "user-checks", "user1", @@ -476,6 +492,7 @@ def test_sc_auth_wrong_pin(simple_pam_cert_auth, env_for_sssctl): "Authentication failure") != -1 +@pytest.mark.parametrize('simple_pam_cert_auth', provider_list(), indirect=True) def test_sc_auth(simple_pam_cert_auth, env_for_sssctl): sssctl = subprocess.Popen(["sssctl", "user-checks", "user1", @@ -499,6 +516,7 @@ def test_sc_auth(simple_pam_cert_auth, env_for_sssctl): assert err.find("pam_authenticate for user [user1]: Success") != -1 +@pytest.mark.parametrize('simple_pam_cert_auth', provider_list(), indirect=True) def test_require_sc_auth(simple_pam_cert_auth, env_for_sssctl): sssctl = subprocess.Popen(["sssctl", "user-checks", "user1", @@ -523,6 +541,7 @@ def test_require_sc_auth(simple_pam_cert_auth, env_for_sssctl): assert err.find("pam_authenticate for user [user1]: Success") != -1 +@pytest.mark.parametrize('simple_pam_cert_auth_no_cert', provider_list(), indirect=True) def test_require_sc_auth_no_cert(simple_pam_cert_auth_no_cert, env_for_sssctl): # We have to wait about 20s before the command returns because there will @@ -558,6 +577,7 @@ def test_require_sc_auth_no_cert(simple_pam_cert_auth_no_cert, env_for_sssctl): "service cannot retrieve authentication info") != -1 +@pytest.mark.parametrize('simple_pam_cert_auth', provider_list(), indirect=True) def test_try_sc_auth_no_map(simple_pam_cert_auth, env_for_sssctl): sssctl = subprocess.Popen(["sssctl", "user-checks", "user2", @@ -583,6 +603,7 @@ def test_try_sc_auth_no_map(simple_pam_cert_auth, env_for_sssctl): "service cannot retrieve authentication info") != -1 +@pytest.mark.parametrize('simple_pam_cert_auth', provider_list(), indirect=True) def test_try_sc_auth(simple_pam_cert_auth, env_for_sssctl): sssctl = subprocess.Popen(["sssctl", "user-checks", "user1", @@ -607,6 +628,7 @@ def test_try_sc_auth(simple_pam_cert_auth, env_for_sssctl): assert err.find("pam_authenticate for user [user1]: Success") != -1 +@pytest.mark.parametrize('simple_pam_cert_auth', provider_list(), indirect=True) def test_try_sc_auth_root(simple_pam_cert_auth, env_for_sssctl): """ Make sure pam_sss returns PAM_AUTHINFO_UNAVAIL even for root if @@ -635,6 +657,7 @@ def test_try_sc_auth_root(simple_pam_cert_auth, env_for_sssctl): "service cannot retrieve authentication info") != -1 +@pytest.mark.parametrize('simple_pam_cert_auth', provider_list(), indirect=True) def test_sc_auth_missing_name(simple_pam_cert_auth, env_for_sssctl): """ Test pam_sss allow_missing_name feature. @@ -662,6 +685,7 @@ def test_sc_auth_missing_name(simple_pam_cert_auth, env_for_sssctl): assert err.find("pam_authenticate for user [user1]: Success") != -1 +@pytest.mark.parametrize('simple_pam_cert_auth', provider_list(), indirect=True) def test_sc_auth_missing_name_whitespace(simple_pam_cert_auth, env_for_sssctl): """ Test pam_sss allow_missing_name feature. @@ -689,6 +713,7 @@ def test_sc_auth_missing_name_whitespace(simple_pam_cert_auth, env_for_sssctl): assert err.find("pam_authenticate for user [user1]: Success") != -1 +@pytest.mark.parametrize('simple_pam_cert_auth_name_format', provider_list(), indirect=True) def test_sc_auth_name_format(simple_pam_cert_auth_name_format, env_for_sssctl): """ Test that full_name_format is respected with pam_sss allow_missing_name From 04b6a22b3d920634121b00c65c568954a06f2cf1 Mon Sep 17 00:00:00 2001 From: Sumit Bose <sbose@redhat.com> Date: Wed, 11 Oct 2023 10:43:23 +0200 Subject: [PATCH 181/280] intg: add proxy auth with fallback test MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit SSSD currently assumed that PAM modules configured for the proxy auth provider expect passwords as input. If a Smartcard is present during the authentication, but local Smartcard authentication is not enabled, the user should see a password prompt. Reviewed-by: Alexey Tikhonov <atikhono@redhat.com> Reviewed-by: Pavel Březina <pbrezina@redhat.com> Reviewed-by: Scott Poore <spoore@redhat.com> (cherry picked from commit 4d475e41a5223f4bdabc1465bad4d4f87a911064) --- src/tests/intg/test_pam_responder.py | 56 ++++++++++++++++++++++++++++ 1 file changed, 56 insertions(+) diff --git a/src/tests/intg/test_pam_responder.py b/src/tests/intg/test_pam_responder.py index 9387b938646..81fffd11818 100644 --- a/src/tests/intg/test_pam_responder.py +++ b/src/tests/intg/test_pam_responder.py @@ -54,6 +54,10 @@ def __init__(self, p): self.p = "id_provider = files\nfallback_to_nss = False\nlocal_auth_policy = enable:smartcard\n" elif p == 'proxy': self.p = "id_provider = proxy\nlocal_auth_policy = only\nproxy_lib_name = call\n" + elif p == 'proxy_password': + self.p = "id_provider = proxy\nproxy_lib_name = call\nproxy_pam_target = sssd-shadowutils\n" + elif p == 'proxy_password_with_sc': + self.p = "id_provider = proxy\nlocal_auth_policy = enable:smartcard\nproxy_lib_name = call\nproxy_pam_target = sssd-shadowutils\n" else: self.p = none @@ -516,6 +520,58 @@ def test_sc_auth(simple_pam_cert_auth, env_for_sssctl): assert err.find("pam_authenticate for user [user1]: Success") != -1 +@pytest.mark.parametrize('simple_pam_cert_auth', ['proxy_password'], indirect=True) +def test_sc_proxy_password_fallback(simple_pam_cert_auth, env_for_sssctl): + """ + Check that there will be a password prompt if another proxy auth module is + configured and Smartcard authentication is not allowed but a Smartcard is + present. + """ + + sssctl = subprocess.Popen(["sssctl", "user-checks", "user1", + "--action=auth", "--service=pam_sss_service"], + universal_newlines=True, + env=env_for_sssctl, stdin=subprocess.PIPE, + stdout=subprocess.PIPE, stderr=subprocess.PIPE) + + out, err = sssctl.communicate() + + sssctl.stdin.close() + sssctl.stdout.close() + + assert err.find("Password:") != -1 + + +@pytest.mark.parametrize('simple_pam_cert_auth', ['proxy_password_with_sc'], + indirect=True) +def test_sc_proxy_no_password_fallback(simple_pam_cert_auth, env_for_sssctl): + """ + Use the same environ as for test_sc_proxy_password_fallback but now allow + local Smartcard authentication. Here we expect that there will be a prompt + for the Smartcard PIN and that Smartcard authentication is successful. + """ + + sssctl = subprocess.Popen(["sssctl", "user-checks", "user1", + "--action=auth", "--service=pam_sss_service"], + universal_newlines=True, + env=env_for_sssctl, stdin=subprocess.PIPE, + stdout=subprocess.PIPE, stderr=subprocess.PIPE) + + try: + out, err = sssctl.communicate(input="123456") + except Exception: + sssctl.kill() + out, err = sssctl.communicate() + + sssctl.stdin.close() + sssctl.stdout.close() + + if sssctl.wait() != 0: + raise Exception("sssctl failed") + + assert err.find("pam_authenticate for user [user1]: Success") != -1 + + @pytest.mark.parametrize('simple_pam_cert_auth', provider_list(), indirect=True) def test_require_sc_auth(simple_pam_cert_auth, env_for_sssctl): From 793284ab91452d274edf22928500d7c1895e12c8 Mon Sep 17 00:00:00 2001 From: Justin Stephenson <jstephen@redhat.com> Date: Wed, 27 Sep 2023 11:43:14 -0400 Subject: [PATCH 182/280] man: Improve LDAP security wording All communication, including the identity provided must be encrypted to prevent attacks. Resolves: https://github.com/SSSD/sssd/issues/6681 Reviewed-by: Alexey Tikhonov <atikhono@redhat.com> Reviewed-by: Sumit Bose <sbose@redhat.com> --- src/man/sssd-ldap.5.xml | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/src/man/sssd-ldap.5.xml b/src/man/sssd-ldap.5.xml index c094a6125df..0a814ec3585 100644 --- a/src/man/sssd-ldap.5.xml +++ b/src/man/sssd-ldap.5.xml @@ -39,9 +39,10 @@ to authenticate against an LDAP server either TLS/SSL or LDAPS is required. <command>sssd</command> <emphasis>does not</emphasis> support authentication over an unencrypted channel. - If the LDAP server is used only as an identity provider, an encrypted - channel is not needed. Please refer to <quote>ldap_access_filter</quote> - config option for more information about using LDAP as an access provider. + Even if the LDAP server is used only as an identity provider, an encrypted + channel is strongly recommended. Please refer to + <quote>ldap_access_filter</quote> config option for more information + about using LDAP as an access provider. </para> </refsect1> @@ -912,6 +913,7 @@ <para> Specifies that the id_provider connection must also use <systemitem class="protocol">tls</systemitem> to protect the channel. + <emphasis>true</emphasis> is strongly recommended for security reasons. </para> <para> Default: false From a48c7445d1abbd78d428e000a6889c8f0a154de6 Mon Sep 17 00:00:00 2001 From: Tomas Halman <thalman@redhat.com> Date: Tue, 26 Sep 2023 11:05:13 +0200 Subject: [PATCH 183/280] dyndns: PTR record updates separately DNS server does not allow updates for different zones in one single step. Those updates must be sent separately. It is complicated and in some cases impossible to detect that PTR updates does not fit into one zone because it often depends on DNS server configuration. With this patch PTR record updates are always sent separately. Resolves: https://github.com/SSSD/sssd/issues/6956 Reviewed-by: Dan Lavu <dlavu@redhat.com> Reviewed-by: Justin Stephenson <jstephen@redhat.com> (cherry picked from commit f0bba9d5178d18e7b08aaa58375916d111dfeb59) --- src/man/sssd-ad.5.xml | 5 +++++ src/man/sssd-ipa.5.xml | 5 +++++ src/providers/be_dyndns.c | 18 +++--------------- src/tests/cmocka/test_dyndns.c | 5 +++++ 4 files changed, 18 insertions(+), 15 deletions(-) diff --git a/src/man/sssd-ad.5.xml b/src/man/sssd-ad.5.xml index 65778124bfc..082e97e523b 100644 --- a/src/man/sssd-ad.5.xml +++ b/src/man/sssd-ad.5.xml @@ -1262,6 +1262,11 @@ ad_gpo_map_deny = +my_pam_service updated when updating the client's DNS records. Applicable only when dyndns_update is true. </para> + <para> + Note that <emphasis>dyndns_update_per_family</emphasis> + parameter does not apply for PTR record updates. + Those updates are always sent separately. + </para> <para> Default: True </para> diff --git a/src/man/sssd-ipa.5.xml b/src/man/sssd-ipa.5.xml index aa6ff238000..4802ce866e4 100644 --- a/src/man/sssd-ipa.5.xml +++ b/src/man/sssd-ipa.5.xml @@ -286,6 +286,11 @@ PTR records automatically when forward records are changed. </para> + <para> + Note that <emphasis>dyndns_update_per_family</emphasis> + parameter does not apply for PTR record updates. + Those updates are always sent separately. + </para> <para> Default: False (disabled) </para> diff --git a/src/providers/be_dyndns.c b/src/providers/be_dyndns.c index 2de9a13a9cd..2c655ef1eeb 100644 --- a/src/providers/be_dyndns.c +++ b/src/providers/be_dyndns.c @@ -402,7 +402,7 @@ nsupdate_msg_add_ptr(char *update_msg, struct sss_iface_addr *addresses, } updateipv4 = talloc_asprintf_append(updateipv4, - "update add %s %d in PTR %s.\n", + "update add %s %d in PTR %s.\nsend\n", ptr, ttl, hostname); break; case AF_INET6: @@ -415,7 +415,7 @@ nsupdate_msg_add_ptr(char *update_msg, struct sss_iface_addr *addresses, } } updateipv6 = talloc_asprintf_append(updateipv6, - "update add %s %d in PTR %s.\n", + "update add %s %d in PTR %s.\nsend\n", ptr, ttl, hostname); break; } @@ -426,21 +426,9 @@ nsupdate_msg_add_ptr(char *update_msg, struct sss_iface_addr *addresses, } } - if (update_per_family && updateipv4[0] && updateipv6[0]) { - /* update per family and both families present */ - return talloc_asprintf_append(update_msg, - "%s" - "send\n" - "%s" - "send\n", - updateipv4, - updateipv6); - } - return talloc_asprintf_append(update_msg, "%s" - "%s" - "send\n", + "%s", updateipv4, updateipv6); } diff --git a/src/tests/cmocka/test_dyndns.c b/src/tests/cmocka/test_dyndns.c index 1ef5a90194c..7526c16a86d 100644 --- a/src/tests/cmocka/test_dyndns.c +++ b/src/tests/cmocka/test_dyndns.c @@ -663,11 +663,13 @@ void dyndns_test_create_ptr_msg(void **state) assert_string_equal(msg, "\nupdate delete 1.0.168.192.in-addr.arpa. in PTR\n" "update add 1.0.168.192.in-addr.arpa. 1234 in PTR bran_stark.\n" + "send\n" "update delete 2.0.168.192.in-addr.arpa. in PTR\n" "update add 2.0.168.192.in-addr.arpa. 1234 in PTR bran_stark.\n" "send\n" "update delete 4.4.4.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.a.b.d.c.1.0.0.2.ip6.arpa. in PTR\n" "update add 4.4.4.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.a.b.d.c.1.0.0.2.ip6.arpa. 1234 in PTR bran_stark.\n" + "send\n" "update delete 5.5.5.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.a.b.d.c.1.0.0.2.ip6.arpa. in PTR\n" "update add 5.5.5.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.a.b.d.c.1.0.0.2.ip6.arpa. 1234 in PTR bran_stark.\n" "send\n"); @@ -680,10 +682,13 @@ void dyndns_test_create_ptr_msg(void **state) assert_string_equal(msg, "\nupdate delete 1.0.168.192.in-addr.arpa. in PTR\n" "update add 1.0.168.192.in-addr.arpa. 1234 in PTR bran_stark.\n" + "send\n" "update delete 2.0.168.192.in-addr.arpa. in PTR\n" "update add 2.0.168.192.in-addr.arpa. 1234 in PTR bran_stark.\n" + "send\n" "update delete 4.4.4.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.a.b.d.c.1.0.0.2.ip6.arpa. in PTR\n" "update add 4.4.4.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.a.b.d.c.1.0.0.2.ip6.arpa. 1234 in PTR bran_stark.\n" + "send\n" "update delete 5.5.5.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.a.b.d.c.1.0.0.2.ip6.arpa. in PTR\n" "update add 5.5.5.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.a.b.d.c.1.0.0.2.ip6.arpa. 1234 in PTR bran_stark.\n" "send\n"); From aa3616b3400c9b4d2e9f5bbe758a250a4a837a64 Mon Sep 17 00:00:00 2001 From: Dan Lavu <dlavu@redhat.com> Date: Thu, 27 Apr 2023 15:21:09 -0400 Subject: [PATCH 184/280] Updating ad_multihost test MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * fixing raiseonerr=False to disjoin function * cleaned up code since the line limit has increased * added AD from forest1 to resolv.conf and /etc/hosts * updating test case documentation to clarify the test Signed-off-by: Dan Lavu <dlavu@redhat.com> Reviewed-by: Jakub Vávra <jvavra@redhat.com> Reviewed-by: Madhuri Upadhye <mupadhye@redhat.com> (cherry picked from commit bd839b85e25701116cb8453e142014973a9c6de9) --- .../multihost/admultidomain/test_multiforest.py | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/src/tests/multihost/admultidomain/test_multiforest.py b/src/tests/multihost/admultidomain/test_multiforest.py index 84406e4ac09..d41a254c8bc 100644 --- a/src/tests/multihost/admultidomain/test_multiforest.py +++ b/src/tests/multihost/admultidomain/test_multiforest.py @@ -107,11 +107,11 @@ def test_0001_multiforest(multihost, newhostname, adjoin): multihost.client[0].run_command(cleanup_krb5) client.restore_sssd_conf() - assert getent_domain_user1.returncode == 0, f"Could not find user1 {getent_domain_user1}!" - assert getent_domain_user2.returncode == 0, f"Could not find user1 {getent_domain_user2}!" - assert id_domain_user1.returncode == 0, f"Could not find user1 {id_domain1_user1}!" - assert id_domain_user2.returncode == 0, f"Could not find user2 {id_domain_user2}!" - assert getent_domain1_user1.returncode == 0, f"Could not find user1 {getent_domain1_user1}!" - assert getent_domain1_user2.returncode == 0, f"Could not find user2 {getent_domain1_user2}!" - assert id_domain1_user1.returncode == 0, f"Could not find user1 {id_domain1_user1}!" - assert id_domain1_user2.returncode == 0, f"Could not find user2 {id_domain1_user2}!" + assert getent_domain_user1.rc == 0, f"Could not find user1 {getent_domain_user1}!" + assert getent_domain_user2.rc == 0, f"Could not find user1 {getent_domain_user2}!" + assert id_domain_user1.rc == 0, f"Could not find user1 {id_domain1_user1}!" + assert id_domain_user2.rc == 0, f"Could not find user2 {id_domain_user2}!" + assert getent_domain1_user1.rc == 0, f"Could not find user1 {getent_domain1_user1}!" + assert getent_domain1_user2.rc == 0, f"Could not find user2 {getent_domain1_user2}!" + assert id_domain1_user1.rc == 0, f"Could not find user1 {id_domain1_user1}!" + assert id_domain1_user2.rc == 0, f"Could not find user2 {id_domain1_user2}!" From c866b5316ed66ba23049e7d1700cf33938738314 Mon Sep 17 00:00:00 2001 From: Dan Lavu <dlavu@redhat.com> Date: Thu, 27 Apr 2023 15:21:09 -0400 Subject: [PATCH 185/280] Updating ad_multihost test MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * fixing raiseonerr=False to disjoin function * cleaned up code since the line limit has increased * added AD from forest1 to resolv.conf and /etc/hosts * updating test case documentation to clarify the test Signed-off-by: Dan Lavu <dlavu@redhat.com> Reviewed-by: Jakub Vávra <jvavra@redhat.com> Reviewed-by: Madhuri Upadhye <mupadhye@redhat.com> (cherry picked from commit cb72984e2d533306489c6161678443ce2fe48661) --- src/tests/multihost/admultidomain/test_multiforest.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/tests/multihost/admultidomain/test_multiforest.py b/src/tests/multihost/admultidomain/test_multiforest.py index d41a254c8bc..351fdefcd45 100644 --- a/src/tests/multihost/admultidomain/test_multiforest.py +++ b/src/tests/multihost/admultidomain/test_multiforest.py @@ -10,7 +10,7 @@ @pytest.mark.admultiforest class TestADMultiForest(object): - def test_0001_multiforest(multihost, newhostname, adjoin): + def test_0001_multiforest(self, multihost, newhostname, adjoin): """ :title: IDM-SSSD-TC: ad_provider: admultiforest : Authentication against two forests :id: 900f2467-1aca-430c-bbaa-b22d30a829ad @@ -102,7 +102,7 @@ def test_0001_multiforest(multihost, newhostname, adjoin): id_domain1_user1 = multihost.client[0].run_command(f'id user1@{ad1_domain}', raiseonerr=False) id_domain1_user2 = multihost.client[0].run_command(f'id user2@{ad1_domain}', raiseonerr=False) - multihost.client[0].put_file_contents('/etc/hosts', hosts) + multihost.client[0].put_file_contents('/etc/hosts.bak', hosts) multihost.client[0].put_file_contents('/etc/krb5.conf', krb5) multihost.client[0].run_command(cleanup_krb5) client.restore_sssd_conf() From 3fd19c8025784269d5e08c553f83a097dc666870 Mon Sep 17 00:00:00 2001 From: Dan Lavu <dlavu@redhat.com> Date: Sun, 30 Apr 2023 01:11:39 -0400 Subject: [PATCH 186/280] Adding test case for bz2167728 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Cleaned up lines since the character count has increased * Added test ids to existing tests Signed-off-by: Dan Lavu <dlavu@redhat.com> Reviewed-by: Jakub Vávra <jvavra@redhat.com> Reviewed-by: Madhuri Upadhye <mupadhye@redhat.com> (cherry picked from commit 95678ad7e4f18e47cd67aabe660e0c26c07a2ffa) --- .../admultidomain/test_multidomain.py | 120 ++++++++++++------ .../admultidomain/test_multiforest.py | 21 +-- 2 files changed, 92 insertions(+), 49 deletions(-) diff --git a/src/tests/multihost/admultidomain/test_multidomain.py b/src/tests/multihost/admultidomain/test_multidomain.py index 1506033e8a2..bf1512d8e25 100644 --- a/src/tests/multihost/admultidomain/test_multidomain.py +++ b/src/tests/multihost/admultidomain/test_multidomain.py @@ -1,3 +1,5 @@ +import re + import pytest from sssd.testlib.common.utils import sssdTools @@ -7,11 +9,11 @@ @pytest.mark.admultidomain class TestADMultiDomain(object): - def test_0001_bz2013297(multihost, newhostname, adchildjoin): + @staticmethod + def test_0001_bz2013297(self, multihost, newhostname, adchildjoin): """ - :title: IDM-SSSD-TC: ad_provider: forests: disabled root ad domain - causes subdomains to be marked offline - :id: + :title: IDM-SSSD-TC: ad_provider: forests: disabled root domain causes subdomains to be marked offline + :id: 3055d093-8449-4146-a6e1-b221dee35395 :setup: 1. Configure parent and child domain 2. Join client to child domain @@ -35,7 +37,6 @@ def test_0001_bz2013297(multihost, newhostname, adchildjoin): child_domain = multihost.ad[1].domainname ad_server = multihost.ad[1].hostname - # Configure sssd multihost.client[0].service_sssd('stop') client = sssdTools(multihost.client[0], multihost.ad[1]) client.backup_sssd_conf() @@ -47,24 +48,18 @@ def test_0001_bz2013297(multihost, newhostname, adchildjoin): 'ad_server': ad_server, 'cache_credentials': 'True', } - client.sssd_conf(dom_section, sssd_params) + client.sssd_conf(dom_section, sssd_params, action='update') client.clear_sssd_cache() + multihost.client[0].service_sssd('start') - # Search for the user in root domain getent_root_user1 = multihost.client[0].run_command( - f'getent passwd user1@{ad_domain}', - raiseonerr=False - ) - # Search for the user in child domain + f'getent passwd user1@{ad_domain}', raiseonerr=False) getent_child_user1 = multihost.client[0].run_command( - f'getent passwd child_user1@{child_domain}', - raiseonerr=False - ) + f'getent passwd child_user1@{child_domain}', raiseonerr=False) client.restore_sssd_conf() client.clear_sssd_cache() - # Evaluate test results assert getent_root_user1.returncode == 0 assert getent_child_user1.returncode == 0 @@ -77,32 +72,26 @@ def test_0001_bz2013297(multihost, newhostname, adchildjoin): 'ad_server': ad_server, 'ad_enabled_domains': child_domain } - client.sssd_conf(dom_section, sssd_params) + client.sssd_conf(dom_section, sssd_params, action='update') client.clear_sssd_cache() + multihost.client[0].service_sssd('start') - # Search for the user in root domain getent_root_user2 = multihost.client[0].run_command( - f'getent passwd user1@{ad_domain}', - raiseonerr=False - ) - # Search for the user in child domain + f'getent passwd user1@{ad_domain}', raiseonerr=False) getent_child_user2 = multihost.client[0].run_command( - f'getent passwd child_user1@{child_domain}', - raiseonerr=False - ) + f'getent passwd child_user1@{child_domain}', raiseonerr=False) client.restore_sssd_conf() client.clear_sssd_cache() - # Evaluate test results assert getent_root_user2.returncode == 2 assert getent_child_user2.returncode == 0 - def test_0002_bz2018432(multihost, newhostname, adjoin): + @staticmethod + def test_0002_bz2018432(self, multihost, newhostname, adjoin): """ - :title: IDM-SSSD-TC: ad_provider: forests: based SSSD adds more AD - domains than it should be based on the configuration file - :id: + :title: IDM-SSSD-TC: ad_provider: forests: sssctl domain_list shows more domains than it should + :id: b2c9efc8-b3a6-4216-99d6-7ae1d868c43f :setup: 1. Configure several domains, this suite contains 4 trusted domains 2. Join client to parent domain @@ -115,8 +104,6 @@ def test_0002_bz2018432(multihost, newhostname, adjoin): adjoin(membersw='adcli') ad_domain = multihost.ad[0].domainname ad_server = multihost.ad[0].hostname - - # Configure sssd multihost.client[0].service_sssd('stop') client = sssdTools(multihost.client[0], multihost.ad[0]) client.backup_sssd_conf() @@ -128,13 +115,11 @@ def test_0002_bz2018432(multihost, newhostname, adjoin): 'ad_server': ad_server, 'cache_credentials': 'True' } - client.sssd_conf(dom_section, sssd_params) + client.sssd_conf(dom_section, sssd_params, action='update') client.clear_sssd_cache() - # List domains - # The lists have to be manipulated, the DC in the other forest - # needs to be removed as well as implicit_files from the output - domain_list_cmd = multihost.client[0].run_command( - 'sssctl domain-list', raiseonerr=False) + multihost.client[0].service_sssd('start') + # The output needs to be pruned of servers that are not apart of the forest and 'implicit files' + domain_list_cmd = multihost.client[0].run_command('sssctl domain-list', raiseonerr=False) domain_list = domain_list_cmd.stdout_text.split('\n') if "" in domain_list: domain_list.remove("") @@ -143,11 +128,68 @@ def test_0002_bz2018432(multihost, newhostname, adjoin): multihost_list = [] for x in multihost.ad: multihost_list.append(x.domainname) - # This is necessary because the AD server in the second forest needs to - # be removed from the list. multihost_list.pop() domain_list.sort() multihost_list.sort() assert domain_list == multihost_list + + @staticmethod + def test_0003_bz2167728(self, multihost, newhostname, adchildjoin): + """ + :title: IDM-SSSD-TC: ad_provider: forests: bz2167728 Auth fails if client cannot speak to forest root domain + :id: e9ba9423-0a42-4379-a900-637c79ff0e5c + :setup: + 1. Clear out the contents of [domain_realm] in /etc/krb5.conf + 2. Join client to child domain + :steps: + 1. Lookup root, child and tree domain users + :expectedresults: + 1. All lookups should work + :customerscenario: True + """ + client = sssdTools(multihost.client[0], multihost.ad[1]) + krb5 = multihost.client[0].get_file_contents('/etc/krb5.conf', encoding='utf-8') + resolv = multihost.client[0].get_file_contents('/etc/resolv.conf', encoding='utf-8') + domain = multihost.ad[0].domainname + ip = multihost.ad[0].ip + child_domain = multihost.ad[1].domainname + child_ip = multihost.ad[1].ip + tree_domain = multihost.ad[2].domainname + tree_ip = multihost.ad[2].ip + + # To verify this bug the contents of /etc/krb5.conf needs to have no [realm] entries + for x in multihost.ad: + _domain = x.domainname + _domain_upper = _domain.capitalize() + _krb5 = multihost.client[0].get_file_contents('/etc/krb5.conf', encoding='utf-8') + _krb5_1 = re.sub(f"^.{_domain} = {_domain_upper}", "", re.sub(f"^{_domain} = {_domain_upper}", "", _krb5)) + multihost.client[0].put_file_contents('/etc/krb5.conf', _krb5_1) + adchildjoin(membersw='adcli') + + multihost.client[0].service_sssd('stop') + client.backup_sssd_conf() + sssd_domain = f'domain/{client.get_domain_section_name()}' + sssd_params = {'debug_level': '9'} + client.sssd_conf(sssd_domain, sssd_params, action='update') + + client.update_resolv_conf(child_ip) + client.update_resolv_conf(ip) + client.update_resolv_conf(tree_ip) + + multihost.client[0].service_sssd('start') + + getent1 = multihost.client[0].run_command(f'getent passwd user1@{domain}', raiseonerr=False) + getent2 = multihost.client[0].run_command(f'getent passwd child_user1@{child_domain}', raiseonerr=False) + getent3 = multihost.client[0].run_command(f'getent passwd tree_user1@{tree_domain}', raiseonerr=False) + + multihost.client[0].put_file_contents('/etc/krb5.conf', krb5) + multihost.client[0].run_command('chattr -i /etc/resolv.conf', raiseonerror=False) + multihost.client[0].put_file_contents('/etc/resolv.conf', resolv) + multihost.client[0].run_command('chattr +i /etc/resolv.conf', raiseonerror=False) + client.restore_sssd_conf() + + assert getent1.returncode == 0, f'Could not find user1@{domain}!' + assert getent2.returncode == 0, f'Could not find child_user1@{child_domain}!' + assert getent3.returncode == 0, f'Could not find tree_user1@{tree_domain}!' diff --git a/src/tests/multihost/admultidomain/test_multiforest.py b/src/tests/multihost/admultidomain/test_multiforest.py index 351fdefcd45..cd710036b0a 100644 --- a/src/tests/multihost/admultidomain/test_multiforest.py +++ b/src/tests/multihost/admultidomain/test_multiforest.py @@ -1,5 +1,4 @@ import subprocess -import time import pytest @@ -10,6 +9,7 @@ @pytest.mark.admultiforest class TestADMultiForest(object): + @staticmethod def test_0001_multiforest(self, multihost, newhostname, adjoin): """ :title: IDM-SSSD-TC: ad_provider: admultiforest : Authentication against two forests @@ -102,16 +102,17 @@ def test_0001_multiforest(self, multihost, newhostname, adjoin): id_domain1_user1 = multihost.client[0].run_command(f'id user1@{ad1_domain}', raiseonerr=False) id_domain1_user2 = multihost.client[0].run_command(f'id user2@{ad1_domain}', raiseonerr=False) - multihost.client[0].put_file_contents('/etc/hosts.bak', hosts) + multihost.client[0].put_file_contents('/etc/hosts', hosts) multihost.client[0].put_file_contents('/etc/krb5.conf', krb5) multihost.client[0].run_command(cleanup_krb5) client.restore_sssd_conf() - assert getent_domain_user1.rc == 0, f"Could not find user1 {getent_domain_user1}!" - assert getent_domain_user2.rc == 0, f"Could not find user1 {getent_domain_user2}!" - assert id_domain_user1.rc == 0, f"Could not find user1 {id_domain1_user1}!" - assert id_domain_user2.rc == 0, f"Could not find user2 {id_domain_user2}!" - assert getent_domain1_user1.rc == 0, f"Could not find user1 {getent_domain1_user1}!" - assert getent_domain1_user2.rc == 0, f"Could not find user2 {getent_domain1_user2}!" - assert id_domain1_user1.rc == 0, f"Could not find user1 {id_domain1_user1}!" - assert id_domain1_user2.rc == 0, f"Could not find user2 {id_domain1_user2}!" + assert getent_domain_user1.returncode == 0, f"Could not find user1 {getent_domain_user1}!" + assert getent_domain_user2.returncode == 0, f"Could not find user1 {getent_domain_user2}!" + assert id_domain_user1.returncode == 0, f"Could not find user1 {id_domain1_user1}!" + assert id_domain_user2.returncode == 0, f"Could not find user2 {id_domain_user2}!" + assert getent_domain1_user1.returncode == 0, f"Could not find user1 {getent_domain1_user1}!" + assert getent_domain1_user2.returncode == 0, f"Could not find user2 {getent_domain1_user2}!" + assert id_domain1_user1.returncode == 0, f"Could not find user1 {id_domain1_user1}!" + assert id_domain1_user2.returncode == 0, f"Could not find user2 {id_domain1_user2}!" + From 9c4f7281dc469757f27fdfb51fee18a71266e863 Mon Sep 17 00:00:00 2001 From: Iker Pedrosa <ipedrosa@redhat.com> Date: Thu, 19 Oct 2023 12:18:03 +0200 Subject: [PATCH 187/280] man: clarify user credentials for `cache_credentials` It only applies to passwords, not other authentication mechanisms like smartcards or passkeys. Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com> Reviewed-by: Justin Stephenson <jstephen@redhat.com> Reviewed-by: Sumit Bose <sbose@redhat.com> (cherry picked from commit 38d334ea040e2f5b0da4a3a37618215658b2c3a8) --- src/man/sssd.conf.5.xml | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/src/man/sssd.conf.5.xml b/src/man/sssd.conf.5.xml index 537bc201f10..5a76a35980f 100644 --- a/src/man/sssd.conf.5.xml +++ b/src/man/sssd.conf.5.xml @@ -2929,7 +2929,14 @@ pam_gssapi_indicators_map = sudo:pkinit, sudo-i:pkinit <listitem> <para> Determines if user credentials are also cached - in the local LDB cache. + in the local LDB cache. The cached credentials + refer to passwords, which includes the first (long + term) factor of two-factor authentication, not + other authentication mechanisms. Passkey and + Smartcard authentications are expected to work + offline as long as a successful online + authentication is recorded in the cache without + additional configuration. </para> <para> Take a note that while credentials are stored as From 9e7a08a8062e39984e7386ec365a948cb7fb8b62 Mon Sep 17 00:00:00 2001 From: Patrik Rosecky <prosecky@redhat.com> Date: Thu, 12 Oct 2023 11:47:30 +0200 Subject: [PATCH 188/280] TESTS: topology set to KnownTopologyGroup.AnyProvider MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Reviewed-by: Jakub Vávra <jvavra@redhat.com> Reviewed-by: Justin Stephenson <jstephen@redhat.com> (cherry picked from commit ce117ae0c25305a5109d0f663d677a9ccae3b68a) --- src/tests/system/tests/test_passkey.py | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/src/tests/system/tests/test_passkey.py b/src/tests/system/tests/test_passkey.py index c310ffe07f3..ad784c5282d 100644 --- a/src/tests/system/tests/test_passkey.py +++ b/src/tests/system/tests/test_passkey.py @@ -10,7 +10,7 @@ from sssd_test_framework.roles.client import Client from sssd_test_framework.roles.generic import GenericProvider from sssd_test_framework.roles.ipa import IPA -from sssd_test_framework.topology import KnownTopology +from sssd_test_framework.topology import KnownTopology, KnownTopologyGroup @pytest.mark.importance("high") @@ -74,10 +74,7 @@ def test_passkey__register__ipa(ipa: IPA, moduledatadir: str, testdatadir: str): @pytest.mark.importance("critical") -@pytest.mark.topology(KnownTopology.LDAP) -@pytest.mark.topology(KnownTopology.IPA) -@pytest.mark.topology(KnownTopology.AD) -@pytest.mark.topology(KnownTopology.Samba) +@pytest.mark.topology(KnownTopologyGroup.AnyProvider) @pytest.mark.builtwith(client="passkey", provider="passkey") def test_passkey__su(client: Client, provider: GenericProvider, moduledatadir: str, testdatadir: str): """ From a9498b12b4824dbc137e54b1c18732e00e101050 Mon Sep 17 00:00:00 2001 From: Jakub Vavra <jvavra@redhat.com> Date: Mon, 23 Oct 2023 09:41:08 +0200 Subject: [PATCH 189/280] Tests: Fix autofs cleanups Autofs tests were not cleaning properly leaving behind stuck/unresponsive mounts. This was failing other tests that were executed after these suites. Tests were stuck when trying to create a new local users or listing dirs. Reviewed-by: Scott Poore <spoore@redhat.com> (cherry picked from commit 7a3cc7a7be5eb8215709d5074d91567f7b7b60e1) --- src/tests/multihost/alltests/test_automount.py | 5 +++-- src/tests/multihost/alltests/test_automount_from_bash.py | 7 ++++++- 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/src/tests/multihost/alltests/test_automount.py b/src/tests/multihost/alltests/test_automount.py index 523e4797648..b822656b144 100644 --- a/src/tests/multihost/alltests/test_automount.py +++ b/src/tests/multihost/alltests/test_automount.py @@ -294,10 +294,9 @@ def test_two_automount_maps(self, multihost, time.sleep(2) MIT_export = multihost.client[0].run_command("ls /home/MIT") mit_export = multihost.client[0].run_command("ls /home/mit") - assert 'export1' in MIT_export.stdout_text - assert 'export2' in mit_export.stdout_text restore = 'cp -af /etc/exports.backup /etc/exports' multihost.master[0].run_command(restore) + multihost.client[0].run_command("systemctl stop autofs", raiseonerr=False) stop_nfs = 'systemctl stop nfs-server' multihost.master[0].run_command(stop_nfs) for dn_dn in [f'automountinformation={nfs_server_ip}:/export1,' @@ -312,6 +311,8 @@ def test_two_automount_maps(self, multihost, multihost.master[0].run_command(f'ldapdelete -x -D ' f'"cn=Directory Manager" ' f'-w Secret123 -H ldap:// {dn_dn}') + assert 'export1' in MIT_export.stdout_text + assert 'export2' in mit_export.stdout_text @pytest.mark.parametrize('add_nisobject', ['/export'], indirect=True) @pytest.mark.tier2 diff --git a/src/tests/multihost/alltests/test_automount_from_bash.py b/src/tests/multihost/alltests/test_automount_from_bash.py index fdab6b3b012..0bf632adb44 100644 --- a/src/tests/multihost/alltests/test_automount_from_bash.py +++ b/src/tests/multihost/alltests/test_automount_from_bash.py @@ -50,11 +50,12 @@ def common_sssd_setup(multihost): @pytest.fixture(scope='function') -def ldap_autofs(multihost): +def ldap_autofs(multihost, request): """ This is common sssd setup used in this test suite. """ tools = sssdTools(multihost.client[0]) + multihost.client[0].run_command("mount") tools.sssd_conf("nss", {'filter_groups': 'root', 'filter_users': 'root', 'debug_level': '9'}, action='update') @@ -71,6 +72,10 @@ def ldap_autofs(multihost): "ldap_autofs_entry_value": "nisMapEntry"}, action='update') tools.clear_sssd_cache() + def restore(): + """Will restore client after test.""" + multihost.client[0].run_command("systemctl restart autofs", raiseonerr=False) + request.addfinalizer(restore) @pytest.fixture(scope='class') def nfs_server_setup(multihost, request): From 2bbc8754040d15aaa52126f3a4187fdb1c1c4e50 Mon Sep 17 00:00:00 2001 From: Sumit Bose <sbose@redhat.com> Date: Tue, 24 Oct 2023 10:59:16 +0200 Subject: [PATCH 190/280] ipa: reduce log level of some HBAC log messages MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Reviewed-by: Alejandro López <allopez@redhat.com> Reviewed-by: Alexey Tikhonov <atikhono@redhat.com> (cherry picked from commit a7b19bcb47ddaaaa745a32571b444ee185e79b4c) --- src/providers/ipa/ipa_hbac_users.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/src/providers/ipa/ipa_hbac_users.c b/src/providers/ipa/ipa_hbac_users.c index 25850eac013..2f9e9865de7 100644 --- a/src/providers/ipa/ipa_hbac_users.c +++ b/src/providers/ipa/ipa_hbac_users.c @@ -91,7 +91,7 @@ get_ipa_groupname(TALLOC_CTX *mem_ctx, /* RDN has the wrong attribute name. * It's not a group. */ - DEBUG(SSSDBG_CRIT_FAILURE, + DEBUG(SSSDBG_TRACE_INTERNAL, "Expected cn in RDN, got %s\n", rdn_name); ret = ERR_UNEXPECTED_ENTRY_TYPE; goto done; @@ -332,9 +332,10 @@ hbac_user_attrs_to_rule(TALLOC_CTX *mem_ctx, num_groups++; } else { /* Not a group, so we don't care about it */ - DEBUG(SSSDBG_CRIT_FAILURE, + DEBUG(SSSDBG_TRACE_FUNC, "[%s] does not map to either a user or group. " - "Skipping\n", member_dn); + "Maybe it is an object which is currently not in the " + "cache. Skipping\n", member_dn); } } } From fa33c997c79f567980cb0a2cc916ef38903467d5 Mon Sep 17 00:00:00 2001 From: Iker Pedrosa <ipedrosa@redhat.com> Date: Tue, 24 Oct 2023 12:28:08 +0200 Subject: [PATCH 191/280] CI: build passkey for centos-9 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Also include RHEL9+ to build passkey in the spec file. Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com> Reviewed-by: Alejandro López <allopez@redhat.com> Reviewed-by: Alexey Tikhonov <atikhono@redhat.com> (cherry picked from commit 5a211ec941acde206d52092f5547fc46737f30e5) --- contrib/ci/configure.sh | 4 +++- contrib/sssd.spec.in | 2 +- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/contrib/ci/configure.sh b/contrib/ci/configure.sh index e6641d5172c..258d956a3fb 100644 --- a/contrib/ci/configure.sh +++ b/contrib/ci/configure.sh @@ -82,7 +82,9 @@ if [[ "$DISTRO_BRANCH" == -redhat-fedora-3[5-9]* || ) fi -if [[ "$DISTRO_BRANCH" == -redhat-fedora-* ]]; then +if [[ "$DISTRO_BRANCH" == -redhat-fedora-* || + "$DISTRO_BRANCH" == -redhat-centos-9*- || + "$DISTRO_BRANCH" == -redhat-centos-10*- ]]; then CONFIGURE_ARG_LIST+=( "--with-passkey" ) diff --git a/contrib/sssd.spec.in b/contrib/sssd.spec.in index 831c5dc9eff..21de6154fc0 100644 --- a/contrib/sssd.spec.in +++ b/contrib/sssd.spec.in @@ -30,7 +30,7 @@ %global build_kcm_renewals 0 %endif -%if 0%{?fedora} >= 39 +%if 0%{?fedora} >= 39 || 0%{?rhel} >= 9 %global build_passkey 1 %else %global build_passkey 0 From 9ebaee7771144e469ae383ba99f6a81edec38e9b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 23 Oct 2023 11:32:18 +0000 Subject: [PATCH 192/280] build(deps): bump DamianReeves/write-file-action Bumps [DamianReeves/write-file-action](https://github.com/damianreeves/write-file-action) from 41569a7dac64c252caacca7bceefe28b70b38db1 to 0a7fcbe1960c53fc08fe789fa4850d24885f4d84. - [Release notes](https://github.com/damianreeves/write-file-action/releases) - [Commits](https://github.com/damianreeves/write-file-action/compare/41569a7dac64c252caacca7bceefe28b70b38db1...0a7fcbe1960c53fc08fe789fa4850d24885f4d84) Reviewed-by: Justin Stephenson <jstephen@redhat.com> (cherry picked from commit 0456ecad643428b2ac28c932cb7435c8b914529a) --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 4da87e45562..9cee24c879e 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -214,7 +214,7 @@ jobs: pip3 install -r ./sssd/src/tests/multihost/requirements.txt - name: Create multihost configuration - uses: DamianReeves/write-file-action@41569a7dac64c252caacca7bceefe28b70b38db1 + uses: DamianReeves/write-file-action@0a7fcbe1960c53fc08fe789fa4850d24885f4d84 with: path: mhc.yml write-mode: overwrite From d154f72d01cc0c79bb8e4be6e8448a6b3c3c5941 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 23 Oct 2023 11:32:11 +0000 Subject: [PATCH 193/280] build(deps): bump actions/checkout from 3 to 4 Bumps [actions/checkout](https://github.com/actions/checkout) from 3 to 4. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v3...v4) Reviewed-by: Justin Stephenson <jstephen@redhat.com> (cherry picked from commit 2f5b299996ea8e4d0bdded3eb0b020ed311209f9) --- .github/workflows/analyze-target.yml | 6 +++--- .github/workflows/ci.yml | 10 +++++----- .github/workflows/copr_build.yml | 4 ++-- .github/workflows/coverity.yml | 2 +- .github/workflows/static-code-analysis.yml | 4 ++-- 5 files changed, 13 insertions(+), 13 deletions(-) diff --git a/.github/workflows/analyze-target.yml b/.github/workflows/analyze-target.yml index f2d913df8ef..15509b3d5d5 100644 --- a/.github/workflows/analyze-target.yml +++ b/.github/workflows/analyze-target.yml @@ -13,7 +13,7 @@ jobs: pull-requests: write steps: - name: Checkout repository - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: ref: ${{ github.event.pull_request.head.sha }} persist-credentials: false @@ -36,13 +36,13 @@ jobs: timeout-minutes: 1440 steps: - name: Checkout target branch - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: ref: ${{ github.base_ref }} path: target - name: Checkout pull request branch - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: ref: ${{ github.event.pull_request.head.sha }} path: pr diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 9cee24c879e..38e36f64954 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -15,7 +15,7 @@ jobs: contents: read steps: - name: Checkout repository - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Install dependencies id: dependencies @@ -63,7 +63,7 @@ jobs: matrix: ${{ steps.matrix.outputs.matrix }} steps: - name: Checkout sources - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Get matrix id: matrix @@ -80,7 +80,7 @@ jobs: contents: read steps: - name: Checkout repository - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: path: sssd @@ -145,7 +145,7 @@ jobs: contents: read steps: - name: Checkout sssd repository - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: path: sssd @@ -258,7 +258,7 @@ jobs: contents: read steps: - name: Checkout sssd repository - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: path: sssd diff --git a/.github/workflows/copr_build.yml b/.github/workflows/copr_build.yml index b4bee2a3ce0..47f6b85ecbd 100644 --- a/.github/workflows/copr_build.yml +++ b/.github/workflows/copr_build.yml @@ -41,7 +41,7 @@ jobs: contents: read steps: - name: Checkout source - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: ref: ${{ github.event.pull_request.head.ref }} repository: ${{ github.event.pull_request.head.repo.full_name }} @@ -114,7 +114,7 @@ jobs: fail-fast: false steps: - name: Checkout source - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Downlooad source rpm uses: actions/download-artifact@v3 diff --git a/.github/workflows/coverity.yml b/.github/workflows/coverity.yml index f3b26dee202..8476d13e37a 100644 --- a/.github/workflows/coverity.yml +++ b/.github/workflows/coverity.yml @@ -13,7 +13,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout repository - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Install dependencies uses: ./.github/actions/install-dependencies diff --git a/.github/workflows/static-code-analysis.yml b/.github/workflows/static-code-analysis.yml index 4937a663557..ec27ed2fe34 100644 --- a/.github/workflows/static-code-analysis.yml +++ b/.github/workflows/static-code-analysis.yml @@ -17,7 +17,7 @@ jobs: security-events: write steps: - name: Checkout repository - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Install dependencies id: dependencies @@ -57,7 +57,7 @@ jobs: contents: read steps: - name: Checkout repository - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Setup virtual environment working-directory: ./src/tests/system From 66d115cc83b4e1d370d56af42121451bad87ba0a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 23 Oct 2023 11:32:02 +0000 Subject: [PATCH 194/280] build(deps): bump vapier/coverity-scan-action from 1.2.0 to 1.7.0 Bumps [vapier/coverity-scan-action](https://github.com/vapier/coverity-scan-action) from 1.2.0 to 1.7.0. - [Release notes](https://github.com/vapier/coverity-scan-action/releases) - [Commits](https://github.com/vapier/coverity-scan-action/compare/v1.2.0...v1.7.0) Reviewed-by: Justin Stephenson <jstephen@redhat.com> (cherry picked from commit ff42d88994a13c9f130741a13ee7fe4dac63a5df) --- .github/workflows/coverity.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/coverity.yml b/.github/workflows/coverity.yml index 8476d13e37a..fb803c668c0 100644 --- a/.github/workflows/coverity.yml +++ b/.github/workflows/coverity.yml @@ -22,7 +22,7 @@ jobs: uses: ./.github/actions/configure - name: Execute and submit coverity scan - uses: vapier/coverity-scan-action@v1.2.0 + uses: vapier/coverity-scan-action@v1.7.0 with: email: "sssd-maint@redhat.com" token: ${{ secrets.COVERITY_SCAN_TOKEN }} From 155584ee2320901b6af4b9a6b563beb377af66dc Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 23 Oct 2023 11:31:54 +0000 Subject: [PATCH 195/280] build(deps): bump linuxdeepin/action-cppcheck Bumps [linuxdeepin/action-cppcheck](https://github.com/linuxdeepin/action-cppcheck) from 9ef62c4ec8cd5660952cd02c58b83fa57c16a42b to e63fb1d3f321e0467737aa9de7f691360fb1b8fb. - [Release notes](https://github.com/linuxdeepin/action-cppcheck/releases) - [Commits](https://github.com/linuxdeepin/action-cppcheck/compare/9ef62c4ec8cd5660952cd02c58b83fa57c16a42b...e63fb1d3f321e0467737aa9de7f691360fb1b8fb) Reviewed-by: Justin Stephenson <jstephen@redhat.com> (cherry picked from commit cbb107314100bf2be9f55aa2b967a60d149440ca) --- .github/workflows/analyze-target.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/analyze-target.yml b/.github/workflows/analyze-target.yml index 15509b3d5d5..e452ea67c04 100644 --- a/.github/workflows/analyze-target.yml +++ b/.github/workflows/analyze-target.yml @@ -20,7 +20,7 @@ jobs: - name: Perform cppcheck analysis # v0.0.11 is the latest release but we need a later commit - uses: linuxdeepin/action-cppcheck@9ef62c4ec8cd5660952cd02c58b83fa57c16a42b + uses: linuxdeepin/action-cppcheck@e63fb1d3f321e0467737aa9de7f691360fb1b8fb with: github_token: ${{ secrets.GITHUB_TOKEN }} repository: ${{ github.repository }} From 380eafa5b2eac6830b0ed0ec1c5113ef998b9f80 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com> Date: Thu, 26 Oct 2023 13:39:57 +0200 Subject: [PATCH 196/280] intg: return status code for calls requiring it in fake nss module To avoid gcc warning that a function is not returning value. ``` /shared/workspace/sssd/src/tests/intg/nss_call.c: In function '_nss_call_setpwent': /shared/workspace/sssd/src/tests/intg/nss_call.c:63:1: error: control reaches end of non-void function [-Werror=return-type] 63 | } | ^ /shared/workspace/sssd/src/tests/intg/nss_call.c: In function '_nss_call_endpwent': /shared/workspace/sssd/src/tests/intg/nss_call.c:77:1: error: control reaches end of non-void function [-Werror=return-type] 77 | } | ^ /shared/workspace/sssd/src/tests/intg/nss_call.c: In function '_nss_call_setgrent': /shared/workspace/sssd/src/tests/intg/nss_call.c:98:1: error: control reaches end of non-void function [-Werror=return-type] 98 | } | ^ /shared/workspace/sssd/src/tests/intg/nss_call.c: In function '_nss_call_endgrent': /shared/workspace/sssd/src/tests/intg/nss_call.c:111:1: error: control reaches end of non-void function [-Werror=return-type] 111 | } | ^ ``` Reviewed-by: Sumit Bose <sbose@redhat.com> (cherry picked from commit 4f5b1a25a0bd108cbba77a63dfe50f64f2249764) --- src/tests/intg/nss_call.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/tests/intg/nss_call.c b/src/tests/intg/nss_call.c index ef25e6faf31..a8c7d30f5c7 100644 --- a/src/tests/intg/nss_call.c +++ b/src/tests/intg/nss_call.c @@ -60,6 +60,7 @@ enum nss_status _nss_call_getpwuid_r(uid_t uid, struct passwd *result, enum nss_status _nss_call_setpwent(void) { setpwent(); + return NSS_STATUS_SUCCESS; } enum nss_status _nss_call_getpwent_r(struct passwd *result, @@ -74,6 +75,7 @@ enum nss_status _nss_call_getpwent_r(struct passwd *result, enum nss_status _nss_call_endpwent(void) { endpwent(); + return NSS_STATUS_SUCCESS; } enum nss_status _nss_call_getgrnam_r(const char *name, struct group *result, @@ -95,6 +97,7 @@ enum nss_status _nss_call_getgrgid_r(gid_t gid, struct group *result, enum nss_status _nss_call_setgrent(void) { setgrent(); + return NSS_STATUS_SUCCESS; } enum nss_status _nss_call_getgrent_r(struct group *result, @@ -108,6 +111,7 @@ enum nss_status _nss_call_getgrent_r(struct group *result, enum nss_status _nss_call_endgrent(void) { endgrent(); + return NSS_STATUS_SUCCESS; } enum nss_status _nss_call_initgroups_dyn(const char *user, gid_t group, From e217fa8262696d441de2eca9475a8eda87dfc16f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com> Date: Wed, 25 Oct 2023 16:12:58 +0200 Subject: [PATCH 197/280] ci: get frozen Fedora releases in the matrix A Fedora release may be in a frozen state (beta freeze, final freeze), in such case, it is not temporarily visible under "pending" but under "frozen". Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com> (cherry picked from commit 17cf4bbb7e7969d6cba4e1a61ef2bb7b6a879c50) --- contrib/ci/get-matrix.py | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/contrib/ci/get-matrix.py b/contrib/ci/get-matrix.py index 9c24d22a080..7ff5f1d8a8b 100755 --- a/contrib/ci/get-matrix.py +++ b/contrib/ci/get-matrix.py @@ -27,10 +27,12 @@ def get_fedora_releases(type, exclude=[]): def get_fedora_matrix(): fedora_stable = get_fedora_releases('current') fedora_devel = get_fedora_releases('pending', exclude=['eln']) + fedora_frozen = get_fedora_releases('frozen', exclude=['eln']) matrix = [] matrix.extend(['fedora-{0}'.format(x) for x in fedora_stable]) matrix.extend(['fedora-{0}'.format(x) for x in fedora_devel]) + matrix.extend(['fedora-{0}'.format(x) for x in fedora_frozen]) return matrix @@ -48,9 +50,9 @@ def get_other_matrix(): parser.add_argument('--action', action='store_true', help='It is run in GitHub actions mode') args = parser.parse_args() - fedora = get_fedora_matrix() - centos = get_centos_matrix() - other = get_other_matrix() + fedora = sorted(get_fedora_matrix()) + centos = sorted(get_centos_matrix()) + other = sorted(get_other_matrix()) matrix = { 'intgcheck': [*fedora, *centos, *other], From ef5370e96bff79025cb9a0f9e62c4d3684f55512 Mon Sep 17 00:00:00 2001 From: Alexey Tikhonov <atikhono@redhat.com> Date: Mon, 23 Oct 2023 16:11:17 +0200 Subject: [PATCH 198/280] SSS_CLIENT: replace `__thread` with `pthread_*specific()` in sss_client code to properly handle OOM condition (with `__thread` glibc terminates process in this case). Solution relies on the fact that `sss_cli_check_socket()` is always executed first, before touching socket. Nonetheless, there are sanity guards in setters/getters just in case. It's possible to move context initialization code into a separate function and call it in every getter/setter, but probably not worth it. Reviewed-by: Sumit Bose <sbose@redhat.com> Reviewed-by: Carlos O'Donell <codonell@redhat.com> (cherry picked from commit b0212b04f109875936612a52a7b30a80e5a85ee5) --- src/sss_client/common.c | 202 ++++++++++++++++++++++++++++++++-------- 1 file changed, 164 insertions(+), 38 deletions(-) diff --git a/src/sss_client/common.c b/src/sss_client/common.c index c80c8e74b77..1075af94196 100644 --- a/src/sss_client/common.c +++ b/src/sss_client/common.c @@ -62,22 +62,31 @@ /* common functions */ +static int sss_cli_sd_get(void); +static void sss_cli_sd_set(int sd); +static const struct stat *sss_cli_sb_get(void); +static int sss_cli_sb_set_by_sd(int sd); + #ifdef HAVE_PTHREAD_EXT static pthread_key_t sss_sd_key; static pthread_once_t sss_sd_key_init = PTHREAD_ONCE_INIT; static atomic_bool sss_sd_key_initialized = false; -static __thread int sss_cli_sd = -1; /* the sss client socket descriptor */ -static __thread struct stat sss_cli_sb; /* the sss client stat buffer */ +struct sss_socket_descriptor_t { + int sd; + struct stat sb; +}; #else -static int sss_cli_sd = -1; /* the sss client socket descriptor */ -static struct stat sss_cli_sb; /* the sss client stat buffer */ +static int _sss_cli_sd = -1; /* the sss client socket descriptor */ +static struct stat _sss_cli_sb; /* the sss client stat buffer */ #endif void sss_cli_close_socket(void) { - if (sss_cli_sd != -1) { - close(sss_cli_sd); - sss_cli_sd = -1; + int sd = sss_cli_sd_get(); + + if (sd != -1) { + close(sd); + sss_cli_sd_set(-1); } } @@ -85,25 +94,30 @@ void sss_cli_close_socket(void) static void sss_at_thread_exit(void *v) { sss_cli_close_socket(); + free(v); + pthread_setspecific(sss_sd_key, NULL); } static void init_sd_key(void) { - pthread_key_create(&sss_sd_key, sss_at_thread_exit); - sss_sd_key_initialized = true; + if (pthread_key_create(&sss_sd_key, sss_at_thread_exit) == 0) { + sss_sd_key_initialized = true; + } } #endif #if HAVE_FUNCTION_ATTRIBUTE_DESTRUCTOR __attribute__((destructor)) void sss_at_lib_unload(void) { + sss_cli_close_socket(); #ifdef HAVE_PTHREAD_EXT if (sss_sd_key_initialized) { sss_sd_key_initialized = false; + free(pthread_getspecific(sss_sd_key)); + pthread_setspecific(sss_sd_key, NULL); pthread_key_delete(sss_sd_key); } #endif - sss_cli_close_socket(); } #endif @@ -137,7 +151,7 @@ static enum sss_status sss_cli_send_req(enum sss_cli_command cmd, int res, error; *errnop = 0; - pfd.fd = sss_cli_sd; + pfd.fd = sss_cli_sd_get(); pfd.events = POLLOUT; do { @@ -163,7 +177,7 @@ static enum sss_status sss_cli_send_req(enum sss_cli_command cmd, *errnop = EPIPE; } else if (pfd.revents & POLLNVAL) { /* Invalid request: fd is not opened */ - sss_cli_sd = -1; + sss_cli_sd_set(-1); *errnop = EPIPE; } else if (!(pfd.revents & POLLOUT)) { *errnop = EBUSY; @@ -180,13 +194,13 @@ static enum sss_status sss_cli_send_req(enum sss_cli_command cmd, errno = 0; if (datasent < SSS_NSS_HEADER_SIZE) { - res = send(sss_cli_sd, + res = send(sss_cli_sd_get(), (char *)header + datasent, SSS_NSS_HEADER_SIZE - datasent, SSS_DEFAULT_WRITE_FLAGS); } else { rdsent = datasent - SSS_NSS_HEADER_SIZE; - res = send(sss_cli_sd, + res = send(sss_cli_sd_get(), (const char *)rd->data + rdsent, rd->len - rdsent, SSS_DEFAULT_WRITE_FLAGS); @@ -249,7 +263,7 @@ static enum sss_status sss_cli_recv_rep(enum sss_cli_command cmd, int bufrecv; int res, error; - pfd.fd = sss_cli_sd; + pfd.fd = sss_cli_sd_get(); pfd.events = POLLIN; do { @@ -278,7 +292,7 @@ static enum sss_status sss_cli_recv_rep(enum sss_cli_command cmd, *errnop = EPIPE; } else if (pfd.revents & POLLNVAL) { /* Invalid request: fd is not opened */ - sss_cli_sd = -1; + sss_cli_sd_set(-1); *errnop = EPIPE; } else if (!(pfd.revents & POLLIN)) { *errnop = EBUSY; @@ -296,12 +310,12 @@ static enum sss_status sss_cli_recv_rep(enum sss_cli_command cmd, errno = 0; if (datarecv < SSS_NSS_HEADER_SIZE) { - res = read(sss_cli_sd, + res = read(sss_cli_sd_get(), (char *)header + datarecv, SSS_NSS_HEADER_SIZE - datarecv); } else { bufrecv = datarecv - SSS_NSS_HEADER_SIZE; - res = read(sss_cli_sd, + res = read(sss_cli_sd_get(), (char *) buf + bufrecv, header[0] - datarecv); } @@ -591,16 +605,6 @@ static int sss_cli_open_socket(int *errnop, const char *socket_name, int timeout return -1; } -#ifdef HAVE_PTHREAD_EXT - pthread_once(&sss_sd_key_init, init_sd_key); /* once for all threads */ - - /* It actually doesn't matter what value to set for a key. - * The only important thing: key must be non-NULL to ensure - * destructor is executed at thread exit. - */ - pthread_setspecific(sss_sd_key, &sss_cli_sd); -#endif - /* set as non-blocking, close on exec, and make sure standard * descriptors are not used */ sd = make_safe_fd(sd); @@ -670,7 +674,7 @@ static int sss_cli_open_socket(int *errnop, const char *socket_name, int timeout return -1; } - ret = fstat(sd, &sss_cli_sb); + ret = sss_cli_sb_set_by_sd(sd); if (ret != 0) { close(sd); return -1; @@ -686,33 +690,69 @@ static enum sss_status sss_cli_check_socket(int *errnop, static pid_t mypid_s; static ino_t myself_ino; struct stat mypid_sb, myself_sb; + const struct stat *sss_cli_sb = NULL; pid_t mypid_d; int mysd; int ret; +#ifdef HAVE_PTHREAD_EXT + struct sss_socket_descriptor_t *descriptor = NULL; + + ret = pthread_once(&sss_sd_key_init, init_sd_key); /* once for all threads */ + if (ret != 0) { + *errnop = EFAULT; + return SSS_STATUS_UNAVAIL; + } + if (!sss_sd_key_initialized) { + /* pthread_once::init_sd_key::pthread_key_create failed -- game over? */ + *errnop = EFAULT; + return SSS_STATUS_UNAVAIL; + } + + if (pthread_getspecific(sss_sd_key) == NULL) { /* for every thread */ + descriptor = (struct sss_socket_descriptor_t *) + calloc(1, sizeof(struct sss_socket_descriptor_t)); + if (descriptor == NULL) { + *errnop = ENOMEM; + return SSS_STATUS_UNAVAIL; + } + descriptor->sd = -1; + ret = pthread_setspecific(sss_sd_key, descriptor); + if (ret != 0) { + free(descriptor); + *errnop = ENOMEM; + return SSS_STATUS_UNAVAIL; + } + } +#endif + sss_cli_sb = sss_cli_sb_get(); + if (sss_cli_sb == NULL) { + *errnop = EFAULT; + return SSS_STATUS_UNAVAIL; + } ret = lstat("/proc/self/", &myself_sb); mypid_d = getpid(); if (mypid_d != mypid_s || (ret == 0 && myself_sb.st_ino != myself_ino)) { - ret = fstat(sss_cli_sd, &mypid_sb); + ret = fstat(sss_cli_sd_get(), &mypid_sb); if (ret == 0) { if (S_ISSOCK(mypid_sb.st_mode) && - mypid_sb.st_dev == sss_cli_sb.st_dev && - mypid_sb.st_ino == sss_cli_sb.st_ino) { + mypid_sb.st_dev == sss_cli_sb->st_dev && + mypid_sb.st_ino == sss_cli_sb->st_ino) { sss_cli_close_socket(); } } - sss_cli_sd = -1; + sss_cli_sd_set(-1); mypid_s = mypid_d; myself_ino = myself_sb.st_ino; } /* check if the socket has been closed on the other side */ - if (sss_cli_sd != -1) { + if (sss_cli_sd_get() != -1) { struct pollfd pfd; int res, error; *errnop = 0; - pfd.fd = sss_cli_sd; + pfd.fd = sss_cli_sd_get(); pfd.events = POLLIN | POLLOUT; do { @@ -738,7 +778,7 @@ static enum sss_status sss_cli_check_socket(int *errnop, *errnop = EPIPE; } else if (pfd.revents & POLLNVAL) { /* Invalid request: fd is not opened */ - sss_cli_sd = -1; + sss_cli_sd_set(-1); *errnop = EPIPE; } else if (!(pfd.revents & (POLLIN | POLLOUT))) { *errnop = EBUSY; @@ -760,7 +800,7 @@ static enum sss_status sss_cli_check_socket(int *errnop, return SSS_STATUS_UNAVAIL; } - sss_cli_sd = mysd; + sss_cli_sd_set(mysd); if (sss_cli_check_version(socket_name, timeout)) { return SSS_STATUS_SUCCESS; @@ -1015,7 +1055,7 @@ int sss_pam_make_request(enum sss_cli_command cmd, goto out; } - error = check_server_cred(sss_cli_sd); + error = check_server_cred(sss_cli_sd_get()); if (error != 0) { sss_cli_close_socket(); *errnop = error; @@ -1307,3 +1347,89 @@ errno_t sss_readrep_copy_string(const char *in, return EOK; } + +#ifdef HAVE_PTHREAD_EXT + +static int sss_cli_sd_get(void) +{ + if (!sss_sd_key_initialized) { + return -1; + } + + struct sss_socket_descriptor_t *descriptor = pthread_getspecific(sss_sd_key); + + if (descriptor == NULL) { /* sanity check */ + return -1; + } + + return descriptor->sd; +} + +static void sss_cli_sd_set(int sd) +{ + if (!sss_sd_key_initialized) { + return; + } + + struct sss_socket_descriptor_t *descriptor = pthread_getspecific(sss_sd_key); + + if (descriptor == NULL) { /* sanity check */ + return; + } + + descriptor->sd = sd; +} + +static const struct stat *sss_cli_sb_get(void) +{ + if (!sss_sd_key_initialized) { + return NULL; + } + + struct sss_socket_descriptor_t *descriptor = pthread_getspecific(sss_sd_key); + + if (descriptor == NULL) { /* sanity check */ + return NULL; + } + + return &descriptor->sb; +} + +static int sss_cli_sb_set_by_sd(int sd) +{ + if (!sss_sd_key_initialized) { + return -1; + } + + struct sss_socket_descriptor_t *descriptor = pthread_getspecific(sss_sd_key); + + if (descriptor == NULL) { /* sanity check */ + return -1; + } + + return fstat(sd, &descriptor->sb); +} + +#else + +static int sss_cli_sd_get(void) +{ + return _sss_cli_sd; +} + +static void sss_cli_sd_set(int sd) +{ + _sss_cli_sd = sd; +} + +static const struct stat *sss_cli_sb_get(void) +{ + return &_sss_cli_sb; +} + +static int sss_cli_sb_set_by_sd(int sd) +{ + return fstat(sd, &_sss_cli_sb); +} + +#endif From 5a546c84e666cdb35b358ac377035c063f7a18e8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com> Date: Thu, 10 Aug 2023 13:16:51 +0200 Subject: [PATCH 199/280] ipa: do not go offline if group does not have SID MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This happens during applying overrides on cached group during initgroups of trusted user. If the group does not have SID (it's GID is outside the sidgen range), SSSD goes offline. Only SSSD running in server_mode is affected. This patch ignores error in single group and rather continues processing the remaining groups. Resolves: https://github.com/SSSD/sssd/issues/6942 Reviewed-by: Sumit Bose <sbose@redhat.com> Reviewed-by: Tomáš Halman <thalman@redhat.com> (cherry picked from commit 26047f07c0f7aa61a44543de8674ec7d0904812e) --- src/providers/ipa/ipa_id.c | 97 +++++++++---------- src/tests/system/tests/test_trust_identity.py | 61 ++++++++++++ 2 files changed, 109 insertions(+), 49 deletions(-) create mode 100644 src/tests/system/tests/test_trust_identity.py diff --git a/src/providers/ipa/ipa_id.c b/src/providers/ipa/ipa_id.c index 636e079651f..fcac56ce283 100644 --- a/src/providers/ipa/ipa_id.c +++ b/src/providers/ipa/ipa_id.c @@ -291,66 +291,65 @@ static int ipa_initgr_get_overrides_step(struct tevent_req *req) int ret; struct tevent_req *subreq; const char *ipa_uuid; + const char *dn; struct ipa_initgr_get_overrides_state *state = tevent_req_data(req, struct ipa_initgr_get_overrides_state); - DEBUG(SSSDBG_TRACE_LIBS, - "Processing group %zu/%zu\n", state->group_idx, state->group_count); + for (; state->group_idx < state->group_count; state->group_idx++) { + dn = ldb_dn_get_linearized(state->groups[state->group_idx]->dn); - if (state->group_idx >= state->group_count) { - return EOK; - } + DEBUG(SSSDBG_TRACE_LIBS, "Processing group %s (%zu/%zu)\n", + dn, state->group_idx, state->group_count); - ipa_uuid = ldb_msg_find_attr_as_string(state->groups[state->group_idx], - state->groups_id_attr, NULL); - if (ipa_uuid == NULL) { - /* This should never happen, the search filter used to get the list - * of groups includes "uuid=*" - */ - DEBUG(SSSDBG_OP_FAILURE, - "The group %s has no UUID attribute %s, error!\n", - ldb_dn_get_linearized(state->groups[state->group_idx]->dn), - state->groups_id_attr); - return EINVAL; - } + ipa_uuid = ldb_msg_find_attr_as_string(state->groups[state->group_idx], + state->groups_id_attr, NULL); + if (ipa_uuid == NULL) { + DEBUG(SSSDBG_OP_FAILURE, + "The group %s has no UUID attribute %s, error!\n", + dn, state->groups_id_attr); + continue; + } - talloc_free(state->ar); /* Avoid spiking memory with many groups */ + talloc_free(state->ar); /* Avoid spiking memory with many groups */ - if (strcmp(state->groups_id_attr, SYSDB_UUID) == 0) { - ret = get_dp_id_data_for_uuid(state, ipa_uuid, - state->user_dom->name, &state->ar); - if (ret != EOK) { - DEBUG(SSSDBG_OP_FAILURE, "get_dp_id_data_for_sid failed.\n"); - return ret; - } - } else if (strcmp(state->groups_id_attr, SYSDB_SID_STR) == 0) { - ret = get_dp_id_data_for_sid(state, ipa_uuid, - state->user_dom->name, &state->ar); - if (ret != EOK) { - DEBUG(SSSDBG_OP_FAILURE, "get_dp_id_data_for_sid failed.\n"); - return ret; + if (strcmp(state->groups_id_attr, SYSDB_UUID) == 0) { + ret = get_dp_id_data_for_uuid(state, ipa_uuid, + state->user_dom->name, &state->ar); + if (ret != EOK) { + DEBUG(SSSDBG_OP_FAILURE, "get_dp_id_data_for_sid failed.\n"); + return ret; + } + } else if (strcmp(state->groups_id_attr, SYSDB_SID_STR) == 0) { + ret = get_dp_id_data_for_sid(state, ipa_uuid, + state->user_dom->name, &state->ar); + if (ret != EOK) { + DEBUG(SSSDBG_OP_FAILURE, "get_dp_id_data_for_sid failed.\n"); + return ret; + } + } else { + DEBUG(SSSDBG_CRIT_FAILURE, "Unsupported groups ID type [%s].\n", + state->groups_id_attr); + return EINVAL; } - } else { - DEBUG(SSSDBG_CRIT_FAILURE, "Unsupported groups ID type [%s].\n", - state->groups_id_attr); - return EINVAL; - } - DEBUG(SSSDBG_TRACE_LIBS, "Fetching group %s\n", ipa_uuid); + DEBUG(SSSDBG_TRACE_LIBS, "Fetching group %s: %s\n", dn, ipa_uuid); - subreq = ipa_get_ad_override_send(state, state->ev, - state->ipa_ctx->sdap_id_ctx, - state->ipa_ctx->ipa_options, - state->realm, - state->ipa_ctx->view_name, - state->ar); - if (subreq == NULL) { - DEBUG(SSSDBG_OP_FAILURE, "ipa_get_ad_override_send failed.\n"); - return ENOMEM; + subreq = ipa_get_ad_override_send(state, state->ev, + state->ipa_ctx->sdap_id_ctx, + state->ipa_ctx->ipa_options, + state->realm, + state->ipa_ctx->view_name, + state->ar); + if (subreq == NULL) { + DEBUG(SSSDBG_OP_FAILURE, "ipa_get_ad_override_send failed.\n"); + return ENOMEM; + } + tevent_req_set_callback(subreq, + ipa_initgr_get_overrides_override_done, req); + return EAGAIN; } - tevent_req_set_callback(subreq, - ipa_initgr_get_overrides_override_done, req); - return EAGAIN; + + return EOK; } static void ipa_initgr_get_overrides_override_done(struct tevent_req *subreq) diff --git a/src/tests/system/tests/test_trust_identity.py b/src/tests/system/tests/test_trust_identity.py new file mode 100644 index 00000000000..9076b87249d --- /dev/null +++ b/src/tests/system/tests/test_trust_identity.py @@ -0,0 +1,61 @@ +""" +Identity of trusted users and groups. + +:requirement: IDM-SSSD-REQ: Testing SSSD in IPA Provider +""" + +from __future__ import annotations + +import pytest +from sssd_test_framework.roles.generic import GenericADProvider +from sssd_test_framework.roles.ipa import IPA +from sssd_test_framework.topology import KnownTopologyGroup + + +@pytest.mark.importance("low") +@pytest.mark.ticket(jira="RHEL-3925", gh=6942) +@pytest.mark.topology(KnownTopologyGroup.IPATrust) +def test_trust_identity__group_without_sid(ipa: IPA, trusted: GenericADProvider): + """ + :title: Subdomain goes offline if IPA group is missing SID + :setup: + 1. Create IPA external group "external-group" and add AD user "Administrator" as a member + 2. Create IPA posix group "posix-group" and add "external-group" as a member + 3. Clear SSSD cache and logs on IPA server + 4. Restart SSSD on IPA server + :steps: + 1. Resolve user "Administrator@addomain" + 2. Expire user "Administrator@addomain" + 3. Resolve user "Administrator@addomain" + 4. Run "sssctl domain-status addomain" + :expectedresults: + 1. User is resolved and member of posix-group + 2. User is expired in SSSD cache + 3. User is resolved and member of posix-group + 4. The Active Directory domain is still online + :customerscenario: True + """ + username = trusted.fqn("administrator") + external = ipa.group("external-group").add(external=True).add_member(username) + ipa.group("posix-group").add(gid=5001).add_member(external) + + ipa.sssd.clear(db=True, memcache=True, logs=True) + ipa.sssd.restart() + + # Cache trusted user + result = ipa.tools.id(username) + assert result is not None + assert result.user.name == username + assert result.memberof("posix-group") + + # Expire the user and resolve it again, this will trigger the affected code path + ipa.sssctl.cache_expire(user=username) + result = ipa.tools.id(username) + assert result is not None + assert result.user.name == username + assert result.memberof("posix-group") + + # Check that SSSD did not go offline + status = ipa.sssctl.domain_status(trusted.domain, online=True) + assert "online status: offline" not in status.stdout.lower() + assert "online status: online" in status.stdout.lower() From 3da54579e7deb9a1f59d9495cee330e1ecd20fbf Mon Sep 17 00:00:00 2001 From: Sumit Bose <sbose@redhat.com> Date: Thu, 2 Nov 2023 14:07:26 +0100 Subject: [PATCH 200/280] PAM: fix Smartcard offline authentication Even if a Smartcard was inserted and proper certificates were found offline authentication with the Smartcard was not possible because the certificate information was accidentally removed from the reply send to the PAM module. Resolves: https://github.com/SSSD/sssd/issues/7009 Reviewed-by: Alexey Tikhonov <atikhono@redhat.com> Reviewed-by: Scott Poore <spoore@redhat.com> (cherry picked from commit 962e9d0529c5ffd4e9b3c342b038daa5dbaa75e9) --- src/responder/pam/pamsrv_cmd.c | 64 +++++++++++++++++++++------------- 1 file changed, 40 insertions(+), 24 deletions(-) diff --git a/src/responder/pam/pamsrv_cmd.c b/src/responder/pam/pamsrv_cmd.c index 80ba76b32cb..1b625e08a6a 100644 --- a/src/responder/pam/pamsrv_cmd.c +++ b/src/responder/pam/pamsrv_cmd.c @@ -849,10 +849,10 @@ static void do_not_send_cert_info(struct pam_data *pd) } } -errno_t pam_get_auth_types(struct pam_data *pd, - struct pam_resp_auth_type *_auth_types) +static void evaluate_pam_resp_list(struct pam_data *pd, + struct pam_resp_auth_type *_auth_types, + bool *_found_cert_info) { - int ret; struct response_data *resp; struct pam_resp_auth_type types = {0}; bool found_cert_info = false; @@ -883,15 +883,39 @@ errno_t pam_get_auth_types(struct pam_data *pd, resp = resp->next; } - if (!types.password_auth && !types.otp_auth && !types.cert_auth && !types.passkey_auth) { - /* If the backend cannot determine which authentication types are - * available the default would be to prompt for a password. */ - types.password_auth = true; + if (_auth_types != NULL) { + *_auth_types = types; } + if (_found_cert_info != NULL) { + *_found_cert_info = found_cert_info; + } +} + +static void evalute_sending_cert_info(struct pam_data *pd) +{ + struct pam_resp_auth_type types = {0}; + bool found_cert_info = false; + + evaluate_pam_resp_list(pd, &types, &found_cert_info); if (found_cert_info && !types.cert_auth) { do_not_send_cert_info(pd); } +} + +errno_t pam_get_auth_types(struct pam_data *pd, + struct pam_resp_auth_type *_auth_types) +{ + int ret; + struct pam_resp_auth_type types = {0}; + + evaluate_pam_resp_list(pd, &types, NULL); + + if (!types.password_auth && !types.otp_auth && !types.cert_auth && !types.passkey_auth) { + /* If the backend cannot determine which authentication types are + * available the default would be to prompt for a password. */ + types.password_auth = true; + } DEBUG(SSSDBG_TRACE_ALL, "Authentication types for user [%s] and service " "[%s]:%s%s%s%s\n", pd->user, pd->service, @@ -1007,24 +1031,16 @@ static errno_t pam_eval_local_auth_policy(TALLOC_CTX *mem_ctx, "skipping.\n", opts[c]); } } + } - /* if passkey is enabled but local Smartcard authentication is not but - * possible, the cert info data has to be remove as well if only local - * Smartcard authentication is possible. If Smartcard authentication - * is possible on the server side we have to keep it because the - * 'enable' option should only add local methods but not reject remote - * ones. */ - if (!sc_allow) { - /* We do not need the auth_types here but the call will remove - * the cert info data if the server does not support Smartcard - * authentication. */ - ret = pam_get_auth_types(pd, &auth_types); - if (ret != EOK) { - DEBUG(SSSDBG_OP_FAILURE, - "Failed to get authentication types\n"); - goto done; - } - } + /* if passkey is enabled but local Smartcard authentication is not but + * possible, the cert info data has to be remove as well if only local + * Smartcard authentication is possible. If Smartcard authentication + * is possible on the server side we have to keep it because the + * 'enable' option should only add local methods but not reject remote + * ones. */ + if (!sc_allow) { + evalute_sending_cert_info(pd); } *_sc_allow = sc_allow; From 2eae8ab44ab8f1f2d966aab6505d85d2f34d76cb Mon Sep 17 00:00:00 2001 From: Weblate <noreply@weblate.org> Date: Mon, 18 Sep 2023 05:54:02 +0200 Subject: [PATCH 201/280] po: update translations (Russian) currently translated at 100.0% (717 of 717 strings) Translation: SSSD/SSSD-2-9 Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-2-9/ru/ po: update translations (Polish) currently translated at 100.0% (717 of 717 strings) Translation: SSSD/SSSD-2-9 Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-2-9/pl/ po: update translations (Korean) currently translated at 100.0% (717 of 717 strings) Translation: SSSD/SSSD-2-9 Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-2-9/ko/ po: update translations (Georgian) currently translated at 13.2% (95 of 717 strings) Translation: SSSD/SSSD-2-9 Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-2-9/ka/ Update translation files Updated by "Update PO files to match POT (msgmerge)" hook in Weblate. Translation: SSSD/SSSD-2-9 Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-2-9/ po: update translations (Polish) currently translated at 100.0% (714 of 714 strings) Translation: SSSD/SSSD-2-9 Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-2-9/pl/ po: update translations (Georgian) currently translated at 13.0% (93 of 714 strings) Translation: SSSD/SSSD-2-9 Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-2-9/ka/ po: update translations (Finnish) currently translated at 10.2% (73 of 714 strings) Translation: SSSD/SSSD-2-9 Translate-URL: https://translate.fedoraproject.org/projects/sssd/sssd-2-9/fi/ --- po/fi.po | 5 ++-- po/ka.po | 80 ++++++++++++++++++++++++++++---------------------------- po/ko.po | 13 ++++----- po/pl.po | 43 +++++++++++++++--------------- po/ru.po | 14 ++++++---- 5 files changed, 80 insertions(+), 75 deletions(-) diff --git a/po/fi.po b/po/fi.po index 915d95dffcd..e04058f4f29 100644 --- a/po/fi.po +++ b/po/fi.po @@ -168,9 +168,8 @@ msgstr "" "prosesseissa." #: src/config/SSSDConfig/sssdoptions.py:58 -#, fuzzy msgid "Tune passkey verification behavior" -msgstr "Viritä varmenteen vahvistus" +msgstr "Säädä salasanan vahvistuskäyttäytymistä" #: src/config/SSSDConfig/sssdoptions.py:61 msgid "Enumeration cache timeout length (seconds)" @@ -2081,7 +2080,7 @@ msgstr "" #: src/sss_client/pam_sss.c:835 src/sss_client/pam_sss.c:848 msgid "Password change failed. " -msgstr "" +msgstr "Salasanan vaihtaminen epäonnistui. " #: src/sss_client/pam_sss.c:1819 #, c-format diff --git a/po/ka.po b/po/ka.po index 29fc2ae1645..b7668c28db8 100644 --- a/po/ka.po +++ b/po/ka.po @@ -7,7 +7,7 @@ msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" "POT-Creation-Date: 2023-09-07 11:48+0200\n" -"PO-Revision-Date: 2023-06-04 04:20+0000\n" +"PO-Revision-Date: 2023-09-18 03:54+0000\n" "Last-Translator: Temuri Doghonadze <temuri.doghonadze@gmail.com>\n" "Language-Team: Georgian <https://translate.fedoraproject.org/projects/sssd/" "sssd-2-9/ka/>\n" @@ -16,20 +16,20 @@ msgstr "" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=2; plural=n != 1;\n" -"X-Generator: Weblate 4.17\n" +"X-Generator: Weblate 5.0.2\n" #: src/config/SSSDConfig/sssdoptions.py:20 #: src/config/SSSDConfig/sssdoptions.py:21 msgid "Set the verbosity of the debug logging" -msgstr "" +msgstr "გამართვის ჟურნალის შეტყობინებების სიდიდე" #: src/config/SSSDConfig/sssdoptions.py:22 msgid "Include timestamps in debug logs" -msgstr "" +msgstr "გამართვის ჟურნალში დროის შტამპების მიყოლება" #: src/config/SSSDConfig/sssdoptions.py:23 msgid "Include microseconds in timestamps in debug logs" -msgstr "" +msgstr "გამართვის ჟურნალში დროის შტამპებისთვის მიკროწამების მიყოლება" #: src/config/SSSDConfig/sssdoptions.py:24 msgid "Enable/disable debug backtrace" @@ -41,7 +41,7 @@ msgstr "" #: src/config/SSSDConfig/sssdoptions.py:26 msgid "Command to start service" -msgstr "" +msgstr "სერვისის გასაშვები ბრძანება" #: src/config/SSSDConfig/sssdoptions.py:27 msgid "Number of times to attempt connection to Data Providers" @@ -79,11 +79,11 @@ msgstr "" #: src/config/SSSDConfig/sssdoptions.py:39 msgid "SSSD Services to start" -msgstr "" +msgstr "SSSD -ის გასაშვები სერვისები" #: src/config/SSSDConfig/sssdoptions.py:40 msgid "SSSD Domains to start" -msgstr "" +msgstr "SSSD -ის გასაშვები დომენები" #: src/config/SSSDConfig/sssdoptions.py:41 msgid "Regex to parse username and domain" @@ -457,43 +457,43 @@ msgstr "" #: src/config/SSSDConfig/sssdoptions.py:161 msgid "Identity provider" -msgstr "" +msgstr "იდენტიფიკაციის მომწოდებელი" #: src/config/SSSDConfig/sssdoptions.py:162 msgid "Authentication provider" -msgstr "" +msgstr "ავთენტიკაციის მომწოდებელი" #: src/config/SSSDConfig/sssdoptions.py:163 msgid "Access control provider" -msgstr "" +msgstr "წვდომის კონტროლის მომწოდებელი" #: src/config/SSSDConfig/sssdoptions.py:164 msgid "Password change provider" -msgstr "" +msgstr "პაროლის შეცვლის მომწოდებელი" #: src/config/SSSDConfig/sssdoptions.py:165 msgid "SUDO provider" -msgstr "" +msgstr "SUDO -ის მომწოდებელი" #: src/config/SSSDConfig/sssdoptions.py:166 msgid "Autofs provider" -msgstr "" +msgstr "Autofs -ის მომწოდებელი" #: src/config/SSSDConfig/sssdoptions.py:167 msgid "Host identity provider" -msgstr "" +msgstr "ჰოსტის იდენტიფიკაციის მომწოდებელი" #: src/config/SSSDConfig/sssdoptions.py:168 msgid "SELinux provider" -msgstr "" +msgstr "SELinux -ის მომწოდებელი" #: src/config/SSSDConfig/sssdoptions.py:169 msgid "Session management provider" -msgstr "" +msgstr "სესიის მართვის მომწოდებელი" #: src/config/SSSDConfig/sssdoptions.py:170 msgid "Resolver provider" -msgstr "" +msgstr "ამომხსნელის მომწოდებელი" #: src/config/SSSDConfig/sssdoptions.py:173 msgid "Whether the domain is usable by the OS or by applications" @@ -693,7 +693,7 @@ msgstr "" #: src/config/SSSDConfig/sssdoptions.py:232 msgid "IPA client hostname" -msgstr "" +msgstr "IPA კლიენტის ჰოსტის სახელი" #: src/config/SSSDConfig/sssdoptions.py:233 msgid "Whether to automatically update the client's DNS entry in FreeIPA" @@ -907,19 +907,19 @@ msgstr "Active Directory-ის დომენი" #: src/config/SSSDConfig/sssdoptions.py:296 msgid "Enabled Active Directory domains" -msgstr "" +msgstr "Active Directory-ის ჩართული დომენები" #: src/config/SSSDConfig/sssdoptions.py:297 msgid "Active Directory server address" -msgstr "" +msgstr "Active Directory -ის სერვერის მისამართი" #: src/config/SSSDConfig/sssdoptions.py:298 msgid "Active Directory backup server address" -msgstr "" +msgstr "Active Directory -ის მარქაფი სერვერის მისამართი" #: src/config/SSSDConfig/sssdoptions.py:299 msgid "Active Directory client hostname" -msgstr "" +msgstr "Active Directory -ის კლიენტის ჰოსტის სახელი" #: src/config/SSSDConfig/sssdoptions.py:301 #: src/config/SSSDConfig/sssdoptions.py:500 @@ -1016,7 +1016,7 @@ msgstr "" #: src/config/SSSDConfig/sssdoptions.py:328 msgid "Kerberos realm" -msgstr "kerberos-ის რეალმი" +msgstr "Kerberos-ის რეალმი" #: src/config/SSSDConfig/sssdoptions.py:329 msgid "Authentication timeout" @@ -1301,7 +1301,7 @@ msgstr "" #: src/config/SSSDConfig/sssdoptions.py:413 msgid "Objectclass for users" -msgstr "" +msgstr "Objectclass მომხმარებლებისთვის" #: src/config/SSSDConfig/sssdoptions.py:414 msgid "Username attribute" @@ -1334,7 +1334,7 @@ msgstr "UUID ატრიბუტი" #: src/config/SSSDConfig/sssdoptions.py:421 #: src/config/SSSDConfig/sssdoptions.py:460 msgid "objectSID attribute" -msgstr "" +msgstr "ატრიბუტ objectSID" #: src/config/SSSDConfig/sssdoptions.py:422 msgid "Active Directory primary group attribute for ID-mapping" @@ -1350,7 +1350,7 @@ msgstr "სრული სახელი" #: src/config/SSSDConfig/sssdoptions.py:425 msgid "memberOf attribute" -msgstr "" +msgstr "ატრიბუტი memberOf" #: src/config/SSSDConfig/sssdoptions.py:426 msgid "Modification time attribute" @@ -1518,7 +1518,7 @@ msgstr "" #: src/config/SSSDConfig/sssdoptions.py:470 msgid "Netgroup name" -msgstr "" +msgstr "ქსელური ჯგუფის სახელი" #: src/config/SSSDConfig/sssdoptions.py:471 msgid "Netgroups members attribute" @@ -1941,7 +1941,7 @@ msgstr "" #: src/providers/krb5/krb5_child.c:4099 src/providers/ldap/ldap_child.c:670 msgid "talloc_asprintf failed.\n" -msgstr "" +msgstr "talloc_asprintf ჩავარდა.\n" #: src/providers/krb5/krb5_child.c:4109 src/providers/ldap/ldap_child.c:679 msgid "set_debug_file_from_fd failed.\n" @@ -2031,7 +2031,7 @@ msgstr "" #: src/sss_client/pam_sss.c:628 #, c-format msgid "Your password has expired." -msgstr "" +msgstr "თქვენს პაროლს ვადა გაუვიდა." #: src/sss_client/pam_sss.c:679 msgid "Authentication is denied until: " @@ -2109,7 +2109,7 @@ msgstr "" #: src/sss_client/pam_sss.c:2746 msgid "Current Password: " -msgstr "" +msgstr "მიმდინარე პაროლი: " #: src/sss_client/pam_sss.c:3103 msgid "Password expired. Change your password now." @@ -2131,7 +2131,7 @@ msgstr "" #: src/sss_client/ssh/sss_ssh_authorizedkeys.c:64 msgid "Not enough memory\n" -msgstr "" +msgstr "არასაკმარისი მეხსიერება\n" #: src/sss_client/ssh/sss_ssh_authorizedkeys.c:83 msgid "User not specified\n" @@ -2294,7 +2294,7 @@ msgstr "შეცდომა" #: src/tools/sssctl/sssctl.c:42 msgid "Invalid result." -msgstr "" +msgstr "არასწორი პასუხი." #: src/tools/sssctl/sssctl.c:78 msgid "Unable to read user input\n" @@ -2533,7 +2533,7 @@ msgstr "" #: src/tools/sssctl/sssctl_cert.c:216 msgid "Matching rule" -msgstr "" +msgstr "წესი, რომელიც ემთხვევა" #: src/tools/sssctl/sssctl_cert.c:226 msgid "Unable to parse command arguments\n" @@ -2942,21 +2942,21 @@ msgstr "" #: src/tools/sssctl/sssctl_user_checks.c:167 #, c-format msgid "dlopen failed with [%s].\n" -msgstr "" +msgstr "dlopen ჩავარდა შეცდომით [%s].\n" #: src/tools/sssctl/sssctl_user_checks.c:174 #, c-format msgid "dlsym failed with [%s].\n" -msgstr "" +msgstr "dlsym ჩავარდა შეცდომით [%s].\n" #: src/tools/sssctl/sssctl_user_checks.c:182 msgid "malloc failed.\n" -msgstr "" +msgstr "malloc ჩავარდა.\n" #: src/tools/sssctl/sssctl_user_checks.c:189 #, c-format msgid "sss_getpwnam_r failed with [%d].\n" -msgstr "" +msgstr "sss_getpwnam_r ჩავარდა შეცდომით [%d].\n" #: src/tools/sssctl/sssctl_user_checks.c:194 msgid "SSSD nss user lookup result:\n" @@ -3028,7 +3028,7 @@ msgstr "" #: src/tools/sssctl/sssctl_user_checks.c:263 #, c-format msgid "pam_start failed: %s\n" -msgstr "" +msgstr "pam_start ჩავარდა: %s\n" #: src/tools/sssctl/sssctl_user_checks.c:269 msgid "" @@ -3039,7 +3039,7 @@ msgstr "" #: src/tools/sssctl/sssctl_user_checks.c:273 #, c-format msgid "pam_get_item failed: %s\n" -msgstr "" +msgstr "pam_get_item ჩავარდა: %s\n" #: src/tools/sssctl/sssctl_user_checks.c:276 #, c-format diff --git a/po/ko.po b/po/ko.po index c1280c3e2ae..b5168930a87 100644 --- a/po/ko.po +++ b/po/ko.po @@ -4,14 +4,14 @@ # Ludek Janda <ljanda@redhat.com>, 2021. # simmon <simmon@nplob.com>, 2021. # seo hojin <jinswhat@naver.com>, 2021. -# 김인수 <simmon@nplob.com>, 2022. +# 김인수 <simmon@nplob.com>, 2022, 2023. # Transtats <suanand@redhat.com>, 2022. msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" "POT-Creation-Date: 2023-09-07 11:48+0200\n" -"PO-Revision-Date: 2023-08-06 18:21+0000\n" +"PO-Revision-Date: 2023-09-18 03:54+0000\n" "Last-Translator: 김인수 <simmon@nplob.com>\n" "Language-Team: Korean <https://translate.fedoraproject.org/projects/sssd/" "sssd-2-9/ko/>\n" @@ -20,7 +20,7 @@ msgstr "" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=1; plural=0;\n" -"X-Generator: Weblate 4.18.2\n" +"X-Generator: Weblate 5.0.2\n" #: src/config/SSSDConfig/sssdoptions.py:20 #: src/config/SSSDConfig/sssdoptions.py:21 @@ -724,7 +724,7 @@ msgstr "" #: src/config/SSSDConfig/sssdoptions.py:226 msgid "Local authentication methods policy " -msgstr "" +msgstr "로컬 인증 방법 정책. " #: src/config/SSSDConfig/sssdoptions.py:229 msgid "IPA domain" @@ -2067,7 +2067,7 @@ msgstr "서버 메시지: " msgid "" "Kerberos TGT will not be granted upon login, user experience will be " "affected." -msgstr "" +msgstr "커버러스 TGT는 로그인 시 허용되지 않으며, 사용자 환경에 영향을 미칩니다." #: src/sss_client/pam_sss.c:72 msgid "Enter PIN:" @@ -2127,7 +2127,8 @@ msgstr "PIN 잠금" msgid "" "No Kerberos TGT granted as the server does not support this method. Your " "single-sign on(SSO) experience will be affected." -msgstr "" +msgstr "서버가 이와 같은 방식을 지원하지 않으므로 커버러스 TGT가 허용되지 않습니다. " +"통합인증(SSO) 환경이 영향을 받습니다." #: src/sss_client/pam_sss.c:835 src/sss_client/pam_sss.c:848 msgid "Password change failed. " diff --git a/po/pl.po b/po/pl.po index 56c444cf466..4aa3a8b8ed3 100644 --- a/po/pl.po +++ b/po/pl.po @@ -3,20 +3,20 @@ # This file is distributed under the same license as the PACKAGE package. # # Translators: -# Piotr Drąg <piotrdrag@gmail.com>, 2011-2014, 2020, 2021, 2022. +# Piotr Drąg <piotrdrag@gmail.com>, 2011-2014, 2020, 2021, 2022, 2023. # sgallagh <sgallagh@redhat.com>, 2011 -# Piotr Drąg <piotrdrag@gmail.com>, 2015. #zanata, 2020, 2021, 2022. -# Piotr Drąg <piotrdrag@gmail.com>, 2016. #zanata, 2020, 2021, 2022. -# Piotr Drąg <piotrdrag@gmail.com>, 2017. #zanata, 2020, 2021, 2022. -# Piotr Drąg <piotrdrag@gmail.com>, 2018. #zanata, 2020, 2021, 2022. -# Piotr Drąg <piotrdrag@gmail.com>, 2019. #zanata, 2020, 2021, 2022. -# Piotr Drąg <piotrdrag@gmail.com>, 2020. #zanata, 2021, 2022. +# Piotr Drąg <piotrdrag@gmail.com>, 2015. #zanata, 2020, 2021, 2022, 2023. +# Piotr Drąg <piotrdrag@gmail.com>, 2016. #zanata, 2020, 2021, 2022, 2023. +# Piotr Drąg <piotrdrag@gmail.com>, 2017. #zanata, 2020, 2021, 2022, 2023. +# Piotr Drąg <piotrdrag@gmail.com>, 2018. #zanata, 2020, 2021, 2022, 2023. +# Piotr Drąg <piotrdrag@gmail.com>, 2019. #zanata, 2020, 2021, 2022, 2023. +# Piotr Drąg <piotrdrag@gmail.com>, 2020. #zanata, 2021, 2022, 2023. msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" "POT-Creation-Date: 2023-09-07 11:48+0200\n" -"PO-Revision-Date: 2023-06-05 13:20+0000\n" +"PO-Revision-Date: 2023-09-18 03:54+0000\n" "Last-Translator: Piotr Drąg <piotrdrag@gmail.com>\n" "Language-Team: Polish <https://translate.fedoraproject.org/projects/sssd/" "sssd-2-9/pl/>\n" @@ -26,7 +26,7 @@ msgstr "" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=3; plural=n==1 ? 0 : n%10>=2 && n%10<=4 && (n%100<10 " "|| n%100>=20) ? 1 : 2;\n" -"X-Generator: Weblate 4.17\n" +"X-Generator: Weblate 5.0.2\n" #: src/config/SSSDConfig/sssdoptions.py:20 #: src/config/SSSDConfig/sssdoptions.py:21 @@ -782,7 +782,7 @@ msgstr "" #: src/config/SSSDConfig/sssdoptions.py:226 msgid "Local authentication methods policy " -msgstr "" +msgstr "Zasady metod lokalnego uwierzytelniania " #: src/config/SSSDConfig/sssdoptions.py:229 msgid "IPA domain" @@ -1067,41 +1067,39 @@ msgstr "Tryb działania dla kontroli dostępu opartej na GPO" msgid "" "The amount of time between lookups of the GPO policy files against the AD " "server" -msgstr "Czas między wyszukiwaniami plików polityki GPO w serwerze AD" +msgstr "Czas między wyszukiwaniami plików zasad GPO w serwerze AD" #: src/config/SSSDConfig/sssdoptions.py:305 msgid "" "PAM service names that map to the GPO (Deny)InteractiveLogonRight policy " "settings" msgstr "" -"Nazwy usług PAM mapujących do ustawień polityki GPO " -"(Deny)InteractiveLogonRight" +"Nazwy usług PAM mapujących do ustawień zasad GPO (Deny)InteractiveLogonRight" #: src/config/SSSDConfig/sssdoptions.py:307 msgid "" "PAM service names that map to the GPO (Deny)RemoteInteractiveLogonRight " "policy settings" msgstr "" -"Nazwy usług PAM mapujących do ustawień polityki GPO " +"Nazwy usług PAM mapujących do ustawień zasad GPO " "(Deny)RemoteInteractiveLogonRight" #: src/config/SSSDConfig/sssdoptions.py:309 msgid "" "PAM service names that map to the GPO (Deny)NetworkLogonRight policy settings" msgstr "" -"Nazwy usług PAM mapujących do ustawień polityki GPO (Deny)NetworkLogonRight" +"Nazwy usług PAM mapujących do ustawień zasad GPO (Deny)NetworkLogonRight" #: src/config/SSSDConfig/sssdoptions.py:310 msgid "" "PAM service names that map to the GPO (Deny)BatchLogonRight policy settings" -msgstr "" -"Nazwy usług PAM mapujących do ustawień polityki GPO (Deny)BatchLogonRight" +msgstr "Nazwy usług PAM mapujących do ustawień zasad GPO (Deny)BatchLogonRight" #: src/config/SSSDConfig/sssdoptions.py:311 msgid "" "PAM service names that map to the GPO (Deny)ServiceLogonRight policy settings" msgstr "" -"Nazwy usług PAM mapujących do ustawień polityki GPO (Deny)ServiceLogonRight" +"Nazwy usług PAM mapujących do ustawień zasad GPO (Deny)ServiceLogonRight" #: src/config/SSSDConfig/sssdoptions.py:312 msgid "PAM service names for which GPO-based access is always granted" @@ -1558,7 +1556,7 @@ msgstr "Atrybut krbPasswordExpiration" #: src/config/SSSDConfig/sssdoptions.py:439 msgid "Attribute indicating that server side password policies are active" -msgstr "Atrybut wskazujący, czy polityki haseł po stronie serwera są aktywne" +msgstr "Atrybut wskazujący, czy zasady haseł po stronie serwera są aktywne" #: src/config/SSSDConfig/sssdoptions.py:440 msgid "accountExpires attribute of AD" @@ -1749,7 +1747,7 @@ msgstr "Ustawia górną granicę dla dozwolonych identyfikatorów z serwera LDA #: src/config/SSSDConfig/sssdoptions.py:492 msgid "DN for ppolicy queries" -msgstr "DN dla zapytań polityki" +msgstr "DN dla zapytań zasad" #: src/config/SSSDConfig/sssdoptions.py:493 msgid "How many maximum entries to fetch during a wildcard request" @@ -1761,7 +1759,7 @@ msgstr "Ustawia poziom debugowania biblioteki libldap" #: src/config/SSSDConfig/sssdoptions.py:497 msgid "Policy to evaluate the password expiration" -msgstr "Polityka do sprawdzania wygaszenia hasła" +msgstr "Zasady do sprawdzania wygaszenia hasła" #: src/config/SSSDConfig/sssdoptions.py:501 msgid "Which attributes shall be used to evaluate if an account is expired" @@ -2164,6 +2162,7 @@ msgid "" "Kerberos TGT will not be granted upon login, user experience will be " "affected." msgstr "" +"TGT Kerberosa nie będzie nadawany po zalogowaniu, co wpłynie na użytkownika." #: src/sss_client/pam_sss.c:72 msgid "Enter PIN:" @@ -2225,6 +2224,8 @@ msgid "" "No Kerberos TGT granted as the server does not support this method. Your " "single-sign on(SSO) experience will be affected." msgstr "" +"Nie nadano TGT Kerberosa, jako że serwer nie obsługuje tej metody, co " +"wpłynie na pojedyncze logowanie (SSO)." #: src/sss_client/pam_sss.c:835 src/sss_client/pam_sss.c:848 msgid "Password change failed. " diff --git a/po/ru.po b/po/ru.po index 74722790feb..2d1046dccde 100644 --- a/po/ru.po +++ b/po/ru.po @@ -7,13 +7,13 @@ # Oleksii Levan <exlevan@gmail.com>, 2016. #zanata # Evgeny Sinelnikov <sin@altlinux.org>, 2021. # Olesya Gerasimenko <gammaray@basealt.ru>, 2021. -# Elena Mishina <lepata@basealt.ru>, 2022. +# Elena Mishina <lepata@basealt.ru>, 2022, 2023. msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" "POT-Creation-Date: 2023-09-07 11:48+0200\n" -"PO-Revision-Date: 2023-06-06 20:20+0000\n" +"PO-Revision-Date: 2023-09-18 03:54+0000\n" "Last-Translator: Elena Mishina <lepata@basealt.ru>\n" "Language-Team: Russian <https://translate.fedoraproject.org/projects/sssd/" "sssd-2-9/ru/>\n" @@ -23,7 +23,7 @@ msgstr "" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=3; plural=n%10==1 && n%100!=11 ? 0 : n%10>=2 && " "n%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2;\n" -"X-Generator: Weblate 4.17\n" +"X-Generator: Weblate 5.0.2\n" #: src/config/SSSDConfig/sssdoptions.py:20 #: src/config/SSSDConfig/sssdoptions.py:21 @@ -807,7 +807,7 @@ msgstr "" #: src/config/SSSDConfig/sssdoptions.py:226 msgid "Local authentication methods policy " -msgstr "" +msgstr "Локальная политика методов проверки подлинности " #: src/config/SSSDConfig/sssdoptions.py:229 msgid "IPA domain" @@ -1180,7 +1180,7 @@ msgstr "Не отфильтровывать группы, локальные в #: src/config/SSSDConfig/sssdoptions.py:325 #: src/config/SSSDConfig/sssdoptions.py:326 msgid "Kerberos server address" -msgstr "Имя сервера Kerberos" +msgstr "Адрес сервера Kerberos" #: src/config/SSSDConfig/sssdoptions.py:327 msgid "Kerberos backup server address" @@ -2209,6 +2209,8 @@ msgid "" "Kerberos TGT will not be granted upon login, user experience will be " "affected." msgstr "" +"После входа в систему не будет предоставлен TGT Kerberos. Это может помешать " +"нормальной работе пользователя." #: src/sss_client/pam_sss.c:72 msgid "Enter PIN:" @@ -2270,6 +2272,8 @@ msgid "" "No Kerberos TGT granted as the server does not support this method. Your " "single-sign on(SSO) experience will be affected." msgstr "" +"TGT Kerberos не предоставлен, поскольку на сервере не предусмотрена " +"поддержка этого метода. Это повлияет на работу системы единого входа (SSO)." #: src/sss_client/pam_sss.c:835 src/sss_client/pam_sss.c:848 msgid "Password change failed. " From d380342b4a1453fb9c701a6d01103fd94efa919f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com> Date: Mon, 13 Nov 2023 11:54:22 +0100 Subject: [PATCH 202/280] pot: update pot files --- po/bg.po | 18 +- po/ca.po | 18 +- po/cs.po | 18 +- po/de.po | 18 +- po/es.po | 18 +- po/eu.po | 18 +- po/fi.po | 18 +- po/fr.po | 18 +- po/hu.po | 18 +- po/id.po | 18 +- po/it.po | 18 +- po/ja.po | 18 +- po/ka.po | 18 +- po/ko.po | 24 +- po/nb.po | 18 +- po/nl.po | 18 +- po/pl.po | 18 +- po/pt.po | 18 +- po/pt_BR.po | 18 +- po/ru.po | 18 +- po/sssd.pot | 18 +- po/sv.po | 18 +- po/tg.po | 18 +- po/tr.po | 18 +- po/uk.po | 18 +- po/zh_CN.po | 18 +- po/zh_TW.po | 18 +- src/man/po/br.po | 1576 +++++++++++++++++++------------------ src/man/po/ca.po | 1607 ++++++++++++++++++++------------------ src/man/po/cs.po | 1576 +++++++++++++++++++------------------ src/man/po/de.po | 1607 ++++++++++++++++++++------------------ src/man/po/es.po | 1607 ++++++++++++++++++++------------------ src/man/po/eu.po | 1576 +++++++++++++++++++------------------ src/man/po/fi.po | 1576 +++++++++++++++++++------------------ src/man/po/fr.po | 1607 ++++++++++++++++++++------------------ src/man/po/ja.po | 1607 ++++++++++++++++++++------------------ src/man/po/lv.po | 1576 +++++++++++++++++++------------------ src/man/po/nl.po | 1576 +++++++++++++++++++------------------ src/man/po/pt.po | 1576 +++++++++++++++++++------------------ src/man/po/pt_BR.po | 1576 +++++++++++++++++++------------------ src/man/po/ru.po | 1607 ++++++++++++++++++++------------------ src/man/po/sssd-docs.pot | 1578 +++++++++++++++++++------------------ src/man/po/sv.po | 1605 +++++++++++++++++++------------------ src/man/po/tg.po | 1576 +++++++++++++++++++------------------ src/man/po/uk.po | 1607 ++++++++++++++++++++------------------ src/man/po/zh_CN.po | 1576 +++++++++++++++++++------------------ 46 files changed, 15655 insertions(+), 15029 deletions(-) diff --git a/po/bg.po b/po/bg.po index 4511eeb6062..0c450ad69e1 100644 --- a/po/bg.po +++ b/po/bg.po @@ -8,7 +8,7 @@ msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" -"POT-Creation-Date: 2023-09-07 11:48+0200\n" +"POT-Creation-Date: 2023-11-13 11:54+0100\n" "PO-Revision-Date: 2014-12-14 11:44-0500\n" "Last-Translator: Copied by Zanata <copied-by-zanata@zanata.org>\n" "Language-Team: Bulgarian (http://www.transifex.com/projects/p/sssd/language/" @@ -1960,35 +1960,35 @@ msgstr "" msgid "Domain of the information provider (mandatory)" msgstr "" -#: src/sss_client/common.c:1129 +#: src/sss_client/common.c:1169 msgid "Privileged socket has wrong ownership or permissions." msgstr "" -#: src/sss_client/common.c:1132 +#: src/sss_client/common.c:1172 msgid "Public socket has wrong ownership or permissions." msgstr "" -#: src/sss_client/common.c:1135 +#: src/sss_client/common.c:1175 msgid "Unexpected format of the server credential message." msgstr "" -#: src/sss_client/common.c:1138 +#: src/sss_client/common.c:1178 msgid "SSSD is not run by root." msgstr "SSSD не е стартиран като root." -#: src/sss_client/common.c:1141 +#: src/sss_client/common.c:1181 msgid "SSSD socket does not exist." msgstr "" -#: src/sss_client/common.c:1144 +#: src/sss_client/common.c:1184 msgid "Cannot get stat of SSSD socket." msgstr "" -#: src/sss_client/common.c:1149 +#: src/sss_client/common.c:1189 msgid "An error occurred, but no description can be found." msgstr "Възникнала е грешка, но не може да се намери описание." -#: src/sss_client/common.c:1155 +#: src/sss_client/common.c:1195 msgid "Unexpected error while looking for an error description" msgstr "Неочаквана грешка при търсене на описание на грешка" diff --git a/po/ca.po b/po/ca.po index 49569cb5065..b10e618a4ee 100644 --- a/po/ca.po +++ b/po/ca.po @@ -14,7 +14,7 @@ msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" -"POT-Creation-Date: 2023-09-07 11:48+0200\n" +"POT-Creation-Date: 2023-11-13 11:54+0100\n" "PO-Revision-Date: 2017-10-15 03:02-0400\n" "Last-Translator: Robert Antoni Buj Gelonch <rbuj@fedoraproject.org>\n" "Language-Team: Catalan (http://www.transifex.com/projects/p/sssd/language/" @@ -2080,35 +2080,35 @@ msgstr "" msgid "Domain of the information provider (mandatory)" msgstr "Domini del proveïdor d'informació (obligatori)" -#: src/sss_client/common.c:1129 +#: src/sss_client/common.c:1169 msgid "Privileged socket has wrong ownership or permissions." msgstr "El sòcol amb privilegis té malament els permisos o el propietari." -#: src/sss_client/common.c:1132 +#: src/sss_client/common.c:1172 msgid "Public socket has wrong ownership or permissions." msgstr "El sòcol públic té malament els permisos o el propietari." -#: src/sss_client/common.c:1135 +#: src/sss_client/common.c:1175 msgid "Unexpected format of the server credential message." msgstr "Format inesperat del missatge de les credencials del servidor." -#: src/sss_client/common.c:1138 +#: src/sss_client/common.c:1178 msgid "SSSD is not run by root." msgstr "L'SSSD no s'està executant com a root." -#: src/sss_client/common.c:1141 +#: src/sss_client/common.c:1181 msgid "SSSD socket does not exist." msgstr "" -#: src/sss_client/common.c:1144 +#: src/sss_client/common.c:1184 msgid "Cannot get stat of SSSD socket." msgstr "" -#: src/sss_client/common.c:1149 +#: src/sss_client/common.c:1189 msgid "An error occurred, but no description can be found." msgstr "S'ha produït un error però no s'ha pogut trobar cap descripció." -#: src/sss_client/common.c:1155 +#: src/sss_client/common.c:1195 msgid "Unexpected error while looking for an error description" msgstr "Error inesperat en cercar una descripció de l'error" diff --git a/po/cs.po b/po/cs.po index d68396f9c8a..d12eb5b5d08 100644 --- a/po/cs.po +++ b/po/cs.po @@ -6,7 +6,7 @@ msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" -"POT-Creation-Date: 2023-09-07 11:48+0200\n" +"POT-Creation-Date: 2023-11-13 11:54+0100\n" "PO-Revision-Date: 2023-04-08 20:20+0000\n" "Last-Translator: Pavel Borecki <pavel.borecki@gmail.com>\n" "Language-Team: Czech <https://translate.fedoraproject.org/projects/sssd/sssd-" @@ -2112,35 +2112,35 @@ msgstr "set_debug_file_from_fd se nezdařilo.\n" msgid "Domain of the information provider (mandatory)" msgstr "Doména poskytovatele informace (povinné)" -#: src/sss_client/common.c:1129 +#: src/sss_client/common.c:1169 msgid "Privileged socket has wrong ownership or permissions." msgstr "Privilegovaný soket má nesprávné vlastnictví nebo oprávnění." -#: src/sss_client/common.c:1132 +#: src/sss_client/common.c:1172 msgid "Public socket has wrong ownership or permissions." msgstr "Veřejný soket má chybné vlastnictví nebo oprávnění." -#: src/sss_client/common.c:1135 +#: src/sss_client/common.c:1175 msgid "Unexpected format of the server credential message." msgstr "Neočekávaný formát zprávy o pověřeních serveru." -#: src/sss_client/common.c:1138 +#: src/sss_client/common.c:1178 msgid "SSSD is not run by root." msgstr "SSSD není spouštěno správcem." -#: src/sss_client/common.c:1141 +#: src/sss_client/common.c:1181 msgid "SSSD socket does not exist." msgstr "SSSD soket neexistuje." -#: src/sss_client/common.c:1144 +#: src/sss_client/common.c:1184 msgid "Cannot get stat of SSSD socket." msgstr "Nedaří se získat stav SSSD soketu." -#: src/sss_client/common.c:1149 +#: src/sss_client/common.c:1189 msgid "An error occurred, but no description can be found." msgstr "Došlo k chybě, ale nedaří se najít popis." -#: src/sss_client/common.c:1155 +#: src/sss_client/common.c:1195 msgid "Unexpected error while looking for an error description" msgstr "Neočekávaná chyba při hledání popisu chyby" diff --git a/po/de.po b/po/de.po index b646d599583..94d3514bd1a 100644 --- a/po/de.po +++ b/po/de.po @@ -13,7 +13,7 @@ msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" -"POT-Creation-Date: 2023-09-07 11:48+0200\n" +"POT-Creation-Date: 2023-11-13 11:54+0100\n" "PO-Revision-Date: 2022-07-01 09:40+0000\n" "Last-Translator: Joachim Philipp <joachim.philipp@gmail.com>\n" "Language-Team: German <https://translate.fedoraproject.org/projects/sssd/" @@ -2062,36 +2062,36 @@ msgstr "" msgid "Domain of the information provider (mandatory)" msgstr "Domain des Informationsanbieters (obligatorisch)" -#: src/sss_client/common.c:1129 +#: src/sss_client/common.c:1169 msgid "Privileged socket has wrong ownership or permissions." msgstr "Privilegierter Socket hat falsche Eigentums- oder Zugriffsrechte." -#: src/sss_client/common.c:1132 +#: src/sss_client/common.c:1172 msgid "Public socket has wrong ownership or permissions." msgstr "Öffentlicher Socket hat falsche Eigentums- oder Zugriffsrechte." -#: src/sss_client/common.c:1135 +#: src/sss_client/common.c:1175 msgid "Unexpected format of the server credential message." msgstr "Unerwartetes Format der Server-Anmeldenachricht." -#: src/sss_client/common.c:1138 +#: src/sss_client/common.c:1178 msgid "SSSD is not run by root." msgstr "SSSD wird nicht durch Root ausgeführt." -#: src/sss_client/common.c:1141 +#: src/sss_client/common.c:1181 msgid "SSSD socket does not exist." msgstr "" -#: src/sss_client/common.c:1144 +#: src/sss_client/common.c:1184 msgid "Cannot get stat of SSSD socket." msgstr "" -#: src/sss_client/common.c:1149 +#: src/sss_client/common.c:1189 msgid "An error occurred, but no description can be found." msgstr "" "Ein Fehler ist aufgetreten, aber es kann keine Beschreibung gefunden werden." -#: src/sss_client/common.c:1155 +#: src/sss_client/common.c:1195 msgid "Unexpected error while looking for an error description" msgstr "Unerwarteter Fehler beim Suchen nach einer Fehlerbeschreibung" diff --git a/po/es.po b/po/es.po index 750aeefdfdc..9aea29314df 100644 --- a/po/es.po +++ b/po/es.po @@ -18,7 +18,7 @@ msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" -"POT-Creation-Date: 2023-09-07 11:48+0200\n" +"POT-Creation-Date: 2023-11-13 11:54+0100\n" "PO-Revision-Date: 2022-09-11 10:19+0000\n" "Last-Translator: Emilio Herrera <ehespinosa57@gmail.com>\n" "Language-Team: Spanish <https://translate.fedoraproject.org/projects/sssd/" @@ -2176,35 +2176,35 @@ msgstr "set_debug_file_from_fd falló.\n" msgid "Domain of the information provider (mandatory)" msgstr "Dominio del proveedor de información (obligatorio)" -#: src/sss_client/common.c:1129 +#: src/sss_client/common.c:1169 msgid "Privileged socket has wrong ownership or permissions." msgstr "El zócalo privilegiado posee permisos o pertenencia equivocados." -#: src/sss_client/common.c:1132 +#: src/sss_client/common.c:1172 msgid "Public socket has wrong ownership or permissions." msgstr "El zócalo público posee permisos o pertenencia equivocados." -#: src/sss_client/common.c:1135 +#: src/sss_client/common.c:1175 msgid "Unexpected format of the server credential message." msgstr "Formato no esperado del mensaje de la credencial del servidor." -#: src/sss_client/common.c:1138 +#: src/sss_client/common.c:1178 msgid "SSSD is not run by root." msgstr "SSSD no está siendo ejecutado por el usuario root." -#: src/sss_client/common.c:1141 +#: src/sss_client/common.c:1181 msgid "SSSD socket does not exist." msgstr "El socket SSSD no existe." -#: src/sss_client/common.c:1144 +#: src/sss_client/common.c:1184 msgid "Cannot get stat of SSSD socket." msgstr "No se pueden obtener estadísticas del socket SSSD." -#: src/sss_client/common.c:1149 +#: src/sss_client/common.c:1189 msgid "An error occurred, but no description can be found." msgstr "Ha ocurrido un error, pero no se ha podido encontrar una descripción." -#: src/sss_client/common.c:1155 +#: src/sss_client/common.c:1195 msgid "Unexpected error while looking for an error description" msgstr "" "Ha ocurrido un error no esperado mientras se buscaba la descripción del error" diff --git a/po/eu.po b/po/eu.po index 733a1b3425b..5f21b085df6 100644 --- a/po/eu.po +++ b/po/eu.po @@ -8,7 +8,7 @@ msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" -"POT-Creation-Date: 2023-09-07 11:48+0200\n" +"POT-Creation-Date: 2023-11-13 11:54+0100\n" "PO-Revision-Date: 2014-12-14 11:45-0500\n" "Last-Translator: Copied by Zanata <copied-by-zanata@zanata.org>\n" "Language-Team: Basque (http://www.transifex.com/projects/p/sssd/language/" @@ -1953,35 +1953,35 @@ msgstr "" msgid "Domain of the information provider (mandatory)" msgstr "" -#: src/sss_client/common.c:1129 +#: src/sss_client/common.c:1169 msgid "Privileged socket has wrong ownership or permissions." msgstr "" -#: src/sss_client/common.c:1132 +#: src/sss_client/common.c:1172 msgid "Public socket has wrong ownership or permissions." msgstr "" -#: src/sss_client/common.c:1135 +#: src/sss_client/common.c:1175 msgid "Unexpected format of the server credential message." msgstr "" -#: src/sss_client/common.c:1138 +#: src/sss_client/common.c:1178 msgid "SSSD is not run by root." msgstr "" -#: src/sss_client/common.c:1141 +#: src/sss_client/common.c:1181 msgid "SSSD socket does not exist." msgstr "" -#: src/sss_client/common.c:1144 +#: src/sss_client/common.c:1184 msgid "Cannot get stat of SSSD socket." msgstr "" -#: src/sss_client/common.c:1149 +#: src/sss_client/common.c:1189 msgid "An error occurred, but no description can be found." msgstr "" -#: src/sss_client/common.c:1155 +#: src/sss_client/common.c:1195 msgid "Unexpected error while looking for an error description" msgstr "" diff --git a/po/fi.po b/po/fi.po index e04058f4f29..9ed775f169d 100644 --- a/po/fi.po +++ b/po/fi.po @@ -6,7 +6,7 @@ msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" -"POT-Creation-Date: 2023-09-07 11:48+0200\n" +"POT-Creation-Date: 2023-11-13 11:54+0100\n" "PO-Revision-Date: 2023-02-26 20:20+0000\n" "Last-Translator: Jan Kuparinen <copper_fin@hotmail.com>\n" "Language-Team: Finnish <https://translate.fedoraproject.org/projects/sssd/" @@ -1972,35 +1972,35 @@ msgstr "" msgid "Domain of the information provider (mandatory)" msgstr "" -#: src/sss_client/common.c:1129 +#: src/sss_client/common.c:1169 msgid "Privileged socket has wrong ownership or permissions." msgstr "" -#: src/sss_client/common.c:1132 +#: src/sss_client/common.c:1172 msgid "Public socket has wrong ownership or permissions." msgstr "" -#: src/sss_client/common.c:1135 +#: src/sss_client/common.c:1175 msgid "Unexpected format of the server credential message." msgstr "" -#: src/sss_client/common.c:1138 +#: src/sss_client/common.c:1178 msgid "SSSD is not run by root." msgstr "" -#: src/sss_client/common.c:1141 +#: src/sss_client/common.c:1181 msgid "SSSD socket does not exist." msgstr "" -#: src/sss_client/common.c:1144 +#: src/sss_client/common.c:1184 msgid "Cannot get stat of SSSD socket." msgstr "" -#: src/sss_client/common.c:1149 +#: src/sss_client/common.c:1189 msgid "An error occurred, but no description can be found." msgstr "" -#: src/sss_client/common.c:1155 +#: src/sss_client/common.c:1195 msgid "Unexpected error while looking for an error description" msgstr "" diff --git a/po/fr.po b/po/fr.po index 11173a4d59a..22302709d0e 100644 --- a/po/fr.po +++ b/po/fr.po @@ -18,7 +18,7 @@ msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" -"POT-Creation-Date: 2023-09-07 11:48+0200\n" +"POT-Creation-Date: 2023-11-13 11:54+0100\n" "PO-Revision-Date: 2023-06-10 12:20+0000\n" "Last-Translator: Ludek Janda <ljanda@redhat.com>\n" "Language-Team: French <https://translate.fedoraproject.org/projects/sssd/" @@ -2187,37 +2187,37 @@ msgstr "Échec de set_debug_file_from_fd.\n" msgid "Domain of the information provider (mandatory)" msgstr "Domaine du fournisseur d'informations (obligatoire)" -#: src/sss_client/common.c:1129 +#: src/sss_client/common.c:1169 msgid "Privileged socket has wrong ownership or permissions." msgstr "" "Le socket privilégié a de mauvaises permissions ou un mauvais propriétaire." -#: src/sss_client/common.c:1132 +#: src/sss_client/common.c:1172 msgid "Public socket has wrong ownership or permissions." msgstr "" "Le socket public a de mauvaises permissions ou un mauvais propriétaire." -#: src/sss_client/common.c:1135 +#: src/sss_client/common.c:1175 msgid "Unexpected format of the server credential message." msgstr "Le message du serveur de crédits a un format inattendu." -#: src/sss_client/common.c:1138 +#: src/sss_client/common.c:1178 msgid "SSSD is not run by root." msgstr "SSSD n'est pas démarré par root." -#: src/sss_client/common.c:1141 +#: src/sss_client/common.c:1181 msgid "SSSD socket does not exist." msgstr "La socket SSSD n'existe pas." -#: src/sss_client/common.c:1144 +#: src/sss_client/common.c:1184 msgid "Cannot get stat of SSSD socket." msgstr "Impossible d'obtenir le stat du socket SSSD." -#: src/sss_client/common.c:1149 +#: src/sss_client/common.c:1189 msgid "An error occurred, but no description can be found." msgstr "Une erreur est survenue mais aucune description n'est trouvée." -#: src/sss_client/common.c:1155 +#: src/sss_client/common.c:1195 msgid "Unexpected error while looking for an error description" msgstr "Erreur inattendue lors de la recherche de la description de l'erreur" diff --git a/po/hu.po b/po/hu.po index b6fc2458c68..72d77eb509d 100644 --- a/po/hu.po +++ b/po/hu.po @@ -10,7 +10,7 @@ msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" -"POT-Creation-Date: 2023-09-07 11:48+0200\n" +"POT-Creation-Date: 2023-11-13 11:54+0100\n" "PO-Revision-Date: 2014-12-14 11:45-0500\n" "Last-Translator: Copied by Zanata <copied-by-zanata@zanata.org>\n" "Language-Team: Hungarian (http://www.transifex.com/projects/p/sssd/language/" @@ -1956,35 +1956,35 @@ msgstr "" msgid "Domain of the information provider (mandatory)" msgstr "" -#: src/sss_client/common.c:1129 +#: src/sss_client/common.c:1169 msgid "Privileged socket has wrong ownership or permissions." msgstr "" -#: src/sss_client/common.c:1132 +#: src/sss_client/common.c:1172 msgid "Public socket has wrong ownership or permissions." msgstr "" -#: src/sss_client/common.c:1135 +#: src/sss_client/common.c:1175 msgid "Unexpected format of the server credential message." msgstr "" -#: src/sss_client/common.c:1138 +#: src/sss_client/common.c:1178 msgid "SSSD is not run by root." msgstr "Az SSSD nem root-ként fut." -#: src/sss_client/common.c:1141 +#: src/sss_client/common.c:1181 msgid "SSSD socket does not exist." msgstr "" -#: src/sss_client/common.c:1144 +#: src/sss_client/common.c:1184 msgid "Cannot get stat of SSSD socket." msgstr "" -#: src/sss_client/common.c:1149 +#: src/sss_client/common.c:1189 msgid "An error occurred, but no description can be found." msgstr "Hiba lépett fel, de nem érhetőek el részletek." -#: src/sss_client/common.c:1155 +#: src/sss_client/common.c:1195 msgid "Unexpected error while looking for an error description" msgstr "" diff --git a/po/id.po b/po/id.po index 3fe8390e8aa..0e2a11efde1 100644 --- a/po/id.po +++ b/po/id.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" -"POT-Creation-Date: 2023-09-07 11:48+0200\n" +"POT-Creation-Date: 2023-11-13 11:54+0100\n" "PO-Revision-Date: 2014-12-14 11:46-0500\n" "Last-Translator: Copied by Zanata <copied-by-zanata@zanata.org>\n" "Language-Team: Indonesian (http://www.transifex.com/projects/p/sssd/language/" @@ -1953,35 +1953,35 @@ msgstr "" msgid "Domain of the information provider (mandatory)" msgstr "" -#: src/sss_client/common.c:1129 +#: src/sss_client/common.c:1169 msgid "Privileged socket has wrong ownership or permissions." msgstr "" -#: src/sss_client/common.c:1132 +#: src/sss_client/common.c:1172 msgid "Public socket has wrong ownership or permissions." msgstr "" -#: src/sss_client/common.c:1135 +#: src/sss_client/common.c:1175 msgid "Unexpected format of the server credential message." msgstr "" -#: src/sss_client/common.c:1138 +#: src/sss_client/common.c:1178 msgid "SSSD is not run by root." msgstr "" -#: src/sss_client/common.c:1141 +#: src/sss_client/common.c:1181 msgid "SSSD socket does not exist." msgstr "" -#: src/sss_client/common.c:1144 +#: src/sss_client/common.c:1184 msgid "Cannot get stat of SSSD socket." msgstr "" -#: src/sss_client/common.c:1149 +#: src/sss_client/common.c:1189 msgid "An error occurred, but no description can be found." msgstr "" -#: src/sss_client/common.c:1155 +#: src/sss_client/common.c:1195 msgid "Unexpected error while looking for an error description" msgstr "" diff --git a/po/it.po b/po/it.po index e6587155557..4b5ca16f7ad 100644 --- a/po/it.po +++ b/po/it.po @@ -9,7 +9,7 @@ msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" -"POT-Creation-Date: 2023-09-07 11:48+0200\n" +"POT-Creation-Date: 2023-11-13 11:54+0100\n" "PO-Revision-Date: 2020-09-15 08:29+0000\n" "Last-Translator: Milo Casagrande <milo@milo.name>\n" "Language-Team: Italian <https://translate.fedoraproject.org/projects/sssd/" @@ -1973,35 +1973,35 @@ msgstr "" msgid "Domain of the information provider (mandatory)" msgstr "Dominio del provider di informazioni (obbligatorio)" -#: src/sss_client/common.c:1129 +#: src/sss_client/common.c:1169 msgid "Privileged socket has wrong ownership or permissions." msgstr "Il socket privilegiato ha permessi o propritario non validi." -#: src/sss_client/common.c:1132 +#: src/sss_client/common.c:1172 msgid "Public socket has wrong ownership or permissions." msgstr "Il socket pubblico ha permessi o propritario non validi." -#: src/sss_client/common.c:1135 +#: src/sss_client/common.c:1175 msgid "Unexpected format of the server credential message." msgstr "" -#: src/sss_client/common.c:1138 +#: src/sss_client/common.c:1178 msgid "SSSD is not run by root." msgstr "SSSD non è eseguito da root." -#: src/sss_client/common.c:1141 +#: src/sss_client/common.c:1181 msgid "SSSD socket does not exist." msgstr "" -#: src/sss_client/common.c:1144 +#: src/sss_client/common.c:1184 msgid "Cannot get stat of SSSD socket." msgstr "" -#: src/sss_client/common.c:1149 +#: src/sss_client/common.c:1189 msgid "An error occurred, but no description can be found." msgstr "" -#: src/sss_client/common.c:1155 +#: src/sss_client/common.c:1195 msgid "Unexpected error while looking for an error description" msgstr "" diff --git a/po/ja.po b/po/ja.po index 4c0617018e1..0a370b0c380 100644 --- a/po/ja.po +++ b/po/ja.po @@ -14,7 +14,7 @@ msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" -"POT-Creation-Date: 2023-09-07 11:48+0200\n" +"POT-Creation-Date: 2023-11-13 11:54+0100\n" "PO-Revision-Date: 2023-06-10 12:20+0000\n" "Last-Translator: Ludek Janda <ljanda@redhat.com>\n" "Language-Team: Japanese <https://translate.fedoraproject.org/projects/sssd/" @@ -2051,35 +2051,35 @@ msgstr "set_debug_file_from_fd は失敗しました。\n" msgid "Domain of the information provider (mandatory)" msgstr "情報プロバイダーのドメイン (必須)" -#: src/sss_client/common.c:1129 +#: src/sss_client/common.c:1169 msgid "Privileged socket has wrong ownership or permissions." msgstr "特権ソケットの所有者またはパーミッションが誤っています。" -#: src/sss_client/common.c:1132 +#: src/sss_client/common.c:1172 msgid "Public socket has wrong ownership or permissions." msgstr "公開ソケットの所有者またはパーミッションが誤っています。" -#: src/sss_client/common.c:1135 +#: src/sss_client/common.c:1175 msgid "Unexpected format of the server credential message." msgstr "サーバーのクレデンシャルメッセージの予期しない形式です。" -#: src/sss_client/common.c:1138 +#: src/sss_client/common.c:1178 msgid "SSSD is not run by root." msgstr "SSSD は root により実行されません。" -#: src/sss_client/common.c:1141 +#: src/sss_client/common.c:1181 msgid "SSSD socket does not exist." msgstr "SSSD ソケットは存在しません。" -#: src/sss_client/common.c:1144 +#: src/sss_client/common.c:1184 msgid "Cannot get stat of SSSD socket." msgstr "SSSD ソケットの統計を取得できません。" -#: src/sss_client/common.c:1149 +#: src/sss_client/common.c:1189 msgid "An error occurred, but no description can be found." msgstr "エラーが発生しましたが、説明がありませんでした。" -#: src/sss_client/common.c:1155 +#: src/sss_client/common.c:1195 msgid "Unexpected error while looking for an error description" msgstr "エラーの説明を検索中に予期しないエラーが発生しました" diff --git a/po/ka.po b/po/ka.po index b7668c28db8..2cddb232ed2 100644 --- a/po/ka.po +++ b/po/ka.po @@ -6,7 +6,7 @@ msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" -"POT-Creation-Date: 2023-09-07 11:48+0200\n" +"POT-Creation-Date: 2023-11-13 11:54+0100\n" "PO-Revision-Date: 2023-09-18 03:54+0000\n" "Last-Translator: Temuri Doghonadze <temuri.doghonadze@gmail.com>\n" "Language-Team: Georgian <https://translate.fedoraproject.org/projects/sssd/" @@ -1951,35 +1951,35 @@ msgstr "" msgid "Domain of the information provider (mandatory)" msgstr "" -#: src/sss_client/common.c:1129 +#: src/sss_client/common.c:1169 msgid "Privileged socket has wrong ownership or permissions." msgstr "" -#: src/sss_client/common.c:1132 +#: src/sss_client/common.c:1172 msgid "Public socket has wrong ownership or permissions." msgstr "" -#: src/sss_client/common.c:1135 +#: src/sss_client/common.c:1175 msgid "Unexpected format of the server credential message." msgstr "" -#: src/sss_client/common.c:1138 +#: src/sss_client/common.c:1178 msgid "SSSD is not run by root." msgstr "" -#: src/sss_client/common.c:1141 +#: src/sss_client/common.c:1181 msgid "SSSD socket does not exist." msgstr "" -#: src/sss_client/common.c:1144 +#: src/sss_client/common.c:1184 msgid "Cannot get stat of SSSD socket." msgstr "" -#: src/sss_client/common.c:1149 +#: src/sss_client/common.c:1189 msgid "An error occurred, but no description can be found." msgstr "" -#: src/sss_client/common.c:1155 +#: src/sss_client/common.c:1195 msgid "Unexpected error while looking for an error description" msgstr "" diff --git a/po/ko.po b/po/ko.po index b5168930a87..b8b30929d52 100644 --- a/po/ko.po +++ b/po/ko.po @@ -10,7 +10,7 @@ msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" -"POT-Creation-Date: 2023-09-07 11:48+0200\n" +"POT-Creation-Date: 2023-11-13 11:54+0100\n" "PO-Revision-Date: 2023-09-18 03:54+0000\n" "Last-Translator: 김인수 <simmon@nplob.com>\n" "Language-Team: Korean <https://translate.fedoraproject.org/projects/sssd/" @@ -2022,35 +2022,35 @@ msgstr "set_debug_file_from_fd가 실패했습니다.\n" msgid "Domain of the information provider (mandatory)" msgstr "정보 공급자의 도메인 (필수)" -#: src/sss_client/common.c:1129 +#: src/sss_client/common.c:1169 msgid "Privileged socket has wrong ownership or permissions." msgstr "권한 있는 소켓에 잘못된 소유권 또는 권한이 있습니다." -#: src/sss_client/common.c:1132 +#: src/sss_client/common.c:1172 msgid "Public socket has wrong ownership or permissions." msgstr "공용 소켓에 잘못된 소유권 또는 권한이 있습니다." -#: src/sss_client/common.c:1135 +#: src/sss_client/common.c:1175 msgid "Unexpected format of the server credential message." msgstr "서버 인증 정보 메시지의 예기치 않은 형식입니다." -#: src/sss_client/common.c:1138 +#: src/sss_client/common.c:1178 msgid "SSSD is not run by root." msgstr "SSSD는 루트에 의해 실행되지 않습니다." -#: src/sss_client/common.c:1141 +#: src/sss_client/common.c:1181 msgid "SSSD socket does not exist." msgstr "SSSD 소켓이 존재하지 않습니다." -#: src/sss_client/common.c:1144 +#: src/sss_client/common.c:1184 msgid "Cannot get stat of SSSD socket." msgstr "SSSD 소켓 통계를 가져올 수 없습니다." -#: src/sss_client/common.c:1149 +#: src/sss_client/common.c:1189 msgid "An error occurred, but no description can be found." msgstr "오류가 발생했지만 설명을 찾을 수 없습니다." -#: src/sss_client/common.c:1155 +#: src/sss_client/common.c:1195 msgid "Unexpected error while looking for an error description" msgstr "오류 설명을 찾는 동안 예기치 않은 오류 발생" @@ -2067,7 +2067,8 @@ msgstr "서버 메시지: " msgid "" "Kerberos TGT will not be granted upon login, user experience will be " "affected." -msgstr "커버러스 TGT는 로그인 시 허용되지 않으며, 사용자 환경에 영향을 미칩니다." +msgstr "" +"커버러스 TGT는 로그인 시 허용되지 않으며, 사용자 환경에 영향을 미칩니다." #: src/sss_client/pam_sss.c:72 msgid "Enter PIN:" @@ -2127,7 +2128,8 @@ msgstr "PIN 잠금" msgid "" "No Kerberos TGT granted as the server does not support this method. Your " "single-sign on(SSO) experience will be affected." -msgstr "서버가 이와 같은 방식을 지원하지 않으므로 커버러스 TGT가 허용되지 않습니다. " +msgstr "" +"서버가 이와 같은 방식을 지원하지 않으므로 커버러스 TGT가 허용되지 않습니다. " "통합인증(SSO) 환경이 영향을 받습니다." #: src/sss_client/pam_sss.c:835 src/sss_client/pam_sss.c:848 diff --git a/po/nb.po b/po/nb.po index 11856f4582e..6c1495c8e52 100644 --- a/po/nb.po +++ b/po/nb.po @@ -8,7 +8,7 @@ msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" -"POT-Creation-Date: 2023-09-07 11:48+0200\n" +"POT-Creation-Date: 2023-11-13 11:54+0100\n" "PO-Revision-Date: 2014-12-14 11:46-0500\n" "Last-Translator: Copied by Zanata <copied-by-zanata@zanata.org>\n" "Language-Team: Norwegian Bokmål (http://www.transifex.com/projects/p/sssd/" @@ -1953,35 +1953,35 @@ msgstr "" msgid "Domain of the information provider (mandatory)" msgstr "" -#: src/sss_client/common.c:1129 +#: src/sss_client/common.c:1169 msgid "Privileged socket has wrong ownership or permissions." msgstr "" -#: src/sss_client/common.c:1132 +#: src/sss_client/common.c:1172 msgid "Public socket has wrong ownership or permissions." msgstr "" -#: src/sss_client/common.c:1135 +#: src/sss_client/common.c:1175 msgid "Unexpected format of the server credential message." msgstr "" -#: src/sss_client/common.c:1138 +#: src/sss_client/common.c:1178 msgid "SSSD is not run by root." msgstr "" -#: src/sss_client/common.c:1141 +#: src/sss_client/common.c:1181 msgid "SSSD socket does not exist." msgstr "" -#: src/sss_client/common.c:1144 +#: src/sss_client/common.c:1184 msgid "Cannot get stat of SSSD socket." msgstr "" -#: src/sss_client/common.c:1149 +#: src/sss_client/common.c:1189 msgid "An error occurred, but no description can be found." msgstr "" -#: src/sss_client/common.c:1155 +#: src/sss_client/common.c:1195 msgid "Unexpected error while looking for an error description" msgstr "" diff --git a/po/nl.po b/po/nl.po index 90bf6b57903..bd985cf1de3 100644 --- a/po/nl.po +++ b/po/nl.po @@ -13,7 +13,7 @@ msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" -"POT-Creation-Date: 2023-09-07 11:48+0200\n" +"POT-Creation-Date: 2023-11-13 11:54+0100\n" "PO-Revision-Date: 2014-12-14 11:47-0500\n" "Last-Translator: Copied by Zanata <copied-by-zanata@zanata.org>\n" "Language-Team: Dutch (http://www.transifex.com/projects/p/sssd/language/" @@ -2029,36 +2029,36 @@ msgstr "" msgid "Domain of the information provider (mandatory)" msgstr "Domein voor de informatie provider (verplicht)" -#: src/sss_client/common.c:1129 +#: src/sss_client/common.c:1169 msgid "Privileged socket has wrong ownership or permissions." msgstr "Socket met privileges heeft verkeerde rechten of eigendom." -#: src/sss_client/common.c:1132 +#: src/sss_client/common.c:1172 msgid "Public socket has wrong ownership or permissions." msgstr "Publiek socket heeft verkeerde rechten of eigendom." -#: src/sss_client/common.c:1135 +#: src/sss_client/common.c:1175 msgid "Unexpected format of the server credential message." msgstr "Onverwacht formaat van het inloggegevensbericht van de server." -#: src/sss_client/common.c:1138 +#: src/sss_client/common.c:1178 msgid "SSSD is not run by root." msgstr "SSSD wordt niet door root gestart." -#: src/sss_client/common.c:1141 +#: src/sss_client/common.c:1181 msgid "SSSD socket does not exist." msgstr "" -#: src/sss_client/common.c:1144 +#: src/sss_client/common.c:1184 msgid "Cannot get stat of SSSD socket." msgstr "" -#: src/sss_client/common.c:1149 +#: src/sss_client/common.c:1189 msgid "An error occurred, but no description can be found." msgstr "" "Er is een fout opgetreden, maar er kan geen omschrijving gevonden worden." -#: src/sss_client/common.c:1155 +#: src/sss_client/common.c:1195 msgid "Unexpected error while looking for an error description" msgstr "Onverwachtte fout bij het opzoeken van een omschrijving" diff --git a/po/pl.po b/po/pl.po index 4aa3a8b8ed3..c3fdfc18913 100644 --- a/po/pl.po +++ b/po/pl.po @@ -15,7 +15,7 @@ msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" -"POT-Creation-Date: 2023-09-07 11:48+0200\n" +"POT-Creation-Date: 2023-11-13 11:54+0100\n" "PO-Revision-Date: 2023-09-18 03:54+0000\n" "Last-Translator: Piotr Drąg <piotrdrag@gmail.com>\n" "Language-Team: Polish <https://translate.fedoraproject.org/projects/sssd/" @@ -2116,35 +2116,35 @@ msgstr "set_debug_file_from_fd się nie powiodło.\n" msgid "Domain of the information provider (mandatory)" msgstr "Domena dostawcy informacji (wymagane)" -#: src/sss_client/common.c:1129 +#: src/sss_client/common.c:1169 msgid "Privileged socket has wrong ownership or permissions." msgstr "Uprawnione gniazdo ma błędnego właściciela lub uprawnienia." -#: src/sss_client/common.c:1132 +#: src/sss_client/common.c:1172 msgid "Public socket has wrong ownership or permissions." msgstr "Publiczne gniazdo ma błędnego właściciela lub uprawnienia." -#: src/sss_client/common.c:1135 +#: src/sss_client/common.c:1175 msgid "Unexpected format of the server credential message." msgstr "Nieoczekiwany format komunikatu uwierzytelniającego serwera." -#: src/sss_client/common.c:1138 +#: src/sss_client/common.c:1178 msgid "SSSD is not run by root." msgstr "SSSD nie zostało uruchomione w trybie roota." -#: src/sss_client/common.c:1141 +#: src/sss_client/common.c:1181 msgid "SSSD socket does not exist." msgstr "Gniazdo SSSD nie istnieje." -#: src/sss_client/common.c:1144 +#: src/sss_client/common.c:1184 msgid "Cannot get stat of SSSD socket." msgstr "Nie można wykonać „stat” na gnieździe SSSD." -#: src/sss_client/common.c:1149 +#: src/sss_client/common.c:1189 msgid "An error occurred, but no description can be found." msgstr "Wystąpił błąd, ale nie odnaleziono jego opisu." -#: src/sss_client/common.c:1155 +#: src/sss_client/common.c:1195 msgid "Unexpected error while looking for an error description" msgstr "Nieoczekiwany błąd podczas wyszukiwania opisu błędu" diff --git a/po/pt.po b/po/pt.po index bf9e8fe73d6..c61b2f7288d 100644 --- a/po/pt.po +++ b/po/pt.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" -"POT-Creation-Date: 2023-09-07 11:48+0200\n" +"POT-Creation-Date: 2023-11-13 11:54+0100\n" "PO-Revision-Date: 2014-12-14 11:47-0500\n" "Last-Translator: Copied by Zanata <copied-by-zanata@zanata.org>\n" "Language-Team: Portuguese (http://www.transifex.com/projects/p/sssd/language/" @@ -1966,35 +1966,35 @@ msgstr "" msgid "Domain of the information provider (mandatory)" msgstr "Domínio do fornecedor de informação (obrigatório)" -#: src/sss_client/common.c:1129 +#: src/sss_client/common.c:1169 msgid "Privileged socket has wrong ownership or permissions." msgstr "" -#: src/sss_client/common.c:1132 +#: src/sss_client/common.c:1172 msgid "Public socket has wrong ownership or permissions." msgstr "" -#: src/sss_client/common.c:1135 +#: src/sss_client/common.c:1175 msgid "Unexpected format of the server credential message." msgstr "" -#: src/sss_client/common.c:1138 +#: src/sss_client/common.c:1178 msgid "SSSD is not run by root." msgstr "" -#: src/sss_client/common.c:1141 +#: src/sss_client/common.c:1181 msgid "SSSD socket does not exist." msgstr "" -#: src/sss_client/common.c:1144 +#: src/sss_client/common.c:1184 msgid "Cannot get stat of SSSD socket." msgstr "" -#: src/sss_client/common.c:1149 +#: src/sss_client/common.c:1189 msgid "An error occurred, but no description can be found." msgstr "" -#: src/sss_client/common.c:1155 +#: src/sss_client/common.c:1195 msgid "Unexpected error while looking for an error description" msgstr "" diff --git a/po/pt_BR.po b/po/pt_BR.po index 4333198a868..504e1affb7d 100644 --- a/po/pt_BR.po +++ b/po/pt_BR.po @@ -3,7 +3,7 @@ msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" -"POT-Creation-Date: 2023-09-07 11:48+0200\n" +"POT-Creation-Date: 2023-11-13 11:54+0100\n" "PO-Revision-Date: 2015-10-27 08:15-0400\n" "Last-Translator: Marco Aurélio Krause <ouesten@me.com>\n" "Language-Team: Portuguese (Brazil)\n" @@ -1947,35 +1947,35 @@ msgstr "" msgid "Domain of the information provider (mandatory)" msgstr "" -#: src/sss_client/common.c:1129 +#: src/sss_client/common.c:1169 msgid "Privileged socket has wrong ownership or permissions." msgstr "" -#: src/sss_client/common.c:1132 +#: src/sss_client/common.c:1172 msgid "Public socket has wrong ownership or permissions." msgstr "" -#: src/sss_client/common.c:1135 +#: src/sss_client/common.c:1175 msgid "Unexpected format of the server credential message." msgstr "" -#: src/sss_client/common.c:1138 +#: src/sss_client/common.c:1178 msgid "SSSD is not run by root." msgstr "" -#: src/sss_client/common.c:1141 +#: src/sss_client/common.c:1181 msgid "SSSD socket does not exist." msgstr "" -#: src/sss_client/common.c:1144 +#: src/sss_client/common.c:1184 msgid "Cannot get stat of SSSD socket." msgstr "" -#: src/sss_client/common.c:1149 +#: src/sss_client/common.c:1189 msgid "An error occurred, but no description can be found." msgstr "" -#: src/sss_client/common.c:1155 +#: src/sss_client/common.c:1195 msgid "Unexpected error while looking for an error description" msgstr "" diff --git a/po/ru.po b/po/ru.po index 2d1046dccde..8bde701e22f 100644 --- a/po/ru.po +++ b/po/ru.po @@ -12,7 +12,7 @@ msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" -"POT-Creation-Date: 2023-09-07 11:48+0200\n" +"POT-Creation-Date: 2023-11-13 11:54+0100\n" "PO-Revision-Date: 2023-09-18 03:54+0000\n" "Last-Translator: Elena Mishina <lepata@basealt.ru>\n" "Language-Team: Russian <https://translate.fedoraproject.org/projects/sssd/" @@ -2161,37 +2161,37 @@ msgstr "Ошибка set_debug_file_from_fd.\n" msgid "Domain of the information provider (mandatory)" msgstr "Домен поставщика информации (обязательный)" -#: src/sss_client/common.c:1129 +#: src/sss_client/common.c:1169 msgid "Privileged socket has wrong ownership or permissions." msgstr "" "Для привилегированного сокета установлен неверный владелец или права доступа." -#: src/sss_client/common.c:1132 +#: src/sss_client/common.c:1172 msgid "Public socket has wrong ownership or permissions." msgstr "" "Для общедоступного сокета установлен неверный владелец или права доступа." -#: src/sss_client/common.c:1135 +#: src/sss_client/common.c:1175 msgid "Unexpected format of the server credential message." msgstr "Некорректный формат сообщения об учётных данных сервера." -#: src/sss_client/common.c:1138 +#: src/sss_client/common.c:1178 msgid "SSSD is not run by root." msgstr "Запуск SSSD выполнен не от имени пользователя root." -#: src/sss_client/common.c:1141 +#: src/sss_client/common.c:1181 msgid "SSSD socket does not exist." msgstr "Сокет SSSD не существует." -#: src/sss_client/common.c:1144 +#: src/sss_client/common.c:1184 msgid "Cannot get stat of SSSD socket." msgstr "Не удалось получить статистику сокета SSSD." -#: src/sss_client/common.c:1149 +#: src/sss_client/common.c:1189 msgid "An error occurred, but no description can be found." msgstr "Произошла ошибка, но не удалось найти её описание." -#: src/sss_client/common.c:1155 +#: src/sss_client/common.c:1195 msgid "Unexpected error while looking for an error description" msgstr "Непредвиденная ошибка при поиске описания ошибки" diff --git a/po/sssd.pot b/po/sssd.pot index ad02cbf8319..52760586230 100644 --- a/po/sssd.pot +++ b/po/sssd.pot @@ -8,7 +8,7 @@ msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" -"POT-Creation-Date: 2023-09-07 11:48+0200\n" +"POT-Creation-Date: 2023-11-13 11:54+0100\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" "Language-Team: LANGUAGE <LL@li.org>\n" @@ -1950,35 +1950,35 @@ msgstr "" msgid "Domain of the information provider (mandatory)" msgstr "" -#: src/sss_client/common.c:1129 +#: src/sss_client/common.c:1169 msgid "Privileged socket has wrong ownership or permissions." msgstr "" -#: src/sss_client/common.c:1132 +#: src/sss_client/common.c:1172 msgid "Public socket has wrong ownership or permissions." msgstr "" -#: src/sss_client/common.c:1135 +#: src/sss_client/common.c:1175 msgid "Unexpected format of the server credential message." msgstr "" -#: src/sss_client/common.c:1138 +#: src/sss_client/common.c:1178 msgid "SSSD is not run by root." msgstr "" -#: src/sss_client/common.c:1141 +#: src/sss_client/common.c:1181 msgid "SSSD socket does not exist." msgstr "" -#: src/sss_client/common.c:1144 +#: src/sss_client/common.c:1184 msgid "Cannot get stat of SSSD socket." msgstr "" -#: src/sss_client/common.c:1149 +#: src/sss_client/common.c:1189 msgid "An error occurred, but no description can be found." msgstr "" -#: src/sss_client/common.c:1155 +#: src/sss_client/common.c:1195 msgid "Unexpected error while looking for an error description" msgstr "" diff --git a/po/sv.po b/po/sv.po index 6984119f2ea..92955c025e5 100644 --- a/po/sv.po +++ b/po/sv.po @@ -13,7 +13,7 @@ msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" -"POT-Creation-Date: 2023-09-07 11:48+0200\n" +"POT-Creation-Date: 2023-11-13 11:54+0100\n" "PO-Revision-Date: 2023-08-30 14:21+0000\n" "Last-Translator: Göran Uddeborg <goeran@uddeborg.se>\n" "Language-Team: Swedish <https://translate.fedoraproject.org/projects/sssd/" @@ -2090,35 +2090,35 @@ msgstr "set_debug_file_from_fd misslyckades.\n" msgid "Domain of the information provider (mandatory)" msgstr "Domän för informationsleverantören (obligatoriskt)" -#: src/sss_client/common.c:1129 +#: src/sss_client/common.c:1169 msgid "Privileged socket has wrong ownership or permissions." msgstr "Privilegierat uttag (socket) har fel ägarskap eller rättigheter." -#: src/sss_client/common.c:1132 +#: src/sss_client/common.c:1172 msgid "Public socket has wrong ownership or permissions." msgstr "Publikt uttag (socket) har fel ägarskap eller rättigheter." -#: src/sss_client/common.c:1135 +#: src/sss_client/common.c:1175 msgid "Unexpected format of the server credential message." msgstr "Oväntat format på serverns kreditivmeddelande." -#: src/sss_client/common.c:1138 +#: src/sss_client/common.c:1178 msgid "SSSD is not run by root." msgstr "SSSD körs inte av root." -#: src/sss_client/common.c:1141 +#: src/sss_client/common.c:1181 msgid "SSSD socket does not exist." msgstr "SSSD-uttaget finns inte." -#: src/sss_client/common.c:1144 +#: src/sss_client/common.c:1184 msgid "Cannot get stat of SSSD socket." msgstr "Kan inte ta status på SSSD-uttaget." -#: src/sss_client/common.c:1149 +#: src/sss_client/common.c:1189 msgid "An error occurred, but no description can be found." msgstr "Ett fel uppstod, men ingen beskrivning kan hittas." -#: src/sss_client/common.c:1155 +#: src/sss_client/common.c:1195 msgid "Unexpected error while looking for an error description" msgstr "Oväntat fel vid sökning efter ett felmeddelande" diff --git a/po/tg.po b/po/tg.po index e49921b6b82..bd91f81054f 100644 --- a/po/tg.po +++ b/po/tg.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" -"POT-Creation-Date: 2023-09-07 11:48+0200\n" +"POT-Creation-Date: 2023-11-13 11:54+0100\n" "PO-Revision-Date: 2014-12-14 11:48-0500\n" "Last-Translator: Copied by Zanata <copied-by-zanata@zanata.org>\n" "Language-Team: Tajik (http://www.transifex.com/projects/p/sssd/language/" @@ -1952,35 +1952,35 @@ msgstr "" msgid "Domain of the information provider (mandatory)" msgstr "" -#: src/sss_client/common.c:1129 +#: src/sss_client/common.c:1169 msgid "Privileged socket has wrong ownership or permissions." msgstr "" -#: src/sss_client/common.c:1132 +#: src/sss_client/common.c:1172 msgid "Public socket has wrong ownership or permissions." msgstr "" -#: src/sss_client/common.c:1135 +#: src/sss_client/common.c:1175 msgid "Unexpected format of the server credential message." msgstr "" -#: src/sss_client/common.c:1138 +#: src/sss_client/common.c:1178 msgid "SSSD is not run by root." msgstr "" -#: src/sss_client/common.c:1141 +#: src/sss_client/common.c:1181 msgid "SSSD socket does not exist." msgstr "" -#: src/sss_client/common.c:1144 +#: src/sss_client/common.c:1184 msgid "Cannot get stat of SSSD socket." msgstr "" -#: src/sss_client/common.c:1149 +#: src/sss_client/common.c:1189 msgid "An error occurred, but no description can be found." msgstr "" -#: src/sss_client/common.c:1155 +#: src/sss_client/common.c:1195 msgid "Unexpected error while looking for an error description" msgstr "" diff --git a/po/tr.po b/po/tr.po index 44499824d1f..d1f6e7b5c31 100644 --- a/po/tr.po +++ b/po/tr.po @@ -10,7 +10,7 @@ msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" -"POT-Creation-Date: 2023-09-07 11:48+0200\n" +"POT-Creation-Date: 2023-11-13 11:54+0100\n" "PO-Revision-Date: 2023-06-04 04:20+0000\n" "Last-Translator: Kemal Oktay Aktoğan <oktay@e.email>\n" "Language-Team: Turkish <https://translate.fedoraproject.org/projects/sssd/" @@ -2135,36 +2135,36 @@ msgstr "set_debug_file_from_fd başarısız oldu.\n" msgid "Domain of the information provider (mandatory)" msgstr "Bilgi sağlayıcısının etki alanı (zorunlu)" -#: src/sss_client/common.c:1129 +#: src/sss_client/common.c:1169 msgid "Privileged socket has wrong ownership or permissions." msgstr "" "Ayrıcalıklı yuva(privileged socket) yanlış sahiplik veya izinlere sahip." -#: src/sss_client/common.c:1132 +#: src/sss_client/common.c:1172 msgid "Public socket has wrong ownership or permissions." msgstr "Ortak yuva(public socket) yanlış sahiplik veya izinlere sahip." -#: src/sss_client/common.c:1135 +#: src/sss_client/common.c:1175 msgid "Unexpected format of the server credential message." msgstr "Sunucu kimlik bilgisi iletisinin beklenmeyen biçimi." -#: src/sss_client/common.c:1138 +#: src/sss_client/common.c:1178 msgid "SSSD is not run by root." msgstr "SSSD yetkili kullanıcı(root) tarafından çalıştırılmaz." -#: src/sss_client/common.c:1141 +#: src/sss_client/common.c:1181 msgid "SSSD socket does not exist." msgstr "SSSD yuvası(socket) mevcut değil." -#: src/sss_client/common.c:1144 +#: src/sss_client/common.c:1184 msgid "Cannot get stat of SSSD socket." msgstr "SSSD yuvasının(socket) istatistiği alınamıyor." -#: src/sss_client/common.c:1149 +#: src/sss_client/common.c:1189 msgid "An error occurred, but no description can be found." msgstr "Bir hata oluştu, ancak açıklama bulunamadı." -#: src/sss_client/common.c:1155 +#: src/sss_client/common.c:1195 msgid "Unexpected error while looking for an error description" msgstr "Hata açıklaması aranırken beklenmeyen hata" diff --git a/po/uk.po b/po/uk.po index f8e2a90aa4b..64cd35003a6 100644 --- a/po/uk.po +++ b/po/uk.po @@ -15,7 +15,7 @@ msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" -"POT-Creation-Date: 2023-09-07 11:48+0200\n" +"POT-Creation-Date: 2023-11-13 11:54+0100\n" "PO-Revision-Date: 2023-06-02 05:50+0000\n" "Last-Translator: Yuri Chornoivan <yurchor@ukr.net>\n" "Language-Team: Ukrainian <https://translate.fedoraproject.org/projects/sssd/" @@ -2184,35 +2184,35 @@ msgstr "Помилка set_debug_file_from_fd.\n" msgid "Domain of the information provider (mandatory)" msgstr "Домен надання відомостей (обов’язковий)" -#: src/sss_client/common.c:1129 +#: src/sss_client/common.c:1169 msgid "Privileged socket has wrong ownership or permissions." msgstr "У привілейованого сокета помилковий власник або права доступу." -#: src/sss_client/common.c:1132 +#: src/sss_client/common.c:1172 msgid "Public socket has wrong ownership or permissions." msgstr "У відкритого сокета помилковий власник або права доступу." -#: src/sss_client/common.c:1135 +#: src/sss_client/common.c:1175 msgid "Unexpected format of the server credential message." msgstr "Некоректний формат повідомлення щодо реєстраційних даних сервера." -#: src/sss_client/common.c:1138 +#: src/sss_client/common.c:1178 msgid "SSSD is not run by root." msgstr "SSSD запущено не від імені користувача root." -#: src/sss_client/common.c:1141 +#: src/sss_client/common.c:1181 msgid "SSSD socket does not exist." msgstr "Сокета SSSD не існує." -#: src/sss_client/common.c:1144 +#: src/sss_client/common.c:1184 msgid "Cannot get stat of SSSD socket." msgstr "Не вдалося отримати статистику щодо сокета SSSD." -#: src/sss_client/common.c:1149 +#: src/sss_client/common.c:1189 msgid "An error occurred, but no description can be found." msgstr "Сталася помилка, але не вдалося знайти її опису." -#: src/sss_client/common.c:1155 +#: src/sss_client/common.c:1195 msgid "Unexpected error while looking for an error description" msgstr "Неочікувана помилка під час пошуку опису помилки" diff --git a/po/zh_CN.po b/po/zh_CN.po index b8a6c8367e3..3eec2555526 100644 --- a/po/zh_CN.po +++ b/po/zh_CN.po @@ -13,7 +13,7 @@ msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" -"POT-Creation-Date: 2023-09-07 11:48+0200\n" +"POT-Creation-Date: 2023-11-13 11:54+0100\n" "PO-Revision-Date: 2023-07-24 17:20+0000\n" "Last-Translator: Funda Wang <fundawang@yeah.net>\n" "Language-Team: Chinese (Simplified) <https://translate.fedoraproject.org/" @@ -1995,35 +1995,35 @@ msgstr "set_debug_file_from_fd 失败。\n" msgid "Domain of the information provider (mandatory)" msgstr "信息提供者的域(强制)" -#: src/sss_client/common.c:1129 +#: src/sss_client/common.c:1169 msgid "Privileged socket has wrong ownership or permissions." msgstr "特权套接字有错误的所有权或权限。" -#: src/sss_client/common.c:1132 +#: src/sss_client/common.c:1172 msgid "Public socket has wrong ownership or permissions." msgstr "公共套接字有错误的所有权或权限。" -#: src/sss_client/common.c:1135 +#: src/sss_client/common.c:1175 msgid "Unexpected format of the server credential message." msgstr "服务器凭证消息的格式异常。" -#: src/sss_client/common.c:1138 +#: src/sss_client/common.c:1178 msgid "SSSD is not run by root." msgstr "SSSD 没有由 root 运行。" -#: src/sss_client/common.c:1141 +#: src/sss_client/common.c:1181 msgid "SSSD socket does not exist." msgstr "SSSD socket 不存在。" -#: src/sss_client/common.c:1144 +#: src/sss_client/common.c:1184 msgid "Cannot get stat of SSSD socket." msgstr "无法获取 SSSD socket 的统计数据。" -#: src/sss_client/common.c:1149 +#: src/sss_client/common.c:1189 msgid "An error occurred, but no description can be found." msgstr "发生错误,但找不到描述信息。" -#: src/sss_client/common.c:1155 +#: src/sss_client/common.c:1195 msgid "Unexpected error while looking for an error description" msgstr "查找错误说明时出现意外错误" diff --git a/po/zh_TW.po b/po/zh_TW.po index ae9b0c37f47..60c87f4bf86 100644 --- a/po/zh_TW.po +++ b/po/zh_TW.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" -"POT-Creation-Date: 2023-09-07 11:48+0200\n" +"POT-Creation-Date: 2023-11-13 11:54+0100\n" "PO-Revision-Date: 2014-12-14 11:50-0500\n" "Last-Translator: Copied by Zanata <copied-by-zanata@zanata.org>\n" "Language-Team: Chinese (Taiwan) (http://www.transifex.com/projects/p/sssd/" @@ -1954,35 +1954,35 @@ msgstr "" msgid "Domain of the information provider (mandatory)" msgstr "" -#: src/sss_client/common.c:1129 +#: src/sss_client/common.c:1169 msgid "Privileged socket has wrong ownership or permissions." msgstr "" -#: src/sss_client/common.c:1132 +#: src/sss_client/common.c:1172 msgid "Public socket has wrong ownership or permissions." msgstr "" -#: src/sss_client/common.c:1135 +#: src/sss_client/common.c:1175 msgid "Unexpected format of the server credential message." msgstr "" -#: src/sss_client/common.c:1138 +#: src/sss_client/common.c:1178 msgid "SSSD is not run by root." msgstr "" -#: src/sss_client/common.c:1141 +#: src/sss_client/common.c:1181 msgid "SSSD socket does not exist." msgstr "" -#: src/sss_client/common.c:1144 +#: src/sss_client/common.c:1184 msgid "Cannot get stat of SSSD socket." msgstr "" -#: src/sss_client/common.c:1149 +#: src/sss_client/common.c:1189 msgid "An error occurred, but no description can be found." msgstr "" -#: src/sss_client/common.c:1155 +#: src/sss_client/common.c:1195 msgid "Unexpected error while looking for an error description" msgstr "" diff --git a/src/man/po/br.po b/src/man/po/br.po index 52581a7bf0b..13e09ccd931 100644 --- a/src/man/po/br.po +++ b/src/man/po/br.po @@ -8,7 +8,7 @@ msgid "" msgstr "" "Project-Id-Version: sssd-docs 2.3.0\n" "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" -"POT-Creation-Date: 2023-09-07 11:47+0200\n" +"POT-Creation-Date: 2023-11-13 11:53+0100\n" "PO-Revision-Date: 2014-12-14 11:51-0500\n" "Last-Translator: Copied by Zanata <copied-by-zanata@zanata.org>\n" "Language-Team: Breton (http://www.transifex.com/projects/p/sssd/language/" @@ -206,10 +206,10 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:136 sssd.conf.5.xml:173 sssd.conf.5.xml:358 #: sssd.conf.5.xml:714 sssd.conf.5.xml:729 sssd.conf.5.xml:952 -#: sssd.conf.5.xml:1070 sssd.conf.5.xml:2198 sssd-ldap.5.xml:1071 -#: sssd-ldap.5.xml:1174 sssd-ldap.5.xml:1243 sssd-ldap.5.xml:1750 -#: sssd-ldap.5.xml:1815 sssd-ipa.5.xml:342 sssd-ad.5.xml:252 sssd-ad.5.xml:366 -#: sssd-ad.5.xml:1200 sssd-ad.5.xml:1348 sssd-krb5.5.xml:358 +#: sssd.conf.5.xml:1070 sssd.conf.5.xml:2198 sssd-ldap.5.xml:1073 +#: sssd-ldap.5.xml:1176 sssd-ldap.5.xml:1245 sssd-ldap.5.xml:1752 +#: sssd-ldap.5.xml:1817 sssd-ipa.5.xml:347 sssd-ad.5.xml:252 sssd-ad.5.xml:366 +#: sssd-ad.5.xml:1200 sssd-ad.5.xml:1353 sssd-krb5.5.xml:358 msgid "Default: true" msgstr "Dre ziouer : true" @@ -227,10 +227,10 @@ msgstr "" #. type: Content of: <variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:149 sssd.conf.5.xml:652 sssd.conf.5.xml:949 -#: sssd.conf.5.xml:2101 sssd.conf.5.xml:2168 sssd.conf.5.xml:4174 -#: sssd-ldap.5.xml:312 sssd-ldap.5.xml:917 sssd-ldap.5.xml:936 -#: sssd-ldap.5.xml:1146 sssd-ldap.5.xml:1599 sssd-ldap.5.xml:1839 -#: sssd-ipa.5.xml:152 sssd-ipa.5.xml:254 sssd-ipa.5.xml:657 sssd-ad.5.xml:1106 +#: sssd.conf.5.xml:2101 sssd.conf.5.xml:2168 sssd.conf.5.xml:4191 +#: sssd-ldap.5.xml:313 sssd-ldap.5.xml:919 sssd-ldap.5.xml:938 +#: sssd-ldap.5.xml:1148 sssd-ldap.5.xml:1601 sssd-ldap.5.xml:1841 +#: sssd-ipa.5.xml:152 sssd-ipa.5.xml:254 sssd-ipa.5.xml:662 sssd-ad.5.xml:1106 #: sssd-krb5.5.xml:268 sssd-krb5.5.xml:330 sssd-krb5.5.xml:432 #: include/krb5_options.xml:163 msgid "Default: false" @@ -264,8 +264,8 @@ msgid "" msgstr "" #. type: Content of: outside any tag (error?) -#: sssd.conf.5.xml:109 sssd.conf.5.xml:184 sssd-ldap.5.xml:1656 -#: sssd-ldap.5.xml:1862 sss-certmap.5.xml:645 sssd-systemtap.5.xml:82 +#: sssd.conf.5.xml:109 sssd.conf.5.xml:184 sssd-ldap.5.xml:1658 +#: sssd-ldap.5.xml:1864 sss-certmap.5.xml:645 sssd-systemtap.5.xml:82 #: sssd-systemtap.5.xml:143 sssd-systemtap.5.xml:236 sssd-systemtap.5.xml:274 #: sssd-systemtap.5.xml:330 sssd-ldap-attributes.5.xml:40 #: sssd-ldap-attributes.5.xml:659 sssd-ldap-attributes.5.xml:801 @@ -296,7 +296,7 @@ msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:196 sssd.conf.5.xml:1290 sssd.conf.5.xml:1767 -#: sssd.conf.5.xml:4190 sssd-ldap.5.xml:765 include/ldap_id_mapping.xml:270 +#: sssd.conf.5.xml:4207 sssd-ldap.5.xml:766 include/ldap_id_mapping.xml:270 msgid "Default: 10" msgstr "" @@ -372,7 +372,7 @@ msgid "" msgstr "" #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:266 sssd.conf.5.xml:792 sssd.conf.5.xml:3709 +#: sssd.conf.5.xml:266 sssd.conf.5.xml:792 sssd.conf.5.xml:3716 #: include/failover.xml:100 msgid "Default: 3" msgstr "Dre ziouer : 3" @@ -394,7 +394,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:287 sssd.conf.5.xml:3541 +#: sssd.conf.5.xml:287 sssd.conf.5.xml:3548 msgid "re_expression (string)" msgstr "re_expression (neudennad)" @@ -414,12 +414,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:304 sssd.conf.5.xml:3598 +#: sssd.conf.5.xml:304 sssd.conf.5.xml:3605 msgid "full_name_format (string)" msgstr "full_name_format (neudennad)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:307 sssd.conf.5.xml:3601 +#: sssd.conf.5.xml:307 sssd.conf.5.xml:3608 msgid "" "A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</" "manvolnum> </citerefentry>-compatible format that describes how to compose a " @@ -427,39 +427,39 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:318 sssd.conf.5.xml:3612 +#: sssd.conf.5.xml:318 sssd.conf.5.xml:3619 msgid "%1$s" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:319 sssd.conf.5.xml:3613 +#: sssd.conf.5.xml:319 sssd.conf.5.xml:3620 msgid "user name" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:322 sssd.conf.5.xml:3616 +#: sssd.conf.5.xml:322 sssd.conf.5.xml:3623 msgid "%2$s" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:325 sssd.conf.5.xml:3619 +#: sssd.conf.5.xml:325 sssd.conf.5.xml:3626 msgid "domain name as specified in the SSSD config file." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:331 sssd.conf.5.xml:3625 +#: sssd.conf.5.xml:331 sssd.conf.5.xml:3632 msgid "%3$s" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:334 sssd.conf.5.xml:3628 +#: sssd.conf.5.xml:334 sssd.conf.5.xml:3635 msgid "" "domain flat name. Mostly usable for Active Directory domains, both directly " "configured or discovered via IPA trusts." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:315 sssd.conf.5.xml:3609 +#: sssd.conf.5.xml:315 sssd.conf.5.xml:3616 msgid "" "The following expansions are supported: <placeholder type=\"variablelist\" " "id=\"0\"/>" @@ -602,8 +602,8 @@ msgid "" msgstr "" #. type: Content of: <variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:468 sssd-ldap.5.xml:876 sssd-ldap.5.xml:888 -#: sssd-ldap.5.xml:980 sssd-ad.5.xml:920 sssd-ad.5.xml:995 sssd-krb5.5.xml:468 +#: sssd.conf.5.xml:468 sssd-ldap.5.xml:877 sssd-ldap.5.xml:889 +#: sssd-ldap.5.xml:982 sssd-ad.5.xml:920 sssd-ad.5.xml:995 sssd-krb5.5.xml:468 #: sssd-ldap-attributes.5.xml:470 sssd-ldap-attributes.5.xml:976 #: include/ldap_id_mapping.xml:211 include/ldap_id_mapping.xml:222 #: include/krb5_options.xml:148 @@ -873,7 +873,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:700 sssd.conf.5.xml:1791 sssd.conf.5.xml:4240 +#: sssd.conf.5.xml:700 sssd.conf.5.xml:1791 sssd.conf.5.xml:4257 #: sssd-ad.5.xml:187 sssd-ad.5.xml:327 sssd-ad.5.xml:341 msgid "Default: Not set" msgstr "" @@ -1058,7 +1058,7 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:858 sssd.conf.5.xml:1201 sssd.conf.5.xml:1584 -#: sssd.conf.5.xml:1880 sssd-ldap.5.xml:494 +#: sssd.conf.5.xml:1880 sssd-ldap.5.xml:495 msgid "Default: 60" msgstr "" @@ -1164,7 +1164,7 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:937 sssd.conf.5.xml:1214 sssd.conf.5.xml:2322 -#: sssd-ldap.5.xml:331 +#: sssd-ldap.5.xml:332 msgid "Default: 300" msgstr "" @@ -1533,7 +1533,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1240 sssd.conf.5.xml:2964 sssd-ldap.5.xml:548 +#: sssd.conf.5.xml:1240 sssd.conf.5.xml:2971 sssd-ldap.5.xml:549 msgid "Default: 8" msgstr "" @@ -1559,8 +1559,8 @@ msgid "" msgstr "" #. type: Content of: <variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1265 sssd.conf.5.xml:1317 sssd.conf.5.xml:3730 -#: sssd-ldap.5.xml:473 sssd-ldap.5.xml:525 include/failover.xml:116 +#: sssd.conf.5.xml:1265 sssd.conf.5.xml:1317 sssd.conf.5.xml:3737 +#: sssd-ldap.5.xml:474 sssd-ldap.5.xml:526 include/failover.xml:116 #: include/krb5_options.xml:11 msgid "Default: 6" msgstr "" @@ -1873,7 +1873,7 @@ msgid "pam_pwd_expiration_warning (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1553 sssd.conf.5.xml:2988 +#: sssd.conf.5.xml:1553 sssd.conf.5.xml:2995 msgid "Display a warning N days before the password expires." msgstr "" @@ -1886,7 +1886,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1562 sssd.conf.5.xml:2991 +#: sssd.conf.5.xml:1562 sssd.conf.5.xml:2998 msgid "" "If zero is set, then this filter is not applied, i.e. if the expiration " "warning was received from backend server, it will automatically be displayed." @@ -1900,7 +1900,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1572 sssd.conf.5.xml:3977 sssd-ldap.5.xml:606 sssd.8.xml:79 +#: sssd.conf.5.xml:1572 sssd.conf.5.xml:3984 sssd-ldap.5.xml:607 sssd.8.xml:79 msgid "Default: 0" msgstr "Dre ziouer : 0" @@ -1963,8 +1963,8 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1632 sssd.conf.5.xml:1657 sssd.conf.5.xml:1676 -#: sssd.conf.5.xml:1913 sssd.conf.5.xml:2733 sssd.conf.5.xml:3906 -#: sssd-ldap.5.xml:1207 +#: sssd.conf.5.xml:1913 sssd.conf.5.xml:2733 sssd.conf.5.xml:3913 +#: sssd-ldap.5.xml:1209 msgid "Default: none" msgstr "" @@ -2027,8 +2027,8 @@ msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1687 sssd.conf.5.xml:1698 sssd.conf.5.xml:1712 -#: sssd-ldap.5.xml:671 sssd-ldap.5.xml:692 sssd-ldap.5.xml:788 -#: sssd-ldap.5.xml:1293 sssd-ad.5.xml:505 sssd-ad.5.xml:581 sssd-ad.5.xml:1126 +#: sssd-ldap.5.xml:672 sssd-ldap.5.xml:693 sssd-ldap.5.xml:789 +#: sssd-ldap.5.xml:1295 sssd-ad.5.xml:505 sssd-ad.5.xml:581 sssd-ad.5.xml:1126 #: sssd-ad.5.xml:1175 include/ldap_id_mapping.xml:250 msgid "Default: False" msgstr "" @@ -2067,7 +2067,7 @@ msgid "The path to the certificate database." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1723 sssd.conf.5.xml:2248 sssd.conf.5.xml:4354 +#: sssd.conf.5.xml:1723 sssd.conf.5.xml:2248 sssd.conf.5.xml:4371 msgid "Default:" msgstr "" @@ -2335,7 +2335,7 @@ msgid "Default: no_session" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1950 sssd.conf.5.xml:4293 +#: sssd.conf.5.xml:1950 sssd.conf.5.xml:4310 msgid "pam_gssapi_services" msgstr "" @@ -2369,7 +2369,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1968 sssd.conf.5.xml:3900 +#: sssd.conf.5.xml:1968 sssd.conf.5.xml:3907 msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" @@ -2379,7 +2379,7 @@ msgid "Default: - (GSSAPI authentication is disabled)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1979 sssd.conf.5.xml:4294 +#: sssd.conf.5.xml:1979 sssd.conf.5.xml:4311 msgid "pam_gssapi_check_upn" msgstr "" @@ -2399,7 +2399,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1999 sssd-ad.5.xml:1266 sss_rpcidmapd.5.xml:76 +#: sssd.conf.5.xml:1999 sssd-ad.5.xml:1271 sss_rpcidmapd.5.xml:76 #: sssd-files.5.xml:145 msgid "Default: True" msgstr "" @@ -3164,7 +3164,7 @@ msgid "FALSE = No enumerations for this domain" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2669 sssd.conf.5.xml:2943 sssd.conf.5.xml:3120 +#: sssd.conf.5.xml:2669 sssd.conf.5.xml:2950 sssd.conf.5.xml:3127 msgid "Default: FALSE" msgstr "" @@ -3433,7 +3433,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2922 sssd-ldap.5.xml:360 sssd-ldap.5.xml:1736 +#: sssd.conf.5.xml:2922 sssd-ldap.5.xml:361 sssd-ldap.5.xml:1738 #: sssd-ipa.5.xml:270 msgid "Default: 0 (disabled)" msgstr "" @@ -3445,11 +3445,17 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:2931 -msgid "Determines if user credentials are also cached in the local LDB cache." +msgid "" +"Determines if user credentials are also cached in the local LDB cache. The " +"cached credentials refer to passwords, which includes the first (long term) " +"factor of two-factor authentication, not other authentication mechanisms. " +"Passkey and Smartcard authentications are expected to work offline as long " +"as a successful online authentication is recorded in the cache without " +"additional configuration." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2935 +#: sssd.conf.5.xml:2942 msgid "" "Take a note that while credentials are stored as a salted SHA512 hash, this " "still potentially poses some security risk in case an attacker manages to " @@ -3458,12 +3464,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2949 +#: sssd.conf.5.xml:2956 msgid "cache_credentials_minimal_first_factor_length (int)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2952 +#: sssd.conf.5.xml:2959 msgid "" "If 2-Factor-Authentication (2FA) is used and credentials should be saved " "this value determines the minimal length the first authentication factor " @@ -3471,19 +3477,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2959 +#: sssd.conf.5.xml:2966 msgid "" "This should avoid that the short PINs of a PIN based 2FA scheme are saved in " "the cache which would make them easy targets for brute-force attacks." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2970 +#: sssd.conf.5.xml:2977 msgid "account_cache_expiration (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2973 +#: sssd.conf.5.xml:2980 msgid "" "Number of days entries are left in cache after last successful login before " "being removed during a cleanup of the cache. 0 means keep forever. The " @@ -3492,17 +3498,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2980 +#: sssd.conf.5.xml:2987 msgid "Default: 0 (unlimited)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2985 +#: sssd.conf.5.xml:2992 msgid "pwd_expiration_warning (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2996 +#: sssd.conf.5.xml:3003 msgid "" "Please note that the backend server has to provide information about the " "expiration time of the password. If this information is missing, sssd " @@ -3511,28 +3517,28 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3003 +#: sssd.conf.5.xml:3010 msgid "Default: 7 (Kerberos), 0 (LDAP)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3009 +#: sssd.conf.5.xml:3016 msgid "id_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3012 +#: sssd.conf.5.xml:3019 msgid "" "The identification provider used for the domain. Supported ID providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3016 +#: sssd.conf.5.xml:3023 msgid "<quote>proxy</quote>: Support a legacy NSS provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3019 +#: sssd.conf.5.xml:3026 msgid "" "<quote>files</quote>: FILES provider. See <citerefentry> <refentrytitle>sssd-" "files</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more " @@ -3540,7 +3546,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3027 +#: sssd.conf.5.xml:3034 msgid "" "<quote>ldap</quote>: LDAP provider. See <citerefentry> <refentrytitle>sssd-" "ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more " @@ -3548,8 +3554,8 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3035 sssd.conf.5.xml:3146 sssd.conf.5.xml:3197 -#: sssd.conf.5.xml:3260 +#: sssd.conf.5.xml:3042 sssd.conf.5.xml:3153 sssd.conf.5.xml:3204 +#: sssd.conf.5.xml:3267 msgid "" "<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management " "provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> " @@ -3558,8 +3564,8 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3044 sssd.conf.5.xml:3155 sssd.conf.5.xml:3206 -#: sssd.conf.5.xml:3269 +#: sssd.conf.5.xml:3051 sssd.conf.5.xml:3162 sssd.conf.5.xml:3213 +#: sssd.conf.5.xml:3276 msgid "" "<quote>ad</quote>: Active Directory provider. See <citerefentry> " "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3567,19 +3573,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3055 +#: sssd.conf.5.xml:3062 msgid "use_fully_qualified_names (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3058 +#: sssd.conf.5.xml:3065 msgid "" "Use the full name and domain (as formatted by the domain's full_name_format) " "as the user's login name reported to NSS." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3063 +#: sssd.conf.5.xml:3070 msgid "" "If set to TRUE, all requests to this domain must use fully qualified names. " "For example, if used in LOCAL domain that contains a \"test\" user, " @@ -3588,7 +3594,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3071 +#: sssd.conf.5.xml:3078 msgid "" "NOTE: This option has no effect on netgroup lookups due to their tendency to " "include nested netgroups without qualified names. For netgroups, all domains " @@ -3596,24 +3602,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3078 +#: sssd.conf.5.xml:3085 msgid "" "Default: FALSE (TRUE for trusted domain/sub-domains or if " "default_domain_suffix is used)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3085 +#: sssd.conf.5.xml:3092 msgid "ignore_group_members (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3088 +#: sssd.conf.5.xml:3095 msgid "Do not return group members for group lookups." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3091 +#: sssd.conf.5.xml:3098 msgid "" "If set to TRUE, the group membership attribute is not requested from the " "ldap server, and group members are not returned when processing group lookup " @@ -3625,7 +3631,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3109 +#: sssd.conf.5.xml:3116 msgid "" "Enabling this option can also make access provider checks for group " "membership significantly faster, especially for groups containing many " @@ -3633,30 +3639,30 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3115 sssd.conf.5.xml:3822 sssd-ldap.5.xml:326 -#: sssd-ldap.5.xml:355 sssd-ldap.5.xml:408 sssd-ldap.5.xml:468 -#: sssd-ldap.5.xml:489 sssd-ldap.5.xml:520 sssd-ldap.5.xml:543 -#: sssd-ldap.5.xml:582 sssd-ldap.5.xml:601 sssd-ldap.5.xml:625 -#: sssd-ldap.5.xml:1051 sssd-ldap.5.xml:1084 +#: sssd.conf.5.xml:3122 sssd.conf.5.xml:3829 sssd-ldap.5.xml:327 +#: sssd-ldap.5.xml:356 sssd-ldap.5.xml:409 sssd-ldap.5.xml:469 +#: sssd-ldap.5.xml:490 sssd-ldap.5.xml:521 sssd-ldap.5.xml:544 +#: sssd-ldap.5.xml:583 sssd-ldap.5.xml:602 sssd-ldap.5.xml:626 +#: sssd-ldap.5.xml:1053 sssd-ldap.5.xml:1086 msgid "" "This option can be also set per subdomain or inherited via " "<emphasis>subdomain_inherit</emphasis>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3125 +#: sssd.conf.5.xml:3132 msgid "auth_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3128 +#: sssd.conf.5.xml:3135 msgid "" "The authentication provider used for the domain. Supported auth providers " "are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3132 sssd.conf.5.xml:3190 +#: sssd.conf.5.xml:3139 sssd.conf.5.xml:3197 msgid "" "<quote>ldap</quote> for native LDAP authentication. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3664,7 +3670,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3139 +#: sssd.conf.5.xml:3146 msgid "" "<quote>krb5</quote> for Kerberos authentication. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3672,30 +3678,30 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3163 +#: sssd.conf.5.xml:3170 msgid "" "<quote>proxy</quote> for relaying authentication to some other PAM target." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3166 +#: sssd.conf.5.xml:3173 msgid "<quote>none</quote> disables authentication explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3169 +#: sssd.conf.5.xml:3176 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can handle " "authentication requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3175 +#: sssd.conf.5.xml:3182 msgid "access_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3178 +#: sssd.conf.5.xml:3185 msgid "" "The access control provider used for the domain. There are two built-in " "access providers (in addition to any included in installed backends) " @@ -3703,19 +3709,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3184 +#: sssd.conf.5.xml:3191 msgid "" "<quote>permit</quote> always allow access. It's the only permitted access " "provider for a local domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3187 +#: sssd.conf.5.xml:3194 msgid "<quote>deny</quote> always deny access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3214 +#: sssd.conf.5.xml:3221 msgid "" "<quote>simple</quote> access control based on access or deny lists. See " "<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</" @@ -3724,7 +3730,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3221 +#: sssd.conf.5.xml:3228 msgid "" "<quote>krb5</quote>: .k5login based access control. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum></" @@ -3732,29 +3738,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3228 +#: sssd.conf.5.xml:3235 msgid "<quote>proxy</quote> for relaying access control to another PAM module." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3231 +#: sssd.conf.5.xml:3238 msgid "Default: <quote>permit</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3236 +#: sssd.conf.5.xml:3243 msgid "chpass_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3239 +#: sssd.conf.5.xml:3246 msgid "" "The provider which should handle change password operations for the domain. " "Supported change password providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3244 +#: sssd.conf.5.xml:3251 msgid "" "<quote>ldap</quote> to change a password stored in a LDAP server. See " "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" @@ -3762,7 +3768,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3252 +#: sssd.conf.5.xml:3259 msgid "" "<quote>krb5</quote> to change the Kerberos password. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3770,35 +3776,35 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3277 +#: sssd.conf.5.xml:3284 msgid "" "<quote>proxy</quote> for relaying password changes to some other PAM target." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3281 +#: sssd.conf.5.xml:3288 msgid "<quote>none</quote> disallows password changes explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3284 +#: sssd.conf.5.xml:3291 msgid "" "Default: <quote>auth_provider</quote> is used if it is set and can handle " "change password requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3291 +#: sssd.conf.5.xml:3298 msgid "sudo_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3294 +#: sssd.conf.5.xml:3301 msgid "The SUDO provider used for the domain. Supported SUDO providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3298 +#: sssd.conf.5.xml:3305 msgid "" "<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3806,32 +3812,32 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3306 +#: sssd.conf.5.xml:3313 msgid "" "<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default " "settings." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3310 +#: sssd.conf.5.xml:3317 msgid "" "<quote>ad</quote> the same as <quote>ldap</quote> but with AD default " "settings." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3314 +#: sssd.conf.5.xml:3321 msgid "<quote>none</quote> disables SUDO explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3317 sssd.conf.5.xml:3403 sssd.conf.5.xml:3473 -#: sssd.conf.5.xml:3498 sssd.conf.5.xml:3534 +#: sssd.conf.5.xml:3324 sssd.conf.5.xml:3410 sssd.conf.5.xml:3480 +#: sssd.conf.5.xml:3505 sssd.conf.5.xml:3541 msgid "Default: The value of <quote>id_provider</quote> is used if it is set." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3321 +#: sssd.conf.5.xml:3328 msgid "" "The detailed instructions for configuration of sudo_provider are in the " "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " @@ -3842,7 +3848,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3336 +#: sssd.conf.5.xml:3343 msgid "" "<emphasis>NOTE:</emphasis> Sudo rules are periodically downloaded in the " "background unless the sudo provider is explicitly disabled. Set " @@ -3851,12 +3857,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3346 +#: sssd.conf.5.xml:3353 msgid "selinux_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3349 +#: sssd.conf.5.xml:3356 msgid "" "The provider which should handle loading of selinux settings. Note that this " "provider will be called right after access provider ends. Supported selinux " @@ -3864,7 +3870,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3355 +#: sssd.conf.5.xml:3362 msgid "" "<quote>ipa</quote> to load selinux settings from an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" @@ -3872,31 +3878,31 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3363 +#: sssd.conf.5.xml:3370 msgid "<quote>none</quote> disallows fetching selinux settings explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3366 +#: sssd.conf.5.xml:3373 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can handle " "selinux loading requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3372 +#: sssd.conf.5.xml:3379 msgid "subdomains_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3375 +#: sssd.conf.5.xml:3382 msgid "" "The provider which should handle fetching of subdomains. This value should " "be always the same as id_provider. Supported subdomain providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3381 +#: sssd.conf.5.xml:3388 msgid "" "<quote>ipa</quote> to load a list of subdomains from an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" @@ -3904,7 +3910,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3390 +#: sssd.conf.5.xml:3397 msgid "" "<quote>ad</quote> to load a list of subdomains from an Active Directory " "server. See <citerefentry> <refentrytitle>sssd-ad</refentrytitle> " @@ -3913,17 +3919,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3399 +#: sssd.conf.5.xml:3406 msgid "<quote>none</quote> disallows fetching subdomains explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3409 +#: sssd.conf.5.xml:3416 msgid "session_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3412 +#: sssd.conf.5.xml:3419 msgid "" "The provider which configures and manages user session related tasks. The " "only user session task currently provided is the integration with Fleet " @@ -3931,43 +3937,43 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3419 +#: sssd.conf.5.xml:3426 msgid "<quote>ipa</quote> to allow performing user session related tasks." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3423 +#: sssd.conf.5.xml:3430 msgid "" "<quote>none</quote> does not perform any kind of user session related tasks." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3427 +#: sssd.conf.5.xml:3434 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can perform " "session related tasks." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3431 +#: sssd.conf.5.xml:3438 msgid "" "<emphasis>NOTE:</emphasis> In order to have this feature working as expected " "SSSD must be running as \"root\" and not as the unprivileged user." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3439 +#: sssd.conf.5.xml:3446 msgid "autofs_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3442 +#: sssd.conf.5.xml:3449 msgid "" "The autofs provider used for the domain. Supported autofs providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3446 +#: sssd.conf.5.xml:3453 msgid "" "<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3975,7 +3981,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3453 +#: sssd.conf.5.xml:3460 msgid "" "<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> " "<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3983,7 +3989,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3461 +#: sssd.conf.5.xml:3468 msgid "" "<quote>ad</quote> to load maps stored in an AD server. See <citerefentry> " "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3991,24 +3997,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3470 +#: sssd.conf.5.xml:3477 msgid "<quote>none</quote> disables autofs explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3480 +#: sssd.conf.5.xml:3487 msgid "hostid_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3483 +#: sssd.conf.5.xml:3490 msgid "" "The provider used for retrieving host identity information. Supported " "hostid providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3487 +#: sssd.conf.5.xml:3494 msgid "" "<quote>ipa</quote> to load host identity stored in an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" @@ -4016,31 +4022,31 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3495 +#: sssd.conf.5.xml:3502 msgid "<quote>none</quote> disables hostid explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3505 +#: sssd.conf.5.xml:3512 msgid "resolver_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3508 +#: sssd.conf.5.xml:3515 msgid "" "The provider which should handle hosts and networks lookups. Supported " "resolver providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3512 +#: sssd.conf.5.xml:3519 msgid "" "<quote>proxy</quote> to forward lookups to another NSS library. See " "<quote>proxy_resolver_lib_name</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3516 +#: sssd.conf.5.xml:3523 msgid "" "<quote>ldap</quote> to fetch hosts and networks stored in LDAP. See " "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" @@ -4048,7 +4054,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3523 +#: sssd.conf.5.xml:3530 msgid "" "<quote>ad</quote> to fetch hosts and networks stored in AD. See " "<citerefentry> <refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</" @@ -4057,12 +4063,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3531 +#: sssd.conf.5.xml:3538 msgid "<quote>none</quote> disallows fetching hosts and networks explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3544 +#: sssd.conf.5.xml:3551 msgid "" "Regular expression for this domain that describes how to parse the string " "containing user name and domain into these components. The \"domain\" can " @@ -4072,24 +4078,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3553 +#: sssd.conf.5.xml:3560 msgid "" "Default: <quote>^((?P<name>.+)@(?P<domain>[^@]*)|(?P<name>" "[^@]+))$</quote> which allows two different styles for user names:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:3558 sssd.conf.5.xml:3572 +#: sssd.conf.5.xml:3565 sssd.conf.5.xml:3579 msgid "username" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:3561 sssd.conf.5.xml:3575 +#: sssd.conf.5.xml:3568 sssd.conf.5.xml:3582 msgid "username@domain.name" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3566 +#: sssd.conf.5.xml:3573 msgid "" "Default for the AD and IPA provider: <quote>^(((?P<domain>[^\\\\]+)\\" "\\(?P<name>.+))|((?P<name>.+)@(?P<domain>[^@]+))|((?P<" @@ -4098,19 +4104,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:3578 +#: sssd.conf.5.xml:3585 msgid "domain\\username" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3581 +#: sssd.conf.5.xml:3588 msgid "" "While the first two correspond to the general default the third one is " "introduced to allow easy integration of users from Windows domains." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3586 +#: sssd.conf.5.xml:3593 msgid "" "The default re_expression uses the <quote>@</quote> character as a separator " "between the name and the domain. As a result of this setting the default " @@ -4120,89 +4126,89 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3638 +#: sssd.conf.5.xml:3645 msgid "Default: <quote>%1$s@%2$s</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3644 +#: sssd.conf.5.xml:3651 msgid "lookup_family_order (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3647 +#: sssd.conf.5.xml:3654 msgid "" "Provides the ability to select preferred address family to use when " "performing DNS lookups." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3651 +#: sssd.conf.5.xml:3658 msgid "Supported values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3654 +#: sssd.conf.5.xml:3661 msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3657 +#: sssd.conf.5.xml:3664 msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3660 +#: sssd.conf.5.xml:3667 msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3663 +#: sssd.conf.5.xml:3670 msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3666 +#: sssd.conf.5.xml:3673 msgid "Default: ipv4_first" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3672 +#: sssd.conf.5.xml:3679 msgid "dns_resolver_server_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3675 +#: sssd.conf.5.xml:3682 msgid "" "Defines the amount of time (in milliseconds) SSSD would try to talk to DNS " "server before trying next DNS server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3680 +#: sssd.conf.5.xml:3687 msgid "" "The AD provider will use this option for the CLDAP ping timeouts as well." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3684 sssd.conf.5.xml:3704 sssd.conf.5.xml:3725 +#: sssd.conf.5.xml:3691 sssd.conf.5.xml:3711 sssd.conf.5.xml:3732 msgid "" "Please see the section <quote>FAILOVER</quote> for more information about " "the service resolution." msgstr "" #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3689 sssd-ldap.5.xml:644 include/failover.xml:84 +#: sssd.conf.5.xml:3696 sssd-ldap.5.xml:645 include/failover.xml:84 msgid "Default: 1000" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3695 +#: sssd.conf.5.xml:3702 msgid "dns_resolver_op_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3698 +#: sssd.conf.5.xml:3705 msgid "" "Defines the amount of time (in seconds) to wait to resolve single DNS query " "(e.g. resolution of a hostname or an SRV record) before trying the next " @@ -4210,12 +4216,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3715 +#: sssd.conf.5.xml:3722 msgid "dns_resolver_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3718 +#: sssd.conf.5.xml:3725 msgid "" "Defines the amount of time (in seconds) to wait for a reply from the " "internal fail over service before assuming that the service is unreachable. " @@ -4224,12 +4230,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3736 +#: sssd.conf.5.xml:3743 msgid "dns_resolver_use_search_list (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3739 +#: sssd.conf.5.xml:3746 msgid "" "Normally, the DNS resolver searches the domain list defined in the " "\"search\" directive from the resolv.conf file. This can lead to delays in " @@ -4237,7 +4243,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3745 +#: sssd.conf.5.xml:3752 msgid "" "If fully qualified domain names (or _srv_) are used in the SSSD " "configuration, setting this option to FALSE can prevent unnecessary DNS " @@ -4245,71 +4251,71 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3751 +#: sssd.conf.5.xml:3758 #, fuzzy #| msgid "Default: 3" msgid "Default: TRUE" msgstr "Dre ziouer : 3" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3757 +#: sssd.conf.5.xml:3764 msgid "dns_discovery_domain (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3760 +#: sssd.conf.5.xml:3767 msgid "" "If service discovery is used in the back end, specifies the domain part of " "the service discovery DNS query." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3764 +#: sssd.conf.5.xml:3771 msgid "Default: Use the domain part of machine's hostname" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3770 +#: sssd.conf.5.xml:3777 msgid "override_gid (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3773 +#: sssd.conf.5.xml:3780 msgid "Override the primary GID value with the one specified." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3779 +#: sssd.conf.5.xml:3786 msgid "case_sensitive (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3786 +#: sssd.conf.5.xml:3793 msgid "True" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3789 +#: sssd.conf.5.xml:3796 msgid "Case sensitive. This value is invalid for AD provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3795 +#: sssd.conf.5.xml:3802 msgid "False" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3797 +#: sssd.conf.5.xml:3804 msgid "Case insensitive." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3801 +#: sssd.conf.5.xml:3808 msgid "Preserving" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3804 +#: sssd.conf.5.xml:3811 msgid "" "Same as False (case insensitive), but does not lowercase names in the result " "of NSS operations. Note that name aliases (and in case of services also " @@ -4317,31 +4323,31 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3812 +#: sssd.conf.5.xml:3819 msgid "" "If you want to set this value for trusted domain with IPA provider, you need " "to set it on both the client and SSSD on the server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3782 +#: sssd.conf.5.xml:3789 msgid "" "Treat user and group names as case sensitive. Possible option values are: " "<placeholder type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3827 +#: sssd.conf.5.xml:3834 msgid "Default: True (False for AD provider)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3833 +#: sssd.conf.5.xml:3840 msgid "subdomain_inherit (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3836 +#: sssd.conf.5.xml:3843 msgid "" "Specifies a list of configuration parameters that should be inherited by a " "subdomain. Please note that only selected parameters can be inherited. " @@ -4349,104 +4355,104 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3842 +#: sssd.conf.5.xml:3849 msgid "ldap_search_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3845 +#: sssd.conf.5.xml:3852 msgid "ldap_network_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3848 +#: sssd.conf.5.xml:3855 msgid "ldap_opt_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3851 +#: sssd.conf.5.xml:3858 msgid "ldap_offline_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3854 +#: sssd.conf.5.xml:3861 msgid "ldap_enumeration_refresh_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3857 +#: sssd.conf.5.xml:3864 msgid "ldap_enumeration_refresh_offset" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3860 +#: sssd.conf.5.xml:3867 msgid "ldap_purge_cache_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3863 +#: sssd.conf.5.xml:3870 msgid "ldap_purge_cache_offset" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3866 +#: sssd.conf.5.xml:3873 msgid "" "ldap_krb5_keytab (the value of krb5_keytab will be used if ldap_krb5_keytab " "is not set explicitly)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3870 +#: sssd.conf.5.xml:3877 msgid "ldap_krb5_ticket_lifetime" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3873 +#: sssd.conf.5.xml:3880 msgid "ldap_enumeration_search_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3876 +#: sssd.conf.5.xml:3883 msgid "ldap_connection_expire_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3879 +#: sssd.conf.5.xml:3886 msgid "ldap_connection_expire_offset" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3882 +#: sssd.conf.5.xml:3889 msgid "ldap_connection_idle_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3885 sssd-ldap.5.xml:400 +#: sssd.conf.5.xml:3892 sssd-ldap.5.xml:401 msgid "ldap_use_tokengroups" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3888 +#: sssd.conf.5.xml:3895 msgid "ldap_user_principal" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3891 +#: sssd.conf.5.xml:3898 msgid "ignore_group_members" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3894 +#: sssd.conf.5.xml:3901 msgid "auto_private_groups" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3897 +#: sssd.conf.5.xml:3904 msgid "case_sensitive" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:3902 +#: sssd.conf.5.xml:3909 #, no-wrap msgid "" "subdomain_inherit = ldap_purge_cache_timeout\n" @@ -4454,27 +4460,27 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3909 +#: sssd.conf.5.xml:3916 msgid "Note: This option only works with the IPA and AD provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3916 +#: sssd.conf.5.xml:3923 msgid "subdomain_homedir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3927 +#: sssd.conf.5.xml:3934 msgid "%F" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3928 +#: sssd.conf.5.xml:3935 msgid "flat (NetBIOS) name of a subdomain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3919 +#: sssd.conf.5.xml:3926 msgid "" "Use this homedir as default value for all subdomains within this domain in " "IPA AD trust. See <emphasis>override_homedir</emphasis> for info about " @@ -4484,34 +4490,34 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3933 +#: sssd.conf.5.xml:3940 msgid "" "The value can be overridden by <emphasis>override_homedir</emphasis> option." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3937 +#: sssd.conf.5.xml:3944 msgid "Default: <filename>/home/%d/%u</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3942 +#: sssd.conf.5.xml:3949 msgid "realmd_tags (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3945 +#: sssd.conf.5.xml:3952 msgid "" "Various tags stored by the realmd configuration service for this domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3951 +#: sssd.conf.5.xml:3958 msgid "cached_auth_timeout (int)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3954 +#: sssd.conf.5.xml:3961 msgid "" "Specifies time in seconds since last successful online authentication for " "which user will be authenticated using cached credentials while SSSD is in " @@ -4520,19 +4526,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3962 +#: sssd.conf.5.xml:3969 msgid "" "This option's value is inherited by all trusted domains. At the moment it is " "not possible to set a different value per trusted domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3967 +#: sssd.conf.5.xml:3974 msgid "Special value 0 implies that this feature is disabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3971 +#: sssd.conf.5.xml:3978 msgid "" "Please note that if <quote>cached_auth_timeout</quote> is longer than " "<quote>pam_id_timeout</quote> then the back end could be called to handle " @@ -4540,14 +4546,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3982 +#: sssd.conf.5.xml:3989 #, fuzzy #| msgid "re_expression (string)" msgid "local_auth_policy (string)" msgstr "re_expression (neudennad)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3985 +#: sssd.conf.5.xml:3992 msgid "" "Local authentication methods policy. Some backends (i.e. LDAP, proxy " "provider) only support a password based authentication, while others can " @@ -4558,7 +4564,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3995 +#: sssd.conf.5.xml:4002 msgid "" "There are three possible values for this option: match, only, enable. " "<quote>match</quote> is used to match offline and online states for Kerberos " @@ -4569,8 +4575,17 @@ msgid "" "separated, such as <quote>enable:passkey, enable:smartcard</quote>" msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4014 +msgid "" +"Please note that if local Smartcard authentication is enabled and a " +"Smartcard is present, Smartcard authentication will be preferred over the " +"authentication methods supported by the backend. I.e. there will be a PIN " +"prompt instead of e.g. a password prompt." +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:4011 +#: sssd.conf.5.xml:4026 #, no-wrap msgid "" "[domain/shadowutils]\n" @@ -4581,7 +4596,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4007 +#: sssd.conf.5.xml:4022 msgid "" "The following configuration example allows local users to authenticate " "locally using any enabled method (i.e. smartcard, passkey). <placeholder " @@ -4589,36 +4604,36 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4019 +#: sssd.conf.5.xml:4034 msgid "This option is ignored for the files provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4022 +#: sssd.conf.5.xml:4037 #, fuzzy #| msgid "Default: 3" msgid "Default: match" msgstr "Dre ziouer : 3" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4027 +#: sssd.conf.5.xml:4042 msgid "auto_private_groups (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4033 +#: sssd.conf.5.xml:4048 msgid "true" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4036 +#: sssd.conf.5.xml:4051 msgid "" "Create user's private group unconditionally from user's UID number. The GID " "number is ignored in this case." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4040 +#: sssd.conf.5.xml:4055 msgid "" "NOTE: Because the GID number and the user private group are inferred from " "the UID number, it is not supported to have multiple entries with the same " @@ -4627,24 +4642,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4049 +#: sssd.conf.5.xml:4064 msgid "false" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4052 +#: sssd.conf.5.xml:4067 msgid "" "Always use the user's primary GID number. The GID number must refer to a " "group object in the LDAP database." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4058 +#: sssd.conf.5.xml:4073 msgid "hybrid" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4061 +#: sssd.conf.5.xml:4076 msgid "" "A primary group is autogenerated for user entries whose UID and GID numbers " "have the same value and at the same time the GID number does not correspond " @@ -4654,14 +4669,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4074 +#: sssd.conf.5.xml:4089 msgid "" "If the UID and GID of a user are different, then the GID must correspond to " "a group entry, otherwise the GID is simply not resolvable." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4081 +#: sssd.conf.5.xml:4096 msgid "" "This feature is useful for environments that wish to stop maintaining a " "separate group objects for the user private groups, but also wish to retain " @@ -4669,21 +4684,21 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4030 +#: sssd.conf.5.xml:4045 msgid "" "This option takes any of three available values: <placeholder " "type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4093 +#: sssd.conf.5.xml:4108 msgid "" "For subdomains, the default value is False for subdomains that use assigned " "POSIX IDs and True for subdomains that use automatic ID-mapping." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:4101 +#: sssd.conf.5.xml:4116 #, no-wrap msgid "" "[domain/forest.domain/sub.domain]\n" @@ -4691,7 +4706,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:4107 +#: sssd.conf.5.xml:4122 #, no-wrap msgid "" "[domain/forest.domain]\n" @@ -4700,7 +4715,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4098 +#: sssd.conf.5.xml:4113 msgid "" "The value of auto_private_groups can either be set per subdomains in a " "subsection, for example: <placeholder type=\"programlisting\" id=\"0\"/> or " @@ -4717,29 +4732,30 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4122 +#: sssd.conf.5.xml:4137 msgid "proxy_pam_target (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4125 +#: sssd.conf.5.xml:4140 msgid "The proxy target PAM proxies to." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4128 +#: sssd.conf.5.xml:4143 msgid "" "Default: not set by default, you have to take an existing pam configuration " -"or create a new one and add the service name here." +"or create a new one and add the service name here. As an alternative you can " +"enable local authentication with the local_auth_policy option." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4136 +#: sssd.conf.5.xml:4153 msgid "proxy_lib_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4139 +#: sssd.conf.5.xml:4156 msgid "" "The name of the NSS library to use in proxy domains. The NSS functions " "searched for in the library are in the form of _nss_$(libName)_$(function), " @@ -4747,12 +4763,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4149 +#: sssd.conf.5.xml:4166 msgid "proxy_resolver_lib_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4152 +#: sssd.conf.5.xml:4169 msgid "" "The name of the NSS library to use for hosts and networks lookups in proxy " "domains. The NSS functions searched for in the library are in the form of " @@ -4760,12 +4776,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4163 +#: sssd.conf.5.xml:4180 msgid "proxy_fast_alias (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4166 +#: sssd.conf.5.xml:4183 msgid "" "When a user or group is looked up by name in the proxy provider, a second " "lookup by ID is performed to \"canonicalize\" the name in case the requested " @@ -4774,12 +4790,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4180 +#: sssd.conf.5.xml:4197 msgid "proxy_max_children (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4183 +#: sssd.conf.5.xml:4200 msgid "" "This option specifies the number of pre-forked proxy children. It is useful " "for high-load SSSD environments where sssd may run out of available child " @@ -4787,19 +4803,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4118 +#: sssd.conf.5.xml:4133 msgid "" "Options valid for proxy domains. <placeholder type=\"variablelist\" " "id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:4199 +#: sssd.conf.5.xml:4216 msgid "Application domains" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4201 +#: sssd.conf.5.xml:4218 msgid "" "SSSD, with its D-Bus interface (see <citerefentry> <refentrytitle>sssd-ifp</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry>) is appealing to " @@ -4816,7 +4832,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4221 +#: sssd.conf.5.xml:4238 msgid "" "Please note that the application domain must still be explicitly enabled in " "the <quote>domains</quote> parameter so that the lookup order between the " @@ -4824,17 +4840,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> -#: sssd.conf.5.xml:4227 +#: sssd.conf.5.xml:4244 msgid "Application domain parameters" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4229 +#: sssd.conf.5.xml:4246 msgid "inherit_from (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4232 +#: sssd.conf.5.xml:4249 msgid "" "The SSSD POSIX-type domain the application domain inherits all settings " "from. The application domain can moreover add its own settings to the " @@ -4843,7 +4859,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4246 +#: sssd.conf.5.xml:4263 msgid "" "The following example illustrates the use of an application domain. In this " "setup, the POSIX domain is connected to an LDAP server and is used by the OS " @@ -4853,7 +4869,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><programlisting> -#: sssd.conf.5.xml:4254 +#: sssd.conf.5.xml:4271 #, no-wrap msgid "" "[sssd]\n" @@ -4873,12 +4889,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4274 +#: sssd.conf.5.xml:4291 msgid "TRUSTED DOMAIN SECTION" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4276 +#: sssd.conf.5.xml:4293 msgid "" "Some options used in the domain section can also be used in the trusted " "domain section, that is, in a section called <quote>[domain/" @@ -4889,69 +4905,69 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4283 +#: sssd.conf.5.xml:4300 msgid "ldap_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4284 +#: sssd.conf.5.xml:4301 msgid "ldap_user_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4285 +#: sssd.conf.5.xml:4302 msgid "ldap_group_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4286 +#: sssd.conf.5.xml:4303 msgid "ldap_netgroup_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4287 +#: sssd.conf.5.xml:4304 msgid "ldap_service_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4288 +#: sssd.conf.5.xml:4305 msgid "ldap_sasl_mech," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4289 +#: sssd.conf.5.xml:4306 msgid "ad_server," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4290 +#: sssd.conf.5.xml:4307 msgid "ad_backup_server," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4291 +#: sssd.conf.5.xml:4308 msgid "ad_site," msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4292 sssd-ipa.5.xml:879 +#: sssd.conf.5.xml:4309 sssd-ipa.5.xml:884 msgid "use_fully_qualified_names" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4296 +#: sssd.conf.5.xml:4313 msgid "" "For more details about these options see their individual description in the " "manual page." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4302 +#: sssd.conf.5.xml:4319 msgid "CERTIFICATE MAPPING SECTION" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4304 +#: sssd.conf.5.xml:4321 msgid "" "To allow authentication with Smartcards and certificates SSSD must be able " "to map certificates to users. This can be done by adding the full " @@ -4964,7 +4980,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4318 +#: sssd.conf.5.xml:4335 msgid "" "To make the mapping more flexible mapping and matching rules were added to " "SSSD (see <citerefentry> <refentrytitle>sss-certmap</refentrytitle> " @@ -4972,7 +4988,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4327 +#: sssd.conf.5.xml:4344 msgid "" "A mapping and matching rule can be added to the SSSD configuration in a " "section on its own with a name like <quote>[certmap/" @@ -4981,55 +4997,55 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4334 +#: sssd.conf.5.xml:4351 msgid "matchrule (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4337 +#: sssd.conf.5.xml:4354 msgid "" "Only certificates from the Smartcard which matches this rule will be " "processed, all others are ignored." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4341 +#: sssd.conf.5.xml:4358 msgid "" "Default: KRB5:<EKU>clientAuth, i.e. only certificates which have the " "Extended Key Usage <quote>clientAuth</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4348 +#: sssd.conf.5.xml:4365 msgid "maprule (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4351 +#: sssd.conf.5.xml:4368 msgid "Defines how the user is found for a given certificate." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4357 +#: sssd.conf.5.xml:4374 msgid "" "LDAP:(userCertificate;binary={cert!bin}) for LDAP based providers like " "<quote>ldap</quote>, <quote>AD</quote> or <quote>ipa</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4363 +#: sssd.conf.5.xml:4380 msgid "" "The RULE_NAME for the <quote>files</quote> provider which tries to find a " "user with the same name." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4372 +#: sssd.conf.5.xml:4389 msgid "domains (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4375 +#: sssd.conf.5.xml:4392 msgid "" "Comma separated list of domain names the rule should be applied. By default " "a rule is only valid in the domain configured in sssd.conf. If the provider " @@ -5038,17 +5054,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4382 +#: sssd.conf.5.xml:4399 msgid "Default: the configured domain in sssd.conf" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4387 +#: sssd.conf.5.xml:4404 msgid "priority (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4390 +#: sssd.conf.5.xml:4407 msgid "" "Unsigned integer value defining the priority of the rule. The higher the " "number the lower the priority. <quote>0</quote> stands for the highest " @@ -5056,26 +5072,26 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4396 +#: sssd.conf.5.xml:4413 msgid "Default: the lowest priority" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4402 +#: sssd.conf.5.xml:4419 msgid "" "To make the configuration simple and reduce the amount of configuration " "options the <quote>files</quote> provider has some special properties:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4408 +#: sssd.conf.5.xml:4425 msgid "" "if maprule is not set the RULE_NAME name is assumed to be the name of the " "matching user" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4414 +#: sssd.conf.5.xml:4431 msgid "" "if a maprule is used both a single user name or a template like " "<quote>{subject_rfc822_name.short_name}</quote> must be in braces like e.g. " @@ -5084,17 +5100,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4423 +#: sssd.conf.5.xml:4440 msgid "the <quote>domains</quote> option is ignored" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4431 +#: sssd.conf.5.xml:4448 msgid "PROMPTING CONFIGURATION SECTION" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4433 +#: sssd.conf.5.xml:4450 msgid "" "If a special file (<filename>/var/lib/sss/pubconf/pam_preauth_available</" "filename>) exists SSSD's PAM module pam_sss will ask SSSD to figure out " @@ -5104,7 +5120,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4441 +#: sssd.conf.5.xml:4458 msgid "" "With the growing number of authentication methods and the possibility that " "there are multiple ones for a single user the heuristic used by pam_sss to " @@ -5113,59 +5129,59 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4453 +#: sssd.conf.5.xml:4470 msgid "[prompting/password]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4456 +#: sssd.conf.5.xml:4473 msgid "password_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4457 +#: sssd.conf.5.xml:4474 msgid "to change the string of the password prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4455 +#: sssd.conf.5.xml:4472 msgid "" "to configure password prompting, allowed options are: <placeholder " "type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4465 +#: sssd.conf.5.xml:4482 msgid "[prompting/2fa]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4469 +#: sssd.conf.5.xml:4486 msgid "first_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4470 +#: sssd.conf.5.xml:4487 msgid "to change the string of the prompt for the first factor" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4473 +#: sssd.conf.5.xml:4490 msgid "second_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4474 +#: sssd.conf.5.xml:4491 msgid "to change the string of the prompt for the second factor" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4477 +#: sssd.conf.5.xml:4494 msgid "single_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4478 +#: sssd.conf.5.xml:4495 msgid "" "boolean value, if True there will be only a single prompt using the value of " "first_prompt where it is expected that both factors are entered as a single " @@ -5174,7 +5190,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4467 +#: sssd.conf.5.xml:4484 msgid "" "to configure two-factor authentication prompting, allowed options are: " "<placeholder type=\"variablelist\" id=\"0\"/> If the second factor is " @@ -5183,17 +5199,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4495 +#: sssd.conf.5.xml:4512 msgid "[prompting/passkey]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4501 sssd-ad.5.xml:1021 +#: sssd.conf.5.xml:4518 sssd-ad.5.xml:1021 msgid "interactive" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4503 +#: sssd.conf.5.xml:4520 msgid "" "boolean value, if True prompt a message and wait before testing the presence " "of a passkey device. Recommended if your device doesn’t have a tactile " @@ -5201,46 +5217,46 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4511 +#: sssd.conf.5.xml:4528 msgid "interactive_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4513 +#: sssd.conf.5.xml:4530 msgid "to change the message of the interactive prompt." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4518 +#: sssd.conf.5.xml:4535 msgid "touch" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4520 +#: sssd.conf.5.xml:4537 msgid "" "boolean value, if True prompt a message to remind the user to touch the " "device." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4526 +#: sssd.conf.5.xml:4543 msgid "touch_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4528 +#: sssd.conf.5.xml:4545 msgid "to change the message of the touch prompt." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4497 +#: sssd.conf.5.xml:4514 msgid "" "to configure passkey authentication prompting, allowed options are: " "<placeholder type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4448 +#: sssd.conf.5.xml:4465 msgid "" "Each supported authentication method has its own configuration subsection " "under <quote>[prompting/...]</quote>. Currently there are: <placeholder " @@ -5249,7 +5265,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4539 +#: sssd.conf.5.xml:4556 msgid "" "It is possible to add a subsection for specific PAM services, e.g. " "<quote>[prompting/password/sshd]</quote> to individual change the prompting " @@ -5257,12 +5273,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4546 pam_sss_gss.8.xml:157 idmap_sss.8.xml:43 +#: sssd.conf.5.xml:4563 pam_sss_gss.8.xml:157 idmap_sss.8.xml:43 msgid "EXAMPLES" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4552 +#: sssd.conf.5.xml:4569 #, no-wrap msgid "" "[sssd]\n" @@ -5292,7 +5308,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4548 +#: sssd.conf.5.xml:4565 msgid "" "1. The following example shows a typical SSSD config. It does not describe " "configuration of the domains themselves - refer to documentation on " @@ -5301,7 +5317,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4585 +#: sssd.conf.5.xml:4602 #, no-wrap msgid "" "[domain/ipa.com/child.ad.com]\n" @@ -5309,7 +5325,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4579 +#: sssd.conf.5.xml:4596 msgid "" "2. The following example shows configuration of IPA AD trust where the AD " "forest consists of two domains in a parent-child structure. Suppose IPA " @@ -5320,7 +5336,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4596 +#: sssd.conf.5.xml:4613 #, no-wrap msgid "" "[certmap/my.domain/rule_name]\n" @@ -5331,7 +5347,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4590 +#: sssd.conf.5.xml:4607 msgid "" "3. The following example shows the configuration of a certificate mapping " "rule. It is valid for the configured domain <quote>my.domain</quote> and " @@ -5385,26 +5401,26 @@ msgid "" "LDAP back end supports id, auth, access and chpass providers. If you want to " "authenticate against an LDAP server either TLS/SSL or LDAPS is required. " "<command>sssd</command> <emphasis>does not</emphasis> support authentication " -"over an unencrypted channel. If the LDAP server is used only as an identity " -"provider, an encrypted channel is not needed. Please refer to " -"<quote>ldap_access_filter</quote> config option for more information about " -"using LDAP as an access provider." +"over an unencrypted channel. Even if the LDAP server is used only as an " +"identity provider, an encrypted channel is strongly recommended. Please " +"refer to <quote>ldap_access_filter</quote> config option for more " +"information about using LDAP as an access provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:82 sssd-ad.5.xml:130 +#: sssd-ldap.5.xml:50 sssd-simple.5.xml:69 sssd-ipa.5.xml:82 sssd-ad.5.xml:130 #: sssd-krb5.5.xml:63 sssd-ifp.5.xml:60 sssd-files.5.xml:77 #: sssd-session-recording.5.xml:58 sssd-kcm.8.xml:202 msgid "CONFIGURATION OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:66 +#: sssd-ldap.5.xml:67 msgid "ldap_uri, ldap_backup_uri (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:69 +#: sssd-ldap.5.xml:70 msgid "" "Specifies the comma-separated list of URIs of the LDAP servers to which SSSD " "should connect in the order of preference. Refer to the <quote>FAILOVER</" @@ -5414,33 +5430,33 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:76 +#: sssd-ldap.5.xml:77 msgid "The format of the URI must match the format defined in RFC 2732:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:79 +#: sssd-ldap.5.xml:80 msgid "ldap[s]://<host>[:port]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:82 +#: sssd-ldap.5.xml:83 msgid "" "For explicit IPv6 addresses, <host> must be enclosed in brackets []" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:85 +#: sssd-ldap.5.xml:86 msgid "example: ldap://[fc00::126:25]:389" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:91 +#: sssd-ldap.5.xml:92 msgid "ldap_chpass_uri, ldap_chpass_backup_uri (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:94 +#: sssd-ldap.5.xml:95 msgid "" "Specifies the comma-separated list of URIs of the LDAP servers to which SSSD " "should connect in the order of preference to change the password of a user. " @@ -5449,71 +5465,71 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:101 +#: sssd-ldap.5.xml:102 msgid "To enable service discovery ldap_chpass_dns_service_name must be set." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:105 +#: sssd-ldap.5.xml:106 msgid "Default: empty, i.e. ldap_uri is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:111 +#: sssd-ldap.5.xml:112 msgid "ldap_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:114 +#: sssd-ldap.5.xml:115 msgid "The default base DN to use for performing LDAP user operations." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:118 +#: sssd-ldap.5.xml:119 msgid "" "Starting with SSSD 1.7.0, SSSD supports multiple search bases using the " "syntax:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:122 +#: sssd-ldap.5.xml:123 msgid "search_base[?scope?[filter][?search_base?scope?[filter]]*]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:125 +#: sssd-ldap.5.xml:126 msgid "The scope can be one of \"base\", \"onelevel\" or \"subtree\"." msgstr "" #. type: Content of: <listitem><para> -#: sssd-ldap.5.xml:128 include/ldap_search_bases.xml:18 +#: sssd-ldap.5.xml:129 include/ldap_search_bases.xml:18 msgid "" "The filter must be a valid LDAP search filter as specified by http://www." "ietf.org/rfc/rfc2254.txt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:132 sssd-ad.5.xml:311 sss_override.8.xml:143 +#: sssd-ldap.5.xml:133 sssd-ad.5.xml:311 sss_override.8.xml:143 #: sss_override.8.xml:240 sssd-ldap-attributes.5.xml:453 msgid "Examples:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:135 +#: sssd-ldap.5.xml:136 msgid "" "ldap_search_base = dc=example,dc=com (which is equivalent to) " "ldap_search_base = dc=example,dc=com?subtree?" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:140 +#: sssd-ldap.5.xml:141 msgid "" "ldap_search_base = cn=host_specific,dc=example,dc=com?subtree?" "(host=thishost)?dc=example.com?subtree?" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:143 +#: sssd-ldap.5.xml:144 msgid "" "Note: It is unsupported to have multiple search bases which reference " "identically-named objects (for example, groups with the same name in two " @@ -5522,7 +5538,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:150 +#: sssd-ldap.5.xml:151 msgid "" "Default: If not set, the value of the defaultNamingContext or namingContexts " "attribute from the RootDSE of the LDAP server is used. If " @@ -5533,12 +5549,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:164 +#: sssd-ldap.5.xml:165 msgid "ldap_schema (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:167 +#: sssd-ldap.5.xml:168 msgid "" "Specifies the Schema Type in use on the target LDAP server. Depending on " "the selected schema, the default attribute names retrieved from the servers " @@ -5546,32 +5562,32 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:174 +#: sssd-ldap.5.xml:175 msgid "Four schema types are currently supported:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:178 +#: sssd-ldap.5.xml:179 msgid "rfc2307" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:183 +#: sssd-ldap.5.xml:184 msgid "rfc2307bis" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:188 +#: sssd-ldap.5.xml:189 msgid "IPA" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:193 +#: sssd-ldap.5.xml:194 msgid "AD" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:199 +#: sssd-ldap.5.xml:200 msgid "" "The main difference between these schema types is how group memberships are " "recorded in the server. With rfc2307, group members are listed by name in " @@ -5582,37 +5598,37 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:209 +#: sssd-ldap.5.xml:210 msgid "Default: rfc2307" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:215 +#: sssd-ldap.5.xml:216 msgid "ldap_pwmodify_mode (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:218 +#: sssd-ldap.5.xml:219 msgid "Specify the operation that is used to modify user password." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:222 +#: sssd-ldap.5.xml:223 msgid "Two modes are currently supported:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:226 +#: sssd-ldap.5.xml:227 msgid "exop - Password Modify Extended Operation (RFC 3062)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:232 +#: sssd-ldap.5.xml:233 msgid "ldap_modify - Direct modification of userPassword (not recommended)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:239 +#: sssd-ldap.5.xml:240 msgid "" "Note: First, a new connection is established to verify current password by " "binding as the user that requested password change. If successful, this " @@ -5621,74 +5637,74 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:247 +#: sssd-ldap.5.xml:248 msgid "Default: exop" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:253 +#: sssd-ldap.5.xml:254 msgid "ldap_default_bind_dn (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:256 +#: sssd-ldap.5.xml:257 msgid "The default bind DN to use for performing LDAP operations." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:263 +#: sssd-ldap.5.xml:264 msgid "ldap_default_authtok_type (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:266 +#: sssd-ldap.5.xml:267 msgid "The type of the authentication token of the default bind DN." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:270 +#: sssd-ldap.5.xml:271 msgid "The two mechanisms currently supported are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:273 +#: sssd-ldap.5.xml:274 msgid "password" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:276 +#: sssd-ldap.5.xml:277 msgid "obfuscated_password" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:279 +#: sssd-ldap.5.xml:280 msgid "Default: password" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:282 +#: sssd-ldap.5.xml:283 msgid "" "See the <citerefentry> <refentrytitle>sss_obfuscate</refentrytitle> " "<manvolnum>8</manvolnum> </citerefentry> manual page for more information." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:293 +#: sssd-ldap.5.xml:294 msgid "ldap_default_authtok (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:296 +#: sssd-ldap.5.xml:297 msgid "The authentication token of the default bind DN." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:302 +#: sssd-ldap.5.xml:303 msgid "ldap_force_upper_case_realm (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:305 +#: sssd-ldap.5.xml:306 msgid "" "Some directory servers, for example Active Directory, might deliver the " "realm part of the UPN in lower case, which might cause the authentication to " @@ -5697,24 +5713,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:318 +#: sssd-ldap.5.xml:319 msgid "ldap_enumeration_refresh_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:321 +#: sssd-ldap.5.xml:322 msgid "" "Specifies how many seconds SSSD has to wait before refreshing its cache of " "enumerated records." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:337 +#: sssd-ldap.5.xml:338 msgid "ldap_purge_cache_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:340 +#: sssd-ldap.5.xml:341 msgid "" "Determine how often to check the cache for inactive entries (such as groups " "with no members and users who have never logged in) and remove them to save " @@ -5722,7 +5738,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:346 +#: sssd-ldap.5.xml:347 msgid "" "Setting this option to zero will disable the cache cleanup operation. Please " "note that if enumeration is enabled, the cleanup task is required in order " @@ -5731,12 +5747,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:366 +#: sssd-ldap.5.xml:367 msgid "ldap_group_nesting_level (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:369 +#: sssd-ldap.5.xml:370 msgid "" "If ldap_schema is set to a schema format that supports nested groups (e.g. " "RFC2307bis), then this option controls how many levels of nesting SSSD will " @@ -5744,7 +5760,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:376 +#: sssd-ldap.5.xml:377 msgid "" "Note: This option specifies the guaranteed level of nested groups to be " "processed for any lookup. However, nested groups beyond this limit " @@ -5754,7 +5770,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:385 +#: sssd-ldap.5.xml:386 msgid "" "If ldap_group_nesting_level is set to 0 then no nested groups are processed " "at all. However, when connected to Active-Directory Server 2008 and later " @@ -5764,67 +5780,67 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:394 +#: sssd-ldap.5.xml:395 msgid "Default: 2" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:403 +#: sssd-ldap.5.xml:404 msgid "" "This options enables or disables use of Token-Groups attribute when " "performing initgroup for users from Active Directory Server 2008 and later." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:413 +#: sssd-ldap.5.xml:414 msgid "Default: True for AD and IPA otherwise False." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:419 +#: sssd-ldap.5.xml:420 msgid "ldap_host_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:422 +#: sssd-ldap.5.xml:423 msgid "Optional. Use the given string as search base for host objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:426 sssd-ipa.5.xml:457 sssd-ipa.5.xml:476 sssd-ipa.5.xml:495 -#: sssd-ipa.5.xml:514 +#: sssd-ldap.5.xml:427 sssd-ipa.5.xml:462 sssd-ipa.5.xml:481 sssd-ipa.5.xml:500 +#: sssd-ipa.5.xml:519 msgid "" "See <quote>ldap_search_base</quote> for information about configuring " "multiple search bases." msgstr "" #. type: Content of: <listitem><para> -#: sssd-ldap.5.xml:431 sssd-ipa.5.xml:462 include/ldap_search_bases.xml:27 +#: sssd-ldap.5.xml:432 sssd-ipa.5.xml:467 include/ldap_search_bases.xml:27 msgid "Default: the value of <emphasis>ldap_search_base</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:438 +#: sssd-ldap.5.xml:439 msgid "ldap_service_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:443 +#: sssd-ldap.5.xml:444 msgid "ldap_iphost_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:448 +#: sssd-ldap.5.xml:449 msgid "ldap_ipnetwork_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:453 +#: sssd-ldap.5.xml:454 msgid "ldap_search_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:456 +#: sssd-ldap.5.xml:457 msgid "" "Specifies the timeout (in seconds) that ldap searches are allowed to run " "before they are cancelled and cached results are returned (and offline mode " @@ -5832,7 +5848,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:462 +#: sssd-ldap.5.xml:463 msgid "" "Note: this option is subject to change in future versions of the SSSD. It " "will likely be replaced at some point by a series of timeouts for specific " @@ -5840,12 +5856,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:479 +#: sssd-ldap.5.xml:480 msgid "ldap_enumeration_search_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:482 +#: sssd-ldap.5.xml:483 msgid "" "Specifies the timeout (in seconds) that ldap searches for user and group " "enumerations are allowed to run before they are cancelled and cached results " @@ -5853,12 +5869,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:500 +#: sssd-ldap.5.xml:501 msgid "ldap_network_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:503 +#: sssd-ldap.5.xml:504 msgid "" "Specifies the timeout (in seconds) after which the <citerefentry> " "<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/" @@ -5869,12 +5885,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:531 +#: sssd-ldap.5.xml:532 msgid "ldap_opt_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:534 +#: sssd-ldap.5.xml:535 msgid "" "Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs " "will abort if no response is received. Also controls the timeout when " @@ -5883,12 +5899,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:554 +#: sssd-ldap.5.xml:555 msgid "ldap_connection_expire_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:557 +#: sssd-ldap.5.xml:558 msgid "" "Specifies a timeout (in seconds) that a connection to an LDAP server will be " "maintained. After this time, the connection will be re-established. If used " @@ -5897,7 +5913,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:565 +#: sssd-ldap.5.xml:566 msgid "" "If the connection is idle (not actively running an operation) within " "<emphasis>ldap_opt_timeout</emphasis> seconds of expiration, then it will be " @@ -5908,36 +5924,36 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:577 +#: sssd-ldap.5.xml:578 msgid "" "This timeout can be extended of a random value specified by " "<emphasis>ldap_connection_expire_offset</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:587 sssd-ldap.5.xml:630 sssd-ldap.5.xml:1711 +#: sssd-ldap.5.xml:588 sssd-ldap.5.xml:631 sssd-ldap.5.xml:1713 msgid "Default: 900 (15 minutes)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:593 +#: sssd-ldap.5.xml:594 msgid "ldap_connection_expire_offset (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:596 +#: sssd-ldap.5.xml:597 msgid "" "Random offset between 0 and configured value is added to " "<emphasis>ldap_connection_expire_timeout</emphasis>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:612 +#: sssd-ldap.5.xml:613 msgid "ldap_connection_idle_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:615 +#: sssd-ldap.5.xml:616 msgid "" "Specifies a timeout (in seconds) that an idle connection to an LDAP server " "will be maintained. If the connection is idle for more than this time then " @@ -5945,29 +5961,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:621 +#: sssd-ldap.5.xml:622 msgid "You can disable this timeout by setting the value to 0." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:636 +#: sssd-ldap.5.xml:637 msgid "ldap_page_size (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:639 +#: sssd-ldap.5.xml:640 msgid "" "Specify the number of records to retrieve from LDAP in a single request. " "Some LDAP servers enforce a maximum limit per-request." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:650 +#: sssd-ldap.5.xml:651 msgid "ldap_disable_paging (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:653 +#: sssd-ldap.5.xml:654 msgid "" "Disable the LDAP paging control. This option should be used if the LDAP " "server reports that it supports the LDAP paging control in its RootDSE but " @@ -5975,14 +5991,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:659 +#: sssd-ldap.5.xml:660 msgid "" "Example: OpenLDAP servers with the paging control module installed on the " "server but not enabled will report it in the RootDSE but be unable to use it." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:665 +#: sssd-ldap.5.xml:666 msgid "" "Example: 389 DS has a bug where it can only support a one paging control at " "a time on a single connection. On busy clients, this can result in some " @@ -5990,17 +6006,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:677 +#: sssd-ldap.5.xml:678 msgid "ldap_disable_range_retrieval (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:680 +#: sssd-ldap.5.xml:681 msgid "Disable Active Directory range retrieval." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:683 +#: sssd-ldap.5.xml:684 msgid "" "Active Directory limits the number of members to be retrieved in a single " "lookup using the MaxValRange policy (which defaults to 1500 members). If a " @@ -6010,12 +6026,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:698 +#: sssd-ldap.5.xml:699 msgid "ldap_sasl_minssf (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:701 +#: sssd-ldap.5.xml:702 msgid "" "When communicating with an LDAP server using SASL, specify the minimum " "security level necessary to establish the connection. The values of this " @@ -6023,17 +6039,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:707 sssd-ldap.5.xml:723 +#: sssd-ldap.5.xml:708 sssd-ldap.5.xml:724 msgid "Default: Use the system default (usually specified by ldap.conf)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:714 +#: sssd-ldap.5.xml:715 msgid "ldap_sasl_maxssf (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:717 +#: sssd-ldap.5.xml:718 msgid "" "When communicating with an LDAP server using SASL, specify the maximal " "security level necessary to establish the connection. The values of this " @@ -6041,12 +6057,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:730 +#: sssd-ldap.5.xml:731 msgid "ldap_deref_threshold (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:733 +#: sssd-ldap.5.xml:734 msgid "" "Specify the number of group members that must be missing from the internal " "cache in order to trigger a dereference lookup. If less members are missing, " @@ -6054,7 +6070,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:739 +#: sssd-ldap.5.xml:740 msgid "" "You can turn off dereference lookups completely by setting the value to 0. " "Please note that there are some codepaths in SSSD, like the IPA HBAC " @@ -6065,7 +6081,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:750 +#: sssd-ldap.5.xml:751 msgid "" "A dereference lookup is a means of fetching all group members in a single " "LDAP call. Different LDAP servers may implement different dereference " @@ -6074,7 +6090,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:758 +#: sssd-ldap.5.xml:759 msgid "" "<emphasis>Note:</emphasis> If any of the search bases specifies a search " "filter, then the dereference lookup performance enhancement will be disabled " @@ -6082,12 +6098,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:771 +#: sssd-ldap.5.xml:772 msgid "ldap_ignore_unreadable_references (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:774 +#: sssd-ldap.5.xml:775 msgid "" "Ignore unreadable LDAP entries referenced in group's member attribute. If " "this parameter is set to false an error will be returned and the operation " @@ -6095,7 +6111,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:781 +#: sssd-ldap.5.xml:782 msgid "" "This parameter may be useful when using the AD provider and the computer " "account that sssd uses to connect to AD does not have access to a particular " @@ -6103,26 +6119,26 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:794 +#: sssd-ldap.5.xml:795 msgid "ldap_tls_reqcert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:797 +#: sssd-ldap.5.xml:798 msgid "" "Specifies what checks to perform on server certificates in a TLS session, if " "any. It can be specified as one of the following values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:803 +#: sssd-ldap.5.xml:804 msgid "" "<emphasis>never</emphasis> = The client will not request or check any server " "certificate." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:807 +#: sssd-ldap.5.xml:808 msgid "" "<emphasis>allow</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -6130,7 +6146,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:814 +#: sssd-ldap.5.xml:815 msgid "" "<emphasis>try</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -6138,7 +6154,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:820 +#: sssd-ldap.5.xml:821 msgid "" "<emphasis>demand</emphasis> = The server certificate is requested. If no " "certificate is provided, or a bad certificate is provided, the session is " @@ -6146,41 +6162,41 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:826 +#: sssd-ldap.5.xml:827 msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:830 +#: sssd-ldap.5.xml:831 msgid "Default: hard" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:836 +#: sssd-ldap.5.xml:837 msgid "ldap_tls_cacert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:839 +#: sssd-ldap.5.xml:840 msgid "" "Specifies the file that contains certificates for all of the Certificate " "Authorities that <command>sssd</command> will recognize." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:844 sssd-ldap.5.xml:862 sssd-ldap.5.xml:903 +#: sssd-ldap.5.xml:845 sssd-ldap.5.xml:863 sssd-ldap.5.xml:904 msgid "" "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap." "conf</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:851 +#: sssd-ldap.5.xml:852 msgid "ldap_tls_cacertdir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:854 +#: sssd-ldap.5.xml:855 msgid "" "Specifies the path of a directory that contains Certificate Authority " "certificates in separate individual files. Typically the file names need to " @@ -6189,32 +6205,32 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:869 +#: sssd-ldap.5.xml:870 msgid "ldap_tls_cert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:872 +#: sssd-ldap.5.xml:873 msgid "Specifies the file that contains the certificate for the client's key." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:882 +#: sssd-ldap.5.xml:883 msgid "ldap_tls_key (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:885 +#: sssd-ldap.5.xml:886 msgid "Specifies the file that contains the client's key." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:894 +#: sssd-ldap.5.xml:895 msgid "ldap_tls_cipher_suite (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:897 +#: sssd-ldap.5.xml:898 msgid "" "Specifies acceptable cipher suites. Typically this is a colon separated " "list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> " @@ -6222,24 +6238,25 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:910 +#: sssd-ldap.5.xml:911 msgid "ldap_id_use_start_tls (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:913 +#: sssd-ldap.5.xml:914 msgid "" "Specifies that the id_provider connection must also use <systemitem " -"class=\"protocol\">tls</systemitem> to protect the channel." +"class=\"protocol\">tls</systemitem> to protect the channel. <emphasis>true</" +"emphasis> is strongly recommended for security reasons." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:923 +#: sssd-ldap.5.xml:925 msgid "ldap_id_mapping (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:926 +#: sssd-ldap.5.xml:928 msgid "" "Specifies that SSSD should attempt to map user and group IDs from the " "ldap_user_objectsid and ldap_group_objectsid attributes instead of relying " @@ -6247,17 +6264,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:932 +#: sssd-ldap.5.xml:934 msgid "Currently this feature supports only ActiveDirectory objectSID mapping." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:942 +#: sssd-ldap.5.xml:944 msgid "ldap_min_id, ldap_max_id (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:945 +#: sssd-ldap.5.xml:947 msgid "" "In contrast to the SID based ID mapping which is used if ldap_id_mapping is " "set to true the allowed ID range for ldap_user_uid_number and " @@ -6268,24 +6285,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:957 +#: sssd-ldap.5.xml:959 msgid "Default: not set (both options are set to 0)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:963 +#: sssd-ldap.5.xml:965 msgid "ldap_sasl_mech (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:966 +#: sssd-ldap.5.xml:968 msgid "" "Specify the SASL mechanism to use. Currently only GSSAPI and GSS-SPNEGO are " "tested and supported." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:970 +#: sssd-ldap.5.xml:972 msgid "" "If the backend supports sub-domains the value of ldap_sasl_mech is " "automatically inherited to the sub-domains. If a different value is needed " @@ -6296,12 +6313,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:986 +#: sssd-ldap.5.xml:988 msgid "ldap_sasl_authid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd-ldap.5.xml:998 +#: sssd-ldap.5.xml:1000 #, no-wrap msgid "" "hostname@REALM\n" @@ -6314,7 +6331,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:989 +#: sssd-ldap.5.xml:991 msgid "" "Specify the SASL authorization id to use. When GSSAPI/GSS-SPNEGO are used, " "this represents the Kerberos principal used for authentication to the " @@ -6326,17 +6343,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1009 +#: sssd-ldap.5.xml:1011 msgid "Default: host/hostname@REALM" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1015 +#: sssd-ldap.5.xml:1017 msgid "ldap_sasl_realm (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1018 +#: sssd-ldap.5.xml:1020 msgid "" "Specify the SASL realm to use. When not specified, this option defaults to " "the value of krb5_realm. If the ldap_sasl_authid contains the realm as " @@ -6344,49 +6361,49 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1024 +#: sssd-ldap.5.xml:1026 msgid "Default: the value of krb5_realm." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1030 +#: sssd-ldap.5.xml:1032 msgid "ldap_sasl_canonicalize (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1033 +#: sssd-ldap.5.xml:1035 msgid "" "If set to true, the LDAP library would perform a reverse lookup to " "canonicalize the host name during a SASL bind." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1038 +#: sssd-ldap.5.xml:1040 msgid "Default: false;" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1044 +#: sssd-ldap.5.xml:1046 msgid "ldap_krb5_keytab (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1047 +#: sssd-ldap.5.xml:1049 msgid "Specify the keytab to use when using SASL/GSSAPI/GSS-SPNEGO." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1056 sssd-krb5.5.xml:247 +#: sssd-ldap.5.xml:1058 sssd-krb5.5.xml:247 msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1062 +#: sssd-ldap.5.xml:1064 msgid "ldap_krb5_init_creds (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1065 +#: sssd-ldap.5.xml:1067 msgid "" "Specifies that the id_provider should init Kerberos credentials (TGT). This " "action is performed only if SASL is used and the mechanism selected is " @@ -6394,28 +6411,28 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1077 +#: sssd-ldap.5.xml:1079 msgid "ldap_krb5_ticket_lifetime (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1080 +#: sssd-ldap.5.xml:1082 msgid "" "Specifies the lifetime in seconds of the TGT if GSSAPI or GSS-SPNEGO is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1089 sssd-ad.5.xml:1252 +#: sssd-ldap.5.xml:1091 sssd-ad.5.xml:1252 msgid "Default: 86400 (24 hours)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1095 sssd-krb5.5.xml:74 +#: sssd-ldap.5.xml:1097 sssd-krb5.5.xml:74 msgid "krb5_server, krb5_backup_server (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1098 +#: sssd-ldap.5.xml:1100 msgid "" "Specifies the comma-separated list of IP addresses or hostnames of the " "Kerberos servers to which SSSD should connect in the order of preference. " @@ -6427,7 +6444,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1110 sssd-krb5.5.xml:89 +#: sssd-ldap.5.xml:1112 sssd-krb5.5.xml:89 msgid "" "When using service discovery for KDC or kpasswd servers, SSSD first searches " "for DNS entries that specify _udp as the protocol and falls back to _tcp if " @@ -6435,7 +6452,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1115 sssd-krb5.5.xml:94 +#: sssd-ldap.5.xml:1117 sssd-krb5.5.xml:94 msgid "" "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. " "While the legacy name is recognized for the time being, users are advised to " @@ -6443,39 +6460,39 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1124 sssd-ipa.5.xml:526 sssd-krb5.5.xml:103 +#: sssd-ldap.5.xml:1126 sssd-ipa.5.xml:531 sssd-krb5.5.xml:103 msgid "krb5_realm (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1127 +#: sssd-ldap.5.xml:1129 msgid "Specify the Kerberos REALM (for SASL/GSSAPI/GSS-SPNEGO auth)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1131 +#: sssd-ldap.5.xml:1133 msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>" msgstr "" #. type: Content of: <variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1137 include/krb5_options.xml:154 +#: sssd-ldap.5.xml:1139 include/krb5_options.xml:154 msgid "krb5_canonicalize (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1140 +#: sssd-ldap.5.xml:1142 msgid "" "Specifies if the host principal should be canonicalized when connecting to " "LDAP server. This feature is available with MIT Kerberos >= 1.7" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1152 sssd-krb5.5.xml:336 +#: sssd-ldap.5.xml:1154 sssd-krb5.5.xml:336 msgid "krb5_use_kdcinfo (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1155 sssd-krb5.5.xml:339 +#: sssd-ldap.5.xml:1157 sssd-krb5.5.xml:339 msgid "" "Specifies if the SSSD should instruct the Kerberos libraries what realm and " "which KDCs to use. This option is on by default, if you disable it, you need " @@ -6485,7 +6502,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1166 sssd-krb5.5.xml:350 +#: sssd-ldap.5.xml:1168 sssd-krb5.5.xml:350 msgid "" "See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</" "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more " @@ -6493,26 +6510,26 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1180 +#: sssd-ldap.5.xml:1182 msgid "ldap_pwd_policy (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1183 +#: sssd-ldap.5.xml:1185 msgid "" "Select the policy to evaluate the password expiration on the client side. " "The following values are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1188 +#: sssd-ldap.5.xml:1190 msgid "" "<emphasis>none</emphasis> - No evaluation on the client side. This option " "cannot disable server-side password policies." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1193 +#: sssd-ldap.5.xml:1195 msgid "" "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</" "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to " @@ -6521,7 +6538,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1201 +#: sssd-ldap.5.xml:1203 msgid "" "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos " "to determine if the password has expired. Use chpass_provider=krb5 to update " @@ -6529,31 +6546,31 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1210 +#: sssd-ldap.5.xml:1212 msgid "" "<emphasis>Note</emphasis>: if a password policy is configured on server " "side, it always takes precedence over policy set with this option." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1218 +#: sssd-ldap.5.xml:1220 msgid "ldap_referrals (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1221 +#: sssd-ldap.5.xml:1223 msgid "Specifies whether automatic referral chasing should be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1225 +#: sssd-ldap.5.xml:1227 msgid "" "Please note that sssd only supports referral chasing when it is compiled " "with OpenLDAP version 2.4.13 or higher." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1230 +#: sssd-ldap.5.xml:1232 msgid "" "Chasing referrals may incur a performance penalty in environments that use " "them heavily, a notable example is Microsoft Active Directory. If your setup " @@ -6566,51 +6583,51 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1249 +#: sssd-ldap.5.xml:1251 msgid "ldap_dns_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1252 +#: sssd-ldap.5.xml:1254 msgid "Specifies the service name to use when service discovery is enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1256 +#: sssd-ldap.5.xml:1258 msgid "Default: ldap" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1262 +#: sssd-ldap.5.xml:1264 msgid "ldap_chpass_dns_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1265 +#: sssd-ldap.5.xml:1267 msgid "" "Specifies the service name to use to find an LDAP server which allows " "password changes when service discovery is enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1270 +#: sssd-ldap.5.xml:1272 msgid "Default: not set, i.e. service discovery is disabled" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1276 +#: sssd-ldap.5.xml:1278 msgid "ldap_chpass_update_last_change (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1279 +#: sssd-ldap.5.xml:1281 msgid "" "Specifies whether to update the ldap_user_shadow_last_change attribute with " "days since the Epoch after a password change operation." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1285 +#: sssd-ldap.5.xml:1287 msgid "" "It is recommend to set this option explicitly if \"ldap_pwd_policy = " "shadow\" is used to let SSSD know if the LDAP server will update " @@ -6619,12 +6636,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1299 +#: sssd-ldap.5.xml:1301 msgid "ldap_access_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1302 +#: sssd-ldap.5.xml:1304 msgid "" "If using access_provider = ldap and ldap_access_order = filter (default), " "this option is mandatory. It specifies an LDAP search filter criteria that " @@ -6640,12 +6657,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1322 +#: sssd-ldap.5.xml:1324 msgid "Example:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> -#: sssd-ldap.5.xml:1325 +#: sssd-ldap.5.xml:1327 #, no-wrap msgid "" "access_provider = ldap\n" @@ -6654,14 +6671,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1329 +#: sssd-ldap.5.xml:1331 msgid "" "This example means that access to this host is restricted to users whose " "employeeType attribute is set to \"admin\"." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1334 +#: sssd-ldap.5.xml:1336 msgid "" "Offline caching for this feature is limited to determining whether the " "user's last online login was granted access permission. If they were granted " @@ -6670,24 +6687,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1342 sssd-ldap.5.xml:1398 +#: sssd-ldap.5.xml:1344 sssd-ldap.5.xml:1400 msgid "Default: Empty" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1348 +#: sssd-ldap.5.xml:1350 msgid "ldap_account_expire_policy (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1351 +#: sssd-ldap.5.xml:1353 msgid "" "With this option a client side evaluation of access control attributes can " "be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1355 +#: sssd-ldap.5.xml:1357 msgid "" "Please note that it is always recommended to use server side access control, " "i.e. the LDAP server should deny the bind request with a suitable error code " @@ -6695,19 +6712,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1362 +#: sssd-ldap.5.xml:1364 msgid "The following values are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1365 +#: sssd-ldap.5.xml:1367 msgid "" "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to " "determine if the account is expired." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1370 +#: sssd-ldap.5.xml:1372 msgid "" "<emphasis>ad</emphasis>: use the value of the 32bit field " "ldap_user_ad_user_account_control and allow access if the second bit is not " @@ -6716,7 +6733,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1377 +#: sssd-ldap.5.xml:1379 msgid "" "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</" "emphasis>: use the value of ldap_ns_account_lock to check if access is " @@ -6724,7 +6741,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1383 +#: sssd-ldap.5.xml:1385 msgid "" "<emphasis>nds</emphasis>: the values of " "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and " @@ -6733,7 +6750,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1391 +#: sssd-ldap.5.xml:1393 msgid "" "Please note that the ldap_access_order configuration option <emphasis>must</" "emphasis> include <quote>expire</quote> in order for the " @@ -6741,22 +6758,22 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1404 +#: sssd-ldap.5.xml:1406 msgid "ldap_access_order (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1407 sssd-ipa.5.xml:351 +#: sssd-ldap.5.xml:1409 sssd-ipa.5.xml:356 msgid "Comma separated list of access control options. Allowed values are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1411 +#: sssd-ldap.5.xml:1413 msgid "<emphasis>filter</emphasis>: use ldap_access_filter" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1414 +#: sssd-ldap.5.xml:1416 msgid "" "<emphasis>lockout</emphasis>: use account locking. If set, this option " "denies access in case that ldap attribute 'pwdAccountLockedTime' is present " @@ -6766,14 +6783,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1424 +#: sssd-ldap.5.xml:1426 msgid "" "<emphasis> Please note that this option is superseded by the <quote>ppolicy</" "quote> option and might be removed in a future release. </emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1431 +#: sssd-ldap.5.xml:1433 msgid "" "<emphasis>ppolicy</emphasis>: use account locking. If set, this option " "denies access in case that ldap attribute 'pwdAccountLockedTime' is present " @@ -6786,12 +6803,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1448 +#: sssd-ldap.5.xml:1450 msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1452 sssd-ipa.5.xml:359 +#: sssd-ldap.5.xml:1454 sssd-ipa.5.xml:364 msgid "" "<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, " "pwd_expire_policy_renew: </emphasis> These options are useful if users are " @@ -6801,81 +6818,81 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1462 sssd-ipa.5.xml:369 +#: sssd-ldap.5.xml:1464 sssd-ipa.5.xml:374 msgid "" "The difference between these options is the action taken if user password is " "expired:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:1467 sssd-ipa.5.xml:374 +#: sssd-ldap.5.xml:1469 sssd-ipa.5.xml:379 msgid "pwd_expire_policy_reject - user is denied to log in," msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:1473 sssd-ipa.5.xml:380 +#: sssd-ldap.5.xml:1475 sssd-ipa.5.xml:385 msgid "pwd_expire_policy_warn - user is still able to log in," msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:1479 sssd-ipa.5.xml:386 +#: sssd-ldap.5.xml:1481 sssd-ipa.5.xml:391 msgid "" "pwd_expire_policy_renew - user is prompted to change their password " "immediately." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1487 +#: sssd-ldap.5.xml:1489 msgid "" "Please note that 'access_provider = ldap' must be set for this feature to " "work. Also 'ldap_pwd_policy' must be set to an appropriate password policy." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1492 +#: sssd-ldap.5.xml:1494 msgid "" "<emphasis>authorized_service</emphasis>: use the authorizedService attribute " "to determine access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1497 +#: sssd-ldap.5.xml:1499 msgid "<emphasis>host</emphasis>: use the host attribute to determine access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1501 +#: sssd-ldap.5.xml:1503 msgid "" "<emphasis>rhost</emphasis>: use the rhost attribute to determine whether " "remote host can access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1505 +#: sssd-ldap.5.xml:1507 msgid "" "Please note, rhost field in pam is set by application, it is better to check " "what the application sends to pam, before enabling this access control option" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1510 +#: sssd-ldap.5.xml:1512 msgid "Default: filter" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1513 +#: sssd-ldap.5.xml:1515 msgid "" "Please note that it is a configuration error if a value is used more than " "once." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1520 +#: sssd-ldap.5.xml:1522 msgid "ldap_pwdlockout_dn (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1523 +#: sssd-ldap.5.xml:1525 msgid "" "This option specifies the DN of password policy entry on LDAP server. Please " "note that absence of this option in sssd.conf in case of enabled account " @@ -6884,74 +6901,74 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1531 +#: sssd-ldap.5.xml:1533 msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1534 +#: sssd-ldap.5.xml:1536 msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1540 +#: sssd-ldap.5.xml:1542 msgid "ldap_deref (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1543 +#: sssd-ldap.5.xml:1545 msgid "" "Specifies how alias dereferencing is done when performing a search. The " "following options are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1548 +#: sssd-ldap.5.xml:1550 msgid "<emphasis>never</emphasis>: Aliases are never dereferenced." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1552 +#: sssd-ldap.5.xml:1554 msgid "" "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of " "the base object, but not in locating the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1557 +#: sssd-ldap.5.xml:1559 msgid "" "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating " "the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1562 +#: sssd-ldap.5.xml:1564 msgid "" "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and " "in locating the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1567 +#: sssd-ldap.5.xml:1569 msgid "" "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP " "client libraries)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1575 +#: sssd-ldap.5.xml:1577 msgid "ldap_rfc2307_fallback_to_local_users (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1578 +#: sssd-ldap.5.xml:1580 msgid "" "Allows to retain local users as members of an LDAP group for servers that " "use the RFC2307 schema." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1582 +#: sssd-ldap.5.xml:1584 msgid "" "In some environments where the RFC2307 schema is used, local users are made " "members of LDAP groups by adding their names to the memberUid attribute. " @@ -6962,7 +6979,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1593 +#: sssd-ldap.5.xml:1595 msgid "" "This option falls back to checking if local users are referenced, and caches " "them so that later initgroups() calls will augment the local users with the " @@ -6970,53 +6987,53 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1605 sssd-ifp.5.xml:152 +#: sssd-ldap.5.xml:1607 sssd-ifp.5.xml:152 msgid "wildcard_limit (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1608 +#: sssd-ldap.5.xml:1610 msgid "" "Specifies an upper limit on the number of entries that are downloaded during " "a wildcard lookup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1612 +#: sssd-ldap.5.xml:1614 msgid "At the moment, only the InfoPipe responder supports wildcard lookups." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1616 +#: sssd-ldap.5.xml:1618 msgid "Default: 1000 (often the size of one page)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1622 +#: sssd-ldap.5.xml:1624 msgid "ldap_library_debug_level (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1625 +#: sssd-ldap.5.xml:1627 msgid "" "Switches on libldap debugging with the given level. The libldap debug " "messages will be written independent of the general debug_level." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1630 +#: sssd-ldap.5.xml:1632 msgid "" "OpenLDAP uses a bitmap to enable debugging for specific components, -1 will " "enable full debug output." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1635 +#: sssd-ldap.5.xml:1637 msgid "Default: 0 (libldap debugging disabled)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:51 +#: sssd-ldap.5.xml:52 msgid "" "All of the common configuration options that apply to SSSD domains also " "apply to LDAP domains. Refer to the <quote>DOMAIN SECTIONS</quote> section " @@ -7028,12 +7045,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1645 +#: sssd-ldap.5.xml:1647 msgid "SUDO OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1647 +#: sssd-ldap.5.xml:1649 msgid "" "The detailed instructions for configuration of sudo_provider are in the " "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " @@ -7041,43 +7058,43 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1658 +#: sssd-ldap.5.xml:1660 msgid "ldap_sudo_full_refresh_interval (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1661 +#: sssd-ldap.5.xml:1663 msgid "" "How many seconds SSSD will wait between executing a full refresh of sudo " "rules (which downloads all rules that are stored on the server)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1666 +#: sssd-ldap.5.xml:1668 msgid "" "The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </" "emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1671 +#: sssd-ldap.5.xml:1673 msgid "" "You can disable full refresh by setting this option to 0. However, either " "smart or full refresh must be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1676 +#: sssd-ldap.5.xml:1678 msgid "Default: 21600 (6 hours)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1682 +#: sssd-ldap.5.xml:1684 msgid "ldap_sudo_smart_refresh_interval (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1685 +#: sssd-ldap.5.xml:1687 msgid "" "How many seconds SSSD has to wait before executing a smart refresh of sudo " "rules (which downloads all rules that have USN higher than the highest " @@ -7085,14 +7102,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1691 +#: sssd-ldap.5.xml:1693 msgid "" "If USN attributes are not supported by the server, the modifyTimestamp " "attribute is used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1695 +#: sssd-ldap.5.xml:1697 msgid "" "<emphasis>Note:</emphasis> the highest USN value can be updated by three " "tasks: 1) By sudo full and smart refresh (if updated rules are found), 2) by " @@ -7102,19 +7119,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1706 +#: sssd-ldap.5.xml:1708 msgid "" "You can disable smart refresh by setting this option to 0. However, either " "smart or full refresh must be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1717 +#: sssd-ldap.5.xml:1719 msgid "ldap_sudo_random_offset (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1720 +#: sssd-ldap.5.xml:1722 msgid "" "Random offset between 0 and configured value is added to smart and full " "refresh periods each time the periodic task is scheduled. The value is in " @@ -7122,7 +7139,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1726 +#: sssd-ldap.5.xml:1728 msgid "" "Note that this random offset is also applied on the first SSSD start which " "delays the first sudo rules refresh. This prolongs the time when the sudo " @@ -7130,106 +7147,106 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1732 +#: sssd-ldap.5.xml:1734 msgid "You can disable this offset by setting the value to 0." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1742 +#: sssd-ldap.5.xml:1744 msgid "ldap_sudo_use_host_filter (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1745 +#: sssd-ldap.5.xml:1747 msgid "" "If true, SSSD will download only rules that are applicable to this machine " "(using the IPv4 or IPv6 host/network addresses and hostnames)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1756 +#: sssd-ldap.5.xml:1758 msgid "ldap_sudo_hostnames (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1759 +#: sssd-ldap.5.xml:1761 msgid "" "Space separated list of hostnames or fully qualified domain names that " "should be used to filter the rules." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1764 +#: sssd-ldap.5.xml:1766 msgid "" "If this option is empty, SSSD will try to discover the hostname and the " "fully qualified domain name automatically." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1769 sssd-ldap.5.xml:1792 sssd-ldap.5.xml:1810 -#: sssd-ldap.5.xml:1828 +#: sssd-ldap.5.xml:1771 sssd-ldap.5.xml:1794 sssd-ldap.5.xml:1812 +#: sssd-ldap.5.xml:1830 msgid "" "If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</" "emphasis> then this option has no effect." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1774 sssd-ldap.5.xml:1797 +#: sssd-ldap.5.xml:1776 sssd-ldap.5.xml:1799 msgid "Default: not specified" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1780 +#: sssd-ldap.5.xml:1782 msgid "ldap_sudo_ip (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1783 +#: sssd-ldap.5.xml:1785 msgid "" "Space separated list of IPv4 or IPv6 host/network addresses that should be " "used to filter the rules." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1788 +#: sssd-ldap.5.xml:1790 msgid "" "If this option is empty, SSSD will try to discover the addresses " "automatically." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1803 +#: sssd-ldap.5.xml:1805 msgid "ldap_sudo_include_netgroups (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1806 +#: sssd-ldap.5.xml:1808 msgid "" "If true then SSSD will download every rule that contains a netgroup in " "sudoHost attribute." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1821 +#: sssd-ldap.5.xml:1823 msgid "ldap_sudo_include_regexp (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1824 +#: sssd-ldap.5.xml:1826 msgid "" "If true then SSSD will download every rule that contains a wildcard in " "sudoHost attribute." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><note><para> -#: sssd-ldap.5.xml:1834 +#: sssd-ldap.5.xml:1836 msgid "" "Using wildcard is an operation that is very costly to evaluate on the LDAP " "server side!" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1846 +#: sssd-ldap.5.xml:1848 msgid "" "This manual page only describes attribute name mapping. For detailed " "explanation of sudo related attribute semantics, see <citerefentry> " @@ -7238,59 +7255,59 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1856 +#: sssd-ldap.5.xml:1858 msgid "AUTOFS OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1858 +#: sssd-ldap.5.xml:1860 msgid "" "Some of the defaults for the parameters below are dependent on the LDAP " "schema." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1864 +#: sssd-ldap.5.xml:1866 msgid "ldap_autofs_map_master_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1867 +#: sssd-ldap.5.xml:1869 msgid "The name of the automount master map in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1870 +#: sssd-ldap.5.xml:1872 msgid "Default: auto.master" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1881 +#: sssd-ldap.5.xml:1883 msgid "ADVANCED OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1888 +#: sssd-ldap.5.xml:1890 msgid "ldap_netgroup_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1893 +#: sssd-ldap.5.xml:1895 msgid "ldap_user_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1898 +#: sssd-ldap.5.xml:1900 msgid "ldap_group_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><note> -#: sssd-ldap.5.xml:1903 +#: sssd-ldap.5.xml:1905 msgid "<note>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para> -#: sssd-ldap.5.xml:1905 +#: sssd-ldap.5.xml:1907 msgid "" "If the option <quote>ldap_use_tokengroups</quote> is enabled, the searches " "against Active Directory will not be restricted and return all groups " @@ -7299,22 +7316,22 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist> -#: sssd-ldap.5.xml:1912 +#: sssd-ldap.5.xml:1914 msgid "</note>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1914 +#: sssd-ldap.5.xml:1916 msgid "ldap_sudo_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1919 +#: sssd-ldap.5.xml:1921 msgid "ldap_autofs_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1883 +#: sssd-ldap.5.xml:1885 msgid "" "These options are supported by LDAP domains, but they should be used with " "caution. Please include them in your configuration only if you know what you " @@ -7323,14 +7340,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1934 sssd-simple.5.xml:131 sssd-ipa.5.xml:925 -#: sssd-ad.5.xml:1386 sssd-krb5.5.xml:483 sss_rpcidmapd.5.xml:98 +#: sssd-ldap.5.xml:1936 sssd-simple.5.xml:131 sssd-ipa.5.xml:930 +#: sssd-ad.5.xml:1391 sssd-krb5.5.xml:483 sss_rpcidmapd.5.xml:98 #: sssd-files.5.xml:155 sssd-session-recording.5.xml:176 msgid "EXAMPLE" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1936 +#: sssd-ldap.5.xml:1938 msgid "" "The following example assumes that SSSD is correctly configured and LDAP is " "set to one of the domains in the <replaceable>[domains]</replaceable> " @@ -7338,7 +7355,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ldap.5.xml:1942 +#: sssd-ldap.5.xml:1944 #, no-wrap msgid "" "[domain/LDAP]\n" @@ -7351,27 +7368,27 @@ msgid "" msgstr "" #. type: Content of: <refsect1><refsect2><para> -#: sssd-ldap.5.xml:1941 sssd-ldap.5.xml:1959 sssd-simple.5.xml:139 -#: sssd-ipa.5.xml:933 sssd-ad.5.xml:1394 sssd-sudo.5.xml:56 sssd-krb5.5.xml:492 +#: sssd-ldap.5.xml:1943 sssd-ldap.5.xml:1961 sssd-simple.5.xml:139 +#: sssd-ipa.5.xml:938 sssd-ad.5.xml:1399 sssd-sudo.5.xml:56 sssd-krb5.5.xml:492 #: sssd-files.5.xml:162 sssd-files.5.xml:173 sssd-session-recording.5.xml:182 #: include/ldap_id_mapping.xml:105 msgid "<placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1953 +#: sssd-ldap.5.xml:1955 msgid "LDAP ACCESS FILTER EXAMPLE" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1955 +#: sssd-ldap.5.xml:1957 msgid "" "The following example assumes that SSSD is correctly configured and to use " "the ldap_access_order=lockout." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ldap.5.xml:1960 +#: sssd-ldap.5.xml:1962 #, no-wrap msgid "" "[domain/LDAP]\n" @@ -7387,13 +7404,13 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1975 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148 -#: sssd-ad.5.xml:1409 sssd.8.xml:238 sss_seed.8.xml:163 +#: sssd-ldap.5.xml:1977 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148 +#: sssd-ad.5.xml:1414 sssd.8.xml:238 sss_seed.8.xml:163 msgid "NOTES" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1977 +#: sssd-ldap.5.xml:1979 msgid "" "The descriptions of some of the configuration options in this manual page " "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> " @@ -9730,12 +9747,12 @@ msgid "Example: dyndns_iface = em1, vnet1, vnet2" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:204 sssd-ad.5.xml:1285 +#: sssd-ipa.5.xml:204 sssd-ad.5.xml:1290 msgid "dyndns_auth (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:207 sssd-ad.5.xml:1288 +#: sssd-ipa.5.xml:207 sssd-ad.5.xml:1293 msgid "" "Whether the nsupdate utility should use GSS-TSIG authentication for secure " "updates with the DNS server, insecure updates can be sent by setting this " @@ -9743,17 +9760,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:213 sssd-ad.5.xml:1294 +#: sssd-ipa.5.xml:213 sssd-ad.5.xml:1299 msgid "Default: GSS-TSIG" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:219 sssd-ad.5.xml:1300 +#: sssd-ipa.5.xml:219 sssd-ad.5.xml:1305 msgid "dyndns_auth_ptr (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:222 sssd-ad.5.xml:1303 +#: sssd-ipa.5.xml:222 sssd-ad.5.xml:1308 msgid "" "Whether the nsupdate utility should use GSS-TSIG authentication for secure " "PTR updates with the DNS server, insecure updates can be sent by setting " @@ -9761,7 +9778,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:228 sssd-ad.5.xml:1309 +#: sssd-ipa.5.xml:228 sssd-ad.5.xml:1314 msgid "Default: Same as dyndns_auth" msgstr "" @@ -9820,65 +9837,72 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:290 +#: sssd-ipa.5.xml:290 sssd-ad.5.xml:1266 +msgid "" +"Note that <emphasis>dyndns_update_per_family</emphasis> parameter does not " +"apply for PTR record updates. Those updates are always sent separately." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:295 msgid "Default: False (disabled)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:296 sssd-ad.5.xml:1272 +#: sssd-ipa.5.xml:301 sssd-ad.5.xml:1277 msgid "dyndns_force_tcp (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:299 sssd-ad.5.xml:1275 +#: sssd-ipa.5.xml:304 sssd-ad.5.xml:1280 msgid "" "Whether the nsupdate utility should default to using TCP for communicating " "with the DNS server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:303 sssd-ad.5.xml:1279 +#: sssd-ipa.5.xml:308 sssd-ad.5.xml:1284 msgid "Default: False (let nsupdate choose the protocol)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:309 sssd-ad.5.xml:1315 +#: sssd-ipa.5.xml:314 sssd-ad.5.xml:1320 msgid "dyndns_server (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:312 sssd-ad.5.xml:1318 +#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1323 msgid "" "The DNS server to use when performing a DNS update. In most setups, it's " "recommended to leave this option unset." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1323 +#: sssd-ipa.5.xml:322 sssd-ad.5.xml:1328 msgid "" "Setting this option makes sense for environments where the DNS server is " "different from the identity server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:322 sssd-ad.5.xml:1328 +#: sssd-ipa.5.xml:327 sssd-ad.5.xml:1333 msgid "" "Please note that this option will be only used in fallback attempt when " "previous attempt using autodetected settings failed." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:327 sssd-ad.5.xml:1333 +#: sssd-ipa.5.xml:332 sssd-ad.5.xml:1338 msgid "Default: None (let nsupdate choose the server)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:333 sssd-ad.5.xml:1339 +#: sssd-ipa.5.xml:338 sssd-ad.5.xml:1344 msgid "dyndns_update_per_family (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:336 sssd-ad.5.xml:1342 +#: sssd-ipa.5.xml:341 sssd-ad.5.xml:1347 msgid "" "DNS update is by default performed in two steps - IPv4 update and then IPv6 " "update. In some cases it might be desirable to perform IPv4 and IPv6 update " @@ -9886,179 +9910,179 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:348 +#: sssd-ipa.5.xml:353 #, fuzzy #| msgid "re_expression (string)" msgid "ipa_access_order (string)" msgstr "re_expression (neudennad)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:355 +#: sssd-ipa.5.xml:360 msgid "<emphasis>expire</emphasis>: use IPA's account expiration policy." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:394 +#: sssd-ipa.5.xml:399 msgid "" "Please note that 'access_provider = ipa' must be set for this feature to " "work." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:401 +#: sssd-ipa.5.xml:406 msgid "ipa_deskprofile_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:404 +#: sssd-ipa.5.xml:409 msgid "" "Optional. Use the given string as search base for Desktop Profile related " "objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:408 sssd-ipa.5.xml:435 +#: sssd-ipa.5.xml:413 sssd-ipa.5.xml:440 msgid "Default: Use base DN" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:414 +#: sssd-ipa.5.xml:419 msgid "ipa_subid_ranges_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:417 +#: sssd-ipa.5.xml:422 msgid "" "Optional. Use the given string as search base for subordinate ranges related " "objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:421 +#: sssd-ipa.5.xml:426 msgid "Default: the value of <emphasis>cn=subids,%basedn</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:428 +#: sssd-ipa.5.xml:433 msgid "ipa_hbac_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:431 +#: sssd-ipa.5.xml:436 msgid "Optional. Use the given string as search base for HBAC related objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:441 +#: sssd-ipa.5.xml:446 msgid "ipa_host_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:444 +#: sssd-ipa.5.xml:449 msgid "Deprecated. Use ldap_host_search_base instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:450 +#: sssd-ipa.5.xml:455 msgid "ipa_selinux_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:453 +#: sssd-ipa.5.xml:458 msgid "Optional. Use the given string as search base for SELinux user maps." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:469 +#: sssd-ipa.5.xml:474 msgid "ipa_subdomains_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:472 +#: sssd-ipa.5.xml:477 msgid "Optional. Use the given string as search base for trusted domains." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:481 +#: sssd-ipa.5.xml:486 msgid "Default: the value of <emphasis>cn=trusts,%basedn</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:488 +#: sssd-ipa.5.xml:493 msgid "ipa_master_domain_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:491 +#: sssd-ipa.5.xml:496 msgid "Optional. Use the given string as search base for master domain object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:500 +#: sssd-ipa.5.xml:505 msgid "Default: the value of <emphasis>cn=ad,cn=etc,%basedn</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:507 +#: sssd-ipa.5.xml:512 msgid "ipa_views_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:510 +#: sssd-ipa.5.xml:515 msgid "Optional. Use the given string as search base for views containers." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:519 +#: sssd-ipa.5.xml:524 msgid "Default: the value of <emphasis>cn=views,cn=accounts,%basedn</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:529 +#: sssd-ipa.5.xml:534 msgid "" "The name of the Kerberos realm. This is optional and defaults to the value " "of <quote>ipa_domain</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:533 +#: sssd-ipa.5.xml:538 msgid "" "The name of the Kerberos realm has a special meaning in IPA - it is " "converted into the base DN to use for performing LDAP operations." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:541 sssd-ad.5.xml:1357 +#: sssd-ipa.5.xml:546 sssd-ad.5.xml:1362 msgid "krb5_confd_path (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:544 sssd-ad.5.xml:1360 +#: sssd-ipa.5.xml:549 sssd-ad.5.xml:1365 msgid "" "Absolute path of a directory where SSSD should place Kerberos configuration " "snippets." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:548 sssd-ad.5.xml:1364 +#: sssd-ipa.5.xml:553 sssd-ad.5.xml:1369 msgid "" "To disable the creation of the configuration snippets set the parameter to " "'none'." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:552 sssd-ad.5.xml:1368 +#: sssd-ipa.5.xml:557 sssd-ad.5.xml:1373 msgid "" "Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:559 +#: sssd-ipa.5.xml:564 msgid "ipa_deskprofile_refresh (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:562 +#: sssd-ipa.5.xml:567 msgid "" "The amount of time between lookups of the Desktop Profile rules against the " "IPA server. This will reduce the latency and load on the IPA server if there " @@ -10066,34 +10090,34 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:569 sssd-ipa.5.xml:599 sssd-ipa.5.xml:615 sssd-ad.5.xml:599 +#: sssd-ipa.5.xml:574 sssd-ipa.5.xml:604 sssd-ipa.5.xml:620 sssd-ad.5.xml:599 msgid "Default: 5 (seconds)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:575 +#: sssd-ipa.5.xml:580 msgid "ipa_deskprofile_request_interval (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:578 +#: sssd-ipa.5.xml:583 msgid "" "The amount of time between lookups of the Desktop Profile rules against the " "IPA server in case the last request did not return any rule." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:583 +#: sssd-ipa.5.xml:588 msgid "Default: 60 (minutes)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:589 +#: sssd-ipa.5.xml:594 msgid "ipa_hbac_refresh (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:592 +#: sssd-ipa.5.xml:597 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server. " "This will reduce the latency and load on the IPA server if there are many " @@ -10101,12 +10125,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:605 +#: sssd-ipa.5.xml:610 msgid "ipa_hbac_selinux (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:608 +#: sssd-ipa.5.xml:613 msgid "" "The amount of time between lookups of the SELinux maps against the IPA " "server. This will reduce the latency and load on the IPA server if there are " @@ -10114,33 +10138,33 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:621 +#: sssd-ipa.5.xml:626 msgid "ipa_server_mode (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:624 +#: sssd-ipa.5.xml:629 msgid "" "This option will be set by the IPA installer (ipa-server-install) " "automatically and denotes if SSSD is running on an IPA server or not." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:629 +#: sssd-ipa.5.xml:634 msgid "" "On an IPA server SSSD will lookup users and groups from trusted domains " "directly while on a client it will ask an IPA server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:634 +#: sssd-ipa.5.xml:639 msgid "" "NOTE: There are currently some assumptions that must be met when SSSD is " "running on an IPA server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:639 +#: sssd-ipa.5.xml:644 msgid "" "The <quote>ipa_server</quote> option must be configured to point to the IPA " "server itself. This is already the default set by the IPA installer, so no " @@ -10148,59 +10172,59 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:648 +#: sssd-ipa.5.xml:653 msgid "" "The <quote>full_name_format</quote> option must not be tweaked to only print " "short names for users from trusted domains." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:663 +#: sssd-ipa.5.xml:668 msgid "ipa_automount_location (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:666 +#: sssd-ipa.5.xml:671 msgid "The automounter location this IPA client will be using" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:669 +#: sssd-ipa.5.xml:674 msgid "Default: The location named \"default\"" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd-ipa.5.xml:677 +#: sssd-ipa.5.xml:682 msgid "VIEWS AND OVERRIDES" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:686 +#: sssd-ipa.5.xml:691 msgid "ipa_view_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:689 +#: sssd-ipa.5.xml:694 msgid "Objectclass of the view container." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:692 +#: sssd-ipa.5.xml:697 msgid "Default: nsContainer" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:698 +#: sssd-ipa.5.xml:703 msgid "ipa_view_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:701 +#: sssd-ipa.5.xml:706 msgid "Name of the attribute holding the name of the view." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:705 sssd-ldap-attributes.5.xml:496 +#: sssd-ipa.5.xml:710 sssd-ldap-attributes.5.xml:496 #: sssd-ldap-attributes.5.xml:830 sssd-ldap-attributes.5.xml:911 #: sssd-ldap-attributes.5.xml:1008 sssd-ldap-attributes.5.xml:1066 #: sssd-ldap-attributes.5.xml:1224 sssd-ldap-attributes.5.xml:1269 @@ -10208,128 +10232,128 @@ msgid "Default: cn" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:711 +#: sssd-ipa.5.xml:716 msgid "ipa_override_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:714 +#: sssd-ipa.5.xml:719 msgid "Objectclass of the override objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:717 +#: sssd-ipa.5.xml:722 msgid "Default: ipaOverrideAnchor" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:723 +#: sssd-ipa.5.xml:728 msgid "ipa_anchor_uuid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:726 +#: sssd-ipa.5.xml:731 msgid "" "Name of the attribute containing the reference to the original object in a " "remote domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:730 +#: sssd-ipa.5.xml:735 msgid "Default: ipaAnchorUUID" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:736 +#: sssd-ipa.5.xml:741 msgid "ipa_user_override_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:739 +#: sssd-ipa.5.xml:744 msgid "" "Name of the objectclass for user overrides. It is used to determine if the " "found override object is related to a user or a group." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:744 +#: sssd-ipa.5.xml:749 msgid "User overrides can contain attributes given by" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:747 +#: sssd-ipa.5.xml:752 msgid "ldap_user_name" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:750 +#: sssd-ipa.5.xml:755 msgid "ldap_user_uid_number" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:753 +#: sssd-ipa.5.xml:758 msgid "ldap_user_gid_number" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:756 +#: sssd-ipa.5.xml:761 msgid "ldap_user_gecos" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:759 +#: sssd-ipa.5.xml:764 msgid "ldap_user_home_directory" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:762 +#: sssd-ipa.5.xml:767 msgid "ldap_user_shell" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:765 +#: sssd-ipa.5.xml:770 msgid "ldap_user_ssh_public_key" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:770 +#: sssd-ipa.5.xml:775 msgid "Default: ipaUserOverride" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:776 +#: sssd-ipa.5.xml:781 msgid "ipa_group_override_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:779 +#: sssd-ipa.5.xml:784 msgid "" "Name of the objectclass for group overrides. It is used to determine if the " "found override object is related to a user or a group." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:784 +#: sssd-ipa.5.xml:789 msgid "Group overrides can contain attributes given by" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:787 +#: sssd-ipa.5.xml:792 msgid "ldap_group_name" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:790 +#: sssd-ipa.5.xml:795 msgid "ldap_group_gid_number" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:795 +#: sssd-ipa.5.xml:800 msgid "Default: ipaGroupOverride" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd-ipa.5.xml:679 +#: sssd-ipa.5.xml:684 msgid "" "SSSD can handle views and overrides which are offered by FreeIPA 4.1 and " "later version. Since all paths and objectclasses are fixed on the server " @@ -10339,19 +10363,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ipa.5.xml:807 +#: sssd-ipa.5.xml:812 msgid "SUBDOMAINS PROVIDER" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:809 +#: sssd-ipa.5.xml:814 msgid "" "The IPA subdomains provider behaves slightly differently if it is configured " "explicitly or implicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:813 +#: sssd-ipa.5.xml:818 msgid "" "If the option 'subdomains_provider = ipa' is found in the domain section of " "sssd.conf, the IPA subdomains provider is configured explicitly, and all " @@ -10359,7 +10383,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:819 +#: sssd-ipa.5.xml:824 msgid "" "If the option 'subdomains_provider' is not set in the domain section of sssd." "conf but there is the option 'id_provider = ipa', the IPA subdomains " @@ -10371,12 +10395,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ipa.5.xml:830 +#: sssd-ipa.5.xml:835 msgid "TRUSTED DOMAINS CONFIGURATION" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ipa.5.xml:838 +#: sssd-ipa.5.xml:843 #, no-wrap msgid "" "[domain/ipa.domain.com/ad.domain.com]\n" @@ -10384,7 +10408,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:832 +#: sssd-ipa.5.xml:837 msgid "" "Some configuration options can also be set for a trusted domain. A trusted " "domain configuration can be set using the trusted domain subsection as shown " @@ -10394,80 +10418,80 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:843 +#: sssd-ipa.5.xml:848 msgid "" "For more details, see the <citerefentry> <refentrytitle>sssd.conf</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:850 +#: sssd-ipa.5.xml:855 msgid "" "Different configuration options are tunable for a trusted domain depending " "on whether you are configuring SSSD on an IPA server or an IPA client." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd-ipa.5.xml:855 +#: sssd-ipa.5.xml:860 msgid "OPTIONS TUNABLE ON IPA MASTERS" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd-ipa.5.xml:857 +#: sssd-ipa.5.xml:862 msgid "" "The following options can be set in a subdomain section on an IPA master:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:861 sssd-ipa.5.xml:891 +#: sssd-ipa.5.xml:866 sssd-ipa.5.xml:896 msgid "ad_server" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:864 +#: sssd-ipa.5.xml:869 msgid "ad_backup_server" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:867 sssd-ipa.5.xml:894 +#: sssd-ipa.5.xml:872 sssd-ipa.5.xml:899 msgid "ad_site" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:870 +#: sssd-ipa.5.xml:875 msgid "ldap_search_base" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:873 +#: sssd-ipa.5.xml:878 msgid "ldap_user_search_base" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:876 +#: sssd-ipa.5.xml:881 msgid "ldap_group_search_base" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd-ipa.5.xml:885 +#: sssd-ipa.5.xml:890 msgid "OPTIONS TUNABLE ON IPA CLIENTS" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd-ipa.5.xml:887 +#: sssd-ipa.5.xml:892 msgid "" "The following options can be set in a subdomain section on an IPA client:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd-ipa.5.xml:899 +#: sssd-ipa.5.xml:904 msgid "" "Note that if both options are set, only <quote>ad_server</quote> is " "evaluated." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd-ipa.5.xml:903 +#: sssd-ipa.5.xml:908 msgid "" "Since any request for a user or a group identity from a trusted domain " "triggered from an IPA client is resolved by the IPA server, the " @@ -10481,7 +10505,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:927 +#: sssd-ipa.5.xml:932 msgid "" "The following example assumes that SSSD is correctly configured and example." "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " @@ -10489,7 +10513,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ipa.5.xml:934 +#: sssd-ipa.5.xml:939 #, no-wrap msgid "" "[domain/example.com]\n" @@ -11683,7 +11707,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ad.5.xml:1388 +#: sssd-ad.5.xml:1393 msgid "" "The following example assumes that SSSD is correctly configured and example." "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " @@ -11691,7 +11715,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ad.5.xml:1395 +#: sssd-ad.5.xml:1400 #, no-wrap msgid "" "[domain/EXAMPLE]\n" @@ -11706,7 +11730,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ad.5.xml:1415 +#: sssd-ad.5.xml:1420 #, no-wrap msgid "" "access_provider = ldap\n" @@ -11715,7 +11739,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ad.5.xml:1411 +#: sssd-ad.5.xml:1416 msgid "" "The AD access control provider checks if the account is expired. It has the " "same effect as the following configuration of the LDAP provider: " @@ -11723,7 +11747,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ad.5.xml:1421 +#: sssd-ad.5.xml:1426 msgid "" "However, unless the <quote>ad</quote> access control provider is explicitly " "configured, the default access provider is <quote>permit</quote>. Please " @@ -11733,7 +11757,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ad.5.xml:1429 +#: sssd-ad.5.xml:1434 msgid "" "When the autofs provider is set to <quote>ad</quote>, the RFC2307 schema " "attribute mapping (nisMap, nisObject, ...) is used, because these attributes " diff --git a/src/man/po/ca.po b/src/man/po/ca.po index 3acf43b6884..212a0bc644d 100644 --- a/src/man/po/ca.po +++ b/src/man/po/ca.po @@ -14,7 +14,7 @@ msgid "" msgstr "" "Project-Id-Version: sssd-docs 2.3.0\n" "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" -"POT-Creation-Date: 2023-09-07 11:47+0200\n" +"POT-Creation-Date: 2023-11-13 11:53+0100\n" "PO-Revision-Date: 2015-10-18 04:13-0400\n" "Last-Translator: Robert Antoni Buj Gelonch <rbuj@fedoraproject.org>\n" "Language-Team: Catalan (http://www.transifex.com/projects/p/sssd/language/" @@ -232,10 +232,10 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:136 sssd.conf.5.xml:173 sssd.conf.5.xml:358 #: sssd.conf.5.xml:714 sssd.conf.5.xml:729 sssd.conf.5.xml:952 -#: sssd.conf.5.xml:1070 sssd.conf.5.xml:2198 sssd-ldap.5.xml:1071 -#: sssd-ldap.5.xml:1174 sssd-ldap.5.xml:1243 sssd-ldap.5.xml:1750 -#: sssd-ldap.5.xml:1815 sssd-ipa.5.xml:342 sssd-ad.5.xml:252 sssd-ad.5.xml:366 -#: sssd-ad.5.xml:1200 sssd-ad.5.xml:1348 sssd-krb5.5.xml:358 +#: sssd.conf.5.xml:1070 sssd.conf.5.xml:2198 sssd-ldap.5.xml:1073 +#: sssd-ldap.5.xml:1176 sssd-ldap.5.xml:1245 sssd-ldap.5.xml:1752 +#: sssd-ldap.5.xml:1817 sssd-ipa.5.xml:347 sssd-ad.5.xml:252 sssd-ad.5.xml:366 +#: sssd-ad.5.xml:1200 sssd-ad.5.xml:1353 sssd-krb5.5.xml:358 msgid "Default: true" msgstr "Per defecte: true" @@ -256,10 +256,10 @@ msgstr "" #. type: Content of: <variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:149 sssd.conf.5.xml:652 sssd.conf.5.xml:949 -#: sssd.conf.5.xml:2101 sssd.conf.5.xml:2168 sssd.conf.5.xml:4174 -#: sssd-ldap.5.xml:312 sssd-ldap.5.xml:917 sssd-ldap.5.xml:936 -#: sssd-ldap.5.xml:1146 sssd-ldap.5.xml:1599 sssd-ldap.5.xml:1839 -#: sssd-ipa.5.xml:152 sssd-ipa.5.xml:254 sssd-ipa.5.xml:657 sssd-ad.5.xml:1106 +#: sssd.conf.5.xml:2101 sssd.conf.5.xml:2168 sssd.conf.5.xml:4191 +#: sssd-ldap.5.xml:313 sssd-ldap.5.xml:919 sssd-ldap.5.xml:938 +#: sssd-ldap.5.xml:1148 sssd-ldap.5.xml:1601 sssd-ldap.5.xml:1841 +#: sssd-ipa.5.xml:152 sssd-ipa.5.xml:254 sssd-ipa.5.xml:662 sssd-ad.5.xml:1106 #: sssd-krb5.5.xml:268 sssd-krb5.5.xml:330 sssd-krb5.5.xml:432 #: include/krb5_options.xml:163 msgid "Default: false" @@ -295,8 +295,8 @@ msgid "" msgstr "" #. type: Content of: outside any tag (error?) -#: sssd.conf.5.xml:109 sssd.conf.5.xml:184 sssd-ldap.5.xml:1656 -#: sssd-ldap.5.xml:1862 sss-certmap.5.xml:645 sssd-systemtap.5.xml:82 +#: sssd.conf.5.xml:109 sssd.conf.5.xml:184 sssd-ldap.5.xml:1658 +#: sssd-ldap.5.xml:1864 sss-certmap.5.xml:645 sssd-systemtap.5.xml:82 #: sssd-systemtap.5.xml:143 sssd-systemtap.5.xml:236 sssd-systemtap.5.xml:274 #: sssd-systemtap.5.xml:330 sssd-ldap-attributes.5.xml:40 #: sssd-ldap-attributes.5.xml:659 sssd-ldap-attributes.5.xml:801 @@ -327,7 +327,7 @@ msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:196 sssd.conf.5.xml:1290 sssd.conf.5.xml:1767 -#: sssd.conf.5.xml:4190 sssd-ldap.5.xml:765 include/ldap_id_mapping.xml:270 +#: sssd.conf.5.xml:4207 sssd-ldap.5.xml:766 include/ldap_id_mapping.xml:270 msgid "Default: 10" msgstr "Per defecte: 10" @@ -413,7 +413,7 @@ msgstr "" "vençuts" #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:266 sssd.conf.5.xml:792 sssd.conf.5.xml:3709 +#: sssd.conf.5.xml:266 sssd.conf.5.xml:792 sssd.conf.5.xml:3716 #: include/failover.xml:100 msgid "Default: 3" msgstr "Per defecte: 3" @@ -435,7 +435,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:287 sssd.conf.5.xml:3541 +#: sssd.conf.5.xml:287 sssd.conf.5.xml:3548 msgid "re_expression (string)" msgstr "re_expression (cadena)" @@ -457,12 +457,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:304 sssd.conf.5.xml:3598 +#: sssd.conf.5.xml:304 sssd.conf.5.xml:3605 msgid "full_name_format (string)" msgstr "full_name_format (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:307 sssd.conf.5.xml:3601 +#: sssd.conf.5.xml:307 sssd.conf.5.xml:3608 msgid "" "A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</" "manvolnum> </citerefentry>-compatible format that describes how to compose a " @@ -473,40 +473,40 @@ msgstr "" "compondre un FQN des dels components del nom d'usuari i del nom del domini." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:318 sssd.conf.5.xml:3612 +#: sssd.conf.5.xml:318 sssd.conf.5.xml:3619 msgid "%1$s" msgstr "%1$s" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:319 sssd.conf.5.xml:3613 +#: sssd.conf.5.xml:319 sssd.conf.5.xml:3620 msgid "user name" msgstr "nom d'usuari" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:322 sssd.conf.5.xml:3616 +#: sssd.conf.5.xml:322 sssd.conf.5.xml:3623 msgid "%2$s" msgstr "%2$s" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:325 sssd.conf.5.xml:3619 +#: sssd.conf.5.xml:325 sssd.conf.5.xml:3626 msgid "domain name as specified in the SSSD config file." msgstr "" "el nom del domini tal com s'especifica al fitxer de configuració de l'SSSD." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:331 sssd.conf.5.xml:3625 +#: sssd.conf.5.xml:331 sssd.conf.5.xml:3632 msgid "%3$s" msgstr "%3$s" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:334 sssd.conf.5.xml:3628 +#: sssd.conf.5.xml:334 sssd.conf.5.xml:3635 msgid "" "domain flat name. Mostly usable for Active Directory domains, both directly " "configured or discovered via IPA trusts." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:315 sssd.conf.5.xml:3609 +#: sssd.conf.5.xml:315 sssd.conf.5.xml:3616 msgid "" "The following expansions are supported: <placeholder type=\"variablelist\" " "id=\"0\"/>" @@ -671,8 +671,8 @@ msgid "" msgstr "" #. type: Content of: <variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:468 sssd-ldap.5.xml:876 sssd-ldap.5.xml:888 -#: sssd-ldap.5.xml:980 sssd-ad.5.xml:920 sssd-ad.5.xml:995 sssd-krb5.5.xml:468 +#: sssd.conf.5.xml:468 sssd-ldap.5.xml:877 sssd-ldap.5.xml:889 +#: sssd-ldap.5.xml:982 sssd-ad.5.xml:920 sssd-ad.5.xml:995 sssd-krb5.5.xml:468 #: sssd-ldap-attributes.5.xml:470 sssd-ldap-attributes.5.xml:976 #: include/ldap_id_mapping.xml:211 include/ldap_id_mapping.xml:222 #: include/krb5_options.xml:148 @@ -952,7 +952,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:700 sssd.conf.5.xml:1791 sssd.conf.5.xml:4240 +#: sssd.conf.5.xml:700 sssd.conf.5.xml:1791 sssd.conf.5.xml:4257 #: sssd-ad.5.xml:187 sssd-ad.5.xml:327 sssd-ad.5.xml:341 msgid "Default: Not set" msgstr "Per defecte: Sense establir" @@ -1157,7 +1157,7 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:858 sssd.conf.5.xml:1201 sssd.conf.5.xml:1584 -#: sssd.conf.5.xml:1880 sssd-ldap.5.xml:494 +#: sssd.conf.5.xml:1880 sssd-ldap.5.xml:495 msgid "Default: 60" msgstr "Per defecte: 60" @@ -1269,7 +1269,7 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:937 sssd.conf.5.xml:1214 sssd.conf.5.xml:2322 -#: sssd-ldap.5.xml:331 +#: sssd-ldap.5.xml:332 msgid "Default: 300" msgstr "Per defecte: 300" @@ -1679,7 +1679,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1240 sssd.conf.5.xml:2964 sssd-ldap.5.xml:548 +#: sssd.conf.5.xml:1240 sssd.conf.5.xml:2971 sssd-ldap.5.xml:549 msgid "Default: 8" msgstr "Per defecte: 8" @@ -1707,8 +1707,8 @@ msgid "" msgstr "" #. type: Content of: <variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1265 sssd.conf.5.xml:1317 sssd.conf.5.xml:3730 -#: sssd-ldap.5.xml:473 sssd-ldap.5.xml:525 include/failover.xml:116 +#: sssd.conf.5.xml:1265 sssd.conf.5.xml:1317 sssd.conf.5.xml:3737 +#: sssd-ldap.5.xml:474 sssd-ldap.5.xml:526 include/failover.xml:116 #: include/krb5_options.xml:11 msgid "Default: 6" msgstr "Per defecte: 6" @@ -2047,7 +2047,7 @@ msgid "pam_pwd_expiration_warning (integer)" msgstr "pam_pwd_expiration_warning (enter)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1553 sssd.conf.5.xml:2988 +#: sssd.conf.5.xml:1553 sssd.conf.5.xml:2995 msgid "Display a warning N days before the password expires." msgstr "" @@ -2060,7 +2060,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1562 sssd.conf.5.xml:2991 +#: sssd.conf.5.xml:1562 sssd.conf.5.xml:2998 msgid "" "If zero is set, then this filter is not applied, i.e. if the expiration " "warning was received from backend server, it will automatically be displayed." @@ -2074,7 +2074,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1572 sssd.conf.5.xml:3977 sssd-ldap.5.xml:606 sssd.8.xml:79 +#: sssd.conf.5.xml:1572 sssd.conf.5.xml:3984 sssd-ldap.5.xml:607 sssd.8.xml:79 msgid "Default: 0" msgstr "Per defecte: 0" @@ -2137,8 +2137,8 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1632 sssd.conf.5.xml:1657 sssd.conf.5.xml:1676 -#: sssd.conf.5.xml:1913 sssd.conf.5.xml:2733 sssd.conf.5.xml:3906 -#: sssd-ldap.5.xml:1207 +#: sssd.conf.5.xml:1913 sssd.conf.5.xml:2733 sssd.conf.5.xml:3913 +#: sssd-ldap.5.xml:1209 msgid "Default: none" msgstr "Per defecte: none" @@ -2203,8 +2203,8 @@ msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1687 sssd.conf.5.xml:1698 sssd.conf.5.xml:1712 -#: sssd-ldap.5.xml:671 sssd-ldap.5.xml:692 sssd-ldap.5.xml:788 -#: sssd-ldap.5.xml:1293 sssd-ad.5.xml:505 sssd-ad.5.xml:581 sssd-ad.5.xml:1126 +#: sssd-ldap.5.xml:672 sssd-ldap.5.xml:693 sssd-ldap.5.xml:789 +#: sssd-ldap.5.xml:1295 sssd-ad.5.xml:505 sssd-ad.5.xml:581 sssd-ad.5.xml:1126 #: sssd-ad.5.xml:1175 include/ldap_id_mapping.xml:250 msgid "Default: False" msgstr "Per defecte: False" @@ -2243,7 +2243,7 @@ msgid "The path to the certificate database." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1723 sssd.conf.5.xml:2248 sssd.conf.5.xml:4354 +#: sssd.conf.5.xml:1723 sssd.conf.5.xml:2248 sssd.conf.5.xml:4371 msgid "Default:" msgstr "" @@ -2518,7 +2518,7 @@ msgid "Default: no_session" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1950 sssd.conf.5.xml:4293 +#: sssd.conf.5.xml:1950 sssd.conf.5.xml:4310 #, fuzzy #| msgid "ad_gpo_map_service (string)" msgid "pam_gssapi_services" @@ -2562,7 +2562,7 @@ msgstr "" " " #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1968 sssd.conf.5.xml:3900 +#: sssd.conf.5.xml:1968 sssd.conf.5.xml:3907 msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>" msgstr "Exemple: <placeholder type=\"programlisting\" id=\"0\"/>" @@ -2572,7 +2572,7 @@ msgid "Default: - (GSSAPI authentication is disabled)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1979 sssd.conf.5.xml:4294 +#: sssd.conf.5.xml:1979 sssd.conf.5.xml:4311 msgid "pam_gssapi_check_upn" msgstr "" @@ -2592,7 +2592,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1999 sssd-ad.5.xml:1266 sss_rpcidmapd.5.xml:76 +#: sssd.conf.5.xml:1999 sssd-ad.5.xml:1271 sss_rpcidmapd.5.xml:76 #: sssd-files.5.xml:145 msgid "Default: True" msgstr "Per defecte: True" @@ -3391,7 +3391,7 @@ msgid "FALSE = No enumerations for this domain" msgstr "FALSE = Cap enumeració per a aquest domini" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2669 sssd.conf.5.xml:2943 sssd.conf.5.xml:3120 +#: sssd.conf.5.xml:2669 sssd.conf.5.xml:2950 sssd.conf.5.xml:3127 msgid "Default: FALSE" msgstr "Per defecte: FALSE" @@ -3670,7 +3670,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2922 sssd-ldap.5.xml:360 sssd-ldap.5.xml:1736 +#: sssd.conf.5.xml:2922 sssd-ldap.5.xml:361 sssd-ldap.5.xml:1738 #: sssd-ipa.5.xml:270 msgid "Default: 0 (disabled)" msgstr "Per defecte: 0 (inhabilitat)" @@ -3682,16 +3682,17 @@ msgstr "cache_credentials (booleà)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:2931 -#, fuzzy -#| msgid "" -#| "Determines if user credentials are also cached in the local LDB cache" -msgid "Determines if user credentials are also cached in the local LDB cache." +msgid "" +"Determines if user credentials are also cached in the local LDB cache. The " +"cached credentials refer to passwords, which includes the first (long term) " +"factor of two-factor authentication, not other authentication mechanisms. " +"Passkey and Smartcard authentications are expected to work offline as long " +"as a successful online authentication is recorded in the cache without " +"additional configuration." msgstr "" -"Determina si les credencials d'usuari també són emmagatzemades en la memòria " -"cau local de LDB" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2935 +#: sssd.conf.5.xml:2942 msgid "" "Take a note that while credentials are stored as a salted SHA512 hash, this " "still potentially poses some security risk in case an attacker manages to " @@ -3700,12 +3701,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2949 +#: sssd.conf.5.xml:2956 msgid "cache_credentials_minimal_first_factor_length (int)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2952 +#: sssd.conf.5.xml:2959 msgid "" "If 2-Factor-Authentication (2FA) is used and credentials should be saved " "this value determines the minimal length the first authentication factor " @@ -3713,19 +3714,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2959 +#: sssd.conf.5.xml:2966 msgid "" "This should avoid that the short PINs of a PIN based 2FA scheme are saved in " "the cache which would make them easy targets for brute-force attacks." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2970 +#: sssd.conf.5.xml:2977 msgid "account_cache_expiration (integer)" msgstr "account_cache_expiration (enter)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2973 +#: sssd.conf.5.xml:2980 msgid "" "Number of days entries are left in cache after last successful login before " "being removed during a cleanup of the cache. 0 means keep forever. The " @@ -3738,17 +3739,17 @@ msgstr "" "ha de ser superior o igual que offline_credentials_expiration." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2980 +#: sssd.conf.5.xml:2987 msgid "Default: 0 (unlimited)" msgstr "Per defecte: 0 (sense límit)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2985 +#: sssd.conf.5.xml:2992 msgid "pwd_expiration_warning (integer)" msgstr "pwd_expiration_warning (enter)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2996 +#: sssd.conf.5.xml:3003 msgid "" "Please note that the backend server has to provide information about the " "expiration time of the password. If this information is missing, sssd " @@ -3757,28 +3758,28 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3003 +#: sssd.conf.5.xml:3010 msgid "Default: 7 (Kerberos), 0 (LDAP)" msgstr "Per defecte: 7 (Kerberos), 0 (LDAP)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3009 +#: sssd.conf.5.xml:3016 msgid "id_provider (string)" msgstr "id_provider (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3012 +#: sssd.conf.5.xml:3019 msgid "" "The identification provider used for the domain. Supported ID providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3016 +#: sssd.conf.5.xml:3023 msgid "<quote>proxy</quote>: Support a legacy NSS provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3019 +#: sssd.conf.5.xml:3026 msgid "" "<quote>files</quote>: FILES provider. See <citerefentry> <refentrytitle>sssd-" "files</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more " @@ -3786,7 +3787,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3027 +#: sssd.conf.5.xml:3034 msgid "" "<quote>ldap</quote>: LDAP provider. See <citerefentry> <refentrytitle>sssd-" "ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more " @@ -3794,8 +3795,8 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3035 sssd.conf.5.xml:3146 sssd.conf.5.xml:3197 -#: sssd.conf.5.xml:3260 +#: sssd.conf.5.xml:3042 sssd.conf.5.xml:3153 sssd.conf.5.xml:3204 +#: sssd.conf.5.xml:3267 msgid "" "<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management " "provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> " @@ -3804,8 +3805,8 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3044 sssd.conf.5.xml:3155 sssd.conf.5.xml:3206 -#: sssd.conf.5.xml:3269 +#: sssd.conf.5.xml:3051 sssd.conf.5.xml:3162 sssd.conf.5.xml:3213 +#: sssd.conf.5.xml:3276 msgid "" "<quote>ad</quote>: Active Directory provider. See <citerefentry> " "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3813,19 +3814,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3055 +#: sssd.conf.5.xml:3062 msgid "use_fully_qualified_names (bool)" msgstr "use_fully_qualified_names (booleà)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3058 +#: sssd.conf.5.xml:3065 msgid "" "Use the full name and domain (as formatted by the domain's full_name_format) " "as the user's login name reported to NSS." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3063 +#: sssd.conf.5.xml:3070 msgid "" "If set to TRUE, all requests to this domain must use fully qualified names. " "For example, if used in LOCAL domain that contains a \"test\" user, " @@ -3838,7 +3839,7 @@ msgstr "" "l'usuari mentre que <command>getent passwd test@LOCAL</command> sí." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3071 +#: sssd.conf.5.xml:3078 msgid "" "NOTE: This option has no effect on netgroup lookups due to their tendency to " "include nested netgroups without qualified names. For netgroups, all domains " @@ -3846,24 +3847,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3078 +#: sssd.conf.5.xml:3085 msgid "" "Default: FALSE (TRUE for trusted domain/sub-domains or if " "default_domain_suffix is used)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3085 +#: sssd.conf.5.xml:3092 msgid "ignore_group_members (bool)" msgstr "ignore_group_members (booleà)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3088 +#: sssd.conf.5.xml:3095 msgid "Do not return group members for group lookups." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3091 +#: sssd.conf.5.xml:3098 msgid "" "If set to TRUE, the group membership attribute is not requested from the " "ldap server, and group members are not returned when processing group lookup " @@ -3875,7 +3876,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3109 +#: sssd.conf.5.xml:3116 msgid "" "Enabling this option can also make access provider checks for group " "membership significantly faster, especially for groups containing many " @@ -3883,23 +3884,23 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3115 sssd.conf.5.xml:3822 sssd-ldap.5.xml:326 -#: sssd-ldap.5.xml:355 sssd-ldap.5.xml:408 sssd-ldap.5.xml:468 -#: sssd-ldap.5.xml:489 sssd-ldap.5.xml:520 sssd-ldap.5.xml:543 -#: sssd-ldap.5.xml:582 sssd-ldap.5.xml:601 sssd-ldap.5.xml:625 -#: sssd-ldap.5.xml:1051 sssd-ldap.5.xml:1084 +#: sssd.conf.5.xml:3122 sssd.conf.5.xml:3829 sssd-ldap.5.xml:327 +#: sssd-ldap.5.xml:356 sssd-ldap.5.xml:409 sssd-ldap.5.xml:469 +#: sssd-ldap.5.xml:490 sssd-ldap.5.xml:521 sssd-ldap.5.xml:544 +#: sssd-ldap.5.xml:583 sssd-ldap.5.xml:602 sssd-ldap.5.xml:626 +#: sssd-ldap.5.xml:1053 sssd-ldap.5.xml:1086 msgid "" "This option can be also set per subdomain or inherited via " "<emphasis>subdomain_inherit</emphasis>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3125 +#: sssd.conf.5.xml:3132 msgid "auth_provider (string)" msgstr "auth_provider (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3128 +#: sssd.conf.5.xml:3135 msgid "" "The authentication provider used for the domain. Supported auth providers " "are:" @@ -3908,7 +3909,7 @@ msgstr "" "d'autenticació suportats són:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3132 sssd.conf.5.xml:3190 +#: sssd.conf.5.xml:3139 sssd.conf.5.xml:3197 msgid "" "<quote>ldap</quote> for native LDAP authentication. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3919,7 +3920,7 @@ msgstr "" "manvolnum></citerefentry> per a més informació sobre configuració d'LDAP." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3139 +#: sssd.conf.5.xml:3146 msgid "" "<quote>krb5</quote> for Kerberos authentication. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3930,7 +3931,7 @@ msgstr "" "manvolnum></citerefentry> per a més informació sobre configurar Kerberos." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3163 +#: sssd.conf.5.xml:3170 msgid "" "<quote>proxy</quote> for relaying authentication to some other PAM target." msgstr "" @@ -3938,12 +3939,12 @@ msgstr "" "de PAM." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3166 +#: sssd.conf.5.xml:3173 msgid "<quote>none</quote> disables authentication explicitly." msgstr "<quote>none</quote> impossibilita l'autenticació explícitament." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3169 +#: sssd.conf.5.xml:3176 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can handle " "authentication requests." @@ -3952,12 +3953,12 @@ msgstr "" "gestionar les sol·licituds d'autenticació." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3175 +#: sssd.conf.5.xml:3182 msgid "access_provider (string)" msgstr "access_provider (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3178 +#: sssd.conf.5.xml:3185 msgid "" "The access control provider used for the domain. There are two built-in " "access providers (in addition to any included in installed backends) " @@ -3968,19 +3969,19 @@ msgstr "" "instal·lats) Els proveïdors especials interns són:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3184 +#: sssd.conf.5.xml:3191 msgid "" "<quote>permit</quote> always allow access. It's the only permitted access " "provider for a local domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3187 +#: sssd.conf.5.xml:3194 msgid "<quote>deny</quote> always deny access." msgstr "<quote>deny</quote> sempre denega l'accés." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3214 +#: sssd.conf.5.xml:3221 msgid "" "<quote>simple</quote> access control based on access or deny lists. See " "<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</" @@ -3993,7 +3994,7 @@ msgstr "" "configuració del mòdul d'accés simple." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3221 +#: sssd.conf.5.xml:3228 msgid "" "<quote>krb5</quote>: .k5login based access control. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum></" @@ -4001,22 +4002,22 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3228 +#: sssd.conf.5.xml:3235 msgid "<quote>proxy</quote> for relaying access control to another PAM module." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3231 +#: sssd.conf.5.xml:3238 msgid "Default: <quote>permit</quote>" msgstr "Per defecte: <quote>permit</quote>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3236 +#: sssd.conf.5.xml:3243 msgid "chpass_provider (string)" msgstr "chpass_provider (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3239 +#: sssd.conf.5.xml:3246 msgid "" "The provider which should handle change password operations for the domain. " "Supported change password providers are:" @@ -4025,7 +4026,7 @@ msgstr "" "al domini. Els proveïdors de canvi de contrasenya compatibles són:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3244 +#: sssd.conf.5.xml:3251 msgid "" "<quote>ldap</quote> to change a password stored in a LDAP server. See " "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" @@ -4033,7 +4034,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3252 +#: sssd.conf.5.xml:3259 msgid "" "<quote>krb5</quote> to change the Kerberos password. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" @@ -4044,7 +4045,7 @@ msgstr "" "manvolnum></citerefentry> per a més informació sobre configurar Kerberos." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3277 +#: sssd.conf.5.xml:3284 msgid "" "<quote>proxy</quote> for relaying password changes to some other PAM target." msgstr "" @@ -4052,12 +4053,12 @@ msgstr "" "objectiu PAM." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3281 +#: sssd.conf.5.xml:3288 msgid "<quote>none</quote> disallows password changes explicitly." msgstr "<quote>none</quote> rebutja els canvis de contrasenya explícitament." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3284 +#: sssd.conf.5.xml:3291 msgid "" "Default: <quote>auth_provider</quote> is used if it is set and can handle " "change password requests." @@ -4066,17 +4067,17 @@ msgstr "" "gestionar peticions de canvi de contrasenya." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3291 +#: sssd.conf.5.xml:3298 msgid "sudo_provider (string)" msgstr "sudo_provider (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3294 +#: sssd.conf.5.xml:3301 msgid "The SUDO provider used for the domain. Supported SUDO providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3298 +#: sssd.conf.5.xml:3305 msgid "" "<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" @@ -4084,32 +4085,32 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3306 +#: sssd.conf.5.xml:3313 msgid "" "<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default " "settings." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3310 +#: sssd.conf.5.xml:3317 msgid "" "<quote>ad</quote> the same as <quote>ldap</quote> but with AD default " "settings." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3314 +#: sssd.conf.5.xml:3321 msgid "<quote>none</quote> disables SUDO explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3317 sssd.conf.5.xml:3403 sssd.conf.5.xml:3473 -#: sssd.conf.5.xml:3498 sssd.conf.5.xml:3534 +#: sssd.conf.5.xml:3324 sssd.conf.5.xml:3410 sssd.conf.5.xml:3480 +#: sssd.conf.5.xml:3505 sssd.conf.5.xml:3541 msgid "Default: The value of <quote>id_provider</quote> is used if it is set." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3321 +#: sssd.conf.5.xml:3328 msgid "" "The detailed instructions for configuration of sudo_provider are in the " "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " @@ -4120,7 +4121,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3336 +#: sssd.conf.5.xml:3343 msgid "" "<emphasis>NOTE:</emphasis> Sudo rules are periodically downloaded in the " "background unless the sudo provider is explicitly disabled. Set " @@ -4129,12 +4130,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3346 +#: sssd.conf.5.xml:3353 msgid "selinux_provider (string)" msgstr "selinux_provider (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3349 +#: sssd.conf.5.xml:3356 msgid "" "The provider which should handle loading of selinux settings. Note that this " "provider will be called right after access provider ends. Supported selinux " @@ -4142,7 +4143,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3355 +#: sssd.conf.5.xml:3362 msgid "" "<quote>ipa</quote> to load selinux settings from an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" @@ -4150,31 +4151,31 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3363 +#: sssd.conf.5.xml:3370 msgid "<quote>none</quote> disallows fetching selinux settings explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3366 +#: sssd.conf.5.xml:3373 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can handle " "selinux loading requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3372 +#: sssd.conf.5.xml:3379 msgid "subdomains_provider (string)" msgstr "subdomains_provider (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3375 +#: sssd.conf.5.xml:3382 msgid "" "The provider which should handle fetching of subdomains. This value should " "be always the same as id_provider. Supported subdomain providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3381 +#: sssd.conf.5.xml:3388 msgid "" "<quote>ipa</quote> to load a list of subdomains from an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" @@ -4182,7 +4183,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3390 +#: sssd.conf.5.xml:3397 msgid "" "<quote>ad</quote> to load a list of subdomains from an Active Directory " "server. See <citerefentry> <refentrytitle>sssd-ad</refentrytitle> " @@ -4191,17 +4192,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3399 +#: sssd.conf.5.xml:3406 msgid "<quote>none</quote> disallows fetching subdomains explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3409 +#: sssd.conf.5.xml:3416 msgid "session_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3412 +#: sssd.conf.5.xml:3419 msgid "" "The provider which configures and manages user session related tasks. The " "only user session task currently provided is the integration with Fleet " @@ -4209,43 +4210,43 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3419 +#: sssd.conf.5.xml:3426 msgid "<quote>ipa</quote> to allow performing user session related tasks." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3423 +#: sssd.conf.5.xml:3430 msgid "" "<quote>none</quote> does not perform any kind of user session related tasks." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3427 +#: sssd.conf.5.xml:3434 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can perform " "session related tasks." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3431 +#: sssd.conf.5.xml:3438 msgid "" "<emphasis>NOTE:</emphasis> In order to have this feature working as expected " "SSSD must be running as \"root\" and not as the unprivileged user." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3439 +#: sssd.conf.5.xml:3446 msgid "autofs_provider (string)" msgstr "autofs_provider (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3442 +#: sssd.conf.5.xml:3449 msgid "" "The autofs provider used for the domain. Supported autofs providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3446 +#: sssd.conf.5.xml:3453 msgid "" "<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" @@ -4253,7 +4254,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3453 +#: sssd.conf.5.xml:3460 msgid "" "<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> " "<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </" @@ -4261,7 +4262,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3461 +#: sssd.conf.5.xml:3468 msgid "" "<quote>ad</quote> to load maps stored in an AD server. See <citerefentry> " "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </" @@ -4269,24 +4270,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3470 +#: sssd.conf.5.xml:3477 msgid "<quote>none</quote> disables autofs explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3480 +#: sssd.conf.5.xml:3487 msgid "hostid_provider (string)" msgstr "hostid_provider (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3483 +#: sssd.conf.5.xml:3490 msgid "" "The provider used for retrieving host identity information. Supported " "hostid providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3487 +#: sssd.conf.5.xml:3494 msgid "" "<quote>ipa</quote> to load host identity stored in an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" @@ -4294,31 +4295,31 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3495 +#: sssd.conf.5.xml:3502 msgid "<quote>none</quote> disables hostid explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3505 +#: sssd.conf.5.xml:3512 msgid "resolver_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3508 +#: sssd.conf.5.xml:3515 msgid "" "The provider which should handle hosts and networks lookups. Supported " "resolver providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3512 +#: sssd.conf.5.xml:3519 msgid "" "<quote>proxy</quote> to forward lookups to another NSS library. See " "<quote>proxy_resolver_lib_name</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3516 +#: sssd.conf.5.xml:3523 msgid "" "<quote>ldap</quote> to fetch hosts and networks stored in LDAP. See " "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" @@ -4326,7 +4327,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3523 +#: sssd.conf.5.xml:3530 msgid "" "<quote>ad</quote> to fetch hosts and networks stored in AD. See " "<citerefentry> <refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</" @@ -4335,12 +4336,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3531 +#: sssd.conf.5.xml:3538 msgid "<quote>none</quote> disallows fetching hosts and networks explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3544 +#: sssd.conf.5.xml:3551 msgid "" "Regular expression for this domain that describes how to parse the string " "containing user name and domain into these components. The \"domain\" can " @@ -4350,24 +4351,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3553 +#: sssd.conf.5.xml:3560 msgid "" "Default: <quote>^((?P<name>.+)@(?P<domain>[^@]*)|(?P<name>" "[^@]+))$</quote> which allows two different styles for user names:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:3558 sssd.conf.5.xml:3572 +#: sssd.conf.5.xml:3565 sssd.conf.5.xml:3579 msgid "username" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:3561 sssd.conf.5.xml:3575 +#: sssd.conf.5.xml:3568 sssd.conf.5.xml:3582 msgid "username@domain.name" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3566 +#: sssd.conf.5.xml:3573 msgid "" "Default for the AD and IPA provider: <quote>^(((?P<domain>[^\\\\]+)\\" "\\(?P<name>.+))|((?P<name>.+)@(?P<domain>[^@]+))|((?P<" @@ -4376,19 +4377,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:3578 +#: sssd.conf.5.xml:3585 msgid "domain\\username" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3581 +#: sssd.conf.5.xml:3588 msgid "" "While the first two correspond to the general default the third one is " "introduced to allow easy integration of users from Windows domains." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3586 +#: sssd.conf.5.xml:3593 msgid "" "The default re_expression uses the <quote>@</quote> character as a separator " "between the name and the domain. As a result of this setting the default " @@ -4398,17 +4399,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3638 +#: sssd.conf.5.xml:3645 msgid "Default: <quote>%1$s@%2$s</quote>." msgstr "Per defecte: <quote>%1$s@%2$s</quote>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3644 +#: sssd.conf.5.xml:3651 msgid "lookup_family_order (string)" msgstr "lookup_family_order (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3647 +#: sssd.conf.5.xml:3654 msgid "" "Provides the ability to select preferred address family to use when " "performing DNS lookups." @@ -4417,76 +4418,76 @@ msgstr "" "realitzar cerques de DNS." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3651 +#: sssd.conf.5.xml:3658 msgid "Supported values:" msgstr "Valors admesos:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3654 +#: sssd.conf.5.xml:3661 msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6" msgstr "ipv4_first: Intenta resoldre l'adreça IPv4, si falla, intenta IPv6" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3657 +#: sssd.conf.5.xml:3664 msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses." msgstr "ipv4_only: Intenta resoldre només noms màquina a adreces IPv4." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3660 +#: sssd.conf.5.xml:3667 msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4" msgstr "ipv6_first: Intenta resoldre l'adreça IPv6, si falla, intenta IPv4" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3663 +#: sssd.conf.5.xml:3670 msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses." msgstr "ipv6_only: Intenta resoldre només noms màquina a adreces IPv6." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3666 +#: sssd.conf.5.xml:3673 msgid "Default: ipv4_first" msgstr "Per defecte: ipv4_first" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3672 +#: sssd.conf.5.xml:3679 #, fuzzy #| msgid "dns_resolver_timeout (integer)" msgid "dns_resolver_server_timeout (integer)" msgstr "dns_resolver_timeout (enter)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3675 +#: sssd.conf.5.xml:3682 msgid "" "Defines the amount of time (in milliseconds) SSSD would try to talk to DNS " "server before trying next DNS server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3680 +#: sssd.conf.5.xml:3687 msgid "" "The AD provider will use this option for the CLDAP ping timeouts as well." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3684 sssd.conf.5.xml:3704 sssd.conf.5.xml:3725 +#: sssd.conf.5.xml:3691 sssd.conf.5.xml:3711 sssd.conf.5.xml:3732 msgid "" "Please see the section <quote>FAILOVER</quote> for more information about " "the service resolution." msgstr "" #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3689 sssd-ldap.5.xml:644 include/failover.xml:84 +#: sssd.conf.5.xml:3696 sssd-ldap.5.xml:645 include/failover.xml:84 msgid "Default: 1000" msgstr "Per defecte: 1000" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3695 +#: sssd.conf.5.xml:3702 #, fuzzy #| msgid "dns_resolver_timeout (integer)" msgid "dns_resolver_op_timeout (integer)" msgstr "dns_resolver_timeout (enter)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3698 +#: sssd.conf.5.xml:3705 msgid "" "Defines the amount of time (in seconds) to wait to resolve single DNS query " "(e.g. resolution of a hostname or an SRV record) before trying the next " @@ -4494,12 +4495,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3715 +#: sssd.conf.5.xml:3722 msgid "dns_resolver_timeout (integer)" msgstr "dns_resolver_timeout (enter)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3718 +#: sssd.conf.5.xml:3725 msgid "" "Defines the amount of time (in seconds) to wait for a reply from the " "internal fail over service before assuming that the service is unreachable. " @@ -4508,14 +4509,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3736 +#: sssd.conf.5.xml:3743 #, fuzzy #| msgid "dns_resolver_timeout (integer)" msgid "dns_resolver_use_search_list (bool)" msgstr "dns_resolver_timeout (enter)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3739 +#: sssd.conf.5.xml:3746 msgid "" "Normally, the DNS resolver searches the domain list defined in the " "\"search\" directive from the resolv.conf file. This can lead to delays in " @@ -4523,7 +4524,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3745 +#: sssd.conf.5.xml:3752 msgid "" "If fully qualified domain names (or _srv_) are used in the SSSD " "configuration, setting this option to FALSE can prevent unnecessary DNS " @@ -4531,17 +4532,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3751 +#: sssd.conf.5.xml:3758 msgid "Default: TRUE" msgstr "Per defecte: TRUE" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3757 +#: sssd.conf.5.xml:3764 msgid "dns_discovery_domain (string)" msgstr "dns_discovery_domain (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3760 +#: sssd.conf.5.xml:3767 msgid "" "If service discovery is used in the back end, specifies the domain part of " "the service discovery DNS query." @@ -4550,52 +4551,52 @@ msgstr "" "del domini de la consulta DNS del servei de descobriment." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3764 +#: sssd.conf.5.xml:3771 msgid "Default: Use the domain part of machine's hostname" msgstr "Per defecte: Utilitza la part del domini del nom de màquina" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3770 +#: sssd.conf.5.xml:3777 msgid "override_gid (integer)" msgstr "override_gid (enter)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3773 +#: sssd.conf.5.xml:3780 msgid "Override the primary GID value with the one specified." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3779 +#: sssd.conf.5.xml:3786 msgid "case_sensitive (string)" msgstr "case_sensitive (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3786 +#: sssd.conf.5.xml:3793 msgid "True" msgstr "True" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3789 +#: sssd.conf.5.xml:3796 msgid "Case sensitive. This value is invalid for AD provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3795 +#: sssd.conf.5.xml:3802 msgid "False" msgstr "False" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3797 +#: sssd.conf.5.xml:3804 msgid "Case insensitive." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3801 +#: sssd.conf.5.xml:3808 msgid "Preserving" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3804 +#: sssd.conf.5.xml:3811 msgid "" "Same as False (case insensitive), but does not lowercase names in the result " "of NSS operations. Note that name aliases (and in case of services also " @@ -4603,14 +4604,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3812 +#: sssd.conf.5.xml:3819 msgid "" "If you want to set this value for trusted domain with IPA provider, you need " "to set it on both the client and SSSD on the server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3782 +#: sssd.conf.5.xml:3789 #, fuzzy #| msgid "" #| "The following expansions are supported: <placeholder " @@ -4623,17 +4624,17 @@ msgstr "" "id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3827 +#: sssd.conf.5.xml:3834 msgid "Default: True (False for AD provider)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3833 +#: sssd.conf.5.xml:3840 msgid "subdomain_inherit (string)" msgstr "subdomain_inherit (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3836 +#: sssd.conf.5.xml:3843 msgid "" "Specifies a list of configuration parameters that should be inherited by a " "subdomain. Please note that only selected parameters can be inherited. " @@ -4641,130 +4642,130 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3842 +#: sssd.conf.5.xml:3849 #, fuzzy #| msgid "ldap_search_timeout (integer)" msgid "ldap_search_timeout" msgstr "ldap_search_timeout (enter)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3845 +#: sssd.conf.5.xml:3852 #, fuzzy #| msgid "ldap_network_timeout (integer)" msgid "ldap_network_timeout" msgstr "ldap_network_timeout (enter)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3848 +#: sssd.conf.5.xml:3855 #, fuzzy #| msgid "ldap_opt_timeout (integer)" msgid "ldap_opt_timeout" msgstr "ldap_opt_timeout (enter)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3851 +#: sssd.conf.5.xml:3858 #, fuzzy #| msgid "ldap_connection_expire_timeout (integer)" msgid "ldap_offline_timeout" msgstr "ldap_connection_expire_timeout (enter)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3854 +#: sssd.conf.5.xml:3861 #, fuzzy #| msgid "ldap_enumeration_refresh_timeout (integer)" msgid "ldap_enumeration_refresh_timeout" msgstr "ldap_enumeration_refresh_timeout (enter)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3857 +#: sssd.conf.5.xml:3864 #, fuzzy #| msgid "ldap_enumeration_refresh_timeout (integer)" msgid "ldap_enumeration_refresh_offset" msgstr "ldap_enumeration_refresh_timeout (enter)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3860 +#: sssd.conf.5.xml:3867 msgid "ldap_purge_cache_timeout" msgstr "ldap_purge_cache_timeout" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3863 +#: sssd.conf.5.xml:3870 #, fuzzy #| msgid "ldap_purge_cache_timeout" msgid "ldap_purge_cache_offset" msgstr "ldap_purge_cache_timeout" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3866 +#: sssd.conf.5.xml:3873 msgid "" "ldap_krb5_keytab (the value of krb5_keytab will be used if ldap_krb5_keytab " "is not set explicitly)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3870 +#: sssd.conf.5.xml:3877 #, fuzzy #| msgid "ldap_krb5_ticket_lifetime (integer)" msgid "ldap_krb5_ticket_lifetime" msgstr "ldap_krb5_ticket_lifetime (enter)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3873 +#: sssd.conf.5.xml:3880 #, fuzzy #| msgid "ldap_enumeration_search_timeout (integer)" msgid "ldap_enumeration_search_timeout" msgstr "ldap_enumeration_search_timeout (enter)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3876 +#: sssd.conf.5.xml:3883 #, fuzzy #| msgid "ldap_connection_expire_timeout (integer)" msgid "ldap_connection_expire_timeout" msgstr "ldap_connection_expire_timeout (enter)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3879 +#: sssd.conf.5.xml:3886 #, fuzzy #| msgid "ldap_connection_expire_timeout (integer)" msgid "ldap_connection_expire_offset" msgstr "ldap_connection_expire_timeout (enter)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3882 +#: sssd.conf.5.xml:3889 #, fuzzy #| msgid "ldap_connection_expire_timeout (integer)" msgid "ldap_connection_idle_timeout" msgstr "ldap_connection_expire_timeout (enter)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3885 sssd-ldap.5.xml:400 +#: sssd.conf.5.xml:3892 sssd-ldap.5.xml:401 msgid "ldap_use_tokengroups" msgstr "ldap_use_tokengroups" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3888 +#: sssd.conf.5.xml:3895 msgid "ldap_user_principal" msgstr "ldap_user_principal" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3891 +#: sssd.conf.5.xml:3898 msgid "ignore_group_members" msgstr "ignore_group_members" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3894 +#: sssd.conf.5.xml:3901 msgid "auto_private_groups" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3897 +#: sssd.conf.5.xml:3904 #, fuzzy #| msgid "case_sensitive (string)" msgid "case_sensitive" msgstr "case_sensitive (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:3902 +#: sssd.conf.5.xml:3909 #, no-wrap msgid "" "subdomain_inherit = ldap_purge_cache_timeout\n" @@ -4774,27 +4775,27 @@ msgstr "" " " #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3909 +#: sssd.conf.5.xml:3916 msgid "Note: This option only works with the IPA and AD provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3916 +#: sssd.conf.5.xml:3923 msgid "subdomain_homedir (string)" msgstr "subdomain_homedir (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3927 +#: sssd.conf.5.xml:3934 msgid "%F" msgstr "%F" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3928 +#: sssd.conf.5.xml:3935 msgid "flat (NetBIOS) name of a subdomain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3919 +#: sssd.conf.5.xml:3926 msgid "" "Use this homedir as default value for all subdomains within this domain in " "IPA AD trust. See <emphasis>override_homedir</emphasis> for info about " @@ -4804,34 +4805,34 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3933 +#: sssd.conf.5.xml:3940 msgid "" "The value can be overridden by <emphasis>override_homedir</emphasis> option." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3937 +#: sssd.conf.5.xml:3944 msgid "Default: <filename>/home/%d/%u</filename>" msgstr "Per defecte: <filename>/home/%d/%u</filename>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3942 +#: sssd.conf.5.xml:3949 msgid "realmd_tags (string)" msgstr "realmd_tags (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3945 +#: sssd.conf.5.xml:3952 msgid "" "Various tags stored by the realmd configuration service for this domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3951 +#: sssd.conf.5.xml:3958 msgid "cached_auth_timeout (int)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3954 +#: sssd.conf.5.xml:3961 msgid "" "Specifies time in seconds since last successful online authentication for " "which user will be authenticated using cached credentials while SSSD is in " @@ -4840,19 +4841,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3962 +#: sssd.conf.5.xml:3969 msgid "" "This option's value is inherited by all trusted domains. At the moment it is " "not possible to set a different value per trusted domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3967 +#: sssd.conf.5.xml:3974 msgid "Special value 0 implies that this feature is disabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3971 +#: sssd.conf.5.xml:3978 msgid "" "Please note that if <quote>cached_auth_timeout</quote> is longer than " "<quote>pam_id_timeout</quote> then the back end could be called to handle " @@ -4860,14 +4861,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3982 +#: sssd.conf.5.xml:3989 #, fuzzy #| msgid "ldap_pwd_policy (string)" msgid "local_auth_policy (string)" msgstr "ldap_pwd_policy (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3985 +#: sssd.conf.5.xml:3992 msgid "" "Local authentication methods policy. Some backends (i.e. LDAP, proxy " "provider) only support a password based authentication, while others can " @@ -4878,7 +4879,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3995 +#: sssd.conf.5.xml:4002 msgid "" "There are three possible values for this option: match, only, enable. " "<quote>match</quote> is used to match offline and online states for Kerberos " @@ -4889,8 +4890,17 @@ msgid "" "separated, such as <quote>enable:passkey, enable:smartcard</quote>" msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4014 +msgid "" +"Please note that if local Smartcard authentication is enabled and a " +"Smartcard is present, Smartcard authentication will be preferred over the " +"authentication methods supported by the backend. I.e. there will be a PIN " +"prompt instead of e.g. a password prompt." +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:4011 +#: sssd.conf.5.xml:4026 #, no-wrap msgid "" "[domain/shadowutils]\n" @@ -4901,7 +4911,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4007 +#: sssd.conf.5.xml:4022 #, fuzzy #| msgid "" #| "The following example shows a minimal idmapd.conf which makes use of the " @@ -4915,7 +4925,7 @@ msgstr "" "sss. <placeholder type=\"programlisting\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4019 +#: sssd.conf.5.xml:4034 #, fuzzy #| msgid "These options can be used to configure the InfoPipe responder." msgid "This option is ignored for the files provider." @@ -4924,31 +4934,31 @@ msgstr "" "l'InfoPipe." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4022 +#: sssd.conf.5.xml:4037 #, fuzzy #| msgid "Default: cn" msgid "Default: match" msgstr "Per defecte: cn" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4027 +#: sssd.conf.5.xml:4042 msgid "auto_private_groups (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4033 +#: sssd.conf.5.xml:4048 msgid "true" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4036 +#: sssd.conf.5.xml:4051 msgid "" "Create user's private group unconditionally from user's UID number. The GID " "number is ignored in this case." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4040 +#: sssd.conf.5.xml:4055 msgid "" "NOTE: Because the GID number and the user private group are inferred from " "the UID number, it is not supported to have multiple entries with the same " @@ -4957,24 +4967,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4049 +#: sssd.conf.5.xml:4064 msgid "false" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4052 +#: sssd.conf.5.xml:4067 msgid "" "Always use the user's primary GID number. The GID number must refer to a " "group object in the LDAP database." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4058 +#: sssd.conf.5.xml:4073 msgid "hybrid" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4061 +#: sssd.conf.5.xml:4076 msgid "" "A primary group is autogenerated for user entries whose UID and GID numbers " "have the same value and at the same time the GID number does not correspond " @@ -4984,14 +4994,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4074 +#: sssd.conf.5.xml:4089 msgid "" "If the UID and GID of a user are different, then the GID must correspond to " "a group entry, otherwise the GID is simply not resolvable." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4081 +#: sssd.conf.5.xml:4096 msgid "" "This feature is useful for environments that wish to stop maintaining a " "separate group objects for the user private groups, but also wish to retain " @@ -4999,21 +5009,21 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4030 +#: sssd.conf.5.xml:4045 msgid "" "This option takes any of three available values: <placeholder " "type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4093 +#: sssd.conf.5.xml:4108 msgid "" "For subdomains, the default value is False for subdomains that use assigned " "POSIX IDs and True for subdomains that use automatic ID-mapping." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:4101 +#: sssd.conf.5.xml:4116 #, no-wrap msgid "" "[domain/forest.domain/sub.domain]\n" @@ -5021,7 +5031,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:4107 +#: sssd.conf.5.xml:4122 #, no-wrap msgid "" "[domain/forest.domain]\n" @@ -5030,7 +5040,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4098 +#: sssd.conf.5.xml:4113 msgid "" "The value of auto_private_groups can either be set per subdomains in a " "subsection, for example: <placeholder type=\"programlisting\" id=\"0\"/> or " @@ -5050,31 +5060,36 @@ msgstr "" "replaceable>]</quote> <placeholder type=\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4122 +#: sssd.conf.5.xml:4137 msgid "proxy_pam_target (string)" msgstr "proxy_pam_target (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4125 +#: sssd.conf.5.xml:4140 msgid "The proxy target PAM proxies to." msgstr "El servidor intermediari on reenvia PAM." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4128 +#: sssd.conf.5.xml:4143 +#, fuzzy +#| msgid "" +#| "Default: not set by default, you have to take an existing pam " +#| "configuration or create a new one and add the service name here." msgid "" "Default: not set by default, you have to take an existing pam configuration " -"or create a new one and add the service name here." +"or create a new one and add the service name here. As an alternative you can " +"enable local authentication with the local_auth_policy option." msgstr "" "Per defecte: No està establit per defecte, heu de prendre una configuració " "de pam existent o crear-ne una de nova i afegir aquí el nom del servei." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4136 +#: sssd.conf.5.xml:4153 msgid "proxy_lib_name (string)" msgstr "proxy_lib_name (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4139 +#: sssd.conf.5.xml:4156 msgid "" "The name of the NSS library to use in proxy domains. The NSS functions " "searched for in the library are in the form of _nss_$(libName)_$(function), " @@ -5085,12 +5100,12 @@ msgstr "" "format _nss_$(libName)_$(function), per exemple _nss_files_getpwent." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4149 +#: sssd.conf.5.xml:4166 msgid "proxy_resolver_lib_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4152 +#: sssd.conf.5.xml:4169 msgid "" "The name of the NSS library to use for hosts and networks lookups in proxy " "domains. The NSS functions searched for in the library are in the form of " @@ -5098,12 +5113,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4163 +#: sssd.conf.5.xml:4180 msgid "proxy_fast_alias (boolean)" msgstr "proxy_fast_alias (booleà)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4166 +#: sssd.conf.5.xml:4183 msgid "" "When a user or group is looked up by name in the proxy provider, a second " "lookup by ID is performed to \"canonicalize\" the name in case the requested " @@ -5112,12 +5127,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4180 +#: sssd.conf.5.xml:4197 msgid "proxy_max_children (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4183 +#: sssd.conf.5.xml:4200 msgid "" "This option specifies the number of pre-forked proxy children. It is useful " "for high-load SSSD environments where sssd may run out of available child " @@ -5125,7 +5140,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4118 +#: sssd.conf.5.xml:4133 msgid "" "Options valid for proxy domains. <placeholder type=\"variablelist\" " "id=\"0\"/>" @@ -5134,12 +5149,12 @@ msgstr "" "type=\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:4199 +#: sssd.conf.5.xml:4216 msgid "Application domains" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4201 +#: sssd.conf.5.xml:4218 msgid "" "SSSD, with its D-Bus interface (see <citerefentry> <refentrytitle>sssd-ifp</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry>) is appealing to " @@ -5156,7 +5171,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4221 +#: sssd.conf.5.xml:4238 msgid "" "Please note that the application domain must still be explicitly enabled in " "the <quote>domains</quote> parameter so that the lookup order between the " @@ -5164,17 +5179,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> -#: sssd.conf.5.xml:4227 +#: sssd.conf.5.xml:4244 msgid "Application domain parameters" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4229 +#: sssd.conf.5.xml:4246 msgid "inherit_from (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4232 +#: sssd.conf.5.xml:4249 msgid "" "The SSSD POSIX-type domain the application domain inherits all settings " "from. The application domain can moreover add its own settings to the " @@ -5183,7 +5198,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4246 +#: sssd.conf.5.xml:4263 msgid "" "The following example illustrates the use of an application domain. In this " "setup, the POSIX domain is connected to an LDAP server and is used by the OS " @@ -5193,7 +5208,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><programlisting> -#: sssd.conf.5.xml:4254 +#: sssd.conf.5.xml:4271 #, no-wrap msgid "" "[sssd]\n" @@ -5213,12 +5228,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4274 +#: sssd.conf.5.xml:4291 msgid "TRUSTED DOMAIN SECTION" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4276 +#: sssd.conf.5.xml:4293 msgid "" "Some options used in the domain section can also be used in the trusted " "domain section, that is, in a section called <quote>[domain/" @@ -5229,69 +5244,69 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4283 +#: sssd.conf.5.xml:4300 msgid "ldap_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4284 +#: sssd.conf.5.xml:4301 msgid "ldap_user_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4285 +#: sssd.conf.5.xml:4302 msgid "ldap_group_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4286 +#: sssd.conf.5.xml:4303 msgid "ldap_netgroup_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4287 +#: sssd.conf.5.xml:4304 msgid "ldap_service_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4288 +#: sssd.conf.5.xml:4305 msgid "ldap_sasl_mech," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4289 +#: sssd.conf.5.xml:4306 msgid "ad_server," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4290 +#: sssd.conf.5.xml:4307 msgid "ad_backup_server," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4291 +#: sssd.conf.5.xml:4308 msgid "ad_site," msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4292 sssd-ipa.5.xml:879 +#: sssd.conf.5.xml:4309 sssd-ipa.5.xml:884 msgid "use_fully_qualified_names" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4296 +#: sssd.conf.5.xml:4313 msgid "" "For more details about these options see their individual description in the " "manual page." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4302 +#: sssd.conf.5.xml:4319 msgid "CERTIFICATE MAPPING SECTION" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4304 +#: sssd.conf.5.xml:4321 msgid "" "To allow authentication with Smartcards and certificates SSSD must be able " "to map certificates to users. This can be done by adding the full " @@ -5304,7 +5319,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4318 +#: sssd.conf.5.xml:4335 msgid "" "To make the mapping more flexible mapping and matching rules were added to " "SSSD (see <citerefentry> <refentrytitle>sss-certmap</refentrytitle> " @@ -5312,7 +5327,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4327 +#: sssd.conf.5.xml:4344 msgid "" "A mapping and matching rule can be added to the SSSD configuration in a " "section on its own with a name like <quote>[certmap/" @@ -5321,55 +5336,55 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4334 +#: sssd.conf.5.xml:4351 msgid "matchrule (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4337 +#: sssd.conf.5.xml:4354 msgid "" "Only certificates from the Smartcard which matches this rule will be " "processed, all others are ignored." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4341 +#: sssd.conf.5.xml:4358 msgid "" "Default: KRB5:<EKU>clientAuth, i.e. only certificates which have the " "Extended Key Usage <quote>clientAuth</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4348 +#: sssd.conf.5.xml:4365 msgid "maprule (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4351 +#: sssd.conf.5.xml:4368 msgid "Defines how the user is found for a given certificate." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4357 +#: sssd.conf.5.xml:4374 msgid "" "LDAP:(userCertificate;binary={cert!bin}) for LDAP based providers like " "<quote>ldap</quote>, <quote>AD</quote> or <quote>ipa</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4363 +#: sssd.conf.5.xml:4380 msgid "" "The RULE_NAME for the <quote>files</quote> provider which tries to find a " "user with the same name." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4372 +#: sssd.conf.5.xml:4389 msgid "domains (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4375 +#: sssd.conf.5.xml:4392 msgid "" "Comma separated list of domain names the rule should be applied. By default " "a rule is only valid in the domain configured in sssd.conf. If the provider " @@ -5378,17 +5393,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4382 +#: sssd.conf.5.xml:4399 msgid "Default: the configured domain in sssd.conf" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4387 +#: sssd.conf.5.xml:4404 msgid "priority (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4390 +#: sssd.conf.5.xml:4407 msgid "" "Unsigned integer value defining the priority of the rule. The higher the " "number the lower the priority. <quote>0</quote> stands for the highest " @@ -5396,26 +5411,26 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4396 +#: sssd.conf.5.xml:4413 msgid "Default: the lowest priority" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4402 +#: sssd.conf.5.xml:4419 msgid "" "To make the configuration simple and reduce the amount of configuration " "options the <quote>files</quote> provider has some special properties:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4408 +#: sssd.conf.5.xml:4425 msgid "" "if maprule is not set the RULE_NAME name is assumed to be the name of the " "matching user" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4414 +#: sssd.conf.5.xml:4431 msgid "" "if a maprule is used both a single user name or a template like " "<quote>{subject_rfc822_name.short_name}</quote> must be in braces like e.g. " @@ -5424,17 +5439,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4423 +#: sssd.conf.5.xml:4440 msgid "the <quote>domains</quote> option is ignored" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4431 +#: sssd.conf.5.xml:4448 msgid "PROMPTING CONFIGURATION SECTION" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4433 +#: sssd.conf.5.xml:4450 msgid "" "If a special file (<filename>/var/lib/sss/pubconf/pam_preauth_available</" "filename>) exists SSSD's PAM module pam_sss will ask SSSD to figure out " @@ -5444,7 +5459,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4441 +#: sssd.conf.5.xml:4458 msgid "" "With the growing number of authentication methods and the possibility that " "there are multiple ones for a single user the heuristic used by pam_sss to " @@ -5453,59 +5468,59 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4453 +#: sssd.conf.5.xml:4470 msgid "[prompting/password]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4456 +#: sssd.conf.5.xml:4473 msgid "password_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4457 +#: sssd.conf.5.xml:4474 msgid "to change the string of the password prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4455 +#: sssd.conf.5.xml:4472 msgid "" "to configure password prompting, allowed options are: <placeholder " "type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4465 +#: sssd.conf.5.xml:4482 msgid "[prompting/2fa]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4469 +#: sssd.conf.5.xml:4486 msgid "first_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4470 +#: sssd.conf.5.xml:4487 msgid "to change the string of the prompt for the first factor" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4473 +#: sssd.conf.5.xml:4490 msgid "second_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4474 +#: sssd.conf.5.xml:4491 msgid "to change the string of the prompt for the second factor" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4477 +#: sssd.conf.5.xml:4494 msgid "single_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4478 +#: sssd.conf.5.xml:4495 msgid "" "boolean value, if True there will be only a single prompt using the value of " "first_prompt where it is expected that both factors are entered as a single " @@ -5514,7 +5529,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4467 +#: sssd.conf.5.xml:4484 msgid "" "to configure two-factor authentication prompting, allowed options are: " "<placeholder type=\"variablelist\" id=\"0\"/> If the second factor is " @@ -5523,17 +5538,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4495 +#: sssd.conf.5.xml:4512 msgid "[prompting/passkey]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4501 sssd-ad.5.xml:1021 +#: sssd.conf.5.xml:4518 sssd-ad.5.xml:1021 msgid "interactive" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4503 +#: sssd.conf.5.xml:4520 msgid "" "boolean value, if True prompt a message and wait before testing the presence " "of a passkey device. Recommended if your device doesn’t have a tactile " @@ -5541,39 +5556,39 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4511 +#: sssd.conf.5.xml:4528 msgid "interactive_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4513 +#: sssd.conf.5.xml:4530 msgid "to change the message of the interactive prompt." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4518 +#: sssd.conf.5.xml:4535 msgid "touch" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4520 +#: sssd.conf.5.xml:4537 msgid "" "boolean value, if True prompt a message to remind the user to touch the " "device." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4526 +#: sssd.conf.5.xml:4543 msgid "touch_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4528 +#: sssd.conf.5.xml:4545 msgid "to change the message of the touch prompt." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4497 +#: sssd.conf.5.xml:4514 #, fuzzy #| msgid "" #| "The following expansions are supported: <placeholder " @@ -5586,7 +5601,7 @@ msgstr "" "id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4448 +#: sssd.conf.5.xml:4465 msgid "" "Each supported authentication method has its own configuration subsection " "under <quote>[prompting/...]</quote>. Currently there are: <placeholder " @@ -5595,7 +5610,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4539 +#: sssd.conf.5.xml:4556 msgid "" "It is possible to add a subsection for specific PAM services, e.g. " "<quote>[prompting/password/sshd]</quote> to individual change the prompting " @@ -5603,12 +5618,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4546 pam_sss_gss.8.xml:157 idmap_sss.8.xml:43 +#: sssd.conf.5.xml:4563 pam_sss_gss.8.xml:157 idmap_sss.8.xml:43 msgid "EXAMPLES" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4552 +#: sssd.conf.5.xml:4569 #, no-wrap msgid "" "[sssd]\n" @@ -5662,7 +5677,7 @@ msgstr "" "enumerate = False\n" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4548 +#: sssd.conf.5.xml:4565 msgid "" "1. The following example shows a typical SSSD config. It does not describe " "configuration of the domains themselves - refer to documentation on " @@ -5671,7 +5686,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4585 +#: sssd.conf.5.xml:4602 #, no-wrap msgid "" "[domain/ipa.com/child.ad.com]\n" @@ -5679,7 +5694,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4579 +#: sssd.conf.5.xml:4596 msgid "" "2. The following example shows configuration of IPA AD trust where the AD " "forest consists of two domains in a parent-child structure. Suppose IPA " @@ -5690,7 +5705,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4596 +#: sssd.conf.5.xml:4613 #, no-wrap msgid "" "[certmap/my.domain/rule_name]\n" @@ -5701,7 +5716,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4590 +#: sssd.conf.5.xml:4607 msgid "" "3. The following example shows the configuration of a certificate mapping " "rule. It is valid for the configured domain <quote>my.domain</quote> and " @@ -5757,14 +5772,23 @@ msgstr "Podeu configurar SSSD per utilitzar més d'un domini d'LDAP." #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ldap.5.xml:38 +#, fuzzy +#| msgid "" +#| "LDAP back end supports id, auth, access and chpass providers. If you want " +#| "to authenticate against an LDAP server either TLS/SSL or LDAPS is " +#| "required. <command>sssd</command> <emphasis>does not</emphasis> support " +#| "authentication over an unencrypted channel. If the LDAP server is used " +#| "only as an identity provider, an encrypted channel is not needed. Please " +#| "refer to <quote>ldap_access_filter</quote> config option for more " +#| "information about using LDAP as an access provider." msgid "" "LDAP back end supports id, auth, access and chpass providers. If you want to " "authenticate against an LDAP server either TLS/SSL or LDAPS is required. " "<command>sssd</command> <emphasis>does not</emphasis> support authentication " -"over an unencrypted channel. If the LDAP server is used only as an identity " -"provider, an encrypted channel is not needed. Please refer to " -"<quote>ldap_access_filter</quote> config option for more information about " -"using LDAP as an access provider." +"over an unencrypted channel. Even if the LDAP server is used only as an " +"identity provider, an encrypted channel is strongly recommended. Please " +"refer to <quote>ldap_access_filter</quote> config option for more " +"information about using LDAP as an access provider." msgstr "" "El rerefons LDAP suporta proveïdors d'identificació, autenticació, accés i " "canvi de contrasenya. Si voleu autenticar contra un servidor LDAP s'exigeix " @@ -5775,19 +5799,19 @@ msgstr "" "informació sobre l'ús d'LDAP com un proveïdor d'accés." #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:82 sssd-ad.5.xml:130 +#: sssd-ldap.5.xml:50 sssd-simple.5.xml:69 sssd-ipa.5.xml:82 sssd-ad.5.xml:130 #: sssd-krb5.5.xml:63 sssd-ifp.5.xml:60 sssd-files.5.xml:77 #: sssd-session-recording.5.xml:58 sssd-kcm.8.xml:202 msgid "CONFIGURATION OPTIONS" msgstr "OPCIONS DE CONFIGURACIÓ" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:66 +#: sssd-ldap.5.xml:67 msgid "ldap_uri, ldap_backup_uri (string)" msgstr "ldap_uri, ldap_backup_uri (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:69 +#: sssd-ldap.5.xml:70 msgid "" "Specifies the comma-separated list of URIs of the LDAP servers to which SSSD " "should connect in the order of preference. Refer to the <quote>FAILOVER</" @@ -5797,33 +5821,33 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:76 +#: sssd-ldap.5.xml:77 msgid "The format of the URI must match the format defined in RFC 2732:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:79 +#: sssd-ldap.5.xml:80 msgid "ldap[s]://<host>[:port]" msgstr "ldap[s]://<host>[:port]" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:82 +#: sssd-ldap.5.xml:83 msgid "" "For explicit IPv6 addresses, <host> must be enclosed in brackets []" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:85 +#: sssd-ldap.5.xml:86 msgid "example: ldap://[fc00::126:25]:389" msgstr "exemple: ldap://[fc00::126:25]:389" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:91 +#: sssd-ldap.5.xml:92 msgid "ldap_chpass_uri, ldap_chpass_backup_uri (string)" msgstr "ldap_chpass_uri, ldap_chpass_backup_uri (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:94 +#: sssd-ldap.5.xml:95 msgid "" "Specifies the comma-separated list of URIs of the LDAP servers to which SSSD " "should connect in the order of preference to change the password of a user. " @@ -5832,67 +5856,67 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:101 +#: sssd-ldap.5.xml:102 msgid "To enable service discovery ldap_chpass_dns_service_name must be set." msgstr "" "Per habilitar el servei descobriment s'ha d'establir " "ldap_chpass_dns_service_name." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:105 +#: sssd-ldap.5.xml:106 msgid "Default: empty, i.e. ldap_uri is used." msgstr "Per defecte: buit, és a dir, s'utilitza ldap_uri." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:111 +#: sssd-ldap.5.xml:112 msgid "ldap_search_base (string)" msgstr "ldap_search_base (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:114 +#: sssd-ldap.5.xml:115 msgid "The default base DN to use for performing LDAP user operations." msgstr "" "El DN base per defecte a utilitzar per realitzar operacions d'usuari d'LDAP." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:118 +#: sssd-ldap.5.xml:119 msgid "" "Starting with SSSD 1.7.0, SSSD supports multiple search bases using the " "syntax:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:122 +#: sssd-ldap.5.xml:123 msgid "search_base[?scope?[filter][?search_base?scope?[filter]]*]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:125 +#: sssd-ldap.5.xml:126 msgid "The scope can be one of \"base\", \"onelevel\" or \"subtree\"." msgstr "" #. type: Content of: <listitem><para> -#: sssd-ldap.5.xml:128 include/ldap_search_bases.xml:18 +#: sssd-ldap.5.xml:129 include/ldap_search_bases.xml:18 msgid "" "The filter must be a valid LDAP search filter as specified by http://www." "ietf.org/rfc/rfc2254.txt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:132 sssd-ad.5.xml:311 sss_override.8.xml:143 +#: sssd-ldap.5.xml:133 sssd-ad.5.xml:311 sss_override.8.xml:143 #: sss_override.8.xml:240 sssd-ldap-attributes.5.xml:453 msgid "Examples:" msgstr "Exemples:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:135 +#: sssd-ldap.5.xml:136 msgid "" "ldap_search_base = dc=example,dc=com (which is equivalent to) " "ldap_search_base = dc=example,dc=com?subtree?" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:140 +#: sssd-ldap.5.xml:141 msgid "" "ldap_search_base = cn=host_specific,dc=example,dc=com?subtree?" "(host=thishost)?dc=example.com?subtree?" @@ -5901,7 +5925,7 @@ msgstr "" "(host=thishost)?dc=exemple.com?subtree?" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:143 +#: sssd-ldap.5.xml:144 msgid "" "Note: It is unsupported to have multiple search bases which reference " "identically-named objects (for example, groups with the same name in two " @@ -5910,7 +5934,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:150 +#: sssd-ldap.5.xml:151 msgid "" "Default: If not set, the value of the defaultNamingContext or namingContexts " "attribute from the RootDSE of the LDAP server is used. If " @@ -5921,12 +5945,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:164 +#: sssd-ldap.5.xml:165 msgid "ldap_schema (string)" msgstr "ldap_schema (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:167 +#: sssd-ldap.5.xml:168 msgid "" "Specifies the Schema Type in use on the target LDAP server. Depending on " "the selected schema, the default attribute names retrieved from the servers " @@ -5934,32 +5958,32 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:174 +#: sssd-ldap.5.xml:175 msgid "Four schema types are currently supported:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:178 +#: sssd-ldap.5.xml:179 msgid "rfc2307" msgstr "rfc2307" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:183 +#: sssd-ldap.5.xml:184 msgid "rfc2307bis" msgstr "rfc2307bis" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:188 +#: sssd-ldap.5.xml:189 msgid "IPA" msgstr "IPA" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:193 +#: sssd-ldap.5.xml:194 msgid "AD" msgstr "AD" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:199 +#: sssd-ldap.5.xml:200 msgid "" "The main difference between these schema types is how group memberships are " "recorded in the server. With rfc2307, group members are listed by name in " @@ -5970,37 +5994,37 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:209 +#: sssd-ldap.5.xml:210 msgid "Default: rfc2307" msgstr "Per defecte: rfc2307" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:215 +#: sssd-ldap.5.xml:216 msgid "ldap_pwmodify_mode (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:218 +#: sssd-ldap.5.xml:219 msgid "Specify the operation that is used to modify user password." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:222 +#: sssd-ldap.5.xml:223 msgid "Two modes are currently supported:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:226 +#: sssd-ldap.5.xml:227 msgid "exop - Password Modify Extended Operation (RFC 3062)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:232 +#: sssd-ldap.5.xml:233 msgid "ldap_modify - Direct modification of userPassword (not recommended)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:239 +#: sssd-ldap.5.xml:240 msgid "" "Note: First, a new connection is established to verify current password by " "binding as the user that requested password change. If successful, this " @@ -6009,75 +6033,75 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:247 +#: sssd-ldap.5.xml:248 msgid "Default: exop" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:253 +#: sssd-ldap.5.xml:254 msgid "ldap_default_bind_dn (string)" msgstr "ldap_default_bind_dn (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:256 +#: sssd-ldap.5.xml:257 msgid "The default bind DN to use for performing LDAP operations." msgstr "" "El vincle DN per defecte per utilitzar en realitzar les operacions d'LDAP." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:263 +#: sssd-ldap.5.xml:264 msgid "ldap_default_authtok_type (string)" msgstr "ldap_default_authtok_type (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:266 +#: sssd-ldap.5.xml:267 msgid "The type of the authentication token of the default bind DN." msgstr "El tipus de testimoni d'autenticació del vincle DN per defecte." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:270 +#: sssd-ldap.5.xml:271 msgid "The two mechanisms currently supported are:" msgstr "Els dos mecanismes suportats actualment són:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:273 +#: sssd-ldap.5.xml:274 msgid "password" msgstr "contrasenya" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:276 +#: sssd-ldap.5.xml:277 msgid "obfuscated_password" msgstr "obfuscated_password" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:279 +#: sssd-ldap.5.xml:280 msgid "Default: password" msgstr "Per defecte: password" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:282 +#: sssd-ldap.5.xml:283 msgid "" "See the <citerefentry> <refentrytitle>sss_obfuscate</refentrytitle> " "<manvolnum>8</manvolnum> </citerefentry> manual page for more information." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:293 +#: sssd-ldap.5.xml:294 msgid "ldap_default_authtok (string)" msgstr "ldap_default_authtok (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:296 +#: sssd-ldap.5.xml:297 msgid "The authentication token of the default bind DN." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:302 +#: sssd-ldap.5.xml:303 msgid "ldap_force_upper_case_realm (boolean)" msgstr "ldap_force_upper_case_realm (booleà)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:305 +#: sssd-ldap.5.xml:306 msgid "" "Some directory servers, for example Active Directory, might deliver the " "realm part of the UPN in lower case, which might cause the authentication to " @@ -6090,24 +6114,24 @@ msgstr "" "voleu utilitzar un àmbit en majúscules." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:318 +#: sssd-ldap.5.xml:319 msgid "ldap_enumeration_refresh_timeout (integer)" msgstr "ldap_enumeration_refresh_timeout (enter)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:321 +#: sssd-ldap.5.xml:322 msgid "" "Specifies how many seconds SSSD has to wait before refreshing its cache of " "enumerated records." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:337 +#: sssd-ldap.5.xml:338 msgid "ldap_purge_cache_timeout (integer)" msgstr "ldap_purge_cache_timeout (enter)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:340 +#: sssd-ldap.5.xml:341 msgid "" "Determine how often to check the cache for inactive entries (such as groups " "with no members and users who have never logged in) and remove them to save " @@ -6118,7 +6142,7 @@ msgstr "" "los per estalviar espai." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:346 +#: sssd-ldap.5.xml:347 msgid "" "Setting this option to zero will disable the cache cleanup operation. Please " "note that if enumeration is enabled, the cleanup task is required in order " @@ -6127,12 +6151,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:366 +#: sssd-ldap.5.xml:367 msgid "ldap_group_nesting_level (integer)" msgstr "ldap_group_nesting_level (enter)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:369 +#: sssd-ldap.5.xml:370 msgid "" "If ldap_schema is set to a schema format that supports nested groups (e.g. " "RFC2307bis), then this option controls how many levels of nesting SSSD will " @@ -6144,7 +6168,7 @@ msgstr "" "RFC2307." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:376 +#: sssd-ldap.5.xml:377 msgid "" "Note: This option specifies the guaranteed level of nested groups to be " "processed for any lookup. However, nested groups beyond this limit " @@ -6154,7 +6178,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:385 +#: sssd-ldap.5.xml:386 msgid "" "If ldap_group_nesting_level is set to 0 then no nested groups are processed " "at all. However, when connected to Active-Directory Server 2008 and later " @@ -6164,67 +6188,67 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:394 +#: sssd-ldap.5.xml:395 msgid "Default: 2" msgstr "Per defecte: 2" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:403 +#: sssd-ldap.5.xml:404 msgid "" "This options enables or disables use of Token-Groups attribute when " "performing initgroup for users from Active Directory Server 2008 and later." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:413 +#: sssd-ldap.5.xml:414 msgid "Default: True for AD and IPA otherwise False." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:419 +#: sssd-ldap.5.xml:420 msgid "ldap_host_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:422 +#: sssd-ldap.5.xml:423 msgid "Optional. Use the given string as search base for host objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:426 sssd-ipa.5.xml:457 sssd-ipa.5.xml:476 sssd-ipa.5.xml:495 -#: sssd-ipa.5.xml:514 +#: sssd-ldap.5.xml:427 sssd-ipa.5.xml:462 sssd-ipa.5.xml:481 sssd-ipa.5.xml:500 +#: sssd-ipa.5.xml:519 msgid "" "See <quote>ldap_search_base</quote> for information about configuring " "multiple search bases." msgstr "" #. type: Content of: <listitem><para> -#: sssd-ldap.5.xml:431 sssd-ipa.5.xml:462 include/ldap_search_bases.xml:27 +#: sssd-ldap.5.xml:432 sssd-ipa.5.xml:467 include/ldap_search_bases.xml:27 msgid "Default: the value of <emphasis>ldap_search_base</emphasis>" msgstr "Per defecte: el valor de <emphasis>ldap_search_base</emphasis>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:438 +#: sssd-ldap.5.xml:439 msgid "ldap_service_search_base (string)" msgstr "ldap_service_search_base (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:443 +#: sssd-ldap.5.xml:444 msgid "ldap_iphost_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:448 +#: sssd-ldap.5.xml:449 msgid "ldap_ipnetwork_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:453 +#: sssd-ldap.5.xml:454 msgid "ldap_search_timeout (integer)" msgstr "ldap_search_timeout (enter)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:456 +#: sssd-ldap.5.xml:457 msgid "" "Specifies the timeout (in seconds) that ldap searches are allowed to run " "before they are cancelled and cached results are returned (and offline mode " @@ -6232,7 +6256,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:462 +#: sssd-ldap.5.xml:463 msgid "" "Note: this option is subject to change in future versions of the SSSD. It " "will likely be replaced at some point by a series of timeouts for specific " @@ -6240,12 +6264,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:479 +#: sssd-ldap.5.xml:480 msgid "ldap_enumeration_search_timeout (integer)" msgstr "ldap_enumeration_search_timeout (enter)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:482 +#: sssd-ldap.5.xml:483 msgid "" "Specifies the timeout (in seconds) that ldap searches for user and group " "enumerations are allowed to run before they are cancelled and cached results " @@ -6253,12 +6277,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:500 +#: sssd-ldap.5.xml:501 msgid "ldap_network_timeout (integer)" msgstr "ldap_network_timeout (enter)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:503 +#: sssd-ldap.5.xml:504 msgid "" "Specifies the timeout (in seconds) after which the <citerefentry> " "<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/" @@ -6275,12 +6299,12 @@ msgstr "" "manvolnum></citerefentry> retorna en cas de cap activitat." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:531 +#: sssd-ldap.5.xml:532 msgid "ldap_opt_timeout (integer)" msgstr "ldap_opt_timeout (enter)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:534 +#: sssd-ldap.5.xml:535 msgid "" "Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs " "will abort if no response is received. Also controls the timeout when " @@ -6289,12 +6313,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:554 +#: sssd-ldap.5.xml:555 msgid "ldap_connection_expire_timeout (integer)" msgstr "ldap_connection_expire_timeout (enter)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:557 +#: sssd-ldap.5.xml:558 msgid "" "Specifies a timeout (in seconds) that a connection to an LDAP server will be " "maintained. After this time, the connection will be re-established. If used " @@ -6303,7 +6327,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:565 +#: sssd-ldap.5.xml:566 msgid "" "If the connection is idle (not actively running an operation) within " "<emphasis>ldap_opt_timeout</emphasis> seconds of expiration, then it will be " @@ -6314,38 +6338,38 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:577 +#: sssd-ldap.5.xml:578 msgid "" "This timeout can be extended of a random value specified by " "<emphasis>ldap_connection_expire_offset</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:587 sssd-ldap.5.xml:630 sssd-ldap.5.xml:1711 +#: sssd-ldap.5.xml:588 sssd-ldap.5.xml:631 sssd-ldap.5.xml:1713 msgid "Default: 900 (15 minutes)" msgstr "Per defecte: 900 (15 minuts)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:593 +#: sssd-ldap.5.xml:594 msgid "ldap_connection_expire_offset (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:596 +#: sssd-ldap.5.xml:597 msgid "" "Random offset between 0 and configured value is added to " "<emphasis>ldap_connection_expire_timeout</emphasis>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:612 +#: sssd-ldap.5.xml:613 #, fuzzy #| msgid "ldap_connection_expire_timeout (integer)" msgid "ldap_connection_idle_timeout (integer)" msgstr "ldap_connection_expire_timeout (enter)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:615 +#: sssd-ldap.5.xml:616 msgid "" "Specifies a timeout (in seconds) that an idle connection to an LDAP server " "will be maintained. If the connection is idle for more than this time then " @@ -6353,29 +6377,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:621 +#: sssd-ldap.5.xml:622 msgid "You can disable this timeout by setting the value to 0." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:636 +#: sssd-ldap.5.xml:637 msgid "ldap_page_size (integer)" msgstr "ldap_page_size (enter)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:639 +#: sssd-ldap.5.xml:640 msgid "" "Specify the number of records to retrieve from LDAP in a single request. " "Some LDAP servers enforce a maximum limit per-request." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:650 +#: sssd-ldap.5.xml:651 msgid "ldap_disable_paging (boolean)" msgstr "ldap_disable_paging (booleà)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:653 +#: sssd-ldap.5.xml:654 msgid "" "Disable the LDAP paging control. This option should be used if the LDAP " "server reports that it supports the LDAP paging control in its RootDSE but " @@ -6383,14 +6407,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:659 +#: sssd-ldap.5.xml:660 msgid "" "Example: OpenLDAP servers with the paging control module installed on the " "server but not enabled will report it in the RootDSE but be unable to use it." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:665 +#: sssd-ldap.5.xml:666 msgid "" "Example: 389 DS has a bug where it can only support a one paging control at " "a time on a single connection. On busy clients, this can result in some " @@ -6398,17 +6422,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:677 +#: sssd-ldap.5.xml:678 msgid "ldap_disable_range_retrieval (boolean)" msgstr "ldap_disable_range_retrieval (booleà)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:680 +#: sssd-ldap.5.xml:681 msgid "Disable Active Directory range retrieval." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:683 +#: sssd-ldap.5.xml:684 msgid "" "Active Directory limits the number of members to be retrieved in a single " "lookup using the MaxValRange policy (which defaults to 1500 members). If a " @@ -6418,12 +6442,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:698 +#: sssd-ldap.5.xml:699 msgid "ldap_sasl_minssf (integer)" msgstr "ldap_sasl_minssf (enter)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:701 +#: sssd-ldap.5.xml:702 msgid "" "When communicating with an LDAP server using SASL, specify the minimum " "security level necessary to establish the connection. The values of this " @@ -6431,17 +6455,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:707 sssd-ldap.5.xml:723 +#: sssd-ldap.5.xml:708 sssd-ldap.5.xml:724 msgid "Default: Use the system default (usually specified by ldap.conf)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:714 +#: sssd-ldap.5.xml:715 msgid "ldap_sasl_maxssf (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:717 +#: sssd-ldap.5.xml:718 msgid "" "When communicating with an LDAP server using SASL, specify the maximal " "security level necessary to establish the connection. The values of this " @@ -6449,12 +6473,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:730 +#: sssd-ldap.5.xml:731 msgid "ldap_deref_threshold (integer)" msgstr "ldap_deref_threshold (enter)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:733 +#: sssd-ldap.5.xml:734 msgid "" "Specify the number of group members that must be missing from the internal " "cache in order to trigger a dereference lookup. If less members are missing, " @@ -6462,7 +6486,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:739 +#: sssd-ldap.5.xml:740 msgid "" "You can turn off dereference lookups completely by setting the value to 0. " "Please note that there are some codepaths in SSSD, like the IPA HBAC " @@ -6473,7 +6497,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:750 +#: sssd-ldap.5.xml:751 msgid "" "A dereference lookup is a means of fetching all group members in a single " "LDAP call. Different LDAP servers may implement different dereference " @@ -6482,7 +6506,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:758 +#: sssd-ldap.5.xml:759 msgid "" "<emphasis>Note:</emphasis> If any of the search bases specifies a search " "filter, then the dereference lookup performance enhancement will be disabled " @@ -6490,12 +6514,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:771 +#: sssd-ldap.5.xml:772 msgid "ldap_ignore_unreadable_references (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:774 +#: sssd-ldap.5.xml:775 msgid "" "Ignore unreadable LDAP entries referenced in group's member attribute. If " "this parameter is set to false an error will be returned and the operation " @@ -6503,7 +6527,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:781 +#: sssd-ldap.5.xml:782 msgid "" "This parameter may be useful when using the AD provider and the computer " "account that sssd uses to connect to AD does not have access to a particular " @@ -6511,12 +6535,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:794 +#: sssd-ldap.5.xml:795 msgid "ldap_tls_reqcert (string)" msgstr "ldap_tls_reqcert (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:797 +#: sssd-ldap.5.xml:798 msgid "" "Specifies what checks to perform on server certificates in a TLS session, if " "any. It can be specified as one of the following values:" @@ -6526,7 +6550,7 @@ msgstr "" "valors següents:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:803 +#: sssd-ldap.5.xml:804 msgid "" "<emphasis>never</emphasis> = The client will not request or check any server " "certificate." @@ -6535,7 +6559,7 @@ msgstr "" "certificat del servidor." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:807 +#: sssd-ldap.5.xml:808 msgid "" "<emphasis>allow</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -6547,7 +6571,7 @@ msgstr "" "normalment." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:814 +#: sssd-ldap.5.xml:815 msgid "" "<emphasis>try</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -6558,7 +6582,7 @@ msgstr "" "proporciona un certificat dolent, immediatament s'acaba la sessió." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:820 +#: sssd-ldap.5.xml:821 msgid "" "<emphasis>demand</emphasis> = The server certificate is requested. If no " "certificate is provided, or a bad certificate is provided, the session is " @@ -6569,22 +6593,22 @@ msgstr "" "immediatament s'acaba la sessió." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:826 +#: sssd-ldap.5.xml:827 msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>" msgstr "<emphasis>hard</emphasis> = Igual que <quote>demand</quote>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:830 +#: sssd-ldap.5.xml:831 msgid "Default: hard" msgstr "Per defecte: hard" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:836 +#: sssd-ldap.5.xml:837 msgid "ldap_tls_cacert (string)" msgstr "ldap_tls_cacert (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:839 +#: sssd-ldap.5.xml:840 msgid "" "Specifies the file that contains certificates for all of the Certificate " "Authorities that <command>sssd</command> will recognize." @@ -6593,7 +6617,7 @@ msgstr "" "Certificació que reconeixerà l'<command>sssd</command>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:844 sssd-ldap.5.xml:862 sssd-ldap.5.xml:903 +#: sssd-ldap.5.xml:845 sssd-ldap.5.xml:863 sssd-ldap.5.xml:904 msgid "" "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap." "conf</filename>" @@ -6602,12 +6626,12 @@ msgstr "" "<filename>/etc/openldap/ldap.conf</filename>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:851 +#: sssd-ldap.5.xml:852 msgid "ldap_tls_cacertdir (string)" msgstr "ldap_tls_cacertdir (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:854 +#: sssd-ldap.5.xml:855 msgid "" "Specifies the path of a directory that contains Certificate Authority " "certificates in separate individual files. Typically the file names need to " @@ -6621,32 +6645,32 @@ msgstr "" "correctes." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:869 +#: sssd-ldap.5.xml:870 msgid "ldap_tls_cert (string)" msgstr "ldap_tls_cert (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:872 +#: sssd-ldap.5.xml:873 msgid "Specifies the file that contains the certificate for the client's key." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:882 +#: sssd-ldap.5.xml:883 msgid "ldap_tls_key (string)" msgstr "ldap_tls_key (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:885 +#: sssd-ldap.5.xml:886 msgid "Specifies the file that contains the client's key." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:894 +#: sssd-ldap.5.xml:895 msgid "ldap_tls_cipher_suite (string)" msgstr "ldap_tls_cipher_suite (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:897 +#: sssd-ldap.5.xml:898 msgid "" "Specifies acceptable cipher suites. Typically this is a colon separated " "list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> " @@ -6654,26 +6678,31 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:910 +#: sssd-ldap.5.xml:911 msgid "ldap_id_use_start_tls (boolean)" msgstr "ldap_id_use_start_tls (booleà)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:913 +#: sssd-ldap.5.xml:914 +#, fuzzy +#| msgid "" +#| "Specifies that the id_provider connection must also use <systemitem " +#| "class=\"protocol\">tls</systemitem> to protect the channel." msgid "" "Specifies that the id_provider connection must also use <systemitem " -"class=\"protocol\">tls</systemitem> to protect the channel." +"class=\"protocol\">tls</systemitem> to protect the channel. <emphasis>true</" +"emphasis> is strongly recommended for security reasons." msgstr "" "Especifica que la connexió id_provider també ha d'utilitzar <systemitem " "class=\"protocol\">tls</systemitem> per a protegir el canal." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:923 +#: sssd-ldap.5.xml:925 msgid "ldap_id_mapping (boolean)" msgstr "ldap_id_mapping (booleà)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:926 +#: sssd-ldap.5.xml:928 msgid "" "Specifies that SSSD should attempt to map user and group IDs from the " "ldap_user_objectsid and ldap_group_objectsid attributes instead of relying " @@ -6681,17 +6710,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:932 +#: sssd-ldap.5.xml:934 msgid "Currently this feature supports only ActiveDirectory objectSID mapping." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:942 +#: sssd-ldap.5.xml:944 msgid "ldap_min_id, ldap_max_id (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:945 +#: sssd-ldap.5.xml:947 msgid "" "In contrast to the SID based ID mapping which is used if ldap_id_mapping is " "set to true the allowed ID range for ldap_user_uid_number and " @@ -6702,24 +6731,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:957 +#: sssd-ldap.5.xml:959 msgid "Default: not set (both options are set to 0)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:963 +#: sssd-ldap.5.xml:965 msgid "ldap_sasl_mech (string)" msgstr "ldap_sasl_mech (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:966 +#: sssd-ldap.5.xml:968 msgid "" "Specify the SASL mechanism to use. Currently only GSSAPI and GSS-SPNEGO are " "tested and supported." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:970 +#: sssd-ldap.5.xml:972 msgid "" "If the backend supports sub-domains the value of ldap_sasl_mech is " "automatically inherited to the sub-domains. If a different value is needed " @@ -6730,12 +6759,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:986 +#: sssd-ldap.5.xml:988 msgid "ldap_sasl_authid (string)" msgstr "ldap_sasl_authid (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd-ldap.5.xml:998 +#: sssd-ldap.5.xml:1000 #, no-wrap msgid "" "hostname@REALM\n" @@ -6748,7 +6777,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:989 +#: sssd-ldap.5.xml:991 msgid "" "Specify the SASL authorization id to use. When GSSAPI/GSS-SPNEGO are used, " "this represents the Kerberos principal used for authentication to the " @@ -6760,17 +6789,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1009 +#: sssd-ldap.5.xml:1011 msgid "Default: host/hostname@REALM" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1015 +#: sssd-ldap.5.xml:1017 msgid "ldap_sasl_realm (string)" msgstr "ldap_sasl_realm (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1018 +#: sssd-ldap.5.xml:1020 msgid "" "Specify the SASL realm to use. When not specified, this option defaults to " "the value of krb5_realm. If the ldap_sasl_authid contains the realm as " @@ -6778,51 +6807,51 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1024 +#: sssd-ldap.5.xml:1026 msgid "Default: the value of krb5_realm." msgstr "Per defecte: el valor de krb5_realm." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1030 +#: sssd-ldap.5.xml:1032 msgid "ldap_sasl_canonicalize (boolean)" msgstr "ldap_sasl_canonicalize (booleà)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1033 +#: sssd-ldap.5.xml:1035 msgid "" "If set to true, the LDAP library would perform a reverse lookup to " "canonicalize the host name during a SASL bind." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1038 +#: sssd-ldap.5.xml:1040 msgid "Default: false;" msgstr "Per defecte: false;" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1044 +#: sssd-ldap.5.xml:1046 msgid "ldap_krb5_keytab (string)" msgstr "ldap_krb5_keytab (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1047 +#: sssd-ldap.5.xml:1049 msgid "Specify the keytab to use when using SASL/GSSAPI/GSS-SPNEGO." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1056 sssd-krb5.5.xml:247 +#: sssd-ldap.5.xml:1058 sssd-krb5.5.xml:247 msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>" msgstr "" "Per defecte: Fitxer keytab de sistema, normalment <filename>/etc/krb5." "keytab</filename>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1062 +#: sssd-ldap.5.xml:1064 msgid "ldap_krb5_init_creds (boolean)" msgstr "ldap_krb5_init_creds (booleà)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1065 +#: sssd-ldap.5.xml:1067 msgid "" "Specifies that the id_provider should init Kerberos credentials (TGT). This " "action is performed only if SASL is used and the mechanism selected is " @@ -6830,28 +6859,28 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1077 +#: sssd-ldap.5.xml:1079 msgid "ldap_krb5_ticket_lifetime (integer)" msgstr "ldap_krb5_ticket_lifetime (enter)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1080 +#: sssd-ldap.5.xml:1082 msgid "" "Specifies the lifetime in seconds of the TGT if GSSAPI or GSS-SPNEGO is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1089 sssd-ad.5.xml:1252 +#: sssd-ldap.5.xml:1091 sssd-ad.5.xml:1252 msgid "Default: 86400 (24 hours)" msgstr "Per defecte: 86400 (24 hores)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1095 sssd-krb5.5.xml:74 +#: sssd-ldap.5.xml:1097 sssd-krb5.5.xml:74 msgid "krb5_server, krb5_backup_server (string)" msgstr "krb5_server, krb5_backup_server (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1098 +#: sssd-ldap.5.xml:1100 msgid "" "Specifies the comma-separated list of IP addresses or hostnames of the " "Kerberos servers to which SSSD should connect in the order of preference. " @@ -6863,7 +6892,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1110 sssd-krb5.5.xml:89 +#: sssd-ldap.5.xml:1112 sssd-krb5.5.xml:89 msgid "" "When using service discovery for KDC or kpasswd servers, SSSD first searches " "for DNS entries that specify _udp as the protocol and falls back to _tcp if " @@ -6874,7 +6903,7 @@ msgstr "" "retorna a _tcp si no se'n troba cap." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1115 sssd-krb5.5.xml:94 +#: sssd-ldap.5.xml:1117 sssd-krb5.5.xml:94 msgid "" "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. " "While the legacy name is recognized for the time being, users are advised to " @@ -6886,41 +6915,41 @@ msgstr "" "<quote>krb5_server</quote>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1124 sssd-ipa.5.xml:526 sssd-krb5.5.xml:103 +#: sssd-ldap.5.xml:1126 sssd-ipa.5.xml:531 sssd-krb5.5.xml:103 msgid "krb5_realm (string)" msgstr "krb5_realm (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1127 +#: sssd-ldap.5.xml:1129 msgid "Specify the Kerberos REALM (for SASL/GSSAPI/GSS-SPNEGO auth)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1131 +#: sssd-ldap.5.xml:1133 msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>" msgstr "" "Per defecte: Paràmetres predeterminats del sistema, vegeu <filename>/etc/" "krb5.conf</filename>" #. type: Content of: <variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1137 include/krb5_options.xml:154 +#: sssd-ldap.5.xml:1139 include/krb5_options.xml:154 msgid "krb5_canonicalize (boolean)" msgstr "krb5_canonicalize (booleà)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1140 +#: sssd-ldap.5.xml:1142 msgid "" "Specifies if the host principal should be canonicalized when connecting to " "LDAP server. This feature is available with MIT Kerberos >= 1.7" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1152 sssd-krb5.5.xml:336 +#: sssd-ldap.5.xml:1154 sssd-krb5.5.xml:336 msgid "krb5_use_kdcinfo (boolean)" msgstr "krb5_use_kdcinfo (booleà)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1155 sssd-krb5.5.xml:339 +#: sssd-ldap.5.xml:1157 sssd-krb5.5.xml:339 msgid "" "Specifies if the SSSD should instruct the Kerberos libraries what realm and " "which KDCs to use. This option is on by default, if you disable it, you need " @@ -6930,7 +6959,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1166 sssd-krb5.5.xml:350 +#: sssd-ldap.5.xml:1168 sssd-krb5.5.xml:350 msgid "" "See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</" "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more " @@ -6938,12 +6967,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1180 +#: sssd-ldap.5.xml:1182 msgid "ldap_pwd_policy (string)" msgstr "ldap_pwd_policy (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1183 +#: sssd-ldap.5.xml:1185 msgid "" "Select the policy to evaluate the password expiration on the client side. " "The following values are allowed:" @@ -6952,7 +6981,7 @@ msgstr "" "costat del client. S'admeten els valors següents:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1188 +#: sssd-ldap.5.xml:1190 msgid "" "<emphasis>none</emphasis> - No evaluation on the client side. This option " "cannot disable server-side password policies." @@ -6961,7 +6990,7 @@ msgstr "" "opció no inhabilita les polítiques de contrasenya de servidor." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1193 +#: sssd-ldap.5.xml:1195 msgid "" "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</" "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to " @@ -6970,7 +6999,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1201 +#: sssd-ldap.5.xml:1203 msgid "" "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos " "to determine if the password has expired. Use chpass_provider=krb5 to update " @@ -6982,25 +7011,25 @@ msgstr "" "contrasenya." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1210 +#: sssd-ldap.5.xml:1212 msgid "" "<emphasis>Note</emphasis>: if a password policy is configured on server " "side, it always takes precedence over policy set with this option." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1218 +#: sssd-ldap.5.xml:1220 msgid "ldap_referrals (boolean)" msgstr "ldap_referrals (booleà)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1221 +#: sssd-ldap.5.xml:1223 msgid "Specifies whether automatic referral chasing should be enabled." msgstr "" "Especifica si el seguiment automàtic del referenciador s'hauria d'habilitar." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1225 +#: sssd-ldap.5.xml:1227 msgid "" "Please note that sssd only supports referral chasing when it is compiled " "with OpenLDAP version 2.4.13 or higher." @@ -7009,7 +7038,7 @@ msgstr "" "quan es compila amb la versió 2.4.13 o superiors d'OpenLDAP." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1230 +#: sssd-ldap.5.xml:1232 msgid "" "Chasing referrals may incur a performance penalty in environments that use " "them heavily, a notable example is Microsoft Active Directory. If your setup " @@ -7022,29 +7051,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1249 +#: sssd-ldap.5.xml:1251 msgid "ldap_dns_service_name (string)" msgstr "ldap_dns_service_name (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1252 +#: sssd-ldap.5.xml:1254 msgid "Specifies the service name to use when service discovery is enabled." msgstr "" "Especifica el nom de servei per utilitzar quan està habilitada la detecció " "de serveis." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1256 +#: sssd-ldap.5.xml:1258 msgid "Default: ldap" msgstr "Per defecte: ldap" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1262 +#: sssd-ldap.5.xml:1264 msgid "ldap_chpass_dns_service_name (string)" msgstr "ldap_chpass_dns_service_name (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1265 +#: sssd-ldap.5.xml:1267 msgid "" "Specifies the service name to use to find an LDAP server which allows " "password changes when service discovery is enabled." @@ -7054,25 +7083,25 @@ msgstr "" "dels serveis." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1270 +#: sssd-ldap.5.xml:1272 msgid "Default: not set, i.e. service discovery is disabled" msgstr "" "Defecte: no definit, és a dir, el descobriment de serveis està inhabilitat" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1276 +#: sssd-ldap.5.xml:1278 msgid "ldap_chpass_update_last_change (bool)" msgstr "ldap_chpass_update_last_change (booleà)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1279 +#: sssd-ldap.5.xml:1281 msgid "" "Specifies whether to update the ldap_user_shadow_last_change attribute with " "days since the Epoch after a password change operation." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1285 +#: sssd-ldap.5.xml:1287 msgid "" "It is recommend to set this option explicitly if \"ldap_pwd_policy = " "shadow\" is used to let SSSD know if the LDAP server will update " @@ -7081,12 +7110,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1299 +#: sssd-ldap.5.xml:1301 msgid "ldap_access_filter (string)" msgstr "ldap_access_filter (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1302 +#: sssd-ldap.5.xml:1304 msgid "" "If using access_provider = ldap and ldap_access_order = filter (default), " "this option is mandatory. It specifies an LDAP search filter criteria that " @@ -7102,12 +7131,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1322 +#: sssd-ldap.5.xml:1324 msgid "Example:" msgstr "Exemple:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> -#: sssd-ldap.5.xml:1325 +#: sssd-ldap.5.xml:1327 #, no-wrap msgid "" "access_provider = ldap\n" @@ -7116,14 +7145,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1329 +#: sssd-ldap.5.xml:1331 msgid "" "This example means that access to this host is restricted to users whose " "employeeType attribute is set to \"admin\"." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1334 +#: sssd-ldap.5.xml:1336 msgid "" "Offline caching for this feature is limited to determining whether the " "user's last online login was granted access permission. If they were granted " @@ -7132,17 +7161,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1342 sssd-ldap.5.xml:1398 +#: sssd-ldap.5.xml:1344 sssd-ldap.5.xml:1400 msgid "Default: Empty" msgstr "Per defecte: Buit" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1348 +#: sssd-ldap.5.xml:1350 msgid "ldap_account_expire_policy (string)" msgstr "ldap_account_expire_policy (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1351 +#: sssd-ldap.5.xml:1353 msgid "" "With this option a client side evaluation of access control attributes can " "be enabled." @@ -7151,7 +7180,7 @@ msgstr "" "d'atributs de control d'accés." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1355 +#: sssd-ldap.5.xml:1357 msgid "" "Please note that it is always recommended to use server side access control, " "i.e. the LDAP server should deny the bind request with a suitable error code " @@ -7163,12 +7192,12 @@ msgstr "" "contrasenya és correcta." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1362 +#: sssd-ldap.5.xml:1364 msgid "The following values are allowed:" msgstr "S'admeten els valors següents:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1365 +#: sssd-ldap.5.xml:1367 msgid "" "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to " "determine if the account is expired." @@ -7177,7 +7206,7 @@ msgstr "" "determinar si el compte ha caducat." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1370 +#: sssd-ldap.5.xml:1372 msgid "" "<emphasis>ad</emphasis>: use the value of the 32bit field " "ldap_user_ad_user_account_control and allow access if the second bit is not " @@ -7186,7 +7215,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1377 +#: sssd-ldap.5.xml:1379 msgid "" "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</" "emphasis>: use the value of ldap_ns_account_lock to check if access is " @@ -7194,7 +7223,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1383 +#: sssd-ldap.5.xml:1385 msgid "" "<emphasis>nds</emphasis>: the values of " "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and " @@ -7203,7 +7232,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1391 +#: sssd-ldap.5.xml:1393 msgid "" "Please note that the ldap_access_order configuration option <emphasis>must</" "emphasis> include <quote>expire</quote> in order for the " @@ -7211,24 +7240,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1404 +#: sssd-ldap.5.xml:1406 msgid "ldap_access_order (string)" msgstr "ldap_access_order (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1407 sssd-ipa.5.xml:351 +#: sssd-ldap.5.xml:1409 sssd-ipa.5.xml:356 msgid "Comma separated list of access control options. Allowed values are:" msgstr "" "Llista separada per comes d'opcions de control d'accés. Els valors permesos " "són:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1411 +#: sssd-ldap.5.xml:1413 msgid "<emphasis>filter</emphasis>: use ldap_access_filter" msgstr "<emphasis>filter</emphasis>: utilitza ldap_access_filter" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1414 +#: sssd-ldap.5.xml:1416 msgid "" "<emphasis>lockout</emphasis>: use account locking. If set, this option " "denies access in case that ldap attribute 'pwdAccountLockedTime' is present " @@ -7238,14 +7267,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1424 +#: sssd-ldap.5.xml:1426 msgid "" "<emphasis> Please note that this option is superseded by the <quote>ppolicy</" "quote> option and might be removed in a future release. </emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1431 +#: sssd-ldap.5.xml:1433 msgid "" "<emphasis>ppolicy</emphasis>: use account locking. If set, this option " "denies access in case that ldap attribute 'pwdAccountLockedTime' is present " @@ -7258,12 +7287,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1448 +#: sssd-ldap.5.xml:1450 msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" msgstr "<emphasis>expire</emphasis>: utilitza ldap_account_expire_policy" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1452 sssd-ipa.5.xml:359 +#: sssd-ldap.5.xml:1454 sssd-ipa.5.xml:364 msgid "" "<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, " "pwd_expire_policy_renew: </emphasis> These options are useful if users are " @@ -7273,38 +7302,38 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1462 sssd-ipa.5.xml:369 +#: sssd-ldap.5.xml:1464 sssd-ipa.5.xml:374 msgid "" "The difference between these options is the action taken if user password is " "expired:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:1467 sssd-ipa.5.xml:374 +#: sssd-ldap.5.xml:1469 sssd-ipa.5.xml:379 msgid "pwd_expire_policy_reject - user is denied to log in," msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:1473 sssd-ipa.5.xml:380 +#: sssd-ldap.5.xml:1475 sssd-ipa.5.xml:385 msgid "pwd_expire_policy_warn - user is still able to log in," msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:1479 sssd-ipa.5.xml:386 +#: sssd-ldap.5.xml:1481 sssd-ipa.5.xml:391 msgid "" "pwd_expire_policy_renew - user is prompted to change their password " "immediately." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1487 +#: sssd-ldap.5.xml:1489 msgid "" "Please note that 'access_provider = ldap' must be set for this feature to " "work. Also 'ldap_pwd_policy' must be set to an appropriate password policy." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1492 +#: sssd-ldap.5.xml:1494 msgid "" "<emphasis>authorized_service</emphasis>: use the authorizedService attribute " "to determine access" @@ -7313,31 +7342,31 @@ msgstr "" "authorizedService per determinar l'accés" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1497 +#: sssd-ldap.5.xml:1499 msgid "<emphasis>host</emphasis>: use the host attribute to determine access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1501 +#: sssd-ldap.5.xml:1503 msgid "" "<emphasis>rhost</emphasis>: use the rhost attribute to determine whether " "remote host can access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1505 +#: sssd-ldap.5.xml:1507 msgid "" "Please note, rhost field in pam is set by application, it is better to check " "what the application sends to pam, before enabling this access control option" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1510 +#: sssd-ldap.5.xml:1512 msgid "Default: filter" msgstr "Per defecte: filter" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1513 +#: sssd-ldap.5.xml:1515 msgid "" "Please note that it is a configuration error if a value is used more than " "once." @@ -7346,12 +7375,12 @@ msgstr "" "s'utilitza més d'una vegada." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1520 +#: sssd-ldap.5.xml:1522 msgid "ldap_pwdlockout_dn (string)" msgstr "ldap_pwdlockout_dn (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1523 +#: sssd-ldap.5.xml:1525 msgid "" "This option specifies the DN of password policy entry on LDAP server. Please " "note that absence of this option in sssd.conf in case of enabled account " @@ -7360,22 +7389,22 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1531 +#: sssd-ldap.5.xml:1533 msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com" msgstr "Exemple: cn=ppolicy,ou=policies,dc=exemple,dc=com" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1534 +#: sssd-ldap.5.xml:1536 msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base" msgstr "Per defecte: cn=ppolicy,ou=policies,$ldap_search_base" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1540 +#: sssd-ldap.5.xml:1542 msgid "ldap_deref (string)" msgstr "ldap_deref (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1543 +#: sssd-ldap.5.xml:1545 msgid "" "Specifies how alias dereferencing is done when performing a search. The " "following options are allowed:" @@ -7384,13 +7413,13 @@ msgstr "" "es fa una cerca. S'admeten les opcions següents:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1548 +#: sssd-ldap.5.xml:1550 msgid "<emphasis>never</emphasis>: Aliases are never dereferenced." msgstr "" "<emphasis>never</emphasis>: les referències dels àlies mai són eliminades." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1552 +#: sssd-ldap.5.xml:1554 msgid "" "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of " "the base object, but not in locating the base object of the search." @@ -7400,7 +7429,7 @@ msgstr "" "de la cerca." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1557 +#: sssd-ldap.5.xml:1559 msgid "" "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating " "the base object of the search." @@ -7409,7 +7438,7 @@ msgstr "" "només en localitzar l'objecte base de la cerca." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1562 +#: sssd-ldap.5.xml:1564 msgid "" "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and " "in locating the base object of the search." @@ -7418,7 +7447,7 @@ msgstr "" "en la recerca i en la localització de l'objecte base de la cerca." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1567 +#: sssd-ldap.5.xml:1569 msgid "" "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP " "client libraries)" @@ -7427,19 +7456,19 @@ msgstr "" "biblioteques de client LDAP)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1575 +#: sssd-ldap.5.xml:1577 msgid "ldap_rfc2307_fallback_to_local_users (boolean)" msgstr "ldap_rfc2307_fallback_to_local_users (booleà)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1578 +#: sssd-ldap.5.xml:1580 msgid "" "Allows to retain local users as members of an LDAP group for servers that " "use the RFC2307 schema." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1582 +#: sssd-ldap.5.xml:1584 msgid "" "In some environments where the RFC2307 schema is used, local users are made " "members of LDAP groups by adding their names to the memberUid attribute. " @@ -7450,7 +7479,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1593 +#: sssd-ldap.5.xml:1595 msgid "" "This option falls back to checking if local users are referenced, and caches " "them so that later initgroups() calls will augment the local users with the " @@ -7458,57 +7487,57 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1605 sssd-ifp.5.xml:152 +#: sssd-ldap.5.xml:1607 sssd-ifp.5.xml:152 msgid "wildcard_limit (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1608 +#: sssd-ldap.5.xml:1610 msgid "" "Specifies an upper limit on the number of entries that are downloaded during " "a wildcard lookup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1612 +#: sssd-ldap.5.xml:1614 msgid "At the moment, only the InfoPipe responder supports wildcard lookups." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1616 +#: sssd-ldap.5.xml:1618 msgid "Default: 1000 (often the size of one page)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1622 +#: sssd-ldap.5.xml:1624 #, fuzzy #| msgid "debug_level (integer)" msgid "ldap_library_debug_level (integer)" msgstr "debug_level (enter)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1625 +#: sssd-ldap.5.xml:1627 msgid "" "Switches on libldap debugging with the given level. The libldap debug " "messages will be written independent of the general debug_level." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1630 +#: sssd-ldap.5.xml:1632 msgid "" "OpenLDAP uses a bitmap to enable debugging for specific components, -1 will " "enable full debug output." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1635 +#: sssd-ldap.5.xml:1637 #, fuzzy #| msgid "Default: 0 (disabled)" msgid "Default: 0 (libldap debugging disabled)" msgstr "Per defecte: 0 (inhabilitat)" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:51 +#: sssd-ldap.5.xml:52 msgid "" "All of the common configuration options that apply to SSSD domains also " "apply to LDAP domains. Refer to the <quote>DOMAIN SECTIONS</quote> section " @@ -7520,12 +7549,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1645 +#: sssd-ldap.5.xml:1647 msgid "SUDO OPTIONS" msgstr "OPCIONS DE SUDO" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1647 +#: sssd-ldap.5.xml:1649 msgid "" "The detailed instructions for configuration of sudo_provider are in the " "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " @@ -7533,43 +7562,43 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1658 +#: sssd-ldap.5.xml:1660 msgid "ldap_sudo_full_refresh_interval (integer)" msgstr "ldap_sudo_full_refresh_interval (enter)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1661 +#: sssd-ldap.5.xml:1663 msgid "" "How many seconds SSSD will wait between executing a full refresh of sudo " "rules (which downloads all rules that are stored on the server)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1666 +#: sssd-ldap.5.xml:1668 msgid "" "The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </" "emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1671 +#: sssd-ldap.5.xml:1673 msgid "" "You can disable full refresh by setting this option to 0. However, either " "smart or full refresh must be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1676 +#: sssd-ldap.5.xml:1678 msgid "Default: 21600 (6 hours)" msgstr "Per defecte: 21600 (6 hores)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1682 +#: sssd-ldap.5.xml:1684 msgid "ldap_sudo_smart_refresh_interval (integer)" msgstr "ldap_sudo_smart_refresh_interval (enter)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1685 +#: sssd-ldap.5.xml:1687 msgid "" "How many seconds SSSD has to wait before executing a smart refresh of sudo " "rules (which downloads all rules that have USN higher than the highest " @@ -7577,14 +7606,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1691 +#: sssd-ldap.5.xml:1693 msgid "" "If USN attributes are not supported by the server, the modifyTimestamp " "attribute is used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1695 +#: sssd-ldap.5.xml:1697 msgid "" "<emphasis>Note:</emphasis> the highest USN value can be updated by three " "tasks: 1) By sudo full and smart refresh (if updated rules are found), 2) by " @@ -7594,21 +7623,21 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1706 +#: sssd-ldap.5.xml:1708 msgid "" "You can disable smart refresh by setting this option to 0. However, either " "smart or full refresh must be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1717 +#: sssd-ldap.5.xml:1719 #, fuzzy #| msgid "ldap_idmap_range_size (integer)" msgid "ldap_sudo_random_offset (integer)" msgstr "ldap_idmap_range_size (enter)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1720 +#: sssd-ldap.5.xml:1722 msgid "" "Random offset between 0 and configured value is added to smart and full " "refresh periods each time the periodic task is scheduled. The value is in " @@ -7616,7 +7645,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1726 +#: sssd-ldap.5.xml:1728 msgid "" "Note that this random offset is also applied on the first SSSD start which " "delays the first sudo rules refresh. This prolongs the time when the sudo " @@ -7624,106 +7653,106 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1732 +#: sssd-ldap.5.xml:1734 msgid "You can disable this offset by setting the value to 0." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1742 +#: sssd-ldap.5.xml:1744 msgid "ldap_sudo_use_host_filter (boolean)" msgstr "ldap_sudo_use_host_filter (booleà)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1745 +#: sssd-ldap.5.xml:1747 msgid "" "If true, SSSD will download only rules that are applicable to this machine " "(using the IPv4 or IPv6 host/network addresses and hostnames)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1756 +#: sssd-ldap.5.xml:1758 msgid "ldap_sudo_hostnames (string)" msgstr "ldap_sudo_hostnames (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1759 +#: sssd-ldap.5.xml:1761 msgid "" "Space separated list of hostnames or fully qualified domain names that " "should be used to filter the rules." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1764 +#: sssd-ldap.5.xml:1766 msgid "" "If this option is empty, SSSD will try to discover the hostname and the " "fully qualified domain name automatically." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1769 sssd-ldap.5.xml:1792 sssd-ldap.5.xml:1810 -#: sssd-ldap.5.xml:1828 +#: sssd-ldap.5.xml:1771 sssd-ldap.5.xml:1794 sssd-ldap.5.xml:1812 +#: sssd-ldap.5.xml:1830 msgid "" "If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</" "emphasis> then this option has no effect." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1774 sssd-ldap.5.xml:1797 +#: sssd-ldap.5.xml:1776 sssd-ldap.5.xml:1799 msgid "Default: not specified" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1780 +#: sssd-ldap.5.xml:1782 msgid "ldap_sudo_ip (string)" msgstr "ldap_sudo_ip (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1783 +#: sssd-ldap.5.xml:1785 msgid "" "Space separated list of IPv4 or IPv6 host/network addresses that should be " "used to filter the rules." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1788 +#: sssd-ldap.5.xml:1790 msgid "" "If this option is empty, SSSD will try to discover the addresses " "automatically." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1803 +#: sssd-ldap.5.xml:1805 msgid "ldap_sudo_include_netgroups (boolean)" msgstr "ldap_sudo_include_netgroups (booleà)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1806 +#: sssd-ldap.5.xml:1808 msgid "" "If true then SSSD will download every rule that contains a netgroup in " "sudoHost attribute." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1821 +#: sssd-ldap.5.xml:1823 msgid "ldap_sudo_include_regexp (boolean)" msgstr "ldap_sudo_include_regexp (booleà)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1824 +#: sssd-ldap.5.xml:1826 msgid "" "If true then SSSD will download every rule that contains a wildcard in " "sudoHost attribute." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><note><para> -#: sssd-ldap.5.xml:1834 +#: sssd-ldap.5.xml:1836 msgid "" "Using wildcard is an operation that is very costly to evaluate on the LDAP " "server side!" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1846 +#: sssd-ldap.5.xml:1848 msgid "" "This manual page only describes attribute name mapping. For detailed " "explanation of sudo related attribute semantics, see <citerefentry> " @@ -7732,59 +7761,59 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1856 +#: sssd-ldap.5.xml:1858 msgid "AUTOFS OPTIONS" msgstr "OPCIONS D'AUTOFS" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1858 +#: sssd-ldap.5.xml:1860 msgid "" "Some of the defaults for the parameters below are dependent on the LDAP " "schema." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1864 +#: sssd-ldap.5.xml:1866 msgid "ldap_autofs_map_master_name (string)" msgstr "ldap_autofs_map_master_name (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1867 +#: sssd-ldap.5.xml:1869 msgid "The name of the automount master map in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1870 +#: sssd-ldap.5.xml:1872 msgid "Default: auto.master" msgstr "Per defecte: auto.master" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1881 +#: sssd-ldap.5.xml:1883 msgid "ADVANCED OPTIONS" msgstr "OPCIONS AVANÇADES" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1888 +#: sssd-ldap.5.xml:1890 msgid "ldap_netgroup_search_base (string)" msgstr "ldap_netgroup_search_base (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1893 +#: sssd-ldap.5.xml:1895 msgid "ldap_user_search_base (string)" msgstr "ldap_user_search_base (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1898 +#: sssd-ldap.5.xml:1900 msgid "ldap_group_search_base (string)" msgstr "ldap_group_search_base (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><note> -#: sssd-ldap.5.xml:1903 +#: sssd-ldap.5.xml:1905 msgid "<note>" msgstr "<note>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para> -#: sssd-ldap.5.xml:1905 +#: sssd-ldap.5.xml:1907 msgid "" "If the option <quote>ldap_use_tokengroups</quote> is enabled, the searches " "against Active Directory will not be restricted and return all groups " @@ -7793,22 +7822,22 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist> -#: sssd-ldap.5.xml:1912 +#: sssd-ldap.5.xml:1914 msgid "</note>" msgstr "</note>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1914 +#: sssd-ldap.5.xml:1916 msgid "ldap_sudo_search_base (string)" msgstr "ldap_sudo_search_base (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1919 +#: sssd-ldap.5.xml:1921 msgid "ldap_autofs_search_base (string)" msgstr "ldap_autofs_search_base (cadena)" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1883 +#: sssd-ldap.5.xml:1885 msgid "" "These options are supported by LDAP domains, but they should be used with " "caution. Please include them in your configuration only if you know what you " @@ -7817,14 +7846,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1934 sssd-simple.5.xml:131 sssd-ipa.5.xml:925 -#: sssd-ad.5.xml:1386 sssd-krb5.5.xml:483 sss_rpcidmapd.5.xml:98 +#: sssd-ldap.5.xml:1936 sssd-simple.5.xml:131 sssd-ipa.5.xml:930 +#: sssd-ad.5.xml:1391 sssd-krb5.5.xml:483 sss_rpcidmapd.5.xml:98 #: sssd-files.5.xml:155 sssd-session-recording.5.xml:176 msgid "EXAMPLE" msgstr "EXEMPLE" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1936 +#: sssd-ldap.5.xml:1938 msgid "" "The following example assumes that SSSD is correctly configured and LDAP is " "set to one of the domains in the <replaceable>[domains]</replaceable> " @@ -7835,7 +7864,7 @@ msgstr "" "replaceable>." #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ldap.5.xml:1942 +#: sssd-ldap.5.xml:1944 #, no-wrap msgid "" "[domain/LDAP]\n" @@ -7848,27 +7877,27 @@ msgid "" msgstr "" #. type: Content of: <refsect1><refsect2><para> -#: sssd-ldap.5.xml:1941 sssd-ldap.5.xml:1959 sssd-simple.5.xml:139 -#: sssd-ipa.5.xml:933 sssd-ad.5.xml:1394 sssd-sudo.5.xml:56 sssd-krb5.5.xml:492 +#: sssd-ldap.5.xml:1943 sssd-ldap.5.xml:1961 sssd-simple.5.xml:139 +#: sssd-ipa.5.xml:938 sssd-ad.5.xml:1399 sssd-sudo.5.xml:56 sssd-krb5.5.xml:492 #: sssd-files.5.xml:162 sssd-files.5.xml:173 sssd-session-recording.5.xml:182 #: include/ldap_id_mapping.xml:105 msgid "<placeholder type=\"programlisting\" id=\"0\"/>" msgstr "<placeholder type=\"programlisting\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1953 +#: sssd-ldap.5.xml:1955 msgid "LDAP ACCESS FILTER EXAMPLE" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1955 +#: sssd-ldap.5.xml:1957 msgid "" "The following example assumes that SSSD is correctly configured and to use " "the ldap_access_order=lockout." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ldap.5.xml:1960 +#: sssd-ldap.5.xml:1962 #, no-wrap msgid "" "[domain/LDAP]\n" @@ -7884,13 +7913,13 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1975 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148 -#: sssd-ad.5.xml:1409 sssd.8.xml:238 sss_seed.8.xml:163 +#: sssd-ldap.5.xml:1977 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148 +#: sssd-ad.5.xml:1414 sssd.8.xml:238 sss_seed.8.xml:163 msgid "NOTES" msgstr "NOTES" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1977 +#: sssd-ldap.5.xml:1979 msgid "" "The descriptions of some of the configuration options in this manual page " "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> " @@ -10352,12 +10381,12 @@ msgid "Example: dyndns_iface = em1, vnet1, vnet2" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:204 sssd-ad.5.xml:1285 +#: sssd-ipa.5.xml:204 sssd-ad.5.xml:1290 msgid "dyndns_auth (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:207 sssd-ad.5.xml:1288 +#: sssd-ipa.5.xml:207 sssd-ad.5.xml:1293 msgid "" "Whether the nsupdate utility should use GSS-TSIG authentication for secure " "updates with the DNS server, insecure updates can be sent by setting this " @@ -10365,19 +10394,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:213 sssd-ad.5.xml:1294 +#: sssd-ipa.5.xml:213 sssd-ad.5.xml:1299 msgid "Default: GSS-TSIG" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:219 sssd-ad.5.xml:1300 +#: sssd-ipa.5.xml:219 sssd-ad.5.xml:1305 #, fuzzy #| msgid "dyndns_iface (string)" msgid "dyndns_auth_ptr (string)" msgstr "dyndns_iface (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:222 sssd-ad.5.xml:1303 +#: sssd-ipa.5.xml:222 sssd-ad.5.xml:1308 msgid "" "Whether the nsupdate utility should use GSS-TSIG authentication for secure " "PTR updates with the DNS server, insecure updates can be sent by setting " @@ -10385,7 +10414,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:228 sssd-ad.5.xml:1309 +#: sssd-ipa.5.xml:228 sssd-ad.5.xml:1314 msgid "Default: Same as dyndns_auth" msgstr "" @@ -10444,65 +10473,72 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:290 +#: sssd-ipa.5.xml:290 sssd-ad.5.xml:1266 +msgid "" +"Note that <emphasis>dyndns_update_per_family</emphasis> parameter does not " +"apply for PTR record updates. Those updates are always sent separately." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:295 msgid "Default: False (disabled)" msgstr "Per defecte: False (inhabilitat)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:296 sssd-ad.5.xml:1272 +#: sssd-ipa.5.xml:301 sssd-ad.5.xml:1277 msgid "dyndns_force_tcp (bool)" msgstr "dyndns_force_tcp (booleà)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:299 sssd-ad.5.xml:1275 +#: sssd-ipa.5.xml:304 sssd-ad.5.xml:1280 msgid "" "Whether the nsupdate utility should default to using TCP for communicating " "with the DNS server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:303 sssd-ad.5.xml:1279 +#: sssd-ipa.5.xml:308 sssd-ad.5.xml:1284 msgid "Default: False (let nsupdate choose the protocol)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:309 sssd-ad.5.xml:1315 +#: sssd-ipa.5.xml:314 sssd-ad.5.xml:1320 msgid "dyndns_server (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:312 sssd-ad.5.xml:1318 +#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1323 msgid "" "The DNS server to use when performing a DNS update. In most setups, it's " "recommended to leave this option unset." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1323 +#: sssd-ipa.5.xml:322 sssd-ad.5.xml:1328 msgid "" "Setting this option makes sense for environments where the DNS server is " "different from the identity server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:322 sssd-ad.5.xml:1328 +#: sssd-ipa.5.xml:327 sssd-ad.5.xml:1333 msgid "" "Please note that this option will be only used in fallback attempt when " "previous attempt using autodetected settings failed." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:327 sssd-ad.5.xml:1333 +#: sssd-ipa.5.xml:332 sssd-ad.5.xml:1338 msgid "Default: None (let nsupdate choose the server)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:333 sssd-ad.5.xml:1339 +#: sssd-ipa.5.xml:338 sssd-ad.5.xml:1344 msgid "dyndns_update_per_family (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:336 sssd-ad.5.xml:1342 +#: sssd-ipa.5.xml:341 sssd-ad.5.xml:1347 msgid "" "DNS update is by default performed in two steps - IPv4 update and then IPv6 " "update. In some cases it might be desirable to perform IPv4 and IPv6 update " @@ -10510,185 +10546,185 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:348 +#: sssd-ipa.5.xml:353 #, fuzzy #| msgid "ldap_access_order (string)" msgid "ipa_access_order (string)" msgstr "ldap_access_order (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:355 +#: sssd-ipa.5.xml:360 #, fuzzy #| msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" msgid "<emphasis>expire</emphasis>: use IPA's account expiration policy." msgstr "<emphasis>expire</emphasis>: utilitza ldap_account_expire_policy" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:394 +#: sssd-ipa.5.xml:399 msgid "" "Please note that 'access_provider = ipa' must be set for this feature to " "work." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:401 +#: sssd-ipa.5.xml:406 msgid "ipa_deskprofile_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:404 +#: sssd-ipa.5.xml:409 msgid "" "Optional. Use the given string as search base for Desktop Profile related " "objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:408 sssd-ipa.5.xml:435 +#: sssd-ipa.5.xml:413 sssd-ipa.5.xml:440 msgid "Default: Use base DN" msgstr "Per defecte: Utilitza el DN base" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:414 +#: sssd-ipa.5.xml:419 #, fuzzy #| msgid "ipa_subdomains_search_base (string)" msgid "ipa_subid_ranges_search_base (string)" msgstr "ipa_subdomains_search_base (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:417 +#: sssd-ipa.5.xml:422 msgid "" "Optional. Use the given string as search base for subordinate ranges related " "objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:421 +#: sssd-ipa.5.xml:426 #, fuzzy #| msgid "Default: the value of <emphasis>ldap_search_base</emphasis>" msgid "Default: the value of <emphasis>cn=subids,%basedn</emphasis>" msgstr "Per defecte: el valor de <emphasis>ldap_search_base</emphasis>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:428 +#: sssd-ipa.5.xml:433 msgid "ipa_hbac_search_base (string)" msgstr "ipa_hbac_search_base (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:431 +#: sssd-ipa.5.xml:436 msgid "Optional. Use the given string as search base for HBAC related objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:441 +#: sssd-ipa.5.xml:446 msgid "ipa_host_search_base (string)" msgstr "ipa_host_search_base (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:444 +#: sssd-ipa.5.xml:449 msgid "Deprecated. Use ldap_host_search_base instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:450 +#: sssd-ipa.5.xml:455 msgid "ipa_selinux_search_base (string)" msgstr "ipa_selinux_search_base (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:453 +#: sssd-ipa.5.xml:458 msgid "Optional. Use the given string as search base for SELinux user maps." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:469 +#: sssd-ipa.5.xml:474 msgid "ipa_subdomains_search_base (string)" msgstr "ipa_subdomains_search_base (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:472 +#: sssd-ipa.5.xml:477 msgid "Optional. Use the given string as search base for trusted domains." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:481 +#: sssd-ipa.5.xml:486 msgid "Default: the value of <emphasis>cn=trusts,%basedn</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:488 +#: sssd-ipa.5.xml:493 msgid "ipa_master_domain_search_base (string)" msgstr "ipa_master_domain_search_base (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:491 +#: sssd-ipa.5.xml:496 msgid "Optional. Use the given string as search base for master domain object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:500 +#: sssd-ipa.5.xml:505 msgid "Default: the value of <emphasis>cn=ad,cn=etc,%basedn</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:507 +#: sssd-ipa.5.xml:512 msgid "ipa_views_search_base (string)" msgstr "ipa_views_search_base (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:510 +#: sssd-ipa.5.xml:515 msgid "Optional. Use the given string as search base for views containers." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:519 +#: sssd-ipa.5.xml:524 msgid "Default: the value of <emphasis>cn=views,cn=accounts,%basedn</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:529 +#: sssd-ipa.5.xml:534 msgid "" "The name of the Kerberos realm. This is optional and defaults to the value " "of <quote>ipa_domain</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:533 +#: sssd-ipa.5.xml:538 msgid "" "The name of the Kerberos realm has a special meaning in IPA - it is " "converted into the base DN to use for performing LDAP operations." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:541 sssd-ad.5.xml:1357 +#: sssd-ipa.5.xml:546 sssd-ad.5.xml:1362 msgid "krb5_confd_path (string)" msgstr "krb5_confd_path (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:544 sssd-ad.5.xml:1360 +#: sssd-ipa.5.xml:549 sssd-ad.5.xml:1365 msgid "" "Absolute path of a directory where SSSD should place Kerberos configuration " "snippets." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:548 sssd-ad.5.xml:1364 +#: sssd-ipa.5.xml:553 sssd-ad.5.xml:1369 msgid "" "To disable the creation of the configuration snippets set the parameter to " "'none'." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:552 sssd-ad.5.xml:1368 +#: sssd-ipa.5.xml:557 sssd-ad.5.xml:1373 msgid "" "Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:559 +#: sssd-ipa.5.xml:564 msgid "ipa_deskprofile_refresh (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:562 +#: sssd-ipa.5.xml:567 msgid "" "The amount of time between lookups of the Desktop Profile rules against the " "IPA server. This will reduce the latency and load on the IPA server if there " @@ -10696,34 +10732,34 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:569 sssd-ipa.5.xml:599 sssd-ipa.5.xml:615 sssd-ad.5.xml:599 +#: sssd-ipa.5.xml:574 sssd-ipa.5.xml:604 sssd-ipa.5.xml:620 sssd-ad.5.xml:599 msgid "Default: 5 (seconds)" msgstr "Per defecte: 5 (segons)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:575 +#: sssd-ipa.5.xml:580 msgid "ipa_deskprofile_request_interval (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:578 +#: sssd-ipa.5.xml:583 msgid "" "The amount of time between lookups of the Desktop Profile rules against the " "IPA server in case the last request did not return any rule." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:583 +#: sssd-ipa.5.xml:588 msgid "Default: 60 (minutes)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:589 +#: sssd-ipa.5.xml:594 msgid "ipa_hbac_refresh (integer)" msgstr "ipa_hbac_refresh (enter)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:592 +#: sssd-ipa.5.xml:597 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server. " "This will reduce the latency and load on the IPA server if there are many " @@ -10731,12 +10767,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:605 +#: sssd-ipa.5.xml:610 msgid "ipa_hbac_selinux (integer)" msgstr "ipa_hbac_selinux (enter)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:608 +#: sssd-ipa.5.xml:613 msgid "" "The amount of time between lookups of the SELinux maps against the IPA " "server. This will reduce the latency and load on the IPA server if there are " @@ -10744,33 +10780,33 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:621 +#: sssd-ipa.5.xml:626 msgid "ipa_server_mode (boolean)" msgstr "ipa_server_mode (booleà)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:624 +#: sssd-ipa.5.xml:629 msgid "" "This option will be set by the IPA installer (ipa-server-install) " "automatically and denotes if SSSD is running on an IPA server or not." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:629 +#: sssd-ipa.5.xml:634 msgid "" "On an IPA server SSSD will lookup users and groups from trusted domains " "directly while on a client it will ask an IPA server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:634 +#: sssd-ipa.5.xml:639 msgid "" "NOTE: There are currently some assumptions that must be met when SSSD is " "running on an IPA server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:639 +#: sssd-ipa.5.xml:644 msgid "" "The <quote>ipa_server</quote> option must be configured to point to the IPA " "server itself. This is already the default set by the IPA installer, so no " @@ -10778,59 +10814,59 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:648 +#: sssd-ipa.5.xml:653 msgid "" "The <quote>full_name_format</quote> option must not be tweaked to only print " "short names for users from trusted domains." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:663 +#: sssd-ipa.5.xml:668 msgid "ipa_automount_location (string)" msgstr "ipa_automount_location (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:666 +#: sssd-ipa.5.xml:671 msgid "The automounter location this IPA client will be using" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:669 +#: sssd-ipa.5.xml:674 msgid "Default: The location named \"default\"" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd-ipa.5.xml:677 +#: sssd-ipa.5.xml:682 msgid "VIEWS AND OVERRIDES" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:686 +#: sssd-ipa.5.xml:691 msgid "ipa_view_class (string)" msgstr "ipa_view_class (cadena)" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:689 +#: sssd-ipa.5.xml:694 msgid "Objectclass of the view container." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:692 +#: sssd-ipa.5.xml:697 msgid "Default: nsContainer" msgstr "Per defecte: nsContainer" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:698 +#: sssd-ipa.5.xml:703 msgid "ipa_view_name (string)" msgstr "ipa_view_name (cadena)" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:701 +#: sssd-ipa.5.xml:706 msgid "Name of the attribute holding the name of the view." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:705 sssd-ldap-attributes.5.xml:496 +#: sssd-ipa.5.xml:710 sssd-ldap-attributes.5.xml:496 #: sssd-ldap-attributes.5.xml:830 sssd-ldap-attributes.5.xml:911 #: sssd-ldap-attributes.5.xml:1008 sssd-ldap-attributes.5.xml:1066 #: sssd-ldap-attributes.5.xml:1224 sssd-ldap-attributes.5.xml:1269 @@ -10838,128 +10874,128 @@ msgid "Default: cn" msgstr "Per defecte: cn" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:711 +#: sssd-ipa.5.xml:716 msgid "ipa_override_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:714 +#: sssd-ipa.5.xml:719 msgid "Objectclass of the override objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:717 +#: sssd-ipa.5.xml:722 msgid "Default: ipaOverrideAnchor" msgstr "Per defecte: ipaOverrideAnchor" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:723 +#: sssd-ipa.5.xml:728 msgid "ipa_anchor_uuid (string)" msgstr "ipa_anchor_uuid (cadena)" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:726 +#: sssd-ipa.5.xml:731 msgid "" "Name of the attribute containing the reference to the original object in a " "remote domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:730 +#: sssd-ipa.5.xml:735 msgid "Default: ipaAnchorUUID" msgstr "Per defecte: ipaAnchorUUID" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:736 +#: sssd-ipa.5.xml:741 msgid "ipa_user_override_object_class (string)" msgstr "ipa_user_override_object_class (cadena)" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:739 +#: sssd-ipa.5.xml:744 msgid "" "Name of the objectclass for user overrides. It is used to determine if the " "found override object is related to a user or a group." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:744 +#: sssd-ipa.5.xml:749 msgid "User overrides can contain attributes given by" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:747 +#: sssd-ipa.5.xml:752 msgid "ldap_user_name" msgstr "ldap_user_name" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:750 +#: sssd-ipa.5.xml:755 msgid "ldap_user_uid_number" msgstr "ldap_user_uid_number" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:753 +#: sssd-ipa.5.xml:758 msgid "ldap_user_gid_number" msgstr "ldap_user_gid_number" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:756 +#: sssd-ipa.5.xml:761 msgid "ldap_user_gecos" msgstr "ldap_user_gecos" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:759 +#: sssd-ipa.5.xml:764 msgid "ldap_user_home_directory" msgstr "ldap_user_home_directory" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:762 +#: sssd-ipa.5.xml:767 msgid "ldap_user_shell" msgstr "ldap_user_shell" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:765 +#: sssd-ipa.5.xml:770 msgid "ldap_user_ssh_public_key" msgstr "ldap_user_ssh_public_key" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:770 +#: sssd-ipa.5.xml:775 msgid "Default: ipaUserOverride" msgstr "Per defecte: ipaUserOverride" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:776 +#: sssd-ipa.5.xml:781 msgid "ipa_group_override_object_class (string)" msgstr "ipa_group_override_object_class (cadena)" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:779 +#: sssd-ipa.5.xml:784 msgid "" "Name of the objectclass for group overrides. It is used to determine if the " "found override object is related to a user or a group." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:784 +#: sssd-ipa.5.xml:789 msgid "Group overrides can contain attributes given by" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:787 +#: sssd-ipa.5.xml:792 msgid "ldap_group_name" msgstr "ldap_group_name" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:790 +#: sssd-ipa.5.xml:795 msgid "ldap_group_gid_number" msgstr "ldap_group_gid_number" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:795 +#: sssd-ipa.5.xml:800 msgid "Default: ipaGroupOverride" msgstr "Per defecte: ipaGroupOverride" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd-ipa.5.xml:679 +#: sssd-ipa.5.xml:684 msgid "" "SSSD can handle views and overrides which are offered by FreeIPA 4.1 and " "later version. Since all paths and objectclasses are fixed on the server " @@ -10969,19 +11005,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ipa.5.xml:807 +#: sssd-ipa.5.xml:812 msgid "SUBDOMAINS PROVIDER" msgstr "PROVEÏDOR DELS SUBDOMINIS" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:809 +#: sssd-ipa.5.xml:814 msgid "" "The IPA subdomains provider behaves slightly differently if it is configured " "explicitly or implicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:813 +#: sssd-ipa.5.xml:818 msgid "" "If the option 'subdomains_provider = ipa' is found in the domain section of " "sssd.conf, the IPA subdomains provider is configured explicitly, and all " @@ -10989,7 +11025,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:819 +#: sssd-ipa.5.xml:824 msgid "" "If the option 'subdomains_provider' is not set in the domain section of sssd." "conf but there is the option 'id_provider = ipa', the IPA subdomains " @@ -11001,12 +11037,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ipa.5.xml:830 +#: sssd-ipa.5.xml:835 msgid "TRUSTED DOMAINS CONFIGURATION" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ipa.5.xml:838 +#: sssd-ipa.5.xml:843 #, no-wrap msgid "" "[domain/ipa.domain.com/ad.domain.com]\n" @@ -11014,7 +11050,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:832 +#: sssd-ipa.5.xml:837 msgid "" "Some configuration options can also be set for a trusted domain. A trusted " "domain configuration can be set using the trusted domain subsection as shown " @@ -11024,80 +11060,80 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:843 +#: sssd-ipa.5.xml:848 msgid "" "For more details, see the <citerefentry> <refentrytitle>sssd.conf</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:850 +#: sssd-ipa.5.xml:855 msgid "" "Different configuration options are tunable for a trusted domain depending " "on whether you are configuring SSSD on an IPA server or an IPA client." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd-ipa.5.xml:855 +#: sssd-ipa.5.xml:860 msgid "OPTIONS TUNABLE ON IPA MASTERS" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd-ipa.5.xml:857 +#: sssd-ipa.5.xml:862 msgid "" "The following options can be set in a subdomain section on an IPA master:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:861 sssd-ipa.5.xml:891 +#: sssd-ipa.5.xml:866 sssd-ipa.5.xml:896 msgid "ad_server" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:864 +#: sssd-ipa.5.xml:869 msgid "ad_backup_server" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:867 sssd-ipa.5.xml:894 +#: sssd-ipa.5.xml:872 sssd-ipa.5.xml:899 msgid "ad_site" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:870 +#: sssd-ipa.5.xml:875 msgid "ldap_search_base" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:873 +#: sssd-ipa.5.xml:878 msgid "ldap_user_search_base" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:876 +#: sssd-ipa.5.xml:881 msgid "ldap_group_search_base" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd-ipa.5.xml:885 +#: sssd-ipa.5.xml:890 msgid "OPTIONS TUNABLE ON IPA CLIENTS" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd-ipa.5.xml:887 +#: sssd-ipa.5.xml:892 msgid "" "The following options can be set in a subdomain section on an IPA client:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd-ipa.5.xml:899 +#: sssd-ipa.5.xml:904 msgid "" "Note that if both options are set, only <quote>ad_server</quote> is " "evaluated." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd-ipa.5.xml:903 +#: sssd-ipa.5.xml:908 msgid "" "Since any request for a user or a group identity from a trusted domain " "triggered from an IPA client is resolved by the IPA server, the " @@ -11111,7 +11147,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:927 +#: sssd-ipa.5.xml:932 msgid "" "The following example assumes that SSSD is correctly configured and example." "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " @@ -11123,7 +11159,7 @@ msgstr "" "específiques del proveïdor IPA." #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ipa.5.xml:934 +#: sssd-ipa.5.xml:939 #, no-wrap msgid "" "[domain/example.com]\n" @@ -12347,7 +12383,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ad.5.xml:1388 +#: sssd-ad.5.xml:1393 msgid "" "The following example assumes that SSSD is correctly configured and example." "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " @@ -12355,7 +12391,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ad.5.xml:1395 +#: sssd-ad.5.xml:1400 #, no-wrap msgid "" "[domain/EXAMPLE]\n" @@ -12379,7 +12415,7 @@ msgstr "" "ad_domain = exemple.com\n" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ad.5.xml:1415 +#: sssd-ad.5.xml:1420 #, no-wrap msgid "" "access_provider = ldap\n" @@ -12391,7 +12427,7 @@ msgstr "" "ldap_account_expire_policy = ad\n" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ad.5.xml:1411 +#: sssd-ad.5.xml:1416 msgid "" "The AD access control provider checks if the account is expired. It has the " "same effect as the following configuration of the LDAP provider: " @@ -12399,7 +12435,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ad.5.xml:1421 +#: sssd-ad.5.xml:1426 msgid "" "However, unless the <quote>ad</quote> access control provider is explicitly " "configured, the default access provider is <quote>permit</quote>. Please " @@ -12409,7 +12445,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ad.5.xml:1429 +#: sssd-ad.5.xml:1434 msgid "" "When the autofs provider is set to <quote>ad</quote>, the RFC2307 schema " "attribute mapping (nisMap, nisObject, ...) is used, because these attributes " @@ -19289,6 +19325,15 @@ msgid "" "feature is available with MIT Kerberos 1.7 and later versions." msgstr "" +#, fuzzy +#~| msgid "" +#~| "Determines if user credentials are also cached in the local LDB cache" +#~ msgid "" +#~ "Determines if user credentials are also cached in the local LDB cache." +#~ msgstr "" +#~ "Determina si les credencials d'usuari també són emmagatzemades en la " +#~ "memòria cau local de LDB" + #~ msgid "" #~ "Default: <quote>(?P<name>[^@]+)@?(?P<domain>[^@]*$)</quote> " #~ "which translates to \"the name is everything up to the <quote>@</quote> " diff --git a/src/man/po/cs.po b/src/man/po/cs.po index 9c9cce291be..a414edc0e10 100644 --- a/src/man/po/cs.po +++ b/src/man/po/cs.po @@ -10,7 +10,7 @@ msgid "" msgstr "" "Project-Id-Version: sssd-docs 2.3.0\n" "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" -"POT-Creation-Date: 2023-09-07 11:47+0200\n" +"POT-Creation-Date: 2023-11-13 11:53+0100\n" "PO-Revision-Date: 2022-05-20 09:18+0000\n" "Last-Translator: Pavel Borecki <pavel.borecki@gmail.com>\n" "Language-Team: Czech <https://translate.fedoraproject.org/projects/sssd/sssd-" @@ -224,10 +224,10 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:136 sssd.conf.5.xml:173 sssd.conf.5.xml:358 #: sssd.conf.5.xml:714 sssd.conf.5.xml:729 sssd.conf.5.xml:952 -#: sssd.conf.5.xml:1070 sssd.conf.5.xml:2198 sssd-ldap.5.xml:1071 -#: sssd-ldap.5.xml:1174 sssd-ldap.5.xml:1243 sssd-ldap.5.xml:1750 -#: sssd-ldap.5.xml:1815 sssd-ipa.5.xml:342 sssd-ad.5.xml:252 sssd-ad.5.xml:366 -#: sssd-ad.5.xml:1200 sssd-ad.5.xml:1348 sssd-krb5.5.xml:358 +#: sssd.conf.5.xml:1070 sssd.conf.5.xml:2198 sssd-ldap.5.xml:1073 +#: sssd-ldap.5.xml:1176 sssd-ldap.5.xml:1245 sssd-ldap.5.xml:1752 +#: sssd-ldap.5.xml:1817 sssd-ipa.5.xml:347 sssd-ad.5.xml:252 sssd-ad.5.xml:366 +#: sssd-ad.5.xml:1200 sssd-ad.5.xml:1353 sssd-krb5.5.xml:358 msgid "Default: true" msgstr "Výchozí: true (pravda)" @@ -245,10 +245,10 @@ msgstr "" #. type: Content of: <variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:149 sssd.conf.5.xml:652 sssd.conf.5.xml:949 -#: sssd.conf.5.xml:2101 sssd.conf.5.xml:2168 sssd.conf.5.xml:4174 -#: sssd-ldap.5.xml:312 sssd-ldap.5.xml:917 sssd-ldap.5.xml:936 -#: sssd-ldap.5.xml:1146 sssd-ldap.5.xml:1599 sssd-ldap.5.xml:1839 -#: sssd-ipa.5.xml:152 sssd-ipa.5.xml:254 sssd-ipa.5.xml:657 sssd-ad.5.xml:1106 +#: sssd.conf.5.xml:2101 sssd.conf.5.xml:2168 sssd.conf.5.xml:4191 +#: sssd-ldap.5.xml:313 sssd-ldap.5.xml:919 sssd-ldap.5.xml:938 +#: sssd-ldap.5.xml:1148 sssd-ldap.5.xml:1601 sssd-ldap.5.xml:1841 +#: sssd-ipa.5.xml:152 sssd-ipa.5.xml:254 sssd-ipa.5.xml:662 sssd-ad.5.xml:1106 #: sssd-krb5.5.xml:268 sssd-krb5.5.xml:330 sssd-krb5.5.xml:432 #: include/krb5_options.xml:163 msgid "Default: false" @@ -282,8 +282,8 @@ msgid "" msgstr "" #. type: Content of: outside any tag (error?) -#: sssd.conf.5.xml:109 sssd.conf.5.xml:184 sssd-ldap.5.xml:1656 -#: sssd-ldap.5.xml:1862 sss-certmap.5.xml:645 sssd-systemtap.5.xml:82 +#: sssd.conf.5.xml:109 sssd.conf.5.xml:184 sssd-ldap.5.xml:1658 +#: sssd-ldap.5.xml:1864 sss-certmap.5.xml:645 sssd-systemtap.5.xml:82 #: sssd-systemtap.5.xml:143 sssd-systemtap.5.xml:236 sssd-systemtap.5.xml:274 #: sssd-systemtap.5.xml:330 sssd-ldap-attributes.5.xml:40 #: sssd-ldap-attributes.5.xml:659 sssd-ldap-attributes.5.xml:801 @@ -314,7 +314,7 @@ msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:196 sssd.conf.5.xml:1290 sssd.conf.5.xml:1767 -#: sssd.conf.5.xml:4190 sssd-ldap.5.xml:765 include/ldap_id_mapping.xml:270 +#: sssd.conf.5.xml:4207 sssd-ldap.5.xml:766 include/ldap_id_mapping.xml:270 msgid "Default: 10" msgstr "" @@ -392,7 +392,7 @@ msgid "" msgstr "" #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:266 sssd.conf.5.xml:792 sssd.conf.5.xml:3709 +#: sssd.conf.5.xml:266 sssd.conf.5.xml:792 sssd.conf.5.xml:3716 #: include/failover.xml:100 msgid "Default: 3" msgstr "Výchozí: 3" @@ -414,7 +414,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:287 sssd.conf.5.xml:3541 +#: sssd.conf.5.xml:287 sssd.conf.5.xml:3548 msgid "re_expression (string)" msgstr "" @@ -434,12 +434,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:304 sssd.conf.5.xml:3598 +#: sssd.conf.5.xml:304 sssd.conf.5.xml:3605 msgid "full_name_format (string)" msgstr "full_name_format (řetězec)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:307 sssd.conf.5.xml:3601 +#: sssd.conf.5.xml:307 sssd.conf.5.xml:3608 msgid "" "A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</" "manvolnum> </citerefentry>-compatible format that describes how to compose a " @@ -447,39 +447,39 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:318 sssd.conf.5.xml:3612 +#: sssd.conf.5.xml:318 sssd.conf.5.xml:3619 msgid "%1$s" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:319 sssd.conf.5.xml:3613 +#: sssd.conf.5.xml:319 sssd.conf.5.xml:3620 msgid "user name" msgstr "uživatelské jméno" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:322 sssd.conf.5.xml:3616 +#: sssd.conf.5.xml:322 sssd.conf.5.xml:3623 msgid "%2$s" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:325 sssd.conf.5.xml:3619 +#: sssd.conf.5.xml:325 sssd.conf.5.xml:3626 msgid "domain name as specified in the SSSD config file." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:331 sssd.conf.5.xml:3625 +#: sssd.conf.5.xml:331 sssd.conf.5.xml:3632 msgid "%3$s" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:334 sssd.conf.5.xml:3628 +#: sssd.conf.5.xml:334 sssd.conf.5.xml:3635 msgid "" "domain flat name. Mostly usable for Active Directory domains, both directly " "configured or discovered via IPA trusts." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:315 sssd.conf.5.xml:3609 +#: sssd.conf.5.xml:315 sssd.conf.5.xml:3616 msgid "" "The following expansions are supported: <placeholder type=\"variablelist\" " "id=\"0\"/>" @@ -626,8 +626,8 @@ msgid "" msgstr "" #. type: Content of: <variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:468 sssd-ldap.5.xml:876 sssd-ldap.5.xml:888 -#: sssd-ldap.5.xml:980 sssd-ad.5.xml:920 sssd-ad.5.xml:995 sssd-krb5.5.xml:468 +#: sssd.conf.5.xml:468 sssd-ldap.5.xml:877 sssd-ldap.5.xml:889 +#: sssd-ldap.5.xml:982 sssd-ad.5.xml:920 sssd-ad.5.xml:995 sssd-krb5.5.xml:468 #: sssd-ldap-attributes.5.xml:470 sssd-ldap-attributes.5.xml:976 #: include/ldap_id_mapping.xml:211 include/ldap_id_mapping.xml:222 #: include/krb5_options.xml:148 @@ -897,7 +897,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:700 sssd.conf.5.xml:1791 sssd.conf.5.xml:4240 +#: sssd.conf.5.xml:700 sssd.conf.5.xml:1791 sssd.conf.5.xml:4257 #: sssd-ad.5.xml:187 sssd-ad.5.xml:327 sssd-ad.5.xml:341 msgid "Default: Not set" msgstr "" @@ -1078,7 +1078,7 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:858 sssd.conf.5.xml:1201 sssd.conf.5.xml:1584 -#: sssd.conf.5.xml:1880 sssd-ldap.5.xml:494 +#: sssd.conf.5.xml:1880 sssd-ldap.5.xml:495 msgid "Default: 60" msgstr "" @@ -1188,7 +1188,7 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:937 sssd.conf.5.xml:1214 sssd.conf.5.xml:2322 -#: sssd-ldap.5.xml:331 +#: sssd-ldap.5.xml:332 msgid "Default: 300" msgstr "" @@ -1562,7 +1562,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1240 sssd.conf.5.xml:2964 sssd-ldap.5.xml:548 +#: sssd.conf.5.xml:1240 sssd.conf.5.xml:2971 sssd-ldap.5.xml:549 msgid "Default: 8" msgstr "" @@ -1590,8 +1590,8 @@ msgid "" msgstr "" #. type: Content of: <variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1265 sssd.conf.5.xml:1317 sssd.conf.5.xml:3730 -#: sssd-ldap.5.xml:473 sssd-ldap.5.xml:525 include/failover.xml:116 +#: sssd.conf.5.xml:1265 sssd.conf.5.xml:1317 sssd.conf.5.xml:3737 +#: sssd-ldap.5.xml:474 sssd-ldap.5.xml:526 include/failover.xml:116 #: include/krb5_options.xml:11 msgid "Default: 6" msgstr "" @@ -1902,7 +1902,7 @@ msgid "pam_pwd_expiration_warning (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1553 sssd.conf.5.xml:2988 +#: sssd.conf.5.xml:1553 sssd.conf.5.xml:2995 msgid "Display a warning N days before the password expires." msgstr "Zobrazit varování N dnů před skončením platnosti hesla." @@ -1915,7 +1915,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1562 sssd.conf.5.xml:2991 +#: sssd.conf.5.xml:1562 sssd.conf.5.xml:2998 msgid "" "If zero is set, then this filter is not applied, i.e. if the expiration " "warning was received from backend server, it will automatically be displayed." @@ -1929,7 +1929,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1572 sssd.conf.5.xml:3977 sssd-ldap.5.xml:606 sssd.8.xml:79 +#: sssd.conf.5.xml:1572 sssd.conf.5.xml:3984 sssd-ldap.5.xml:607 sssd.8.xml:79 msgid "Default: 0" msgstr "" @@ -1992,8 +1992,8 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1632 sssd.conf.5.xml:1657 sssd.conf.5.xml:1676 -#: sssd.conf.5.xml:1913 sssd.conf.5.xml:2733 sssd.conf.5.xml:3906 -#: sssd-ldap.5.xml:1207 +#: sssd.conf.5.xml:1913 sssd.conf.5.xml:2733 sssd.conf.5.xml:3913 +#: sssd-ldap.5.xml:1209 msgid "Default: none" msgstr "" @@ -2056,8 +2056,8 @@ msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1687 sssd.conf.5.xml:1698 sssd.conf.5.xml:1712 -#: sssd-ldap.5.xml:671 sssd-ldap.5.xml:692 sssd-ldap.5.xml:788 -#: sssd-ldap.5.xml:1293 sssd-ad.5.xml:505 sssd-ad.5.xml:581 sssd-ad.5.xml:1126 +#: sssd-ldap.5.xml:672 sssd-ldap.5.xml:693 sssd-ldap.5.xml:789 +#: sssd-ldap.5.xml:1295 sssd-ad.5.xml:505 sssd-ad.5.xml:581 sssd-ad.5.xml:1126 #: sssd-ad.5.xml:1175 include/ldap_id_mapping.xml:250 msgid "Default: False" msgstr "" @@ -2096,7 +2096,7 @@ msgid "The path to the certificate database." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1723 sssd.conf.5.xml:2248 sssd.conf.5.xml:4354 +#: sssd.conf.5.xml:1723 sssd.conf.5.xml:2248 sssd.conf.5.xml:4371 msgid "Default:" msgstr "" @@ -2364,7 +2364,7 @@ msgid "Default: no_session" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1950 sssd.conf.5.xml:4293 +#: sssd.conf.5.xml:1950 sssd.conf.5.xml:4310 msgid "pam_gssapi_services" msgstr "" @@ -2398,7 +2398,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1968 sssd.conf.5.xml:3900 +#: sssd.conf.5.xml:1968 sssd.conf.5.xml:3907 msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" @@ -2408,7 +2408,7 @@ msgid "Default: - (GSSAPI authentication is disabled)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1979 sssd.conf.5.xml:4294 +#: sssd.conf.5.xml:1979 sssd.conf.5.xml:4311 msgid "pam_gssapi_check_upn" msgstr "" @@ -2428,7 +2428,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1999 sssd-ad.5.xml:1266 sss_rpcidmapd.5.xml:76 +#: sssd.conf.5.xml:1999 sssd-ad.5.xml:1271 sss_rpcidmapd.5.xml:76 #: sssd-files.5.xml:145 msgid "Default: True" msgstr "" @@ -3199,7 +3199,7 @@ msgid "FALSE = No enumerations for this domain" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2669 sssd.conf.5.xml:2943 sssd.conf.5.xml:3120 +#: sssd.conf.5.xml:2669 sssd.conf.5.xml:2950 sssd.conf.5.xml:3127 msgid "Default: FALSE" msgstr "" @@ -3470,7 +3470,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2922 sssd-ldap.5.xml:360 sssd-ldap.5.xml:1736 +#: sssd.conf.5.xml:2922 sssd-ldap.5.xml:361 sssd-ldap.5.xml:1738 #: sssd-ipa.5.xml:270 msgid "Default: 0 (disabled)" msgstr "" @@ -3482,11 +3482,17 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:2931 -msgid "Determines if user credentials are also cached in the local LDB cache." +msgid "" +"Determines if user credentials are also cached in the local LDB cache. The " +"cached credentials refer to passwords, which includes the first (long term) " +"factor of two-factor authentication, not other authentication mechanisms. " +"Passkey and Smartcard authentications are expected to work offline as long " +"as a successful online authentication is recorded in the cache without " +"additional configuration." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2935 +#: sssd.conf.5.xml:2942 msgid "" "Take a note that while credentials are stored as a salted SHA512 hash, this " "still potentially poses some security risk in case an attacker manages to " @@ -3495,12 +3501,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2949 +#: sssd.conf.5.xml:2956 msgid "cache_credentials_minimal_first_factor_length (int)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2952 +#: sssd.conf.5.xml:2959 msgid "" "If 2-Factor-Authentication (2FA) is used and credentials should be saved " "this value determines the minimal length the first authentication factor " @@ -3512,19 +3518,19 @@ msgstr "" "otisk do mezipaměti." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2959 +#: sssd.conf.5.xml:2966 msgid "" "This should avoid that the short PINs of a PIN based 2FA scheme are saved in " "the cache which would make them easy targets for brute-force attacks." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2970 +#: sssd.conf.5.xml:2977 msgid "account_cache_expiration (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2973 +#: sssd.conf.5.xml:2980 msgid "" "Number of days entries are left in cache after last successful login before " "being removed during a cleanup of the cache. 0 means keep forever. The " @@ -3533,17 +3539,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2980 +#: sssd.conf.5.xml:2987 msgid "Default: 0 (unlimited)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2985 +#: sssd.conf.5.xml:2992 msgid "pwd_expiration_warning (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2996 +#: sssd.conf.5.xml:3003 msgid "" "Please note that the backend server has to provide information about the " "expiration time of the password. If this information is missing, sssd " @@ -3552,28 +3558,28 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3003 +#: sssd.conf.5.xml:3010 msgid "Default: 7 (Kerberos), 0 (LDAP)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3009 +#: sssd.conf.5.xml:3016 msgid "id_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3012 +#: sssd.conf.5.xml:3019 msgid "" "The identification provider used for the domain. Supported ID providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3016 +#: sssd.conf.5.xml:3023 msgid "<quote>proxy</quote>: Support a legacy NSS provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3019 +#: sssd.conf.5.xml:3026 msgid "" "<quote>files</quote>: FILES provider. See <citerefentry> <refentrytitle>sssd-" "files</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more " @@ -3581,7 +3587,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3027 +#: sssd.conf.5.xml:3034 msgid "" "<quote>ldap</quote>: LDAP provider. See <citerefentry> <refentrytitle>sssd-" "ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more " @@ -3589,8 +3595,8 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3035 sssd.conf.5.xml:3146 sssd.conf.5.xml:3197 -#: sssd.conf.5.xml:3260 +#: sssd.conf.5.xml:3042 sssd.conf.5.xml:3153 sssd.conf.5.xml:3204 +#: sssd.conf.5.xml:3267 msgid "" "<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management " "provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> " @@ -3599,8 +3605,8 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3044 sssd.conf.5.xml:3155 sssd.conf.5.xml:3206 -#: sssd.conf.5.xml:3269 +#: sssd.conf.5.xml:3051 sssd.conf.5.xml:3162 sssd.conf.5.xml:3213 +#: sssd.conf.5.xml:3276 msgid "" "<quote>ad</quote>: Active Directory provider. See <citerefentry> " "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3608,19 +3614,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3055 +#: sssd.conf.5.xml:3062 msgid "use_fully_qualified_names (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3058 +#: sssd.conf.5.xml:3065 msgid "" "Use the full name and domain (as formatted by the domain's full_name_format) " "as the user's login name reported to NSS." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3063 +#: sssd.conf.5.xml:3070 msgid "" "If set to TRUE, all requests to this domain must use fully qualified names. " "For example, if used in LOCAL domain that contains a \"test\" user, " @@ -3629,7 +3635,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3071 +#: sssd.conf.5.xml:3078 msgid "" "NOTE: This option has no effect on netgroup lookups due to their tendency to " "include nested netgroups without qualified names. For netgroups, all domains " @@ -3637,24 +3643,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3078 +#: sssd.conf.5.xml:3085 msgid "" "Default: FALSE (TRUE for trusted domain/sub-domains or if " "default_domain_suffix is used)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3085 +#: sssd.conf.5.xml:3092 msgid "ignore_group_members (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3088 +#: sssd.conf.5.xml:3095 msgid "Do not return group members for group lookups." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3091 +#: sssd.conf.5.xml:3098 msgid "" "If set to TRUE, the group membership attribute is not requested from the " "ldap server, and group members are not returned when processing group lookup " @@ -3666,7 +3672,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3109 +#: sssd.conf.5.xml:3116 msgid "" "Enabling this option can also make access provider checks for group " "membership significantly faster, especially for groups containing many " @@ -3674,30 +3680,30 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3115 sssd.conf.5.xml:3822 sssd-ldap.5.xml:326 -#: sssd-ldap.5.xml:355 sssd-ldap.5.xml:408 sssd-ldap.5.xml:468 -#: sssd-ldap.5.xml:489 sssd-ldap.5.xml:520 sssd-ldap.5.xml:543 -#: sssd-ldap.5.xml:582 sssd-ldap.5.xml:601 sssd-ldap.5.xml:625 -#: sssd-ldap.5.xml:1051 sssd-ldap.5.xml:1084 +#: sssd.conf.5.xml:3122 sssd.conf.5.xml:3829 sssd-ldap.5.xml:327 +#: sssd-ldap.5.xml:356 sssd-ldap.5.xml:409 sssd-ldap.5.xml:469 +#: sssd-ldap.5.xml:490 sssd-ldap.5.xml:521 sssd-ldap.5.xml:544 +#: sssd-ldap.5.xml:583 sssd-ldap.5.xml:602 sssd-ldap.5.xml:626 +#: sssd-ldap.5.xml:1053 sssd-ldap.5.xml:1086 msgid "" "This option can be also set per subdomain or inherited via " "<emphasis>subdomain_inherit</emphasis>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3125 +#: sssd.conf.5.xml:3132 msgid "auth_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3128 +#: sssd.conf.5.xml:3135 msgid "" "The authentication provider used for the domain. Supported auth providers " "are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3132 sssd.conf.5.xml:3190 +#: sssd.conf.5.xml:3139 sssd.conf.5.xml:3197 msgid "" "<quote>ldap</quote> for native LDAP authentication. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3705,7 +3711,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3139 +#: sssd.conf.5.xml:3146 msgid "" "<quote>krb5</quote> for Kerberos authentication. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3713,30 +3719,30 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3163 +#: sssd.conf.5.xml:3170 msgid "" "<quote>proxy</quote> for relaying authentication to some other PAM target." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3166 +#: sssd.conf.5.xml:3173 msgid "<quote>none</quote> disables authentication explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3169 +#: sssd.conf.5.xml:3176 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can handle " "authentication requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3175 +#: sssd.conf.5.xml:3182 msgid "access_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3178 +#: sssd.conf.5.xml:3185 msgid "" "The access control provider used for the domain. There are two built-in " "access providers (in addition to any included in installed backends) " @@ -3744,19 +3750,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3184 +#: sssd.conf.5.xml:3191 msgid "" "<quote>permit</quote> always allow access. It's the only permitted access " "provider for a local domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3187 +#: sssd.conf.5.xml:3194 msgid "<quote>deny</quote> always deny access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3214 +#: sssd.conf.5.xml:3221 msgid "" "<quote>simple</quote> access control based on access or deny lists. See " "<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</" @@ -3765,7 +3771,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3221 +#: sssd.conf.5.xml:3228 msgid "" "<quote>krb5</quote>: .k5login based access control. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum></" @@ -3773,29 +3779,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3228 +#: sssd.conf.5.xml:3235 msgid "<quote>proxy</quote> for relaying access control to another PAM module." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3231 +#: sssd.conf.5.xml:3238 msgid "Default: <quote>permit</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3236 +#: sssd.conf.5.xml:3243 msgid "chpass_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3239 +#: sssd.conf.5.xml:3246 msgid "" "The provider which should handle change password operations for the domain. " "Supported change password providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3244 +#: sssd.conf.5.xml:3251 msgid "" "<quote>ldap</quote> to change a password stored in a LDAP server. See " "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" @@ -3803,7 +3809,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3252 +#: sssd.conf.5.xml:3259 msgid "" "<quote>krb5</quote> to change the Kerberos password. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3811,35 +3817,35 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3277 +#: sssd.conf.5.xml:3284 msgid "" "<quote>proxy</quote> for relaying password changes to some other PAM target." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3281 +#: sssd.conf.5.xml:3288 msgid "<quote>none</quote> disallows password changes explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3284 +#: sssd.conf.5.xml:3291 msgid "" "Default: <quote>auth_provider</quote> is used if it is set and can handle " "change password requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3291 +#: sssd.conf.5.xml:3298 msgid "sudo_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3294 +#: sssd.conf.5.xml:3301 msgid "The SUDO provider used for the domain. Supported SUDO providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3298 +#: sssd.conf.5.xml:3305 msgid "" "<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3847,32 +3853,32 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3306 +#: sssd.conf.5.xml:3313 msgid "" "<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default " "settings." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3310 +#: sssd.conf.5.xml:3317 msgid "" "<quote>ad</quote> the same as <quote>ldap</quote> but with AD default " "settings." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3314 +#: sssd.conf.5.xml:3321 msgid "<quote>none</quote> disables SUDO explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3317 sssd.conf.5.xml:3403 sssd.conf.5.xml:3473 -#: sssd.conf.5.xml:3498 sssd.conf.5.xml:3534 +#: sssd.conf.5.xml:3324 sssd.conf.5.xml:3410 sssd.conf.5.xml:3480 +#: sssd.conf.5.xml:3505 sssd.conf.5.xml:3541 msgid "Default: The value of <quote>id_provider</quote> is used if it is set." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3321 +#: sssd.conf.5.xml:3328 msgid "" "The detailed instructions for configuration of sudo_provider are in the " "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " @@ -3883,7 +3889,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3336 +#: sssd.conf.5.xml:3343 msgid "" "<emphasis>NOTE:</emphasis> Sudo rules are periodically downloaded in the " "background unless the sudo provider is explicitly disabled. Set " @@ -3892,12 +3898,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3346 +#: sssd.conf.5.xml:3353 msgid "selinux_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3349 +#: sssd.conf.5.xml:3356 msgid "" "The provider which should handle loading of selinux settings. Note that this " "provider will be called right after access provider ends. Supported selinux " @@ -3905,7 +3911,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3355 +#: sssd.conf.5.xml:3362 msgid "" "<quote>ipa</quote> to load selinux settings from an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" @@ -3913,31 +3919,31 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3363 +#: sssd.conf.5.xml:3370 msgid "<quote>none</quote> disallows fetching selinux settings explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3366 +#: sssd.conf.5.xml:3373 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can handle " "selinux loading requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3372 +#: sssd.conf.5.xml:3379 msgid "subdomains_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3375 +#: sssd.conf.5.xml:3382 msgid "" "The provider which should handle fetching of subdomains. This value should " "be always the same as id_provider. Supported subdomain providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3381 +#: sssd.conf.5.xml:3388 msgid "" "<quote>ipa</quote> to load a list of subdomains from an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" @@ -3945,7 +3951,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3390 +#: sssd.conf.5.xml:3397 msgid "" "<quote>ad</quote> to load a list of subdomains from an Active Directory " "server. See <citerefentry> <refentrytitle>sssd-ad</refentrytitle> " @@ -3954,17 +3960,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3399 +#: sssd.conf.5.xml:3406 msgid "<quote>none</quote> disallows fetching subdomains explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3409 +#: sssd.conf.5.xml:3416 msgid "session_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3412 +#: sssd.conf.5.xml:3419 msgid "" "The provider which configures and manages user session related tasks. The " "only user session task currently provided is the integration with Fleet " @@ -3972,43 +3978,43 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3419 +#: sssd.conf.5.xml:3426 msgid "<quote>ipa</quote> to allow performing user session related tasks." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3423 +#: sssd.conf.5.xml:3430 msgid "" "<quote>none</quote> does not perform any kind of user session related tasks." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3427 +#: sssd.conf.5.xml:3434 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can perform " "session related tasks." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3431 +#: sssd.conf.5.xml:3438 msgid "" "<emphasis>NOTE:</emphasis> In order to have this feature working as expected " "SSSD must be running as \"root\" and not as the unprivileged user." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3439 +#: sssd.conf.5.xml:3446 msgid "autofs_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3442 +#: sssd.conf.5.xml:3449 msgid "" "The autofs provider used for the domain. Supported autofs providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3446 +#: sssd.conf.5.xml:3453 msgid "" "<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" @@ -4016,7 +4022,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3453 +#: sssd.conf.5.xml:3460 msgid "" "<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> " "<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </" @@ -4024,7 +4030,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3461 +#: sssd.conf.5.xml:3468 msgid "" "<quote>ad</quote> to load maps stored in an AD server. See <citerefentry> " "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </" @@ -4032,24 +4038,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3470 +#: sssd.conf.5.xml:3477 msgid "<quote>none</quote> disables autofs explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3480 +#: sssd.conf.5.xml:3487 msgid "hostid_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3483 +#: sssd.conf.5.xml:3490 msgid "" "The provider used for retrieving host identity information. Supported " "hostid providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3487 +#: sssd.conf.5.xml:3494 msgid "" "<quote>ipa</quote> to load host identity stored in an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" @@ -4057,31 +4063,31 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3495 +#: sssd.conf.5.xml:3502 msgid "<quote>none</quote> disables hostid explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3505 +#: sssd.conf.5.xml:3512 msgid "resolver_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3508 +#: sssd.conf.5.xml:3515 msgid "" "The provider which should handle hosts and networks lookups. Supported " "resolver providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3512 +#: sssd.conf.5.xml:3519 msgid "" "<quote>proxy</quote> to forward lookups to another NSS library. See " "<quote>proxy_resolver_lib_name</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3516 +#: sssd.conf.5.xml:3523 msgid "" "<quote>ldap</quote> to fetch hosts and networks stored in LDAP. See " "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" @@ -4089,7 +4095,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3523 +#: sssd.conf.5.xml:3530 msgid "" "<quote>ad</quote> to fetch hosts and networks stored in AD. See " "<citerefentry> <refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</" @@ -4098,12 +4104,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3531 +#: sssd.conf.5.xml:3538 msgid "<quote>none</quote> disallows fetching hosts and networks explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3544 +#: sssd.conf.5.xml:3551 msgid "" "Regular expression for this domain that describes how to parse the string " "containing user name and domain into these components. The \"domain\" can " @@ -4113,7 +4119,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3553 +#: sssd.conf.5.xml:3560 msgid "" "Default: <quote>^((?P<name>.+)@(?P<domain>[^@]*)|(?P<name>" "[^@]+))$</quote> which allows two different styles for user names:" @@ -4122,17 +4128,17 @@ msgstr "" # auto translated by TM merge from project: Fedora Websites, version: # fedorahosted.org, DocId: po/fedorahosted #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:3558 sssd.conf.5.xml:3572 +#: sssd.conf.5.xml:3565 sssd.conf.5.xml:3579 msgid "username" msgstr "username" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:3561 sssd.conf.5.xml:3575 +#: sssd.conf.5.xml:3568 sssd.conf.5.xml:3582 msgid "username@domain.name" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3566 +#: sssd.conf.5.xml:3573 msgid "" "Default for the AD and IPA provider: <quote>^(((?P<domain>[^\\\\]+)\\" "\\(?P<name>.+))|((?P<name>.+)@(?P<domain>[^@]+))|((?P<" @@ -4141,19 +4147,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:3578 +#: sssd.conf.5.xml:3585 msgid "domain\\username" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3581 +#: sssd.conf.5.xml:3588 msgid "" "While the first two correspond to the general default the third one is " "introduced to allow easy integration of users from Windows domains." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3586 +#: sssd.conf.5.xml:3593 msgid "" "The default re_expression uses the <quote>@</quote> character as a separator " "between the name and the domain. As a result of this setting the default " @@ -4163,93 +4169,93 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3638 +#: sssd.conf.5.xml:3645 msgid "Default: <quote>%1$s@%2$s</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3644 +#: sssd.conf.5.xml:3651 msgid "lookup_family_order (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3647 +#: sssd.conf.5.xml:3654 msgid "" "Provides the ability to select preferred address family to use when " "performing DNS lookups." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3651 +#: sssd.conf.5.xml:3658 msgid "Supported values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3654 +#: sssd.conf.5.xml:3661 msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3657 +#: sssd.conf.5.xml:3664 msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3660 +#: sssd.conf.5.xml:3667 msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3663 +#: sssd.conf.5.xml:3670 msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3666 +#: sssd.conf.5.xml:3673 msgid "Default: ipv4_first" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3672 +#: sssd.conf.5.xml:3679 #, fuzzy #| msgid "dns_resolver_timeout" msgid "dns_resolver_server_timeout (integer)" msgstr "dns_resolver_timeout" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3675 +#: sssd.conf.5.xml:3682 msgid "" "Defines the amount of time (in milliseconds) SSSD would try to talk to DNS " "server before trying next DNS server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3680 +#: sssd.conf.5.xml:3687 msgid "" "The AD provider will use this option for the CLDAP ping timeouts as well." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3684 sssd.conf.5.xml:3704 sssd.conf.5.xml:3725 +#: sssd.conf.5.xml:3691 sssd.conf.5.xml:3711 sssd.conf.5.xml:3732 msgid "" "Please see the section <quote>FAILOVER</quote> for more information about " "the service resolution." msgstr "" #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3689 sssd-ldap.5.xml:644 include/failover.xml:84 +#: sssd.conf.5.xml:3696 sssd-ldap.5.xml:645 include/failover.xml:84 msgid "Default: 1000" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3695 +#: sssd.conf.5.xml:3702 #, fuzzy #| msgid "dns_resolver_op_timeout" msgid "dns_resolver_op_timeout (integer)" msgstr "dns_resolver_op_timeout" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3698 +#: sssd.conf.5.xml:3705 msgid "" "Defines the amount of time (in seconds) to wait to resolve single DNS query " "(e.g. resolution of a hostname or an SRV record) before trying the next " @@ -4257,12 +4263,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3715 +#: sssd.conf.5.xml:3722 msgid "dns_resolver_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3718 +#: sssd.conf.5.xml:3725 msgid "" "Defines the amount of time (in seconds) to wait for a reply from the " "internal fail over service before assuming that the service is unreachable. " @@ -4271,14 +4277,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3736 +#: sssd.conf.5.xml:3743 #, fuzzy #| msgid "dns_resolver_timeout" msgid "dns_resolver_use_search_list (bool)" msgstr "dns_resolver_timeout" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3739 +#: sssd.conf.5.xml:3746 msgid "" "Normally, the DNS resolver searches the domain list defined in the " "\"search\" directive from the resolv.conf file. This can lead to delays in " @@ -4286,7 +4292,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3745 +#: sssd.conf.5.xml:3752 msgid "" "If fully qualified domain names (or _srv_) are used in the SSSD " "configuration, setting this option to FALSE can prevent unnecessary DNS " @@ -4294,71 +4300,71 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3751 +#: sssd.conf.5.xml:3758 #, fuzzy #| msgid "Default: 3" msgid "Default: TRUE" msgstr "Výchozí: 3" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3757 +#: sssd.conf.5.xml:3764 msgid "dns_discovery_domain (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3760 +#: sssd.conf.5.xml:3767 msgid "" "If service discovery is used in the back end, specifies the domain part of " "the service discovery DNS query." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3764 +#: sssd.conf.5.xml:3771 msgid "Default: Use the domain part of machine's hostname" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3770 +#: sssd.conf.5.xml:3777 msgid "override_gid (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3773 +#: sssd.conf.5.xml:3780 msgid "Override the primary GID value with the one specified." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3779 +#: sssd.conf.5.xml:3786 msgid "case_sensitive (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3786 +#: sssd.conf.5.xml:3793 msgid "True" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3789 +#: sssd.conf.5.xml:3796 msgid "Case sensitive. This value is invalid for AD provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3795 +#: sssd.conf.5.xml:3802 msgid "False" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3797 +#: sssd.conf.5.xml:3804 msgid "Case insensitive." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3801 +#: sssd.conf.5.xml:3808 msgid "Preserving" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3804 +#: sssd.conf.5.xml:3811 msgid "" "Same as False (case insensitive), but does not lowercase names in the result " "of NSS operations. Note that name aliases (and in case of services also " @@ -4366,31 +4372,31 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3812 +#: sssd.conf.5.xml:3819 msgid "" "If you want to set this value for trusted domain with IPA provider, you need " "to set it on both the client and SSSD on the server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3782 +#: sssd.conf.5.xml:3789 msgid "" "Treat user and group names as case sensitive. Possible option values are: " "<placeholder type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3827 +#: sssd.conf.5.xml:3834 msgid "Default: True (False for AD provider)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3833 +#: sssd.conf.5.xml:3840 msgid "subdomain_inherit (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3836 +#: sssd.conf.5.xml:3843 msgid "" "Specifies a list of configuration parameters that should be inherited by a " "subdomain. Please note that only selected parameters can be inherited. " @@ -4398,120 +4404,120 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3842 +#: sssd.conf.5.xml:3849 #, fuzzy #| msgid "dns_resolver_timeout" msgid "ldap_search_timeout" msgstr "dns_resolver_timeout" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3845 +#: sssd.conf.5.xml:3852 #, fuzzy #| msgid "dns_resolver_timeout" msgid "ldap_network_timeout" msgstr "dns_resolver_timeout" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3848 +#: sssd.conf.5.xml:3855 #, fuzzy #| msgid "dns_resolver_op_timeout" msgid "ldap_opt_timeout" msgstr "dns_resolver_op_timeout" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3851 +#: sssd.conf.5.xml:3858 #, fuzzy #| msgid "dns_resolver_timeout" msgid "ldap_offline_timeout" msgstr "dns_resolver_timeout" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3854 +#: sssd.conf.5.xml:3861 #, fuzzy #| msgid "dns_resolver_op_timeout" msgid "ldap_enumeration_refresh_timeout" msgstr "dns_resolver_op_timeout" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3857 +#: sssd.conf.5.xml:3864 msgid "ldap_enumeration_refresh_offset" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3860 +#: sssd.conf.5.xml:3867 msgid "ldap_purge_cache_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3863 +#: sssd.conf.5.xml:3870 msgid "ldap_purge_cache_offset" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3866 +#: sssd.conf.5.xml:3873 msgid "" "ldap_krb5_keytab (the value of krb5_keytab will be used if ldap_krb5_keytab " "is not set explicitly)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3870 +#: sssd.conf.5.xml:3877 msgid "ldap_krb5_ticket_lifetime" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3873 +#: sssd.conf.5.xml:3880 #, fuzzy #| msgid "dns_resolver_op_timeout" msgid "ldap_enumeration_search_timeout" msgstr "dns_resolver_op_timeout" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3876 +#: sssd.conf.5.xml:3883 #, fuzzy #| msgid "dns_resolver_op_timeout" msgid "ldap_connection_expire_timeout" msgstr "dns_resolver_op_timeout" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3879 +#: sssd.conf.5.xml:3886 #, fuzzy #| msgid "dns_resolver_op_timeout" msgid "ldap_connection_expire_offset" msgstr "dns_resolver_op_timeout" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3882 +#: sssd.conf.5.xml:3889 msgid "ldap_connection_idle_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3885 sssd-ldap.5.xml:400 +#: sssd.conf.5.xml:3892 sssd-ldap.5.xml:401 msgid "ldap_use_tokengroups" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3888 +#: sssd.conf.5.xml:3895 msgid "ldap_user_principal" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3891 +#: sssd.conf.5.xml:3898 msgid "ignore_group_members" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3894 +#: sssd.conf.5.xml:3901 msgid "auto_private_groups" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3897 +#: sssd.conf.5.xml:3904 msgid "case_sensitive" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:3902 +#: sssd.conf.5.xml:3909 #, no-wrap msgid "" "subdomain_inherit = ldap_purge_cache_timeout\n" @@ -4519,27 +4525,27 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3909 +#: sssd.conf.5.xml:3916 msgid "Note: This option only works with the IPA and AD provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3916 +#: sssd.conf.5.xml:3923 msgid "subdomain_homedir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3927 +#: sssd.conf.5.xml:3934 msgid "%F" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3928 +#: sssd.conf.5.xml:3935 msgid "flat (NetBIOS) name of a subdomain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3919 +#: sssd.conf.5.xml:3926 msgid "" "Use this homedir as default value for all subdomains within this domain in " "IPA AD trust. See <emphasis>override_homedir</emphasis> for info about " @@ -4549,34 +4555,34 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3933 +#: sssd.conf.5.xml:3940 msgid "" "The value can be overridden by <emphasis>override_homedir</emphasis> option." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3937 +#: sssd.conf.5.xml:3944 msgid "Default: <filename>/home/%d/%u</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3942 +#: sssd.conf.5.xml:3949 msgid "realmd_tags (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3945 +#: sssd.conf.5.xml:3952 msgid "" "Various tags stored by the realmd configuration service for this domain." msgstr "Různé štítky uložené službou nastavování realmd pro tuto doménu." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3951 +#: sssd.conf.5.xml:3958 msgid "cached_auth_timeout (int)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3954 +#: sssd.conf.5.xml:3961 msgid "" "Specifies time in seconds since last successful online authentication for " "which user will be authenticated using cached credentials while SSSD is in " @@ -4585,19 +4591,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3962 +#: sssd.conf.5.xml:3969 msgid "" "This option's value is inherited by all trusted domains. At the moment it is " "not possible to set a different value per trusted domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3967 +#: sssd.conf.5.xml:3974 msgid "Special value 0 implies that this feature is disabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3971 +#: sssd.conf.5.xml:3978 msgid "" "Please note that if <quote>cached_auth_timeout</quote> is longer than " "<quote>pam_id_timeout</quote> then the back end could be called to handle " @@ -4605,14 +4611,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3982 +#: sssd.conf.5.xml:3989 #, fuzzy #| msgid "simple_deny_users (string)" msgid "local_auth_policy (string)" msgstr "simple_deny_users (řetězec)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3985 +#: sssd.conf.5.xml:3992 msgid "" "Local authentication methods policy. Some backends (i.e. LDAP, proxy " "provider) only support a password based authentication, while others can " @@ -4623,7 +4629,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3995 +#: sssd.conf.5.xml:4002 msgid "" "There are three possible values for this option: match, only, enable. " "<quote>match</quote> is used to match offline and online states for Kerberos " @@ -4634,8 +4640,17 @@ msgid "" "separated, such as <quote>enable:passkey, enable:smartcard</quote>" msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4014 +msgid "" +"Please note that if local Smartcard authentication is enabled and a " +"Smartcard is present, Smartcard authentication will be preferred over the " +"authentication methods supported by the backend. I.e. there will be a PIN " +"prompt instead of e.g. a password prompt." +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:4011 +#: sssd.conf.5.xml:4026 #, no-wrap msgid "" "[domain/shadowutils]\n" @@ -4646,7 +4661,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4007 +#: sssd.conf.5.xml:4022 msgid "" "The following configuration example allows local users to authenticate " "locally using any enabled method (i.e. smartcard, passkey). <placeholder " @@ -4654,36 +4669,36 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4019 +#: sssd.conf.5.xml:4034 msgid "This option is ignored for the files provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4022 +#: sssd.conf.5.xml:4037 #, fuzzy #| msgid "Default: 3" msgid "Default: match" msgstr "Výchozí: 3" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4027 +#: sssd.conf.5.xml:4042 msgid "auto_private_groups (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4033 +#: sssd.conf.5.xml:4048 msgid "true" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4036 +#: sssd.conf.5.xml:4051 msgid "" "Create user's private group unconditionally from user's UID number. The GID " "number is ignored in this case." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4040 +#: sssd.conf.5.xml:4055 msgid "" "NOTE: Because the GID number and the user private group are inferred from " "the UID number, it is not supported to have multiple entries with the same " @@ -4692,24 +4707,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4049 +#: sssd.conf.5.xml:4064 msgid "false" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4052 +#: sssd.conf.5.xml:4067 msgid "" "Always use the user's primary GID number. The GID number must refer to a " "group object in the LDAP database." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4058 +#: sssd.conf.5.xml:4073 msgid "hybrid" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4061 +#: sssd.conf.5.xml:4076 msgid "" "A primary group is autogenerated for user entries whose UID and GID numbers " "have the same value and at the same time the GID number does not correspond " @@ -4719,14 +4734,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4074 +#: sssd.conf.5.xml:4089 msgid "" "If the UID and GID of a user are different, then the GID must correspond to " "a group entry, otherwise the GID is simply not resolvable." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4081 +#: sssd.conf.5.xml:4096 msgid "" "This feature is useful for environments that wish to stop maintaining a " "separate group objects for the user private groups, but also wish to retain " @@ -4734,21 +4749,21 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4030 +#: sssd.conf.5.xml:4045 msgid "" "This option takes any of three available values: <placeholder " "type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4093 +#: sssd.conf.5.xml:4108 msgid "" "For subdomains, the default value is False for subdomains that use assigned " "POSIX IDs and True for subdomains that use automatic ID-mapping." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:4101 +#: sssd.conf.5.xml:4116 #, no-wrap msgid "" "[domain/forest.domain/sub.domain]\n" @@ -4756,7 +4771,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:4107 +#: sssd.conf.5.xml:4122 #, no-wrap msgid "" "[domain/forest.domain]\n" @@ -4765,7 +4780,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4098 +#: sssd.conf.5.xml:4113 msgid "" "The value of auto_private_groups can either be set per subdomains in a " "subsection, for example: <placeholder type=\"programlisting\" id=\"0\"/> or " @@ -4782,29 +4797,30 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4122 +#: sssd.conf.5.xml:4137 msgid "proxy_pam_target (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4125 +#: sssd.conf.5.xml:4140 msgid "The proxy target PAM proxies to." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4128 +#: sssd.conf.5.xml:4143 msgid "" "Default: not set by default, you have to take an existing pam configuration " -"or create a new one and add the service name here." +"or create a new one and add the service name here. As an alternative you can " +"enable local authentication with the local_auth_policy option." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4136 +#: sssd.conf.5.xml:4153 msgid "proxy_lib_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4139 +#: sssd.conf.5.xml:4156 msgid "" "The name of the NSS library to use in proxy domains. The NSS functions " "searched for in the library are in the form of _nss_$(libName)_$(function), " @@ -4812,12 +4828,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4149 +#: sssd.conf.5.xml:4166 msgid "proxy_resolver_lib_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4152 +#: sssd.conf.5.xml:4169 msgid "" "The name of the NSS library to use for hosts and networks lookups in proxy " "domains. The NSS functions searched for in the library are in the form of " @@ -4825,12 +4841,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4163 +#: sssd.conf.5.xml:4180 msgid "proxy_fast_alias (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4166 +#: sssd.conf.5.xml:4183 msgid "" "When a user or group is looked up by name in the proxy provider, a second " "lookup by ID is performed to \"canonicalize\" the name in case the requested " @@ -4839,12 +4855,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4180 +#: sssd.conf.5.xml:4197 msgid "proxy_max_children (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4183 +#: sssd.conf.5.xml:4200 msgid "" "This option specifies the number of pre-forked proxy children. It is useful " "for high-load SSSD environments where sssd may run out of available child " @@ -4852,19 +4868,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4118 +#: sssd.conf.5.xml:4133 msgid "" "Options valid for proxy domains. <placeholder type=\"variablelist\" " "id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:4199 +#: sssd.conf.5.xml:4216 msgid "Application domains" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4201 +#: sssd.conf.5.xml:4218 msgid "" "SSSD, with its D-Bus interface (see <citerefentry> <refentrytitle>sssd-ifp</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry>) is appealing to " @@ -4881,7 +4897,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4221 +#: sssd.conf.5.xml:4238 msgid "" "Please note that the application domain must still be explicitly enabled in " "the <quote>domains</quote> parameter so that the lookup order between the " @@ -4889,17 +4905,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> -#: sssd.conf.5.xml:4227 +#: sssd.conf.5.xml:4244 msgid "Application domain parameters" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4229 +#: sssd.conf.5.xml:4246 msgid "inherit_from (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4232 +#: sssd.conf.5.xml:4249 msgid "" "The SSSD POSIX-type domain the application domain inherits all settings " "from. The application domain can moreover add its own settings to the " @@ -4908,7 +4924,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4246 +#: sssd.conf.5.xml:4263 msgid "" "The following example illustrates the use of an application domain. In this " "setup, the POSIX domain is connected to an LDAP server and is used by the OS " @@ -4918,7 +4934,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><programlisting> -#: sssd.conf.5.xml:4254 +#: sssd.conf.5.xml:4271 #, no-wrap msgid "" "[sssd]\n" @@ -4938,12 +4954,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4274 +#: sssd.conf.5.xml:4291 msgid "TRUSTED DOMAIN SECTION" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4276 +#: sssd.conf.5.xml:4293 msgid "" "Some options used in the domain section can also be used in the trusted " "domain section, that is, in a section called <quote>[domain/" @@ -4954,69 +4970,69 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4283 +#: sssd.conf.5.xml:4300 msgid "ldap_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4284 +#: sssd.conf.5.xml:4301 msgid "ldap_user_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4285 +#: sssd.conf.5.xml:4302 msgid "ldap_group_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4286 +#: sssd.conf.5.xml:4303 msgid "ldap_netgroup_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4287 +#: sssd.conf.5.xml:4304 msgid "ldap_service_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4288 +#: sssd.conf.5.xml:4305 msgid "ldap_sasl_mech," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4289 +#: sssd.conf.5.xml:4306 msgid "ad_server," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4290 +#: sssd.conf.5.xml:4307 msgid "ad_backup_server," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4291 +#: sssd.conf.5.xml:4308 msgid "ad_site," msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4292 sssd-ipa.5.xml:879 +#: sssd.conf.5.xml:4309 sssd-ipa.5.xml:884 msgid "use_fully_qualified_names" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4296 +#: sssd.conf.5.xml:4313 msgid "" "For more details about these options see their individual description in the " "manual page." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4302 +#: sssd.conf.5.xml:4319 msgid "CERTIFICATE MAPPING SECTION" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4304 +#: sssd.conf.5.xml:4321 msgid "" "To allow authentication with Smartcards and certificates SSSD must be able " "to map certificates to users. This can be done by adding the full " @@ -5029,7 +5045,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4318 +#: sssd.conf.5.xml:4335 msgid "" "To make the mapping more flexible mapping and matching rules were added to " "SSSD (see <citerefentry> <refentrytitle>sss-certmap</refentrytitle> " @@ -5037,7 +5053,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4327 +#: sssd.conf.5.xml:4344 msgid "" "A mapping and matching rule can be added to the SSSD configuration in a " "section on its own with a name like <quote>[certmap/" @@ -5046,55 +5062,55 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4334 +#: sssd.conf.5.xml:4351 msgid "matchrule (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4337 +#: sssd.conf.5.xml:4354 msgid "" "Only certificates from the Smartcard which matches this rule will be " "processed, all others are ignored." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4341 +#: sssd.conf.5.xml:4358 msgid "" "Default: KRB5:<EKU>clientAuth, i.e. only certificates which have the " "Extended Key Usage <quote>clientAuth</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4348 +#: sssd.conf.5.xml:4365 msgid "maprule (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4351 +#: sssd.conf.5.xml:4368 msgid "Defines how the user is found for a given certificate." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4357 +#: sssd.conf.5.xml:4374 msgid "" "LDAP:(userCertificate;binary={cert!bin}) for LDAP based providers like " "<quote>ldap</quote>, <quote>AD</quote> or <quote>ipa</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4363 +#: sssd.conf.5.xml:4380 msgid "" "The RULE_NAME for the <quote>files</quote> provider which tries to find a " "user with the same name." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4372 +#: sssd.conf.5.xml:4389 msgid "domains (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4375 +#: sssd.conf.5.xml:4392 msgid "" "Comma separated list of domain names the rule should be applied. By default " "a rule is only valid in the domain configured in sssd.conf. If the provider " @@ -5103,17 +5119,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4382 +#: sssd.conf.5.xml:4399 msgid "Default: the configured domain in sssd.conf" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4387 +#: sssd.conf.5.xml:4404 msgid "priority (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4390 +#: sssd.conf.5.xml:4407 msgid "" "Unsigned integer value defining the priority of the rule. The higher the " "number the lower the priority. <quote>0</quote> stands for the highest " @@ -5121,26 +5137,26 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4396 +#: sssd.conf.5.xml:4413 msgid "Default: the lowest priority" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4402 +#: sssd.conf.5.xml:4419 msgid "" "To make the configuration simple and reduce the amount of configuration " "options the <quote>files</quote> provider has some special properties:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4408 +#: sssd.conf.5.xml:4425 msgid "" "if maprule is not set the RULE_NAME name is assumed to be the name of the " "matching user" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4414 +#: sssd.conf.5.xml:4431 msgid "" "if a maprule is used both a single user name or a template like " "<quote>{subject_rfc822_name.short_name}</quote> must be in braces like e.g. " @@ -5149,17 +5165,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4423 +#: sssd.conf.5.xml:4440 msgid "the <quote>domains</quote> option is ignored" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4431 +#: sssd.conf.5.xml:4448 msgid "PROMPTING CONFIGURATION SECTION" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4433 +#: sssd.conf.5.xml:4450 msgid "" "If a special file (<filename>/var/lib/sss/pubconf/pam_preauth_available</" "filename>) exists SSSD's PAM module pam_sss will ask SSSD to figure out " @@ -5169,7 +5185,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4441 +#: sssd.conf.5.xml:4458 msgid "" "With the growing number of authentication methods and the possibility that " "there are multiple ones for a single user the heuristic used by pam_sss to " @@ -5178,59 +5194,59 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4453 +#: sssd.conf.5.xml:4470 msgid "[prompting/password]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4456 +#: sssd.conf.5.xml:4473 msgid "password_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4457 +#: sssd.conf.5.xml:4474 msgid "to change the string of the password prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4455 +#: sssd.conf.5.xml:4472 msgid "" "to configure password prompting, allowed options are: <placeholder " "type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4465 +#: sssd.conf.5.xml:4482 msgid "[prompting/2fa]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4469 +#: sssd.conf.5.xml:4486 msgid "first_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4470 +#: sssd.conf.5.xml:4487 msgid "to change the string of the prompt for the first factor" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4473 +#: sssd.conf.5.xml:4490 msgid "second_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4474 +#: sssd.conf.5.xml:4491 msgid "to change the string of the prompt for the second factor" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4477 +#: sssd.conf.5.xml:4494 msgid "single_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4478 +#: sssd.conf.5.xml:4495 msgid "" "boolean value, if True there will be only a single prompt using the value of " "first_prompt where it is expected that both factors are entered as a single " @@ -5239,7 +5255,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4467 +#: sssd.conf.5.xml:4484 msgid "" "to configure two-factor authentication prompting, allowed options are: " "<placeholder type=\"variablelist\" id=\"0\"/> If the second factor is " @@ -5248,17 +5264,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4495 +#: sssd.conf.5.xml:4512 msgid "[prompting/passkey]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4501 sssd-ad.5.xml:1021 +#: sssd.conf.5.xml:4518 sssd-ad.5.xml:1021 msgid "interactive" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4503 +#: sssd.conf.5.xml:4520 msgid "" "boolean value, if True prompt a message and wait before testing the presence " "of a passkey device. Recommended if your device doesn’t have a tactile " @@ -5266,46 +5282,46 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4511 +#: sssd.conf.5.xml:4528 msgid "interactive_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4513 +#: sssd.conf.5.xml:4530 msgid "to change the message of the interactive prompt." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4518 +#: sssd.conf.5.xml:4535 msgid "touch" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4520 +#: sssd.conf.5.xml:4537 msgid "" "boolean value, if True prompt a message to remind the user to touch the " "device." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4526 +#: sssd.conf.5.xml:4543 msgid "touch_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4528 +#: sssd.conf.5.xml:4545 msgid "to change the message of the touch prompt." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4497 +#: sssd.conf.5.xml:4514 msgid "" "to configure passkey authentication prompting, allowed options are: " "<placeholder type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4448 +#: sssd.conf.5.xml:4465 msgid "" "Each supported authentication method has its own configuration subsection " "under <quote>[prompting/...]</quote>. Currently there are: <placeholder " @@ -5314,7 +5330,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4539 +#: sssd.conf.5.xml:4556 msgid "" "It is possible to add a subsection for specific PAM services, e.g. " "<quote>[prompting/password/sshd]</quote> to individual change the prompting " @@ -5322,12 +5338,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4546 pam_sss_gss.8.xml:157 idmap_sss.8.xml:43 +#: sssd.conf.5.xml:4563 pam_sss_gss.8.xml:157 idmap_sss.8.xml:43 msgid "EXAMPLES" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4552 +#: sssd.conf.5.xml:4569 #, no-wrap msgid "" "[sssd]\n" @@ -5357,7 +5373,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4548 +#: sssd.conf.5.xml:4565 msgid "" "1. The following example shows a typical SSSD config. It does not describe " "configuration of the domains themselves - refer to documentation on " @@ -5366,7 +5382,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4585 +#: sssd.conf.5.xml:4602 #, no-wrap msgid "" "[domain/ipa.com/child.ad.com]\n" @@ -5374,7 +5390,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4579 +#: sssd.conf.5.xml:4596 msgid "" "2. The following example shows configuration of IPA AD trust where the AD " "forest consists of two domains in a parent-child structure. Suppose IPA " @@ -5385,7 +5401,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4596 +#: sssd.conf.5.xml:4613 #, no-wrap msgid "" "[certmap/my.domain/rule_name]\n" @@ -5396,7 +5412,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4590 +#: sssd.conf.5.xml:4607 msgid "" "3. The following example shows the configuration of a certificate mapping " "rule. It is valid for the configured domain <quote>my.domain</quote> and " @@ -5450,26 +5466,26 @@ msgid "" "LDAP back end supports id, auth, access and chpass providers. If you want to " "authenticate against an LDAP server either TLS/SSL or LDAPS is required. " "<command>sssd</command> <emphasis>does not</emphasis> support authentication " -"over an unencrypted channel. If the LDAP server is used only as an identity " -"provider, an encrypted channel is not needed. Please refer to " -"<quote>ldap_access_filter</quote> config option for more information about " -"using LDAP as an access provider." +"over an unencrypted channel. Even if the LDAP server is used only as an " +"identity provider, an encrypted channel is strongly recommended. Please " +"refer to <quote>ldap_access_filter</quote> config option for more " +"information about using LDAP as an access provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:82 sssd-ad.5.xml:130 +#: sssd-ldap.5.xml:50 sssd-simple.5.xml:69 sssd-ipa.5.xml:82 sssd-ad.5.xml:130 #: sssd-krb5.5.xml:63 sssd-ifp.5.xml:60 sssd-files.5.xml:77 #: sssd-session-recording.5.xml:58 sssd-kcm.8.xml:202 msgid "CONFIGURATION OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:66 +#: sssd-ldap.5.xml:67 msgid "ldap_uri, ldap_backup_uri (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:69 +#: sssd-ldap.5.xml:70 msgid "" "Specifies the comma-separated list of URIs of the LDAP servers to which SSSD " "should connect in the order of preference. Refer to the <quote>FAILOVER</" @@ -5479,33 +5495,33 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:76 +#: sssd-ldap.5.xml:77 msgid "The format of the URI must match the format defined in RFC 2732:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:79 +#: sssd-ldap.5.xml:80 msgid "ldap[s]://<host>[:port]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:82 +#: sssd-ldap.5.xml:83 msgid "" "For explicit IPv6 addresses, <host> must be enclosed in brackets []" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:85 +#: sssd-ldap.5.xml:86 msgid "example: ldap://[fc00::126:25]:389" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:91 +#: sssd-ldap.5.xml:92 msgid "ldap_chpass_uri, ldap_chpass_backup_uri (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:94 +#: sssd-ldap.5.xml:95 msgid "" "Specifies the comma-separated list of URIs of the LDAP servers to which SSSD " "should connect in the order of preference to change the password of a user. " @@ -5514,71 +5530,71 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:101 +#: sssd-ldap.5.xml:102 msgid "To enable service discovery ldap_chpass_dns_service_name must be set." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:105 +#: sssd-ldap.5.xml:106 msgid "Default: empty, i.e. ldap_uri is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:111 +#: sssd-ldap.5.xml:112 msgid "ldap_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:114 +#: sssd-ldap.5.xml:115 msgid "The default base DN to use for performing LDAP user operations." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:118 +#: sssd-ldap.5.xml:119 msgid "" "Starting with SSSD 1.7.0, SSSD supports multiple search bases using the " "syntax:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:122 +#: sssd-ldap.5.xml:123 msgid "search_base[?scope?[filter][?search_base?scope?[filter]]*]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:125 +#: sssd-ldap.5.xml:126 msgid "The scope can be one of \"base\", \"onelevel\" or \"subtree\"." msgstr "" #. type: Content of: <listitem><para> -#: sssd-ldap.5.xml:128 include/ldap_search_bases.xml:18 +#: sssd-ldap.5.xml:129 include/ldap_search_bases.xml:18 msgid "" "The filter must be a valid LDAP search filter as specified by http://www." "ietf.org/rfc/rfc2254.txt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:132 sssd-ad.5.xml:311 sss_override.8.xml:143 +#: sssd-ldap.5.xml:133 sssd-ad.5.xml:311 sss_override.8.xml:143 #: sss_override.8.xml:240 sssd-ldap-attributes.5.xml:453 msgid "Examples:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:135 +#: sssd-ldap.5.xml:136 msgid "" "ldap_search_base = dc=example,dc=com (which is equivalent to) " "ldap_search_base = dc=example,dc=com?subtree?" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:140 +#: sssd-ldap.5.xml:141 msgid "" "ldap_search_base = cn=host_specific,dc=example,dc=com?subtree?" "(host=thishost)?dc=example.com?subtree?" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:143 +#: sssd-ldap.5.xml:144 msgid "" "Note: It is unsupported to have multiple search bases which reference " "identically-named objects (for example, groups with the same name in two " @@ -5587,7 +5603,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:150 +#: sssd-ldap.5.xml:151 msgid "" "Default: If not set, the value of the defaultNamingContext or namingContexts " "attribute from the RootDSE of the LDAP server is used. If " @@ -5598,12 +5614,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:164 +#: sssd-ldap.5.xml:165 msgid "ldap_schema (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:167 +#: sssd-ldap.5.xml:168 msgid "" "Specifies the Schema Type in use on the target LDAP server. Depending on " "the selected schema, the default attribute names retrieved from the servers " @@ -5611,32 +5627,32 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:174 +#: sssd-ldap.5.xml:175 msgid "Four schema types are currently supported:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:178 +#: sssd-ldap.5.xml:179 msgid "rfc2307" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:183 +#: sssd-ldap.5.xml:184 msgid "rfc2307bis" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:188 +#: sssd-ldap.5.xml:189 msgid "IPA" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:193 +#: sssd-ldap.5.xml:194 msgid "AD" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:199 +#: sssd-ldap.5.xml:200 msgid "" "The main difference between these schema types is how group memberships are " "recorded in the server. With rfc2307, group members are listed by name in " @@ -5647,37 +5663,37 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:209 +#: sssd-ldap.5.xml:210 msgid "Default: rfc2307" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:215 +#: sssd-ldap.5.xml:216 msgid "ldap_pwmodify_mode (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:218 +#: sssd-ldap.5.xml:219 msgid "Specify the operation that is used to modify user password." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:222 +#: sssd-ldap.5.xml:223 msgid "Two modes are currently supported:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:226 +#: sssd-ldap.5.xml:227 msgid "exop - Password Modify Extended Operation (RFC 3062)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:232 +#: sssd-ldap.5.xml:233 msgid "ldap_modify - Direct modification of userPassword (not recommended)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:239 +#: sssd-ldap.5.xml:240 msgid "" "Note: First, a new connection is established to verify current password by " "binding as the user that requested password change. If successful, this " @@ -5686,76 +5702,76 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:247 +#: sssd-ldap.5.xml:248 msgid "Default: exop" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:253 +#: sssd-ldap.5.xml:254 msgid "ldap_default_bind_dn (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:256 +#: sssd-ldap.5.xml:257 msgid "The default bind DN to use for performing LDAP operations." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:263 +#: sssd-ldap.5.xml:264 msgid "ldap_default_authtok_type (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:266 +#: sssd-ldap.5.xml:267 msgid "The type of the authentication token of the default bind DN." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:270 +#: sssd-ldap.5.xml:271 msgid "The two mechanisms currently supported are:" msgstr "" # auto translated by TM merge from project: FreeIPA, version: ipa-4-5, DocId: # po/ipa #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:273 +#: sssd-ldap.5.xml:274 msgid "password" msgstr "heslo" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:276 +#: sssd-ldap.5.xml:277 msgid "obfuscated_password" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:279 +#: sssd-ldap.5.xml:280 msgid "Default: password" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:282 +#: sssd-ldap.5.xml:283 msgid "" "See the <citerefentry> <refentrytitle>sss_obfuscate</refentrytitle> " "<manvolnum>8</manvolnum> </citerefentry> manual page for more information." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:293 +#: sssd-ldap.5.xml:294 msgid "ldap_default_authtok (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:296 +#: sssd-ldap.5.xml:297 msgid "The authentication token of the default bind DN." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:302 +#: sssd-ldap.5.xml:303 msgid "ldap_force_upper_case_realm (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:305 +#: sssd-ldap.5.xml:306 msgid "" "Some directory servers, for example Active Directory, might deliver the " "realm part of the UPN in lower case, which might cause the authentication to " @@ -5764,24 +5780,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:318 +#: sssd-ldap.5.xml:319 msgid "ldap_enumeration_refresh_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:321 +#: sssd-ldap.5.xml:322 msgid "" "Specifies how many seconds SSSD has to wait before refreshing its cache of " "enumerated records." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:337 +#: sssd-ldap.5.xml:338 msgid "ldap_purge_cache_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:340 +#: sssd-ldap.5.xml:341 msgid "" "Determine how often to check the cache for inactive entries (such as groups " "with no members and users who have never logged in) and remove them to save " @@ -5789,7 +5805,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:346 +#: sssd-ldap.5.xml:347 msgid "" "Setting this option to zero will disable the cache cleanup operation. Please " "note that if enumeration is enabled, the cleanup task is required in order " @@ -5798,12 +5814,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:366 +#: sssd-ldap.5.xml:367 msgid "ldap_group_nesting_level (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:369 +#: sssd-ldap.5.xml:370 msgid "" "If ldap_schema is set to a schema format that supports nested groups (e.g. " "RFC2307bis), then this option controls how many levels of nesting SSSD will " @@ -5811,7 +5827,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:376 +#: sssd-ldap.5.xml:377 msgid "" "Note: This option specifies the guaranteed level of nested groups to be " "processed for any lookup. However, nested groups beyond this limit " @@ -5821,7 +5837,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:385 +#: sssd-ldap.5.xml:386 msgid "" "If ldap_group_nesting_level is set to 0 then no nested groups are processed " "at all. However, when connected to Active-Directory Server 2008 and later " @@ -5831,67 +5847,67 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:394 +#: sssd-ldap.5.xml:395 msgid "Default: 2" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:403 +#: sssd-ldap.5.xml:404 msgid "" "This options enables or disables use of Token-Groups attribute when " "performing initgroup for users from Active Directory Server 2008 and later." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:413 +#: sssd-ldap.5.xml:414 msgid "Default: True for AD and IPA otherwise False." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:419 +#: sssd-ldap.5.xml:420 msgid "ldap_host_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:422 +#: sssd-ldap.5.xml:423 msgid "Optional. Use the given string as search base for host objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:426 sssd-ipa.5.xml:457 sssd-ipa.5.xml:476 sssd-ipa.5.xml:495 -#: sssd-ipa.5.xml:514 +#: sssd-ldap.5.xml:427 sssd-ipa.5.xml:462 sssd-ipa.5.xml:481 sssd-ipa.5.xml:500 +#: sssd-ipa.5.xml:519 msgid "" "See <quote>ldap_search_base</quote> for information about configuring " "multiple search bases." msgstr "" #. type: Content of: <listitem><para> -#: sssd-ldap.5.xml:431 sssd-ipa.5.xml:462 include/ldap_search_bases.xml:27 +#: sssd-ldap.5.xml:432 sssd-ipa.5.xml:467 include/ldap_search_bases.xml:27 msgid "Default: the value of <emphasis>ldap_search_base</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:438 +#: sssd-ldap.5.xml:439 msgid "ldap_service_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:443 +#: sssd-ldap.5.xml:444 msgid "ldap_iphost_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:448 +#: sssd-ldap.5.xml:449 msgid "ldap_ipnetwork_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:453 +#: sssd-ldap.5.xml:454 msgid "ldap_search_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:456 +#: sssd-ldap.5.xml:457 msgid "" "Specifies the timeout (in seconds) that ldap searches are allowed to run " "before they are cancelled and cached results are returned (and offline mode " @@ -5899,7 +5915,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:462 +#: sssd-ldap.5.xml:463 msgid "" "Note: this option is subject to change in future versions of the SSSD. It " "will likely be replaced at some point by a series of timeouts for specific " @@ -5907,12 +5923,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:479 +#: sssd-ldap.5.xml:480 msgid "ldap_enumeration_search_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:482 +#: sssd-ldap.5.xml:483 msgid "" "Specifies the timeout (in seconds) that ldap searches for user and group " "enumerations are allowed to run before they are cancelled and cached results " @@ -5920,12 +5936,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:500 +#: sssd-ldap.5.xml:501 msgid "ldap_network_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:503 +#: sssd-ldap.5.xml:504 msgid "" "Specifies the timeout (in seconds) after which the <citerefentry> " "<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/" @@ -5936,12 +5952,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:531 +#: sssd-ldap.5.xml:532 msgid "ldap_opt_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:534 +#: sssd-ldap.5.xml:535 msgid "" "Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs " "will abort if no response is received. Also controls the timeout when " @@ -5950,12 +5966,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:554 +#: sssd-ldap.5.xml:555 msgid "ldap_connection_expire_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:557 +#: sssd-ldap.5.xml:558 msgid "" "Specifies a timeout (in seconds) that a connection to an LDAP server will be " "maintained. After this time, the connection will be re-established. If used " @@ -5964,7 +5980,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:565 +#: sssd-ldap.5.xml:566 msgid "" "If the connection is idle (not actively running an operation) within " "<emphasis>ldap_opt_timeout</emphasis> seconds of expiration, then it will be " @@ -5975,38 +5991,38 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:577 +#: sssd-ldap.5.xml:578 msgid "" "This timeout can be extended of a random value specified by " "<emphasis>ldap_connection_expire_offset</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:587 sssd-ldap.5.xml:630 sssd-ldap.5.xml:1711 +#: sssd-ldap.5.xml:588 sssd-ldap.5.xml:631 sssd-ldap.5.xml:1713 msgid "Default: 900 (15 minutes)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:593 +#: sssd-ldap.5.xml:594 msgid "ldap_connection_expire_offset (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:596 +#: sssd-ldap.5.xml:597 msgid "" "Random offset between 0 and configured value is added to " "<emphasis>ldap_connection_expire_timeout</emphasis>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:612 +#: sssd-ldap.5.xml:613 #, fuzzy #| msgid "dns_resolver_op_timeout" msgid "ldap_connection_idle_timeout (integer)" msgstr "dns_resolver_op_timeout" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:615 +#: sssd-ldap.5.xml:616 msgid "" "Specifies a timeout (in seconds) that an idle connection to an LDAP server " "will be maintained. If the connection is idle for more than this time then " @@ -6014,29 +6030,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:621 +#: sssd-ldap.5.xml:622 msgid "You can disable this timeout by setting the value to 0." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:636 +#: sssd-ldap.5.xml:637 msgid "ldap_page_size (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:639 +#: sssd-ldap.5.xml:640 msgid "" "Specify the number of records to retrieve from LDAP in a single request. " "Some LDAP servers enforce a maximum limit per-request." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:650 +#: sssd-ldap.5.xml:651 msgid "ldap_disable_paging (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:653 +#: sssd-ldap.5.xml:654 msgid "" "Disable the LDAP paging control. This option should be used if the LDAP " "server reports that it supports the LDAP paging control in its RootDSE but " @@ -6044,14 +6060,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:659 +#: sssd-ldap.5.xml:660 msgid "" "Example: OpenLDAP servers with the paging control module installed on the " "server but not enabled will report it in the RootDSE but be unable to use it." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:665 +#: sssd-ldap.5.xml:666 msgid "" "Example: 389 DS has a bug where it can only support a one paging control at " "a time on a single connection. On busy clients, this can result in some " @@ -6059,17 +6075,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:677 +#: sssd-ldap.5.xml:678 msgid "ldap_disable_range_retrieval (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:680 +#: sssd-ldap.5.xml:681 msgid "Disable Active Directory range retrieval." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:683 +#: sssd-ldap.5.xml:684 msgid "" "Active Directory limits the number of members to be retrieved in a single " "lookup using the MaxValRange policy (which defaults to 1500 members). If a " @@ -6079,12 +6095,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:698 +#: sssd-ldap.5.xml:699 msgid "ldap_sasl_minssf (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:701 +#: sssd-ldap.5.xml:702 msgid "" "When communicating with an LDAP server using SASL, specify the minimum " "security level necessary to establish the connection. The values of this " @@ -6092,17 +6108,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:707 sssd-ldap.5.xml:723 +#: sssd-ldap.5.xml:708 sssd-ldap.5.xml:724 msgid "Default: Use the system default (usually specified by ldap.conf)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:714 +#: sssd-ldap.5.xml:715 msgid "ldap_sasl_maxssf (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:717 +#: sssd-ldap.5.xml:718 msgid "" "When communicating with an LDAP server using SASL, specify the maximal " "security level necessary to establish the connection. The values of this " @@ -6110,12 +6126,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:730 +#: sssd-ldap.5.xml:731 msgid "ldap_deref_threshold (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:733 +#: sssd-ldap.5.xml:734 msgid "" "Specify the number of group members that must be missing from the internal " "cache in order to trigger a dereference lookup. If less members are missing, " @@ -6123,7 +6139,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:739 +#: sssd-ldap.5.xml:740 msgid "" "You can turn off dereference lookups completely by setting the value to 0. " "Please note that there are some codepaths in SSSD, like the IPA HBAC " @@ -6134,7 +6150,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:750 +#: sssd-ldap.5.xml:751 msgid "" "A dereference lookup is a means of fetching all group members in a single " "LDAP call. Different LDAP servers may implement different dereference " @@ -6143,7 +6159,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:758 +#: sssd-ldap.5.xml:759 msgid "" "<emphasis>Note:</emphasis> If any of the search bases specifies a search " "filter, then the dereference lookup performance enhancement will be disabled " @@ -6151,12 +6167,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:771 +#: sssd-ldap.5.xml:772 msgid "ldap_ignore_unreadable_references (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:774 +#: sssd-ldap.5.xml:775 msgid "" "Ignore unreadable LDAP entries referenced in group's member attribute. If " "this parameter is set to false an error will be returned and the operation " @@ -6164,7 +6180,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:781 +#: sssd-ldap.5.xml:782 msgid "" "This parameter may be useful when using the AD provider and the computer " "account that sssd uses to connect to AD does not have access to a particular " @@ -6172,26 +6188,26 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:794 +#: sssd-ldap.5.xml:795 msgid "ldap_tls_reqcert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:797 +#: sssd-ldap.5.xml:798 msgid "" "Specifies what checks to perform on server certificates in a TLS session, if " "any. It can be specified as one of the following values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:803 +#: sssd-ldap.5.xml:804 msgid "" "<emphasis>never</emphasis> = The client will not request or check any server " "certificate." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:807 +#: sssd-ldap.5.xml:808 msgid "" "<emphasis>allow</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -6199,7 +6215,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:814 +#: sssd-ldap.5.xml:815 msgid "" "<emphasis>try</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -6207,7 +6223,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:820 +#: sssd-ldap.5.xml:821 msgid "" "<emphasis>demand</emphasis> = The server certificate is requested. If no " "certificate is provided, or a bad certificate is provided, the session is " @@ -6215,41 +6231,41 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:826 +#: sssd-ldap.5.xml:827 msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:830 +#: sssd-ldap.5.xml:831 msgid "Default: hard" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:836 +#: sssd-ldap.5.xml:837 msgid "ldap_tls_cacert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:839 +#: sssd-ldap.5.xml:840 msgid "" "Specifies the file that contains certificates for all of the Certificate " "Authorities that <command>sssd</command> will recognize." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:844 sssd-ldap.5.xml:862 sssd-ldap.5.xml:903 +#: sssd-ldap.5.xml:845 sssd-ldap.5.xml:863 sssd-ldap.5.xml:904 msgid "" "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap." "conf</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:851 +#: sssd-ldap.5.xml:852 msgid "ldap_tls_cacertdir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:854 +#: sssd-ldap.5.xml:855 msgid "" "Specifies the path of a directory that contains Certificate Authority " "certificates in separate individual files. Typically the file names need to " @@ -6258,32 +6274,32 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:869 +#: sssd-ldap.5.xml:870 msgid "ldap_tls_cert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:872 +#: sssd-ldap.5.xml:873 msgid "Specifies the file that contains the certificate for the client's key." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:882 +#: sssd-ldap.5.xml:883 msgid "ldap_tls_key (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:885 +#: sssd-ldap.5.xml:886 msgid "Specifies the file that contains the client's key." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:894 +#: sssd-ldap.5.xml:895 msgid "ldap_tls_cipher_suite (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:897 +#: sssd-ldap.5.xml:898 msgid "" "Specifies acceptable cipher suites. Typically this is a colon separated " "list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> " @@ -6291,24 +6307,25 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:910 +#: sssd-ldap.5.xml:911 msgid "ldap_id_use_start_tls (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:913 +#: sssd-ldap.5.xml:914 msgid "" "Specifies that the id_provider connection must also use <systemitem " -"class=\"protocol\">tls</systemitem> to protect the channel." +"class=\"protocol\">tls</systemitem> to protect the channel. <emphasis>true</" +"emphasis> is strongly recommended for security reasons." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:923 +#: sssd-ldap.5.xml:925 msgid "ldap_id_mapping (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:926 +#: sssd-ldap.5.xml:928 msgid "" "Specifies that SSSD should attempt to map user and group IDs from the " "ldap_user_objectsid and ldap_group_objectsid attributes instead of relying " @@ -6316,17 +6333,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:932 +#: sssd-ldap.5.xml:934 msgid "Currently this feature supports only ActiveDirectory objectSID mapping." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:942 +#: sssd-ldap.5.xml:944 msgid "ldap_min_id, ldap_max_id (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:945 +#: sssd-ldap.5.xml:947 msgid "" "In contrast to the SID based ID mapping which is used if ldap_id_mapping is " "set to true the allowed ID range for ldap_user_uid_number and " @@ -6337,24 +6354,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:957 +#: sssd-ldap.5.xml:959 msgid "Default: not set (both options are set to 0)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:963 +#: sssd-ldap.5.xml:965 msgid "ldap_sasl_mech (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:966 +#: sssd-ldap.5.xml:968 msgid "" "Specify the SASL mechanism to use. Currently only GSSAPI and GSS-SPNEGO are " "tested and supported." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:970 +#: sssd-ldap.5.xml:972 msgid "" "If the backend supports sub-domains the value of ldap_sasl_mech is " "automatically inherited to the sub-domains. If a different value is needed " @@ -6365,12 +6382,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:986 +#: sssd-ldap.5.xml:988 msgid "ldap_sasl_authid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd-ldap.5.xml:998 +#: sssd-ldap.5.xml:1000 #, no-wrap msgid "" "hostname@REALM\n" @@ -6383,7 +6400,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:989 +#: sssd-ldap.5.xml:991 msgid "" "Specify the SASL authorization id to use. When GSSAPI/GSS-SPNEGO are used, " "this represents the Kerberos principal used for authentication to the " @@ -6395,17 +6412,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1009 +#: sssd-ldap.5.xml:1011 msgid "Default: host/hostname@REALM" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1015 +#: sssd-ldap.5.xml:1017 msgid "ldap_sasl_realm (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1018 +#: sssd-ldap.5.xml:1020 msgid "" "Specify the SASL realm to use. When not specified, this option defaults to " "the value of krb5_realm. If the ldap_sasl_authid contains the realm as " @@ -6413,49 +6430,49 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1024 +#: sssd-ldap.5.xml:1026 msgid "Default: the value of krb5_realm." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1030 +#: sssd-ldap.5.xml:1032 msgid "ldap_sasl_canonicalize (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1033 +#: sssd-ldap.5.xml:1035 msgid "" "If set to true, the LDAP library would perform a reverse lookup to " "canonicalize the host name during a SASL bind." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1038 +#: sssd-ldap.5.xml:1040 msgid "Default: false;" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1044 +#: sssd-ldap.5.xml:1046 msgid "ldap_krb5_keytab (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1047 +#: sssd-ldap.5.xml:1049 msgid "Specify the keytab to use when using SASL/GSSAPI/GSS-SPNEGO." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1056 sssd-krb5.5.xml:247 +#: sssd-ldap.5.xml:1058 sssd-krb5.5.xml:247 msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1062 +#: sssd-ldap.5.xml:1064 msgid "ldap_krb5_init_creds (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1065 +#: sssd-ldap.5.xml:1067 msgid "" "Specifies that the id_provider should init Kerberos credentials (TGT). This " "action is performed only if SASL is used and the mechanism selected is " @@ -6463,28 +6480,28 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1077 +#: sssd-ldap.5.xml:1079 msgid "ldap_krb5_ticket_lifetime (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1080 +#: sssd-ldap.5.xml:1082 msgid "" "Specifies the lifetime in seconds of the TGT if GSSAPI or GSS-SPNEGO is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1089 sssd-ad.5.xml:1252 +#: sssd-ldap.5.xml:1091 sssd-ad.5.xml:1252 msgid "Default: 86400 (24 hours)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1095 sssd-krb5.5.xml:74 +#: sssd-ldap.5.xml:1097 sssd-krb5.5.xml:74 msgid "krb5_server, krb5_backup_server (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1098 +#: sssd-ldap.5.xml:1100 msgid "" "Specifies the comma-separated list of IP addresses or hostnames of the " "Kerberos servers to which SSSD should connect in the order of preference. " @@ -6496,7 +6513,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1110 sssd-krb5.5.xml:89 +#: sssd-ldap.5.xml:1112 sssd-krb5.5.xml:89 msgid "" "When using service discovery for KDC or kpasswd servers, SSSD first searches " "for DNS entries that specify _udp as the protocol and falls back to _tcp if " @@ -6504,7 +6521,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1115 sssd-krb5.5.xml:94 +#: sssd-ldap.5.xml:1117 sssd-krb5.5.xml:94 msgid "" "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. " "While the legacy name is recognized for the time being, users are advised to " @@ -6512,39 +6529,39 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1124 sssd-ipa.5.xml:526 sssd-krb5.5.xml:103 +#: sssd-ldap.5.xml:1126 sssd-ipa.5.xml:531 sssd-krb5.5.xml:103 msgid "krb5_realm (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1127 +#: sssd-ldap.5.xml:1129 msgid "Specify the Kerberos REALM (for SASL/GSSAPI/GSS-SPNEGO auth)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1131 +#: sssd-ldap.5.xml:1133 msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>" msgstr "" #. type: Content of: <variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1137 include/krb5_options.xml:154 +#: sssd-ldap.5.xml:1139 include/krb5_options.xml:154 msgid "krb5_canonicalize (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1140 +#: sssd-ldap.5.xml:1142 msgid "" "Specifies if the host principal should be canonicalized when connecting to " "LDAP server. This feature is available with MIT Kerberos >= 1.7" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1152 sssd-krb5.5.xml:336 +#: sssd-ldap.5.xml:1154 sssd-krb5.5.xml:336 msgid "krb5_use_kdcinfo (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1155 sssd-krb5.5.xml:339 +#: sssd-ldap.5.xml:1157 sssd-krb5.5.xml:339 msgid "" "Specifies if the SSSD should instruct the Kerberos libraries what realm and " "which KDCs to use. This option is on by default, if you disable it, you need " @@ -6554,7 +6571,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1166 sssd-krb5.5.xml:350 +#: sssd-ldap.5.xml:1168 sssd-krb5.5.xml:350 msgid "" "See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</" "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more " @@ -6562,26 +6579,26 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1180 +#: sssd-ldap.5.xml:1182 msgid "ldap_pwd_policy (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1183 +#: sssd-ldap.5.xml:1185 msgid "" "Select the policy to evaluate the password expiration on the client side. " "The following values are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1188 +#: sssd-ldap.5.xml:1190 msgid "" "<emphasis>none</emphasis> - No evaluation on the client side. This option " "cannot disable server-side password policies." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1193 +#: sssd-ldap.5.xml:1195 msgid "" "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</" "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to " @@ -6590,7 +6607,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1201 +#: sssd-ldap.5.xml:1203 msgid "" "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos " "to determine if the password has expired. Use chpass_provider=krb5 to update " @@ -6598,31 +6615,31 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1210 +#: sssd-ldap.5.xml:1212 msgid "" "<emphasis>Note</emphasis>: if a password policy is configured on server " "side, it always takes precedence over policy set with this option." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1218 +#: sssd-ldap.5.xml:1220 msgid "ldap_referrals (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1221 +#: sssd-ldap.5.xml:1223 msgid "Specifies whether automatic referral chasing should be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1225 +#: sssd-ldap.5.xml:1227 msgid "" "Please note that sssd only supports referral chasing when it is compiled " "with OpenLDAP version 2.4.13 or higher." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1230 +#: sssd-ldap.5.xml:1232 msgid "" "Chasing referrals may incur a performance penalty in environments that use " "them heavily, a notable example is Microsoft Active Directory. If your setup " @@ -6635,51 +6652,51 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1249 +#: sssd-ldap.5.xml:1251 msgid "ldap_dns_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1252 +#: sssd-ldap.5.xml:1254 msgid "Specifies the service name to use when service discovery is enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1256 +#: sssd-ldap.5.xml:1258 msgid "Default: ldap" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1262 +#: sssd-ldap.5.xml:1264 msgid "ldap_chpass_dns_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1265 +#: sssd-ldap.5.xml:1267 msgid "" "Specifies the service name to use to find an LDAP server which allows " "password changes when service discovery is enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1270 +#: sssd-ldap.5.xml:1272 msgid "Default: not set, i.e. service discovery is disabled" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1276 +#: sssd-ldap.5.xml:1278 msgid "ldap_chpass_update_last_change (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1279 +#: sssd-ldap.5.xml:1281 msgid "" "Specifies whether to update the ldap_user_shadow_last_change attribute with " "days since the Epoch after a password change operation." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1285 +#: sssd-ldap.5.xml:1287 msgid "" "It is recommend to set this option explicitly if \"ldap_pwd_policy = " "shadow\" is used to let SSSD know if the LDAP server will update " @@ -6688,12 +6705,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1299 +#: sssd-ldap.5.xml:1301 msgid "ldap_access_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1302 +#: sssd-ldap.5.xml:1304 msgid "" "If using access_provider = ldap and ldap_access_order = filter (default), " "this option is mandatory. It specifies an LDAP search filter criteria that " @@ -6709,12 +6726,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1322 +#: sssd-ldap.5.xml:1324 msgid "Example:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> -#: sssd-ldap.5.xml:1325 +#: sssd-ldap.5.xml:1327 #, no-wrap msgid "" "access_provider = ldap\n" @@ -6723,14 +6740,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1329 +#: sssd-ldap.5.xml:1331 msgid "" "This example means that access to this host is restricted to users whose " "employeeType attribute is set to \"admin\"." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1334 +#: sssd-ldap.5.xml:1336 msgid "" "Offline caching for this feature is limited to determining whether the " "user's last online login was granted access permission. If they were granted " @@ -6739,24 +6756,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1342 sssd-ldap.5.xml:1398 +#: sssd-ldap.5.xml:1344 sssd-ldap.5.xml:1400 msgid "Default: Empty" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1348 +#: sssd-ldap.5.xml:1350 msgid "ldap_account_expire_policy (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1351 +#: sssd-ldap.5.xml:1353 msgid "" "With this option a client side evaluation of access control attributes can " "be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1355 +#: sssd-ldap.5.xml:1357 msgid "" "Please note that it is always recommended to use server side access control, " "i.e. the LDAP server should deny the bind request with a suitable error code " @@ -6764,19 +6781,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1362 +#: sssd-ldap.5.xml:1364 msgid "The following values are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1365 +#: sssd-ldap.5.xml:1367 msgid "" "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to " "determine if the account is expired." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1370 +#: sssd-ldap.5.xml:1372 msgid "" "<emphasis>ad</emphasis>: use the value of the 32bit field " "ldap_user_ad_user_account_control and allow access if the second bit is not " @@ -6785,7 +6802,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1377 +#: sssd-ldap.5.xml:1379 msgid "" "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</" "emphasis>: use the value of ldap_ns_account_lock to check if access is " @@ -6793,7 +6810,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1383 +#: sssd-ldap.5.xml:1385 msgid "" "<emphasis>nds</emphasis>: the values of " "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and " @@ -6802,7 +6819,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1391 +#: sssd-ldap.5.xml:1393 msgid "" "Please note that the ldap_access_order configuration option <emphasis>must</" "emphasis> include <quote>expire</quote> in order for the " @@ -6810,22 +6827,22 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1404 +#: sssd-ldap.5.xml:1406 msgid "ldap_access_order (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1407 sssd-ipa.5.xml:351 +#: sssd-ldap.5.xml:1409 sssd-ipa.5.xml:356 msgid "Comma separated list of access control options. Allowed values are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1411 +#: sssd-ldap.5.xml:1413 msgid "<emphasis>filter</emphasis>: use ldap_access_filter" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1414 +#: sssd-ldap.5.xml:1416 msgid "" "<emphasis>lockout</emphasis>: use account locking. If set, this option " "denies access in case that ldap attribute 'pwdAccountLockedTime' is present " @@ -6835,14 +6852,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1424 +#: sssd-ldap.5.xml:1426 msgid "" "<emphasis> Please note that this option is superseded by the <quote>ppolicy</" "quote> option and might be removed in a future release. </emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1431 +#: sssd-ldap.5.xml:1433 msgid "" "<emphasis>ppolicy</emphasis>: use account locking. If set, this option " "denies access in case that ldap attribute 'pwdAccountLockedTime' is present " @@ -6855,12 +6872,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1448 +#: sssd-ldap.5.xml:1450 msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1452 sssd-ipa.5.xml:359 +#: sssd-ldap.5.xml:1454 sssd-ipa.5.xml:364 msgid "" "<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, " "pwd_expire_policy_renew: </emphasis> These options are useful if users are " @@ -6870,81 +6887,81 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1462 sssd-ipa.5.xml:369 +#: sssd-ldap.5.xml:1464 sssd-ipa.5.xml:374 msgid "" "The difference between these options is the action taken if user password is " "expired:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:1467 sssd-ipa.5.xml:374 +#: sssd-ldap.5.xml:1469 sssd-ipa.5.xml:379 msgid "pwd_expire_policy_reject - user is denied to log in," msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:1473 sssd-ipa.5.xml:380 +#: sssd-ldap.5.xml:1475 sssd-ipa.5.xml:385 msgid "pwd_expire_policy_warn - user is still able to log in," msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:1479 sssd-ipa.5.xml:386 +#: sssd-ldap.5.xml:1481 sssd-ipa.5.xml:391 msgid "" "pwd_expire_policy_renew - user is prompted to change their password " "immediately." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1487 +#: sssd-ldap.5.xml:1489 msgid "" "Please note that 'access_provider = ldap' must be set for this feature to " "work. Also 'ldap_pwd_policy' must be set to an appropriate password policy." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1492 +#: sssd-ldap.5.xml:1494 msgid "" "<emphasis>authorized_service</emphasis>: use the authorizedService attribute " "to determine access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1497 +#: sssd-ldap.5.xml:1499 msgid "<emphasis>host</emphasis>: use the host attribute to determine access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1501 +#: sssd-ldap.5.xml:1503 msgid "" "<emphasis>rhost</emphasis>: use the rhost attribute to determine whether " "remote host can access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1505 +#: sssd-ldap.5.xml:1507 msgid "" "Please note, rhost field in pam is set by application, it is better to check " "what the application sends to pam, before enabling this access control option" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1510 +#: sssd-ldap.5.xml:1512 msgid "Default: filter" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1513 +#: sssd-ldap.5.xml:1515 msgid "" "Please note that it is a configuration error if a value is used more than " "once." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1520 +#: sssd-ldap.5.xml:1522 msgid "ldap_pwdlockout_dn (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1523 +#: sssd-ldap.5.xml:1525 msgid "" "This option specifies the DN of password policy entry on LDAP server. Please " "note that absence of this option in sssd.conf in case of enabled account " @@ -6953,67 +6970,67 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1531 +#: sssd-ldap.5.xml:1533 msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1534 +#: sssd-ldap.5.xml:1536 msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1540 +#: sssd-ldap.5.xml:1542 msgid "ldap_deref (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1543 +#: sssd-ldap.5.xml:1545 msgid "" "Specifies how alias dereferencing is done when performing a search. The " "following options are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1548 +#: sssd-ldap.5.xml:1550 msgid "<emphasis>never</emphasis>: Aliases are never dereferenced." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1552 +#: sssd-ldap.5.xml:1554 msgid "" "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of " "the base object, but not in locating the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1557 +#: sssd-ldap.5.xml:1559 msgid "" "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating " "the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1562 +#: sssd-ldap.5.xml:1564 msgid "" "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and " "in locating the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1567 +#: sssd-ldap.5.xml:1569 msgid "" "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP " "client libraries)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1575 +#: sssd-ldap.5.xml:1577 msgid "ldap_rfc2307_fallback_to_local_users (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1578 +#: sssd-ldap.5.xml:1580 msgid "" "Allows to retain local users as members of an LDAP group for servers that " "use the RFC2307 schema." @@ -7022,7 +7039,7 @@ msgstr "" "používají schéma dle normy RFC2307." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1582 +#: sssd-ldap.5.xml:1584 msgid "" "In some environments where the RFC2307 schema is used, local users are made " "members of LDAP groups by adding their names to the memberUid attribute. " @@ -7033,7 +7050,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1593 +#: sssd-ldap.5.xml:1595 msgid "" "This option falls back to checking if local users are referenced, and caches " "them so that later initgroups() calls will augment the local users with the " @@ -7041,55 +7058,55 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1605 sssd-ifp.5.xml:152 +#: sssd-ldap.5.xml:1607 sssd-ifp.5.xml:152 msgid "wildcard_limit (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1608 +#: sssd-ldap.5.xml:1610 msgid "" "Specifies an upper limit on the number of entries that are downloaded during " "a wildcard lookup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1612 +#: sssd-ldap.5.xml:1614 msgid "At the moment, only the InfoPipe responder supports wildcard lookups." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1616 +#: sssd-ldap.5.xml:1618 msgid "Default: 1000 (often the size of one page)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1622 +#: sssd-ldap.5.xml:1624 #, fuzzy #| msgid "ldap_idmap_range_size (integer)" msgid "ldap_library_debug_level (integer)" msgstr "ldap_idmap_range_size (celé číslo)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1625 +#: sssd-ldap.5.xml:1627 msgid "" "Switches on libldap debugging with the given level. The libldap debug " "messages will be written independent of the general debug_level." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1630 +#: sssd-ldap.5.xml:1632 msgid "" "OpenLDAP uses a bitmap to enable debugging for specific components, -1 will " "enable full debug output." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1635 +#: sssd-ldap.5.xml:1637 msgid "Default: 0 (libldap debugging disabled)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:51 +#: sssd-ldap.5.xml:52 msgid "" "All of the common configuration options that apply to SSSD domains also " "apply to LDAP domains. Refer to the <quote>DOMAIN SECTIONS</quote> section " @@ -7101,12 +7118,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1645 +#: sssd-ldap.5.xml:1647 msgid "SUDO OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1647 +#: sssd-ldap.5.xml:1649 msgid "" "The detailed instructions for configuration of sudo_provider are in the " "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " @@ -7114,43 +7131,43 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1658 +#: sssd-ldap.5.xml:1660 msgid "ldap_sudo_full_refresh_interval (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1661 +#: sssd-ldap.5.xml:1663 msgid "" "How many seconds SSSD will wait between executing a full refresh of sudo " "rules (which downloads all rules that are stored on the server)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1666 +#: sssd-ldap.5.xml:1668 msgid "" "The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </" "emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1671 +#: sssd-ldap.5.xml:1673 msgid "" "You can disable full refresh by setting this option to 0. However, either " "smart or full refresh must be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1676 +#: sssd-ldap.5.xml:1678 msgid "Default: 21600 (6 hours)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1682 +#: sssd-ldap.5.xml:1684 msgid "ldap_sudo_smart_refresh_interval (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1685 +#: sssd-ldap.5.xml:1687 msgid "" "How many seconds SSSD has to wait before executing a smart refresh of sudo " "rules (which downloads all rules that have USN higher than the highest " @@ -7158,14 +7175,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1691 +#: sssd-ldap.5.xml:1693 msgid "" "If USN attributes are not supported by the server, the modifyTimestamp " "attribute is used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1695 +#: sssd-ldap.5.xml:1697 msgid "" "<emphasis>Note:</emphasis> the highest USN value can be updated by three " "tasks: 1) By sudo full and smart refresh (if updated rules are found), 2) by " @@ -7175,21 +7192,21 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1706 +#: sssd-ldap.5.xml:1708 msgid "" "You can disable smart refresh by setting this option to 0. However, either " "smart or full refresh must be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1717 +#: sssd-ldap.5.xml:1719 #, fuzzy #| msgid "ldap_idmap_range_size (integer)" msgid "ldap_sudo_random_offset (integer)" msgstr "ldap_idmap_range_size (celé číslo)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1720 +#: sssd-ldap.5.xml:1722 msgid "" "Random offset between 0 and configured value is added to smart and full " "refresh periods each time the periodic task is scheduled. The value is in " @@ -7197,7 +7214,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1726 +#: sssd-ldap.5.xml:1728 msgid "" "Note that this random offset is also applied on the first SSSD start which " "delays the first sudo rules refresh. This prolongs the time when the sudo " @@ -7205,106 +7222,106 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1732 +#: sssd-ldap.5.xml:1734 msgid "You can disable this offset by setting the value to 0." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1742 +#: sssd-ldap.5.xml:1744 msgid "ldap_sudo_use_host_filter (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1745 +#: sssd-ldap.5.xml:1747 msgid "" "If true, SSSD will download only rules that are applicable to this machine " "(using the IPv4 or IPv6 host/network addresses and hostnames)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1756 +#: sssd-ldap.5.xml:1758 msgid "ldap_sudo_hostnames (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1759 +#: sssd-ldap.5.xml:1761 msgid "" "Space separated list of hostnames or fully qualified domain names that " "should be used to filter the rules." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1764 +#: sssd-ldap.5.xml:1766 msgid "" "If this option is empty, SSSD will try to discover the hostname and the " "fully qualified domain name automatically." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1769 sssd-ldap.5.xml:1792 sssd-ldap.5.xml:1810 -#: sssd-ldap.5.xml:1828 +#: sssd-ldap.5.xml:1771 sssd-ldap.5.xml:1794 sssd-ldap.5.xml:1812 +#: sssd-ldap.5.xml:1830 msgid "" "If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</" "emphasis> then this option has no effect." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1774 sssd-ldap.5.xml:1797 +#: sssd-ldap.5.xml:1776 sssd-ldap.5.xml:1799 msgid "Default: not specified" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1780 +#: sssd-ldap.5.xml:1782 msgid "ldap_sudo_ip (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1783 +#: sssd-ldap.5.xml:1785 msgid "" "Space separated list of IPv4 or IPv6 host/network addresses that should be " "used to filter the rules." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1788 +#: sssd-ldap.5.xml:1790 msgid "" "If this option is empty, SSSD will try to discover the addresses " "automatically." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1803 +#: sssd-ldap.5.xml:1805 msgid "ldap_sudo_include_netgroups (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1806 +#: sssd-ldap.5.xml:1808 msgid "" "If true then SSSD will download every rule that contains a netgroup in " "sudoHost attribute." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1821 +#: sssd-ldap.5.xml:1823 msgid "ldap_sudo_include_regexp (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1824 +#: sssd-ldap.5.xml:1826 msgid "" "If true then SSSD will download every rule that contains a wildcard in " "sudoHost attribute." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><note><para> -#: sssd-ldap.5.xml:1834 +#: sssd-ldap.5.xml:1836 msgid "" "Using wildcard is an operation that is very costly to evaluate on the LDAP " "server side!" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1846 +#: sssd-ldap.5.xml:1848 msgid "" "This manual page only describes attribute name mapping. For detailed " "explanation of sudo related attribute semantics, see <citerefentry> " @@ -7313,59 +7330,59 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1856 +#: sssd-ldap.5.xml:1858 msgid "AUTOFS OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1858 +#: sssd-ldap.5.xml:1860 msgid "" "Some of the defaults for the parameters below are dependent on the LDAP " "schema." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1864 +#: sssd-ldap.5.xml:1866 msgid "ldap_autofs_map_master_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1867 +#: sssd-ldap.5.xml:1869 msgid "The name of the automount master map in LDAP." msgstr "Název v LDAP hlavní mapy pro automatické připojování." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1870 +#: sssd-ldap.5.xml:1872 msgid "Default: auto.master" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1881 +#: sssd-ldap.5.xml:1883 msgid "ADVANCED OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1888 +#: sssd-ldap.5.xml:1890 msgid "ldap_netgroup_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1893 +#: sssd-ldap.5.xml:1895 msgid "ldap_user_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1898 +#: sssd-ldap.5.xml:1900 msgid "ldap_group_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><note> -#: sssd-ldap.5.xml:1903 +#: sssd-ldap.5.xml:1905 msgid "<note>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para> -#: sssd-ldap.5.xml:1905 +#: sssd-ldap.5.xml:1907 msgid "" "If the option <quote>ldap_use_tokengroups</quote> is enabled, the searches " "against Active Directory will not be restricted and return all groups " @@ -7374,22 +7391,22 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist> -#: sssd-ldap.5.xml:1912 +#: sssd-ldap.5.xml:1914 msgid "</note>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1914 +#: sssd-ldap.5.xml:1916 msgid "ldap_sudo_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1919 +#: sssd-ldap.5.xml:1921 msgid "ldap_autofs_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1883 +#: sssd-ldap.5.xml:1885 msgid "" "These options are supported by LDAP domains, but they should be used with " "caution. Please include them in your configuration only if you know what you " @@ -7398,14 +7415,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1934 sssd-simple.5.xml:131 sssd-ipa.5.xml:925 -#: sssd-ad.5.xml:1386 sssd-krb5.5.xml:483 sss_rpcidmapd.5.xml:98 +#: sssd-ldap.5.xml:1936 sssd-simple.5.xml:131 sssd-ipa.5.xml:930 +#: sssd-ad.5.xml:1391 sssd-krb5.5.xml:483 sss_rpcidmapd.5.xml:98 #: sssd-files.5.xml:155 sssd-session-recording.5.xml:176 msgid "EXAMPLE" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1936 +#: sssd-ldap.5.xml:1938 msgid "" "The following example assumes that SSSD is correctly configured and LDAP is " "set to one of the domains in the <replaceable>[domains]</replaceable> " @@ -7413,7 +7430,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ldap.5.xml:1942 +#: sssd-ldap.5.xml:1944 #, no-wrap msgid "" "[domain/LDAP]\n" @@ -7426,27 +7443,27 @@ msgid "" msgstr "" #. type: Content of: <refsect1><refsect2><para> -#: sssd-ldap.5.xml:1941 sssd-ldap.5.xml:1959 sssd-simple.5.xml:139 -#: sssd-ipa.5.xml:933 sssd-ad.5.xml:1394 sssd-sudo.5.xml:56 sssd-krb5.5.xml:492 +#: sssd-ldap.5.xml:1943 sssd-ldap.5.xml:1961 sssd-simple.5.xml:139 +#: sssd-ipa.5.xml:938 sssd-ad.5.xml:1399 sssd-sudo.5.xml:56 sssd-krb5.5.xml:492 #: sssd-files.5.xml:162 sssd-files.5.xml:173 sssd-session-recording.5.xml:182 #: include/ldap_id_mapping.xml:105 msgid "<placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1953 +#: sssd-ldap.5.xml:1955 msgid "LDAP ACCESS FILTER EXAMPLE" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1955 +#: sssd-ldap.5.xml:1957 msgid "" "The following example assumes that SSSD is correctly configured and to use " "the ldap_access_order=lockout." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ldap.5.xml:1960 +#: sssd-ldap.5.xml:1962 #, no-wrap msgid "" "[domain/LDAP]\n" @@ -7462,13 +7479,13 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1975 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148 -#: sssd-ad.5.xml:1409 sssd.8.xml:238 sss_seed.8.xml:163 +#: sssd-ldap.5.xml:1977 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148 +#: sssd-ad.5.xml:1414 sssd.8.xml:238 sss_seed.8.xml:163 msgid "NOTES" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1977 +#: sssd-ldap.5.xml:1979 msgid "" "The descriptions of some of the configuration options in this manual page " "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> " @@ -9830,12 +9847,12 @@ msgid "Example: dyndns_iface = em1, vnet1, vnet2" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:204 sssd-ad.5.xml:1285 +#: sssd-ipa.5.xml:204 sssd-ad.5.xml:1290 msgid "dyndns_auth (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:207 sssd-ad.5.xml:1288 +#: sssd-ipa.5.xml:207 sssd-ad.5.xml:1293 msgid "" "Whether the nsupdate utility should use GSS-TSIG authentication for secure " "updates with the DNS server, insecure updates can be sent by setting this " @@ -9843,17 +9860,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:213 sssd-ad.5.xml:1294 +#: sssd-ipa.5.xml:213 sssd-ad.5.xml:1299 msgid "Default: GSS-TSIG" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:219 sssd-ad.5.xml:1300 +#: sssd-ipa.5.xml:219 sssd-ad.5.xml:1305 msgid "dyndns_auth_ptr (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:222 sssd-ad.5.xml:1303 +#: sssd-ipa.5.xml:222 sssd-ad.5.xml:1308 msgid "" "Whether the nsupdate utility should use GSS-TSIG authentication for secure " "PTR updates with the DNS server, insecure updates can be sent by setting " @@ -9861,7 +9878,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:228 sssd-ad.5.xml:1309 +#: sssd-ipa.5.xml:228 sssd-ad.5.xml:1314 msgid "Default: Same as dyndns_auth" msgstr "" @@ -9920,65 +9937,72 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:290 +#: sssd-ipa.5.xml:290 sssd-ad.5.xml:1266 +msgid "" +"Note that <emphasis>dyndns_update_per_family</emphasis> parameter does not " +"apply for PTR record updates. Those updates are always sent separately." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:295 msgid "Default: False (disabled)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:296 sssd-ad.5.xml:1272 +#: sssd-ipa.5.xml:301 sssd-ad.5.xml:1277 msgid "dyndns_force_tcp (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:299 sssd-ad.5.xml:1275 +#: sssd-ipa.5.xml:304 sssd-ad.5.xml:1280 msgid "" "Whether the nsupdate utility should default to using TCP for communicating " "with the DNS server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:303 sssd-ad.5.xml:1279 +#: sssd-ipa.5.xml:308 sssd-ad.5.xml:1284 msgid "Default: False (let nsupdate choose the protocol)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:309 sssd-ad.5.xml:1315 +#: sssd-ipa.5.xml:314 sssd-ad.5.xml:1320 msgid "dyndns_server (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:312 sssd-ad.5.xml:1318 +#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1323 msgid "" "The DNS server to use when performing a DNS update. In most setups, it's " "recommended to leave this option unset." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1323 +#: sssd-ipa.5.xml:322 sssd-ad.5.xml:1328 msgid "" "Setting this option makes sense for environments where the DNS server is " "different from the identity server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:322 sssd-ad.5.xml:1328 +#: sssd-ipa.5.xml:327 sssd-ad.5.xml:1333 msgid "" "Please note that this option will be only used in fallback attempt when " "previous attempt using autodetected settings failed." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:327 sssd-ad.5.xml:1333 +#: sssd-ipa.5.xml:332 sssd-ad.5.xml:1338 msgid "Default: None (let nsupdate choose the server)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:333 sssd-ad.5.xml:1339 +#: sssd-ipa.5.xml:338 sssd-ad.5.xml:1344 msgid "dyndns_update_per_family (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:336 sssd-ad.5.xml:1342 +#: sssd-ipa.5.xml:341 sssd-ad.5.xml:1347 msgid "" "DNS update is by default performed in two steps - IPv4 update and then IPv6 " "update. In some cases it might be desirable to perform IPv4 and IPv6 update " @@ -9986,181 +10010,181 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:348 +#: sssd-ipa.5.xml:353 #, fuzzy #| msgid "krb5_rcache_dir (string)" msgid "ipa_access_order (string)" msgstr "krb5_rcache_dir (řetězec)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:355 +#: sssd-ipa.5.xml:360 msgid "<emphasis>expire</emphasis>: use IPA's account expiration policy." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:394 +#: sssd-ipa.5.xml:399 msgid "" "Please note that 'access_provider = ipa' must be set for this feature to " "work." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:401 +#: sssd-ipa.5.xml:406 msgid "ipa_deskprofile_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:404 +#: sssd-ipa.5.xml:409 msgid "" "Optional. Use the given string as search base for Desktop Profile related " "objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:408 sssd-ipa.5.xml:435 +#: sssd-ipa.5.xml:413 sssd-ipa.5.xml:440 msgid "Default: Use base DN" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:414 +#: sssd-ipa.5.xml:419 #, fuzzy #| msgid "simple_deny_users (string)" msgid "ipa_subid_ranges_search_base (string)" msgstr "simple_deny_users (řetězec)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:417 +#: sssd-ipa.5.xml:422 msgid "" "Optional. Use the given string as search base for subordinate ranges related " "objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:421 +#: sssd-ipa.5.xml:426 msgid "Default: the value of <emphasis>cn=subids,%basedn</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:428 +#: sssd-ipa.5.xml:433 msgid "ipa_hbac_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:431 +#: sssd-ipa.5.xml:436 msgid "Optional. Use the given string as search base for HBAC related objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:441 +#: sssd-ipa.5.xml:446 msgid "ipa_host_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:444 +#: sssd-ipa.5.xml:449 msgid "Deprecated. Use ldap_host_search_base instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:450 +#: sssd-ipa.5.xml:455 msgid "ipa_selinux_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:453 +#: sssd-ipa.5.xml:458 msgid "Optional. Use the given string as search base for SELinux user maps." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:469 +#: sssd-ipa.5.xml:474 msgid "ipa_subdomains_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:472 +#: sssd-ipa.5.xml:477 msgid "Optional. Use the given string as search base for trusted domains." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:481 +#: sssd-ipa.5.xml:486 msgid "Default: the value of <emphasis>cn=trusts,%basedn</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:488 +#: sssd-ipa.5.xml:493 msgid "ipa_master_domain_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:491 +#: sssd-ipa.5.xml:496 msgid "Optional. Use the given string as search base for master domain object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:500 +#: sssd-ipa.5.xml:505 msgid "Default: the value of <emphasis>cn=ad,cn=etc,%basedn</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:507 +#: sssd-ipa.5.xml:512 msgid "ipa_views_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:510 +#: sssd-ipa.5.xml:515 msgid "Optional. Use the given string as search base for views containers." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:519 +#: sssd-ipa.5.xml:524 msgid "Default: the value of <emphasis>cn=views,cn=accounts,%basedn</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:529 +#: sssd-ipa.5.xml:534 msgid "" "The name of the Kerberos realm. This is optional and defaults to the value " "of <quote>ipa_domain</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:533 +#: sssd-ipa.5.xml:538 msgid "" "The name of the Kerberos realm has a special meaning in IPA - it is " "converted into the base DN to use for performing LDAP operations." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:541 sssd-ad.5.xml:1357 +#: sssd-ipa.5.xml:546 sssd-ad.5.xml:1362 msgid "krb5_confd_path (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:544 sssd-ad.5.xml:1360 +#: sssd-ipa.5.xml:549 sssd-ad.5.xml:1365 msgid "" "Absolute path of a directory where SSSD should place Kerberos configuration " "snippets." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:548 sssd-ad.5.xml:1364 +#: sssd-ipa.5.xml:553 sssd-ad.5.xml:1369 msgid "" "To disable the creation of the configuration snippets set the parameter to " "'none'." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:552 sssd-ad.5.xml:1368 +#: sssd-ipa.5.xml:557 sssd-ad.5.xml:1373 msgid "" "Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:559 +#: sssd-ipa.5.xml:564 msgid "ipa_deskprofile_refresh (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:562 +#: sssd-ipa.5.xml:567 msgid "" "The amount of time between lookups of the Desktop Profile rules against the " "IPA server. This will reduce the latency and load on the IPA server if there " @@ -10168,34 +10192,34 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:569 sssd-ipa.5.xml:599 sssd-ipa.5.xml:615 sssd-ad.5.xml:599 +#: sssd-ipa.5.xml:574 sssd-ipa.5.xml:604 sssd-ipa.5.xml:620 sssd-ad.5.xml:599 msgid "Default: 5 (seconds)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:575 +#: sssd-ipa.5.xml:580 msgid "ipa_deskprofile_request_interval (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:578 +#: sssd-ipa.5.xml:583 msgid "" "The amount of time between lookups of the Desktop Profile rules against the " "IPA server in case the last request did not return any rule." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:583 +#: sssd-ipa.5.xml:588 msgid "Default: 60 (minutes)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:589 +#: sssd-ipa.5.xml:594 msgid "ipa_hbac_refresh (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:592 +#: sssd-ipa.5.xml:597 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server. " "This will reduce the latency and load on the IPA server if there are many " @@ -10203,12 +10227,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:605 +#: sssd-ipa.5.xml:610 msgid "ipa_hbac_selinux (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:608 +#: sssd-ipa.5.xml:613 msgid "" "The amount of time between lookups of the SELinux maps against the IPA " "server. This will reduce the latency and load on the IPA server if there are " @@ -10216,33 +10240,33 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:621 +#: sssd-ipa.5.xml:626 msgid "ipa_server_mode (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:624 +#: sssd-ipa.5.xml:629 msgid "" "This option will be set by the IPA installer (ipa-server-install) " "automatically and denotes if SSSD is running on an IPA server or not." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:629 +#: sssd-ipa.5.xml:634 msgid "" "On an IPA server SSSD will lookup users and groups from trusted domains " "directly while on a client it will ask an IPA server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:634 +#: sssd-ipa.5.xml:639 msgid "" "NOTE: There are currently some assumptions that must be met when SSSD is " "running on an IPA server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:639 +#: sssd-ipa.5.xml:644 msgid "" "The <quote>ipa_server</quote> option must be configured to point to the IPA " "server itself. This is already the default set by the IPA installer, so no " @@ -10250,59 +10274,59 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:648 +#: sssd-ipa.5.xml:653 msgid "" "The <quote>full_name_format</quote> option must not be tweaked to only print " "short names for users from trusted domains." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:663 +#: sssd-ipa.5.xml:668 msgid "ipa_automount_location (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:666 +#: sssd-ipa.5.xml:671 msgid "The automounter location this IPA client will be using" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:669 +#: sssd-ipa.5.xml:674 msgid "Default: The location named \"default\"" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd-ipa.5.xml:677 +#: sssd-ipa.5.xml:682 msgid "VIEWS AND OVERRIDES" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:686 +#: sssd-ipa.5.xml:691 msgid "ipa_view_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:689 +#: sssd-ipa.5.xml:694 msgid "Objectclass of the view container." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:692 +#: sssd-ipa.5.xml:697 msgid "Default: nsContainer" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:698 +#: sssd-ipa.5.xml:703 msgid "ipa_view_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:701 +#: sssd-ipa.5.xml:706 msgid "Name of the attribute holding the name of the view." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:705 sssd-ldap-attributes.5.xml:496 +#: sssd-ipa.5.xml:710 sssd-ldap-attributes.5.xml:496 #: sssd-ldap-attributes.5.xml:830 sssd-ldap-attributes.5.xml:911 #: sssd-ldap-attributes.5.xml:1008 sssd-ldap-attributes.5.xml:1066 #: sssd-ldap-attributes.5.xml:1224 sssd-ldap-attributes.5.xml:1269 @@ -10310,128 +10334,128 @@ msgid "Default: cn" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:711 +#: sssd-ipa.5.xml:716 msgid "ipa_override_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:714 +#: sssd-ipa.5.xml:719 msgid "Objectclass of the override objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:717 +#: sssd-ipa.5.xml:722 msgid "Default: ipaOverrideAnchor" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:723 +#: sssd-ipa.5.xml:728 msgid "ipa_anchor_uuid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:726 +#: sssd-ipa.5.xml:731 msgid "" "Name of the attribute containing the reference to the original object in a " "remote domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:730 +#: sssd-ipa.5.xml:735 msgid "Default: ipaAnchorUUID" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:736 +#: sssd-ipa.5.xml:741 msgid "ipa_user_override_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:739 +#: sssd-ipa.5.xml:744 msgid "" "Name of the objectclass for user overrides. It is used to determine if the " "found override object is related to a user or a group." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:744 +#: sssd-ipa.5.xml:749 msgid "User overrides can contain attributes given by" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:747 +#: sssd-ipa.5.xml:752 msgid "ldap_user_name" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:750 +#: sssd-ipa.5.xml:755 msgid "ldap_user_uid_number" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:753 +#: sssd-ipa.5.xml:758 msgid "ldap_user_gid_number" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:756 +#: sssd-ipa.5.xml:761 msgid "ldap_user_gecos" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:759 +#: sssd-ipa.5.xml:764 msgid "ldap_user_home_directory" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:762 +#: sssd-ipa.5.xml:767 msgid "ldap_user_shell" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:765 +#: sssd-ipa.5.xml:770 msgid "ldap_user_ssh_public_key" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:770 +#: sssd-ipa.5.xml:775 msgid "Default: ipaUserOverride" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:776 +#: sssd-ipa.5.xml:781 msgid "ipa_group_override_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:779 +#: sssd-ipa.5.xml:784 msgid "" "Name of the objectclass for group overrides. It is used to determine if the " "found override object is related to a user or a group." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:784 +#: sssd-ipa.5.xml:789 msgid "Group overrides can contain attributes given by" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:787 +#: sssd-ipa.5.xml:792 msgid "ldap_group_name" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:790 +#: sssd-ipa.5.xml:795 msgid "ldap_group_gid_number" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:795 +#: sssd-ipa.5.xml:800 msgid "Default: ipaGroupOverride" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd-ipa.5.xml:679 +#: sssd-ipa.5.xml:684 msgid "" "SSSD can handle views and overrides which are offered by FreeIPA 4.1 and " "later version. Since all paths and objectclasses are fixed on the server " @@ -10441,19 +10465,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ipa.5.xml:807 +#: sssd-ipa.5.xml:812 msgid "SUBDOMAINS PROVIDER" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:809 +#: sssd-ipa.5.xml:814 msgid "" "The IPA subdomains provider behaves slightly differently if it is configured " "explicitly or implicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:813 +#: sssd-ipa.5.xml:818 msgid "" "If the option 'subdomains_provider = ipa' is found in the domain section of " "sssd.conf, the IPA subdomains provider is configured explicitly, and all " @@ -10461,7 +10485,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:819 +#: sssd-ipa.5.xml:824 msgid "" "If the option 'subdomains_provider' is not set in the domain section of sssd." "conf but there is the option 'id_provider = ipa', the IPA subdomains " @@ -10473,12 +10497,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ipa.5.xml:830 +#: sssd-ipa.5.xml:835 msgid "TRUSTED DOMAINS CONFIGURATION" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ipa.5.xml:838 +#: sssd-ipa.5.xml:843 #, no-wrap msgid "" "[domain/ipa.domain.com/ad.domain.com]\n" @@ -10486,7 +10510,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:832 +#: sssd-ipa.5.xml:837 msgid "" "Some configuration options can also be set for a trusted domain. A trusted " "domain configuration can be set using the trusted domain subsection as shown " @@ -10496,80 +10520,80 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:843 +#: sssd-ipa.5.xml:848 msgid "" "For more details, see the <citerefentry> <refentrytitle>sssd.conf</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:850 +#: sssd-ipa.5.xml:855 msgid "" "Different configuration options are tunable for a trusted domain depending " "on whether you are configuring SSSD on an IPA server or an IPA client." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd-ipa.5.xml:855 +#: sssd-ipa.5.xml:860 msgid "OPTIONS TUNABLE ON IPA MASTERS" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd-ipa.5.xml:857 +#: sssd-ipa.5.xml:862 msgid "" "The following options can be set in a subdomain section on an IPA master:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:861 sssd-ipa.5.xml:891 +#: sssd-ipa.5.xml:866 sssd-ipa.5.xml:896 msgid "ad_server" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:864 +#: sssd-ipa.5.xml:869 msgid "ad_backup_server" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:867 sssd-ipa.5.xml:894 +#: sssd-ipa.5.xml:872 sssd-ipa.5.xml:899 msgid "ad_site" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:870 +#: sssd-ipa.5.xml:875 msgid "ldap_search_base" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:873 +#: sssd-ipa.5.xml:878 msgid "ldap_user_search_base" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:876 +#: sssd-ipa.5.xml:881 msgid "ldap_group_search_base" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd-ipa.5.xml:885 +#: sssd-ipa.5.xml:890 msgid "OPTIONS TUNABLE ON IPA CLIENTS" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd-ipa.5.xml:887 +#: sssd-ipa.5.xml:892 msgid "" "The following options can be set in a subdomain section on an IPA client:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd-ipa.5.xml:899 +#: sssd-ipa.5.xml:904 msgid "" "Note that if both options are set, only <quote>ad_server</quote> is " "evaluated." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd-ipa.5.xml:903 +#: sssd-ipa.5.xml:908 msgid "" "Since any request for a user or a group identity from a trusted domain " "triggered from an IPA client is resolved by the IPA server, the " @@ -10583,7 +10607,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:927 +#: sssd-ipa.5.xml:932 msgid "" "The following example assumes that SSSD is correctly configured and example." "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " @@ -10591,7 +10615,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ipa.5.xml:934 +#: sssd-ipa.5.xml:939 #, no-wrap msgid "" "[domain/example.com]\n" @@ -11785,7 +11809,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ad.5.xml:1388 +#: sssd-ad.5.xml:1393 msgid "" "The following example assumes that SSSD is correctly configured and example." "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " @@ -11793,7 +11817,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ad.5.xml:1395 +#: sssd-ad.5.xml:1400 #, no-wrap msgid "" "[domain/EXAMPLE]\n" @@ -11808,7 +11832,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ad.5.xml:1415 +#: sssd-ad.5.xml:1420 #, no-wrap msgid "" "access_provider = ldap\n" @@ -11817,7 +11841,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ad.5.xml:1411 +#: sssd-ad.5.xml:1416 msgid "" "The AD access control provider checks if the account is expired. It has the " "same effect as the following configuration of the LDAP provider: " @@ -11825,7 +11849,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ad.5.xml:1421 +#: sssd-ad.5.xml:1426 msgid "" "However, unless the <quote>ad</quote> access control provider is explicitly " "configured, the default access provider is <quote>permit</quote>. Please " @@ -11835,7 +11859,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ad.5.xml:1429 +#: sssd-ad.5.xml:1434 msgid "" "When the autofs provider is set to <quote>ad</quote>, the RFC2307 schema " "attribute mapping (nisMap, nisObject, ...) is used, because these attributes " diff --git a/src/man/po/de.po b/src/man/po/de.po index a2f003b0a17..3c2af091a55 100644 --- a/src/man/po/de.po +++ b/src/man/po/de.po @@ -10,7 +10,7 @@ msgid "" msgstr "" "Project-Id-Version: sssd-docs 2.3.0\n" "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" -"POT-Creation-Date: 2023-09-07 11:47+0200\n" +"POT-Creation-Date: 2023-11-13 11:53+0100\n" "PO-Revision-Date: 2021-02-02 14:40+0000\n" "Last-Translator: Sumit Bose <sbose@redhat.com>\n" "Language-Team: German <https://translate.fedoraproject.org/projects/sssd/" @@ -220,10 +220,10 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:136 sssd.conf.5.xml:173 sssd.conf.5.xml:358 #: sssd.conf.5.xml:714 sssd.conf.5.xml:729 sssd.conf.5.xml:952 -#: sssd.conf.5.xml:1070 sssd.conf.5.xml:2198 sssd-ldap.5.xml:1071 -#: sssd-ldap.5.xml:1174 sssd-ldap.5.xml:1243 sssd-ldap.5.xml:1750 -#: sssd-ldap.5.xml:1815 sssd-ipa.5.xml:342 sssd-ad.5.xml:252 sssd-ad.5.xml:366 -#: sssd-ad.5.xml:1200 sssd-ad.5.xml:1348 sssd-krb5.5.xml:358 +#: sssd.conf.5.xml:1070 sssd.conf.5.xml:2198 sssd-ldap.5.xml:1073 +#: sssd-ldap.5.xml:1176 sssd-ldap.5.xml:1245 sssd-ldap.5.xml:1752 +#: sssd-ldap.5.xml:1817 sssd-ipa.5.xml:347 sssd-ad.5.xml:252 sssd-ad.5.xml:366 +#: sssd-ad.5.xml:1200 sssd-ad.5.xml:1353 sssd-krb5.5.xml:358 msgid "Default: true" msgstr "Voreinstellung: »true«" @@ -241,10 +241,10 @@ msgstr "" #. type: Content of: <variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:149 sssd.conf.5.xml:652 sssd.conf.5.xml:949 -#: sssd.conf.5.xml:2101 sssd.conf.5.xml:2168 sssd.conf.5.xml:4174 -#: sssd-ldap.5.xml:312 sssd-ldap.5.xml:917 sssd-ldap.5.xml:936 -#: sssd-ldap.5.xml:1146 sssd-ldap.5.xml:1599 sssd-ldap.5.xml:1839 -#: sssd-ipa.5.xml:152 sssd-ipa.5.xml:254 sssd-ipa.5.xml:657 sssd-ad.5.xml:1106 +#: sssd.conf.5.xml:2101 sssd.conf.5.xml:2168 sssd.conf.5.xml:4191 +#: sssd-ldap.5.xml:313 sssd-ldap.5.xml:919 sssd-ldap.5.xml:938 +#: sssd-ldap.5.xml:1148 sssd-ldap.5.xml:1601 sssd-ldap.5.xml:1841 +#: sssd-ipa.5.xml:152 sssd-ipa.5.xml:254 sssd-ipa.5.xml:662 sssd-ad.5.xml:1106 #: sssd-krb5.5.xml:268 sssd-krb5.5.xml:330 sssd-krb5.5.xml:432 #: include/krb5_options.xml:163 msgid "Default: false" @@ -280,8 +280,8 @@ msgid "" msgstr "" #. type: Content of: outside any tag (error?) -#: sssd.conf.5.xml:109 sssd.conf.5.xml:184 sssd-ldap.5.xml:1656 -#: sssd-ldap.5.xml:1862 sss-certmap.5.xml:645 sssd-systemtap.5.xml:82 +#: sssd.conf.5.xml:109 sssd.conf.5.xml:184 sssd-ldap.5.xml:1658 +#: sssd-ldap.5.xml:1864 sss-certmap.5.xml:645 sssd-systemtap.5.xml:82 #: sssd-systemtap.5.xml:143 sssd-systemtap.5.xml:236 sssd-systemtap.5.xml:274 #: sssd-systemtap.5.xml:330 sssd-ldap-attributes.5.xml:40 #: sssd-ldap-attributes.5.xml:659 sssd-ldap-attributes.5.xml:801 @@ -312,7 +312,7 @@ msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:196 sssd.conf.5.xml:1290 sssd.conf.5.xml:1767 -#: sssd.conf.5.xml:4190 sssd-ldap.5.xml:765 include/ldap_id_mapping.xml:270 +#: sssd.conf.5.xml:4207 sssd-ldap.5.xml:766 include/ldap_id_mapping.xml:270 msgid "Default: 10" msgstr "Voreinstellung: 10" @@ -398,7 +398,7 @@ msgstr "" "startet." #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:266 sssd.conf.5.xml:792 sssd.conf.5.xml:3709 +#: sssd.conf.5.xml:266 sssd.conf.5.xml:792 sssd.conf.5.xml:3716 #: include/failover.xml:100 msgid "Default: 3" msgstr "Voreinstellung: 3" @@ -420,7 +420,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:287 sssd.conf.5.xml:3541 +#: sssd.conf.5.xml:287 sssd.conf.5.xml:3548 msgid "re_expression (string)" msgstr "re_expression (Zeichenkette)" @@ -443,12 +443,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:304 sssd.conf.5.xml:3598 +#: sssd.conf.5.xml:304 sssd.conf.5.xml:3605 msgid "full_name_format (string)" msgstr "full_name_format (Zeichenkette)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:307 sssd.conf.5.xml:3601 +#: sssd.conf.5.xml:307 sssd.conf.5.xml:3608 msgid "" "A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</" "manvolnum> </citerefentry>-compatible format that describes how to compose a " @@ -460,32 +460,32 @@ msgstr "" "zusammengestellt wird." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:318 sssd.conf.5.xml:3612 +#: sssd.conf.5.xml:318 sssd.conf.5.xml:3619 msgid "%1$s" msgstr "%1$s" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:319 sssd.conf.5.xml:3613 +#: sssd.conf.5.xml:319 sssd.conf.5.xml:3620 msgid "user name" msgstr "Benutzername" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:322 sssd.conf.5.xml:3616 +#: sssd.conf.5.xml:322 sssd.conf.5.xml:3623 msgid "%2$s" msgstr "%2$s" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:325 sssd.conf.5.xml:3619 +#: sssd.conf.5.xml:325 sssd.conf.5.xml:3626 msgid "domain name as specified in the SSSD config file." msgstr "Domain-Name, wie er durch die SSSD-Konfigurationsdatei angegeben wird" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:331 sssd.conf.5.xml:3625 +#: sssd.conf.5.xml:331 sssd.conf.5.xml:3632 msgid "%3$s" msgstr "%3$s" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:334 sssd.conf.5.xml:3628 +#: sssd.conf.5.xml:334 sssd.conf.5.xml:3635 msgid "" "domain flat name. Mostly usable for Active Directory domains, both directly " "configured or discovered via IPA trusts." @@ -494,7 +494,7 @@ msgstr "" "direkt konfiguriert als auch über IPA-Trust" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:315 sssd.conf.5.xml:3609 +#: sssd.conf.5.xml:315 sssd.conf.5.xml:3616 msgid "" "The following expansions are supported: <placeholder type=\"variablelist\" " "id=\"0\"/>" @@ -658,8 +658,8 @@ msgid "" msgstr "" #. type: Content of: <variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:468 sssd-ldap.5.xml:876 sssd-ldap.5.xml:888 -#: sssd-ldap.5.xml:980 sssd-ad.5.xml:920 sssd-ad.5.xml:995 sssd-krb5.5.xml:468 +#: sssd.conf.5.xml:468 sssd-ldap.5.xml:877 sssd-ldap.5.xml:889 +#: sssd-ldap.5.xml:982 sssd-ad.5.xml:920 sssd-ad.5.xml:995 sssd-krb5.5.xml:468 #: sssd-ldap-attributes.5.xml:470 sssd-ldap-attributes.5.xml:976 #: include/ldap_id_mapping.xml:211 include/ldap_id_mapping.xml:222 #: include/krb5_options.xml:148 @@ -937,7 +937,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:700 sssd.conf.5.xml:1791 sssd.conf.5.xml:4240 +#: sssd.conf.5.xml:700 sssd.conf.5.xml:1791 sssd.conf.5.xml:4257 #: sssd-ad.5.xml:187 sssd-ad.5.xml:327 sssd-ad.5.xml:341 msgid "Default: Not set" msgstr "Voreinstellung: Nicht gesetzt" @@ -1148,7 +1148,7 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:858 sssd.conf.5.xml:1201 sssd.conf.5.xml:1584 -#: sssd.conf.5.xml:1880 sssd-ldap.5.xml:494 +#: sssd.conf.5.xml:1880 sssd-ldap.5.xml:495 msgid "Default: 60" msgstr "Voreinstellung: 60" @@ -1258,7 +1258,7 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:937 sssd.conf.5.xml:1214 sssd.conf.5.xml:2322 -#: sssd-ldap.5.xml:331 +#: sssd-ldap.5.xml:332 msgid "Default: 300" msgstr "Voreinstellung: 300" @@ -1689,7 +1689,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1240 sssd.conf.5.xml:2964 sssd-ldap.5.xml:548 +#: sssd.conf.5.xml:1240 sssd.conf.5.xml:2971 sssd-ldap.5.xml:549 msgid "Default: 8" msgstr "" @@ -1717,8 +1717,8 @@ msgid "" msgstr "" #. type: Content of: <variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1265 sssd.conf.5.xml:1317 sssd.conf.5.xml:3730 -#: sssd-ldap.5.xml:473 sssd-ldap.5.xml:525 include/failover.xml:116 +#: sssd.conf.5.xml:1265 sssd.conf.5.xml:1317 sssd.conf.5.xml:3737 +#: sssd-ldap.5.xml:474 sssd-ldap.5.xml:526 include/failover.xml:116 #: include/krb5_options.xml:11 msgid "Default: 6" msgstr "Voreinstellung: 6" @@ -2063,7 +2063,7 @@ msgid "pam_pwd_expiration_warning (integer)" msgstr "pam_pwd_expiration_warning (Ganzzahl)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1553 sssd.conf.5.xml:2988 +#: sssd.conf.5.xml:1553 sssd.conf.5.xml:2995 msgid "Display a warning N days before the password expires." msgstr "zeigt N Tage vor Ablauf des Passworts eine Warnung an." @@ -2079,7 +2079,7 @@ msgstr "" "SSSD keine Warnung anzeigen." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1562 sssd.conf.5.xml:2991 +#: sssd.conf.5.xml:1562 sssd.conf.5.xml:2998 msgid "" "If zero is set, then this filter is not applied, i.e. if the expiration " "warning was received from backend server, it will automatically be displayed." @@ -2098,7 +2098,7 @@ msgstr "" "emphasis> für eine bestimmte Domain außer Kraft gesetzt werden." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1572 sssd.conf.5.xml:3977 sssd-ldap.5.xml:606 sssd.8.xml:79 +#: sssd.conf.5.xml:1572 sssd.conf.5.xml:3984 sssd-ldap.5.xml:607 sssd.8.xml:79 msgid "Default: 0" msgstr "Voreinstellung: 0" @@ -2161,8 +2161,8 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1632 sssd.conf.5.xml:1657 sssd.conf.5.xml:1676 -#: sssd.conf.5.xml:1913 sssd.conf.5.xml:2733 sssd.conf.5.xml:3906 -#: sssd-ldap.5.xml:1207 +#: sssd.conf.5.xml:1913 sssd.conf.5.xml:2733 sssd.conf.5.xml:3913 +#: sssd-ldap.5.xml:1209 msgid "Default: none" msgstr "Voreinstellung: none" @@ -2227,8 +2227,8 @@ msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1687 sssd.conf.5.xml:1698 sssd.conf.5.xml:1712 -#: sssd-ldap.5.xml:671 sssd-ldap.5.xml:692 sssd-ldap.5.xml:788 -#: sssd-ldap.5.xml:1293 sssd-ad.5.xml:505 sssd-ad.5.xml:581 sssd-ad.5.xml:1126 +#: sssd-ldap.5.xml:672 sssd-ldap.5.xml:693 sssd-ldap.5.xml:789 +#: sssd-ldap.5.xml:1295 sssd-ad.5.xml:505 sssd-ad.5.xml:581 sssd-ad.5.xml:1126 #: sssd-ad.5.xml:1175 include/ldap_id_mapping.xml:250 msgid "Default: False" msgstr "Voreinstellung: False" @@ -2267,7 +2267,7 @@ msgid "The path to the certificate database." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1723 sssd.conf.5.xml:2248 sssd.conf.5.xml:4354 +#: sssd.conf.5.xml:1723 sssd.conf.5.xml:2248 sssd.conf.5.xml:4371 msgid "Default:" msgstr "" @@ -2542,7 +2542,7 @@ msgid "Default: no_session" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1950 sssd.conf.5.xml:4293 +#: sssd.conf.5.xml:1950 sssd.conf.5.xml:4310 msgid "pam_gssapi_services" msgstr "" @@ -2583,7 +2583,7 @@ msgstr "" " " #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1968 sssd.conf.5.xml:3900 +#: sssd.conf.5.xml:1968 sssd.conf.5.xml:3907 msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" @@ -2593,7 +2593,7 @@ msgid "Default: - (GSSAPI authentication is disabled)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1979 sssd.conf.5.xml:4294 +#: sssd.conf.5.xml:1979 sssd.conf.5.xml:4311 msgid "pam_gssapi_check_upn" msgstr "" @@ -2613,7 +2613,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1999 sssd-ad.5.xml:1266 sss_rpcidmapd.5.xml:76 +#: sssd.conf.5.xml:1999 sssd-ad.5.xml:1271 sss_rpcidmapd.5.xml:76 #: sssd-files.5.xml:145 msgid "Default: True" msgstr "Voreinstellung: True" @@ -3431,7 +3431,7 @@ msgid "FALSE = No enumerations for this domain" msgstr "FALSE = keine Aufzählungen für diese Domain" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2669 sssd.conf.5.xml:2943 sssd.conf.5.xml:3120 +#: sssd.conf.5.xml:2669 sssd.conf.5.xml:2950 sssd.conf.5.xml:3127 msgid "Default: FALSE" msgstr "Voreinstellung: FALSE" @@ -3743,7 +3743,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2922 sssd-ldap.5.xml:360 sssd-ldap.5.xml:1736 +#: sssd.conf.5.xml:2922 sssd-ldap.5.xml:361 sssd-ldap.5.xml:1738 #: sssd-ipa.5.xml:270 msgid "Default: 0 (disabled)" msgstr "Voreinstellung: 0 (deaktiviert)" @@ -3755,16 +3755,17 @@ msgstr "cache_credentials (Boolesch)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:2931 -#, fuzzy -#| msgid "" -#| "Determines if user credentials are also cached in the local LDB cache" -msgid "Determines if user credentials are also cached in the local LDB cache." +msgid "" +"Determines if user credentials are also cached in the local LDB cache. The " +"cached credentials refer to passwords, which includes the first (long term) " +"factor of two-factor authentication, not other authentication mechanisms. " +"Passkey and Smartcard authentications are expected to work offline as long " +"as a successful online authentication is recorded in the cache without " +"additional configuration." msgstr "" -"bestimmt, ob auch Benutzerberechtigungen im lokalen LDB-Zwischenspeicher " -"zwischengespeichert werden." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2935 +#: sssd.conf.5.xml:2942 msgid "" "Take a note that while credentials are stored as a salted SHA512 hash, this " "still potentially poses some security risk in case an attacker manages to " @@ -3773,12 +3774,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2949 +#: sssd.conf.5.xml:2956 msgid "cache_credentials_minimal_first_factor_length (int)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2952 +#: sssd.conf.5.xml:2959 msgid "" "If 2-Factor-Authentication (2FA) is used and credentials should be saved " "this value determines the minimal length the first authentication factor " @@ -3790,19 +3791,19 @@ msgstr "" "gespeichert zu werden." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2959 +#: sssd.conf.5.xml:2966 msgid "" "This should avoid that the short PINs of a PIN based 2FA scheme are saved in " "the cache which would make them easy targets for brute-force attacks." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2970 +#: sssd.conf.5.xml:2977 msgid "account_cache_expiration (integer)" msgstr "account_cache_expiration (Ganzzahl)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2973 +#: sssd.conf.5.xml:2980 msgid "" "Number of days entries are left in cache after last successful login before " "being removed during a cleanup of the cache. 0 means keep forever. The " @@ -3815,17 +3816,17 @@ msgstr "" "Parameters muss größer oder gleich »offline_credentials_expiration« sein." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2980 +#: sssd.conf.5.xml:2987 msgid "Default: 0 (unlimited)" msgstr "Voreinstellung: 0 (unbegrenzt)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2985 +#: sssd.conf.5.xml:2992 msgid "pwd_expiration_warning (integer)" msgstr "pwd_expiration_warning (Ganzzahl)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2996 +#: sssd.conf.5.xml:3003 msgid "" "Please note that the backend server has to provide information about the " "expiration time of the password. If this information is missing, sssd " @@ -3838,17 +3839,17 @@ msgstr "" "Authentifizierungsanbieter konfiguriert werden." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3003 +#: sssd.conf.5.xml:3010 msgid "Default: 7 (Kerberos), 0 (LDAP)" msgstr "Voreinstellung: 7 (Kerberos), 0 (LDAP)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3009 +#: sssd.conf.5.xml:3016 msgid "id_provider (string)" msgstr "id_provider (Zeichenkette)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3012 +#: sssd.conf.5.xml:3019 msgid "" "The identification provider used for the domain. Supported ID providers are:" msgstr "" @@ -3856,12 +3857,12 @@ msgstr "" "werden unterstützt:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3016 +#: sssd.conf.5.xml:3023 msgid "<quote>proxy</quote>: Support a legacy NSS provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3019 +#: sssd.conf.5.xml:3026 msgid "" "<quote>files</quote>: FILES provider. See <citerefentry> <refentrytitle>sssd-" "files</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more " @@ -3869,7 +3870,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3027 +#: sssd.conf.5.xml:3034 msgid "" "<quote>ldap</quote>: LDAP provider. See <citerefentry> <refentrytitle>sssd-" "ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more " @@ -3880,8 +3881,8 @@ msgstr "" "<manvolnum>5</manvolnum> </citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3035 sssd.conf.5.xml:3146 sssd.conf.5.xml:3197 -#: sssd.conf.5.xml:3260 +#: sssd.conf.5.xml:3042 sssd.conf.5.xml:3153 sssd.conf.5.xml:3204 +#: sssd.conf.5.xml:3267 msgid "" "<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management " "provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> " @@ -3894,8 +3895,8 @@ msgstr "" "manvolnum> </citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3044 sssd.conf.5.xml:3155 sssd.conf.5.xml:3206 -#: sssd.conf.5.xml:3269 +#: sssd.conf.5.xml:3051 sssd.conf.5.xml:3162 sssd.conf.5.xml:3213 +#: sssd.conf.5.xml:3276 msgid "" "<quote>ad</quote>: Active Directory provider. See <citerefentry> " "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3907,12 +3908,12 @@ msgstr "" "citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3055 +#: sssd.conf.5.xml:3062 msgid "use_fully_qualified_names (bool)" msgstr "use_fully_qualified_names (Boolesch)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3058 +#: sssd.conf.5.xml:3065 msgid "" "Use the full name and domain (as formatted by the domain's full_name_format) " "as the user's login name reported to NSS." @@ -3922,7 +3923,7 @@ msgstr "" "Benutzers, der an NSS gemeldet wird." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3063 +#: sssd.conf.5.xml:3070 msgid "" "If set to TRUE, all requests to this domain must use fully qualified names. " "For example, if used in LOCAL domain that contains a \"test\" user, " @@ -3936,7 +3937,7 @@ msgstr "" "test@LOCAL</command> würde ihn hingegen finden." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3071 +#: sssd.conf.5.xml:3078 msgid "" "NOTE: This option has no effect on netgroup lookups due to their tendency to " "include nested netgroups without qualified names. For netgroups, all domains " @@ -3948,24 +3949,24 @@ msgstr "" "nicht voll qualifizierter Name angefragt wird." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3078 +#: sssd.conf.5.xml:3085 msgid "" "Default: FALSE (TRUE for trusted domain/sub-domains or if " "default_domain_suffix is used)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3085 +#: sssd.conf.5.xml:3092 msgid "ignore_group_members (bool)" msgstr "ignore_group_members (Boolesch)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3088 +#: sssd.conf.5.xml:3095 msgid "Do not return group members for group lookups." msgstr "gibt beim Nachschlagen der Gruppe nicht die Gruppenmitglieder zurück." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3091 +#: sssd.conf.5.xml:3098 msgid "" "If set to TRUE, the group membership attribute is not requested from the " "ldap server, and group members are not returned when processing group lookup " @@ -3977,7 +3978,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3109 +#: sssd.conf.5.xml:3116 msgid "" "Enabling this option can also make access provider checks for group " "membership significantly faster, especially for groups containing many " @@ -3985,23 +3986,23 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3115 sssd.conf.5.xml:3822 sssd-ldap.5.xml:326 -#: sssd-ldap.5.xml:355 sssd-ldap.5.xml:408 sssd-ldap.5.xml:468 -#: sssd-ldap.5.xml:489 sssd-ldap.5.xml:520 sssd-ldap.5.xml:543 -#: sssd-ldap.5.xml:582 sssd-ldap.5.xml:601 sssd-ldap.5.xml:625 -#: sssd-ldap.5.xml:1051 sssd-ldap.5.xml:1084 +#: sssd.conf.5.xml:3122 sssd.conf.5.xml:3829 sssd-ldap.5.xml:327 +#: sssd-ldap.5.xml:356 sssd-ldap.5.xml:409 sssd-ldap.5.xml:469 +#: sssd-ldap.5.xml:490 sssd-ldap.5.xml:521 sssd-ldap.5.xml:544 +#: sssd-ldap.5.xml:583 sssd-ldap.5.xml:602 sssd-ldap.5.xml:626 +#: sssd-ldap.5.xml:1053 sssd-ldap.5.xml:1086 msgid "" "This option can be also set per subdomain or inherited via " "<emphasis>subdomain_inherit</emphasis>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3125 +#: sssd.conf.5.xml:3132 msgid "auth_provider (string)" msgstr "auth_provider (Zeichenkette)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3128 +#: sssd.conf.5.xml:3135 msgid "" "The authentication provider used for the domain. Supported auth providers " "are:" @@ -4010,7 +4011,7 @@ msgstr "" "Authentifizierungsanbieter werden unterstützt:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3132 sssd.conf.5.xml:3190 +#: sssd.conf.5.xml:3139 sssd.conf.5.xml:3197 msgid "" "<quote>ldap</quote> for native LDAP authentication. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" @@ -4021,7 +4022,7 @@ msgstr "" "ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3139 +#: sssd.conf.5.xml:3146 msgid "" "<quote>krb5</quote> for Kerberos authentication. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" @@ -4033,19 +4034,19 @@ msgstr "" "citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3163 +#: sssd.conf.5.xml:3170 msgid "" "<quote>proxy</quote> for relaying authentication to some other PAM target." msgstr "" "»proxy« zur Weitergabe der Authentifizierung an irgendein anderes PAM-Ziel" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3166 +#: sssd.conf.5.xml:3173 msgid "<quote>none</quote> disables authentication explicitly." msgstr "»none« deaktiviert explizit die Authentifizierung." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3169 +#: sssd.conf.5.xml:3176 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can handle " "authentication requests." @@ -4054,12 +4055,12 @@ msgstr "" "mit Authentifizierungsanfragen umgehen." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3175 +#: sssd.conf.5.xml:3182 msgid "access_provider (string)" msgstr "access_provider (Zeichenkette)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3178 +#: sssd.conf.5.xml:3185 msgid "" "The access control provider used for the domain. There are two built-in " "access providers (in addition to any included in installed backends) " @@ -4070,7 +4071,7 @@ msgstr "" "Backends enthalten sind). Interne Spezialanbieter sind:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3184 +#: sssd.conf.5.xml:3191 msgid "" "<quote>permit</quote> always allow access. It's the only permitted access " "provider for a local domain." @@ -4079,12 +4080,12 @@ msgstr "" "für eine lokale Domain." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3187 +#: sssd.conf.5.xml:3194 msgid "<quote>deny</quote> always deny access." msgstr "»deny« verweigert dem Zugriff immer." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3214 +#: sssd.conf.5.xml:3221 msgid "" "<quote>simple</quote> access control based on access or deny lists. See " "<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</" @@ -4097,7 +4098,7 @@ msgstr "" "simple</refentrytitle> <manvolnum>5</manvolnum></citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3221 +#: sssd.conf.5.xml:3228 msgid "" "<quote>krb5</quote>: .k5login based access control. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum></" @@ -4105,22 +4106,22 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3228 +#: sssd.conf.5.xml:3235 msgid "<quote>proxy</quote> for relaying access control to another PAM module." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3231 +#: sssd.conf.5.xml:3238 msgid "Default: <quote>permit</quote>" msgstr "Voreinstellung: »permit«" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3236 +#: sssd.conf.5.xml:3243 msgid "chpass_provider (string)" msgstr "chpass_provider (Zeichenkette)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3239 +#: sssd.conf.5.xml:3246 msgid "" "The provider which should handle change password operations for the domain. " "Supported change password providers are:" @@ -4129,7 +4130,7 @@ msgstr "" "Folgende Anbieter von Passwortänderungen werden unterstützt:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3244 +#: sssd.conf.5.xml:3251 msgid "" "<quote>ldap</quote> to change a password stored in a LDAP server. See " "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" @@ -4137,7 +4138,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3252 +#: sssd.conf.5.xml:3259 msgid "" "<quote>krb5</quote> to change the Kerberos password. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" @@ -4149,19 +4150,19 @@ msgstr "" "citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3277 +#: sssd.conf.5.xml:3284 msgid "" "<quote>proxy</quote> for relaying password changes to some other PAM target." msgstr "" "»proxy« zur Weitergabe der Passwortänderung an irgendein anderes PAM-Ziel" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3281 +#: sssd.conf.5.xml:3288 msgid "<quote>none</quote> disallows password changes explicitly." msgstr "»none« verbietet explizit Passwortänderungen." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3284 +#: sssd.conf.5.xml:3291 msgid "" "Default: <quote>auth_provider</quote> is used if it is set and can handle " "change password requests." @@ -4170,19 +4171,19 @@ msgstr "" "kann mit Passwortänderungsanfragen umgehen." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3291 +#: sssd.conf.5.xml:3298 msgid "sudo_provider (string)" msgstr "sudo_provider (Zeichenkette)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3294 +#: sssd.conf.5.xml:3301 msgid "The SUDO provider used for the domain. Supported SUDO providers are:" msgstr "" "der für diese Domain benutzte Sudo-Anbieter. Folgende Sudo-Anbieter werden " "unterstützt:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3298 +#: sssd.conf.5.xml:3305 msgid "" "<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" @@ -4193,7 +4194,7 @@ msgstr "" "ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3306 +#: sssd.conf.5.xml:3313 msgid "" "<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default " "settings." @@ -4202,7 +4203,7 @@ msgstr "" "Vorgabeeinstellungen für IPA." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3310 +#: sssd.conf.5.xml:3317 msgid "" "<quote>ad</quote> the same as <quote>ldap</quote> but with AD default " "settings." @@ -4211,19 +4212,19 @@ msgstr "" "Vorgabeeinstellungen für AD." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3314 +#: sssd.conf.5.xml:3321 msgid "<quote>none</quote> disables SUDO explicitly." msgstr "»none« deaktiviert explizit Sudo." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3317 sssd.conf.5.xml:3403 sssd.conf.5.xml:3473 -#: sssd.conf.5.xml:3498 sssd.conf.5.xml:3534 +#: sssd.conf.5.xml:3324 sssd.conf.5.xml:3410 sssd.conf.5.xml:3480 +#: sssd.conf.5.xml:3505 sssd.conf.5.xml:3541 msgid "Default: The value of <quote>id_provider</quote> is used if it is set." msgstr "" "Voreinstellung: Falls gesetzt, wird der Wert von »id_provider« benutzt." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3321 +#: sssd.conf.5.xml:3328 msgid "" "The detailed instructions for configuration of sudo_provider are in the " "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " @@ -4240,7 +4241,7 @@ msgstr "" "<manvolnum>5</manvolnum> </citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3336 +#: sssd.conf.5.xml:3343 msgid "" "<emphasis>NOTE:</emphasis> Sudo rules are periodically downloaded in the " "background unless the sudo provider is explicitly disabled. Set " @@ -4249,12 +4250,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3346 +#: sssd.conf.5.xml:3353 msgid "selinux_provider (string)" msgstr "selinux_provider (Zeichenkette)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3349 +#: sssd.conf.5.xml:3356 msgid "" "The provider which should handle loading of selinux settings. Note that this " "provider will be called right after access provider ends. Supported selinux " @@ -4265,7 +4266,7 @@ msgstr "" "Zugriffsanbieter beendet hat. Folgende SELinux-Anbieter werden unterstützt:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3355 +#: sssd.conf.5.xml:3362 msgid "" "<quote>ipa</quote> to load selinux settings from an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" @@ -4277,12 +4278,12 @@ msgstr "" "manvolnum> </citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3363 +#: sssd.conf.5.xml:3370 msgid "<quote>none</quote> disallows fetching selinux settings explicitly." msgstr "»none« verbietet explizit das Abholen von SELinux-Einstellungen." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3366 +#: sssd.conf.5.xml:3373 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can handle " "selinux loading requests." @@ -4291,12 +4292,12 @@ msgstr "" "kann SELinux-Ladeanfragen handhaben." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3372 +#: sssd.conf.5.xml:3379 msgid "subdomains_provider (string)" msgstr "subdomains_provider (Zeichenkette)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3375 +#: sssd.conf.5.xml:3382 msgid "" "The provider which should handle fetching of subdomains. This value should " "be always the same as id_provider. Supported subdomain providers are:" @@ -4306,7 +4307,7 @@ msgstr "" "werden unterstützt:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3381 +#: sssd.conf.5.xml:3388 msgid "" "<quote>ipa</quote> to load a list of subdomains from an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" @@ -4318,7 +4319,7 @@ msgstr "" "citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3390 +#: sssd.conf.5.xml:3397 msgid "" "<quote>ad</quote> to load a list of subdomains from an Active Directory " "server. See <citerefentry> <refentrytitle>sssd-ad</refentrytitle> " @@ -4327,17 +4328,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3399 +#: sssd.conf.5.xml:3406 msgid "<quote>none</quote> disallows fetching subdomains explicitly." msgstr "»none« deaktiviert explizit das Abholen von Subdomains." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3409 +#: sssd.conf.5.xml:3416 msgid "session_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3412 +#: sssd.conf.5.xml:3419 msgid "" "The provider which configures and manages user session related tasks. The " "only user session task currently provided is the integration with Fleet " @@ -4345,37 +4346,37 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3419 +#: sssd.conf.5.xml:3426 msgid "<quote>ipa</quote> to allow performing user session related tasks." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3423 +#: sssd.conf.5.xml:3430 msgid "" "<quote>none</quote> does not perform any kind of user session related tasks." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3427 +#: sssd.conf.5.xml:3434 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can perform " "session related tasks." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3431 +#: sssd.conf.5.xml:3438 msgid "" "<emphasis>NOTE:</emphasis> In order to have this feature working as expected " "SSSD must be running as \"root\" and not as the unprivileged user." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3439 +#: sssd.conf.5.xml:3446 msgid "autofs_provider (string)" msgstr "autofs_provider (Zeichenkette)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3442 +#: sssd.conf.5.xml:3449 msgid "" "The autofs provider used for the domain. Supported autofs providers are:" msgstr "" @@ -4383,7 +4384,7 @@ msgstr "" "»autofs« werden unterstützt:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3446 +#: sssd.conf.5.xml:3453 msgid "" "<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" @@ -4395,7 +4396,7 @@ msgstr "" "citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3453 +#: sssd.conf.5.xml:3460 msgid "" "<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> " "<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </" @@ -4407,7 +4408,7 @@ msgstr "" "citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3461 +#: sssd.conf.5.xml:3468 msgid "" "<quote>ad</quote> to load maps stored in an AD server. See <citerefentry> " "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </" @@ -4415,17 +4416,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3470 +#: sssd.conf.5.xml:3477 msgid "<quote>none</quote> disables autofs explicitly." msgstr "»none« deaktiviert explizit »autofs«." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3480 +#: sssd.conf.5.xml:3487 msgid "hostid_provider (string)" msgstr "hostid_provider (Zeichenkette)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3483 +#: sssd.conf.5.xml:3490 msgid "" "The provider used for retrieving host identity information. Supported " "hostid providers are:" @@ -4434,7 +4435,7 @@ msgstr "" "wird. Folgende Anbieter von »hostid« werden unterstützt:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3487 +#: sssd.conf.5.xml:3494 msgid "" "<quote>ipa</quote> to load host identity stored in an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" @@ -4446,31 +4447,31 @@ msgstr "" "manvolnum> </citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3495 +#: sssd.conf.5.xml:3502 msgid "<quote>none</quote> disables hostid explicitly." msgstr "»none« deaktiviert explizit »hostid«." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3505 +#: sssd.conf.5.xml:3512 msgid "resolver_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3508 +#: sssd.conf.5.xml:3515 msgid "" "The provider which should handle hosts and networks lookups. Supported " "resolver providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3512 +#: sssd.conf.5.xml:3519 msgid "" "<quote>proxy</quote> to forward lookups to another NSS library. See " "<quote>proxy_resolver_lib_name</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3516 +#: sssd.conf.5.xml:3523 msgid "" "<quote>ldap</quote> to fetch hosts and networks stored in LDAP. See " "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" @@ -4478,7 +4479,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3523 +#: sssd.conf.5.xml:3530 msgid "" "<quote>ad</quote> to fetch hosts and networks stored in AD. See " "<citerefentry> <refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</" @@ -4487,12 +4488,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3531 +#: sssd.conf.5.xml:3538 msgid "<quote>none</quote> disallows fetching hosts and networks explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3544 +#: sssd.conf.5.xml:3551 msgid "" "Regular expression for this domain that describes how to parse the string " "containing user name and domain into these components. The \"domain\" can " @@ -4507,7 +4508,7 @@ msgstr "" "(NetBIOS-) Namen der Domain entsprechen." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3553 +#: sssd.conf.5.xml:3560 #, fuzzy #| msgid "" #| "Default for the AD and IPA provider: <quote>(((?P<domain>[^\\\\]+)\\" @@ -4523,17 +4524,17 @@ msgstr "" "P<Name>[^@\\\\]+)$))« " #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:3558 sssd.conf.5.xml:3572 +#: sssd.conf.5.xml:3565 sssd.conf.5.xml:3579 msgid "username" msgstr "Benutzername" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:3561 sssd.conf.5.xml:3575 +#: sssd.conf.5.xml:3568 sssd.conf.5.xml:3582 msgid "username@domain.name" msgstr "Benutzername@Domain.Name" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3566 +#: sssd.conf.5.xml:3573 #, fuzzy #| msgid "" #| "Default for the AD and IPA provider: <quote>(((?P<domain>[^\\\\]+)\\" @@ -4551,12 +4552,12 @@ msgstr "" "P<Name>[^@\\\\]+)$))« " #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:3578 +#: sssd.conf.5.xml:3585 msgid "domain\\username" msgstr "Domain\\Benutzername" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3581 +#: sssd.conf.5.xml:3588 msgid "" "While the first two correspond to the general default the third one is " "introduced to allow easy integration of users from Windows domains." @@ -4566,7 +4567,7 @@ msgstr "" "Windows-Domains zu ermöglichen." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3586 +#: sssd.conf.5.xml:3593 msgid "" "The default re_expression uses the <quote>@</quote> character as a separator " "between the name and the domain. As a result of this setting the default " @@ -4576,17 +4577,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3638 +#: sssd.conf.5.xml:3645 msgid "Default: <quote>%1$s@%2$s</quote>." msgstr "Voreinstellung: »%1$s@%2$s«" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3644 +#: sssd.conf.5.xml:3651 msgid "lookup_family_order (string)" msgstr "lookup_family_order (Zeichenkette)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3647 +#: sssd.conf.5.xml:3654 msgid "" "Provides the ability to select preferred address family to use when " "performing DNS lookups." @@ -4594,80 +4595,80 @@ msgstr "" "ermöglicht es, die bei DNS-Abfragen zu bevorzugende Adressfamilie zu wählen." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3651 +#: sssd.conf.5.xml:3658 msgid "Supported values:" msgstr "unterstützte Werte:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3654 +#: sssd.conf.5.xml:3661 msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6" msgstr "" "ipv4_first: versucht die IPv4- und, falls dies fehlschlägt, die IPv6-Adresse " "nachzuschlagen" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3657 +#: sssd.conf.5.xml:3664 msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses." msgstr "ipv4_only: versucht, nur Rechnernamen zu IPv4-Adressen aufzulösen" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3660 +#: sssd.conf.5.xml:3667 msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4" msgstr "" "ipv6_first: versucht die IPv6- und, falls dies fehlschlägt, die IPv4-Adresse " "nachzuschlagen" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3663 +#: sssd.conf.5.xml:3670 msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses." msgstr "ipv6_only: versucht, nur Rechnernamen zu IPv6-Adressen aufzulösen" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3666 +#: sssd.conf.5.xml:3673 msgid "Default: ipv4_first" msgstr "Voreinstellung: ipv4_first" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3672 +#: sssd.conf.5.xml:3679 #, fuzzy #| msgid "dns_resolver_timeout (integer)" msgid "dns_resolver_server_timeout (integer)" msgstr "dns_resolver_timeout (Ganzzahl)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3675 +#: sssd.conf.5.xml:3682 msgid "" "Defines the amount of time (in milliseconds) SSSD would try to talk to DNS " "server before trying next DNS server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3680 +#: sssd.conf.5.xml:3687 msgid "" "The AD provider will use this option for the CLDAP ping timeouts as well." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3684 sssd.conf.5.xml:3704 sssd.conf.5.xml:3725 +#: sssd.conf.5.xml:3691 sssd.conf.5.xml:3711 sssd.conf.5.xml:3732 msgid "" "Please see the section <quote>FAILOVER</quote> for more information about " "the service resolution." msgstr "" #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3689 sssd-ldap.5.xml:644 include/failover.xml:84 +#: sssd.conf.5.xml:3696 sssd-ldap.5.xml:645 include/failover.xml:84 msgid "Default: 1000" msgstr "Voreinstellung: 1000" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3695 +#: sssd.conf.5.xml:3702 #, fuzzy #| msgid "dns_resolver_timeout (integer)" msgid "dns_resolver_op_timeout (integer)" msgstr "dns_resolver_timeout (Ganzzahl)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3698 +#: sssd.conf.5.xml:3705 msgid "" "Defines the amount of time (in seconds) to wait to resolve single DNS query " "(e.g. resolution of a hostname or an SRV record) before trying the next " @@ -4675,12 +4676,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3715 +#: sssd.conf.5.xml:3722 msgid "dns_resolver_timeout (integer)" msgstr "dns_resolver_timeout (Ganzzahl)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3718 +#: sssd.conf.5.xml:3725 msgid "" "Defines the amount of time (in seconds) to wait for a reply from the " "internal fail over service before assuming that the service is unreachable. " @@ -4689,14 +4690,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3736 +#: sssd.conf.5.xml:3743 #, fuzzy #| msgid "dns_resolver_timeout (integer)" msgid "dns_resolver_use_search_list (bool)" msgstr "dns_resolver_timeout (Ganzzahl)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3739 +#: sssd.conf.5.xml:3746 msgid "" "Normally, the DNS resolver searches the domain list defined in the " "\"search\" directive from the resolv.conf file. This can lead to delays in " @@ -4704,7 +4705,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3745 +#: sssd.conf.5.xml:3752 msgid "" "If fully qualified domain names (or _srv_) are used in the SSSD " "configuration, setting this option to FALSE can prevent unnecessary DNS " @@ -4712,17 +4713,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3751 +#: sssd.conf.5.xml:3758 msgid "Default: TRUE" msgstr "Voreinstellung: TRUE" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3757 +#: sssd.conf.5.xml:3764 msgid "dns_discovery_domain (string)" msgstr "dns_discovery_domain (Zeichenkette)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3760 +#: sssd.conf.5.xml:3767 msgid "" "If service discovery is used in the back end, specifies the domain part of " "the service discovery DNS query." @@ -4731,52 +4732,52 @@ msgstr "" "DNS-Dienstabfrage an." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3764 +#: sssd.conf.5.xml:3771 msgid "Default: Use the domain part of machine's hostname" msgstr "Voreinstellung: Der Domain-Teil des Rechnernamens wird benutzt." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3770 +#: sssd.conf.5.xml:3777 msgid "override_gid (integer)" msgstr "override_gid (Ganzzahl)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3773 +#: sssd.conf.5.xml:3780 msgid "Override the primary GID value with the one specified." msgstr "überschreibt die Haupt-GID mit der angegebenen." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3779 +#: sssd.conf.5.xml:3786 msgid "case_sensitive (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3786 +#: sssd.conf.5.xml:3793 msgid "True" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3789 +#: sssd.conf.5.xml:3796 msgid "Case sensitive. This value is invalid for AD provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3795 +#: sssd.conf.5.xml:3802 msgid "False" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3797 +#: sssd.conf.5.xml:3804 msgid "Case insensitive." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3801 +#: sssd.conf.5.xml:3808 msgid "Preserving" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3804 +#: sssd.conf.5.xml:3811 msgid "" "Same as False (case insensitive), but does not lowercase names in the result " "of NSS operations. Note that name aliases (and in case of services also " @@ -4784,14 +4785,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3812 +#: sssd.conf.5.xml:3819 msgid "" "If you want to set this value for trusted domain with IPA provider, you need " "to set it on both the client and SSSD on the server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3782 +#: sssd.conf.5.xml:3789 #, fuzzy #| msgid "" #| "The following expansions are supported: <placeholder " @@ -4804,17 +4805,17 @@ msgstr "" "type=\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3827 +#: sssd.conf.5.xml:3834 msgid "Default: True (False for AD provider)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3833 +#: sssd.conf.5.xml:3840 msgid "subdomain_inherit (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3836 +#: sssd.conf.5.xml:3843 msgid "" "Specifies a list of configuration parameters that should be inherited by a " "subdomain. Please note that only selected parameters can be inherited. " @@ -4822,128 +4823,128 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3842 +#: sssd.conf.5.xml:3849 #, fuzzy #| msgid "ldap_search_timeout (integer)" msgid "ldap_search_timeout" msgstr "ldap_search_timeout (Ganzzahl)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3845 +#: sssd.conf.5.xml:3852 #, fuzzy #| msgid "ldap_network_timeout (integer)" msgid "ldap_network_timeout" msgstr "ldap_network_timeout (Ganzzahl)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3848 +#: sssd.conf.5.xml:3855 #, fuzzy #| msgid "ldap_opt_timeout (integer)" msgid "ldap_opt_timeout" msgstr "ldap_opt_timeout (Ganzzahl)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3851 +#: sssd.conf.5.xml:3858 #, fuzzy #| msgid "ldap_connection_expire_timeout (integer)" msgid "ldap_offline_timeout" msgstr "ldap_connection_expire_timeout (Ganzzahl)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3854 +#: sssd.conf.5.xml:3861 #, fuzzy #| msgid "ldap_enumeration_refresh_timeout (integer)" msgid "ldap_enumeration_refresh_timeout" msgstr "ldap_enumeration_refresh_timeout (Ganzzahl)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3857 +#: sssd.conf.5.xml:3864 #, fuzzy #| msgid "ldap_enumeration_refresh_timeout (integer)" msgid "ldap_enumeration_refresh_offset" msgstr "ldap_enumeration_refresh_timeout (Ganzzahl)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3860 +#: sssd.conf.5.xml:3867 msgid "ldap_purge_cache_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3863 +#: sssd.conf.5.xml:3870 #, fuzzy #| msgid "ldap_purge_cache_timeout (integer)" msgid "ldap_purge_cache_offset" msgstr "ldap_purge_cache_timeout (Ganzzahl)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3866 +#: sssd.conf.5.xml:3873 msgid "" "ldap_krb5_keytab (the value of krb5_keytab will be used if ldap_krb5_keytab " "is not set explicitly)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3870 +#: sssd.conf.5.xml:3877 #, fuzzy #| msgid "ldap_krb5_ticket_lifetime (integer)" msgid "ldap_krb5_ticket_lifetime" msgstr "ldap_krb5_ticket_lifetime (Ganzzahl)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3873 +#: sssd.conf.5.xml:3880 #, fuzzy #| msgid "ldap_enumeration_search_timeout (integer)" msgid "ldap_enumeration_search_timeout" msgstr "ldap_enumeration_search_timeout (Ganzzahl)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3876 +#: sssd.conf.5.xml:3883 #, fuzzy #| msgid "ldap_connection_expire_timeout (integer)" msgid "ldap_connection_expire_timeout" msgstr "ldap_connection_expire_timeout (Ganzzahl)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3879 +#: sssd.conf.5.xml:3886 #, fuzzy #| msgid "ldap_connection_expire_timeout (integer)" msgid "ldap_connection_expire_offset" msgstr "ldap_connection_expire_timeout (Ganzzahl)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3882 +#: sssd.conf.5.xml:3889 #, fuzzy #| msgid "ldap_connection_expire_timeout (integer)" msgid "ldap_connection_idle_timeout" msgstr "ldap_connection_expire_timeout (Ganzzahl)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3885 sssd-ldap.5.xml:400 +#: sssd.conf.5.xml:3892 sssd-ldap.5.xml:401 msgid "ldap_use_tokengroups" msgstr "ldap_use_tokengroups" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3888 +#: sssd.conf.5.xml:3895 msgid "ldap_user_principal" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3891 +#: sssd.conf.5.xml:3898 msgid "ignore_group_members" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3894 +#: sssd.conf.5.xml:3901 msgid "auto_private_groups" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3897 +#: sssd.conf.5.xml:3904 msgid "case_sensitive" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:3902 +#: sssd.conf.5.xml:3909 #, no-wrap msgid "" "subdomain_inherit = ldap_purge_cache_timeout\n" @@ -4951,27 +4952,27 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3909 +#: sssd.conf.5.xml:3916 msgid "Note: This option only works with the IPA and AD provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3916 +#: sssd.conf.5.xml:3923 msgid "subdomain_homedir (string)" msgstr "subdomain_homedir (Zeichenkette)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3927 +#: sssd.conf.5.xml:3934 msgid "%F" msgstr "%F" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3928 +#: sssd.conf.5.xml:3935 msgid "flat (NetBIOS) name of a subdomain." msgstr "flacher (NetBIOS-) Name einer Subdomain" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3919 +#: sssd.conf.5.xml:3926 msgid "" "Use this homedir as default value for all subdomains within this domain in " "IPA AD trust. See <emphasis>override_homedir</emphasis> for info about " @@ -4986,7 +4987,7 @@ msgstr "" "verwendet werden. <placeholder type=\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3933 +#: sssd.conf.5.xml:3940 msgid "" "The value can be overridden by <emphasis>override_homedir</emphasis> option." msgstr "" @@ -4994,17 +4995,17 @@ msgstr "" "überschrieben werden." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3937 +#: sssd.conf.5.xml:3944 msgid "Default: <filename>/home/%d/%u</filename>" msgstr "Voreinstellung: <filename>/home/%d/%u</filename>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3942 +#: sssd.conf.5.xml:3949 msgid "realmd_tags (string)" msgstr "realmd_tags (Zeichenkette)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3945 +#: sssd.conf.5.xml:3952 msgid "" "Various tags stored by the realmd configuration service for this domain." msgstr "" @@ -5012,12 +5013,12 @@ msgstr "" "Kennzeichnungen." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3951 +#: sssd.conf.5.xml:3958 msgid "cached_auth_timeout (int)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3954 +#: sssd.conf.5.xml:3961 msgid "" "Specifies time in seconds since last successful online authentication for " "which user will be authenticated using cached credentials while SSSD is in " @@ -5026,19 +5027,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3962 +#: sssd.conf.5.xml:3969 msgid "" "This option's value is inherited by all trusted domains. At the moment it is " "not possible to set a different value per trusted domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3967 +#: sssd.conf.5.xml:3974 msgid "Special value 0 implies that this feature is disabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3971 +#: sssd.conf.5.xml:3978 msgid "" "Please note that if <quote>cached_auth_timeout</quote> is longer than " "<quote>pam_id_timeout</quote> then the back end could be called to handle " @@ -5046,14 +5047,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3982 +#: sssd.conf.5.xml:3989 #, fuzzy #| msgid "ldap_pwd_policy (string)" msgid "local_auth_policy (string)" msgstr "ldap_pwd_policy (Zeichenkette)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3985 +#: sssd.conf.5.xml:3992 msgid "" "Local authentication methods policy. Some backends (i.e. LDAP, proxy " "provider) only support a password based authentication, while others can " @@ -5064,7 +5065,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3995 +#: sssd.conf.5.xml:4002 msgid "" "There are three possible values for this option: match, only, enable. " "<quote>match</quote> is used to match offline and online states for Kerberos " @@ -5075,8 +5076,17 @@ msgid "" "separated, such as <quote>enable:passkey, enable:smartcard</quote>" msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4014 +msgid "" +"Please note that if local Smartcard authentication is enabled and a " +"Smartcard is present, Smartcard authentication will be preferred over the " +"authentication methods supported by the backend. I.e. there will be a PIN " +"prompt instead of e.g. a password prompt." +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:4011 +#: sssd.conf.5.xml:4026 #, no-wrap msgid "" "[domain/shadowutils]\n" @@ -5087,7 +5097,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4007 +#: sssd.conf.5.xml:4022 msgid "" "The following configuration example allows local users to authenticate " "locally using any enabled method (i.e. smartcard, passkey). <placeholder " @@ -5095,38 +5105,38 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4019 +#: sssd.conf.5.xml:4034 #, fuzzy #| msgid "This option is not available in IPA provider." msgid "This option is ignored for the files provider." msgstr "Diese Option ist für IPA-Anbieter nicht verfügbar." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4022 +#: sssd.conf.5.xml:4037 #, fuzzy #| msgid "Default: cn" msgid "Default: match" msgstr "Voreinstellung: cn" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4027 +#: sssd.conf.5.xml:4042 msgid "auto_private_groups (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4033 +#: sssd.conf.5.xml:4048 msgid "true" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4036 +#: sssd.conf.5.xml:4051 msgid "" "Create user's private group unconditionally from user's UID number. The GID " "number is ignored in this case." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4040 +#: sssd.conf.5.xml:4055 msgid "" "NOTE: Because the GID number and the user private group are inferred from " "the UID number, it is not supported to have multiple entries with the same " @@ -5135,24 +5145,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4049 +#: sssd.conf.5.xml:4064 msgid "false" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4052 +#: sssd.conf.5.xml:4067 msgid "" "Always use the user's primary GID number. The GID number must refer to a " "group object in the LDAP database." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4058 +#: sssd.conf.5.xml:4073 msgid "hybrid" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4061 +#: sssd.conf.5.xml:4076 msgid "" "A primary group is autogenerated for user entries whose UID and GID numbers " "have the same value and at the same time the GID number does not correspond " @@ -5162,14 +5172,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4074 +#: sssd.conf.5.xml:4089 msgid "" "If the UID and GID of a user are different, then the GID must correspond to " "a group entry, otherwise the GID is simply not resolvable." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4081 +#: sssd.conf.5.xml:4096 msgid "" "This feature is useful for environments that wish to stop maintaining a " "separate group objects for the user private groups, but also wish to retain " @@ -5177,21 +5187,21 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4030 +#: sssd.conf.5.xml:4045 msgid "" "This option takes any of three available values: <placeholder " "type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4093 +#: sssd.conf.5.xml:4108 msgid "" "For subdomains, the default value is False for subdomains that use assigned " "POSIX IDs and True for subdomains that use automatic ID-mapping." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:4101 +#: sssd.conf.5.xml:4116 #, no-wrap msgid "" "[domain/forest.domain/sub.domain]\n" @@ -5199,7 +5209,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:4107 +#: sssd.conf.5.xml:4122 #, no-wrap msgid "" "[domain/forest.domain]\n" @@ -5208,7 +5218,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4098 +#: sssd.conf.5.xml:4113 msgid "" "The value of auto_private_groups can either be set per subdomains in a " "subsection, for example: <placeholder type=\"programlisting\" id=\"0\"/> or " @@ -5229,32 +5239,37 @@ msgstr "" "type=\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4122 +#: sssd.conf.5.xml:4137 msgid "proxy_pam_target (string)" msgstr "proxy_pam_target (Zeichenkette)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4125 +#: sssd.conf.5.xml:4140 msgid "The proxy target PAM proxies to." msgstr "das Proxy-Ziel, an das PAM weiterleitet" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4128 +#: sssd.conf.5.xml:4143 +#, fuzzy +#| msgid "" +#| "Default: not set by default, you have to take an existing pam " +#| "configuration or create a new one and add the service name here." msgid "" "Default: not set by default, you have to take an existing pam configuration " -"or create a new one and add the service name here." +"or create a new one and add the service name here. As an alternative you can " +"enable local authentication with the local_auth_policy option." msgstr "" "Voreinstellung: standardmäßig nicht gesetzt, Sie müssen eine bestehende PAM-" "Konfiguration nehmen oder eine neue erstellen und hier den Dienstnamen " "hinzufügen." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4136 +#: sssd.conf.5.xml:4153 msgid "proxy_lib_name (string)" msgstr "proxy_lib_name (Zeichenkette)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4139 +#: sssd.conf.5.xml:4156 msgid "" "The name of the NSS library to use in proxy domains. The NSS functions " "searched for in the library are in the form of _nss_$(libName)_$(function), " @@ -5265,12 +5280,12 @@ msgstr "" "»_nss_$(libName)_$(function)«, zum Beispiel »_nss_files_getpwent«." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4149 +#: sssd.conf.5.xml:4166 msgid "proxy_resolver_lib_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4152 +#: sssd.conf.5.xml:4169 msgid "" "The name of the NSS library to use for hosts and networks lookups in proxy " "domains. The NSS functions searched for in the library are in the form of " @@ -5278,12 +5293,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4163 +#: sssd.conf.5.xml:4180 msgid "proxy_fast_alias (boolean)" msgstr "proxy_fast_alias (Boolesch)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4166 +#: sssd.conf.5.xml:4183 msgid "" "When a user or group is looked up by name in the proxy provider, a second " "lookup by ID is performed to \"canonicalize\" the name in case the requested " @@ -5297,12 +5312,12 @@ msgstr "" "veranlassen, die ID im Zwischenspeicher nachzuschlagen." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4180 +#: sssd.conf.5.xml:4197 msgid "proxy_max_children (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4183 +#: sssd.conf.5.xml:4200 msgid "" "This option specifies the number of pre-forked proxy children. It is useful " "for high-load SSSD environments where sssd may run out of available child " @@ -5310,7 +5325,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4118 +#: sssd.conf.5.xml:4133 msgid "" "Options valid for proxy domains. <placeholder type=\"variablelist\" " "id=\"0\"/>" @@ -5319,12 +5334,12 @@ msgstr "" "id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:4199 +#: sssd.conf.5.xml:4216 msgid "Application domains" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4201 +#: sssd.conf.5.xml:4218 msgid "" "SSSD, with its D-Bus interface (see <citerefentry> <refentrytitle>sssd-ifp</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry>) is appealing to " @@ -5341,7 +5356,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4221 +#: sssd.conf.5.xml:4238 msgid "" "Please note that the application domain must still be explicitly enabled in " "the <quote>domains</quote> parameter so that the lookup order between the " @@ -5349,17 +5364,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> -#: sssd.conf.5.xml:4227 +#: sssd.conf.5.xml:4244 msgid "Application domain parameters" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4229 +#: sssd.conf.5.xml:4246 msgid "inherit_from (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4232 +#: sssd.conf.5.xml:4249 msgid "" "The SSSD POSIX-type domain the application domain inherits all settings " "from. The application domain can moreover add its own settings to the " @@ -5368,7 +5383,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4246 +#: sssd.conf.5.xml:4263 msgid "" "The following example illustrates the use of an application domain. In this " "setup, the POSIX domain is connected to an LDAP server and is used by the OS " @@ -5378,7 +5393,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><programlisting> -#: sssd.conf.5.xml:4254 +#: sssd.conf.5.xml:4271 #, no-wrap msgid "" "[sssd]\n" @@ -5398,12 +5413,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4274 +#: sssd.conf.5.xml:4291 msgid "TRUSTED DOMAIN SECTION" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4276 +#: sssd.conf.5.xml:4293 msgid "" "Some options used in the domain section can also be used in the trusted " "domain section, that is, in a section called <quote>[domain/" @@ -5414,69 +5429,69 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4283 +#: sssd.conf.5.xml:4300 msgid "ldap_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4284 +#: sssd.conf.5.xml:4301 msgid "ldap_user_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4285 +#: sssd.conf.5.xml:4302 msgid "ldap_group_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4286 +#: sssd.conf.5.xml:4303 msgid "ldap_netgroup_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4287 +#: sssd.conf.5.xml:4304 msgid "ldap_service_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4288 +#: sssd.conf.5.xml:4305 msgid "ldap_sasl_mech," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4289 +#: sssd.conf.5.xml:4306 msgid "ad_server," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4290 +#: sssd.conf.5.xml:4307 msgid "ad_backup_server," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4291 +#: sssd.conf.5.xml:4308 msgid "ad_site," msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4292 sssd-ipa.5.xml:879 +#: sssd.conf.5.xml:4309 sssd-ipa.5.xml:884 msgid "use_fully_qualified_names" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4296 +#: sssd.conf.5.xml:4313 msgid "" "For more details about these options see their individual description in the " "manual page." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4302 +#: sssd.conf.5.xml:4319 msgid "CERTIFICATE MAPPING SECTION" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4304 +#: sssd.conf.5.xml:4321 msgid "" "To allow authentication with Smartcards and certificates SSSD must be able " "to map certificates to users. This can be done by adding the full " @@ -5489,7 +5504,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4318 +#: sssd.conf.5.xml:4335 msgid "" "To make the mapping more flexible mapping and matching rules were added to " "SSSD (see <citerefentry> <refentrytitle>sss-certmap</refentrytitle> " @@ -5497,7 +5512,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4327 +#: sssd.conf.5.xml:4344 msgid "" "A mapping and matching rule can be added to the SSSD configuration in a " "section on its own with a name like <quote>[certmap/" @@ -5506,55 +5521,55 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4334 +#: sssd.conf.5.xml:4351 msgid "matchrule (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4337 +#: sssd.conf.5.xml:4354 msgid "" "Only certificates from the Smartcard which matches this rule will be " "processed, all others are ignored." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4341 +#: sssd.conf.5.xml:4358 msgid "" "Default: KRB5:<EKU>clientAuth, i.e. only certificates which have the " "Extended Key Usage <quote>clientAuth</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4348 +#: sssd.conf.5.xml:4365 msgid "maprule (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4351 +#: sssd.conf.5.xml:4368 msgid "Defines how the user is found for a given certificate." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4357 +#: sssd.conf.5.xml:4374 msgid "" "LDAP:(userCertificate;binary={cert!bin}) for LDAP based providers like " "<quote>ldap</quote>, <quote>AD</quote> or <quote>ipa</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4363 +#: sssd.conf.5.xml:4380 msgid "" "The RULE_NAME for the <quote>files</quote> provider which tries to find a " "user with the same name." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4372 +#: sssd.conf.5.xml:4389 msgid "domains (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4375 +#: sssd.conf.5.xml:4392 msgid "" "Comma separated list of domain names the rule should be applied. By default " "a rule is only valid in the domain configured in sssd.conf. If the provider " @@ -5563,17 +5578,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4382 +#: sssd.conf.5.xml:4399 msgid "Default: the configured domain in sssd.conf" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4387 +#: sssd.conf.5.xml:4404 msgid "priority (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4390 +#: sssd.conf.5.xml:4407 msgid "" "Unsigned integer value defining the priority of the rule. The higher the " "number the lower the priority. <quote>0</quote> stands for the highest " @@ -5581,26 +5596,26 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4396 +#: sssd.conf.5.xml:4413 msgid "Default: the lowest priority" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4402 +#: sssd.conf.5.xml:4419 msgid "" "To make the configuration simple and reduce the amount of configuration " "options the <quote>files</quote> provider has some special properties:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4408 +#: sssd.conf.5.xml:4425 msgid "" "if maprule is not set the RULE_NAME name is assumed to be the name of the " "matching user" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4414 +#: sssd.conf.5.xml:4431 msgid "" "if a maprule is used both a single user name or a template like " "<quote>{subject_rfc822_name.short_name}</quote> must be in braces like e.g. " @@ -5609,17 +5624,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4423 +#: sssd.conf.5.xml:4440 msgid "the <quote>domains</quote> option is ignored" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4431 +#: sssd.conf.5.xml:4448 msgid "PROMPTING CONFIGURATION SECTION" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4433 +#: sssd.conf.5.xml:4450 msgid "" "If a special file (<filename>/var/lib/sss/pubconf/pam_preauth_available</" "filename>) exists SSSD's PAM module pam_sss will ask SSSD to figure out " @@ -5629,7 +5644,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4441 +#: sssd.conf.5.xml:4458 msgid "" "With the growing number of authentication methods and the possibility that " "there are multiple ones for a single user the heuristic used by pam_sss to " @@ -5638,59 +5653,59 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4453 +#: sssd.conf.5.xml:4470 msgid "[prompting/password]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4456 +#: sssd.conf.5.xml:4473 msgid "password_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4457 +#: sssd.conf.5.xml:4474 msgid "to change the string of the password prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4455 +#: sssd.conf.5.xml:4472 msgid "" "to configure password prompting, allowed options are: <placeholder " "type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4465 +#: sssd.conf.5.xml:4482 msgid "[prompting/2fa]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4469 +#: sssd.conf.5.xml:4486 msgid "first_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4470 +#: sssd.conf.5.xml:4487 msgid "to change the string of the prompt for the first factor" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4473 +#: sssd.conf.5.xml:4490 msgid "second_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4474 +#: sssd.conf.5.xml:4491 msgid "to change the string of the prompt for the second factor" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4477 +#: sssd.conf.5.xml:4494 msgid "single_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4478 +#: sssd.conf.5.xml:4495 msgid "" "boolean value, if True there will be only a single prompt using the value of " "first_prompt where it is expected that both factors are entered as a single " @@ -5699,7 +5714,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4467 +#: sssd.conf.5.xml:4484 msgid "" "to configure two-factor authentication prompting, allowed options are: " "<placeholder type=\"variablelist\" id=\"0\"/> If the second factor is " @@ -5708,17 +5723,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4495 +#: sssd.conf.5.xml:4512 msgid "[prompting/passkey]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4501 sssd-ad.5.xml:1021 +#: sssd.conf.5.xml:4518 sssd-ad.5.xml:1021 msgid "interactive" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4503 +#: sssd.conf.5.xml:4520 msgid "" "boolean value, if True prompt a message and wait before testing the presence " "of a passkey device. Recommended if your device doesn’t have a tactile " @@ -5726,39 +5741,39 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4511 +#: sssd.conf.5.xml:4528 msgid "interactive_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4513 +#: sssd.conf.5.xml:4530 msgid "to change the message of the interactive prompt." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4518 +#: sssd.conf.5.xml:4535 msgid "touch" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4520 +#: sssd.conf.5.xml:4537 msgid "" "boolean value, if True prompt a message to remind the user to touch the " "device." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4526 +#: sssd.conf.5.xml:4543 msgid "touch_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4528 +#: sssd.conf.5.xml:4545 msgid "to change the message of the touch prompt." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4497 +#: sssd.conf.5.xml:4514 #, fuzzy #| msgid "" #| "The following expansions are supported: <placeholder " @@ -5771,7 +5786,7 @@ msgstr "" "type=\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4448 +#: sssd.conf.5.xml:4465 msgid "" "Each supported authentication method has its own configuration subsection " "under <quote>[prompting/...]</quote>. Currently there are: <placeholder " @@ -5780,7 +5795,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4539 +#: sssd.conf.5.xml:4556 msgid "" "It is possible to add a subsection for specific PAM services, e.g. " "<quote>[prompting/password/sshd]</quote> to individual change the prompting " @@ -5788,12 +5803,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4546 pam_sss_gss.8.xml:157 idmap_sss.8.xml:43 +#: sssd.conf.5.xml:4563 pam_sss_gss.8.xml:157 idmap_sss.8.xml:43 msgid "EXAMPLES" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4552 +#: sssd.conf.5.xml:4569 #, no-wrap msgid "" "[sssd]\n" @@ -5847,7 +5862,7 @@ msgstr "" "enumerate = False\n" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4548 +#: sssd.conf.5.xml:4565 msgid "" "1. The following example shows a typical SSSD config. It does not describe " "configuration of the domains themselves - refer to documentation on " @@ -5856,7 +5871,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4585 +#: sssd.conf.5.xml:4602 #, no-wrap msgid "" "[domain/ipa.com/child.ad.com]\n" @@ -5864,7 +5879,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4579 +#: sssd.conf.5.xml:4596 msgid "" "2. The following example shows configuration of IPA AD trust where the AD " "forest consists of two domains in a parent-child structure. Suppose IPA " @@ -5875,7 +5890,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4596 +#: sssd.conf.5.xml:4613 #, no-wrap msgid "" "[certmap/my.domain/rule_name]\n" @@ -5886,7 +5901,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4590 +#: sssd.conf.5.xml:4607 msgid "" "3. The following example shows the configuration of a certificate mapping " "rule. It is valid for the configured domain <quote>my.domain</quote> and " @@ -5942,14 +5957,23 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ldap.5.xml:38 +#, fuzzy +#| msgid "" +#| "LDAP back end supports id, auth, access and chpass providers. If you want " +#| "to authenticate against an LDAP server either TLS/SSL or LDAPS is " +#| "required. <command>sssd</command> <emphasis>does not</emphasis> support " +#| "authentication over an unencrypted channel. If the LDAP server is used " +#| "only as an identity provider, an encrypted channel is not needed. Please " +#| "refer to <quote>ldap_access_filter</quote> config option for more " +#| "information about using LDAP as an access provider." msgid "" "LDAP back end supports id, auth, access and chpass providers. If you want to " "authenticate against an LDAP server either TLS/SSL or LDAPS is required. " "<command>sssd</command> <emphasis>does not</emphasis> support authentication " -"over an unencrypted channel. If the LDAP server is used only as an identity " -"provider, an encrypted channel is not needed. Please refer to " -"<quote>ldap_access_filter</quote> config option for more information about " -"using LDAP as an access provider." +"over an unencrypted channel. Even if the LDAP server is used only as an " +"identity provider, an encrypted channel is strongly recommended. Please " +"refer to <quote>ldap_access_filter</quote> config option for more " +"information about using LDAP as an access provider." msgstr "" "Das LDAP-Backend unterstützt ID-, Authentifizierungs-, Zugriffs- und Chpass-" "Anbieter. Falls Sie sich bei einem LDAP-Server authentifizieren möchten, " @@ -5961,19 +5985,19 @@ msgstr "" "unter »ldap_access_filter«." #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:82 sssd-ad.5.xml:130 +#: sssd-ldap.5.xml:50 sssd-simple.5.xml:69 sssd-ipa.5.xml:82 sssd-ad.5.xml:130 #: sssd-krb5.5.xml:63 sssd-ifp.5.xml:60 sssd-files.5.xml:77 #: sssd-session-recording.5.xml:58 sssd-kcm.8.xml:202 msgid "CONFIGURATION OPTIONS" msgstr "KONFIGURATIONSOPTIONEN" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:66 +#: sssd-ldap.5.xml:67 msgid "ldap_uri, ldap_backup_uri (string)" msgstr "ldap_uri, ldap_backup_uri (Zeichenkette)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:69 +#: sssd-ldap.5.xml:70 msgid "" "Specifies the comma-separated list of URIs of the LDAP servers to which SSSD " "should connect in the order of preference. Refer to the <quote>FAILOVER</" @@ -5988,18 +6012,18 @@ msgstr "" "aktiviert. Weitere Informationen finden Sie im Abschnitt »DIENSTSUCHE«." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:76 +#: sssd-ldap.5.xml:77 msgid "The format of the URI must match the format defined in RFC 2732:" msgstr "" "Das Format der URI muss dem in RFC 2732 definierten Format entsprechen:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:79 +#: sssd-ldap.5.xml:80 msgid "ldap[s]://<host>[:port]" msgstr "ldap[s]://<Rechner>[:Port]" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:82 +#: sssd-ldap.5.xml:83 msgid "" "For explicit IPv6 addresses, <host> must be enclosed in brackets []" msgstr "" @@ -6007,17 +6031,17 @@ msgstr "" "eckigen Klammern [] stehen." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:85 +#: sssd-ldap.5.xml:86 msgid "example: ldap://[fc00::126:25]:389" msgstr "Beispiel: ldap://[fc00::126:25]:389" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:91 +#: sssd-ldap.5.xml:92 msgid "ldap_chpass_uri, ldap_chpass_backup_uri (string)" msgstr "ldap_chpass_uri, ldap_chpass_backup_uri (Zeichenkette)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:94 +#: sssd-ldap.5.xml:95 msgid "" "Specifies the comma-separated list of URIs of the LDAP servers to which SSSD " "should connect in the order of preference to change the password of a user. " @@ -6030,31 +6054,31 @@ msgstr "" "Redundanz finden Sie im Abschnitt »AUSFALLSICHERUNG«. " #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:101 +#: sssd-ldap.5.xml:102 msgid "To enable service discovery ldap_chpass_dns_service_name must be set." msgstr "" "Um die Dienstsuche zu aktivieren, muss »ldap_chpass_dns_service_name« " "gesetzt sein." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:105 +#: sssd-ldap.5.xml:106 msgid "Default: empty, i.e. ldap_uri is used." msgstr "Voreinstellung: leer, d.h., dass »ldap_uri« benutzt wird" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:111 +#: sssd-ldap.5.xml:112 msgid "ldap_search_base (string)" msgstr "ldap_search_base (Zeichenkette)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:114 +#: sssd-ldap.5.xml:115 msgid "The default base DN to use for performing LDAP user operations." msgstr "" "der Standardbasis-Domain-Name, der zur Durchführung von LDAP-" "Benutzeraktionen benutzt wird" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:118 +#: sssd-ldap.5.xml:119 msgid "" "Starting with SSSD 1.7.0, SSSD supports multiple search bases using the " "syntax:" @@ -6063,20 +6087,20 @@ msgstr "" "Syntax:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:122 +#: sssd-ldap.5.xml:123 msgid "search_base[?scope?[filter][?search_base?scope?[filter]]*]" msgstr "" "search_base[?Gültigkeitsbereich?[Filter][?search_base?Gültigkeitsbereich?" "[Filter]]*]" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:125 +#: sssd-ldap.5.xml:126 msgid "The scope can be one of \"base\", \"onelevel\" or \"subtree\"." msgstr "" "Der Gültigkeitsbereich kann entweder »base«, »onelevel« oder »subtree« sein." #. type: Content of: <listitem><para> -#: sssd-ldap.5.xml:128 include/ldap_search_bases.xml:18 +#: sssd-ldap.5.xml:129 include/ldap_search_bases.xml:18 msgid "" "The filter must be a valid LDAP search filter as specified by http://www." "ietf.org/rfc/rfc2254.txt" @@ -6085,13 +6109,13 @@ msgstr "" "rfc/rfc2254.txt spezifiziert, sein." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:132 sssd-ad.5.xml:311 sss_override.8.xml:143 +#: sssd-ldap.5.xml:133 sssd-ad.5.xml:311 sss_override.8.xml:143 #: sss_override.8.xml:240 sssd-ldap-attributes.5.xml:453 msgid "Examples:" msgstr "Beispiele:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:135 +#: sssd-ldap.5.xml:136 msgid "" "ldap_search_base = dc=example,dc=com (which is equivalent to) " "ldap_search_base = dc=example,dc=com?subtree?" @@ -6100,7 +6124,7 @@ msgstr "" "dc=example,dc=com?subtree?" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:140 +#: sssd-ldap.5.xml:141 msgid "" "ldap_search_base = cn=host_specific,dc=example,dc=com?subtree?" "(host=thishost)?dc=example.com?subtree?" @@ -6109,7 +6133,7 @@ msgstr "" "(host=Dieser_Rechner)?dc=example.com?Unterverzeichnis?" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:143 +#: sssd-ldap.5.xml:144 msgid "" "Note: It is unsupported to have multiple search bases which reference " "identically-named objects (for example, groups with the same name in two " @@ -6122,7 +6146,7 @@ msgstr "" "Verhalten auf Client-Rechnern führen." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:150 +#: sssd-ldap.5.xml:151 msgid "" "Default: If not set, the value of the defaultNamingContext or namingContexts " "attribute from the RootDSE of the LDAP server is used. If " @@ -6139,12 +6163,12 @@ msgstr "" "haben, damit dies funktioniert. Mehrere Werte werden nicht unterstützt." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:164 +#: sssd-ldap.5.xml:165 msgid "ldap_schema (string)" msgstr "ldap_schema (Zeichenkette)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:167 +#: sssd-ldap.5.xml:168 msgid "" "Specifies the Schema Type in use on the target LDAP server. Depending on " "the selected schema, the default attribute names retrieved from the servers " @@ -6156,32 +6180,32 @@ msgstr "" "gehandhabt werden, kann sich ebenfalls unterscheiden." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:174 +#: sssd-ldap.5.xml:175 msgid "Four schema types are currently supported:" msgstr "Derzeit werden vier Schematypen unterstützt:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:178 +#: sssd-ldap.5.xml:179 msgid "rfc2307" msgstr "rfc2307" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:183 +#: sssd-ldap.5.xml:184 msgid "rfc2307bis" msgstr "rfc2307bis" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:188 +#: sssd-ldap.5.xml:189 msgid "IPA" msgstr "IPA" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:193 +#: sssd-ldap.5.xml:194 msgid "AD" msgstr "AD" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:199 +#: sssd-ldap.5.xml:200 msgid "" "The main difference between these schema types is how group memberships are " "recorded in the server. With rfc2307, group members are listed by name in " @@ -6199,37 +6223,37 @@ msgstr "" "Attribute passend zu den Werten von Active Directory 2008r2." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:209 +#: sssd-ldap.5.xml:210 msgid "Default: rfc2307" msgstr "Voreinstellung: rfc2307" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:215 +#: sssd-ldap.5.xml:216 msgid "ldap_pwmodify_mode (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:218 +#: sssd-ldap.5.xml:219 msgid "Specify the operation that is used to modify user password." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:222 +#: sssd-ldap.5.xml:223 msgid "Two modes are currently supported:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:226 +#: sssd-ldap.5.xml:227 msgid "exop - Password Modify Extended Operation (RFC 3062)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:232 +#: sssd-ldap.5.xml:233 msgid "ldap_modify - Direct modification of userPassword (not recommended)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:239 +#: sssd-ldap.5.xml:240 msgid "" "Note: First, a new connection is established to verify current password by " "binding as the user that requested password change. If successful, this " @@ -6238,76 +6262,76 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:247 +#: sssd-ldap.5.xml:248 msgid "Default: exop" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:253 +#: sssd-ldap.5.xml:254 msgid "ldap_default_bind_dn (string)" msgstr "ldap_default_bind_dn (Zeichenkette)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:256 +#: sssd-ldap.5.xml:257 msgid "The default bind DN to use for performing LDAP operations." msgstr "" "der Standard-Bind-Domain-Name, der zum Durchführen von LDAP-Aktionen benutzt " "wird" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:263 +#: sssd-ldap.5.xml:264 msgid "ldap_default_authtok_type (string)" msgstr "ldap_default_authtok_type (Zeichenkette)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:266 +#: sssd-ldap.5.xml:267 msgid "The type of the authentication token of the default bind DN." msgstr "der Typ des Authentifizierungs-Tokens des Standard-Bind-Domain-Namens" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:270 +#: sssd-ldap.5.xml:271 msgid "The two mechanisms currently supported are:" msgstr "Die beiden derzeit unterstützten Mechanismen sind:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:273 +#: sssd-ldap.5.xml:274 msgid "password" msgstr "password" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:276 +#: sssd-ldap.5.xml:277 msgid "obfuscated_password" msgstr "obfuscated_password" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:279 +#: sssd-ldap.5.xml:280 msgid "Default: password" msgstr "Voreinstellung: password" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:282 +#: sssd-ldap.5.xml:283 msgid "" "See the <citerefentry> <refentrytitle>sss_obfuscate</refentrytitle> " "<manvolnum>8</manvolnum> </citerefentry> manual page for more information." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:293 +#: sssd-ldap.5.xml:294 msgid "ldap_default_authtok (string)" msgstr "ldap_default_authtok (Zeichenkette)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:296 +#: sssd-ldap.5.xml:297 msgid "The authentication token of the default bind DN." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:302 +#: sssd-ldap.5.xml:303 msgid "ldap_force_upper_case_realm (boolean)" msgstr "ldap_force_upper_case_realm (Boolesch)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:305 +#: sssd-ldap.5.xml:306 msgid "" "Some directory servers, for example Active Directory, might deliver the " "realm part of the UPN in lower case, which might cause the authentication to " @@ -6320,12 +6344,12 @@ msgstr "" "ungleich Null, falls Sie einen Realm in Großbuchstaben wünschen." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:318 +#: sssd-ldap.5.xml:319 msgid "ldap_enumeration_refresh_timeout (integer)" msgstr "ldap_enumeration_refresh_timeout (Ganzzahl)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:321 +#: sssd-ldap.5.xml:322 msgid "" "Specifies how many seconds SSSD has to wait before refreshing its cache of " "enumerated records." @@ -6334,12 +6358,12 @@ msgstr "" "Zwischenspeicher aufgezählter Datensätze aktualisiert." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:337 +#: sssd-ldap.5.xml:338 msgid "ldap_purge_cache_timeout (integer)" msgstr "ldap_purge_cache_timeout (Ganzzahl)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:340 +#: sssd-ldap.5.xml:341 msgid "" "Determine how often to check the cache for inactive entries (such as groups " "with no members and users who have never logged in) and remove them to save " @@ -6350,7 +6374,7 @@ msgstr "" "haben) und diese entfernt werden, um Platz zu sparen." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:346 +#: sssd-ldap.5.xml:347 msgid "" "Setting this option to zero will disable the cache cleanup operation. Please " "note that if enumeration is enabled, the cleanup task is required in order " @@ -6359,12 +6383,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:366 +#: sssd-ldap.5.xml:367 msgid "ldap_group_nesting_level (integer)" msgstr "ldap_group_nesting_level (Ganzzahl)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:369 +#: sssd-ldap.5.xml:370 msgid "" "If ldap_schema is set to a schema format that supports nested groups (e.g. " "RFC2307bis), then this option controls how many levels of nesting SSSD will " @@ -6376,7 +6400,7 @@ msgstr "" "das Schema RFC2307." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:376 +#: sssd-ldap.5.xml:377 msgid "" "Note: This option specifies the guaranteed level of nested groups to be " "processed for any lookup. However, nested groups beyond this limit " @@ -6393,7 +6417,7 @@ msgstr "" "erfolgt." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:385 +#: sssd-ldap.5.xml:386 msgid "" "If ldap_group_nesting_level is set to 0 then no nested groups are processed " "at all. However, when connected to Active-Directory Server 2008 and later " @@ -6403,12 +6427,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:394 +#: sssd-ldap.5.xml:395 msgid "Default: 2" msgstr "Voreinstellung: 2" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:403 +#: sssd-ldap.5.xml:404 msgid "" "This options enables or disables use of Token-Groups attribute when " "performing initgroup for users from Active Directory Server 2008 and later." @@ -6418,25 +6442,25 @@ msgstr "" "und neuere Versionen ausgeführt wird." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:413 +#: sssd-ldap.5.xml:414 msgid "Default: True for AD and IPA otherwise False." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:419 +#: sssd-ldap.5.xml:420 msgid "ldap_host_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:422 +#: sssd-ldap.5.xml:423 msgid "Optional. Use the given string as search base for host objects." msgstr "" "optional, verwendet die angegebene Zeichenkette als Suchgrundlage für " "Rechnerobjekte" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:426 sssd-ipa.5.xml:457 sssd-ipa.5.xml:476 sssd-ipa.5.xml:495 -#: sssd-ipa.5.xml:514 +#: sssd-ldap.5.xml:427 sssd-ipa.5.xml:462 sssd-ipa.5.xml:481 sssd-ipa.5.xml:500 +#: sssd-ipa.5.xml:519 msgid "" "See <quote>ldap_search_base</quote> for information about configuring " "multiple search bases." @@ -6445,32 +6469,32 @@ msgstr "" "unter »ldap_search_base«." #. type: Content of: <listitem><para> -#: sssd-ldap.5.xml:431 sssd-ipa.5.xml:462 include/ldap_search_bases.xml:27 +#: sssd-ldap.5.xml:432 sssd-ipa.5.xml:467 include/ldap_search_bases.xml:27 msgid "Default: the value of <emphasis>ldap_search_base</emphasis>" msgstr "Voreinstellung: der Wert von <emphasis>ldap_search_base</emphasis>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:438 +#: sssd-ldap.5.xml:439 msgid "ldap_service_search_base (string)" msgstr "ldap_service_search_base (Zeichenkette)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:443 +#: sssd-ldap.5.xml:444 msgid "ldap_iphost_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:448 +#: sssd-ldap.5.xml:449 msgid "ldap_ipnetwork_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:453 +#: sssd-ldap.5.xml:454 msgid "ldap_search_timeout (integer)" msgstr "ldap_search_timeout (Ganzzahl)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:456 +#: sssd-ldap.5.xml:457 msgid "" "Specifies the timeout (in seconds) that ldap searches are allowed to run " "before they are cancelled and cached results are returned (and offline mode " @@ -6481,7 +6505,7 @@ msgstr "" "Ergebnisse zurückgegeben werden (und in den Offline-Modus gegangen wird)." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:462 +#: sssd-ldap.5.xml:463 msgid "" "Note: this option is subject to change in future versions of the SSSD. It " "will likely be replaced at some point by a series of timeouts for specific " @@ -6492,12 +6516,12 @@ msgstr "" "Zeitüberschreitungspunkten für spezielle Nachschlagetypen ersetzt." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:479 +#: sssd-ldap.5.xml:480 msgid "ldap_enumeration_search_timeout (integer)" msgstr "ldap_enumeration_search_timeout (Ganzzahl)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:482 +#: sssd-ldap.5.xml:483 msgid "" "Specifies the timeout (in seconds) that ldap searches for user and group " "enumerations are allowed to run before they are cancelled and cached results " @@ -6509,12 +6533,12 @@ msgstr "" "(und in den Offline-Modus gegangen wird)." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:500 +#: sssd-ldap.5.xml:501 msgid "ldap_network_timeout (integer)" msgstr "ldap_network_timeout (Ganzzahl)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:503 +#: sssd-ldap.5.xml:504 msgid "" "Specifies the timeout (in seconds) after which the <citerefentry> " "<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/" @@ -6531,12 +6555,12 @@ msgstr "" "citerefentry> zurückkehrt, falls keine Aktivität stattfindet." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:531 +#: sssd-ldap.5.xml:532 msgid "ldap_opt_timeout (integer)" msgstr "ldap_opt_timeout (Ganzzahl)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:534 +#: sssd-ldap.5.xml:535 msgid "" "Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs " "will abort if no response is received. Also controls the timeout when " @@ -6545,12 +6569,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:554 +#: sssd-ldap.5.xml:555 msgid "ldap_connection_expire_timeout (integer)" msgstr "ldap_connection_expire_timeout (Ganzzahl)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:557 +#: sssd-ldap.5.xml:558 msgid "" "Specifies a timeout (in seconds) that a connection to an LDAP server will be " "maintained. After this time, the connection will be re-established. If used " @@ -6564,7 +6588,7 @@ msgstr "" "Lebensdauer) verwendet." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:565 +#: sssd-ldap.5.xml:566 msgid "" "If the connection is idle (not actively running an operation) within " "<emphasis>ldap_opt_timeout</emphasis> seconds of expiration, then it will be " @@ -6575,38 +6599,38 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:577 +#: sssd-ldap.5.xml:578 msgid "" "This timeout can be extended of a random value specified by " "<emphasis>ldap_connection_expire_offset</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:587 sssd-ldap.5.xml:630 sssd-ldap.5.xml:1711 +#: sssd-ldap.5.xml:588 sssd-ldap.5.xml:631 sssd-ldap.5.xml:1713 msgid "Default: 900 (15 minutes)" msgstr "Voreinstellung: 900 (15 Minuten)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:593 +#: sssd-ldap.5.xml:594 msgid "ldap_connection_expire_offset (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:596 +#: sssd-ldap.5.xml:597 msgid "" "Random offset between 0 and configured value is added to " "<emphasis>ldap_connection_expire_timeout</emphasis>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:612 +#: sssd-ldap.5.xml:613 #, fuzzy #| msgid "ldap_connection_expire_timeout (integer)" msgid "ldap_connection_idle_timeout (integer)" msgstr "ldap_connection_expire_timeout (Ganzzahl)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:615 +#: sssd-ldap.5.xml:616 #, fuzzy #| msgid "" #| "Specifies a timeout (in seconds) that a connection to an LDAP server will " @@ -6625,17 +6649,17 @@ msgstr "" "Lebensdauer) verwendet." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:621 +#: sssd-ldap.5.xml:622 msgid "You can disable this timeout by setting the value to 0." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:636 +#: sssd-ldap.5.xml:637 msgid "ldap_page_size (integer)" msgstr "ldap_page_size (Ganzzahl)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:639 +#: sssd-ldap.5.xml:640 msgid "" "Specify the number of records to retrieve from LDAP in a single request. " "Some LDAP servers enforce a maximum limit per-request." @@ -6645,12 +6669,12 @@ msgstr "" "pro Anfrage." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:650 +#: sssd-ldap.5.xml:651 msgid "ldap_disable_paging (boolean)" msgstr "ldap_disable_paging (Boolesch)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:653 +#: sssd-ldap.5.xml:654 msgid "" "Disable the LDAP paging control. This option should be used if the LDAP " "server reports that it supports the LDAP paging control in its RootDSE but " @@ -6662,7 +6686,7 @@ msgstr "" "deaktiviert ist oder sich nicht ordnungsgemäß verhält." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:659 +#: sssd-ldap.5.xml:660 msgid "" "Example: OpenLDAP servers with the paging control module installed on the " "server but not enabled will report it in the RootDSE but be unable to use it." @@ -6672,7 +6696,7 @@ msgstr "" "aber nicht in der Lage, es zu benutzen." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:665 +#: sssd-ldap.5.xml:666 msgid "" "Example: 389 DS has a bug where it can only support a one paging control at " "a time on a single connection. On busy clients, this can result in some " @@ -6684,17 +6708,17 @@ msgstr "" "abgelehnt werden." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:677 +#: sssd-ldap.5.xml:678 msgid "ldap_disable_range_retrieval (boolean)" msgstr "ldap_disable_range_retrieval (Boolesch)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:680 +#: sssd-ldap.5.xml:681 msgid "Disable Active Directory range retrieval." msgstr "deaktiviert die Bereichsabfrage von Active Directory" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:683 +#: sssd-ldap.5.xml:684 msgid "" "Active Directory limits the number of members to be retrieved in a single " "lookup using the MaxValRange policy (which defaults to 1500 members). If a " @@ -6710,12 +6734,12 @@ msgstr "" "es so aussehen, als ob große Gruppen keine Mitglieder hätten." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:698 +#: sssd-ldap.5.xml:699 msgid "ldap_sasl_minssf (integer)" msgstr "ldap_sasl_minssf (Ganzzahl)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:701 +#: sssd-ldap.5.xml:702 msgid "" "When communicating with an LDAP server using SASL, specify the minimum " "security level necessary to establish the connection. The values of this " @@ -6726,19 +6750,19 @@ msgstr "" "Werte dieser Option werden durch OpenLDAP definiert." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:707 sssd-ldap.5.xml:723 +#: sssd-ldap.5.xml:708 sssd-ldap.5.xml:724 msgid "Default: Use the system default (usually specified by ldap.conf)" msgstr "" "Voreinstellung: verwendet die Voreinstellungen des System (normalerweise in " "»ldap.conf« angegeben)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:714 +#: sssd-ldap.5.xml:715 msgid "ldap_sasl_maxssf (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:717 +#: sssd-ldap.5.xml:718 msgid "" "When communicating with an LDAP server using SASL, specify the maximal " "security level necessary to establish the connection. The values of this " @@ -6746,12 +6770,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:730 +#: sssd-ldap.5.xml:731 msgid "ldap_deref_threshold (integer)" msgstr "ldap_deref_threshold (Ganzzahl)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:733 +#: sssd-ldap.5.xml:734 msgid "" "Specify the number of group members that must be missing from the internal " "cache in order to trigger a dereference lookup. If less members are missing, " @@ -6763,7 +6787,7 @@ msgstr "" "nachgeschlagen." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:739 +#: sssd-ldap.5.xml:740 msgid "" "You can turn off dereference lookups completely by setting the value to 0. " "Please note that there are some codepaths in SSSD, like the IPA HBAC " @@ -6774,7 +6798,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:750 +#: sssd-ldap.5.xml:751 msgid "" "A dereference lookup is a means of fetching all group members in a single " "LDAP call. Different LDAP servers may implement different dereference " @@ -6787,7 +6811,7 @@ msgstr "" "unterstützten Server sind 389/RHDS, OpenLDAP und Active Directory." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:758 +#: sssd-ldap.5.xml:759 msgid "" "<emphasis>Note:</emphasis> If any of the search bases specifies a search " "filter, then the dereference lookup performance enhancement will be disabled " @@ -6798,12 +6822,12 @@ msgstr "" "Nachschlagen ohne Rücksicht auf die Einstellung deaktiviert." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:771 +#: sssd-ldap.5.xml:772 msgid "ldap_ignore_unreadable_references (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:774 +#: sssd-ldap.5.xml:775 msgid "" "Ignore unreadable LDAP entries referenced in group's member attribute. If " "this parameter is set to false an error will be returned and the operation " @@ -6811,7 +6835,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:781 +#: sssd-ldap.5.xml:782 msgid "" "This parameter may be useful when using the AD provider and the computer " "account that sssd uses to connect to AD does not have access to a particular " @@ -6819,12 +6843,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:794 +#: sssd-ldap.5.xml:795 msgid "ldap_tls_reqcert (string)" msgstr "ldap_tls_reqcert (Zeichenkette)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:797 +#: sssd-ldap.5.xml:798 msgid "" "Specifies what checks to perform on server certificates in a TLS session, if " "any. It can be specified as one of the following values:" @@ -6834,7 +6858,7 @@ msgstr "" "Werte angegeben werden:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:803 +#: sssd-ldap.5.xml:804 msgid "" "<emphasis>never</emphasis> = The client will not request or check any server " "certificate." @@ -6843,7 +6867,7 @@ msgstr "" "oder anfordern." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:807 +#: sssd-ldap.5.xml:808 msgid "" "<emphasis>allow</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -6855,7 +6879,7 @@ msgstr "" "Sitzung fährt normal fort." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:814 +#: sssd-ldap.5.xml:815 msgid "" "<emphasis>try</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -6866,7 +6890,7 @@ msgstr "" "ungültiges Zertifikat bereitgestellt wird, wird die Sitzung sofort beendet." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:820 +#: sssd-ldap.5.xml:821 msgid "" "<emphasis>demand</emphasis> = The server certificate is requested. If no " "certificate is provided, or a bad certificate is provided, the session is " @@ -6877,22 +6901,22 @@ msgstr "" "sofort beendet." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:826 +#: sssd-ldap.5.xml:827 msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>" msgstr "<emphasis>hard</emphasis> = entspricht »demand«" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:830 +#: sssd-ldap.5.xml:831 msgid "Default: hard" msgstr "Voreinstellung: hard" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:836 +#: sssd-ldap.5.xml:837 msgid "ldap_tls_cacert (string)" msgstr "ldap_tls_cacert (Zeichenkette)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:839 +#: sssd-ldap.5.xml:840 msgid "" "Specifies the file that contains certificates for all of the Certificate " "Authorities that <command>sssd</command> will recognize." @@ -6901,7 +6925,7 @@ msgstr "" "die <command>sssd</command> erkennen wird." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:844 sssd-ldap.5.xml:862 sssd-ldap.5.xml:903 +#: sssd-ldap.5.xml:845 sssd-ldap.5.xml:863 sssd-ldap.5.xml:904 msgid "" "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap." "conf</filename>" @@ -6910,12 +6934,12 @@ msgstr "" "<filename>/etc/openldap/ldap.conf</filename>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:851 +#: sssd-ldap.5.xml:852 msgid "ldap_tls_cacertdir (string)" msgstr "ldap_tls_cacertdir (Zeichenkette)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:854 +#: sssd-ldap.5.xml:855 msgid "" "Specifies the path of a directory that contains Certificate Authority " "certificates in separate individual files. Typically the file names need to " @@ -6929,33 +6953,33 @@ msgstr "" "Erstellen der korrekten Namen verwendet werden." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:869 +#: sssd-ldap.5.xml:870 msgid "ldap_tls_cert (string)" msgstr "ldap_tls_cert (Zeichenkette)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:872 +#: sssd-ldap.5.xml:873 msgid "Specifies the file that contains the certificate for the client's key." msgstr "" "gibt die Datei an, die das Zertifikat für den Schlüssel des Clients enthält." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:882 +#: sssd-ldap.5.xml:883 msgid "ldap_tls_key (string)" msgstr "ldap_tls_key (Zeichenkette)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:885 +#: sssd-ldap.5.xml:886 msgid "Specifies the file that contains the client's key." msgstr "gibt die Datei an, die den Schlüssel des Clients enthält." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:894 +#: sssd-ldap.5.xml:895 msgid "ldap_tls_cipher_suite (string)" msgstr "ldap_tls_cipher_suite (Zeichenkette)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:897 +#: sssd-ldap.5.xml:898 msgid "" "Specifies acceptable cipher suites. Typically this is a colon separated " "list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> " @@ -6963,26 +6987,31 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:910 +#: sssd-ldap.5.xml:911 msgid "ldap_id_use_start_tls (boolean)" msgstr "ldap_id_use_start_tls (Boolesch)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:913 +#: sssd-ldap.5.xml:914 +#, fuzzy +#| msgid "" +#| "Specifies that the id_provider connection must also use <systemitem " +#| "class=\"protocol\">tls</systemitem> to protect the channel." msgid "" "Specifies that the id_provider connection must also use <systemitem " -"class=\"protocol\">tls</systemitem> to protect the channel." +"class=\"protocol\">tls</systemitem> to protect the channel. <emphasis>true</" +"emphasis> is strongly recommended for security reasons." msgstr "" "gibt an, dass die Verbindung »id_provider« auch <systemitem " "class=\"protocol\">tls</systemitem> benutzen muss, um den Kanal abzusichern." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:923 +#: sssd-ldap.5.xml:925 msgid "ldap_id_mapping (boolean)" msgstr "ldap_id_mapping (Boolesch)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:926 +#: sssd-ldap.5.xml:928 msgid "" "Specifies that SSSD should attempt to map user and group IDs from the " "ldap_user_objectsid and ldap_group_objectsid attributes instead of relying " @@ -6994,19 +7023,19 @@ msgstr "" "verlassen." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:932 +#: sssd-ldap.5.xml:934 msgid "Currently this feature supports only ActiveDirectory objectSID mapping." msgstr "" "Derzeit unterstützt diese Funktionalität nur das Abbilden von Active-" "Directory-ObjectSIDs." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:942 +#: sssd-ldap.5.xml:944 msgid "ldap_min_id, ldap_max_id (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:945 +#: sssd-ldap.5.xml:947 msgid "" "In contrast to the SID based ID mapping which is used if ldap_id_mapping is " "set to true the allowed ID range for ldap_user_uid_number and " @@ -7025,24 +7054,24 @@ msgstr "" "Abbildung von IDs wählen." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:957 +#: sssd-ldap.5.xml:959 msgid "Default: not set (both options are set to 0)" msgstr "Voreinstellung: nicht gesetzt (beide Optionen sind auf 0 gesetzt)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:963 +#: sssd-ldap.5.xml:965 msgid "ldap_sasl_mech (string)" msgstr "ldap_sasl_mech (Zeichenkette)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:966 +#: sssd-ldap.5.xml:968 msgid "" "Specify the SASL mechanism to use. Currently only GSSAPI and GSS-SPNEGO are " "tested and supported." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:970 +#: sssd-ldap.5.xml:972 msgid "" "If the backend supports sub-domains the value of ldap_sasl_mech is " "automatically inherited to the sub-domains. If a different value is needed " @@ -7053,12 +7082,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:986 +#: sssd-ldap.5.xml:988 msgid "ldap_sasl_authid (string)" msgstr "ldap_sasl_authid (Zeichenkette)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd-ldap.5.xml:998 +#: sssd-ldap.5.xml:1000 #, no-wrap msgid "" "hostname@REALM\n" @@ -7071,7 +7100,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:989 +#: sssd-ldap.5.xml:991 msgid "" "Specify the SASL authorization id to use. When GSSAPI/GSS-SPNEGO are used, " "this represents the Kerberos principal used for authentication to the " @@ -7083,17 +7112,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1009 +#: sssd-ldap.5.xml:1011 msgid "Default: host/hostname@REALM" msgstr "Voreinstellung Rechner/MeinRechner@BEREICH" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1015 +#: sssd-ldap.5.xml:1017 msgid "ldap_sasl_realm (string)" msgstr "ldap_sasl_realm (Zeichenkette)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1018 +#: sssd-ldap.5.xml:1020 msgid "" "Specify the SASL realm to use. When not specified, this option defaults to " "the value of krb5_realm. If the ldap_sasl_authid contains the realm as " @@ -7104,17 +7133,17 @@ msgstr "" "»ldap_sasl_authid« ebenfalls den Realm enthält, wird diese Option ignoriert." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1024 +#: sssd-ldap.5.xml:1026 msgid "Default: the value of krb5_realm." msgstr "Voreinstellung: der Wert von »krb5_realm«" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1030 +#: sssd-ldap.5.xml:1032 msgid "ldap_sasl_canonicalize (boolean)" msgstr "ldap_sasl_canonicalize (Boolesch)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1033 +#: sssd-ldap.5.xml:1035 msgid "" "If set to true, the LDAP library would perform a reverse lookup to " "canonicalize the host name during a SASL bind." @@ -7124,34 +7153,34 @@ msgstr "" "Bind in eine kanonische Form zu bringen." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1038 +#: sssd-ldap.5.xml:1040 msgid "Default: false;" msgstr "Voreinstellung: false;" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1044 +#: sssd-ldap.5.xml:1046 msgid "ldap_krb5_keytab (string)" msgstr "ldap_krb5_keytab (Zeichenkette)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1047 +#: sssd-ldap.5.xml:1049 msgid "Specify the keytab to use when using SASL/GSSAPI/GSS-SPNEGO." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1056 sssd-krb5.5.xml:247 +#: sssd-ldap.5.xml:1058 sssd-krb5.5.xml:247 msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>" msgstr "" "Voreinstellung: Keytab des Systems, normalerweise <filename>/etc/krb5." "keytab</filename>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1062 +#: sssd-ldap.5.xml:1064 msgid "ldap_krb5_init_creds (boolean)" msgstr "ldap_krb5_init_creds (Boolesch)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1065 +#: sssd-ldap.5.xml:1067 msgid "" "Specifies that the id_provider should init Kerberos credentials (TGT). This " "action is performed only if SASL is used and the mechanism selected is " @@ -7159,28 +7188,28 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1077 +#: sssd-ldap.5.xml:1079 msgid "ldap_krb5_ticket_lifetime (integer)" msgstr "ldap_krb5_ticket_lifetime (Ganzzahl)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1080 +#: sssd-ldap.5.xml:1082 msgid "" "Specifies the lifetime in seconds of the TGT if GSSAPI or GSS-SPNEGO is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1089 sssd-ad.5.xml:1252 +#: sssd-ldap.5.xml:1091 sssd-ad.5.xml:1252 msgid "Default: 86400 (24 hours)" msgstr "Voreinstellung: 86400 (24 Stunden)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1095 sssd-krb5.5.xml:74 +#: sssd-ldap.5.xml:1097 sssd-krb5.5.xml:74 msgid "krb5_server, krb5_backup_server (string)" msgstr "krb5_server, krb5_backup_server (Zeichenkette)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1098 +#: sssd-ldap.5.xml:1100 msgid "" "Specifies the comma-separated list of IP addresses or hostnames of the " "Kerberos servers to which SSSD should connect in the order of preference. " @@ -7199,7 +7228,7 @@ msgstr "" "Weitere Informationen finden Sie im Abschnitt »DIENSTSUCHE«." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1110 sssd-krb5.5.xml:89 +#: sssd-ldap.5.xml:1112 sssd-krb5.5.xml:89 msgid "" "When using service discovery for KDC or kpasswd servers, SSSD first searches " "for DNS entries that specify _udp as the protocol and falls back to _tcp if " @@ -7210,7 +7239,7 @@ msgstr "" "Protokoll angeben. Falls keine gefunden werden, weicht es auf _tcp aus." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1115 sssd-krb5.5.xml:94 +#: sssd-ldap.5.xml:1117 sssd-krb5.5.xml:94 msgid "" "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. " "While the legacy name is recognized for the time being, users are advised to " @@ -7222,29 +7251,29 @@ msgstr "" "migrieren." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1124 sssd-ipa.5.xml:526 sssd-krb5.5.xml:103 +#: sssd-ldap.5.xml:1126 sssd-ipa.5.xml:531 sssd-krb5.5.xml:103 msgid "krb5_realm (string)" msgstr "krb5_realm (Zeichenkette)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1127 +#: sssd-ldap.5.xml:1129 msgid "Specify the Kerberos REALM (for SASL/GSSAPI/GSS-SPNEGO auth)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1131 +#: sssd-ldap.5.xml:1133 msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>" msgstr "" "Voreinstellung: Systemvoreinstellungen, siehe <filename>/etc/krb5.conf</" "filename>" #. type: Content of: <variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1137 include/krb5_options.xml:154 +#: sssd-ldap.5.xml:1139 include/krb5_options.xml:154 msgid "krb5_canonicalize (boolean)" msgstr "krb5_canonicalize (Boolesch)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1140 +#: sssd-ldap.5.xml:1142 msgid "" "Specifies if the host principal should be canonicalized when connecting to " "LDAP server. This feature is available with MIT Kerberos >= 1.7" @@ -7254,12 +7283,12 @@ msgstr "" "Kerberos >= 1.7 verfügbar." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1152 sssd-krb5.5.xml:336 +#: sssd-ldap.5.xml:1154 sssd-krb5.5.xml:336 msgid "krb5_use_kdcinfo (boolean)" msgstr "krb5_use_kdcinfo (Boolesch)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1155 sssd-krb5.5.xml:339 +#: sssd-ldap.5.xml:1157 sssd-krb5.5.xml:339 msgid "" "Specifies if the SSSD should instruct the Kerberos libraries what realm and " "which KDCs to use. This option is on by default, if you disable it, you need " @@ -7275,7 +7304,7 @@ msgstr "" "manvolnum> </citerefentry> einrichten." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1166 sssd-krb5.5.xml:350 +#: sssd-ldap.5.xml:1168 sssd-krb5.5.xml:350 msgid "" "See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</" "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more " @@ -7286,12 +7315,12 @@ msgstr "" "refentrytitle> <manvolnum>8</manvolnum> </citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1180 +#: sssd-ldap.5.xml:1182 msgid "ldap_pwd_policy (string)" msgstr "ldap_pwd_policy (Zeichenkette)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1183 +#: sssd-ldap.5.xml:1185 msgid "" "Select the policy to evaluate the password expiration on the client side. " "The following values are allowed:" @@ -7300,7 +7329,7 @@ msgstr "" "Passworts abgeschätzt werden soll. Die folgenden Werte sind erlaubt:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1188 +#: sssd-ldap.5.xml:1190 msgid "" "<emphasis>none</emphasis> - No evaluation on the client side. This option " "cannot disable server-side password policies." @@ -7309,7 +7338,7 @@ msgstr "" "kann keine Server-seitigen Passwortregelwerke deaktivieren." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1193 +#: sssd-ldap.5.xml:1195 #, fuzzy #| msgid "" #| "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</" @@ -7326,7 +7355,7 @@ msgstr "" "manvolnum></citerefentry>, um abzuschätzen, ob das Passwort erloschen ist." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1201 +#: sssd-ldap.5.xml:1203 msgid "" "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos " "to determine if the password has expired. Use chpass_provider=krb5 to update " @@ -7338,7 +7367,7 @@ msgstr "" "Passwort geändert wurde." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1210 +#: sssd-ldap.5.xml:1212 msgid "" "<emphasis>Note</emphasis>: if a password policy is configured on server " "side, it always takes precedence over policy set with this option." @@ -7348,17 +7377,17 @@ msgstr "" "festgelegten Regel." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1218 +#: sssd-ldap.5.xml:1220 msgid "ldap_referrals (boolean)" msgstr "ldap_referrals (Boolesch)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1221 +#: sssd-ldap.5.xml:1223 msgid "Specifies whether automatic referral chasing should be enabled." msgstr "gibt an, ob automatische Verweisverfolgung aktiviert werden soll." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1225 +#: sssd-ldap.5.xml:1227 msgid "" "Please note that sssd only supports referral chasing when it is compiled " "with OpenLDAP version 2.4.13 or higher." @@ -7367,7 +7396,7 @@ msgstr "" "mit OpenLDAP Version 2.4.13 oder höher kompiliert wurde." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1230 +#: sssd-ldap.5.xml:1232 #, fuzzy #| msgid "" #| "Chasing referrals may incur a performance penalty in environments that " @@ -7391,28 +7420,28 @@ msgstr "" "merkliche Leistungsverbesserung bringen." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1249 +#: sssd-ldap.5.xml:1251 msgid "ldap_dns_service_name (string)" msgstr "ldap_dns_service_name (Zeichenkette)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1252 +#: sssd-ldap.5.xml:1254 msgid "Specifies the service name to use when service discovery is enabled." msgstr "" "gibt an, welcher Dienstname bei aktivierter Dienstsuche benutzt werden soll." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1256 +#: sssd-ldap.5.xml:1258 msgid "Default: ldap" msgstr "Voreinstellung: ldap" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1262 +#: sssd-ldap.5.xml:1264 msgid "ldap_chpass_dns_service_name (string)" msgstr "ldap_chpass_dns_service_name (Zeichenkette)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1265 +#: sssd-ldap.5.xml:1267 msgid "" "Specifies the service name to use to find an LDAP server which allows " "password changes when service discovery is enabled." @@ -7421,17 +7450,17 @@ msgstr "" "soll, der Passwortänderungen bei aktivierter Dienstsuche ermöglicht." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1270 +#: sssd-ldap.5.xml:1272 msgid "Default: not set, i.e. service discovery is disabled" msgstr "Voreinstellung: nicht gesetzt, d.h. Dienstsuche ist deaktiviert" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1276 +#: sssd-ldap.5.xml:1278 msgid "ldap_chpass_update_last_change (bool)" msgstr "ldap_chpass_update_last_change (Boolesch)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1279 +#: sssd-ldap.5.xml:1281 msgid "" "Specifies whether to update the ldap_user_shadow_last_change attribute with " "days since the Epoch after a password change operation." @@ -7440,7 +7469,7 @@ msgstr "" "Passwortänderung mit Unix-Zeit geändert wird." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1285 +#: sssd-ldap.5.xml:1287 msgid "" "It is recommend to set this option explicitly if \"ldap_pwd_policy = " "shadow\" is used to let SSSD know if the LDAP server will update " @@ -7449,12 +7478,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1299 +#: sssd-ldap.5.xml:1301 msgid "ldap_access_filter (string)" msgstr "ldap_access_filter (Zeichenkette)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1302 +#: sssd-ldap.5.xml:1304 msgid "" "If using access_provider = ldap and ldap_access_order = filter (default), " "this option is mandatory. It specifies an LDAP search filter criteria that " @@ -7484,12 +7513,12 @@ msgstr "" "refentrytitle><manvolnum>5</manvolnum> </citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1322 +#: sssd-ldap.5.xml:1324 msgid "Example:" msgstr "Beispiel:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> -#: sssd-ldap.5.xml:1325 +#: sssd-ldap.5.xml:1327 #, no-wrap msgid "" "access_provider = ldap\n" @@ -7501,7 +7530,7 @@ msgstr "" " " #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1329 +#: sssd-ldap.5.xml:1331 msgid "" "This example means that access to this host is restricted to users whose " "employeeType attribute is set to \"admin\"." @@ -7510,7 +7539,7 @@ msgstr "" "beschränkt, deren employeeType-Attribut auf »admin« gesetzt ist." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1334 +#: sssd-ldap.5.xml:1336 msgid "" "Offline caching for this feature is limited to determining whether the " "user's last online login was granted access permission. If they were granted " @@ -7519,17 +7548,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1342 sssd-ldap.5.xml:1398 +#: sssd-ldap.5.xml:1344 sssd-ldap.5.xml:1400 msgid "Default: Empty" msgstr "Voreinstellung: leer" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1348 +#: sssd-ldap.5.xml:1350 msgid "ldap_account_expire_policy (string)" msgstr "ldap_account_expire_policy (Zeichenkette)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1351 +#: sssd-ldap.5.xml:1353 msgid "" "With this option a client side evaluation of access control attributes can " "be enabled." @@ -7538,7 +7567,7 @@ msgstr "" "Zugriffssteuerungsattribute aktiviert werden." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1355 +#: sssd-ldap.5.xml:1357 msgid "" "Please note that it is always recommended to use server side access control, " "i.e. the LDAP server should deny the bind request with a suitable error code " @@ -7549,12 +7578,12 @@ msgstr "" "einem geeigneten Fehlercode zurückweisen, wenn das Passwort korrekt ist." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1362 +#: sssd-ldap.5.xml:1364 msgid "The following values are allowed:" msgstr "Die folgenden Werte sind erlaubt:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1365 +#: sssd-ldap.5.xml:1367 msgid "" "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to " "determine if the account is expired." @@ -7563,7 +7592,7 @@ msgstr "" "»ldap_user_shadow_expire«, um zu bestimmen, ob das Konto abgelaufen ist." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1370 +#: sssd-ldap.5.xml:1372 msgid "" "<emphasis>ad</emphasis>: use the value of the 32bit field " "ldap_user_ad_user_account_control and allow access if the second bit is not " @@ -7576,7 +7605,7 @@ msgstr "" "gewährt. Außerdem wird die Ablaufzeit des Kontos geprüft." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1377 +#: sssd-ldap.5.xml:1379 msgid "" "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</" "emphasis>: use the value of ldap_ns_account_lock to check if access is " @@ -7587,7 +7616,7 @@ msgstr "" "Zugriff erlaubt wird oder nicht." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1383 +#: sssd-ldap.5.xml:1385 msgid "" "<emphasis>nds</emphasis>: the values of " "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and " @@ -7600,7 +7629,7 @@ msgstr "" "Zugriff gewährt wird. Falls diese Attribute fehlen, wird Zugriff erteilt." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1391 +#: sssd-ldap.5.xml:1393 msgid "" "Please note that the ldap_access_order configuration option <emphasis>must</" "emphasis> include <quote>expire</quote> in order for the " @@ -7611,24 +7640,24 @@ msgstr "" "»ldap_account_expire_policy« funktioniert." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1404 +#: sssd-ldap.5.xml:1406 msgid "ldap_access_order (string)" msgstr "ldap_access_order (Zeichenkette)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1407 sssd-ipa.5.xml:351 +#: sssd-ldap.5.xml:1409 sssd-ipa.5.xml:356 msgid "Comma separated list of access control options. Allowed values are:" msgstr "" "durch Kommata getrennte Liste von Zugriffssteuerungsoptionen. Folgende Werte " "sind erlaubt:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1411 +#: sssd-ldap.5.xml:1413 msgid "<emphasis>filter</emphasis>: use ldap_access_filter" msgstr "<emphasis>filter</emphasis>: verwendet »ldap_access_filter«." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1414 +#: sssd-ldap.5.xml:1416 msgid "" "<emphasis>lockout</emphasis>: use account locking. If set, this option " "denies access in case that ldap attribute 'pwdAccountLockedTime' is present " @@ -7638,14 +7667,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1424 +#: sssd-ldap.5.xml:1426 msgid "" "<emphasis> Please note that this option is superseded by the <quote>ppolicy</" "quote> option and might be removed in a future release. </emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1431 +#: sssd-ldap.5.xml:1433 msgid "" "<emphasis>ppolicy</emphasis>: use account locking. If set, this option " "denies access in case that ldap attribute 'pwdAccountLockedTime' is present " @@ -7658,12 +7687,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1448 +#: sssd-ldap.5.xml:1450 msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" msgstr "<emphasis>expire</emphasis>: verwendet »ldap_account_expire_policy«." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1452 sssd-ipa.5.xml:359 +#: sssd-ldap.5.xml:1454 sssd-ipa.5.xml:364 msgid "" "<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, " "pwd_expire_policy_renew: </emphasis> These options are useful if users are " @@ -7673,38 +7702,38 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1462 sssd-ipa.5.xml:369 +#: sssd-ldap.5.xml:1464 sssd-ipa.5.xml:374 msgid "" "The difference between these options is the action taken if user password is " "expired:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:1467 sssd-ipa.5.xml:374 +#: sssd-ldap.5.xml:1469 sssd-ipa.5.xml:379 msgid "pwd_expire_policy_reject - user is denied to log in," msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:1473 sssd-ipa.5.xml:380 +#: sssd-ldap.5.xml:1475 sssd-ipa.5.xml:385 msgid "pwd_expire_policy_warn - user is still able to log in," msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:1479 sssd-ipa.5.xml:386 +#: sssd-ldap.5.xml:1481 sssd-ipa.5.xml:391 msgid "" "pwd_expire_policy_renew - user is prompted to change their password " "immediately." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1487 +#: sssd-ldap.5.xml:1489 msgid "" "Please note that 'access_provider = ldap' must be set for this feature to " "work. Also 'ldap_pwd_policy' must be set to an appropriate password policy." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1492 +#: sssd-ldap.5.xml:1494 msgid "" "<emphasis>authorized_service</emphasis>: use the authorizedService attribute " "to determine access" @@ -7713,33 +7742,33 @@ msgstr "" "»authorizedService«, um zu bestimmen, ob Zugriff gewährt wird." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1497 +#: sssd-ldap.5.xml:1499 msgid "<emphasis>host</emphasis>: use the host attribute to determine access" msgstr "" "<emphasis>host</emphasis>: verwendet das Attribut »host«, um zu bestimmen, " "ob Zugriff gewährt wird." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1501 +#: sssd-ldap.5.xml:1503 msgid "" "<emphasis>rhost</emphasis>: use the rhost attribute to determine whether " "remote host can access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1505 +#: sssd-ldap.5.xml:1507 msgid "" "Please note, rhost field in pam is set by application, it is better to check " "what the application sends to pam, before enabling this access control option" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1510 +#: sssd-ldap.5.xml:1512 msgid "Default: filter" msgstr "Voreinstellung: filter" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1513 +#: sssd-ldap.5.xml:1515 msgid "" "Please note that it is a configuration error if a value is used more than " "once." @@ -7748,12 +7777,12 @@ msgstr "" "mehr als einmal benutzt wird." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1520 +#: sssd-ldap.5.xml:1522 msgid "ldap_pwdlockout_dn (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1523 +#: sssd-ldap.5.xml:1525 msgid "" "This option specifies the DN of password policy entry on LDAP server. Please " "note that absence of this option in sssd.conf in case of enabled account " @@ -7762,22 +7791,22 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1531 +#: sssd-ldap.5.xml:1533 msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1534 +#: sssd-ldap.5.xml:1536 msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1540 +#: sssd-ldap.5.xml:1542 msgid "ldap_deref (string)" msgstr "ldap_deref (Zeichenkette)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1543 +#: sssd-ldap.5.xml:1545 msgid "" "Specifies how alias dereferencing is done when performing a search. The " "following options are allowed:" @@ -7786,12 +7815,12 @@ msgstr "" "folgenden Optionen sind erlaubt:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1548 +#: sssd-ldap.5.xml:1550 msgid "<emphasis>never</emphasis>: Aliases are never dereferenced." msgstr "<emphasis>never</emphasis>: Alias werden nie dereferenziert." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1552 +#: sssd-ldap.5.xml:1554 msgid "" "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of " "the base object, but not in locating the base object of the search." @@ -7801,7 +7830,7 @@ msgstr "" "Suche." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1557 +#: sssd-ldap.5.xml:1559 msgid "" "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating " "the base object of the search." @@ -7810,7 +7839,7 @@ msgstr "" "der Suche dereferenziert." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1562 +#: sssd-ldap.5.xml:1564 msgid "" "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and " "in locating the base object of the search." @@ -7819,7 +7848,7 @@ msgstr "" "Orten des Basisobjekts der Suche dereferenziert." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1567 +#: sssd-ldap.5.xml:1569 msgid "" "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP " "client libraries)" @@ -7828,12 +7857,12 @@ msgstr "" "<emphasis>never</emphasis> gehandhabt.)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1575 +#: sssd-ldap.5.xml:1577 msgid "ldap_rfc2307_fallback_to_local_users (boolean)" msgstr "ldap_rfc2307_fallback_to_local_users (Boolesch)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1578 +#: sssd-ldap.5.xml:1580 msgid "" "Allows to retain local users as members of an LDAP group for servers that " "use the RFC2307 schema." @@ -7842,7 +7871,7 @@ msgstr "" "beizubehalten, die das Schema RFC2307 benutzen." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1582 +#: sssd-ldap.5.xml:1584 msgid "" "In some environments where the RFC2307 schema is used, local users are made " "members of LDAP groups by adding their names to the memberUid attribute. " @@ -7860,7 +7889,7 @@ msgstr "" "getpw*() oder initgroups() abzurufen." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1593 +#: sssd-ldap.5.xml:1595 msgid "" "This option falls back to checking if local users are referenced, and caches " "them so that later initgroups() calls will augment the local users with the " @@ -7871,57 +7900,57 @@ msgstr "" "die lokalen Benutzer um zusätzliche LDAP-Gruppen erweitert werden." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1605 sssd-ifp.5.xml:152 +#: sssd-ldap.5.xml:1607 sssd-ifp.5.xml:152 msgid "wildcard_limit (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1608 +#: sssd-ldap.5.xml:1610 msgid "" "Specifies an upper limit on the number of entries that are downloaded during " "a wildcard lookup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1612 +#: sssd-ldap.5.xml:1614 msgid "At the moment, only the InfoPipe responder supports wildcard lookups." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1616 +#: sssd-ldap.5.xml:1618 msgid "Default: 1000 (often the size of one page)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1622 +#: sssd-ldap.5.xml:1624 #, fuzzy #| msgid "debug_level (integer)" msgid "ldap_library_debug_level (integer)" msgstr "debug_level (Ganzzahl)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1625 +#: sssd-ldap.5.xml:1627 msgid "" "Switches on libldap debugging with the given level. The libldap debug " "messages will be written independent of the general debug_level." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1630 +#: sssd-ldap.5.xml:1632 msgid "" "OpenLDAP uses a bitmap to enable debugging for specific components, -1 will " "enable full debug output." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1635 +#: sssd-ldap.5.xml:1637 #, fuzzy #| msgid "Default: 0 (disabled)" msgid "Default: 0 (libldap debugging disabled)" msgstr "Voreinstellung: 0 (deaktiviert)" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:51 +#: sssd-ldap.5.xml:52 msgid "" "All of the common configuration options that apply to SSSD domains also " "apply to LDAP domains. Refer to the <quote>DOMAIN SECTIONS</quote> section " @@ -7933,12 +7962,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1645 +#: sssd-ldap.5.xml:1647 msgid "SUDO OPTIONS" msgstr "SUDO-OPTIONEN" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1647 +#: sssd-ldap.5.xml:1649 msgid "" "The detailed instructions for configuration of sudo_provider are in the " "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " @@ -7949,12 +7978,12 @@ msgstr "" "<manvolnum>5</manvolnum> </citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1658 +#: sssd-ldap.5.xml:1660 msgid "ldap_sudo_full_refresh_interval (integer)" msgstr "ldap_sudo_full_refresh_interval (Ganzzahl)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1661 +#: sssd-ldap.5.xml:1663 msgid "" "How many seconds SSSD will wait between executing a full refresh of sudo " "rules (which downloads all rules that are stored on the server)." @@ -7964,7 +7993,7 @@ msgstr "" "heruntergeladen werden)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1666 +#: sssd-ldap.5.xml:1668 msgid "" "The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </" "emphasis>" @@ -7973,24 +8002,24 @@ msgstr "" "emphasis> sein." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1671 +#: sssd-ldap.5.xml:1673 msgid "" "You can disable full refresh by setting this option to 0. However, either " "smart or full refresh must be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1676 +#: sssd-ldap.5.xml:1678 msgid "Default: 21600 (6 hours)" msgstr "Voreinstellung: 21600 (6 Stunden)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1682 +#: sssd-ldap.5.xml:1684 msgid "ldap_sudo_smart_refresh_interval (integer)" msgstr "ldap_sudo_smart_refresh_interval (Ganzzahl)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1685 +#: sssd-ldap.5.xml:1687 msgid "" "How many seconds SSSD has to wait before executing a smart refresh of sudo " "rules (which downloads all rules that have USN higher than the highest " @@ -7998,7 +8027,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1691 +#: sssd-ldap.5.xml:1693 msgid "" "If USN attributes are not supported by the server, the modifyTimestamp " "attribute is used instead." @@ -8007,7 +8036,7 @@ msgstr "" "das Attribut »modifyTimestamp« benutzt." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1695 +#: sssd-ldap.5.xml:1697 msgid "" "<emphasis>Note:</emphasis> the highest USN value can be updated by three " "tasks: 1) By sudo full and smart refresh (if updated rules are found), 2) by " @@ -8017,21 +8046,21 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1706 +#: sssd-ldap.5.xml:1708 msgid "" "You can disable smart refresh by setting this option to 0. However, either " "smart or full refresh must be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1717 +#: sssd-ldap.5.xml:1719 #, fuzzy #| msgid "ldap_idmap_range_size (integer)" msgid "ldap_sudo_random_offset (integer)" msgstr "ldap_idmap_range_size (Ganzzahl)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1720 +#: sssd-ldap.5.xml:1722 msgid "" "Random offset between 0 and configured value is added to smart and full " "refresh periods each time the periodic task is scheduled. The value is in " @@ -8039,7 +8068,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1726 +#: sssd-ldap.5.xml:1728 msgid "" "Note that this random offset is also applied on the first SSSD start which " "delays the first sudo rules refresh. This prolongs the time when the sudo " @@ -8047,17 +8076,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1732 +#: sssd-ldap.5.xml:1734 msgid "You can disable this offset by setting the value to 0." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1742 +#: sssd-ldap.5.xml:1744 msgid "ldap_sudo_use_host_filter (boolean)" msgstr "ldap_sudo_use_host_filter (Boolesch)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1745 +#: sssd-ldap.5.xml:1747 msgid "" "If true, SSSD will download only rules that are applicable to this machine " "(using the IPv4 or IPv6 host/network addresses and hostnames)." @@ -8067,12 +8096,12 @@ msgstr "" "Netzwerkadressen und Rechnernamen)." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1756 +#: sssd-ldap.5.xml:1758 msgid "ldap_sudo_hostnames (string)" msgstr "ldap_sudo_hostnames (Zeichenkette)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1759 +#: sssd-ldap.5.xml:1761 msgid "" "Space separated list of hostnames or fully qualified domain names that " "should be used to filter the rules." @@ -8081,7 +8110,7 @@ msgstr "" "Domain-Namen, die zum Filtern der Regeln benutzt werden sollen" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1764 +#: sssd-ldap.5.xml:1766 msgid "" "If this option is empty, SSSD will try to discover the hostname and the " "fully qualified domain name automatically." @@ -8090,8 +8119,8 @@ msgstr "" "voll qualifizierten Domain-Namen automatisch herauszufinden." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1769 sssd-ldap.5.xml:1792 sssd-ldap.5.xml:1810 -#: sssd-ldap.5.xml:1828 +#: sssd-ldap.5.xml:1771 sssd-ldap.5.xml:1794 sssd-ldap.5.xml:1812 +#: sssd-ldap.5.xml:1830 msgid "" "If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</" "emphasis> then this option has no effect." @@ -8100,17 +8129,17 @@ msgstr "" "emphasis> ist, hat diese Option keine Auswirkungen." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1774 sssd-ldap.5.xml:1797 +#: sssd-ldap.5.xml:1776 sssd-ldap.5.xml:1799 msgid "Default: not specified" msgstr "Voreinstellung: nicht angegeben" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1780 +#: sssd-ldap.5.xml:1782 msgid "ldap_sudo_ip (string)" msgstr "ldap_sudo_ip (Zeichenkette)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1783 +#: sssd-ldap.5.xml:1785 msgid "" "Space separated list of IPv4 or IPv6 host/network addresses that should be " "used to filter the rules." @@ -8119,7 +8148,7 @@ msgstr "" "Netzwerkadressen, die zum Filtern der Regeln benutzt werden sollen" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1788 +#: sssd-ldap.5.xml:1790 msgid "" "If this option is empty, SSSD will try to discover the addresses " "automatically." @@ -8128,12 +8157,12 @@ msgstr "" "herauszufinden." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1803 +#: sssd-ldap.5.xml:1805 msgid "ldap_sudo_include_netgroups (boolean)" msgstr "ldap_sudo_include_netgroups (Boolesch)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1806 +#: sssd-ldap.5.xml:1808 msgid "" "If true then SSSD will download every rule that contains a netgroup in " "sudoHost attribute." @@ -8142,12 +8171,12 @@ msgstr "" "eine Netzgruppe im Attribut »sudoHost« enthält." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1821 +#: sssd-ldap.5.xml:1823 msgid "ldap_sudo_include_regexp (boolean)" msgstr "ldap_sudo_include_regexp (Boolesch)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1824 +#: sssd-ldap.5.xml:1826 msgid "" "If true then SSSD will download every rule that contains a wildcard in " "sudoHost attribute." @@ -8156,14 +8185,14 @@ msgstr "" "einen Platzhalter im Attribut »sudoHost« enthält." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><note><para> -#: sssd-ldap.5.xml:1834 +#: sssd-ldap.5.xml:1836 msgid "" "Using wildcard is an operation that is very costly to evaluate on the LDAP " "server side!" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1846 +#: sssd-ldap.5.xml:1848 msgid "" "This manual page only describes attribute name mapping. For detailed " "explanation of sudo related attribute semantics, see <citerefentry> " @@ -8176,59 +8205,59 @@ msgstr "" "manvolnum> </citerefentry>." #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1856 +#: sssd-ldap.5.xml:1858 msgid "AUTOFS OPTIONS" msgstr "AUTOFS-OPTIONEN" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1858 +#: sssd-ldap.5.xml:1860 msgid "" "Some of the defaults for the parameters below are dependent on the LDAP " "schema." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1864 +#: sssd-ldap.5.xml:1866 msgid "ldap_autofs_map_master_name (string)" msgstr "ldap_autofs_map_master_name (Zeichenkette)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1867 +#: sssd-ldap.5.xml:1869 msgid "The name of the automount master map in LDAP." msgstr "Der Name der Automount-Master-Abbildung in LDAP." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1870 +#: sssd-ldap.5.xml:1872 msgid "Default: auto.master" msgstr "Voreinstellung: auto.master" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1881 +#: sssd-ldap.5.xml:1883 msgid "ADVANCED OPTIONS" msgstr "ERWEITERTE OPTIONEN" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1888 +#: sssd-ldap.5.xml:1890 msgid "ldap_netgroup_search_base (string)" msgstr "ldap_netgroup_search_base (Zeichenkette)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1893 +#: sssd-ldap.5.xml:1895 msgid "ldap_user_search_base (string)" msgstr "ldap_user_search_base (Zeichenkette)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1898 +#: sssd-ldap.5.xml:1900 msgid "ldap_group_search_base (string)" msgstr "ldap_group_search_base (Zeichenkette)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><note> -#: sssd-ldap.5.xml:1903 +#: sssd-ldap.5.xml:1905 msgid "<note>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para> -#: sssd-ldap.5.xml:1905 +#: sssd-ldap.5.xml:1907 msgid "" "If the option <quote>ldap_use_tokengroups</quote> is enabled, the searches " "against Active Directory will not be restricted and return all groups " @@ -8237,22 +8266,22 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist> -#: sssd-ldap.5.xml:1912 +#: sssd-ldap.5.xml:1914 msgid "</note>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1914 +#: sssd-ldap.5.xml:1916 msgid "ldap_sudo_search_base (string)" msgstr "ldap_sudo_search_base (Zeichenkette)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1919 +#: sssd-ldap.5.xml:1921 msgid "ldap_autofs_search_base (string)" msgstr "ldap_autofs_search_base (Zeichenkette)" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1883 +#: sssd-ldap.5.xml:1885 msgid "" "These options are supported by LDAP domains, but they should be used with " "caution. Please include them in your configuration only if you know what you " @@ -8261,14 +8290,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1934 sssd-simple.5.xml:131 sssd-ipa.5.xml:925 -#: sssd-ad.5.xml:1386 sssd-krb5.5.xml:483 sss_rpcidmapd.5.xml:98 +#: sssd-ldap.5.xml:1936 sssd-simple.5.xml:131 sssd-ipa.5.xml:930 +#: sssd-ad.5.xml:1391 sssd-krb5.5.xml:483 sss_rpcidmapd.5.xml:98 #: sssd-files.5.xml:155 sssd-session-recording.5.xml:176 msgid "EXAMPLE" msgstr "BEISPIEL" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1936 +#: sssd-ldap.5.xml:1938 msgid "" "The following example assumes that SSSD is correctly configured and LDAP is " "set to one of the domains in the <replaceable>[domains]</replaceable> " @@ -8279,7 +8308,7 @@ msgstr "" "gesetzt ist." #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ldap.5.xml:1942 +#: sssd-ldap.5.xml:1944 #, no-wrap msgid "" "[domain/LDAP]\n" @@ -8292,27 +8321,27 @@ msgid "" msgstr "" #. type: Content of: <refsect1><refsect2><para> -#: sssd-ldap.5.xml:1941 sssd-ldap.5.xml:1959 sssd-simple.5.xml:139 -#: sssd-ipa.5.xml:933 sssd-ad.5.xml:1394 sssd-sudo.5.xml:56 sssd-krb5.5.xml:492 +#: sssd-ldap.5.xml:1943 sssd-ldap.5.xml:1961 sssd-simple.5.xml:139 +#: sssd-ipa.5.xml:938 sssd-ad.5.xml:1399 sssd-sudo.5.xml:56 sssd-krb5.5.xml:492 #: sssd-files.5.xml:162 sssd-files.5.xml:173 sssd-session-recording.5.xml:182 #: include/ldap_id_mapping.xml:105 msgid "<placeholder type=\"programlisting\" id=\"0\"/>" msgstr "<placeholder type=\"programlisting\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1953 +#: sssd-ldap.5.xml:1955 msgid "LDAP ACCESS FILTER EXAMPLE" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1955 +#: sssd-ldap.5.xml:1957 msgid "" "The following example assumes that SSSD is correctly configured and to use " "the ldap_access_order=lockout." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ldap.5.xml:1960 +#: sssd-ldap.5.xml:1962 #, no-wrap msgid "" "[domain/LDAP]\n" @@ -8328,13 +8357,13 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1975 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148 -#: sssd-ad.5.xml:1409 sssd.8.xml:238 sss_seed.8.xml:163 +#: sssd-ldap.5.xml:1977 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148 +#: sssd-ad.5.xml:1414 sssd.8.xml:238 sss_seed.8.xml:163 msgid "NOTES" msgstr "ANMERKUNGEN" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1977 +#: sssd-ldap.5.xml:1979 msgid "" "The descriptions of some of the configuration options in this manual page " "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> " @@ -10824,12 +10853,12 @@ msgid "Example: dyndns_iface = em1, vnet1, vnet2" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:204 sssd-ad.5.xml:1285 +#: sssd-ipa.5.xml:204 sssd-ad.5.xml:1290 msgid "dyndns_auth (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:207 sssd-ad.5.xml:1288 +#: sssd-ipa.5.xml:207 sssd-ad.5.xml:1293 msgid "" "Whether the nsupdate utility should use GSS-TSIG authentication for secure " "updates with the DNS server, insecure updates can be sent by setting this " @@ -10837,19 +10866,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:213 sssd-ad.5.xml:1294 +#: sssd-ipa.5.xml:213 sssd-ad.5.xml:1299 msgid "Default: GSS-TSIG" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:219 sssd-ad.5.xml:1300 +#: sssd-ipa.5.xml:219 sssd-ad.5.xml:1305 #, fuzzy #| msgid "dyndns_iface (string)" msgid "dyndns_auth_ptr (string)" msgstr "dyndns_iface (Zeichenkette)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:222 sssd-ad.5.xml:1303 +#: sssd-ipa.5.xml:222 sssd-ad.5.xml:1308 msgid "" "Whether the nsupdate utility should use GSS-TSIG authentication for secure " "PTR updates with the DNS server, insecure updates can be sent by setting " @@ -10857,7 +10886,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:228 sssd-ad.5.xml:1309 +#: sssd-ipa.5.xml:228 sssd-ad.5.xml:1314 msgid "Default: Same as dyndns_auth" msgstr "" @@ -10933,17 +10962,24 @@ msgstr "" "Weiterleitungsdatensätze ändern." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:290 +#: sssd-ipa.5.xml:290 sssd-ad.5.xml:1266 +msgid "" +"Note that <emphasis>dyndns_update_per_family</emphasis> parameter does not " +"apply for PTR record updates. Those updates are always sent separately." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:295 msgid "Default: False (disabled)" msgstr "Voreinstellung: False (deaktiviert)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:296 sssd-ad.5.xml:1272 +#: sssd-ipa.5.xml:301 sssd-ad.5.xml:1277 msgid "dyndns_force_tcp (bool)" msgstr "dyndns_force_tcp (Boolesch)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:299 sssd-ad.5.xml:1275 +#: sssd-ipa.5.xml:304 sssd-ad.5.xml:1280 msgid "" "Whether the nsupdate utility should default to using TCP for communicating " "with the DNS server." @@ -10952,48 +10988,48 @@ msgstr "" "DNS-Server verwenden soll" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:303 sssd-ad.5.xml:1279 +#: sssd-ipa.5.xml:308 sssd-ad.5.xml:1284 msgid "Default: False (let nsupdate choose the protocol)" msgstr "Voreinstellung: False (lässt Nsupdate das Protokoll auswählen)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:309 sssd-ad.5.xml:1315 +#: sssd-ipa.5.xml:314 sssd-ad.5.xml:1320 msgid "dyndns_server (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:312 sssd-ad.5.xml:1318 +#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1323 msgid "" "The DNS server to use when performing a DNS update. In most setups, it's " "recommended to leave this option unset." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1323 +#: sssd-ipa.5.xml:322 sssd-ad.5.xml:1328 msgid "" "Setting this option makes sense for environments where the DNS server is " "different from the identity server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:322 sssd-ad.5.xml:1328 +#: sssd-ipa.5.xml:327 sssd-ad.5.xml:1333 msgid "" "Please note that this option will be only used in fallback attempt when " "previous attempt using autodetected settings failed." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:327 sssd-ad.5.xml:1333 +#: sssd-ipa.5.xml:332 sssd-ad.5.xml:1338 msgid "Default: None (let nsupdate choose the server)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:333 sssd-ad.5.xml:1339 +#: sssd-ipa.5.xml:338 sssd-ad.5.xml:1344 msgid "dyndns_update_per_family (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:336 sssd-ad.5.xml:1342 +#: sssd-ipa.5.xml:341 sssd-ad.5.xml:1347 msgid "" "DNS update is by default performed in two steps - IPv4 update and then IPv6 " "update. In some cases it might be desirable to perform IPv4 and IPv6 update " @@ -11001,52 +11037,52 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:348 +#: sssd-ipa.5.xml:353 #, fuzzy #| msgid "ldap_access_order (string)" msgid "ipa_access_order (string)" msgstr "ldap_access_order (Zeichenkette)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:355 +#: sssd-ipa.5.xml:360 #, fuzzy #| msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" msgid "<emphasis>expire</emphasis>: use IPA's account expiration policy." msgstr "<emphasis>expire</emphasis>: verwendet »ldap_account_expire_policy«." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:394 +#: sssd-ipa.5.xml:399 msgid "" "Please note that 'access_provider = ipa' must be set for this feature to " "work." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:401 +#: sssd-ipa.5.xml:406 msgid "ipa_deskprofile_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:404 +#: sssd-ipa.5.xml:409 msgid "" "Optional. Use the given string as search base for Desktop Profile related " "objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:408 sssd-ipa.5.xml:435 +#: sssd-ipa.5.xml:413 sssd-ipa.5.xml:440 msgid "Default: Use base DN" msgstr "Voreinstellung: verwendet Basis-DN" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:414 +#: sssd-ipa.5.xml:419 #, fuzzy #| msgid "ipa_subdomains_search_base (string)" msgid "ipa_subid_ranges_search_base (string)" msgstr "ipa_subdomains_search_base (Zeichenkette)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:417 +#: sssd-ipa.5.xml:422 #, fuzzy #| msgid "" #| "Optional. Use the given string as search base for HBAC related objects." @@ -11058,97 +11094,97 @@ msgstr "" "bezogene Objekte" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:421 +#: sssd-ipa.5.xml:426 #, fuzzy #| msgid "Default: the value of <emphasis>cn=trusts,%basedn</emphasis>" msgid "Default: the value of <emphasis>cn=subids,%basedn</emphasis>" msgstr "Voreinstellung: der Wert von <emphasis>cn=trusts,%basedn</emphasis>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:428 +#: sssd-ipa.5.xml:433 msgid "ipa_hbac_search_base (string)" msgstr "ipa_hbac_search_base (Zeichenkette)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:431 +#: sssd-ipa.5.xml:436 msgid "Optional. Use the given string as search base for HBAC related objects." msgstr "" "optional, verwendet die angegebene Zeichenkette als Suchgrundlage für HBAC-" "bezogene Objekte" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:441 +#: sssd-ipa.5.xml:446 msgid "ipa_host_search_base (string)" msgstr "ipa_host_search_base (Zeichenkette)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:444 +#: sssd-ipa.5.xml:449 msgid "Deprecated. Use ldap_host_search_base instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:450 +#: sssd-ipa.5.xml:455 msgid "ipa_selinux_search_base (string)" msgstr "ipa_selinux_search_base (Zeichenkette)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:453 +#: sssd-ipa.5.xml:458 msgid "Optional. Use the given string as search base for SELinux user maps." msgstr "" "optional, verwendet die angegebene Zeichenkette als Suchgrundlage für " "SELinux-Benutzerabbildungen" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:469 +#: sssd-ipa.5.xml:474 msgid "ipa_subdomains_search_base (string)" msgstr "ipa_subdomains_search_base (Zeichenkette)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:472 +#: sssd-ipa.5.xml:477 msgid "Optional. Use the given string as search base for trusted domains." msgstr "" "optional, verwendet die angegebene Zeichenkette als Suchgrundlage für " "vertrauenswürdige Domains" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:481 +#: sssd-ipa.5.xml:486 msgid "Default: the value of <emphasis>cn=trusts,%basedn</emphasis>" msgstr "Voreinstellung: der Wert von <emphasis>cn=trusts,%basedn</emphasis>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:488 +#: sssd-ipa.5.xml:493 msgid "ipa_master_domain_search_base (string)" msgstr "ipa_master_domain_search_base (Zeichenkette)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:491 +#: sssd-ipa.5.xml:496 msgid "Optional. Use the given string as search base for master domain object." msgstr "" "optional, verwendet die angegebene Zeichenkette als Suchgrundlage für das " "Master-Domain-Objekt." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:500 +#: sssd-ipa.5.xml:505 msgid "Default: the value of <emphasis>cn=ad,cn=etc,%basedn</emphasis>" msgstr "Voreinstellung: der Wert von <emphasis>cn=ad,cn=etc,%basedn</emphasis>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:507 +#: sssd-ipa.5.xml:512 msgid "ipa_views_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:510 +#: sssd-ipa.5.xml:515 msgid "Optional. Use the given string as search base for views containers." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:519 +#: sssd-ipa.5.xml:524 msgid "Default: the value of <emphasis>cn=views,cn=accounts,%basedn</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:529 +#: sssd-ipa.5.xml:534 msgid "" "The name of the Kerberos realm. This is optional and defaults to the value " "of <quote>ipa_domain</quote>." @@ -11157,7 +11193,7 @@ msgstr "" "Wert von »ipa_domain«." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:533 +#: sssd-ipa.5.xml:538 msgid "" "The name of the Kerberos realm has a special meaning in IPA - it is " "converted into the base DN to use for performing LDAP operations." @@ -11167,37 +11203,37 @@ msgstr "" "zu verwenden." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:541 sssd-ad.5.xml:1357 +#: sssd-ipa.5.xml:546 sssd-ad.5.xml:1362 msgid "krb5_confd_path (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:544 sssd-ad.5.xml:1360 +#: sssd-ipa.5.xml:549 sssd-ad.5.xml:1365 msgid "" "Absolute path of a directory where SSSD should place Kerberos configuration " "snippets." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:548 sssd-ad.5.xml:1364 +#: sssd-ipa.5.xml:553 sssd-ad.5.xml:1369 msgid "" "To disable the creation of the configuration snippets set the parameter to " "'none'." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:552 sssd-ad.5.xml:1368 +#: sssd-ipa.5.xml:557 sssd-ad.5.xml:1373 msgid "" "Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:559 +#: sssd-ipa.5.xml:564 msgid "ipa_deskprofile_refresh (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:562 +#: sssd-ipa.5.xml:567 msgid "" "The amount of time between lookups of the Desktop Profile rules against the " "IPA server. This will reduce the latency and load on the IPA server if there " @@ -11205,34 +11241,34 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:569 sssd-ipa.5.xml:599 sssd-ipa.5.xml:615 sssd-ad.5.xml:599 +#: sssd-ipa.5.xml:574 sssd-ipa.5.xml:604 sssd-ipa.5.xml:620 sssd-ad.5.xml:599 msgid "Default: 5 (seconds)" msgstr "Voreinstellung: 5 (Sekunden)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:575 +#: sssd-ipa.5.xml:580 msgid "ipa_deskprofile_request_interval (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:578 +#: sssd-ipa.5.xml:583 msgid "" "The amount of time between lookups of the Desktop Profile rules against the " "IPA server in case the last request did not return any rule." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:583 +#: sssd-ipa.5.xml:588 msgid "Default: 60 (minutes)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:589 +#: sssd-ipa.5.xml:594 msgid "ipa_hbac_refresh (integer)" msgstr "ipa_hbac_refresh (Ganzzahl)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:592 +#: sssd-ipa.5.xml:597 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server. " "This will reduce the latency and load on the IPA server if there are many " @@ -11243,12 +11279,12 @@ msgstr "" "Zugriffssteuerungsanfragen in einer kurzen Zeitspanne ankommen." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:605 +#: sssd-ipa.5.xml:610 msgid "ipa_hbac_selinux (integer)" msgstr "ipa_hbac_selinux (Ganzzahl)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:608 +#: sssd-ipa.5.xml:613 msgid "" "The amount of time between lookups of the SELinux maps against the IPA " "server. This will reduce the latency and load on the IPA server if there are " @@ -11259,33 +11295,33 @@ msgstr "" "viele Benutzeranmeldeanfragen in einer kurzen Zeitspanne ankommen." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:621 +#: sssd-ipa.5.xml:626 msgid "ipa_server_mode (boolean)" msgstr "ipa_server_mode (Boolesch)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:624 +#: sssd-ipa.5.xml:629 msgid "" "This option will be set by the IPA installer (ipa-server-install) " "automatically and denotes if SSSD is running on an IPA server or not." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:629 +#: sssd-ipa.5.xml:634 msgid "" "On an IPA server SSSD will lookup users and groups from trusted domains " "directly while on a client it will ask an IPA server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:634 +#: sssd-ipa.5.xml:639 msgid "" "NOTE: There are currently some assumptions that must be met when SSSD is " "running on an IPA server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:639 +#: sssd-ipa.5.xml:644 msgid "" "The <quote>ipa_server</quote> option must be configured to point to the IPA " "server itself. This is already the default set by the IPA installer, so no " @@ -11293,59 +11329,59 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:648 +#: sssd-ipa.5.xml:653 msgid "" "The <quote>full_name_format</quote> option must not be tweaked to only print " "short names for users from trusted domains." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:663 +#: sssd-ipa.5.xml:668 msgid "ipa_automount_location (string)" msgstr "ipa_automount_location (Zeichenkette)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:666 +#: sssd-ipa.5.xml:671 msgid "The automounter location this IPA client will be using" msgstr "der Ort des Automounters, den dieser IPA-Client benutzen wird" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:669 +#: sssd-ipa.5.xml:674 msgid "Default: The location named \"default\"" msgstr "Voreinstellung: der Ort namens »default«" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd-ipa.5.xml:677 +#: sssd-ipa.5.xml:682 msgid "VIEWS AND OVERRIDES" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:686 +#: sssd-ipa.5.xml:691 msgid "ipa_view_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:689 +#: sssd-ipa.5.xml:694 msgid "Objectclass of the view container." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:692 +#: sssd-ipa.5.xml:697 msgid "Default: nsContainer" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:698 +#: sssd-ipa.5.xml:703 msgid "ipa_view_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:701 +#: sssd-ipa.5.xml:706 msgid "Name of the attribute holding the name of the view." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:705 sssd-ldap-attributes.5.xml:496 +#: sssd-ipa.5.xml:710 sssd-ldap-attributes.5.xml:496 #: sssd-ldap-attributes.5.xml:830 sssd-ldap-attributes.5.xml:911 #: sssd-ldap-attributes.5.xml:1008 sssd-ldap-attributes.5.xml:1066 #: sssd-ldap-attributes.5.xml:1224 sssd-ldap-attributes.5.xml:1269 @@ -11353,128 +11389,128 @@ msgid "Default: cn" msgstr "Voreinstellung: cn" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:711 +#: sssd-ipa.5.xml:716 msgid "ipa_override_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:714 +#: sssd-ipa.5.xml:719 msgid "Objectclass of the override objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:717 +#: sssd-ipa.5.xml:722 msgid "Default: ipaOverrideAnchor" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:723 +#: sssd-ipa.5.xml:728 msgid "ipa_anchor_uuid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:726 +#: sssd-ipa.5.xml:731 msgid "" "Name of the attribute containing the reference to the original object in a " "remote domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:730 +#: sssd-ipa.5.xml:735 msgid "Default: ipaAnchorUUID" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:736 +#: sssd-ipa.5.xml:741 msgid "ipa_user_override_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:739 +#: sssd-ipa.5.xml:744 msgid "" "Name of the objectclass for user overrides. It is used to determine if the " "found override object is related to a user or a group." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:744 +#: sssd-ipa.5.xml:749 msgid "User overrides can contain attributes given by" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:747 +#: sssd-ipa.5.xml:752 msgid "ldap_user_name" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:750 +#: sssd-ipa.5.xml:755 msgid "ldap_user_uid_number" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:753 +#: sssd-ipa.5.xml:758 msgid "ldap_user_gid_number" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:756 +#: sssd-ipa.5.xml:761 msgid "ldap_user_gecos" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:759 +#: sssd-ipa.5.xml:764 msgid "ldap_user_home_directory" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:762 +#: sssd-ipa.5.xml:767 msgid "ldap_user_shell" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:765 +#: sssd-ipa.5.xml:770 msgid "ldap_user_ssh_public_key" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:770 +#: sssd-ipa.5.xml:775 msgid "Default: ipaUserOverride" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:776 +#: sssd-ipa.5.xml:781 msgid "ipa_group_override_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:779 +#: sssd-ipa.5.xml:784 msgid "" "Name of the objectclass for group overrides. It is used to determine if the " "found override object is related to a user or a group." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:784 +#: sssd-ipa.5.xml:789 msgid "Group overrides can contain attributes given by" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:787 +#: sssd-ipa.5.xml:792 msgid "ldap_group_name" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:790 +#: sssd-ipa.5.xml:795 msgid "ldap_group_gid_number" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:795 +#: sssd-ipa.5.xml:800 msgid "Default: ipaGroupOverride" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd-ipa.5.xml:679 +#: sssd-ipa.5.xml:684 msgid "" "SSSD can handle views and overrides which are offered by FreeIPA 4.1 and " "later version. Since all paths and objectclasses are fixed on the server " @@ -11484,12 +11520,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ipa.5.xml:807 +#: sssd-ipa.5.xml:812 msgid "SUBDOMAINS PROVIDER" msgstr "ANBIETER VON UNTER-DOMAINS" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:809 +#: sssd-ipa.5.xml:814 msgid "" "The IPA subdomains provider behaves slightly differently if it is configured " "explicitly or implicitly." @@ -11498,7 +11534,7 @@ msgstr "" "ob er explizit oder implizit konfiguriert wurde." #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:813 +#: sssd-ipa.5.xml:818 msgid "" "If the option 'subdomains_provider = ipa' is found in the domain section of " "sssd.conf, the IPA subdomains provider is configured explicitly, and all " @@ -11509,7 +11545,7 @@ msgstr "" "und alle Subdomain-Anfragen werden, falls nötig, an den IPA-Server gesandt." #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:819 +#: sssd-ipa.5.xml:824 msgid "" "If the option 'subdomains_provider' is not set in the domain section of sssd." "conf but there is the option 'id_provider = ipa', the IPA subdomains " @@ -11528,12 +11564,12 @@ msgstr "" "online gegangen ist, wird der Subdomain-Anbieter erneut aktiviert." #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ipa.5.xml:830 +#: sssd-ipa.5.xml:835 msgid "TRUSTED DOMAINS CONFIGURATION" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ipa.5.xml:838 +#: sssd-ipa.5.xml:843 #, no-wrap msgid "" "[domain/ipa.domain.com/ad.domain.com]\n" @@ -11541,7 +11577,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:832 +#: sssd-ipa.5.xml:837 msgid "" "Some configuration options can also be set for a trusted domain. A trusted " "domain configuration can be set using the trusted domain subsection as shown " @@ -11551,80 +11587,80 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:843 +#: sssd-ipa.5.xml:848 msgid "" "For more details, see the <citerefentry> <refentrytitle>sssd.conf</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:850 +#: sssd-ipa.5.xml:855 msgid "" "Different configuration options are tunable for a trusted domain depending " "on whether you are configuring SSSD on an IPA server or an IPA client." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd-ipa.5.xml:855 +#: sssd-ipa.5.xml:860 msgid "OPTIONS TUNABLE ON IPA MASTERS" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd-ipa.5.xml:857 +#: sssd-ipa.5.xml:862 msgid "" "The following options can be set in a subdomain section on an IPA master:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:861 sssd-ipa.5.xml:891 +#: sssd-ipa.5.xml:866 sssd-ipa.5.xml:896 msgid "ad_server" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:864 +#: sssd-ipa.5.xml:869 msgid "ad_backup_server" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:867 sssd-ipa.5.xml:894 +#: sssd-ipa.5.xml:872 sssd-ipa.5.xml:899 msgid "ad_site" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:870 +#: sssd-ipa.5.xml:875 msgid "ldap_search_base" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:873 +#: sssd-ipa.5.xml:878 msgid "ldap_user_search_base" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:876 +#: sssd-ipa.5.xml:881 msgid "ldap_group_search_base" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd-ipa.5.xml:885 +#: sssd-ipa.5.xml:890 msgid "OPTIONS TUNABLE ON IPA CLIENTS" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd-ipa.5.xml:887 +#: sssd-ipa.5.xml:892 msgid "" "The following options can be set in a subdomain section on an IPA client:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd-ipa.5.xml:899 +#: sssd-ipa.5.xml:904 msgid "" "Note that if both options are set, only <quote>ad_server</quote> is " "evaluated." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd-ipa.5.xml:903 +#: sssd-ipa.5.xml:908 msgid "" "Since any request for a user or a group identity from a trusted domain " "triggered from an IPA client is resolved by the IPA server, the " @@ -11638,7 +11674,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:927 +#: sssd-ipa.5.xml:932 msgid "" "The following example assumes that SSSD is correctly configured and example." "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " @@ -11650,7 +11686,7 @@ msgstr "" "Optionen von IPA." #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ipa.5.xml:934 +#: sssd-ipa.5.xml:939 #, no-wrap msgid "" "[domain/example.com]\n" @@ -12929,7 +12965,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ad.5.xml:1388 +#: sssd-ad.5.xml:1393 msgid "" "The following example assumes that SSSD is correctly configured and example." "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " @@ -12941,7 +12977,7 @@ msgstr "" "Optionen von AD." #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ad.5.xml:1395 +#: sssd-ad.5.xml:1400 #, no-wrap msgid "" "[domain/EXAMPLE]\n" @@ -12965,7 +13001,7 @@ msgstr "" "ad_domain = example.com\n" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ad.5.xml:1415 +#: sssd-ad.5.xml:1420 #, no-wrap msgid "" "access_provider = ldap\n" @@ -12977,7 +13013,7 @@ msgstr "" "ldap_account_expire_policy = ad\n" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ad.5.xml:1411 +#: sssd-ad.5.xml:1416 msgid "" "The AD access control provider checks if the account is expired. It has the " "same effect as the following configuration of the LDAP provider: " @@ -12988,7 +13024,7 @@ msgstr "" "<placeholder type=\"programlisting\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ad.5.xml:1421 +#: sssd-ad.5.xml:1426 msgid "" "However, unless the <quote>ad</quote> access control provider is explicitly " "configured, the default access provider is <quote>permit</quote>. Please " @@ -12998,7 +13034,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ad.5.xml:1429 +#: sssd-ad.5.xml:1434 msgid "" "When the autofs provider is set to <quote>ad</quote>, the RFC2307 schema " "attribute mapping (nisMap, nisObject, ...) is used, because these attributes " @@ -20323,6 +20359,15 @@ msgstr "" "werden sollen. Diese Funktionalität ist mit MIT-Kerberos 1.7 und neueren " "Versionen verfügbar." +#, fuzzy +#~| msgid "" +#~| "Determines if user credentials are also cached in the local LDB cache" +#~ msgid "" +#~ "Determines if user credentials are also cached in the local LDB cache." +#~ msgstr "" +#~ "bestimmt, ob auch Benutzerberechtigungen im lokalen LDB-Zwischenspeicher " +#~ "zwischengespeichert werden." + #~ msgid "User credentials are stored in a SHA512 hash, not in plaintext" #~ msgstr "" #~ "Benutzerberechtigungen werden in einem SHA512-Hash, nicht im Klartext " diff --git a/src/man/po/es.po b/src/man/po/es.po index cf1bdbea09e..90bff60c085 100644 --- a/src/man/po/es.po +++ b/src/man/po/es.po @@ -18,7 +18,7 @@ msgid "" msgstr "" "Project-Id-Version: sssd-docs 2.3.0\n" "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" -"POT-Creation-Date: 2023-09-07 11:47+0200\n" +"POT-Creation-Date: 2023-11-13 11:53+0100\n" "PO-Revision-Date: 2021-10-27 15:05+0000\n" "Last-Translator: Emilio Herrera <ehespinosa57@gmail.com>\n" "Language-Team: Spanish <https://translate.fedoraproject.org/projects/sssd/" @@ -262,10 +262,10 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:136 sssd.conf.5.xml:173 sssd.conf.5.xml:358 #: sssd.conf.5.xml:714 sssd.conf.5.xml:729 sssd.conf.5.xml:952 -#: sssd.conf.5.xml:1070 sssd.conf.5.xml:2198 sssd-ldap.5.xml:1071 -#: sssd-ldap.5.xml:1174 sssd-ldap.5.xml:1243 sssd-ldap.5.xml:1750 -#: sssd-ldap.5.xml:1815 sssd-ipa.5.xml:342 sssd-ad.5.xml:252 sssd-ad.5.xml:366 -#: sssd-ad.5.xml:1200 sssd-ad.5.xml:1348 sssd-krb5.5.xml:358 +#: sssd.conf.5.xml:1070 sssd.conf.5.xml:2198 sssd-ldap.5.xml:1073 +#: sssd-ldap.5.xml:1176 sssd-ldap.5.xml:1245 sssd-ldap.5.xml:1752 +#: sssd-ldap.5.xml:1817 sssd-ipa.5.xml:347 sssd-ad.5.xml:252 sssd-ad.5.xml:366 +#: sssd-ad.5.xml:1200 sssd-ad.5.xml:1353 sssd-krb5.5.xml:358 msgid "Default: true" msgstr "Predeterminado: true" @@ -286,10 +286,10 @@ msgstr "" #. type: Content of: <variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:149 sssd.conf.5.xml:652 sssd.conf.5.xml:949 -#: sssd.conf.5.xml:2101 sssd.conf.5.xml:2168 sssd.conf.5.xml:4174 -#: sssd-ldap.5.xml:312 sssd-ldap.5.xml:917 sssd-ldap.5.xml:936 -#: sssd-ldap.5.xml:1146 sssd-ldap.5.xml:1599 sssd-ldap.5.xml:1839 -#: sssd-ipa.5.xml:152 sssd-ipa.5.xml:254 sssd-ipa.5.xml:657 sssd-ad.5.xml:1106 +#: sssd.conf.5.xml:2101 sssd.conf.5.xml:2168 sssd.conf.5.xml:4191 +#: sssd-ldap.5.xml:313 sssd-ldap.5.xml:919 sssd-ldap.5.xml:938 +#: sssd-ldap.5.xml:1148 sssd-ldap.5.xml:1601 sssd-ldap.5.xml:1841 +#: sssd-ipa.5.xml:152 sssd-ipa.5.xml:254 sssd-ipa.5.xml:662 sssd-ad.5.xml:1106 #: sssd-krb5.5.xml:268 sssd-krb5.5.xml:330 sssd-krb5.5.xml:432 #: include/krb5_options.xml:163 msgid "Default: false" @@ -330,8 +330,8 @@ msgstr "" "configuración no tiene efecto para otro tipo de registros)." #. type: Content of: outside any tag (error?) -#: sssd.conf.5.xml:109 sssd.conf.5.xml:184 sssd-ldap.5.xml:1656 -#: sssd-ldap.5.xml:1862 sss-certmap.5.xml:645 sssd-systemtap.5.xml:82 +#: sssd.conf.5.xml:109 sssd.conf.5.xml:184 sssd-ldap.5.xml:1658 +#: sssd-ldap.5.xml:1864 sss-certmap.5.xml:645 sssd-systemtap.5.xml:82 #: sssd-systemtap.5.xml:143 sssd-systemtap.5.xml:236 sssd-systemtap.5.xml:274 #: sssd-systemtap.5.xml:330 sssd-ldap-attributes.5.xml:40 #: sssd-ldap-attributes.5.xml:659 sssd-ldap-attributes.5.xml:801 @@ -365,7 +365,7 @@ msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:196 sssd.conf.5.xml:1290 sssd.conf.5.xml:1767 -#: sssd.conf.5.xml:4190 sssd-ldap.5.xml:765 include/ldap_id_mapping.xml:270 +#: sssd.conf.5.xml:4207 sssd-ldap.5.xml:766 include/ldap_id_mapping.xml:270 msgid "Default: 10" msgstr "Predeterminado: 10" @@ -457,7 +457,7 @@ msgstr "" "de datos del proveedor, o de reiniciarse antes de abandonar" #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:266 sssd.conf.5.xml:792 sssd.conf.5.xml:3709 +#: sssd.conf.5.xml:266 sssd.conf.5.xml:792 sssd.conf.5.xml:3716 #: include/failover.xml:100 msgid "Default: 3" msgstr "Predeterminado: 3" @@ -485,7 +485,7 @@ msgstr "" "\"/\" está prohibido." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:287 sssd.conf.5.xml:3541 +#: sssd.conf.5.xml:287 sssd.conf.5.xml:3548 msgid "re_expression (string)" msgstr "re_expression (cadena)" @@ -510,12 +510,12 @@ msgstr "" "las SECCIONES DOMINIO para mas información sobre estas expresiones regulares." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:304 sssd.conf.5.xml:3598 +#: sssd.conf.5.xml:304 sssd.conf.5.xml:3605 msgid "full_name_format (string)" msgstr "full_name_format (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:307 sssd.conf.5.xml:3601 +#: sssd.conf.5.xml:307 sssd.conf.5.xml:3608 msgid "" "A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</" "manvolnum> </citerefentry>-compatible format that describes how to compose a " @@ -527,33 +527,33 @@ msgstr "" "dominio." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:318 sssd.conf.5.xml:3612 +#: sssd.conf.5.xml:318 sssd.conf.5.xml:3619 msgid "%1$s" msgstr "%1$s" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:319 sssd.conf.5.xml:3613 +#: sssd.conf.5.xml:319 sssd.conf.5.xml:3620 msgid "user name" msgstr "nombre de usuario" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:322 sssd.conf.5.xml:3616 +#: sssd.conf.5.xml:322 sssd.conf.5.xml:3623 msgid "%2$s" msgstr "%2$s" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:325 sssd.conf.5.xml:3619 +#: sssd.conf.5.xml:325 sssd.conf.5.xml:3626 msgid "domain name as specified in the SSSD config file." msgstr "" "nombre de dominio como se especifica en el fichero de configuración SSSD" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:331 sssd.conf.5.xml:3625 +#: sssd.conf.5.xml:331 sssd.conf.5.xml:3632 msgid "%3$s" msgstr "%3$s" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:334 sssd.conf.5.xml:3628 +#: sssd.conf.5.xml:334 sssd.conf.5.xml:3635 msgid "" "domain flat name. Mostly usable for Active Directory domains, both directly " "configured or discovered via IPA trusts." @@ -563,7 +563,7 @@ msgstr "" "medio de IPA de confianza." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:315 sssd.conf.5.xml:3609 +#: sssd.conf.5.xml:315 sssd.conf.5.xml:3616 msgid "" "The following expansions are supported: <placeholder type=\"variablelist\" " "id=\"0\"/>" @@ -774,8 +774,8 @@ msgstr "" "cuando se use la opción default_domain_suffix." #. type: Content of: <variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:468 sssd-ldap.5.xml:876 sssd-ldap.5.xml:888 -#: sssd-ldap.5.xml:980 sssd-ad.5.xml:920 sssd-ad.5.xml:995 sssd-krb5.5.xml:468 +#: sssd.conf.5.xml:468 sssd-ldap.5.xml:877 sssd-ldap.5.xml:889 +#: sssd-ldap.5.xml:982 sssd-ad.5.xml:920 sssd-ad.5.xml:995 sssd-krb5.5.xml:468 #: sssd-ldap-attributes.5.xml:470 sssd-ldap-attributes.5.xml:976 #: include/ldap_id_mapping.xml:211 include/ldap_id_mapping.xml:222 #: include/krb5_options.xml:148 @@ -1132,7 +1132,7 @@ msgstr "" "casos donde los nombres de usuarios se deben compartir entre dominios." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:700 sssd.conf.5.xml:1791 sssd.conf.5.xml:4240 +#: sssd.conf.5.xml:700 sssd.conf.5.xml:1791 sssd.conf.5.xml:4257 #: sssd-ad.5.xml:187 sssd-ad.5.xml:327 sssd-ad.5.xml:341 msgid "Default: Not set" msgstr "Por defecto: No definido" @@ -1360,7 +1360,7 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:858 sssd.conf.5.xml:1201 sssd.conf.5.xml:1584 -#: sssd.conf.5.xml:1880 sssd-ldap.5.xml:494 +#: sssd.conf.5.xml:1880 sssd-ldap.5.xml:495 msgid "Default: 60" msgstr "Predeterminado: 60" @@ -1479,7 +1479,7 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:937 sssd.conf.5.xml:1214 sssd.conf.5.xml:2322 -#: sssd-ldap.5.xml:331 +#: sssd-ldap.5.xml:332 msgid "Default: 300" msgstr "Predeterminado: 300" @@ -1933,7 +1933,7 @@ msgstr "" "cache serán validos. Fijando esta opción o cero deshabilita la memoria cache." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1240 sssd.conf.5.xml:2964 sssd-ldap.5.xml:548 +#: sssd.conf.5.xml:1240 sssd.conf.5.xml:2971 sssd-ldap.5.xml:549 msgid "Default: 8" msgstr "Predeterminado: 8" @@ -1974,8 +1974,8 @@ msgstr "" "cache serán validos. Fijando esta opción o cero deshabilita la memoria cache." #. type: Content of: <variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1265 sssd.conf.5.xml:1317 sssd.conf.5.xml:3730 -#: sssd-ldap.5.xml:473 sssd-ldap.5.xml:525 include/failover.xml:116 +#: sssd.conf.5.xml:1265 sssd.conf.5.xml:1317 sssd.conf.5.xml:3737 +#: sssd-ldap.5.xml:474 sssd-ldap.5.xml:526 include/failover.xml:116 #: include/krb5_options.xml:11 msgid "Default: 6" msgstr "Predeterminado: 6" @@ -2358,7 +2358,7 @@ msgid "pam_pwd_expiration_warning (integer)" msgstr "pam_pwd_expiration_warning (entero)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1553 sssd.conf.5.xml:2988 +#: sssd.conf.5.xml:1553 sssd.conf.5.xml:2995 msgid "Display a warning N days before the password expires." msgstr "Mostrar una advertencia N días antes que la contraseña caduque." @@ -2374,7 +2374,7 @@ msgstr "" "información desaparece, sssd no podrá mostrar un aviso." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1562 sssd.conf.5.xml:2991 +#: sssd.conf.5.xml:1562 sssd.conf.5.xml:2998 msgid "" "If zero is set, then this filter is not applied, i.e. if the expiration " "warning was received from backend server, it will automatically be displayed." @@ -2393,7 +2393,7 @@ msgstr "" "<emphasis>pwd_expiration_warning</emphasis> para un dominio concreto." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1572 sssd.conf.5.xml:3977 sssd-ldap.5.xml:606 sssd.8.xml:79 +#: sssd.conf.5.xml:1572 sssd.conf.5.xml:3984 sssd-ldap.5.xml:607 sssd.8.xml:79 msgid "Default: 0" msgstr "Predeterminado: 0" @@ -2470,8 +2470,8 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1632 sssd.conf.5.xml:1657 sssd.conf.5.xml:1676 -#: sssd.conf.5.xml:1913 sssd.conf.5.xml:2733 sssd.conf.5.xml:3906 -#: sssd-ldap.5.xml:1207 +#: sssd.conf.5.xml:1913 sssd.conf.5.xml:2733 sssd.conf.5.xml:3913 +#: sssd-ldap.5.xml:1209 msgid "Default: none" msgstr "Predeterminado: none" @@ -2547,8 +2547,8 @@ msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1687 sssd.conf.5.xml:1698 sssd.conf.5.xml:1712 -#: sssd-ldap.5.xml:671 sssd-ldap.5.xml:692 sssd-ldap.5.xml:788 -#: sssd-ldap.5.xml:1293 sssd-ad.5.xml:505 sssd-ad.5.xml:581 sssd-ad.5.xml:1126 +#: sssd-ldap.5.xml:672 sssd-ldap.5.xml:693 sssd-ldap.5.xml:789 +#: sssd-ldap.5.xml:1295 sssd-ad.5.xml:505 sssd-ad.5.xml:581 sssd-ad.5.xml:1126 #: sssd-ad.5.xml:1175 include/ldap_id_mapping.xml:250 msgid "Default: False" msgstr "Por defecto: False" @@ -2590,7 +2590,7 @@ msgid "The path to the certificate database." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1723 sssd.conf.5.xml:2248 sssd.conf.5.xml:4354 +#: sssd.conf.5.xml:1723 sssd.conf.5.xml:2248 sssd.conf.5.xml:4371 msgid "Default:" msgstr "Predeterminado:" @@ -2921,7 +2921,7 @@ msgid "Default: no_session" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1950 sssd.conf.5.xml:4293 +#: sssd.conf.5.xml:1950 sssd.conf.5.xml:4310 #, fuzzy #| msgid "pam_app_services (string)" msgid "pam_gssapi_services" @@ -2964,7 +2964,7 @@ msgstr "" " " #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1968 sssd.conf.5.xml:3900 +#: sssd.conf.5.xml:1968 sssd.conf.5.xml:3907 msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>" msgstr "Ejemplo: <placeholder type=\"programlisting\" id=\"0\"/>" @@ -2974,7 +2974,7 @@ msgid "Default: - (GSSAPI authentication is disabled)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1979 sssd.conf.5.xml:4294 +#: sssd.conf.5.xml:1979 sssd.conf.5.xml:4311 msgid "pam_gssapi_check_upn" msgstr "" @@ -2994,7 +2994,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1999 sssd-ad.5.xml:1266 sss_rpcidmapd.5.xml:76 +#: sssd.conf.5.xml:1999 sssd-ad.5.xml:1271 sss_rpcidmapd.5.xml:76 #: sssd-files.5.xml:145 msgid "Default: True" msgstr "Predeterminado: True" @@ -3885,7 +3885,7 @@ msgid "FALSE = No enumerations for this domain" msgstr "FALSE = Sin enumeraciones para este dominio" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2669 sssd.conf.5.xml:2943 sssd.conf.5.xml:3120 +#: sssd.conf.5.xml:2669 sssd.conf.5.xml:2950 sssd.conf.5.xml:3127 msgid "Default: FALSE" msgstr "Predeterminado: FALSE" @@ -4211,7 +4211,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2922 sssd-ldap.5.xml:360 sssd-ldap.5.xml:1736 +#: sssd.conf.5.xml:2922 sssd-ldap.5.xml:361 sssd-ldap.5.xml:1738 #: sssd-ipa.5.xml:270 msgid "Default: 0 (disabled)" msgstr "Predeterminado: 0 (deshabilitado)" @@ -4223,16 +4223,17 @@ msgstr "cache_credentials (bool)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:2931 -#, fuzzy -#| msgid "" -#| "Determines if user credentials are also cached in the local LDB cache" -msgid "Determines if user credentials are also cached in the local LDB cache." +msgid "" +"Determines if user credentials are also cached in the local LDB cache. The " +"cached credentials refer to passwords, which includes the first (long term) " +"factor of two-factor authentication, not other authentication mechanisms. " +"Passkey and Smartcard authentications are expected to work offline as long " +"as a successful online authentication is recorded in the cache without " +"additional configuration." msgstr "" -"Determina si las credenciales del usuario están también escondidas en el " -"cache LDB local" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2935 +#: sssd.conf.5.xml:2942 msgid "" "Take a note that while credentials are stored as a salted SHA512 hash, this " "still potentially poses some security risk in case an attacker manages to " @@ -4241,12 +4242,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2949 +#: sssd.conf.5.xml:2956 msgid "cache_credentials_minimal_first_factor_length (int)" msgstr "cache_credentials_minimal_first_factor_length (entero)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2952 +#: sssd.conf.5.xml:2959 msgid "" "If 2-Factor-Authentication (2FA) is used and credentials should be saved " "this value determines the minimal length the first authentication factor " @@ -4258,7 +4259,7 @@ msgstr "" "SHA512 en el caché." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2959 +#: sssd.conf.5.xml:2966 msgid "" "This should avoid that the short PINs of a PIN based 2FA scheme are saved in " "the cache which would make them easy targets for brute-force attacks." @@ -4268,12 +4269,12 @@ msgstr "" "bruta." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2970 +#: sssd.conf.5.xml:2977 msgid "account_cache_expiration (integer)" msgstr "account_cache_expiration (entero)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2973 +#: sssd.conf.5.xml:2980 msgid "" "Number of days entries are left in cache after last successful login before " "being removed during a cleanup of the cache. 0 means keep forever. The " @@ -4286,17 +4287,17 @@ msgstr "" "grande o igual que offline_credentials_expiration." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2980 +#: sssd.conf.5.xml:2987 msgid "Default: 0 (unlimited)" msgstr "Predeterminado: 0 (ilimitado)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2985 +#: sssd.conf.5.xml:2992 msgid "pwd_expiration_warning (integer)" msgstr "pwd_expiration_warning (entero)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2996 +#: sssd.conf.5.xml:3003 msgid "" "Please note that the backend server has to provide information about the " "expiration time of the password. If this information is missing, sssd " @@ -4309,17 +4310,17 @@ msgstr "" "configurar un proveedor de autorización para el backend." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3003 +#: sssd.conf.5.xml:3010 msgid "Default: 7 (Kerberos), 0 (LDAP)" msgstr "Por defecto: 7 (Kerberos), 0 (LDAP)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3009 +#: sssd.conf.5.xml:3016 msgid "id_provider (string)" msgstr "id_provider (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3012 +#: sssd.conf.5.xml:3019 msgid "" "The identification provider used for the domain. Supported ID providers are:" msgstr "" @@ -4327,12 +4328,12 @@ msgstr "" "soportados son:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3016 +#: sssd.conf.5.xml:3023 msgid "<quote>proxy</quote>: Support a legacy NSS provider." msgstr "<quote>proxy</quote>: Soporta un proveedor NSS heredado." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3019 +#: sssd.conf.5.xml:3026 msgid "" "<quote>files</quote>: FILES provider. See <citerefentry> <refentrytitle>sssd-" "files</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more " @@ -4344,7 +4345,7 @@ msgstr "" "grupos locales en SSSD." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3027 +#: sssd.conf.5.xml:3034 msgid "" "<quote>ldap</quote>: LDAP provider. See <citerefentry> <refentrytitle>sssd-" "ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more " @@ -4355,8 +4356,8 @@ msgstr "" "información sobre la configuración de LDAP." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3035 sssd.conf.5.xml:3146 sssd.conf.5.xml:3197 -#: sssd.conf.5.xml:3260 +#: sssd.conf.5.xml:3042 sssd.conf.5.xml:3153 sssd.conf.5.xml:3204 +#: sssd.conf.5.xml:3267 msgid "" "<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management " "provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> " @@ -4369,8 +4370,8 @@ msgstr "" "configuración de FreeIPA." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3044 sssd.conf.5.xml:3155 sssd.conf.5.xml:3206 -#: sssd.conf.5.xml:3269 +#: sssd.conf.5.xml:3051 sssd.conf.5.xml:3162 sssd.conf.5.xml:3213 +#: sssd.conf.5.xml:3276 msgid "" "<quote>ad</quote>: Active Directory provider. See <citerefentry> " "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </" @@ -4382,12 +4383,12 @@ msgstr "" "Directory." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3055 +#: sssd.conf.5.xml:3062 msgid "use_fully_qualified_names (bool)" msgstr "use_fully_qualified_names (bool)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3058 +#: sssd.conf.5.xml:3065 msgid "" "Use the full name and domain (as formatted by the domain's full_name_format) " "as the user's login name reported to NSS." @@ -4397,7 +4398,7 @@ msgstr "" "NSS." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3063 +#: sssd.conf.5.xml:3070 msgid "" "If set to TRUE, all requests to this domain must use fully qualified names. " "For example, if used in LOCAL domain that contains a \"test\" user, " @@ -4411,7 +4412,7 @@ msgstr "" "command> lo haría." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3071 +#: sssd.conf.5.xml:3078 msgid "" "NOTE: This option has no effect on netgroup lookups due to their tendency to " "include nested netgroups without qualified names. For netgroups, all domains " @@ -4423,24 +4424,24 @@ msgstr "" "cualificado." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3078 +#: sssd.conf.5.xml:3085 msgid "" "Default: FALSE (TRUE for trusted domain/sub-domains or if " "default_domain_suffix is used)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3085 +#: sssd.conf.5.xml:3092 msgid "ignore_group_members (bool)" msgstr "ignore_group_members (bool)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3088 +#: sssd.conf.5.xml:3095 msgid "Do not return group members for group lookups." msgstr "No devuelve miembros de grupo para búsquedas de grupo." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3091 +#: sssd.conf.5.xml:3098 msgid "" "If set to TRUE, the group membership attribute is not requested from the " "ldap server, and group members are not returned when processing group lookup " @@ -4459,7 +4460,7 @@ msgstr "" "devolver el grupo pedido como si estuviera vacío." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3109 +#: sssd.conf.5.xml:3116 msgid "" "Enabling this option can also make access provider checks for group " "membership significantly faster, especially for groups containing many " @@ -4470,23 +4471,23 @@ msgstr "" "especialmente para grupos que contienen muchos miembros." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3115 sssd.conf.5.xml:3822 sssd-ldap.5.xml:326 -#: sssd-ldap.5.xml:355 sssd-ldap.5.xml:408 sssd-ldap.5.xml:468 -#: sssd-ldap.5.xml:489 sssd-ldap.5.xml:520 sssd-ldap.5.xml:543 -#: sssd-ldap.5.xml:582 sssd-ldap.5.xml:601 sssd-ldap.5.xml:625 -#: sssd-ldap.5.xml:1051 sssd-ldap.5.xml:1084 +#: sssd.conf.5.xml:3122 sssd.conf.5.xml:3829 sssd-ldap.5.xml:327 +#: sssd-ldap.5.xml:356 sssd-ldap.5.xml:409 sssd-ldap.5.xml:469 +#: sssd-ldap.5.xml:490 sssd-ldap.5.xml:521 sssd-ldap.5.xml:544 +#: sssd-ldap.5.xml:583 sssd-ldap.5.xml:602 sssd-ldap.5.xml:626 +#: sssd-ldap.5.xml:1053 sssd-ldap.5.xml:1086 msgid "" "This option can be also set per subdomain or inherited via " "<emphasis>subdomain_inherit</emphasis>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3125 +#: sssd.conf.5.xml:3132 msgid "auth_provider (string)" msgstr "auth_provider (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3128 +#: sssd.conf.5.xml:3135 msgid "" "The authentication provider used for the domain. Supported auth providers " "are:" @@ -4495,7 +4496,7 @@ msgstr "" "autenticación soportados son:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3132 sssd.conf.5.xml:3190 +#: sssd.conf.5.xml:3139 sssd.conf.5.xml:3197 msgid "" "<quote>ldap</quote> for native LDAP authentication. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" @@ -4506,7 +4507,7 @@ msgstr "" "citerefentry> para más información sobre la configuración LDAP." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3139 +#: sssd.conf.5.xml:3146 msgid "" "<quote>krb5</quote> for Kerberos authentication. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" @@ -4517,7 +4518,7 @@ msgstr "" "citerefentry> para más información sobre la configuración de Kerberos." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3163 +#: sssd.conf.5.xml:3170 msgid "" "<quote>proxy</quote> for relaying authentication to some other PAM target." msgstr "" @@ -4525,12 +4526,12 @@ msgstr "" "objetivo PAM." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3166 +#: sssd.conf.5.xml:3173 msgid "<quote>none</quote> disables authentication explicitly." msgstr "<quote>none</quote> deshabilita la autenticación explícitamente." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3169 +#: sssd.conf.5.xml:3176 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can handle " "authentication requests." @@ -4539,12 +4540,12 @@ msgstr "" "manejar las peticiones de autenticación." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3175 +#: sssd.conf.5.xml:3182 msgid "access_provider (string)" msgstr "access_provider (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3178 +#: sssd.conf.5.xml:3185 msgid "" "The access control provider used for the domain. There are two built-in " "access providers (in addition to any included in installed backends) " @@ -4555,7 +4556,7 @@ msgstr "" "proveedores especiales internos son:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3184 +#: sssd.conf.5.xml:3191 msgid "" "<quote>permit</quote> always allow access. It's the only permitted access " "provider for a local domain." @@ -4564,12 +4565,12 @@ msgstr "" "sólo permitido para un dominio local." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3187 +#: sssd.conf.5.xml:3194 msgid "<quote>deny</quote> always deny access." msgstr "<quote>deny</quote> siempre niega el acceso." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3214 +#: sssd.conf.5.xml:3221 msgid "" "<quote>simple</quote> access control based on access or deny lists. See " "<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</" @@ -4582,7 +4583,7 @@ msgstr "" "configuración del módulo de acceso sencillo." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3221 +#: sssd.conf.5.xml:3228 msgid "" "<quote>krb5</quote>: .k5login based access control. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum></" @@ -4594,23 +4595,23 @@ msgstr "" "Kerberos." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3228 +#: sssd.conf.5.xml:3235 msgid "<quote>proxy</quote> for relaying access control to another PAM module." msgstr "" "<quote>proxy</quote> para transmitir control de acceso a otro módulo PAM." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3231 +#: sssd.conf.5.xml:3238 msgid "Default: <quote>permit</quote>" msgstr "Predeterminado: <quote>permit</quote>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3236 +#: sssd.conf.5.xml:3243 msgid "chpass_provider (string)" msgstr "chpass_provider (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3239 +#: sssd.conf.5.xml:3246 msgid "" "The provider which should handle change password operations for the domain. " "Supported change password providers are:" @@ -4619,7 +4620,7 @@ msgstr "" "el dominio. Los proveedores de cambio de passweord soportados son:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3244 +#: sssd.conf.5.xml:3251 msgid "" "<quote>ldap</quote> to change a password stored in a LDAP server. See " "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" @@ -4631,7 +4632,7 @@ msgstr "" "configuración de LDAP." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3252 +#: sssd.conf.5.xml:3259 msgid "" "<quote>krb5</quote> to change the Kerberos password. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" @@ -4642,7 +4643,7 @@ msgstr "" "citerefentry> para más información sobre configurar Kerberos." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3277 +#: sssd.conf.5.xml:3284 msgid "" "<quote>proxy</quote> for relaying password changes to some other PAM target." msgstr "" @@ -4650,13 +4651,13 @@ msgstr "" "otros objetivos PAM." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3281 +#: sssd.conf.5.xml:3288 msgid "<quote>none</quote> disallows password changes explicitly." msgstr "" "<quote>none</quote> deniega explícitamente los cambios en la contraseña." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3284 +#: sssd.conf.5.xml:3291 msgid "" "Default: <quote>auth_provider</quote> is used if it is set and can handle " "change password requests." @@ -4665,18 +4666,18 @@ msgstr "" "puede manejar las peticiones de cambio de password." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3291 +#: sssd.conf.5.xml:3298 msgid "sudo_provider (string)" msgstr "sudo_provider (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3294 +#: sssd.conf.5.xml:3301 msgid "The SUDO provider used for the domain. Supported SUDO providers are:" msgstr "" "El proveedor SUDO usado por el dominio. Los proveedores SUDO soportados son:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3298 +#: sssd.conf.5.xml:3305 msgid "" "<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" @@ -4687,7 +4688,7 @@ msgstr "" "citerefentry> para más información sobre la configuración LDAP." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3306 +#: sssd.conf.5.xml:3313 msgid "" "<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default " "settings." @@ -4696,7 +4697,7 @@ msgstr "" "predeterminados IPA." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3310 +#: sssd.conf.5.xml:3317 msgid "" "<quote>ad</quote> the same as <quote>ldap</quote> but with AD default " "settings." @@ -4705,19 +4706,19 @@ msgstr "" "predeterminados AD." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3314 +#: sssd.conf.5.xml:3321 msgid "<quote>none</quote> disables SUDO explicitly." msgstr "<quote>none</quote>deshabilita SUDO explícitamente." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3317 sssd.conf.5.xml:3403 sssd.conf.5.xml:3473 -#: sssd.conf.5.xml:3498 sssd.conf.5.xml:3534 +#: sssd.conf.5.xml:3324 sssd.conf.5.xml:3410 sssd.conf.5.xml:3480 +#: sssd.conf.5.xml:3505 sssd.conf.5.xml:3541 msgid "Default: The value of <quote>id_provider</quote> is used if it is set." msgstr "" "Por defecto: el valor de <quote>id_provider</quote> se usa si está fijado." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3321 +#: sssd.conf.5.xml:3328 msgid "" "The detailed instructions for configuration of sudo_provider are in the " "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " @@ -4734,7 +4735,7 @@ msgstr "" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3336 +#: sssd.conf.5.xml:3343 msgid "" "<emphasis>NOTE:</emphasis> Sudo rules are periodically downloaded in the " "background unless the sudo provider is explicitly disabled. Set " @@ -4748,12 +4749,12 @@ msgstr "" "desea usar sudo cn SSSD mas." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3346 +#: sssd.conf.5.xml:3353 msgid "selinux_provider (string)" msgstr "selinux_provider (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3349 +#: sssd.conf.5.xml:3356 msgid "" "The provider which should handle loading of selinux settings. Note that this " "provider will be called right after access provider ends. Supported selinux " @@ -4764,7 +4765,7 @@ msgstr "" "finalice. Los proveedores selinux soportados son:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3355 +#: sssd.conf.5.xml:3362 msgid "" "<quote>ipa</quote> to load selinux settings from an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" @@ -4776,14 +4777,14 @@ msgstr "" "IPA." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3363 +#: sssd.conf.5.xml:3370 msgid "<quote>none</quote> disallows fetching selinux settings explicitly." msgstr "" "<quote>none</quote> deshabilita ir a buscar los ajustes selinux " "explícitamente." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3366 +#: sssd.conf.5.xml:3373 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can handle " "selinux loading requests." @@ -4792,12 +4793,12 @@ msgstr "" "manejar las peticiones de carga selinux." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3372 +#: sssd.conf.5.xml:3379 msgid "subdomains_provider (string)" msgstr "subdomains_provider (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3375 +#: sssd.conf.5.xml:3382 msgid "" "The provider which should handle fetching of subdomains. This value should " "be always the same as id_provider. Supported subdomain providers are:" @@ -4807,7 +4808,7 @@ msgstr "" "soportados son:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3381 +#: sssd.conf.5.xml:3388 msgid "" "<quote>ipa</quote> to load a list of subdomains from an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" @@ -4819,7 +4820,7 @@ msgstr "" "configuración de IPA." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3390 +#: sssd.conf.5.xml:3397 msgid "" "<quote>ad</quote> to load a list of subdomains from an Active Directory " "server. See <citerefentry> <refentrytitle>sssd-ad</refentrytitle> " @@ -4832,18 +4833,18 @@ msgstr "" "configuración del proveedor AD." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3399 +#: sssd.conf.5.xml:3406 msgid "<quote>none</quote> disallows fetching subdomains explicitly." msgstr "" "<quote>none</quote> deshabilita el buscador de subdominios explícitamente." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3409 +#: sssd.conf.5.xml:3416 msgid "session_provider (string)" msgstr "session_provider (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3412 +#: sssd.conf.5.xml:3419 msgid "" "The provider which configures and manages user session related tasks. The " "only user session task currently provided is the integration with Fleet " @@ -4855,14 +4856,14 @@ msgstr "" "de sesiones soportados son:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3419 +#: sssd.conf.5.xml:3426 msgid "<quote>ipa</quote> to allow performing user session related tasks." msgstr "" "<quote>ipa</quote> para permitir llevar a cabo tareas relacionadas con la " "sesión de usuario." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3423 +#: sssd.conf.5.xml:3430 msgid "" "<quote>none</quote> does not perform any kind of user session related tasks." msgstr "" @@ -4870,7 +4871,7 @@ msgstr "" "de usuario." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3427 +#: sssd.conf.5.xml:3434 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can perform " "session related tasks." @@ -4879,7 +4880,7 @@ msgstr "" "llevar a cabo tareas relacionadas con la sesión de usuario." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3431 +#: sssd.conf.5.xml:3438 msgid "" "<emphasis>NOTE:</emphasis> In order to have this feature working as expected " "SSSD must be running as \"root\" and not as the unprivileged user." @@ -4889,12 +4890,12 @@ msgstr "" "sin privilegios." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3439 +#: sssd.conf.5.xml:3446 msgid "autofs_provider (string)" msgstr "autofs_provider (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3442 +#: sssd.conf.5.xml:3449 msgid "" "The autofs provider used for the domain. Supported autofs providers are:" msgstr "" @@ -4902,7 +4903,7 @@ msgstr "" "son:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3446 +#: sssd.conf.5.xml:3453 msgid "" "<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" @@ -4914,7 +4915,7 @@ msgstr "" "LDAP." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3453 +#: sssd.conf.5.xml:3460 msgid "" "<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> " "<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </" @@ -4926,7 +4927,7 @@ msgstr "" "IPA." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3461 +#: sssd.conf.5.xml:3468 msgid "" "<quote>ad</quote> to load maps stored in an AD server. See <citerefentry> " "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </" @@ -4938,17 +4939,17 @@ msgstr "" "proveedor AD." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3470 +#: sssd.conf.5.xml:3477 msgid "<quote>none</quote> disables autofs explicitly." msgstr "<quote>none</quote> deshabilita autofs explícitamente." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3480 +#: sssd.conf.5.xml:3487 msgid "hostid_provider (string)" msgstr "hostid_provider (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3483 +#: sssd.conf.5.xml:3490 msgid "" "The provider used for retrieving host identity information. Supported " "hostid providers are:" @@ -4957,7 +4958,7 @@ msgstr "" "proveedores de hostid soportados son:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3487 +#: sssd.conf.5.xml:3494 msgid "" "<quote>ipa</quote> to load host identity stored in an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" @@ -4969,31 +4970,31 @@ msgstr "" "configuración de IPA." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3495 +#: sssd.conf.5.xml:3502 msgid "<quote>none</quote> disables hostid explicitly." msgstr "<quote>none</quote> deshabilita hostid explícitamente." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3505 +#: sssd.conf.5.xml:3512 msgid "resolver_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3508 +#: sssd.conf.5.xml:3515 msgid "" "The provider which should handle hosts and networks lookups. Supported " "resolver providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3512 +#: sssd.conf.5.xml:3519 msgid "" "<quote>proxy</quote> to forward lookups to another NSS library. See " "<quote>proxy_resolver_lib_name</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3516 +#: sssd.conf.5.xml:3523 msgid "" "<quote>ldap</quote> to fetch hosts and networks stored in LDAP. See " "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" @@ -5001,7 +5002,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3523 +#: sssd.conf.5.xml:3530 msgid "" "<quote>ad</quote> to fetch hosts and networks stored in AD. See " "<citerefentry> <refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</" @@ -5010,12 +5011,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3531 +#: sssd.conf.5.xml:3538 msgid "<quote>none</quote> disallows fetching hosts and networks explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3544 +#: sssd.conf.5.xml:3551 msgid "" "Regular expression for this domain that describes how to parse the string " "containing user name and domain into these components. The \"domain\" can " @@ -5030,7 +5031,7 @@ msgstr "" "dominios Active Directory, el nombre plano (NetBIOS) del dominio." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3553 +#: sssd.conf.5.xml:3560 #, fuzzy #| msgid "" #| "Default for the AD and IPA provider: <quote>(((?P<domain>[^\\\\]+)\\" @@ -5047,17 +5048,17 @@ msgstr "" "nombres de usuario:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:3558 sssd.conf.5.xml:3572 +#: sssd.conf.5.xml:3565 sssd.conf.5.xml:3579 msgid "username" msgstr "nombre de usuario" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:3561 sssd.conf.5.xml:3575 +#: sssd.conf.5.xml:3568 sssd.conf.5.xml:3582 msgid "username@domain.name" msgstr "username@domain.name" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3566 +#: sssd.conf.5.xml:3573 #, fuzzy #| msgid "" #| "Default for the AD and IPA provider: <quote>(((?P<domain>[^\\\\]+)\\" @@ -5076,12 +5077,12 @@ msgstr "" "nombres de usuario:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:3578 +#: sssd.conf.5.xml:3585 msgid "domain\\username" msgstr "dominio/nombre_de_usuario" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3581 +#: sssd.conf.5.xml:3588 msgid "" "While the first two correspond to the general default the third one is " "introduced to allow easy integration of users from Windows domains." @@ -5091,7 +5092,7 @@ msgstr "" "dominios Windows." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3586 +#: sssd.conf.5.xml:3593 msgid "" "The default re_expression uses the <quote>@</quote> character as a separator " "between the name and the domain. As a result of this setting the default " @@ -5101,17 +5102,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3638 +#: sssd.conf.5.xml:3645 msgid "Default: <quote>%1$s@%2$s</quote>." msgstr "Predeterminado: <quote>%1$s@%2$s</quote>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3644 +#: sssd.conf.5.xml:3651 msgid "lookup_family_order (string)" msgstr "lookup_family_order (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3647 +#: sssd.conf.5.xml:3654 msgid "" "Provides the ability to select preferred address family to use when " "performing DNS lookups." @@ -5120,57 +5121,57 @@ msgstr "" "a usar cuando se lleven a cabo búsquedas DNS." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3651 +#: sssd.conf.5.xml:3658 msgid "Supported values:" msgstr "Valores soportados:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3654 +#: sssd.conf.5.xml:3661 msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6" msgstr "ipv4_first: Intenta buscar dirección IPv4, si falla, intenta IPv6" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3657 +#: sssd.conf.5.xml:3664 msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses." msgstr "ipv4_only: Sólo intenta resolver nombres de host a direccones IPv4." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3660 +#: sssd.conf.5.xml:3667 msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4" msgstr "ipv6_first: Intenta buscar dirección IPv6, si falla, intenta IPv4" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3663 +#: sssd.conf.5.xml:3670 msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses." msgstr "ipv6_only: Sólo intenta resolver nombres de host a direccones IPv6." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3666 +#: sssd.conf.5.xml:3673 msgid "Default: ipv4_first" msgstr "Predeterminado: ipv4_first" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3672 +#: sssd.conf.5.xml:3679 #, fuzzy #| msgid "dns_resolver_timeout (integer)" msgid "dns_resolver_server_timeout (integer)" msgstr "dns_resolver_timeout (entero)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3675 +#: sssd.conf.5.xml:3682 msgid "" "Defines the amount of time (in milliseconds) SSSD would try to talk to DNS " "server before trying next DNS server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3680 +#: sssd.conf.5.xml:3687 msgid "" "The AD provider will use this option for the CLDAP ping timeouts as well." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3684 sssd.conf.5.xml:3704 sssd.conf.5.xml:3725 +#: sssd.conf.5.xml:3691 sssd.conf.5.xml:3711 sssd.conf.5.xml:3732 msgid "" "Please see the section <quote>FAILOVER</quote> for more information about " "the service resolution." @@ -5179,19 +5180,19 @@ msgstr "" "información sobre la resolución del servicio." #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3689 sssd-ldap.5.xml:644 include/failover.xml:84 +#: sssd.conf.5.xml:3696 sssd-ldap.5.xml:645 include/failover.xml:84 msgid "Default: 1000" msgstr "Predeterminado: 1000" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3695 +#: sssd.conf.5.xml:3702 #, fuzzy #| msgid "dns_resolver_timeout (integer)" msgid "dns_resolver_op_timeout (integer)" msgstr "dns_resolver_timeout (entero)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3698 +#: sssd.conf.5.xml:3705 msgid "" "Defines the amount of time (in seconds) to wait to resolve single DNS query " "(e.g. resolution of a hostname or an SRV record) before trying the next " @@ -5199,12 +5200,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3715 +#: sssd.conf.5.xml:3722 msgid "dns_resolver_timeout (integer)" msgstr "dns_resolver_timeout (entero)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3718 +#: sssd.conf.5.xml:3725 msgid "" "Defines the amount of time (in seconds) to wait for a reply from the " "internal fail over service before assuming that the service is unreachable. " @@ -5217,14 +5218,14 @@ msgstr "" "trabajando en modo offline." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3736 +#: sssd.conf.5.xml:3743 #, fuzzy #| msgid "dns_resolver_timeout (integer)" msgid "dns_resolver_use_search_list (bool)" msgstr "dns_resolver_timeout (entero)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3739 +#: sssd.conf.5.xml:3746 msgid "" "Normally, the DNS resolver searches the domain list defined in the " "\"search\" directive from the resolv.conf file. This can lead to delays in " @@ -5232,7 +5233,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3745 +#: sssd.conf.5.xml:3752 msgid "" "If fully qualified domain names (or _srv_) are used in the SSSD " "configuration, setting this option to FALSE can prevent unnecessary DNS " @@ -5240,17 +5241,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3751 +#: sssd.conf.5.xml:3758 msgid "Default: TRUE" msgstr "Predeterminado: TRUE" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3757 +#: sssd.conf.5.xml:3764 msgid "dns_discovery_domain (string)" msgstr "dns_discovery_domain (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3760 +#: sssd.conf.5.xml:3767 msgid "" "If service discovery is used in the back end, specifies the domain part of " "the service discovery DNS query." @@ -5259,55 +5260,55 @@ msgstr "" "de dominio de la pregunta al descubridor de servicio DNS." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3764 +#: sssd.conf.5.xml:3771 msgid "Default: Use the domain part of machine's hostname" msgstr "" "Predeterminado: Utilizar la parte del dominio del nombre de host del equipo" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3770 +#: sssd.conf.5.xml:3777 msgid "override_gid (integer)" msgstr "override_gid (entero)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3773 +#: sssd.conf.5.xml:3780 msgid "Override the primary GID value with the one specified." msgstr "Anula el valor primario GID con el especificado." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3779 +#: sssd.conf.5.xml:3786 msgid "case_sensitive (string)" msgstr "case_sensitive (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3786 +#: sssd.conf.5.xml:3793 msgid "True" msgstr "True" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3789 +#: sssd.conf.5.xml:3796 msgid "Case sensitive. This value is invalid for AD provider." msgstr "" "Distingue mayúsculas y minúsculas. Este valor es invalido para el proveedor " "AD." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3795 +#: sssd.conf.5.xml:3802 msgid "False" msgstr "False" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3797 +#: sssd.conf.5.xml:3804 msgid "Case insensitive." msgstr "No sensible a mayúsculas minúsculas." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3801 +#: sssd.conf.5.xml:3808 msgid "Preserving" msgstr "Preserving" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3804 +#: sssd.conf.5.xml:3811 msgid "" "Same as False (case insensitive), but does not lowercase names in the result " "of NSS operations. Note that name aliases (and in case of services also " @@ -5319,14 +5320,14 @@ msgstr "" "protocolo) están en minúsculas en la salida." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3812 +#: sssd.conf.5.xml:3819 msgid "" "If you want to set this value for trusted domain with IPA provider, you need " "to set it on both the client and SSSD on the server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3782 +#: sssd.conf.5.xml:3789 #, fuzzy #| msgid "" #| "The available options are: <placeholder type=\"variablelist\" id=\"0\"/>" @@ -5337,17 +5338,17 @@ msgstr "" "Las opciones disponibles son: <placeholder type=\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3827 +#: sssd.conf.5.xml:3834 msgid "Default: True (False for AD provider)" msgstr "Predeterminado: True (False para proveedor AD)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3833 +#: sssd.conf.5.xml:3840 msgid "subdomain_inherit (string)" msgstr "subdomain_inherit (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3836 +#: sssd.conf.5.xml:3843 msgid "" "Specifies a list of configuration parameters that should be inherited by a " "subdomain. Please note that only selected parameters can be inherited. " @@ -5359,61 +5360,61 @@ msgstr "" "siguientes opciones:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3842 +#: sssd.conf.5.xml:3849 #, fuzzy #| msgid "ldap_search_timeout (integer)" msgid "ldap_search_timeout" msgstr "ldap_search_timeout (entero)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3845 +#: sssd.conf.5.xml:3852 #, fuzzy #| msgid "ldap_network_timeout (integer)" msgid "ldap_network_timeout" msgstr "ldap_network_timeout (entero)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3848 +#: sssd.conf.5.xml:3855 #, fuzzy #| msgid "ldap_opt_timeout (integer)" msgid "ldap_opt_timeout" msgstr "ldap_opt_timeout (entero)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3851 +#: sssd.conf.5.xml:3858 #, fuzzy #| msgid "ldap_connection_expire_timeout (integer)" msgid "ldap_offline_timeout" msgstr "ldap_connection_expire_timeout (entero)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3854 +#: sssd.conf.5.xml:3861 #, fuzzy #| msgid "ldap_enumeration_refresh_timeout (integer)" msgid "ldap_enumeration_refresh_timeout" msgstr "ldap_enumeration_refresh_timeout (entero)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3857 +#: sssd.conf.5.xml:3864 #, fuzzy #| msgid "ldap_enumeration_refresh_timeout (integer)" msgid "ldap_enumeration_refresh_offset" msgstr "ldap_enumeration_refresh_timeout (entero)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3860 +#: sssd.conf.5.xml:3867 msgid "ldap_purge_cache_timeout" msgstr "ldap_purge_cache_timeout" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3863 +#: sssd.conf.5.xml:3870 #, fuzzy #| msgid "ldap_purge_cache_timeout" msgid "ldap_purge_cache_offset" msgstr "ldap_purge_cache_timeout" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3866 +#: sssd.conf.5.xml:3873 msgid "" "ldap_krb5_keytab (the value of krb5_keytab will be used if ldap_krb5_keytab " "is not set explicitly)" @@ -5422,71 +5423,71 @@ msgstr "" "explícitamente ldap_krb5_keytab)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3870 +#: sssd.conf.5.xml:3877 #, fuzzy #| msgid "ldap_krb5_ticket_lifetime (integer)" msgid "ldap_krb5_ticket_lifetime" msgstr "ldap_krb5_ticket_lifetime (entero)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3873 +#: sssd.conf.5.xml:3880 #, fuzzy #| msgid "ldap_enumeration_search_timeout (integer)" msgid "ldap_enumeration_search_timeout" msgstr "ldap_enumeration_search_timeout (entero)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3876 +#: sssd.conf.5.xml:3883 #, fuzzy #| msgid "ldap_connection_expire_timeout (integer)" msgid "ldap_connection_expire_timeout" msgstr "ldap_connection_expire_timeout (entero)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3879 +#: sssd.conf.5.xml:3886 #, fuzzy #| msgid "ldap_connection_expire_timeout (integer)" msgid "ldap_connection_expire_offset" msgstr "ldap_connection_expire_timeout (entero)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3882 +#: sssd.conf.5.xml:3889 #, fuzzy #| msgid "ldap_connection_expire_timeout (integer)" msgid "ldap_connection_idle_timeout" msgstr "ldap_connection_expire_timeout (entero)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3885 sssd-ldap.5.xml:400 +#: sssd.conf.5.xml:3892 sssd-ldap.5.xml:401 msgid "ldap_use_tokengroups" msgstr "ldap_use_tokengroups" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3888 +#: sssd.conf.5.xml:3895 msgid "ldap_user_principal" msgstr "ldap_user_principal" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3891 +#: sssd.conf.5.xml:3898 msgid "ignore_group_members" msgstr "ignore_group_members" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3894 +#: sssd.conf.5.xml:3901 #, fuzzy #| msgid "auto_private_groups (string)" msgid "auto_private_groups" msgstr "auto_private_groups (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3897 +#: sssd.conf.5.xml:3904 #, fuzzy #| msgid "Case insensitive." msgid "case_sensitive" msgstr "No sensible a mayúsculas minúsculas." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:3902 +#: sssd.conf.5.xml:3909 #, no-wrap msgid "" "subdomain_inherit = ldap_purge_cache_timeout\n" @@ -5496,27 +5497,27 @@ msgstr "" " " #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3909 +#: sssd.conf.5.xml:3916 msgid "Note: This option only works with the IPA and AD provider." msgstr "Aviso: Esta opción solo trabaja con el proveedor IPA y AD." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3916 +#: sssd.conf.5.xml:3923 msgid "subdomain_homedir (string)" msgstr "subdomain_homedir (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3927 +#: sssd.conf.5.xml:3934 msgid "%F" msgstr "%F" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3928 +#: sssd.conf.5.xml:3935 msgid "flat (NetBIOS) name of a subdomain." msgstr "flat (NetBIOS) nombre de un subdominio." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3919 +#: sssd.conf.5.xml:3926 msgid "" "Use this homedir as default value for all subdomains within this domain in " "IPA AD trust. See <emphasis>override_homedir</emphasis> for info about " @@ -5532,7 +5533,7 @@ msgstr "" "id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3933 +#: sssd.conf.5.xml:3940 msgid "" "The value can be overridden by <emphasis>override_homedir</emphasis> option." msgstr "" @@ -5540,17 +5541,17 @@ msgstr "" "emphasis>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3937 +#: sssd.conf.5.xml:3944 msgid "Default: <filename>/home/%d/%u</filename>" msgstr "Por defecto: <filename>/home/%d/%u</filename>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3942 +#: sssd.conf.5.xml:3949 msgid "realmd_tags (string)" msgstr "realmd_tags (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3945 +#: sssd.conf.5.xml:3952 msgid "" "Various tags stored by the realmd configuration service for this domain." msgstr "" @@ -5558,12 +5559,12 @@ msgstr "" "este dominio." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3951 +#: sssd.conf.5.xml:3958 msgid "cached_auth_timeout (int)" msgstr "cached_auth_timeout (entero)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3954 +#: sssd.conf.5.xml:3961 msgid "" "Specifies time in seconds since last successful online authentication for " "which user will be authenticated using cached credentials while SSSD is in " @@ -5576,7 +5577,7 @@ msgstr "" "incorrectas, SSSD cae de nuevo a la autenticación en linea." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3962 +#: sssd.conf.5.xml:3969 msgid "" "This option's value is inherited by all trusted domains. At the moment it is " "not possible to set a different value per trusted domain." @@ -5586,12 +5587,12 @@ msgstr "" "confianza." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3967 +#: sssd.conf.5.xml:3974 msgid "Special value 0 implies that this feature is disabled." msgstr "El valor especial 0 implica que esta función está deshabilitada." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3971 +#: sssd.conf.5.xml:3978 msgid "" "Please note that if <quote>cached_auth_timeout</quote> is longer than " "<quote>pam_id_timeout</quote> then the back end could be called to handle " @@ -5602,14 +5603,14 @@ msgstr "" "gestionar <quote>initgroups.</quote>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3982 +#: sssd.conf.5.xml:3989 #, fuzzy #| msgid "ldap_pwd_policy (string)" msgid "local_auth_policy (string)" msgstr "ldap_pwd_policy (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3985 +#: sssd.conf.5.xml:3992 msgid "" "Local authentication methods policy. Some backends (i.e. LDAP, proxy " "provider) only support a password based authentication, while others can " @@ -5620,7 +5621,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3995 +#: sssd.conf.5.xml:4002 msgid "" "There are three possible values for this option: match, only, enable. " "<quote>match</quote> is used to match offline and online states for Kerberos " @@ -5631,8 +5632,17 @@ msgid "" "separated, such as <quote>enable:passkey, enable:smartcard</quote>" msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4014 +msgid "" +"Please note that if local Smartcard authentication is enabled and a " +"Smartcard is present, Smartcard authentication will be preferred over the " +"authentication methods supported by the backend. I.e. there will be a PIN " +"prompt instead of e.g. a password prompt." +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:4011 +#: sssd.conf.5.xml:4026 #, no-wrap msgid "" "[domain/shadowutils]\n" @@ -5643,7 +5653,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4007 +#: sssd.conf.5.xml:4022 msgid "" "The following configuration example allows local users to authenticate " "locally using any enabled method (i.e. smartcard, passkey). <placeholder " @@ -5651,31 +5661,31 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4019 +#: sssd.conf.5.xml:4034 #, fuzzy #| msgid "This option is not available in IPA provider." msgid "This option is ignored for the files provider." msgstr "Esta opción no está disponible en el proveedor IPA." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4022 +#: sssd.conf.5.xml:4037 #, fuzzy #| msgid "Default: mail" msgid "Default: match" msgstr "Predeterminado: mail" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4027 +#: sssd.conf.5.xml:4042 msgid "auto_private_groups (string)" msgstr "auto_private_groups (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4033 +#: sssd.conf.5.xml:4048 msgid "true" msgstr "true" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4036 +#: sssd.conf.5.xml:4051 msgid "" "Create user's private group unconditionally from user's UID number. The GID " "number is ignored in this case." @@ -5684,7 +5694,7 @@ msgstr "" "usuario. El número GID se ignora en este caso." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4040 +#: sssd.conf.5.xml:4055 msgid "" "NOTE: Because the GID number and the user private group are inferred from " "the UID number, it is not supported to have multiple entries with the same " @@ -5697,12 +5707,12 @@ msgstr "" "unicidad den el espacio de ID." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4049 +#: sssd.conf.5.xml:4064 msgid "false" msgstr "false" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4052 +#: sssd.conf.5.xml:4067 msgid "" "Always use the user's primary GID number. The GID number must refer to a " "group object in the LDAP database." @@ -5711,12 +5721,12 @@ msgstr "" "a un objeto grupo en las base de datos LDAP." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4058 +#: sssd.conf.5.xml:4073 msgid "hybrid" msgstr "hybrid" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4061 +#: sssd.conf.5.xml:4076 msgid "" "A primary group is autogenerated for user entries whose UID and GID numbers " "have the same value and at the same time the GID number does not correspond " @@ -5731,7 +5741,7 @@ msgstr "" "grupo, el GID primario del usuario se resuelve al de ese objeto grupo." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4074 +#: sssd.conf.5.xml:4089 msgid "" "If the UID and GID of a user are different, then the GID must correspond to " "a group entry, otherwise the GID is simply not resolvable." @@ -5740,7 +5750,7 @@ msgstr "" "una entrada de grupo, de otro modo el GID simplemente no se puede resolver." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4081 +#: sssd.conf.5.xml:4096 msgid "" "This feature is useful for environments that wish to stop maintaining a " "separate group objects for the user private groups, but also wish to retain " @@ -5751,7 +5761,7 @@ msgstr "" "también desea retener los grupos privados existentes del usuario." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4030 +#: sssd.conf.5.xml:4045 msgid "" "This option takes any of three available values: <placeholder " "type=\"variablelist\" id=\"0\"/>" @@ -5760,7 +5770,7 @@ msgstr "" "type=\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4093 +#: sssd.conf.5.xml:4108 msgid "" "For subdomains, the default value is False for subdomains that use assigned " "POSIX IDs and True for subdomains that use automatic ID-mapping." @@ -5769,7 +5779,7 @@ msgstr "" "POSIX IDs asignados y True para subdominios que usan mapeo de ID automático." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:4101 +#: sssd.conf.5.xml:4116 #, no-wrap msgid "" "[domain/forest.domain/sub.domain]\n" @@ -5779,7 +5789,7 @@ msgstr "" "auto_private_groups = false\n" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:4107 +#: sssd.conf.5.xml:4122 #, no-wrap msgid "" "[domain/forest.domain]\n" @@ -5791,7 +5801,7 @@ msgstr "" "auto_private_groups = false\n" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4098 +#: sssd.conf.5.xml:4113 msgid "" "The value of auto_private_groups can either be set per subdomains in a " "subsection, for example: <placeholder type=\"programlisting\" id=\"0\"/> or " @@ -5817,31 +5827,36 @@ msgstr "" "id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4122 +#: sssd.conf.5.xml:4137 msgid "proxy_pam_target (string)" msgstr "proxy_pam_target (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4125 +#: sssd.conf.5.xml:4140 msgid "The proxy target PAM proxies to." msgstr "El proxy de destino PAM próximo a." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4128 +#: sssd.conf.5.xml:4143 +#, fuzzy +#| msgid "" +#| "Default: not set by default, you have to take an existing pam " +#| "configuration or create a new one and add the service name here." msgid "" "Default: not set by default, you have to take an existing pam configuration " -"or create a new one and add the service name here." +"or create a new one and add the service name here. As an alternative you can " +"enable local authentication with the local_auth_policy option." msgstr "" "Por defecto: no se fija por defecto, usted tiene que coger una configuración " "pam existente o crear una nueva y añadir el nombre de servicio aquí." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4136 +#: sssd.conf.5.xml:4153 msgid "proxy_lib_name (string)" msgstr "proxy_lib_name (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4139 +#: sssd.conf.5.xml:4156 msgid "" "The name of the NSS library to use in proxy domains. The NSS functions " "searched for in the library are in the form of _nss_$(libName)_$(function), " @@ -5852,12 +5867,12 @@ msgstr "" "_nss_$(libName)_$(function), por ejemplo _nss_files_getpwent." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4149 +#: sssd.conf.5.xml:4166 msgid "proxy_resolver_lib_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4152 +#: sssd.conf.5.xml:4169 msgid "" "The name of the NSS library to use for hosts and networks lookups in proxy " "domains. The NSS functions searched for in the library are in the form of " @@ -5865,12 +5880,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4163 +#: sssd.conf.5.xml:4180 msgid "proxy_fast_alias (boolean)" msgstr "proxy_fast_alias (booleano)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4166 +#: sssd.conf.5.xml:4183 msgid "" "When a user or group is looked up by name in the proxy provider, a second " "lookup by ID is performed to \"canonicalize\" the name in case the requested " @@ -5884,12 +5899,12 @@ msgstr "" "razones de rendimiento." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4180 +#: sssd.conf.5.xml:4197 msgid "proxy_max_children (integer)" msgstr "proxy_max_children (entero)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4183 +#: sssd.conf.5.xml:4200 msgid "" "This option specifies the number of pre-forked proxy children. It is useful " "for high-load SSSD environments where sssd may run out of available child " @@ -5901,7 +5916,7 @@ msgstr "" "son encoladas." #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4118 +#: sssd.conf.5.xml:4133 msgid "" "Options valid for proxy domains. <placeholder type=\"variablelist\" " "id=\"0\"/>" @@ -5910,12 +5925,12 @@ msgstr "" "id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:4199 +#: sssd.conf.5.xml:4216 msgid "Application domains" msgstr "Dominios de aplicaciones" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4201 +#: sssd.conf.5.xml:4218 msgid "" "SSSD, with its D-Bus interface (see <citerefentry> <refentrytitle>sssd-ifp</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry>) is appealing to " @@ -5944,7 +5959,7 @@ msgstr "" "que opcionalmente herede ajustes de un dominio SSSD tradicional." #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4221 +#: sssd.conf.5.xml:4238 msgid "" "Please note that the application domain must still be explicitly enabled in " "the <quote>domains</quote> parameter so that the lookup order between the " @@ -5956,17 +5971,17 @@ msgstr "" "establecido correctamente." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> -#: sssd.conf.5.xml:4227 +#: sssd.conf.5.xml:4244 msgid "Application domain parameters" msgstr "Parámetros de dominio de aplicación" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4229 +#: sssd.conf.5.xml:4246 msgid "inherit_from (string)" msgstr "inherit_from (cadena)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4232 +#: sssd.conf.5.xml:4249 msgid "" "The SSSD POSIX-type domain the application domain inherits all settings " "from. The application domain can moreover add its own settings to the " @@ -5979,7 +5994,7 @@ msgstr "" "<quote>hermano</quote>." #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4246 +#: sssd.conf.5.xml:4263 msgid "" "The following example illustrates the use of an application domain. In this " "setup, the POSIX domain is connected to an LDAP server and is used by the OS " @@ -5994,7 +6009,7 @@ msgstr "" "cache y hace al atributo phone alcanzable a través del interfaz D-Bus." #. type: Content of: <reference><refentry><refsect1><refsect2><programlisting> -#: sssd.conf.5.xml:4254 +#: sssd.conf.5.xml:4271 #, no-wrap msgid "" "[sssd]\n" @@ -6028,12 +6043,12 @@ msgstr "" "ldap_user_extra_attrs = phone:telephoneNumber\n" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4274 +#: sssd.conf.5.xml:4291 msgid "TRUSTED DOMAIN SECTION" msgstr "SECCIÓN DE DOMINIO DE CONFIANZA" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4276 +#: sssd.conf.5.xml:4293 msgid "" "Some options used in the domain section can also be used in the trusted " "domain section, that is, in a section called <quote>[domain/" @@ -6050,57 +6065,57 @@ msgstr "" "soportadas en la sección de dominio de confianza son:" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4283 +#: sssd.conf.5.xml:4300 msgid "ldap_search_base," msgstr "ldap_search_base," #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4284 +#: sssd.conf.5.xml:4301 msgid "ldap_user_search_base," msgstr "ldap_user_search_base," #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4285 +#: sssd.conf.5.xml:4302 msgid "ldap_group_search_base," msgstr "ldap_group_search_base," #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4286 +#: sssd.conf.5.xml:4303 msgid "ldap_netgroup_search_base," msgstr "ldap_netgroup_search_base," #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4287 +#: sssd.conf.5.xml:4304 msgid "ldap_service_search_base," msgstr "ldap_service_search_base," #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4288 +#: sssd.conf.5.xml:4305 msgid "ldap_sasl_mech," msgstr "ldap_sasl_mech," #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4289 +#: sssd.conf.5.xml:4306 msgid "ad_server," msgstr "ad_server," #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4290 +#: sssd.conf.5.xml:4307 msgid "ad_backup_server," msgstr "ad_backup_server," #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4291 +#: sssd.conf.5.xml:4308 msgid "ad_site," msgstr "ad_site," #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4292 sssd-ipa.5.xml:879 +#: sssd.conf.5.xml:4309 sssd-ipa.5.xml:884 msgid "use_fully_qualified_names" msgstr "use_fully_qualified_names" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4296 +#: sssd.conf.5.xml:4313 msgid "" "For more details about these options see their individual description in the " "manual page." @@ -6109,12 +6124,12 @@ msgstr "" "página de manual." #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4302 +#: sssd.conf.5.xml:4319 msgid "CERTIFICATE MAPPING SECTION" msgstr "SECCIÓN DE MAPEO DEL CERTIFICADO" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4304 +#: sssd.conf.5.xml:4321 msgid "" "To allow authentication with Smartcards and certificates SSSD must be able " "to map certificates to users. This can be done by adding the full " @@ -6136,7 +6151,7 @@ msgstr "" "usan autenticación PAM." #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4318 +#: sssd.conf.5.xml:4335 msgid "" "To make the mapping more flexible mapping and matching rules were added to " "SSSD (see <citerefentry> <refentrytitle>sss-certmap</refentrytitle> " @@ -6148,7 +6163,7 @@ msgstr "" "citerefentry>)." #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4327 +#: sssd.conf.5.xml:4344 msgid "" "A mapping and matching rule can be added to the SSSD configuration in a " "section on its own with a name like <quote>[certmap/" @@ -6162,12 +6177,12 @@ msgstr "" "opciones:" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4334 +#: sssd.conf.5.xml:4351 msgid "matchrule (string)" msgstr "matchrule (cadena)" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4337 +#: sssd.conf.5.xml:4354 msgid "" "Only certificates from the Smartcard which matches this rule will be " "processed, all others are ignored." @@ -6176,7 +6191,7 @@ msgstr "" "procesados, los demás son ignorados." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4341 +#: sssd.conf.5.xml:4358 msgid "" "Default: KRB5:<EKU>clientAuth, i.e. only certificates which have the " "Extended Key Usage <quote>clientAuth</quote>" @@ -6185,17 +6200,17 @@ msgstr "" "tengan Extended Key Usage <quote>clientAuth</quote>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4348 +#: sssd.conf.5.xml:4365 msgid "maprule (string)" msgstr "maprule (cadena)" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4351 +#: sssd.conf.5.xml:4368 msgid "Defines how the user is found for a given certificate." msgstr "Define como se encuentra un usuario desde un certificado dado." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4357 +#: sssd.conf.5.xml:4374 msgid "" "LDAP:(userCertificate;binary={cert!bin}) for LDAP based providers like " "<quote>ldap</quote>, <quote>AD</quote> or <quote>ipa</quote>." @@ -6204,7 +6219,7 @@ msgstr "" "como <quote>ldap</quote>, <quote>AD</quote> o <quote>ipa</quote>." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4363 +#: sssd.conf.5.xml:4380 msgid "" "The RULE_NAME for the <quote>files</quote> provider which tries to find a " "user with the same name." @@ -6213,12 +6228,12 @@ msgstr "" "encontrar un usuario con el mismo nombre." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4372 +#: sssd.conf.5.xml:4389 msgid "domains (string)" msgstr "domains (cadena)" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4375 +#: sssd.conf.5.xml:4392 msgid "" "Comma separated list of domain names the rule should be applied. By default " "a rule is only valid in the domain configured in sssd.conf. If the provider " @@ -6231,17 +6246,17 @@ msgstr "" "usada para añadir la regla a los subdominios también." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4382 +#: sssd.conf.5.xml:4399 msgid "Default: the configured domain in sssd.conf" msgstr "Predetermiado: el dominio configurado en sssd.conf" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4387 +#: sssd.conf.5.xml:4404 msgid "priority (integer)" msgstr "priority (entero)" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4390 +#: sssd.conf.5.xml:4407 msgid "" "Unsigned integer value defining the priority of the rule. The higher the " "number the lower the priority. <quote>0</quote> stands for the highest " @@ -6252,12 +6267,12 @@ msgstr "" "más alte mientras que <quote>4294967295</quote> es la más baja." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4396 +#: sssd.conf.5.xml:4413 msgid "Default: the lowest priority" msgstr "Predeterminado: la prioridad más baja" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4402 +#: sssd.conf.5.xml:4419 msgid "" "To make the configuration simple and reduce the amount of configuration " "options the <quote>files</quote> provider has some special properties:" @@ -6267,7 +6282,7 @@ msgstr "" "propiedades especiales:" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4408 +#: sssd.conf.5.xml:4425 msgid "" "if maprule is not set the RULE_NAME name is assumed to be the name of the " "matching user" @@ -6276,7 +6291,7 @@ msgstr "" "usuario coincidente" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4414 +#: sssd.conf.5.xml:4431 msgid "" "if a maprule is used both a single user name or a template like " "<quote>{subject_rfc822_name.short_name}</quote> must be in braces like e.g. " @@ -6289,17 +6304,17 @@ msgstr "" "short_name})</quote>" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4423 +#: sssd.conf.5.xml:4440 msgid "the <quote>domains</quote> option is ignored" msgstr "la opción <quote>domains</quote> es ignorada" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4431 +#: sssd.conf.5.xml:4448 msgid "PROMPTING CONFIGURATION SECTION" msgstr "SECCIÓN DE CONFIGURACIÓN INICIAL" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4433 +#: sssd.conf.5.xml:4450 msgid "" "If a special file (<filename>/var/lib/sss/pubconf/pam_preauth_available</" "filename>) exists SSSD's PAM module pam_sss will ask SSSD to figure out " @@ -6314,7 +6329,7 @@ msgstr "" "al usuario las credenciales apropiadas." #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4441 +#: sssd.conf.5.xml:4458 msgid "" "With the growing number of authentication methods and the possibility that " "there are multiple ones for a single user the heuristic used by pam_sss to " @@ -6327,22 +6342,22 @@ msgstr "" "Las siguientes opciones deberían suministrar una mejor flexibilidad aquí." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4453 +#: sssd.conf.5.xml:4470 msgid "[prompting/password]" msgstr "[prompting/password]" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4456 +#: sssd.conf.5.xml:4473 msgid "password_prompt" msgstr "password_prompt" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4457 +#: sssd.conf.5.xml:4474 msgid "to change the string of the password prompt" msgstr "cambiar la cadena de solicitud de contraseña" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4455 +#: sssd.conf.5.xml:4472 msgid "" "to configure password prompting, allowed options are: <placeholder " "type=\"variablelist\" id=\"0\"/>" @@ -6351,37 +6366,37 @@ msgstr "" "<placeholder type=\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4465 +#: sssd.conf.5.xml:4482 msgid "[prompting/2fa]" msgstr "[prompting/2fa]" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4469 +#: sssd.conf.5.xml:4486 msgid "first_prompt" msgstr "first_prompt" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4470 +#: sssd.conf.5.xml:4487 msgid "to change the string of the prompt for the first factor" msgstr "para cambiar la cadena de la solicitud del primer factor" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4473 +#: sssd.conf.5.xml:4490 msgid "second_prompt" msgstr "second_prompt" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4474 +#: sssd.conf.5.xml:4491 msgid "to change the string of the prompt for the second factor" msgstr "para cambiar la cadena de la solicitud para el segundo factor" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4477 +#: sssd.conf.5.xml:4494 msgid "single_prompt" msgstr "single_prompt" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4478 +#: sssd.conf.5.xml:4495 #, fuzzy #| msgid "" #| "boolean value, if True there will be only a single prompt using the value " @@ -6398,7 +6413,7 @@ msgstr "" "única cadena" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4467 +#: sssd.conf.5.xml:4484 msgid "" "to configure two-factor authentication prompting, allowed options are: " "<placeholder type=\"variablelist\" id=\"0\"/> If the second factor is " @@ -6407,19 +6422,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4495 +#: sssd.conf.5.xml:4512 #, fuzzy #| msgid "[prompting/password]" msgid "[prompting/passkey]" msgstr "[prompting/password]" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4501 sssd-ad.5.xml:1021 +#: sssd.conf.5.xml:4518 sssd-ad.5.xml:1021 msgid "interactive" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4503 +#: sssd.conf.5.xml:4520 msgid "" "boolean value, if True prompt a message and wait before testing the presence " "of a passkey device. Recommended if your device doesn’t have a tactile " @@ -6427,47 +6442,47 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4511 +#: sssd.conf.5.xml:4528 #, fuzzy #| msgid "first_prompt" msgid "interactive_prompt" msgstr "first_prompt" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4513 +#: sssd.conf.5.xml:4530 #, fuzzy #| msgid "to change the string of the password prompt" msgid "to change the message of the interactive prompt." msgstr "cambiar la cadena de solicitud de contraseña" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4518 +#: sssd.conf.5.xml:4535 msgid "touch" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4520 +#: sssd.conf.5.xml:4537 msgid "" "boolean value, if True prompt a message to remind the user to touch the " "device." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4526 +#: sssd.conf.5.xml:4543 #, fuzzy #| msgid "first_prompt" msgid "touch_prompt" msgstr "first_prompt" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4528 +#: sssd.conf.5.xml:4545 #, fuzzy #| msgid "to change the string of the password prompt" msgid "to change the message of the touch prompt." msgstr "cambiar la cadena de solicitud de contraseña" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4497 +#: sssd.conf.5.xml:4514 #, fuzzy #| msgid "" #| "to configure two-factor authentication prompting, allowed options are: " @@ -6480,7 +6495,7 @@ msgstr "" "permitidas son: <placeholder type=\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4448 +#: sssd.conf.5.xml:4465 #, fuzzy #| msgid "" #| "Each supported authentication method has its own configuration subsection " @@ -6499,7 +6514,7 @@ msgstr "" "type=\"variablelist\" id=\"1\"/>" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4539 +#: sssd.conf.5.xml:4556 msgid "" "It is possible to add a subsection for specific PAM services, e.g. " "<quote>[prompting/password/sshd]</quote> to individual change the prompting " @@ -6510,12 +6525,12 @@ msgstr "" "pregunta para este servicio." #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4546 pam_sss_gss.8.xml:157 idmap_sss.8.xml:43 +#: sssd.conf.5.xml:4563 pam_sss_gss.8.xml:157 idmap_sss.8.xml:43 msgid "EXAMPLES" msgstr "EJEMPLOS" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4552 +#: sssd.conf.5.xml:4569 #, no-wrap msgid "" "[sssd]\n" @@ -6569,7 +6584,7 @@ msgstr "" "enumerate = False\n" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4548 +#: sssd.conf.5.xml:4565 msgid "" "1. The following example shows a typical SSSD config. It does not describe " "configuration of the domains themselves - refer to documentation on " @@ -6582,7 +6597,7 @@ msgstr "" "type=\"programlisting\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4585 +#: sssd.conf.5.xml:4602 #, no-wrap msgid "" "[domain/ipa.com/child.ad.com]\n" @@ -6592,7 +6607,7 @@ msgstr "" "use_fully_qualified_names = false\n" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4579 +#: sssd.conf.5.xml:4596 msgid "" "2. The following example shows configuration of IPA AD trust where the AD " "forest consists of two domains in a parent-child structure. Suppose IPA " @@ -6609,7 +6624,7 @@ msgstr "" "type=\"programlisting\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4596 +#: sssd.conf.5.xml:4613 #, fuzzy, no-wrap #| msgid "" #| "[certmap/my.domain/rule_name]\n" @@ -6637,7 +6652,7 @@ msgstr "" "matchrule = <ISSUER>^CN=My-CA,DC=MY,DC=DOMAIN$<SUBJECT>^CN=User.Name,DC=MY,DC=DOMAIN$\n" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4590 +#: sssd.conf.5.xml:4607 #, fuzzy #| msgid "" #| "3. The following example shows the configuration for two certificate " @@ -6710,14 +6725,23 @@ msgstr "Puede configurar SSSD para usar más de un dominio LDAP." #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ldap.5.xml:38 +#, fuzzy +#| msgid "" +#| "LDAP back end supports id, auth, access and chpass providers. If you want " +#| "to authenticate against an LDAP server either TLS/SSL or LDAPS is " +#| "required. <command>sssd</command> <emphasis>does not</emphasis> support " +#| "authentication over an unencrypted channel. If the LDAP server is used " +#| "only as an identity provider, an encrypted channel is not needed. Please " +#| "refer to <quote>ldap_access_filter</quote> config option for more " +#| "information about using LDAP as an access provider." msgid "" "LDAP back end supports id, auth, access and chpass providers. If you want to " "authenticate against an LDAP server either TLS/SSL or LDAPS is required. " "<command>sssd</command> <emphasis>does not</emphasis> support authentication " -"over an unencrypted channel. If the LDAP server is used only as an identity " -"provider, an encrypted channel is not needed. Please refer to " -"<quote>ldap_access_filter</quote> config option for more information about " -"using LDAP as an access provider." +"over an unencrypted channel. Even if the LDAP server is used only as an " +"identity provider, an encrypted channel is strongly recommended. Please " +"refer to <quote>ldap_access_filter</quote> config option for more " +"information about using LDAP as an access provider." msgstr "" "El punto final de LDAP soporta proveedores de id, auth, acceso y chpass. Si " "usted desea autenticarse contra un servidor LDAP se requiere bien TLS/SSL o " @@ -6728,19 +6752,19 @@ msgstr "" "información sobre la utilización de LDAP como proveedor de acceso." #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:82 sssd-ad.5.xml:130 +#: sssd-ldap.5.xml:50 sssd-simple.5.xml:69 sssd-ipa.5.xml:82 sssd-ad.5.xml:130 #: sssd-krb5.5.xml:63 sssd-ifp.5.xml:60 sssd-files.5.xml:77 #: sssd-session-recording.5.xml:58 sssd-kcm.8.xml:202 msgid "CONFIGURATION OPTIONS" msgstr "OPCIONES DE CONFIGURACIÓN" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:66 +#: sssd-ldap.5.xml:67 msgid "ldap_uri, ldap_backup_uri (string)" msgstr "ldap_uri, ldap_backup_uri (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:69 +#: sssd-ldap.5.xml:70 msgid "" "Specifies the comma-separated list of URIs of the LDAP servers to which SSSD " "should connect in the order of preference. Refer to the <quote>FAILOVER</" @@ -6756,35 +6780,35 @@ msgstr "" "vea la sección <quote>DESCUBRIDOR DE SERVICIOS</quote>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:76 +#: sssd-ldap.5.xml:77 msgid "The format of the URI must match the format defined in RFC 2732:" msgstr "" "El formato de la URI debe coincidir con el formato definido en RFC 2732:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:79 +#: sssd-ldap.5.xml:80 msgid "ldap[s]://<host>[:port]" msgstr "ldap[s]://<host>[:port]" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:82 +#: sssd-ldap.5.xml:83 msgid "" "For explicit IPv6 addresses, <host> must be enclosed in brackets []" msgstr "" "Para direcciones IPv6 explícitas, <host> debe estar entre corchetes []" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:85 +#: sssd-ldap.5.xml:86 msgid "example: ldap://[fc00::126:25]:389" msgstr "ejemplo: ldap://[fc00::126:25]:389" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:91 +#: sssd-ldap.5.xml:92 msgid "ldap_chpass_uri, ldap_chpass_backup_uri (string)" msgstr "ldap_chpass_uri, ldap_chpass_backup_uri (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:94 +#: sssd-ldap.5.xml:95 msgid "" "Specifies the comma-separated list of URIs of the LDAP servers to which SSSD " "should connect in the order of preference to change the password of a user. " @@ -6797,31 +6821,31 @@ msgstr "" "sobre failover y redundancia de servidor." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:101 +#: sssd-ldap.5.xml:102 msgid "To enable service discovery ldap_chpass_dns_service_name must be set." msgstr "" "Para habilitar el servicio descubrimiento ldap_chpass_dns_service_name debe " "ser establecido." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:105 +#: sssd-ldap.5.xml:106 msgid "Default: empty, i.e. ldap_uri is used." msgstr "Por defecto: vacio, esto es ldap_uri se está usando." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:111 +#: sssd-ldap.5.xml:112 msgid "ldap_search_base (string)" msgstr "ldap_search_base (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:114 +#: sssd-ldap.5.xml:115 msgid "The default base DN to use for performing LDAP user operations." msgstr "" "El DN base por defecto que se usará para realizar operaciones LDAP de " "usuario." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:118 +#: sssd-ldap.5.xml:119 msgid "" "Starting with SSSD 1.7.0, SSSD supports multiple search bases using the " "syntax:" @@ -6830,17 +6854,17 @@ msgstr "" "sintaxis:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:122 +#: sssd-ldap.5.xml:123 msgid "search_base[?scope?[filter][?search_base?scope?[filter]]*]" msgstr "search_base[?scope?[filter][?search_base?scope?[filter]]*]" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:125 +#: sssd-ldap.5.xml:126 msgid "The scope can be one of \"base\", \"onelevel\" or \"subtree\"." msgstr "El alcance puede ser uno de “base”, “onlevel” o “subtree”." #. type: Content of: <listitem><para> -#: sssd-ldap.5.xml:128 include/ldap_search_bases.xml:18 +#: sssd-ldap.5.xml:129 include/ldap_search_bases.xml:18 msgid "" "The filter must be a valid LDAP search filter as specified by http://www." "ietf.org/rfc/rfc2254.txt" @@ -6849,13 +6873,13 @@ msgstr "" "http://www.ietf.org/rfc/rfc2254.txt" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:132 sssd-ad.5.xml:311 sss_override.8.xml:143 +#: sssd-ldap.5.xml:133 sssd-ad.5.xml:311 sss_override.8.xml:143 #: sss_override.8.xml:240 sssd-ldap-attributes.5.xml:453 msgid "Examples:" msgstr "Ejemplos:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:135 +#: sssd-ldap.5.xml:136 msgid "" "ldap_search_base = dc=example,dc=com (which is equivalent to) " "ldap_search_base = dc=example,dc=com?subtree?" @@ -6864,7 +6888,7 @@ msgstr "" "= dc=example,dc=com?subtree?" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:140 +#: sssd-ldap.5.xml:141 msgid "" "ldap_search_base = cn=host_specific,dc=example,dc=com?subtree?" "(host=thishost)?dc=example.com?subtree?" @@ -6873,7 +6897,7 @@ msgstr "" "(host=thishost)?dc=example.com?subtree?" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:143 +#: sssd-ldap.5.xml:144 msgid "" "Note: It is unsupported to have multiple search bases which reference " "identically-named objects (for example, groups with the same name in two " @@ -6886,7 +6910,7 @@ msgstr "" "impredecibles sobre máquinas cliente." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:150 +#: sssd-ldap.5.xml:151 msgid "" "Default: If not set, the value of the defaultNamingContext or namingContexts " "attribute from the RootDSE of the LDAP server is used. If " @@ -6903,12 +6927,12 @@ msgstr "" "soportan múltiples valores." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:164 +#: sssd-ldap.5.xml:165 msgid "ldap_schema (string)" msgstr "ldap_schema (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:167 +#: sssd-ldap.5.xml:168 msgid "" "Specifies the Schema Type in use on the target LDAP server. Depending on " "the selected schema, the default attribute names retrieved from the servers " @@ -6920,32 +6944,32 @@ msgstr "" "atributos son manejados puede también diferir." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:174 +#: sssd-ldap.5.xml:175 msgid "Four schema types are currently supported:" msgstr "Cuatro tipos de esquema son actualmente soportados:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:178 +#: sssd-ldap.5.xml:179 msgid "rfc2307" msgstr "rfc2307" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:183 +#: sssd-ldap.5.xml:184 msgid "rfc2307bis" msgstr "rfc2307bis" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:188 +#: sssd-ldap.5.xml:189 msgid "IPA" msgstr "IPA" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:193 +#: sssd-ldap.5.xml:194 msgid "AD" msgstr "AD" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:199 +#: sssd-ldap.5.xml:200 msgid "" "The main difference between these schema types is how group memberships are " "recorded in the server. With rfc2307, group members are listed by name in " @@ -6963,38 +6987,38 @@ msgstr "" "2008r2." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:209 +#: sssd-ldap.5.xml:210 msgid "Default: rfc2307" msgstr "Predeterminado: rfc2307" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:215 +#: sssd-ldap.5.xml:216 msgid "ldap_pwmodify_mode (string)" msgstr "ldap_pwmodify_mode (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:218 +#: sssd-ldap.5.xml:219 msgid "Specify the operation that is used to modify user password." msgstr "" "Especifica la operación que se usa para modificar la contraseña de usuario." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:222 +#: sssd-ldap.5.xml:223 msgid "Two modes are currently supported:" msgstr "Actualmente se soportan dos modos:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:226 +#: sssd-ldap.5.xml:227 msgid "exop - Password Modify Extended Operation (RFC 3062)" msgstr "exop - Operación Extendida de Modificación de Contraseña (RFC 3062)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:232 +#: sssd-ldap.5.xml:233 msgid "ldap_modify - Direct modification of userPassword (not recommended)." msgstr "ldap_modify - Modificación directa de userPassword (no recomendado)." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:239 +#: sssd-ldap.5.xml:240 msgid "" "Note: First, a new connection is established to verify current password by " "binding as the user that requested password change. If successful, this " @@ -7007,75 +7031,75 @@ msgstr "" "el usuario debe haber escrito el atributo de acceos a userPassword." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:247 +#: sssd-ldap.5.xml:248 msgid "Default: exop" msgstr "Predeterminado: exop" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:253 +#: sssd-ldap.5.xml:254 msgid "ldap_default_bind_dn (string)" msgstr "ldap_default_bind_dn (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:256 +#: sssd-ldap.5.xml:257 msgid "The default bind DN to use for performing LDAP operations." msgstr "" "El enlazador DN por defecto a usar para llevar a cabo operaciones LDAP." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:263 +#: sssd-ldap.5.xml:264 msgid "ldap_default_authtok_type (string)" msgstr "ldap_default_authtok_type (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:266 +#: sssd-ldap.5.xml:267 msgid "The type of the authentication token of the default bind DN." msgstr "El tipo de ficha de autenticación del enlazador DN por defecto." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:270 +#: sssd-ldap.5.xml:271 msgid "The two mechanisms currently supported are:" msgstr "Los dos mecanismos actualmente soportados son:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:273 +#: sssd-ldap.5.xml:274 msgid "password" msgstr "contraseña" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:276 +#: sssd-ldap.5.xml:277 msgid "obfuscated_password" msgstr "obfuscated_password" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:279 +#: sssd-ldap.5.xml:280 msgid "Default: password" msgstr "Por defecto: contraseña" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:282 +#: sssd-ldap.5.xml:283 msgid "" "See the <citerefentry> <refentrytitle>sss_obfuscate</refentrytitle> " "<manvolnum>8</manvolnum> </citerefentry> manual page for more information." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:293 +#: sssd-ldap.5.xml:294 msgid "ldap_default_authtok (string)" msgstr "ldap_default_authtok (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:296 +#: sssd-ldap.5.xml:297 msgid "The authentication token of the default bind DN." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:302 +#: sssd-ldap.5.xml:303 msgid "ldap_force_upper_case_realm (boolean)" msgstr "ldap_force_upper_case_realm (boolean)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:305 +#: sssd-ldap.5.xml:306 msgid "" "Some directory servers, for example Active Directory, might deliver the " "realm part of the UPN in lower case, which might cause the authentication to " @@ -7088,12 +7112,12 @@ msgstr "" "usar mayúsculas reales." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:318 +#: sssd-ldap.5.xml:319 msgid "ldap_enumeration_refresh_timeout (integer)" msgstr "ldap_enumeration_refresh_timeout (entero)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:321 +#: sssd-ldap.5.xml:322 msgid "" "Specifies how many seconds SSSD has to wait before refreshing its cache of " "enumerated records." @@ -7102,12 +7126,12 @@ msgstr "" "escondrijo de los registros enumerados." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:337 +#: sssd-ldap.5.xml:338 msgid "ldap_purge_cache_timeout (integer)" msgstr "ldap_purge_cache_timeout (entero)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:340 +#: sssd-ldap.5.xml:341 msgid "" "Determine how often to check the cache for inactive entries (such as groups " "with no members and users who have never logged in) and remove them to save " @@ -7118,7 +7142,7 @@ msgstr "" "para guardar espacio." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:346 +#: sssd-ldap.5.xml:347 msgid "" "Setting this option to zero will disable the cache cleanup operation. Please " "note that if enumeration is enabled, the cleanup task is required in order " @@ -7132,12 +7156,12 @@ msgstr "" "correrá cada tres horas con la enumeración habilitada." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:366 +#: sssd-ldap.5.xml:367 msgid "ldap_group_nesting_level (integer)" msgstr "ldap_group_nesting_level (entero)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:369 +#: sssd-ldap.5.xml:370 msgid "" "If ldap_schema is set to a schema format that supports nested groups (e.g. " "RFC2307bis), then this option controls how many levels of nesting SSSD will " @@ -7149,7 +7173,7 @@ msgstr "" "esquema RFC2307." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:376 +#: sssd-ldap.5.xml:377 msgid "" "Note: This option specifies the guaranteed level of nested groups to be " "processed for any lookup. However, nested groups beyond this limit " @@ -7165,7 +7189,7 @@ msgstr "" "conjunto de resultados de la búsqueda origina si se requiere." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:385 +#: sssd-ldap.5.xml:386 msgid "" "If ldap_group_nesting_level is set to 0 then no nested groups are processed " "at all. However, when connected to Active-Directory Server 2008 and later " @@ -7181,12 +7205,12 @@ msgstr "" "grupos." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:394 +#: sssd-ldap.5.xml:395 msgid "Default: 2" msgstr "Predeterminado: 2" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:403 +#: sssd-ldap.5.xml:404 msgid "" "This options enables or disables use of Token-Groups attribute when " "performing initgroup for users from Active Directory Server 2008 and later." @@ -7196,23 +7220,23 @@ msgstr "" "posteriores." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:413 +#: sssd-ldap.5.xml:414 msgid "Default: True for AD and IPA otherwise False." msgstr "Predeterminado: True para AD e IPA en otro caso False." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:419 +#: sssd-ldap.5.xml:420 msgid "ldap_host_search_base (string)" msgstr "ldap_host_search_base (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:422 +#: sssd-ldap.5.xml:423 msgid "Optional. Use the given string as search base for host objects." msgstr "Opcional. Usa la cadena dada como base de búsqueda para objetos host." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:426 sssd-ipa.5.xml:457 sssd-ipa.5.xml:476 sssd-ipa.5.xml:495 -#: sssd-ipa.5.xml:514 +#: sssd-ldap.5.xml:427 sssd-ipa.5.xml:462 sssd-ipa.5.xml:481 sssd-ipa.5.xml:500 +#: sssd-ipa.5.xml:519 msgid "" "See <quote>ldap_search_base</quote> for information about configuring " "multiple search bases." @@ -7221,32 +7245,32 @@ msgstr "" "de múltiples bases de búsqueda." #. type: Content of: <listitem><para> -#: sssd-ldap.5.xml:431 sssd-ipa.5.xml:462 include/ldap_search_bases.xml:27 +#: sssd-ldap.5.xml:432 sssd-ipa.5.xml:467 include/ldap_search_bases.xml:27 msgid "Default: the value of <emphasis>ldap_search_base</emphasis>" msgstr "Predeterminado: el valor de <emphasis>ldap_search_base</emphasis>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:438 +#: sssd-ldap.5.xml:439 msgid "ldap_service_search_base (string)" msgstr "ldap_service_search_base (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:443 +#: sssd-ldap.5.xml:444 msgid "ldap_iphost_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:448 +#: sssd-ldap.5.xml:449 msgid "ldap_ipnetwork_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:453 +#: sssd-ldap.5.xml:454 msgid "ldap_search_timeout (integer)" msgstr "ldap_search_timeout (entero)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:456 +#: sssd-ldap.5.xml:457 msgid "" "Specifies the timeout (in seconds) that ldap searches are allowed to run " "before they are cancelled and cached results are returned (and offline mode " @@ -7257,7 +7281,7 @@ msgstr "" "escondidos devueltos (y se entra en modo fuera de línea)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:462 +#: sssd-ldap.5.xml:463 msgid "" "Note: this option is subject to change in future versions of the SSSD. It " "will likely be replaced at some point by a series of timeouts for specific " @@ -7268,12 +7292,12 @@ msgstr "" "espera para tipos específicos de búsqueda." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:479 +#: sssd-ldap.5.xml:480 msgid "ldap_enumeration_search_timeout (integer)" msgstr "ldap_enumeration_search_timeout (entero)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:482 +#: sssd-ldap.5.xml:483 msgid "" "Specifies the timeout (in seconds) that ldap searches for user and group " "enumerations are allowed to run before they are cancelled and cached results " @@ -7285,12 +7309,12 @@ msgstr "" "fuera de línea)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:500 +#: sssd-ldap.5.xml:501 msgid "ldap_network_timeout (integer)" msgstr "ldap_network_timeout (entero)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:503 +#: sssd-ldap.5.xml:504 msgid "" "Specifies the timeout (in seconds) after which the <citerefentry> " "<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/" @@ -7307,12 +7331,12 @@ msgstr "" "citerefentry> vuelve en caso de no actividad." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:531 +#: sssd-ldap.5.xml:532 msgid "ldap_opt_timeout (integer)" msgstr "ldap_opt_timeout (entero)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:534 +#: sssd-ldap.5.xml:535 msgid "" "Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs " "will abort if no response is received. Also controls the timeout when " @@ -7326,12 +7350,12 @@ msgstr "" "cambio extendido de contraseña y las operación StartTLS." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:554 +#: sssd-ldap.5.xml:555 msgid "ldap_connection_expire_timeout (integer)" msgstr "ldap_connection_expire_timeout (entero)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:557 +#: sssd-ldap.5.xml:558 msgid "" "Specifies a timeout (in seconds) that a connection to an LDAP server will be " "maintained. After this time, the connection will be re-established. If used " @@ -7344,7 +7368,7 @@ msgstr "" "temprano (este valor contra el tiempo de vida TGT)." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:565 +#: sssd-ldap.5.xml:566 msgid "" "If the connection is idle (not actively running an operation) within " "<emphasis>ldap_opt_timeout</emphasis> seconds of expiration, then it will be " @@ -7355,38 +7379,38 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:577 +#: sssd-ldap.5.xml:578 msgid "" "This timeout can be extended of a random value specified by " "<emphasis>ldap_connection_expire_offset</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:587 sssd-ldap.5.xml:630 sssd-ldap.5.xml:1711 +#: sssd-ldap.5.xml:588 sssd-ldap.5.xml:631 sssd-ldap.5.xml:1713 msgid "Default: 900 (15 minutes)" msgstr "Predeterminado: 900 (15 minutos)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:593 +#: sssd-ldap.5.xml:594 msgid "ldap_connection_expire_offset (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:596 +#: sssd-ldap.5.xml:597 msgid "" "Random offset between 0 and configured value is added to " "<emphasis>ldap_connection_expire_timeout</emphasis>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:612 +#: sssd-ldap.5.xml:613 #, fuzzy #| msgid "ldap_connection_expire_timeout (integer)" msgid "ldap_connection_idle_timeout (integer)" msgstr "ldap_connection_expire_timeout (entero)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:615 +#: sssd-ldap.5.xml:616 #, fuzzy #| msgid "" #| "Specifies a timeout (in seconds) that a connection to an LDAP server will " @@ -7404,17 +7428,17 @@ msgstr "" "temprano (este valor contra el tiempo de vida TGT)." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:621 +#: sssd-ldap.5.xml:622 msgid "You can disable this timeout by setting the value to 0." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:636 +#: sssd-ldap.5.xml:637 msgid "ldap_page_size (integer)" msgstr "ldap_page_size (entero)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:639 +#: sssd-ldap.5.xml:640 msgid "" "Specify the number of records to retrieve from LDAP in a single request. " "Some LDAP servers enforce a maximum limit per-request." @@ -7423,12 +7447,12 @@ msgstr "" "Algunos servidores LDAP hacen cumplir un límite máximo por petición." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:650 +#: sssd-ldap.5.xml:651 msgid "ldap_disable_paging (boolean)" msgstr "ldap_disable_paging (booleano)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:653 +#: sssd-ldap.5.xml:654 msgid "" "Disable the LDAP paging control. This option should be used if the LDAP " "server reports that it supports the LDAP paging control in its RootDSE but " @@ -7439,7 +7463,7 @@ msgstr "" "RootDSE pero no está habilitado o no se comporta apropiadamente." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:659 +#: sssd-ldap.5.xml:660 msgid "" "Example: OpenLDAP servers with the paging control module installed on the " "server but not enabled will report it in the RootDSE but be unable to use it." @@ -7449,7 +7473,7 @@ msgstr "" "pero es incapaz de usarlo." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:665 +#: sssd-ldap.5.xml:666 msgid "" "Example: 389 DS has a bug where it can only support a one paging control at " "a time on a single connection. On busy clients, this can result in some " @@ -7460,17 +7484,17 @@ msgstr "" "puede ocasionar que algunas peticiones sean denegadas." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:677 +#: sssd-ldap.5.xml:678 msgid "ldap_disable_range_retrieval (boolean)" msgstr "ldap_disable_range_retrieval (booleano)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:680 +#: sssd-ldap.5.xml:681 msgid "Disable Active Directory range retrieval." msgstr "Deshabilitar la recuperación del rango de Active Directory." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:683 +#: sssd-ldap.5.xml:684 msgid "" "Active Directory limits the number of members to be retrieved in a single " "lookup using the MaxValRange policy (which defaults to 1500 members). If a " @@ -7486,12 +7510,12 @@ msgstr "" "miembros." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:698 +#: sssd-ldap.5.xml:699 msgid "ldap_sasl_minssf (integer)" msgstr "ldap_sasl_minssf (entero)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:701 +#: sssd-ldap.5.xml:702 msgid "" "When communicating with an LDAP server using SASL, specify the minimum " "security level necessary to establish the connection. The values of this " @@ -7502,19 +7526,19 @@ msgstr "" "de esta opción son definidos por OpenLDAP." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:707 sssd-ldap.5.xml:723 +#: sssd-ldap.5.xml:708 sssd-ldap.5.xml:724 msgid "Default: Use the system default (usually specified by ldap.conf)" msgstr "" "Por defecto: Usa el sistema por defecto (normalmente especificado por ldap." "conf)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:714 +#: sssd-ldap.5.xml:715 msgid "ldap_sasl_maxssf (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:717 +#: sssd-ldap.5.xml:718 msgid "" "When communicating with an LDAP server using SASL, specify the maximal " "security level necessary to establish the connection. The values of this " @@ -7522,12 +7546,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:730 +#: sssd-ldap.5.xml:731 msgid "ldap_deref_threshold (integer)" msgstr "ldap_deref_threshold (entero)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:733 +#: sssd-ldap.5.xml:734 msgid "" "Specify the number of group members that must be missing from the internal " "cache in order to trigger a dereference lookup. If less members are missing, " @@ -7538,7 +7562,7 @@ msgstr "" "deference. Si hay menos miembros desaparecidos, se buscarán individualmente." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:739 +#: sssd-ldap.5.xml:740 msgid "" "You can turn off dereference lookups completely by setting the value to 0. " "Please note that there are some codepaths in SSSD, like the IPA HBAC " @@ -7555,7 +7579,7 @@ msgstr "" "lo soporta y auncia el control de la desreferencia en el objeto rootDSE." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:750 +#: sssd-ldap.5.xml:751 msgid "" "A dereference lookup is a means of fetching all group members in a single " "LDAP call. Different LDAP servers may implement different dereference " @@ -7568,7 +7592,7 @@ msgstr "" "soportados son 389/RHDS, OpenLDAP y Active Directory." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:758 +#: sssd-ldap.5.xml:759 msgid "" "<emphasis>Note:</emphasis> If any of the search bases specifies a search " "filter, then the dereference lookup performance enhancement will be disabled " @@ -7579,14 +7603,14 @@ msgstr "" "será deshabilitado sin tener en cuenta este ajuste." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:771 +#: sssd-ldap.5.xml:772 #, fuzzy #| msgid "ad_gpo_ignore_unreadable (boolean)" msgid "ldap_ignore_unreadable_references (bool)" msgstr "ad_gpo_ignore_unreadable (booleano)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:774 +#: sssd-ldap.5.xml:775 msgid "" "Ignore unreadable LDAP entries referenced in group's member attribute. If " "this parameter is set to false an error will be returned and the operation " @@ -7594,7 +7618,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:781 +#: sssd-ldap.5.xml:782 msgid "" "This parameter may be useful when using the AD provider and the computer " "account that sssd uses to connect to AD does not have access to a particular " @@ -7602,12 +7626,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:794 +#: sssd-ldap.5.xml:795 msgid "ldap_tls_reqcert (string)" msgstr "ldap_tls_reqcert (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:797 +#: sssd-ldap.5.xml:798 msgid "" "Specifies what checks to perform on server certificates in a TLS session, if " "any. It can be specified as one of the following values:" @@ -7617,7 +7641,7 @@ msgstr "" "los siguientes valores:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:803 +#: sssd-ldap.5.xml:804 msgid "" "<emphasis>never</emphasis> = The client will not request or check any server " "certificate." @@ -7626,7 +7650,7 @@ msgstr "" "certificado de servidor." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:807 +#: sssd-ldap.5.xml:808 msgid "" "<emphasis>allow</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -7637,7 +7661,7 @@ msgstr "" "certificado malo, será ignorado y la sesión continua normalmente." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:814 +#: sssd-ldap.5.xml:815 msgid "" "<emphasis>try</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -7648,7 +7672,7 @@ msgstr "" "certificado malo, la sesión se termina inmediatamente." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:820 +#: sssd-ldap.5.xml:821 msgid "" "<emphasis>demand</emphasis> = The server certificate is requested. If no " "certificate is provided, or a bad certificate is provided, the session is " @@ -7659,22 +7683,22 @@ msgstr "" "termina inmediatamente." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:826 +#: sssd-ldap.5.xml:827 msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>" msgstr "<emphasis>hard</emphasis> = Igual que <quote>demand</quote>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:830 +#: sssd-ldap.5.xml:831 msgid "Default: hard" msgstr "Predeterminado: hard" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:836 +#: sssd-ldap.5.xml:837 msgid "ldap_tls_cacert (string)" msgstr "ldap_tls_cacert (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:839 +#: sssd-ldap.5.xml:840 msgid "" "Specifies the file that contains certificates for all of the Certificate " "Authorities that <command>sssd</command> will recognize." @@ -7683,7 +7707,7 @@ msgstr "" "de Certificación que <command>sssd</command> reconocerá." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:844 sssd-ldap.5.xml:862 sssd-ldap.5.xml:903 +#: sssd-ldap.5.xml:845 sssd-ldap.5.xml:863 sssd-ldap.5.xml:904 msgid "" "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap." "conf</filename>" @@ -7692,12 +7716,12 @@ msgstr "" "etc/openldap/ldap.conf</filename>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:851 +#: sssd-ldap.5.xml:852 msgid "ldap_tls_cacertdir (string)" msgstr "ldap_tls_cacertdir (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:854 +#: sssd-ldap.5.xml:855 msgid "" "Specifies the path of a directory that contains Certificate Authority " "certificates in separate individual files. Typically the file names need to " @@ -7711,33 +7735,33 @@ msgstr "" "para crear los nombres correctos." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:869 +#: sssd-ldap.5.xml:870 msgid "ldap_tls_cert (string)" msgstr "ldap_tls_cert (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:872 +#: sssd-ldap.5.xml:873 msgid "Specifies the file that contains the certificate for the client's key." msgstr "" "Especifica el fichero que contiene el certificado para la clave del cliente." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:882 +#: sssd-ldap.5.xml:883 msgid "ldap_tls_key (string)" msgstr "ldap_tls_key (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:885 +#: sssd-ldap.5.xml:886 msgid "Specifies the file that contains the client's key." msgstr "Especifica el archivo que contiene la clave del cliente." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:894 +#: sssd-ldap.5.xml:895 msgid "ldap_tls_cipher_suite (string)" msgstr "ldap_tls_cipher_suite (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:897 +#: sssd-ldap.5.xml:898 msgid "" "Specifies acceptable cipher suites. Typically this is a colon separated " "list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> " @@ -7748,26 +7772,31 @@ msgstr "" "conf</refentrytitle> <manvolnum>5</manvolnum></citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:910 +#: sssd-ldap.5.xml:911 msgid "ldap_id_use_start_tls (boolean)" msgstr "ldap_id_use_start_tls (booleano)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:913 +#: sssd-ldap.5.xml:914 +#, fuzzy +#| msgid "" +#| "Specifies that the id_provider connection must also use <systemitem " +#| "class=\"protocol\">tls</systemitem> to protect the channel." msgid "" "Specifies that the id_provider connection must also use <systemitem " -"class=\"protocol\">tls</systemitem> to protect the channel." +"class=\"protocol\">tls</systemitem> to protect the channel. <emphasis>true</" +"emphasis> is strongly recommended for security reasons." msgstr "" "Especifica que la id_de proveedor de la conexión debe también utilizar " "<systemitem class=\"protocol\">tls</systemitem> para proteger el canal." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:923 +#: sssd-ldap.5.xml:925 msgid "ldap_id_mapping (boolean)" msgstr "ldap_id_mapping (booleano)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:926 +#: sssd-ldap.5.xml:928 msgid "" "Specifies that SSSD should attempt to map user and group IDs from the " "ldap_user_objectsid and ldap_group_objectsid attributes instead of relying " @@ -7778,18 +7807,18 @@ msgstr "" "ldap_user_uid_number y ldap_group_gid_number." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:932 +#: sssd-ldap.5.xml:934 msgid "Currently this feature supports only ActiveDirectory objectSID mapping." msgstr "" "Actualmente está función soporta sólo mapeos de objectSID de ActiveDirectory." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:942 +#: sssd-ldap.5.xml:944 msgid "ldap_min_id, ldap_max_id (integer)" msgstr "ldap_min_id, ldap_max_id (entero)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:945 +#: sssd-ldap.5.xml:947 msgid "" "In contrast to the SID based ID mapping which is used if ldap_id_mapping is " "set to true the allowed ID range for ldap_user_uid_number and " @@ -7807,17 +7836,17 @@ msgstr "" "el servidor. Los subdominios pueden elegir otros rangos para asignar IDs." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:957 +#: sssd-ldap.5.xml:959 msgid "Default: not set (both options are set to 0)" msgstr "Predeterminado: no establecido (ambas opciones se establecen a 0)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:963 +#: sssd-ldap.5.xml:965 msgid "ldap_sasl_mech (string)" msgstr "ldap_sasl_mech (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:966 +#: sssd-ldap.5.xml:968 msgid "" "Specify the SASL mechanism to use. Currently only GSSAPI and GSS-SPNEGO are " "tested and supported." @@ -7826,7 +7855,7 @@ msgstr "" "soportados GSSAPI y GSS-SPNEGO." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:970 +#: sssd-ldap.5.xml:972 msgid "" "If the backend supports sub-domains the value of ldap_sasl_mech is " "automatically inherited to the sub-domains. If a different value is needed " @@ -7843,12 +7872,12 @@ msgstr "" "manvolnum></citerefentry> para más detalles." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:986 +#: sssd-ldap.5.xml:988 msgid "ldap_sasl_authid (string)" msgstr "ldap_sasl_authid (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd-ldap.5.xml:998 +#: sssd-ldap.5.xml:1000 #, no-wrap msgid "" "hostname@REALM\n" @@ -7868,7 +7897,7 @@ msgstr "" " " #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:989 +#: sssd-ldap.5.xml:991 msgid "" "Specify the SASL authorization id to use. When GSSAPI/GSS-SPNEGO are used, " "this represents the Kerberos principal used for authentication to the " @@ -7888,17 +7917,17 @@ msgstr "" "principal en la pestaña." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1009 +#: sssd-ldap.5.xml:1011 msgid "Default: host/hostname@REALM" msgstr "Por defecto: host/nombre_de_host@REALM" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1015 +#: sssd-ldap.5.xml:1017 msgid "ldap_sasl_realm (string)" msgstr "ldap_sasl_realm (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1018 +#: sssd-ldap.5.xml:1020 msgid "" "Specify the SASL realm to use. When not specified, this option defaults to " "the value of krb5_realm. If the ldap_sasl_authid contains the realm as " @@ -7909,17 +7938,17 @@ msgstr "" "reino también, esta opción se ignora." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1024 +#: sssd-ldap.5.xml:1026 msgid "Default: the value of krb5_realm." msgstr "Por defecto: el valor de krb5_realm." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1030 +#: sssd-ldap.5.xml:1032 msgid "ldap_sasl_canonicalize (boolean)" msgstr "ldap_sasl_canonicalize (boolean)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1033 +#: sssd-ldap.5.xml:1035 msgid "" "If set to true, the LDAP library would perform a reverse lookup to " "canonicalize the host name during a SASL bind." @@ -7928,34 +7957,34 @@ msgstr "" "para para canocalizar el nombre de host durante una unión SASL." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1038 +#: sssd-ldap.5.xml:1040 msgid "Default: false;" msgstr "Predeterminado: false;" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1044 +#: sssd-ldap.5.xml:1046 msgid "ldap_krb5_keytab (string)" msgstr "ldap_krb5_keytab (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1047 +#: sssd-ldap.5.xml:1049 msgid "Specify the keytab to use when using SASL/GSSAPI/GSS-SPNEGO." msgstr "Especifica la pestaña a usar cuando se utiliza SASL/GSSAPI/GSS-SPNEGO." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1056 sssd-krb5.5.xml:247 +#: sssd-ldap.5.xml:1058 sssd-krb5.5.xml:247 msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>" msgstr "" "Por defecto: Keytab del sistema, normalmente <filename>/etc/krb5.keytab</" "filename>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1062 +#: sssd-ldap.5.xml:1064 msgid "ldap_krb5_init_creds (boolean)" msgstr "ldap_krb5_init_creds (booleano)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1065 +#: sssd-ldap.5.xml:1067 msgid "" "Specifies that the id_provider should init Kerberos credentials (TGT). This " "action is performed only if SASL is used and the mechanism selected is " @@ -7966,12 +7995,12 @@ msgstr "" "es GSSAPI o GSS-SPNEGO." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1077 +#: sssd-ldap.5.xml:1079 msgid "ldap_krb5_ticket_lifetime (integer)" msgstr "ldap_krb5_ticket_lifetime (entero)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1080 +#: sssd-ldap.5.xml:1082 msgid "" "Specifies the lifetime in seconds of the TGT if GSSAPI or GSS-SPNEGO is used." msgstr "" @@ -7979,17 +8008,17 @@ msgstr "" "SPNEGO." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1089 sssd-ad.5.xml:1252 +#: sssd-ldap.5.xml:1091 sssd-ad.5.xml:1252 msgid "Default: 86400 (24 hours)" msgstr "Predeterminado: 86400 (24 horas)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1095 sssd-krb5.5.xml:74 +#: sssd-ldap.5.xml:1097 sssd-krb5.5.xml:74 msgid "krb5_server, krb5_backup_server (string)" msgstr "krb5_server, krb5_backup_server (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1098 +#: sssd-ldap.5.xml:1100 msgid "" "Specifies the comma-separated list of IP addresses or hostnames of the " "Kerberos servers to which SSSD should connect in the order of preference. " @@ -8008,7 +8037,7 @@ msgstr "" "información, vea la sección <quote>SERVICE DISCOVERY</quote>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1110 sssd-krb5.5.xml:89 +#: sssd-ldap.5.xml:1112 sssd-krb5.5.xml:89 msgid "" "When using service discovery for KDC or kpasswd servers, SSSD first searches " "for DNS entries that specify _udp as the protocol and falls back to _tcp if " @@ -8019,7 +8048,7 @@ msgstr "" "regresa a _tcp si no se encuentra nada." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1115 sssd-krb5.5.xml:94 +#: sssd-ldap.5.xml:1117 sssd-krb5.5.xml:94 msgid "" "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. " "While the legacy name is recognized for the time being, users are advised to " @@ -8031,30 +8060,30 @@ msgstr "" "configuración para usar <quote>krb5_server</quote> en su lugar." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1124 sssd-ipa.5.xml:526 sssd-krb5.5.xml:103 +#: sssd-ldap.5.xml:1126 sssd-ipa.5.xml:531 sssd-krb5.5.xml:103 msgid "krb5_realm (string)" msgstr "krb5_realm (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1127 +#: sssd-ldap.5.xml:1129 msgid "Specify the Kerberos REALM (for SASL/GSSAPI/GSS-SPNEGO auth)." msgstr "" "Especifica el REALM Kerberos (para autorización SASL/GSSAPI/GSS-SPNEGO)." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1131 +#: sssd-ldap.5.xml:1133 msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>" msgstr "" "Predeterminado: Predeterminados del sistema, vea <filename>/etc/krb5.conf</" "filename>" #. type: Content of: <variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1137 include/krb5_options.xml:154 +#: sssd-ldap.5.xml:1139 include/krb5_options.xml:154 msgid "krb5_canonicalize (boolean)" msgstr "krb5_canonicalize (boolean)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1140 +#: sssd-ldap.5.xml:1142 msgid "" "Specifies if the host principal should be canonicalized when connecting to " "LDAP server. This feature is available with MIT Kerberos >= 1.7" @@ -8063,12 +8092,12 @@ msgstr "" "servidor LDAP. Esta función está disponible con MIT Kerberos >= 1.7" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1152 sssd-krb5.5.xml:336 +#: sssd-ldap.5.xml:1154 sssd-krb5.5.xml:336 msgid "krb5_use_kdcinfo (boolean)" msgstr "krb5_use_kdcinfo (booleano)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1155 sssd-krb5.5.xml:339 +#: sssd-ldap.5.xml:1157 sssd-krb5.5.xml:339 msgid "" "Specifies if the SSSD should instruct the Kerberos libraries what realm and " "which KDCs to use. This option is on by default, if you disable it, you need " @@ -8083,7 +8112,7 @@ msgstr "" "manvolnum> </citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1166 sssd-krb5.5.xml:350 +#: sssd-ldap.5.xml:1168 sssd-krb5.5.xml:350 msgid "" "See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</" "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more " @@ -8095,12 +8124,12 @@ msgstr "" "localizador." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1180 +#: sssd-ldap.5.xml:1182 msgid "ldap_pwd_policy (string)" msgstr "ldap_pwd_policy (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1183 +#: sssd-ldap.5.xml:1185 msgid "" "Select the policy to evaluate the password expiration on the client side. " "The following values are allowed:" @@ -8109,7 +8138,7 @@ msgstr "" "del cliente. Los siguientes valores son permitidos:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1188 +#: sssd-ldap.5.xml:1190 msgid "" "<emphasis>none</emphasis> - No evaluation on the client side. This option " "cannot disable server-side password policies." @@ -8118,7 +8147,7 @@ msgstr "" "no puede deshabilitar las políticas de password en el lado servidor." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1193 +#: sssd-ldap.5.xml:1195 #, fuzzy #| msgid "" #| "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</" @@ -8135,7 +8164,7 @@ msgstr "" "manvolnum></citerefentry> para evaluar si la contraseña ha expirado." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1201 +#: sssd-ldap.5.xml:1203 msgid "" "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos " "to determine if the password has expired. Use chpass_provider=krb5 to update " @@ -8147,7 +8176,7 @@ msgstr "" "password." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1210 +#: sssd-ldap.5.xml:1212 msgid "" "<emphasis>Note</emphasis>: if a password policy is configured on server " "side, it always takes precedence over policy set with this option." @@ -8157,19 +8186,19 @@ msgstr "" "establecida por esta opción." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1218 +#: sssd-ldap.5.xml:1220 msgid "ldap_referrals (boolean)" msgstr "ldap_referrals (boolean)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1221 +#: sssd-ldap.5.xml:1223 msgid "Specifies whether automatic referral chasing should be enabled." msgstr "" "Especifica si el seguimiento de referencias automático debería ser " "habilitado." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1225 +#: sssd-ldap.5.xml:1227 msgid "" "Please note that sssd only supports referral chasing when it is compiled " "with OpenLDAP version 2.4.13 or higher." @@ -8178,7 +8207,7 @@ msgstr "" "está compilado con OpenLDAP versión 2.4.13 o más alta." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1230 +#: sssd-ldap.5.xml:1232 #, fuzzy #| msgid "" #| "Chasing referrals may incur a performance penalty in environments that " @@ -8201,29 +8230,29 @@ msgstr "" "esta opción a false le llevará a una notable mejora de rendimiento." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1249 +#: sssd-ldap.5.xml:1251 msgid "ldap_dns_service_name (string)" msgstr "ldap_dns_service_name (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1252 +#: sssd-ldap.5.xml:1254 msgid "Specifies the service name to use when service discovery is enabled." msgstr "" "Especifica el nombre del servicio para utilizar cuando está habilitado el " "servicio de descubrimiento." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1256 +#: sssd-ldap.5.xml:1258 msgid "Default: ldap" msgstr "Predeterminado: ldap" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1262 +#: sssd-ldap.5.xml:1264 msgid "ldap_chpass_dns_service_name (string)" msgstr "ldap_chpass_dns_service_name (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1265 +#: sssd-ldap.5.xml:1267 msgid "" "Specifies the service name to use to find an LDAP server which allows " "password changes when service discovery is enabled." @@ -8233,17 +8262,17 @@ msgstr "" "descubrimiento." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1270 +#: sssd-ldap.5.xml:1272 msgid "Default: not set, i.e. service discovery is disabled" msgstr "Por defecto: no fijado, esto es servicio descubridor deshabilitado." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1276 +#: sssd-ldap.5.xml:1278 msgid "ldap_chpass_update_last_change (bool)" msgstr "ldap_chpass_update_last_change (booleano)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1279 +#: sssd-ldap.5.xml:1281 msgid "" "Specifies whether to update the ldap_user_shadow_last_change attribute with " "days since the Epoch after a password change operation." @@ -8252,7 +8281,7 @@ msgstr "" "desde el Epoch después de una operación de cambio de contraseña." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1285 +#: sssd-ldap.5.xml:1287 msgid "" "It is recommend to set this option explicitly if \"ldap_pwd_policy = " "shadow\" is used to let SSSD know if the LDAP server will update " @@ -8261,12 +8290,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1299 +#: sssd-ldap.5.xml:1301 msgid "ldap_access_filter (string)" msgstr "ldap_access_filter (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1302 +#: sssd-ldap.5.xml:1304 msgid "" "If using access_provider = ldap and ldap_access_order = filter (default), " "this option is mandatory. It specifies an LDAP search filter criteria that " @@ -8294,12 +8323,12 @@ msgstr "" "refentrytitle><manvolnum>5</manvolnum> </citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1322 +#: sssd-ldap.5.xml:1324 msgid "Example:" msgstr "Ejemplo:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> -#: sssd-ldap.5.xml:1325 +#: sssd-ldap.5.xml:1327 #, no-wrap msgid "" "access_provider = ldap\n" @@ -8311,7 +8340,7 @@ msgstr "" " " #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1329 +#: sssd-ldap.5.xml:1331 msgid "" "This example means that access to this host is restricted to users whose " "employeeType attribute is set to \"admin\"." @@ -8320,7 +8349,7 @@ msgstr "" "usuarios cuyo atributo employeeType esté establecido a \"admin\"." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1334 +#: sssd-ldap.5.xml:1336 msgid "" "Offline caching for this feature is limited to determining whether the " "user's last online login was granted access permission. If they were granted " @@ -8333,17 +8362,17 @@ msgstr "" "se les seguirán otorgando acceso sin conexión y viceversa." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1342 sssd-ldap.5.xml:1398 +#: sssd-ldap.5.xml:1344 sssd-ldap.5.xml:1400 msgid "Default: Empty" msgstr "Predeterminado: vacío" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1348 +#: sssd-ldap.5.xml:1350 msgid "ldap_account_expire_policy (string)" msgstr "ldap_account_expire_policy (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1351 +#: sssd-ldap.5.xml:1353 msgid "" "With this option a client side evaluation of access control attributes can " "be enabled." @@ -8352,7 +8381,7 @@ msgstr "" "control de acceso del lado cliente." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1355 +#: sssd-ldap.5.xml:1357 msgid "" "Please note that it is always recommended to use server side access control, " "i.e. the LDAP server should deny the bind request with a suitable error code " @@ -8363,12 +8392,12 @@ msgstr "" "una código de error definible aunque el password sea correcto." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1362 +#: sssd-ldap.5.xml:1364 msgid "The following values are allowed:" msgstr "Los siguientes valores están permitidos:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1365 +#: sssd-ldap.5.xml:1367 msgid "" "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to " "determine if the account is expired." @@ -8377,7 +8406,7 @@ msgstr "" "determinar si la cuenta ha expirado." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1370 +#: sssd-ldap.5.xml:1372 msgid "" "<emphasis>ad</emphasis>: use the value of the 32bit field " "ldap_user_ad_user_account_control and allow access if the second bit is not " @@ -8390,7 +8419,7 @@ msgstr "" "se comprueba el tiempo de expiración de la cuenta." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1377 +#: sssd-ldap.5.xml:1379 msgid "" "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</" "emphasis>: use the value of ldap_ns_account_lock to check if access is " @@ -8401,7 +8430,7 @@ msgstr "" "el acceso o no." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1383 +#: sssd-ldap.5.xml:1385 msgid "" "<emphasis>nds</emphasis>: the values of " "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and " @@ -8414,7 +8443,7 @@ msgstr "" "permitido. Si ambos atributos están desaparecidos se concede el acceso." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1391 +#: sssd-ldap.5.xml:1393 msgid "" "Please note that the ldap_access_order configuration option <emphasis>must</" "emphasis> include <quote>expire</quote> in order for the " @@ -8425,24 +8454,24 @@ msgstr "" "la opción ldap_account_expire_policy funcione." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1404 +#: sssd-ldap.5.xml:1406 msgid "ldap_access_order (string)" msgstr "ldap_access_order (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1407 sssd-ipa.5.xml:351 +#: sssd-ldap.5.xml:1409 sssd-ipa.5.xml:356 msgid "Comma separated list of access control options. Allowed values are:" msgstr "" "Lista separada por coma de opciones de control de acceso. Los valores " "permitidos son:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1411 +#: sssd-ldap.5.xml:1413 msgid "<emphasis>filter</emphasis>: use ldap_access_filter" msgstr "<emphasis>filtro</emphasis>: utilizar ldap_access_filter" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1414 +#: sssd-ldap.5.xml:1416 msgid "" "<emphasis>lockout</emphasis>: use account locking. If set, this option " "denies access in case that ldap attribute 'pwdAccountLockedTime' is present " @@ -8458,7 +8487,7 @@ msgstr "" "funciones." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1424 +#: sssd-ldap.5.xml:1426 msgid "" "<emphasis> Please note that this option is superseded by the <quote>ppolicy</" "quote> option and might be removed in a future release. </emphasis>" @@ -8468,7 +8497,7 @@ msgstr "" "</emphasis>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1431 +#: sssd-ldap.5.xml:1433 msgid "" "<emphasis>ppolicy</emphasis>: use account locking. If set, this option " "denies access in case that ldap attribute 'pwdAccountLockedTime' is present " @@ -8490,12 +8519,12 @@ msgstr "" "estar establecido para que esta característica funcione." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1448 +#: sssd-ldap.5.xml:1450 msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" msgstr "<emphasis>caducar</emphasis>: utilizar ldap_account_expire_policy" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1452 sssd-ipa.5.xml:359 +#: sssd-ldap.5.xml:1454 sssd-ipa.5.xml:364 msgid "" "<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, " "pwd_expire_policy_renew: </emphasis> These options are useful if users are " @@ -8510,31 +8539,31 @@ msgstr "" "método distinto a las contraseñas - por ejemplo claves SSH." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1462 sssd-ipa.5.xml:369 +#: sssd-ldap.5.xml:1464 sssd-ipa.5.xml:374 msgid "" "The difference between these options is the action taken if user password is " "expired:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:1467 sssd-ipa.5.xml:374 +#: sssd-ldap.5.xml:1469 sssd-ipa.5.xml:379 msgid "pwd_expire_policy_reject - user is denied to log in," msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:1473 sssd-ipa.5.xml:380 +#: sssd-ldap.5.xml:1475 sssd-ipa.5.xml:385 msgid "pwd_expire_policy_warn - user is still able to log in," msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:1479 sssd-ipa.5.xml:386 +#: sssd-ldap.5.xml:1481 sssd-ipa.5.xml:391 msgid "" "pwd_expire_policy_renew - user is prompted to change their password " "immediately." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1487 +#: sssd-ldap.5.xml:1489 msgid "" "Please note that 'access_provider = ldap' must be set for this feature to " "work. Also 'ldap_pwd_policy' must be set to an appropriate password policy." @@ -8544,7 +8573,7 @@ msgstr "" "para una política de contraseña apropiada." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1492 +#: sssd-ldap.5.xml:1494 msgid "" "<emphasis>authorized_service</emphasis>: use the authorizedService attribute " "to determine access" @@ -8553,13 +8582,13 @@ msgstr "" "autorizedService para determinar el acceso" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1497 +#: sssd-ldap.5.xml:1499 msgid "<emphasis>host</emphasis>: use the host attribute to determine access" msgstr "" "<emphasis>host</emphasis>: usa el atributo host para determinar el acceso" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1501 +#: sssd-ldap.5.xml:1503 msgid "" "<emphasis>rhost</emphasis>: use the rhost attribute to determine whether " "remote host can access" @@ -8568,7 +8597,7 @@ msgstr "" "host remoto puede acceder" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1505 +#: sssd-ldap.5.xml:1507 msgid "" "Please note, rhost field in pam is set by application, it is better to check " "what the application sends to pam, before enabling this access control option" @@ -8578,12 +8607,12 @@ msgstr "" "opción de control de acceso" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1510 +#: sssd-ldap.5.xml:1512 msgid "Default: filter" msgstr "Predeterminado: filter" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1513 +#: sssd-ldap.5.xml:1515 msgid "" "Please note that it is a configuration error if a value is used more than " "once." @@ -8592,12 +8621,12 @@ msgstr "" "una vez." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1520 +#: sssd-ldap.5.xml:1522 msgid "ldap_pwdlockout_dn (string)" msgstr "ldap_pwdlockout_dn (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1523 +#: sssd-ldap.5.xml:1525 msgid "" "This option specifies the DN of password policy entry on LDAP server. Please " "note that absence of this option in sssd.conf in case of enabled account " @@ -8611,22 +8640,22 @@ msgstr "" "LDAP no pueden verificarse correctamente." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1531 +#: sssd-ldap.5.xml:1533 msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com" msgstr "Ejemplo: cn=ppolicy,ou=policies,dc=example,dc=com" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1534 +#: sssd-ldap.5.xml:1536 msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base" msgstr "Predeterminado: cn=ppolicy,ou=policies,$ldap_search_base" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1540 +#: sssd-ldap.5.xml:1542 msgid "ldap_deref (string)" msgstr "ldap_deref (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1543 +#: sssd-ldap.5.xml:1545 msgid "" "Specifies how alias dereferencing is done when performing a search. The " "following options are allowed:" @@ -8635,13 +8664,13 @@ msgstr "" "lleva a cabo una búsqueda. Están permitidas las siguientes opciones:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1548 +#: sssd-ldap.5.xml:1550 msgid "<emphasis>never</emphasis>: Aliases are never dereferenced." msgstr "" "<emphasis>never</emphasis>: Nunca serán eliminadas las referencias al alias." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1552 +#: sssd-ldap.5.xml:1554 msgid "" "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of " "the base object, but not in locating the base object of the search." @@ -8651,7 +8680,7 @@ msgstr "" "búsqueda." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1557 +#: sssd-ldap.5.xml:1559 msgid "" "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating " "the base object of the search." @@ -8660,7 +8689,7 @@ msgstr "" "cuando se localice el objeto base de la búsqueda." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1562 +#: sssd-ldap.5.xml:1564 msgid "" "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and " "in locating the base object of the search." @@ -8669,7 +8698,7 @@ msgstr "" "para la búsqueda como en la localización del objeto base de la búsqueda." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1567 +#: sssd-ldap.5.xml:1569 msgid "" "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP " "client libraries)" @@ -8678,12 +8707,12 @@ msgstr "" "librerías cliente LDAP)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1575 +#: sssd-ldap.5.xml:1577 msgid "ldap_rfc2307_fallback_to_local_users (boolean)" msgstr "ldap_rfc2307_fallback_to_local_users (boolean)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1578 +#: sssd-ldap.5.xml:1580 msgid "" "Allows to retain local users as members of an LDAP group for servers that " "use the RFC2307 schema." @@ -8692,7 +8721,7 @@ msgstr "" "servidores que usan el esquema RFC2307." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1582 +#: sssd-ldap.5.xml:1584 msgid "" "In some environments where the RFC2307 schema is used, local users are made " "members of LDAP groups by adding their names to the memberUid attribute. " @@ -8710,7 +8739,7 @@ msgstr "" "llamadas getpw*() o initgroups()." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1593 +#: sssd-ldap.5.xml:1595 msgid "" "This option falls back to checking if local users are referenced, and caches " "them so that later initgroups() calls will augment the local users with the " @@ -8721,12 +8750,12 @@ msgstr "" "initgroups() aumentará los usuarios locales con los grupos LDAP adicionales." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1605 sssd-ifp.5.xml:152 +#: sssd-ldap.5.xml:1607 sssd-ifp.5.xml:152 msgid "wildcard_limit (integer)" msgstr "wildcard_limit (entero)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1608 +#: sssd-ldap.5.xml:1610 msgid "" "Specifies an upper limit on the number of entries that are downloaded during " "a wildcard lookup." @@ -8735,46 +8764,46 @@ msgstr "" "descargadas durante una búsqueda de comodín." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1612 +#: sssd-ldap.5.xml:1614 msgid "At the moment, only the InfoPipe responder supports wildcard lookups." msgstr "" "En este momento solo el respondedor InfoPipe soporta búsqueda de comodín" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1616 +#: sssd-ldap.5.xml:1618 msgid "Default: 1000 (often the size of one page)" msgstr "Predeterminado: 1000 (frecuentemente el tamaño de una página)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1622 +#: sssd-ldap.5.xml:1624 #, fuzzy #| msgid "debug_level (integer)" msgid "ldap_library_debug_level (integer)" msgstr "debug_level (entero)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1625 +#: sssd-ldap.5.xml:1627 msgid "" "Switches on libldap debugging with the given level. The libldap debug " "messages will be written independent of the general debug_level." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1630 +#: sssd-ldap.5.xml:1632 msgid "" "OpenLDAP uses a bitmap to enable debugging for specific components, -1 will " "enable full debug output." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1635 +#: sssd-ldap.5.xml:1637 #, fuzzy #| msgid "Default: 0 (disabled)" msgid "Default: 0 (libldap debugging disabled)" msgstr "Predeterminado: 0 (deshabilitado)" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:51 +#: sssd-ldap.5.xml:52 msgid "" "All of the common configuration options that apply to SSSD domains also " "apply to LDAP domains. Refer to the <quote>DOMAIN SECTIONS</quote> section " @@ -8794,12 +8823,12 @@ msgstr "" "type=\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1645 +#: sssd-ldap.5.xml:1647 msgid "SUDO OPTIONS" msgstr "OPCIONES SUDO" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1647 +#: sssd-ldap.5.xml:1649 msgid "" "The detailed instructions for configuration of sudo_provider are in the " "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " @@ -8810,12 +8839,12 @@ msgstr "" "<manvolnum>5</manvolnum> </citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1658 +#: sssd-ldap.5.xml:1660 msgid "ldap_sudo_full_refresh_interval (integer)" msgstr "ldap_sudo_full_refresh_interval (entero)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1661 +#: sssd-ldap.5.xml:1663 msgid "" "How many seconds SSSD will wait between executing a full refresh of sudo " "rules (which downloads all rules that are stored on the server)." @@ -8825,7 +8854,7 @@ msgstr "" "servidor)." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1666 +#: sssd-ldap.5.xml:1668 msgid "" "The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </" "emphasis>" @@ -8834,24 +8863,24 @@ msgstr "" "emphasis>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1671 +#: sssd-ldap.5.xml:1673 msgid "" "You can disable full refresh by setting this option to 0. However, either " "smart or full refresh must be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1676 +#: sssd-ldap.5.xml:1678 msgid "Default: 21600 (6 hours)" msgstr "Por defecto: 21600 (6 horas)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1682 +#: sssd-ldap.5.xml:1684 msgid "ldap_sudo_smart_refresh_interval (integer)" msgstr "ldap_sudo_smart_refresh_interval (entero)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1685 +#: sssd-ldap.5.xml:1687 msgid "" "How many seconds SSSD has to wait before executing a smart refresh of sudo " "rules (which downloads all rules that have USN higher than the highest " @@ -8863,7 +8892,7 @@ msgstr "" "actualmente SSSD)." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1691 +#: sssd-ldap.5.xml:1693 msgid "" "If USN attributes are not supported by the server, the modifyTimestamp " "attribute is used instead." @@ -8872,7 +8901,7 @@ msgstr "" "atributo modifyTimestamp." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1695 +#: sssd-ldap.5.xml:1697 msgid "" "<emphasis>Note:</emphasis> the highest USN value can be updated by three " "tasks: 1) By sudo full and smart refresh (if updated rules are found), 2) by " @@ -8888,21 +8917,21 @@ msgstr "" "<emphasis>ldap_connection_expire_timeout</emphasis>)." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1706 +#: sssd-ldap.5.xml:1708 msgid "" "You can disable smart refresh by setting this option to 0. However, either " "smart or full refresh must be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1717 +#: sssd-ldap.5.xml:1719 #, fuzzy #| msgid "ldap_idmap_range_size (integer)" msgid "ldap_sudo_random_offset (integer)" msgstr "ldap_idmap_range_size (entero)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1720 +#: sssd-ldap.5.xml:1722 msgid "" "Random offset between 0 and configured value is added to smart and full " "refresh periods each time the periodic task is scheduled. The value is in " @@ -8910,7 +8939,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1726 +#: sssd-ldap.5.xml:1728 msgid "" "Note that this random offset is also applied on the first SSSD start which " "delays the first sudo rules refresh. This prolongs the time when the sudo " @@ -8918,17 +8947,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1732 +#: sssd-ldap.5.xml:1734 msgid "You can disable this offset by setting the value to 0." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1742 +#: sssd-ldap.5.xml:1744 msgid "ldap_sudo_use_host_filter (boolean)" msgstr "ldap_sudo_use_host_filter (booleano)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1745 +#: sssd-ldap.5.xml:1747 msgid "" "If true, SSSD will download only rules that are applicable to this machine " "(using the IPv4 or IPv6 host/network addresses and hostnames)." @@ -8937,12 +8966,12 @@ msgstr "" "máquina (usando las direcciones de host/red y nombres de host IPv4 o IPv6)." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1756 +#: sssd-ldap.5.xml:1758 msgid "ldap_sudo_hostnames (string)" msgstr "ldap_sudo_hostnames (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1759 +#: sssd-ldap.5.xml:1761 msgid "" "Space separated list of hostnames or fully qualified domain names that " "should be used to filter the rules." @@ -8951,7 +8980,7 @@ msgstr "" "totalmente cualificados que sería usada para filtrar las reglas." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1764 +#: sssd-ldap.5.xml:1766 msgid "" "If this option is empty, SSSD will try to discover the hostname and the " "fully qualified domain name automatically." @@ -8960,8 +8989,8 @@ msgstr "" "nombre de dominio totalmente cualificado automáticamente." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1769 sssd-ldap.5.xml:1792 sssd-ldap.5.xml:1810 -#: sssd-ldap.5.xml:1828 +#: sssd-ldap.5.xml:1771 sssd-ldap.5.xml:1794 sssd-ldap.5.xml:1812 +#: sssd-ldap.5.xml:1830 msgid "" "If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</" "emphasis> then this option has no effect." @@ -8970,17 +8999,17 @@ msgstr "" "emphasis> esta opción no tiene efecto." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1774 sssd-ldap.5.xml:1797 +#: sssd-ldap.5.xml:1776 sssd-ldap.5.xml:1799 msgid "Default: not specified" msgstr "Por defecto: no especificado" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1780 +#: sssd-ldap.5.xml:1782 msgid "ldap_sudo_ip (string)" msgstr "ldap_sudo_ip (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1783 +#: sssd-ldap.5.xml:1785 msgid "" "Space separated list of IPv4 or IPv6 host/network addresses that should be " "used to filter the rules." @@ -8989,7 +9018,7 @@ msgstr "" "usada para filtrar las reglas." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1788 +#: sssd-ldap.5.xml:1790 msgid "" "If this option is empty, SSSD will try to discover the addresses " "automatically." @@ -8998,12 +9027,12 @@ msgstr "" "automáticamente." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1803 +#: sssd-ldap.5.xml:1805 msgid "ldap_sudo_include_netgroups (boolean)" msgstr "sudo_include_netgroups (booleano)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1806 +#: sssd-ldap.5.xml:1808 msgid "" "If true then SSSD will download every rule that contains a netgroup in " "sudoHost attribute." @@ -9012,12 +9041,12 @@ msgstr "" "atributo sudoHost." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1821 +#: sssd-ldap.5.xml:1823 msgid "ldap_sudo_include_regexp (boolean)" msgstr "ldap_sudo_include_regexp (booleano)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1824 +#: sssd-ldap.5.xml:1826 msgid "" "If true then SSSD will download every rule that contains a wildcard in " "sudoHost attribute." @@ -9026,7 +9055,7 @@ msgstr "" "atributo sudoHost." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><note><para> -#: sssd-ldap.5.xml:1834 +#: sssd-ldap.5.xml:1836 msgid "" "Using wildcard is an operation that is very costly to evaluate on the LDAP " "server side!" @@ -9035,7 +9064,7 @@ msgstr "" "del servidor LDAP!" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1846 +#: sssd-ldap.5.xml:1848 msgid "" "This manual page only describes attribute name mapping. For detailed " "explanation of sudo related attribute semantics, see <citerefentry> " @@ -9048,12 +9077,12 @@ msgstr "" "manvolnum> </citerefentry>" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1856 +#: sssd-ldap.5.xml:1858 msgid "AUTOFS OPTIONS" msgstr "OPCIONES AUTOFS" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1858 +#: sssd-ldap.5.xml:1860 msgid "" "Some of the defaults for the parameters below are dependent on the LDAP " "schema." @@ -9062,47 +9091,47 @@ msgstr "" "esquema LDAP." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1864 +#: sssd-ldap.5.xml:1866 msgid "ldap_autofs_map_master_name (string)" msgstr "ldap_autofs_map_master_name (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1867 +#: sssd-ldap.5.xml:1869 msgid "The name of the automount master map in LDAP." msgstr "El nombre del mapa maestro de montaje automático en LDAP." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1870 +#: sssd-ldap.5.xml:1872 msgid "Default: auto.master" msgstr "Pfredeterminado: auto.master" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1881 +#: sssd-ldap.5.xml:1883 msgid "ADVANCED OPTIONS" msgstr "OPCIONES AVANZADAS" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1888 +#: sssd-ldap.5.xml:1890 msgid "ldap_netgroup_search_base (string)" msgstr "ldap_netgroup_search_base (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1893 +#: sssd-ldap.5.xml:1895 msgid "ldap_user_search_base (string)" msgstr "ldap_user_search_base (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1898 +#: sssd-ldap.5.xml:1900 msgid "ldap_group_search_base (string)" msgstr "ldap_group_search_base (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><note> -#: sssd-ldap.5.xml:1903 +#: sssd-ldap.5.xml:1905 msgid "<note>" msgstr "<note>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para> -#: sssd-ldap.5.xml:1905 +#: sssd-ldap.5.xml:1907 msgid "" "If the option <quote>ldap_use_tokengroups</quote> is enabled, the searches " "against Active Directory will not be restricted and return all groups " @@ -9115,22 +9144,22 @@ msgstr "" "función, si los nombres de grupo no están siendo visualizados correctamente." #. type: Content of: <reference><refentry><refsect1><para><variablelist> -#: sssd-ldap.5.xml:1912 +#: sssd-ldap.5.xml:1914 msgid "</note>" msgstr "</note>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1914 +#: sssd-ldap.5.xml:1916 msgid "ldap_sudo_search_base (string)" msgstr "ldap_sudo_search_base (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1919 +#: sssd-ldap.5.xml:1921 msgid "ldap_autofs_search_base (string)" msgstr "ldap_autofs_search_base (cadena)" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1883 +#: sssd-ldap.5.xml:1885 msgid "" "These options are supported by LDAP domains, but they should be used with " "caution. Please include them in your configuration only if you know what you " @@ -9143,14 +9172,14 @@ msgstr "" "<placeholder type=\"variablelist\" id=\"1\"/>" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1934 sssd-simple.5.xml:131 sssd-ipa.5.xml:925 -#: sssd-ad.5.xml:1386 sssd-krb5.5.xml:483 sss_rpcidmapd.5.xml:98 +#: sssd-ldap.5.xml:1936 sssd-simple.5.xml:131 sssd-ipa.5.xml:930 +#: sssd-ad.5.xml:1391 sssd-krb5.5.xml:483 sss_rpcidmapd.5.xml:98 #: sssd-files.5.xml:155 sssd-session-recording.5.xml:176 msgid "EXAMPLE" msgstr "EJEMPLO" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1936 +#: sssd-ldap.5.xml:1938 msgid "" "The following example assumes that SSSD is correctly configured and LDAP is " "set to one of the domains in the <replaceable>[domains]</replaceable> " @@ -9161,7 +9190,7 @@ msgstr "" "replaceable>." #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ldap.5.xml:1942 +#: sssd-ldap.5.xml:1944 #, no-wrap msgid "" "[domain/LDAP]\n" @@ -9181,20 +9210,20 @@ msgstr "" "cache_credentials = true\n" #. type: Content of: <refsect1><refsect2><para> -#: sssd-ldap.5.xml:1941 sssd-ldap.5.xml:1959 sssd-simple.5.xml:139 -#: sssd-ipa.5.xml:933 sssd-ad.5.xml:1394 sssd-sudo.5.xml:56 sssd-krb5.5.xml:492 +#: sssd-ldap.5.xml:1943 sssd-ldap.5.xml:1961 sssd-simple.5.xml:139 +#: sssd-ipa.5.xml:938 sssd-ad.5.xml:1399 sssd-sudo.5.xml:56 sssd-krb5.5.xml:492 #: sssd-files.5.xml:162 sssd-files.5.xml:173 sssd-session-recording.5.xml:182 #: include/ldap_id_mapping.xml:105 msgid "<placeholder type=\"programlisting\" id=\"0\"/>" msgstr "<placeholder type=\"programlisting\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1953 +#: sssd-ldap.5.xml:1955 msgid "LDAP ACCESS FILTER EXAMPLE" msgstr "EJEMPLO DE FILTRO DE ACCESO LDAP" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1955 +#: sssd-ldap.5.xml:1957 msgid "" "The following example assumes that SSSD is correctly configured and to use " "the ldap_access_order=lockout." @@ -9203,7 +9232,7 @@ msgstr "" "ldap_access_order=lockout." #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ldap.5.xml:1960 +#: sssd-ldap.5.xml:1962 #, no-wrap msgid "" "[domain/LDAP]\n" @@ -9229,13 +9258,13 @@ msgstr "" "cache_credentials = true\n" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1975 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148 -#: sssd-ad.5.xml:1409 sssd.8.xml:238 sss_seed.8.xml:163 +#: sssd-ldap.5.xml:1977 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148 +#: sssd-ad.5.xml:1414 sssd.8.xml:238 sss_seed.8.xml:163 msgid "NOTES" msgstr "NOTAS" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1977 +#: sssd-ldap.5.xml:1979 msgid "" "The descriptions of some of the configuration options in this manual page " "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> " @@ -12028,12 +12057,12 @@ msgid "Example: dyndns_iface = em1, vnet1, vnet2" msgstr "Ejemplo: dyndns_iface = em1, vnet1, vnet2" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:204 sssd-ad.5.xml:1285 +#: sssd-ipa.5.xml:204 sssd-ad.5.xml:1290 msgid "dyndns_auth (string)" msgstr "dyndns_auth (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:207 sssd-ad.5.xml:1288 +#: sssd-ipa.5.xml:207 sssd-ad.5.xml:1293 msgid "" "Whether the nsupdate utility should use GSS-TSIG authentication for secure " "updates with the DNS server, insecure updates can be sent by setting this " @@ -12044,19 +12073,19 @@ msgstr "" "se pueden enviar fijando esta opción a 'none'." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:213 sssd-ad.5.xml:1294 +#: sssd-ipa.5.xml:213 sssd-ad.5.xml:1299 msgid "Default: GSS-TSIG" msgstr "Predeterminado: GSS-TSIG" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:219 sssd-ad.5.xml:1300 +#: sssd-ipa.5.xml:219 sssd-ad.5.xml:1305 #, fuzzy #| msgid "dyndns_auth (string)" msgid "dyndns_auth_ptr (string)" msgstr "dyndns_auth (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:222 sssd-ad.5.xml:1303 +#: sssd-ipa.5.xml:222 sssd-ad.5.xml:1308 #, fuzzy #| msgid "" #| "Whether the nsupdate utility should use GSS-TSIG authentication for " @@ -12072,7 +12101,7 @@ msgstr "" "se pueden enviar fijando esta opción a 'none'." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:228 sssd-ad.5.xml:1309 +#: sssd-ipa.5.xml:228 sssd-ad.5.xml:1314 msgid "Default: Same as dyndns_auth" msgstr "" @@ -12151,17 +12180,24 @@ msgstr "" "se cambian los registros que envía." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:290 +#: sssd-ipa.5.xml:290 sssd-ad.5.xml:1266 +msgid "" +"Note that <emphasis>dyndns_update_per_family</emphasis> parameter does not " +"apply for PTR record updates. Those updates are always sent separately." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:295 msgid "Default: False (disabled)" msgstr "Predeterminado: False (deshabilitado)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:296 sssd-ad.5.xml:1272 +#: sssd-ipa.5.xml:301 sssd-ad.5.xml:1277 msgid "dyndns_force_tcp (bool)" msgstr "dyndns_force_tcp (booleano)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:299 sssd-ad.5.xml:1275 +#: sssd-ipa.5.xml:304 sssd-ad.5.xml:1280 msgid "" "Whether the nsupdate utility should default to using TCP for communicating " "with the DNS server." @@ -12170,17 +12206,17 @@ msgstr "" "comunica con el servidor DNS." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:303 sssd-ad.5.xml:1279 +#: sssd-ipa.5.xml:308 sssd-ad.5.xml:1284 msgid "Default: False (let nsupdate choose the protocol)" msgstr "Predeterminado: False (permitir a nsupdate elegir el protocolol)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:309 sssd-ad.5.xml:1315 +#: sssd-ipa.5.xml:314 sssd-ad.5.xml:1320 msgid "dyndns_server (string)" msgstr "dyndns_server (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:312 sssd-ad.5.xml:1318 +#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1323 msgid "" "The DNS server to use when performing a DNS update. In most setups, it's " "recommended to leave this option unset." @@ -12190,7 +12226,7 @@ msgstr "" "establecer." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1323 +#: sssd-ipa.5.xml:322 sssd-ad.5.xml:1328 msgid "" "Setting this option makes sense for environments where the DNS server is " "different from the identity server." @@ -12199,7 +12235,7 @@ msgstr "" "servidor DNS es distinto del servidor de identidad." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:322 sssd-ad.5.xml:1328 +#: sssd-ipa.5.xml:327 sssd-ad.5.xml:1333 msgid "" "Please note that this option will be only used in fallback attempt when " "previous attempt using autodetected settings failed." @@ -12208,17 +12244,17 @@ msgstr "" "cuando el intento anterior de usar la configuración autodetectada falló." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:327 sssd-ad.5.xml:1333 +#: sssd-ipa.5.xml:332 sssd-ad.5.xml:1338 msgid "Default: None (let nsupdate choose the server)" msgstr "Predeterminado: None (permitir a nsupdate elegir el servidor)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:333 sssd-ad.5.xml:1339 +#: sssd-ipa.5.xml:338 sssd-ad.5.xml:1344 msgid "dyndns_update_per_family (boolean)" msgstr "dyndns_update_per_family (booleano)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:336 sssd-ad.5.xml:1342 +#: sssd-ipa.5.xml:341 sssd-ad.5.xml:1347 msgid "" "DNS update is by default performed in two steps - IPv4 update and then IPv6 " "update. In some cases it might be desirable to perform IPv4 and IPv6 update " @@ -12229,21 +12265,21 @@ msgstr "" "ser deseable llevar a cabo la actualización IPv4 e IPv6 en un único paso." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:348 +#: sssd-ipa.5.xml:353 #, fuzzy #| msgid "ldap_access_order (string)" msgid "ipa_access_order (string)" msgstr "ldap_access_order (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:355 +#: sssd-ipa.5.xml:360 #, fuzzy #| msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" msgid "<emphasis>expire</emphasis>: use IPA's account expiration policy." msgstr "<emphasis>caducar</emphasis>: utilizar ldap_account_expire_policy" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:394 +#: sssd-ipa.5.xml:399 #, fuzzy #| msgid "" #| "Please note that 'access_provider = ldap' must be set for this feature to " @@ -12258,12 +12294,12 @@ msgstr "" "para una política de contraseña apropiada." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:401 +#: sssd-ipa.5.xml:406 msgid "ipa_deskprofile_search_base (string)" msgstr "ipa_deskprofile_search_base (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:404 +#: sssd-ipa.5.xml:409 msgid "" "Optional. Use the given string as search base for Desktop Profile related " "objects." @@ -12272,19 +12308,19 @@ msgstr "" "relacionados con Desktop Profile." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:408 sssd-ipa.5.xml:435 +#: sssd-ipa.5.xml:413 sssd-ipa.5.xml:440 msgid "Default: Use base DN" msgstr "Predeterminado: Utilizar DN base" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:414 +#: sssd-ipa.5.xml:419 #, fuzzy #| msgid "ipa_subdomains_search_base (string)" msgid "ipa_subid_ranges_search_base (string)" msgstr "ipa_subdomains_search_base (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:417 +#: sssd-ipa.5.xml:422 #, fuzzy #| msgid "" #| "Optional. Use the given string as search base for Desktop Profile related " @@ -12297,98 +12333,98 @@ msgstr "" "relacionados con Desktop Profile." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:421 +#: sssd-ipa.5.xml:426 #, fuzzy #| msgid "Default: the value of <emphasis>cn=trusts,%basedn</emphasis>" msgid "Default: the value of <emphasis>cn=subids,%basedn</emphasis>" msgstr "Por defecto: el valor de <emphasis>cn=trusts,%basedn</emphasis>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:428 +#: sssd-ipa.5.xml:433 msgid "ipa_hbac_search_base (string)" msgstr "ipa_hbac_search_base (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:431 +#: sssd-ipa.5.xml:436 msgid "Optional. Use the given string as search base for HBAC related objects." msgstr "" "Opcional. Usa la cadena dada como base de búsqueda para los objetos HBAC " "relacionados." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:441 +#: sssd-ipa.5.xml:446 msgid "ipa_host_search_base (string)" msgstr "ipa_host_search_base (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:444 +#: sssd-ipa.5.xml:449 msgid "Deprecated. Use ldap_host_search_base instead." msgstr "Obsoleto. Usa en su lugar ldap_host_search_base." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:450 +#: sssd-ipa.5.xml:455 msgid "ipa_selinux_search_base (string)" msgstr "ipa_selinux_search_base (cadena)Opcional. " #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:453 +#: sssd-ipa.5.xml:458 msgid "Optional. Use the given string as search base for SELinux user maps." msgstr "" "Opcional. Usa la cadena dada como base de búsqueda para los mapas de usuario " "SELinux." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:469 +#: sssd-ipa.5.xml:474 msgid "ipa_subdomains_search_base (string)" msgstr "ipa_subdomains_search_base (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:472 +#: sssd-ipa.5.xml:477 msgid "Optional. Use the given string as search base for trusted domains." msgstr "" "Opcional: Usa la cadena dada como base de búsqueda de dominios de confianza." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:481 +#: sssd-ipa.5.xml:486 msgid "Default: the value of <emphasis>cn=trusts,%basedn</emphasis>" msgstr "Por defecto: el valor de <emphasis>cn=trusts,%basedn</emphasis>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:488 +#: sssd-ipa.5.xml:493 msgid "ipa_master_domain_search_base (string)" msgstr "ipa_master_domain_search_base (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:491 +#: sssd-ipa.5.xml:496 msgid "Optional. Use the given string as search base for master domain object." msgstr "" "Opcional: Usa la cadena dada como base de búsqueda para el objeto maestro de " "dominio." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:500 +#: sssd-ipa.5.xml:505 msgid "Default: the value of <emphasis>cn=ad,cn=etc,%basedn</emphasis>" msgstr "Por defecto: el valor de <emphasis>cn=ad,cn=etc,%basedn</emphasis>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:507 +#: sssd-ipa.5.xml:512 msgid "ipa_views_search_base (string)" msgstr "ipa_views_search_base (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:510 +#: sssd-ipa.5.xml:515 msgid "Optional. Use the given string as search base for views containers." msgstr "" "Opcional. Usa la cadena dada como base de búsqueda de contenedores de vista." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:519 +#: sssd-ipa.5.xml:524 msgid "Default: the value of <emphasis>cn=views,cn=accounts,%basedn</emphasis>" msgstr "" "Predeterminado: el valor de <emphasis>cn=views,cn=accounts,%basedn</emphasis>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:529 +#: sssd-ipa.5.xml:534 msgid "" "The name of the Kerberos realm. This is optional and defaults to the value " "of <quote>ipa_domain</quote>." @@ -12397,7 +12433,7 @@ msgstr "" "de <quote>ipa_domain</quote>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:533 +#: sssd-ipa.5.xml:538 msgid "" "The name of the Kerberos realm has a special meaning in IPA - it is " "converted into the base DN to use for performing LDAP operations." @@ -12406,12 +12442,12 @@ msgstr "" "convertido hacia la base DN para usarlo para llevar a cabo operaciones LDAP." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:541 sssd-ad.5.xml:1357 +#: sssd-ipa.5.xml:546 sssd-ad.5.xml:1362 msgid "krb5_confd_path (string)" msgstr "krb5_confd_path (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:544 sssd-ad.5.xml:1360 +#: sssd-ipa.5.xml:549 sssd-ad.5.xml:1365 msgid "" "Absolute path of a directory where SSSD should place Kerberos configuration " "snippets." @@ -12420,7 +12456,7 @@ msgstr "" "configuración de Kerberos." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:548 sssd-ad.5.xml:1364 +#: sssd-ipa.5.xml:553 sssd-ad.5.xml:1369 msgid "" "To disable the creation of the configuration snippets set the parameter to " "'none'." @@ -12429,7 +12465,7 @@ msgstr "" "parámetro a 'none'." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:552 sssd-ad.5.xml:1368 +#: sssd-ipa.5.xml:557 sssd-ad.5.xml:1373 msgid "" "Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)" msgstr "" @@ -12437,12 +12473,12 @@ msgstr "" "pubconf de SSSD)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:559 +#: sssd-ipa.5.xml:564 msgid "ipa_deskprofile_refresh (integer)" msgstr "ipa_deskprofile_refresh (entero)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:562 +#: sssd-ipa.5.xml:567 msgid "" "The amount of time between lookups of the Desktop Profile rules against the " "IPA server. This will reduce the latency and load on the IPA server if there " @@ -12453,17 +12489,17 @@ msgstr "" "hay muchas solicitudes de perfiles de escritorio en un período corto." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:569 sssd-ipa.5.xml:599 sssd-ipa.5.xml:615 sssd-ad.5.xml:599 +#: sssd-ipa.5.xml:574 sssd-ipa.5.xml:604 sssd-ipa.5.xml:620 sssd-ad.5.xml:599 msgid "Default: 5 (seconds)" msgstr "Predeterminado: 5 (segundos)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:575 +#: sssd-ipa.5.xml:580 msgid "ipa_deskprofile_request_interval (integer)" msgstr "ipa_deskprofile_request_interval (entero)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:578 +#: sssd-ipa.5.xml:583 msgid "" "The amount of time between lookups of the Desktop Profile rules against the " "IPA server in case the last request did not return any rule." @@ -12473,17 +12509,17 @@ msgstr "" "regla." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:583 +#: sssd-ipa.5.xml:588 msgid "Default: 60 (minutes)" msgstr "Predeterminado: 60 (minutos)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:589 +#: sssd-ipa.5.xml:594 msgid "ipa_hbac_refresh (integer)" msgstr "ipa_hbac_refresh (entero)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:592 +#: sssd-ipa.5.xml:597 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server. " "This will reduce the latency and load on the IPA server if there are many " @@ -12494,12 +12530,12 @@ msgstr "" "muchas peticiones de control de acceso hechas en un corto período." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:605 +#: sssd-ipa.5.xml:610 msgid "ipa_hbac_selinux (integer)" msgstr "ipa_hbac_selinux (entero)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:608 +#: sssd-ipa.5.xml:613 msgid "" "The amount of time between lookups of the SELinux maps against the IPA " "server. This will reduce the latency and load on the IPA server if there are " @@ -12510,12 +12546,12 @@ msgstr "" "hay muchas peticiones de acceso de usuario hechas en un corto período." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:621 +#: sssd-ipa.5.xml:626 msgid "ipa_server_mode (boolean)" msgstr "ipa_server_mode (booleano)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:624 +#: sssd-ipa.5.xml:629 msgid "" "This option will be set by the IPA installer (ipa-server-install) " "automatically and denotes if SSSD is running on an IPA server or not." @@ -12524,7 +12560,7 @@ msgstr "" "automáticamente y denota si SSSD está corriendo sobre un servidor IPA o no." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:629 +#: sssd-ipa.5.xml:634 msgid "" "On an IPA server SSSD will lookup users and groups from trusted domains " "directly while on a client it will ask an IPA server." @@ -12534,7 +12570,7 @@ msgstr "" "servidor IPA." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:634 +#: sssd-ipa.5.xml:639 msgid "" "NOTE: There are currently some assumptions that must be met when SSSD is " "running on an IPA server." @@ -12543,7 +12579,7 @@ msgstr "" "se ejecuta en un servidor IPA." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:639 +#: sssd-ipa.5.xml:644 msgid "" "The <quote>ipa_server</quote> option must be configured to point to the IPA " "server itself. This is already the default set by the IPA installer, so no " @@ -12554,7 +12590,7 @@ msgstr "" "instalador IPA de modo que no se necesitan cambios manuales." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:648 +#: sssd-ipa.5.xml:653 msgid "" "The <quote>full_name_format</quote> option must not be tweaked to only print " "short names for users from trusted domains." @@ -12563,52 +12599,52 @@ msgstr "" "solo nombres cortos de los usuarios de los dominios de confianza." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:663 +#: sssd-ipa.5.xml:668 msgid "ipa_automount_location (string)" msgstr "ipa_automount_location (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:666 +#: sssd-ipa.5.xml:671 msgid "The automounter location this IPA client will be using" msgstr "La localización del automontador de este cliente IPA que será usada" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:669 +#: sssd-ipa.5.xml:674 msgid "Default: The location named \"default\"" msgstr "Por defecto: La localización llamada “default”" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd-ipa.5.xml:677 +#: sssd-ipa.5.xml:682 msgid "VIEWS AND OVERRIDES" msgstr "VISTAS Y ANULACIONES" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:686 +#: sssd-ipa.5.xml:691 msgid "ipa_view_class (string)" msgstr "ipa_view_class (cadena)" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:689 +#: sssd-ipa.5.xml:694 msgid "Objectclass of the view container." msgstr "Objectclass del contenedorde vistas." #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:692 +#: sssd-ipa.5.xml:697 msgid "Default: nsContainer" msgstr "Predeterminado: nsContainer" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:698 +#: sssd-ipa.5.xml:703 msgid "ipa_view_name (string)" msgstr "ipa_view_name (cadena)" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:701 +#: sssd-ipa.5.xml:706 msgid "Name of the attribute holding the name of the view." msgstr "Nombre del atributo que contiene el nombre de la vista." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:705 sssd-ldap-attributes.5.xml:496 +#: sssd-ipa.5.xml:710 sssd-ldap-attributes.5.xml:496 #: sssd-ldap-attributes.5.xml:830 sssd-ldap-attributes.5.xml:911 #: sssd-ldap-attributes.5.xml:1008 sssd-ldap-attributes.5.xml:1066 #: sssd-ldap-attributes.5.xml:1224 sssd-ldap-attributes.5.xml:1269 @@ -12616,27 +12652,27 @@ msgid "Default: cn" msgstr "Predeterminado: cn" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:711 +#: sssd-ipa.5.xml:716 msgid "ipa_override_object_class (string)" msgstr "ipa_override_object_class (cadena)" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:714 +#: sssd-ipa.5.xml:719 msgid "Objectclass of the override objects." msgstr "Objectclass de los objetos anulados." #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:717 +#: sssd-ipa.5.xml:722 msgid "Default: ipaOverrideAnchor" msgstr "Predeterminado: ipaOverrideAnchor" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:723 +#: sssd-ipa.5.xml:728 msgid "ipa_anchor_uuid (string)" msgstr "ipa_anchor_uuid (cadena)" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:726 +#: sssd-ipa.5.xml:731 msgid "" "Name of the attribute containing the reference to the original object in a " "remote domain." @@ -12645,17 +12681,17 @@ msgstr "" "dominio remoto." #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:730 +#: sssd-ipa.5.xml:735 msgid "Default: ipaAnchorUUID" msgstr "Predeterminado: ipaAnchorUUID" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:736 +#: sssd-ipa.5.xml:741 msgid "ipa_user_override_object_class (string)" msgstr "ipa_user_override_object_class (cadena)" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:739 +#: sssd-ipa.5.xml:744 msgid "" "Name of the objectclass for user overrides. It is used to determine if the " "found override object is related to a user or a group." @@ -12664,57 +12700,57 @@ msgstr "" "si el objeto anulado encontrado está relacionado con un usuario o un grupo." #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:744 +#: sssd-ipa.5.xml:749 msgid "User overrides can contain attributes given by" msgstr "Las anulaciones de usuario pueden contener atributos dados por" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:747 +#: sssd-ipa.5.xml:752 msgid "ldap_user_name" msgstr "ldap_user_name" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:750 +#: sssd-ipa.5.xml:755 msgid "ldap_user_uid_number" msgstr "ldap_user_uid_number" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:753 +#: sssd-ipa.5.xml:758 msgid "ldap_user_gid_number" msgstr "ldap_user_gid_number" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:756 +#: sssd-ipa.5.xml:761 msgid "ldap_user_gecos" msgstr "ldap_user_gecos" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:759 +#: sssd-ipa.5.xml:764 msgid "ldap_user_home_directory" msgstr "ldap_user_home_directory" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:762 +#: sssd-ipa.5.xml:767 msgid "ldap_user_shell" msgstr "ldap_user_shell" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:765 +#: sssd-ipa.5.xml:770 msgid "ldap_user_ssh_public_key" msgstr "ldap_user_ssh_public_key" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:770 +#: sssd-ipa.5.xml:775 msgid "Default: ipaUserOverride" msgstr "Predeterminado: ipaUserOverride" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:776 +#: sssd-ipa.5.xml:781 msgid "ipa_group_override_object_class (string)" msgstr "ipa_group_override_object_class (cadena)" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:779 +#: sssd-ipa.5.xml:784 msgid "" "Name of the objectclass for group overrides. It is used to determine if the " "found override object is related to a user or a group." @@ -12723,27 +12759,27 @@ msgstr "" "objeto anulado encontrado está relacionado con un usuario o un grupo." #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:784 +#: sssd-ipa.5.xml:789 msgid "Group overrides can contain attributes given by" msgstr "Las anulaciones de grupo pueden contener atributos dados por" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:787 +#: sssd-ipa.5.xml:792 msgid "ldap_group_name" msgstr "ldap_group_name" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:790 +#: sssd-ipa.5.xml:795 msgid "ldap_group_gid_number" msgstr "ldap_group_gid_number" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:795 +#: sssd-ipa.5.xml:800 msgid "Default: ipaGroupOverride" msgstr "Predeterminado: ipaGroupOverride" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd-ipa.5.xml:679 +#: sssd-ipa.5.xml:684 msgid "" "SSSD can handle views and overrides which are offered by FreeIPA 4.1 and " "later version. Since all paths and objectclasses are fixed on the server " @@ -12758,12 +12794,12 @@ msgstr "" "<placeholder type=\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ipa.5.xml:807 +#: sssd-ipa.5.xml:812 msgid "SUBDOMAINS PROVIDER" msgstr "PROVEEDOR DE SUBDOMINIOS" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:809 +#: sssd-ipa.5.xml:814 msgid "" "The IPA subdomains provider behaves slightly differently if it is configured " "explicitly or implicitly." @@ -12772,7 +12808,7 @@ msgstr "" "si está configurado explícitamente o implícitamente." #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:813 +#: sssd-ipa.5.xml:818 msgid "" "If the option 'subdomains_provider = ipa' is found in the domain section of " "sssd.conf, the IPA subdomains provider is configured explicitly, and all " @@ -12784,7 +12820,7 @@ msgstr "" "de IPA si es necesario." #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:819 +#: sssd-ipa.5.xml:824 msgid "" "If the option 'subdomains_provider' is not set in the domain section of sssd." "conf but there is the option 'id_provider = ipa', the IPA subdomains " @@ -12804,12 +12840,12 @@ msgstr "" "otra vez." #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ipa.5.xml:830 +#: sssd-ipa.5.xml:835 msgid "TRUSTED DOMAINS CONFIGURATION" msgstr "CONFIGURACIÓN DE DOMINIOS DE CONFIANZA" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ipa.5.xml:838 +#: sssd-ipa.5.xml:843 #, no-wrap msgid "" "[domain/ipa.domain.com/ad.domain.com]\n" @@ -12819,7 +12855,7 @@ msgstr "" "ad_server = dc.ad.domain.com\n" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:832 +#: sssd-ipa.5.xml:837 msgid "" "Some configuration options can also be set for a trusted domain. A trusted " "domain configuration can be set using the trusted domain subsection as shown " @@ -12829,14 +12865,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:843 +#: sssd-ipa.5.xml:848 msgid "" "For more details, see the <citerefentry> <refentrytitle>sssd.conf</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:850 +#: sssd-ipa.5.xml:855 msgid "" "Different configuration options are tunable for a trusted domain depending " "on whether you are configuring SSSD on an IPA server or an IPA client." @@ -12846,12 +12882,12 @@ msgstr "" "IPA o un cliente IPA." #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd-ipa.5.xml:855 +#: sssd-ipa.5.xml:860 msgid "OPTIONS TUNABLE ON IPA MASTERS" msgstr "OPCIONES AJUSTABLES EN IPA MAESTROS" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd-ipa.5.xml:857 +#: sssd-ipa.5.xml:862 msgid "" "The following options can be set in a subdomain section on an IPA master:" msgstr "" @@ -12859,42 +12895,42 @@ msgstr "" "un IPA maestro:" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:861 sssd-ipa.5.xml:891 +#: sssd-ipa.5.xml:866 sssd-ipa.5.xml:896 msgid "ad_server" msgstr "ad_server" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:864 +#: sssd-ipa.5.xml:869 msgid "ad_backup_server" msgstr "ad_backup_server" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:867 sssd-ipa.5.xml:894 +#: sssd-ipa.5.xml:872 sssd-ipa.5.xml:899 msgid "ad_site" msgstr "ad_site" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:870 +#: sssd-ipa.5.xml:875 msgid "ldap_search_base" msgstr "ldap_search_base" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:873 +#: sssd-ipa.5.xml:878 msgid "ldap_user_search_base" msgstr "ldap_user_search_base" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:876 +#: sssd-ipa.5.xml:881 msgid "ldap_group_search_base" msgstr "ldap_group_search_base" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd-ipa.5.xml:885 +#: sssd-ipa.5.xml:890 msgid "OPTIONS TUNABLE ON IPA CLIENTS" msgstr "OPCIONES AJUSTABLES SOBRE CLIENTES IPA" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd-ipa.5.xml:887 +#: sssd-ipa.5.xml:892 msgid "" "The following options can be set in a subdomain section on an IPA client:" msgstr "" @@ -12902,7 +12938,7 @@ msgstr "" "sobre un cliente IPA:" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd-ipa.5.xml:899 +#: sssd-ipa.5.xml:904 msgid "" "Note that if both options are set, only <quote>ad_server</quote> is " "evaluated." @@ -12911,7 +12947,7 @@ msgstr "" "<quote>ad_server</quote>." #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd-ipa.5.xml:903 +#: sssd-ipa.5.xml:908 msgid "" "Since any request for a user or a group identity from a trusted domain " "triggered from an IPA client is resolved by the IPA server, the " @@ -12935,7 +12971,7 @@ msgstr "" "localizador Kerberos." #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:927 +#: sssd-ipa.5.xml:932 msgid "" "The following example assumes that SSSD is correctly configured and example." "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " @@ -12946,7 +12982,7 @@ msgstr "" "Este ejemplo muestra sólo las opciones específicas del proveedor ipa." #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ipa.5.xml:934 +#: sssd-ipa.5.xml:939 #, no-wrap msgid "" "[domain/example.com]\n" @@ -14357,7 +14393,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ad.5.xml:1388 +#: sssd-ad.5.xml:1393 msgid "" "The following example assumes that SSSD is correctly configured and example." "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " @@ -14368,7 +14404,7 @@ msgstr "" "Este ejemplo muestra sólo las opciones específicas del proveedor AD." #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ad.5.xml:1395 +#: sssd-ad.5.xml:1400 #, no-wrap msgid "" "[domain/EXAMPLE]\n" @@ -14392,7 +14428,7 @@ msgstr "" "ad_domain = example.com\n" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ad.5.xml:1415 +#: sssd-ad.5.xml:1420 #, no-wrap msgid "" "access_provider = ldap\n" @@ -14404,7 +14440,7 @@ msgstr "" "ldap_account_expire_policy = ad\n" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ad.5.xml:1411 +#: sssd-ad.5.xml:1416 msgid "" "The AD access control provider checks if the account is expired. It has the " "same effect as the following configuration of the LDAP provider: " @@ -14415,7 +14451,7 @@ msgstr "" "<placeholder type=\"programlisting\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ad.5.xml:1421 +#: sssd-ad.5.xml:1426 msgid "" "However, unless the <quote>ad</quote> access control provider is explicitly " "configured, the default access provider is <quote>permit</quote>. Please " @@ -14425,7 +14461,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ad.5.xml:1429 +#: sssd-ad.5.xml:1434 msgid "" "When the autofs provider is set to <quote>ad</quote>, the RFC2307 schema " "attribute mapping (nisMap, nisObject, ...) is used, because these attributes " @@ -21552,6 +21588,15 @@ msgid "" "feature is available with MIT Kerberos 1.7 and later versions." msgstr "" +#, fuzzy +#~| msgid "" +#~| "Determines if user credentials are also cached in the local LDB cache" +#~ msgid "" +#~ "Determines if user credentials are also cached in the local LDB cache." +#~ msgstr "" +#~ "Determina si las credenciales del usuario están también escondidas en el " +#~ "cache LDB local" + #~ msgid "User credentials are stored in a SHA512 hash, not in plaintext" #~ msgstr "" #~ "Las credenciales de usuario son almacenadas en un hash SHA512, no en " diff --git a/src/man/po/eu.po b/src/man/po/eu.po index 25b8039e969..46c34bcc5f0 100644 --- a/src/man/po/eu.po +++ b/src/man/po/eu.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: sssd-docs 2.3.0\n" "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" -"POT-Creation-Date: 2023-09-07 11:47+0200\n" +"POT-Creation-Date: 2023-11-13 11:53+0100\n" "PO-Revision-Date: 2014-12-14 11:55-0500\n" "Last-Translator: Copied by Zanata <copied-by-zanata@zanata.org>\n" "Language-Team: Basque (http://www.transifex.com/projects/p/sssd/language/" @@ -205,10 +205,10 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:136 sssd.conf.5.xml:173 sssd.conf.5.xml:358 #: sssd.conf.5.xml:714 sssd.conf.5.xml:729 sssd.conf.5.xml:952 -#: sssd.conf.5.xml:1070 sssd.conf.5.xml:2198 sssd-ldap.5.xml:1071 -#: sssd-ldap.5.xml:1174 sssd-ldap.5.xml:1243 sssd-ldap.5.xml:1750 -#: sssd-ldap.5.xml:1815 sssd-ipa.5.xml:342 sssd-ad.5.xml:252 sssd-ad.5.xml:366 -#: sssd-ad.5.xml:1200 sssd-ad.5.xml:1348 sssd-krb5.5.xml:358 +#: sssd.conf.5.xml:1070 sssd.conf.5.xml:2198 sssd-ldap.5.xml:1073 +#: sssd-ldap.5.xml:1176 sssd-ldap.5.xml:1245 sssd-ldap.5.xml:1752 +#: sssd-ldap.5.xml:1817 sssd-ipa.5.xml:347 sssd-ad.5.xml:252 sssd-ad.5.xml:366 +#: sssd-ad.5.xml:1200 sssd-ad.5.xml:1353 sssd-krb5.5.xml:358 msgid "Default: true" msgstr "" @@ -226,10 +226,10 @@ msgstr "" #. type: Content of: <variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:149 sssd.conf.5.xml:652 sssd.conf.5.xml:949 -#: sssd.conf.5.xml:2101 sssd.conf.5.xml:2168 sssd.conf.5.xml:4174 -#: sssd-ldap.5.xml:312 sssd-ldap.5.xml:917 sssd-ldap.5.xml:936 -#: sssd-ldap.5.xml:1146 sssd-ldap.5.xml:1599 sssd-ldap.5.xml:1839 -#: sssd-ipa.5.xml:152 sssd-ipa.5.xml:254 sssd-ipa.5.xml:657 sssd-ad.5.xml:1106 +#: sssd.conf.5.xml:2101 sssd.conf.5.xml:2168 sssd.conf.5.xml:4191 +#: sssd-ldap.5.xml:313 sssd-ldap.5.xml:919 sssd-ldap.5.xml:938 +#: sssd-ldap.5.xml:1148 sssd-ldap.5.xml:1601 sssd-ldap.5.xml:1841 +#: sssd-ipa.5.xml:152 sssd-ipa.5.xml:254 sssd-ipa.5.xml:662 sssd-ad.5.xml:1106 #: sssd-krb5.5.xml:268 sssd-krb5.5.xml:330 sssd-krb5.5.xml:432 #: include/krb5_options.xml:163 msgid "Default: false" @@ -263,8 +263,8 @@ msgid "" msgstr "" #. type: Content of: outside any tag (error?) -#: sssd.conf.5.xml:109 sssd.conf.5.xml:184 sssd-ldap.5.xml:1656 -#: sssd-ldap.5.xml:1862 sss-certmap.5.xml:645 sssd-systemtap.5.xml:82 +#: sssd.conf.5.xml:109 sssd.conf.5.xml:184 sssd-ldap.5.xml:1658 +#: sssd-ldap.5.xml:1864 sss-certmap.5.xml:645 sssd-systemtap.5.xml:82 #: sssd-systemtap.5.xml:143 sssd-systemtap.5.xml:236 sssd-systemtap.5.xml:274 #: sssd-systemtap.5.xml:330 sssd-ldap-attributes.5.xml:40 #: sssd-ldap-attributes.5.xml:659 sssd-ldap-attributes.5.xml:801 @@ -295,7 +295,7 @@ msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:196 sssd.conf.5.xml:1290 sssd.conf.5.xml:1767 -#: sssd.conf.5.xml:4190 sssd-ldap.5.xml:765 include/ldap_id_mapping.xml:270 +#: sssd.conf.5.xml:4207 sssd-ldap.5.xml:766 include/ldap_id_mapping.xml:270 msgid "Default: 10" msgstr "" @@ -371,7 +371,7 @@ msgid "" msgstr "" #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:266 sssd.conf.5.xml:792 sssd.conf.5.xml:3709 +#: sssd.conf.5.xml:266 sssd.conf.5.xml:792 sssd.conf.5.xml:3716 #: include/failover.xml:100 msgid "Default: 3" msgstr "" @@ -393,7 +393,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:287 sssd.conf.5.xml:3541 +#: sssd.conf.5.xml:287 sssd.conf.5.xml:3548 msgid "re_expression (string)" msgstr "" @@ -413,12 +413,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:304 sssd.conf.5.xml:3598 +#: sssd.conf.5.xml:304 sssd.conf.5.xml:3605 msgid "full_name_format (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:307 sssd.conf.5.xml:3601 +#: sssd.conf.5.xml:307 sssd.conf.5.xml:3608 msgid "" "A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</" "manvolnum> </citerefentry>-compatible format that describes how to compose a " @@ -426,39 +426,39 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:318 sssd.conf.5.xml:3612 +#: sssd.conf.5.xml:318 sssd.conf.5.xml:3619 msgid "%1$s" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:319 sssd.conf.5.xml:3613 +#: sssd.conf.5.xml:319 sssd.conf.5.xml:3620 msgid "user name" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:322 sssd.conf.5.xml:3616 +#: sssd.conf.5.xml:322 sssd.conf.5.xml:3623 msgid "%2$s" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:325 sssd.conf.5.xml:3619 +#: sssd.conf.5.xml:325 sssd.conf.5.xml:3626 msgid "domain name as specified in the SSSD config file." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:331 sssd.conf.5.xml:3625 +#: sssd.conf.5.xml:331 sssd.conf.5.xml:3632 msgid "%3$s" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:334 sssd.conf.5.xml:3628 +#: sssd.conf.5.xml:334 sssd.conf.5.xml:3635 msgid "" "domain flat name. Mostly usable for Active Directory domains, both directly " "configured or discovered via IPA trusts." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:315 sssd.conf.5.xml:3609 +#: sssd.conf.5.xml:315 sssd.conf.5.xml:3616 msgid "" "The following expansions are supported: <placeholder type=\"variablelist\" " "id=\"0\"/>" @@ -601,8 +601,8 @@ msgid "" msgstr "" #. type: Content of: <variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:468 sssd-ldap.5.xml:876 sssd-ldap.5.xml:888 -#: sssd-ldap.5.xml:980 sssd-ad.5.xml:920 sssd-ad.5.xml:995 sssd-krb5.5.xml:468 +#: sssd.conf.5.xml:468 sssd-ldap.5.xml:877 sssd-ldap.5.xml:889 +#: sssd-ldap.5.xml:982 sssd-ad.5.xml:920 sssd-ad.5.xml:995 sssd-krb5.5.xml:468 #: sssd-ldap-attributes.5.xml:470 sssd-ldap-attributes.5.xml:976 #: include/ldap_id_mapping.xml:211 include/ldap_id_mapping.xml:222 #: include/krb5_options.xml:148 @@ -872,7 +872,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:700 sssd.conf.5.xml:1791 sssd.conf.5.xml:4240 +#: sssd.conf.5.xml:700 sssd.conf.5.xml:1791 sssd.conf.5.xml:4257 #: sssd-ad.5.xml:187 sssd-ad.5.xml:327 sssd-ad.5.xml:341 msgid "Default: Not set" msgstr "" @@ -1051,7 +1051,7 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:858 sssd.conf.5.xml:1201 sssd.conf.5.xml:1584 -#: sssd.conf.5.xml:1880 sssd-ldap.5.xml:494 +#: sssd.conf.5.xml:1880 sssd-ldap.5.xml:495 msgid "Default: 60" msgstr "" @@ -1153,7 +1153,7 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:937 sssd.conf.5.xml:1214 sssd.conf.5.xml:2322 -#: sssd-ldap.5.xml:331 +#: sssd-ldap.5.xml:332 msgid "Default: 300" msgstr "" @@ -1522,7 +1522,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1240 sssd.conf.5.xml:2964 sssd-ldap.5.xml:548 +#: sssd.conf.5.xml:1240 sssd.conf.5.xml:2971 sssd-ldap.5.xml:549 msgid "Default: 8" msgstr "" @@ -1548,8 +1548,8 @@ msgid "" msgstr "" #. type: Content of: <variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1265 sssd.conf.5.xml:1317 sssd.conf.5.xml:3730 -#: sssd-ldap.5.xml:473 sssd-ldap.5.xml:525 include/failover.xml:116 +#: sssd.conf.5.xml:1265 sssd.conf.5.xml:1317 sssd.conf.5.xml:3737 +#: sssd-ldap.5.xml:474 sssd-ldap.5.xml:526 include/failover.xml:116 #: include/krb5_options.xml:11 msgid "Default: 6" msgstr "" @@ -1858,7 +1858,7 @@ msgid "pam_pwd_expiration_warning (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1553 sssd.conf.5.xml:2988 +#: sssd.conf.5.xml:1553 sssd.conf.5.xml:2995 msgid "Display a warning N days before the password expires." msgstr "" @@ -1871,7 +1871,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1562 sssd.conf.5.xml:2991 +#: sssd.conf.5.xml:1562 sssd.conf.5.xml:2998 msgid "" "If zero is set, then this filter is not applied, i.e. if the expiration " "warning was received from backend server, it will automatically be displayed." @@ -1885,7 +1885,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1572 sssd.conf.5.xml:3977 sssd-ldap.5.xml:606 sssd.8.xml:79 +#: sssd.conf.5.xml:1572 sssd.conf.5.xml:3984 sssd-ldap.5.xml:607 sssd.8.xml:79 msgid "Default: 0" msgstr "" @@ -1948,8 +1948,8 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1632 sssd.conf.5.xml:1657 sssd.conf.5.xml:1676 -#: sssd.conf.5.xml:1913 sssd.conf.5.xml:2733 sssd.conf.5.xml:3906 -#: sssd-ldap.5.xml:1207 +#: sssd.conf.5.xml:1913 sssd.conf.5.xml:2733 sssd.conf.5.xml:3913 +#: sssd-ldap.5.xml:1209 msgid "Default: none" msgstr "" @@ -2012,8 +2012,8 @@ msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1687 sssd.conf.5.xml:1698 sssd.conf.5.xml:1712 -#: sssd-ldap.5.xml:671 sssd-ldap.5.xml:692 sssd-ldap.5.xml:788 -#: sssd-ldap.5.xml:1293 sssd-ad.5.xml:505 sssd-ad.5.xml:581 sssd-ad.5.xml:1126 +#: sssd-ldap.5.xml:672 sssd-ldap.5.xml:693 sssd-ldap.5.xml:789 +#: sssd-ldap.5.xml:1295 sssd-ad.5.xml:505 sssd-ad.5.xml:581 sssd-ad.5.xml:1126 #: sssd-ad.5.xml:1175 include/ldap_id_mapping.xml:250 msgid "Default: False" msgstr "" @@ -2052,7 +2052,7 @@ msgid "The path to the certificate database." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1723 sssd.conf.5.xml:2248 sssd.conf.5.xml:4354 +#: sssd.conf.5.xml:1723 sssd.conf.5.xml:2248 sssd.conf.5.xml:4371 msgid "Default:" msgstr "" @@ -2318,7 +2318,7 @@ msgid "Default: no_session" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1950 sssd.conf.5.xml:4293 +#: sssd.conf.5.xml:1950 sssd.conf.5.xml:4310 msgid "pam_gssapi_services" msgstr "" @@ -2352,7 +2352,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1968 sssd.conf.5.xml:3900 +#: sssd.conf.5.xml:1968 sssd.conf.5.xml:3907 msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" @@ -2362,7 +2362,7 @@ msgid "Default: - (GSSAPI authentication is disabled)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1979 sssd.conf.5.xml:4294 +#: sssd.conf.5.xml:1979 sssd.conf.5.xml:4311 msgid "pam_gssapi_check_upn" msgstr "" @@ -2382,7 +2382,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1999 sssd-ad.5.xml:1266 sss_rpcidmapd.5.xml:76 +#: sssd.conf.5.xml:1999 sssd-ad.5.xml:1271 sss_rpcidmapd.5.xml:76 #: sssd-files.5.xml:145 msgid "Default: True" msgstr "" @@ -3141,7 +3141,7 @@ msgid "FALSE = No enumerations for this domain" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2669 sssd.conf.5.xml:2943 sssd.conf.5.xml:3120 +#: sssd.conf.5.xml:2669 sssd.conf.5.xml:2950 sssd.conf.5.xml:3127 msgid "Default: FALSE" msgstr "" @@ -3410,7 +3410,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2922 sssd-ldap.5.xml:360 sssd-ldap.5.xml:1736 +#: sssd.conf.5.xml:2922 sssd-ldap.5.xml:361 sssd-ldap.5.xml:1738 #: sssd-ipa.5.xml:270 msgid "Default: 0 (disabled)" msgstr "" @@ -3422,11 +3422,17 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:2931 -msgid "Determines if user credentials are also cached in the local LDB cache." +msgid "" +"Determines if user credentials are also cached in the local LDB cache. The " +"cached credentials refer to passwords, which includes the first (long term) " +"factor of two-factor authentication, not other authentication mechanisms. " +"Passkey and Smartcard authentications are expected to work offline as long " +"as a successful online authentication is recorded in the cache without " +"additional configuration." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2935 +#: sssd.conf.5.xml:2942 msgid "" "Take a note that while credentials are stored as a salted SHA512 hash, this " "still potentially poses some security risk in case an attacker manages to " @@ -3435,12 +3441,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2949 +#: sssd.conf.5.xml:2956 msgid "cache_credentials_minimal_first_factor_length (int)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2952 +#: sssd.conf.5.xml:2959 msgid "" "If 2-Factor-Authentication (2FA) is used and credentials should be saved " "this value determines the minimal length the first authentication factor " @@ -3448,19 +3454,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2959 +#: sssd.conf.5.xml:2966 msgid "" "This should avoid that the short PINs of a PIN based 2FA scheme are saved in " "the cache which would make them easy targets for brute-force attacks." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2970 +#: sssd.conf.5.xml:2977 msgid "account_cache_expiration (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2973 +#: sssd.conf.5.xml:2980 msgid "" "Number of days entries are left in cache after last successful login before " "being removed during a cleanup of the cache. 0 means keep forever. The " @@ -3469,17 +3475,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2980 +#: sssd.conf.5.xml:2987 msgid "Default: 0 (unlimited)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2985 +#: sssd.conf.5.xml:2992 msgid "pwd_expiration_warning (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2996 +#: sssd.conf.5.xml:3003 msgid "" "Please note that the backend server has to provide information about the " "expiration time of the password. If this information is missing, sssd " @@ -3488,28 +3494,28 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3003 +#: sssd.conf.5.xml:3010 msgid "Default: 7 (Kerberos), 0 (LDAP)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3009 +#: sssd.conf.5.xml:3016 msgid "id_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3012 +#: sssd.conf.5.xml:3019 msgid "" "The identification provider used for the domain. Supported ID providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3016 +#: sssd.conf.5.xml:3023 msgid "<quote>proxy</quote>: Support a legacy NSS provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3019 +#: sssd.conf.5.xml:3026 msgid "" "<quote>files</quote>: FILES provider. See <citerefentry> <refentrytitle>sssd-" "files</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more " @@ -3517,7 +3523,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3027 +#: sssd.conf.5.xml:3034 msgid "" "<quote>ldap</quote>: LDAP provider. See <citerefentry> <refentrytitle>sssd-" "ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more " @@ -3525,8 +3531,8 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3035 sssd.conf.5.xml:3146 sssd.conf.5.xml:3197 -#: sssd.conf.5.xml:3260 +#: sssd.conf.5.xml:3042 sssd.conf.5.xml:3153 sssd.conf.5.xml:3204 +#: sssd.conf.5.xml:3267 msgid "" "<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management " "provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> " @@ -3535,8 +3541,8 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3044 sssd.conf.5.xml:3155 sssd.conf.5.xml:3206 -#: sssd.conf.5.xml:3269 +#: sssd.conf.5.xml:3051 sssd.conf.5.xml:3162 sssd.conf.5.xml:3213 +#: sssd.conf.5.xml:3276 msgid "" "<quote>ad</quote>: Active Directory provider. See <citerefentry> " "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3544,19 +3550,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3055 +#: sssd.conf.5.xml:3062 msgid "use_fully_qualified_names (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3058 +#: sssd.conf.5.xml:3065 msgid "" "Use the full name and domain (as formatted by the domain's full_name_format) " "as the user's login name reported to NSS." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3063 +#: sssd.conf.5.xml:3070 msgid "" "If set to TRUE, all requests to this domain must use fully qualified names. " "For example, if used in LOCAL domain that contains a \"test\" user, " @@ -3565,7 +3571,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3071 +#: sssd.conf.5.xml:3078 msgid "" "NOTE: This option has no effect on netgroup lookups due to their tendency to " "include nested netgroups without qualified names. For netgroups, all domains " @@ -3573,24 +3579,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3078 +#: sssd.conf.5.xml:3085 msgid "" "Default: FALSE (TRUE for trusted domain/sub-domains or if " "default_domain_suffix is used)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3085 +#: sssd.conf.5.xml:3092 msgid "ignore_group_members (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3088 +#: sssd.conf.5.xml:3095 msgid "Do not return group members for group lookups." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3091 +#: sssd.conf.5.xml:3098 msgid "" "If set to TRUE, the group membership attribute is not requested from the " "ldap server, and group members are not returned when processing group lookup " @@ -3602,7 +3608,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3109 +#: sssd.conf.5.xml:3116 msgid "" "Enabling this option can also make access provider checks for group " "membership significantly faster, especially for groups containing many " @@ -3610,30 +3616,30 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3115 sssd.conf.5.xml:3822 sssd-ldap.5.xml:326 -#: sssd-ldap.5.xml:355 sssd-ldap.5.xml:408 sssd-ldap.5.xml:468 -#: sssd-ldap.5.xml:489 sssd-ldap.5.xml:520 sssd-ldap.5.xml:543 -#: sssd-ldap.5.xml:582 sssd-ldap.5.xml:601 sssd-ldap.5.xml:625 -#: sssd-ldap.5.xml:1051 sssd-ldap.5.xml:1084 +#: sssd.conf.5.xml:3122 sssd.conf.5.xml:3829 sssd-ldap.5.xml:327 +#: sssd-ldap.5.xml:356 sssd-ldap.5.xml:409 sssd-ldap.5.xml:469 +#: sssd-ldap.5.xml:490 sssd-ldap.5.xml:521 sssd-ldap.5.xml:544 +#: sssd-ldap.5.xml:583 sssd-ldap.5.xml:602 sssd-ldap.5.xml:626 +#: sssd-ldap.5.xml:1053 sssd-ldap.5.xml:1086 msgid "" "This option can be also set per subdomain or inherited via " "<emphasis>subdomain_inherit</emphasis>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3125 +#: sssd.conf.5.xml:3132 msgid "auth_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3128 +#: sssd.conf.5.xml:3135 msgid "" "The authentication provider used for the domain. Supported auth providers " "are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3132 sssd.conf.5.xml:3190 +#: sssd.conf.5.xml:3139 sssd.conf.5.xml:3197 msgid "" "<quote>ldap</quote> for native LDAP authentication. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3641,7 +3647,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3139 +#: sssd.conf.5.xml:3146 msgid "" "<quote>krb5</quote> for Kerberos authentication. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3649,30 +3655,30 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3163 +#: sssd.conf.5.xml:3170 msgid "" "<quote>proxy</quote> for relaying authentication to some other PAM target." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3166 +#: sssd.conf.5.xml:3173 msgid "<quote>none</quote> disables authentication explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3169 +#: sssd.conf.5.xml:3176 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can handle " "authentication requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3175 +#: sssd.conf.5.xml:3182 msgid "access_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3178 +#: sssd.conf.5.xml:3185 msgid "" "The access control provider used for the domain. There are two built-in " "access providers (in addition to any included in installed backends) " @@ -3680,19 +3686,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3184 +#: sssd.conf.5.xml:3191 msgid "" "<quote>permit</quote> always allow access. It's the only permitted access " "provider for a local domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3187 +#: sssd.conf.5.xml:3194 msgid "<quote>deny</quote> always deny access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3214 +#: sssd.conf.5.xml:3221 msgid "" "<quote>simple</quote> access control based on access or deny lists. See " "<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</" @@ -3701,7 +3707,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3221 +#: sssd.conf.5.xml:3228 msgid "" "<quote>krb5</quote>: .k5login based access control. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum></" @@ -3709,29 +3715,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3228 +#: sssd.conf.5.xml:3235 msgid "<quote>proxy</quote> for relaying access control to another PAM module." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3231 +#: sssd.conf.5.xml:3238 msgid "Default: <quote>permit</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3236 +#: sssd.conf.5.xml:3243 msgid "chpass_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3239 +#: sssd.conf.5.xml:3246 msgid "" "The provider which should handle change password operations for the domain. " "Supported change password providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3244 +#: sssd.conf.5.xml:3251 msgid "" "<quote>ldap</quote> to change a password stored in a LDAP server. See " "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" @@ -3739,7 +3745,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3252 +#: sssd.conf.5.xml:3259 msgid "" "<quote>krb5</quote> to change the Kerberos password. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3747,35 +3753,35 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3277 +#: sssd.conf.5.xml:3284 msgid "" "<quote>proxy</quote> for relaying password changes to some other PAM target." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3281 +#: sssd.conf.5.xml:3288 msgid "<quote>none</quote> disallows password changes explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3284 +#: sssd.conf.5.xml:3291 msgid "" "Default: <quote>auth_provider</quote> is used if it is set and can handle " "change password requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3291 +#: sssd.conf.5.xml:3298 msgid "sudo_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3294 +#: sssd.conf.5.xml:3301 msgid "The SUDO provider used for the domain. Supported SUDO providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3298 +#: sssd.conf.5.xml:3305 msgid "" "<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3783,32 +3789,32 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3306 +#: sssd.conf.5.xml:3313 msgid "" "<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default " "settings." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3310 +#: sssd.conf.5.xml:3317 msgid "" "<quote>ad</quote> the same as <quote>ldap</quote> but with AD default " "settings." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3314 +#: sssd.conf.5.xml:3321 msgid "<quote>none</quote> disables SUDO explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3317 sssd.conf.5.xml:3403 sssd.conf.5.xml:3473 -#: sssd.conf.5.xml:3498 sssd.conf.5.xml:3534 +#: sssd.conf.5.xml:3324 sssd.conf.5.xml:3410 sssd.conf.5.xml:3480 +#: sssd.conf.5.xml:3505 sssd.conf.5.xml:3541 msgid "Default: The value of <quote>id_provider</quote> is used if it is set." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3321 +#: sssd.conf.5.xml:3328 msgid "" "The detailed instructions for configuration of sudo_provider are in the " "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " @@ -3819,7 +3825,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3336 +#: sssd.conf.5.xml:3343 msgid "" "<emphasis>NOTE:</emphasis> Sudo rules are periodically downloaded in the " "background unless the sudo provider is explicitly disabled. Set " @@ -3828,12 +3834,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3346 +#: sssd.conf.5.xml:3353 msgid "selinux_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3349 +#: sssd.conf.5.xml:3356 msgid "" "The provider which should handle loading of selinux settings. Note that this " "provider will be called right after access provider ends. Supported selinux " @@ -3841,7 +3847,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3355 +#: sssd.conf.5.xml:3362 msgid "" "<quote>ipa</quote> to load selinux settings from an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" @@ -3849,31 +3855,31 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3363 +#: sssd.conf.5.xml:3370 msgid "<quote>none</quote> disallows fetching selinux settings explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3366 +#: sssd.conf.5.xml:3373 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can handle " "selinux loading requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3372 +#: sssd.conf.5.xml:3379 msgid "subdomains_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3375 +#: sssd.conf.5.xml:3382 msgid "" "The provider which should handle fetching of subdomains. This value should " "be always the same as id_provider. Supported subdomain providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3381 +#: sssd.conf.5.xml:3388 msgid "" "<quote>ipa</quote> to load a list of subdomains from an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" @@ -3881,7 +3887,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3390 +#: sssd.conf.5.xml:3397 msgid "" "<quote>ad</quote> to load a list of subdomains from an Active Directory " "server. See <citerefentry> <refentrytitle>sssd-ad</refentrytitle> " @@ -3890,17 +3896,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3399 +#: sssd.conf.5.xml:3406 msgid "<quote>none</quote> disallows fetching subdomains explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3409 +#: sssd.conf.5.xml:3416 msgid "session_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3412 +#: sssd.conf.5.xml:3419 msgid "" "The provider which configures and manages user session related tasks. The " "only user session task currently provided is the integration with Fleet " @@ -3908,43 +3914,43 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3419 +#: sssd.conf.5.xml:3426 msgid "<quote>ipa</quote> to allow performing user session related tasks." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3423 +#: sssd.conf.5.xml:3430 msgid "" "<quote>none</quote> does not perform any kind of user session related tasks." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3427 +#: sssd.conf.5.xml:3434 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can perform " "session related tasks." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3431 +#: sssd.conf.5.xml:3438 msgid "" "<emphasis>NOTE:</emphasis> In order to have this feature working as expected " "SSSD must be running as \"root\" and not as the unprivileged user." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3439 +#: sssd.conf.5.xml:3446 msgid "autofs_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3442 +#: sssd.conf.5.xml:3449 msgid "" "The autofs provider used for the domain. Supported autofs providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3446 +#: sssd.conf.5.xml:3453 msgid "" "<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3952,7 +3958,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3453 +#: sssd.conf.5.xml:3460 msgid "" "<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> " "<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3960,7 +3966,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3461 +#: sssd.conf.5.xml:3468 msgid "" "<quote>ad</quote> to load maps stored in an AD server. See <citerefentry> " "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3968,24 +3974,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3470 +#: sssd.conf.5.xml:3477 msgid "<quote>none</quote> disables autofs explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3480 +#: sssd.conf.5.xml:3487 msgid "hostid_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3483 +#: sssd.conf.5.xml:3490 msgid "" "The provider used for retrieving host identity information. Supported " "hostid providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3487 +#: sssd.conf.5.xml:3494 msgid "" "<quote>ipa</quote> to load host identity stored in an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" @@ -3993,31 +3999,31 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3495 +#: sssd.conf.5.xml:3502 msgid "<quote>none</quote> disables hostid explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3505 +#: sssd.conf.5.xml:3512 msgid "resolver_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3508 +#: sssd.conf.5.xml:3515 msgid "" "The provider which should handle hosts and networks lookups. Supported " "resolver providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3512 +#: sssd.conf.5.xml:3519 msgid "" "<quote>proxy</quote> to forward lookups to another NSS library. See " "<quote>proxy_resolver_lib_name</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3516 +#: sssd.conf.5.xml:3523 msgid "" "<quote>ldap</quote> to fetch hosts and networks stored in LDAP. See " "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" @@ -4025,7 +4031,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3523 +#: sssd.conf.5.xml:3530 msgid "" "<quote>ad</quote> to fetch hosts and networks stored in AD. See " "<citerefentry> <refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</" @@ -4034,12 +4040,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3531 +#: sssd.conf.5.xml:3538 msgid "<quote>none</quote> disallows fetching hosts and networks explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3544 +#: sssd.conf.5.xml:3551 msgid "" "Regular expression for this domain that describes how to parse the string " "containing user name and domain into these components. The \"domain\" can " @@ -4049,24 +4055,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3553 +#: sssd.conf.5.xml:3560 msgid "" "Default: <quote>^((?P<name>.+)@(?P<domain>[^@]*)|(?P<name>" "[^@]+))$</quote> which allows two different styles for user names:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:3558 sssd.conf.5.xml:3572 +#: sssd.conf.5.xml:3565 sssd.conf.5.xml:3579 msgid "username" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:3561 sssd.conf.5.xml:3575 +#: sssd.conf.5.xml:3568 sssd.conf.5.xml:3582 msgid "username@domain.name" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3566 +#: sssd.conf.5.xml:3573 msgid "" "Default for the AD and IPA provider: <quote>^(((?P<domain>[^\\\\]+)\\" "\\(?P<name>.+))|((?P<name>.+)@(?P<domain>[^@]+))|((?P<" @@ -4075,19 +4081,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:3578 +#: sssd.conf.5.xml:3585 msgid "domain\\username" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3581 +#: sssd.conf.5.xml:3588 msgid "" "While the first two correspond to the general default the third one is " "introduced to allow easy integration of users from Windows domains." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3586 +#: sssd.conf.5.xml:3593 msgid "" "The default re_expression uses the <quote>@</quote> character as a separator " "between the name and the domain. As a result of this setting the default " @@ -4097,89 +4103,89 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3638 +#: sssd.conf.5.xml:3645 msgid "Default: <quote>%1$s@%2$s</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3644 +#: sssd.conf.5.xml:3651 msgid "lookup_family_order (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3647 +#: sssd.conf.5.xml:3654 msgid "" "Provides the ability to select preferred address family to use when " "performing DNS lookups." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3651 +#: sssd.conf.5.xml:3658 msgid "Supported values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3654 +#: sssd.conf.5.xml:3661 msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3657 +#: sssd.conf.5.xml:3664 msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3660 +#: sssd.conf.5.xml:3667 msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3663 +#: sssd.conf.5.xml:3670 msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3666 +#: sssd.conf.5.xml:3673 msgid "Default: ipv4_first" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3672 +#: sssd.conf.5.xml:3679 msgid "dns_resolver_server_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3675 +#: sssd.conf.5.xml:3682 msgid "" "Defines the amount of time (in milliseconds) SSSD would try to talk to DNS " "server before trying next DNS server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3680 +#: sssd.conf.5.xml:3687 msgid "" "The AD provider will use this option for the CLDAP ping timeouts as well." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3684 sssd.conf.5.xml:3704 sssd.conf.5.xml:3725 +#: sssd.conf.5.xml:3691 sssd.conf.5.xml:3711 sssd.conf.5.xml:3732 msgid "" "Please see the section <quote>FAILOVER</quote> for more information about " "the service resolution." msgstr "" #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3689 sssd-ldap.5.xml:644 include/failover.xml:84 +#: sssd.conf.5.xml:3696 sssd-ldap.5.xml:645 include/failover.xml:84 msgid "Default: 1000" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3695 +#: sssd.conf.5.xml:3702 msgid "dns_resolver_op_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3698 +#: sssd.conf.5.xml:3705 msgid "" "Defines the amount of time (in seconds) to wait to resolve single DNS query " "(e.g. resolution of a hostname or an SRV record) before trying the next " @@ -4187,12 +4193,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3715 +#: sssd.conf.5.xml:3722 msgid "dns_resolver_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3718 +#: sssd.conf.5.xml:3725 msgid "" "Defines the amount of time (in seconds) to wait for a reply from the " "internal fail over service before assuming that the service is unreachable. " @@ -4201,12 +4207,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3736 +#: sssd.conf.5.xml:3743 msgid "dns_resolver_use_search_list (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3739 +#: sssd.conf.5.xml:3746 msgid "" "Normally, the DNS resolver searches the domain list defined in the " "\"search\" directive from the resolv.conf file. This can lead to delays in " @@ -4214,7 +4220,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3745 +#: sssd.conf.5.xml:3752 msgid "" "If fully qualified domain names (or _srv_) are used in the SSSD " "configuration, setting this option to FALSE can prevent unnecessary DNS " @@ -4222,69 +4228,69 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3751 +#: sssd.conf.5.xml:3758 msgid "Default: TRUE" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3757 +#: sssd.conf.5.xml:3764 msgid "dns_discovery_domain (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3760 +#: sssd.conf.5.xml:3767 msgid "" "If service discovery is used in the back end, specifies the domain part of " "the service discovery DNS query." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3764 +#: sssd.conf.5.xml:3771 msgid "Default: Use the domain part of machine's hostname" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3770 +#: sssd.conf.5.xml:3777 msgid "override_gid (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3773 +#: sssd.conf.5.xml:3780 msgid "Override the primary GID value with the one specified." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3779 +#: sssd.conf.5.xml:3786 msgid "case_sensitive (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3786 +#: sssd.conf.5.xml:3793 msgid "True" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3789 +#: sssd.conf.5.xml:3796 msgid "Case sensitive. This value is invalid for AD provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3795 +#: sssd.conf.5.xml:3802 msgid "False" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3797 +#: sssd.conf.5.xml:3804 msgid "Case insensitive." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3801 +#: sssd.conf.5.xml:3808 msgid "Preserving" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3804 +#: sssd.conf.5.xml:3811 msgid "" "Same as False (case insensitive), but does not lowercase names in the result " "of NSS operations. Note that name aliases (and in case of services also " @@ -4292,31 +4298,31 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3812 +#: sssd.conf.5.xml:3819 msgid "" "If you want to set this value for trusted domain with IPA provider, you need " "to set it on both the client and SSSD on the server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3782 +#: sssd.conf.5.xml:3789 msgid "" "Treat user and group names as case sensitive. Possible option values are: " "<placeholder type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3827 +#: sssd.conf.5.xml:3834 msgid "Default: True (False for AD provider)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3833 +#: sssd.conf.5.xml:3840 msgid "subdomain_inherit (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3836 +#: sssd.conf.5.xml:3843 msgid "" "Specifies a list of configuration parameters that should be inherited by a " "subdomain. Please note that only selected parameters can be inherited. " @@ -4324,104 +4330,104 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3842 +#: sssd.conf.5.xml:3849 msgid "ldap_search_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3845 +#: sssd.conf.5.xml:3852 msgid "ldap_network_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3848 +#: sssd.conf.5.xml:3855 msgid "ldap_opt_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3851 +#: sssd.conf.5.xml:3858 msgid "ldap_offline_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3854 +#: sssd.conf.5.xml:3861 msgid "ldap_enumeration_refresh_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3857 +#: sssd.conf.5.xml:3864 msgid "ldap_enumeration_refresh_offset" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3860 +#: sssd.conf.5.xml:3867 msgid "ldap_purge_cache_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3863 +#: sssd.conf.5.xml:3870 msgid "ldap_purge_cache_offset" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3866 +#: sssd.conf.5.xml:3873 msgid "" "ldap_krb5_keytab (the value of krb5_keytab will be used if ldap_krb5_keytab " "is not set explicitly)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3870 +#: sssd.conf.5.xml:3877 msgid "ldap_krb5_ticket_lifetime" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3873 +#: sssd.conf.5.xml:3880 msgid "ldap_enumeration_search_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3876 +#: sssd.conf.5.xml:3883 msgid "ldap_connection_expire_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3879 +#: sssd.conf.5.xml:3886 msgid "ldap_connection_expire_offset" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3882 +#: sssd.conf.5.xml:3889 msgid "ldap_connection_idle_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3885 sssd-ldap.5.xml:400 +#: sssd.conf.5.xml:3892 sssd-ldap.5.xml:401 msgid "ldap_use_tokengroups" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3888 +#: sssd.conf.5.xml:3895 msgid "ldap_user_principal" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3891 +#: sssd.conf.5.xml:3898 msgid "ignore_group_members" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3894 +#: sssd.conf.5.xml:3901 msgid "auto_private_groups" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3897 +#: sssd.conf.5.xml:3904 msgid "case_sensitive" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:3902 +#: sssd.conf.5.xml:3909 #, no-wrap msgid "" "subdomain_inherit = ldap_purge_cache_timeout\n" @@ -4429,27 +4435,27 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3909 +#: sssd.conf.5.xml:3916 msgid "Note: This option only works with the IPA and AD provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3916 +#: sssd.conf.5.xml:3923 msgid "subdomain_homedir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3927 +#: sssd.conf.5.xml:3934 msgid "%F" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3928 +#: sssd.conf.5.xml:3935 msgid "flat (NetBIOS) name of a subdomain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3919 +#: sssd.conf.5.xml:3926 msgid "" "Use this homedir as default value for all subdomains within this domain in " "IPA AD trust. See <emphasis>override_homedir</emphasis> for info about " @@ -4459,34 +4465,34 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3933 +#: sssd.conf.5.xml:3940 msgid "" "The value can be overridden by <emphasis>override_homedir</emphasis> option." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3937 +#: sssd.conf.5.xml:3944 msgid "Default: <filename>/home/%d/%u</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3942 +#: sssd.conf.5.xml:3949 msgid "realmd_tags (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3945 +#: sssd.conf.5.xml:3952 msgid "" "Various tags stored by the realmd configuration service for this domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3951 +#: sssd.conf.5.xml:3958 msgid "cached_auth_timeout (int)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3954 +#: sssd.conf.5.xml:3961 msgid "" "Specifies time in seconds since last successful online authentication for " "which user will be authenticated using cached credentials while SSSD is in " @@ -4495,19 +4501,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3962 +#: sssd.conf.5.xml:3969 msgid "" "This option's value is inherited by all trusted domains. At the moment it is " "not possible to set a different value per trusted domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3967 +#: sssd.conf.5.xml:3974 msgid "Special value 0 implies that this feature is disabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3971 +#: sssd.conf.5.xml:3978 msgid "" "Please note that if <quote>cached_auth_timeout</quote> is longer than " "<quote>pam_id_timeout</quote> then the back end could be called to handle " @@ -4515,12 +4521,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3982 +#: sssd.conf.5.xml:3989 msgid "local_auth_policy (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3985 +#: sssd.conf.5.xml:3992 msgid "" "Local authentication methods policy. Some backends (i.e. LDAP, proxy " "provider) only support a password based authentication, while others can " @@ -4531,7 +4537,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3995 +#: sssd.conf.5.xml:4002 msgid "" "There are three possible values for this option: match, only, enable. " "<quote>match</quote> is used to match offline and online states for Kerberos " @@ -4542,8 +4548,17 @@ msgid "" "separated, such as <quote>enable:passkey, enable:smartcard</quote>" msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4014 +msgid "" +"Please note that if local Smartcard authentication is enabled and a " +"Smartcard is present, Smartcard authentication will be preferred over the " +"authentication methods supported by the backend. I.e. there will be a PIN " +"prompt instead of e.g. a password prompt." +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:4011 +#: sssd.conf.5.xml:4026 #, no-wrap msgid "" "[domain/shadowutils]\n" @@ -4554,7 +4569,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4007 +#: sssd.conf.5.xml:4022 msgid "" "The following configuration example allows local users to authenticate " "locally using any enabled method (i.e. smartcard, passkey). <placeholder " @@ -4562,34 +4577,34 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4019 +#: sssd.conf.5.xml:4034 msgid "This option is ignored for the files provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4022 +#: sssd.conf.5.xml:4037 msgid "Default: match" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4027 +#: sssd.conf.5.xml:4042 msgid "auto_private_groups (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4033 +#: sssd.conf.5.xml:4048 msgid "true" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4036 +#: sssd.conf.5.xml:4051 msgid "" "Create user's private group unconditionally from user's UID number. The GID " "number is ignored in this case." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4040 +#: sssd.conf.5.xml:4055 msgid "" "NOTE: Because the GID number and the user private group are inferred from " "the UID number, it is not supported to have multiple entries with the same " @@ -4598,24 +4613,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4049 +#: sssd.conf.5.xml:4064 msgid "false" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4052 +#: sssd.conf.5.xml:4067 msgid "" "Always use the user's primary GID number. The GID number must refer to a " "group object in the LDAP database." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4058 +#: sssd.conf.5.xml:4073 msgid "hybrid" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4061 +#: sssd.conf.5.xml:4076 msgid "" "A primary group is autogenerated for user entries whose UID and GID numbers " "have the same value and at the same time the GID number does not correspond " @@ -4625,14 +4640,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4074 +#: sssd.conf.5.xml:4089 msgid "" "If the UID and GID of a user are different, then the GID must correspond to " "a group entry, otherwise the GID is simply not resolvable." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4081 +#: sssd.conf.5.xml:4096 msgid "" "This feature is useful for environments that wish to stop maintaining a " "separate group objects for the user private groups, but also wish to retain " @@ -4640,21 +4655,21 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4030 +#: sssd.conf.5.xml:4045 msgid "" "This option takes any of three available values: <placeholder " "type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4093 +#: sssd.conf.5.xml:4108 msgid "" "For subdomains, the default value is False for subdomains that use assigned " "POSIX IDs and True for subdomains that use automatic ID-mapping." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:4101 +#: sssd.conf.5.xml:4116 #, no-wrap msgid "" "[domain/forest.domain/sub.domain]\n" @@ -4662,7 +4677,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:4107 +#: sssd.conf.5.xml:4122 #, no-wrap msgid "" "[domain/forest.domain]\n" @@ -4671,7 +4686,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4098 +#: sssd.conf.5.xml:4113 msgid "" "The value of auto_private_groups can either be set per subdomains in a " "subsection, for example: <placeholder type=\"programlisting\" id=\"0\"/> or " @@ -4688,29 +4703,30 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4122 +#: sssd.conf.5.xml:4137 msgid "proxy_pam_target (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4125 +#: sssd.conf.5.xml:4140 msgid "The proxy target PAM proxies to." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4128 +#: sssd.conf.5.xml:4143 msgid "" "Default: not set by default, you have to take an existing pam configuration " -"or create a new one and add the service name here." +"or create a new one and add the service name here. As an alternative you can " +"enable local authentication with the local_auth_policy option." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4136 +#: sssd.conf.5.xml:4153 msgid "proxy_lib_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4139 +#: sssd.conf.5.xml:4156 msgid "" "The name of the NSS library to use in proxy domains. The NSS functions " "searched for in the library are in the form of _nss_$(libName)_$(function), " @@ -4718,12 +4734,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4149 +#: sssd.conf.5.xml:4166 msgid "proxy_resolver_lib_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4152 +#: sssd.conf.5.xml:4169 msgid "" "The name of the NSS library to use for hosts and networks lookups in proxy " "domains. The NSS functions searched for in the library are in the form of " @@ -4731,12 +4747,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4163 +#: sssd.conf.5.xml:4180 msgid "proxy_fast_alias (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4166 +#: sssd.conf.5.xml:4183 msgid "" "When a user or group is looked up by name in the proxy provider, a second " "lookup by ID is performed to \"canonicalize\" the name in case the requested " @@ -4745,12 +4761,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4180 +#: sssd.conf.5.xml:4197 msgid "proxy_max_children (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4183 +#: sssd.conf.5.xml:4200 msgid "" "This option specifies the number of pre-forked proxy children. It is useful " "for high-load SSSD environments where sssd may run out of available child " @@ -4758,19 +4774,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4118 +#: sssd.conf.5.xml:4133 msgid "" "Options valid for proxy domains. <placeholder type=\"variablelist\" " "id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:4199 +#: sssd.conf.5.xml:4216 msgid "Application domains" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4201 +#: sssd.conf.5.xml:4218 msgid "" "SSSD, with its D-Bus interface (see <citerefentry> <refentrytitle>sssd-ifp</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry>) is appealing to " @@ -4787,7 +4803,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4221 +#: sssd.conf.5.xml:4238 msgid "" "Please note that the application domain must still be explicitly enabled in " "the <quote>domains</quote> parameter so that the lookup order between the " @@ -4795,17 +4811,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> -#: sssd.conf.5.xml:4227 +#: sssd.conf.5.xml:4244 msgid "Application domain parameters" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4229 +#: sssd.conf.5.xml:4246 msgid "inherit_from (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4232 +#: sssd.conf.5.xml:4249 msgid "" "The SSSD POSIX-type domain the application domain inherits all settings " "from. The application domain can moreover add its own settings to the " @@ -4814,7 +4830,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4246 +#: sssd.conf.5.xml:4263 msgid "" "The following example illustrates the use of an application domain. In this " "setup, the POSIX domain is connected to an LDAP server and is used by the OS " @@ -4824,7 +4840,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><programlisting> -#: sssd.conf.5.xml:4254 +#: sssd.conf.5.xml:4271 #, no-wrap msgid "" "[sssd]\n" @@ -4844,12 +4860,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4274 +#: sssd.conf.5.xml:4291 msgid "TRUSTED DOMAIN SECTION" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4276 +#: sssd.conf.5.xml:4293 msgid "" "Some options used in the domain section can also be used in the trusted " "domain section, that is, in a section called <quote>[domain/" @@ -4860,69 +4876,69 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4283 +#: sssd.conf.5.xml:4300 msgid "ldap_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4284 +#: sssd.conf.5.xml:4301 msgid "ldap_user_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4285 +#: sssd.conf.5.xml:4302 msgid "ldap_group_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4286 +#: sssd.conf.5.xml:4303 msgid "ldap_netgroup_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4287 +#: sssd.conf.5.xml:4304 msgid "ldap_service_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4288 +#: sssd.conf.5.xml:4305 msgid "ldap_sasl_mech," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4289 +#: sssd.conf.5.xml:4306 msgid "ad_server," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4290 +#: sssd.conf.5.xml:4307 msgid "ad_backup_server," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4291 +#: sssd.conf.5.xml:4308 msgid "ad_site," msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4292 sssd-ipa.5.xml:879 +#: sssd.conf.5.xml:4309 sssd-ipa.5.xml:884 msgid "use_fully_qualified_names" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4296 +#: sssd.conf.5.xml:4313 msgid "" "For more details about these options see their individual description in the " "manual page." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4302 +#: sssd.conf.5.xml:4319 msgid "CERTIFICATE MAPPING SECTION" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4304 +#: sssd.conf.5.xml:4321 msgid "" "To allow authentication with Smartcards and certificates SSSD must be able " "to map certificates to users. This can be done by adding the full " @@ -4935,7 +4951,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4318 +#: sssd.conf.5.xml:4335 msgid "" "To make the mapping more flexible mapping and matching rules were added to " "SSSD (see <citerefentry> <refentrytitle>sss-certmap</refentrytitle> " @@ -4943,7 +4959,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4327 +#: sssd.conf.5.xml:4344 msgid "" "A mapping and matching rule can be added to the SSSD configuration in a " "section on its own with a name like <quote>[certmap/" @@ -4952,55 +4968,55 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4334 +#: sssd.conf.5.xml:4351 msgid "matchrule (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4337 +#: sssd.conf.5.xml:4354 msgid "" "Only certificates from the Smartcard which matches this rule will be " "processed, all others are ignored." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4341 +#: sssd.conf.5.xml:4358 msgid "" "Default: KRB5:<EKU>clientAuth, i.e. only certificates which have the " "Extended Key Usage <quote>clientAuth</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4348 +#: sssd.conf.5.xml:4365 msgid "maprule (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4351 +#: sssd.conf.5.xml:4368 msgid "Defines how the user is found for a given certificate." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4357 +#: sssd.conf.5.xml:4374 msgid "" "LDAP:(userCertificate;binary={cert!bin}) for LDAP based providers like " "<quote>ldap</quote>, <quote>AD</quote> or <quote>ipa</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4363 +#: sssd.conf.5.xml:4380 msgid "" "The RULE_NAME for the <quote>files</quote> provider which tries to find a " "user with the same name." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4372 +#: sssd.conf.5.xml:4389 msgid "domains (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4375 +#: sssd.conf.5.xml:4392 msgid "" "Comma separated list of domain names the rule should be applied. By default " "a rule is only valid in the domain configured in sssd.conf. If the provider " @@ -5009,17 +5025,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4382 +#: sssd.conf.5.xml:4399 msgid "Default: the configured domain in sssd.conf" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4387 +#: sssd.conf.5.xml:4404 msgid "priority (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4390 +#: sssd.conf.5.xml:4407 msgid "" "Unsigned integer value defining the priority of the rule. The higher the " "number the lower the priority. <quote>0</quote> stands for the highest " @@ -5027,26 +5043,26 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4396 +#: sssd.conf.5.xml:4413 msgid "Default: the lowest priority" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4402 +#: sssd.conf.5.xml:4419 msgid "" "To make the configuration simple and reduce the amount of configuration " "options the <quote>files</quote> provider has some special properties:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4408 +#: sssd.conf.5.xml:4425 msgid "" "if maprule is not set the RULE_NAME name is assumed to be the name of the " "matching user" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4414 +#: sssd.conf.5.xml:4431 msgid "" "if a maprule is used both a single user name or a template like " "<quote>{subject_rfc822_name.short_name}</quote> must be in braces like e.g. " @@ -5055,17 +5071,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4423 +#: sssd.conf.5.xml:4440 msgid "the <quote>domains</quote> option is ignored" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4431 +#: sssd.conf.5.xml:4448 msgid "PROMPTING CONFIGURATION SECTION" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4433 +#: sssd.conf.5.xml:4450 msgid "" "If a special file (<filename>/var/lib/sss/pubconf/pam_preauth_available</" "filename>) exists SSSD's PAM module pam_sss will ask SSSD to figure out " @@ -5075,7 +5091,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4441 +#: sssd.conf.5.xml:4458 msgid "" "With the growing number of authentication methods and the possibility that " "there are multiple ones for a single user the heuristic used by pam_sss to " @@ -5084,59 +5100,59 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4453 +#: sssd.conf.5.xml:4470 msgid "[prompting/password]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4456 +#: sssd.conf.5.xml:4473 msgid "password_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4457 +#: sssd.conf.5.xml:4474 msgid "to change the string of the password prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4455 +#: sssd.conf.5.xml:4472 msgid "" "to configure password prompting, allowed options are: <placeholder " "type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4465 +#: sssd.conf.5.xml:4482 msgid "[prompting/2fa]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4469 +#: sssd.conf.5.xml:4486 msgid "first_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4470 +#: sssd.conf.5.xml:4487 msgid "to change the string of the prompt for the first factor" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4473 +#: sssd.conf.5.xml:4490 msgid "second_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4474 +#: sssd.conf.5.xml:4491 msgid "to change the string of the prompt for the second factor" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4477 +#: sssd.conf.5.xml:4494 msgid "single_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4478 +#: sssd.conf.5.xml:4495 msgid "" "boolean value, if True there will be only a single prompt using the value of " "first_prompt where it is expected that both factors are entered as a single " @@ -5145,7 +5161,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4467 +#: sssd.conf.5.xml:4484 msgid "" "to configure two-factor authentication prompting, allowed options are: " "<placeholder type=\"variablelist\" id=\"0\"/> If the second factor is " @@ -5154,17 +5170,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4495 +#: sssd.conf.5.xml:4512 msgid "[prompting/passkey]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4501 sssd-ad.5.xml:1021 +#: sssd.conf.5.xml:4518 sssd-ad.5.xml:1021 msgid "interactive" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4503 +#: sssd.conf.5.xml:4520 msgid "" "boolean value, if True prompt a message and wait before testing the presence " "of a passkey device. Recommended if your device doesn’t have a tactile " @@ -5172,46 +5188,46 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4511 +#: sssd.conf.5.xml:4528 msgid "interactive_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4513 +#: sssd.conf.5.xml:4530 msgid "to change the message of the interactive prompt." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4518 +#: sssd.conf.5.xml:4535 msgid "touch" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4520 +#: sssd.conf.5.xml:4537 msgid "" "boolean value, if True prompt a message to remind the user to touch the " "device." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4526 +#: sssd.conf.5.xml:4543 msgid "touch_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4528 +#: sssd.conf.5.xml:4545 msgid "to change the message of the touch prompt." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4497 +#: sssd.conf.5.xml:4514 msgid "" "to configure passkey authentication prompting, allowed options are: " "<placeholder type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4448 +#: sssd.conf.5.xml:4465 msgid "" "Each supported authentication method has its own configuration subsection " "under <quote>[prompting/...]</quote>. Currently there are: <placeholder " @@ -5220,7 +5236,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4539 +#: sssd.conf.5.xml:4556 msgid "" "It is possible to add a subsection for specific PAM services, e.g. " "<quote>[prompting/password/sshd]</quote> to individual change the prompting " @@ -5228,12 +5244,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4546 pam_sss_gss.8.xml:157 idmap_sss.8.xml:43 +#: sssd.conf.5.xml:4563 pam_sss_gss.8.xml:157 idmap_sss.8.xml:43 msgid "EXAMPLES" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4552 +#: sssd.conf.5.xml:4569 #, no-wrap msgid "" "[sssd]\n" @@ -5263,7 +5279,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4548 +#: sssd.conf.5.xml:4565 msgid "" "1. The following example shows a typical SSSD config. It does not describe " "configuration of the domains themselves - refer to documentation on " @@ -5272,7 +5288,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4585 +#: sssd.conf.5.xml:4602 #, no-wrap msgid "" "[domain/ipa.com/child.ad.com]\n" @@ -5280,7 +5296,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4579 +#: sssd.conf.5.xml:4596 msgid "" "2. The following example shows configuration of IPA AD trust where the AD " "forest consists of two domains in a parent-child structure. Suppose IPA " @@ -5291,7 +5307,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4596 +#: sssd.conf.5.xml:4613 #, no-wrap msgid "" "[certmap/my.domain/rule_name]\n" @@ -5302,7 +5318,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4590 +#: sssd.conf.5.xml:4607 msgid "" "3. The following example shows the configuration of a certificate mapping " "rule. It is valid for the configured domain <quote>my.domain</quote> and " @@ -5356,26 +5372,26 @@ msgid "" "LDAP back end supports id, auth, access and chpass providers. If you want to " "authenticate against an LDAP server either TLS/SSL or LDAPS is required. " "<command>sssd</command> <emphasis>does not</emphasis> support authentication " -"over an unencrypted channel. If the LDAP server is used only as an identity " -"provider, an encrypted channel is not needed. Please refer to " -"<quote>ldap_access_filter</quote> config option for more information about " -"using LDAP as an access provider." +"over an unencrypted channel. Even if the LDAP server is used only as an " +"identity provider, an encrypted channel is strongly recommended. Please " +"refer to <quote>ldap_access_filter</quote> config option for more " +"information about using LDAP as an access provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:82 sssd-ad.5.xml:130 +#: sssd-ldap.5.xml:50 sssd-simple.5.xml:69 sssd-ipa.5.xml:82 sssd-ad.5.xml:130 #: sssd-krb5.5.xml:63 sssd-ifp.5.xml:60 sssd-files.5.xml:77 #: sssd-session-recording.5.xml:58 sssd-kcm.8.xml:202 msgid "CONFIGURATION OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:66 +#: sssd-ldap.5.xml:67 msgid "ldap_uri, ldap_backup_uri (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:69 +#: sssd-ldap.5.xml:70 msgid "" "Specifies the comma-separated list of URIs of the LDAP servers to which SSSD " "should connect in the order of preference. Refer to the <quote>FAILOVER</" @@ -5385,33 +5401,33 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:76 +#: sssd-ldap.5.xml:77 msgid "The format of the URI must match the format defined in RFC 2732:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:79 +#: sssd-ldap.5.xml:80 msgid "ldap[s]://<host>[:port]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:82 +#: sssd-ldap.5.xml:83 msgid "" "For explicit IPv6 addresses, <host> must be enclosed in brackets []" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:85 +#: sssd-ldap.5.xml:86 msgid "example: ldap://[fc00::126:25]:389" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:91 +#: sssd-ldap.5.xml:92 msgid "ldap_chpass_uri, ldap_chpass_backup_uri (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:94 +#: sssd-ldap.5.xml:95 msgid "" "Specifies the comma-separated list of URIs of the LDAP servers to which SSSD " "should connect in the order of preference to change the password of a user. " @@ -5420,71 +5436,71 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:101 +#: sssd-ldap.5.xml:102 msgid "To enable service discovery ldap_chpass_dns_service_name must be set." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:105 +#: sssd-ldap.5.xml:106 msgid "Default: empty, i.e. ldap_uri is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:111 +#: sssd-ldap.5.xml:112 msgid "ldap_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:114 +#: sssd-ldap.5.xml:115 msgid "The default base DN to use for performing LDAP user operations." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:118 +#: sssd-ldap.5.xml:119 msgid "" "Starting with SSSD 1.7.0, SSSD supports multiple search bases using the " "syntax:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:122 +#: sssd-ldap.5.xml:123 msgid "search_base[?scope?[filter][?search_base?scope?[filter]]*]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:125 +#: sssd-ldap.5.xml:126 msgid "The scope can be one of \"base\", \"onelevel\" or \"subtree\"." msgstr "" #. type: Content of: <listitem><para> -#: sssd-ldap.5.xml:128 include/ldap_search_bases.xml:18 +#: sssd-ldap.5.xml:129 include/ldap_search_bases.xml:18 msgid "" "The filter must be a valid LDAP search filter as specified by http://www." "ietf.org/rfc/rfc2254.txt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:132 sssd-ad.5.xml:311 sss_override.8.xml:143 +#: sssd-ldap.5.xml:133 sssd-ad.5.xml:311 sss_override.8.xml:143 #: sss_override.8.xml:240 sssd-ldap-attributes.5.xml:453 msgid "Examples:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:135 +#: sssd-ldap.5.xml:136 msgid "" "ldap_search_base = dc=example,dc=com (which is equivalent to) " "ldap_search_base = dc=example,dc=com?subtree?" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:140 +#: sssd-ldap.5.xml:141 msgid "" "ldap_search_base = cn=host_specific,dc=example,dc=com?subtree?" "(host=thishost)?dc=example.com?subtree?" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:143 +#: sssd-ldap.5.xml:144 msgid "" "Note: It is unsupported to have multiple search bases which reference " "identically-named objects (for example, groups with the same name in two " @@ -5493,7 +5509,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:150 +#: sssd-ldap.5.xml:151 msgid "" "Default: If not set, the value of the defaultNamingContext or namingContexts " "attribute from the RootDSE of the LDAP server is used. If " @@ -5504,12 +5520,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:164 +#: sssd-ldap.5.xml:165 msgid "ldap_schema (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:167 +#: sssd-ldap.5.xml:168 msgid "" "Specifies the Schema Type in use on the target LDAP server. Depending on " "the selected schema, the default attribute names retrieved from the servers " @@ -5517,32 +5533,32 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:174 +#: sssd-ldap.5.xml:175 msgid "Four schema types are currently supported:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:178 +#: sssd-ldap.5.xml:179 msgid "rfc2307" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:183 +#: sssd-ldap.5.xml:184 msgid "rfc2307bis" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:188 +#: sssd-ldap.5.xml:189 msgid "IPA" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:193 +#: sssd-ldap.5.xml:194 msgid "AD" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:199 +#: sssd-ldap.5.xml:200 msgid "" "The main difference between these schema types is how group memberships are " "recorded in the server. With rfc2307, group members are listed by name in " @@ -5553,37 +5569,37 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:209 +#: sssd-ldap.5.xml:210 msgid "Default: rfc2307" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:215 +#: sssd-ldap.5.xml:216 msgid "ldap_pwmodify_mode (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:218 +#: sssd-ldap.5.xml:219 msgid "Specify the operation that is used to modify user password." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:222 +#: sssd-ldap.5.xml:223 msgid "Two modes are currently supported:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:226 +#: sssd-ldap.5.xml:227 msgid "exop - Password Modify Extended Operation (RFC 3062)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:232 +#: sssd-ldap.5.xml:233 msgid "ldap_modify - Direct modification of userPassword (not recommended)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:239 +#: sssd-ldap.5.xml:240 msgid "" "Note: First, a new connection is established to verify current password by " "binding as the user that requested password change. If successful, this " @@ -5592,74 +5608,74 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:247 +#: sssd-ldap.5.xml:248 msgid "Default: exop" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:253 +#: sssd-ldap.5.xml:254 msgid "ldap_default_bind_dn (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:256 +#: sssd-ldap.5.xml:257 msgid "The default bind DN to use for performing LDAP operations." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:263 +#: sssd-ldap.5.xml:264 msgid "ldap_default_authtok_type (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:266 +#: sssd-ldap.5.xml:267 msgid "The type of the authentication token of the default bind DN." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:270 +#: sssd-ldap.5.xml:271 msgid "The two mechanisms currently supported are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:273 +#: sssd-ldap.5.xml:274 msgid "password" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:276 +#: sssd-ldap.5.xml:277 msgid "obfuscated_password" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:279 +#: sssd-ldap.5.xml:280 msgid "Default: password" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:282 +#: sssd-ldap.5.xml:283 msgid "" "See the <citerefentry> <refentrytitle>sss_obfuscate</refentrytitle> " "<manvolnum>8</manvolnum> </citerefentry> manual page for more information." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:293 +#: sssd-ldap.5.xml:294 msgid "ldap_default_authtok (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:296 +#: sssd-ldap.5.xml:297 msgid "The authentication token of the default bind DN." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:302 +#: sssd-ldap.5.xml:303 msgid "ldap_force_upper_case_realm (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:305 +#: sssd-ldap.5.xml:306 msgid "" "Some directory servers, for example Active Directory, might deliver the " "realm part of the UPN in lower case, which might cause the authentication to " @@ -5668,24 +5684,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:318 +#: sssd-ldap.5.xml:319 msgid "ldap_enumeration_refresh_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:321 +#: sssd-ldap.5.xml:322 msgid "" "Specifies how many seconds SSSD has to wait before refreshing its cache of " "enumerated records." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:337 +#: sssd-ldap.5.xml:338 msgid "ldap_purge_cache_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:340 +#: sssd-ldap.5.xml:341 msgid "" "Determine how often to check the cache for inactive entries (such as groups " "with no members and users who have never logged in) and remove them to save " @@ -5693,7 +5709,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:346 +#: sssd-ldap.5.xml:347 msgid "" "Setting this option to zero will disable the cache cleanup operation. Please " "note that if enumeration is enabled, the cleanup task is required in order " @@ -5702,12 +5718,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:366 +#: sssd-ldap.5.xml:367 msgid "ldap_group_nesting_level (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:369 +#: sssd-ldap.5.xml:370 msgid "" "If ldap_schema is set to a schema format that supports nested groups (e.g. " "RFC2307bis), then this option controls how many levels of nesting SSSD will " @@ -5715,7 +5731,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:376 +#: sssd-ldap.5.xml:377 msgid "" "Note: This option specifies the guaranteed level of nested groups to be " "processed for any lookup. However, nested groups beyond this limit " @@ -5725,7 +5741,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:385 +#: sssd-ldap.5.xml:386 msgid "" "If ldap_group_nesting_level is set to 0 then no nested groups are processed " "at all. However, when connected to Active-Directory Server 2008 and later " @@ -5735,67 +5751,67 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:394 +#: sssd-ldap.5.xml:395 msgid "Default: 2" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:403 +#: sssd-ldap.5.xml:404 msgid "" "This options enables or disables use of Token-Groups attribute when " "performing initgroup for users from Active Directory Server 2008 and later." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:413 +#: sssd-ldap.5.xml:414 msgid "Default: True for AD and IPA otherwise False." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:419 +#: sssd-ldap.5.xml:420 msgid "ldap_host_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:422 +#: sssd-ldap.5.xml:423 msgid "Optional. Use the given string as search base for host objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:426 sssd-ipa.5.xml:457 sssd-ipa.5.xml:476 sssd-ipa.5.xml:495 -#: sssd-ipa.5.xml:514 +#: sssd-ldap.5.xml:427 sssd-ipa.5.xml:462 sssd-ipa.5.xml:481 sssd-ipa.5.xml:500 +#: sssd-ipa.5.xml:519 msgid "" "See <quote>ldap_search_base</quote> for information about configuring " "multiple search bases." msgstr "" #. type: Content of: <listitem><para> -#: sssd-ldap.5.xml:431 sssd-ipa.5.xml:462 include/ldap_search_bases.xml:27 +#: sssd-ldap.5.xml:432 sssd-ipa.5.xml:467 include/ldap_search_bases.xml:27 msgid "Default: the value of <emphasis>ldap_search_base</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:438 +#: sssd-ldap.5.xml:439 msgid "ldap_service_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:443 +#: sssd-ldap.5.xml:444 msgid "ldap_iphost_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:448 +#: sssd-ldap.5.xml:449 msgid "ldap_ipnetwork_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:453 +#: sssd-ldap.5.xml:454 msgid "ldap_search_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:456 +#: sssd-ldap.5.xml:457 msgid "" "Specifies the timeout (in seconds) that ldap searches are allowed to run " "before they are cancelled and cached results are returned (and offline mode " @@ -5803,7 +5819,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:462 +#: sssd-ldap.5.xml:463 msgid "" "Note: this option is subject to change in future versions of the SSSD. It " "will likely be replaced at some point by a series of timeouts for specific " @@ -5811,12 +5827,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:479 +#: sssd-ldap.5.xml:480 msgid "ldap_enumeration_search_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:482 +#: sssd-ldap.5.xml:483 msgid "" "Specifies the timeout (in seconds) that ldap searches for user and group " "enumerations are allowed to run before they are cancelled and cached results " @@ -5824,12 +5840,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:500 +#: sssd-ldap.5.xml:501 msgid "ldap_network_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:503 +#: sssd-ldap.5.xml:504 msgid "" "Specifies the timeout (in seconds) after which the <citerefentry> " "<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/" @@ -5840,12 +5856,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:531 +#: sssd-ldap.5.xml:532 msgid "ldap_opt_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:534 +#: sssd-ldap.5.xml:535 msgid "" "Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs " "will abort if no response is received. Also controls the timeout when " @@ -5854,12 +5870,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:554 +#: sssd-ldap.5.xml:555 msgid "ldap_connection_expire_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:557 +#: sssd-ldap.5.xml:558 msgid "" "Specifies a timeout (in seconds) that a connection to an LDAP server will be " "maintained. After this time, the connection will be re-established. If used " @@ -5868,7 +5884,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:565 +#: sssd-ldap.5.xml:566 msgid "" "If the connection is idle (not actively running an operation) within " "<emphasis>ldap_opt_timeout</emphasis> seconds of expiration, then it will be " @@ -5879,36 +5895,36 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:577 +#: sssd-ldap.5.xml:578 msgid "" "This timeout can be extended of a random value specified by " "<emphasis>ldap_connection_expire_offset</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:587 sssd-ldap.5.xml:630 sssd-ldap.5.xml:1711 +#: sssd-ldap.5.xml:588 sssd-ldap.5.xml:631 sssd-ldap.5.xml:1713 msgid "Default: 900 (15 minutes)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:593 +#: sssd-ldap.5.xml:594 msgid "ldap_connection_expire_offset (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:596 +#: sssd-ldap.5.xml:597 msgid "" "Random offset between 0 and configured value is added to " "<emphasis>ldap_connection_expire_timeout</emphasis>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:612 +#: sssd-ldap.5.xml:613 msgid "ldap_connection_idle_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:615 +#: sssd-ldap.5.xml:616 msgid "" "Specifies a timeout (in seconds) that an idle connection to an LDAP server " "will be maintained. If the connection is idle for more than this time then " @@ -5916,29 +5932,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:621 +#: sssd-ldap.5.xml:622 msgid "You can disable this timeout by setting the value to 0." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:636 +#: sssd-ldap.5.xml:637 msgid "ldap_page_size (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:639 +#: sssd-ldap.5.xml:640 msgid "" "Specify the number of records to retrieve from LDAP in a single request. " "Some LDAP servers enforce a maximum limit per-request." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:650 +#: sssd-ldap.5.xml:651 msgid "ldap_disable_paging (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:653 +#: sssd-ldap.5.xml:654 msgid "" "Disable the LDAP paging control. This option should be used if the LDAP " "server reports that it supports the LDAP paging control in its RootDSE but " @@ -5946,14 +5962,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:659 +#: sssd-ldap.5.xml:660 msgid "" "Example: OpenLDAP servers with the paging control module installed on the " "server but not enabled will report it in the RootDSE but be unable to use it." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:665 +#: sssd-ldap.5.xml:666 msgid "" "Example: 389 DS has a bug where it can only support a one paging control at " "a time on a single connection. On busy clients, this can result in some " @@ -5961,17 +5977,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:677 +#: sssd-ldap.5.xml:678 msgid "ldap_disable_range_retrieval (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:680 +#: sssd-ldap.5.xml:681 msgid "Disable Active Directory range retrieval." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:683 +#: sssd-ldap.5.xml:684 msgid "" "Active Directory limits the number of members to be retrieved in a single " "lookup using the MaxValRange policy (which defaults to 1500 members). If a " @@ -5981,12 +5997,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:698 +#: sssd-ldap.5.xml:699 msgid "ldap_sasl_minssf (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:701 +#: sssd-ldap.5.xml:702 msgid "" "When communicating with an LDAP server using SASL, specify the minimum " "security level necessary to establish the connection. The values of this " @@ -5994,17 +6010,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:707 sssd-ldap.5.xml:723 +#: sssd-ldap.5.xml:708 sssd-ldap.5.xml:724 msgid "Default: Use the system default (usually specified by ldap.conf)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:714 +#: sssd-ldap.5.xml:715 msgid "ldap_sasl_maxssf (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:717 +#: sssd-ldap.5.xml:718 msgid "" "When communicating with an LDAP server using SASL, specify the maximal " "security level necessary to establish the connection. The values of this " @@ -6012,12 +6028,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:730 +#: sssd-ldap.5.xml:731 msgid "ldap_deref_threshold (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:733 +#: sssd-ldap.5.xml:734 msgid "" "Specify the number of group members that must be missing from the internal " "cache in order to trigger a dereference lookup. If less members are missing, " @@ -6025,7 +6041,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:739 +#: sssd-ldap.5.xml:740 msgid "" "You can turn off dereference lookups completely by setting the value to 0. " "Please note that there are some codepaths in SSSD, like the IPA HBAC " @@ -6036,7 +6052,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:750 +#: sssd-ldap.5.xml:751 msgid "" "A dereference lookup is a means of fetching all group members in a single " "LDAP call. Different LDAP servers may implement different dereference " @@ -6045,7 +6061,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:758 +#: sssd-ldap.5.xml:759 msgid "" "<emphasis>Note:</emphasis> If any of the search bases specifies a search " "filter, then the dereference lookup performance enhancement will be disabled " @@ -6053,12 +6069,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:771 +#: sssd-ldap.5.xml:772 msgid "ldap_ignore_unreadable_references (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:774 +#: sssd-ldap.5.xml:775 msgid "" "Ignore unreadable LDAP entries referenced in group's member attribute. If " "this parameter is set to false an error will be returned and the operation " @@ -6066,7 +6082,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:781 +#: sssd-ldap.5.xml:782 msgid "" "This parameter may be useful when using the AD provider and the computer " "account that sssd uses to connect to AD does not have access to a particular " @@ -6074,26 +6090,26 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:794 +#: sssd-ldap.5.xml:795 msgid "ldap_tls_reqcert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:797 +#: sssd-ldap.5.xml:798 msgid "" "Specifies what checks to perform on server certificates in a TLS session, if " "any. It can be specified as one of the following values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:803 +#: sssd-ldap.5.xml:804 msgid "" "<emphasis>never</emphasis> = The client will not request or check any server " "certificate." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:807 +#: sssd-ldap.5.xml:808 msgid "" "<emphasis>allow</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -6101,7 +6117,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:814 +#: sssd-ldap.5.xml:815 msgid "" "<emphasis>try</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -6109,7 +6125,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:820 +#: sssd-ldap.5.xml:821 msgid "" "<emphasis>demand</emphasis> = The server certificate is requested. If no " "certificate is provided, or a bad certificate is provided, the session is " @@ -6117,41 +6133,41 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:826 +#: sssd-ldap.5.xml:827 msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:830 +#: sssd-ldap.5.xml:831 msgid "Default: hard" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:836 +#: sssd-ldap.5.xml:837 msgid "ldap_tls_cacert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:839 +#: sssd-ldap.5.xml:840 msgid "" "Specifies the file that contains certificates for all of the Certificate " "Authorities that <command>sssd</command> will recognize." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:844 sssd-ldap.5.xml:862 sssd-ldap.5.xml:903 +#: sssd-ldap.5.xml:845 sssd-ldap.5.xml:863 sssd-ldap.5.xml:904 msgid "" "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap." "conf</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:851 +#: sssd-ldap.5.xml:852 msgid "ldap_tls_cacertdir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:854 +#: sssd-ldap.5.xml:855 msgid "" "Specifies the path of a directory that contains Certificate Authority " "certificates in separate individual files. Typically the file names need to " @@ -6160,32 +6176,32 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:869 +#: sssd-ldap.5.xml:870 msgid "ldap_tls_cert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:872 +#: sssd-ldap.5.xml:873 msgid "Specifies the file that contains the certificate for the client's key." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:882 +#: sssd-ldap.5.xml:883 msgid "ldap_tls_key (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:885 +#: sssd-ldap.5.xml:886 msgid "Specifies the file that contains the client's key." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:894 +#: sssd-ldap.5.xml:895 msgid "ldap_tls_cipher_suite (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:897 +#: sssd-ldap.5.xml:898 msgid "" "Specifies acceptable cipher suites. Typically this is a colon separated " "list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> " @@ -6193,24 +6209,25 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:910 +#: sssd-ldap.5.xml:911 msgid "ldap_id_use_start_tls (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:913 +#: sssd-ldap.5.xml:914 msgid "" "Specifies that the id_provider connection must also use <systemitem " -"class=\"protocol\">tls</systemitem> to protect the channel." +"class=\"protocol\">tls</systemitem> to protect the channel. <emphasis>true</" +"emphasis> is strongly recommended for security reasons." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:923 +#: sssd-ldap.5.xml:925 msgid "ldap_id_mapping (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:926 +#: sssd-ldap.5.xml:928 msgid "" "Specifies that SSSD should attempt to map user and group IDs from the " "ldap_user_objectsid and ldap_group_objectsid attributes instead of relying " @@ -6218,17 +6235,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:932 +#: sssd-ldap.5.xml:934 msgid "Currently this feature supports only ActiveDirectory objectSID mapping." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:942 +#: sssd-ldap.5.xml:944 msgid "ldap_min_id, ldap_max_id (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:945 +#: sssd-ldap.5.xml:947 msgid "" "In contrast to the SID based ID mapping which is used if ldap_id_mapping is " "set to true the allowed ID range for ldap_user_uid_number and " @@ -6239,24 +6256,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:957 +#: sssd-ldap.5.xml:959 msgid "Default: not set (both options are set to 0)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:963 +#: sssd-ldap.5.xml:965 msgid "ldap_sasl_mech (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:966 +#: sssd-ldap.5.xml:968 msgid "" "Specify the SASL mechanism to use. Currently only GSSAPI and GSS-SPNEGO are " "tested and supported." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:970 +#: sssd-ldap.5.xml:972 msgid "" "If the backend supports sub-domains the value of ldap_sasl_mech is " "automatically inherited to the sub-domains. If a different value is needed " @@ -6267,12 +6284,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:986 +#: sssd-ldap.5.xml:988 msgid "ldap_sasl_authid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd-ldap.5.xml:998 +#: sssd-ldap.5.xml:1000 #, no-wrap msgid "" "hostname@REALM\n" @@ -6285,7 +6302,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:989 +#: sssd-ldap.5.xml:991 msgid "" "Specify the SASL authorization id to use. When GSSAPI/GSS-SPNEGO are used, " "this represents the Kerberos principal used for authentication to the " @@ -6297,17 +6314,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1009 +#: sssd-ldap.5.xml:1011 msgid "Default: host/hostname@REALM" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1015 +#: sssd-ldap.5.xml:1017 msgid "ldap_sasl_realm (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1018 +#: sssd-ldap.5.xml:1020 msgid "" "Specify the SASL realm to use. When not specified, this option defaults to " "the value of krb5_realm. If the ldap_sasl_authid contains the realm as " @@ -6315,49 +6332,49 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1024 +#: sssd-ldap.5.xml:1026 msgid "Default: the value of krb5_realm." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1030 +#: sssd-ldap.5.xml:1032 msgid "ldap_sasl_canonicalize (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1033 +#: sssd-ldap.5.xml:1035 msgid "" "If set to true, the LDAP library would perform a reverse lookup to " "canonicalize the host name during a SASL bind." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1038 +#: sssd-ldap.5.xml:1040 msgid "Default: false;" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1044 +#: sssd-ldap.5.xml:1046 msgid "ldap_krb5_keytab (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1047 +#: sssd-ldap.5.xml:1049 msgid "Specify the keytab to use when using SASL/GSSAPI/GSS-SPNEGO." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1056 sssd-krb5.5.xml:247 +#: sssd-ldap.5.xml:1058 sssd-krb5.5.xml:247 msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1062 +#: sssd-ldap.5.xml:1064 msgid "ldap_krb5_init_creds (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1065 +#: sssd-ldap.5.xml:1067 msgid "" "Specifies that the id_provider should init Kerberos credentials (TGT). This " "action is performed only if SASL is used and the mechanism selected is " @@ -6365,28 +6382,28 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1077 +#: sssd-ldap.5.xml:1079 msgid "ldap_krb5_ticket_lifetime (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1080 +#: sssd-ldap.5.xml:1082 msgid "" "Specifies the lifetime in seconds of the TGT if GSSAPI or GSS-SPNEGO is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1089 sssd-ad.5.xml:1252 +#: sssd-ldap.5.xml:1091 sssd-ad.5.xml:1252 msgid "Default: 86400 (24 hours)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1095 sssd-krb5.5.xml:74 +#: sssd-ldap.5.xml:1097 sssd-krb5.5.xml:74 msgid "krb5_server, krb5_backup_server (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1098 +#: sssd-ldap.5.xml:1100 msgid "" "Specifies the comma-separated list of IP addresses or hostnames of the " "Kerberos servers to which SSSD should connect in the order of preference. " @@ -6398,7 +6415,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1110 sssd-krb5.5.xml:89 +#: sssd-ldap.5.xml:1112 sssd-krb5.5.xml:89 msgid "" "When using service discovery for KDC or kpasswd servers, SSSD first searches " "for DNS entries that specify _udp as the protocol and falls back to _tcp if " @@ -6406,7 +6423,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1115 sssd-krb5.5.xml:94 +#: sssd-ldap.5.xml:1117 sssd-krb5.5.xml:94 msgid "" "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. " "While the legacy name is recognized for the time being, users are advised to " @@ -6414,39 +6431,39 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1124 sssd-ipa.5.xml:526 sssd-krb5.5.xml:103 +#: sssd-ldap.5.xml:1126 sssd-ipa.5.xml:531 sssd-krb5.5.xml:103 msgid "krb5_realm (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1127 +#: sssd-ldap.5.xml:1129 msgid "Specify the Kerberos REALM (for SASL/GSSAPI/GSS-SPNEGO auth)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1131 +#: sssd-ldap.5.xml:1133 msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>" msgstr "" #. type: Content of: <variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1137 include/krb5_options.xml:154 +#: sssd-ldap.5.xml:1139 include/krb5_options.xml:154 msgid "krb5_canonicalize (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1140 +#: sssd-ldap.5.xml:1142 msgid "" "Specifies if the host principal should be canonicalized when connecting to " "LDAP server. This feature is available with MIT Kerberos >= 1.7" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1152 sssd-krb5.5.xml:336 +#: sssd-ldap.5.xml:1154 sssd-krb5.5.xml:336 msgid "krb5_use_kdcinfo (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1155 sssd-krb5.5.xml:339 +#: sssd-ldap.5.xml:1157 sssd-krb5.5.xml:339 msgid "" "Specifies if the SSSD should instruct the Kerberos libraries what realm and " "which KDCs to use. This option is on by default, if you disable it, you need " @@ -6456,7 +6473,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1166 sssd-krb5.5.xml:350 +#: sssd-ldap.5.xml:1168 sssd-krb5.5.xml:350 msgid "" "See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</" "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more " @@ -6464,26 +6481,26 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1180 +#: sssd-ldap.5.xml:1182 msgid "ldap_pwd_policy (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1183 +#: sssd-ldap.5.xml:1185 msgid "" "Select the policy to evaluate the password expiration on the client side. " "The following values are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1188 +#: sssd-ldap.5.xml:1190 msgid "" "<emphasis>none</emphasis> - No evaluation on the client side. This option " "cannot disable server-side password policies." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1193 +#: sssd-ldap.5.xml:1195 msgid "" "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</" "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to " @@ -6492,7 +6509,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1201 +#: sssd-ldap.5.xml:1203 msgid "" "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos " "to determine if the password has expired. Use chpass_provider=krb5 to update " @@ -6500,31 +6517,31 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1210 +#: sssd-ldap.5.xml:1212 msgid "" "<emphasis>Note</emphasis>: if a password policy is configured on server " "side, it always takes precedence over policy set with this option." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1218 +#: sssd-ldap.5.xml:1220 msgid "ldap_referrals (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1221 +#: sssd-ldap.5.xml:1223 msgid "Specifies whether automatic referral chasing should be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1225 +#: sssd-ldap.5.xml:1227 msgid "" "Please note that sssd only supports referral chasing when it is compiled " "with OpenLDAP version 2.4.13 or higher." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1230 +#: sssd-ldap.5.xml:1232 msgid "" "Chasing referrals may incur a performance penalty in environments that use " "them heavily, a notable example is Microsoft Active Directory. If your setup " @@ -6537,51 +6554,51 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1249 +#: sssd-ldap.5.xml:1251 msgid "ldap_dns_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1252 +#: sssd-ldap.5.xml:1254 msgid "Specifies the service name to use when service discovery is enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1256 +#: sssd-ldap.5.xml:1258 msgid "Default: ldap" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1262 +#: sssd-ldap.5.xml:1264 msgid "ldap_chpass_dns_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1265 +#: sssd-ldap.5.xml:1267 msgid "" "Specifies the service name to use to find an LDAP server which allows " "password changes when service discovery is enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1270 +#: sssd-ldap.5.xml:1272 msgid "Default: not set, i.e. service discovery is disabled" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1276 +#: sssd-ldap.5.xml:1278 msgid "ldap_chpass_update_last_change (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1279 +#: sssd-ldap.5.xml:1281 msgid "" "Specifies whether to update the ldap_user_shadow_last_change attribute with " "days since the Epoch after a password change operation." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1285 +#: sssd-ldap.5.xml:1287 msgid "" "It is recommend to set this option explicitly if \"ldap_pwd_policy = " "shadow\" is used to let SSSD know if the LDAP server will update " @@ -6590,12 +6607,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1299 +#: sssd-ldap.5.xml:1301 msgid "ldap_access_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1302 +#: sssd-ldap.5.xml:1304 msgid "" "If using access_provider = ldap and ldap_access_order = filter (default), " "this option is mandatory. It specifies an LDAP search filter criteria that " @@ -6611,12 +6628,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1322 +#: sssd-ldap.5.xml:1324 msgid "Example:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> -#: sssd-ldap.5.xml:1325 +#: sssd-ldap.5.xml:1327 #, no-wrap msgid "" "access_provider = ldap\n" @@ -6625,14 +6642,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1329 +#: sssd-ldap.5.xml:1331 msgid "" "This example means that access to this host is restricted to users whose " "employeeType attribute is set to \"admin\"." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1334 +#: sssd-ldap.5.xml:1336 msgid "" "Offline caching for this feature is limited to determining whether the " "user's last online login was granted access permission. If they were granted " @@ -6641,24 +6658,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1342 sssd-ldap.5.xml:1398 +#: sssd-ldap.5.xml:1344 sssd-ldap.5.xml:1400 msgid "Default: Empty" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1348 +#: sssd-ldap.5.xml:1350 msgid "ldap_account_expire_policy (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1351 +#: sssd-ldap.5.xml:1353 msgid "" "With this option a client side evaluation of access control attributes can " "be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1355 +#: sssd-ldap.5.xml:1357 msgid "" "Please note that it is always recommended to use server side access control, " "i.e. the LDAP server should deny the bind request with a suitable error code " @@ -6666,19 +6683,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1362 +#: sssd-ldap.5.xml:1364 msgid "The following values are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1365 +#: sssd-ldap.5.xml:1367 msgid "" "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to " "determine if the account is expired." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1370 +#: sssd-ldap.5.xml:1372 msgid "" "<emphasis>ad</emphasis>: use the value of the 32bit field " "ldap_user_ad_user_account_control and allow access if the second bit is not " @@ -6687,7 +6704,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1377 +#: sssd-ldap.5.xml:1379 msgid "" "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</" "emphasis>: use the value of ldap_ns_account_lock to check if access is " @@ -6695,7 +6712,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1383 +#: sssd-ldap.5.xml:1385 msgid "" "<emphasis>nds</emphasis>: the values of " "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and " @@ -6704,7 +6721,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1391 +#: sssd-ldap.5.xml:1393 msgid "" "Please note that the ldap_access_order configuration option <emphasis>must</" "emphasis> include <quote>expire</quote> in order for the " @@ -6712,22 +6729,22 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1404 +#: sssd-ldap.5.xml:1406 msgid "ldap_access_order (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1407 sssd-ipa.5.xml:351 +#: sssd-ldap.5.xml:1409 sssd-ipa.5.xml:356 msgid "Comma separated list of access control options. Allowed values are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1411 +#: sssd-ldap.5.xml:1413 msgid "<emphasis>filter</emphasis>: use ldap_access_filter" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1414 +#: sssd-ldap.5.xml:1416 msgid "" "<emphasis>lockout</emphasis>: use account locking. If set, this option " "denies access in case that ldap attribute 'pwdAccountLockedTime' is present " @@ -6737,14 +6754,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1424 +#: sssd-ldap.5.xml:1426 msgid "" "<emphasis> Please note that this option is superseded by the <quote>ppolicy</" "quote> option and might be removed in a future release. </emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1431 +#: sssd-ldap.5.xml:1433 msgid "" "<emphasis>ppolicy</emphasis>: use account locking. If set, this option " "denies access in case that ldap attribute 'pwdAccountLockedTime' is present " @@ -6757,12 +6774,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1448 +#: sssd-ldap.5.xml:1450 msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1452 sssd-ipa.5.xml:359 +#: sssd-ldap.5.xml:1454 sssd-ipa.5.xml:364 msgid "" "<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, " "pwd_expire_policy_renew: </emphasis> These options are useful if users are " @@ -6772,81 +6789,81 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1462 sssd-ipa.5.xml:369 +#: sssd-ldap.5.xml:1464 sssd-ipa.5.xml:374 msgid "" "The difference between these options is the action taken if user password is " "expired:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:1467 sssd-ipa.5.xml:374 +#: sssd-ldap.5.xml:1469 sssd-ipa.5.xml:379 msgid "pwd_expire_policy_reject - user is denied to log in," msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:1473 sssd-ipa.5.xml:380 +#: sssd-ldap.5.xml:1475 sssd-ipa.5.xml:385 msgid "pwd_expire_policy_warn - user is still able to log in," msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:1479 sssd-ipa.5.xml:386 +#: sssd-ldap.5.xml:1481 sssd-ipa.5.xml:391 msgid "" "pwd_expire_policy_renew - user is prompted to change their password " "immediately." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1487 +#: sssd-ldap.5.xml:1489 msgid "" "Please note that 'access_provider = ldap' must be set for this feature to " "work. Also 'ldap_pwd_policy' must be set to an appropriate password policy." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1492 +#: sssd-ldap.5.xml:1494 msgid "" "<emphasis>authorized_service</emphasis>: use the authorizedService attribute " "to determine access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1497 +#: sssd-ldap.5.xml:1499 msgid "<emphasis>host</emphasis>: use the host attribute to determine access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1501 +#: sssd-ldap.5.xml:1503 msgid "" "<emphasis>rhost</emphasis>: use the rhost attribute to determine whether " "remote host can access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1505 +#: sssd-ldap.5.xml:1507 msgid "" "Please note, rhost field in pam is set by application, it is better to check " "what the application sends to pam, before enabling this access control option" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1510 +#: sssd-ldap.5.xml:1512 msgid "Default: filter" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1513 +#: sssd-ldap.5.xml:1515 msgid "" "Please note that it is a configuration error if a value is used more than " "once." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1520 +#: sssd-ldap.5.xml:1522 msgid "ldap_pwdlockout_dn (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1523 +#: sssd-ldap.5.xml:1525 msgid "" "This option specifies the DN of password policy entry on LDAP server. Please " "note that absence of this option in sssd.conf in case of enabled account " @@ -6855,74 +6872,74 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1531 +#: sssd-ldap.5.xml:1533 msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1534 +#: sssd-ldap.5.xml:1536 msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1540 +#: sssd-ldap.5.xml:1542 msgid "ldap_deref (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1543 +#: sssd-ldap.5.xml:1545 msgid "" "Specifies how alias dereferencing is done when performing a search. The " "following options are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1548 +#: sssd-ldap.5.xml:1550 msgid "<emphasis>never</emphasis>: Aliases are never dereferenced." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1552 +#: sssd-ldap.5.xml:1554 msgid "" "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of " "the base object, but not in locating the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1557 +#: sssd-ldap.5.xml:1559 msgid "" "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating " "the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1562 +#: sssd-ldap.5.xml:1564 msgid "" "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and " "in locating the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1567 +#: sssd-ldap.5.xml:1569 msgid "" "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP " "client libraries)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1575 +#: sssd-ldap.5.xml:1577 msgid "ldap_rfc2307_fallback_to_local_users (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1578 +#: sssd-ldap.5.xml:1580 msgid "" "Allows to retain local users as members of an LDAP group for servers that " "use the RFC2307 schema." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1582 +#: sssd-ldap.5.xml:1584 msgid "" "In some environments where the RFC2307 schema is used, local users are made " "members of LDAP groups by adding their names to the memberUid attribute. " @@ -6933,7 +6950,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1593 +#: sssd-ldap.5.xml:1595 msgid "" "This option falls back to checking if local users are referenced, and caches " "them so that later initgroups() calls will augment the local users with the " @@ -6941,53 +6958,53 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1605 sssd-ifp.5.xml:152 +#: sssd-ldap.5.xml:1607 sssd-ifp.5.xml:152 msgid "wildcard_limit (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1608 +#: sssd-ldap.5.xml:1610 msgid "" "Specifies an upper limit on the number of entries that are downloaded during " "a wildcard lookup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1612 +#: sssd-ldap.5.xml:1614 msgid "At the moment, only the InfoPipe responder supports wildcard lookups." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1616 +#: sssd-ldap.5.xml:1618 msgid "Default: 1000 (often the size of one page)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1622 +#: sssd-ldap.5.xml:1624 msgid "ldap_library_debug_level (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1625 +#: sssd-ldap.5.xml:1627 msgid "" "Switches on libldap debugging with the given level. The libldap debug " "messages will be written independent of the general debug_level." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1630 +#: sssd-ldap.5.xml:1632 msgid "" "OpenLDAP uses a bitmap to enable debugging for specific components, -1 will " "enable full debug output." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1635 +#: sssd-ldap.5.xml:1637 msgid "Default: 0 (libldap debugging disabled)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:51 +#: sssd-ldap.5.xml:52 msgid "" "All of the common configuration options that apply to SSSD domains also " "apply to LDAP domains. Refer to the <quote>DOMAIN SECTIONS</quote> section " @@ -6999,12 +7016,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1645 +#: sssd-ldap.5.xml:1647 msgid "SUDO OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1647 +#: sssd-ldap.5.xml:1649 msgid "" "The detailed instructions for configuration of sudo_provider are in the " "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " @@ -7012,43 +7029,43 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1658 +#: sssd-ldap.5.xml:1660 msgid "ldap_sudo_full_refresh_interval (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1661 +#: sssd-ldap.5.xml:1663 msgid "" "How many seconds SSSD will wait between executing a full refresh of sudo " "rules (which downloads all rules that are stored on the server)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1666 +#: sssd-ldap.5.xml:1668 msgid "" "The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </" "emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1671 +#: sssd-ldap.5.xml:1673 msgid "" "You can disable full refresh by setting this option to 0. However, either " "smart or full refresh must be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1676 +#: sssd-ldap.5.xml:1678 msgid "Default: 21600 (6 hours)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1682 +#: sssd-ldap.5.xml:1684 msgid "ldap_sudo_smart_refresh_interval (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1685 +#: sssd-ldap.5.xml:1687 msgid "" "How many seconds SSSD has to wait before executing a smart refresh of sudo " "rules (which downloads all rules that have USN higher than the highest " @@ -7056,14 +7073,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1691 +#: sssd-ldap.5.xml:1693 msgid "" "If USN attributes are not supported by the server, the modifyTimestamp " "attribute is used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1695 +#: sssd-ldap.5.xml:1697 msgid "" "<emphasis>Note:</emphasis> the highest USN value can be updated by three " "tasks: 1) By sudo full and smart refresh (if updated rules are found), 2) by " @@ -7073,19 +7090,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1706 +#: sssd-ldap.5.xml:1708 msgid "" "You can disable smart refresh by setting this option to 0. However, either " "smart or full refresh must be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1717 +#: sssd-ldap.5.xml:1719 msgid "ldap_sudo_random_offset (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1720 +#: sssd-ldap.5.xml:1722 msgid "" "Random offset between 0 and configured value is added to smart and full " "refresh periods each time the periodic task is scheduled. The value is in " @@ -7093,7 +7110,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1726 +#: sssd-ldap.5.xml:1728 msgid "" "Note that this random offset is also applied on the first SSSD start which " "delays the first sudo rules refresh. This prolongs the time when the sudo " @@ -7101,106 +7118,106 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1732 +#: sssd-ldap.5.xml:1734 msgid "You can disable this offset by setting the value to 0." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1742 +#: sssd-ldap.5.xml:1744 msgid "ldap_sudo_use_host_filter (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1745 +#: sssd-ldap.5.xml:1747 msgid "" "If true, SSSD will download only rules that are applicable to this machine " "(using the IPv4 or IPv6 host/network addresses and hostnames)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1756 +#: sssd-ldap.5.xml:1758 msgid "ldap_sudo_hostnames (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1759 +#: sssd-ldap.5.xml:1761 msgid "" "Space separated list of hostnames or fully qualified domain names that " "should be used to filter the rules." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1764 +#: sssd-ldap.5.xml:1766 msgid "" "If this option is empty, SSSD will try to discover the hostname and the " "fully qualified domain name automatically." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1769 sssd-ldap.5.xml:1792 sssd-ldap.5.xml:1810 -#: sssd-ldap.5.xml:1828 +#: sssd-ldap.5.xml:1771 sssd-ldap.5.xml:1794 sssd-ldap.5.xml:1812 +#: sssd-ldap.5.xml:1830 msgid "" "If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</" "emphasis> then this option has no effect." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1774 sssd-ldap.5.xml:1797 +#: sssd-ldap.5.xml:1776 sssd-ldap.5.xml:1799 msgid "Default: not specified" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1780 +#: sssd-ldap.5.xml:1782 msgid "ldap_sudo_ip (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1783 +#: sssd-ldap.5.xml:1785 msgid "" "Space separated list of IPv4 or IPv6 host/network addresses that should be " "used to filter the rules." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1788 +#: sssd-ldap.5.xml:1790 msgid "" "If this option is empty, SSSD will try to discover the addresses " "automatically." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1803 +#: sssd-ldap.5.xml:1805 msgid "ldap_sudo_include_netgroups (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1806 +#: sssd-ldap.5.xml:1808 msgid "" "If true then SSSD will download every rule that contains a netgroup in " "sudoHost attribute." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1821 +#: sssd-ldap.5.xml:1823 msgid "ldap_sudo_include_regexp (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1824 +#: sssd-ldap.5.xml:1826 msgid "" "If true then SSSD will download every rule that contains a wildcard in " "sudoHost attribute." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><note><para> -#: sssd-ldap.5.xml:1834 +#: sssd-ldap.5.xml:1836 msgid "" "Using wildcard is an operation that is very costly to evaluate on the LDAP " "server side!" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1846 +#: sssd-ldap.5.xml:1848 msgid "" "This manual page only describes attribute name mapping. For detailed " "explanation of sudo related attribute semantics, see <citerefentry> " @@ -7209,59 +7226,59 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1856 +#: sssd-ldap.5.xml:1858 msgid "AUTOFS OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1858 +#: sssd-ldap.5.xml:1860 msgid "" "Some of the defaults for the parameters below are dependent on the LDAP " "schema." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1864 +#: sssd-ldap.5.xml:1866 msgid "ldap_autofs_map_master_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1867 +#: sssd-ldap.5.xml:1869 msgid "The name of the automount master map in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1870 +#: sssd-ldap.5.xml:1872 msgid "Default: auto.master" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1881 +#: sssd-ldap.5.xml:1883 msgid "ADVANCED OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1888 +#: sssd-ldap.5.xml:1890 msgid "ldap_netgroup_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1893 +#: sssd-ldap.5.xml:1895 msgid "ldap_user_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1898 +#: sssd-ldap.5.xml:1900 msgid "ldap_group_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><note> -#: sssd-ldap.5.xml:1903 +#: sssd-ldap.5.xml:1905 msgid "<note>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para> -#: sssd-ldap.5.xml:1905 +#: sssd-ldap.5.xml:1907 msgid "" "If the option <quote>ldap_use_tokengroups</quote> is enabled, the searches " "against Active Directory will not be restricted and return all groups " @@ -7270,22 +7287,22 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist> -#: sssd-ldap.5.xml:1912 +#: sssd-ldap.5.xml:1914 msgid "</note>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1914 +#: sssd-ldap.5.xml:1916 msgid "ldap_sudo_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1919 +#: sssd-ldap.5.xml:1921 msgid "ldap_autofs_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1883 +#: sssd-ldap.5.xml:1885 msgid "" "These options are supported by LDAP domains, but they should be used with " "caution. Please include them in your configuration only if you know what you " @@ -7294,14 +7311,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1934 sssd-simple.5.xml:131 sssd-ipa.5.xml:925 -#: sssd-ad.5.xml:1386 sssd-krb5.5.xml:483 sss_rpcidmapd.5.xml:98 +#: sssd-ldap.5.xml:1936 sssd-simple.5.xml:131 sssd-ipa.5.xml:930 +#: sssd-ad.5.xml:1391 sssd-krb5.5.xml:483 sss_rpcidmapd.5.xml:98 #: sssd-files.5.xml:155 sssd-session-recording.5.xml:176 msgid "EXAMPLE" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1936 +#: sssd-ldap.5.xml:1938 msgid "" "The following example assumes that SSSD is correctly configured and LDAP is " "set to one of the domains in the <replaceable>[domains]</replaceable> " @@ -7309,7 +7326,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ldap.5.xml:1942 +#: sssd-ldap.5.xml:1944 #, no-wrap msgid "" "[domain/LDAP]\n" @@ -7322,27 +7339,27 @@ msgid "" msgstr "" #. type: Content of: <refsect1><refsect2><para> -#: sssd-ldap.5.xml:1941 sssd-ldap.5.xml:1959 sssd-simple.5.xml:139 -#: sssd-ipa.5.xml:933 sssd-ad.5.xml:1394 sssd-sudo.5.xml:56 sssd-krb5.5.xml:492 +#: sssd-ldap.5.xml:1943 sssd-ldap.5.xml:1961 sssd-simple.5.xml:139 +#: sssd-ipa.5.xml:938 sssd-ad.5.xml:1399 sssd-sudo.5.xml:56 sssd-krb5.5.xml:492 #: sssd-files.5.xml:162 sssd-files.5.xml:173 sssd-session-recording.5.xml:182 #: include/ldap_id_mapping.xml:105 msgid "<placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1953 +#: sssd-ldap.5.xml:1955 msgid "LDAP ACCESS FILTER EXAMPLE" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1955 +#: sssd-ldap.5.xml:1957 msgid "" "The following example assumes that SSSD is correctly configured and to use " "the ldap_access_order=lockout." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ldap.5.xml:1960 +#: sssd-ldap.5.xml:1962 #, no-wrap msgid "" "[domain/LDAP]\n" @@ -7358,13 +7375,13 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1975 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148 -#: sssd-ad.5.xml:1409 sssd.8.xml:238 sss_seed.8.xml:163 +#: sssd-ldap.5.xml:1977 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148 +#: sssd-ad.5.xml:1414 sssd.8.xml:238 sss_seed.8.xml:163 msgid "NOTES" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1977 +#: sssd-ldap.5.xml:1979 msgid "" "The descriptions of some of the configuration options in this manual page " "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> " @@ -9693,12 +9710,12 @@ msgid "Example: dyndns_iface = em1, vnet1, vnet2" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:204 sssd-ad.5.xml:1285 +#: sssd-ipa.5.xml:204 sssd-ad.5.xml:1290 msgid "dyndns_auth (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:207 sssd-ad.5.xml:1288 +#: sssd-ipa.5.xml:207 sssd-ad.5.xml:1293 msgid "" "Whether the nsupdate utility should use GSS-TSIG authentication for secure " "updates with the DNS server, insecure updates can be sent by setting this " @@ -9706,17 +9723,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:213 sssd-ad.5.xml:1294 +#: sssd-ipa.5.xml:213 sssd-ad.5.xml:1299 msgid "Default: GSS-TSIG" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:219 sssd-ad.5.xml:1300 +#: sssd-ipa.5.xml:219 sssd-ad.5.xml:1305 msgid "dyndns_auth_ptr (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:222 sssd-ad.5.xml:1303 +#: sssd-ipa.5.xml:222 sssd-ad.5.xml:1308 msgid "" "Whether the nsupdate utility should use GSS-TSIG authentication for secure " "PTR updates with the DNS server, insecure updates can be sent by setting " @@ -9724,7 +9741,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:228 sssd-ad.5.xml:1309 +#: sssd-ipa.5.xml:228 sssd-ad.5.xml:1314 msgid "Default: Same as dyndns_auth" msgstr "" @@ -9783,65 +9800,72 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:290 +#: sssd-ipa.5.xml:290 sssd-ad.5.xml:1266 +msgid "" +"Note that <emphasis>dyndns_update_per_family</emphasis> parameter does not " +"apply for PTR record updates. Those updates are always sent separately." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:295 msgid "Default: False (disabled)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:296 sssd-ad.5.xml:1272 +#: sssd-ipa.5.xml:301 sssd-ad.5.xml:1277 msgid "dyndns_force_tcp (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:299 sssd-ad.5.xml:1275 +#: sssd-ipa.5.xml:304 sssd-ad.5.xml:1280 msgid "" "Whether the nsupdate utility should default to using TCP for communicating " "with the DNS server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:303 sssd-ad.5.xml:1279 +#: sssd-ipa.5.xml:308 sssd-ad.5.xml:1284 msgid "Default: False (let nsupdate choose the protocol)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:309 sssd-ad.5.xml:1315 +#: sssd-ipa.5.xml:314 sssd-ad.5.xml:1320 msgid "dyndns_server (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:312 sssd-ad.5.xml:1318 +#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1323 msgid "" "The DNS server to use when performing a DNS update. In most setups, it's " "recommended to leave this option unset." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1323 +#: sssd-ipa.5.xml:322 sssd-ad.5.xml:1328 msgid "" "Setting this option makes sense for environments where the DNS server is " "different from the identity server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:322 sssd-ad.5.xml:1328 +#: sssd-ipa.5.xml:327 sssd-ad.5.xml:1333 msgid "" "Please note that this option will be only used in fallback attempt when " "previous attempt using autodetected settings failed." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:327 sssd-ad.5.xml:1333 +#: sssd-ipa.5.xml:332 sssd-ad.5.xml:1338 msgid "Default: None (let nsupdate choose the server)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:333 sssd-ad.5.xml:1339 +#: sssd-ipa.5.xml:338 sssd-ad.5.xml:1344 msgid "dyndns_update_per_family (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:336 sssd-ad.5.xml:1342 +#: sssd-ipa.5.xml:341 sssd-ad.5.xml:1347 msgid "" "DNS update is by default performed in two steps - IPv4 update and then IPv6 " "update. In some cases it might be desirable to perform IPv4 and IPv6 update " @@ -9849,177 +9873,177 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:348 +#: sssd-ipa.5.xml:353 msgid "ipa_access_order (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:355 +#: sssd-ipa.5.xml:360 msgid "<emphasis>expire</emphasis>: use IPA's account expiration policy." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:394 +#: sssd-ipa.5.xml:399 msgid "" "Please note that 'access_provider = ipa' must be set for this feature to " "work." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:401 +#: sssd-ipa.5.xml:406 msgid "ipa_deskprofile_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:404 +#: sssd-ipa.5.xml:409 msgid "" "Optional. Use the given string as search base for Desktop Profile related " "objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:408 sssd-ipa.5.xml:435 +#: sssd-ipa.5.xml:413 sssd-ipa.5.xml:440 msgid "Default: Use base DN" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:414 +#: sssd-ipa.5.xml:419 msgid "ipa_subid_ranges_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:417 +#: sssd-ipa.5.xml:422 msgid "" "Optional. Use the given string as search base for subordinate ranges related " "objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:421 +#: sssd-ipa.5.xml:426 msgid "Default: the value of <emphasis>cn=subids,%basedn</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:428 +#: sssd-ipa.5.xml:433 msgid "ipa_hbac_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:431 +#: sssd-ipa.5.xml:436 msgid "Optional. Use the given string as search base for HBAC related objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:441 +#: sssd-ipa.5.xml:446 msgid "ipa_host_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:444 +#: sssd-ipa.5.xml:449 msgid "Deprecated. Use ldap_host_search_base instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:450 +#: sssd-ipa.5.xml:455 msgid "ipa_selinux_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:453 +#: sssd-ipa.5.xml:458 msgid "Optional. Use the given string as search base for SELinux user maps." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:469 +#: sssd-ipa.5.xml:474 msgid "ipa_subdomains_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:472 +#: sssd-ipa.5.xml:477 msgid "Optional. Use the given string as search base for trusted domains." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:481 +#: sssd-ipa.5.xml:486 msgid "Default: the value of <emphasis>cn=trusts,%basedn</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:488 +#: sssd-ipa.5.xml:493 msgid "ipa_master_domain_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:491 +#: sssd-ipa.5.xml:496 msgid "Optional. Use the given string as search base for master domain object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:500 +#: sssd-ipa.5.xml:505 msgid "Default: the value of <emphasis>cn=ad,cn=etc,%basedn</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:507 +#: sssd-ipa.5.xml:512 msgid "ipa_views_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:510 +#: sssd-ipa.5.xml:515 msgid "Optional. Use the given string as search base for views containers." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:519 +#: sssd-ipa.5.xml:524 msgid "Default: the value of <emphasis>cn=views,cn=accounts,%basedn</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:529 +#: sssd-ipa.5.xml:534 msgid "" "The name of the Kerberos realm. This is optional and defaults to the value " "of <quote>ipa_domain</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:533 +#: sssd-ipa.5.xml:538 msgid "" "The name of the Kerberos realm has a special meaning in IPA - it is " "converted into the base DN to use for performing LDAP operations." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:541 sssd-ad.5.xml:1357 +#: sssd-ipa.5.xml:546 sssd-ad.5.xml:1362 msgid "krb5_confd_path (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:544 sssd-ad.5.xml:1360 +#: sssd-ipa.5.xml:549 sssd-ad.5.xml:1365 msgid "" "Absolute path of a directory where SSSD should place Kerberos configuration " "snippets." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:548 sssd-ad.5.xml:1364 +#: sssd-ipa.5.xml:553 sssd-ad.5.xml:1369 msgid "" "To disable the creation of the configuration snippets set the parameter to " "'none'." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:552 sssd-ad.5.xml:1368 +#: sssd-ipa.5.xml:557 sssd-ad.5.xml:1373 msgid "" "Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:559 +#: sssd-ipa.5.xml:564 msgid "ipa_deskprofile_refresh (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:562 +#: sssd-ipa.5.xml:567 msgid "" "The amount of time between lookups of the Desktop Profile rules against the " "IPA server. This will reduce the latency and load on the IPA server if there " @@ -10027,34 +10051,34 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:569 sssd-ipa.5.xml:599 sssd-ipa.5.xml:615 sssd-ad.5.xml:599 +#: sssd-ipa.5.xml:574 sssd-ipa.5.xml:604 sssd-ipa.5.xml:620 sssd-ad.5.xml:599 msgid "Default: 5 (seconds)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:575 +#: sssd-ipa.5.xml:580 msgid "ipa_deskprofile_request_interval (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:578 +#: sssd-ipa.5.xml:583 msgid "" "The amount of time between lookups of the Desktop Profile rules against the " "IPA server in case the last request did not return any rule." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:583 +#: sssd-ipa.5.xml:588 msgid "Default: 60 (minutes)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:589 +#: sssd-ipa.5.xml:594 msgid "ipa_hbac_refresh (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:592 +#: sssd-ipa.5.xml:597 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server. " "This will reduce the latency and load on the IPA server if there are many " @@ -10062,12 +10086,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:605 +#: sssd-ipa.5.xml:610 msgid "ipa_hbac_selinux (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:608 +#: sssd-ipa.5.xml:613 msgid "" "The amount of time between lookups of the SELinux maps against the IPA " "server. This will reduce the latency and load on the IPA server if there are " @@ -10075,33 +10099,33 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:621 +#: sssd-ipa.5.xml:626 msgid "ipa_server_mode (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:624 +#: sssd-ipa.5.xml:629 msgid "" "This option will be set by the IPA installer (ipa-server-install) " "automatically and denotes if SSSD is running on an IPA server or not." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:629 +#: sssd-ipa.5.xml:634 msgid "" "On an IPA server SSSD will lookup users and groups from trusted domains " "directly while on a client it will ask an IPA server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:634 +#: sssd-ipa.5.xml:639 msgid "" "NOTE: There are currently some assumptions that must be met when SSSD is " "running on an IPA server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:639 +#: sssd-ipa.5.xml:644 msgid "" "The <quote>ipa_server</quote> option must be configured to point to the IPA " "server itself. This is already the default set by the IPA installer, so no " @@ -10109,59 +10133,59 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:648 +#: sssd-ipa.5.xml:653 msgid "" "The <quote>full_name_format</quote> option must not be tweaked to only print " "short names for users from trusted domains." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:663 +#: sssd-ipa.5.xml:668 msgid "ipa_automount_location (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:666 +#: sssd-ipa.5.xml:671 msgid "The automounter location this IPA client will be using" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:669 +#: sssd-ipa.5.xml:674 msgid "Default: The location named \"default\"" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd-ipa.5.xml:677 +#: sssd-ipa.5.xml:682 msgid "VIEWS AND OVERRIDES" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:686 +#: sssd-ipa.5.xml:691 msgid "ipa_view_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:689 +#: sssd-ipa.5.xml:694 msgid "Objectclass of the view container." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:692 +#: sssd-ipa.5.xml:697 msgid "Default: nsContainer" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:698 +#: sssd-ipa.5.xml:703 msgid "ipa_view_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:701 +#: sssd-ipa.5.xml:706 msgid "Name of the attribute holding the name of the view." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:705 sssd-ldap-attributes.5.xml:496 +#: sssd-ipa.5.xml:710 sssd-ldap-attributes.5.xml:496 #: sssd-ldap-attributes.5.xml:830 sssd-ldap-attributes.5.xml:911 #: sssd-ldap-attributes.5.xml:1008 sssd-ldap-attributes.5.xml:1066 #: sssd-ldap-attributes.5.xml:1224 sssd-ldap-attributes.5.xml:1269 @@ -10169,128 +10193,128 @@ msgid "Default: cn" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:711 +#: sssd-ipa.5.xml:716 msgid "ipa_override_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:714 +#: sssd-ipa.5.xml:719 msgid "Objectclass of the override objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:717 +#: sssd-ipa.5.xml:722 msgid "Default: ipaOverrideAnchor" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:723 +#: sssd-ipa.5.xml:728 msgid "ipa_anchor_uuid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:726 +#: sssd-ipa.5.xml:731 msgid "" "Name of the attribute containing the reference to the original object in a " "remote domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:730 +#: sssd-ipa.5.xml:735 msgid "Default: ipaAnchorUUID" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:736 +#: sssd-ipa.5.xml:741 msgid "ipa_user_override_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:739 +#: sssd-ipa.5.xml:744 msgid "" "Name of the objectclass for user overrides. It is used to determine if the " "found override object is related to a user or a group." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:744 +#: sssd-ipa.5.xml:749 msgid "User overrides can contain attributes given by" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:747 +#: sssd-ipa.5.xml:752 msgid "ldap_user_name" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:750 +#: sssd-ipa.5.xml:755 msgid "ldap_user_uid_number" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:753 +#: sssd-ipa.5.xml:758 msgid "ldap_user_gid_number" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:756 +#: sssd-ipa.5.xml:761 msgid "ldap_user_gecos" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:759 +#: sssd-ipa.5.xml:764 msgid "ldap_user_home_directory" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:762 +#: sssd-ipa.5.xml:767 msgid "ldap_user_shell" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:765 +#: sssd-ipa.5.xml:770 msgid "ldap_user_ssh_public_key" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:770 +#: sssd-ipa.5.xml:775 msgid "Default: ipaUserOverride" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:776 +#: sssd-ipa.5.xml:781 msgid "ipa_group_override_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:779 +#: sssd-ipa.5.xml:784 msgid "" "Name of the objectclass for group overrides. It is used to determine if the " "found override object is related to a user or a group." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:784 +#: sssd-ipa.5.xml:789 msgid "Group overrides can contain attributes given by" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:787 +#: sssd-ipa.5.xml:792 msgid "ldap_group_name" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:790 +#: sssd-ipa.5.xml:795 msgid "ldap_group_gid_number" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:795 +#: sssd-ipa.5.xml:800 msgid "Default: ipaGroupOverride" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd-ipa.5.xml:679 +#: sssd-ipa.5.xml:684 msgid "" "SSSD can handle views and overrides which are offered by FreeIPA 4.1 and " "later version. Since all paths and objectclasses are fixed on the server " @@ -10300,19 +10324,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ipa.5.xml:807 +#: sssd-ipa.5.xml:812 msgid "SUBDOMAINS PROVIDER" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:809 +#: sssd-ipa.5.xml:814 msgid "" "The IPA subdomains provider behaves slightly differently if it is configured " "explicitly or implicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:813 +#: sssd-ipa.5.xml:818 msgid "" "If the option 'subdomains_provider = ipa' is found in the domain section of " "sssd.conf, the IPA subdomains provider is configured explicitly, and all " @@ -10320,7 +10344,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:819 +#: sssd-ipa.5.xml:824 msgid "" "If the option 'subdomains_provider' is not set in the domain section of sssd." "conf but there is the option 'id_provider = ipa', the IPA subdomains " @@ -10332,12 +10356,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ipa.5.xml:830 +#: sssd-ipa.5.xml:835 msgid "TRUSTED DOMAINS CONFIGURATION" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ipa.5.xml:838 +#: sssd-ipa.5.xml:843 #, no-wrap msgid "" "[domain/ipa.domain.com/ad.domain.com]\n" @@ -10345,7 +10369,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:832 +#: sssd-ipa.5.xml:837 msgid "" "Some configuration options can also be set for a trusted domain. A trusted " "domain configuration can be set using the trusted domain subsection as shown " @@ -10355,80 +10379,80 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:843 +#: sssd-ipa.5.xml:848 msgid "" "For more details, see the <citerefentry> <refentrytitle>sssd.conf</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:850 +#: sssd-ipa.5.xml:855 msgid "" "Different configuration options are tunable for a trusted domain depending " "on whether you are configuring SSSD on an IPA server or an IPA client." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd-ipa.5.xml:855 +#: sssd-ipa.5.xml:860 msgid "OPTIONS TUNABLE ON IPA MASTERS" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd-ipa.5.xml:857 +#: sssd-ipa.5.xml:862 msgid "" "The following options can be set in a subdomain section on an IPA master:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:861 sssd-ipa.5.xml:891 +#: sssd-ipa.5.xml:866 sssd-ipa.5.xml:896 msgid "ad_server" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:864 +#: sssd-ipa.5.xml:869 msgid "ad_backup_server" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:867 sssd-ipa.5.xml:894 +#: sssd-ipa.5.xml:872 sssd-ipa.5.xml:899 msgid "ad_site" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:870 +#: sssd-ipa.5.xml:875 msgid "ldap_search_base" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:873 +#: sssd-ipa.5.xml:878 msgid "ldap_user_search_base" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:876 +#: sssd-ipa.5.xml:881 msgid "ldap_group_search_base" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd-ipa.5.xml:885 +#: sssd-ipa.5.xml:890 msgid "OPTIONS TUNABLE ON IPA CLIENTS" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd-ipa.5.xml:887 +#: sssd-ipa.5.xml:892 msgid "" "The following options can be set in a subdomain section on an IPA client:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd-ipa.5.xml:899 +#: sssd-ipa.5.xml:904 msgid "" "Note that if both options are set, only <quote>ad_server</quote> is " "evaluated." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd-ipa.5.xml:903 +#: sssd-ipa.5.xml:908 msgid "" "Since any request for a user or a group identity from a trusted domain " "triggered from an IPA client is resolved by the IPA server, the " @@ -10442,7 +10466,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:927 +#: sssd-ipa.5.xml:932 msgid "" "The following example assumes that SSSD is correctly configured and example." "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " @@ -10450,7 +10474,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ipa.5.xml:934 +#: sssd-ipa.5.xml:939 #, no-wrap msgid "" "[domain/example.com]\n" @@ -11644,7 +11668,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ad.5.xml:1388 +#: sssd-ad.5.xml:1393 msgid "" "The following example assumes that SSSD is correctly configured and example." "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " @@ -11652,7 +11676,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ad.5.xml:1395 +#: sssd-ad.5.xml:1400 #, no-wrap msgid "" "[domain/EXAMPLE]\n" @@ -11667,7 +11691,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ad.5.xml:1415 +#: sssd-ad.5.xml:1420 #, no-wrap msgid "" "access_provider = ldap\n" @@ -11676,7 +11700,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ad.5.xml:1411 +#: sssd-ad.5.xml:1416 msgid "" "The AD access control provider checks if the account is expired. It has the " "same effect as the following configuration of the LDAP provider: " @@ -11684,7 +11708,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ad.5.xml:1421 +#: sssd-ad.5.xml:1426 msgid "" "However, unless the <quote>ad</quote> access control provider is explicitly " "configured, the default access provider is <quote>permit</quote>. Please " @@ -11694,7 +11718,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ad.5.xml:1429 +#: sssd-ad.5.xml:1434 msgid "" "When the autofs provider is set to <quote>ad</quote>, the RFC2307 schema " "attribute mapping (nisMap, nisObject, ...) is used, because these attributes " diff --git a/src/man/po/fi.po b/src/man/po/fi.po index b86511b6e67..04ef609fd1a 100644 --- a/src/man/po/fi.po +++ b/src/man/po/fi.po @@ -3,7 +3,7 @@ msgid "" msgstr "" "Project-Id-Version: sssd-docs 2.3.0\n" "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" -"POT-Creation-Date: 2023-09-07 11:47+0200\n" +"POT-Creation-Date: 2023-11-13 11:53+0100\n" "PO-Revision-Date: 2022-03-20 19:16+0000\n" "Last-Translator: Jan Kuparinen <copper_fin@hotmail.com>\n" "Language-Team: Finnish <https://translate.fedoraproject.org/projects/sssd/" @@ -201,10 +201,10 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:136 sssd.conf.5.xml:173 sssd.conf.5.xml:358 #: sssd.conf.5.xml:714 sssd.conf.5.xml:729 sssd.conf.5.xml:952 -#: sssd.conf.5.xml:1070 sssd.conf.5.xml:2198 sssd-ldap.5.xml:1071 -#: sssd-ldap.5.xml:1174 sssd-ldap.5.xml:1243 sssd-ldap.5.xml:1750 -#: sssd-ldap.5.xml:1815 sssd-ipa.5.xml:342 sssd-ad.5.xml:252 sssd-ad.5.xml:366 -#: sssd-ad.5.xml:1200 sssd-ad.5.xml:1348 sssd-krb5.5.xml:358 +#: sssd.conf.5.xml:1070 sssd.conf.5.xml:2198 sssd-ldap.5.xml:1073 +#: sssd-ldap.5.xml:1176 sssd-ldap.5.xml:1245 sssd-ldap.5.xml:1752 +#: sssd-ldap.5.xml:1817 sssd-ipa.5.xml:347 sssd-ad.5.xml:252 sssd-ad.5.xml:366 +#: sssd-ad.5.xml:1200 sssd-ad.5.xml:1353 sssd-krb5.5.xml:358 msgid "Default: true" msgstr "Oletus:tosi" @@ -222,10 +222,10 @@ msgstr "" #. type: Content of: <variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:149 sssd.conf.5.xml:652 sssd.conf.5.xml:949 -#: sssd.conf.5.xml:2101 sssd.conf.5.xml:2168 sssd.conf.5.xml:4174 -#: sssd-ldap.5.xml:312 sssd-ldap.5.xml:917 sssd-ldap.5.xml:936 -#: sssd-ldap.5.xml:1146 sssd-ldap.5.xml:1599 sssd-ldap.5.xml:1839 -#: sssd-ipa.5.xml:152 sssd-ipa.5.xml:254 sssd-ipa.5.xml:657 sssd-ad.5.xml:1106 +#: sssd.conf.5.xml:2101 sssd.conf.5.xml:2168 sssd.conf.5.xml:4191 +#: sssd-ldap.5.xml:313 sssd-ldap.5.xml:919 sssd-ldap.5.xml:938 +#: sssd-ldap.5.xml:1148 sssd-ldap.5.xml:1601 sssd-ldap.5.xml:1841 +#: sssd-ipa.5.xml:152 sssd-ipa.5.xml:254 sssd-ipa.5.xml:662 sssd-ad.5.xml:1106 #: sssd-krb5.5.xml:268 sssd-krb5.5.xml:330 sssd-krb5.5.xml:432 #: include/krb5_options.xml:163 msgid "Default: false" @@ -259,8 +259,8 @@ msgid "" msgstr "" #. type: Content of: outside any tag (error?) -#: sssd.conf.5.xml:109 sssd.conf.5.xml:184 sssd-ldap.5.xml:1656 -#: sssd-ldap.5.xml:1862 sss-certmap.5.xml:645 sssd-systemtap.5.xml:82 +#: sssd.conf.5.xml:109 sssd.conf.5.xml:184 sssd-ldap.5.xml:1658 +#: sssd-ldap.5.xml:1864 sss-certmap.5.xml:645 sssd-systemtap.5.xml:82 #: sssd-systemtap.5.xml:143 sssd-systemtap.5.xml:236 sssd-systemtap.5.xml:274 #: sssd-systemtap.5.xml:330 sssd-ldap-attributes.5.xml:40 #: sssd-ldap-attributes.5.xml:659 sssd-ldap-attributes.5.xml:801 @@ -291,7 +291,7 @@ msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:196 sssd.conf.5.xml:1290 sssd.conf.5.xml:1767 -#: sssd.conf.5.xml:4190 sssd-ldap.5.xml:765 include/ldap_id_mapping.xml:270 +#: sssd.conf.5.xml:4207 sssd-ldap.5.xml:766 include/ldap_id_mapping.xml:270 msgid "Default: 10" msgstr "" @@ -369,7 +369,7 @@ msgid "" msgstr "" #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:266 sssd.conf.5.xml:792 sssd.conf.5.xml:3709 +#: sssd.conf.5.xml:266 sssd.conf.5.xml:792 sssd.conf.5.xml:3716 #: include/failover.xml:100 msgid "Default: 3" msgstr "" @@ -391,7 +391,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:287 sssd.conf.5.xml:3541 +#: sssd.conf.5.xml:287 sssd.conf.5.xml:3548 msgid "re_expression (string)" msgstr "" @@ -411,12 +411,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:304 sssd.conf.5.xml:3598 +#: sssd.conf.5.xml:304 sssd.conf.5.xml:3605 msgid "full_name_format (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:307 sssd.conf.5.xml:3601 +#: sssd.conf.5.xml:307 sssd.conf.5.xml:3608 msgid "" "A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</" "manvolnum> </citerefentry>-compatible format that describes how to compose a " @@ -424,39 +424,39 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:318 sssd.conf.5.xml:3612 +#: sssd.conf.5.xml:318 sssd.conf.5.xml:3619 msgid "%1$s" msgstr "%1$s" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:319 sssd.conf.5.xml:3613 +#: sssd.conf.5.xml:319 sssd.conf.5.xml:3620 msgid "user name" msgstr "käyttäjänimi" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:322 sssd.conf.5.xml:3616 +#: sssd.conf.5.xml:322 sssd.conf.5.xml:3623 msgid "%2$s" msgstr "%2$s" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:325 sssd.conf.5.xml:3619 +#: sssd.conf.5.xml:325 sssd.conf.5.xml:3626 msgid "domain name as specified in the SSSD config file." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:331 sssd.conf.5.xml:3625 +#: sssd.conf.5.xml:331 sssd.conf.5.xml:3632 msgid "%3$s" msgstr "%3$s" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:334 sssd.conf.5.xml:3628 +#: sssd.conf.5.xml:334 sssd.conf.5.xml:3635 msgid "" "domain flat name. Mostly usable for Active Directory domains, both directly " "configured or discovered via IPA trusts." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:315 sssd.conf.5.xml:3609 +#: sssd.conf.5.xml:315 sssd.conf.5.xml:3616 msgid "" "The following expansions are supported: <placeholder type=\"variablelist\" " "id=\"0\"/>" @@ -603,8 +603,8 @@ msgid "" msgstr "" #. type: Content of: <variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:468 sssd-ldap.5.xml:876 sssd-ldap.5.xml:888 -#: sssd-ldap.5.xml:980 sssd-ad.5.xml:920 sssd-ad.5.xml:995 sssd-krb5.5.xml:468 +#: sssd.conf.5.xml:468 sssd-ldap.5.xml:877 sssd-ldap.5.xml:889 +#: sssd-ldap.5.xml:982 sssd-ad.5.xml:920 sssd-ad.5.xml:995 sssd-krb5.5.xml:468 #: sssd-ldap-attributes.5.xml:470 sssd-ldap-attributes.5.xml:976 #: include/ldap_id_mapping.xml:211 include/ldap_id_mapping.xml:222 #: include/krb5_options.xml:148 @@ -874,7 +874,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:700 sssd.conf.5.xml:1791 sssd.conf.5.xml:4240 +#: sssd.conf.5.xml:700 sssd.conf.5.xml:1791 sssd.conf.5.xml:4257 #: sssd-ad.5.xml:187 sssd-ad.5.xml:327 sssd-ad.5.xml:341 msgid "Default: Not set" msgstr "Oletus: ei asetettu" @@ -1053,7 +1053,7 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:858 sssd.conf.5.xml:1201 sssd.conf.5.xml:1584 -#: sssd.conf.5.xml:1880 sssd-ldap.5.xml:494 +#: sssd.conf.5.xml:1880 sssd-ldap.5.xml:495 msgid "Default: 60" msgstr "" @@ -1155,7 +1155,7 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:937 sssd.conf.5.xml:1214 sssd.conf.5.xml:2322 -#: sssd-ldap.5.xml:331 +#: sssd-ldap.5.xml:332 msgid "Default: 300" msgstr "" @@ -1524,7 +1524,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1240 sssd.conf.5.xml:2964 sssd-ldap.5.xml:548 +#: sssd.conf.5.xml:1240 sssd.conf.5.xml:2971 sssd-ldap.5.xml:549 msgid "Default: 8" msgstr "" @@ -1550,8 +1550,8 @@ msgid "" msgstr "" #. type: Content of: <variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1265 sssd.conf.5.xml:1317 sssd.conf.5.xml:3730 -#: sssd-ldap.5.xml:473 sssd-ldap.5.xml:525 include/failover.xml:116 +#: sssd.conf.5.xml:1265 sssd.conf.5.xml:1317 sssd.conf.5.xml:3737 +#: sssd-ldap.5.xml:474 sssd-ldap.5.xml:526 include/failover.xml:116 #: include/krb5_options.xml:11 msgid "Default: 6" msgstr "" @@ -1862,7 +1862,7 @@ msgid "pam_pwd_expiration_warning (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1553 sssd.conf.5.xml:2988 +#: sssd.conf.5.xml:1553 sssd.conf.5.xml:2995 msgid "Display a warning N days before the password expires." msgstr "" @@ -1875,7 +1875,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1562 sssd.conf.5.xml:2991 +#: sssd.conf.5.xml:1562 sssd.conf.5.xml:2998 msgid "" "If zero is set, then this filter is not applied, i.e. if the expiration " "warning was received from backend server, it will automatically be displayed." @@ -1889,7 +1889,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1572 sssd.conf.5.xml:3977 sssd-ldap.5.xml:606 sssd.8.xml:79 +#: sssd.conf.5.xml:1572 sssd.conf.5.xml:3984 sssd-ldap.5.xml:607 sssd.8.xml:79 msgid "Default: 0" msgstr "" @@ -1952,8 +1952,8 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1632 sssd.conf.5.xml:1657 sssd.conf.5.xml:1676 -#: sssd.conf.5.xml:1913 sssd.conf.5.xml:2733 sssd.conf.5.xml:3906 -#: sssd-ldap.5.xml:1207 +#: sssd.conf.5.xml:1913 sssd.conf.5.xml:2733 sssd.conf.5.xml:3913 +#: sssd-ldap.5.xml:1209 msgid "Default: none" msgstr "Oletus: ei mitään" @@ -2016,8 +2016,8 @@ msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1687 sssd.conf.5.xml:1698 sssd.conf.5.xml:1712 -#: sssd-ldap.5.xml:671 sssd-ldap.5.xml:692 sssd-ldap.5.xml:788 -#: sssd-ldap.5.xml:1293 sssd-ad.5.xml:505 sssd-ad.5.xml:581 sssd-ad.5.xml:1126 +#: sssd-ldap.5.xml:672 sssd-ldap.5.xml:693 sssd-ldap.5.xml:789 +#: sssd-ldap.5.xml:1295 sssd-ad.5.xml:505 sssd-ad.5.xml:581 sssd-ad.5.xml:1126 #: sssd-ad.5.xml:1175 include/ldap_id_mapping.xml:250 msgid "Default: False" msgstr "Oletus:epätosi" @@ -2056,7 +2056,7 @@ msgid "The path to the certificate database." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1723 sssd.conf.5.xml:2248 sssd.conf.5.xml:4354 +#: sssd.conf.5.xml:1723 sssd.conf.5.xml:2248 sssd.conf.5.xml:4371 msgid "Default:" msgstr "Oletus:" @@ -2326,7 +2326,7 @@ msgid "Default: no_session" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1950 sssd.conf.5.xml:4293 +#: sssd.conf.5.xml:1950 sssd.conf.5.xml:4310 msgid "pam_gssapi_services" msgstr "" @@ -2362,7 +2362,7 @@ msgstr "" " " #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1968 sssd.conf.5.xml:3900 +#: sssd.conf.5.xml:1968 sssd.conf.5.xml:3907 msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>" msgstr "Esimerkki: <placeholder type=\"programlisting\" id=\"0\"/>" @@ -2372,7 +2372,7 @@ msgid "Default: - (GSSAPI authentication is disabled)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1979 sssd.conf.5.xml:4294 +#: sssd.conf.5.xml:1979 sssd.conf.5.xml:4311 msgid "pam_gssapi_check_upn" msgstr "" @@ -2392,7 +2392,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1999 sssd-ad.5.xml:1266 sss_rpcidmapd.5.xml:76 +#: sssd.conf.5.xml:1999 sssd-ad.5.xml:1271 sss_rpcidmapd.5.xml:76 #: sssd-files.5.xml:145 msgid "Default: True" msgstr "Oletus:tosi" @@ -3153,7 +3153,7 @@ msgid "FALSE = No enumerations for this domain" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2669 sssd.conf.5.xml:2943 sssd.conf.5.xml:3120 +#: sssd.conf.5.xml:2669 sssd.conf.5.xml:2950 sssd.conf.5.xml:3127 msgid "Default: FALSE" msgstr "" @@ -3422,7 +3422,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2922 sssd-ldap.5.xml:360 sssd-ldap.5.xml:1736 +#: sssd.conf.5.xml:2922 sssd-ldap.5.xml:361 sssd-ldap.5.xml:1738 #: sssd-ipa.5.xml:270 msgid "Default: 0 (disabled)" msgstr "" @@ -3434,11 +3434,17 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:2931 -msgid "Determines if user credentials are also cached in the local LDB cache." +msgid "" +"Determines if user credentials are also cached in the local LDB cache. The " +"cached credentials refer to passwords, which includes the first (long term) " +"factor of two-factor authentication, not other authentication mechanisms. " +"Passkey and Smartcard authentications are expected to work offline as long " +"as a successful online authentication is recorded in the cache without " +"additional configuration." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2935 +#: sssd.conf.5.xml:2942 msgid "" "Take a note that while credentials are stored as a salted SHA512 hash, this " "still potentially poses some security risk in case an attacker manages to " @@ -3447,12 +3453,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2949 +#: sssd.conf.5.xml:2956 msgid "cache_credentials_minimal_first_factor_length (int)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2952 +#: sssd.conf.5.xml:2959 msgid "" "If 2-Factor-Authentication (2FA) is used and credentials should be saved " "this value determines the minimal length the first authentication factor " @@ -3460,19 +3466,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2959 +#: sssd.conf.5.xml:2966 msgid "" "This should avoid that the short PINs of a PIN based 2FA scheme are saved in " "the cache which would make them easy targets for brute-force attacks." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2970 +#: sssd.conf.5.xml:2977 msgid "account_cache_expiration (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2973 +#: sssd.conf.5.xml:2980 msgid "" "Number of days entries are left in cache after last successful login before " "being removed during a cleanup of the cache. 0 means keep forever. The " @@ -3481,17 +3487,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2980 +#: sssd.conf.5.xml:2987 msgid "Default: 0 (unlimited)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2985 +#: sssd.conf.5.xml:2992 msgid "pwd_expiration_warning (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2996 +#: sssd.conf.5.xml:3003 msgid "" "Please note that the backend server has to provide information about the " "expiration time of the password. If this information is missing, sssd " @@ -3500,28 +3506,28 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3003 +#: sssd.conf.5.xml:3010 msgid "Default: 7 (Kerberos), 0 (LDAP)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3009 +#: sssd.conf.5.xml:3016 msgid "id_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3012 +#: sssd.conf.5.xml:3019 msgid "" "The identification provider used for the domain. Supported ID providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3016 +#: sssd.conf.5.xml:3023 msgid "<quote>proxy</quote>: Support a legacy NSS provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3019 +#: sssd.conf.5.xml:3026 msgid "" "<quote>files</quote>: FILES provider. See <citerefentry> <refentrytitle>sssd-" "files</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more " @@ -3529,7 +3535,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3027 +#: sssd.conf.5.xml:3034 msgid "" "<quote>ldap</quote>: LDAP provider. See <citerefentry> <refentrytitle>sssd-" "ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more " @@ -3537,8 +3543,8 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3035 sssd.conf.5.xml:3146 sssd.conf.5.xml:3197 -#: sssd.conf.5.xml:3260 +#: sssd.conf.5.xml:3042 sssd.conf.5.xml:3153 sssd.conf.5.xml:3204 +#: sssd.conf.5.xml:3267 msgid "" "<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management " "provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> " @@ -3547,8 +3553,8 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3044 sssd.conf.5.xml:3155 sssd.conf.5.xml:3206 -#: sssd.conf.5.xml:3269 +#: sssd.conf.5.xml:3051 sssd.conf.5.xml:3162 sssd.conf.5.xml:3213 +#: sssd.conf.5.xml:3276 msgid "" "<quote>ad</quote>: Active Directory provider. See <citerefentry> " "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3556,19 +3562,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3055 +#: sssd.conf.5.xml:3062 msgid "use_fully_qualified_names (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3058 +#: sssd.conf.5.xml:3065 msgid "" "Use the full name and domain (as formatted by the domain's full_name_format) " "as the user's login name reported to NSS." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3063 +#: sssd.conf.5.xml:3070 msgid "" "If set to TRUE, all requests to this domain must use fully qualified names. " "For example, if used in LOCAL domain that contains a \"test\" user, " @@ -3577,7 +3583,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3071 +#: sssd.conf.5.xml:3078 msgid "" "NOTE: This option has no effect on netgroup lookups due to their tendency to " "include nested netgroups without qualified names. For netgroups, all domains " @@ -3585,24 +3591,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3078 +#: sssd.conf.5.xml:3085 msgid "" "Default: FALSE (TRUE for trusted domain/sub-domains or if " "default_domain_suffix is used)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3085 +#: sssd.conf.5.xml:3092 msgid "ignore_group_members (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3088 +#: sssd.conf.5.xml:3095 msgid "Do not return group members for group lookups." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3091 +#: sssd.conf.5.xml:3098 msgid "" "If set to TRUE, the group membership attribute is not requested from the " "ldap server, and group members are not returned when processing group lookup " @@ -3614,7 +3620,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3109 +#: sssd.conf.5.xml:3116 msgid "" "Enabling this option can also make access provider checks for group " "membership significantly faster, especially for groups containing many " @@ -3622,30 +3628,30 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3115 sssd.conf.5.xml:3822 sssd-ldap.5.xml:326 -#: sssd-ldap.5.xml:355 sssd-ldap.5.xml:408 sssd-ldap.5.xml:468 -#: sssd-ldap.5.xml:489 sssd-ldap.5.xml:520 sssd-ldap.5.xml:543 -#: sssd-ldap.5.xml:582 sssd-ldap.5.xml:601 sssd-ldap.5.xml:625 -#: sssd-ldap.5.xml:1051 sssd-ldap.5.xml:1084 +#: sssd.conf.5.xml:3122 sssd.conf.5.xml:3829 sssd-ldap.5.xml:327 +#: sssd-ldap.5.xml:356 sssd-ldap.5.xml:409 sssd-ldap.5.xml:469 +#: sssd-ldap.5.xml:490 sssd-ldap.5.xml:521 sssd-ldap.5.xml:544 +#: sssd-ldap.5.xml:583 sssd-ldap.5.xml:602 sssd-ldap.5.xml:626 +#: sssd-ldap.5.xml:1053 sssd-ldap.5.xml:1086 msgid "" "This option can be also set per subdomain or inherited via " "<emphasis>subdomain_inherit</emphasis>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3125 +#: sssd.conf.5.xml:3132 msgid "auth_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3128 +#: sssd.conf.5.xml:3135 msgid "" "The authentication provider used for the domain. Supported auth providers " "are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3132 sssd.conf.5.xml:3190 +#: sssd.conf.5.xml:3139 sssd.conf.5.xml:3197 msgid "" "<quote>ldap</quote> for native LDAP authentication. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3653,7 +3659,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3139 +#: sssd.conf.5.xml:3146 msgid "" "<quote>krb5</quote> for Kerberos authentication. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3661,30 +3667,30 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3163 +#: sssd.conf.5.xml:3170 msgid "" "<quote>proxy</quote> for relaying authentication to some other PAM target." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3166 +#: sssd.conf.5.xml:3173 msgid "<quote>none</quote> disables authentication explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3169 +#: sssd.conf.5.xml:3176 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can handle " "authentication requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3175 +#: sssd.conf.5.xml:3182 msgid "access_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3178 +#: sssd.conf.5.xml:3185 msgid "" "The access control provider used for the domain. There are two built-in " "access providers (in addition to any included in installed backends) " @@ -3692,19 +3698,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3184 +#: sssd.conf.5.xml:3191 msgid "" "<quote>permit</quote> always allow access. It's the only permitted access " "provider for a local domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3187 +#: sssd.conf.5.xml:3194 msgid "<quote>deny</quote> always deny access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3214 +#: sssd.conf.5.xml:3221 msgid "" "<quote>simple</quote> access control based on access or deny lists. See " "<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</" @@ -3713,7 +3719,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3221 +#: sssd.conf.5.xml:3228 msgid "" "<quote>krb5</quote>: .k5login based access control. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum></" @@ -3721,29 +3727,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3228 +#: sssd.conf.5.xml:3235 msgid "<quote>proxy</quote> for relaying access control to another PAM module." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3231 +#: sssd.conf.5.xml:3238 msgid "Default: <quote>permit</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3236 +#: sssd.conf.5.xml:3243 msgid "chpass_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3239 +#: sssd.conf.5.xml:3246 msgid "" "The provider which should handle change password operations for the domain. " "Supported change password providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3244 +#: sssd.conf.5.xml:3251 msgid "" "<quote>ldap</quote> to change a password stored in a LDAP server. See " "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" @@ -3751,7 +3757,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3252 +#: sssd.conf.5.xml:3259 msgid "" "<quote>krb5</quote> to change the Kerberos password. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3759,35 +3765,35 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3277 +#: sssd.conf.5.xml:3284 msgid "" "<quote>proxy</quote> for relaying password changes to some other PAM target." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3281 +#: sssd.conf.5.xml:3288 msgid "<quote>none</quote> disallows password changes explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3284 +#: sssd.conf.5.xml:3291 msgid "" "Default: <quote>auth_provider</quote> is used if it is set and can handle " "change password requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3291 +#: sssd.conf.5.xml:3298 msgid "sudo_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3294 +#: sssd.conf.5.xml:3301 msgid "The SUDO provider used for the domain. Supported SUDO providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3298 +#: sssd.conf.5.xml:3305 msgid "" "<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3795,32 +3801,32 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3306 +#: sssd.conf.5.xml:3313 msgid "" "<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default " "settings." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3310 +#: sssd.conf.5.xml:3317 msgid "" "<quote>ad</quote> the same as <quote>ldap</quote> but with AD default " "settings." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3314 +#: sssd.conf.5.xml:3321 msgid "<quote>none</quote> disables SUDO explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3317 sssd.conf.5.xml:3403 sssd.conf.5.xml:3473 -#: sssd.conf.5.xml:3498 sssd.conf.5.xml:3534 +#: sssd.conf.5.xml:3324 sssd.conf.5.xml:3410 sssd.conf.5.xml:3480 +#: sssd.conf.5.xml:3505 sssd.conf.5.xml:3541 msgid "Default: The value of <quote>id_provider</quote> is used if it is set." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3321 +#: sssd.conf.5.xml:3328 msgid "" "The detailed instructions for configuration of sudo_provider are in the " "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " @@ -3831,7 +3837,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3336 +#: sssd.conf.5.xml:3343 msgid "" "<emphasis>NOTE:</emphasis> Sudo rules are periodically downloaded in the " "background unless the sudo provider is explicitly disabled. Set " @@ -3840,12 +3846,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3346 +#: sssd.conf.5.xml:3353 msgid "selinux_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3349 +#: sssd.conf.5.xml:3356 msgid "" "The provider which should handle loading of selinux settings. Note that this " "provider will be called right after access provider ends. Supported selinux " @@ -3853,7 +3859,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3355 +#: sssd.conf.5.xml:3362 msgid "" "<quote>ipa</quote> to load selinux settings from an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" @@ -3861,31 +3867,31 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3363 +#: sssd.conf.5.xml:3370 msgid "<quote>none</quote> disallows fetching selinux settings explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3366 +#: sssd.conf.5.xml:3373 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can handle " "selinux loading requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3372 +#: sssd.conf.5.xml:3379 msgid "subdomains_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3375 +#: sssd.conf.5.xml:3382 msgid "" "The provider which should handle fetching of subdomains. This value should " "be always the same as id_provider. Supported subdomain providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3381 +#: sssd.conf.5.xml:3388 msgid "" "<quote>ipa</quote> to load a list of subdomains from an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" @@ -3893,7 +3899,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3390 +#: sssd.conf.5.xml:3397 msgid "" "<quote>ad</quote> to load a list of subdomains from an Active Directory " "server. See <citerefentry> <refentrytitle>sssd-ad</refentrytitle> " @@ -3902,17 +3908,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3399 +#: sssd.conf.5.xml:3406 msgid "<quote>none</quote> disallows fetching subdomains explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3409 +#: sssd.conf.5.xml:3416 msgid "session_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3412 +#: sssd.conf.5.xml:3419 msgid "" "The provider which configures and manages user session related tasks. The " "only user session task currently provided is the integration with Fleet " @@ -3920,43 +3926,43 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3419 +#: sssd.conf.5.xml:3426 msgid "<quote>ipa</quote> to allow performing user session related tasks." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3423 +#: sssd.conf.5.xml:3430 msgid "" "<quote>none</quote> does not perform any kind of user session related tasks." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3427 +#: sssd.conf.5.xml:3434 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can perform " "session related tasks." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3431 +#: sssd.conf.5.xml:3438 msgid "" "<emphasis>NOTE:</emphasis> In order to have this feature working as expected " "SSSD must be running as \"root\" and not as the unprivileged user." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3439 +#: sssd.conf.5.xml:3446 msgid "autofs_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3442 +#: sssd.conf.5.xml:3449 msgid "" "The autofs provider used for the domain. Supported autofs providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3446 +#: sssd.conf.5.xml:3453 msgid "" "<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3964,7 +3970,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3453 +#: sssd.conf.5.xml:3460 msgid "" "<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> " "<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3972,7 +3978,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3461 +#: sssd.conf.5.xml:3468 msgid "" "<quote>ad</quote> to load maps stored in an AD server. See <citerefentry> " "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3980,24 +3986,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3470 +#: sssd.conf.5.xml:3477 msgid "<quote>none</quote> disables autofs explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3480 +#: sssd.conf.5.xml:3487 msgid "hostid_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3483 +#: sssd.conf.5.xml:3490 msgid "" "The provider used for retrieving host identity information. Supported " "hostid providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3487 +#: sssd.conf.5.xml:3494 msgid "" "<quote>ipa</quote> to load host identity stored in an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" @@ -4005,31 +4011,31 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3495 +#: sssd.conf.5.xml:3502 msgid "<quote>none</quote> disables hostid explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3505 +#: sssd.conf.5.xml:3512 msgid "resolver_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3508 +#: sssd.conf.5.xml:3515 msgid "" "The provider which should handle hosts and networks lookups. Supported " "resolver providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3512 +#: sssd.conf.5.xml:3519 msgid "" "<quote>proxy</quote> to forward lookups to another NSS library. See " "<quote>proxy_resolver_lib_name</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3516 +#: sssd.conf.5.xml:3523 msgid "" "<quote>ldap</quote> to fetch hosts and networks stored in LDAP. See " "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" @@ -4037,7 +4043,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3523 +#: sssd.conf.5.xml:3530 msgid "" "<quote>ad</quote> to fetch hosts and networks stored in AD. See " "<citerefentry> <refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</" @@ -4046,12 +4052,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3531 +#: sssd.conf.5.xml:3538 msgid "<quote>none</quote> disallows fetching hosts and networks explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3544 +#: sssd.conf.5.xml:3551 msgid "" "Regular expression for this domain that describes how to parse the string " "containing user name and domain into these components. The \"domain\" can " @@ -4061,24 +4067,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3553 +#: sssd.conf.5.xml:3560 msgid "" "Default: <quote>^((?P<name>.+)@(?P<domain>[^@]*)|(?P<name>" "[^@]+))$</quote> which allows two different styles for user names:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:3558 sssd.conf.5.xml:3572 +#: sssd.conf.5.xml:3565 sssd.conf.5.xml:3579 msgid "username" msgstr "käyttäjänimi" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:3561 sssd.conf.5.xml:3575 +#: sssd.conf.5.xml:3568 sssd.conf.5.xml:3582 msgid "username@domain.name" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3566 +#: sssd.conf.5.xml:3573 msgid "" "Default for the AD and IPA provider: <quote>^(((?P<domain>[^\\\\]+)\\" "\\(?P<name>.+))|((?P<name>.+)@(?P<domain>[^@]+))|((?P<" @@ -4087,19 +4093,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:3578 +#: sssd.conf.5.xml:3585 msgid "domain\\username" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3581 +#: sssd.conf.5.xml:3588 msgid "" "While the first two correspond to the general default the third one is " "introduced to allow easy integration of users from Windows domains." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3586 +#: sssd.conf.5.xml:3593 msgid "" "The default re_expression uses the <quote>@</quote> character as a separator " "between the name and the domain. As a result of this setting the default " @@ -4109,89 +4115,89 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3638 +#: sssd.conf.5.xml:3645 msgid "Default: <quote>%1$s@%2$s</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3644 +#: sssd.conf.5.xml:3651 msgid "lookup_family_order (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3647 +#: sssd.conf.5.xml:3654 msgid "" "Provides the ability to select preferred address family to use when " "performing DNS lookups." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3651 +#: sssd.conf.5.xml:3658 msgid "Supported values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3654 +#: sssd.conf.5.xml:3661 msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3657 +#: sssd.conf.5.xml:3664 msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3660 +#: sssd.conf.5.xml:3667 msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3663 +#: sssd.conf.5.xml:3670 msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3666 +#: sssd.conf.5.xml:3673 msgid "Default: ipv4_first" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3672 +#: sssd.conf.5.xml:3679 msgid "dns_resolver_server_timeout (integer)" msgstr "dns_resolver_server_timeout (integeri)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3675 +#: sssd.conf.5.xml:3682 msgid "" "Defines the amount of time (in milliseconds) SSSD would try to talk to DNS " "server before trying next DNS server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3680 +#: sssd.conf.5.xml:3687 msgid "" "The AD provider will use this option for the CLDAP ping timeouts as well." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3684 sssd.conf.5.xml:3704 sssd.conf.5.xml:3725 +#: sssd.conf.5.xml:3691 sssd.conf.5.xml:3711 sssd.conf.5.xml:3732 msgid "" "Please see the section <quote>FAILOVER</quote> for more information about " "the service resolution." msgstr "" #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3689 sssd-ldap.5.xml:644 include/failover.xml:84 +#: sssd.conf.5.xml:3696 sssd-ldap.5.xml:645 include/failover.xml:84 msgid "Default: 1000" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3695 +#: sssd.conf.5.xml:3702 msgid "dns_resolver_op_timeout (integer)" msgstr "dns_resolver_op_timeout (integeri)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3698 +#: sssd.conf.5.xml:3705 msgid "" "Defines the amount of time (in seconds) to wait to resolve single DNS query " "(e.g. resolution of a hostname or an SRV record) before trying the next " @@ -4199,12 +4205,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3715 +#: sssd.conf.5.xml:3722 msgid "dns_resolver_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3718 +#: sssd.conf.5.xml:3725 msgid "" "Defines the amount of time (in seconds) to wait for a reply from the " "internal fail over service before assuming that the service is unreachable. " @@ -4213,14 +4219,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3736 +#: sssd.conf.5.xml:3743 #, fuzzy #| msgid "dns_resolver_server_timeout (integer)" msgid "dns_resolver_use_search_list (bool)" msgstr "dns_resolver_server_timeout (integeri)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3739 +#: sssd.conf.5.xml:3746 msgid "" "Normally, the DNS resolver searches the domain list defined in the " "\"search\" directive from the resolv.conf file. This can lead to delays in " @@ -4228,7 +4234,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3745 +#: sssd.conf.5.xml:3752 msgid "" "If fully qualified domain names (or _srv_) are used in the SSSD " "configuration, setting this option to FALSE can prevent unnecessary DNS " @@ -4236,71 +4242,71 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3751 +#: sssd.conf.5.xml:3758 #, fuzzy #| msgid "Default: True" msgid "Default: TRUE" msgstr "Oletus:tosi" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3757 +#: sssd.conf.5.xml:3764 msgid "dns_discovery_domain (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3760 +#: sssd.conf.5.xml:3767 msgid "" "If service discovery is used in the back end, specifies the domain part of " "the service discovery DNS query." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3764 +#: sssd.conf.5.xml:3771 msgid "Default: Use the domain part of machine's hostname" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3770 +#: sssd.conf.5.xml:3777 msgid "override_gid (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3773 +#: sssd.conf.5.xml:3780 msgid "Override the primary GID value with the one specified." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3779 +#: sssd.conf.5.xml:3786 msgid "case_sensitive (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3786 +#: sssd.conf.5.xml:3793 msgid "True" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3789 +#: sssd.conf.5.xml:3796 msgid "Case sensitive. This value is invalid for AD provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3795 +#: sssd.conf.5.xml:3802 msgid "False" msgstr "epätosi" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3797 +#: sssd.conf.5.xml:3804 msgid "Case insensitive." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3801 +#: sssd.conf.5.xml:3808 msgid "Preserving" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3804 +#: sssd.conf.5.xml:3811 msgid "" "Same as False (case insensitive), but does not lowercase names in the result " "of NSS operations. Note that name aliases (and in case of services also " @@ -4308,31 +4314,31 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3812 +#: sssd.conf.5.xml:3819 msgid "" "If you want to set this value for trusted domain with IPA provider, you need " "to set it on both the client and SSSD on the server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3782 +#: sssd.conf.5.xml:3789 msgid "" "Treat user and group names as case sensitive. Possible option values are: " "<placeholder type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3827 +#: sssd.conf.5.xml:3834 msgid "Default: True (False for AD provider)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3833 +#: sssd.conf.5.xml:3840 msgid "subdomain_inherit (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3836 +#: sssd.conf.5.xml:3843 msgid "" "Specifies a list of configuration parameters that should be inherited by a " "subdomain. Please note that only selected parameters can be inherited. " @@ -4340,124 +4346,124 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3842 +#: sssd.conf.5.xml:3849 #, fuzzy #| msgid "ldap_purge_cache_timeout" msgid "ldap_search_timeout" msgstr "ldap_purge_cache_timeout" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3845 +#: sssd.conf.5.xml:3852 #, fuzzy #| msgid "client_idle_timeout" msgid "ldap_network_timeout" msgstr "client_idle_timeout" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3848 +#: sssd.conf.5.xml:3855 #, fuzzy #| msgid "ldap_purge_cache_timeout" msgid "ldap_opt_timeout" msgstr "ldap_purge_cache_timeout" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3851 +#: sssd.conf.5.xml:3858 #, fuzzy #| msgid "client_idle_timeout" msgid "ldap_offline_timeout" msgstr "client_idle_timeout" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3854 +#: sssd.conf.5.xml:3861 #, fuzzy #| msgid "client_idle_timeout" msgid "ldap_enumeration_refresh_timeout" msgstr "client_idle_timeout" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3857 +#: sssd.conf.5.xml:3864 msgid "ldap_enumeration_refresh_offset" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3860 +#: sssd.conf.5.xml:3867 msgid "ldap_purge_cache_timeout" msgstr "ldap_purge_cache_timeout" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3863 +#: sssd.conf.5.xml:3870 #, fuzzy #| msgid "ldap_purge_cache_timeout" msgid "ldap_purge_cache_offset" msgstr "ldap_purge_cache_timeout" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3866 +#: sssd.conf.5.xml:3873 msgid "" "ldap_krb5_keytab (the value of krb5_keytab will be used if ldap_krb5_keytab " "is not set explicitly)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3870 +#: sssd.conf.5.xml:3877 msgid "ldap_krb5_ticket_lifetime" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3873 +#: sssd.conf.5.xml:3880 #, fuzzy #| msgid "client_idle_timeout" msgid "ldap_enumeration_search_timeout" msgstr "client_idle_timeout" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3876 +#: sssd.conf.5.xml:3883 #, fuzzy #| msgid "client_idle_timeout" msgid "ldap_connection_expire_timeout" msgstr "client_idle_timeout" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3879 +#: sssd.conf.5.xml:3886 #, fuzzy #| msgid "client_idle_timeout" msgid "ldap_connection_expire_offset" msgstr "client_idle_timeout" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3882 +#: sssd.conf.5.xml:3889 #, fuzzy #| msgid "client_idle_timeout" msgid "ldap_connection_idle_timeout" msgstr "client_idle_timeout" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3885 sssd-ldap.5.xml:400 +#: sssd.conf.5.xml:3892 sssd-ldap.5.xml:401 msgid "ldap_use_tokengroups" msgstr "ldap_use_tokengroups" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3888 +#: sssd.conf.5.xml:3895 msgid "ldap_user_principal" msgstr "ldap_user_principal" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3891 +#: sssd.conf.5.xml:3898 msgid "ignore_group_members" msgstr "ignore_group_members" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3894 +#: sssd.conf.5.xml:3901 msgid "auto_private_groups" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3897 +#: sssd.conf.5.xml:3904 msgid "case_sensitive" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:3902 +#: sssd.conf.5.xml:3909 #, no-wrap msgid "" "subdomain_inherit = ldap_purge_cache_timeout\n" @@ -4467,27 +4473,27 @@ msgstr "" " " #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3909 +#: sssd.conf.5.xml:3916 msgid "Note: This option only works with the IPA and AD provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3916 +#: sssd.conf.5.xml:3923 msgid "subdomain_homedir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3927 +#: sssd.conf.5.xml:3934 msgid "%F" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3928 +#: sssd.conf.5.xml:3935 msgid "flat (NetBIOS) name of a subdomain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3919 +#: sssd.conf.5.xml:3926 msgid "" "Use this homedir as default value for all subdomains within this domain in " "IPA AD trust. See <emphasis>override_homedir</emphasis> for info about " @@ -4497,34 +4503,34 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3933 +#: sssd.conf.5.xml:3940 msgid "" "The value can be overridden by <emphasis>override_homedir</emphasis> option." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3937 +#: sssd.conf.5.xml:3944 msgid "Default: <filename>/home/%d/%u</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3942 +#: sssd.conf.5.xml:3949 msgid "realmd_tags (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3945 +#: sssd.conf.5.xml:3952 msgid "" "Various tags stored by the realmd configuration service for this domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3951 +#: sssd.conf.5.xml:3958 msgid "cached_auth_timeout (int)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3954 +#: sssd.conf.5.xml:3961 msgid "" "Specifies time in seconds since last successful online authentication for " "which user will be authenticated using cached credentials while SSSD is in " @@ -4533,19 +4539,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3962 +#: sssd.conf.5.xml:3969 msgid "" "This option's value is inherited by all trusted domains. At the moment it is " "not possible to set a different value per trusted domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3967 +#: sssd.conf.5.xml:3974 msgid "Special value 0 implies that this feature is disabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3971 +#: sssd.conf.5.xml:3978 msgid "" "Please note that if <quote>cached_auth_timeout</quote> is longer than " "<quote>pam_id_timeout</quote> then the back end could be called to handle " @@ -4553,14 +4559,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3982 +#: sssd.conf.5.xml:3989 #, fuzzy #| msgid "ldap_user_principal" msgid "local_auth_policy (string)" msgstr "ldap_user_principal" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3985 +#: sssd.conf.5.xml:3992 msgid "" "Local authentication methods policy. Some backends (i.e. LDAP, proxy " "provider) only support a password based authentication, while others can " @@ -4571,7 +4577,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3995 +#: sssd.conf.5.xml:4002 msgid "" "There are three possible values for this option: match, only, enable. " "<quote>match</quote> is used to match offline and online states for Kerberos " @@ -4582,8 +4588,17 @@ msgid "" "separated, such as <quote>enable:passkey, enable:smartcard</quote>" msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4014 +msgid "" +"Please note that if local Smartcard authentication is enabled and a " +"Smartcard is present, Smartcard authentication will be preferred over the " +"authentication methods supported by the backend. I.e. there will be a PIN " +"prompt instead of e.g. a password prompt." +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:4011 +#: sssd.conf.5.xml:4026 #, no-wrap msgid "" "[domain/shadowutils]\n" @@ -4594,7 +4609,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4007 +#: sssd.conf.5.xml:4022 msgid "" "The following configuration example allows local users to authenticate " "locally using any enabled method (i.e. smartcard, passkey). <placeholder " @@ -4602,36 +4617,36 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4019 +#: sssd.conf.5.xml:4034 msgid "This option is ignored for the files provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4022 +#: sssd.conf.5.xml:4037 #, fuzzy #| msgid "Default: true" msgid "Default: match" msgstr "Oletus:tosi" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4027 +#: sssd.conf.5.xml:4042 msgid "auto_private_groups (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4033 +#: sssd.conf.5.xml:4048 msgid "true" msgstr "tosi" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4036 +#: sssd.conf.5.xml:4051 msgid "" "Create user's private group unconditionally from user's UID number. The GID " "number is ignored in this case." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4040 +#: sssd.conf.5.xml:4055 msgid "" "NOTE: Because the GID number and the user private group are inferred from " "the UID number, it is not supported to have multiple entries with the same " @@ -4640,24 +4655,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4049 +#: sssd.conf.5.xml:4064 msgid "false" msgstr "epätosi" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4052 +#: sssd.conf.5.xml:4067 msgid "" "Always use the user's primary GID number. The GID number must refer to a " "group object in the LDAP database." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4058 +#: sssd.conf.5.xml:4073 msgid "hybrid" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4061 +#: sssd.conf.5.xml:4076 msgid "" "A primary group is autogenerated for user entries whose UID and GID numbers " "have the same value and at the same time the GID number does not correspond " @@ -4667,14 +4682,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4074 +#: sssd.conf.5.xml:4089 msgid "" "If the UID and GID of a user are different, then the GID must correspond to " "a group entry, otherwise the GID is simply not resolvable." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4081 +#: sssd.conf.5.xml:4096 msgid "" "This feature is useful for environments that wish to stop maintaining a " "separate group objects for the user private groups, but also wish to retain " @@ -4682,21 +4697,21 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4030 +#: sssd.conf.5.xml:4045 msgid "" "This option takes any of three available values: <placeholder " "type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4093 +#: sssd.conf.5.xml:4108 msgid "" "For subdomains, the default value is False for subdomains that use assigned " "POSIX IDs and True for subdomains that use automatic ID-mapping." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:4101 +#: sssd.conf.5.xml:4116 #, no-wrap msgid "" "[domain/forest.domain/sub.domain]\n" @@ -4704,7 +4719,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:4107 +#: sssd.conf.5.xml:4122 #, no-wrap msgid "" "[domain/forest.domain]\n" @@ -4713,7 +4728,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4098 +#: sssd.conf.5.xml:4113 msgid "" "The value of auto_private_groups can either be set per subdomains in a " "subsection, for example: <placeholder type=\"programlisting\" id=\"0\"/> or " @@ -4730,29 +4745,30 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4122 +#: sssd.conf.5.xml:4137 msgid "proxy_pam_target (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4125 +#: sssd.conf.5.xml:4140 msgid "The proxy target PAM proxies to." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4128 +#: sssd.conf.5.xml:4143 msgid "" "Default: not set by default, you have to take an existing pam configuration " -"or create a new one and add the service name here." +"or create a new one and add the service name here. As an alternative you can " +"enable local authentication with the local_auth_policy option." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4136 +#: sssd.conf.5.xml:4153 msgid "proxy_lib_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4139 +#: sssd.conf.5.xml:4156 msgid "" "The name of the NSS library to use in proxy domains. The NSS functions " "searched for in the library are in the form of _nss_$(libName)_$(function), " @@ -4760,12 +4776,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4149 +#: sssd.conf.5.xml:4166 msgid "proxy_resolver_lib_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4152 +#: sssd.conf.5.xml:4169 msgid "" "The name of the NSS library to use for hosts and networks lookups in proxy " "domains. The NSS functions searched for in the library are in the form of " @@ -4773,12 +4789,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4163 +#: sssd.conf.5.xml:4180 msgid "proxy_fast_alias (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4166 +#: sssd.conf.5.xml:4183 msgid "" "When a user or group is looked up by name in the proxy provider, a second " "lookup by ID is performed to \"canonicalize\" the name in case the requested " @@ -4787,12 +4803,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4180 +#: sssd.conf.5.xml:4197 msgid "proxy_max_children (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4183 +#: sssd.conf.5.xml:4200 msgid "" "This option specifies the number of pre-forked proxy children. It is useful " "for high-load SSSD environments where sssd may run out of available child " @@ -4800,19 +4816,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4118 +#: sssd.conf.5.xml:4133 msgid "" "Options valid for proxy domains. <placeholder type=\"variablelist\" " "id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:4199 +#: sssd.conf.5.xml:4216 msgid "Application domains" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4201 +#: sssd.conf.5.xml:4218 msgid "" "SSSD, with its D-Bus interface (see <citerefentry> <refentrytitle>sssd-ifp</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry>) is appealing to " @@ -4829,7 +4845,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4221 +#: sssd.conf.5.xml:4238 msgid "" "Please note that the application domain must still be explicitly enabled in " "the <quote>domains</quote> parameter so that the lookup order between the " @@ -4837,17 +4853,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> -#: sssd.conf.5.xml:4227 +#: sssd.conf.5.xml:4244 msgid "Application domain parameters" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4229 +#: sssd.conf.5.xml:4246 msgid "inherit_from (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4232 +#: sssd.conf.5.xml:4249 msgid "" "The SSSD POSIX-type domain the application domain inherits all settings " "from. The application domain can moreover add its own settings to the " @@ -4856,7 +4872,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4246 +#: sssd.conf.5.xml:4263 msgid "" "The following example illustrates the use of an application domain. In this " "setup, the POSIX domain is connected to an LDAP server and is used by the OS " @@ -4866,7 +4882,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><programlisting> -#: sssd.conf.5.xml:4254 +#: sssd.conf.5.xml:4271 #, no-wrap msgid "" "[sssd]\n" @@ -4886,12 +4902,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4274 +#: sssd.conf.5.xml:4291 msgid "TRUSTED DOMAIN SECTION" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4276 +#: sssd.conf.5.xml:4293 msgid "" "Some options used in the domain section can also be used in the trusted " "domain section, that is, in a section called <quote>[domain/" @@ -4902,69 +4918,69 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4283 +#: sssd.conf.5.xml:4300 msgid "ldap_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4284 +#: sssd.conf.5.xml:4301 msgid "ldap_user_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4285 +#: sssd.conf.5.xml:4302 msgid "ldap_group_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4286 +#: sssd.conf.5.xml:4303 msgid "ldap_netgroup_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4287 +#: sssd.conf.5.xml:4304 msgid "ldap_service_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4288 +#: sssd.conf.5.xml:4305 msgid "ldap_sasl_mech," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4289 +#: sssd.conf.5.xml:4306 msgid "ad_server," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4290 +#: sssd.conf.5.xml:4307 msgid "ad_backup_server," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4291 +#: sssd.conf.5.xml:4308 msgid "ad_site," msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4292 sssd-ipa.5.xml:879 +#: sssd.conf.5.xml:4309 sssd-ipa.5.xml:884 msgid "use_fully_qualified_names" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4296 +#: sssd.conf.5.xml:4313 msgid "" "For more details about these options see their individual description in the " "manual page." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4302 +#: sssd.conf.5.xml:4319 msgid "CERTIFICATE MAPPING SECTION" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4304 +#: sssd.conf.5.xml:4321 msgid "" "To allow authentication with Smartcards and certificates SSSD must be able " "to map certificates to users. This can be done by adding the full " @@ -4977,7 +4993,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4318 +#: sssd.conf.5.xml:4335 msgid "" "To make the mapping more flexible mapping and matching rules were added to " "SSSD (see <citerefentry> <refentrytitle>sss-certmap</refentrytitle> " @@ -4985,7 +5001,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4327 +#: sssd.conf.5.xml:4344 msgid "" "A mapping and matching rule can be added to the SSSD configuration in a " "section on its own with a name like <quote>[certmap/" @@ -4994,55 +5010,55 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4334 +#: sssd.conf.5.xml:4351 msgid "matchrule (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4337 +#: sssd.conf.5.xml:4354 msgid "" "Only certificates from the Smartcard which matches this rule will be " "processed, all others are ignored." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4341 +#: sssd.conf.5.xml:4358 msgid "" "Default: KRB5:<EKU>clientAuth, i.e. only certificates which have the " "Extended Key Usage <quote>clientAuth</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4348 +#: sssd.conf.5.xml:4365 msgid "maprule (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4351 +#: sssd.conf.5.xml:4368 msgid "Defines how the user is found for a given certificate." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4357 +#: sssd.conf.5.xml:4374 msgid "" "LDAP:(userCertificate;binary={cert!bin}) for LDAP based providers like " "<quote>ldap</quote>, <quote>AD</quote> or <quote>ipa</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4363 +#: sssd.conf.5.xml:4380 msgid "" "The RULE_NAME for the <quote>files</quote> provider which tries to find a " "user with the same name." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4372 +#: sssd.conf.5.xml:4389 msgid "domains (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4375 +#: sssd.conf.5.xml:4392 msgid "" "Comma separated list of domain names the rule should be applied. By default " "a rule is only valid in the domain configured in sssd.conf. If the provider " @@ -5051,17 +5067,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4382 +#: sssd.conf.5.xml:4399 msgid "Default: the configured domain in sssd.conf" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4387 +#: sssd.conf.5.xml:4404 msgid "priority (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4390 +#: sssd.conf.5.xml:4407 msgid "" "Unsigned integer value defining the priority of the rule. The higher the " "number the lower the priority. <quote>0</quote> stands for the highest " @@ -5069,26 +5085,26 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4396 +#: sssd.conf.5.xml:4413 msgid "Default: the lowest priority" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4402 +#: sssd.conf.5.xml:4419 msgid "" "To make the configuration simple and reduce the amount of configuration " "options the <quote>files</quote> provider has some special properties:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4408 +#: sssd.conf.5.xml:4425 msgid "" "if maprule is not set the RULE_NAME name is assumed to be the name of the " "matching user" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4414 +#: sssd.conf.5.xml:4431 msgid "" "if a maprule is used both a single user name or a template like " "<quote>{subject_rfc822_name.short_name}</quote> must be in braces like e.g. " @@ -5097,17 +5113,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4423 +#: sssd.conf.5.xml:4440 msgid "the <quote>domains</quote> option is ignored" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4431 +#: sssd.conf.5.xml:4448 msgid "PROMPTING CONFIGURATION SECTION" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4433 +#: sssd.conf.5.xml:4450 msgid "" "If a special file (<filename>/var/lib/sss/pubconf/pam_preauth_available</" "filename>) exists SSSD's PAM module pam_sss will ask SSSD to figure out " @@ -5117,7 +5133,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4441 +#: sssd.conf.5.xml:4458 msgid "" "With the growing number of authentication methods and the possibility that " "there are multiple ones for a single user the heuristic used by pam_sss to " @@ -5126,59 +5142,59 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4453 +#: sssd.conf.5.xml:4470 msgid "[prompting/password]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4456 +#: sssd.conf.5.xml:4473 msgid "password_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4457 +#: sssd.conf.5.xml:4474 msgid "to change the string of the password prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4455 +#: sssd.conf.5.xml:4472 msgid "" "to configure password prompting, allowed options are: <placeholder " "type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4465 +#: sssd.conf.5.xml:4482 msgid "[prompting/2fa]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4469 +#: sssd.conf.5.xml:4486 msgid "first_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4470 +#: sssd.conf.5.xml:4487 msgid "to change the string of the prompt for the first factor" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4473 +#: sssd.conf.5.xml:4490 msgid "second_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4474 +#: sssd.conf.5.xml:4491 msgid "to change the string of the prompt for the second factor" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4477 +#: sssd.conf.5.xml:4494 msgid "single_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4478 +#: sssd.conf.5.xml:4495 msgid "" "boolean value, if True there will be only a single prompt using the value of " "first_prompt where it is expected that both factors are entered as a single " @@ -5187,7 +5203,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4467 +#: sssd.conf.5.xml:4484 msgid "" "to configure two-factor authentication prompting, allowed options are: " "<placeholder type=\"variablelist\" id=\"0\"/> If the second factor is " @@ -5196,17 +5212,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4495 +#: sssd.conf.5.xml:4512 msgid "[prompting/passkey]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4501 sssd-ad.5.xml:1021 +#: sssd.conf.5.xml:4518 sssd-ad.5.xml:1021 msgid "interactive" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4503 +#: sssd.conf.5.xml:4520 msgid "" "boolean value, if True prompt a message and wait before testing the presence " "of a passkey device. Recommended if your device doesn’t have a tactile " @@ -5214,46 +5230,46 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4511 +#: sssd.conf.5.xml:4528 msgid "interactive_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4513 +#: sssd.conf.5.xml:4530 msgid "to change the message of the interactive prompt." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4518 +#: sssd.conf.5.xml:4535 msgid "touch" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4520 +#: sssd.conf.5.xml:4537 msgid "" "boolean value, if True prompt a message to remind the user to touch the " "device." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4526 +#: sssd.conf.5.xml:4543 msgid "touch_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4528 +#: sssd.conf.5.xml:4545 msgid "to change the message of the touch prompt." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4497 +#: sssd.conf.5.xml:4514 msgid "" "to configure passkey authentication prompting, allowed options are: " "<placeholder type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4448 +#: sssd.conf.5.xml:4465 msgid "" "Each supported authentication method has its own configuration subsection " "under <quote>[prompting/...]</quote>. Currently there are: <placeholder " @@ -5262,7 +5278,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4539 +#: sssd.conf.5.xml:4556 msgid "" "It is possible to add a subsection for specific PAM services, e.g. " "<quote>[prompting/password/sshd]</quote> to individual change the prompting " @@ -5270,12 +5286,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4546 pam_sss_gss.8.xml:157 idmap_sss.8.xml:43 +#: sssd.conf.5.xml:4563 pam_sss_gss.8.xml:157 idmap_sss.8.xml:43 msgid "EXAMPLES" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4552 +#: sssd.conf.5.xml:4569 #, no-wrap msgid "" "[sssd]\n" @@ -5305,7 +5321,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4548 +#: sssd.conf.5.xml:4565 msgid "" "1. The following example shows a typical SSSD config. It does not describe " "configuration of the domains themselves - refer to documentation on " @@ -5314,7 +5330,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4585 +#: sssd.conf.5.xml:4602 #, no-wrap msgid "" "[domain/ipa.com/child.ad.com]\n" @@ -5322,7 +5338,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4579 +#: sssd.conf.5.xml:4596 msgid "" "2. The following example shows configuration of IPA AD trust where the AD " "forest consists of two domains in a parent-child structure. Suppose IPA " @@ -5333,7 +5349,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4596 +#: sssd.conf.5.xml:4613 #, no-wrap msgid "" "[certmap/my.domain/rule_name]\n" @@ -5344,7 +5360,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4590 +#: sssd.conf.5.xml:4607 msgid "" "3. The following example shows the configuration of a certificate mapping " "rule. It is valid for the configured domain <quote>my.domain</quote> and " @@ -5398,26 +5414,26 @@ msgid "" "LDAP back end supports id, auth, access and chpass providers. If you want to " "authenticate against an LDAP server either TLS/SSL or LDAPS is required. " "<command>sssd</command> <emphasis>does not</emphasis> support authentication " -"over an unencrypted channel. If the LDAP server is used only as an identity " -"provider, an encrypted channel is not needed. Please refer to " -"<quote>ldap_access_filter</quote> config option for more information about " -"using LDAP as an access provider." +"over an unencrypted channel. Even if the LDAP server is used only as an " +"identity provider, an encrypted channel is strongly recommended. Please " +"refer to <quote>ldap_access_filter</quote> config option for more " +"information about using LDAP as an access provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:82 sssd-ad.5.xml:130 +#: sssd-ldap.5.xml:50 sssd-simple.5.xml:69 sssd-ipa.5.xml:82 sssd-ad.5.xml:130 #: sssd-krb5.5.xml:63 sssd-ifp.5.xml:60 sssd-files.5.xml:77 #: sssd-session-recording.5.xml:58 sssd-kcm.8.xml:202 msgid "CONFIGURATION OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:66 +#: sssd-ldap.5.xml:67 msgid "ldap_uri, ldap_backup_uri (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:69 +#: sssd-ldap.5.xml:70 msgid "" "Specifies the comma-separated list of URIs of the LDAP servers to which SSSD " "should connect in the order of preference. Refer to the <quote>FAILOVER</" @@ -5427,33 +5443,33 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:76 +#: sssd-ldap.5.xml:77 msgid "The format of the URI must match the format defined in RFC 2732:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:79 +#: sssd-ldap.5.xml:80 msgid "ldap[s]://<host>[:port]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:82 +#: sssd-ldap.5.xml:83 msgid "" "For explicit IPv6 addresses, <host> must be enclosed in brackets []" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:85 +#: sssd-ldap.5.xml:86 msgid "example: ldap://[fc00::126:25]:389" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:91 +#: sssd-ldap.5.xml:92 msgid "ldap_chpass_uri, ldap_chpass_backup_uri (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:94 +#: sssd-ldap.5.xml:95 msgid "" "Specifies the comma-separated list of URIs of the LDAP servers to which SSSD " "should connect in the order of preference to change the password of a user. " @@ -5462,71 +5478,71 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:101 +#: sssd-ldap.5.xml:102 msgid "To enable service discovery ldap_chpass_dns_service_name must be set." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:105 +#: sssd-ldap.5.xml:106 msgid "Default: empty, i.e. ldap_uri is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:111 +#: sssd-ldap.5.xml:112 msgid "ldap_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:114 +#: sssd-ldap.5.xml:115 msgid "The default base DN to use for performing LDAP user operations." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:118 +#: sssd-ldap.5.xml:119 msgid "" "Starting with SSSD 1.7.0, SSSD supports multiple search bases using the " "syntax:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:122 +#: sssd-ldap.5.xml:123 msgid "search_base[?scope?[filter][?search_base?scope?[filter]]*]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:125 +#: sssd-ldap.5.xml:126 msgid "The scope can be one of \"base\", \"onelevel\" or \"subtree\"." msgstr "" #. type: Content of: <listitem><para> -#: sssd-ldap.5.xml:128 include/ldap_search_bases.xml:18 +#: sssd-ldap.5.xml:129 include/ldap_search_bases.xml:18 msgid "" "The filter must be a valid LDAP search filter as specified by http://www." "ietf.org/rfc/rfc2254.txt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:132 sssd-ad.5.xml:311 sss_override.8.xml:143 +#: sssd-ldap.5.xml:133 sssd-ad.5.xml:311 sss_override.8.xml:143 #: sss_override.8.xml:240 sssd-ldap-attributes.5.xml:453 msgid "Examples:" msgstr "Esimerkki:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:135 +#: sssd-ldap.5.xml:136 msgid "" "ldap_search_base = dc=example,dc=com (which is equivalent to) " "ldap_search_base = dc=example,dc=com?subtree?" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:140 +#: sssd-ldap.5.xml:141 msgid "" "ldap_search_base = cn=host_specific,dc=example,dc=com?subtree?" "(host=thishost)?dc=example.com?subtree?" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:143 +#: sssd-ldap.5.xml:144 msgid "" "Note: It is unsupported to have multiple search bases which reference " "identically-named objects (for example, groups with the same name in two " @@ -5535,7 +5551,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:150 +#: sssd-ldap.5.xml:151 msgid "" "Default: If not set, the value of the defaultNamingContext or namingContexts " "attribute from the RootDSE of the LDAP server is used. If " @@ -5546,12 +5562,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:164 +#: sssd-ldap.5.xml:165 msgid "ldap_schema (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:167 +#: sssd-ldap.5.xml:168 msgid "" "Specifies the Schema Type in use on the target LDAP server. Depending on " "the selected schema, the default attribute names retrieved from the servers " @@ -5559,32 +5575,32 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:174 +#: sssd-ldap.5.xml:175 msgid "Four schema types are currently supported:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:178 +#: sssd-ldap.5.xml:179 msgid "rfc2307" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:183 +#: sssd-ldap.5.xml:184 msgid "rfc2307bis" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:188 +#: sssd-ldap.5.xml:189 msgid "IPA" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:193 +#: sssd-ldap.5.xml:194 msgid "AD" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:199 +#: sssd-ldap.5.xml:200 msgid "" "The main difference between these schema types is how group memberships are " "recorded in the server. With rfc2307, group members are listed by name in " @@ -5595,37 +5611,37 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:209 +#: sssd-ldap.5.xml:210 msgid "Default: rfc2307" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:215 +#: sssd-ldap.5.xml:216 msgid "ldap_pwmodify_mode (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:218 +#: sssd-ldap.5.xml:219 msgid "Specify the operation that is used to modify user password." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:222 +#: sssd-ldap.5.xml:223 msgid "Two modes are currently supported:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:226 +#: sssd-ldap.5.xml:227 msgid "exop - Password Modify Extended Operation (RFC 3062)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:232 +#: sssd-ldap.5.xml:233 msgid "ldap_modify - Direct modification of userPassword (not recommended)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:239 +#: sssd-ldap.5.xml:240 msgid "" "Note: First, a new connection is established to verify current password by " "binding as the user that requested password change. If successful, this " @@ -5634,74 +5650,74 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:247 +#: sssd-ldap.5.xml:248 msgid "Default: exop" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:253 +#: sssd-ldap.5.xml:254 msgid "ldap_default_bind_dn (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:256 +#: sssd-ldap.5.xml:257 msgid "The default bind DN to use for performing LDAP operations." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:263 +#: sssd-ldap.5.xml:264 msgid "ldap_default_authtok_type (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:266 +#: sssd-ldap.5.xml:267 msgid "The type of the authentication token of the default bind DN." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:270 +#: sssd-ldap.5.xml:271 msgid "The two mechanisms currently supported are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:273 +#: sssd-ldap.5.xml:274 msgid "password" msgstr "salasana" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:276 +#: sssd-ldap.5.xml:277 msgid "obfuscated_password" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:279 +#: sssd-ldap.5.xml:280 msgid "Default: password" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:282 +#: sssd-ldap.5.xml:283 msgid "" "See the <citerefentry> <refentrytitle>sss_obfuscate</refentrytitle> " "<manvolnum>8</manvolnum> </citerefentry> manual page for more information." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:293 +#: sssd-ldap.5.xml:294 msgid "ldap_default_authtok (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:296 +#: sssd-ldap.5.xml:297 msgid "The authentication token of the default bind DN." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:302 +#: sssd-ldap.5.xml:303 msgid "ldap_force_upper_case_realm (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:305 +#: sssd-ldap.5.xml:306 msgid "" "Some directory servers, for example Active Directory, might deliver the " "realm part of the UPN in lower case, which might cause the authentication to " @@ -5710,24 +5726,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:318 +#: sssd-ldap.5.xml:319 msgid "ldap_enumeration_refresh_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:321 +#: sssd-ldap.5.xml:322 msgid "" "Specifies how many seconds SSSD has to wait before refreshing its cache of " "enumerated records." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:337 +#: sssd-ldap.5.xml:338 msgid "ldap_purge_cache_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:340 +#: sssd-ldap.5.xml:341 msgid "" "Determine how often to check the cache for inactive entries (such as groups " "with no members and users who have never logged in) and remove them to save " @@ -5735,7 +5751,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:346 +#: sssd-ldap.5.xml:347 msgid "" "Setting this option to zero will disable the cache cleanup operation. Please " "note that if enumeration is enabled, the cleanup task is required in order " @@ -5744,12 +5760,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:366 +#: sssd-ldap.5.xml:367 msgid "ldap_group_nesting_level (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:369 +#: sssd-ldap.5.xml:370 msgid "" "If ldap_schema is set to a schema format that supports nested groups (e.g. " "RFC2307bis), then this option controls how many levels of nesting SSSD will " @@ -5757,7 +5773,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:376 +#: sssd-ldap.5.xml:377 msgid "" "Note: This option specifies the guaranteed level of nested groups to be " "processed for any lookup. However, nested groups beyond this limit " @@ -5767,7 +5783,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:385 +#: sssd-ldap.5.xml:386 msgid "" "If ldap_group_nesting_level is set to 0 then no nested groups are processed " "at all. However, when connected to Active-Directory Server 2008 and later " @@ -5777,67 +5793,67 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:394 +#: sssd-ldap.5.xml:395 msgid "Default: 2" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:403 +#: sssd-ldap.5.xml:404 msgid "" "This options enables or disables use of Token-Groups attribute when " "performing initgroup for users from Active Directory Server 2008 and later." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:413 +#: sssd-ldap.5.xml:414 msgid "Default: True for AD and IPA otherwise False." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:419 +#: sssd-ldap.5.xml:420 msgid "ldap_host_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:422 +#: sssd-ldap.5.xml:423 msgid "Optional. Use the given string as search base for host objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:426 sssd-ipa.5.xml:457 sssd-ipa.5.xml:476 sssd-ipa.5.xml:495 -#: sssd-ipa.5.xml:514 +#: sssd-ldap.5.xml:427 sssd-ipa.5.xml:462 sssd-ipa.5.xml:481 sssd-ipa.5.xml:500 +#: sssd-ipa.5.xml:519 msgid "" "See <quote>ldap_search_base</quote> for information about configuring " "multiple search bases." msgstr "" #. type: Content of: <listitem><para> -#: sssd-ldap.5.xml:431 sssd-ipa.5.xml:462 include/ldap_search_bases.xml:27 +#: sssd-ldap.5.xml:432 sssd-ipa.5.xml:467 include/ldap_search_bases.xml:27 msgid "Default: the value of <emphasis>ldap_search_base</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:438 +#: sssd-ldap.5.xml:439 msgid "ldap_service_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:443 +#: sssd-ldap.5.xml:444 msgid "ldap_iphost_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:448 +#: sssd-ldap.5.xml:449 msgid "ldap_ipnetwork_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:453 +#: sssd-ldap.5.xml:454 msgid "ldap_search_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:456 +#: sssd-ldap.5.xml:457 msgid "" "Specifies the timeout (in seconds) that ldap searches are allowed to run " "before they are cancelled and cached results are returned (and offline mode " @@ -5845,7 +5861,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:462 +#: sssd-ldap.5.xml:463 msgid "" "Note: this option is subject to change in future versions of the SSSD. It " "will likely be replaced at some point by a series of timeouts for specific " @@ -5853,12 +5869,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:479 +#: sssd-ldap.5.xml:480 msgid "ldap_enumeration_search_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:482 +#: sssd-ldap.5.xml:483 msgid "" "Specifies the timeout (in seconds) that ldap searches for user and group " "enumerations are allowed to run before they are cancelled and cached results " @@ -5866,12 +5882,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:500 +#: sssd-ldap.5.xml:501 msgid "ldap_network_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:503 +#: sssd-ldap.5.xml:504 msgid "" "Specifies the timeout (in seconds) after which the <citerefentry> " "<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/" @@ -5882,12 +5898,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:531 +#: sssd-ldap.5.xml:532 msgid "ldap_opt_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:534 +#: sssd-ldap.5.xml:535 msgid "" "Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs " "will abort if no response is received. Also controls the timeout when " @@ -5896,12 +5912,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:554 +#: sssd-ldap.5.xml:555 msgid "ldap_connection_expire_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:557 +#: sssd-ldap.5.xml:558 msgid "" "Specifies a timeout (in seconds) that a connection to an LDAP server will be " "maintained. After this time, the connection will be re-established. If used " @@ -5910,7 +5926,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:565 +#: sssd-ldap.5.xml:566 msgid "" "If the connection is idle (not actively running an operation) within " "<emphasis>ldap_opt_timeout</emphasis> seconds of expiration, then it will be " @@ -5921,38 +5937,38 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:577 +#: sssd-ldap.5.xml:578 msgid "" "This timeout can be extended of a random value specified by " "<emphasis>ldap_connection_expire_offset</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:587 sssd-ldap.5.xml:630 sssd-ldap.5.xml:1711 +#: sssd-ldap.5.xml:588 sssd-ldap.5.xml:631 sssd-ldap.5.xml:1713 msgid "Default: 900 (15 minutes)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:593 +#: sssd-ldap.5.xml:594 msgid "ldap_connection_expire_offset (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:596 +#: sssd-ldap.5.xml:597 msgid "" "Random offset between 0 and configured value is added to " "<emphasis>ldap_connection_expire_timeout</emphasis>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:612 +#: sssd-ldap.5.xml:613 #, fuzzy #| msgid "ad_gpo_cache_timeout (integer)" msgid "ldap_connection_idle_timeout (integer)" msgstr "ad_gpo_cache_timeout (integeri)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:615 +#: sssd-ldap.5.xml:616 msgid "" "Specifies a timeout (in seconds) that an idle connection to an LDAP server " "will be maintained. If the connection is idle for more than this time then " @@ -5960,29 +5976,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:621 +#: sssd-ldap.5.xml:622 msgid "You can disable this timeout by setting the value to 0." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:636 +#: sssd-ldap.5.xml:637 msgid "ldap_page_size (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:639 +#: sssd-ldap.5.xml:640 msgid "" "Specify the number of records to retrieve from LDAP in a single request. " "Some LDAP servers enforce a maximum limit per-request." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:650 +#: sssd-ldap.5.xml:651 msgid "ldap_disable_paging (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:653 +#: sssd-ldap.5.xml:654 msgid "" "Disable the LDAP paging control. This option should be used if the LDAP " "server reports that it supports the LDAP paging control in its RootDSE but " @@ -5990,14 +6006,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:659 +#: sssd-ldap.5.xml:660 msgid "" "Example: OpenLDAP servers with the paging control module installed on the " "server but not enabled will report it in the RootDSE but be unable to use it." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:665 +#: sssd-ldap.5.xml:666 msgid "" "Example: 389 DS has a bug where it can only support a one paging control at " "a time on a single connection. On busy clients, this can result in some " @@ -6005,17 +6021,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:677 +#: sssd-ldap.5.xml:678 msgid "ldap_disable_range_retrieval (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:680 +#: sssd-ldap.5.xml:681 msgid "Disable Active Directory range retrieval." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:683 +#: sssd-ldap.5.xml:684 msgid "" "Active Directory limits the number of members to be retrieved in a single " "lookup using the MaxValRange policy (which defaults to 1500 members). If a " @@ -6025,12 +6041,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:698 +#: sssd-ldap.5.xml:699 msgid "ldap_sasl_minssf (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:701 +#: sssd-ldap.5.xml:702 msgid "" "When communicating with an LDAP server using SASL, specify the minimum " "security level necessary to establish the connection. The values of this " @@ -6038,17 +6054,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:707 sssd-ldap.5.xml:723 +#: sssd-ldap.5.xml:708 sssd-ldap.5.xml:724 msgid "Default: Use the system default (usually specified by ldap.conf)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:714 +#: sssd-ldap.5.xml:715 msgid "ldap_sasl_maxssf (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:717 +#: sssd-ldap.5.xml:718 msgid "" "When communicating with an LDAP server using SASL, specify the maximal " "security level necessary to establish the connection. The values of this " @@ -6056,12 +6072,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:730 +#: sssd-ldap.5.xml:731 msgid "ldap_deref_threshold (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:733 +#: sssd-ldap.5.xml:734 msgid "" "Specify the number of group members that must be missing from the internal " "cache in order to trigger a dereference lookup. If less members are missing, " @@ -6069,7 +6085,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:739 +#: sssd-ldap.5.xml:740 msgid "" "You can turn off dereference lookups completely by setting the value to 0. " "Please note that there are some codepaths in SSSD, like the IPA HBAC " @@ -6080,7 +6096,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:750 +#: sssd-ldap.5.xml:751 msgid "" "A dereference lookup is a means of fetching all group members in a single " "LDAP call. Different LDAP servers may implement different dereference " @@ -6089,7 +6105,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:758 +#: sssd-ldap.5.xml:759 msgid "" "<emphasis>Note:</emphasis> If any of the search bases specifies a search " "filter, then the dereference lookup performance enhancement will be disabled " @@ -6097,12 +6113,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:771 +#: sssd-ldap.5.xml:772 msgid "ldap_ignore_unreadable_references (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:774 +#: sssd-ldap.5.xml:775 msgid "" "Ignore unreadable LDAP entries referenced in group's member attribute. If " "this parameter is set to false an error will be returned and the operation " @@ -6110,7 +6126,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:781 +#: sssd-ldap.5.xml:782 msgid "" "This parameter may be useful when using the AD provider and the computer " "account that sssd uses to connect to AD does not have access to a particular " @@ -6118,26 +6134,26 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:794 +#: sssd-ldap.5.xml:795 msgid "ldap_tls_reqcert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:797 +#: sssd-ldap.5.xml:798 msgid "" "Specifies what checks to perform on server certificates in a TLS session, if " "any. It can be specified as one of the following values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:803 +#: sssd-ldap.5.xml:804 msgid "" "<emphasis>never</emphasis> = The client will not request or check any server " "certificate." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:807 +#: sssd-ldap.5.xml:808 msgid "" "<emphasis>allow</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -6145,7 +6161,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:814 +#: sssd-ldap.5.xml:815 msgid "" "<emphasis>try</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -6153,7 +6169,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:820 +#: sssd-ldap.5.xml:821 msgid "" "<emphasis>demand</emphasis> = The server certificate is requested. If no " "certificate is provided, or a bad certificate is provided, the session is " @@ -6161,41 +6177,41 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:826 +#: sssd-ldap.5.xml:827 msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:830 +#: sssd-ldap.5.xml:831 msgid "Default: hard" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:836 +#: sssd-ldap.5.xml:837 msgid "ldap_tls_cacert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:839 +#: sssd-ldap.5.xml:840 msgid "" "Specifies the file that contains certificates for all of the Certificate " "Authorities that <command>sssd</command> will recognize." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:844 sssd-ldap.5.xml:862 sssd-ldap.5.xml:903 +#: sssd-ldap.5.xml:845 sssd-ldap.5.xml:863 sssd-ldap.5.xml:904 msgid "" "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap." "conf</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:851 +#: sssd-ldap.5.xml:852 msgid "ldap_tls_cacertdir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:854 +#: sssd-ldap.5.xml:855 msgid "" "Specifies the path of a directory that contains Certificate Authority " "certificates in separate individual files. Typically the file names need to " @@ -6204,32 +6220,32 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:869 +#: sssd-ldap.5.xml:870 msgid "ldap_tls_cert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:872 +#: sssd-ldap.5.xml:873 msgid "Specifies the file that contains the certificate for the client's key." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:882 +#: sssd-ldap.5.xml:883 msgid "ldap_tls_key (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:885 +#: sssd-ldap.5.xml:886 msgid "Specifies the file that contains the client's key." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:894 +#: sssd-ldap.5.xml:895 msgid "ldap_tls_cipher_suite (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:897 +#: sssd-ldap.5.xml:898 msgid "" "Specifies acceptable cipher suites. Typically this is a colon separated " "list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> " @@ -6237,24 +6253,25 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:910 +#: sssd-ldap.5.xml:911 msgid "ldap_id_use_start_tls (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:913 +#: sssd-ldap.5.xml:914 msgid "" "Specifies that the id_provider connection must also use <systemitem " -"class=\"protocol\">tls</systemitem> to protect the channel." +"class=\"protocol\">tls</systemitem> to protect the channel. <emphasis>true</" +"emphasis> is strongly recommended for security reasons." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:923 +#: sssd-ldap.5.xml:925 msgid "ldap_id_mapping (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:926 +#: sssd-ldap.5.xml:928 msgid "" "Specifies that SSSD should attempt to map user and group IDs from the " "ldap_user_objectsid and ldap_group_objectsid attributes instead of relying " @@ -6262,17 +6279,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:932 +#: sssd-ldap.5.xml:934 msgid "Currently this feature supports only ActiveDirectory objectSID mapping." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:942 +#: sssd-ldap.5.xml:944 msgid "ldap_min_id, ldap_max_id (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:945 +#: sssd-ldap.5.xml:947 msgid "" "In contrast to the SID based ID mapping which is used if ldap_id_mapping is " "set to true the allowed ID range for ldap_user_uid_number and " @@ -6283,24 +6300,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:957 +#: sssd-ldap.5.xml:959 msgid "Default: not set (both options are set to 0)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:963 +#: sssd-ldap.5.xml:965 msgid "ldap_sasl_mech (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:966 +#: sssd-ldap.5.xml:968 msgid "" "Specify the SASL mechanism to use. Currently only GSSAPI and GSS-SPNEGO are " "tested and supported." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:970 +#: sssd-ldap.5.xml:972 msgid "" "If the backend supports sub-domains the value of ldap_sasl_mech is " "automatically inherited to the sub-domains. If a different value is needed " @@ -6311,12 +6328,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:986 +#: sssd-ldap.5.xml:988 msgid "ldap_sasl_authid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd-ldap.5.xml:998 +#: sssd-ldap.5.xml:1000 #, no-wrap msgid "" "hostname@REALM\n" @@ -6329,7 +6346,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:989 +#: sssd-ldap.5.xml:991 msgid "" "Specify the SASL authorization id to use. When GSSAPI/GSS-SPNEGO are used, " "this represents the Kerberos principal used for authentication to the " @@ -6341,17 +6358,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1009 +#: sssd-ldap.5.xml:1011 msgid "Default: host/hostname@REALM" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1015 +#: sssd-ldap.5.xml:1017 msgid "ldap_sasl_realm (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1018 +#: sssd-ldap.5.xml:1020 msgid "" "Specify the SASL realm to use. When not specified, this option defaults to " "the value of krb5_realm. If the ldap_sasl_authid contains the realm as " @@ -6359,49 +6376,49 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1024 +#: sssd-ldap.5.xml:1026 msgid "Default: the value of krb5_realm." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1030 +#: sssd-ldap.5.xml:1032 msgid "ldap_sasl_canonicalize (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1033 +#: sssd-ldap.5.xml:1035 msgid "" "If set to true, the LDAP library would perform a reverse lookup to " "canonicalize the host name during a SASL bind." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1038 +#: sssd-ldap.5.xml:1040 msgid "Default: false;" msgstr "Oletus: epätosi;" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1044 +#: sssd-ldap.5.xml:1046 msgid "ldap_krb5_keytab (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1047 +#: sssd-ldap.5.xml:1049 msgid "Specify the keytab to use when using SASL/GSSAPI/GSS-SPNEGO." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1056 sssd-krb5.5.xml:247 +#: sssd-ldap.5.xml:1058 sssd-krb5.5.xml:247 msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1062 +#: sssd-ldap.5.xml:1064 msgid "ldap_krb5_init_creds (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1065 +#: sssd-ldap.5.xml:1067 msgid "" "Specifies that the id_provider should init Kerberos credentials (TGT). This " "action is performed only if SASL is used and the mechanism selected is " @@ -6409,28 +6426,28 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1077 +#: sssd-ldap.5.xml:1079 msgid "ldap_krb5_ticket_lifetime (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1080 +#: sssd-ldap.5.xml:1082 msgid "" "Specifies the lifetime in seconds of the TGT if GSSAPI or GSS-SPNEGO is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1089 sssd-ad.5.xml:1252 +#: sssd-ldap.5.xml:1091 sssd-ad.5.xml:1252 msgid "Default: 86400 (24 hours)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1095 sssd-krb5.5.xml:74 +#: sssd-ldap.5.xml:1097 sssd-krb5.5.xml:74 msgid "krb5_server, krb5_backup_server (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1098 +#: sssd-ldap.5.xml:1100 msgid "" "Specifies the comma-separated list of IP addresses or hostnames of the " "Kerberos servers to which SSSD should connect in the order of preference. " @@ -6442,7 +6459,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1110 sssd-krb5.5.xml:89 +#: sssd-ldap.5.xml:1112 sssd-krb5.5.xml:89 msgid "" "When using service discovery for KDC or kpasswd servers, SSSD first searches " "for DNS entries that specify _udp as the protocol and falls back to _tcp if " @@ -6450,7 +6467,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1115 sssd-krb5.5.xml:94 +#: sssd-ldap.5.xml:1117 sssd-krb5.5.xml:94 msgid "" "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. " "While the legacy name is recognized for the time being, users are advised to " @@ -6458,39 +6475,39 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1124 sssd-ipa.5.xml:526 sssd-krb5.5.xml:103 +#: sssd-ldap.5.xml:1126 sssd-ipa.5.xml:531 sssd-krb5.5.xml:103 msgid "krb5_realm (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1127 +#: sssd-ldap.5.xml:1129 msgid "Specify the Kerberos REALM (for SASL/GSSAPI/GSS-SPNEGO auth)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1131 +#: sssd-ldap.5.xml:1133 msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>" msgstr "" #. type: Content of: <variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1137 include/krb5_options.xml:154 +#: sssd-ldap.5.xml:1139 include/krb5_options.xml:154 msgid "krb5_canonicalize (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1140 +#: sssd-ldap.5.xml:1142 msgid "" "Specifies if the host principal should be canonicalized when connecting to " "LDAP server. This feature is available with MIT Kerberos >= 1.7" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1152 sssd-krb5.5.xml:336 +#: sssd-ldap.5.xml:1154 sssd-krb5.5.xml:336 msgid "krb5_use_kdcinfo (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1155 sssd-krb5.5.xml:339 +#: sssd-ldap.5.xml:1157 sssd-krb5.5.xml:339 msgid "" "Specifies if the SSSD should instruct the Kerberos libraries what realm and " "which KDCs to use. This option is on by default, if you disable it, you need " @@ -6500,7 +6517,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1166 sssd-krb5.5.xml:350 +#: sssd-ldap.5.xml:1168 sssd-krb5.5.xml:350 msgid "" "See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</" "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more " @@ -6508,26 +6525,26 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1180 +#: sssd-ldap.5.xml:1182 msgid "ldap_pwd_policy (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1183 +#: sssd-ldap.5.xml:1185 msgid "" "Select the policy to evaluate the password expiration on the client side. " "The following values are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1188 +#: sssd-ldap.5.xml:1190 msgid "" "<emphasis>none</emphasis> - No evaluation on the client side. This option " "cannot disable server-side password policies." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1193 +#: sssd-ldap.5.xml:1195 msgid "" "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</" "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to " @@ -6536,7 +6553,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1201 +#: sssd-ldap.5.xml:1203 msgid "" "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos " "to determine if the password has expired. Use chpass_provider=krb5 to update " @@ -6544,31 +6561,31 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1210 +#: sssd-ldap.5.xml:1212 msgid "" "<emphasis>Note</emphasis>: if a password policy is configured on server " "side, it always takes precedence over policy set with this option." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1218 +#: sssd-ldap.5.xml:1220 msgid "ldap_referrals (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1221 +#: sssd-ldap.5.xml:1223 msgid "Specifies whether automatic referral chasing should be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1225 +#: sssd-ldap.5.xml:1227 msgid "" "Please note that sssd only supports referral chasing when it is compiled " "with OpenLDAP version 2.4.13 or higher." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1230 +#: sssd-ldap.5.xml:1232 msgid "" "Chasing referrals may incur a performance penalty in environments that use " "them heavily, a notable example is Microsoft Active Directory. If your setup " @@ -6581,51 +6598,51 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1249 +#: sssd-ldap.5.xml:1251 msgid "ldap_dns_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1252 +#: sssd-ldap.5.xml:1254 msgid "Specifies the service name to use when service discovery is enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1256 +#: sssd-ldap.5.xml:1258 msgid "Default: ldap" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1262 +#: sssd-ldap.5.xml:1264 msgid "ldap_chpass_dns_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1265 +#: sssd-ldap.5.xml:1267 msgid "" "Specifies the service name to use to find an LDAP server which allows " "password changes when service discovery is enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1270 +#: sssd-ldap.5.xml:1272 msgid "Default: not set, i.e. service discovery is disabled" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1276 +#: sssd-ldap.5.xml:1278 msgid "ldap_chpass_update_last_change (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1279 +#: sssd-ldap.5.xml:1281 msgid "" "Specifies whether to update the ldap_user_shadow_last_change attribute with " "days since the Epoch after a password change operation." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1285 +#: sssd-ldap.5.xml:1287 msgid "" "It is recommend to set this option explicitly if \"ldap_pwd_policy = " "shadow\" is used to let SSSD know if the LDAP server will update " @@ -6634,12 +6651,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1299 +#: sssd-ldap.5.xml:1301 msgid "ldap_access_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1302 +#: sssd-ldap.5.xml:1304 msgid "" "If using access_provider = ldap and ldap_access_order = filter (default), " "this option is mandatory. It specifies an LDAP search filter criteria that " @@ -6655,12 +6672,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1322 +#: sssd-ldap.5.xml:1324 msgid "Example:" msgstr "Esimerkki:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> -#: sssd-ldap.5.xml:1325 +#: sssd-ldap.5.xml:1327 #, no-wrap msgid "" "access_provider = ldap\n" @@ -6669,14 +6686,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1329 +#: sssd-ldap.5.xml:1331 msgid "" "This example means that access to this host is restricted to users whose " "employeeType attribute is set to \"admin\"." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1334 +#: sssd-ldap.5.xml:1336 msgid "" "Offline caching for this feature is limited to determining whether the " "user's last online login was granted access permission. If they were granted " @@ -6685,24 +6702,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1342 sssd-ldap.5.xml:1398 +#: sssd-ldap.5.xml:1344 sssd-ldap.5.xml:1400 msgid "Default: Empty" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1348 +#: sssd-ldap.5.xml:1350 msgid "ldap_account_expire_policy (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1351 +#: sssd-ldap.5.xml:1353 msgid "" "With this option a client side evaluation of access control attributes can " "be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1355 +#: sssd-ldap.5.xml:1357 msgid "" "Please note that it is always recommended to use server side access control, " "i.e. the LDAP server should deny the bind request with a suitable error code " @@ -6710,19 +6727,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1362 +#: sssd-ldap.5.xml:1364 msgid "The following values are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1365 +#: sssd-ldap.5.xml:1367 msgid "" "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to " "determine if the account is expired." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1370 +#: sssd-ldap.5.xml:1372 msgid "" "<emphasis>ad</emphasis>: use the value of the 32bit field " "ldap_user_ad_user_account_control and allow access if the second bit is not " @@ -6731,7 +6748,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1377 +#: sssd-ldap.5.xml:1379 msgid "" "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</" "emphasis>: use the value of ldap_ns_account_lock to check if access is " @@ -6739,7 +6756,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1383 +#: sssd-ldap.5.xml:1385 msgid "" "<emphasis>nds</emphasis>: the values of " "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and " @@ -6748,7 +6765,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1391 +#: sssd-ldap.5.xml:1393 msgid "" "Please note that the ldap_access_order configuration option <emphasis>must</" "emphasis> include <quote>expire</quote> in order for the " @@ -6756,22 +6773,22 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1404 +#: sssd-ldap.5.xml:1406 msgid "ldap_access_order (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1407 sssd-ipa.5.xml:351 +#: sssd-ldap.5.xml:1409 sssd-ipa.5.xml:356 msgid "Comma separated list of access control options. Allowed values are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1411 +#: sssd-ldap.5.xml:1413 msgid "<emphasis>filter</emphasis>: use ldap_access_filter" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1414 +#: sssd-ldap.5.xml:1416 msgid "" "<emphasis>lockout</emphasis>: use account locking. If set, this option " "denies access in case that ldap attribute 'pwdAccountLockedTime' is present " @@ -6781,14 +6798,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1424 +#: sssd-ldap.5.xml:1426 msgid "" "<emphasis> Please note that this option is superseded by the <quote>ppolicy</" "quote> option and might be removed in a future release. </emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1431 +#: sssd-ldap.5.xml:1433 msgid "" "<emphasis>ppolicy</emphasis>: use account locking. If set, this option " "denies access in case that ldap attribute 'pwdAccountLockedTime' is present " @@ -6801,12 +6818,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1448 +#: sssd-ldap.5.xml:1450 msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1452 sssd-ipa.5.xml:359 +#: sssd-ldap.5.xml:1454 sssd-ipa.5.xml:364 msgid "" "<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, " "pwd_expire_policy_renew: </emphasis> These options are useful if users are " @@ -6816,81 +6833,81 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1462 sssd-ipa.5.xml:369 +#: sssd-ldap.5.xml:1464 sssd-ipa.5.xml:374 msgid "" "The difference between these options is the action taken if user password is " "expired:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:1467 sssd-ipa.5.xml:374 +#: sssd-ldap.5.xml:1469 sssd-ipa.5.xml:379 msgid "pwd_expire_policy_reject - user is denied to log in," msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:1473 sssd-ipa.5.xml:380 +#: sssd-ldap.5.xml:1475 sssd-ipa.5.xml:385 msgid "pwd_expire_policy_warn - user is still able to log in," msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:1479 sssd-ipa.5.xml:386 +#: sssd-ldap.5.xml:1481 sssd-ipa.5.xml:391 msgid "" "pwd_expire_policy_renew - user is prompted to change their password " "immediately." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1487 +#: sssd-ldap.5.xml:1489 msgid "" "Please note that 'access_provider = ldap' must be set for this feature to " "work. Also 'ldap_pwd_policy' must be set to an appropriate password policy." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1492 +#: sssd-ldap.5.xml:1494 msgid "" "<emphasis>authorized_service</emphasis>: use the authorizedService attribute " "to determine access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1497 +#: sssd-ldap.5.xml:1499 msgid "<emphasis>host</emphasis>: use the host attribute to determine access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1501 +#: sssd-ldap.5.xml:1503 msgid "" "<emphasis>rhost</emphasis>: use the rhost attribute to determine whether " "remote host can access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1505 +#: sssd-ldap.5.xml:1507 msgid "" "Please note, rhost field in pam is set by application, it is better to check " "what the application sends to pam, before enabling this access control option" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1510 +#: sssd-ldap.5.xml:1512 msgid "Default: filter" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1513 +#: sssd-ldap.5.xml:1515 msgid "" "Please note that it is a configuration error if a value is used more than " "once." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1520 +#: sssd-ldap.5.xml:1522 msgid "ldap_pwdlockout_dn (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1523 +#: sssd-ldap.5.xml:1525 msgid "" "This option specifies the DN of password policy entry on LDAP server. Please " "note that absence of this option in sssd.conf in case of enabled account " @@ -6899,74 +6916,74 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1531 +#: sssd-ldap.5.xml:1533 msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1534 +#: sssd-ldap.5.xml:1536 msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1540 +#: sssd-ldap.5.xml:1542 msgid "ldap_deref (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1543 +#: sssd-ldap.5.xml:1545 msgid "" "Specifies how alias dereferencing is done when performing a search. The " "following options are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1548 +#: sssd-ldap.5.xml:1550 msgid "<emphasis>never</emphasis>: Aliases are never dereferenced." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1552 +#: sssd-ldap.5.xml:1554 msgid "" "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of " "the base object, but not in locating the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1557 +#: sssd-ldap.5.xml:1559 msgid "" "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating " "the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1562 +#: sssd-ldap.5.xml:1564 msgid "" "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and " "in locating the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1567 +#: sssd-ldap.5.xml:1569 msgid "" "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP " "client libraries)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1575 +#: sssd-ldap.5.xml:1577 msgid "ldap_rfc2307_fallback_to_local_users (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1578 +#: sssd-ldap.5.xml:1580 msgid "" "Allows to retain local users as members of an LDAP group for servers that " "use the RFC2307 schema." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1582 +#: sssd-ldap.5.xml:1584 msgid "" "In some environments where the RFC2307 schema is used, local users are made " "members of LDAP groups by adding their names to the memberUid attribute. " @@ -6977,7 +6994,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1593 +#: sssd-ldap.5.xml:1595 msgid "" "This option falls back to checking if local users are referenced, and caches " "them so that later initgroups() calls will augment the local users with the " @@ -6985,53 +7002,53 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1605 sssd-ifp.5.xml:152 +#: sssd-ldap.5.xml:1607 sssd-ifp.5.xml:152 msgid "wildcard_limit (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1608 +#: sssd-ldap.5.xml:1610 msgid "" "Specifies an upper limit on the number of entries that are downloaded during " "a wildcard lookup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1612 +#: sssd-ldap.5.xml:1614 msgid "At the moment, only the InfoPipe responder supports wildcard lookups." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1616 +#: sssd-ldap.5.xml:1618 msgid "Default: 1000 (often the size of one page)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1622 +#: sssd-ldap.5.xml:1624 msgid "ldap_library_debug_level (integer)" msgstr "ldap_library_debug_level (integeri)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1625 +#: sssd-ldap.5.xml:1627 msgid "" "Switches on libldap debugging with the given level. The libldap debug " "messages will be written independent of the general debug_level." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1630 +#: sssd-ldap.5.xml:1632 msgid "" "OpenLDAP uses a bitmap to enable debugging for specific components, -1 will " "enable full debug output." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1635 +#: sssd-ldap.5.xml:1637 msgid "Default: 0 (libldap debugging disabled)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:51 +#: sssd-ldap.5.xml:52 msgid "" "All of the common configuration options that apply to SSSD domains also " "apply to LDAP domains. Refer to the <quote>DOMAIN SECTIONS</quote> section " @@ -7043,12 +7060,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1645 +#: sssd-ldap.5.xml:1647 msgid "SUDO OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1647 +#: sssd-ldap.5.xml:1649 msgid "" "The detailed instructions for configuration of sudo_provider are in the " "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " @@ -7056,43 +7073,43 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1658 +#: sssd-ldap.5.xml:1660 msgid "ldap_sudo_full_refresh_interval (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1661 +#: sssd-ldap.5.xml:1663 msgid "" "How many seconds SSSD will wait between executing a full refresh of sudo " "rules (which downloads all rules that are stored on the server)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1666 +#: sssd-ldap.5.xml:1668 msgid "" "The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </" "emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1671 +#: sssd-ldap.5.xml:1673 msgid "" "You can disable full refresh by setting this option to 0. However, either " "smart or full refresh must be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1676 +#: sssd-ldap.5.xml:1678 msgid "Default: 21600 (6 hours)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1682 +#: sssd-ldap.5.xml:1684 msgid "ldap_sudo_smart_refresh_interval (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1685 +#: sssd-ldap.5.xml:1687 msgid "" "How many seconds SSSD has to wait before executing a smart refresh of sudo " "rules (which downloads all rules that have USN higher than the highest " @@ -7100,14 +7117,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1691 +#: sssd-ldap.5.xml:1693 msgid "" "If USN attributes are not supported by the server, the modifyTimestamp " "attribute is used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1695 +#: sssd-ldap.5.xml:1697 msgid "" "<emphasis>Note:</emphasis> the highest USN value can be updated by three " "tasks: 1) By sudo full and smart refresh (if updated rules are found), 2) by " @@ -7117,19 +7134,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1706 +#: sssd-ldap.5.xml:1708 msgid "" "You can disable smart refresh by setting this option to 0. However, either " "smart or full refresh must be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1717 +#: sssd-ldap.5.xml:1719 msgid "ldap_sudo_random_offset (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1720 +#: sssd-ldap.5.xml:1722 msgid "" "Random offset between 0 and configured value is added to smart and full " "refresh periods each time the periodic task is scheduled. The value is in " @@ -7137,7 +7154,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1726 +#: sssd-ldap.5.xml:1728 msgid "" "Note that this random offset is also applied on the first SSSD start which " "delays the first sudo rules refresh. This prolongs the time when the sudo " @@ -7145,106 +7162,106 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1732 +#: sssd-ldap.5.xml:1734 msgid "You can disable this offset by setting the value to 0." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1742 +#: sssd-ldap.5.xml:1744 msgid "ldap_sudo_use_host_filter (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1745 +#: sssd-ldap.5.xml:1747 msgid "" "If true, SSSD will download only rules that are applicable to this machine " "(using the IPv4 or IPv6 host/network addresses and hostnames)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1756 +#: sssd-ldap.5.xml:1758 msgid "ldap_sudo_hostnames (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1759 +#: sssd-ldap.5.xml:1761 msgid "" "Space separated list of hostnames or fully qualified domain names that " "should be used to filter the rules." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1764 +#: sssd-ldap.5.xml:1766 msgid "" "If this option is empty, SSSD will try to discover the hostname and the " "fully qualified domain name automatically." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1769 sssd-ldap.5.xml:1792 sssd-ldap.5.xml:1810 -#: sssd-ldap.5.xml:1828 +#: sssd-ldap.5.xml:1771 sssd-ldap.5.xml:1794 sssd-ldap.5.xml:1812 +#: sssd-ldap.5.xml:1830 msgid "" "If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</" "emphasis> then this option has no effect." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1774 sssd-ldap.5.xml:1797 +#: sssd-ldap.5.xml:1776 sssd-ldap.5.xml:1799 msgid "Default: not specified" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1780 +#: sssd-ldap.5.xml:1782 msgid "ldap_sudo_ip (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1783 +#: sssd-ldap.5.xml:1785 msgid "" "Space separated list of IPv4 or IPv6 host/network addresses that should be " "used to filter the rules." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1788 +#: sssd-ldap.5.xml:1790 msgid "" "If this option is empty, SSSD will try to discover the addresses " "automatically." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1803 +#: sssd-ldap.5.xml:1805 msgid "ldap_sudo_include_netgroups (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1806 +#: sssd-ldap.5.xml:1808 msgid "" "If true then SSSD will download every rule that contains a netgroup in " "sudoHost attribute." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1821 +#: sssd-ldap.5.xml:1823 msgid "ldap_sudo_include_regexp (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1824 +#: sssd-ldap.5.xml:1826 msgid "" "If true then SSSD will download every rule that contains a wildcard in " "sudoHost attribute." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><note><para> -#: sssd-ldap.5.xml:1834 +#: sssd-ldap.5.xml:1836 msgid "" "Using wildcard is an operation that is very costly to evaluate on the LDAP " "server side!" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1846 +#: sssd-ldap.5.xml:1848 msgid "" "This manual page only describes attribute name mapping. For detailed " "explanation of sudo related attribute semantics, see <citerefentry> " @@ -7253,59 +7270,59 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1856 +#: sssd-ldap.5.xml:1858 msgid "AUTOFS OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1858 +#: sssd-ldap.5.xml:1860 msgid "" "Some of the defaults for the parameters below are dependent on the LDAP " "schema." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1864 +#: sssd-ldap.5.xml:1866 msgid "ldap_autofs_map_master_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1867 +#: sssd-ldap.5.xml:1869 msgid "The name of the automount master map in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1870 +#: sssd-ldap.5.xml:1872 msgid "Default: auto.master" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1881 +#: sssd-ldap.5.xml:1883 msgid "ADVANCED OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1888 +#: sssd-ldap.5.xml:1890 msgid "ldap_netgroup_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1893 +#: sssd-ldap.5.xml:1895 msgid "ldap_user_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1898 +#: sssd-ldap.5.xml:1900 msgid "ldap_group_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><note> -#: sssd-ldap.5.xml:1903 +#: sssd-ldap.5.xml:1905 msgid "<note>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para> -#: sssd-ldap.5.xml:1905 +#: sssd-ldap.5.xml:1907 msgid "" "If the option <quote>ldap_use_tokengroups</quote> is enabled, the searches " "against Active Directory will not be restricted and return all groups " @@ -7314,22 +7331,22 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist> -#: sssd-ldap.5.xml:1912 +#: sssd-ldap.5.xml:1914 msgid "</note>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1914 +#: sssd-ldap.5.xml:1916 msgid "ldap_sudo_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1919 +#: sssd-ldap.5.xml:1921 msgid "ldap_autofs_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1883 +#: sssd-ldap.5.xml:1885 msgid "" "These options are supported by LDAP domains, but they should be used with " "caution. Please include them in your configuration only if you know what you " @@ -7338,14 +7355,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1934 sssd-simple.5.xml:131 sssd-ipa.5.xml:925 -#: sssd-ad.5.xml:1386 sssd-krb5.5.xml:483 sss_rpcidmapd.5.xml:98 +#: sssd-ldap.5.xml:1936 sssd-simple.5.xml:131 sssd-ipa.5.xml:930 +#: sssd-ad.5.xml:1391 sssd-krb5.5.xml:483 sss_rpcidmapd.5.xml:98 #: sssd-files.5.xml:155 sssd-session-recording.5.xml:176 msgid "EXAMPLE" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1936 +#: sssd-ldap.5.xml:1938 msgid "" "The following example assumes that SSSD is correctly configured and LDAP is " "set to one of the domains in the <replaceable>[domains]</replaceable> " @@ -7353,7 +7370,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ldap.5.xml:1942 +#: sssd-ldap.5.xml:1944 #, no-wrap msgid "" "[domain/LDAP]\n" @@ -7366,27 +7383,27 @@ msgid "" msgstr "" #. type: Content of: <refsect1><refsect2><para> -#: sssd-ldap.5.xml:1941 sssd-ldap.5.xml:1959 sssd-simple.5.xml:139 -#: sssd-ipa.5.xml:933 sssd-ad.5.xml:1394 sssd-sudo.5.xml:56 sssd-krb5.5.xml:492 +#: sssd-ldap.5.xml:1943 sssd-ldap.5.xml:1961 sssd-simple.5.xml:139 +#: sssd-ipa.5.xml:938 sssd-ad.5.xml:1399 sssd-sudo.5.xml:56 sssd-krb5.5.xml:492 #: sssd-files.5.xml:162 sssd-files.5.xml:173 sssd-session-recording.5.xml:182 #: include/ldap_id_mapping.xml:105 msgid "<placeholder type=\"programlisting\" id=\"0\"/>" msgstr "<placeholder type=\"programlisting\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1953 +#: sssd-ldap.5.xml:1955 msgid "LDAP ACCESS FILTER EXAMPLE" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1955 +#: sssd-ldap.5.xml:1957 msgid "" "The following example assumes that SSSD is correctly configured and to use " "the ldap_access_order=lockout." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ldap.5.xml:1960 +#: sssd-ldap.5.xml:1962 #, no-wrap msgid "" "[domain/LDAP]\n" @@ -7402,13 +7419,13 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1975 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148 -#: sssd-ad.5.xml:1409 sssd.8.xml:238 sss_seed.8.xml:163 +#: sssd-ldap.5.xml:1977 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148 +#: sssd-ad.5.xml:1414 sssd.8.xml:238 sss_seed.8.xml:163 msgid "NOTES" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1977 +#: sssd-ldap.5.xml:1979 msgid "" "The descriptions of some of the configuration options in this manual page " "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> " @@ -9737,12 +9754,12 @@ msgid "Example: dyndns_iface = em1, vnet1, vnet2" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:204 sssd-ad.5.xml:1285 +#: sssd-ipa.5.xml:204 sssd-ad.5.xml:1290 msgid "dyndns_auth (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:207 sssd-ad.5.xml:1288 +#: sssd-ipa.5.xml:207 sssd-ad.5.xml:1293 msgid "" "Whether the nsupdate utility should use GSS-TSIG authentication for secure " "updates with the DNS server, insecure updates can be sent by setting this " @@ -9750,17 +9767,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:213 sssd-ad.5.xml:1294 +#: sssd-ipa.5.xml:213 sssd-ad.5.xml:1299 msgid "Default: GSS-TSIG" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:219 sssd-ad.5.xml:1300 +#: sssd-ipa.5.xml:219 sssd-ad.5.xml:1305 msgid "dyndns_auth_ptr (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:222 sssd-ad.5.xml:1303 +#: sssd-ipa.5.xml:222 sssd-ad.5.xml:1308 msgid "" "Whether the nsupdate utility should use GSS-TSIG authentication for secure " "PTR updates with the DNS server, insecure updates can be sent by setting " @@ -9768,7 +9785,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:228 sssd-ad.5.xml:1309 +#: sssd-ipa.5.xml:228 sssd-ad.5.xml:1314 msgid "Default: Same as dyndns_auth" msgstr "" @@ -9827,65 +9844,72 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:290 +#: sssd-ipa.5.xml:290 sssd-ad.5.xml:1266 +msgid "" +"Note that <emphasis>dyndns_update_per_family</emphasis> parameter does not " +"apply for PTR record updates. Those updates are always sent separately." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:295 msgid "Default: False (disabled)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:296 sssd-ad.5.xml:1272 +#: sssd-ipa.5.xml:301 sssd-ad.5.xml:1277 msgid "dyndns_force_tcp (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:299 sssd-ad.5.xml:1275 +#: sssd-ipa.5.xml:304 sssd-ad.5.xml:1280 msgid "" "Whether the nsupdate utility should default to using TCP for communicating " "with the DNS server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:303 sssd-ad.5.xml:1279 +#: sssd-ipa.5.xml:308 sssd-ad.5.xml:1284 msgid "Default: False (let nsupdate choose the protocol)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:309 sssd-ad.5.xml:1315 +#: sssd-ipa.5.xml:314 sssd-ad.5.xml:1320 msgid "dyndns_server (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:312 sssd-ad.5.xml:1318 +#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1323 msgid "" "The DNS server to use when performing a DNS update. In most setups, it's " "recommended to leave this option unset." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1323 +#: sssd-ipa.5.xml:322 sssd-ad.5.xml:1328 msgid "" "Setting this option makes sense for environments where the DNS server is " "different from the identity server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:322 sssd-ad.5.xml:1328 +#: sssd-ipa.5.xml:327 sssd-ad.5.xml:1333 msgid "" "Please note that this option will be only used in fallback attempt when " "previous attempt using autodetected settings failed." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:327 sssd-ad.5.xml:1333 +#: sssd-ipa.5.xml:332 sssd-ad.5.xml:1338 msgid "Default: None (let nsupdate choose the server)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:333 sssd-ad.5.xml:1339 +#: sssd-ipa.5.xml:338 sssd-ad.5.xml:1344 msgid "dyndns_update_per_family (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:336 sssd-ad.5.xml:1342 +#: sssd-ipa.5.xml:341 sssd-ad.5.xml:1347 msgid "" "DNS update is by default performed in two steps - IPv4 update and then IPv6 " "update. In some cases it might be desirable to perform IPv4 and IPv6 update " @@ -9893,177 +9917,177 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:348 +#: sssd-ipa.5.xml:353 msgid "ipa_access_order (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:355 +#: sssd-ipa.5.xml:360 msgid "<emphasis>expire</emphasis>: use IPA's account expiration policy." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:394 +#: sssd-ipa.5.xml:399 msgid "" "Please note that 'access_provider = ipa' must be set for this feature to " "work." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:401 +#: sssd-ipa.5.xml:406 msgid "ipa_deskprofile_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:404 +#: sssd-ipa.5.xml:409 msgid "" "Optional. Use the given string as search base for Desktop Profile related " "objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:408 sssd-ipa.5.xml:435 +#: sssd-ipa.5.xml:413 sssd-ipa.5.xml:440 msgid "Default: Use base DN" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:414 +#: sssd-ipa.5.xml:419 msgid "ipa_subid_ranges_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:417 +#: sssd-ipa.5.xml:422 msgid "" "Optional. Use the given string as search base for subordinate ranges related " "objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:421 +#: sssd-ipa.5.xml:426 msgid "Default: the value of <emphasis>cn=subids,%basedn</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:428 +#: sssd-ipa.5.xml:433 msgid "ipa_hbac_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:431 +#: sssd-ipa.5.xml:436 msgid "Optional. Use the given string as search base for HBAC related objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:441 +#: sssd-ipa.5.xml:446 msgid "ipa_host_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:444 +#: sssd-ipa.5.xml:449 msgid "Deprecated. Use ldap_host_search_base instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:450 +#: sssd-ipa.5.xml:455 msgid "ipa_selinux_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:453 +#: sssd-ipa.5.xml:458 msgid "Optional. Use the given string as search base for SELinux user maps." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:469 +#: sssd-ipa.5.xml:474 msgid "ipa_subdomains_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:472 +#: sssd-ipa.5.xml:477 msgid "Optional. Use the given string as search base for trusted domains." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:481 +#: sssd-ipa.5.xml:486 msgid "Default: the value of <emphasis>cn=trusts,%basedn</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:488 +#: sssd-ipa.5.xml:493 msgid "ipa_master_domain_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:491 +#: sssd-ipa.5.xml:496 msgid "Optional. Use the given string as search base for master domain object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:500 +#: sssd-ipa.5.xml:505 msgid "Default: the value of <emphasis>cn=ad,cn=etc,%basedn</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:507 +#: sssd-ipa.5.xml:512 msgid "ipa_views_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:510 +#: sssd-ipa.5.xml:515 msgid "Optional. Use the given string as search base for views containers." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:519 +#: sssd-ipa.5.xml:524 msgid "Default: the value of <emphasis>cn=views,cn=accounts,%basedn</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:529 +#: sssd-ipa.5.xml:534 msgid "" "The name of the Kerberos realm. This is optional and defaults to the value " "of <quote>ipa_domain</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:533 +#: sssd-ipa.5.xml:538 msgid "" "The name of the Kerberos realm has a special meaning in IPA - it is " "converted into the base DN to use for performing LDAP operations." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:541 sssd-ad.5.xml:1357 +#: sssd-ipa.5.xml:546 sssd-ad.5.xml:1362 msgid "krb5_confd_path (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:544 sssd-ad.5.xml:1360 +#: sssd-ipa.5.xml:549 sssd-ad.5.xml:1365 msgid "" "Absolute path of a directory where SSSD should place Kerberos configuration " "snippets." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:548 sssd-ad.5.xml:1364 +#: sssd-ipa.5.xml:553 sssd-ad.5.xml:1369 msgid "" "To disable the creation of the configuration snippets set the parameter to " "'none'." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:552 sssd-ad.5.xml:1368 +#: sssd-ipa.5.xml:557 sssd-ad.5.xml:1373 msgid "" "Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:559 +#: sssd-ipa.5.xml:564 msgid "ipa_deskprofile_refresh (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:562 +#: sssd-ipa.5.xml:567 msgid "" "The amount of time between lookups of the Desktop Profile rules against the " "IPA server. This will reduce the latency and load on the IPA server if there " @@ -10071,34 +10095,34 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:569 sssd-ipa.5.xml:599 sssd-ipa.5.xml:615 sssd-ad.5.xml:599 +#: sssd-ipa.5.xml:574 sssd-ipa.5.xml:604 sssd-ipa.5.xml:620 sssd-ad.5.xml:599 msgid "Default: 5 (seconds)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:575 +#: sssd-ipa.5.xml:580 msgid "ipa_deskprofile_request_interval (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:578 +#: sssd-ipa.5.xml:583 msgid "" "The amount of time between lookups of the Desktop Profile rules against the " "IPA server in case the last request did not return any rule." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:583 +#: sssd-ipa.5.xml:588 msgid "Default: 60 (minutes)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:589 +#: sssd-ipa.5.xml:594 msgid "ipa_hbac_refresh (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:592 +#: sssd-ipa.5.xml:597 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server. " "This will reduce the latency and load on the IPA server if there are many " @@ -10106,12 +10130,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:605 +#: sssd-ipa.5.xml:610 msgid "ipa_hbac_selinux (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:608 +#: sssd-ipa.5.xml:613 msgid "" "The amount of time between lookups of the SELinux maps against the IPA " "server. This will reduce the latency and load on the IPA server if there are " @@ -10119,33 +10143,33 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:621 +#: sssd-ipa.5.xml:626 msgid "ipa_server_mode (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:624 +#: sssd-ipa.5.xml:629 msgid "" "This option will be set by the IPA installer (ipa-server-install) " "automatically and denotes if SSSD is running on an IPA server or not." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:629 +#: sssd-ipa.5.xml:634 msgid "" "On an IPA server SSSD will lookup users and groups from trusted domains " "directly while on a client it will ask an IPA server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:634 +#: sssd-ipa.5.xml:639 msgid "" "NOTE: There are currently some assumptions that must be met when SSSD is " "running on an IPA server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:639 +#: sssd-ipa.5.xml:644 msgid "" "The <quote>ipa_server</quote> option must be configured to point to the IPA " "server itself. This is already the default set by the IPA installer, so no " @@ -10153,59 +10177,59 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:648 +#: sssd-ipa.5.xml:653 msgid "" "The <quote>full_name_format</quote> option must not be tweaked to only print " "short names for users from trusted domains." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:663 +#: sssd-ipa.5.xml:668 msgid "ipa_automount_location (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:666 +#: sssd-ipa.5.xml:671 msgid "The automounter location this IPA client will be using" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:669 +#: sssd-ipa.5.xml:674 msgid "Default: The location named \"default\"" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd-ipa.5.xml:677 +#: sssd-ipa.5.xml:682 msgid "VIEWS AND OVERRIDES" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:686 +#: sssd-ipa.5.xml:691 msgid "ipa_view_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:689 +#: sssd-ipa.5.xml:694 msgid "Objectclass of the view container." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:692 +#: sssd-ipa.5.xml:697 msgid "Default: nsContainer" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:698 +#: sssd-ipa.5.xml:703 msgid "ipa_view_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:701 +#: sssd-ipa.5.xml:706 msgid "Name of the attribute holding the name of the view." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:705 sssd-ldap-attributes.5.xml:496 +#: sssd-ipa.5.xml:710 sssd-ldap-attributes.5.xml:496 #: sssd-ldap-attributes.5.xml:830 sssd-ldap-attributes.5.xml:911 #: sssd-ldap-attributes.5.xml:1008 sssd-ldap-attributes.5.xml:1066 #: sssd-ldap-attributes.5.xml:1224 sssd-ldap-attributes.5.xml:1269 @@ -10213,128 +10237,128 @@ msgid "Default: cn" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:711 +#: sssd-ipa.5.xml:716 msgid "ipa_override_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:714 +#: sssd-ipa.5.xml:719 msgid "Objectclass of the override objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:717 +#: sssd-ipa.5.xml:722 msgid "Default: ipaOverrideAnchor" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:723 +#: sssd-ipa.5.xml:728 msgid "ipa_anchor_uuid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:726 +#: sssd-ipa.5.xml:731 msgid "" "Name of the attribute containing the reference to the original object in a " "remote domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:730 +#: sssd-ipa.5.xml:735 msgid "Default: ipaAnchorUUID" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:736 +#: sssd-ipa.5.xml:741 msgid "ipa_user_override_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:739 +#: sssd-ipa.5.xml:744 msgid "" "Name of the objectclass for user overrides. It is used to determine if the " "found override object is related to a user or a group." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:744 +#: sssd-ipa.5.xml:749 msgid "User overrides can contain attributes given by" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:747 +#: sssd-ipa.5.xml:752 msgid "ldap_user_name" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:750 +#: sssd-ipa.5.xml:755 msgid "ldap_user_uid_number" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:753 +#: sssd-ipa.5.xml:758 msgid "ldap_user_gid_number" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:756 +#: sssd-ipa.5.xml:761 msgid "ldap_user_gecos" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:759 +#: sssd-ipa.5.xml:764 msgid "ldap_user_home_directory" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:762 +#: sssd-ipa.5.xml:767 msgid "ldap_user_shell" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:765 +#: sssd-ipa.5.xml:770 msgid "ldap_user_ssh_public_key" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:770 +#: sssd-ipa.5.xml:775 msgid "Default: ipaUserOverride" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:776 +#: sssd-ipa.5.xml:781 msgid "ipa_group_override_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:779 +#: sssd-ipa.5.xml:784 msgid "" "Name of the objectclass for group overrides. It is used to determine if the " "found override object is related to a user or a group." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:784 +#: sssd-ipa.5.xml:789 msgid "Group overrides can contain attributes given by" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:787 +#: sssd-ipa.5.xml:792 msgid "ldap_group_name" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:790 +#: sssd-ipa.5.xml:795 msgid "ldap_group_gid_number" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:795 +#: sssd-ipa.5.xml:800 msgid "Default: ipaGroupOverride" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd-ipa.5.xml:679 +#: sssd-ipa.5.xml:684 msgid "" "SSSD can handle views and overrides which are offered by FreeIPA 4.1 and " "later version. Since all paths and objectclasses are fixed on the server " @@ -10344,19 +10368,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ipa.5.xml:807 +#: sssd-ipa.5.xml:812 msgid "SUBDOMAINS PROVIDER" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:809 +#: sssd-ipa.5.xml:814 msgid "" "The IPA subdomains provider behaves slightly differently if it is configured " "explicitly or implicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:813 +#: sssd-ipa.5.xml:818 msgid "" "If the option 'subdomains_provider = ipa' is found in the domain section of " "sssd.conf, the IPA subdomains provider is configured explicitly, and all " @@ -10364,7 +10388,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:819 +#: sssd-ipa.5.xml:824 msgid "" "If the option 'subdomains_provider' is not set in the domain section of sssd." "conf but there is the option 'id_provider = ipa', the IPA subdomains " @@ -10376,12 +10400,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ipa.5.xml:830 +#: sssd-ipa.5.xml:835 msgid "TRUSTED DOMAINS CONFIGURATION" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ipa.5.xml:838 +#: sssd-ipa.5.xml:843 #, no-wrap msgid "" "[domain/ipa.domain.com/ad.domain.com]\n" @@ -10389,7 +10413,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:832 +#: sssd-ipa.5.xml:837 msgid "" "Some configuration options can also be set for a trusted domain. A trusted " "domain configuration can be set using the trusted domain subsection as shown " @@ -10399,80 +10423,80 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:843 +#: sssd-ipa.5.xml:848 msgid "" "For more details, see the <citerefentry> <refentrytitle>sssd.conf</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:850 +#: sssd-ipa.5.xml:855 msgid "" "Different configuration options are tunable for a trusted domain depending " "on whether you are configuring SSSD on an IPA server or an IPA client." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd-ipa.5.xml:855 +#: sssd-ipa.5.xml:860 msgid "OPTIONS TUNABLE ON IPA MASTERS" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd-ipa.5.xml:857 +#: sssd-ipa.5.xml:862 msgid "" "The following options can be set in a subdomain section on an IPA master:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:861 sssd-ipa.5.xml:891 +#: sssd-ipa.5.xml:866 sssd-ipa.5.xml:896 msgid "ad_server" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:864 +#: sssd-ipa.5.xml:869 msgid "ad_backup_server" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:867 sssd-ipa.5.xml:894 +#: sssd-ipa.5.xml:872 sssd-ipa.5.xml:899 msgid "ad_site" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:870 +#: sssd-ipa.5.xml:875 msgid "ldap_search_base" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:873 +#: sssd-ipa.5.xml:878 msgid "ldap_user_search_base" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:876 +#: sssd-ipa.5.xml:881 msgid "ldap_group_search_base" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd-ipa.5.xml:885 +#: sssd-ipa.5.xml:890 msgid "OPTIONS TUNABLE ON IPA CLIENTS" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd-ipa.5.xml:887 +#: sssd-ipa.5.xml:892 msgid "" "The following options can be set in a subdomain section on an IPA client:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd-ipa.5.xml:899 +#: sssd-ipa.5.xml:904 msgid "" "Note that if both options are set, only <quote>ad_server</quote> is " "evaluated." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd-ipa.5.xml:903 +#: sssd-ipa.5.xml:908 msgid "" "Since any request for a user or a group identity from a trusted domain " "triggered from an IPA client is resolved by the IPA server, the " @@ -10486,7 +10510,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:927 +#: sssd-ipa.5.xml:932 msgid "" "The following example assumes that SSSD is correctly configured and example." "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " @@ -10494,7 +10518,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ipa.5.xml:934 +#: sssd-ipa.5.xml:939 #, no-wrap msgid "" "[domain/example.com]\n" @@ -11688,7 +11712,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ad.5.xml:1388 +#: sssd-ad.5.xml:1393 msgid "" "The following example assumes that SSSD is correctly configured and example." "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " @@ -11696,7 +11720,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ad.5.xml:1395 +#: sssd-ad.5.xml:1400 #, no-wrap msgid "" "[domain/EXAMPLE]\n" @@ -11711,7 +11735,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ad.5.xml:1415 +#: sssd-ad.5.xml:1420 #, no-wrap msgid "" "access_provider = ldap\n" @@ -11720,7 +11744,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ad.5.xml:1411 +#: sssd-ad.5.xml:1416 msgid "" "The AD access control provider checks if the account is expired. It has the " "same effect as the following configuration of the LDAP provider: " @@ -11728,7 +11752,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ad.5.xml:1421 +#: sssd-ad.5.xml:1426 msgid "" "However, unless the <quote>ad</quote> access control provider is explicitly " "configured, the default access provider is <quote>permit</quote>. Please " @@ -11738,7 +11762,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ad.5.xml:1429 +#: sssd-ad.5.xml:1434 msgid "" "When the autofs provider is set to <quote>ad</quote>, the RFC2307 schema " "attribute mapping (nisMap, nisObject, ...) is used, because these attributes " diff --git a/src/man/po/fr.po b/src/man/po/fr.po index 96ccfacd99f..cedfbf8ea15 100644 --- a/src/man/po/fr.po +++ b/src/man/po/fr.po @@ -17,7 +17,7 @@ msgid "" msgstr "" "Project-Id-Version: sssd-docs 2.3.0\n" "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" -"POT-Creation-Date: 2023-09-07 11:47+0200\n" +"POT-Creation-Date: 2023-11-13 11:53+0100\n" "PO-Revision-Date: 2020-07-22 07:49-0400\n" "Last-Translator: Copied by Zanata <copied-by-zanata@zanata.org>\n" "Language-Team: French (http://www.transifex.com/projects/p/sssd/language/" @@ -236,10 +236,10 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:136 sssd.conf.5.xml:173 sssd.conf.5.xml:358 #: sssd.conf.5.xml:714 sssd.conf.5.xml:729 sssd.conf.5.xml:952 -#: sssd.conf.5.xml:1070 sssd.conf.5.xml:2198 sssd-ldap.5.xml:1071 -#: sssd-ldap.5.xml:1174 sssd-ldap.5.xml:1243 sssd-ldap.5.xml:1750 -#: sssd-ldap.5.xml:1815 sssd-ipa.5.xml:342 sssd-ad.5.xml:252 sssd-ad.5.xml:366 -#: sssd-ad.5.xml:1200 sssd-ad.5.xml:1348 sssd-krb5.5.xml:358 +#: sssd.conf.5.xml:1070 sssd.conf.5.xml:2198 sssd-ldap.5.xml:1073 +#: sssd-ldap.5.xml:1176 sssd-ldap.5.xml:1245 sssd-ldap.5.xml:1752 +#: sssd-ldap.5.xml:1817 sssd-ipa.5.xml:347 sssd-ad.5.xml:252 sssd-ad.5.xml:366 +#: sssd-ad.5.xml:1200 sssd-ad.5.xml:1353 sssd-krb5.5.xml:358 msgid "Default: true" msgstr "Par défaut : true" @@ -260,10 +260,10 @@ msgstr "" #. type: Content of: <variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:149 sssd.conf.5.xml:652 sssd.conf.5.xml:949 -#: sssd.conf.5.xml:2101 sssd.conf.5.xml:2168 sssd.conf.5.xml:4174 -#: sssd-ldap.5.xml:312 sssd-ldap.5.xml:917 sssd-ldap.5.xml:936 -#: sssd-ldap.5.xml:1146 sssd-ldap.5.xml:1599 sssd-ldap.5.xml:1839 -#: sssd-ipa.5.xml:152 sssd-ipa.5.xml:254 sssd-ipa.5.xml:657 sssd-ad.5.xml:1106 +#: sssd.conf.5.xml:2101 sssd.conf.5.xml:2168 sssd.conf.5.xml:4191 +#: sssd-ldap.5.xml:313 sssd-ldap.5.xml:919 sssd-ldap.5.xml:938 +#: sssd-ldap.5.xml:1148 sssd-ldap.5.xml:1601 sssd-ldap.5.xml:1841 +#: sssd-ipa.5.xml:152 sssd-ipa.5.xml:254 sssd-ipa.5.xml:662 sssd-ad.5.xml:1106 #: sssd-krb5.5.xml:268 sssd-krb5.5.xml:330 sssd-krb5.5.xml:432 #: include/krb5_options.xml:163 msgid "Default: false" @@ -299,8 +299,8 @@ msgid "" msgstr "" #. type: Content of: outside any tag (error?) -#: sssd.conf.5.xml:109 sssd.conf.5.xml:184 sssd-ldap.5.xml:1656 -#: sssd-ldap.5.xml:1862 sss-certmap.5.xml:645 sssd-systemtap.5.xml:82 +#: sssd.conf.5.xml:109 sssd.conf.5.xml:184 sssd-ldap.5.xml:1658 +#: sssd-ldap.5.xml:1864 sss-certmap.5.xml:645 sssd-systemtap.5.xml:82 #: sssd-systemtap.5.xml:143 sssd-systemtap.5.xml:236 sssd-systemtap.5.xml:274 #: sssd-systemtap.5.xml:330 sssd-ldap-attributes.5.xml:40 #: sssd-ldap-attributes.5.xml:659 sssd-ldap-attributes.5.xml:801 @@ -331,7 +331,7 @@ msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:196 sssd.conf.5.xml:1290 sssd.conf.5.xml:1767 -#: sssd.conf.5.xml:4190 sssd-ldap.5.xml:765 include/ldap_id_mapping.xml:270 +#: sssd.conf.5.xml:4207 sssd-ldap.5.xml:766 include/ldap_id_mapping.xml:270 msgid "Default: 10" msgstr "Par défaut : 10" @@ -417,7 +417,7 @@ msgstr "" "d'abandonner" #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:266 sssd.conf.5.xml:792 sssd.conf.5.xml:3709 +#: sssd.conf.5.xml:266 sssd.conf.5.xml:792 sssd.conf.5.xml:3716 #: include/failover.xml:100 msgid "Default: 3" msgstr "Par défaut : 3" @@ -439,7 +439,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:287 sssd.conf.5.xml:3541 +#: sssd.conf.5.xml:287 sssd.conf.5.xml:3548 msgid "re_expression (string)" msgstr "re_expression (chaîne)" @@ -461,12 +461,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:304 sssd.conf.5.xml:3598 +#: sssd.conf.5.xml:304 sssd.conf.5.xml:3605 msgid "full_name_format (string)" msgstr "full_name_format (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:307 sssd.conf.5.xml:3601 +#: sssd.conf.5.xml:307 sssd.conf.5.xml:3608 msgid "" "A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</" "manvolnum> </citerefentry>-compatible format that describes how to compose a " @@ -478,33 +478,33 @@ msgstr "" "domaine." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:318 sssd.conf.5.xml:3612 +#: sssd.conf.5.xml:318 sssd.conf.5.xml:3619 msgid "%1$s" msgstr "%1$s" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:319 sssd.conf.5.xml:3613 +#: sssd.conf.5.xml:319 sssd.conf.5.xml:3620 msgid "user name" msgstr "nom d'utilisateur" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:322 sssd.conf.5.xml:3616 +#: sssd.conf.5.xml:322 sssd.conf.5.xml:3623 msgid "%2$s" msgstr "%2$s" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:325 sssd.conf.5.xml:3619 +#: sssd.conf.5.xml:325 sssd.conf.5.xml:3626 msgid "domain name as specified in the SSSD config file." msgstr "" "nom de domaine tel qu'indiqué dans le fichier de configuration de SSSD." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:331 sssd.conf.5.xml:3625 +#: sssd.conf.5.xml:331 sssd.conf.5.xml:3632 msgid "%3$s" msgstr "%3$s" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:334 sssd.conf.5.xml:3628 +#: sssd.conf.5.xml:334 sssd.conf.5.xml:3635 msgid "" "domain flat name. Mostly usable for Active Directory domains, both directly " "configured or discovered via IPA trusts." @@ -514,7 +514,7 @@ msgstr "" "d'approbation IPA." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:315 sssd.conf.5.xml:3609 +#: sssd.conf.5.xml:315 sssd.conf.5.xml:3616 msgid "" "The following expansions are supported: <placeholder type=\"variablelist\" " "id=\"0\"/>" @@ -679,8 +679,8 @@ msgid "" msgstr "" #. type: Content of: <variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:468 sssd-ldap.5.xml:876 sssd-ldap.5.xml:888 -#: sssd-ldap.5.xml:980 sssd-ad.5.xml:920 sssd-ad.5.xml:995 sssd-krb5.5.xml:468 +#: sssd.conf.5.xml:468 sssd-ldap.5.xml:877 sssd-ldap.5.xml:889 +#: sssd-ldap.5.xml:982 sssd-ad.5.xml:920 sssd-ad.5.xml:995 sssd-krb5.5.xml:468 #: sssd-ldap-attributes.5.xml:470 sssd-ldap-attributes.5.xml:976 #: include/ldap_id_mapping.xml:211 include/ldap_id_mapping.xml:222 #: include/krb5_options.xml:148 @@ -964,7 +964,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:700 sssd.conf.5.xml:1791 sssd.conf.5.xml:4240 +#: sssd.conf.5.xml:700 sssd.conf.5.xml:1791 sssd.conf.5.xml:4257 #: sssd-ad.5.xml:187 sssd-ad.5.xml:327 sssd-ad.5.xml:341 msgid "Default: Not set" msgstr "Par défaut : non défini" @@ -1174,7 +1174,7 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:858 sssd.conf.5.xml:1201 sssd.conf.5.xml:1584 -#: sssd.conf.5.xml:1880 sssd-ldap.5.xml:494 +#: sssd.conf.5.xml:1880 sssd-ldap.5.xml:495 msgid "Default: 60" msgstr "Par défaut : 60" @@ -1286,7 +1286,7 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:937 sssd.conf.5.xml:1214 sssd.conf.5.xml:2322 -#: sssd-ldap.5.xml:331 +#: sssd-ldap.5.xml:332 msgid "Default: 300" msgstr "Par défaut : 300" @@ -1722,7 +1722,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1240 sssd.conf.5.xml:2964 sssd-ldap.5.xml:548 +#: sssd.conf.5.xml:1240 sssd.conf.5.xml:2971 sssd-ldap.5.xml:549 msgid "Default: 8" msgstr "Par défaut : 8" @@ -1750,8 +1750,8 @@ msgid "" msgstr "" #. type: Content of: <variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1265 sssd.conf.5.xml:1317 sssd.conf.5.xml:3730 -#: sssd-ldap.5.xml:473 sssd-ldap.5.xml:525 include/failover.xml:116 +#: sssd.conf.5.xml:1265 sssd.conf.5.xml:1317 sssd.conf.5.xml:3737 +#: sssd-ldap.5.xml:474 sssd-ldap.5.xml:526 include/failover.xml:116 #: include/krb5_options.xml:11 msgid "Default: 6" msgstr "Par défaut : 6" @@ -2097,7 +2097,7 @@ msgid "pam_pwd_expiration_warning (integer)" msgstr "pam_pwd_expiration_warning (entier)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1553 sssd.conf.5.xml:2988 +#: sssd.conf.5.xml:1553 sssd.conf.5.xml:2995 msgid "Display a warning N days before the password expires." msgstr "Afficher une alerte N jours avant l'expiration du mot de passe." @@ -2113,7 +2113,7 @@ msgstr "" "ne peut afficher de message d'alerte." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1562 sssd.conf.5.xml:2991 +#: sssd.conf.5.xml:1562 sssd.conf.5.xml:2998 msgid "" "If zero is set, then this filter is not applied, i.e. if the expiration " "warning was received from backend server, it will automatically be displayed." @@ -2132,7 +2132,7 @@ msgstr "" "<emphasis>pwd_expiration_warning</emphasis> pour un domaine particulier." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1572 sssd.conf.5.xml:3977 sssd-ldap.5.xml:606 sssd.8.xml:79 +#: sssd.conf.5.xml:1572 sssd.conf.5.xml:3984 sssd-ldap.5.xml:607 sssd.8.xml:79 msgid "Default: 0" msgstr "Par défaut : 0" @@ -2200,8 +2200,8 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1632 sssd.conf.5.xml:1657 sssd.conf.5.xml:1676 -#: sssd.conf.5.xml:1913 sssd.conf.5.xml:2733 sssd.conf.5.xml:3906 -#: sssd-ldap.5.xml:1207 +#: sssd.conf.5.xml:1913 sssd.conf.5.xml:2733 sssd.conf.5.xml:3913 +#: sssd-ldap.5.xml:1209 msgid "Default: none" msgstr "Par défaut : aucun" @@ -2266,8 +2266,8 @@ msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1687 sssd.conf.5.xml:1698 sssd.conf.5.xml:1712 -#: sssd-ldap.5.xml:671 sssd-ldap.5.xml:692 sssd-ldap.5.xml:788 -#: sssd-ldap.5.xml:1293 sssd-ad.5.xml:505 sssd-ad.5.xml:581 sssd-ad.5.xml:1126 +#: sssd-ldap.5.xml:672 sssd-ldap.5.xml:693 sssd-ldap.5.xml:789 +#: sssd-ldap.5.xml:1295 sssd-ad.5.xml:505 sssd-ad.5.xml:581 sssd-ad.5.xml:1126 #: sssd-ad.5.xml:1175 include/ldap_id_mapping.xml:250 msgid "Default: False" msgstr "Par défaut : False" @@ -2306,7 +2306,7 @@ msgid "The path to the certificate database." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1723 sssd.conf.5.xml:2248 sssd.conf.5.xml:4354 +#: sssd.conf.5.xml:1723 sssd.conf.5.xml:2248 sssd.conf.5.xml:4371 msgid "Default:" msgstr "" @@ -2581,7 +2581,7 @@ msgid "Default: no_session" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1950 sssd.conf.5.xml:4293 +#: sssd.conf.5.xml:1950 sssd.conf.5.xml:4310 #, fuzzy #| msgid "ad_gpo_map_service (string)" msgid "pam_gssapi_services" @@ -2625,7 +2625,7 @@ msgstr "" " " #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1968 sssd.conf.5.xml:3900 +#: sssd.conf.5.xml:1968 sssd.conf.5.xml:3907 msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>" msgstr "Exemple : <placeholder type=\"programlisting\" id=\"0\"/>" @@ -2635,7 +2635,7 @@ msgid "Default: - (GSSAPI authentication is disabled)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1979 sssd.conf.5.xml:4294 +#: sssd.conf.5.xml:1979 sssd.conf.5.xml:4311 msgid "pam_gssapi_check_upn" msgstr "" @@ -2655,7 +2655,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1999 sssd-ad.5.xml:1266 sss_rpcidmapd.5.xml:76 +#: sssd.conf.5.xml:1999 sssd-ad.5.xml:1271 sss_rpcidmapd.5.xml:76 #: sssd-files.5.xml:145 msgid "Default: True" msgstr "Par défaut : True" @@ -3471,7 +3471,7 @@ msgid "FALSE = No enumerations for this domain" msgstr "FALSE = aucune énumération pour ce domaine" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2669 sssd.conf.5.xml:2943 sssd.conf.5.xml:3120 +#: sssd.conf.5.xml:2669 sssd.conf.5.xml:2950 sssd.conf.5.xml:3127 msgid "Default: FALSE" msgstr "Par défaut : FALSE" @@ -3782,7 +3782,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2922 sssd-ldap.5.xml:360 sssd-ldap.5.xml:1736 +#: sssd.conf.5.xml:2922 sssd-ldap.5.xml:361 sssd-ldap.5.xml:1738 #: sssd-ipa.5.xml:270 msgid "Default: 0 (disabled)" msgstr "Par défaut : 0 (désactivé)" @@ -3794,16 +3794,17 @@ msgstr "cache_credentials (booléen)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:2931 -#, fuzzy -#| msgid "" -#| "Determines if user credentials are also cached in the local LDB cache" -msgid "Determines if user credentials are also cached in the local LDB cache." +msgid "" +"Determines if user credentials are also cached in the local LDB cache. The " +"cached credentials refer to passwords, which includes the first (long term) " +"factor of two-factor authentication, not other authentication mechanisms. " +"Passkey and Smartcard authentications are expected to work offline as long " +"as a successful online authentication is recorded in the cache without " +"additional configuration." msgstr "" -"Détermine si les données d'identification de l'utilisateur sont aussi mis en " -"cache dans le cache LDB local" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2935 +#: sssd.conf.5.xml:2942 msgid "" "Take a note that while credentials are stored as a salted SHA512 hash, this " "still potentially poses some security risk in case an attacker manages to " @@ -3812,12 +3813,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2949 +#: sssd.conf.5.xml:2956 msgid "cache_credentials_minimal_first_factor_length (int)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2952 +#: sssd.conf.5.xml:2959 msgid "" "If 2-Factor-Authentication (2FA) is used and credentials should be saved " "this value determines the minimal length the first authentication factor " @@ -3825,19 +3826,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2959 +#: sssd.conf.5.xml:2966 msgid "" "This should avoid that the short PINs of a PIN based 2FA scheme are saved in " "the cache which would make them easy targets for brute-force attacks." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2970 +#: sssd.conf.5.xml:2977 msgid "account_cache_expiration (integer)" msgstr "account_cache_expiration (entier)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2973 +#: sssd.conf.5.xml:2980 msgid "" "Number of days entries are left in cache after last successful login before " "being removed during a cleanup of the cache. 0 means keep forever. The " @@ -3850,17 +3851,17 @@ msgstr "" "paramètre doit être supérieur ou égal à offline_credentials_expiration." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2980 +#: sssd.conf.5.xml:2987 msgid "Default: 0 (unlimited)" msgstr "Par défaut : 0 (illimité)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2985 +#: sssd.conf.5.xml:2992 msgid "pwd_expiration_warning (integer)" msgstr "pwd_expiration_warning (integer)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2996 +#: sssd.conf.5.xml:3003 msgid "" "Please note that the backend server has to provide information about the " "expiration time of the password. If this information is missing, sssd " @@ -3873,17 +3874,17 @@ msgstr "" "fournisseur oauth doit être configuré pour le moteur." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3003 +#: sssd.conf.5.xml:3010 msgid "Default: 7 (Kerberos), 0 (LDAP)" msgstr "Par défaut : 7 (Kerberos), 0 (LDAP)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3009 +#: sssd.conf.5.xml:3016 msgid "id_provider (string)" msgstr "id_provider (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3012 +#: sssd.conf.5.xml:3019 msgid "" "The identification provider used for the domain. Supported ID providers are:" msgstr "" @@ -3891,12 +3892,12 @@ msgstr "" "d'identification pris en charge sont :" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3016 +#: sssd.conf.5.xml:3023 msgid "<quote>proxy</quote>: Support a legacy NSS provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3019 +#: sssd.conf.5.xml:3026 msgid "" "<quote>files</quote>: FILES provider. See <citerefentry> <refentrytitle>sssd-" "files</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more " @@ -3904,7 +3905,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3027 +#: sssd.conf.5.xml:3034 msgid "" "<quote>ldap</quote>: LDAP provider. See <citerefentry> <refentrytitle>sssd-" "ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more " @@ -3916,8 +3917,8 @@ msgstr "" "LDAP." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3035 sssd.conf.5.xml:3146 sssd.conf.5.xml:3197 -#: sssd.conf.5.xml:3260 +#: sssd.conf.5.xml:3042 sssd.conf.5.xml:3153 sssd.conf.5.xml:3204 +#: sssd.conf.5.xml:3267 msgid "" "<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management " "provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> " @@ -3930,8 +3931,8 @@ msgstr "" "configuration de FreeIPA." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3044 sssd.conf.5.xml:3155 sssd.conf.5.xml:3206 -#: sssd.conf.5.xml:3269 +#: sssd.conf.5.xml:3051 sssd.conf.5.xml:3162 sssd.conf.5.xml:3213 +#: sssd.conf.5.xml:3276 msgid "" "<quote>ad</quote>: Active Directory provider. See <citerefentry> " "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3943,12 +3944,12 @@ msgstr "" "d'Active Directory." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3055 +#: sssd.conf.5.xml:3062 msgid "use_fully_qualified_names (bool)" msgstr "use_fully_qualified_names (booléen)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3058 +#: sssd.conf.5.xml:3065 msgid "" "Use the full name and domain (as formatted by the domain's full_name_format) " "as the user's login name reported to NSS." @@ -3958,7 +3959,7 @@ msgstr "" "communiqué à NSS." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3063 +#: sssd.conf.5.xml:3070 msgid "" "If set to TRUE, all requests to this domain must use fully qualified names. " "For example, if used in LOCAL domain that contains a \"test\" user, " @@ -3972,7 +3973,7 @@ msgstr "" "trouve." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3071 +#: sssd.conf.5.xml:3078 msgid "" "NOTE: This option has no effect on netgroup lookups due to their tendency to " "include nested netgroups without qualified names. For netgroups, all domains " @@ -3984,24 +3985,24 @@ msgstr "" "qualifié sera demandé." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3078 +#: sssd.conf.5.xml:3085 msgid "" "Default: FALSE (TRUE for trusted domain/sub-domains or if " "default_domain_suffix is used)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3085 +#: sssd.conf.5.xml:3092 msgid "ignore_group_members (bool)" msgstr "ignore_group_members (booléen)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3088 +#: sssd.conf.5.xml:3095 msgid "Do not return group members for group lookups." msgstr "Ne pas envoyer les membres des groupes sur les recherches de groupes." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3091 +#: sssd.conf.5.xml:3098 msgid "" "If set to TRUE, the group membership attribute is not requested from the " "ldap server, and group members are not returned when processing group lookup " @@ -4013,7 +4014,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3109 +#: sssd.conf.5.xml:3116 msgid "" "Enabling this option can also make access provider checks for group " "membership significantly faster, especially for groups containing many " @@ -4021,23 +4022,23 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3115 sssd.conf.5.xml:3822 sssd-ldap.5.xml:326 -#: sssd-ldap.5.xml:355 sssd-ldap.5.xml:408 sssd-ldap.5.xml:468 -#: sssd-ldap.5.xml:489 sssd-ldap.5.xml:520 sssd-ldap.5.xml:543 -#: sssd-ldap.5.xml:582 sssd-ldap.5.xml:601 sssd-ldap.5.xml:625 -#: sssd-ldap.5.xml:1051 sssd-ldap.5.xml:1084 +#: sssd.conf.5.xml:3122 sssd.conf.5.xml:3829 sssd-ldap.5.xml:327 +#: sssd-ldap.5.xml:356 sssd-ldap.5.xml:409 sssd-ldap.5.xml:469 +#: sssd-ldap.5.xml:490 sssd-ldap.5.xml:521 sssd-ldap.5.xml:544 +#: sssd-ldap.5.xml:583 sssd-ldap.5.xml:602 sssd-ldap.5.xml:626 +#: sssd-ldap.5.xml:1053 sssd-ldap.5.xml:1086 msgid "" "This option can be also set per subdomain or inherited via " "<emphasis>subdomain_inherit</emphasis>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3125 +#: sssd.conf.5.xml:3132 msgid "auth_provider (string)" msgstr "auth_provider (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3128 +#: sssd.conf.5.xml:3135 msgid "" "The authentication provider used for the domain. Supported auth providers " "are:" @@ -4046,7 +4047,7 @@ msgstr "" "pris en charge sont :" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3132 sssd.conf.5.xml:3190 +#: sssd.conf.5.xml:3139 sssd.conf.5.xml:3197 msgid "" "<quote>ldap</quote> for native LDAP authentication. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" @@ -4058,7 +4059,7 @@ msgstr "" "LDAP." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3139 +#: sssd.conf.5.xml:3146 msgid "" "<quote>krb5</quote> for Kerberos authentication. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" @@ -4069,7 +4070,7 @@ msgstr "" "citerefentry> pour plus d'informations sur la configuration de Kerberos." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3163 +#: sssd.conf.5.xml:3170 msgid "" "<quote>proxy</quote> for relaying authentication to some other PAM target." msgstr "" @@ -4077,12 +4078,12 @@ msgstr "" "PAM." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3166 +#: sssd.conf.5.xml:3173 msgid "<quote>none</quote> disables authentication explicitly." msgstr "<quote>none</quote> désactive l'authentification explicitement." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3169 +#: sssd.conf.5.xml:3176 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can handle " "authentication requests." @@ -4091,12 +4092,12 @@ msgstr "" "gérer les requêtes d'authentification." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3175 +#: sssd.conf.5.xml:3182 msgid "access_provider (string)" msgstr "access_provider (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3178 +#: sssd.conf.5.xml:3185 msgid "" "The access control provider used for the domain. There are two built-in " "access providers (in addition to any included in installed backends) " @@ -4107,7 +4108,7 @@ msgstr "" "installés). Les fournisseurs internes spécifiques sont :" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3184 +#: sssd.conf.5.xml:3191 msgid "" "<quote>permit</quote> always allow access. It's the only permitted access " "provider for a local domain." @@ -4116,12 +4117,12 @@ msgstr "" "d'accès autorisé pour un domaine local." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3187 +#: sssd.conf.5.xml:3194 msgid "<quote>deny</quote> always deny access." msgstr "<quote>deny</quote> toujours refuser les accès." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3214 +#: sssd.conf.5.xml:3221 msgid "" "<quote>simple</quote> access control based on access or deny lists. See " "<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</" @@ -4134,7 +4135,7 @@ msgstr "" "d'informations sur la configuration du module d'accès simple." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3221 +#: sssd.conf.5.xml:3228 msgid "" "<quote>krb5</quote>: .k5login based access control. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum></" @@ -4142,22 +4143,22 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3228 +#: sssd.conf.5.xml:3235 msgid "<quote>proxy</quote> for relaying access control to another PAM module." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3231 +#: sssd.conf.5.xml:3238 msgid "Default: <quote>permit</quote>" msgstr "Par défaut : <quote>permit</quote>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3236 +#: sssd.conf.5.xml:3243 msgid "chpass_provider (string)" msgstr "chpass_provider (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3239 +#: sssd.conf.5.xml:3246 msgid "" "The provider which should handle change password operations for the domain. " "Supported change password providers are:" @@ -4166,7 +4167,7 @@ msgstr "" "domaine. Les fournisseurs pris en charge sont :" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3244 +#: sssd.conf.5.xml:3251 msgid "" "<quote>ldap</quote> to change a password stored in a LDAP server. See " "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" @@ -4174,7 +4175,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3252 +#: sssd.conf.5.xml:3259 msgid "" "<quote>krb5</quote> to change the Kerberos password. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" @@ -4186,7 +4187,7 @@ msgstr "" "Kerberos." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3277 +#: sssd.conf.5.xml:3284 msgid "" "<quote>proxy</quote> for relaying password changes to some other PAM target." msgstr "" @@ -4194,14 +4195,14 @@ msgstr "" "autre cible PAM." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3281 +#: sssd.conf.5.xml:3288 msgid "<quote>none</quote> disallows password changes explicitly." msgstr "" "<quote>none</quote> pour désactiver explicitement le changement de mot de " "passe." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3284 +#: sssd.conf.5.xml:3291 msgid "" "Default: <quote>auth_provider</quote> is used if it is set and can handle " "change password requests." @@ -4210,19 +4211,19 @@ msgstr "" "peut gérer les changements de mot de passe." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3291 +#: sssd.conf.5.xml:3298 msgid "sudo_provider (string)" msgstr "sudo_provider (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3294 +#: sssd.conf.5.xml:3301 msgid "The SUDO provider used for the domain. Supported SUDO providers are:" msgstr "" "Le fournisseur SUDO, utilisé pour le domaine. Les fournisseurs SUDO pris en " "charge sont :" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3298 +#: sssd.conf.5.xml:3305 msgid "" "<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" @@ -4234,7 +4235,7 @@ msgstr "" "LDAP." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3306 +#: sssd.conf.5.xml:3313 msgid "" "<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default " "settings." @@ -4243,7 +4244,7 @@ msgstr "" "par défaut pour IPA." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3310 +#: sssd.conf.5.xml:3317 msgid "" "<quote>ad</quote> the same as <quote>ldap</quote> but with AD default " "settings." @@ -4252,20 +4253,20 @@ msgstr "" "par défaut pour AD." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3314 +#: sssd.conf.5.xml:3321 msgid "<quote>none</quote> disables SUDO explicitly." msgstr "<quote>none</quote> désactive explicitement SUDO." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3317 sssd.conf.5.xml:3403 sssd.conf.5.xml:3473 -#: sssd.conf.5.xml:3498 sssd.conf.5.xml:3534 +#: sssd.conf.5.xml:3324 sssd.conf.5.xml:3410 sssd.conf.5.xml:3480 +#: sssd.conf.5.xml:3505 sssd.conf.5.xml:3541 msgid "Default: The value of <quote>id_provider</quote> is used if it is set." msgstr "" "Par défaut : La valeur de <quote>id_provider</quote> est utilisée si elle " "est définie." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3321 +#: sssd.conf.5.xml:3328 msgid "" "The detailed instructions for configuration of sudo_provider are in the " "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " @@ -4276,7 +4277,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3336 +#: sssd.conf.5.xml:3343 msgid "" "<emphasis>NOTE:</emphasis> Sudo rules are periodically downloaded in the " "background unless the sudo provider is explicitly disabled. Set " @@ -4285,12 +4286,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3346 +#: sssd.conf.5.xml:3353 msgid "selinux_provider (string)" msgstr "selinux_provider (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3349 +#: sssd.conf.5.xml:3356 msgid "" "The provider which should handle loading of selinux settings. Note that this " "provider will be called right after access provider ends. Supported selinux " @@ -4301,7 +4302,7 @@ msgstr "" "fournisseur d'accès. Les fournisseurs selinux pris en charge sont :" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3355 +#: sssd.conf.5.xml:3362 msgid "" "<quote>ipa</quote> to load selinux settings from an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" @@ -4313,14 +4314,14 @@ msgstr "" "IPA." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3363 +#: sssd.conf.5.xml:3370 msgid "<quote>none</quote> disallows fetching selinux settings explicitly." msgstr "" "<quote>none</quote> n'autorise pas la récupération explicite des paramètres " "selinux." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3366 +#: sssd.conf.5.xml:3373 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can handle " "selinux loading requests." @@ -4329,12 +4330,12 @@ msgstr "" "gérer le chargement selinux" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3372 +#: sssd.conf.5.xml:3379 msgid "subdomains_provider (string)" msgstr "subdomains_provider (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3375 +#: sssd.conf.5.xml:3382 msgid "" "The provider which should handle fetching of subdomains. This value should " "be always the same as id_provider. Supported subdomain providers are:" @@ -4344,7 +4345,7 @@ msgstr "" "fournisseurs de sous-domaine pris en charge sont :" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3381 +#: sssd.conf.5.xml:3388 msgid "" "<quote>ipa</quote> to load a list of subdomains from an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" @@ -4356,7 +4357,7 @@ msgstr "" "IPA." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3390 +#: sssd.conf.5.xml:3397 msgid "" "<quote>ad</quote> to load a list of subdomains from an Active Directory " "server. See <citerefentry> <refentrytitle>sssd-ad</refentrytitle> " @@ -4365,18 +4366,18 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3399 +#: sssd.conf.5.xml:3406 msgid "<quote>none</quote> disallows fetching subdomains explicitly." msgstr "" "<quote>none</quote> désactive la récupération explicite des sous-domaines." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3409 +#: sssd.conf.5.xml:3416 msgid "session_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3412 +#: sssd.conf.5.xml:3419 msgid "" "The provider which configures and manages user session related tasks. The " "only user session task currently provided is the integration with Fleet " @@ -4384,37 +4385,37 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3419 +#: sssd.conf.5.xml:3426 msgid "<quote>ipa</quote> to allow performing user session related tasks." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3423 +#: sssd.conf.5.xml:3430 msgid "" "<quote>none</quote> does not perform any kind of user session related tasks." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3427 +#: sssd.conf.5.xml:3434 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can perform " "session related tasks." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3431 +#: sssd.conf.5.xml:3438 msgid "" "<emphasis>NOTE:</emphasis> In order to have this feature working as expected " "SSSD must be running as \"root\" and not as the unprivileged user." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3439 +#: sssd.conf.5.xml:3446 msgid "autofs_provider (string)" msgstr "autofs_provider (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3442 +#: sssd.conf.5.xml:3449 msgid "" "The autofs provider used for the domain. Supported autofs providers are:" msgstr "" @@ -4422,7 +4423,7 @@ msgstr "" "en charge sont :" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3446 +#: sssd.conf.5.xml:3453 msgid "" "<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" @@ -4434,7 +4435,7 @@ msgstr "" "LDAP." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3453 +#: sssd.conf.5.xml:3460 msgid "" "<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> " "<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </" @@ -4446,7 +4447,7 @@ msgstr "" "IPA." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3461 +#: sssd.conf.5.xml:3468 msgid "" "<quote>ad</quote> to load maps stored in an AD server. See <citerefentry> " "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </" @@ -4454,17 +4455,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3470 +#: sssd.conf.5.xml:3477 msgid "<quote>none</quote> disables autofs explicitly." msgstr "<quote>none</quote> désactive explicitement autofs." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3480 +#: sssd.conf.5.xml:3487 msgid "hostid_provider (string)" msgstr "hostid_provider (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3483 +#: sssd.conf.5.xml:3490 msgid "" "The provider used for retrieving host identity information. Supported " "hostid providers are:" @@ -4473,7 +4474,7 @@ msgstr "" "systèmes. Les fournisseurs de hostid pris en charge sont :" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3487 +#: sssd.conf.5.xml:3494 msgid "" "<quote>ipa</quote> to load host identity stored in an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" @@ -4485,31 +4486,31 @@ msgstr "" "configuration de IPA." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3495 +#: sssd.conf.5.xml:3502 msgid "<quote>none</quote> disables hostid explicitly." msgstr "<quote>none</quote> désactive explicitement hostid." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3505 +#: sssd.conf.5.xml:3512 msgid "resolver_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3508 +#: sssd.conf.5.xml:3515 msgid "" "The provider which should handle hosts and networks lookups. Supported " "resolver providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3512 +#: sssd.conf.5.xml:3519 msgid "" "<quote>proxy</quote> to forward lookups to another NSS library. See " "<quote>proxy_resolver_lib_name</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3516 +#: sssd.conf.5.xml:3523 msgid "" "<quote>ldap</quote> to fetch hosts and networks stored in LDAP. See " "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" @@ -4517,7 +4518,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3523 +#: sssd.conf.5.xml:3530 msgid "" "<quote>ad</quote> to fetch hosts and networks stored in AD. See " "<citerefentry> <refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</" @@ -4526,12 +4527,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3531 +#: sssd.conf.5.xml:3538 msgid "<quote>none</quote> disallows fetching hosts and networks explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3544 +#: sssd.conf.5.xml:3551 msgid "" "Regular expression for this domain that describes how to parse the string " "containing user name and domain into these components. The \"domain\" can " @@ -4547,7 +4548,7 @@ msgstr "" "domaine." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3553 +#: sssd.conf.5.xml:3560 #, fuzzy #| msgid "" #| "Default for the AD and IPA provider: <quote>(((?P<domain>[^\\\\]+)\\" @@ -4564,17 +4565,17 @@ msgstr "" "styles différents pour les noms d'utilisateurs :" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:3558 sssd.conf.5.xml:3572 +#: sssd.conf.5.xml:3565 sssd.conf.5.xml:3579 msgid "username" msgstr "username" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:3561 sssd.conf.5.xml:3575 +#: sssd.conf.5.xml:3568 sssd.conf.5.xml:3582 msgid "username@domain.name" msgstr "username@domain.name" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3566 +#: sssd.conf.5.xml:3573 #, fuzzy #| msgid "" #| "Default for the AD and IPA provider: <quote>(((?P<domain>[^\\\\]+)\\" @@ -4593,12 +4594,12 @@ msgstr "" "styles différents pour les noms d'utilisateurs :" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:3578 +#: sssd.conf.5.xml:3585 msgid "domain\\username" msgstr "domain\\username" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3581 +#: sssd.conf.5.xml:3588 msgid "" "While the first two correspond to the general default the third one is " "introduced to allow easy integration of users from Windows domains." @@ -4608,7 +4609,7 @@ msgstr "" "utilisateurs de domaines Windows." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3586 +#: sssd.conf.5.xml:3593 msgid "" "The default re_expression uses the <quote>@</quote> character as a separator " "between the name and the domain. As a result of this setting the default " @@ -4618,17 +4619,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3638 +#: sssd.conf.5.xml:3645 msgid "Default: <quote>%1$s@%2$s</quote>." msgstr "Par défaut : <quote>%1$s@%2$s</quote>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3644 +#: sssd.conf.5.xml:3651 msgid "lookup_family_order (string)" msgstr "lookup_family_order (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3647 +#: sssd.conf.5.xml:3654 msgid "" "Provides the ability to select preferred address family to use when " "performing DNS lookups." @@ -4637,82 +4638,82 @@ msgstr "" "utiliser pour effectuer les requêtes DNS." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3651 +#: sssd.conf.5.xml:3658 msgid "Supported values:" msgstr "Valeurs prises en charge :" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3654 +#: sssd.conf.5.xml:3661 msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6" msgstr "" "ipv4_first : essayer de chercher une adresse IPv4, et en cas d'échec, " "essayer IPv6." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3657 +#: sssd.conf.5.xml:3664 msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses." msgstr "" "ipv4_only : ne tenter de résoudre les noms de systèmes qu'en adresses IPv4." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3660 +#: sssd.conf.5.xml:3667 msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4" msgstr "" "ipv6_first : essayer de chercher une adresse IPv6, et en cas d'échec, tenter " "IPv4." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3663 +#: sssd.conf.5.xml:3670 msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses." msgstr "" "ipv6_only : ne tenter de résoudre les noms de systèmes qu'en adresses IPv6." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3666 +#: sssd.conf.5.xml:3673 msgid "Default: ipv4_first" msgstr "Par défaut : ipv4_first" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3672 +#: sssd.conf.5.xml:3679 #, fuzzy #| msgid "dns_resolver_timeout (integer)" msgid "dns_resolver_server_timeout (integer)" msgstr "dns_resolver_timeout (entier)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3675 +#: sssd.conf.5.xml:3682 msgid "" "Defines the amount of time (in milliseconds) SSSD would try to talk to DNS " "server before trying next DNS server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3680 +#: sssd.conf.5.xml:3687 msgid "" "The AD provider will use this option for the CLDAP ping timeouts as well." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3684 sssd.conf.5.xml:3704 sssd.conf.5.xml:3725 +#: sssd.conf.5.xml:3691 sssd.conf.5.xml:3711 sssd.conf.5.xml:3732 msgid "" "Please see the section <quote>FAILOVER</quote> for more information about " "the service resolution." msgstr "" #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3689 sssd-ldap.5.xml:644 include/failover.xml:84 +#: sssd.conf.5.xml:3696 sssd-ldap.5.xml:645 include/failover.xml:84 msgid "Default: 1000" msgstr "Par défaut : 1000" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3695 +#: sssd.conf.5.xml:3702 #, fuzzy #| msgid "dns_resolver_timeout (integer)" msgid "dns_resolver_op_timeout (integer)" msgstr "dns_resolver_timeout (entier)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3698 +#: sssd.conf.5.xml:3705 msgid "" "Defines the amount of time (in seconds) to wait to resolve single DNS query " "(e.g. resolution of a hostname or an SRV record) before trying the next " @@ -4720,12 +4721,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3715 +#: sssd.conf.5.xml:3722 msgid "dns_resolver_timeout (integer)" msgstr "dns_resolver_timeout (entier)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3718 +#: sssd.conf.5.xml:3725 msgid "" "Defines the amount of time (in seconds) to wait for a reply from the " "internal fail over service before assuming that the service is unreachable. " @@ -4734,14 +4735,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3736 +#: sssd.conf.5.xml:3743 #, fuzzy #| msgid "dns_resolver_timeout (integer)" msgid "dns_resolver_use_search_list (bool)" msgstr "dns_resolver_timeout (entier)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3739 +#: sssd.conf.5.xml:3746 msgid "" "Normally, the DNS resolver searches the domain list defined in the " "\"search\" directive from the resolv.conf file. This can lead to delays in " @@ -4749,7 +4750,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3745 +#: sssd.conf.5.xml:3752 msgid "" "If fully qualified domain names (or _srv_) are used in the SSSD " "configuration, setting this option to FALSE can prevent unnecessary DNS " @@ -4757,17 +4758,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3751 +#: sssd.conf.5.xml:3758 msgid "Default: TRUE" msgstr "Par défaut : TRUE" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3757 +#: sssd.conf.5.xml:3764 msgid "dns_discovery_domain (string)" msgstr "dns_discovery_domain (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3760 +#: sssd.conf.5.xml:3767 msgid "" "If service discovery is used in the back end, specifies the domain part of " "the service discovery DNS query." @@ -4776,54 +4777,54 @@ msgstr "" "du domaine faisant partie de la requête DNS de découverte de services." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3764 +#: sssd.conf.5.xml:3771 msgid "Default: Use the domain part of machine's hostname" msgstr "" "Par défaut : utiliser la partie du domaine qui est dans le nom de système de " "la machine." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3770 +#: sssd.conf.5.xml:3777 msgid "override_gid (integer)" msgstr "override_gid (entier)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3773 +#: sssd.conf.5.xml:3780 msgid "Override the primary GID value with the one specified." msgstr "Redéfinit le GID primaire avec la valeur spécifiée." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3779 +#: sssd.conf.5.xml:3786 msgid "case_sensitive (string)" msgstr "case_sensitive (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3786 +#: sssd.conf.5.xml:3793 msgid "True" msgstr "True" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3789 +#: sssd.conf.5.xml:3796 msgid "Case sensitive. This value is invalid for AD provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3795 +#: sssd.conf.5.xml:3802 msgid "False" msgstr "False" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3797 +#: sssd.conf.5.xml:3804 msgid "Case insensitive." msgstr "Insensible à la casse." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3801 +#: sssd.conf.5.xml:3808 msgid "Preserving" msgstr "Preserving" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3804 +#: sssd.conf.5.xml:3811 msgid "" "Same as False (case insensitive), but does not lowercase names in the result " "of NSS operations. Note that name aliases (and in case of services also " @@ -4835,14 +4836,14 @@ msgstr "" "sortie." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3812 +#: sssd.conf.5.xml:3819 msgid "" "If you want to set this value for trusted domain with IPA provider, you need " "to set it on both the client and SSSD on the server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3782 +#: sssd.conf.5.xml:3789 #, fuzzy #| msgid "" #| "The following expansions are supported: <placeholder " @@ -4855,17 +4856,17 @@ msgstr "" "type=\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3827 +#: sssd.conf.5.xml:3834 msgid "Default: True (False for AD provider)" msgstr "Par défaut : true (false pour le fournisseur AD)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3833 +#: sssd.conf.5.xml:3840 msgid "subdomain_inherit (string)" msgstr "subdomain_inherit (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3836 +#: sssd.conf.5.xml:3843 msgid "" "Specifies a list of configuration parameters that should be inherited by a " "subdomain. Please note that only selected parameters can be inherited. " @@ -4873,130 +4874,130 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3842 +#: sssd.conf.5.xml:3849 #, fuzzy #| msgid "ldap_search_timeout (integer)" msgid "ldap_search_timeout" msgstr "ldap_search_timeout (entier)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3845 +#: sssd.conf.5.xml:3852 #, fuzzy #| msgid "ldap_network_timeout (integer)" msgid "ldap_network_timeout" msgstr "ldap_network_timeout (entier)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3848 +#: sssd.conf.5.xml:3855 #, fuzzy #| msgid "ldap_opt_timeout (integer)" msgid "ldap_opt_timeout" msgstr "ldap_opt_timeout (entier)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3851 +#: sssd.conf.5.xml:3858 #, fuzzy #| msgid "ldap_connection_expire_timeout (integer)" msgid "ldap_offline_timeout" msgstr "ldap_connection_expire_timeout (entier)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3854 +#: sssd.conf.5.xml:3861 #, fuzzy #| msgid "ldap_enumeration_refresh_timeout (integer)" msgid "ldap_enumeration_refresh_timeout" msgstr "ldap_enumeration_refresh_timeout (entier)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3857 +#: sssd.conf.5.xml:3864 #, fuzzy #| msgid "ldap_enumeration_refresh_timeout (integer)" msgid "ldap_enumeration_refresh_offset" msgstr "ldap_enumeration_refresh_timeout (entier)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3860 +#: sssd.conf.5.xml:3867 msgid "ldap_purge_cache_timeout" msgstr "ldap_purge_cache_timeout" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3863 +#: sssd.conf.5.xml:3870 #, fuzzy #| msgid "ldap_purge_cache_timeout" msgid "ldap_purge_cache_offset" msgstr "ldap_purge_cache_timeout" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3866 +#: sssd.conf.5.xml:3873 msgid "" "ldap_krb5_keytab (the value of krb5_keytab will be used if ldap_krb5_keytab " "is not set explicitly)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3870 +#: sssd.conf.5.xml:3877 #, fuzzy #| msgid "ldap_krb5_ticket_lifetime (integer)" msgid "ldap_krb5_ticket_lifetime" msgstr "ldap_krb5_ticket_lifetime (entier)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3873 +#: sssd.conf.5.xml:3880 #, fuzzy #| msgid "ldap_enumeration_search_timeout (integer)" msgid "ldap_enumeration_search_timeout" msgstr "ldap_enumeration_search_timeout (entier)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3876 +#: sssd.conf.5.xml:3883 #, fuzzy #| msgid "ldap_connection_expire_timeout (integer)" msgid "ldap_connection_expire_timeout" msgstr "ldap_connection_expire_timeout (entier)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3879 +#: sssd.conf.5.xml:3886 #, fuzzy #| msgid "ldap_connection_expire_timeout (integer)" msgid "ldap_connection_expire_offset" msgstr "ldap_connection_expire_timeout (entier)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3882 +#: sssd.conf.5.xml:3889 #, fuzzy #| msgid "ldap_connection_expire_timeout (integer)" msgid "ldap_connection_idle_timeout" msgstr "ldap_connection_expire_timeout (entier)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3885 sssd-ldap.5.xml:400 +#: sssd.conf.5.xml:3892 sssd-ldap.5.xml:401 msgid "ldap_use_tokengroups" msgstr "ldap_use_tokengroups" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3888 +#: sssd.conf.5.xml:3895 msgid "ldap_user_principal" msgstr "ldap_user_principal" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3891 +#: sssd.conf.5.xml:3898 msgid "ignore_group_members" msgstr "ignore_group_members" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3894 +#: sssd.conf.5.xml:3901 msgid "auto_private_groups" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3897 +#: sssd.conf.5.xml:3904 #, fuzzy #| msgid "Case insensitive." msgid "case_sensitive" msgstr "Insensible à la casse." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:3902 +#: sssd.conf.5.xml:3909 #, no-wrap msgid "" "subdomain_inherit = ldap_purge_cache_timeout\n" @@ -5006,27 +5007,27 @@ msgstr "" " " #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3909 +#: sssd.conf.5.xml:3916 msgid "Note: This option only works with the IPA and AD provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3916 +#: sssd.conf.5.xml:3923 msgid "subdomain_homedir (string)" msgstr "subdomain_homedir (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3927 +#: sssd.conf.5.xml:3934 msgid "%F" msgstr "%F" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3928 +#: sssd.conf.5.xml:3935 msgid "flat (NetBIOS) name of a subdomain." msgstr "nom plat (NetBIOS) d'un sous-domaine." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3919 +#: sssd.conf.5.xml:3926 msgid "" "Use this homedir as default value for all subdomains within this domain in " "IPA AD trust. See <emphasis>override_homedir</emphasis> for info about " @@ -5042,7 +5043,7 @@ msgstr "" "type=\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3933 +#: sssd.conf.5.xml:3940 msgid "" "The value can be overridden by <emphasis>override_homedir</emphasis> option." msgstr "" @@ -5050,17 +5051,17 @@ msgstr "" "emphasis>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3937 +#: sssd.conf.5.xml:3944 msgid "Default: <filename>/home/%d/%u</filename>" msgstr "Par défaut : <filename>/home/%d/%u</filename>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3942 +#: sssd.conf.5.xml:3949 msgid "realmd_tags (string)" msgstr "realmd_tags (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3945 +#: sssd.conf.5.xml:3952 msgid "" "Various tags stored by the realmd configuration service for this domain." msgstr "" @@ -5068,12 +5069,12 @@ msgstr "" "ce domaine." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3951 +#: sssd.conf.5.xml:3958 msgid "cached_auth_timeout (int)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3954 +#: sssd.conf.5.xml:3961 msgid "" "Specifies time in seconds since last successful online authentication for " "which user will be authenticated using cached credentials while SSSD is in " @@ -5082,19 +5083,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3962 +#: sssd.conf.5.xml:3969 msgid "" "This option's value is inherited by all trusted domains. At the moment it is " "not possible to set a different value per trusted domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3967 +#: sssd.conf.5.xml:3974 msgid "Special value 0 implies that this feature is disabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3971 +#: sssd.conf.5.xml:3978 msgid "" "Please note that if <quote>cached_auth_timeout</quote> is longer than " "<quote>pam_id_timeout</quote> then the back end could be called to handle " @@ -5102,14 +5103,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3982 +#: sssd.conf.5.xml:3989 #, fuzzy #| msgid "ldap_pwd_policy (string)" msgid "local_auth_policy (string)" msgstr "ldap_pwd_policy (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3985 +#: sssd.conf.5.xml:3992 msgid "" "Local authentication methods policy. Some backends (i.e. LDAP, proxy " "provider) only support a password based authentication, while others can " @@ -5120,7 +5121,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3995 +#: sssd.conf.5.xml:4002 msgid "" "There are three possible values for this option: match, only, enable. " "<quote>match</quote> is used to match offline and online states for Kerberos " @@ -5131,8 +5132,17 @@ msgid "" "separated, such as <quote>enable:passkey, enable:smartcard</quote>" msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4014 +msgid "" +"Please note that if local Smartcard authentication is enabled and a " +"Smartcard is present, Smartcard authentication will be preferred over the " +"authentication methods supported by the backend. I.e. there will be a PIN " +"prompt instead of e.g. a password prompt." +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:4011 +#: sssd.conf.5.xml:4026 #, no-wrap msgid "" "[domain/shadowutils]\n" @@ -5143,7 +5153,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4007 +#: sssd.conf.5.xml:4022 msgid "" "The following configuration example allows local users to authenticate " "locally using any enabled method (i.e. smartcard, passkey). <placeholder " @@ -5151,38 +5161,38 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4019 +#: sssd.conf.5.xml:4034 #, fuzzy #| msgid "This option is not available in IPA provider." msgid "This option is ignored for the files provider." msgstr "Cette option n'est pas disponible dans le fournisseur IPA." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4022 +#: sssd.conf.5.xml:4037 #, fuzzy #| msgid "Default: cn" msgid "Default: match" msgstr "Par défaut : cn" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4027 +#: sssd.conf.5.xml:4042 msgid "auto_private_groups (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4033 +#: sssd.conf.5.xml:4048 msgid "true" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4036 +#: sssd.conf.5.xml:4051 msgid "" "Create user's private group unconditionally from user's UID number. The GID " "number is ignored in this case." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4040 +#: sssd.conf.5.xml:4055 msgid "" "NOTE: Because the GID number and the user private group are inferred from " "the UID number, it is not supported to have multiple entries with the same " @@ -5191,24 +5201,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4049 +#: sssd.conf.5.xml:4064 msgid "false" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4052 +#: sssd.conf.5.xml:4067 msgid "" "Always use the user's primary GID number. The GID number must refer to a " "group object in the LDAP database." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4058 +#: sssd.conf.5.xml:4073 msgid "hybrid" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4061 +#: sssd.conf.5.xml:4076 msgid "" "A primary group is autogenerated for user entries whose UID and GID numbers " "have the same value and at the same time the GID number does not correspond " @@ -5218,14 +5228,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4074 +#: sssd.conf.5.xml:4089 msgid "" "If the UID and GID of a user are different, then the GID must correspond to " "a group entry, otherwise the GID is simply not resolvable." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4081 +#: sssd.conf.5.xml:4096 msgid "" "This feature is useful for environments that wish to stop maintaining a " "separate group objects for the user private groups, but also wish to retain " @@ -5233,21 +5243,21 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4030 +#: sssd.conf.5.xml:4045 msgid "" "This option takes any of three available values: <placeholder " "type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4093 +#: sssd.conf.5.xml:4108 msgid "" "For subdomains, the default value is False for subdomains that use assigned " "POSIX IDs and True for subdomains that use automatic ID-mapping." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:4101 +#: sssd.conf.5.xml:4116 #, no-wrap msgid "" "[domain/forest.domain/sub.domain]\n" @@ -5255,7 +5265,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:4107 +#: sssd.conf.5.xml:4122 #, no-wrap msgid "" "[domain/forest.domain]\n" @@ -5264,7 +5274,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4098 +#: sssd.conf.5.xml:4113 msgid "" "The value of auto_private_groups can either be set per subdomains in a " "subsection, for example: <placeholder type=\"programlisting\" id=\"0\"/> or " @@ -5285,31 +5295,36 @@ msgstr "" "id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4122 +#: sssd.conf.5.xml:4137 msgid "proxy_pam_target (string)" msgstr "proxy_pam_target (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4125 +#: sssd.conf.5.xml:4140 msgid "The proxy target PAM proxies to." msgstr "Le proxy cible duquel PAM devient mandataire." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4128 +#: sssd.conf.5.xml:4143 +#, fuzzy +#| msgid "" +#| "Default: not set by default, you have to take an existing pam " +#| "configuration or create a new one and add the service name here." msgid "" "Default: not set by default, you have to take an existing pam configuration " -"or create a new one and add the service name here." +"or create a new one and add the service name here. As an alternative you can " +"enable local authentication with the local_auth_policy option." msgstr "" "Par défaut : non défini, il faut utiliser une configuration de pam existante " "ou en créer une nouvelle et ajouter le nom de service ici." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4136 +#: sssd.conf.5.xml:4153 msgid "proxy_lib_name (string)" msgstr "proxy_lib_name (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4139 +#: sssd.conf.5.xml:4156 msgid "" "The name of the NSS library to use in proxy domains. The NSS functions " "searched for in the library are in the form of _nss_$(libName)_$(function), " @@ -5320,12 +5335,12 @@ msgstr "" "_nss_$(libName)_$(function), par exemple _nss_files_getpwent." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4149 +#: sssd.conf.5.xml:4166 msgid "proxy_resolver_lib_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4152 +#: sssd.conf.5.xml:4169 msgid "" "The name of the NSS library to use for hosts and networks lookups in proxy " "domains. The NSS functions searched for in the library are in the form of " @@ -5333,12 +5348,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4163 +#: sssd.conf.5.xml:4180 msgid "proxy_fast_alias (boolean)" msgstr "proxy_fast_alias (boolean)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4166 +#: sssd.conf.5.xml:4183 msgid "" "When a user or group is looked up by name in the proxy provider, a second " "lookup by ID is performed to \"canonicalize\" the name in case the requested " @@ -5352,12 +5367,12 @@ msgstr "" "afin d'améliorer les performances." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4180 +#: sssd.conf.5.xml:4197 msgid "proxy_max_children (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4183 +#: sssd.conf.5.xml:4200 msgid "" "This option specifies the number of pre-forked proxy children. It is useful " "for high-load SSSD environments where sssd may run out of available child " @@ -5365,7 +5380,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4118 +#: sssd.conf.5.xml:4133 msgid "" "Options valid for proxy domains. <placeholder type=\"variablelist\" " "id=\"0\"/>" @@ -5374,12 +5389,12 @@ msgstr "" "id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:4199 +#: sssd.conf.5.xml:4216 msgid "Application domains" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4201 +#: sssd.conf.5.xml:4218 msgid "" "SSSD, with its D-Bus interface (see <citerefentry> <refentrytitle>sssd-ifp</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry>) is appealing to " @@ -5396,7 +5411,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4221 +#: sssd.conf.5.xml:4238 msgid "" "Please note that the application domain must still be explicitly enabled in " "the <quote>domains</quote> parameter so that the lookup order between the " @@ -5404,17 +5419,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> -#: sssd.conf.5.xml:4227 +#: sssd.conf.5.xml:4244 msgid "Application domain parameters" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4229 +#: sssd.conf.5.xml:4246 msgid "inherit_from (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4232 +#: sssd.conf.5.xml:4249 msgid "" "The SSSD POSIX-type domain the application domain inherits all settings " "from. The application domain can moreover add its own settings to the " @@ -5423,7 +5438,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4246 +#: sssd.conf.5.xml:4263 msgid "" "The following example illustrates the use of an application domain. In this " "setup, the POSIX domain is connected to an LDAP server and is used by the OS " @@ -5433,7 +5448,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><programlisting> -#: sssd.conf.5.xml:4254 +#: sssd.conf.5.xml:4271 #, no-wrap msgid "" "[sssd]\n" @@ -5453,12 +5468,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4274 +#: sssd.conf.5.xml:4291 msgid "TRUSTED DOMAIN SECTION" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4276 +#: sssd.conf.5.xml:4293 msgid "" "Some options used in the domain section can also be used in the trusted " "domain section, that is, in a section called <quote>[domain/" @@ -5469,69 +5484,69 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4283 +#: sssd.conf.5.xml:4300 msgid "ldap_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4284 +#: sssd.conf.5.xml:4301 msgid "ldap_user_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4285 +#: sssd.conf.5.xml:4302 msgid "ldap_group_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4286 +#: sssd.conf.5.xml:4303 msgid "ldap_netgroup_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4287 +#: sssd.conf.5.xml:4304 msgid "ldap_service_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4288 +#: sssd.conf.5.xml:4305 msgid "ldap_sasl_mech," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4289 +#: sssd.conf.5.xml:4306 msgid "ad_server," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4290 +#: sssd.conf.5.xml:4307 msgid "ad_backup_server," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4291 +#: sssd.conf.5.xml:4308 msgid "ad_site," msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4292 sssd-ipa.5.xml:879 +#: sssd.conf.5.xml:4309 sssd-ipa.5.xml:884 msgid "use_fully_qualified_names" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4296 +#: sssd.conf.5.xml:4313 msgid "" "For more details about these options see their individual description in the " "manual page." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4302 +#: sssd.conf.5.xml:4319 msgid "CERTIFICATE MAPPING SECTION" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4304 +#: sssd.conf.5.xml:4321 msgid "" "To allow authentication with Smartcards and certificates SSSD must be able " "to map certificates to users. This can be done by adding the full " @@ -5544,7 +5559,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4318 +#: sssd.conf.5.xml:4335 msgid "" "To make the mapping more flexible mapping and matching rules were added to " "SSSD (see <citerefentry> <refentrytitle>sss-certmap</refentrytitle> " @@ -5552,7 +5567,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4327 +#: sssd.conf.5.xml:4344 msgid "" "A mapping and matching rule can be added to the SSSD configuration in a " "section on its own with a name like <quote>[certmap/" @@ -5561,55 +5576,55 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4334 +#: sssd.conf.5.xml:4351 msgid "matchrule (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4337 +#: sssd.conf.5.xml:4354 msgid "" "Only certificates from the Smartcard which matches this rule will be " "processed, all others are ignored." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4341 +#: sssd.conf.5.xml:4358 msgid "" "Default: KRB5:<EKU>clientAuth, i.e. only certificates which have the " "Extended Key Usage <quote>clientAuth</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4348 +#: sssd.conf.5.xml:4365 msgid "maprule (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4351 +#: sssd.conf.5.xml:4368 msgid "Defines how the user is found for a given certificate." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4357 +#: sssd.conf.5.xml:4374 msgid "" "LDAP:(userCertificate;binary={cert!bin}) for LDAP based providers like " "<quote>ldap</quote>, <quote>AD</quote> or <quote>ipa</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4363 +#: sssd.conf.5.xml:4380 msgid "" "The RULE_NAME for the <quote>files</quote> provider which tries to find a " "user with the same name." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4372 +#: sssd.conf.5.xml:4389 msgid "domains (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4375 +#: sssd.conf.5.xml:4392 msgid "" "Comma separated list of domain names the rule should be applied. By default " "a rule is only valid in the domain configured in sssd.conf. If the provider " @@ -5618,17 +5633,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4382 +#: sssd.conf.5.xml:4399 msgid "Default: the configured domain in sssd.conf" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4387 +#: sssd.conf.5.xml:4404 msgid "priority (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4390 +#: sssd.conf.5.xml:4407 msgid "" "Unsigned integer value defining the priority of the rule. The higher the " "number the lower the priority. <quote>0</quote> stands for the highest " @@ -5636,26 +5651,26 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4396 +#: sssd.conf.5.xml:4413 msgid "Default: the lowest priority" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4402 +#: sssd.conf.5.xml:4419 msgid "" "To make the configuration simple and reduce the amount of configuration " "options the <quote>files</quote> provider has some special properties:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4408 +#: sssd.conf.5.xml:4425 msgid "" "if maprule is not set the RULE_NAME name is assumed to be the name of the " "matching user" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4414 +#: sssd.conf.5.xml:4431 msgid "" "if a maprule is used both a single user name or a template like " "<quote>{subject_rfc822_name.short_name}</quote> must be in braces like e.g. " @@ -5664,17 +5679,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4423 +#: sssd.conf.5.xml:4440 msgid "the <quote>domains</quote> option is ignored" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4431 +#: sssd.conf.5.xml:4448 msgid "PROMPTING CONFIGURATION SECTION" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4433 +#: sssd.conf.5.xml:4450 msgid "" "If a special file (<filename>/var/lib/sss/pubconf/pam_preauth_available</" "filename>) exists SSSD's PAM module pam_sss will ask SSSD to figure out " @@ -5684,7 +5699,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4441 +#: sssd.conf.5.xml:4458 msgid "" "With the growing number of authentication methods and the possibility that " "there are multiple ones for a single user the heuristic used by pam_sss to " @@ -5693,59 +5708,59 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4453 +#: sssd.conf.5.xml:4470 msgid "[prompting/password]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4456 +#: sssd.conf.5.xml:4473 msgid "password_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4457 +#: sssd.conf.5.xml:4474 msgid "to change the string of the password prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4455 +#: sssd.conf.5.xml:4472 msgid "" "to configure password prompting, allowed options are: <placeholder " "type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4465 +#: sssd.conf.5.xml:4482 msgid "[prompting/2fa]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4469 +#: sssd.conf.5.xml:4486 msgid "first_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4470 +#: sssd.conf.5.xml:4487 msgid "to change the string of the prompt for the first factor" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4473 +#: sssd.conf.5.xml:4490 msgid "second_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4474 +#: sssd.conf.5.xml:4491 msgid "to change the string of the prompt for the second factor" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4477 +#: sssd.conf.5.xml:4494 msgid "single_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4478 +#: sssd.conf.5.xml:4495 msgid "" "boolean value, if True there will be only a single prompt using the value of " "first_prompt where it is expected that both factors are entered as a single " @@ -5754,7 +5769,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4467 +#: sssd.conf.5.xml:4484 msgid "" "to configure two-factor authentication prompting, allowed options are: " "<placeholder type=\"variablelist\" id=\"0\"/> If the second factor is " @@ -5763,17 +5778,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4495 +#: sssd.conf.5.xml:4512 msgid "[prompting/passkey]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4501 sssd-ad.5.xml:1021 +#: sssd.conf.5.xml:4518 sssd-ad.5.xml:1021 msgid "interactive" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4503 +#: sssd.conf.5.xml:4520 msgid "" "boolean value, if True prompt a message and wait before testing the presence " "of a passkey device. Recommended if your device doesn’t have a tactile " @@ -5781,39 +5796,39 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4511 +#: sssd.conf.5.xml:4528 msgid "interactive_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4513 +#: sssd.conf.5.xml:4530 msgid "to change the message of the interactive prompt." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4518 +#: sssd.conf.5.xml:4535 msgid "touch" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4520 +#: sssd.conf.5.xml:4537 msgid "" "boolean value, if True prompt a message to remind the user to touch the " "device." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4526 +#: sssd.conf.5.xml:4543 msgid "touch_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4528 +#: sssd.conf.5.xml:4545 msgid "to change the message of the touch prompt." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4497 +#: sssd.conf.5.xml:4514 #, fuzzy #| msgid "" #| "The following expansions are supported: <placeholder " @@ -5826,7 +5841,7 @@ msgstr "" "type=\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4448 +#: sssd.conf.5.xml:4465 msgid "" "Each supported authentication method has its own configuration subsection " "under <quote>[prompting/...]</quote>. Currently there are: <placeholder " @@ -5835,7 +5850,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4539 +#: sssd.conf.5.xml:4556 msgid "" "It is possible to add a subsection for specific PAM services, e.g. " "<quote>[prompting/password/sshd]</quote> to individual change the prompting " @@ -5843,12 +5858,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4546 pam_sss_gss.8.xml:157 idmap_sss.8.xml:43 +#: sssd.conf.5.xml:4563 pam_sss_gss.8.xml:157 idmap_sss.8.xml:43 msgid "EXAMPLES" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4552 +#: sssd.conf.5.xml:4569 #, no-wrap msgid "" "[sssd]\n" @@ -5902,7 +5917,7 @@ msgstr "" "enumerate = False\n" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4548 +#: sssd.conf.5.xml:4565 msgid "" "1. The following example shows a typical SSSD config. It does not describe " "configuration of the domains themselves - refer to documentation on " @@ -5911,7 +5926,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4585 +#: sssd.conf.5.xml:4602 #, no-wrap msgid "" "[domain/ipa.com/child.ad.com]\n" @@ -5919,7 +5934,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4579 +#: sssd.conf.5.xml:4596 msgid "" "2. The following example shows configuration of IPA AD trust where the AD " "forest consists of two domains in a parent-child structure. Suppose IPA " @@ -5930,7 +5945,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4596 +#: sssd.conf.5.xml:4613 #, no-wrap msgid "" "[certmap/my.domain/rule_name]\n" @@ -5941,7 +5956,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4590 +#: sssd.conf.5.xml:4607 msgid "" "3. The following example shows the configuration of a certificate mapping " "rule. It is valid for the configured domain <quote>my.domain</quote> and " @@ -5997,14 +6012,23 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ldap.5.xml:38 +#, fuzzy +#| msgid "" +#| "LDAP back end supports id, auth, access and chpass providers. If you want " +#| "to authenticate against an LDAP server either TLS/SSL or LDAPS is " +#| "required. <command>sssd</command> <emphasis>does not</emphasis> support " +#| "authentication over an unencrypted channel. If the LDAP server is used " +#| "only as an identity provider, an encrypted channel is not needed. Please " +#| "refer to <quote>ldap_access_filter</quote> config option for more " +#| "information about using LDAP as an access provider." msgid "" "LDAP back end supports id, auth, access and chpass providers. If you want to " "authenticate against an LDAP server either TLS/SSL or LDAPS is required. " "<command>sssd</command> <emphasis>does not</emphasis> support authentication " -"over an unencrypted channel. If the LDAP server is used only as an identity " -"provider, an encrypted channel is not needed. Please refer to " -"<quote>ldap_access_filter</quote> config option for more information about " -"using LDAP as an access provider." +"over an unencrypted channel. Even if the LDAP server is used only as an " +"identity provider, an encrypted channel is strongly recommended. Please " +"refer to <quote>ldap_access_filter</quote> config option for more " +"information about using LDAP as an access provider." msgstr "" "Le moteur de traitement LDAP prend en charge les fournisseurs id, auth, " "access et chpass. Si vous voulez vous authentifier sur un serveur LDAP, il " @@ -6016,19 +6040,19 @@ msgstr "" "en tant que fournisseur d'accès." #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:82 sssd-ad.5.xml:130 +#: sssd-ldap.5.xml:50 sssd-simple.5.xml:69 sssd-ipa.5.xml:82 sssd-ad.5.xml:130 #: sssd-krb5.5.xml:63 sssd-ifp.5.xml:60 sssd-files.5.xml:77 #: sssd-session-recording.5.xml:58 sssd-kcm.8.xml:202 msgid "CONFIGURATION OPTIONS" msgstr "OPTIONS DE CONFIGURATION" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:66 +#: sssd-ldap.5.xml:67 msgid "ldap_uri, ldap_backup_uri (string)" msgstr "ldap_uri, ldap_backup_uri (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:69 +#: sssd-ldap.5.xml:70 msgid "" "Specifies the comma-separated list of URIs of the LDAP servers to which SSSD " "should connect in the order of preference. Refer to the <quote>FAILOVER</" @@ -6044,18 +6068,18 @@ msgstr "" "la section de <quote>DÉCOUVERTE DE SERVICE</quote>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:76 +#: sssd-ldap.5.xml:77 msgid "The format of the URI must match the format defined in RFC 2732:" msgstr "" "Le format de l'URI doit correspondre au format définit dans la RFC 2732 :" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:79 +#: sssd-ldap.5.xml:80 msgid "ldap[s]://<host>[:port]" msgstr "ldap[s]://<host>[:port]" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:82 +#: sssd-ldap.5.xml:83 msgid "" "For explicit IPv6 addresses, <host> must be enclosed in brackets []" msgstr "" @@ -6063,17 +6087,17 @@ msgstr "" "entre crochets []" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:85 +#: sssd-ldap.5.xml:86 msgid "example: ldap://[fc00::126:25]:389" msgstr "exemple : ldap://[fc00::126:25]:389" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:91 +#: sssd-ldap.5.xml:92 msgid "ldap_chpass_uri, ldap_chpass_backup_uri (string)" msgstr "ldap_chpass_uri, ldap_chpass_backup_uri (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:94 +#: sssd-ldap.5.xml:95 msgid "" "Specifies the comma-separated list of URIs of the LDAP servers to which SSSD " "should connect in the order of preference to change the password of a user. " @@ -6086,31 +6110,31 @@ msgstr "" "plus d'informations sur le repli et la redondance de serveurs." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:101 +#: sssd-ldap.5.xml:102 msgid "To enable service discovery ldap_chpass_dns_service_name must be set." msgstr "" "Pour activer la découverte de services, ldap_chpass_dns_service_name doit " "être défini." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:105 +#: sssd-ldap.5.xml:106 msgid "Default: empty, i.e. ldap_uri is used." msgstr "Par défaut : vide, ldap_uri est donc utilisé." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:111 +#: sssd-ldap.5.xml:112 msgid "ldap_search_base (string)" msgstr "ldap_search_base (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:114 +#: sssd-ldap.5.xml:115 msgid "The default base DN to use for performing LDAP user operations." msgstr "" "Le DN de base par défaut à utiliser pour effectuer les opérations LDAP sur " "les utilisateurs." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:118 +#: sssd-ldap.5.xml:119 msgid "" "Starting with SSSD 1.7.0, SSSD supports multiple search bases using the " "syntax:" @@ -6119,17 +6143,17 @@ msgstr "" "l'aide de la syntaxe :" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:122 +#: sssd-ldap.5.xml:123 msgid "search_base[?scope?[filter][?search_base?scope?[filter]]*]" msgstr "search_base[?scope?[filter][?search_base?scope?[filter]]*]" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:125 +#: sssd-ldap.5.xml:126 msgid "The scope can be one of \"base\", \"onelevel\" or \"subtree\"." msgstr "La portée peut être l'une des « base », « onelevel » ou « subtree »." #. type: Content of: <listitem><para> -#: sssd-ldap.5.xml:128 include/ldap_search_bases.xml:18 +#: sssd-ldap.5.xml:129 include/ldap_search_bases.xml:18 msgid "" "The filter must be a valid LDAP search filter as specified by http://www." "ietf.org/rfc/rfc2254.txt" @@ -6138,13 +6162,13 @@ msgstr "" "http://www.ietf.org/rfc/rfc2254.txt" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:132 sssd-ad.5.xml:311 sss_override.8.xml:143 +#: sssd-ldap.5.xml:133 sssd-ad.5.xml:311 sss_override.8.xml:143 #: sss_override.8.xml:240 sssd-ldap-attributes.5.xml:453 msgid "Examples:" msgstr "Exemples :" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:135 +#: sssd-ldap.5.xml:136 msgid "" "ldap_search_base = dc=example,dc=com (which is equivalent to) " "ldap_search_base = dc=example,dc=com?subtree?" @@ -6153,7 +6177,7 @@ msgstr "" "dc=example,dc=com?subtree?" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:140 +#: sssd-ldap.5.xml:141 msgid "" "ldap_search_base = cn=host_specific,dc=example,dc=com?subtree?" "(host=thishost)?dc=example.com?subtree?" @@ -6162,7 +6186,7 @@ msgstr "" "(host=thishost)?dc=example.com?subtree?" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:143 +#: sssd-ldap.5.xml:144 msgid "" "Note: It is unsupported to have multiple search bases which reference " "identically-named objects (for example, groups with the same name in two " @@ -6175,7 +6199,7 @@ msgstr "" "à un comportement imprévisible sur les ordinateurs clients." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:150 +#: sssd-ldap.5.xml:151 msgid "" "Default: If not set, the value of the defaultNamingContext or namingContexts " "attribute from the RootDSE of the LDAP server is used. If " @@ -6192,12 +6216,12 @@ msgstr "" "valeurs multiples ne sont pas permises." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:164 +#: sssd-ldap.5.xml:165 msgid "ldap_schema (string)" msgstr "ldap_schema (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:167 +#: sssd-ldap.5.xml:168 msgid "" "Specifies the Schema Type in use on the target LDAP server. Depending on " "the selected schema, the default attribute names retrieved from the servers " @@ -6209,32 +6233,32 @@ msgstr "" "également différer." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:174 +#: sssd-ldap.5.xml:175 msgid "Four schema types are currently supported:" msgstr "Quatre types de schéma sont actuellement pris en charge :" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:178 +#: sssd-ldap.5.xml:179 msgid "rfc2307" msgstr "rfc2307" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:183 +#: sssd-ldap.5.xml:184 msgid "rfc2307bis" msgstr "rfc2307bis" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:188 +#: sssd-ldap.5.xml:189 msgid "IPA" msgstr "IPA" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:193 +#: sssd-ldap.5.xml:194 msgid "AD" msgstr "AD" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:199 +#: sssd-ldap.5.xml:200 msgid "" "The main difference between these schema types is how group memberships are " "recorded in the server. With rfc2307, group members are listed by name in " @@ -6252,37 +6276,37 @@ msgstr "" "correspondant aux valeurs d'Active Directory 2008r2." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:209 +#: sssd-ldap.5.xml:210 msgid "Default: rfc2307" msgstr "Par défaut : rfc2307" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:215 +#: sssd-ldap.5.xml:216 msgid "ldap_pwmodify_mode (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:218 +#: sssd-ldap.5.xml:219 msgid "Specify the operation that is used to modify user password." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:222 +#: sssd-ldap.5.xml:223 msgid "Two modes are currently supported:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:226 +#: sssd-ldap.5.xml:227 msgid "exop - Password Modify Extended Operation (RFC 3062)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:232 +#: sssd-ldap.5.xml:233 msgid "ldap_modify - Direct modification of userPassword (not recommended)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:239 +#: sssd-ldap.5.xml:240 msgid "" "Note: First, a new connection is established to verify current password by " "binding as the user that requested password change. If successful, this " @@ -6291,76 +6315,76 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:247 +#: sssd-ldap.5.xml:248 msgid "Default: exop" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:253 +#: sssd-ldap.5.xml:254 msgid "ldap_default_bind_dn (string)" msgstr "ldap_default_bind_dn (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:256 +#: sssd-ldap.5.xml:257 msgid "The default bind DN to use for performing LDAP operations." msgstr "" "Le DN de connexion par défaut à utiliser pour effectuer les opérations LDAP." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:263 +#: sssd-ldap.5.xml:264 msgid "ldap_default_authtok_type (string)" msgstr "ldap_default_authtok_type (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:266 +#: sssd-ldap.5.xml:267 msgid "The type of the authentication token of the default bind DN." msgstr "" "Le type de jeton d'authentification pour le DN de connexion par défaut." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:270 +#: sssd-ldap.5.xml:271 msgid "The two mechanisms currently supported are:" msgstr "Les deux mécanismes actuellement pris en charge sont :" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:273 +#: sssd-ldap.5.xml:274 msgid "password" msgstr "password" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:276 +#: sssd-ldap.5.xml:277 msgid "obfuscated_password" msgstr "obfuscated_password" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:279 +#: sssd-ldap.5.xml:280 msgid "Default: password" msgstr "Par défaut : password" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:282 +#: sssd-ldap.5.xml:283 msgid "" "See the <citerefentry> <refentrytitle>sss_obfuscate</refentrytitle> " "<manvolnum>8</manvolnum> </citerefentry> manual page for more information." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:293 +#: sssd-ldap.5.xml:294 msgid "ldap_default_authtok (string)" msgstr "ldap_default_authtok (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:296 +#: sssd-ldap.5.xml:297 msgid "The authentication token of the default bind DN." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:302 +#: sssd-ldap.5.xml:303 msgid "ldap_force_upper_case_realm (boolean)" msgstr "ldap_force_upper_case_realm (booléen)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:305 +#: sssd-ldap.5.xml:306 msgid "" "Some directory servers, for example Active Directory, might deliver the " "realm part of the UPN in lower case, which might cause the authentication to " @@ -6373,12 +6397,12 @@ msgstr "" "utiliser un nom de domaine en majuscules." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:318 +#: sssd-ldap.5.xml:319 msgid "ldap_enumeration_refresh_timeout (integer)" msgstr "ldap_enumeration_refresh_timeout (entier)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:321 +#: sssd-ldap.5.xml:322 msgid "" "Specifies how many seconds SSSD has to wait before refreshing its cache of " "enumerated records." @@ -6387,12 +6411,12 @@ msgstr "" "d'actualiser son cache d\"énumération d'enregistrements." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:337 +#: sssd-ldap.5.xml:338 msgid "ldap_purge_cache_timeout (integer)" msgstr "ldap_purge_cache_timeout (entier)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:340 +#: sssd-ldap.5.xml:341 msgid "" "Determine how often to check the cache for inactive entries (such as groups " "with no members and users who have never logged in) and remove them to save " @@ -6403,7 +6427,7 @@ msgstr "" "jamais connectés) et de suppression pour économiser de l'espace." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:346 +#: sssd-ldap.5.xml:347 msgid "" "Setting this option to zero will disable the cache cleanup operation. Please " "note that if enumeration is enabled, the cleanup task is required in order " @@ -6412,12 +6436,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:366 +#: sssd-ldap.5.xml:367 msgid "ldap_group_nesting_level (integer)" msgstr "ldap_group_nesting_level (entier)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:369 +#: sssd-ldap.5.xml:370 msgid "" "If ldap_schema is set to a schema format that supports nested groups (e.g. " "RFC2307bis), then this option controls how many levels of nesting SSSD will " @@ -6429,7 +6453,7 @@ msgstr "" "schéma RFC2307." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:376 +#: sssd-ldap.5.xml:377 msgid "" "Note: This option specifies the guaranteed level of nested groups to be " "processed for any lookup. However, nested groups beyond this limit " @@ -6439,7 +6463,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:385 +#: sssd-ldap.5.xml:386 msgid "" "If ldap_group_nesting_level is set to 0 then no nested groups are processed " "at all. However, when connected to Active-Directory Server 2008 and later " @@ -6449,12 +6473,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:394 +#: sssd-ldap.5.xml:395 msgid "Default: 2" msgstr "Par défaut : 2" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:403 +#: sssd-ldap.5.xml:404 msgid "" "This options enables or disables use of Token-Groups attribute when " "performing initgroup for users from Active Directory Server 2008 and later." @@ -6464,25 +6488,25 @@ msgstr "" "2008 et versions ultérieures." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:413 +#: sssd-ldap.5.xml:414 msgid "Default: True for AD and IPA otherwise False." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:419 +#: sssd-ldap.5.xml:420 msgid "ldap_host_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:422 +#: sssd-ldap.5.xml:423 msgid "Optional. Use the given string as search base for host objects." msgstr "" "Facultatif. Utiliser la chaîne donnée comme base de recherche pour héberger " "des objets." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:426 sssd-ipa.5.xml:457 sssd-ipa.5.xml:476 sssd-ipa.5.xml:495 -#: sssd-ipa.5.xml:514 +#: sssd-ldap.5.xml:427 sssd-ipa.5.xml:462 sssd-ipa.5.xml:481 sssd-ipa.5.xml:500 +#: sssd-ipa.5.xml:519 msgid "" "See <quote>ldap_search_base</quote> for information about configuring " "multiple search bases." @@ -6491,32 +6515,32 @@ msgstr "" "configuration des bases de recherche multiples." #. type: Content of: <listitem><para> -#: sssd-ldap.5.xml:431 sssd-ipa.5.xml:462 include/ldap_search_bases.xml:27 +#: sssd-ldap.5.xml:432 sssd-ipa.5.xml:467 include/ldap_search_bases.xml:27 msgid "Default: the value of <emphasis>ldap_search_base</emphasis>" msgstr "Par défaut : la valeur de <emphasis>ldap_search_base</emphasis>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:438 +#: sssd-ldap.5.xml:439 msgid "ldap_service_search_base (string)" msgstr "ldap_service_search_base (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:443 +#: sssd-ldap.5.xml:444 msgid "ldap_iphost_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:448 +#: sssd-ldap.5.xml:449 msgid "ldap_ipnetwork_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:453 +#: sssd-ldap.5.xml:454 msgid "ldap_search_timeout (integer)" msgstr "ldap_search_timeout (entier)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:456 +#: sssd-ldap.5.xml:457 msgid "" "Specifies the timeout (in seconds) that ldap searches are allowed to run " "before they are cancelled and cached results are returned (and offline mode " @@ -6527,7 +6551,7 @@ msgstr "" "activation du mode hors ligne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:462 +#: sssd-ldap.5.xml:463 msgid "" "Note: this option is subject to change in future versions of the SSSD. It " "will likely be replaced at some point by a series of timeouts for specific " @@ -6538,12 +6562,12 @@ msgstr "" "différents types de recherches." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:479 +#: sssd-ldap.5.xml:480 msgid "ldap_enumeration_search_timeout (integer)" msgstr "ldap_enumeration_search_timeout (entier)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:482 +#: sssd-ldap.5.xml:483 msgid "" "Specifies the timeout (in seconds) that ldap searches for user and group " "enumerations are allowed to run before they are cancelled and cached results " @@ -6554,12 +6578,12 @@ msgstr "" "résultats mis en cache (et activation du mode hors ligne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:500 +#: sssd-ldap.5.xml:501 msgid "ldap_network_timeout (integer)" msgstr "ldap_network_timeout (entier)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:503 +#: sssd-ldap.5.xml:504 msgid "" "Specifies the timeout (in seconds) after which the <citerefentry> " "<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/" @@ -6576,12 +6600,12 @@ msgstr "" "citerefentry> rendent la main en cas d'inactivité." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:531 +#: sssd-ldap.5.xml:532 msgid "ldap_opt_timeout (integer)" msgstr "ldap_opt_timeout (entier)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:534 +#: sssd-ldap.5.xml:535 msgid "" "Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs " "will abort if no response is received. Also controls the timeout when " @@ -6590,12 +6614,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:554 +#: sssd-ldap.5.xml:555 msgid "ldap_connection_expire_timeout (integer)" msgstr "ldap_connection_expire_timeout (entier)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:557 +#: sssd-ldap.5.xml:558 msgid "" "Specifies a timeout (in seconds) that a connection to an LDAP server will be " "maintained. After this time, the connection will be re-established. If used " @@ -6608,7 +6632,7 @@ msgstr "" "courte des deux valeurs entre celle-ci et la durée de vie TGT sera utilisée." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:565 +#: sssd-ldap.5.xml:566 msgid "" "If the connection is idle (not actively running an operation) within " "<emphasis>ldap_opt_timeout</emphasis> seconds of expiration, then it will be " @@ -6619,38 +6643,38 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:577 +#: sssd-ldap.5.xml:578 msgid "" "This timeout can be extended of a random value specified by " "<emphasis>ldap_connection_expire_offset</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:587 sssd-ldap.5.xml:630 sssd-ldap.5.xml:1711 +#: sssd-ldap.5.xml:588 sssd-ldap.5.xml:631 sssd-ldap.5.xml:1713 msgid "Default: 900 (15 minutes)" msgstr "Par défaut : 900 (15 minutes)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:593 +#: sssd-ldap.5.xml:594 msgid "ldap_connection_expire_offset (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:596 +#: sssd-ldap.5.xml:597 msgid "" "Random offset between 0 and configured value is added to " "<emphasis>ldap_connection_expire_timeout</emphasis>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:612 +#: sssd-ldap.5.xml:613 #, fuzzy #| msgid "ldap_connection_expire_timeout (integer)" msgid "ldap_connection_idle_timeout (integer)" msgstr "ldap_connection_expire_timeout (entier)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:615 +#: sssd-ldap.5.xml:616 #, fuzzy #| msgid "" #| "Specifies a timeout (in seconds) that a connection to an LDAP server will " @@ -6668,17 +6692,17 @@ msgstr "" "courte des deux valeurs entre celle-ci et la durée de vie TGT sera utilisée." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:621 +#: sssd-ldap.5.xml:622 msgid "You can disable this timeout by setting the value to 0." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:636 +#: sssd-ldap.5.xml:637 msgid "ldap_page_size (integer)" msgstr "ldap_page_size (entier)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:639 +#: sssd-ldap.5.xml:640 msgid "" "Specify the number of records to retrieve from LDAP in a single request. " "Some LDAP servers enforce a maximum limit per-request." @@ -6687,12 +6711,12 @@ msgstr "" "Certains serveurs LDAP imposent une limite maximale par requête." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:650 +#: sssd-ldap.5.xml:651 msgid "ldap_disable_paging (boolean)" msgstr "ldap_disable_paging (boolean)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:653 +#: sssd-ldap.5.xml:654 msgid "" "Disable the LDAP paging control. This option should be used if the LDAP " "server reports that it supports the LDAP paging control in its RootDSE but " @@ -6704,7 +6728,7 @@ msgstr "" "correctement." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:659 +#: sssd-ldap.5.xml:660 msgid "" "Example: OpenLDAP servers with the paging control module installed on the " "server but not enabled will report it in the RootDSE but be unable to use it." @@ -6714,7 +6738,7 @@ msgstr "" "sera impossible de l'utiliser." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:665 +#: sssd-ldap.5.xml:666 msgid "" "Example: 389 DS has a bug where it can only support a one paging control at " "a time on a single connection. On busy clients, this can result in some " @@ -6725,17 +6749,17 @@ msgstr "" "cela peut entraîner l'échec de certaines demandes." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:677 +#: sssd-ldap.5.xml:678 msgid "ldap_disable_range_retrieval (boolean)" msgstr "ldap_disable_range_retrieval (booléen)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:680 +#: sssd-ldap.5.xml:681 msgid "Disable Active Directory range retrieval." msgstr "Désactiver la récupération de plage Active Directory." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:683 +#: sssd-ldap.5.xml:684 msgid "" "Active Directory limits the number of members to be retrieved in a single " "lookup using the MaxValRange policy (which defaults to 1500 members). If a " @@ -6751,12 +6775,12 @@ msgstr "" "apparaissant ainsi sans aucun membre." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:698 +#: sssd-ldap.5.xml:699 msgid "ldap_sasl_minssf (integer)" msgstr "ldap_sasl_minssf (integer)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:701 +#: sssd-ldap.5.xml:702 msgid "" "When communicating with an LDAP server using SASL, specify the minimum " "security level necessary to establish the connection. The values of this " @@ -6767,19 +6791,19 @@ msgstr "" "de cette option sont définies par OpenLDAP." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:707 sssd-ldap.5.xml:723 +#: sssd-ldap.5.xml:708 sssd-ldap.5.xml:724 msgid "Default: Use the system default (usually specified by ldap.conf)" msgstr "" "Par défaut : Utiliser la valeur par défaut du système (généralement spécifié " "par ldap.conf)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:714 +#: sssd-ldap.5.xml:715 msgid "ldap_sasl_maxssf (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:717 +#: sssd-ldap.5.xml:718 msgid "" "When communicating with an LDAP server using SASL, specify the maximal " "security level necessary to establish the connection. The values of this " @@ -6787,12 +6811,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:730 +#: sssd-ldap.5.xml:731 msgid "ldap_deref_threshold (integer)" msgstr "ldap_deref_threshold (entier)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:733 +#: sssd-ldap.5.xml:734 msgid "" "Specify the number of group members that must be missing from the internal " "cache in order to trigger a dereference lookup. If less members are missing, " @@ -6803,7 +6827,7 @@ msgstr "" "membres manquants est inférieur, ils sont recherchés individuellement." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:739 +#: sssd-ldap.5.xml:740 msgid "" "You can turn off dereference lookups completely by setting the value to 0. " "Please note that there are some codepaths in SSSD, like the IPA HBAC " @@ -6814,7 +6838,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:750 +#: sssd-ldap.5.xml:751 msgid "" "A dereference lookup is a means of fetching all group members in a single " "LDAP call. Different LDAP servers may implement different dereference " @@ -6827,7 +6851,7 @@ msgstr "" "acceptés sont 389/RHDS, OpenLDAP et Active Directory." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:758 +#: sssd-ldap.5.xml:759 msgid "" "<emphasis>Note:</emphasis> If any of the search bases specifies a search " "filter, then the dereference lookup performance enhancement will be disabled " @@ -6838,12 +6862,12 @@ msgstr "" "déréférencement est désactivée indépendamment de ce paramètre." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:771 +#: sssd-ldap.5.xml:772 msgid "ldap_ignore_unreadable_references (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:774 +#: sssd-ldap.5.xml:775 msgid "" "Ignore unreadable LDAP entries referenced in group's member attribute. If " "this parameter is set to false an error will be returned and the operation " @@ -6851,7 +6875,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:781 +#: sssd-ldap.5.xml:782 msgid "" "This parameter may be useful when using the AD provider and the computer " "account that sssd uses to connect to AD does not have access to a particular " @@ -6859,12 +6883,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:794 +#: sssd-ldap.5.xml:795 msgid "ldap_tls_reqcert (string)" msgstr "ldap_tls_reqcert (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:797 +#: sssd-ldap.5.xml:798 msgid "" "Specifies what checks to perform on server certificates in a TLS session, if " "any. It can be specified as one of the following values:" @@ -6873,7 +6897,7 @@ msgstr "" "session TLS, si elle existe. Une des valeurs suivantes est utilisable :" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:803 +#: sssd-ldap.5.xml:804 msgid "" "<emphasis>never</emphasis> = The client will not request or check any server " "certificate." @@ -6882,7 +6906,7 @@ msgstr "" "quelconque certificat du serveur." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:807 +#: sssd-ldap.5.xml:808 msgid "" "<emphasis>allow</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -6893,7 +6917,7 @@ msgstr "" "certificat est fourni, il est ignoré et la session continue normalement." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:814 +#: sssd-ldap.5.xml:815 msgid "" "<emphasis>try</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -6904,7 +6928,7 @@ msgstr "" "certificat est fourni, la session se termine immédiatement." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:820 +#: sssd-ldap.5.xml:821 msgid "" "<emphasis>demand</emphasis> = The server certificate is requested. If no " "certificate is provided, or a bad certificate is provided, the session is " @@ -6915,22 +6939,22 @@ msgstr "" "immédiatement." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:826 +#: sssd-ldap.5.xml:827 msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>" msgstr "<emphasis>hard</emphasis> : identique à <quote>demand</quote>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:830 +#: sssd-ldap.5.xml:831 msgid "Default: hard" msgstr "Par défaut : hard" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:836 +#: sssd-ldap.5.xml:837 msgid "ldap_tls_cacert (string)" msgstr "ldap_tls_cacert (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:839 +#: sssd-ldap.5.xml:840 msgid "" "Specifies the file that contains certificates for all of the Certificate " "Authorities that <command>sssd</command> will recognize." @@ -6939,7 +6963,7 @@ msgstr "" "certification que <command>sssd</command> reconnaîtra." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:844 sssd-ldap.5.xml:862 sssd-ldap.5.xml:903 +#: sssd-ldap.5.xml:845 sssd-ldap.5.xml:863 sssd-ldap.5.xml:904 msgid "" "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap." "conf</filename>" @@ -6948,12 +6972,12 @@ msgstr "" "<filename>/etc/openldap/ldap.conf</filename>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:851 +#: sssd-ldap.5.xml:852 msgid "ldap_tls_cacertdir (string)" msgstr "ldap_tls_cacertdir (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:854 +#: sssd-ldap.5.xml:855 msgid "" "Specifies the path of a directory that contains Certificate Authority " "certificates in separate individual files. Typically the file names need to " @@ -6967,32 +6991,32 @@ msgstr "" "corrects." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:869 +#: sssd-ldap.5.xml:870 msgid "ldap_tls_cert (string)" msgstr "ldap_tls_cert (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:872 +#: sssd-ldap.5.xml:873 msgid "Specifies the file that contains the certificate for the client's key." msgstr "Définit le fichier qui contient le certificat pour la clef du client." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:882 +#: sssd-ldap.5.xml:883 msgid "ldap_tls_key (string)" msgstr "ldap_tls_key (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:885 +#: sssd-ldap.5.xml:886 msgid "Specifies the file that contains the client's key." msgstr "Définit le fichier qui contient la clef du client." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:894 +#: sssd-ldap.5.xml:895 msgid "ldap_tls_cipher_suite (string)" msgstr "ldap_tls_cipher_suite (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:897 +#: sssd-ldap.5.xml:898 msgid "" "Specifies acceptable cipher suites. Typically this is a colon separated " "list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> " @@ -7000,27 +7024,32 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:910 +#: sssd-ldap.5.xml:911 msgid "ldap_id_use_start_tls (boolean)" msgstr "ldap_id_use_start_tls (booléen)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:913 +#: sssd-ldap.5.xml:914 +#, fuzzy +#| msgid "" +#| "Specifies that the id_provider connection must also use <systemitem " +#| "class=\"protocol\">tls</systemitem> to protect the channel." msgid "" "Specifies that the id_provider connection must also use <systemitem " -"class=\"protocol\">tls</systemitem> to protect the channel." +"class=\"protocol\">tls</systemitem> to protect the channel. <emphasis>true</" +"emphasis> is strongly recommended for security reasons." msgstr "" "Définit le fait que le fournisseur d'identité de connexion doit aussi " "utiliser <systemitem class=\"protocol\">tls</systemitem> pour protéger le " "canal." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:923 +#: sssd-ldap.5.xml:925 msgid "ldap_id_mapping (boolean)" msgstr "ldap_id_mapping (boolean)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:926 +#: sssd-ldap.5.xml:928 msgid "" "Specifies that SSSD should attempt to map user and group IDs from the " "ldap_user_objectsid and ldap_group_objectsid attributes instead of relying " @@ -7032,19 +7061,19 @@ msgstr "" "ldap_group_gid_number." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:932 +#: sssd-ldap.5.xml:934 msgid "Currently this feature supports only ActiveDirectory objectSID mapping." msgstr "" "Cette fonctionnalité ne prend actuellement en charge que la correspondance " "par objectSID avec Active Directory." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:942 +#: sssd-ldap.5.xml:944 msgid "ldap_min_id, ldap_max_id (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:945 +#: sssd-ldap.5.xml:947 msgid "" "In contrast to the SID based ID mapping which is used if ldap_id_mapping is " "set to true the allowed ID range for ldap_user_uid_number and " @@ -7064,24 +7093,24 @@ msgstr "" "identifiants." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:957 +#: sssd-ldap.5.xml:959 msgid "Default: not set (both options are set to 0)" msgstr "Par défaut : non indiqué (les deux options sont à 0)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:963 +#: sssd-ldap.5.xml:965 msgid "ldap_sasl_mech (string)" msgstr "ldap_sasl_mech (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:966 +#: sssd-ldap.5.xml:968 msgid "" "Specify the SASL mechanism to use. Currently only GSSAPI and GSS-SPNEGO are " "tested and supported." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:970 +#: sssd-ldap.5.xml:972 msgid "" "If the backend supports sub-domains the value of ldap_sasl_mech is " "automatically inherited to the sub-domains. If a different value is needed " @@ -7092,12 +7121,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:986 +#: sssd-ldap.5.xml:988 msgid "ldap_sasl_authid (string)" msgstr "ldap_sasl_authid (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd-ldap.5.xml:998 +#: sssd-ldap.5.xml:1000 #, no-wrap msgid "" "hostname@REALM\n" @@ -7110,7 +7139,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:989 +#: sssd-ldap.5.xml:991 msgid "" "Specify the SASL authorization id to use. When GSSAPI/GSS-SPNEGO are used, " "this represents the Kerberos principal used for authentication to the " @@ -7122,17 +7151,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1009 +#: sssd-ldap.5.xml:1011 msgid "Default: host/hostname@REALM" msgstr "Par défaut : host/hostname@REALM" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1015 +#: sssd-ldap.5.xml:1017 msgid "ldap_sasl_realm (string)" msgstr "ldap_sasl_realm (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1018 +#: sssd-ldap.5.xml:1020 msgid "" "Specify the SASL realm to use. When not specified, this option defaults to " "the value of krb5_realm. If the ldap_sasl_authid contains the realm as " @@ -7143,17 +7172,17 @@ msgstr "" "domaine, cette option est ignorée." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1024 +#: sssd-ldap.5.xml:1026 msgid "Default: the value of krb5_realm." msgstr "Par défaut : la valeur de krb5_realm." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1030 +#: sssd-ldap.5.xml:1032 msgid "ldap_sasl_canonicalize (boolean)" msgstr "ldap_sasl_canonicalize (booléen)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1033 +#: sssd-ldap.5.xml:1035 msgid "" "If set to true, the LDAP library would perform a reverse lookup to " "canonicalize the host name during a SASL bind." @@ -7162,34 +7191,34 @@ msgstr "" "le nom de l'hôte au cours d'une liaison SASL." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1038 +#: sssd-ldap.5.xml:1040 msgid "Default: false;" msgstr "Défaut : false;" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1044 +#: sssd-ldap.5.xml:1046 msgid "ldap_krb5_keytab (string)" msgstr "ldap_krb5_keytab (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1047 +#: sssd-ldap.5.xml:1049 msgid "Specify the keytab to use when using SASL/GSSAPI/GSS-SPNEGO." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1056 sssd-krb5.5.xml:247 +#: sssd-ldap.5.xml:1058 sssd-krb5.5.xml:247 msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>" msgstr "" "Par défaut : le fichier keytab du système, normalement <filename>/etc/krb5." "keytab</filename>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1062 +#: sssd-ldap.5.xml:1064 msgid "ldap_krb5_init_creds (boolean)" msgstr "ldap_krb5_init_creds (booléen)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1065 +#: sssd-ldap.5.xml:1067 msgid "" "Specifies that the id_provider should init Kerberos credentials (TGT). This " "action is performed only if SASL is used and the mechanism selected is " @@ -7197,28 +7226,28 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1077 +#: sssd-ldap.5.xml:1079 msgid "ldap_krb5_ticket_lifetime (integer)" msgstr "ldap_krb5_ticket_lifetime (entier)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1080 +#: sssd-ldap.5.xml:1082 msgid "" "Specifies the lifetime in seconds of the TGT if GSSAPI or GSS-SPNEGO is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1089 sssd-ad.5.xml:1252 +#: sssd-ldap.5.xml:1091 sssd-ad.5.xml:1252 msgid "Default: 86400 (24 hours)" msgstr "Par défaut : 86400 (24 heures)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1095 sssd-krb5.5.xml:74 +#: sssd-ldap.5.xml:1097 sssd-krb5.5.xml:74 msgid "krb5_server, krb5_backup_server (string)" msgstr "krb5_server, krb5_backup_server (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1098 +#: sssd-ldap.5.xml:1100 msgid "" "Specifies the comma-separated list of IP addresses or hostnames of the " "Kerberos servers to which SSSD should connect in the order of preference. " @@ -7238,7 +7267,7 @@ msgstr "" "<quote>DÉCOUVERTE DE SERVICES</quote>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1110 sssd-krb5.5.xml:89 +#: sssd-ldap.5.xml:1112 sssd-krb5.5.xml:89 msgid "" "When using service discovery for KDC or kpasswd servers, SSSD first searches " "for DNS entries that specify _udp as the protocol and falls back to _tcp if " @@ -7249,7 +7278,7 @@ msgstr "" "comme protocole, et passe sur _tcp si aucune entrée n'est trouvée." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1115 sssd-krb5.5.xml:94 +#: sssd-ldap.5.xml:1117 sssd-krb5.5.xml:94 msgid "" "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. " "While the legacy name is recognized for the time being, users are advised to " @@ -7261,29 +7290,29 @@ msgstr "" "l'utilisation de <quote>krb5_server</quote>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1124 sssd-ipa.5.xml:526 sssd-krb5.5.xml:103 +#: sssd-ldap.5.xml:1126 sssd-ipa.5.xml:531 sssd-krb5.5.xml:103 msgid "krb5_realm (string)" msgstr "krb5_realm (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1127 +#: sssd-ldap.5.xml:1129 msgid "Specify the Kerberos REALM (for SASL/GSSAPI/GSS-SPNEGO auth)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1131 +#: sssd-ldap.5.xml:1133 msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>" msgstr "" "Par défaut : valeur par défaut du système, voir <filename>/etc/krb5.conf</" "filename>" #. type: Content of: <variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1137 include/krb5_options.xml:154 +#: sssd-ldap.5.xml:1139 include/krb5_options.xml:154 msgid "krb5_canonicalize (boolean)" msgstr "krb5_canonicalize (booléen)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1140 +#: sssd-ldap.5.xml:1142 msgid "" "Specifies if the host principal should be canonicalized when connecting to " "LDAP server. This feature is available with MIT Kerberos >= 1.7" @@ -7293,12 +7322,12 @@ msgstr "" "Kerberos > = 1.7" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1152 sssd-krb5.5.xml:336 +#: sssd-ldap.5.xml:1154 sssd-krb5.5.xml:336 msgid "krb5_use_kdcinfo (boolean)" msgstr "krb5_use_kdcinfo (booléen)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1155 sssd-krb5.5.xml:339 +#: sssd-ldap.5.xml:1157 sssd-krb5.5.xml:339 msgid "" "Specifies if the SSSD should instruct the Kerberos libraries what realm and " "which KDCs to use. This option is on by default, if you disable it, you need " @@ -7313,7 +7342,7 @@ msgstr "" "<manvolnum>5</manvolnum> </citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1166 sssd-krb5.5.xml:350 +#: sssd-ldap.5.xml:1168 sssd-krb5.5.xml:350 msgid "" "See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</" "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more " @@ -7325,12 +7354,12 @@ msgstr "" "localisation." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1180 +#: sssd-ldap.5.xml:1182 msgid "ldap_pwd_policy (string)" msgstr "ldap_pwd_policy (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1183 +#: sssd-ldap.5.xml:1185 msgid "" "Select the policy to evaluate the password expiration on the client side. " "The following values are allowed:" @@ -7339,7 +7368,7 @@ msgstr "" "valeurs suivantes sont acceptées :" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1188 +#: sssd-ldap.5.xml:1190 msgid "" "<emphasis>none</emphasis> - No evaluation on the client side. This option " "cannot disable server-side password policies." @@ -7348,7 +7377,7 @@ msgstr "" "peut pas désactiver la politique sur les mots de passe du côté serveur." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1193 +#: sssd-ldap.5.xml:1195 #, fuzzy #| msgid "" #| "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</" @@ -7365,7 +7394,7 @@ msgstr "" "manvolnum></citerefentry> pour évaluer si le mot de passe a expiré." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1201 +#: sssd-ldap.5.xml:1203 msgid "" "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos " "to determine if the password has expired. Use chpass_provider=krb5 to update " @@ -7377,7 +7406,7 @@ msgstr "" "est changé." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1210 +#: sssd-ldap.5.xml:1212 msgid "" "<emphasis>Note</emphasis>: if a password policy is configured on server " "side, it always takes precedence over policy set with this option." @@ -7386,17 +7415,17 @@ msgstr "" "côté serveur, elle prend le pas sur la politique indiquée avec cette option." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1218 +#: sssd-ldap.5.xml:1220 msgid "ldap_referrals (boolean)" msgstr "ldap_referrals (booléen)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1221 +#: sssd-ldap.5.xml:1223 msgid "Specifies whether automatic referral chasing should be enabled." msgstr "Définit si le déréférencement automatique doit être activé." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1225 +#: sssd-ldap.5.xml:1227 msgid "" "Please note that sssd only supports referral chasing when it is compiled " "with OpenLDAP version 2.4.13 or higher." @@ -7405,7 +7434,7 @@ msgstr "" "compilé avec OpenLDAP version 2.4.13 ou supérieur." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1230 +#: sssd-ldap.5.xml:1232 #, fuzzy #| msgid "" #| "Chasing referrals may incur a performance penalty in environments that " @@ -7429,29 +7458,29 @@ msgstr "" "permettre d'améliorer de façon notable les performances." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1249 +#: sssd-ldap.5.xml:1251 msgid "ldap_dns_service_name (string)" msgstr "ldap_dns_service_name (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1252 +#: sssd-ldap.5.xml:1254 msgid "Specifies the service name to use when service discovery is enabled." msgstr "" "Définit le nom de service à utiliser quand la découverte de services est " "activée." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1256 +#: sssd-ldap.5.xml:1258 msgid "Default: ldap" msgstr "Par défaut : ldap" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1262 +#: sssd-ldap.5.xml:1264 msgid "ldap_chpass_dns_service_name (string)" msgstr "ldap_chpass_dns_service_name (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1265 +#: sssd-ldap.5.xml:1267 msgid "" "Specifies the service name to use to find an LDAP server which allows " "password changes when service discovery is enabled." @@ -7460,19 +7489,19 @@ msgstr "" "un changement de mot de passe quand la découverte de services est activée." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1270 +#: sssd-ldap.5.xml:1272 msgid "Default: not set, i.e. service discovery is disabled" msgstr "" "Par défaut : non défini, c'est-à-dire que le service de découverte est " "désactivé." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1276 +#: sssd-ldap.5.xml:1278 msgid "ldap_chpass_update_last_change (bool)" msgstr "ldap_chpass_update_last_change (bool)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1279 +#: sssd-ldap.5.xml:1281 msgid "" "Specifies whether to update the ldap_user_shadow_last_change attribute with " "days since the Epoch after a password change operation." @@ -7482,7 +7511,7 @@ msgstr "" "de passe." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1285 +#: sssd-ldap.5.xml:1287 msgid "" "It is recommend to set this option explicitly if \"ldap_pwd_policy = " "shadow\" is used to let SSSD know if the LDAP server will update " @@ -7491,12 +7520,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1299 +#: sssd-ldap.5.xml:1301 msgid "ldap_access_filter (string)" msgstr "ldap_access_filter (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1302 +#: sssd-ldap.5.xml:1304 msgid "" "If using access_provider = ldap and ldap_access_order = filter (default), " "this option is mandatory. It specifies an LDAP search filter criteria that " @@ -7512,12 +7541,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1322 +#: sssd-ldap.5.xml:1324 msgid "Example:" msgstr "Exemple :" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> -#: sssd-ldap.5.xml:1325 +#: sssd-ldap.5.xml:1327 #, no-wrap msgid "" "access_provider = ldap\n" @@ -7529,7 +7558,7 @@ msgstr "" " " #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1329 +#: sssd-ldap.5.xml:1331 msgid "" "This example means that access to this host is restricted to users whose " "employeeType attribute is set to \"admin\"." @@ -7538,7 +7567,7 @@ msgstr "" "dont l'attribut employeeType est « admin »." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1334 +#: sssd-ldap.5.xml:1336 msgid "" "Offline caching for this feature is limited to determining whether the " "user's last online login was granted access permission. If they were granted " @@ -7547,17 +7576,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1342 sssd-ldap.5.xml:1398 +#: sssd-ldap.5.xml:1344 sssd-ldap.5.xml:1400 msgid "Default: Empty" msgstr "Par défaut : vide" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1348 +#: sssd-ldap.5.xml:1350 msgid "ldap_account_expire_policy (string)" msgstr "ldap_account_expire_policy (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1351 +#: sssd-ldap.5.xml:1353 msgid "" "With this option a client side evaluation of access control attributes can " "be enabled." @@ -7566,7 +7595,7 @@ msgstr "" "être activée." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1355 +#: sssd-ldap.5.xml:1357 msgid "" "Please note that it is always recommended to use server side access control, " "i.e. the LDAP server should deny the bind request with a suitable error code " @@ -7578,12 +7607,12 @@ msgstr "" "correct." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1362 +#: sssd-ldap.5.xml:1364 msgid "The following values are allowed:" msgstr "Les valeurs suivantes sont autorisées :" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1365 +#: sssd-ldap.5.xml:1367 msgid "" "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to " "determine if the account is expired." @@ -7592,7 +7621,7 @@ msgstr "" "pour déterminer si le compte a expiré." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1370 +#: sssd-ldap.5.xml:1372 msgid "" "<emphasis>ad</emphasis>: use the value of the 32bit field " "ldap_user_ad_user_account_control and allow access if the second bit is not " @@ -7605,7 +7634,7 @@ msgstr "" "d'expiration du compte est aussi vérifiée." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1377 +#: sssd-ldap.5.xml:1379 msgid "" "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</" "emphasis>: use the value of ldap_ns_account_lock to check if access is " @@ -7616,7 +7645,7 @@ msgstr "" "l'accès est autorisé ou non." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1383 +#: sssd-ldap.5.xml:1385 msgid "" "<emphasis>nds</emphasis>: the values of " "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and " @@ -7629,7 +7658,7 @@ msgstr "" "est autorisé. Si les deux attributs sont manquants, l'accès est autorisé." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1391 +#: sssd-ldap.5.xml:1393 msgid "" "Please note that the ldap_access_order configuration option <emphasis>must</" "emphasis> include <quote>expire</quote> in order for the " @@ -7640,24 +7669,24 @@ msgstr "" "ldap_account_expire_policy de fonctionner." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1404 +#: sssd-ldap.5.xml:1406 msgid "ldap_access_order (string)" msgstr "ldap_access_order (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1407 sssd-ipa.5.xml:351 +#: sssd-ldap.5.xml:1409 sssd-ipa.5.xml:356 msgid "Comma separated list of access control options. Allowed values are:" msgstr "" "Liste séparées par des virgules des options de contrôles d'accès. Les " "valeurs autorisées sont :" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1411 +#: sssd-ldap.5.xml:1413 msgid "<emphasis>filter</emphasis>: use ldap_access_filter" msgstr "<emphasis>filter</emphasis> : utiliser ldap_access_filter" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1414 +#: sssd-ldap.5.xml:1416 msgid "" "<emphasis>lockout</emphasis>: use account locking. If set, this option " "denies access in case that ldap attribute 'pwdAccountLockedTime' is present " @@ -7667,14 +7696,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1424 +#: sssd-ldap.5.xml:1426 msgid "" "<emphasis> Please note that this option is superseded by the <quote>ppolicy</" "quote> option and might be removed in a future release. </emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1431 +#: sssd-ldap.5.xml:1433 msgid "" "<emphasis>ppolicy</emphasis>: use account locking. If set, this option " "denies access in case that ldap attribute 'pwdAccountLockedTime' is present " @@ -7687,12 +7716,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1448 +#: sssd-ldap.5.xml:1450 msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" msgstr "<emphasis>expire</emphasis>: utiliser ldap_account_expire_policy" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1452 sssd-ipa.5.xml:359 +#: sssd-ldap.5.xml:1454 sssd-ipa.5.xml:364 msgid "" "<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, " "pwd_expire_policy_renew: </emphasis> These options are useful if users are " @@ -7702,38 +7731,38 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1462 sssd-ipa.5.xml:369 +#: sssd-ldap.5.xml:1464 sssd-ipa.5.xml:374 msgid "" "The difference between these options is the action taken if user password is " "expired:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:1467 sssd-ipa.5.xml:374 +#: sssd-ldap.5.xml:1469 sssd-ipa.5.xml:379 msgid "pwd_expire_policy_reject - user is denied to log in," msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:1473 sssd-ipa.5.xml:380 +#: sssd-ldap.5.xml:1475 sssd-ipa.5.xml:385 msgid "pwd_expire_policy_warn - user is still able to log in," msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:1479 sssd-ipa.5.xml:386 +#: sssd-ldap.5.xml:1481 sssd-ipa.5.xml:391 msgid "" "pwd_expire_policy_renew - user is prompted to change their password " "immediately." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1487 +#: sssd-ldap.5.xml:1489 msgid "" "Please note that 'access_provider = ldap' must be set for this feature to " "work. Also 'ldap_pwd_policy' must be set to an appropriate password policy." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1492 +#: sssd-ldap.5.xml:1494 msgid "" "<emphasis>authorized_service</emphasis>: use the authorizedService attribute " "to determine access" @@ -7742,32 +7771,32 @@ msgstr "" "authorizedService pour déterminer l'accès" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1497 +#: sssd-ldap.5.xml:1499 msgid "<emphasis>host</emphasis>: use the host attribute to determine access" msgstr "" "<emphasis>host</emphasis> : utilise l'attribut host pour déterminer l'accès" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1501 +#: sssd-ldap.5.xml:1503 msgid "" "<emphasis>rhost</emphasis>: use the rhost attribute to determine whether " "remote host can access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1505 +#: sssd-ldap.5.xml:1507 msgid "" "Please note, rhost field in pam is set by application, it is better to check " "what the application sends to pam, before enabling this access control option" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1510 +#: sssd-ldap.5.xml:1512 msgid "Default: filter" msgstr "Par défaut : filter" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1513 +#: sssd-ldap.5.xml:1515 msgid "" "Please note that it is a configuration error if a value is used more than " "once." @@ -7776,12 +7805,12 @@ msgstr "" "de configuration." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1520 +#: sssd-ldap.5.xml:1522 msgid "ldap_pwdlockout_dn (string)" msgstr "ldap_pwdlockout_dn (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1523 +#: sssd-ldap.5.xml:1525 msgid "" "This option specifies the DN of password policy entry on LDAP server. Please " "note that absence of this option in sssd.conf in case of enabled account " @@ -7790,22 +7819,22 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1531 +#: sssd-ldap.5.xml:1533 msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com" msgstr "Exemple : cn=ppolicy,ou=policies,dc=example,dc=com" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1534 +#: sssd-ldap.5.xml:1536 msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1540 +#: sssd-ldap.5.xml:1542 msgid "ldap_deref (string)" msgstr "ldap_deref (chaînes)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1543 +#: sssd-ldap.5.xml:1545 msgid "" "Specifies how alias dereferencing is done when performing a search. The " "following options are allowed:" @@ -7814,12 +7843,12 @@ msgstr "" "recherche. Les options suivantes sont autorisées :" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1548 +#: sssd-ldap.5.xml:1550 msgid "<emphasis>never</emphasis>: Aliases are never dereferenced." msgstr "<emphasis>never</emphasis> : les alias ne sont jamais déréférencés." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1552 +#: sssd-ldap.5.xml:1554 msgid "" "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of " "the base object, but not in locating the base object of the search." @@ -7829,7 +7858,7 @@ msgstr "" "recherche." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1557 +#: sssd-ldap.5.xml:1559 msgid "" "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating " "the base object of the search." @@ -7838,7 +7867,7 @@ msgstr "" "la localisation de l'objet de base de la recherche." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1562 +#: sssd-ldap.5.xml:1564 msgid "" "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and " "in locating the base object of the search." @@ -7847,7 +7876,7 @@ msgstr "" "recherche et et la localisation de l'objet de base de la recherche." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1567 +#: sssd-ldap.5.xml:1569 msgid "" "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP " "client libraries)" @@ -7856,12 +7885,12 @@ msgstr "" "bibliothèques clientes LDAP)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1575 +#: sssd-ldap.5.xml:1577 msgid "ldap_rfc2307_fallback_to_local_users (boolean)" msgstr "ldap_rfc2307_fallback_to_local_users (booléen)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1578 +#: sssd-ldap.5.xml:1580 msgid "" "Allows to retain local users as members of an LDAP group for servers that " "use the RFC2307 schema." @@ -7870,7 +7899,7 @@ msgstr "" "LDAP pour les serveurs qui utilisent le schéma RFC2307." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1582 +#: sssd-ldap.5.xml:1584 msgid "" "In some environments where the RFC2307 schema is used, local users are made " "members of LDAP groups by adding their names to the memberUid attribute. " @@ -7888,7 +7917,7 @@ msgstr "" "initgoups()." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1593 +#: sssd-ldap.5.xml:1595 msgid "" "This option falls back to checking if local users are referenced, and caches " "them so that later initgroups() calls will augment the local users with the " @@ -7899,57 +7928,57 @@ msgstr "" "ajoutent les utilisateurs locaux aux groupes LDAP." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1605 sssd-ifp.5.xml:152 +#: sssd-ldap.5.xml:1607 sssd-ifp.5.xml:152 msgid "wildcard_limit (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1608 +#: sssd-ldap.5.xml:1610 msgid "" "Specifies an upper limit on the number of entries that are downloaded during " "a wildcard lookup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1612 +#: sssd-ldap.5.xml:1614 msgid "At the moment, only the InfoPipe responder supports wildcard lookups." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1616 +#: sssd-ldap.5.xml:1618 msgid "Default: 1000 (often the size of one page)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1622 +#: sssd-ldap.5.xml:1624 #, fuzzy #| msgid "debug_level (integer)" msgid "ldap_library_debug_level (integer)" msgstr "debug_level (entier)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1625 +#: sssd-ldap.5.xml:1627 msgid "" "Switches on libldap debugging with the given level. The libldap debug " "messages will be written independent of the general debug_level." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1630 +#: sssd-ldap.5.xml:1632 msgid "" "OpenLDAP uses a bitmap to enable debugging for specific components, -1 will " "enable full debug output." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1635 +#: sssd-ldap.5.xml:1637 #, fuzzy #| msgid "Default: 0 (disabled)" msgid "Default: 0 (libldap debugging disabled)" msgstr "Par défaut : 0 (désactivé)" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:51 +#: sssd-ldap.5.xml:52 msgid "" "All of the common configuration options that apply to SSSD domains also " "apply to LDAP domains. Refer to the <quote>DOMAIN SECTIONS</quote> section " @@ -7961,12 +7990,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1645 +#: sssd-ldap.5.xml:1647 msgid "SUDO OPTIONS" msgstr "OPTIONS DE SUDO" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1647 +#: sssd-ldap.5.xml:1649 msgid "" "The detailed instructions for configuration of sudo_provider are in the " "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " @@ -7974,12 +8003,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1658 +#: sssd-ldap.5.xml:1660 msgid "ldap_sudo_full_refresh_interval (integer)" msgstr "ldap_sudo_full_refresh_interval (integer)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1661 +#: sssd-ldap.5.xml:1663 msgid "" "How many seconds SSSD will wait between executing a full refresh of sudo " "rules (which downloads all rules that are stored on the server)." @@ -7989,7 +8018,7 @@ msgstr "" "règles qui sont stockées sur le serveur)." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1666 +#: sssd-ldap.5.xml:1668 msgid "" "The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </" "emphasis>" @@ -7998,24 +8027,24 @@ msgstr "" "emphasis>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1671 +#: sssd-ldap.5.xml:1673 msgid "" "You can disable full refresh by setting this option to 0. However, either " "smart or full refresh must be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1676 +#: sssd-ldap.5.xml:1678 msgid "Default: 21600 (6 hours)" msgstr "Par défaut : 21600 (6 heures)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1682 +#: sssd-ldap.5.xml:1684 msgid "ldap_sudo_smart_refresh_interval (integer)" msgstr "ldap_sudo_smart_refresh_interval (integer)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1685 +#: sssd-ldap.5.xml:1687 msgid "" "How many seconds SSSD has to wait before executing a smart refresh of sudo " "rules (which downloads all rules that have USN higher than the highest " @@ -8023,7 +8052,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1691 +#: sssd-ldap.5.xml:1693 msgid "" "If USN attributes are not supported by the server, the modifyTimestamp " "attribute is used instead." @@ -8032,7 +8061,7 @@ msgstr "" "modifyTimestamp est utilisé à la place." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1695 +#: sssd-ldap.5.xml:1697 msgid "" "<emphasis>Note:</emphasis> the highest USN value can be updated by three " "tasks: 1) By sudo full and smart refresh (if updated rules are found), 2) by " @@ -8042,21 +8071,21 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1706 +#: sssd-ldap.5.xml:1708 msgid "" "You can disable smart refresh by setting this option to 0. However, either " "smart or full refresh must be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1717 +#: sssd-ldap.5.xml:1719 #, fuzzy #| msgid "ldap_idmap_range_size (integer)" msgid "ldap_sudo_random_offset (integer)" msgstr "ldap_idmap_range_size (integer)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1720 +#: sssd-ldap.5.xml:1722 msgid "" "Random offset between 0 and configured value is added to smart and full " "refresh periods each time the periodic task is scheduled. The value is in " @@ -8064,7 +8093,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1726 +#: sssd-ldap.5.xml:1728 msgid "" "Note that this random offset is also applied on the first SSSD start which " "delays the first sudo rules refresh. This prolongs the time when the sudo " @@ -8072,17 +8101,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1732 +#: sssd-ldap.5.xml:1734 msgid "You can disable this offset by setting the value to 0." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1742 +#: sssd-ldap.5.xml:1744 msgid "ldap_sudo_use_host_filter (boolean)" msgstr "ldap_sudo_use_host_filter (boolean)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1745 +#: sssd-ldap.5.xml:1747 msgid "" "If true, SSSD will download only rules that are applicable to this machine " "(using the IPv4 or IPv6 host/network addresses and hostnames)." @@ -8092,12 +8121,12 @@ msgstr "" "noms de systèmes)." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1756 +#: sssd-ldap.5.xml:1758 msgid "ldap_sudo_hostnames (string)" msgstr "ldap_sudo_hostnames (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1759 +#: sssd-ldap.5.xml:1761 msgid "" "Space separated list of hostnames or fully qualified domain names that " "should be used to filter the rules." @@ -8106,7 +8135,7 @@ msgstr "" "doivent être utilisés pour filtrer les règles." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1764 +#: sssd-ldap.5.xml:1766 msgid "" "If this option is empty, SSSD will try to discover the hostname and the " "fully qualified domain name automatically." @@ -8115,8 +8144,8 @@ msgstr "" "nom de système et le nom de domaine pleinement qualifié." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1769 sssd-ldap.5.xml:1792 sssd-ldap.5.xml:1810 -#: sssd-ldap.5.xml:1828 +#: sssd-ldap.5.xml:1771 sssd-ldap.5.xml:1794 sssd-ldap.5.xml:1812 +#: sssd-ldap.5.xml:1830 msgid "" "If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</" "emphasis> then this option has no effect." @@ -8125,17 +8154,17 @@ msgstr "" "emphasis>, alors cette option n'a aucun effet." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1774 sssd-ldap.5.xml:1797 +#: sssd-ldap.5.xml:1776 sssd-ldap.5.xml:1799 msgid "Default: not specified" msgstr "Par défaut : non spécifié" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1780 +#: sssd-ldap.5.xml:1782 msgid "ldap_sudo_ip (string)" msgstr "ldap_sudo_ip (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1783 +#: sssd-ldap.5.xml:1785 msgid "" "Space separated list of IPv4 or IPv6 host/network addresses that should be " "used to filter the rules." @@ -8144,7 +8173,7 @@ msgstr "" "IPv6 qui doivent être utilisés pour filtrer les règles." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1788 +#: sssd-ldap.5.xml:1790 msgid "" "If this option is empty, SSSD will try to discover the addresses " "automatically." @@ -8153,12 +8182,12 @@ msgstr "" "automatiquement." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1803 +#: sssd-ldap.5.xml:1805 msgid "ldap_sudo_include_netgroups (boolean)" msgstr "ldap_sudo_include_netgroups (boolean)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1806 +#: sssd-ldap.5.xml:1808 msgid "" "If true then SSSD will download every rule that contains a netgroup in " "sudoHost attribute." @@ -8167,12 +8196,12 @@ msgstr "" "netgroup dans l'attribut sudoHost." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1821 +#: sssd-ldap.5.xml:1823 msgid "ldap_sudo_include_regexp (boolean)" msgstr "ldap_sudo_include_regexp (boolean)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1824 +#: sssd-ldap.5.xml:1826 msgid "" "If true then SSSD will download every rule that contains a wildcard in " "sudoHost attribute." @@ -8181,14 +8210,14 @@ msgstr "" "un joker dans l'attribut sudoHost." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><note><para> -#: sssd-ldap.5.xml:1834 +#: sssd-ldap.5.xml:1836 msgid "" "Using wildcard is an operation that is very costly to evaluate on the LDAP " "server side!" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1846 +#: sssd-ldap.5.xml:1848 msgid "" "This manual page only describes attribute name mapping. For detailed " "explanation of sudo related attribute semantics, see <citerefentry> " @@ -8201,59 +8230,59 @@ msgstr "" "manvolnum></citerefentry>" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1856 +#: sssd-ldap.5.xml:1858 msgid "AUTOFS OPTIONS" msgstr "OPTIONS AUTOFS" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1858 +#: sssd-ldap.5.xml:1860 msgid "" "Some of the defaults for the parameters below are dependent on the LDAP " "schema." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1864 +#: sssd-ldap.5.xml:1866 msgid "ldap_autofs_map_master_name (string)" msgstr "ldap_autofs_map_master_name (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1867 +#: sssd-ldap.5.xml:1869 msgid "The name of the automount master map in LDAP." msgstr "Le nom de la table de montage automatique maîtresse dans LDAP." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1870 +#: sssd-ldap.5.xml:1872 msgid "Default: auto.master" msgstr "Par défaut : auto.master" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1881 +#: sssd-ldap.5.xml:1883 msgid "ADVANCED OPTIONS" msgstr "OPTIONS AVANCÉES" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1888 +#: sssd-ldap.5.xml:1890 msgid "ldap_netgroup_search_base (string)" msgstr "ldap_netgroup_search_base (chaînes)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1893 +#: sssd-ldap.5.xml:1895 msgid "ldap_user_search_base (string)" msgstr "ldap_user_search_base (chaînes)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1898 +#: sssd-ldap.5.xml:1900 msgid "ldap_group_search_base (string)" msgstr "ldap_group_search_base (chaînes)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><note> -#: sssd-ldap.5.xml:1903 +#: sssd-ldap.5.xml:1905 msgid "<note>" msgstr "<note>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para> -#: sssd-ldap.5.xml:1905 +#: sssd-ldap.5.xml:1907 msgid "" "If the option <quote>ldap_use_tokengroups</quote> is enabled, the searches " "against Active Directory will not be restricted and return all groups " @@ -8262,22 +8291,22 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist> -#: sssd-ldap.5.xml:1912 +#: sssd-ldap.5.xml:1914 msgid "</note>" msgstr "</note>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1914 +#: sssd-ldap.5.xml:1916 msgid "ldap_sudo_search_base (string)" msgstr "ldap_sudo_search_base (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1919 +#: sssd-ldap.5.xml:1921 msgid "ldap_autofs_search_base (string)" msgstr "ldap_autofs_search_base (string)" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1883 +#: sssd-ldap.5.xml:1885 msgid "" "These options are supported by LDAP domains, but they should be used with " "caution. Please include them in your configuration only if you know what you " @@ -8286,14 +8315,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1934 sssd-simple.5.xml:131 sssd-ipa.5.xml:925 -#: sssd-ad.5.xml:1386 sssd-krb5.5.xml:483 sss_rpcidmapd.5.xml:98 +#: sssd-ldap.5.xml:1936 sssd-simple.5.xml:131 sssd-ipa.5.xml:930 +#: sssd-ad.5.xml:1391 sssd-krb5.5.xml:483 sss_rpcidmapd.5.xml:98 #: sssd-files.5.xml:155 sssd-session-recording.5.xml:176 msgid "EXAMPLE" msgstr "EXEMPLE" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1936 +#: sssd-ldap.5.xml:1938 msgid "" "The following example assumes that SSSD is correctly configured and LDAP is " "set to one of the domains in the <replaceable>[domains]</replaceable> " @@ -8304,7 +8333,7 @@ msgstr "" "replaceable>." #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ldap.5.xml:1942 +#: sssd-ldap.5.xml:1944 #, no-wrap msgid "" "[domain/LDAP]\n" @@ -8324,27 +8353,27 @@ msgstr "" "cache_credentials = true\n" #. type: Content of: <refsect1><refsect2><para> -#: sssd-ldap.5.xml:1941 sssd-ldap.5.xml:1959 sssd-simple.5.xml:139 -#: sssd-ipa.5.xml:933 sssd-ad.5.xml:1394 sssd-sudo.5.xml:56 sssd-krb5.5.xml:492 +#: sssd-ldap.5.xml:1943 sssd-ldap.5.xml:1961 sssd-simple.5.xml:139 +#: sssd-ipa.5.xml:938 sssd-ad.5.xml:1399 sssd-sudo.5.xml:56 sssd-krb5.5.xml:492 #: sssd-files.5.xml:162 sssd-files.5.xml:173 sssd-session-recording.5.xml:182 #: include/ldap_id_mapping.xml:105 msgid "<placeholder type=\"programlisting\" id=\"0\"/>" msgstr "<placeholder type=\"programlisting\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1953 +#: sssd-ldap.5.xml:1955 msgid "LDAP ACCESS FILTER EXAMPLE" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1955 +#: sssd-ldap.5.xml:1957 msgid "" "The following example assumes that SSSD is correctly configured and to use " "the ldap_access_order=lockout." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ldap.5.xml:1960 +#: sssd-ldap.5.xml:1962 #, no-wrap msgid "" "[domain/LDAP]\n" @@ -8370,13 +8399,13 @@ msgstr "" "cache_credentials = true\n" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1975 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148 -#: sssd-ad.5.xml:1409 sssd.8.xml:238 sss_seed.8.xml:163 +#: sssd-ldap.5.xml:1977 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148 +#: sssd-ad.5.xml:1414 sssd.8.xml:238 sss_seed.8.xml:163 msgid "NOTES" msgstr "NOTES" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1977 +#: sssd-ldap.5.xml:1979 msgid "" "The descriptions of some of the configuration options in this manual page " "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> " @@ -10849,12 +10878,12 @@ msgid "Example: dyndns_iface = em1, vnet1, vnet2" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:204 sssd-ad.5.xml:1285 +#: sssd-ipa.5.xml:204 sssd-ad.5.xml:1290 msgid "dyndns_auth (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:207 sssd-ad.5.xml:1288 +#: sssd-ipa.5.xml:207 sssd-ad.5.xml:1293 msgid "" "Whether the nsupdate utility should use GSS-TSIG authentication for secure " "updates with the DNS server, insecure updates can be sent by setting this " @@ -10862,19 +10891,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:213 sssd-ad.5.xml:1294 +#: sssd-ipa.5.xml:213 sssd-ad.5.xml:1299 msgid "Default: GSS-TSIG" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:219 sssd-ad.5.xml:1300 +#: sssd-ipa.5.xml:219 sssd-ad.5.xml:1305 #, fuzzy #| msgid "dyndns_iface (string)" msgid "dyndns_auth_ptr (string)" msgstr "dyndns_iface (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:222 sssd-ad.5.xml:1303 +#: sssd-ipa.5.xml:222 sssd-ad.5.xml:1308 msgid "" "Whether the nsupdate utility should use GSS-TSIG authentication for secure " "PTR updates with the DNS server, insecure updates can be sent by setting " @@ -10882,7 +10911,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:228 sssd-ad.5.xml:1309 +#: sssd-ipa.5.xml:228 sssd-ad.5.xml:1314 msgid "Default: Same as dyndns_auth" msgstr "" @@ -10959,17 +10988,24 @@ msgstr "" "quand les enregistrements directs sont modifiés." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:290 +#: sssd-ipa.5.xml:290 sssd-ad.5.xml:1266 +msgid "" +"Note that <emphasis>dyndns_update_per_family</emphasis> parameter does not " +"apply for PTR record updates. Those updates are always sent separately." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:295 msgid "Default: False (disabled)" msgstr "Par défaut : False (désactivé)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:296 sssd-ad.5.xml:1272 +#: sssd-ipa.5.xml:301 sssd-ad.5.xml:1277 msgid "dyndns_force_tcp (bool)" msgstr "dyndns_force_tcp (booléen)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:299 sssd-ad.5.xml:1275 +#: sssd-ipa.5.xml:304 sssd-ad.5.xml:1280 msgid "" "Whether the nsupdate utility should default to using TCP for communicating " "with the DNS server." @@ -10978,48 +11014,48 @@ msgstr "" "communication avec le serveur DNS." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:303 sssd-ad.5.xml:1279 +#: sssd-ipa.5.xml:308 sssd-ad.5.xml:1284 msgid "Default: False (let nsupdate choose the protocol)" msgstr "Par défaut : False (laisser nsupdate choisir le protocole)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:309 sssd-ad.5.xml:1315 +#: sssd-ipa.5.xml:314 sssd-ad.5.xml:1320 msgid "dyndns_server (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:312 sssd-ad.5.xml:1318 +#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1323 msgid "" "The DNS server to use when performing a DNS update. In most setups, it's " "recommended to leave this option unset." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1323 +#: sssd-ipa.5.xml:322 sssd-ad.5.xml:1328 msgid "" "Setting this option makes sense for environments where the DNS server is " "different from the identity server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:322 sssd-ad.5.xml:1328 +#: sssd-ipa.5.xml:327 sssd-ad.5.xml:1333 msgid "" "Please note that this option will be only used in fallback attempt when " "previous attempt using autodetected settings failed." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:327 sssd-ad.5.xml:1333 +#: sssd-ipa.5.xml:332 sssd-ad.5.xml:1338 msgid "Default: None (let nsupdate choose the server)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:333 sssd-ad.5.xml:1339 +#: sssd-ipa.5.xml:338 sssd-ad.5.xml:1344 msgid "dyndns_update_per_family (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:336 sssd-ad.5.xml:1342 +#: sssd-ipa.5.xml:341 sssd-ad.5.xml:1347 msgid "" "DNS update is by default performed in two steps - IPv4 update and then IPv6 " "update. In some cases it might be desirable to perform IPv4 and IPv6 update " @@ -11027,52 +11063,52 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:348 +#: sssd-ipa.5.xml:353 #, fuzzy #| msgid "ldap_access_order (string)" msgid "ipa_access_order (string)" msgstr "ldap_access_order (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:355 +#: sssd-ipa.5.xml:360 #, fuzzy #| msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" msgid "<emphasis>expire</emphasis>: use IPA's account expiration policy." msgstr "<emphasis>expire</emphasis>: utiliser ldap_account_expire_policy" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:394 +#: sssd-ipa.5.xml:399 msgid "" "Please note that 'access_provider = ipa' must be set for this feature to " "work." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:401 +#: sssd-ipa.5.xml:406 msgid "ipa_deskprofile_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:404 +#: sssd-ipa.5.xml:409 msgid "" "Optional. Use the given string as search base for Desktop Profile related " "objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:408 sssd-ipa.5.xml:435 +#: sssd-ipa.5.xml:413 sssd-ipa.5.xml:440 msgid "Default: Use base DN" msgstr "Par défaut : utilise le DN de base" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:414 +#: sssd-ipa.5.xml:419 #, fuzzy #| msgid "ipa_subdomains_search_base (string)" msgid "ipa_subid_ranges_search_base (string)" msgstr "ipa_subdomains_search_base (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:417 +#: sssd-ipa.5.xml:422 #, fuzzy #| msgid "" #| "Optional. Use the given string as search base for HBAC related objects." @@ -11084,97 +11120,97 @@ msgstr "" "HBAC associés." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:421 +#: sssd-ipa.5.xml:426 #, fuzzy #| msgid "Default: the value of <emphasis>cn=trusts,%basedn</emphasis>" msgid "Default: the value of <emphasis>cn=subids,%basedn</emphasis>" msgstr "Par défaut : la valeur de <emphasis>cn=trusts,%basedn</emphasis>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:428 +#: sssd-ipa.5.xml:433 msgid "ipa_hbac_search_base (string)" msgstr "ipa_hbac_search_base (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:431 +#: sssd-ipa.5.xml:436 msgid "Optional. Use the given string as search base for HBAC related objects." msgstr "" "Facultatif. Utilise la chaîne donnée comme base de recherche pour les objets " "HBAC associés." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:441 +#: sssd-ipa.5.xml:446 msgid "ipa_host_search_base (string)" msgstr "ipa_host_search_base (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:444 +#: sssd-ipa.5.xml:449 msgid "Deprecated. Use ldap_host_search_base instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:450 +#: sssd-ipa.5.xml:455 msgid "ipa_selinux_search_base (string)" msgstr "ipa_selinux_search_base (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:453 +#: sssd-ipa.5.xml:458 msgid "Optional. Use the given string as search base for SELinux user maps." msgstr "" "Facultatif. Utiliser la chaîne donnée comme base de recherche pour les " "mappages utilisateur SELinux." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:469 +#: sssd-ipa.5.xml:474 msgid "ipa_subdomains_search_base (string)" msgstr "ipa_subdomains_search_base (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:472 +#: sssd-ipa.5.xml:477 msgid "Optional. Use the given string as search base for trusted domains." msgstr "" "Facultatif. Utiliser la chaîne donnée comme base de recherche pour les " "domaines approuvés." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:481 +#: sssd-ipa.5.xml:486 msgid "Default: the value of <emphasis>cn=trusts,%basedn</emphasis>" msgstr "Par défaut : la valeur de <emphasis>cn=trusts,%basedn</emphasis>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:488 +#: sssd-ipa.5.xml:493 msgid "ipa_master_domain_search_base (string)" msgstr "ipa_master_domain_search_base (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:491 +#: sssd-ipa.5.xml:496 msgid "Optional. Use the given string as search base for master domain object." msgstr "" "Facultatif. Utiliser la chaîne donnée comme base de recherche objet de " "domaine maître." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:500 +#: sssd-ipa.5.xml:505 msgid "Default: the value of <emphasis>cn=ad,cn=etc,%basedn</emphasis>" msgstr "Par défaut : la valeur de <emphasis>cn=ad,cn=etc,%basedn</emphasis>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:507 +#: sssd-ipa.5.xml:512 msgid "ipa_views_search_base (string)" msgstr "ipa_views_search_base (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:510 +#: sssd-ipa.5.xml:515 msgid "Optional. Use the given string as search base for views containers." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:519 +#: sssd-ipa.5.xml:524 msgid "Default: the value of <emphasis>cn=views,cn=accounts,%basedn</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:529 +#: sssd-ipa.5.xml:534 msgid "" "The name of the Kerberos realm. This is optional and defaults to the value " "of <quote>ipa_domain</quote>." @@ -11183,7 +11219,7 @@ msgstr "" "valeur de <quote>ipa_domain</quote>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:533 +#: sssd-ipa.5.xml:538 msgid "" "The name of the Kerberos realm has a special meaning in IPA - it is " "converted into the base DN to use for performing LDAP operations." @@ -11192,37 +11228,37 @@ msgstr "" "convertit en DN de base pour effectuer les opérations LDAP." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:541 sssd-ad.5.xml:1357 +#: sssd-ipa.5.xml:546 sssd-ad.5.xml:1362 msgid "krb5_confd_path (string)" msgstr "krb5_confd_path (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:544 sssd-ad.5.xml:1360 +#: sssd-ipa.5.xml:549 sssd-ad.5.xml:1365 msgid "" "Absolute path of a directory where SSSD should place Kerberos configuration " "snippets." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:548 sssd-ad.5.xml:1364 +#: sssd-ipa.5.xml:553 sssd-ad.5.xml:1369 msgid "" "To disable the creation of the configuration snippets set the parameter to " "'none'." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:552 sssd-ad.5.xml:1368 +#: sssd-ipa.5.xml:557 sssd-ad.5.xml:1373 msgid "" "Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:559 +#: sssd-ipa.5.xml:564 msgid "ipa_deskprofile_refresh (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:562 +#: sssd-ipa.5.xml:567 msgid "" "The amount of time between lookups of the Desktop Profile rules against the " "IPA server. This will reduce the latency and load on the IPA server if there " @@ -11230,34 +11266,34 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:569 sssd-ipa.5.xml:599 sssd-ipa.5.xml:615 sssd-ad.5.xml:599 +#: sssd-ipa.5.xml:574 sssd-ipa.5.xml:604 sssd-ipa.5.xml:620 sssd-ad.5.xml:599 msgid "Default: 5 (seconds)" msgstr "Par défaut : 5 (secondes)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:575 +#: sssd-ipa.5.xml:580 msgid "ipa_deskprofile_request_interval (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:578 +#: sssd-ipa.5.xml:583 msgid "" "The amount of time between lookups of the Desktop Profile rules against the " "IPA server in case the last request did not return any rule." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:583 +#: sssd-ipa.5.xml:588 msgid "Default: 60 (minutes)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:589 +#: sssd-ipa.5.xml:594 msgid "ipa_hbac_refresh (integer)" msgstr "ipa_hbac_refresh (entier)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:592 +#: sssd-ipa.5.xml:597 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server. " "This will reduce the latency and load on the IPA server if there are many " @@ -11268,12 +11304,12 @@ msgstr "" "beaucoup de requêtes de contrôle d'accès sur une courte période." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:605 +#: sssd-ipa.5.xml:610 msgid "ipa_hbac_selinux (integer)" msgstr "ipa_hbac_selinux (entier)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:608 +#: sssd-ipa.5.xml:613 msgid "" "The amount of time between lookups of the SELinux maps against the IPA " "server. This will reduce the latency and load on the IPA server if there are " @@ -11284,33 +11320,33 @@ msgstr "" "requêtes de connexions utilisateurs sur une courte période." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:621 +#: sssd-ipa.5.xml:626 msgid "ipa_server_mode (boolean)" msgstr "ipa_server_mode (booléen)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:624 +#: sssd-ipa.5.xml:629 msgid "" "This option will be set by the IPA installer (ipa-server-install) " "automatically and denotes if SSSD is running on an IPA server or not." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:629 +#: sssd-ipa.5.xml:634 msgid "" "On an IPA server SSSD will lookup users and groups from trusted domains " "directly while on a client it will ask an IPA server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:634 +#: sssd-ipa.5.xml:639 msgid "" "NOTE: There are currently some assumptions that must be met when SSSD is " "running on an IPA server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:639 +#: sssd-ipa.5.xml:644 msgid "" "The <quote>ipa_server</quote> option must be configured to point to the IPA " "server itself. This is already the default set by the IPA installer, so no " @@ -11318,59 +11354,59 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:648 +#: sssd-ipa.5.xml:653 msgid "" "The <quote>full_name_format</quote> option must not be tweaked to only print " "short names for users from trusted domains." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:663 +#: sssd-ipa.5.xml:668 msgid "ipa_automount_location (string)" msgstr "ipa_automount_location (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:666 +#: sssd-ipa.5.xml:671 msgid "The automounter location this IPA client will be using" msgstr "L'emplacement à automonter qu'utilisera ce client IPA" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:669 +#: sssd-ipa.5.xml:674 msgid "Default: The location named \"default\"" msgstr "Par défaut : Le lieu nommé « default »" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd-ipa.5.xml:677 +#: sssd-ipa.5.xml:682 msgid "VIEWS AND OVERRIDES" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:686 +#: sssd-ipa.5.xml:691 msgid "ipa_view_class (string)" msgstr "ipa_view_class (chaîne)" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:689 +#: sssd-ipa.5.xml:694 msgid "Objectclass of the view container." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:692 +#: sssd-ipa.5.xml:697 msgid "Default: nsContainer" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:698 +#: sssd-ipa.5.xml:703 msgid "ipa_view_name (string)" msgstr "ipa_view_name (chaîne)" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:701 +#: sssd-ipa.5.xml:706 msgid "Name of the attribute holding the name of the view." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:705 sssd-ldap-attributes.5.xml:496 +#: sssd-ipa.5.xml:710 sssd-ldap-attributes.5.xml:496 #: sssd-ldap-attributes.5.xml:830 sssd-ldap-attributes.5.xml:911 #: sssd-ldap-attributes.5.xml:1008 sssd-ldap-attributes.5.xml:1066 #: sssd-ldap-attributes.5.xml:1224 sssd-ldap-attributes.5.xml:1269 @@ -11378,128 +11414,128 @@ msgid "Default: cn" msgstr "Par défaut : cn" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:711 +#: sssd-ipa.5.xml:716 msgid "ipa_override_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:714 +#: sssd-ipa.5.xml:719 msgid "Objectclass of the override objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:717 +#: sssd-ipa.5.xml:722 msgid "Default: ipaOverrideAnchor" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:723 +#: sssd-ipa.5.xml:728 msgid "ipa_anchor_uuid (string)" msgstr "ipa_anchor_uuid (chaîne)" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:726 +#: sssd-ipa.5.xml:731 msgid "" "Name of the attribute containing the reference to the original object in a " "remote domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:730 +#: sssd-ipa.5.xml:735 msgid "Default: ipaAnchorUUID" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:736 +#: sssd-ipa.5.xml:741 msgid "ipa_user_override_object_class (string)" msgstr "ipa_user_override_object_class (chaîne)" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:739 +#: sssd-ipa.5.xml:744 msgid "" "Name of the objectclass for user overrides. It is used to determine if the " "found override object is related to a user or a group." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:744 +#: sssd-ipa.5.xml:749 msgid "User overrides can contain attributes given by" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:747 +#: sssd-ipa.5.xml:752 msgid "ldap_user_name" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:750 +#: sssd-ipa.5.xml:755 msgid "ldap_user_uid_number" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:753 +#: sssd-ipa.5.xml:758 msgid "ldap_user_gid_number" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:756 +#: sssd-ipa.5.xml:761 msgid "ldap_user_gecos" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:759 +#: sssd-ipa.5.xml:764 msgid "ldap_user_home_directory" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:762 +#: sssd-ipa.5.xml:767 msgid "ldap_user_shell" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:765 +#: sssd-ipa.5.xml:770 msgid "ldap_user_ssh_public_key" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:770 +#: sssd-ipa.5.xml:775 msgid "Default: ipaUserOverride" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:776 +#: sssd-ipa.5.xml:781 msgid "ipa_group_override_object_class (string)" msgstr "ipa_group_override_object_class (chaîne)" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:779 +#: sssd-ipa.5.xml:784 msgid "" "Name of the objectclass for group overrides. It is used to determine if the " "found override object is related to a user or a group." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:784 +#: sssd-ipa.5.xml:789 msgid "Group overrides can contain attributes given by" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:787 +#: sssd-ipa.5.xml:792 msgid "ldap_group_name" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:790 +#: sssd-ipa.5.xml:795 msgid "ldap_group_gid_number" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:795 +#: sssd-ipa.5.xml:800 msgid "Default: ipaGroupOverride" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd-ipa.5.xml:679 +#: sssd-ipa.5.xml:684 msgid "" "SSSD can handle views and overrides which are offered by FreeIPA 4.1 and " "later version. Since all paths and objectclasses are fixed on the server " @@ -11509,12 +11545,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ipa.5.xml:807 +#: sssd-ipa.5.xml:812 msgid "SUBDOMAINS PROVIDER" msgstr "FOURNISSEURS DE SOUS-DOMAINES" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:809 +#: sssd-ipa.5.xml:814 msgid "" "The IPA subdomains provider behaves slightly differently if it is configured " "explicitly or implicitly." @@ -11523,7 +11559,7 @@ msgstr "" "configuré explicitement ou implicitement." #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:813 +#: sssd-ipa.5.xml:818 msgid "" "If the option 'subdomains_provider = ipa' is found in the domain section of " "sssd.conf, the IPA subdomains provider is configured explicitly, and all " @@ -11535,7 +11571,7 @@ msgstr "" "serveur IPA si nécessaire." #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:819 +#: sssd-ipa.5.xml:824 msgid "" "If the option 'subdomains_provider' is not set in the domain section of sssd." "conf but there is the option 'id_provider = ipa', the IPA subdomains " @@ -11555,12 +11591,12 @@ msgstr "" "fournisseur de sous-domaines est à nouveau activé." #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ipa.5.xml:830 +#: sssd-ipa.5.xml:835 msgid "TRUSTED DOMAINS CONFIGURATION" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ipa.5.xml:838 +#: sssd-ipa.5.xml:843 #, no-wrap msgid "" "[domain/ipa.domain.com/ad.domain.com]\n" @@ -11568,7 +11604,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:832 +#: sssd-ipa.5.xml:837 msgid "" "Some configuration options can also be set for a trusted domain. A trusted " "domain configuration can be set using the trusted domain subsection as shown " @@ -11578,80 +11614,80 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:843 +#: sssd-ipa.5.xml:848 msgid "" "For more details, see the <citerefentry> <refentrytitle>sssd.conf</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:850 +#: sssd-ipa.5.xml:855 msgid "" "Different configuration options are tunable for a trusted domain depending " "on whether you are configuring SSSD on an IPA server or an IPA client." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd-ipa.5.xml:855 +#: sssd-ipa.5.xml:860 msgid "OPTIONS TUNABLE ON IPA MASTERS" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd-ipa.5.xml:857 +#: sssd-ipa.5.xml:862 msgid "" "The following options can be set in a subdomain section on an IPA master:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:861 sssd-ipa.5.xml:891 +#: sssd-ipa.5.xml:866 sssd-ipa.5.xml:896 msgid "ad_server" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:864 +#: sssd-ipa.5.xml:869 msgid "ad_backup_server" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:867 sssd-ipa.5.xml:894 +#: sssd-ipa.5.xml:872 sssd-ipa.5.xml:899 msgid "ad_site" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:870 +#: sssd-ipa.5.xml:875 msgid "ldap_search_base" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:873 +#: sssd-ipa.5.xml:878 msgid "ldap_user_search_base" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:876 +#: sssd-ipa.5.xml:881 msgid "ldap_group_search_base" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd-ipa.5.xml:885 +#: sssd-ipa.5.xml:890 msgid "OPTIONS TUNABLE ON IPA CLIENTS" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd-ipa.5.xml:887 +#: sssd-ipa.5.xml:892 msgid "" "The following options can be set in a subdomain section on an IPA client:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd-ipa.5.xml:899 +#: sssd-ipa.5.xml:904 msgid "" "Note that if both options are set, only <quote>ad_server</quote> is " "evaluated." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd-ipa.5.xml:903 +#: sssd-ipa.5.xml:908 msgid "" "Since any request for a user or a group identity from a trusted domain " "triggered from an IPA client is resolved by the IPA server, the " @@ -11665,7 +11701,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:927 +#: sssd-ipa.5.xml:932 msgid "" "The following example assumes that SSSD is correctly configured and example." "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " @@ -11676,7 +11712,7 @@ msgstr "" "exemples montrent seulement les options spécifiques au fournisseur IPA." #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ipa.5.xml:934 +#: sssd-ipa.5.xml:939 #, no-wrap msgid "" "[domain/example.com]\n" @@ -12911,7 +12947,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ad.5.xml:1388 +#: sssd-ad.5.xml:1393 msgid "" "The following example assumes that SSSD is correctly configured and example." "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " @@ -12922,7 +12958,7 @@ msgstr "" "exemples montrent seulement les options spécifiques au fournisseur AD." #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ad.5.xml:1395 +#: sssd-ad.5.xml:1400 #, no-wrap msgid "" "[domain/EXAMPLE]\n" @@ -12946,7 +12982,7 @@ msgstr "" "ad_domain = example.com\n" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ad.5.xml:1415 +#: sssd-ad.5.xml:1420 #, no-wrap msgid "" "access_provider = ldap\n" @@ -12958,7 +12994,7 @@ msgstr "" "ldap_account_expire_policy = ad\n" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ad.5.xml:1411 +#: sssd-ad.5.xml:1416 msgid "" "The AD access control provider checks if the account is expired. It has the " "same effect as the following configuration of the LDAP provider: " @@ -12969,7 +13005,7 @@ msgstr "" "<placeholder type=\"programlisting\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ad.5.xml:1421 +#: sssd-ad.5.xml:1426 msgid "" "However, unless the <quote>ad</quote> access control provider is explicitly " "configured, the default access provider is <quote>permit</quote>. Please " @@ -12979,7 +13015,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ad.5.xml:1429 +#: sssd-ad.5.xml:1434 msgid "" "When the autofs provider is set to <quote>ad</quote>, the RFC2307 schema " "attribute mapping (nisMap, nisObject, ...) is used, because these attributes " @@ -20202,6 +20238,15 @@ msgstr "" "rendus canoniques. Cette fonctionnalité est disponible avec MIT Kerberos 1.7 " "et versions suivantes." +#, fuzzy +#~| msgid "" +#~| "Determines if user credentials are also cached in the local LDB cache" +#~ msgid "" +#~ "Determines if user credentials are also cached in the local LDB cache." +#~ msgstr "" +#~ "Détermine si les données d'identification de l'utilisateur sont aussi mis " +#~ "en cache dans le cache LDB local" + #~ msgid "User credentials are stored in a SHA512 hash, not in plaintext" #~ msgstr "" #~ "Les informations d'identification utilisateur sont stockées dans une " diff --git a/src/man/po/ja.po b/src/man/po/ja.po index 46cde5f13e5..9d17fa99a2f 100644 --- a/src/man/po/ja.po +++ b/src/man/po/ja.po @@ -12,7 +12,7 @@ msgid "" msgstr "" "Project-Id-Version: sssd-docs 2.3.0\n" "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" -"POT-Creation-Date: 2023-09-07 11:47+0200\n" +"POT-Creation-Date: 2023-11-13 11:53+0100\n" "PO-Revision-Date: 2021-07-20 07:04+0000\n" "Last-Translator: Ludek Janda <ljanda@redhat.com>\n" "Language-Team: Japanese <https://translate.fedoraproject.org/projects/sssd/" @@ -220,10 +220,10 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:136 sssd.conf.5.xml:173 sssd.conf.5.xml:358 #: sssd.conf.5.xml:714 sssd.conf.5.xml:729 sssd.conf.5.xml:952 -#: sssd.conf.5.xml:1070 sssd.conf.5.xml:2198 sssd-ldap.5.xml:1071 -#: sssd-ldap.5.xml:1174 sssd-ldap.5.xml:1243 sssd-ldap.5.xml:1750 -#: sssd-ldap.5.xml:1815 sssd-ipa.5.xml:342 sssd-ad.5.xml:252 sssd-ad.5.xml:366 -#: sssd-ad.5.xml:1200 sssd-ad.5.xml:1348 sssd-krb5.5.xml:358 +#: sssd.conf.5.xml:1070 sssd.conf.5.xml:2198 sssd-ldap.5.xml:1073 +#: sssd-ldap.5.xml:1176 sssd-ldap.5.xml:1245 sssd-ldap.5.xml:1752 +#: sssd-ldap.5.xml:1817 sssd-ipa.5.xml:347 sssd-ad.5.xml:252 sssd-ad.5.xml:366 +#: sssd-ad.5.xml:1200 sssd-ad.5.xml:1353 sssd-krb5.5.xml:358 msgid "Default: true" msgstr "初期値: true" @@ -241,10 +241,10 @@ msgstr "" #. type: Content of: <variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:149 sssd.conf.5.xml:652 sssd.conf.5.xml:949 -#: sssd.conf.5.xml:2101 sssd.conf.5.xml:2168 sssd.conf.5.xml:4174 -#: sssd-ldap.5.xml:312 sssd-ldap.5.xml:917 sssd-ldap.5.xml:936 -#: sssd-ldap.5.xml:1146 sssd-ldap.5.xml:1599 sssd-ldap.5.xml:1839 -#: sssd-ipa.5.xml:152 sssd-ipa.5.xml:254 sssd-ipa.5.xml:657 sssd-ad.5.xml:1106 +#: sssd.conf.5.xml:2101 sssd.conf.5.xml:2168 sssd.conf.5.xml:4191 +#: sssd-ldap.5.xml:313 sssd-ldap.5.xml:919 sssd-ldap.5.xml:938 +#: sssd-ldap.5.xml:1148 sssd-ldap.5.xml:1601 sssd-ldap.5.xml:1841 +#: sssd-ipa.5.xml:152 sssd-ipa.5.xml:254 sssd-ipa.5.xml:662 sssd-ad.5.xml:1106 #: sssd-krb5.5.xml:268 sssd-krb5.5.xml:330 sssd-krb5.5.xml:432 #: include/krb5_options.xml:163 msgid "Default: false" @@ -280,8 +280,8 @@ msgid "" msgstr "" #. type: Content of: outside any tag (error?) -#: sssd.conf.5.xml:109 sssd.conf.5.xml:184 sssd-ldap.5.xml:1656 -#: sssd-ldap.5.xml:1862 sss-certmap.5.xml:645 sssd-systemtap.5.xml:82 +#: sssd.conf.5.xml:109 sssd.conf.5.xml:184 sssd-ldap.5.xml:1658 +#: sssd-ldap.5.xml:1864 sss-certmap.5.xml:645 sssd-systemtap.5.xml:82 #: sssd-systemtap.5.xml:143 sssd-systemtap.5.xml:236 sssd-systemtap.5.xml:274 #: sssd-systemtap.5.xml:330 sssd-ldap-attributes.5.xml:40 #: sssd-ldap-attributes.5.xml:659 sssd-ldap-attributes.5.xml:801 @@ -312,7 +312,7 @@ msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:196 sssd.conf.5.xml:1290 sssd.conf.5.xml:1767 -#: sssd.conf.5.xml:4190 sssd-ldap.5.xml:765 include/ldap_id_mapping.xml:270 +#: sssd.conf.5.xml:4207 sssd-ldap.5.xml:766 include/ldap_id_mapping.xml:270 msgid "Default: 10" msgstr "初期値: 10" @@ -392,7 +392,7 @@ msgstr "" "める前に試行する回数です。" #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:266 sssd.conf.5.xml:792 sssd.conf.5.xml:3709 +#: sssd.conf.5.xml:266 sssd.conf.5.xml:792 sssd.conf.5.xml:3716 #: include/failover.xml:100 msgid "Default: 3" msgstr "初期値: 3" @@ -414,7 +414,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:287 sssd.conf.5.xml:3541 +#: sssd.conf.5.xml:287 sssd.conf.5.xml:3548 msgid "re_expression (string)" msgstr "re_expression (文字列)" @@ -434,12 +434,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:304 sssd.conf.5.xml:3598 +#: sssd.conf.5.xml:304 sssd.conf.5.xml:3605 msgid "full_name_format (string)" msgstr "full_name_format (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:307 sssd.conf.5.xml:3601 +#: sssd.conf.5.xml:307 sssd.conf.5.xml:3608 msgid "" "A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</" "manvolnum> </citerefentry>-compatible format that describes how to compose a " @@ -450,39 +450,39 @@ msgstr "" "manvolnum> </citerefentry> 互換形式。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:318 sssd.conf.5.xml:3612 +#: sssd.conf.5.xml:318 sssd.conf.5.xml:3619 msgid "%1$s" msgstr "%1$s" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:319 sssd.conf.5.xml:3613 +#: sssd.conf.5.xml:319 sssd.conf.5.xml:3620 msgid "user name" msgstr "ユーザー名" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:322 sssd.conf.5.xml:3616 +#: sssd.conf.5.xml:322 sssd.conf.5.xml:3623 msgid "%2$s" msgstr "%2$s" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:325 sssd.conf.5.xml:3619 +#: sssd.conf.5.xml:325 sssd.conf.5.xml:3626 msgid "domain name as specified in the SSSD config file." msgstr "SSSD 設定ファイルにおいて指定されるドメイン名。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:331 sssd.conf.5.xml:3625 +#: sssd.conf.5.xml:331 sssd.conf.5.xml:3632 msgid "%3$s" msgstr "%3$s" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:334 sssd.conf.5.xml:3628 +#: sssd.conf.5.xml:334 sssd.conf.5.xml:3635 msgid "" "domain flat name. Mostly usable for Active Directory domains, both directly " "configured or discovered via IPA trusts." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:315 sssd.conf.5.xml:3609 +#: sssd.conf.5.xml:315 sssd.conf.5.xml:3616 msgid "" "The following expansions are supported: <placeholder type=\"variablelist\" " "id=\"0\"/>" @@ -642,8 +642,8 @@ msgid "" msgstr "" #. type: Content of: <variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:468 sssd-ldap.5.xml:876 sssd-ldap.5.xml:888 -#: sssd-ldap.5.xml:980 sssd-ad.5.xml:920 sssd-ad.5.xml:995 sssd-krb5.5.xml:468 +#: sssd.conf.5.xml:468 sssd-ldap.5.xml:877 sssd-ldap.5.xml:889 +#: sssd-ldap.5.xml:982 sssd-ad.5.xml:920 sssd-ad.5.xml:995 sssd-krb5.5.xml:468 #: sssd-ldap-attributes.5.xml:470 sssd-ldap-attributes.5.xml:976 #: include/ldap_id_mapping.xml:211 include/ldap_id_mapping.xml:222 #: include/krb5_options.xml:148 @@ -921,7 +921,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:700 sssd.conf.5.xml:1791 sssd.conf.5.xml:4240 +#: sssd.conf.5.xml:700 sssd.conf.5.xml:1791 sssd.conf.5.xml:4257 #: sssd-ad.5.xml:187 sssd-ad.5.xml:327 sssd-ad.5.xml:341 msgid "Default: Not set" msgstr "" @@ -1124,7 +1124,7 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:858 sssd.conf.5.xml:1201 sssd.conf.5.xml:1584 -#: sssd.conf.5.xml:1880 sssd-ldap.5.xml:494 +#: sssd.conf.5.xml:1880 sssd-ldap.5.xml:495 msgid "Default: 60" msgstr "初期値: 60" @@ -1234,7 +1234,7 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:937 sssd.conf.5.xml:1214 sssd.conf.5.xml:2322 -#: sssd-ldap.5.xml:331 +#: sssd-ldap.5.xml:332 msgid "Default: 300" msgstr "初期値: 300" @@ -1646,7 +1646,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1240 sssd.conf.5.xml:2964 sssd-ldap.5.xml:548 +#: sssd.conf.5.xml:1240 sssd.conf.5.xml:2971 sssd-ldap.5.xml:549 msgid "Default: 8" msgstr "" @@ -1674,8 +1674,8 @@ msgid "" msgstr "" #. type: Content of: <variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1265 sssd.conf.5.xml:1317 sssd.conf.5.xml:3730 -#: sssd-ldap.5.xml:473 sssd-ldap.5.xml:525 include/failover.xml:116 +#: sssd.conf.5.xml:1265 sssd.conf.5.xml:1317 sssd.conf.5.xml:3737 +#: sssd-ldap.5.xml:474 sssd-ldap.5.xml:526 include/failover.xml:116 #: include/krb5_options.xml:11 msgid "Default: 6" msgstr "初期値: 6" @@ -2012,7 +2012,7 @@ msgid "pam_pwd_expiration_warning (integer)" msgstr "pam_pwd_expiration_warning (整数)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1553 sssd.conf.5.xml:2988 +#: sssd.conf.5.xml:1553 sssd.conf.5.xml:2995 msgid "Display a warning N days before the password expires." msgstr "パスワードの期限が切れる前に N 日間警告を表示します。" @@ -2027,7 +2027,7 @@ msgstr "" "ことに注意してください。この情報がなければ、sssd は警告を表示します。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1562 sssd.conf.5.xml:2991 +#: sssd.conf.5.xml:1562 sssd.conf.5.xml:2998 msgid "" "If zero is set, then this filter is not applied, i.e. if the expiration " "warning was received from backend server, it will automatically be displayed." @@ -2041,7 +2041,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1572 sssd.conf.5.xml:3977 sssd-ldap.5.xml:606 sssd.8.xml:79 +#: sssd.conf.5.xml:1572 sssd.conf.5.xml:3984 sssd-ldap.5.xml:607 sssd.8.xml:79 msgid "Default: 0" msgstr "初期値: 0" @@ -2104,8 +2104,8 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1632 sssd.conf.5.xml:1657 sssd.conf.5.xml:1676 -#: sssd.conf.5.xml:1913 sssd.conf.5.xml:2733 sssd.conf.5.xml:3906 -#: sssd-ldap.5.xml:1207 +#: sssd.conf.5.xml:1913 sssd.conf.5.xml:2733 sssd.conf.5.xml:3913 +#: sssd-ldap.5.xml:1209 msgid "Default: none" msgstr "初期値: none" @@ -2170,8 +2170,8 @@ msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1687 sssd.conf.5.xml:1698 sssd.conf.5.xml:1712 -#: sssd-ldap.5.xml:671 sssd-ldap.5.xml:692 sssd-ldap.5.xml:788 -#: sssd-ldap.5.xml:1293 sssd-ad.5.xml:505 sssd-ad.5.xml:581 sssd-ad.5.xml:1126 +#: sssd-ldap.5.xml:672 sssd-ldap.5.xml:693 sssd-ldap.5.xml:789 +#: sssd-ldap.5.xml:1295 sssd-ad.5.xml:505 sssd-ad.5.xml:581 sssd-ad.5.xml:1126 #: sssd-ad.5.xml:1175 include/ldap_id_mapping.xml:250 msgid "Default: False" msgstr "初期値: 偽" @@ -2210,7 +2210,7 @@ msgid "The path to the certificate database." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1723 sssd.conf.5.xml:2248 sssd.conf.5.xml:4354 +#: sssd.conf.5.xml:1723 sssd.conf.5.xml:2248 sssd.conf.5.xml:4371 msgid "Default:" msgstr "" @@ -2485,7 +2485,7 @@ msgid "Default: no_session" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1950 sssd.conf.5.xml:4293 +#: sssd.conf.5.xml:1950 sssd.conf.5.xml:4310 msgid "pam_gssapi_services" msgstr "" @@ -2526,7 +2526,7 @@ msgstr "" " " #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1968 sssd.conf.5.xml:3900 +#: sssd.conf.5.xml:1968 sssd.conf.5.xml:3907 msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" @@ -2536,7 +2536,7 @@ msgid "Default: - (GSSAPI authentication is disabled)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1979 sssd.conf.5.xml:4294 +#: sssd.conf.5.xml:1979 sssd.conf.5.xml:4311 msgid "pam_gssapi_check_upn" msgstr "" @@ -2556,7 +2556,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1999 sssd-ad.5.xml:1266 sss_rpcidmapd.5.xml:76 +#: sssd.conf.5.xml:1999 sssd-ad.5.xml:1271 sss_rpcidmapd.5.xml:76 #: sssd-files.5.xml:145 msgid "Default: True" msgstr "初期値: True" @@ -3349,7 +3349,7 @@ msgid "FALSE = No enumerations for this domain" msgstr "FALSE = このドメインに対して列挙しません" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2669 sssd.conf.5.xml:2943 sssd.conf.5.xml:3120 +#: sssd.conf.5.xml:2669 sssd.conf.5.xml:2950 sssd.conf.5.xml:3127 msgid "Default: FALSE" msgstr "初期値: FALSE" @@ -3636,7 +3636,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2922 sssd-ldap.5.xml:360 sssd-ldap.5.xml:1736 +#: sssd.conf.5.xml:2922 sssd-ldap.5.xml:361 sssd-ldap.5.xml:1738 #: sssd-ipa.5.xml:270 msgid "Default: 0 (disabled)" msgstr "初期値: 0 (無効)" @@ -3648,16 +3648,17 @@ msgstr "cache_credentials (論理値)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:2931 -#, fuzzy -#| msgid "" -#| "Determines if user credentials are also cached in the local LDB cache" -msgid "Determines if user credentials are also cached in the local LDB cache." +msgid "" +"Determines if user credentials are also cached in the local LDB cache. The " +"cached credentials refer to passwords, which includes the first (long term) " +"factor of two-factor authentication, not other authentication mechanisms. " +"Passkey and Smartcard authentications are expected to work offline as long " +"as a successful online authentication is recorded in the cache without " +"additional configuration." msgstr "" -"ユーザーのクレディンシャルがローカル LDB キャッシュにキャッシュされるかどうか" -"を決めます" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2935 +#: sssd.conf.5.xml:2942 msgid "" "Take a note that while credentials are stored as a salted SHA512 hash, this " "still potentially poses some security risk in case an attacker manages to " @@ -3666,12 +3667,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2949 +#: sssd.conf.5.xml:2956 msgid "cache_credentials_minimal_first_factor_length (int)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2952 +#: sssd.conf.5.xml:2959 msgid "" "If 2-Factor-Authentication (2FA) is used and credentials should be saved " "this value determines the minimal length the first authentication factor " @@ -3682,19 +3683,19 @@ msgstr "" "に保存する必要がある最小の長さを決定します。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2959 +#: sssd.conf.5.xml:2966 msgid "" "This should avoid that the short PINs of a PIN based 2FA scheme are saved in " "the cache which would make them easy targets for brute-force attacks." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2970 +#: sssd.conf.5.xml:2977 msgid "account_cache_expiration (integer)" msgstr "account_cache_expiration (整数)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2973 +#: sssd.conf.5.xml:2980 msgid "" "Number of days entries are left in cache after last successful login before " "being removed during a cleanup of the cache. 0 means keep forever. The " @@ -3706,17 +3707,17 @@ msgstr "" "offline_credentials_expiration と同等以上でなければいけません。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2980 +#: sssd.conf.5.xml:2987 msgid "Default: 0 (unlimited)" msgstr "初期値: 0 (無制限)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2985 +#: sssd.conf.5.xml:2992 msgid "pwd_expiration_warning (integer)" msgstr "pwd_expiration_warning (整数)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2996 +#: sssd.conf.5.xml:3003 msgid "" "Please note that the backend server has to provide information about the " "expiration time of the password. If this information is missing, sssd " @@ -3725,17 +3726,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3003 +#: sssd.conf.5.xml:3010 msgid "Default: 7 (Kerberos), 0 (LDAP)" msgstr "初期値: 7 (Kerberos), 0 (LDAP)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3009 +#: sssd.conf.5.xml:3016 msgid "id_provider (string)" msgstr "id_provider (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3012 +#: sssd.conf.5.xml:3019 msgid "" "The identification provider used for the domain. Supported ID providers are:" msgstr "" @@ -3743,12 +3744,12 @@ msgstr "" "ダーは次のとおりです:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3016 +#: sssd.conf.5.xml:3023 msgid "<quote>proxy</quote>: Support a legacy NSS provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3019 +#: sssd.conf.5.xml:3026 msgid "" "<quote>files</quote>: FILES provider. See <citerefentry> <refentrytitle>sssd-" "files</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more " @@ -3756,7 +3757,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3027 +#: sssd.conf.5.xml:3034 msgid "" "<quote>ldap</quote>: LDAP provider. See <citerefentry> <refentrytitle>sssd-" "ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more " @@ -3767,8 +3768,8 @@ msgstr "" "manvolnum> </citerefentry> を参照してください。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3035 sssd.conf.5.xml:3146 sssd.conf.5.xml:3197 -#: sssd.conf.5.xml:3260 +#: sssd.conf.5.xml:3042 sssd.conf.5.xml:3153 sssd.conf.5.xml:3204 +#: sssd.conf.5.xml:3267 msgid "" "<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management " "provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> " @@ -3781,8 +3782,8 @@ msgstr "" "い。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3044 sssd.conf.5.xml:3155 sssd.conf.5.xml:3206 -#: sssd.conf.5.xml:3269 +#: sssd.conf.5.xml:3051 sssd.conf.5.xml:3162 sssd.conf.5.xml:3213 +#: sssd.conf.5.xml:3276 msgid "" "<quote>ad</quote>: Active Directory provider. See <citerefentry> " "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3793,12 +3794,12 @@ msgstr "" "<manvolnum>5</manvolnum> </citerefentry> を参照してください。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3055 +#: sssd.conf.5.xml:3062 msgid "use_fully_qualified_names (bool)" msgstr "use_fully_qualified_names (論理値)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3058 +#: sssd.conf.5.xml:3065 msgid "" "Use the full name and domain (as formatted by the domain's full_name_format) " "as the user's login name reported to NSS." @@ -3807,7 +3808,7 @@ msgstr "" "名形式により整形されたように) を使用します。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3063 +#: sssd.conf.5.xml:3070 msgid "" "If set to TRUE, all requests to this domain must use fully qualified names. " "For example, if used in LOCAL domain that contains a \"test\" user, " @@ -3820,7 +3821,7 @@ msgstr "" "んが、<command>getent passwd test@LOCAL</command> は見つけられます。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3071 +#: sssd.conf.5.xml:3078 msgid "" "NOTE: This option has no effect on netgroup lookups due to their tendency to " "include nested netgroups without qualified names. For netgroups, all domains " @@ -3828,24 +3829,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3078 +#: sssd.conf.5.xml:3085 msgid "" "Default: FALSE (TRUE for trusted domain/sub-domains or if " "default_domain_suffix is used)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3085 +#: sssd.conf.5.xml:3092 msgid "ignore_group_members (bool)" msgstr "ignore_group_members (論理値)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3088 +#: sssd.conf.5.xml:3095 msgid "Do not return group members for group lookups." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3091 +#: sssd.conf.5.xml:3098 msgid "" "If set to TRUE, the group membership attribute is not requested from the " "ldap server, and group members are not returned when processing group lookup " @@ -3857,7 +3858,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3109 +#: sssd.conf.5.xml:3116 msgid "" "Enabling this option can also make access provider checks for group " "membership significantly faster, especially for groups containing many " @@ -3865,23 +3866,23 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3115 sssd.conf.5.xml:3822 sssd-ldap.5.xml:326 -#: sssd-ldap.5.xml:355 sssd-ldap.5.xml:408 sssd-ldap.5.xml:468 -#: sssd-ldap.5.xml:489 sssd-ldap.5.xml:520 sssd-ldap.5.xml:543 -#: sssd-ldap.5.xml:582 sssd-ldap.5.xml:601 sssd-ldap.5.xml:625 -#: sssd-ldap.5.xml:1051 sssd-ldap.5.xml:1084 +#: sssd.conf.5.xml:3122 sssd.conf.5.xml:3829 sssd-ldap.5.xml:327 +#: sssd-ldap.5.xml:356 sssd-ldap.5.xml:409 sssd-ldap.5.xml:469 +#: sssd-ldap.5.xml:490 sssd-ldap.5.xml:521 sssd-ldap.5.xml:544 +#: sssd-ldap.5.xml:583 sssd-ldap.5.xml:602 sssd-ldap.5.xml:626 +#: sssd-ldap.5.xml:1053 sssd-ldap.5.xml:1086 msgid "" "This option can be also set per subdomain or inherited via " "<emphasis>subdomain_inherit</emphasis>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3125 +#: sssd.conf.5.xml:3132 msgid "auth_provider (string)" msgstr "auth_provider (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3128 +#: sssd.conf.5.xml:3135 msgid "" "The authentication provider used for the domain. Supported auth providers " "are:" @@ -3890,7 +3891,7 @@ msgstr "" "ダーは次のとおりです:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3132 sssd.conf.5.xml:3190 +#: sssd.conf.5.xml:3139 sssd.conf.5.xml:3197 msgid "" "<quote>ldap</quote> for native LDAP authentication. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3901,7 +3902,7 @@ msgstr "" "manvolnum> </citerefentry> を参照してください。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3139 +#: sssd.conf.5.xml:3146 msgid "" "<quote>krb5</quote> for Kerberos authentication. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3912,19 +3913,19 @@ msgstr "" "manvolnum> </citerefentry> を参照してください。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3163 +#: sssd.conf.5.xml:3170 msgid "" "<quote>proxy</quote> for relaying authentication to some other PAM target." msgstr "" "<quote>proxy</quote> はいくつかの他の PAM ターゲットに認証を中継します。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3166 +#: sssd.conf.5.xml:3173 msgid "<quote>none</quote> disables authentication explicitly." msgstr "<quote>none</quote> は明示的に認証を無効化します。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3169 +#: sssd.conf.5.xml:3176 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can handle " "authentication requests." @@ -3933,12 +3934,12 @@ msgstr "" "ならば、それが使用されます。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3175 +#: sssd.conf.5.xml:3182 msgid "access_provider (string)" msgstr "access_provider (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3178 +#: sssd.conf.5.xml:3185 msgid "" "The access control provider used for the domain. There are two built-in " "access providers (in addition to any included in installed backends) " @@ -3949,7 +3950,7 @@ msgstr "" "えます)。内部の特別プロバイダーは次のとおりです:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3184 +#: sssd.conf.5.xml:3191 msgid "" "<quote>permit</quote> always allow access. It's the only permitted access " "provider for a local domain." @@ -3958,12 +3959,12 @@ msgstr "" "ロバイダーのみアクセスが許可されます。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3187 +#: sssd.conf.5.xml:3194 msgid "<quote>deny</quote> always deny access." msgstr "<quote>deny</quote> は常にアクセスを拒否します。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3214 +#: sssd.conf.5.xml:3221 msgid "" "<quote>simple</quote> access control based on access or deny lists. See " "<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</" @@ -3976,7 +3977,7 @@ msgstr "" "citerefentry> を参照してください。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3221 +#: sssd.conf.5.xml:3228 msgid "" "<quote>krb5</quote>: .k5login based access control. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum></" @@ -3984,22 +3985,22 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3228 +#: sssd.conf.5.xml:3235 msgid "<quote>proxy</quote> for relaying access control to another PAM module." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3231 +#: sssd.conf.5.xml:3238 msgid "Default: <quote>permit</quote>" msgstr "初期値: <quote>permit</quote>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3236 +#: sssd.conf.5.xml:3243 msgid "chpass_provider (string)" msgstr "chpass_provider (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3239 +#: sssd.conf.5.xml:3246 msgid "" "The provider which should handle change password operations for the domain. " "Supported change password providers are:" @@ -4008,7 +4009,7 @@ msgstr "" "パスワード変更プロバイダーは次のとおりです:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3244 +#: sssd.conf.5.xml:3251 msgid "" "<quote>ldap</quote> to change a password stored in a LDAP server. See " "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" @@ -4016,7 +4017,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3252 +#: sssd.conf.5.xml:3259 msgid "" "<quote>krb5</quote> to change the Kerberos password. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" @@ -4027,7 +4028,7 @@ msgstr "" "<manvolnum>5</manvolnum> </citerefentry> を参照してください。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3277 +#: sssd.conf.5.xml:3284 msgid "" "<quote>proxy</quote> for relaying password changes to some other PAM target." msgstr "" @@ -4035,12 +4036,12 @@ msgstr "" "します。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3281 +#: sssd.conf.5.xml:3288 msgid "<quote>none</quote> disallows password changes explicitly." msgstr "<quote>none</quote> は明示的にパスワードの変更を無効化します。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3284 +#: sssd.conf.5.xml:3291 msgid "" "Default: <quote>auth_provider</quote> is used if it is set and can handle " "change password requests." @@ -4049,19 +4050,19 @@ msgstr "" "うことができるならば、それが使用されます。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3291 +#: sssd.conf.5.xml:3298 msgid "sudo_provider (string)" msgstr "sudo_provider (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3294 +#: sssd.conf.5.xml:3301 msgid "The SUDO provider used for the domain. Supported SUDO providers are:" msgstr "" "ドメインに使用される SUDO プロバイダーです。サポートされる SUDO プロバイダー" "は次のとおりです:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3298 +#: sssd.conf.5.xml:3305 msgid "" "<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" @@ -4072,33 +4073,33 @@ msgstr "" "<manvolnum>5</manvolnum> </citerefentry> を参照します。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3306 +#: sssd.conf.5.xml:3313 msgid "" "<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default " "settings." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3310 +#: sssd.conf.5.xml:3317 msgid "" "<quote>ad</quote> the same as <quote>ldap</quote> but with AD default " "settings." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3314 +#: sssd.conf.5.xml:3321 msgid "<quote>none</quote> disables SUDO explicitly." msgstr "<quote>none</quote> は SUDO を明示的に無効化します。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3317 sssd.conf.5.xml:3403 sssd.conf.5.xml:3473 -#: sssd.conf.5.xml:3498 sssd.conf.5.xml:3534 +#: sssd.conf.5.xml:3324 sssd.conf.5.xml:3410 sssd.conf.5.xml:3480 +#: sssd.conf.5.xml:3505 sssd.conf.5.xml:3541 msgid "Default: The value of <quote>id_provider</quote> is used if it is set." msgstr "" "初期値: <quote>id_provider</quote> の値が設定されていると使用されます。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3321 +#: sssd.conf.5.xml:3328 msgid "" "The detailed instructions for configuration of sudo_provider are in the " "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " @@ -4109,7 +4110,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3336 +#: sssd.conf.5.xml:3343 msgid "" "<emphasis>NOTE:</emphasis> Sudo rules are periodically downloaded in the " "background unless the sudo provider is explicitly disabled. Set " @@ -4118,12 +4119,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3346 +#: sssd.conf.5.xml:3353 msgid "selinux_provider (string)" msgstr "selinux_provider (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3349 +#: sssd.conf.5.xml:3356 msgid "" "The provider which should handle loading of selinux settings. Note that this " "provider will be called right after access provider ends. Supported selinux " @@ -4131,7 +4132,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3355 +#: sssd.conf.5.xml:3362 msgid "" "<quote>ipa</quote> to load selinux settings from an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" @@ -4139,31 +4140,31 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3363 +#: sssd.conf.5.xml:3370 msgid "<quote>none</quote> disallows fetching selinux settings explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3366 +#: sssd.conf.5.xml:3373 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can handle " "selinux loading requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3372 +#: sssd.conf.5.xml:3379 msgid "subdomains_provider (string)" msgstr "subdomains_provider (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3375 +#: sssd.conf.5.xml:3382 msgid "" "The provider which should handle fetching of subdomains. This value should " "be always the same as id_provider. Supported subdomain providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3381 +#: sssd.conf.5.xml:3388 msgid "" "<quote>ipa</quote> to load a list of subdomains from an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" @@ -4171,7 +4172,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3390 +#: sssd.conf.5.xml:3397 msgid "" "<quote>ad</quote> to load a list of subdomains from an Active Directory " "server. See <citerefentry> <refentrytitle>sssd-ad</refentrytitle> " @@ -4180,17 +4181,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3399 +#: sssd.conf.5.xml:3406 msgid "<quote>none</quote> disallows fetching subdomains explicitly." msgstr "<quote>none</quote> はサブドメインの取り出しを明示的に無効化します。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3409 +#: sssd.conf.5.xml:3416 msgid "session_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3412 +#: sssd.conf.5.xml:3419 msgid "" "The provider which configures and manages user session related tasks. The " "only user session task currently provided is the integration with Fleet " @@ -4198,37 +4199,37 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3419 +#: sssd.conf.5.xml:3426 msgid "<quote>ipa</quote> to allow performing user session related tasks." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3423 +#: sssd.conf.5.xml:3430 msgid "" "<quote>none</quote> does not perform any kind of user session related tasks." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3427 +#: sssd.conf.5.xml:3434 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can perform " "session related tasks." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3431 +#: sssd.conf.5.xml:3438 msgid "" "<emphasis>NOTE:</emphasis> In order to have this feature working as expected " "SSSD must be running as \"root\" and not as the unprivileged user." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3439 +#: sssd.conf.5.xml:3446 msgid "autofs_provider (string)" msgstr "autofs_provider (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3442 +#: sssd.conf.5.xml:3449 msgid "" "The autofs provider used for the domain. Supported autofs providers are:" msgstr "" @@ -4236,7 +4237,7 @@ msgstr "" "プロバイダーは次のとおりです:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3446 +#: sssd.conf.5.xml:3453 msgid "" "<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" @@ -4247,7 +4248,7 @@ msgstr "" "<manvolnum>5</manvolnum> </citerefentry> を参照してください。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3453 +#: sssd.conf.5.xml:3460 msgid "" "<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> " "<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </" @@ -4258,7 +4259,7 @@ msgstr "" "<manvolnum>5</manvolnum> </citerefentry> を参照してください。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3461 +#: sssd.conf.5.xml:3468 msgid "" "<quote>ad</quote> to load maps stored in an AD server. See <citerefentry> " "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </" @@ -4266,17 +4267,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3470 +#: sssd.conf.5.xml:3477 msgid "<quote>none</quote> disables autofs explicitly." msgstr "<quote>none</quote> は明示的に autofs を無効にします。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3480 +#: sssd.conf.5.xml:3487 msgid "hostid_provider (string)" msgstr "hostid_provider (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3483 +#: sssd.conf.5.xml:3490 msgid "" "The provider used for retrieving host identity information. Supported " "hostid providers are:" @@ -4285,7 +4286,7 @@ msgstr "" "hostid プロバイダーは次のとおりです:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3487 +#: sssd.conf.5.xml:3494 msgid "" "<quote>ipa</quote> to load host identity stored in an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" @@ -4296,31 +4297,31 @@ msgstr "" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry> を参照してください。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3495 +#: sssd.conf.5.xml:3502 msgid "<quote>none</quote> disables hostid explicitly." msgstr "<quote>none</quote> は明示的に hostid を無効にします。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3505 +#: sssd.conf.5.xml:3512 msgid "resolver_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3508 +#: sssd.conf.5.xml:3515 msgid "" "The provider which should handle hosts and networks lookups. Supported " "resolver providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3512 +#: sssd.conf.5.xml:3519 msgid "" "<quote>proxy</quote> to forward lookups to another NSS library. See " "<quote>proxy_resolver_lib_name</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3516 +#: sssd.conf.5.xml:3523 msgid "" "<quote>ldap</quote> to fetch hosts and networks stored in LDAP. See " "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" @@ -4328,7 +4329,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3523 +#: sssd.conf.5.xml:3530 msgid "" "<quote>ad</quote> to fetch hosts and networks stored in AD. See " "<citerefentry> <refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</" @@ -4337,12 +4338,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3531 +#: sssd.conf.5.xml:3538 msgid "<quote>none</quote> disallows fetching hosts and networks explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3544 +#: sssd.conf.5.xml:3551 msgid "" "Regular expression for this domain that describes how to parse the string " "containing user name and domain into these components. The \"domain\" can " @@ -4352,24 +4353,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3553 +#: sssd.conf.5.xml:3560 msgid "" "Default: <quote>^((?P<name>.+)@(?P<domain>[^@]*)|(?P<name>" "[^@]+))$</quote> which allows two different styles for user names:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:3558 sssd.conf.5.xml:3572 +#: sssd.conf.5.xml:3565 sssd.conf.5.xml:3579 msgid "username" msgstr "username" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:3561 sssd.conf.5.xml:3575 +#: sssd.conf.5.xml:3568 sssd.conf.5.xml:3582 msgid "username@domain.name" msgstr "username@domain.name" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3566 +#: sssd.conf.5.xml:3573 msgid "" "Default for the AD and IPA provider: <quote>^(((?P<domain>[^\\\\]+)\\" "\\(?P<name>.+))|((?P<name>.+)@(?P<domain>[^@]+))|((?P<" @@ -4378,19 +4379,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:3578 +#: sssd.conf.5.xml:3585 msgid "domain\\username" msgstr "domain\\username" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3581 +#: sssd.conf.5.xml:3588 msgid "" "While the first two correspond to the general default the third one is " "introduced to allow easy integration of users from Windows domains." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3586 +#: sssd.conf.5.xml:3593 msgid "" "The default re_expression uses the <quote>@</quote> character as a separator " "between the name and the domain. As a result of this setting the default " @@ -4400,17 +4401,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3638 +#: sssd.conf.5.xml:3645 msgid "Default: <quote>%1$s@%2$s</quote>." msgstr "初期値: <quote>%1$s@%2$s</quote>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3644 +#: sssd.conf.5.xml:3651 msgid "lookup_family_order (string)" msgstr "lookup_family_order (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3647 +#: sssd.conf.5.xml:3654 msgid "" "Provides the ability to select preferred address family to use when " "performing DNS lookups." @@ -4419,80 +4420,80 @@ msgstr "" "します。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3651 +#: sssd.conf.5.xml:3658 msgid "Supported values:" msgstr "サポートする値:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3654 +#: sssd.conf.5.xml:3661 msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6" msgstr "" "ipv4_first: IPv4 アドレスの検索を試行します。失敗すると IPv6 を試行します。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3657 +#: sssd.conf.5.xml:3664 msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses." msgstr "" "ipv4_only: ホスト名を IPv4 アドレスに名前解決することのみを試行します。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3660 +#: sssd.conf.5.xml:3667 msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4" msgstr "" "ipv6_first: IPv6 アドレスの検索を試行します。失敗すると IPv4 を試行します。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3663 +#: sssd.conf.5.xml:3670 msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses." msgstr "" "ipv6_only: ホスト名を IPv6 アドレスに名前解決することのみを試行します。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3666 +#: sssd.conf.5.xml:3673 msgid "Default: ipv4_first" msgstr "初期値: ipv4_first" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3672 +#: sssd.conf.5.xml:3679 #, fuzzy #| msgid "dns_resolver_timeout (integer)" msgid "dns_resolver_server_timeout (integer)" msgstr "dns_resolver_timeout (整数)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3675 +#: sssd.conf.5.xml:3682 msgid "" "Defines the amount of time (in milliseconds) SSSD would try to talk to DNS " "server before trying next DNS server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3680 +#: sssd.conf.5.xml:3687 msgid "" "The AD provider will use this option for the CLDAP ping timeouts as well." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3684 sssd.conf.5.xml:3704 sssd.conf.5.xml:3725 +#: sssd.conf.5.xml:3691 sssd.conf.5.xml:3711 sssd.conf.5.xml:3732 msgid "" "Please see the section <quote>FAILOVER</quote> for more information about " "the service resolution." msgstr "" #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3689 sssd-ldap.5.xml:644 include/failover.xml:84 +#: sssd.conf.5.xml:3696 sssd-ldap.5.xml:645 include/failover.xml:84 msgid "Default: 1000" msgstr "初期値: 1000" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3695 +#: sssd.conf.5.xml:3702 #, fuzzy #| msgid "dns_resolver_timeout (integer)" msgid "dns_resolver_op_timeout (integer)" msgstr "dns_resolver_timeout (整数)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3698 +#: sssd.conf.5.xml:3705 msgid "" "Defines the amount of time (in seconds) to wait to resolve single DNS query " "(e.g. resolution of a hostname or an SRV record) before trying the next " @@ -4500,12 +4501,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3715 +#: sssd.conf.5.xml:3722 msgid "dns_resolver_timeout (integer)" msgstr "dns_resolver_timeout (整数)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3718 +#: sssd.conf.5.xml:3725 msgid "" "Defines the amount of time (in seconds) to wait for a reply from the " "internal fail over service before assuming that the service is unreachable. " @@ -4514,14 +4515,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3736 +#: sssd.conf.5.xml:3743 #, fuzzy #| msgid "dns_resolver_timeout (integer)" msgid "dns_resolver_use_search_list (bool)" msgstr "dns_resolver_timeout (整数)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3739 +#: sssd.conf.5.xml:3746 msgid "" "Normally, the DNS resolver searches the domain list defined in the " "\"search\" directive from the resolv.conf file. This can lead to delays in " @@ -4529,7 +4530,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3745 +#: sssd.conf.5.xml:3752 msgid "" "If fully qualified domain names (or _srv_) are used in the SSSD " "configuration, setting this option to FALSE can prevent unnecessary DNS " @@ -4537,17 +4538,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3751 +#: sssd.conf.5.xml:3758 msgid "Default: TRUE" msgstr "初期値: TRUE" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3757 +#: sssd.conf.5.xml:3764 msgid "dns_discovery_domain (string)" msgstr "dns_discovery_domain (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3760 +#: sssd.conf.5.xml:3767 msgid "" "If service discovery is used in the back end, specifies the domain part of " "the service discovery DNS query." @@ -4556,52 +4557,52 @@ msgstr "" "イン部分を指定します。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3764 +#: sssd.conf.5.xml:3771 msgid "Default: Use the domain part of machine's hostname" msgstr "初期値: マシンのホスト名のドメイン部分を使用します" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3770 +#: sssd.conf.5.xml:3777 msgid "override_gid (integer)" msgstr "override_gid (整数)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3773 +#: sssd.conf.5.xml:3780 msgid "Override the primary GID value with the one specified." msgstr "プライマリー GID の値を指定されたもので上書きします。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3779 +#: sssd.conf.5.xml:3786 msgid "case_sensitive (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3786 +#: sssd.conf.5.xml:3793 msgid "True" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3789 +#: sssd.conf.5.xml:3796 msgid "Case sensitive. This value is invalid for AD provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3795 +#: sssd.conf.5.xml:3802 msgid "False" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3797 +#: sssd.conf.5.xml:3804 msgid "Case insensitive." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3801 +#: sssd.conf.5.xml:3808 msgid "Preserving" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3804 +#: sssd.conf.5.xml:3811 msgid "" "Same as False (case insensitive), but does not lowercase names in the result " "of NSS operations. Note that name aliases (and in case of services also " @@ -4609,14 +4610,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3812 +#: sssd.conf.5.xml:3819 msgid "" "If you want to set this value for trusted domain with IPA provider, you need " "to set it on both the client and SSSD on the server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3782 +#: sssd.conf.5.xml:3789 #, fuzzy #| msgid "" #| "The following expansions are supported: <placeholder " @@ -4629,17 +4630,17 @@ msgstr "" "id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3827 +#: sssd.conf.5.xml:3834 msgid "Default: True (False for AD provider)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3833 +#: sssd.conf.5.xml:3840 msgid "subdomain_inherit (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3836 +#: sssd.conf.5.xml:3843 msgid "" "Specifies a list of configuration parameters that should be inherited by a " "subdomain. Please note that only selected parameters can be inherited. " @@ -4647,128 +4648,128 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3842 +#: sssd.conf.5.xml:3849 #, fuzzy #| msgid "ldap_search_timeout (integer)" msgid "ldap_search_timeout" msgstr "ldap_search_timeout (整数)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3845 +#: sssd.conf.5.xml:3852 #, fuzzy #| msgid "ldap_network_timeout (integer)" msgid "ldap_network_timeout" msgstr "ldap_network_timeout (整数)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3848 +#: sssd.conf.5.xml:3855 #, fuzzy #| msgid "ldap_opt_timeout (integer)" msgid "ldap_opt_timeout" msgstr "ldap_opt_timeout (整数)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3851 +#: sssd.conf.5.xml:3858 #, fuzzy #| msgid "ldap_connection_expire_timeout (integer)" msgid "ldap_offline_timeout" msgstr "ldap_connection_expire_timeout (整数)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3854 +#: sssd.conf.5.xml:3861 #, fuzzy #| msgid "ldap_enumeration_refresh_timeout (integer)" msgid "ldap_enumeration_refresh_timeout" msgstr "ldap_enumeration_refresh_timeout (整数)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3857 +#: sssd.conf.5.xml:3864 #, fuzzy #| msgid "ldap_enumeration_refresh_timeout (integer)" msgid "ldap_enumeration_refresh_offset" msgstr "ldap_enumeration_refresh_timeout (整数)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3860 +#: sssd.conf.5.xml:3867 msgid "ldap_purge_cache_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3863 +#: sssd.conf.5.xml:3870 #, fuzzy #| msgid "ldap_purge_cache_timeout (integer)" msgid "ldap_purge_cache_offset" msgstr "ldap_purge_cache_timeout (整数)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3866 +#: sssd.conf.5.xml:3873 msgid "" "ldap_krb5_keytab (the value of krb5_keytab will be used if ldap_krb5_keytab " "is not set explicitly)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3870 +#: sssd.conf.5.xml:3877 #, fuzzy #| msgid "ldap_krb5_ticket_lifetime (integer)" msgid "ldap_krb5_ticket_lifetime" msgstr "ldap_krb5_ticket_lifetime (整数)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3873 +#: sssd.conf.5.xml:3880 #, fuzzy #| msgid "ldap_enumeration_search_timeout (integer)" msgid "ldap_enumeration_search_timeout" msgstr "ldap_enumeration_search_timeout (整数)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3876 +#: sssd.conf.5.xml:3883 #, fuzzy #| msgid "ldap_connection_expire_timeout (integer)" msgid "ldap_connection_expire_timeout" msgstr "ldap_connection_expire_timeout (整数)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3879 +#: sssd.conf.5.xml:3886 #, fuzzy #| msgid "ldap_connection_expire_timeout (integer)" msgid "ldap_connection_expire_offset" msgstr "ldap_connection_expire_timeout (整数)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3882 +#: sssd.conf.5.xml:3889 #, fuzzy #| msgid "ldap_connection_expire_timeout (integer)" msgid "ldap_connection_idle_timeout" msgstr "ldap_connection_expire_timeout (整数)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3885 sssd-ldap.5.xml:400 +#: sssd.conf.5.xml:3892 sssd-ldap.5.xml:401 msgid "ldap_use_tokengroups" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3888 +#: sssd.conf.5.xml:3895 msgid "ldap_user_principal" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3891 +#: sssd.conf.5.xml:3898 msgid "ignore_group_members" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3894 +#: sssd.conf.5.xml:3901 msgid "auto_private_groups" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3897 +#: sssd.conf.5.xml:3904 msgid "case_sensitive" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:3902 +#: sssd.conf.5.xml:3909 #, no-wrap msgid "" "subdomain_inherit = ldap_purge_cache_timeout\n" @@ -4776,27 +4777,27 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3909 +#: sssd.conf.5.xml:3916 msgid "Note: This option only works with the IPA and AD provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3916 +#: sssd.conf.5.xml:3923 msgid "subdomain_homedir (string)" msgstr "subdomain_homedir (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3927 +#: sssd.conf.5.xml:3934 msgid "%F" msgstr "%F" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3928 +#: sssd.conf.5.xml:3935 msgid "flat (NetBIOS) name of a subdomain." msgstr "サブドメインのフラット (NetBIOS) 名。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3919 +#: sssd.conf.5.xml:3926 msgid "" "Use this homedir as default value for all subdomains within this domain in " "IPA AD trust. See <emphasis>override_homedir</emphasis> for info about " @@ -4806,35 +4807,35 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3933 +#: sssd.conf.5.xml:3940 msgid "" "The value can be overridden by <emphasis>override_homedir</emphasis> option." msgstr "" "値は <emphasis>override_homedir</emphasis> オプションにより上書きできます。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3937 +#: sssd.conf.5.xml:3944 msgid "Default: <filename>/home/%d/%u</filename>" msgstr "初期値: <filename>/home/%d/%u</filename>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3942 +#: sssd.conf.5.xml:3949 msgid "realmd_tags (string)" msgstr "realmd_tags (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3945 +#: sssd.conf.5.xml:3952 msgid "" "Various tags stored by the realmd configuration service for this domain." msgstr "このドメインのための realmd 設定サービスによって格納された様々なタグ。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3951 +#: sssd.conf.5.xml:3958 msgid "cached_auth_timeout (int)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3954 +#: sssd.conf.5.xml:3961 msgid "" "Specifies time in seconds since last successful online authentication for " "which user will be authenticated using cached credentials while SSSD is in " @@ -4843,19 +4844,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3962 +#: sssd.conf.5.xml:3969 msgid "" "This option's value is inherited by all trusted domains. At the moment it is " "not possible to set a different value per trusted domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3967 +#: sssd.conf.5.xml:3974 msgid "Special value 0 implies that this feature is disabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3971 +#: sssd.conf.5.xml:3978 msgid "" "Please note that if <quote>cached_auth_timeout</quote> is longer than " "<quote>pam_id_timeout</quote> then the back end could be called to handle " @@ -4863,14 +4864,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3982 +#: sssd.conf.5.xml:3989 #, fuzzy #| msgid "ldap_pwd_policy (string)" msgid "local_auth_policy (string)" msgstr "ldap_pwd_policy (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3985 +#: sssd.conf.5.xml:3992 msgid "" "Local authentication methods policy. Some backends (i.e. LDAP, proxy " "provider) only support a password based authentication, while others can " @@ -4881,7 +4882,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3995 +#: sssd.conf.5.xml:4002 msgid "" "There are three possible values for this option: match, only, enable. " "<quote>match</quote> is used to match offline and online states for Kerberos " @@ -4892,8 +4893,17 @@ msgid "" "separated, such as <quote>enable:passkey, enable:smartcard</quote>" msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4014 +msgid "" +"Please note that if local Smartcard authentication is enabled and a " +"Smartcard is present, Smartcard authentication will be preferred over the " +"authentication methods supported by the backend. I.e. there will be a PIN " +"prompt instead of e.g. a password prompt." +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:4011 +#: sssd.conf.5.xml:4026 #, no-wrap msgid "" "[domain/shadowutils]\n" @@ -4904,7 +4914,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4007 +#: sssd.conf.5.xml:4022 msgid "" "The following configuration example allows local users to authenticate " "locally using any enabled method (i.e. smartcard, passkey). <placeholder " @@ -4912,38 +4922,38 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4019 +#: sssd.conf.5.xml:4034 #, fuzzy #| msgid "This option is not available in IPA provider." msgid "This option is ignored for the files provider." msgstr "このオプションは IPA プロバイダーにおいて利用可能ではありません。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4022 +#: sssd.conf.5.xml:4037 #, fuzzy #| msgid "Default: cn" msgid "Default: match" msgstr "初期値: cn" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4027 +#: sssd.conf.5.xml:4042 msgid "auto_private_groups (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4033 +#: sssd.conf.5.xml:4048 msgid "true" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4036 +#: sssd.conf.5.xml:4051 msgid "" "Create user's private group unconditionally from user's UID number. The GID " "number is ignored in this case." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4040 +#: sssd.conf.5.xml:4055 msgid "" "NOTE: Because the GID number and the user private group are inferred from " "the UID number, it is not supported to have multiple entries with the same " @@ -4952,24 +4962,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4049 +#: sssd.conf.5.xml:4064 msgid "false" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4052 +#: sssd.conf.5.xml:4067 msgid "" "Always use the user's primary GID number. The GID number must refer to a " "group object in the LDAP database." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4058 +#: sssd.conf.5.xml:4073 msgid "hybrid" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4061 +#: sssd.conf.5.xml:4076 msgid "" "A primary group is autogenerated for user entries whose UID and GID numbers " "have the same value and at the same time the GID number does not correspond " @@ -4979,14 +4989,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4074 +#: sssd.conf.5.xml:4089 msgid "" "If the UID and GID of a user are different, then the GID must correspond to " "a group entry, otherwise the GID is simply not resolvable." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4081 +#: sssd.conf.5.xml:4096 msgid "" "This feature is useful for environments that wish to stop maintaining a " "separate group objects for the user private groups, but also wish to retain " @@ -4994,21 +5004,21 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4030 +#: sssd.conf.5.xml:4045 msgid "" "This option takes any of three available values: <placeholder " "type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4093 +#: sssd.conf.5.xml:4108 msgid "" "For subdomains, the default value is False for subdomains that use assigned " "POSIX IDs and True for subdomains that use automatic ID-mapping." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:4101 +#: sssd.conf.5.xml:4116 #, no-wrap msgid "" "[domain/forest.domain/sub.domain]\n" @@ -5016,7 +5026,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:4107 +#: sssd.conf.5.xml:4122 #, no-wrap msgid "" "[domain/forest.domain]\n" @@ -5025,7 +5035,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4098 +#: sssd.conf.5.xml:4113 msgid "" "The value of auto_private_groups can either be set per subdomains in a " "subsection, for example: <placeholder type=\"programlisting\" id=\"0\"/> or " @@ -5045,31 +5055,36 @@ msgstr "" "type=\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4122 +#: sssd.conf.5.xml:4137 msgid "proxy_pam_target (string)" msgstr "proxy_pam_target (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4125 +#: sssd.conf.5.xml:4140 msgid "The proxy target PAM proxies to." msgstr "中継するプロキシターゲット PAM です。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4128 +#: sssd.conf.5.xml:4143 +#, fuzzy +#| msgid "" +#| "Default: not set by default, you have to take an existing pam " +#| "configuration or create a new one and add the service name here." msgid "" "Default: not set by default, you have to take an existing pam configuration " -"or create a new one and add the service name here." +"or create a new one and add the service name here. As an alternative you can " +"enable local authentication with the local_auth_policy option." msgstr "" "初期値: 設定されません。既存の PAM 設定を使用するか、新しく作成してサービス名" "をここに追加する必要があります。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4136 +#: sssd.conf.5.xml:4153 msgid "proxy_lib_name (string)" msgstr "proxy_lib_name (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4139 +#: sssd.conf.5.xml:4156 msgid "" "The name of the NSS library to use in proxy domains. The NSS functions " "searched for in the library are in the form of _nss_$(libName)_$(function), " @@ -5080,12 +5095,12 @@ msgstr "" "_nss_files_getpwent です。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4149 +#: sssd.conf.5.xml:4166 msgid "proxy_resolver_lib_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4152 +#: sssd.conf.5.xml:4169 msgid "" "The name of the NSS library to use for hosts and networks lookups in proxy " "domains. The NSS functions searched for in the library are in the form of " @@ -5093,12 +5108,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4163 +#: sssd.conf.5.xml:4180 msgid "proxy_fast_alias (boolean)" msgstr "proxy_fast_alias (論理値)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4166 +#: sssd.conf.5.xml:4183 msgid "" "When a user or group is looked up by name in the proxy provider, a second " "lookup by ID is performed to \"canonicalize\" the name in case the requested " @@ -5107,12 +5122,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4180 +#: sssd.conf.5.xml:4197 msgid "proxy_max_children (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4183 +#: sssd.conf.5.xml:4200 msgid "" "This option specifies the number of pre-forked proxy children. It is useful " "for high-load SSSD environments where sssd may run out of available child " @@ -5120,7 +5135,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4118 +#: sssd.conf.5.xml:4133 msgid "" "Options valid for proxy domains. <placeholder type=\"variablelist\" " "id=\"0\"/>" @@ -5129,12 +5144,12 @@ msgstr "" "type=\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:4199 +#: sssd.conf.5.xml:4216 msgid "Application domains" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4201 +#: sssd.conf.5.xml:4218 msgid "" "SSSD, with its D-Bus interface (see <citerefentry> <refentrytitle>sssd-ifp</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry>) is appealing to " @@ -5151,7 +5166,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4221 +#: sssd.conf.5.xml:4238 msgid "" "Please note that the application domain must still be explicitly enabled in " "the <quote>domains</quote> parameter so that the lookup order between the " @@ -5159,17 +5174,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> -#: sssd.conf.5.xml:4227 +#: sssd.conf.5.xml:4244 msgid "Application domain parameters" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4229 +#: sssd.conf.5.xml:4246 msgid "inherit_from (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4232 +#: sssd.conf.5.xml:4249 msgid "" "The SSSD POSIX-type domain the application domain inherits all settings " "from. The application domain can moreover add its own settings to the " @@ -5178,7 +5193,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4246 +#: sssd.conf.5.xml:4263 msgid "" "The following example illustrates the use of an application domain. In this " "setup, the POSIX domain is connected to an LDAP server and is used by the OS " @@ -5188,7 +5203,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><programlisting> -#: sssd.conf.5.xml:4254 +#: sssd.conf.5.xml:4271 #, no-wrap msgid "" "[sssd]\n" @@ -5208,12 +5223,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4274 +#: sssd.conf.5.xml:4291 msgid "TRUSTED DOMAIN SECTION" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4276 +#: sssd.conf.5.xml:4293 msgid "" "Some options used in the domain section can also be used in the trusted " "domain section, that is, in a section called <quote>[domain/" @@ -5224,69 +5239,69 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4283 +#: sssd.conf.5.xml:4300 msgid "ldap_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4284 +#: sssd.conf.5.xml:4301 msgid "ldap_user_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4285 +#: sssd.conf.5.xml:4302 msgid "ldap_group_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4286 +#: sssd.conf.5.xml:4303 msgid "ldap_netgroup_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4287 +#: sssd.conf.5.xml:4304 msgid "ldap_service_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4288 +#: sssd.conf.5.xml:4305 msgid "ldap_sasl_mech," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4289 +#: sssd.conf.5.xml:4306 msgid "ad_server," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4290 +#: sssd.conf.5.xml:4307 msgid "ad_backup_server," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4291 +#: sssd.conf.5.xml:4308 msgid "ad_site," msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4292 sssd-ipa.5.xml:879 +#: sssd.conf.5.xml:4309 sssd-ipa.5.xml:884 msgid "use_fully_qualified_names" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4296 +#: sssd.conf.5.xml:4313 msgid "" "For more details about these options see their individual description in the " "manual page." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4302 +#: sssd.conf.5.xml:4319 msgid "CERTIFICATE MAPPING SECTION" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4304 +#: sssd.conf.5.xml:4321 msgid "" "To allow authentication with Smartcards and certificates SSSD must be able " "to map certificates to users. This can be done by adding the full " @@ -5299,7 +5314,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4318 +#: sssd.conf.5.xml:4335 msgid "" "To make the mapping more flexible mapping and matching rules were added to " "SSSD (see <citerefentry> <refentrytitle>sss-certmap</refentrytitle> " @@ -5307,7 +5322,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4327 +#: sssd.conf.5.xml:4344 msgid "" "A mapping and matching rule can be added to the SSSD configuration in a " "section on its own with a name like <quote>[certmap/" @@ -5316,55 +5331,55 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4334 +#: sssd.conf.5.xml:4351 msgid "matchrule (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4337 +#: sssd.conf.5.xml:4354 msgid "" "Only certificates from the Smartcard which matches this rule will be " "processed, all others are ignored." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4341 +#: sssd.conf.5.xml:4358 msgid "" "Default: KRB5:<EKU>clientAuth, i.e. only certificates which have the " "Extended Key Usage <quote>clientAuth</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4348 +#: sssd.conf.5.xml:4365 msgid "maprule (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4351 +#: sssd.conf.5.xml:4368 msgid "Defines how the user is found for a given certificate." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4357 +#: sssd.conf.5.xml:4374 msgid "" "LDAP:(userCertificate;binary={cert!bin}) for LDAP based providers like " "<quote>ldap</quote>, <quote>AD</quote> or <quote>ipa</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4363 +#: sssd.conf.5.xml:4380 msgid "" "The RULE_NAME for the <quote>files</quote> provider which tries to find a " "user with the same name." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4372 +#: sssd.conf.5.xml:4389 msgid "domains (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4375 +#: sssd.conf.5.xml:4392 msgid "" "Comma separated list of domain names the rule should be applied. By default " "a rule is only valid in the domain configured in sssd.conf. If the provider " @@ -5373,17 +5388,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4382 +#: sssd.conf.5.xml:4399 msgid "Default: the configured domain in sssd.conf" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4387 +#: sssd.conf.5.xml:4404 msgid "priority (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4390 +#: sssd.conf.5.xml:4407 msgid "" "Unsigned integer value defining the priority of the rule. The higher the " "number the lower the priority. <quote>0</quote> stands for the highest " @@ -5391,26 +5406,26 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4396 +#: sssd.conf.5.xml:4413 msgid "Default: the lowest priority" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4402 +#: sssd.conf.5.xml:4419 msgid "" "To make the configuration simple and reduce the amount of configuration " "options the <quote>files</quote> provider has some special properties:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4408 +#: sssd.conf.5.xml:4425 msgid "" "if maprule is not set the RULE_NAME name is assumed to be the name of the " "matching user" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4414 +#: sssd.conf.5.xml:4431 msgid "" "if a maprule is used both a single user name or a template like " "<quote>{subject_rfc822_name.short_name}</quote> must be in braces like e.g. " @@ -5419,17 +5434,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4423 +#: sssd.conf.5.xml:4440 msgid "the <quote>domains</quote> option is ignored" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4431 +#: sssd.conf.5.xml:4448 msgid "PROMPTING CONFIGURATION SECTION" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4433 +#: sssd.conf.5.xml:4450 msgid "" "If a special file (<filename>/var/lib/sss/pubconf/pam_preauth_available</" "filename>) exists SSSD's PAM module pam_sss will ask SSSD to figure out " @@ -5439,7 +5454,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4441 +#: sssd.conf.5.xml:4458 msgid "" "With the growing number of authentication methods and the possibility that " "there are multiple ones for a single user the heuristic used by pam_sss to " @@ -5448,59 +5463,59 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4453 +#: sssd.conf.5.xml:4470 msgid "[prompting/password]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4456 +#: sssd.conf.5.xml:4473 msgid "password_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4457 +#: sssd.conf.5.xml:4474 msgid "to change the string of the password prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4455 +#: sssd.conf.5.xml:4472 msgid "" "to configure password prompting, allowed options are: <placeholder " "type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4465 +#: sssd.conf.5.xml:4482 msgid "[prompting/2fa]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4469 +#: sssd.conf.5.xml:4486 msgid "first_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4470 +#: sssd.conf.5.xml:4487 msgid "to change the string of the prompt for the first factor" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4473 +#: sssd.conf.5.xml:4490 msgid "second_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4474 +#: sssd.conf.5.xml:4491 msgid "to change the string of the prompt for the second factor" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4477 +#: sssd.conf.5.xml:4494 msgid "single_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4478 +#: sssd.conf.5.xml:4495 msgid "" "boolean value, if True there will be only a single prompt using the value of " "first_prompt where it is expected that both factors are entered as a single " @@ -5509,7 +5524,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4467 +#: sssd.conf.5.xml:4484 msgid "" "to configure two-factor authentication prompting, allowed options are: " "<placeholder type=\"variablelist\" id=\"0\"/> If the second factor is " @@ -5518,17 +5533,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4495 +#: sssd.conf.5.xml:4512 msgid "[prompting/passkey]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4501 sssd-ad.5.xml:1021 +#: sssd.conf.5.xml:4518 sssd-ad.5.xml:1021 msgid "interactive" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4503 +#: sssd.conf.5.xml:4520 msgid "" "boolean value, if True prompt a message and wait before testing the presence " "of a passkey device. Recommended if your device doesn’t have a tactile " @@ -5536,39 +5551,39 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4511 +#: sssd.conf.5.xml:4528 msgid "interactive_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4513 +#: sssd.conf.5.xml:4530 msgid "to change the message of the interactive prompt." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4518 +#: sssd.conf.5.xml:4535 msgid "touch" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4520 +#: sssd.conf.5.xml:4537 msgid "" "boolean value, if True prompt a message to remind the user to touch the " "device." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4526 +#: sssd.conf.5.xml:4543 msgid "touch_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4528 +#: sssd.conf.5.xml:4545 msgid "to change the message of the touch prompt." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4497 +#: sssd.conf.5.xml:4514 #, fuzzy #| msgid "" #| "The following expansions are supported: <placeholder " @@ -5581,7 +5596,7 @@ msgstr "" "id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4448 +#: sssd.conf.5.xml:4465 msgid "" "Each supported authentication method has its own configuration subsection " "under <quote>[prompting/...]</quote>. Currently there are: <placeholder " @@ -5590,7 +5605,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4539 +#: sssd.conf.5.xml:4556 msgid "" "It is possible to add a subsection for specific PAM services, e.g. " "<quote>[prompting/password/sshd]</quote> to individual change the prompting " @@ -5598,12 +5613,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4546 pam_sss_gss.8.xml:157 idmap_sss.8.xml:43 +#: sssd.conf.5.xml:4563 pam_sss_gss.8.xml:157 idmap_sss.8.xml:43 msgid "EXAMPLES" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4552 +#: sssd.conf.5.xml:4569 #, no-wrap msgid "" "[sssd]\n" @@ -5657,7 +5672,7 @@ msgstr "" "enumerate = False\n" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4548 +#: sssd.conf.5.xml:4565 msgid "" "1. The following example shows a typical SSSD config. It does not describe " "configuration of the domains themselves - refer to documentation on " @@ -5666,7 +5681,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4585 +#: sssd.conf.5.xml:4602 #, no-wrap msgid "" "[domain/ipa.com/child.ad.com]\n" @@ -5674,7 +5689,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4579 +#: sssd.conf.5.xml:4596 msgid "" "2. The following example shows configuration of IPA AD trust where the AD " "forest consists of two domains in a parent-child structure. Suppose IPA " @@ -5685,7 +5700,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4596 +#: sssd.conf.5.xml:4613 #, no-wrap msgid "" "[certmap/my.domain/rule_name]\n" @@ -5696,7 +5711,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4590 +#: sssd.conf.5.xml:4607 msgid "" "3. The following example shows the configuration of a certificate mapping " "rule. It is valid for the configured domain <quote>my.domain</quote> and " @@ -5751,14 +5766,23 @@ msgstr "SSSD が複数の LDAP ドメインを使用するよう設定できま #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ldap.5.xml:38 +#, fuzzy +#| msgid "" +#| "LDAP back end supports id, auth, access and chpass providers. If you want " +#| "to authenticate against an LDAP server either TLS/SSL or LDAPS is " +#| "required. <command>sssd</command> <emphasis>does not</emphasis> support " +#| "authentication over an unencrypted channel. If the LDAP server is used " +#| "only as an identity provider, an encrypted channel is not needed. Please " +#| "refer to <quote>ldap_access_filter</quote> config option for more " +#| "information about using LDAP as an access provider." msgid "" "LDAP back end supports id, auth, access and chpass providers. If you want to " "authenticate against an LDAP server either TLS/SSL or LDAPS is required. " "<command>sssd</command> <emphasis>does not</emphasis> support authentication " -"over an unencrypted channel. If the LDAP server is used only as an identity " -"provider, an encrypted channel is not needed. Please refer to " -"<quote>ldap_access_filter</quote> config option for more information about " -"using LDAP as an access provider." +"over an unencrypted channel. Even if the LDAP server is used only as an " +"identity provider, an encrypted channel is strongly recommended. Please " +"refer to <quote>ldap_access_filter</quote> config option for more " +"information about using LDAP as an access provider." msgstr "" "LDAP バックエンドは id, auth, access および chpass プロバイダーをサポートしま" "す。 LDAP サーバーに対して認証したければ、 TLS/SSL または LDAPS のどちらかが" @@ -5769,19 +5793,19 @@ msgstr "" "オプションを参照してください。" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:82 sssd-ad.5.xml:130 +#: sssd-ldap.5.xml:50 sssd-simple.5.xml:69 sssd-ipa.5.xml:82 sssd-ad.5.xml:130 #: sssd-krb5.5.xml:63 sssd-ifp.5.xml:60 sssd-files.5.xml:77 #: sssd-session-recording.5.xml:58 sssd-kcm.8.xml:202 msgid "CONFIGURATION OPTIONS" msgstr "設定オプション" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:66 +#: sssd-ldap.5.xml:67 msgid "ldap_uri, ldap_backup_uri (string)" msgstr "ldap_uri, ldap_backup_uri (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:69 +#: sssd-ldap.5.xml:70 msgid "" "Specifies the comma-separated list of URIs of the LDAP servers to which SSSD " "should connect in the order of preference. Refer to the <quote>FAILOVER</" @@ -5791,17 +5815,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:76 +#: sssd-ldap.5.xml:77 msgid "The format of the URI must match the format defined in RFC 2732:" msgstr "URI の形式は RFC 2732 に決められている形式と一致しなければいけません:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:79 +#: sssd-ldap.5.xml:80 msgid "ldap[s]://<host>[:port]" msgstr "ldap[s]://<host>[:port]" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:82 +#: sssd-ldap.5.xml:83 msgid "" "For explicit IPv6 addresses, <host> must be enclosed in brackets []" msgstr "" @@ -5809,17 +5833,17 @@ msgstr "" "す。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:85 +#: sssd-ldap.5.xml:86 msgid "example: ldap://[fc00::126:25]:389" msgstr "例: ldap://[fc00::126:25]:389" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:91 +#: sssd-ldap.5.xml:92 msgid "ldap_chpass_uri, ldap_chpass_backup_uri (string)" msgstr "ldap_chpass_uri, ldap_chpass_backup_uri (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:94 +#: sssd-ldap.5.xml:95 msgid "" "Specifies the comma-separated list of URIs of the LDAP servers to which SSSD " "should connect in the order of preference to change the password of a user. " @@ -5828,29 +5852,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:101 +#: sssd-ldap.5.xml:102 msgid "To enable service discovery ldap_chpass_dns_service_name must be set." msgstr "" "サービス discovery ldap_chpass_dns_service_name を有効にするには、設定する必" "要があります。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:105 +#: sssd-ldap.5.xml:106 msgid "Default: empty, i.e. ldap_uri is used." msgstr "初期値: 空、つまり ldap_uri が使用されます。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:111 +#: sssd-ldap.5.xml:112 msgid "ldap_search_base (string)" msgstr "ldap_search_base (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:114 +#: sssd-ldap.5.xml:115 msgid "The default base DN to use for performing LDAP user operations." msgstr "LDAP ユーザー操作を実行するために使用される初期ベース DN です。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:118 +#: sssd-ldap.5.xml:119 msgid "" "Starting with SSSD 1.7.0, SSSD supports multiple search bases using the " "syntax:" @@ -5858,17 +5882,17 @@ msgstr "" "SSSD 1.7.0 以降、SSSD は次の構文を使用して複数の検索ベースをサポートします:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:122 +#: sssd-ldap.5.xml:123 msgid "search_base[?scope?[filter][?search_base?scope?[filter]]*]" msgstr "search_base[?scope?[filter][?search_base?scope?[filter]]*]" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:125 +#: sssd-ldap.5.xml:126 msgid "The scope can be one of \"base\", \"onelevel\" or \"subtree\"." msgstr "範囲は \"base\", \"onelevel\" または \"subtree\" のどれかです。" #. type: Content of: <listitem><para> -#: sssd-ldap.5.xml:128 include/ldap_search_bases.xml:18 +#: sssd-ldap.5.xml:129 include/ldap_search_bases.xml:18 msgid "" "The filter must be a valid LDAP search filter as specified by http://www." "ietf.org/rfc/rfc2254.txt" @@ -5877,13 +5901,13 @@ msgstr "" "な LDAP 検索フィルターである必要があります。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:132 sssd-ad.5.xml:311 sss_override.8.xml:143 +#: sssd-ldap.5.xml:133 sssd-ad.5.xml:311 sss_override.8.xml:143 #: sss_override.8.xml:240 sssd-ldap-attributes.5.xml:453 msgid "Examples:" msgstr "例:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:135 +#: sssd-ldap.5.xml:136 msgid "" "ldap_search_base = dc=example,dc=com (which is equivalent to) " "ldap_search_base = dc=example,dc=com?subtree?" @@ -5892,7 +5916,7 @@ msgstr "" "ldap_search_base = dc=example,dc=com?subtree?" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:140 +#: sssd-ldap.5.xml:141 msgid "" "ldap_search_base = cn=host_specific,dc=example,dc=com?subtree?" "(host=thishost)?dc=example.com?subtree?" @@ -5901,7 +5925,7 @@ msgstr "" "(host=thishost)?dc=example.com?subtree?" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:143 +#: sssd-ldap.5.xml:144 msgid "" "Note: It is unsupported to have multiple search bases which reference " "identically-named objects (for example, groups with the same name in two " @@ -5910,7 +5934,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:150 +#: sssd-ldap.5.xml:151 msgid "" "Default: If not set, the value of the defaultNamingContext or namingContexts " "attribute from the RootDSE of the LDAP server is used. If " @@ -5921,12 +5945,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:164 +#: sssd-ldap.5.xml:165 msgid "ldap_schema (string)" msgstr "ldap_schema (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:167 +#: sssd-ldap.5.xml:168 msgid "" "Specifies the Schema Type in use on the target LDAP server. Depending on " "the selected schema, the default attribute names retrieved from the servers " @@ -5934,32 +5958,32 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:174 +#: sssd-ldap.5.xml:175 msgid "Four schema types are currently supported:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:178 +#: sssd-ldap.5.xml:179 msgid "rfc2307" msgstr "rfc2307" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:183 +#: sssd-ldap.5.xml:184 msgid "rfc2307bis" msgstr "rfc2307bis" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:188 +#: sssd-ldap.5.xml:189 msgid "IPA" msgstr "IPA" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:193 +#: sssd-ldap.5.xml:194 msgid "AD" msgstr "AD" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:199 +#: sssd-ldap.5.xml:200 msgid "" "The main difference between these schema types is how group memberships are " "recorded in the server. With rfc2307, group members are listed by name in " @@ -5970,37 +5994,37 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:209 +#: sssd-ldap.5.xml:210 msgid "Default: rfc2307" msgstr "初期値: rfc2307" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:215 +#: sssd-ldap.5.xml:216 msgid "ldap_pwmodify_mode (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:218 +#: sssd-ldap.5.xml:219 msgid "Specify the operation that is used to modify user password." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:222 +#: sssd-ldap.5.xml:223 msgid "Two modes are currently supported:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:226 +#: sssd-ldap.5.xml:227 msgid "exop - Password Modify Extended Operation (RFC 3062)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:232 +#: sssd-ldap.5.xml:233 msgid "ldap_modify - Direct modification of userPassword (not recommended)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:239 +#: sssd-ldap.5.xml:240 msgid "" "Note: First, a new connection is established to verify current password by " "binding as the user that requested password change. If successful, this " @@ -6009,74 +6033,74 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:247 +#: sssd-ldap.5.xml:248 msgid "Default: exop" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:253 +#: sssd-ldap.5.xml:254 msgid "ldap_default_bind_dn (string)" msgstr "ldap_default_bind_dn (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:256 +#: sssd-ldap.5.xml:257 msgid "The default bind DN to use for performing LDAP operations." msgstr "LDAP ユーザー操作を実行するために使用される初期バインド DN です。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:263 +#: sssd-ldap.5.xml:264 msgid "ldap_default_authtok_type (string)" msgstr "ldap_default_authtok_type (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:266 +#: sssd-ldap.5.xml:267 msgid "The type of the authentication token of the default bind DN." msgstr "初期バインド DN の認証トークンの形式です。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:270 +#: sssd-ldap.5.xml:271 msgid "The two mechanisms currently supported are:" msgstr "現在 2 つのメカニズムがサポートされます:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:273 +#: sssd-ldap.5.xml:274 msgid "password" msgstr "password" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:276 +#: sssd-ldap.5.xml:277 msgid "obfuscated_password" msgstr "obfuscated_password" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:279 +#: sssd-ldap.5.xml:280 msgid "Default: password" msgstr "初期値: password" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:282 +#: sssd-ldap.5.xml:283 msgid "" "See the <citerefentry> <refentrytitle>sss_obfuscate</refentrytitle> " "<manvolnum>8</manvolnum> </citerefentry> manual page for more information." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:293 +#: sssd-ldap.5.xml:294 msgid "ldap_default_authtok (string)" msgstr "ldap_default_authtok (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:296 +#: sssd-ldap.5.xml:297 msgid "The authentication token of the default bind DN." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:302 +#: sssd-ldap.5.xml:303 msgid "ldap_force_upper_case_realm (boolean)" msgstr "ldap_force_upper_case_realm (論理値)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:305 +#: sssd-ldap.5.xml:306 msgid "" "Some directory servers, for example Active Directory, might deliver the " "realm part of the UPN in lower case, which might cause the authentication to " @@ -6088,12 +6112,12 @@ msgstr "" "場合、このオプションを 0 以外に設定します。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:318 +#: sssd-ldap.5.xml:319 msgid "ldap_enumeration_refresh_timeout (integer)" msgstr "ldap_enumeration_refresh_timeout (整数)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:321 +#: sssd-ldap.5.xml:322 msgid "" "Specifies how many seconds SSSD has to wait before refreshing its cache of " "enumerated records." @@ -6101,12 +6125,12 @@ msgstr "" "SSSD が列挙レコードのキャッシュを更新する前に待つ必要がある秒数を指定します。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:337 +#: sssd-ldap.5.xml:338 msgid "ldap_purge_cache_timeout (integer)" msgstr "ldap_purge_cache_timeout (整数)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:340 +#: sssd-ldap.5.xml:341 msgid "" "Determine how often to check the cache for inactive entries (such as groups " "with no members and users who have never logged in) and remove them to save " @@ -6117,7 +6141,7 @@ msgstr "" "削除する間隔を決めます。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:346 +#: sssd-ldap.5.xml:347 msgid "" "Setting this option to zero will disable the cache cleanup operation. Please " "note that if enumeration is enabled, the cleanup task is required in order " @@ -6126,12 +6150,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:366 +#: sssd-ldap.5.xml:367 msgid "ldap_group_nesting_level (integer)" msgstr "ldap_group_nesting_level (整数)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:369 +#: sssd-ldap.5.xml:370 msgid "" "If ldap_schema is set to a schema format that supports nested groups (e.g. " "RFC2307bis), then this option controls how many levels of nesting SSSD will " @@ -6142,7 +6166,7 @@ msgstr "" "のオプションは RFC2307 スキーマにおいて効果がありません。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:376 +#: sssd-ldap.5.xml:377 msgid "" "Note: This option specifies the guaranteed level of nested groups to be " "processed for any lookup. However, nested groups beyond this limit " @@ -6152,7 +6176,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:385 +#: sssd-ldap.5.xml:386 msgid "" "If ldap_group_nesting_level is set to 0 then no nested groups are processed " "at all. However, when connected to Active-Directory Server 2008 and later " @@ -6162,37 +6186,37 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:394 +#: sssd-ldap.5.xml:395 msgid "Default: 2" msgstr "初期値: 2" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:403 +#: sssd-ldap.5.xml:404 msgid "" "This options enables or disables use of Token-Groups attribute when " "performing initgroup for users from Active Directory Server 2008 and later." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:413 +#: sssd-ldap.5.xml:414 msgid "Default: True for AD and IPA otherwise False." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:419 +#: sssd-ldap.5.xml:420 msgid "ldap_host_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:422 +#: sssd-ldap.5.xml:423 msgid "Optional. Use the given string as search base for host objects." msgstr "" "オプションです。ホストオブジェクトの検索ベースとして与えられた文字列を使用し" "ます。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:426 sssd-ipa.5.xml:457 sssd-ipa.5.xml:476 sssd-ipa.5.xml:495 -#: sssd-ipa.5.xml:514 +#: sssd-ldap.5.xml:427 sssd-ipa.5.xml:462 sssd-ipa.5.xml:481 sssd-ipa.5.xml:500 +#: sssd-ipa.5.xml:519 msgid "" "See <quote>ldap_search_base</quote> for information about configuring " "multiple search bases." @@ -6201,32 +6225,32 @@ msgstr "" "してください。" #. type: Content of: <listitem><para> -#: sssd-ldap.5.xml:431 sssd-ipa.5.xml:462 include/ldap_search_bases.xml:27 +#: sssd-ldap.5.xml:432 sssd-ipa.5.xml:467 include/ldap_search_bases.xml:27 msgid "Default: the value of <emphasis>ldap_search_base</emphasis>" msgstr "初期値: <emphasis>ldap_search_base</emphasis> の値" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:438 +#: sssd-ldap.5.xml:439 msgid "ldap_service_search_base (string)" msgstr "ldap_service_search_base (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:443 +#: sssd-ldap.5.xml:444 msgid "ldap_iphost_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:448 +#: sssd-ldap.5.xml:449 msgid "ldap_ipnetwork_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:453 +#: sssd-ldap.5.xml:454 msgid "ldap_search_timeout (integer)" msgstr "ldap_search_timeout (整数)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:456 +#: sssd-ldap.5.xml:457 msgid "" "Specifies the timeout (in seconds) that ldap searches are allowed to run " "before they are cancelled and cached results are returned (and offline mode " @@ -6234,7 +6258,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:462 +#: sssd-ldap.5.xml:463 msgid "" "Note: this option is subject to change in future versions of the SSSD. It " "will likely be replaced at some point by a series of timeouts for specific " @@ -6245,12 +6269,12 @@ msgstr "" "かもしれません。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:479 +#: sssd-ldap.5.xml:480 msgid "ldap_enumeration_search_timeout (integer)" msgstr "ldap_enumeration_search_timeout (整数)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:482 +#: sssd-ldap.5.xml:483 msgid "" "Specifies the timeout (in seconds) that ldap searches for user and group " "enumerations are allowed to run before they are cancelled and cached results " @@ -6258,12 +6282,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:500 +#: sssd-ldap.5.xml:501 msgid "ldap_network_timeout (integer)" msgstr "ldap_network_timeout (整数)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:503 +#: sssd-ldap.5.xml:504 msgid "" "Specifies the timeout (in seconds) after which the <citerefentry> " "<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/" @@ -6279,12 +6303,12 @@ msgstr "" "citerefentry> が未使用を返した後のタイムアウト(秒単位)を指定します。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:531 +#: sssd-ldap.5.xml:532 msgid "ldap_opt_timeout (integer)" msgstr "ldap_opt_timeout (整数)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:534 +#: sssd-ldap.5.xml:535 msgid "" "Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs " "will abort if no response is received. Also controls the timeout when " @@ -6293,12 +6317,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:554 +#: sssd-ldap.5.xml:555 msgid "ldap_connection_expire_timeout (integer)" msgstr "ldap_connection_expire_timeout (整数)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:557 +#: sssd-ldap.5.xml:558 msgid "" "Specifies a timeout (in seconds) that a connection to an LDAP server will be " "maintained. After this time, the connection will be re-established. If used " @@ -6307,7 +6331,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:565 +#: sssd-ldap.5.xml:566 msgid "" "If the connection is idle (not actively running an operation) within " "<emphasis>ldap_opt_timeout</emphasis> seconds of expiration, then it will be " @@ -6318,38 +6342,38 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:577 +#: sssd-ldap.5.xml:578 msgid "" "This timeout can be extended of a random value specified by " "<emphasis>ldap_connection_expire_offset</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:587 sssd-ldap.5.xml:630 sssd-ldap.5.xml:1711 +#: sssd-ldap.5.xml:588 sssd-ldap.5.xml:631 sssd-ldap.5.xml:1713 msgid "Default: 900 (15 minutes)" msgstr "初期値: 900 (15 分)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:593 +#: sssd-ldap.5.xml:594 msgid "ldap_connection_expire_offset (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:596 +#: sssd-ldap.5.xml:597 msgid "" "Random offset between 0 and configured value is added to " "<emphasis>ldap_connection_expire_timeout</emphasis>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:612 +#: sssd-ldap.5.xml:613 #, fuzzy #| msgid "ldap_connection_expire_timeout (integer)" msgid "ldap_connection_idle_timeout (integer)" msgstr "ldap_connection_expire_timeout (整数)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:615 +#: sssd-ldap.5.xml:616 msgid "" "Specifies a timeout (in seconds) that an idle connection to an LDAP server " "will be maintained. If the connection is idle for more than this time then " @@ -6357,17 +6381,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:621 +#: sssd-ldap.5.xml:622 msgid "You can disable this timeout by setting the value to 0." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:636 +#: sssd-ldap.5.xml:637 msgid "ldap_page_size (integer)" msgstr "ldap_page_size (整数)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:639 +#: sssd-ldap.5.xml:640 msgid "" "Specify the number of records to retrieve from LDAP in a single request. " "Some LDAP servers enforce a maximum limit per-request." @@ -6376,12 +6400,12 @@ msgstr "" "バーは 1 要求あたりの最大数の制限を強制します。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:650 +#: sssd-ldap.5.xml:651 msgid "ldap_disable_paging (boolean)" msgstr "ldap_disable_paging (論理値)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:653 +#: sssd-ldap.5.xml:654 msgid "" "Disable the LDAP paging control. This option should be used if the LDAP " "server reports that it supports the LDAP paging control in its RootDSE but " @@ -6392,7 +6416,7 @@ msgstr "" "ことを報告する場合に、このオプションが使用されます。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:659 +#: sssd-ldap.5.xml:660 msgid "" "Example: OpenLDAP servers with the paging control module installed on the " "server but not enabled will report it in the RootDSE but be unable to use it." @@ -6402,7 +6426,7 @@ msgstr "" "す。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:665 +#: sssd-ldap.5.xml:666 msgid "" "Example: 389 DS has a bug where it can only support a one paging control at " "a time on a single connection. On busy clients, this can result in some " @@ -6413,17 +6437,17 @@ msgstr "" "があります。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:677 +#: sssd-ldap.5.xml:678 msgid "ldap_disable_range_retrieval (boolean)" msgstr "ldap_disable_range_retrieval (論理値)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:680 +#: sssd-ldap.5.xml:681 msgid "Disable Active Directory range retrieval." msgstr "Active Directory の範囲の取得を無効化します。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:683 +#: sssd-ldap.5.xml:684 msgid "" "Active Directory limits the number of members to be retrieved in a single " "lookup using the MaxValRange policy (which defaults to 1500 members). If a " @@ -6433,12 +6457,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:698 +#: sssd-ldap.5.xml:699 msgid "ldap_sasl_minssf (integer)" msgstr "ldap_sasl_minssf (整数)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:701 +#: sssd-ldap.5.xml:702 msgid "" "When communicating with an LDAP server using SASL, specify the minimum " "security level necessary to establish the connection. The values of this " @@ -6446,17 +6470,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:707 sssd-ldap.5.xml:723 +#: sssd-ldap.5.xml:708 sssd-ldap.5.xml:724 msgid "Default: Use the system default (usually specified by ldap.conf)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:714 +#: sssd-ldap.5.xml:715 msgid "ldap_sasl_maxssf (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:717 +#: sssd-ldap.5.xml:718 msgid "" "When communicating with an LDAP server using SASL, specify the maximal " "security level necessary to establish the connection. The values of this " @@ -6464,12 +6488,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:730 +#: sssd-ldap.5.xml:731 msgid "ldap_deref_threshold (integer)" msgstr "ldap_deref_threshold (整数)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:733 +#: sssd-ldap.5.xml:734 msgid "" "Specify the number of group members that must be missing from the internal " "cache in order to trigger a dereference lookup. If less members are missing, " @@ -6477,7 +6501,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:739 +#: sssd-ldap.5.xml:740 msgid "" "You can turn off dereference lookups completely by setting the value to 0. " "Please note that there are some codepaths in SSSD, like the IPA HBAC " @@ -6488,7 +6512,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:750 +#: sssd-ldap.5.xml:751 msgid "" "A dereference lookup is a means of fetching all group members in a single " "LDAP call. Different LDAP servers may implement different dereference " @@ -6497,7 +6521,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:758 +#: sssd-ldap.5.xml:759 msgid "" "<emphasis>Note:</emphasis> If any of the search bases specifies a search " "filter, then the dereference lookup performance enhancement will be disabled " @@ -6505,12 +6529,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:771 +#: sssd-ldap.5.xml:772 msgid "ldap_ignore_unreadable_references (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:774 +#: sssd-ldap.5.xml:775 msgid "" "Ignore unreadable LDAP entries referenced in group's member attribute. If " "this parameter is set to false an error will be returned and the operation " @@ -6518,7 +6542,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:781 +#: sssd-ldap.5.xml:782 msgid "" "This parameter may be useful when using the AD provider and the computer " "account that sssd uses to connect to AD does not have access to a particular " @@ -6526,12 +6550,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:794 +#: sssd-ldap.5.xml:795 msgid "ldap_tls_reqcert (string)" msgstr "ldap_tls_reqcert (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:797 +#: sssd-ldap.5.xml:798 msgid "" "Specifies what checks to perform on server certificates in a TLS session, if " "any. It can be specified as one of the following values:" @@ -6540,7 +6564,7 @@ msgstr "" "クするものを指定します。以下の値のうち 1 つを指定できます:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:803 +#: sssd-ldap.5.xml:804 msgid "" "<emphasis>never</emphasis> = The client will not request or check any server " "certificate." @@ -6549,7 +6573,7 @@ msgstr "" "確認しません。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:807 +#: sssd-ldap.5.xml:808 msgid "" "<emphasis>allow</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -6560,7 +6584,7 @@ msgstr "" "無視され、セッションが通常通り進められます。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:814 +#: sssd-ldap.5.xml:815 msgid "" "<emphasis>try</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -6571,7 +6595,7 @@ msgstr "" "ンが直ちに終了します。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:820 +#: sssd-ldap.5.xml:821 msgid "" "<emphasis>demand</emphasis> = The server certificate is requested. If no " "certificate is provided, or a bad certificate is provided, the session is " @@ -6581,22 +6605,22 @@ msgstr "" "なければ、もしくは不正な証明書が提供されれば、セッションが直ちに終了します。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:826 +#: sssd-ldap.5.xml:827 msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>" msgstr "<emphasis>hard</emphasis> = <quote>demand</quote> と同じです" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:830 +#: sssd-ldap.5.xml:831 msgid "Default: hard" msgstr "初期値: hard" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:836 +#: sssd-ldap.5.xml:837 msgid "ldap_tls_cacert (string)" msgstr "ldap_tls_cacert (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:839 +#: sssd-ldap.5.xml:840 msgid "" "Specifies the file that contains certificates for all of the Certificate " "Authorities that <command>sssd</command> will recognize." @@ -6606,7 +6630,7 @@ msgstr "" "書を含むファイルを指定します。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:844 sssd-ldap.5.xml:862 sssd-ldap.5.xml:903 +#: sssd-ldap.5.xml:845 sssd-ldap.5.xml:863 sssd-ldap.5.xml:904 msgid "" "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap." "conf</filename>" @@ -6615,12 +6639,12 @@ msgstr "" "filename> にあります" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:851 +#: sssd-ldap.5.xml:852 msgid "ldap_tls_cacertdir (string)" msgstr "ldap_tls_cacertdir (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:854 +#: sssd-ldap.5.xml:855 msgid "" "Specifies the path of a directory that contains Certificate Authority " "certificates in separate individual files. Typically the file names need to " @@ -6633,32 +6657,32 @@ msgstr "" "ます。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:869 +#: sssd-ldap.5.xml:870 msgid "ldap_tls_cert (string)" msgstr "ldap_tls_cert (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:872 +#: sssd-ldap.5.xml:873 msgid "Specifies the file that contains the certificate for the client's key." msgstr "クライアントのキーに対する証明書を含むファイルを指定します。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:882 +#: sssd-ldap.5.xml:883 msgid "ldap_tls_key (string)" msgstr "ldap_tls_key (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:885 +#: sssd-ldap.5.xml:886 msgid "Specifies the file that contains the client's key." msgstr "クライアントのキーを含むファイルを指定します。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:894 +#: sssd-ldap.5.xml:895 msgid "ldap_tls_cipher_suite (string)" msgstr "ldap_tls_cipher_suite (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:897 +#: sssd-ldap.5.xml:898 msgid "" "Specifies acceptable cipher suites. Typically this is a colon separated " "list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> " @@ -6666,26 +6690,31 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:910 +#: sssd-ldap.5.xml:911 msgid "ldap_id_use_start_tls (boolean)" msgstr "ldap_id_use_start_tls (論理値)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:913 +#: sssd-ldap.5.xml:914 +#, fuzzy +#| msgid "" +#| "Specifies that the id_provider connection must also use <systemitem " +#| "class=\"protocol\">tls</systemitem> to protect the channel." msgid "" "Specifies that the id_provider connection must also use <systemitem " -"class=\"protocol\">tls</systemitem> to protect the channel." +"class=\"protocol\">tls</systemitem> to protect the channel. <emphasis>true</" +"emphasis> is strongly recommended for security reasons." msgstr "" "チャネルを保護するために <systemitem class=\"protocol\">tls</systemitem> も使" "用する必要がある id_provider 接続を指定します。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:923 +#: sssd-ldap.5.xml:925 msgid "ldap_id_mapping (boolean)" msgstr "ldap_id_mapping (論理値)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:926 +#: sssd-ldap.5.xml:928 msgid "" "Specifies that SSSD should attempt to map user and group IDs from the " "ldap_user_objectsid and ldap_group_objectsid attributes instead of relying " @@ -6693,18 +6722,18 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:932 +#: sssd-ldap.5.xml:934 msgid "Currently this feature supports only ActiveDirectory objectSID mapping." msgstr "" "この機能は現在 ActiveDirectory objectSID マッピングのみサポートします。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:942 +#: sssd-ldap.5.xml:944 msgid "ldap_min_id, ldap_max_id (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:945 +#: sssd-ldap.5.xml:947 msgid "" "In contrast to the SID based ID mapping which is used if ldap_id_mapping is " "set to true the allowed ID range for ldap_user_uid_number and " @@ -6715,24 +6744,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:957 +#: sssd-ldap.5.xml:959 msgid "Default: not set (both options are set to 0)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:963 +#: sssd-ldap.5.xml:965 msgid "ldap_sasl_mech (string)" msgstr "ldap_sasl_mech (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:966 +#: sssd-ldap.5.xml:968 msgid "" "Specify the SASL mechanism to use. Currently only GSSAPI and GSS-SPNEGO are " "tested and supported." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:970 +#: sssd-ldap.5.xml:972 msgid "" "If the backend supports sub-domains the value of ldap_sasl_mech is " "automatically inherited to the sub-domains. If a different value is needed " @@ -6743,12 +6772,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:986 +#: sssd-ldap.5.xml:988 msgid "ldap_sasl_authid (string)" msgstr "ldap_sasl_authid (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd-ldap.5.xml:998 +#: sssd-ldap.5.xml:1000 #, no-wrap msgid "" "hostname@REALM\n" @@ -6761,7 +6790,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:989 +#: sssd-ldap.5.xml:991 msgid "" "Specify the SASL authorization id to use. When GSSAPI/GSS-SPNEGO are used, " "this represents the Kerberos principal used for authentication to the " @@ -6773,17 +6802,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1009 +#: sssd-ldap.5.xml:1011 msgid "Default: host/hostname@REALM" msgstr "初期値: host/hostname@REALM" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1015 +#: sssd-ldap.5.xml:1017 msgid "ldap_sasl_realm (string)" msgstr "ldap_sasl_realm (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1018 +#: sssd-ldap.5.xml:1020 msgid "" "Specify the SASL realm to use. When not specified, this option defaults to " "the value of krb5_realm. If the ldap_sasl_authid contains the realm as " @@ -6791,17 +6820,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1024 +#: sssd-ldap.5.xml:1026 msgid "Default: the value of krb5_realm." msgstr "初期値: krb5_realm の値" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1030 +#: sssd-ldap.5.xml:1032 msgid "ldap_sasl_canonicalize (boolean)" msgstr "ldap_sasl_canonicalize (論理値)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1033 +#: sssd-ldap.5.xml:1035 msgid "" "If set to true, the LDAP library would perform a reverse lookup to " "canonicalize the host name during a SASL bind." @@ -6810,33 +6839,33 @@ msgstr "" "するために逆引きを実行します。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1038 +#: sssd-ldap.5.xml:1040 msgid "Default: false;" msgstr "初期値: false;" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1044 +#: sssd-ldap.5.xml:1046 msgid "ldap_krb5_keytab (string)" msgstr "ldap_krb5_keytab (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1047 +#: sssd-ldap.5.xml:1049 msgid "Specify the keytab to use when using SASL/GSSAPI/GSS-SPNEGO." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1056 sssd-krb5.5.xml:247 +#: sssd-ldap.5.xml:1058 sssd-krb5.5.xml:247 msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>" msgstr "" "初期値: システムのキーテーブル、通常 <filename>/etc/krb5.keytab</filename>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1062 +#: sssd-ldap.5.xml:1064 msgid "ldap_krb5_init_creds (boolean)" msgstr "ldap_krb5_init_creds (論理値)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1065 +#: sssd-ldap.5.xml:1067 msgid "" "Specifies that the id_provider should init Kerberos credentials (TGT). This " "action is performed only if SASL is used and the mechanism selected is " @@ -6844,28 +6873,28 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1077 +#: sssd-ldap.5.xml:1079 msgid "ldap_krb5_ticket_lifetime (integer)" msgstr "ldap_krb5_ticket_lifetime (整数)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1080 +#: sssd-ldap.5.xml:1082 msgid "" "Specifies the lifetime in seconds of the TGT if GSSAPI or GSS-SPNEGO is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1089 sssd-ad.5.xml:1252 +#: sssd-ldap.5.xml:1091 sssd-ad.5.xml:1252 msgid "Default: 86400 (24 hours)" msgstr "初期値: 86400 (24 時間)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1095 sssd-krb5.5.xml:74 +#: sssd-ldap.5.xml:1097 sssd-krb5.5.xml:74 msgid "krb5_server, krb5_backup_server (string)" msgstr "krb5_server, krb5_backup_server (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1098 +#: sssd-ldap.5.xml:1100 msgid "" "Specifies the comma-separated list of IP addresses or hostnames of the " "Kerberos servers to which SSSD should connect in the order of preference. " @@ -6877,7 +6906,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1110 sssd-krb5.5.xml:89 +#: sssd-ldap.5.xml:1112 sssd-krb5.5.xml:89 msgid "" "When using service discovery for KDC or kpasswd servers, SSSD first searches " "for DNS entries that specify _udp as the protocol and falls back to _tcp if " @@ -6888,7 +6917,7 @@ msgstr "" "ば _tcp にフォールバックします。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1115 sssd-krb5.5.xml:94 +#: sssd-ldap.5.xml:1117 sssd-krb5.5.xml:94 msgid "" "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. " "While the legacy name is recognized for the time being, users are advised to " @@ -6899,27 +6928,27 @@ msgstr "" "quote> を使用するよう設定ファイルを移行することが推奨されます。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1124 sssd-ipa.5.xml:526 sssd-krb5.5.xml:103 +#: sssd-ldap.5.xml:1126 sssd-ipa.5.xml:531 sssd-krb5.5.xml:103 msgid "krb5_realm (string)" msgstr "krb5_realm (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1127 +#: sssd-ldap.5.xml:1129 msgid "Specify the Kerberos REALM (for SASL/GSSAPI/GSS-SPNEGO auth)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1131 +#: sssd-ldap.5.xml:1133 msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>" msgstr "初期値: システムの初期値、<filename>/etc/krb5.conf</filename> 参照。" #. type: Content of: <variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1137 include/krb5_options.xml:154 +#: sssd-ldap.5.xml:1139 include/krb5_options.xml:154 msgid "krb5_canonicalize (boolean)" msgstr "krb5_canonicalize (論理値)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1140 +#: sssd-ldap.5.xml:1142 msgid "" "Specifies if the host principal should be canonicalized when connecting to " "LDAP server. This feature is available with MIT Kerberos >= 1.7" @@ -6928,12 +6957,12 @@ msgstr "" "します。この機能は MIT Kerberos >= 1.7 で利用可能です。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1152 sssd-krb5.5.xml:336 +#: sssd-ldap.5.xml:1154 sssd-krb5.5.xml:336 msgid "krb5_use_kdcinfo (boolean)" msgstr "krb5_use_kdcinfo (論理値)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1155 sssd-krb5.5.xml:339 +#: sssd-ldap.5.xml:1157 sssd-krb5.5.xml:339 msgid "" "Specifies if the SSSD should instruct the Kerberos libraries what realm and " "which KDCs to use. This option is on by default, if you disable it, you need " @@ -6943,7 +6972,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1166 sssd-krb5.5.xml:350 +#: sssd-ldap.5.xml:1168 sssd-krb5.5.xml:350 msgid "" "See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</" "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more " @@ -6954,12 +6983,12 @@ msgstr "" "manvolnum> </citerefentry> マニュアルページを参照ください。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1180 +#: sssd-ldap.5.xml:1182 msgid "ldap_pwd_policy (string)" msgstr "ldap_pwd_policy (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1183 +#: sssd-ldap.5.xml:1185 msgid "" "Select the policy to evaluate the password expiration on the client side. " "The following values are allowed:" @@ -6968,7 +6997,7 @@ msgstr "" "す。以下の値が許容されます:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1188 +#: sssd-ldap.5.xml:1190 msgid "" "<emphasis>none</emphasis> - No evaluation on the client side. This option " "cannot disable server-side password policies." @@ -6977,7 +7006,7 @@ msgstr "" "ンはサーバー側のパスワードポリシーを無効にできません。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1193 +#: sssd-ldap.5.xml:1195 #, fuzzy #| msgid "" #| "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</" @@ -6994,7 +7023,7 @@ msgstr "" "manvolnum></citerefentry> 形式の属性を使用します。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1201 +#: sssd-ldap.5.xml:1203 msgid "" "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos " "to determine if the password has expired. Use chpass_provider=krb5 to update " @@ -7005,24 +7034,24 @@ msgstr "" "とき、これらの属性を更新するために chpass_provider=krb5 を使用します。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1210 +#: sssd-ldap.5.xml:1212 msgid "" "<emphasis>Note</emphasis>: if a password policy is configured on server " "side, it always takes precedence over policy set with this option." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1218 +#: sssd-ldap.5.xml:1220 msgid "ldap_referrals (boolean)" msgstr "ldap_referrals (論理値)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1221 +#: sssd-ldap.5.xml:1223 msgid "Specifies whether automatic referral chasing should be enabled." msgstr "自動参照追跡が有効化されるかを指定します。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1225 +#: sssd-ldap.5.xml:1227 msgid "" "Please note that sssd only supports referral chasing when it is compiled " "with OpenLDAP version 2.4.13 or higher." @@ -7031,7 +7060,7 @@ msgstr "" "sssd のみが参照追跡をサポートすることに注意してください。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1230 +#: sssd-ldap.5.xml:1232 msgid "" "Chasing referrals may incur a performance penalty in environments that use " "them heavily, a notable example is Microsoft Active Directory. If your setup " @@ -7044,28 +7073,28 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1249 +#: sssd-ldap.5.xml:1251 msgid "ldap_dns_service_name (string)" msgstr "ldap_dns_service_name (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1252 +#: sssd-ldap.5.xml:1254 msgid "Specifies the service name to use when service discovery is enabled." msgstr "" "サービス検索が有効にされているときに使用するサービスの名前を指定します。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1256 +#: sssd-ldap.5.xml:1258 msgid "Default: ldap" msgstr "初期値: ldap" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1262 +#: sssd-ldap.5.xml:1264 msgid "ldap_chpass_dns_service_name (string)" msgstr "ldap_chpass_dns_service_name (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1265 +#: sssd-ldap.5.xml:1267 msgid "" "Specifies the service name to use to find an LDAP server which allows " "password changes when service discovery is enabled." @@ -7074,24 +7103,24 @@ msgstr "" "を検索するために使用するサービスの名前を指定します。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1270 +#: sssd-ldap.5.xml:1272 msgid "Default: not set, i.e. service discovery is disabled" msgstr "初期値: 設定されていません、つまりサービス検索が無効にされています" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1276 +#: sssd-ldap.5.xml:1278 msgid "ldap_chpass_update_last_change (bool)" msgstr "ldap_chpass_update_last_change (論理値)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1279 +#: sssd-ldap.5.xml:1281 msgid "" "Specifies whether to update the ldap_user_shadow_last_change attribute with " "days since the Epoch after a password change operation." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1285 +#: sssd-ldap.5.xml:1287 msgid "" "It is recommend to set this option explicitly if \"ldap_pwd_policy = " "shadow\" is used to let SSSD know if the LDAP server will update " @@ -7100,12 +7129,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1299 +#: sssd-ldap.5.xml:1301 msgid "ldap_access_filter (string)" msgstr "ldap_access_filter (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1302 +#: sssd-ldap.5.xml:1304 msgid "" "If using access_provider = ldap and ldap_access_order = filter (default), " "this option is mandatory. It specifies an LDAP search filter criteria that " @@ -7121,12 +7150,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1322 +#: sssd-ldap.5.xml:1324 msgid "Example:" msgstr "例:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> -#: sssd-ldap.5.xml:1325 +#: sssd-ldap.5.xml:1327 #, no-wrap msgid "" "access_provider = ldap\n" @@ -7135,14 +7164,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1329 +#: sssd-ldap.5.xml:1331 msgid "" "This example means that access to this host is restricted to users whose " "employeeType attribute is set to \"admin\"." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1334 +#: sssd-ldap.5.xml:1336 msgid "" "Offline caching for this feature is limited to determining whether the " "user's last online login was granted access permission. If they were granted " @@ -7151,17 +7180,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1342 sssd-ldap.5.xml:1398 +#: sssd-ldap.5.xml:1344 sssd-ldap.5.xml:1400 msgid "Default: Empty" msgstr "初期値: 空白" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1348 +#: sssd-ldap.5.xml:1350 msgid "ldap_account_expire_policy (string)" msgstr "ldap_account_expire_policy (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1351 +#: sssd-ldap.5.xml:1353 msgid "" "With this option a client side evaluation of access control attributes can " "be enabled." @@ -7170,7 +7199,7 @@ msgstr "" "ます。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1355 +#: sssd-ldap.5.xml:1357 msgid "" "Please note that it is always recommended to use server side access control, " "i.e. the LDAP server should deny the bind request with a suitable error code " @@ -7181,12 +7210,12 @@ msgstr "" "否します。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1362 +#: sssd-ldap.5.xml:1364 msgid "The following values are allowed:" msgstr "以下の値が許可されます:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1365 +#: sssd-ldap.5.xml:1367 msgid "" "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to " "determine if the account is expired." @@ -7195,7 +7224,7 @@ msgstr "" "ldap_user_shadow_expire の値を使用します。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1370 +#: sssd-ldap.5.xml:1372 msgid "" "<emphasis>ad</emphasis>: use the value of the 32bit field " "ldap_user_ad_user_account_control and allow access if the second bit is not " @@ -7204,7 +7233,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1377 +#: sssd-ldap.5.xml:1379 msgid "" "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</" "emphasis>: use the value of ldap_ns_account_lock to check if access is " @@ -7215,7 +7244,7 @@ msgstr "" "ldap_ns_account_lock の値を使用します。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1383 +#: sssd-ldap.5.xml:1385 msgid "" "<emphasis>nds</emphasis>: the values of " "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and " @@ -7228,7 +7257,7 @@ msgstr "" "クセスが許可されます。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1391 +#: sssd-ldap.5.xml:1393 msgid "" "Please note that the ldap_access_order configuration option <emphasis>must</" "emphasis> include <quote>expire</quote> in order for the " @@ -7236,23 +7265,23 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1404 +#: sssd-ldap.5.xml:1406 msgid "ldap_access_order (string)" msgstr "ldap_access_order (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1407 sssd-ipa.5.xml:351 +#: sssd-ldap.5.xml:1409 sssd-ipa.5.xml:356 msgid "Comma separated list of access control options. Allowed values are:" msgstr "" "アクセス制御オプションのカンマ区切り一覧です。許可される値は次のとおりです:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1411 +#: sssd-ldap.5.xml:1413 msgid "<emphasis>filter</emphasis>: use ldap_access_filter" msgstr "<emphasis>filter</emphasis>: ldap_access_filter を使用します" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1414 +#: sssd-ldap.5.xml:1416 msgid "" "<emphasis>lockout</emphasis>: use account locking. If set, this option " "denies access in case that ldap attribute 'pwdAccountLockedTime' is present " @@ -7262,14 +7291,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1424 +#: sssd-ldap.5.xml:1426 msgid "" "<emphasis> Please note that this option is superseded by the <quote>ppolicy</" "quote> option and might be removed in a future release. </emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1431 +#: sssd-ldap.5.xml:1433 msgid "" "<emphasis>ppolicy</emphasis>: use account locking. If set, this option " "denies access in case that ldap attribute 'pwdAccountLockedTime' is present " @@ -7282,12 +7311,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1448 +#: sssd-ldap.5.xml:1450 msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" msgstr "<emphasis>expire</emphasis>: ldap_account_expire_policy を使用します" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1452 sssd-ipa.5.xml:359 +#: sssd-ldap.5.xml:1454 sssd-ipa.5.xml:364 msgid "" "<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, " "pwd_expire_policy_renew: </emphasis> These options are useful if users are " @@ -7297,38 +7326,38 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1462 sssd-ipa.5.xml:369 +#: sssd-ldap.5.xml:1464 sssd-ipa.5.xml:374 msgid "" "The difference between these options is the action taken if user password is " "expired:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:1467 sssd-ipa.5.xml:374 +#: sssd-ldap.5.xml:1469 sssd-ipa.5.xml:379 msgid "pwd_expire_policy_reject - user is denied to log in," msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:1473 sssd-ipa.5.xml:380 +#: sssd-ldap.5.xml:1475 sssd-ipa.5.xml:385 msgid "pwd_expire_policy_warn - user is still able to log in," msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:1479 sssd-ipa.5.xml:386 +#: sssd-ldap.5.xml:1481 sssd-ipa.5.xml:391 msgid "" "pwd_expire_policy_renew - user is prompted to change their password " "immediately." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1487 +#: sssd-ldap.5.xml:1489 msgid "" "Please note that 'access_provider = ldap' must be set for this feature to " "work. Also 'ldap_pwd_policy' must be set to an appropriate password policy." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1492 +#: sssd-ldap.5.xml:1494 msgid "" "<emphasis>authorized_service</emphasis>: use the authorizedService attribute " "to determine access" @@ -7337,44 +7366,44 @@ msgstr "" "authorizedService 属性を使用します" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1497 +#: sssd-ldap.5.xml:1499 msgid "<emphasis>host</emphasis>: use the host attribute to determine access" msgstr "" "<emphasis>host</emphasis>: アクセス権を決めるために host 属性を使用します" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1501 +#: sssd-ldap.5.xml:1503 msgid "" "<emphasis>rhost</emphasis>: use the rhost attribute to determine whether " "remote host can access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1505 +#: sssd-ldap.5.xml:1507 msgid "" "Please note, rhost field in pam is set by application, it is better to check " "what the application sends to pam, before enabling this access control option" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1510 +#: sssd-ldap.5.xml:1512 msgid "Default: filter" msgstr "初期値: filter" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1513 +#: sssd-ldap.5.xml:1515 msgid "" "Please note that it is a configuration error if a value is used more than " "once." msgstr "値が複数使用されていると設定エラーになることに注意してください。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1520 +#: sssd-ldap.5.xml:1522 msgid "ldap_pwdlockout_dn (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1523 +#: sssd-ldap.5.xml:1525 msgid "" "This option specifies the DN of password policy entry on LDAP server. Please " "note that absence of this option in sssd.conf in case of enabled account " @@ -7383,22 +7412,22 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1531 +#: sssd-ldap.5.xml:1533 msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1534 +#: sssd-ldap.5.xml:1536 msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1540 +#: sssd-ldap.5.xml:1542 msgid "ldap_deref (string)" msgstr "ldap_deref (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1543 +#: sssd-ldap.5.xml:1545 msgid "" "Specifies how alias dereferencing is done when performing a search. The " "following options are allowed:" @@ -7407,12 +7436,12 @@ msgstr "" "ションが許容されます:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1548 +#: sssd-ldap.5.xml:1550 msgid "<emphasis>never</emphasis>: Aliases are never dereferenced." msgstr "<emphasis>never</emphasis>: エイリアスが参照解決されません。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1552 +#: sssd-ldap.5.xml:1554 msgid "" "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of " "the base object, but not in locating the base object of the search." @@ -7421,7 +7450,7 @@ msgstr "" "決されますが、検索のベースオブジェクトの位置を探すときはされません。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1557 +#: sssd-ldap.5.xml:1559 msgid "" "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating " "the base object of the search." @@ -7430,7 +7459,7 @@ msgstr "" "すときのみ参照解決されます。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1562 +#: sssd-ldap.5.xml:1564 msgid "" "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and " "in locating the base object of the search." @@ -7439,7 +7468,7 @@ msgstr "" "きも位置を検索するときも参照解決されます。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1567 +#: sssd-ldap.5.xml:1569 msgid "" "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP " "client libraries)" @@ -7448,12 +7477,12 @@ msgstr "" "して取り扱われます)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1575 +#: sssd-ldap.5.xml:1577 msgid "ldap_rfc2307_fallback_to_local_users (boolean)" msgstr "ldap_rfc2307_fallback_to_local_users (論理値)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1578 +#: sssd-ldap.5.xml:1580 msgid "" "Allows to retain local users as members of an LDAP group for servers that " "use the RFC2307 schema." @@ -7462,7 +7491,7 @@ msgstr "" "ユーザーを保持することができます。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1582 +#: sssd-ldap.5.xml:1584 msgid "" "In some environments where the RFC2307 schema is used, local users are made " "members of LDAP groups by adding their names to the memberUid attribute. " @@ -7473,7 +7502,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1593 +#: sssd-ldap.5.xml:1595 msgid "" "This option falls back to checking if local users are referenced, and caches " "them so that later initgroups() calls will augment the local users with the " @@ -7481,57 +7510,57 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1605 sssd-ifp.5.xml:152 +#: sssd-ldap.5.xml:1607 sssd-ifp.5.xml:152 msgid "wildcard_limit (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1608 +#: sssd-ldap.5.xml:1610 msgid "" "Specifies an upper limit on the number of entries that are downloaded during " "a wildcard lookup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1612 +#: sssd-ldap.5.xml:1614 msgid "At the moment, only the InfoPipe responder supports wildcard lookups." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1616 +#: sssd-ldap.5.xml:1618 msgid "Default: 1000 (often the size of one page)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1622 +#: sssd-ldap.5.xml:1624 #, fuzzy #| msgid "debug_level (integer)" msgid "ldap_library_debug_level (integer)" msgstr "debug_level (整数)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1625 +#: sssd-ldap.5.xml:1627 msgid "" "Switches on libldap debugging with the given level. The libldap debug " "messages will be written independent of the general debug_level." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1630 +#: sssd-ldap.5.xml:1632 msgid "" "OpenLDAP uses a bitmap to enable debugging for specific components, -1 will " "enable full debug output." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1635 +#: sssd-ldap.5.xml:1637 #, fuzzy #| msgid "Default: 0 (disabled)" msgid "Default: 0 (libldap debugging disabled)" msgstr "初期値: 0 (無効)" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:51 +#: sssd-ldap.5.xml:52 msgid "" "All of the common configuration options that apply to SSSD domains also " "apply to LDAP domains. Refer to the <quote>DOMAIN SECTIONS</quote> section " @@ -7543,12 +7572,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1645 +#: sssd-ldap.5.xml:1647 msgid "SUDO OPTIONS" msgstr "SUDO オプション" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1647 +#: sssd-ldap.5.xml:1649 msgid "" "The detailed instructions for configuration of sudo_provider are in the " "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " @@ -7556,19 +7585,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1658 +#: sssd-ldap.5.xml:1660 msgid "ldap_sudo_full_refresh_interval (integer)" msgstr "ldap_sudo_full_refresh_interval (整数)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1661 +#: sssd-ldap.5.xml:1663 msgid "" "How many seconds SSSD will wait between executing a full refresh of sudo " "rules (which downloads all rules that are stored on the server)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1666 +#: sssd-ldap.5.xml:1668 msgid "" "The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </" "emphasis>" @@ -7577,24 +7606,24 @@ msgstr "" "ります" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1671 +#: sssd-ldap.5.xml:1673 msgid "" "You can disable full refresh by setting this option to 0. However, either " "smart or full refresh must be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1676 +#: sssd-ldap.5.xml:1678 msgid "Default: 21600 (6 hours)" msgstr "初期値: 21600 (6 時間)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1682 +#: sssd-ldap.5.xml:1684 msgid "ldap_sudo_smart_refresh_interval (integer)" msgstr "ldap_sudo_smart_refresh_interval (整数)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1685 +#: sssd-ldap.5.xml:1687 msgid "" "How many seconds SSSD has to wait before executing a smart refresh of sudo " "rules (which downloads all rules that have USN higher than the highest " @@ -7602,14 +7631,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1691 +#: sssd-ldap.5.xml:1693 msgid "" "If USN attributes are not supported by the server, the modifyTimestamp " "attribute is used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1695 +#: sssd-ldap.5.xml:1697 msgid "" "<emphasis>Note:</emphasis> the highest USN value can be updated by three " "tasks: 1) By sudo full and smart refresh (if updated rules are found), 2) by " @@ -7619,21 +7648,21 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1706 +#: sssd-ldap.5.xml:1708 msgid "" "You can disable smart refresh by setting this option to 0. However, either " "smart or full refresh must be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1717 +#: sssd-ldap.5.xml:1719 #, fuzzy #| msgid "ldap_idmap_range_size (integer)" msgid "ldap_sudo_random_offset (integer)" msgstr "ldap_idmap_range_size (整数)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1720 +#: sssd-ldap.5.xml:1722 msgid "" "Random offset between 0 and configured value is added to smart and full " "refresh periods each time the periodic task is scheduled. The value is in " @@ -7641,7 +7670,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1726 +#: sssd-ldap.5.xml:1728 msgid "" "Note that this random offset is also applied on the first SSSD start which " "delays the first sudo rules refresh. This prolongs the time when the sudo " @@ -7649,29 +7678,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1732 +#: sssd-ldap.5.xml:1734 msgid "You can disable this offset by setting the value to 0." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1742 +#: sssd-ldap.5.xml:1744 msgid "ldap_sudo_use_host_filter (boolean)" msgstr "ldap_sudo_use_host_filter (論理値)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1745 +#: sssd-ldap.5.xml:1747 msgid "" "If true, SSSD will download only rules that are applicable to this machine " "(using the IPv4 or IPv6 host/network addresses and hostnames)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1756 +#: sssd-ldap.5.xml:1758 msgid "ldap_sudo_hostnames (string)" msgstr "ldap_sudo_hostnames (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1759 +#: sssd-ldap.5.xml:1761 msgid "" "Space separated list of hostnames or fully qualified domain names that " "should be used to filter the rules." @@ -7680,15 +7709,15 @@ msgstr "" "区切り一覧です。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1764 +#: sssd-ldap.5.xml:1766 msgid "" "If this option is empty, SSSD will try to discover the hostname and the " "fully qualified domain name automatically." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1769 sssd-ldap.5.xml:1792 sssd-ldap.5.xml:1810 -#: sssd-ldap.5.xml:1828 +#: sssd-ldap.5.xml:1771 sssd-ldap.5.xml:1794 sssd-ldap.5.xml:1812 +#: sssd-ldap.5.xml:1830 msgid "" "If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</" "emphasis> then this option has no effect." @@ -7697,17 +7726,17 @@ msgstr "" "ならば、このオプションは効果を持ちません。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1774 sssd-ldap.5.xml:1797 +#: sssd-ldap.5.xml:1776 sssd-ldap.5.xml:1799 msgid "Default: not specified" msgstr "初期値: 指定なし" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1780 +#: sssd-ldap.5.xml:1782 msgid "ldap_sudo_ip (string)" msgstr "ldap_sudo_ip (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1783 +#: sssd-ldap.5.xml:1785 msgid "" "Space separated list of IPv4 or IPv6 host/network addresses that should be " "used to filter the rules." @@ -7716,7 +7745,7 @@ msgstr "" "アドレスの空白区切り一覧です。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1788 +#: sssd-ldap.5.xml:1790 msgid "" "If this option is empty, SSSD will try to discover the addresses " "automatically." @@ -7724,38 +7753,38 @@ msgstr "" "このオプションが空白ならば、SSSD は自動的にアドレスを検索しようとします。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1803 +#: sssd-ldap.5.xml:1805 msgid "ldap_sudo_include_netgroups (boolean)" msgstr "ldap_sudo_include_netgroups (論理値)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1806 +#: sssd-ldap.5.xml:1808 msgid "" "If true then SSSD will download every rule that contains a netgroup in " "sudoHost attribute." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1821 +#: sssd-ldap.5.xml:1823 msgid "ldap_sudo_include_regexp (boolean)" msgstr "ldap_sudo_include_regexp (論理値)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1824 +#: sssd-ldap.5.xml:1826 msgid "" "If true then SSSD will download every rule that contains a wildcard in " "sudoHost attribute." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><note><para> -#: sssd-ldap.5.xml:1834 +#: sssd-ldap.5.xml:1836 msgid "" "Using wildcard is an operation that is very costly to evaluate on the LDAP " "server side!" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1846 +#: sssd-ldap.5.xml:1848 msgid "" "This manual page only describes attribute name mapping. For detailed " "explanation of sudo related attribute semantics, see <citerefentry> " @@ -7767,59 +7796,59 @@ msgstr "" "refentrytitle><manvolnum>5</manvolnum> </citerefentry> を参照してください" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1856 +#: sssd-ldap.5.xml:1858 msgid "AUTOFS OPTIONS" msgstr "AUTOFS オプション" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1858 +#: sssd-ldap.5.xml:1860 msgid "" "Some of the defaults for the parameters below are dependent on the LDAP " "schema." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1864 +#: sssd-ldap.5.xml:1866 msgid "ldap_autofs_map_master_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1867 +#: sssd-ldap.5.xml:1869 msgid "The name of the automount master map in LDAP." msgstr "LDAP のオートマウントマスターマップの名前。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1870 +#: sssd-ldap.5.xml:1872 msgid "Default: auto.master" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1881 +#: sssd-ldap.5.xml:1883 msgid "ADVANCED OPTIONS" msgstr "高度なオプション" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1888 +#: sssd-ldap.5.xml:1890 msgid "ldap_netgroup_search_base (string)" msgstr "ldap_netgroup_search_base (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1893 +#: sssd-ldap.5.xml:1895 msgid "ldap_user_search_base (string)" msgstr "ldap_user_search_base (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1898 +#: sssd-ldap.5.xml:1900 msgid "ldap_group_search_base (string)" msgstr "ldap_group_search_base (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><note> -#: sssd-ldap.5.xml:1903 +#: sssd-ldap.5.xml:1905 msgid "<note>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para> -#: sssd-ldap.5.xml:1905 +#: sssd-ldap.5.xml:1907 msgid "" "If the option <quote>ldap_use_tokengroups</quote> is enabled, the searches " "against Active Directory will not be restricted and return all groups " @@ -7828,22 +7857,22 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist> -#: sssd-ldap.5.xml:1912 +#: sssd-ldap.5.xml:1914 msgid "</note>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1914 +#: sssd-ldap.5.xml:1916 msgid "ldap_sudo_search_base (string)" msgstr "ldap_sudo_search_base (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1919 +#: sssd-ldap.5.xml:1921 msgid "ldap_autofs_search_base (string)" msgstr "ldap_autofs_search_base (文字列)" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1883 +#: sssd-ldap.5.xml:1885 msgid "" "These options are supported by LDAP domains, but they should be used with " "caution. Please include them in your configuration only if you know what you " @@ -7852,14 +7881,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1934 sssd-simple.5.xml:131 sssd-ipa.5.xml:925 -#: sssd-ad.5.xml:1386 sssd-krb5.5.xml:483 sss_rpcidmapd.5.xml:98 +#: sssd-ldap.5.xml:1936 sssd-simple.5.xml:131 sssd-ipa.5.xml:930 +#: sssd-ad.5.xml:1391 sssd-krb5.5.xml:483 sss_rpcidmapd.5.xml:98 #: sssd-files.5.xml:155 sssd-session-recording.5.xml:176 msgid "EXAMPLE" msgstr "例" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1936 +#: sssd-ldap.5.xml:1938 msgid "" "The following example assumes that SSSD is correctly configured and LDAP is " "set to one of the domains in the <replaceable>[domains]</replaceable> " @@ -7870,7 +7899,7 @@ msgstr "" "す。" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ldap.5.xml:1942 +#: sssd-ldap.5.xml:1944 #, no-wrap msgid "" "[domain/LDAP]\n" @@ -7883,27 +7912,27 @@ msgid "" msgstr "" #. type: Content of: <refsect1><refsect2><para> -#: sssd-ldap.5.xml:1941 sssd-ldap.5.xml:1959 sssd-simple.5.xml:139 -#: sssd-ipa.5.xml:933 sssd-ad.5.xml:1394 sssd-sudo.5.xml:56 sssd-krb5.5.xml:492 +#: sssd-ldap.5.xml:1943 sssd-ldap.5.xml:1961 sssd-simple.5.xml:139 +#: sssd-ipa.5.xml:938 sssd-ad.5.xml:1399 sssd-sudo.5.xml:56 sssd-krb5.5.xml:492 #: sssd-files.5.xml:162 sssd-files.5.xml:173 sssd-session-recording.5.xml:182 #: include/ldap_id_mapping.xml:105 msgid "<placeholder type=\"programlisting\" id=\"0\"/>" msgstr "<placeholder type=\"programlisting\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1953 +#: sssd-ldap.5.xml:1955 msgid "LDAP ACCESS FILTER EXAMPLE" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1955 +#: sssd-ldap.5.xml:1957 msgid "" "The following example assumes that SSSD is correctly configured and to use " "the ldap_access_order=lockout." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ldap.5.xml:1960 +#: sssd-ldap.5.xml:1962 #, no-wrap msgid "" "[domain/LDAP]\n" @@ -7919,13 +7948,13 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1975 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148 -#: sssd-ad.5.xml:1409 sssd.8.xml:238 sss_seed.8.xml:163 +#: sssd-ldap.5.xml:1977 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148 +#: sssd-ad.5.xml:1414 sssd.8.xml:238 sss_seed.8.xml:163 msgid "NOTES" msgstr "注記" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1977 +#: sssd-ldap.5.xml:1979 msgid "" "The descriptions of some of the configuration options in this manual page " "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> " @@ -10349,12 +10378,12 @@ msgid "Example: dyndns_iface = em1, vnet1, vnet2" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:204 sssd-ad.5.xml:1285 +#: sssd-ipa.5.xml:204 sssd-ad.5.xml:1290 msgid "dyndns_auth (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:207 sssd-ad.5.xml:1288 +#: sssd-ipa.5.xml:207 sssd-ad.5.xml:1293 msgid "" "Whether the nsupdate utility should use GSS-TSIG authentication for secure " "updates with the DNS server, insecure updates can be sent by setting this " @@ -10362,19 +10391,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:213 sssd-ad.5.xml:1294 +#: sssd-ipa.5.xml:213 sssd-ad.5.xml:1299 msgid "Default: GSS-TSIG" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:219 sssd-ad.5.xml:1300 +#: sssd-ipa.5.xml:219 sssd-ad.5.xml:1305 #, fuzzy #| msgid "dyndns_iface (string)" msgid "dyndns_auth_ptr (string)" msgstr "dyndns_iface (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:222 sssd-ad.5.xml:1303 +#: sssd-ipa.5.xml:222 sssd-ad.5.xml:1308 msgid "" "Whether the nsupdate utility should use GSS-TSIG authentication for secure " "PTR updates with the DNS server, insecure updates can be sent by setting " @@ -10382,7 +10411,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:228 sssd-ad.5.xml:1309 +#: sssd-ipa.5.xml:228 sssd-ad.5.xml:1314 msgid "Default: Same as dyndns_auth" msgstr "" @@ -10441,17 +10470,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:290 +#: sssd-ipa.5.xml:290 sssd-ad.5.xml:1266 +msgid "" +"Note that <emphasis>dyndns_update_per_family</emphasis> parameter does not " +"apply for PTR record updates. Those updates are always sent separately." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:295 msgid "Default: False (disabled)" msgstr "初期値: False (無効)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:296 sssd-ad.5.xml:1272 +#: sssd-ipa.5.xml:301 sssd-ad.5.xml:1277 msgid "dyndns_force_tcp (bool)" msgstr "dyndns_force_tcp (論理値)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:299 sssd-ad.5.xml:1275 +#: sssd-ipa.5.xml:304 sssd-ad.5.xml:1280 msgid "" "Whether the nsupdate utility should default to using TCP for communicating " "with the DNS server." @@ -10460,48 +10496,48 @@ msgstr "" "どうか。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:303 sssd-ad.5.xml:1279 +#: sssd-ipa.5.xml:308 sssd-ad.5.xml:1284 msgid "Default: False (let nsupdate choose the protocol)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:309 sssd-ad.5.xml:1315 +#: sssd-ipa.5.xml:314 sssd-ad.5.xml:1320 msgid "dyndns_server (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:312 sssd-ad.5.xml:1318 +#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1323 msgid "" "The DNS server to use when performing a DNS update. In most setups, it's " "recommended to leave this option unset." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1323 +#: sssd-ipa.5.xml:322 sssd-ad.5.xml:1328 msgid "" "Setting this option makes sense for environments where the DNS server is " "different from the identity server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:322 sssd-ad.5.xml:1328 +#: sssd-ipa.5.xml:327 sssd-ad.5.xml:1333 msgid "" "Please note that this option will be only used in fallback attempt when " "previous attempt using autodetected settings failed." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:327 sssd-ad.5.xml:1333 +#: sssd-ipa.5.xml:332 sssd-ad.5.xml:1338 msgid "Default: None (let nsupdate choose the server)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:333 sssd-ad.5.xml:1339 +#: sssd-ipa.5.xml:338 sssd-ad.5.xml:1344 msgid "dyndns_update_per_family (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:336 sssd-ad.5.xml:1342 +#: sssd-ipa.5.xml:341 sssd-ad.5.xml:1347 msgid "" "DNS update is by default performed in two steps - IPv4 update and then IPv6 " "update. In some cases it might be desirable to perform IPv4 and IPv6 update " @@ -10509,52 +10545,52 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:348 +#: sssd-ipa.5.xml:353 #, fuzzy #| msgid "ldap_access_order (string)" msgid "ipa_access_order (string)" msgstr "ldap_access_order (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:355 +#: sssd-ipa.5.xml:360 #, fuzzy #| msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" msgid "<emphasis>expire</emphasis>: use IPA's account expiration policy." msgstr "<emphasis>expire</emphasis>: ldap_account_expire_policy を使用します" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:394 +#: sssd-ipa.5.xml:399 msgid "" "Please note that 'access_provider = ipa' must be set for this feature to " "work." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:401 +#: sssd-ipa.5.xml:406 msgid "ipa_deskprofile_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:404 +#: sssd-ipa.5.xml:409 msgid "" "Optional. Use the given string as search base for Desktop Profile related " "objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:408 sssd-ipa.5.xml:435 +#: sssd-ipa.5.xml:413 sssd-ipa.5.xml:440 msgid "Default: Use base DN" msgstr "初期値: ベース DN を使用します" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:414 +#: sssd-ipa.5.xml:419 #, fuzzy #| msgid "ipa_subdomains_search_base (string)" msgid "ipa_subid_ranges_search_base (string)" msgstr "ipa_subdomains_search_base (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:417 +#: sssd-ipa.5.xml:422 #, fuzzy #| msgid "" #| "Optional. Use the given string as search base for HBAC related objects." @@ -10566,95 +10602,95 @@ msgstr "" "して使用します。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:421 +#: sssd-ipa.5.xml:426 #, fuzzy #| msgid "Default: the value of <emphasis>cn=trusts,%basedn</emphasis>" msgid "Default: the value of <emphasis>cn=subids,%basedn</emphasis>" msgstr "初期値: <emphasis>cn=trusts,%basedn</emphasis> の値" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:428 +#: sssd-ipa.5.xml:433 msgid "ipa_hbac_search_base (string)" msgstr "ipa_hbac_search_base (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:431 +#: sssd-ipa.5.xml:436 msgid "Optional. Use the given string as search base for HBAC related objects." msgstr "" "オプションです。与えられた文字列を HBAC 関連オブジェクトに対する検索ベースと" "して使用します。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:441 +#: sssd-ipa.5.xml:446 msgid "ipa_host_search_base (string)" msgstr "ipa_host_search_base (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:444 +#: sssd-ipa.5.xml:449 msgid "Deprecated. Use ldap_host_search_base instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:450 +#: sssd-ipa.5.xml:455 msgid "ipa_selinux_search_base (string)" msgstr "ipa_selinux_search_base (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:453 +#: sssd-ipa.5.xml:458 msgid "Optional. Use the given string as search base for SELinux user maps." msgstr "" "オプションです。与えられた文字列を SELinux ユーザーマップに対する検索ベースと" "して使用します。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:469 +#: sssd-ipa.5.xml:474 msgid "ipa_subdomains_search_base (string)" msgstr "ipa_subdomains_search_base (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:472 +#: sssd-ipa.5.xml:477 msgid "Optional. Use the given string as search base for trusted domains." msgstr "" "オプションです。信頼されたドメインに対する検索ベースとして、与えられた文字列" "を使用します。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:481 +#: sssd-ipa.5.xml:486 msgid "Default: the value of <emphasis>cn=trusts,%basedn</emphasis>" msgstr "初期値: <emphasis>cn=trusts,%basedn</emphasis> の値" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:488 +#: sssd-ipa.5.xml:493 msgid "ipa_master_domain_search_base (string)" msgstr "ipa_master_domain_search_base (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:491 +#: sssd-ipa.5.xml:496 msgid "Optional. Use the given string as search base for master domain object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:500 +#: sssd-ipa.5.xml:505 msgid "Default: the value of <emphasis>cn=ad,cn=etc,%basedn</emphasis>" msgstr "初期値: <emphasis>cn=ad,cn=etc,%basedn</emphasis> の値" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:507 +#: sssd-ipa.5.xml:512 msgid "ipa_views_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:510 +#: sssd-ipa.5.xml:515 msgid "Optional. Use the given string as search base for views containers." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:519 +#: sssd-ipa.5.xml:524 msgid "Default: the value of <emphasis>cn=views,cn=accounts,%basedn</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:529 +#: sssd-ipa.5.xml:534 msgid "" "The name of the Kerberos realm. This is optional and defaults to the value " "of <quote>ipa_domain</quote>." @@ -10663,7 +10699,7 @@ msgstr "" "quote> の値です。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:533 +#: sssd-ipa.5.xml:538 msgid "" "The name of the Kerberos realm has a special meaning in IPA - it is " "converted into the base DN to use for performing LDAP operations." @@ -10672,37 +10708,37 @@ msgstr "" "めに使用するベース DN に変換されます。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:541 sssd-ad.5.xml:1357 +#: sssd-ipa.5.xml:546 sssd-ad.5.xml:1362 msgid "krb5_confd_path (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:544 sssd-ad.5.xml:1360 +#: sssd-ipa.5.xml:549 sssd-ad.5.xml:1365 msgid "" "Absolute path of a directory where SSSD should place Kerberos configuration " "snippets." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:548 sssd-ad.5.xml:1364 +#: sssd-ipa.5.xml:553 sssd-ad.5.xml:1369 msgid "" "To disable the creation of the configuration snippets set the parameter to " "'none'." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:552 sssd-ad.5.xml:1368 +#: sssd-ipa.5.xml:557 sssd-ad.5.xml:1373 msgid "" "Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:559 +#: sssd-ipa.5.xml:564 msgid "ipa_deskprofile_refresh (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:562 +#: sssd-ipa.5.xml:567 msgid "" "The amount of time between lookups of the Desktop Profile rules against the " "IPA server. This will reduce the latency and load on the IPA server if there " @@ -10710,34 +10746,34 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:569 sssd-ipa.5.xml:599 sssd-ipa.5.xml:615 sssd-ad.5.xml:599 +#: sssd-ipa.5.xml:574 sssd-ipa.5.xml:604 sssd-ipa.5.xml:620 sssd-ad.5.xml:599 msgid "Default: 5 (seconds)" msgstr "初期値: 5 (秒)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:575 +#: sssd-ipa.5.xml:580 msgid "ipa_deskprofile_request_interval (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:578 +#: sssd-ipa.5.xml:583 msgid "" "The amount of time between lookups of the Desktop Profile rules against the " "IPA server in case the last request did not return any rule." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:583 +#: sssd-ipa.5.xml:588 msgid "Default: 60 (minutes)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:589 +#: sssd-ipa.5.xml:594 msgid "ipa_hbac_refresh (integer)" msgstr "ipa_hbac_refresh (整数)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:592 +#: sssd-ipa.5.xml:597 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server. " "This will reduce the latency and load on the IPA server if there are many " @@ -10745,12 +10781,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:605 +#: sssd-ipa.5.xml:610 msgid "ipa_hbac_selinux (integer)" msgstr "ipa_hbac_selinux (整数)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:608 +#: sssd-ipa.5.xml:613 msgid "" "The amount of time between lookups of the SELinux maps against the IPA " "server. This will reduce the latency and load on the IPA server if there are " @@ -10758,33 +10794,33 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:621 +#: sssd-ipa.5.xml:626 msgid "ipa_server_mode (boolean)" msgstr "ipa_server_mode (論理値)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:624 +#: sssd-ipa.5.xml:629 msgid "" "This option will be set by the IPA installer (ipa-server-install) " "automatically and denotes if SSSD is running on an IPA server or not." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:629 +#: sssd-ipa.5.xml:634 msgid "" "On an IPA server SSSD will lookup users and groups from trusted domains " "directly while on a client it will ask an IPA server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:634 +#: sssd-ipa.5.xml:639 msgid "" "NOTE: There are currently some assumptions that must be met when SSSD is " "running on an IPA server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:639 +#: sssd-ipa.5.xml:644 msgid "" "The <quote>ipa_server</quote> option must be configured to point to the IPA " "server itself. This is already the default set by the IPA installer, so no " @@ -10792,59 +10828,59 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:648 +#: sssd-ipa.5.xml:653 msgid "" "The <quote>full_name_format</quote> option must not be tweaked to only print " "short names for users from trusted domains." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:663 +#: sssd-ipa.5.xml:668 msgid "ipa_automount_location (string)" msgstr "ipa_automount_location (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:666 +#: sssd-ipa.5.xml:671 msgid "The automounter location this IPA client will be using" msgstr "この IPA クライアントが使用する automounter の場所です" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:669 +#: sssd-ipa.5.xml:674 msgid "Default: The location named \"default\"" msgstr "初期値: \"default\" という名前の場所" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd-ipa.5.xml:677 +#: sssd-ipa.5.xml:682 msgid "VIEWS AND OVERRIDES" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:686 +#: sssd-ipa.5.xml:691 msgid "ipa_view_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:689 +#: sssd-ipa.5.xml:694 msgid "Objectclass of the view container." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:692 +#: sssd-ipa.5.xml:697 msgid "Default: nsContainer" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:698 +#: sssd-ipa.5.xml:703 msgid "ipa_view_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:701 +#: sssd-ipa.5.xml:706 msgid "Name of the attribute holding the name of the view." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:705 sssd-ldap-attributes.5.xml:496 +#: sssd-ipa.5.xml:710 sssd-ldap-attributes.5.xml:496 #: sssd-ldap-attributes.5.xml:830 sssd-ldap-attributes.5.xml:911 #: sssd-ldap-attributes.5.xml:1008 sssd-ldap-attributes.5.xml:1066 #: sssd-ldap-attributes.5.xml:1224 sssd-ldap-attributes.5.xml:1269 @@ -10852,128 +10888,128 @@ msgid "Default: cn" msgstr "初期値: cn" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:711 +#: sssd-ipa.5.xml:716 msgid "ipa_override_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:714 +#: sssd-ipa.5.xml:719 msgid "Objectclass of the override objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:717 +#: sssd-ipa.5.xml:722 msgid "Default: ipaOverrideAnchor" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:723 +#: sssd-ipa.5.xml:728 msgid "ipa_anchor_uuid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:726 +#: sssd-ipa.5.xml:731 msgid "" "Name of the attribute containing the reference to the original object in a " "remote domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:730 +#: sssd-ipa.5.xml:735 msgid "Default: ipaAnchorUUID" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:736 +#: sssd-ipa.5.xml:741 msgid "ipa_user_override_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:739 +#: sssd-ipa.5.xml:744 msgid "" "Name of the objectclass for user overrides. It is used to determine if the " "found override object is related to a user or a group." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:744 +#: sssd-ipa.5.xml:749 msgid "User overrides can contain attributes given by" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:747 +#: sssd-ipa.5.xml:752 msgid "ldap_user_name" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:750 +#: sssd-ipa.5.xml:755 msgid "ldap_user_uid_number" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:753 +#: sssd-ipa.5.xml:758 msgid "ldap_user_gid_number" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:756 +#: sssd-ipa.5.xml:761 msgid "ldap_user_gecos" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:759 +#: sssd-ipa.5.xml:764 msgid "ldap_user_home_directory" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:762 +#: sssd-ipa.5.xml:767 msgid "ldap_user_shell" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:765 +#: sssd-ipa.5.xml:770 msgid "ldap_user_ssh_public_key" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:770 +#: sssd-ipa.5.xml:775 msgid "Default: ipaUserOverride" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:776 +#: sssd-ipa.5.xml:781 msgid "ipa_group_override_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:779 +#: sssd-ipa.5.xml:784 msgid "" "Name of the objectclass for group overrides. It is used to determine if the " "found override object is related to a user or a group." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:784 +#: sssd-ipa.5.xml:789 msgid "Group overrides can contain attributes given by" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:787 +#: sssd-ipa.5.xml:792 msgid "ldap_group_name" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:790 +#: sssd-ipa.5.xml:795 msgid "ldap_group_gid_number" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:795 +#: sssd-ipa.5.xml:800 msgid "Default: ipaGroupOverride" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd-ipa.5.xml:679 +#: sssd-ipa.5.xml:684 msgid "" "SSSD can handle views and overrides which are offered by FreeIPA 4.1 and " "later version. Since all paths and objectclasses are fixed on the server " @@ -10983,19 +11019,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ipa.5.xml:807 +#: sssd-ipa.5.xml:812 msgid "SUBDOMAINS PROVIDER" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:809 +#: sssd-ipa.5.xml:814 msgid "" "The IPA subdomains provider behaves slightly differently if it is configured " "explicitly or implicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:813 +#: sssd-ipa.5.xml:818 msgid "" "If the option 'subdomains_provider = ipa' is found in the domain section of " "sssd.conf, the IPA subdomains provider is configured explicitly, and all " @@ -11006,7 +11042,7 @@ msgstr "" "メインのリクエストが必要に応じて IPA サーバーに送られます。" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:819 +#: sssd-ipa.5.xml:824 msgid "" "If the option 'subdomains_provider' is not set in the domain section of sssd." "conf but there is the option 'id_provider = ipa', the IPA subdomains " @@ -11018,12 +11054,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ipa.5.xml:830 +#: sssd-ipa.5.xml:835 msgid "TRUSTED DOMAINS CONFIGURATION" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ipa.5.xml:838 +#: sssd-ipa.5.xml:843 #, no-wrap msgid "" "[domain/ipa.domain.com/ad.domain.com]\n" @@ -11031,7 +11067,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:832 +#: sssd-ipa.5.xml:837 msgid "" "Some configuration options can also be set for a trusted domain. A trusted " "domain configuration can be set using the trusted domain subsection as shown " @@ -11041,80 +11077,80 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:843 +#: sssd-ipa.5.xml:848 msgid "" "For more details, see the <citerefentry> <refentrytitle>sssd.conf</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:850 +#: sssd-ipa.5.xml:855 msgid "" "Different configuration options are tunable for a trusted domain depending " "on whether you are configuring SSSD on an IPA server or an IPA client." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd-ipa.5.xml:855 +#: sssd-ipa.5.xml:860 msgid "OPTIONS TUNABLE ON IPA MASTERS" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd-ipa.5.xml:857 +#: sssd-ipa.5.xml:862 msgid "" "The following options can be set in a subdomain section on an IPA master:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:861 sssd-ipa.5.xml:891 +#: sssd-ipa.5.xml:866 sssd-ipa.5.xml:896 msgid "ad_server" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:864 +#: sssd-ipa.5.xml:869 msgid "ad_backup_server" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:867 sssd-ipa.5.xml:894 +#: sssd-ipa.5.xml:872 sssd-ipa.5.xml:899 msgid "ad_site" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:870 +#: sssd-ipa.5.xml:875 msgid "ldap_search_base" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:873 +#: sssd-ipa.5.xml:878 msgid "ldap_user_search_base" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:876 +#: sssd-ipa.5.xml:881 msgid "ldap_group_search_base" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd-ipa.5.xml:885 +#: sssd-ipa.5.xml:890 msgid "OPTIONS TUNABLE ON IPA CLIENTS" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd-ipa.5.xml:887 +#: sssd-ipa.5.xml:892 msgid "" "The following options can be set in a subdomain section on an IPA client:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd-ipa.5.xml:899 +#: sssd-ipa.5.xml:904 msgid "" "Note that if both options are set, only <quote>ad_server</quote> is " "evaluated." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd-ipa.5.xml:903 +#: sssd-ipa.5.xml:908 msgid "" "Since any request for a user or a group identity from a trusted domain " "triggered from an IPA client is resolved by the IPA server, the " @@ -11128,7 +11164,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:927 +#: sssd-ipa.5.xml:932 msgid "" "The following example assumes that SSSD is correctly configured and example." "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " @@ -11139,7 +11175,7 @@ msgstr "" "例は IPA プロバイダー固有のオプションのみを示しています。" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ipa.5.xml:934 +#: sssd-ipa.5.xml:939 #, no-wrap msgid "" "[domain/example.com]\n" @@ -12347,7 +12383,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ad.5.xml:1388 +#: sssd-ad.5.xml:1393 msgid "" "The following example assumes that SSSD is correctly configured and example." "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " @@ -12358,7 +12394,7 @@ msgstr "" "AD プロバイダー固有のオプションのみ示してします。" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ad.5.xml:1395 +#: sssd-ad.5.xml:1400 #, no-wrap msgid "" "[domain/EXAMPLE]\n" @@ -12382,7 +12418,7 @@ msgstr "" "ad_domain = example.com\n" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ad.5.xml:1415 +#: sssd-ad.5.xml:1420 #, no-wrap msgid "" "access_provider = ldap\n" @@ -12394,7 +12430,7 @@ msgstr "" "ldap_account_expire_policy = ad\n" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ad.5.xml:1411 +#: sssd-ad.5.xml:1416 msgid "" "The AD access control provider checks if the account is expired. It has the " "same effect as the following configuration of the LDAP provider: " @@ -12402,7 +12438,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ad.5.xml:1421 +#: sssd-ad.5.xml:1426 msgid "" "However, unless the <quote>ad</quote> access control provider is explicitly " "configured, the default access provider is <quote>permit</quote>. Please " @@ -12412,7 +12448,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ad.5.xml:1429 +#: sssd-ad.5.xml:1434 msgid "" "When the autofs provider is set to <quote>ad</quote>, the RFC2307 schema " "attribute mapping (nisMap, nisObject, ...) is used, because these attributes " @@ -19274,6 +19310,15 @@ msgstr "" "ホストとユーザーのプリンシパルが正規化されるかどうかを指定します。この機能は " "MIT Kerberos 1.7 およびそれ以降で利用可能です。" +#, fuzzy +#~| msgid "" +#~| "Determines if user credentials are also cached in the local LDB cache" +#~ msgid "" +#~ "Determines if user credentials are also cached in the local LDB cache." +#~ msgstr "" +#~ "ユーザーのクレディンシャルがローカル LDB キャッシュにキャッシュされるかど" +#~ "うかを決めます" + #~ msgid "User credentials are stored in a SHA512 hash, not in plaintext" #~ msgstr "" #~ "ユーザーのクレディンシャルが、平文ではなく SHA512 ハッシュで保存されます" diff --git a/src/man/po/lv.po b/src/man/po/lv.po index 9bca29d26d4..21d992070f6 100644 --- a/src/man/po/lv.po +++ b/src/man/po/lv.po @@ -9,7 +9,7 @@ msgid "" msgstr "" "Project-Id-Version: sssd-docs 2.3.0\n" "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" -"POT-Creation-Date: 2023-09-07 11:47+0200\n" +"POT-Creation-Date: 2023-11-13 11:53+0100\n" "PO-Revision-Date: 2014-12-15 12:00-0500\n" "Last-Translator: Copied by Zanata <copied-by-zanata@zanata.org>\n" "Language-Team: Latvian (http://www.transifex.com/projects/p/sssd/language/" @@ -208,10 +208,10 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:136 sssd.conf.5.xml:173 sssd.conf.5.xml:358 #: sssd.conf.5.xml:714 sssd.conf.5.xml:729 sssd.conf.5.xml:952 -#: sssd.conf.5.xml:1070 sssd.conf.5.xml:2198 sssd-ldap.5.xml:1071 -#: sssd-ldap.5.xml:1174 sssd-ldap.5.xml:1243 sssd-ldap.5.xml:1750 -#: sssd-ldap.5.xml:1815 sssd-ipa.5.xml:342 sssd-ad.5.xml:252 sssd-ad.5.xml:366 -#: sssd-ad.5.xml:1200 sssd-ad.5.xml:1348 sssd-krb5.5.xml:358 +#: sssd.conf.5.xml:1070 sssd.conf.5.xml:2198 sssd-ldap.5.xml:1073 +#: sssd-ldap.5.xml:1176 sssd-ldap.5.xml:1245 sssd-ldap.5.xml:1752 +#: sssd-ldap.5.xml:1817 sssd-ipa.5.xml:347 sssd-ad.5.xml:252 sssd-ad.5.xml:366 +#: sssd-ad.5.xml:1200 sssd-ad.5.xml:1353 sssd-krb5.5.xml:358 msgid "Default: true" msgstr "" @@ -229,10 +229,10 @@ msgstr "" #. type: Content of: <variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:149 sssd.conf.5.xml:652 sssd.conf.5.xml:949 -#: sssd.conf.5.xml:2101 sssd.conf.5.xml:2168 sssd.conf.5.xml:4174 -#: sssd-ldap.5.xml:312 sssd-ldap.5.xml:917 sssd-ldap.5.xml:936 -#: sssd-ldap.5.xml:1146 sssd-ldap.5.xml:1599 sssd-ldap.5.xml:1839 -#: sssd-ipa.5.xml:152 sssd-ipa.5.xml:254 sssd-ipa.5.xml:657 sssd-ad.5.xml:1106 +#: sssd.conf.5.xml:2101 sssd.conf.5.xml:2168 sssd.conf.5.xml:4191 +#: sssd-ldap.5.xml:313 sssd-ldap.5.xml:919 sssd-ldap.5.xml:938 +#: sssd-ldap.5.xml:1148 sssd-ldap.5.xml:1601 sssd-ldap.5.xml:1841 +#: sssd-ipa.5.xml:152 sssd-ipa.5.xml:254 sssd-ipa.5.xml:662 sssd-ad.5.xml:1106 #: sssd-krb5.5.xml:268 sssd-krb5.5.xml:330 sssd-krb5.5.xml:432 #: include/krb5_options.xml:163 msgid "Default: false" @@ -266,8 +266,8 @@ msgid "" msgstr "" #. type: Content of: outside any tag (error?) -#: sssd.conf.5.xml:109 sssd.conf.5.xml:184 sssd-ldap.5.xml:1656 -#: sssd-ldap.5.xml:1862 sss-certmap.5.xml:645 sssd-systemtap.5.xml:82 +#: sssd.conf.5.xml:109 sssd.conf.5.xml:184 sssd-ldap.5.xml:1658 +#: sssd-ldap.5.xml:1864 sss-certmap.5.xml:645 sssd-systemtap.5.xml:82 #: sssd-systemtap.5.xml:143 sssd-systemtap.5.xml:236 sssd-systemtap.5.xml:274 #: sssd-systemtap.5.xml:330 sssd-ldap-attributes.5.xml:40 #: sssd-ldap-attributes.5.xml:659 sssd-ldap-attributes.5.xml:801 @@ -298,7 +298,7 @@ msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:196 sssd.conf.5.xml:1290 sssd.conf.5.xml:1767 -#: sssd.conf.5.xml:4190 sssd-ldap.5.xml:765 include/ldap_id_mapping.xml:270 +#: sssd.conf.5.xml:4207 sssd-ldap.5.xml:766 include/ldap_id_mapping.xml:270 msgid "Default: 10" msgstr "Noklusējuma: 10" @@ -374,7 +374,7 @@ msgid "" msgstr "" #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:266 sssd.conf.5.xml:792 sssd.conf.5.xml:3709 +#: sssd.conf.5.xml:266 sssd.conf.5.xml:792 sssd.conf.5.xml:3716 #: include/failover.xml:100 msgid "Default: 3" msgstr "" @@ -396,7 +396,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:287 sssd.conf.5.xml:3541 +#: sssd.conf.5.xml:287 sssd.conf.5.xml:3548 msgid "re_expression (string)" msgstr "" @@ -416,12 +416,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:304 sssd.conf.5.xml:3598 +#: sssd.conf.5.xml:304 sssd.conf.5.xml:3605 msgid "full_name_format (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:307 sssd.conf.5.xml:3601 +#: sssd.conf.5.xml:307 sssd.conf.5.xml:3608 msgid "" "A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</" "manvolnum> </citerefentry>-compatible format that describes how to compose a " @@ -429,39 +429,39 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:318 sssd.conf.5.xml:3612 +#: sssd.conf.5.xml:318 sssd.conf.5.xml:3619 msgid "%1$s" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:319 sssd.conf.5.xml:3613 +#: sssd.conf.5.xml:319 sssd.conf.5.xml:3620 msgid "user name" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:322 sssd.conf.5.xml:3616 +#: sssd.conf.5.xml:322 sssd.conf.5.xml:3623 msgid "%2$s" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:325 sssd.conf.5.xml:3619 +#: sssd.conf.5.xml:325 sssd.conf.5.xml:3626 msgid "domain name as specified in the SSSD config file." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:331 sssd.conf.5.xml:3625 +#: sssd.conf.5.xml:331 sssd.conf.5.xml:3632 msgid "%3$s" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:334 sssd.conf.5.xml:3628 +#: sssd.conf.5.xml:334 sssd.conf.5.xml:3635 msgid "" "domain flat name. Mostly usable for Active Directory domains, both directly " "configured or discovered via IPA trusts." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:315 sssd.conf.5.xml:3609 +#: sssd.conf.5.xml:315 sssd.conf.5.xml:3616 msgid "" "The following expansions are supported: <placeholder type=\"variablelist\" " "id=\"0\"/>" @@ -604,8 +604,8 @@ msgid "" msgstr "" #. type: Content of: <variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:468 sssd-ldap.5.xml:876 sssd-ldap.5.xml:888 -#: sssd-ldap.5.xml:980 sssd-ad.5.xml:920 sssd-ad.5.xml:995 sssd-krb5.5.xml:468 +#: sssd.conf.5.xml:468 sssd-ldap.5.xml:877 sssd-ldap.5.xml:889 +#: sssd-ldap.5.xml:982 sssd-ad.5.xml:920 sssd-ad.5.xml:995 sssd-krb5.5.xml:468 #: sssd-ldap-attributes.5.xml:470 sssd-ldap-attributes.5.xml:976 #: include/ldap_id_mapping.xml:211 include/ldap_id_mapping.xml:222 #: include/krb5_options.xml:148 @@ -875,7 +875,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:700 sssd.conf.5.xml:1791 sssd.conf.5.xml:4240 +#: sssd.conf.5.xml:700 sssd.conf.5.xml:1791 sssd.conf.5.xml:4257 #: sssd-ad.5.xml:187 sssd-ad.5.xml:327 sssd-ad.5.xml:341 msgid "Default: Not set" msgstr "" @@ -1056,7 +1056,7 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:858 sssd.conf.5.xml:1201 sssd.conf.5.xml:1584 -#: sssd.conf.5.xml:1880 sssd-ldap.5.xml:494 +#: sssd.conf.5.xml:1880 sssd-ldap.5.xml:495 msgid "Default: 60" msgstr "Noklusējuma: 60" @@ -1166,7 +1166,7 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:937 sssd.conf.5.xml:1214 sssd.conf.5.xml:2322 -#: sssd-ldap.5.xml:331 +#: sssd-ldap.5.xml:332 msgid "Default: 300" msgstr "Noklusējuma: 300" @@ -1537,7 +1537,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1240 sssd.conf.5.xml:2964 sssd-ldap.5.xml:548 +#: sssd.conf.5.xml:1240 sssd.conf.5.xml:2971 sssd-ldap.5.xml:549 msgid "Default: 8" msgstr "" @@ -1565,8 +1565,8 @@ msgid "" msgstr "" #. type: Content of: <variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1265 sssd.conf.5.xml:1317 sssd.conf.5.xml:3730 -#: sssd-ldap.5.xml:473 sssd-ldap.5.xml:525 include/failover.xml:116 +#: sssd.conf.5.xml:1265 sssd.conf.5.xml:1317 sssd.conf.5.xml:3737 +#: sssd-ldap.5.xml:474 sssd-ldap.5.xml:526 include/failover.xml:116 #: include/krb5_options.xml:11 msgid "Default: 6" msgstr "Noklusējuma: 6" @@ -1879,7 +1879,7 @@ msgid "pam_pwd_expiration_warning (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1553 sssd.conf.5.xml:2988 +#: sssd.conf.5.xml:1553 sssd.conf.5.xml:2995 msgid "Display a warning N days before the password expires." msgstr "" @@ -1892,7 +1892,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1562 sssd.conf.5.xml:2991 +#: sssd.conf.5.xml:1562 sssd.conf.5.xml:2998 msgid "" "If zero is set, then this filter is not applied, i.e. if the expiration " "warning was received from backend server, it will automatically be displayed." @@ -1906,7 +1906,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1572 sssd.conf.5.xml:3977 sssd-ldap.5.xml:606 sssd.8.xml:79 +#: sssd.conf.5.xml:1572 sssd.conf.5.xml:3984 sssd-ldap.5.xml:607 sssd.8.xml:79 msgid "Default: 0" msgstr "" @@ -1969,8 +1969,8 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1632 sssd.conf.5.xml:1657 sssd.conf.5.xml:1676 -#: sssd.conf.5.xml:1913 sssd.conf.5.xml:2733 sssd.conf.5.xml:3906 -#: sssd-ldap.5.xml:1207 +#: sssd.conf.5.xml:1913 sssd.conf.5.xml:2733 sssd.conf.5.xml:3913 +#: sssd-ldap.5.xml:1209 msgid "Default: none" msgstr "" @@ -2033,8 +2033,8 @@ msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1687 sssd.conf.5.xml:1698 sssd.conf.5.xml:1712 -#: sssd-ldap.5.xml:671 sssd-ldap.5.xml:692 sssd-ldap.5.xml:788 -#: sssd-ldap.5.xml:1293 sssd-ad.5.xml:505 sssd-ad.5.xml:581 sssd-ad.5.xml:1126 +#: sssd-ldap.5.xml:672 sssd-ldap.5.xml:693 sssd-ldap.5.xml:789 +#: sssd-ldap.5.xml:1295 sssd-ad.5.xml:505 sssd-ad.5.xml:581 sssd-ad.5.xml:1126 #: sssd-ad.5.xml:1175 include/ldap_id_mapping.xml:250 msgid "Default: False" msgstr "" @@ -2073,7 +2073,7 @@ msgid "The path to the certificate database." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1723 sssd.conf.5.xml:2248 sssd.conf.5.xml:4354 +#: sssd.conf.5.xml:1723 sssd.conf.5.xml:2248 sssd.conf.5.xml:4371 msgid "Default:" msgstr "" @@ -2341,7 +2341,7 @@ msgid "Default: no_session" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1950 sssd.conf.5.xml:4293 +#: sssd.conf.5.xml:1950 sssd.conf.5.xml:4310 msgid "pam_gssapi_services" msgstr "" @@ -2375,7 +2375,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1968 sssd.conf.5.xml:3900 +#: sssd.conf.5.xml:1968 sssd.conf.5.xml:3907 msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" @@ -2385,7 +2385,7 @@ msgid "Default: - (GSSAPI authentication is disabled)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1979 sssd.conf.5.xml:4294 +#: sssd.conf.5.xml:1979 sssd.conf.5.xml:4311 msgid "pam_gssapi_check_upn" msgstr "" @@ -2405,7 +2405,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1999 sssd-ad.5.xml:1266 sss_rpcidmapd.5.xml:76 +#: sssd.conf.5.xml:1999 sssd-ad.5.xml:1271 sss_rpcidmapd.5.xml:76 #: sssd-files.5.xml:145 msgid "Default: True" msgstr "" @@ -3164,7 +3164,7 @@ msgid "FALSE = No enumerations for this domain" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2669 sssd.conf.5.xml:2943 sssd.conf.5.xml:3120 +#: sssd.conf.5.xml:2669 sssd.conf.5.xml:2950 sssd.conf.5.xml:3127 msgid "Default: FALSE" msgstr "" @@ -3433,7 +3433,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2922 sssd-ldap.5.xml:360 sssd-ldap.5.xml:1736 +#: sssd.conf.5.xml:2922 sssd-ldap.5.xml:361 sssd-ldap.5.xml:1738 #: sssd-ipa.5.xml:270 msgid "Default: 0 (disabled)" msgstr "" @@ -3445,11 +3445,17 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:2931 -msgid "Determines if user credentials are also cached in the local LDB cache." +msgid "" +"Determines if user credentials are also cached in the local LDB cache. The " +"cached credentials refer to passwords, which includes the first (long term) " +"factor of two-factor authentication, not other authentication mechanisms. " +"Passkey and Smartcard authentications are expected to work offline as long " +"as a successful online authentication is recorded in the cache without " +"additional configuration." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2935 +#: sssd.conf.5.xml:2942 msgid "" "Take a note that while credentials are stored as a salted SHA512 hash, this " "still potentially poses some security risk in case an attacker manages to " @@ -3458,12 +3464,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2949 +#: sssd.conf.5.xml:2956 msgid "cache_credentials_minimal_first_factor_length (int)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2952 +#: sssd.conf.5.xml:2959 msgid "" "If 2-Factor-Authentication (2FA) is used and credentials should be saved " "this value determines the minimal length the first authentication factor " @@ -3471,19 +3477,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2959 +#: sssd.conf.5.xml:2966 msgid "" "This should avoid that the short PINs of a PIN based 2FA scheme are saved in " "the cache which would make them easy targets for brute-force attacks." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2970 +#: sssd.conf.5.xml:2977 msgid "account_cache_expiration (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2973 +#: sssd.conf.5.xml:2980 msgid "" "Number of days entries are left in cache after last successful login before " "being removed during a cleanup of the cache. 0 means keep forever. The " @@ -3492,17 +3498,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2980 +#: sssd.conf.5.xml:2987 msgid "Default: 0 (unlimited)" msgstr "Noklusējuma: 0 (neierobežots)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2985 +#: sssd.conf.5.xml:2992 msgid "pwd_expiration_warning (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2996 +#: sssd.conf.5.xml:3003 msgid "" "Please note that the backend server has to provide information about the " "expiration time of the password. If this information is missing, sssd " @@ -3511,28 +3517,28 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3003 +#: sssd.conf.5.xml:3010 msgid "Default: 7 (Kerberos), 0 (LDAP)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3009 +#: sssd.conf.5.xml:3016 msgid "id_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3012 +#: sssd.conf.5.xml:3019 msgid "" "The identification provider used for the domain. Supported ID providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3016 +#: sssd.conf.5.xml:3023 msgid "<quote>proxy</quote>: Support a legacy NSS provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3019 +#: sssd.conf.5.xml:3026 msgid "" "<quote>files</quote>: FILES provider. See <citerefentry> <refentrytitle>sssd-" "files</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more " @@ -3540,7 +3546,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3027 +#: sssd.conf.5.xml:3034 msgid "" "<quote>ldap</quote>: LDAP provider. See <citerefentry> <refentrytitle>sssd-" "ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more " @@ -3548,8 +3554,8 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3035 sssd.conf.5.xml:3146 sssd.conf.5.xml:3197 -#: sssd.conf.5.xml:3260 +#: sssd.conf.5.xml:3042 sssd.conf.5.xml:3153 sssd.conf.5.xml:3204 +#: sssd.conf.5.xml:3267 msgid "" "<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management " "provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> " @@ -3558,8 +3564,8 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3044 sssd.conf.5.xml:3155 sssd.conf.5.xml:3206 -#: sssd.conf.5.xml:3269 +#: sssd.conf.5.xml:3051 sssd.conf.5.xml:3162 sssd.conf.5.xml:3213 +#: sssd.conf.5.xml:3276 msgid "" "<quote>ad</quote>: Active Directory provider. See <citerefentry> " "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3567,19 +3573,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3055 +#: sssd.conf.5.xml:3062 msgid "use_fully_qualified_names (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3058 +#: sssd.conf.5.xml:3065 msgid "" "Use the full name and domain (as formatted by the domain's full_name_format) " "as the user's login name reported to NSS." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3063 +#: sssd.conf.5.xml:3070 msgid "" "If set to TRUE, all requests to this domain must use fully qualified names. " "For example, if used in LOCAL domain that contains a \"test\" user, " @@ -3588,7 +3594,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3071 +#: sssd.conf.5.xml:3078 msgid "" "NOTE: This option has no effect on netgroup lookups due to their tendency to " "include nested netgroups without qualified names. For netgroups, all domains " @@ -3596,24 +3602,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3078 +#: sssd.conf.5.xml:3085 msgid "" "Default: FALSE (TRUE for trusted domain/sub-domains or if " "default_domain_suffix is used)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3085 +#: sssd.conf.5.xml:3092 msgid "ignore_group_members (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3088 +#: sssd.conf.5.xml:3095 msgid "Do not return group members for group lookups." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3091 +#: sssd.conf.5.xml:3098 msgid "" "If set to TRUE, the group membership attribute is not requested from the " "ldap server, and group members are not returned when processing group lookup " @@ -3625,7 +3631,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3109 +#: sssd.conf.5.xml:3116 msgid "" "Enabling this option can also make access provider checks for group " "membership significantly faster, especially for groups containing many " @@ -3633,30 +3639,30 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3115 sssd.conf.5.xml:3822 sssd-ldap.5.xml:326 -#: sssd-ldap.5.xml:355 sssd-ldap.5.xml:408 sssd-ldap.5.xml:468 -#: sssd-ldap.5.xml:489 sssd-ldap.5.xml:520 sssd-ldap.5.xml:543 -#: sssd-ldap.5.xml:582 sssd-ldap.5.xml:601 sssd-ldap.5.xml:625 -#: sssd-ldap.5.xml:1051 sssd-ldap.5.xml:1084 +#: sssd.conf.5.xml:3122 sssd.conf.5.xml:3829 sssd-ldap.5.xml:327 +#: sssd-ldap.5.xml:356 sssd-ldap.5.xml:409 sssd-ldap.5.xml:469 +#: sssd-ldap.5.xml:490 sssd-ldap.5.xml:521 sssd-ldap.5.xml:544 +#: sssd-ldap.5.xml:583 sssd-ldap.5.xml:602 sssd-ldap.5.xml:626 +#: sssd-ldap.5.xml:1053 sssd-ldap.5.xml:1086 msgid "" "This option can be also set per subdomain or inherited via " "<emphasis>subdomain_inherit</emphasis>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3125 +#: sssd.conf.5.xml:3132 msgid "auth_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3128 +#: sssd.conf.5.xml:3135 msgid "" "The authentication provider used for the domain. Supported auth providers " "are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3132 sssd.conf.5.xml:3190 +#: sssd.conf.5.xml:3139 sssd.conf.5.xml:3197 msgid "" "<quote>ldap</quote> for native LDAP authentication. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3664,7 +3670,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3139 +#: sssd.conf.5.xml:3146 msgid "" "<quote>krb5</quote> for Kerberos authentication. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3672,30 +3678,30 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3163 +#: sssd.conf.5.xml:3170 msgid "" "<quote>proxy</quote> for relaying authentication to some other PAM target." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3166 +#: sssd.conf.5.xml:3173 msgid "<quote>none</quote> disables authentication explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3169 +#: sssd.conf.5.xml:3176 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can handle " "authentication requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3175 +#: sssd.conf.5.xml:3182 msgid "access_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3178 +#: sssd.conf.5.xml:3185 msgid "" "The access control provider used for the domain. There are two built-in " "access providers (in addition to any included in installed backends) " @@ -3703,19 +3709,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3184 +#: sssd.conf.5.xml:3191 msgid "" "<quote>permit</quote> always allow access. It's the only permitted access " "provider for a local domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3187 +#: sssd.conf.5.xml:3194 msgid "<quote>deny</quote> always deny access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3214 +#: sssd.conf.5.xml:3221 msgid "" "<quote>simple</quote> access control based on access or deny lists. See " "<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</" @@ -3724,7 +3730,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3221 +#: sssd.conf.5.xml:3228 msgid "" "<quote>krb5</quote>: .k5login based access control. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum></" @@ -3732,29 +3738,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3228 +#: sssd.conf.5.xml:3235 msgid "<quote>proxy</quote> for relaying access control to another PAM module." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3231 +#: sssd.conf.5.xml:3238 msgid "Default: <quote>permit</quote>" msgstr "Noklusējuma: <quote>atļaut</quote>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3236 +#: sssd.conf.5.xml:3243 msgid "chpass_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3239 +#: sssd.conf.5.xml:3246 msgid "" "The provider which should handle change password operations for the domain. " "Supported change password providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3244 +#: sssd.conf.5.xml:3251 msgid "" "<quote>ldap</quote> to change a password stored in a LDAP server. See " "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" @@ -3762,7 +3768,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3252 +#: sssd.conf.5.xml:3259 msgid "" "<quote>krb5</quote> to change the Kerberos password. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3770,35 +3776,35 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3277 +#: sssd.conf.5.xml:3284 msgid "" "<quote>proxy</quote> for relaying password changes to some other PAM target." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3281 +#: sssd.conf.5.xml:3288 msgid "<quote>none</quote> disallows password changes explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3284 +#: sssd.conf.5.xml:3291 msgid "" "Default: <quote>auth_provider</quote> is used if it is set and can handle " "change password requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3291 +#: sssd.conf.5.xml:3298 msgid "sudo_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3294 +#: sssd.conf.5.xml:3301 msgid "The SUDO provider used for the domain. Supported SUDO providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3298 +#: sssd.conf.5.xml:3305 msgid "" "<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3806,32 +3812,32 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3306 +#: sssd.conf.5.xml:3313 msgid "" "<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default " "settings." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3310 +#: sssd.conf.5.xml:3317 msgid "" "<quote>ad</quote> the same as <quote>ldap</quote> but with AD default " "settings." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3314 +#: sssd.conf.5.xml:3321 msgid "<quote>none</quote> disables SUDO explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3317 sssd.conf.5.xml:3403 sssd.conf.5.xml:3473 -#: sssd.conf.5.xml:3498 sssd.conf.5.xml:3534 +#: sssd.conf.5.xml:3324 sssd.conf.5.xml:3410 sssd.conf.5.xml:3480 +#: sssd.conf.5.xml:3505 sssd.conf.5.xml:3541 msgid "Default: The value of <quote>id_provider</quote> is used if it is set." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3321 +#: sssd.conf.5.xml:3328 msgid "" "The detailed instructions for configuration of sudo_provider are in the " "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " @@ -3842,7 +3848,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3336 +#: sssd.conf.5.xml:3343 msgid "" "<emphasis>NOTE:</emphasis> Sudo rules are periodically downloaded in the " "background unless the sudo provider is explicitly disabled. Set " @@ -3851,12 +3857,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3346 +#: sssd.conf.5.xml:3353 msgid "selinux_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3349 +#: sssd.conf.5.xml:3356 msgid "" "The provider which should handle loading of selinux settings. Note that this " "provider will be called right after access provider ends. Supported selinux " @@ -3864,7 +3870,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3355 +#: sssd.conf.5.xml:3362 msgid "" "<quote>ipa</quote> to load selinux settings from an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" @@ -3872,31 +3878,31 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3363 +#: sssd.conf.5.xml:3370 msgid "<quote>none</quote> disallows fetching selinux settings explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3366 +#: sssd.conf.5.xml:3373 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can handle " "selinux loading requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3372 +#: sssd.conf.5.xml:3379 msgid "subdomains_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3375 +#: sssd.conf.5.xml:3382 msgid "" "The provider which should handle fetching of subdomains. This value should " "be always the same as id_provider. Supported subdomain providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3381 +#: sssd.conf.5.xml:3388 msgid "" "<quote>ipa</quote> to load a list of subdomains from an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" @@ -3904,7 +3910,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3390 +#: sssd.conf.5.xml:3397 msgid "" "<quote>ad</quote> to load a list of subdomains from an Active Directory " "server. See <citerefentry> <refentrytitle>sssd-ad</refentrytitle> " @@ -3913,17 +3919,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3399 +#: sssd.conf.5.xml:3406 msgid "<quote>none</quote> disallows fetching subdomains explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3409 +#: sssd.conf.5.xml:3416 msgid "session_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3412 +#: sssd.conf.5.xml:3419 msgid "" "The provider which configures and manages user session related tasks. The " "only user session task currently provided is the integration with Fleet " @@ -3931,43 +3937,43 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3419 +#: sssd.conf.5.xml:3426 msgid "<quote>ipa</quote> to allow performing user session related tasks." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3423 +#: sssd.conf.5.xml:3430 msgid "" "<quote>none</quote> does not perform any kind of user session related tasks." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3427 +#: sssd.conf.5.xml:3434 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can perform " "session related tasks." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3431 +#: sssd.conf.5.xml:3438 msgid "" "<emphasis>NOTE:</emphasis> In order to have this feature working as expected " "SSSD must be running as \"root\" and not as the unprivileged user." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3439 +#: sssd.conf.5.xml:3446 msgid "autofs_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3442 +#: sssd.conf.5.xml:3449 msgid "" "The autofs provider used for the domain. Supported autofs providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3446 +#: sssd.conf.5.xml:3453 msgid "" "<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3975,7 +3981,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3453 +#: sssd.conf.5.xml:3460 msgid "" "<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> " "<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3983,7 +3989,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3461 +#: sssd.conf.5.xml:3468 msgid "" "<quote>ad</quote> to load maps stored in an AD server. See <citerefentry> " "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3991,24 +3997,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3470 +#: sssd.conf.5.xml:3477 msgid "<quote>none</quote> disables autofs explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3480 +#: sssd.conf.5.xml:3487 msgid "hostid_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3483 +#: sssd.conf.5.xml:3490 msgid "" "The provider used for retrieving host identity information. Supported " "hostid providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3487 +#: sssd.conf.5.xml:3494 msgid "" "<quote>ipa</quote> to load host identity stored in an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" @@ -4016,31 +4022,31 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3495 +#: sssd.conf.5.xml:3502 msgid "<quote>none</quote> disables hostid explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3505 +#: sssd.conf.5.xml:3512 msgid "resolver_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3508 +#: sssd.conf.5.xml:3515 msgid "" "The provider which should handle hosts and networks lookups. Supported " "resolver providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3512 +#: sssd.conf.5.xml:3519 msgid "" "<quote>proxy</quote> to forward lookups to another NSS library. See " "<quote>proxy_resolver_lib_name</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3516 +#: sssd.conf.5.xml:3523 msgid "" "<quote>ldap</quote> to fetch hosts and networks stored in LDAP. See " "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" @@ -4048,7 +4054,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3523 +#: sssd.conf.5.xml:3530 msgid "" "<quote>ad</quote> to fetch hosts and networks stored in AD. See " "<citerefentry> <refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</" @@ -4057,12 +4063,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3531 +#: sssd.conf.5.xml:3538 msgid "<quote>none</quote> disallows fetching hosts and networks explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3544 +#: sssd.conf.5.xml:3551 msgid "" "Regular expression for this domain that describes how to parse the string " "containing user name and domain into these components. The \"domain\" can " @@ -4072,24 +4078,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3553 +#: sssd.conf.5.xml:3560 msgid "" "Default: <quote>^((?P<name>.+)@(?P<domain>[^@]*)|(?P<name>" "[^@]+))$</quote> which allows two different styles for user names:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:3558 sssd.conf.5.xml:3572 +#: sssd.conf.5.xml:3565 sssd.conf.5.xml:3579 msgid "username" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:3561 sssd.conf.5.xml:3575 +#: sssd.conf.5.xml:3568 sssd.conf.5.xml:3582 msgid "username@domain.name" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3566 +#: sssd.conf.5.xml:3573 msgid "" "Default for the AD and IPA provider: <quote>^(((?P<domain>[^\\\\]+)\\" "\\(?P<name>.+))|((?P<name>.+)@(?P<domain>[^@]+))|((?P<" @@ -4098,19 +4104,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:3578 +#: sssd.conf.5.xml:3585 msgid "domain\\username" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3581 +#: sssd.conf.5.xml:3588 msgid "" "While the first two correspond to the general default the third one is " "introduced to allow easy integration of users from Windows domains." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3586 +#: sssd.conf.5.xml:3593 msgid "" "The default re_expression uses the <quote>@</quote> character as a separator " "between the name and the domain. As a result of this setting the default " @@ -4120,93 +4126,93 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3638 +#: sssd.conf.5.xml:3645 msgid "Default: <quote>%1$s@%2$s</quote>." msgstr "Noklusējuma: <quote>%1$s@%2$s</quote>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3644 +#: sssd.conf.5.xml:3651 msgid "lookup_family_order (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3647 +#: sssd.conf.5.xml:3654 msgid "" "Provides the ability to select preferred address family to use when " "performing DNS lookups." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3651 +#: sssd.conf.5.xml:3658 msgid "Supported values:" msgstr "Atbalstītās vērtības:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3654 +#: sssd.conf.5.xml:3661 msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3657 +#: sssd.conf.5.xml:3664 msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3660 +#: sssd.conf.5.xml:3667 msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3663 +#: sssd.conf.5.xml:3670 msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3666 +#: sssd.conf.5.xml:3673 msgid "Default: ipv4_first" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3672 +#: sssd.conf.5.xml:3679 #, fuzzy #| msgid "timeout (integer)" msgid "dns_resolver_server_timeout (integer)" msgstr "noildze (vesels skaitlis)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3675 +#: sssd.conf.5.xml:3682 msgid "" "Defines the amount of time (in milliseconds) SSSD would try to talk to DNS " "server before trying next DNS server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3680 +#: sssd.conf.5.xml:3687 msgid "" "The AD provider will use this option for the CLDAP ping timeouts as well." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3684 sssd.conf.5.xml:3704 sssd.conf.5.xml:3725 +#: sssd.conf.5.xml:3691 sssd.conf.5.xml:3711 sssd.conf.5.xml:3732 msgid "" "Please see the section <quote>FAILOVER</quote> for more information about " "the service resolution." msgstr "" #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3689 sssd-ldap.5.xml:644 include/failover.xml:84 +#: sssd.conf.5.xml:3696 sssd-ldap.5.xml:645 include/failover.xml:84 msgid "Default: 1000" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3695 +#: sssd.conf.5.xml:3702 #, fuzzy #| msgid "timeout (integer)" msgid "dns_resolver_op_timeout (integer)" msgstr "noildze (vesels skaitlis)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3698 +#: sssd.conf.5.xml:3705 msgid "" "Defines the amount of time (in seconds) to wait to resolve single DNS query " "(e.g. resolution of a hostname or an SRV record) before trying the next " @@ -4214,12 +4220,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3715 +#: sssd.conf.5.xml:3722 msgid "dns_resolver_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3718 +#: sssd.conf.5.xml:3725 msgid "" "Defines the amount of time (in seconds) to wait for a reply from the " "internal fail over service before assuming that the service is unreachable. " @@ -4228,14 +4234,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3736 +#: sssd.conf.5.xml:3743 #, fuzzy #| msgid "timeout (integer)" msgid "dns_resolver_use_search_list (bool)" msgstr "noildze (vesels skaitlis)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3739 +#: sssd.conf.5.xml:3746 msgid "" "Normally, the DNS resolver searches the domain list defined in the " "\"search\" directive from the resolv.conf file. This can lead to delays in " @@ -4243,7 +4249,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3745 +#: sssd.conf.5.xml:3752 msgid "" "If fully qualified domain names (or _srv_) are used in the SSSD " "configuration, setting this option to FALSE can prevent unnecessary DNS " @@ -4251,71 +4257,71 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3751 +#: sssd.conf.5.xml:3758 #, fuzzy #| msgid "Default: 6" msgid "Default: TRUE" msgstr "Noklusējuma: 6" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3757 +#: sssd.conf.5.xml:3764 msgid "dns_discovery_domain (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3760 +#: sssd.conf.5.xml:3767 msgid "" "If service discovery is used in the back end, specifies the domain part of " "the service discovery DNS query." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3764 +#: sssd.conf.5.xml:3771 msgid "Default: Use the domain part of machine's hostname" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3770 +#: sssd.conf.5.xml:3777 msgid "override_gid (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3773 +#: sssd.conf.5.xml:3780 msgid "Override the primary GID value with the one specified." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3779 +#: sssd.conf.5.xml:3786 msgid "case_sensitive (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3786 +#: sssd.conf.5.xml:3793 msgid "True" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3789 +#: sssd.conf.5.xml:3796 msgid "Case sensitive. This value is invalid for AD provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3795 +#: sssd.conf.5.xml:3802 msgid "False" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3797 +#: sssd.conf.5.xml:3804 msgid "Case insensitive." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3801 +#: sssd.conf.5.xml:3808 msgid "Preserving" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3804 +#: sssd.conf.5.xml:3811 msgid "" "Same as False (case insensitive), but does not lowercase names in the result " "of NSS operations. Note that name aliases (and in case of services also " @@ -4323,31 +4329,31 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3812 +#: sssd.conf.5.xml:3819 msgid "" "If you want to set this value for trusted domain with IPA provider, you need " "to set it on both the client and SSSD on the server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3782 +#: sssd.conf.5.xml:3789 msgid "" "Treat user and group names as case sensitive. Possible option values are: " "<placeholder type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3827 +#: sssd.conf.5.xml:3834 msgid "Default: True (False for AD provider)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3833 +#: sssd.conf.5.xml:3840 msgid "subdomain_inherit (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3836 +#: sssd.conf.5.xml:3843 msgid "" "Specifies a list of configuration parameters that should be inherited by a " "subdomain. Please note that only selected parameters can be inherited. " @@ -4355,114 +4361,114 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3842 +#: sssd.conf.5.xml:3849 msgid "ldap_search_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3845 +#: sssd.conf.5.xml:3852 msgid "ldap_network_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3848 +#: sssd.conf.5.xml:3855 msgid "ldap_opt_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3851 +#: sssd.conf.5.xml:3858 #, fuzzy #| msgid "timeout (integer)" msgid "ldap_offline_timeout" msgstr "noildze (vesels skaitlis)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3854 +#: sssd.conf.5.xml:3861 #, fuzzy #| msgid "timeout (integer)" msgid "ldap_enumeration_refresh_timeout" msgstr "noildze (vesels skaitlis)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3857 +#: sssd.conf.5.xml:3864 msgid "ldap_enumeration_refresh_offset" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3860 +#: sssd.conf.5.xml:3867 msgid "ldap_purge_cache_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3863 +#: sssd.conf.5.xml:3870 msgid "ldap_purge_cache_offset" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3866 +#: sssd.conf.5.xml:3873 msgid "" "ldap_krb5_keytab (the value of krb5_keytab will be used if ldap_krb5_keytab " "is not set explicitly)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3870 +#: sssd.conf.5.xml:3877 msgid "ldap_krb5_ticket_lifetime" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3873 +#: sssd.conf.5.xml:3880 #, fuzzy #| msgid "timeout (integer)" msgid "ldap_enumeration_search_timeout" msgstr "noildze (vesels skaitlis)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3876 +#: sssd.conf.5.xml:3883 #, fuzzy #| msgid "timeout (integer)" msgid "ldap_connection_expire_timeout" msgstr "noildze (vesels skaitlis)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3879 +#: sssd.conf.5.xml:3886 #, fuzzy #| msgid "timeout (integer)" msgid "ldap_connection_expire_offset" msgstr "noildze (vesels skaitlis)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3882 +#: sssd.conf.5.xml:3889 msgid "ldap_connection_idle_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3885 sssd-ldap.5.xml:400 +#: sssd.conf.5.xml:3892 sssd-ldap.5.xml:401 msgid "ldap_use_tokengroups" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3888 +#: sssd.conf.5.xml:3895 msgid "ldap_user_principal" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3891 +#: sssd.conf.5.xml:3898 msgid "ignore_group_members" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3894 +#: sssd.conf.5.xml:3901 msgid "auto_private_groups" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3897 +#: sssd.conf.5.xml:3904 msgid "case_sensitive" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:3902 +#: sssd.conf.5.xml:3909 #, no-wrap msgid "" "subdomain_inherit = ldap_purge_cache_timeout\n" @@ -4470,27 +4476,27 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3909 +#: sssd.conf.5.xml:3916 msgid "Note: This option only works with the IPA and AD provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3916 +#: sssd.conf.5.xml:3923 msgid "subdomain_homedir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3927 +#: sssd.conf.5.xml:3934 msgid "%F" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3928 +#: sssd.conf.5.xml:3935 msgid "flat (NetBIOS) name of a subdomain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3919 +#: sssd.conf.5.xml:3926 msgid "" "Use this homedir as default value for all subdomains within this domain in " "IPA AD trust. See <emphasis>override_homedir</emphasis> for info about " @@ -4500,34 +4506,34 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3933 +#: sssd.conf.5.xml:3940 msgid "" "The value can be overridden by <emphasis>override_homedir</emphasis> option." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3937 +#: sssd.conf.5.xml:3944 msgid "Default: <filename>/home/%d/%u</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3942 +#: sssd.conf.5.xml:3949 msgid "realmd_tags (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3945 +#: sssd.conf.5.xml:3952 msgid "" "Various tags stored by the realmd configuration service for this domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3951 +#: sssd.conf.5.xml:3958 msgid "cached_auth_timeout (int)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3954 +#: sssd.conf.5.xml:3961 msgid "" "Specifies time in seconds since last successful online authentication for " "which user will be authenticated using cached credentials while SSSD is in " @@ -4536,19 +4542,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3962 +#: sssd.conf.5.xml:3969 msgid "" "This option's value is inherited by all trusted domains. At the moment it is " "not possible to set a different value per trusted domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3967 +#: sssd.conf.5.xml:3974 msgid "Special value 0 implies that this feature is disabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3971 +#: sssd.conf.5.xml:3978 msgid "" "Please note that if <quote>cached_auth_timeout</quote> is longer than " "<quote>pam_id_timeout</quote> then the back end could be called to handle " @@ -4556,12 +4562,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3982 +#: sssd.conf.5.xml:3989 msgid "local_auth_policy (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3985 +#: sssd.conf.5.xml:3992 msgid "" "Local authentication methods policy. Some backends (i.e. LDAP, proxy " "provider) only support a password based authentication, while others can " @@ -4572,7 +4578,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3995 +#: sssd.conf.5.xml:4002 msgid "" "There are three possible values for this option: match, only, enable. " "<quote>match</quote> is used to match offline and online states for Kerberos " @@ -4583,8 +4589,17 @@ msgid "" "separated, such as <quote>enable:passkey, enable:smartcard</quote>" msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4014 +msgid "" +"Please note that if local Smartcard authentication is enabled and a " +"Smartcard is present, Smartcard authentication will be preferred over the " +"authentication methods supported by the backend. I.e. there will be a PIN " +"prompt instead of e.g. a password prompt." +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:4011 +#: sssd.conf.5.xml:4026 #, no-wrap msgid "" "[domain/shadowutils]\n" @@ -4595,7 +4610,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4007 +#: sssd.conf.5.xml:4022 msgid "" "The following configuration example allows local users to authenticate " "locally using any enabled method (i.e. smartcard, passkey). <placeholder " @@ -4603,36 +4618,36 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4019 +#: sssd.conf.5.xml:4034 msgid "This option is ignored for the files provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4022 +#: sssd.conf.5.xml:4037 #, fuzzy #| msgid "Default: 6" msgid "Default: match" msgstr "Noklusējuma: 6" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4027 +#: sssd.conf.5.xml:4042 msgid "auto_private_groups (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4033 +#: sssd.conf.5.xml:4048 msgid "true" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4036 +#: sssd.conf.5.xml:4051 msgid "" "Create user's private group unconditionally from user's UID number. The GID " "number is ignored in this case." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4040 +#: sssd.conf.5.xml:4055 msgid "" "NOTE: Because the GID number and the user private group are inferred from " "the UID number, it is not supported to have multiple entries with the same " @@ -4641,24 +4656,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4049 +#: sssd.conf.5.xml:4064 msgid "false" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4052 +#: sssd.conf.5.xml:4067 msgid "" "Always use the user's primary GID number. The GID number must refer to a " "group object in the LDAP database." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4058 +#: sssd.conf.5.xml:4073 msgid "hybrid" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4061 +#: sssd.conf.5.xml:4076 msgid "" "A primary group is autogenerated for user entries whose UID and GID numbers " "have the same value and at the same time the GID number does not correspond " @@ -4668,14 +4683,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4074 +#: sssd.conf.5.xml:4089 msgid "" "If the UID and GID of a user are different, then the GID must correspond to " "a group entry, otherwise the GID is simply not resolvable." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4081 +#: sssd.conf.5.xml:4096 msgid "" "This feature is useful for environments that wish to stop maintaining a " "separate group objects for the user private groups, but also wish to retain " @@ -4683,21 +4698,21 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4030 +#: sssd.conf.5.xml:4045 msgid "" "This option takes any of three available values: <placeholder " "type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4093 +#: sssd.conf.5.xml:4108 msgid "" "For subdomains, the default value is False for subdomains that use assigned " "POSIX IDs and True for subdomains that use automatic ID-mapping." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:4101 +#: sssd.conf.5.xml:4116 #, no-wrap msgid "" "[domain/forest.domain/sub.domain]\n" @@ -4705,7 +4720,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:4107 +#: sssd.conf.5.xml:4122 #, no-wrap msgid "" "[domain/forest.domain]\n" @@ -4714,7 +4729,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4098 +#: sssd.conf.5.xml:4113 msgid "" "The value of auto_private_groups can either be set per subdomains in a " "subsection, for example: <placeholder type=\"programlisting\" id=\"0\"/> or " @@ -4731,29 +4746,30 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4122 +#: sssd.conf.5.xml:4137 msgid "proxy_pam_target (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4125 +#: sssd.conf.5.xml:4140 msgid "The proxy target PAM proxies to." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4128 +#: sssd.conf.5.xml:4143 msgid "" "Default: not set by default, you have to take an existing pam configuration " -"or create a new one and add the service name here." +"or create a new one and add the service name here. As an alternative you can " +"enable local authentication with the local_auth_policy option." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4136 +#: sssd.conf.5.xml:4153 msgid "proxy_lib_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4139 +#: sssd.conf.5.xml:4156 msgid "" "The name of the NSS library to use in proxy domains. The NSS functions " "searched for in the library are in the form of _nss_$(libName)_$(function), " @@ -4761,12 +4777,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4149 +#: sssd.conf.5.xml:4166 msgid "proxy_resolver_lib_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4152 +#: sssd.conf.5.xml:4169 msgid "" "The name of the NSS library to use for hosts and networks lookups in proxy " "domains. The NSS functions searched for in the library are in the form of " @@ -4774,12 +4790,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4163 +#: sssd.conf.5.xml:4180 msgid "proxy_fast_alias (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4166 +#: sssd.conf.5.xml:4183 msgid "" "When a user or group is looked up by name in the proxy provider, a second " "lookup by ID is performed to \"canonicalize\" the name in case the requested " @@ -4788,12 +4804,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4180 +#: sssd.conf.5.xml:4197 msgid "proxy_max_children (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4183 +#: sssd.conf.5.xml:4200 msgid "" "This option specifies the number of pre-forked proxy children. It is useful " "for high-load SSSD environments where sssd may run out of available child " @@ -4801,19 +4817,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4118 +#: sssd.conf.5.xml:4133 msgid "" "Options valid for proxy domains. <placeholder type=\"variablelist\" " "id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:4199 +#: sssd.conf.5.xml:4216 msgid "Application domains" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4201 +#: sssd.conf.5.xml:4218 msgid "" "SSSD, with its D-Bus interface (see <citerefentry> <refentrytitle>sssd-ifp</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry>) is appealing to " @@ -4830,7 +4846,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4221 +#: sssd.conf.5.xml:4238 msgid "" "Please note that the application domain must still be explicitly enabled in " "the <quote>domains</quote> parameter so that the lookup order between the " @@ -4838,17 +4854,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> -#: sssd.conf.5.xml:4227 +#: sssd.conf.5.xml:4244 msgid "Application domain parameters" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4229 +#: sssd.conf.5.xml:4246 msgid "inherit_from (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4232 +#: sssd.conf.5.xml:4249 msgid "" "The SSSD POSIX-type domain the application domain inherits all settings " "from. The application domain can moreover add its own settings to the " @@ -4857,7 +4873,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4246 +#: sssd.conf.5.xml:4263 msgid "" "The following example illustrates the use of an application domain. In this " "setup, the POSIX domain is connected to an LDAP server and is used by the OS " @@ -4867,7 +4883,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><programlisting> -#: sssd.conf.5.xml:4254 +#: sssd.conf.5.xml:4271 #, no-wrap msgid "" "[sssd]\n" @@ -4887,12 +4903,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4274 +#: sssd.conf.5.xml:4291 msgid "TRUSTED DOMAIN SECTION" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4276 +#: sssd.conf.5.xml:4293 msgid "" "Some options used in the domain section can also be used in the trusted " "domain section, that is, in a section called <quote>[domain/" @@ -4903,69 +4919,69 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4283 +#: sssd.conf.5.xml:4300 msgid "ldap_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4284 +#: sssd.conf.5.xml:4301 msgid "ldap_user_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4285 +#: sssd.conf.5.xml:4302 msgid "ldap_group_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4286 +#: sssd.conf.5.xml:4303 msgid "ldap_netgroup_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4287 +#: sssd.conf.5.xml:4304 msgid "ldap_service_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4288 +#: sssd.conf.5.xml:4305 msgid "ldap_sasl_mech," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4289 +#: sssd.conf.5.xml:4306 msgid "ad_server," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4290 +#: sssd.conf.5.xml:4307 msgid "ad_backup_server," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4291 +#: sssd.conf.5.xml:4308 msgid "ad_site," msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4292 sssd-ipa.5.xml:879 +#: sssd.conf.5.xml:4309 sssd-ipa.5.xml:884 msgid "use_fully_qualified_names" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4296 +#: sssd.conf.5.xml:4313 msgid "" "For more details about these options see their individual description in the " "manual page." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4302 +#: sssd.conf.5.xml:4319 msgid "CERTIFICATE MAPPING SECTION" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4304 +#: sssd.conf.5.xml:4321 msgid "" "To allow authentication with Smartcards and certificates SSSD must be able " "to map certificates to users. This can be done by adding the full " @@ -4978,7 +4994,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4318 +#: sssd.conf.5.xml:4335 msgid "" "To make the mapping more flexible mapping and matching rules were added to " "SSSD (see <citerefentry> <refentrytitle>sss-certmap</refentrytitle> " @@ -4986,7 +5002,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4327 +#: sssd.conf.5.xml:4344 msgid "" "A mapping and matching rule can be added to the SSSD configuration in a " "section on its own with a name like <quote>[certmap/" @@ -4995,55 +5011,55 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4334 +#: sssd.conf.5.xml:4351 msgid "matchrule (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4337 +#: sssd.conf.5.xml:4354 msgid "" "Only certificates from the Smartcard which matches this rule will be " "processed, all others are ignored." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4341 +#: sssd.conf.5.xml:4358 msgid "" "Default: KRB5:<EKU>clientAuth, i.e. only certificates which have the " "Extended Key Usage <quote>clientAuth</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4348 +#: sssd.conf.5.xml:4365 msgid "maprule (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4351 +#: sssd.conf.5.xml:4368 msgid "Defines how the user is found for a given certificate." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4357 +#: sssd.conf.5.xml:4374 msgid "" "LDAP:(userCertificate;binary={cert!bin}) for LDAP based providers like " "<quote>ldap</quote>, <quote>AD</quote> or <quote>ipa</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4363 +#: sssd.conf.5.xml:4380 msgid "" "The RULE_NAME for the <quote>files</quote> provider which tries to find a " "user with the same name." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4372 +#: sssd.conf.5.xml:4389 msgid "domains (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4375 +#: sssd.conf.5.xml:4392 msgid "" "Comma separated list of domain names the rule should be applied. By default " "a rule is only valid in the domain configured in sssd.conf. If the provider " @@ -5052,17 +5068,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4382 +#: sssd.conf.5.xml:4399 msgid "Default: the configured domain in sssd.conf" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4387 +#: sssd.conf.5.xml:4404 msgid "priority (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4390 +#: sssd.conf.5.xml:4407 msgid "" "Unsigned integer value defining the priority of the rule. The higher the " "number the lower the priority. <quote>0</quote> stands for the highest " @@ -5070,26 +5086,26 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4396 +#: sssd.conf.5.xml:4413 msgid "Default: the lowest priority" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4402 +#: sssd.conf.5.xml:4419 msgid "" "To make the configuration simple and reduce the amount of configuration " "options the <quote>files</quote> provider has some special properties:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4408 +#: sssd.conf.5.xml:4425 msgid "" "if maprule is not set the RULE_NAME name is assumed to be the name of the " "matching user" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4414 +#: sssd.conf.5.xml:4431 msgid "" "if a maprule is used both a single user name or a template like " "<quote>{subject_rfc822_name.short_name}</quote> must be in braces like e.g. " @@ -5098,17 +5114,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4423 +#: sssd.conf.5.xml:4440 msgid "the <quote>domains</quote> option is ignored" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4431 +#: sssd.conf.5.xml:4448 msgid "PROMPTING CONFIGURATION SECTION" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4433 +#: sssd.conf.5.xml:4450 msgid "" "If a special file (<filename>/var/lib/sss/pubconf/pam_preauth_available</" "filename>) exists SSSD's PAM module pam_sss will ask SSSD to figure out " @@ -5118,7 +5134,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4441 +#: sssd.conf.5.xml:4458 msgid "" "With the growing number of authentication methods and the possibility that " "there are multiple ones for a single user the heuristic used by pam_sss to " @@ -5127,59 +5143,59 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4453 +#: sssd.conf.5.xml:4470 msgid "[prompting/password]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4456 +#: sssd.conf.5.xml:4473 msgid "password_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4457 +#: sssd.conf.5.xml:4474 msgid "to change the string of the password prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4455 +#: sssd.conf.5.xml:4472 msgid "" "to configure password prompting, allowed options are: <placeholder " "type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4465 +#: sssd.conf.5.xml:4482 msgid "[prompting/2fa]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4469 +#: sssd.conf.5.xml:4486 msgid "first_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4470 +#: sssd.conf.5.xml:4487 msgid "to change the string of the prompt for the first factor" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4473 +#: sssd.conf.5.xml:4490 msgid "second_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4474 +#: sssd.conf.5.xml:4491 msgid "to change the string of the prompt for the second factor" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4477 +#: sssd.conf.5.xml:4494 msgid "single_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4478 +#: sssd.conf.5.xml:4495 msgid "" "boolean value, if True there will be only a single prompt using the value of " "first_prompt where it is expected that both factors are entered as a single " @@ -5188,7 +5204,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4467 +#: sssd.conf.5.xml:4484 msgid "" "to configure two-factor authentication prompting, allowed options are: " "<placeholder type=\"variablelist\" id=\"0\"/> If the second factor is " @@ -5197,17 +5213,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4495 +#: sssd.conf.5.xml:4512 msgid "[prompting/passkey]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4501 sssd-ad.5.xml:1021 +#: sssd.conf.5.xml:4518 sssd-ad.5.xml:1021 msgid "interactive" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4503 +#: sssd.conf.5.xml:4520 msgid "" "boolean value, if True prompt a message and wait before testing the presence " "of a passkey device. Recommended if your device doesn’t have a tactile " @@ -5215,46 +5231,46 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4511 +#: sssd.conf.5.xml:4528 msgid "interactive_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4513 +#: sssd.conf.5.xml:4530 msgid "to change the message of the interactive prompt." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4518 +#: sssd.conf.5.xml:4535 msgid "touch" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4520 +#: sssd.conf.5.xml:4537 msgid "" "boolean value, if True prompt a message to remind the user to touch the " "device." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4526 +#: sssd.conf.5.xml:4543 msgid "touch_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4528 +#: sssd.conf.5.xml:4545 msgid "to change the message of the touch prompt." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4497 +#: sssd.conf.5.xml:4514 msgid "" "to configure passkey authentication prompting, allowed options are: " "<placeholder type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4448 +#: sssd.conf.5.xml:4465 msgid "" "Each supported authentication method has its own configuration subsection " "under <quote>[prompting/...]</quote>. Currently there are: <placeholder " @@ -5263,7 +5279,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4539 +#: sssd.conf.5.xml:4556 msgid "" "It is possible to add a subsection for specific PAM services, e.g. " "<quote>[prompting/password/sshd]</quote> to individual change the prompting " @@ -5271,12 +5287,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4546 pam_sss_gss.8.xml:157 idmap_sss.8.xml:43 +#: sssd.conf.5.xml:4563 pam_sss_gss.8.xml:157 idmap_sss.8.xml:43 msgid "EXAMPLES" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4552 +#: sssd.conf.5.xml:4569 #, no-wrap msgid "" "[sssd]\n" @@ -5306,7 +5322,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4548 +#: sssd.conf.5.xml:4565 msgid "" "1. The following example shows a typical SSSD config. It does not describe " "configuration of the domains themselves - refer to documentation on " @@ -5315,7 +5331,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4585 +#: sssd.conf.5.xml:4602 #, no-wrap msgid "" "[domain/ipa.com/child.ad.com]\n" @@ -5323,7 +5339,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4579 +#: sssd.conf.5.xml:4596 msgid "" "2. The following example shows configuration of IPA AD trust where the AD " "forest consists of two domains in a parent-child structure. Suppose IPA " @@ -5334,7 +5350,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4596 +#: sssd.conf.5.xml:4613 #, no-wrap msgid "" "[certmap/my.domain/rule_name]\n" @@ -5345,7 +5361,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4590 +#: sssd.conf.5.xml:4607 msgid "" "3. The following example shows the configuration of a certificate mapping " "rule. It is valid for the configured domain <quote>my.domain</quote> and " @@ -5399,26 +5415,26 @@ msgid "" "LDAP back end supports id, auth, access and chpass providers. If you want to " "authenticate against an LDAP server either TLS/SSL or LDAPS is required. " "<command>sssd</command> <emphasis>does not</emphasis> support authentication " -"over an unencrypted channel. If the LDAP server is used only as an identity " -"provider, an encrypted channel is not needed. Please refer to " -"<quote>ldap_access_filter</quote> config option for more information about " -"using LDAP as an access provider." +"over an unencrypted channel. Even if the LDAP server is used only as an " +"identity provider, an encrypted channel is strongly recommended. Please " +"refer to <quote>ldap_access_filter</quote> config option for more " +"information about using LDAP as an access provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:82 sssd-ad.5.xml:130 +#: sssd-ldap.5.xml:50 sssd-simple.5.xml:69 sssd-ipa.5.xml:82 sssd-ad.5.xml:130 #: sssd-krb5.5.xml:63 sssd-ifp.5.xml:60 sssd-files.5.xml:77 #: sssd-session-recording.5.xml:58 sssd-kcm.8.xml:202 msgid "CONFIGURATION OPTIONS" msgstr "KONFIGURĒŠANAS IESPĒJAS" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:66 +#: sssd-ldap.5.xml:67 msgid "ldap_uri, ldap_backup_uri (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:69 +#: sssd-ldap.5.xml:70 msgid "" "Specifies the comma-separated list of URIs of the LDAP servers to which SSSD " "should connect in the order of preference. Refer to the <quote>FAILOVER</" @@ -5428,33 +5444,33 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:76 +#: sssd-ldap.5.xml:77 msgid "The format of the URI must match the format defined in RFC 2732:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:79 +#: sssd-ldap.5.xml:80 msgid "ldap[s]://<host>[:port]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:82 +#: sssd-ldap.5.xml:83 msgid "" "For explicit IPv6 addresses, <host> must be enclosed in brackets []" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:85 +#: sssd-ldap.5.xml:86 msgid "example: ldap://[fc00::126:25]:389" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:91 +#: sssd-ldap.5.xml:92 msgid "ldap_chpass_uri, ldap_chpass_backup_uri (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:94 +#: sssd-ldap.5.xml:95 msgid "" "Specifies the comma-separated list of URIs of the LDAP servers to which SSSD " "should connect in the order of preference to change the password of a user. " @@ -5463,71 +5479,71 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:101 +#: sssd-ldap.5.xml:102 msgid "To enable service discovery ldap_chpass_dns_service_name must be set." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:105 +#: sssd-ldap.5.xml:106 msgid "Default: empty, i.e. ldap_uri is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:111 +#: sssd-ldap.5.xml:112 msgid "ldap_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:114 +#: sssd-ldap.5.xml:115 msgid "The default base DN to use for performing LDAP user operations." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:118 +#: sssd-ldap.5.xml:119 msgid "" "Starting with SSSD 1.7.0, SSSD supports multiple search bases using the " "syntax:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:122 +#: sssd-ldap.5.xml:123 msgid "search_base[?scope?[filter][?search_base?scope?[filter]]*]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:125 +#: sssd-ldap.5.xml:126 msgid "The scope can be one of \"base\", \"onelevel\" or \"subtree\"." msgstr "" #. type: Content of: <listitem><para> -#: sssd-ldap.5.xml:128 include/ldap_search_bases.xml:18 +#: sssd-ldap.5.xml:129 include/ldap_search_bases.xml:18 msgid "" "The filter must be a valid LDAP search filter as specified by http://www." "ietf.org/rfc/rfc2254.txt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:132 sssd-ad.5.xml:311 sss_override.8.xml:143 +#: sssd-ldap.5.xml:133 sssd-ad.5.xml:311 sss_override.8.xml:143 #: sss_override.8.xml:240 sssd-ldap-attributes.5.xml:453 msgid "Examples:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:135 +#: sssd-ldap.5.xml:136 msgid "" "ldap_search_base = dc=example,dc=com (which is equivalent to) " "ldap_search_base = dc=example,dc=com?subtree?" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:140 +#: sssd-ldap.5.xml:141 msgid "" "ldap_search_base = cn=host_specific,dc=example,dc=com?subtree?" "(host=thishost)?dc=example.com?subtree?" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:143 +#: sssd-ldap.5.xml:144 msgid "" "Note: It is unsupported to have multiple search bases which reference " "identically-named objects (for example, groups with the same name in two " @@ -5536,7 +5552,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:150 +#: sssd-ldap.5.xml:151 msgid "" "Default: If not set, the value of the defaultNamingContext or namingContexts " "attribute from the RootDSE of the LDAP server is used. If " @@ -5547,12 +5563,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:164 +#: sssd-ldap.5.xml:165 msgid "ldap_schema (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:167 +#: sssd-ldap.5.xml:168 msgid "" "Specifies the Schema Type in use on the target LDAP server. Depending on " "the selected schema, the default attribute names retrieved from the servers " @@ -5560,32 +5576,32 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:174 +#: sssd-ldap.5.xml:175 msgid "Four schema types are currently supported:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:178 +#: sssd-ldap.5.xml:179 msgid "rfc2307" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:183 +#: sssd-ldap.5.xml:184 msgid "rfc2307bis" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:188 +#: sssd-ldap.5.xml:189 msgid "IPA" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:193 +#: sssd-ldap.5.xml:194 msgid "AD" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:199 +#: sssd-ldap.5.xml:200 msgid "" "The main difference between these schema types is how group memberships are " "recorded in the server. With rfc2307, group members are listed by name in " @@ -5596,37 +5612,37 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:209 +#: sssd-ldap.5.xml:210 msgid "Default: rfc2307" msgstr "Noklusējuma: rfc2307" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:215 +#: sssd-ldap.5.xml:216 msgid "ldap_pwmodify_mode (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:218 +#: sssd-ldap.5.xml:219 msgid "Specify the operation that is used to modify user password." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:222 +#: sssd-ldap.5.xml:223 msgid "Two modes are currently supported:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:226 +#: sssd-ldap.5.xml:227 msgid "exop - Password Modify Extended Operation (RFC 3062)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:232 +#: sssd-ldap.5.xml:233 msgid "ldap_modify - Direct modification of userPassword (not recommended)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:239 +#: sssd-ldap.5.xml:240 msgid "" "Note: First, a new connection is established to verify current password by " "binding as the user that requested password change. If successful, this " @@ -5635,74 +5651,74 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:247 +#: sssd-ldap.5.xml:248 msgid "Default: exop" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:253 +#: sssd-ldap.5.xml:254 msgid "ldap_default_bind_dn (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:256 +#: sssd-ldap.5.xml:257 msgid "The default bind DN to use for performing LDAP operations." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:263 +#: sssd-ldap.5.xml:264 msgid "ldap_default_authtok_type (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:266 +#: sssd-ldap.5.xml:267 msgid "The type of the authentication token of the default bind DN." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:270 +#: sssd-ldap.5.xml:271 msgid "The two mechanisms currently supported are:" msgstr "Divi pašlaik atbalstītie mehānismi ir:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:273 +#: sssd-ldap.5.xml:274 msgid "password" msgstr "parole" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:276 +#: sssd-ldap.5.xml:277 msgid "obfuscated_password" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:279 +#: sssd-ldap.5.xml:280 msgid "Default: password" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:282 +#: sssd-ldap.5.xml:283 msgid "" "See the <citerefentry> <refentrytitle>sss_obfuscate</refentrytitle> " "<manvolnum>8</manvolnum> </citerefentry> manual page for more information." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:293 +#: sssd-ldap.5.xml:294 msgid "ldap_default_authtok (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:296 +#: sssd-ldap.5.xml:297 msgid "The authentication token of the default bind DN." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:302 +#: sssd-ldap.5.xml:303 msgid "ldap_force_upper_case_realm (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:305 +#: sssd-ldap.5.xml:306 msgid "" "Some directory servers, for example Active Directory, might deliver the " "realm part of the UPN in lower case, which might cause the authentication to " @@ -5711,24 +5727,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:318 +#: sssd-ldap.5.xml:319 msgid "ldap_enumeration_refresh_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:321 +#: sssd-ldap.5.xml:322 msgid "" "Specifies how many seconds SSSD has to wait before refreshing its cache of " "enumerated records." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:337 +#: sssd-ldap.5.xml:338 msgid "ldap_purge_cache_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:340 +#: sssd-ldap.5.xml:341 msgid "" "Determine how often to check the cache for inactive entries (such as groups " "with no members and users who have never logged in) and remove them to save " @@ -5736,7 +5752,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:346 +#: sssd-ldap.5.xml:347 msgid "" "Setting this option to zero will disable the cache cleanup operation. Please " "note that if enumeration is enabled, the cleanup task is required in order " @@ -5745,12 +5761,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:366 +#: sssd-ldap.5.xml:367 msgid "ldap_group_nesting_level (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:369 +#: sssd-ldap.5.xml:370 msgid "" "If ldap_schema is set to a schema format that supports nested groups (e.g. " "RFC2307bis), then this option controls how many levels of nesting SSSD will " @@ -5758,7 +5774,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:376 +#: sssd-ldap.5.xml:377 msgid "" "Note: This option specifies the guaranteed level of nested groups to be " "processed for any lookup. However, nested groups beyond this limit " @@ -5768,7 +5784,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:385 +#: sssd-ldap.5.xml:386 msgid "" "If ldap_group_nesting_level is set to 0 then no nested groups are processed " "at all. However, when connected to Active-Directory Server 2008 and later " @@ -5778,67 +5794,67 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:394 +#: sssd-ldap.5.xml:395 msgid "Default: 2" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:403 +#: sssd-ldap.5.xml:404 msgid "" "This options enables or disables use of Token-Groups attribute when " "performing initgroup for users from Active Directory Server 2008 and later." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:413 +#: sssd-ldap.5.xml:414 msgid "Default: True for AD and IPA otherwise False." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:419 +#: sssd-ldap.5.xml:420 msgid "ldap_host_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:422 +#: sssd-ldap.5.xml:423 msgid "Optional. Use the given string as search base for host objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:426 sssd-ipa.5.xml:457 sssd-ipa.5.xml:476 sssd-ipa.5.xml:495 -#: sssd-ipa.5.xml:514 +#: sssd-ldap.5.xml:427 sssd-ipa.5.xml:462 sssd-ipa.5.xml:481 sssd-ipa.5.xml:500 +#: sssd-ipa.5.xml:519 msgid "" "See <quote>ldap_search_base</quote> for information about configuring " "multiple search bases." msgstr "" #. type: Content of: <listitem><para> -#: sssd-ldap.5.xml:431 sssd-ipa.5.xml:462 include/ldap_search_bases.xml:27 +#: sssd-ldap.5.xml:432 sssd-ipa.5.xml:467 include/ldap_search_bases.xml:27 msgid "Default: the value of <emphasis>ldap_search_base</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:438 +#: sssd-ldap.5.xml:439 msgid "ldap_service_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:443 +#: sssd-ldap.5.xml:444 msgid "ldap_iphost_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:448 +#: sssd-ldap.5.xml:449 msgid "ldap_ipnetwork_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:453 +#: sssd-ldap.5.xml:454 msgid "ldap_search_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:456 +#: sssd-ldap.5.xml:457 msgid "" "Specifies the timeout (in seconds) that ldap searches are allowed to run " "before they are cancelled and cached results are returned (and offline mode " @@ -5846,7 +5862,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:462 +#: sssd-ldap.5.xml:463 msgid "" "Note: this option is subject to change in future versions of the SSSD. It " "will likely be replaced at some point by a series of timeouts for specific " @@ -5854,12 +5870,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:479 +#: sssd-ldap.5.xml:480 msgid "ldap_enumeration_search_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:482 +#: sssd-ldap.5.xml:483 msgid "" "Specifies the timeout (in seconds) that ldap searches for user and group " "enumerations are allowed to run before they are cancelled and cached results " @@ -5867,12 +5883,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:500 +#: sssd-ldap.5.xml:501 msgid "ldap_network_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:503 +#: sssd-ldap.5.xml:504 msgid "" "Specifies the timeout (in seconds) after which the <citerefentry> " "<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/" @@ -5883,12 +5899,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:531 +#: sssd-ldap.5.xml:532 msgid "ldap_opt_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:534 +#: sssd-ldap.5.xml:535 msgid "" "Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs " "will abort if no response is received. Also controls the timeout when " @@ -5897,12 +5913,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:554 +#: sssd-ldap.5.xml:555 msgid "ldap_connection_expire_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:557 +#: sssd-ldap.5.xml:558 msgid "" "Specifies a timeout (in seconds) that a connection to an LDAP server will be " "maintained. After this time, the connection will be re-established. If used " @@ -5911,7 +5927,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:565 +#: sssd-ldap.5.xml:566 msgid "" "If the connection is idle (not actively running an operation) within " "<emphasis>ldap_opt_timeout</emphasis> seconds of expiration, then it will be " @@ -5922,38 +5938,38 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:577 +#: sssd-ldap.5.xml:578 msgid "" "This timeout can be extended of a random value specified by " "<emphasis>ldap_connection_expire_offset</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:587 sssd-ldap.5.xml:630 sssd-ldap.5.xml:1711 +#: sssd-ldap.5.xml:588 sssd-ldap.5.xml:631 sssd-ldap.5.xml:1713 msgid "Default: 900 (15 minutes)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:593 +#: sssd-ldap.5.xml:594 msgid "ldap_connection_expire_offset (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:596 +#: sssd-ldap.5.xml:597 msgid "" "Random offset between 0 and configured value is added to " "<emphasis>ldap_connection_expire_timeout</emphasis>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:612 +#: sssd-ldap.5.xml:613 #, fuzzy #| msgid "timeout (integer)" msgid "ldap_connection_idle_timeout (integer)" msgstr "noildze (vesels skaitlis)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:615 +#: sssd-ldap.5.xml:616 msgid "" "Specifies a timeout (in seconds) that an idle connection to an LDAP server " "will be maintained. If the connection is idle for more than this time then " @@ -5961,29 +5977,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:621 +#: sssd-ldap.5.xml:622 msgid "You can disable this timeout by setting the value to 0." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:636 +#: sssd-ldap.5.xml:637 msgid "ldap_page_size (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:639 +#: sssd-ldap.5.xml:640 msgid "" "Specify the number of records to retrieve from LDAP in a single request. " "Some LDAP servers enforce a maximum limit per-request." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:650 +#: sssd-ldap.5.xml:651 msgid "ldap_disable_paging (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:653 +#: sssd-ldap.5.xml:654 msgid "" "Disable the LDAP paging control. This option should be used if the LDAP " "server reports that it supports the LDAP paging control in its RootDSE but " @@ -5991,14 +6007,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:659 +#: sssd-ldap.5.xml:660 msgid "" "Example: OpenLDAP servers with the paging control module installed on the " "server but not enabled will report it in the RootDSE but be unable to use it." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:665 +#: sssd-ldap.5.xml:666 msgid "" "Example: 389 DS has a bug where it can only support a one paging control at " "a time on a single connection. On busy clients, this can result in some " @@ -6006,17 +6022,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:677 +#: sssd-ldap.5.xml:678 msgid "ldap_disable_range_retrieval (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:680 +#: sssd-ldap.5.xml:681 msgid "Disable Active Directory range retrieval." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:683 +#: sssd-ldap.5.xml:684 msgid "" "Active Directory limits the number of members to be retrieved in a single " "lookup using the MaxValRange policy (which defaults to 1500 members). If a " @@ -6026,12 +6042,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:698 +#: sssd-ldap.5.xml:699 msgid "ldap_sasl_minssf (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:701 +#: sssd-ldap.5.xml:702 msgid "" "When communicating with an LDAP server using SASL, specify the minimum " "security level necessary to establish the connection. The values of this " @@ -6039,17 +6055,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:707 sssd-ldap.5.xml:723 +#: sssd-ldap.5.xml:708 sssd-ldap.5.xml:724 msgid "Default: Use the system default (usually specified by ldap.conf)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:714 +#: sssd-ldap.5.xml:715 msgid "ldap_sasl_maxssf (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:717 +#: sssd-ldap.5.xml:718 msgid "" "When communicating with an LDAP server using SASL, specify the maximal " "security level necessary to establish the connection. The values of this " @@ -6057,12 +6073,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:730 +#: sssd-ldap.5.xml:731 msgid "ldap_deref_threshold (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:733 +#: sssd-ldap.5.xml:734 msgid "" "Specify the number of group members that must be missing from the internal " "cache in order to trigger a dereference lookup. If less members are missing, " @@ -6070,7 +6086,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:739 +#: sssd-ldap.5.xml:740 msgid "" "You can turn off dereference lookups completely by setting the value to 0. " "Please note that there are some codepaths in SSSD, like the IPA HBAC " @@ -6081,7 +6097,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:750 +#: sssd-ldap.5.xml:751 msgid "" "A dereference lookup is a means of fetching all group members in a single " "LDAP call. Different LDAP servers may implement different dereference " @@ -6090,7 +6106,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:758 +#: sssd-ldap.5.xml:759 msgid "" "<emphasis>Note:</emphasis> If any of the search bases specifies a search " "filter, then the dereference lookup performance enhancement will be disabled " @@ -6098,12 +6114,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:771 +#: sssd-ldap.5.xml:772 msgid "ldap_ignore_unreadable_references (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:774 +#: sssd-ldap.5.xml:775 msgid "" "Ignore unreadable LDAP entries referenced in group's member attribute. If " "this parameter is set to false an error will be returned and the operation " @@ -6111,7 +6127,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:781 +#: sssd-ldap.5.xml:782 msgid "" "This parameter may be useful when using the AD provider and the computer " "account that sssd uses to connect to AD does not have access to a particular " @@ -6119,26 +6135,26 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:794 +#: sssd-ldap.5.xml:795 msgid "ldap_tls_reqcert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:797 +#: sssd-ldap.5.xml:798 msgid "" "Specifies what checks to perform on server certificates in a TLS session, if " "any. It can be specified as one of the following values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:803 +#: sssd-ldap.5.xml:804 msgid "" "<emphasis>never</emphasis> = The client will not request or check any server " "certificate." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:807 +#: sssd-ldap.5.xml:808 msgid "" "<emphasis>allow</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -6146,7 +6162,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:814 +#: sssd-ldap.5.xml:815 msgid "" "<emphasis>try</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -6154,7 +6170,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:820 +#: sssd-ldap.5.xml:821 msgid "" "<emphasis>demand</emphasis> = The server certificate is requested. If no " "certificate is provided, or a bad certificate is provided, the session is " @@ -6162,41 +6178,41 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:826 +#: sssd-ldap.5.xml:827 msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:830 +#: sssd-ldap.5.xml:831 msgid "Default: hard" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:836 +#: sssd-ldap.5.xml:837 msgid "ldap_tls_cacert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:839 +#: sssd-ldap.5.xml:840 msgid "" "Specifies the file that contains certificates for all of the Certificate " "Authorities that <command>sssd</command> will recognize." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:844 sssd-ldap.5.xml:862 sssd-ldap.5.xml:903 +#: sssd-ldap.5.xml:845 sssd-ldap.5.xml:863 sssd-ldap.5.xml:904 msgid "" "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap." "conf</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:851 +#: sssd-ldap.5.xml:852 msgid "ldap_tls_cacertdir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:854 +#: sssd-ldap.5.xml:855 msgid "" "Specifies the path of a directory that contains Certificate Authority " "certificates in separate individual files. Typically the file names need to " @@ -6205,32 +6221,32 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:869 +#: sssd-ldap.5.xml:870 msgid "ldap_tls_cert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:872 +#: sssd-ldap.5.xml:873 msgid "Specifies the file that contains the certificate for the client's key." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:882 +#: sssd-ldap.5.xml:883 msgid "ldap_tls_key (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:885 +#: sssd-ldap.5.xml:886 msgid "Specifies the file that contains the client's key." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:894 +#: sssd-ldap.5.xml:895 msgid "ldap_tls_cipher_suite (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:897 +#: sssd-ldap.5.xml:898 msgid "" "Specifies acceptable cipher suites. Typically this is a colon separated " "list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> " @@ -6238,24 +6254,25 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:910 +#: sssd-ldap.5.xml:911 msgid "ldap_id_use_start_tls (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:913 +#: sssd-ldap.5.xml:914 msgid "" "Specifies that the id_provider connection must also use <systemitem " -"class=\"protocol\">tls</systemitem> to protect the channel." +"class=\"protocol\">tls</systemitem> to protect the channel. <emphasis>true</" +"emphasis> is strongly recommended for security reasons." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:923 +#: sssd-ldap.5.xml:925 msgid "ldap_id_mapping (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:926 +#: sssd-ldap.5.xml:928 msgid "" "Specifies that SSSD should attempt to map user and group IDs from the " "ldap_user_objectsid and ldap_group_objectsid attributes instead of relying " @@ -6263,17 +6280,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:932 +#: sssd-ldap.5.xml:934 msgid "Currently this feature supports only ActiveDirectory objectSID mapping." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:942 +#: sssd-ldap.5.xml:944 msgid "ldap_min_id, ldap_max_id (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:945 +#: sssd-ldap.5.xml:947 msgid "" "In contrast to the SID based ID mapping which is used if ldap_id_mapping is " "set to true the allowed ID range for ldap_user_uid_number and " @@ -6284,24 +6301,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:957 +#: sssd-ldap.5.xml:959 msgid "Default: not set (both options are set to 0)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:963 +#: sssd-ldap.5.xml:965 msgid "ldap_sasl_mech (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:966 +#: sssd-ldap.5.xml:968 msgid "" "Specify the SASL mechanism to use. Currently only GSSAPI and GSS-SPNEGO are " "tested and supported." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:970 +#: sssd-ldap.5.xml:972 msgid "" "If the backend supports sub-domains the value of ldap_sasl_mech is " "automatically inherited to the sub-domains. If a different value is needed " @@ -6312,12 +6329,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:986 +#: sssd-ldap.5.xml:988 msgid "ldap_sasl_authid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd-ldap.5.xml:998 +#: sssd-ldap.5.xml:1000 #, no-wrap msgid "" "hostname@REALM\n" @@ -6330,7 +6347,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:989 +#: sssd-ldap.5.xml:991 msgid "" "Specify the SASL authorization id to use. When GSSAPI/GSS-SPNEGO are used, " "this represents the Kerberos principal used for authentication to the " @@ -6342,17 +6359,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1009 +#: sssd-ldap.5.xml:1011 msgid "Default: host/hostname@REALM" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1015 +#: sssd-ldap.5.xml:1017 msgid "ldap_sasl_realm (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1018 +#: sssd-ldap.5.xml:1020 msgid "" "Specify the SASL realm to use. When not specified, this option defaults to " "the value of krb5_realm. If the ldap_sasl_authid contains the realm as " @@ -6360,49 +6377,49 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1024 +#: sssd-ldap.5.xml:1026 msgid "Default: the value of krb5_realm." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1030 +#: sssd-ldap.5.xml:1032 msgid "ldap_sasl_canonicalize (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1033 +#: sssd-ldap.5.xml:1035 msgid "" "If set to true, the LDAP library would perform a reverse lookup to " "canonicalize the host name during a SASL bind." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1038 +#: sssd-ldap.5.xml:1040 msgid "Default: false;" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1044 +#: sssd-ldap.5.xml:1046 msgid "ldap_krb5_keytab (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1047 +#: sssd-ldap.5.xml:1049 msgid "Specify the keytab to use when using SASL/GSSAPI/GSS-SPNEGO." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1056 sssd-krb5.5.xml:247 +#: sssd-ldap.5.xml:1058 sssd-krb5.5.xml:247 msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1062 +#: sssd-ldap.5.xml:1064 msgid "ldap_krb5_init_creds (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1065 +#: sssd-ldap.5.xml:1067 msgid "" "Specifies that the id_provider should init Kerberos credentials (TGT). This " "action is performed only if SASL is used and the mechanism selected is " @@ -6410,28 +6427,28 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1077 +#: sssd-ldap.5.xml:1079 msgid "ldap_krb5_ticket_lifetime (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1080 +#: sssd-ldap.5.xml:1082 msgid "" "Specifies the lifetime in seconds of the TGT if GSSAPI or GSS-SPNEGO is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1089 sssd-ad.5.xml:1252 +#: sssd-ldap.5.xml:1091 sssd-ad.5.xml:1252 msgid "Default: 86400 (24 hours)" msgstr "Noklusējuma: 86400 (24 stundas)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1095 sssd-krb5.5.xml:74 +#: sssd-ldap.5.xml:1097 sssd-krb5.5.xml:74 msgid "krb5_server, krb5_backup_server (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1098 +#: sssd-ldap.5.xml:1100 msgid "" "Specifies the comma-separated list of IP addresses or hostnames of the " "Kerberos servers to which SSSD should connect in the order of preference. " @@ -6443,7 +6460,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1110 sssd-krb5.5.xml:89 +#: sssd-ldap.5.xml:1112 sssd-krb5.5.xml:89 msgid "" "When using service discovery for KDC or kpasswd servers, SSSD first searches " "for DNS entries that specify _udp as the protocol and falls back to _tcp if " @@ -6451,7 +6468,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1115 sssd-krb5.5.xml:94 +#: sssd-ldap.5.xml:1117 sssd-krb5.5.xml:94 msgid "" "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. " "While the legacy name is recognized for the time being, users are advised to " @@ -6459,39 +6476,39 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1124 sssd-ipa.5.xml:526 sssd-krb5.5.xml:103 +#: sssd-ldap.5.xml:1126 sssd-ipa.5.xml:531 sssd-krb5.5.xml:103 msgid "krb5_realm (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1127 +#: sssd-ldap.5.xml:1129 msgid "Specify the Kerberos REALM (for SASL/GSSAPI/GSS-SPNEGO auth)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1131 +#: sssd-ldap.5.xml:1133 msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>" msgstr "" #. type: Content of: <variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1137 include/krb5_options.xml:154 +#: sssd-ldap.5.xml:1139 include/krb5_options.xml:154 msgid "krb5_canonicalize (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1140 +#: sssd-ldap.5.xml:1142 msgid "" "Specifies if the host principal should be canonicalized when connecting to " "LDAP server. This feature is available with MIT Kerberos >= 1.7" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1152 sssd-krb5.5.xml:336 +#: sssd-ldap.5.xml:1154 sssd-krb5.5.xml:336 msgid "krb5_use_kdcinfo (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1155 sssd-krb5.5.xml:339 +#: sssd-ldap.5.xml:1157 sssd-krb5.5.xml:339 msgid "" "Specifies if the SSSD should instruct the Kerberos libraries what realm and " "which KDCs to use. This option is on by default, if you disable it, you need " @@ -6501,7 +6518,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1166 sssd-krb5.5.xml:350 +#: sssd-ldap.5.xml:1168 sssd-krb5.5.xml:350 msgid "" "See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</" "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more " @@ -6509,26 +6526,26 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1180 +#: sssd-ldap.5.xml:1182 msgid "ldap_pwd_policy (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1183 +#: sssd-ldap.5.xml:1185 msgid "" "Select the policy to evaluate the password expiration on the client side. " "The following values are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1188 +#: sssd-ldap.5.xml:1190 msgid "" "<emphasis>none</emphasis> - No evaluation on the client side. This option " "cannot disable server-side password policies." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1193 +#: sssd-ldap.5.xml:1195 msgid "" "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</" "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to " @@ -6537,7 +6554,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1201 +#: sssd-ldap.5.xml:1203 msgid "" "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos " "to determine if the password has expired. Use chpass_provider=krb5 to update " @@ -6545,31 +6562,31 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1210 +#: sssd-ldap.5.xml:1212 msgid "" "<emphasis>Note</emphasis>: if a password policy is configured on server " "side, it always takes precedence over policy set with this option." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1218 +#: sssd-ldap.5.xml:1220 msgid "ldap_referrals (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1221 +#: sssd-ldap.5.xml:1223 msgid "Specifies whether automatic referral chasing should be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1225 +#: sssd-ldap.5.xml:1227 msgid "" "Please note that sssd only supports referral chasing when it is compiled " "with OpenLDAP version 2.4.13 or higher." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1230 +#: sssd-ldap.5.xml:1232 msgid "" "Chasing referrals may incur a performance penalty in environments that use " "them heavily, a notable example is Microsoft Active Directory. If your setup " @@ -6582,51 +6599,51 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1249 +#: sssd-ldap.5.xml:1251 msgid "ldap_dns_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1252 +#: sssd-ldap.5.xml:1254 msgid "Specifies the service name to use when service discovery is enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1256 +#: sssd-ldap.5.xml:1258 msgid "Default: ldap" msgstr "Noklusējuma: ldap" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1262 +#: sssd-ldap.5.xml:1264 msgid "ldap_chpass_dns_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1265 +#: sssd-ldap.5.xml:1267 msgid "" "Specifies the service name to use to find an LDAP server which allows " "password changes when service discovery is enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1270 +#: sssd-ldap.5.xml:1272 msgid "Default: not set, i.e. service discovery is disabled" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1276 +#: sssd-ldap.5.xml:1278 msgid "ldap_chpass_update_last_change (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1279 +#: sssd-ldap.5.xml:1281 msgid "" "Specifies whether to update the ldap_user_shadow_last_change attribute with " "days since the Epoch after a password change operation." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1285 +#: sssd-ldap.5.xml:1287 msgid "" "It is recommend to set this option explicitly if \"ldap_pwd_policy = " "shadow\" is used to let SSSD know if the LDAP server will update " @@ -6635,12 +6652,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1299 +#: sssd-ldap.5.xml:1301 msgid "ldap_access_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1302 +#: sssd-ldap.5.xml:1304 msgid "" "If using access_provider = ldap and ldap_access_order = filter (default), " "this option is mandatory. It specifies an LDAP search filter criteria that " @@ -6656,12 +6673,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1322 +#: sssd-ldap.5.xml:1324 msgid "Example:" msgstr "Piemērs:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> -#: sssd-ldap.5.xml:1325 +#: sssd-ldap.5.xml:1327 #, no-wrap msgid "" "access_provider = ldap\n" @@ -6670,14 +6687,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1329 +#: sssd-ldap.5.xml:1331 msgid "" "This example means that access to this host is restricted to users whose " "employeeType attribute is set to \"admin\"." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1334 +#: sssd-ldap.5.xml:1336 msgid "" "Offline caching for this feature is limited to determining whether the " "user's last online login was granted access permission. If they were granted " @@ -6686,24 +6703,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1342 sssd-ldap.5.xml:1398 +#: sssd-ldap.5.xml:1344 sssd-ldap.5.xml:1400 msgid "Default: Empty" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1348 +#: sssd-ldap.5.xml:1350 msgid "ldap_account_expire_policy (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1351 +#: sssd-ldap.5.xml:1353 msgid "" "With this option a client side evaluation of access control attributes can " "be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1355 +#: sssd-ldap.5.xml:1357 msgid "" "Please note that it is always recommended to use server side access control, " "i.e. the LDAP server should deny the bind request with a suitable error code " @@ -6711,19 +6728,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1362 +#: sssd-ldap.5.xml:1364 msgid "The following values are allowed:" msgstr "Atļautas šādas vērtības:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1365 +#: sssd-ldap.5.xml:1367 msgid "" "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to " "determine if the account is expired." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1370 +#: sssd-ldap.5.xml:1372 msgid "" "<emphasis>ad</emphasis>: use the value of the 32bit field " "ldap_user_ad_user_account_control and allow access if the second bit is not " @@ -6732,7 +6749,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1377 +#: sssd-ldap.5.xml:1379 msgid "" "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</" "emphasis>: use the value of ldap_ns_account_lock to check if access is " @@ -6740,7 +6757,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1383 +#: sssd-ldap.5.xml:1385 msgid "" "<emphasis>nds</emphasis>: the values of " "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and " @@ -6749,7 +6766,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1391 +#: sssd-ldap.5.xml:1393 msgid "" "Please note that the ldap_access_order configuration option <emphasis>must</" "emphasis> include <quote>expire</quote> in order for the " @@ -6757,22 +6774,22 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1404 +#: sssd-ldap.5.xml:1406 msgid "ldap_access_order (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1407 sssd-ipa.5.xml:351 +#: sssd-ldap.5.xml:1409 sssd-ipa.5.xml:356 msgid "Comma separated list of access control options. Allowed values are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1411 +#: sssd-ldap.5.xml:1413 msgid "<emphasis>filter</emphasis>: use ldap_access_filter" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1414 +#: sssd-ldap.5.xml:1416 msgid "" "<emphasis>lockout</emphasis>: use account locking. If set, this option " "denies access in case that ldap attribute 'pwdAccountLockedTime' is present " @@ -6782,14 +6799,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1424 +#: sssd-ldap.5.xml:1426 msgid "" "<emphasis> Please note that this option is superseded by the <quote>ppolicy</" "quote> option and might be removed in a future release. </emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1431 +#: sssd-ldap.5.xml:1433 msgid "" "<emphasis>ppolicy</emphasis>: use account locking. If set, this option " "denies access in case that ldap attribute 'pwdAccountLockedTime' is present " @@ -6802,12 +6819,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1448 +#: sssd-ldap.5.xml:1450 msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1452 sssd-ipa.5.xml:359 +#: sssd-ldap.5.xml:1454 sssd-ipa.5.xml:364 msgid "" "<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, " "pwd_expire_policy_renew: </emphasis> These options are useful if users are " @@ -6817,81 +6834,81 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1462 sssd-ipa.5.xml:369 +#: sssd-ldap.5.xml:1464 sssd-ipa.5.xml:374 msgid "" "The difference between these options is the action taken if user password is " "expired:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:1467 sssd-ipa.5.xml:374 +#: sssd-ldap.5.xml:1469 sssd-ipa.5.xml:379 msgid "pwd_expire_policy_reject - user is denied to log in," msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:1473 sssd-ipa.5.xml:380 +#: sssd-ldap.5.xml:1475 sssd-ipa.5.xml:385 msgid "pwd_expire_policy_warn - user is still able to log in," msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:1479 sssd-ipa.5.xml:386 +#: sssd-ldap.5.xml:1481 sssd-ipa.5.xml:391 msgid "" "pwd_expire_policy_renew - user is prompted to change their password " "immediately." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1487 +#: sssd-ldap.5.xml:1489 msgid "" "Please note that 'access_provider = ldap' must be set for this feature to " "work. Also 'ldap_pwd_policy' must be set to an appropriate password policy." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1492 +#: sssd-ldap.5.xml:1494 msgid "" "<emphasis>authorized_service</emphasis>: use the authorizedService attribute " "to determine access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1497 +#: sssd-ldap.5.xml:1499 msgid "<emphasis>host</emphasis>: use the host attribute to determine access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1501 +#: sssd-ldap.5.xml:1503 msgid "" "<emphasis>rhost</emphasis>: use the rhost attribute to determine whether " "remote host can access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1505 +#: sssd-ldap.5.xml:1507 msgid "" "Please note, rhost field in pam is set by application, it is better to check " "what the application sends to pam, before enabling this access control option" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1510 +#: sssd-ldap.5.xml:1512 msgid "Default: filter" msgstr "Noklusējuma: filtrēt" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1513 +#: sssd-ldap.5.xml:1515 msgid "" "Please note that it is a configuration error if a value is used more than " "once." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1520 +#: sssd-ldap.5.xml:1522 msgid "ldap_pwdlockout_dn (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1523 +#: sssd-ldap.5.xml:1525 msgid "" "This option specifies the DN of password policy entry on LDAP server. Please " "note that absence of this option in sssd.conf in case of enabled account " @@ -6900,74 +6917,74 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1531 +#: sssd-ldap.5.xml:1533 msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1534 +#: sssd-ldap.5.xml:1536 msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1540 +#: sssd-ldap.5.xml:1542 msgid "ldap_deref (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1543 +#: sssd-ldap.5.xml:1545 msgid "" "Specifies how alias dereferencing is done when performing a search. The " "following options are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1548 +#: sssd-ldap.5.xml:1550 msgid "<emphasis>never</emphasis>: Aliases are never dereferenced." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1552 +#: sssd-ldap.5.xml:1554 msgid "" "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of " "the base object, but not in locating the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1557 +#: sssd-ldap.5.xml:1559 msgid "" "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating " "the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1562 +#: sssd-ldap.5.xml:1564 msgid "" "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and " "in locating the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1567 +#: sssd-ldap.5.xml:1569 msgid "" "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP " "client libraries)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1575 +#: sssd-ldap.5.xml:1577 msgid "ldap_rfc2307_fallback_to_local_users (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1578 +#: sssd-ldap.5.xml:1580 msgid "" "Allows to retain local users as members of an LDAP group for servers that " "use the RFC2307 schema." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1582 +#: sssd-ldap.5.xml:1584 msgid "" "In some environments where the RFC2307 schema is used, local users are made " "members of LDAP groups by adding their names to the memberUid attribute. " @@ -6978,7 +6995,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1593 +#: sssd-ldap.5.xml:1595 msgid "" "This option falls back to checking if local users are referenced, and caches " "them so that later initgroups() calls will augment the local users with the " @@ -6986,53 +7003,53 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1605 sssd-ifp.5.xml:152 +#: sssd-ldap.5.xml:1607 sssd-ifp.5.xml:152 msgid "wildcard_limit (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1608 +#: sssd-ldap.5.xml:1610 msgid "" "Specifies an upper limit on the number of entries that are downloaded during " "a wildcard lookup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1612 +#: sssd-ldap.5.xml:1614 msgid "At the moment, only the InfoPipe responder supports wildcard lookups." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1616 +#: sssd-ldap.5.xml:1618 msgid "Default: 1000 (often the size of one page)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1622 +#: sssd-ldap.5.xml:1624 msgid "ldap_library_debug_level (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1625 +#: sssd-ldap.5.xml:1627 msgid "" "Switches on libldap debugging with the given level. The libldap debug " "messages will be written independent of the general debug_level." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1630 +#: sssd-ldap.5.xml:1632 msgid "" "OpenLDAP uses a bitmap to enable debugging for specific components, -1 will " "enable full debug output." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1635 +#: sssd-ldap.5.xml:1637 msgid "Default: 0 (libldap debugging disabled)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:51 +#: sssd-ldap.5.xml:52 msgid "" "All of the common configuration options that apply to SSSD domains also " "apply to LDAP domains. Refer to the <quote>DOMAIN SECTIONS</quote> section " @@ -7044,12 +7061,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1645 +#: sssd-ldap.5.xml:1647 msgid "SUDO OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1647 +#: sssd-ldap.5.xml:1649 msgid "" "The detailed instructions for configuration of sudo_provider are in the " "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " @@ -7057,43 +7074,43 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1658 +#: sssd-ldap.5.xml:1660 msgid "ldap_sudo_full_refresh_interval (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1661 +#: sssd-ldap.5.xml:1663 msgid "" "How many seconds SSSD will wait between executing a full refresh of sudo " "rules (which downloads all rules that are stored on the server)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1666 +#: sssd-ldap.5.xml:1668 msgid "" "The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </" "emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1671 +#: sssd-ldap.5.xml:1673 msgid "" "You can disable full refresh by setting this option to 0. However, either " "smart or full refresh must be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1676 +#: sssd-ldap.5.xml:1678 msgid "Default: 21600 (6 hours)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1682 +#: sssd-ldap.5.xml:1684 msgid "ldap_sudo_smart_refresh_interval (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1685 +#: sssd-ldap.5.xml:1687 msgid "" "How many seconds SSSD has to wait before executing a smart refresh of sudo " "rules (which downloads all rules that have USN higher than the highest " @@ -7101,14 +7118,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1691 +#: sssd-ldap.5.xml:1693 msgid "" "If USN attributes are not supported by the server, the modifyTimestamp " "attribute is used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1695 +#: sssd-ldap.5.xml:1697 msgid "" "<emphasis>Note:</emphasis> the highest USN value can be updated by three " "tasks: 1) By sudo full and smart refresh (if updated rules are found), 2) by " @@ -7118,19 +7135,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1706 +#: sssd-ldap.5.xml:1708 msgid "" "You can disable smart refresh by setting this option to 0. However, either " "smart or full refresh must be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1717 +#: sssd-ldap.5.xml:1719 msgid "ldap_sudo_random_offset (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1720 +#: sssd-ldap.5.xml:1722 msgid "" "Random offset between 0 and configured value is added to smart and full " "refresh periods each time the periodic task is scheduled. The value is in " @@ -7138,7 +7155,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1726 +#: sssd-ldap.5.xml:1728 msgid "" "Note that this random offset is also applied on the first SSSD start which " "delays the first sudo rules refresh. This prolongs the time when the sudo " @@ -7146,106 +7163,106 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1732 +#: sssd-ldap.5.xml:1734 msgid "You can disable this offset by setting the value to 0." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1742 +#: sssd-ldap.5.xml:1744 msgid "ldap_sudo_use_host_filter (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1745 +#: sssd-ldap.5.xml:1747 msgid "" "If true, SSSD will download only rules that are applicable to this machine " "(using the IPv4 or IPv6 host/network addresses and hostnames)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1756 +#: sssd-ldap.5.xml:1758 msgid "ldap_sudo_hostnames (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1759 +#: sssd-ldap.5.xml:1761 msgid "" "Space separated list of hostnames or fully qualified domain names that " "should be used to filter the rules." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1764 +#: sssd-ldap.5.xml:1766 msgid "" "If this option is empty, SSSD will try to discover the hostname and the " "fully qualified domain name automatically." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1769 sssd-ldap.5.xml:1792 sssd-ldap.5.xml:1810 -#: sssd-ldap.5.xml:1828 +#: sssd-ldap.5.xml:1771 sssd-ldap.5.xml:1794 sssd-ldap.5.xml:1812 +#: sssd-ldap.5.xml:1830 msgid "" "If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</" "emphasis> then this option has no effect." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1774 sssd-ldap.5.xml:1797 +#: sssd-ldap.5.xml:1776 sssd-ldap.5.xml:1799 msgid "Default: not specified" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1780 +#: sssd-ldap.5.xml:1782 msgid "ldap_sudo_ip (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1783 +#: sssd-ldap.5.xml:1785 msgid "" "Space separated list of IPv4 or IPv6 host/network addresses that should be " "used to filter the rules." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1788 +#: sssd-ldap.5.xml:1790 msgid "" "If this option is empty, SSSD will try to discover the addresses " "automatically." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1803 +#: sssd-ldap.5.xml:1805 msgid "ldap_sudo_include_netgroups (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1806 +#: sssd-ldap.5.xml:1808 msgid "" "If true then SSSD will download every rule that contains a netgroup in " "sudoHost attribute." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1821 +#: sssd-ldap.5.xml:1823 msgid "ldap_sudo_include_regexp (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1824 +#: sssd-ldap.5.xml:1826 msgid "" "If true then SSSD will download every rule that contains a wildcard in " "sudoHost attribute." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><note><para> -#: sssd-ldap.5.xml:1834 +#: sssd-ldap.5.xml:1836 msgid "" "Using wildcard is an operation that is very costly to evaluate on the LDAP " "server side!" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1846 +#: sssd-ldap.5.xml:1848 msgid "" "This manual page only describes attribute name mapping. For detailed " "explanation of sudo related attribute semantics, see <citerefentry> " @@ -7254,59 +7271,59 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1856 +#: sssd-ldap.5.xml:1858 msgid "AUTOFS OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1858 +#: sssd-ldap.5.xml:1860 msgid "" "Some of the defaults for the parameters below are dependent on the LDAP " "schema." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1864 +#: sssd-ldap.5.xml:1866 msgid "ldap_autofs_map_master_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1867 +#: sssd-ldap.5.xml:1869 msgid "The name of the automount master map in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1870 +#: sssd-ldap.5.xml:1872 msgid "Default: auto.master" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1881 +#: sssd-ldap.5.xml:1883 msgid "ADVANCED OPTIONS" msgstr "PAPLAŠINĀTĀS IESPĒJAS" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1888 +#: sssd-ldap.5.xml:1890 msgid "ldap_netgroup_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1893 +#: sssd-ldap.5.xml:1895 msgid "ldap_user_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1898 +#: sssd-ldap.5.xml:1900 msgid "ldap_group_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><note> -#: sssd-ldap.5.xml:1903 +#: sssd-ldap.5.xml:1905 msgid "<note>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para> -#: sssd-ldap.5.xml:1905 +#: sssd-ldap.5.xml:1907 msgid "" "If the option <quote>ldap_use_tokengroups</quote> is enabled, the searches " "against Active Directory will not be restricted and return all groups " @@ -7315,22 +7332,22 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist> -#: sssd-ldap.5.xml:1912 +#: sssd-ldap.5.xml:1914 msgid "</note>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1914 +#: sssd-ldap.5.xml:1916 msgid "ldap_sudo_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1919 +#: sssd-ldap.5.xml:1921 msgid "ldap_autofs_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1883 +#: sssd-ldap.5.xml:1885 msgid "" "These options are supported by LDAP domains, but they should be used with " "caution. Please include them in your configuration only if you know what you " @@ -7339,14 +7356,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1934 sssd-simple.5.xml:131 sssd-ipa.5.xml:925 -#: sssd-ad.5.xml:1386 sssd-krb5.5.xml:483 sss_rpcidmapd.5.xml:98 +#: sssd-ldap.5.xml:1936 sssd-simple.5.xml:131 sssd-ipa.5.xml:930 +#: sssd-ad.5.xml:1391 sssd-krb5.5.xml:483 sss_rpcidmapd.5.xml:98 #: sssd-files.5.xml:155 sssd-session-recording.5.xml:176 msgid "EXAMPLE" msgstr "PIEMĒRS" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1936 +#: sssd-ldap.5.xml:1938 msgid "" "The following example assumes that SSSD is correctly configured and LDAP is " "set to one of the domains in the <replaceable>[domains]</replaceable> " @@ -7354,7 +7371,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ldap.5.xml:1942 +#: sssd-ldap.5.xml:1944 #, no-wrap msgid "" "[domain/LDAP]\n" @@ -7367,27 +7384,27 @@ msgid "" msgstr "" #. type: Content of: <refsect1><refsect2><para> -#: sssd-ldap.5.xml:1941 sssd-ldap.5.xml:1959 sssd-simple.5.xml:139 -#: sssd-ipa.5.xml:933 sssd-ad.5.xml:1394 sssd-sudo.5.xml:56 sssd-krb5.5.xml:492 +#: sssd-ldap.5.xml:1943 sssd-ldap.5.xml:1961 sssd-simple.5.xml:139 +#: sssd-ipa.5.xml:938 sssd-ad.5.xml:1399 sssd-sudo.5.xml:56 sssd-krb5.5.xml:492 #: sssd-files.5.xml:162 sssd-files.5.xml:173 sssd-session-recording.5.xml:182 #: include/ldap_id_mapping.xml:105 msgid "<placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1953 +#: sssd-ldap.5.xml:1955 msgid "LDAP ACCESS FILTER EXAMPLE" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1955 +#: sssd-ldap.5.xml:1957 msgid "" "The following example assumes that SSSD is correctly configured and to use " "the ldap_access_order=lockout." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ldap.5.xml:1960 +#: sssd-ldap.5.xml:1962 #, no-wrap msgid "" "[domain/LDAP]\n" @@ -7403,13 +7420,13 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1975 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148 -#: sssd-ad.5.xml:1409 sssd.8.xml:238 sss_seed.8.xml:163 +#: sssd-ldap.5.xml:1977 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148 +#: sssd-ad.5.xml:1414 sssd.8.xml:238 sss_seed.8.xml:163 msgid "NOTES" msgstr "PIEZĪMES" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1977 +#: sssd-ldap.5.xml:1979 msgid "" "The descriptions of some of the configuration options in this manual page " "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> " @@ -9740,12 +9757,12 @@ msgid "Example: dyndns_iface = em1, vnet1, vnet2" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:204 sssd-ad.5.xml:1285 +#: sssd-ipa.5.xml:204 sssd-ad.5.xml:1290 msgid "dyndns_auth (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:207 sssd-ad.5.xml:1288 +#: sssd-ipa.5.xml:207 sssd-ad.5.xml:1293 msgid "" "Whether the nsupdate utility should use GSS-TSIG authentication for secure " "updates with the DNS server, insecure updates can be sent by setting this " @@ -9753,17 +9770,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:213 sssd-ad.5.xml:1294 +#: sssd-ipa.5.xml:213 sssd-ad.5.xml:1299 msgid "Default: GSS-TSIG" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:219 sssd-ad.5.xml:1300 +#: sssd-ipa.5.xml:219 sssd-ad.5.xml:1305 msgid "dyndns_auth_ptr (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:222 sssd-ad.5.xml:1303 +#: sssd-ipa.5.xml:222 sssd-ad.5.xml:1308 msgid "" "Whether the nsupdate utility should use GSS-TSIG authentication for secure " "PTR updates with the DNS server, insecure updates can be sent by setting " @@ -9771,7 +9788,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:228 sssd-ad.5.xml:1309 +#: sssd-ipa.5.xml:228 sssd-ad.5.xml:1314 msgid "Default: Same as dyndns_auth" msgstr "" @@ -9830,65 +9847,72 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:290 +#: sssd-ipa.5.xml:290 sssd-ad.5.xml:1266 +msgid "" +"Note that <emphasis>dyndns_update_per_family</emphasis> parameter does not " +"apply for PTR record updates. Those updates are always sent separately." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:295 msgid "Default: False (disabled)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:296 sssd-ad.5.xml:1272 +#: sssd-ipa.5.xml:301 sssd-ad.5.xml:1277 msgid "dyndns_force_tcp (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:299 sssd-ad.5.xml:1275 +#: sssd-ipa.5.xml:304 sssd-ad.5.xml:1280 msgid "" "Whether the nsupdate utility should default to using TCP for communicating " "with the DNS server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:303 sssd-ad.5.xml:1279 +#: sssd-ipa.5.xml:308 sssd-ad.5.xml:1284 msgid "Default: False (let nsupdate choose the protocol)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:309 sssd-ad.5.xml:1315 +#: sssd-ipa.5.xml:314 sssd-ad.5.xml:1320 msgid "dyndns_server (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:312 sssd-ad.5.xml:1318 +#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1323 msgid "" "The DNS server to use when performing a DNS update. In most setups, it's " "recommended to leave this option unset." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1323 +#: sssd-ipa.5.xml:322 sssd-ad.5.xml:1328 msgid "" "Setting this option makes sense for environments where the DNS server is " "different from the identity server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:322 sssd-ad.5.xml:1328 +#: sssd-ipa.5.xml:327 sssd-ad.5.xml:1333 msgid "" "Please note that this option will be only used in fallback attempt when " "previous attempt using autodetected settings failed." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:327 sssd-ad.5.xml:1333 +#: sssd-ipa.5.xml:332 sssd-ad.5.xml:1338 msgid "Default: None (let nsupdate choose the server)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:333 sssd-ad.5.xml:1339 +#: sssd-ipa.5.xml:338 sssd-ad.5.xml:1344 msgid "dyndns_update_per_family (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:336 sssd-ad.5.xml:1342 +#: sssd-ipa.5.xml:341 sssd-ad.5.xml:1347 msgid "" "DNS update is by default performed in two steps - IPv4 update and then IPv6 " "update. In some cases it might be desirable to perform IPv4 and IPv6 update " @@ -9896,177 +9920,177 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:348 +#: sssd-ipa.5.xml:353 msgid "ipa_access_order (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:355 +#: sssd-ipa.5.xml:360 msgid "<emphasis>expire</emphasis>: use IPA's account expiration policy." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:394 +#: sssd-ipa.5.xml:399 msgid "" "Please note that 'access_provider = ipa' must be set for this feature to " "work." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:401 +#: sssd-ipa.5.xml:406 msgid "ipa_deskprofile_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:404 +#: sssd-ipa.5.xml:409 msgid "" "Optional. Use the given string as search base for Desktop Profile related " "objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:408 sssd-ipa.5.xml:435 +#: sssd-ipa.5.xml:413 sssd-ipa.5.xml:440 msgid "Default: Use base DN" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:414 +#: sssd-ipa.5.xml:419 msgid "ipa_subid_ranges_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:417 +#: sssd-ipa.5.xml:422 msgid "" "Optional. Use the given string as search base for subordinate ranges related " "objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:421 +#: sssd-ipa.5.xml:426 msgid "Default: the value of <emphasis>cn=subids,%basedn</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:428 +#: sssd-ipa.5.xml:433 msgid "ipa_hbac_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:431 +#: sssd-ipa.5.xml:436 msgid "Optional. Use the given string as search base for HBAC related objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:441 +#: sssd-ipa.5.xml:446 msgid "ipa_host_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:444 +#: sssd-ipa.5.xml:449 msgid "Deprecated. Use ldap_host_search_base instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:450 +#: sssd-ipa.5.xml:455 msgid "ipa_selinux_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:453 +#: sssd-ipa.5.xml:458 msgid "Optional. Use the given string as search base for SELinux user maps." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:469 +#: sssd-ipa.5.xml:474 msgid "ipa_subdomains_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:472 +#: sssd-ipa.5.xml:477 msgid "Optional. Use the given string as search base for trusted domains." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:481 +#: sssd-ipa.5.xml:486 msgid "Default: the value of <emphasis>cn=trusts,%basedn</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:488 +#: sssd-ipa.5.xml:493 msgid "ipa_master_domain_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:491 +#: sssd-ipa.5.xml:496 msgid "Optional. Use the given string as search base for master domain object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:500 +#: sssd-ipa.5.xml:505 msgid "Default: the value of <emphasis>cn=ad,cn=etc,%basedn</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:507 +#: sssd-ipa.5.xml:512 msgid "ipa_views_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:510 +#: sssd-ipa.5.xml:515 msgid "Optional. Use the given string as search base for views containers." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:519 +#: sssd-ipa.5.xml:524 msgid "Default: the value of <emphasis>cn=views,cn=accounts,%basedn</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:529 +#: sssd-ipa.5.xml:534 msgid "" "The name of the Kerberos realm. This is optional and defaults to the value " "of <quote>ipa_domain</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:533 +#: sssd-ipa.5.xml:538 msgid "" "The name of the Kerberos realm has a special meaning in IPA - it is " "converted into the base DN to use for performing LDAP operations." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:541 sssd-ad.5.xml:1357 +#: sssd-ipa.5.xml:546 sssd-ad.5.xml:1362 msgid "krb5_confd_path (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:544 sssd-ad.5.xml:1360 +#: sssd-ipa.5.xml:549 sssd-ad.5.xml:1365 msgid "" "Absolute path of a directory where SSSD should place Kerberos configuration " "snippets." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:548 sssd-ad.5.xml:1364 +#: sssd-ipa.5.xml:553 sssd-ad.5.xml:1369 msgid "" "To disable the creation of the configuration snippets set the parameter to " "'none'." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:552 sssd-ad.5.xml:1368 +#: sssd-ipa.5.xml:557 sssd-ad.5.xml:1373 msgid "" "Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:559 +#: sssd-ipa.5.xml:564 msgid "ipa_deskprofile_refresh (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:562 +#: sssd-ipa.5.xml:567 msgid "" "The amount of time between lookups of the Desktop Profile rules against the " "IPA server. This will reduce the latency and load on the IPA server if there " @@ -10074,34 +10098,34 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:569 sssd-ipa.5.xml:599 sssd-ipa.5.xml:615 sssd-ad.5.xml:599 +#: sssd-ipa.5.xml:574 sssd-ipa.5.xml:604 sssd-ipa.5.xml:620 sssd-ad.5.xml:599 msgid "Default: 5 (seconds)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:575 +#: sssd-ipa.5.xml:580 msgid "ipa_deskprofile_request_interval (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:578 +#: sssd-ipa.5.xml:583 msgid "" "The amount of time between lookups of the Desktop Profile rules against the " "IPA server in case the last request did not return any rule." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:583 +#: sssd-ipa.5.xml:588 msgid "Default: 60 (minutes)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:589 +#: sssd-ipa.5.xml:594 msgid "ipa_hbac_refresh (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:592 +#: sssd-ipa.5.xml:597 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server. " "This will reduce the latency and load on the IPA server if there are many " @@ -10109,12 +10133,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:605 +#: sssd-ipa.5.xml:610 msgid "ipa_hbac_selinux (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:608 +#: sssd-ipa.5.xml:613 msgid "" "The amount of time between lookups of the SELinux maps against the IPA " "server. This will reduce the latency and load on the IPA server if there are " @@ -10122,33 +10146,33 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:621 +#: sssd-ipa.5.xml:626 msgid "ipa_server_mode (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:624 +#: sssd-ipa.5.xml:629 msgid "" "This option will be set by the IPA installer (ipa-server-install) " "automatically and denotes if SSSD is running on an IPA server or not." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:629 +#: sssd-ipa.5.xml:634 msgid "" "On an IPA server SSSD will lookup users and groups from trusted domains " "directly while on a client it will ask an IPA server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:634 +#: sssd-ipa.5.xml:639 msgid "" "NOTE: There are currently some assumptions that must be met when SSSD is " "running on an IPA server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:639 +#: sssd-ipa.5.xml:644 msgid "" "The <quote>ipa_server</quote> option must be configured to point to the IPA " "server itself. This is already the default set by the IPA installer, so no " @@ -10156,59 +10180,59 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:648 +#: sssd-ipa.5.xml:653 msgid "" "The <quote>full_name_format</quote> option must not be tweaked to only print " "short names for users from trusted domains." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:663 +#: sssd-ipa.5.xml:668 msgid "ipa_automount_location (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:666 +#: sssd-ipa.5.xml:671 msgid "The automounter location this IPA client will be using" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:669 +#: sssd-ipa.5.xml:674 msgid "Default: The location named \"default\"" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd-ipa.5.xml:677 +#: sssd-ipa.5.xml:682 msgid "VIEWS AND OVERRIDES" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:686 +#: sssd-ipa.5.xml:691 msgid "ipa_view_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:689 +#: sssd-ipa.5.xml:694 msgid "Objectclass of the view container." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:692 +#: sssd-ipa.5.xml:697 msgid "Default: nsContainer" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:698 +#: sssd-ipa.5.xml:703 msgid "ipa_view_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:701 +#: sssd-ipa.5.xml:706 msgid "Name of the attribute holding the name of the view." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:705 sssd-ldap-attributes.5.xml:496 +#: sssd-ipa.5.xml:710 sssd-ldap-attributes.5.xml:496 #: sssd-ldap-attributes.5.xml:830 sssd-ldap-attributes.5.xml:911 #: sssd-ldap-attributes.5.xml:1008 sssd-ldap-attributes.5.xml:1066 #: sssd-ldap-attributes.5.xml:1224 sssd-ldap-attributes.5.xml:1269 @@ -10216,128 +10240,128 @@ msgid "Default: cn" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:711 +#: sssd-ipa.5.xml:716 msgid "ipa_override_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:714 +#: sssd-ipa.5.xml:719 msgid "Objectclass of the override objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:717 +#: sssd-ipa.5.xml:722 msgid "Default: ipaOverrideAnchor" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:723 +#: sssd-ipa.5.xml:728 msgid "ipa_anchor_uuid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:726 +#: sssd-ipa.5.xml:731 msgid "" "Name of the attribute containing the reference to the original object in a " "remote domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:730 +#: sssd-ipa.5.xml:735 msgid "Default: ipaAnchorUUID" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:736 +#: sssd-ipa.5.xml:741 msgid "ipa_user_override_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:739 +#: sssd-ipa.5.xml:744 msgid "" "Name of the objectclass for user overrides. It is used to determine if the " "found override object is related to a user or a group." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:744 +#: sssd-ipa.5.xml:749 msgid "User overrides can contain attributes given by" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:747 +#: sssd-ipa.5.xml:752 msgid "ldap_user_name" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:750 +#: sssd-ipa.5.xml:755 msgid "ldap_user_uid_number" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:753 +#: sssd-ipa.5.xml:758 msgid "ldap_user_gid_number" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:756 +#: sssd-ipa.5.xml:761 msgid "ldap_user_gecos" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:759 +#: sssd-ipa.5.xml:764 msgid "ldap_user_home_directory" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:762 +#: sssd-ipa.5.xml:767 msgid "ldap_user_shell" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:765 +#: sssd-ipa.5.xml:770 msgid "ldap_user_ssh_public_key" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:770 +#: sssd-ipa.5.xml:775 msgid "Default: ipaUserOverride" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:776 +#: sssd-ipa.5.xml:781 msgid "ipa_group_override_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:779 +#: sssd-ipa.5.xml:784 msgid "" "Name of the objectclass for group overrides. It is used to determine if the " "found override object is related to a user or a group." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:784 +#: sssd-ipa.5.xml:789 msgid "Group overrides can contain attributes given by" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:787 +#: sssd-ipa.5.xml:792 msgid "ldap_group_name" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:790 +#: sssd-ipa.5.xml:795 msgid "ldap_group_gid_number" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:795 +#: sssd-ipa.5.xml:800 msgid "Default: ipaGroupOverride" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd-ipa.5.xml:679 +#: sssd-ipa.5.xml:684 msgid "" "SSSD can handle views and overrides which are offered by FreeIPA 4.1 and " "later version. Since all paths and objectclasses are fixed on the server " @@ -10347,19 +10371,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ipa.5.xml:807 +#: sssd-ipa.5.xml:812 msgid "SUBDOMAINS PROVIDER" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:809 +#: sssd-ipa.5.xml:814 msgid "" "The IPA subdomains provider behaves slightly differently if it is configured " "explicitly or implicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:813 +#: sssd-ipa.5.xml:818 msgid "" "If the option 'subdomains_provider = ipa' is found in the domain section of " "sssd.conf, the IPA subdomains provider is configured explicitly, and all " @@ -10367,7 +10391,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:819 +#: sssd-ipa.5.xml:824 msgid "" "If the option 'subdomains_provider' is not set in the domain section of sssd." "conf but there is the option 'id_provider = ipa', the IPA subdomains " @@ -10379,12 +10403,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ipa.5.xml:830 +#: sssd-ipa.5.xml:835 msgid "TRUSTED DOMAINS CONFIGURATION" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ipa.5.xml:838 +#: sssd-ipa.5.xml:843 #, no-wrap msgid "" "[domain/ipa.domain.com/ad.domain.com]\n" @@ -10392,7 +10416,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:832 +#: sssd-ipa.5.xml:837 msgid "" "Some configuration options can also be set for a trusted domain. A trusted " "domain configuration can be set using the trusted domain subsection as shown " @@ -10402,80 +10426,80 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:843 +#: sssd-ipa.5.xml:848 msgid "" "For more details, see the <citerefentry> <refentrytitle>sssd.conf</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:850 +#: sssd-ipa.5.xml:855 msgid "" "Different configuration options are tunable for a trusted domain depending " "on whether you are configuring SSSD on an IPA server or an IPA client." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd-ipa.5.xml:855 +#: sssd-ipa.5.xml:860 msgid "OPTIONS TUNABLE ON IPA MASTERS" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd-ipa.5.xml:857 +#: sssd-ipa.5.xml:862 msgid "" "The following options can be set in a subdomain section on an IPA master:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:861 sssd-ipa.5.xml:891 +#: sssd-ipa.5.xml:866 sssd-ipa.5.xml:896 msgid "ad_server" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:864 +#: sssd-ipa.5.xml:869 msgid "ad_backup_server" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:867 sssd-ipa.5.xml:894 +#: sssd-ipa.5.xml:872 sssd-ipa.5.xml:899 msgid "ad_site" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:870 +#: sssd-ipa.5.xml:875 msgid "ldap_search_base" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:873 +#: sssd-ipa.5.xml:878 msgid "ldap_user_search_base" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:876 +#: sssd-ipa.5.xml:881 msgid "ldap_group_search_base" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd-ipa.5.xml:885 +#: sssd-ipa.5.xml:890 msgid "OPTIONS TUNABLE ON IPA CLIENTS" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd-ipa.5.xml:887 +#: sssd-ipa.5.xml:892 msgid "" "The following options can be set in a subdomain section on an IPA client:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd-ipa.5.xml:899 +#: sssd-ipa.5.xml:904 msgid "" "Note that if both options are set, only <quote>ad_server</quote> is " "evaluated." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd-ipa.5.xml:903 +#: sssd-ipa.5.xml:908 msgid "" "Since any request for a user or a group identity from a trusted domain " "triggered from an IPA client is resolved by the IPA server, the " @@ -10489,7 +10513,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:927 +#: sssd-ipa.5.xml:932 msgid "" "The following example assumes that SSSD is correctly configured and example." "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " @@ -10497,7 +10521,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ipa.5.xml:934 +#: sssd-ipa.5.xml:939 #, no-wrap msgid "" "[domain/example.com]\n" @@ -11697,7 +11721,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ad.5.xml:1388 +#: sssd-ad.5.xml:1393 msgid "" "The following example assumes that SSSD is correctly configured and example." "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " @@ -11705,7 +11729,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ad.5.xml:1395 +#: sssd-ad.5.xml:1400 #, no-wrap msgid "" "[domain/EXAMPLE]\n" @@ -11720,7 +11744,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ad.5.xml:1415 +#: sssd-ad.5.xml:1420 #, no-wrap msgid "" "access_provider = ldap\n" @@ -11729,7 +11753,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ad.5.xml:1411 +#: sssd-ad.5.xml:1416 msgid "" "The AD access control provider checks if the account is expired. It has the " "same effect as the following configuration of the LDAP provider: " @@ -11737,7 +11761,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ad.5.xml:1421 +#: sssd-ad.5.xml:1426 msgid "" "However, unless the <quote>ad</quote> access control provider is explicitly " "configured, the default access provider is <quote>permit</quote>. Please " @@ -11747,7 +11771,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ad.5.xml:1429 +#: sssd-ad.5.xml:1434 msgid "" "When the autofs provider is set to <quote>ad</quote>, the RFC2307 schema " "attribute mapping (nisMap, nisObject, ...) is used, because these attributes " diff --git a/src/man/po/nl.po b/src/man/po/nl.po index 261abf03488..4c1b15c5afd 100644 --- a/src/man/po/nl.po +++ b/src/man/po/nl.po @@ -8,7 +8,7 @@ msgid "" msgstr "" "Project-Id-Version: sssd-docs 2.3.0\n" "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" -"POT-Creation-Date: 2023-09-07 11:47+0200\n" +"POT-Creation-Date: 2023-11-13 11:53+0100\n" "PO-Revision-Date: 2014-12-15 12:02-0500\n" "Last-Translator: Copied by Zanata <copied-by-zanata@zanata.org>\n" "Language-Team: Dutch (http://www.transifex.com/projects/p/sssd/language/" @@ -217,10 +217,10 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:136 sssd.conf.5.xml:173 sssd.conf.5.xml:358 #: sssd.conf.5.xml:714 sssd.conf.5.xml:729 sssd.conf.5.xml:952 -#: sssd.conf.5.xml:1070 sssd.conf.5.xml:2198 sssd-ldap.5.xml:1071 -#: sssd-ldap.5.xml:1174 sssd-ldap.5.xml:1243 sssd-ldap.5.xml:1750 -#: sssd-ldap.5.xml:1815 sssd-ipa.5.xml:342 sssd-ad.5.xml:252 sssd-ad.5.xml:366 -#: sssd-ad.5.xml:1200 sssd-ad.5.xml:1348 sssd-krb5.5.xml:358 +#: sssd.conf.5.xml:1070 sssd.conf.5.xml:2198 sssd-ldap.5.xml:1073 +#: sssd-ldap.5.xml:1176 sssd-ldap.5.xml:1245 sssd-ldap.5.xml:1752 +#: sssd-ldap.5.xml:1817 sssd-ipa.5.xml:347 sssd-ad.5.xml:252 sssd-ad.5.xml:366 +#: sssd-ad.5.xml:1200 sssd-ad.5.xml:1353 sssd-krb5.5.xml:358 msgid "Default: true" msgstr "Standaard: true" @@ -238,10 +238,10 @@ msgstr "" #. type: Content of: <variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:149 sssd.conf.5.xml:652 sssd.conf.5.xml:949 -#: sssd.conf.5.xml:2101 sssd.conf.5.xml:2168 sssd.conf.5.xml:4174 -#: sssd-ldap.5.xml:312 sssd-ldap.5.xml:917 sssd-ldap.5.xml:936 -#: sssd-ldap.5.xml:1146 sssd-ldap.5.xml:1599 sssd-ldap.5.xml:1839 -#: sssd-ipa.5.xml:152 sssd-ipa.5.xml:254 sssd-ipa.5.xml:657 sssd-ad.5.xml:1106 +#: sssd.conf.5.xml:2101 sssd.conf.5.xml:2168 sssd.conf.5.xml:4191 +#: sssd-ldap.5.xml:313 sssd-ldap.5.xml:919 sssd-ldap.5.xml:938 +#: sssd-ldap.5.xml:1148 sssd-ldap.5.xml:1601 sssd-ldap.5.xml:1841 +#: sssd-ipa.5.xml:152 sssd-ipa.5.xml:254 sssd-ipa.5.xml:662 sssd-ad.5.xml:1106 #: sssd-krb5.5.xml:268 sssd-krb5.5.xml:330 sssd-krb5.5.xml:432 #: include/krb5_options.xml:163 msgid "Default: false" @@ -277,8 +277,8 @@ msgid "" msgstr "" #. type: Content of: outside any tag (error?) -#: sssd.conf.5.xml:109 sssd.conf.5.xml:184 sssd-ldap.5.xml:1656 -#: sssd-ldap.5.xml:1862 sss-certmap.5.xml:645 sssd-systemtap.5.xml:82 +#: sssd.conf.5.xml:109 sssd.conf.5.xml:184 sssd-ldap.5.xml:1658 +#: sssd-ldap.5.xml:1864 sss-certmap.5.xml:645 sssd-systemtap.5.xml:82 #: sssd-systemtap.5.xml:143 sssd-systemtap.5.xml:236 sssd-systemtap.5.xml:274 #: sssd-systemtap.5.xml:330 sssd-ldap-attributes.5.xml:40 #: sssd-ldap-attributes.5.xml:659 sssd-ldap-attributes.5.xml:801 @@ -309,7 +309,7 @@ msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:196 sssd.conf.5.xml:1290 sssd.conf.5.xml:1767 -#: sssd.conf.5.xml:4190 sssd-ldap.5.xml:765 include/ldap_id_mapping.xml:270 +#: sssd.conf.5.xml:4207 sssd-ldap.5.xml:766 include/ldap_id_mapping.xml:270 msgid "Default: 10" msgstr "" @@ -389,7 +389,7 @@ msgstr "" "Data Aanbieder crashed of opnieuw start voordat dit opgegeven wordt" #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:266 sssd.conf.5.xml:792 sssd.conf.5.xml:3709 +#: sssd.conf.5.xml:266 sssd.conf.5.xml:792 sssd.conf.5.xml:3716 #: include/failover.xml:100 msgid "Default: 3" msgstr "Standaard: 3" @@ -411,7 +411,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:287 sssd.conf.5.xml:3541 +#: sssd.conf.5.xml:287 sssd.conf.5.xml:3548 msgid "re_expression (string)" msgstr "re_expression (tekst)" @@ -431,12 +431,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:304 sssd.conf.5.xml:3598 +#: sssd.conf.5.xml:304 sssd.conf.5.xml:3605 msgid "full_name_format (string)" msgstr "full_name_format (tekst)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:307 sssd.conf.5.xml:3601 +#: sssd.conf.5.xml:307 sssd.conf.5.xml:3608 msgid "" "A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</" "manvolnum> </citerefentry>-compatible format that describes how to compose a " @@ -444,39 +444,39 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:318 sssd.conf.5.xml:3612 +#: sssd.conf.5.xml:318 sssd.conf.5.xml:3619 msgid "%1$s" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:319 sssd.conf.5.xml:3613 +#: sssd.conf.5.xml:319 sssd.conf.5.xml:3620 msgid "user name" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:322 sssd.conf.5.xml:3616 +#: sssd.conf.5.xml:322 sssd.conf.5.xml:3623 msgid "%2$s" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:325 sssd.conf.5.xml:3619 +#: sssd.conf.5.xml:325 sssd.conf.5.xml:3626 msgid "domain name as specified in the SSSD config file." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:331 sssd.conf.5.xml:3625 +#: sssd.conf.5.xml:331 sssd.conf.5.xml:3632 msgid "%3$s" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:334 sssd.conf.5.xml:3628 +#: sssd.conf.5.xml:334 sssd.conf.5.xml:3635 msgid "" "domain flat name. Mostly usable for Active Directory domains, both directly " "configured or discovered via IPA trusts." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:315 sssd.conf.5.xml:3609 +#: sssd.conf.5.xml:315 sssd.conf.5.xml:3616 msgid "" "The following expansions are supported: <placeholder type=\"variablelist\" " "id=\"0\"/>" @@ -629,8 +629,8 @@ msgid "" msgstr "" #. type: Content of: <variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:468 sssd-ldap.5.xml:876 sssd-ldap.5.xml:888 -#: sssd-ldap.5.xml:980 sssd-ad.5.xml:920 sssd-ad.5.xml:995 sssd-krb5.5.xml:468 +#: sssd.conf.5.xml:468 sssd-ldap.5.xml:877 sssd-ldap.5.xml:889 +#: sssd-ldap.5.xml:982 sssd-ad.5.xml:920 sssd-ad.5.xml:995 sssd-krb5.5.xml:468 #: sssd-ldap-attributes.5.xml:470 sssd-ldap-attributes.5.xml:976 #: include/ldap_id_mapping.xml:211 include/ldap_id_mapping.xml:222 #: include/krb5_options.xml:148 @@ -900,7 +900,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:700 sssd.conf.5.xml:1791 sssd.conf.5.xml:4240 +#: sssd.conf.5.xml:700 sssd.conf.5.xml:1791 sssd.conf.5.xml:4257 #: sssd-ad.5.xml:187 sssd-ad.5.xml:327 sssd-ad.5.xml:341 msgid "Default: Not set" msgstr "" @@ -1085,7 +1085,7 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:858 sssd.conf.5.xml:1201 sssd.conf.5.xml:1584 -#: sssd.conf.5.xml:1880 sssd-ldap.5.xml:494 +#: sssd.conf.5.xml:1880 sssd-ldap.5.xml:495 msgid "Default: 60" msgstr "" @@ -1193,7 +1193,7 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:937 sssd.conf.5.xml:1214 sssd.conf.5.xml:2322 -#: sssd-ldap.5.xml:331 +#: sssd-ldap.5.xml:332 msgid "Default: 300" msgstr "" @@ -1570,7 +1570,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1240 sssd.conf.5.xml:2964 sssd-ldap.5.xml:548 +#: sssd.conf.5.xml:1240 sssd.conf.5.xml:2971 sssd-ldap.5.xml:549 msgid "Default: 8" msgstr "" @@ -1598,8 +1598,8 @@ msgid "" msgstr "" #. type: Content of: <variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1265 sssd.conf.5.xml:1317 sssd.conf.5.xml:3730 -#: sssd-ldap.5.xml:473 sssd-ldap.5.xml:525 include/failover.xml:116 +#: sssd.conf.5.xml:1265 sssd.conf.5.xml:1317 sssd.conf.5.xml:3737 +#: sssd-ldap.5.xml:474 sssd-ldap.5.xml:526 include/failover.xml:116 #: include/krb5_options.xml:11 msgid "Default: 6" msgstr "" @@ -1916,7 +1916,7 @@ msgid "pam_pwd_expiration_warning (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1553 sssd.conf.5.xml:2988 +#: sssd.conf.5.xml:1553 sssd.conf.5.xml:2995 msgid "Display a warning N days before the password expires." msgstr "" @@ -1929,7 +1929,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1562 sssd.conf.5.xml:2991 +#: sssd.conf.5.xml:1562 sssd.conf.5.xml:2998 msgid "" "If zero is set, then this filter is not applied, i.e. if the expiration " "warning was received from backend server, it will automatically be displayed." @@ -1943,7 +1943,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1572 sssd.conf.5.xml:3977 sssd-ldap.5.xml:606 sssd.8.xml:79 +#: sssd.conf.5.xml:1572 sssd.conf.5.xml:3984 sssd-ldap.5.xml:607 sssd.8.xml:79 msgid "Default: 0" msgstr "Standaard: 0" @@ -2006,8 +2006,8 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1632 sssd.conf.5.xml:1657 sssd.conf.5.xml:1676 -#: sssd.conf.5.xml:1913 sssd.conf.5.xml:2733 sssd.conf.5.xml:3906 -#: sssd-ldap.5.xml:1207 +#: sssd.conf.5.xml:1913 sssd.conf.5.xml:2733 sssd.conf.5.xml:3913 +#: sssd-ldap.5.xml:1209 msgid "Default: none" msgstr "" @@ -2070,8 +2070,8 @@ msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1687 sssd.conf.5.xml:1698 sssd.conf.5.xml:1712 -#: sssd-ldap.5.xml:671 sssd-ldap.5.xml:692 sssd-ldap.5.xml:788 -#: sssd-ldap.5.xml:1293 sssd-ad.5.xml:505 sssd-ad.5.xml:581 sssd-ad.5.xml:1126 +#: sssd-ldap.5.xml:672 sssd-ldap.5.xml:693 sssd-ldap.5.xml:789 +#: sssd-ldap.5.xml:1295 sssd-ad.5.xml:505 sssd-ad.5.xml:581 sssd-ad.5.xml:1126 #: sssd-ad.5.xml:1175 include/ldap_id_mapping.xml:250 msgid "Default: False" msgstr "" @@ -2110,7 +2110,7 @@ msgid "The path to the certificate database." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1723 sssd.conf.5.xml:2248 sssd.conf.5.xml:4354 +#: sssd.conf.5.xml:1723 sssd.conf.5.xml:2248 sssd.conf.5.xml:4371 msgid "Default:" msgstr "" @@ -2380,7 +2380,7 @@ msgid "Default: no_session" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1950 sssd.conf.5.xml:4293 +#: sssd.conf.5.xml:1950 sssd.conf.5.xml:4310 msgid "pam_gssapi_services" msgstr "" @@ -2414,7 +2414,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1968 sssd.conf.5.xml:3900 +#: sssd.conf.5.xml:1968 sssd.conf.5.xml:3907 msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" @@ -2424,7 +2424,7 @@ msgid "Default: - (GSSAPI authentication is disabled)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1979 sssd.conf.5.xml:4294 +#: sssd.conf.5.xml:1979 sssd.conf.5.xml:4311 msgid "pam_gssapi_check_upn" msgstr "" @@ -2444,7 +2444,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1999 sssd-ad.5.xml:1266 sss_rpcidmapd.5.xml:76 +#: sssd.conf.5.xml:1999 sssd-ad.5.xml:1271 sss_rpcidmapd.5.xml:76 #: sssd-files.5.xml:145 msgid "Default: True" msgstr "" @@ -3207,7 +3207,7 @@ msgid "FALSE = No enumerations for this domain" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2669 sssd.conf.5.xml:2943 sssd.conf.5.xml:3120 +#: sssd.conf.5.xml:2669 sssd.conf.5.xml:2950 sssd.conf.5.xml:3127 msgid "Default: FALSE" msgstr "" @@ -3476,7 +3476,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2922 sssd-ldap.5.xml:360 sssd-ldap.5.xml:1736 +#: sssd.conf.5.xml:2922 sssd-ldap.5.xml:361 sssd-ldap.5.xml:1738 #: sssd-ipa.5.xml:270 msgid "Default: 0 (disabled)" msgstr "" @@ -3488,11 +3488,17 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:2931 -msgid "Determines if user credentials are also cached in the local LDB cache." +msgid "" +"Determines if user credentials are also cached in the local LDB cache. The " +"cached credentials refer to passwords, which includes the first (long term) " +"factor of two-factor authentication, not other authentication mechanisms. " +"Passkey and Smartcard authentications are expected to work offline as long " +"as a successful online authentication is recorded in the cache without " +"additional configuration." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2935 +#: sssd.conf.5.xml:2942 msgid "" "Take a note that while credentials are stored as a salted SHA512 hash, this " "still potentially poses some security risk in case an attacker manages to " @@ -3501,12 +3507,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2949 +#: sssd.conf.5.xml:2956 msgid "cache_credentials_minimal_first_factor_length (int)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2952 +#: sssd.conf.5.xml:2959 msgid "" "If 2-Factor-Authentication (2FA) is used and credentials should be saved " "this value determines the minimal length the first authentication factor " @@ -3514,19 +3520,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2959 +#: sssd.conf.5.xml:2966 msgid "" "This should avoid that the short PINs of a PIN based 2FA scheme are saved in " "the cache which would make them easy targets for brute-force attacks." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2970 +#: sssd.conf.5.xml:2977 msgid "account_cache_expiration (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2973 +#: sssd.conf.5.xml:2980 msgid "" "Number of days entries are left in cache after last successful login before " "being removed during a cleanup of the cache. 0 means keep forever. The " @@ -3535,17 +3541,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2980 +#: sssd.conf.5.xml:2987 msgid "Default: 0 (unlimited)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2985 +#: sssd.conf.5.xml:2992 msgid "pwd_expiration_warning (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2996 +#: sssd.conf.5.xml:3003 msgid "" "Please note that the backend server has to provide information about the " "expiration time of the password. If this information is missing, sssd " @@ -3554,28 +3560,28 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3003 +#: sssd.conf.5.xml:3010 msgid "Default: 7 (Kerberos), 0 (LDAP)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3009 +#: sssd.conf.5.xml:3016 msgid "id_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3012 +#: sssd.conf.5.xml:3019 msgid "" "The identification provider used for the domain. Supported ID providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3016 +#: sssd.conf.5.xml:3023 msgid "<quote>proxy</quote>: Support a legacy NSS provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3019 +#: sssd.conf.5.xml:3026 msgid "" "<quote>files</quote>: FILES provider. See <citerefentry> <refentrytitle>sssd-" "files</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more " @@ -3583,7 +3589,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3027 +#: sssd.conf.5.xml:3034 msgid "" "<quote>ldap</quote>: LDAP provider. See <citerefentry> <refentrytitle>sssd-" "ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more " @@ -3591,8 +3597,8 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3035 sssd.conf.5.xml:3146 sssd.conf.5.xml:3197 -#: sssd.conf.5.xml:3260 +#: sssd.conf.5.xml:3042 sssd.conf.5.xml:3153 sssd.conf.5.xml:3204 +#: sssd.conf.5.xml:3267 msgid "" "<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management " "provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> " @@ -3601,8 +3607,8 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3044 sssd.conf.5.xml:3155 sssd.conf.5.xml:3206 -#: sssd.conf.5.xml:3269 +#: sssd.conf.5.xml:3051 sssd.conf.5.xml:3162 sssd.conf.5.xml:3213 +#: sssd.conf.5.xml:3276 msgid "" "<quote>ad</quote>: Active Directory provider. See <citerefentry> " "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3610,19 +3616,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3055 +#: sssd.conf.5.xml:3062 msgid "use_fully_qualified_names (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3058 +#: sssd.conf.5.xml:3065 msgid "" "Use the full name and domain (as formatted by the domain's full_name_format) " "as the user's login name reported to NSS." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3063 +#: sssd.conf.5.xml:3070 msgid "" "If set to TRUE, all requests to this domain must use fully qualified names. " "For example, if used in LOCAL domain that contains a \"test\" user, " @@ -3631,7 +3637,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3071 +#: sssd.conf.5.xml:3078 msgid "" "NOTE: This option has no effect on netgroup lookups due to their tendency to " "include nested netgroups without qualified names. For netgroups, all domains " @@ -3639,24 +3645,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3078 +#: sssd.conf.5.xml:3085 msgid "" "Default: FALSE (TRUE for trusted domain/sub-domains or if " "default_domain_suffix is used)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3085 +#: sssd.conf.5.xml:3092 msgid "ignore_group_members (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3088 +#: sssd.conf.5.xml:3095 msgid "Do not return group members for group lookups." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3091 +#: sssd.conf.5.xml:3098 msgid "" "If set to TRUE, the group membership attribute is not requested from the " "ldap server, and group members are not returned when processing group lookup " @@ -3668,7 +3674,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3109 +#: sssd.conf.5.xml:3116 msgid "" "Enabling this option can also make access provider checks for group " "membership significantly faster, especially for groups containing many " @@ -3676,30 +3682,30 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3115 sssd.conf.5.xml:3822 sssd-ldap.5.xml:326 -#: sssd-ldap.5.xml:355 sssd-ldap.5.xml:408 sssd-ldap.5.xml:468 -#: sssd-ldap.5.xml:489 sssd-ldap.5.xml:520 sssd-ldap.5.xml:543 -#: sssd-ldap.5.xml:582 sssd-ldap.5.xml:601 sssd-ldap.5.xml:625 -#: sssd-ldap.5.xml:1051 sssd-ldap.5.xml:1084 +#: sssd.conf.5.xml:3122 sssd.conf.5.xml:3829 sssd-ldap.5.xml:327 +#: sssd-ldap.5.xml:356 sssd-ldap.5.xml:409 sssd-ldap.5.xml:469 +#: sssd-ldap.5.xml:490 sssd-ldap.5.xml:521 sssd-ldap.5.xml:544 +#: sssd-ldap.5.xml:583 sssd-ldap.5.xml:602 sssd-ldap.5.xml:626 +#: sssd-ldap.5.xml:1053 sssd-ldap.5.xml:1086 msgid "" "This option can be also set per subdomain or inherited via " "<emphasis>subdomain_inherit</emphasis>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3125 +#: sssd.conf.5.xml:3132 msgid "auth_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3128 +#: sssd.conf.5.xml:3135 msgid "" "The authentication provider used for the domain. Supported auth providers " "are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3132 sssd.conf.5.xml:3190 +#: sssd.conf.5.xml:3139 sssd.conf.5.xml:3197 msgid "" "<quote>ldap</quote> for native LDAP authentication. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3707,7 +3713,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3139 +#: sssd.conf.5.xml:3146 msgid "" "<quote>krb5</quote> for Kerberos authentication. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3715,30 +3721,30 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3163 +#: sssd.conf.5.xml:3170 msgid "" "<quote>proxy</quote> for relaying authentication to some other PAM target." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3166 +#: sssd.conf.5.xml:3173 msgid "<quote>none</quote> disables authentication explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3169 +#: sssd.conf.5.xml:3176 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can handle " "authentication requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3175 +#: sssd.conf.5.xml:3182 msgid "access_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3178 +#: sssd.conf.5.xml:3185 msgid "" "The access control provider used for the domain. There are two built-in " "access providers (in addition to any included in installed backends) " @@ -3746,19 +3752,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3184 +#: sssd.conf.5.xml:3191 msgid "" "<quote>permit</quote> always allow access. It's the only permitted access " "provider for a local domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3187 +#: sssd.conf.5.xml:3194 msgid "<quote>deny</quote> always deny access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3214 +#: sssd.conf.5.xml:3221 msgid "" "<quote>simple</quote> access control based on access or deny lists. See " "<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</" @@ -3767,7 +3773,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3221 +#: sssd.conf.5.xml:3228 msgid "" "<quote>krb5</quote>: .k5login based access control. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum></" @@ -3775,29 +3781,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3228 +#: sssd.conf.5.xml:3235 msgid "<quote>proxy</quote> for relaying access control to another PAM module." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3231 +#: sssd.conf.5.xml:3238 msgid "Default: <quote>permit</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3236 +#: sssd.conf.5.xml:3243 msgid "chpass_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3239 +#: sssd.conf.5.xml:3246 msgid "" "The provider which should handle change password operations for the domain. " "Supported change password providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3244 +#: sssd.conf.5.xml:3251 msgid "" "<quote>ldap</quote> to change a password stored in a LDAP server. See " "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" @@ -3805,7 +3811,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3252 +#: sssd.conf.5.xml:3259 msgid "" "<quote>krb5</quote> to change the Kerberos password. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3813,35 +3819,35 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3277 +#: sssd.conf.5.xml:3284 msgid "" "<quote>proxy</quote> for relaying password changes to some other PAM target." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3281 +#: sssd.conf.5.xml:3288 msgid "<quote>none</quote> disallows password changes explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3284 +#: sssd.conf.5.xml:3291 msgid "" "Default: <quote>auth_provider</quote> is used if it is set and can handle " "change password requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3291 +#: sssd.conf.5.xml:3298 msgid "sudo_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3294 +#: sssd.conf.5.xml:3301 msgid "The SUDO provider used for the domain. Supported SUDO providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3298 +#: sssd.conf.5.xml:3305 msgid "" "<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3849,32 +3855,32 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3306 +#: sssd.conf.5.xml:3313 msgid "" "<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default " "settings." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3310 +#: sssd.conf.5.xml:3317 msgid "" "<quote>ad</quote> the same as <quote>ldap</quote> but with AD default " "settings." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3314 +#: sssd.conf.5.xml:3321 msgid "<quote>none</quote> disables SUDO explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3317 sssd.conf.5.xml:3403 sssd.conf.5.xml:3473 -#: sssd.conf.5.xml:3498 sssd.conf.5.xml:3534 +#: sssd.conf.5.xml:3324 sssd.conf.5.xml:3410 sssd.conf.5.xml:3480 +#: sssd.conf.5.xml:3505 sssd.conf.5.xml:3541 msgid "Default: The value of <quote>id_provider</quote> is used if it is set." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3321 +#: sssd.conf.5.xml:3328 msgid "" "The detailed instructions for configuration of sudo_provider are in the " "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " @@ -3885,7 +3891,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3336 +#: sssd.conf.5.xml:3343 msgid "" "<emphasis>NOTE:</emphasis> Sudo rules are periodically downloaded in the " "background unless the sudo provider is explicitly disabled. Set " @@ -3894,12 +3900,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3346 +#: sssd.conf.5.xml:3353 msgid "selinux_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3349 +#: sssd.conf.5.xml:3356 msgid "" "The provider which should handle loading of selinux settings. Note that this " "provider will be called right after access provider ends. Supported selinux " @@ -3907,7 +3913,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3355 +#: sssd.conf.5.xml:3362 msgid "" "<quote>ipa</quote> to load selinux settings from an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" @@ -3915,31 +3921,31 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3363 +#: sssd.conf.5.xml:3370 msgid "<quote>none</quote> disallows fetching selinux settings explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3366 +#: sssd.conf.5.xml:3373 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can handle " "selinux loading requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3372 +#: sssd.conf.5.xml:3379 msgid "subdomains_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3375 +#: sssd.conf.5.xml:3382 msgid "" "The provider which should handle fetching of subdomains. This value should " "be always the same as id_provider. Supported subdomain providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3381 +#: sssd.conf.5.xml:3388 msgid "" "<quote>ipa</quote> to load a list of subdomains from an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" @@ -3947,7 +3953,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3390 +#: sssd.conf.5.xml:3397 msgid "" "<quote>ad</quote> to load a list of subdomains from an Active Directory " "server. See <citerefentry> <refentrytitle>sssd-ad</refentrytitle> " @@ -3956,17 +3962,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3399 +#: sssd.conf.5.xml:3406 msgid "<quote>none</quote> disallows fetching subdomains explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3409 +#: sssd.conf.5.xml:3416 msgid "session_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3412 +#: sssd.conf.5.xml:3419 msgid "" "The provider which configures and manages user session related tasks. The " "only user session task currently provided is the integration with Fleet " @@ -3974,43 +3980,43 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3419 +#: sssd.conf.5.xml:3426 msgid "<quote>ipa</quote> to allow performing user session related tasks." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3423 +#: sssd.conf.5.xml:3430 msgid "" "<quote>none</quote> does not perform any kind of user session related tasks." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3427 +#: sssd.conf.5.xml:3434 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can perform " "session related tasks." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3431 +#: sssd.conf.5.xml:3438 msgid "" "<emphasis>NOTE:</emphasis> In order to have this feature working as expected " "SSSD must be running as \"root\" and not as the unprivileged user." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3439 +#: sssd.conf.5.xml:3446 msgid "autofs_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3442 +#: sssd.conf.5.xml:3449 msgid "" "The autofs provider used for the domain. Supported autofs providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3446 +#: sssd.conf.5.xml:3453 msgid "" "<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" @@ -4018,7 +4024,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3453 +#: sssd.conf.5.xml:3460 msgid "" "<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> " "<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </" @@ -4026,7 +4032,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3461 +#: sssd.conf.5.xml:3468 msgid "" "<quote>ad</quote> to load maps stored in an AD server. See <citerefentry> " "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </" @@ -4034,24 +4040,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3470 +#: sssd.conf.5.xml:3477 msgid "<quote>none</quote> disables autofs explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3480 +#: sssd.conf.5.xml:3487 msgid "hostid_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3483 +#: sssd.conf.5.xml:3490 msgid "" "The provider used for retrieving host identity information. Supported " "hostid providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3487 +#: sssd.conf.5.xml:3494 msgid "" "<quote>ipa</quote> to load host identity stored in an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" @@ -4059,31 +4065,31 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3495 +#: sssd.conf.5.xml:3502 msgid "<quote>none</quote> disables hostid explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3505 +#: sssd.conf.5.xml:3512 msgid "resolver_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3508 +#: sssd.conf.5.xml:3515 msgid "" "The provider which should handle hosts and networks lookups. Supported " "resolver providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3512 +#: sssd.conf.5.xml:3519 msgid "" "<quote>proxy</quote> to forward lookups to another NSS library. See " "<quote>proxy_resolver_lib_name</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3516 +#: sssd.conf.5.xml:3523 msgid "" "<quote>ldap</quote> to fetch hosts and networks stored in LDAP. See " "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" @@ -4091,7 +4097,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3523 +#: sssd.conf.5.xml:3530 msgid "" "<quote>ad</quote> to fetch hosts and networks stored in AD. See " "<citerefentry> <refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</" @@ -4100,12 +4106,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3531 +#: sssd.conf.5.xml:3538 msgid "<quote>none</quote> disallows fetching hosts and networks explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3544 +#: sssd.conf.5.xml:3551 msgid "" "Regular expression for this domain that describes how to parse the string " "containing user name and domain into these components. The \"domain\" can " @@ -4115,24 +4121,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3553 +#: sssd.conf.5.xml:3560 msgid "" "Default: <quote>^((?P<name>.+)@(?P<domain>[^@]*)|(?P<name>" "[^@]+))$</quote> which allows two different styles for user names:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:3558 sssd.conf.5.xml:3572 +#: sssd.conf.5.xml:3565 sssd.conf.5.xml:3579 msgid "username" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:3561 sssd.conf.5.xml:3575 +#: sssd.conf.5.xml:3568 sssd.conf.5.xml:3582 msgid "username@domain.name" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3566 +#: sssd.conf.5.xml:3573 msgid "" "Default for the AD and IPA provider: <quote>^(((?P<domain>[^\\\\]+)\\" "\\(?P<name>.+))|((?P<name>.+)@(?P<domain>[^@]+))|((?P<" @@ -4141,19 +4147,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:3578 +#: sssd.conf.5.xml:3585 msgid "domain\\username" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3581 +#: sssd.conf.5.xml:3588 msgid "" "While the first two correspond to the general default the third one is " "introduced to allow easy integration of users from Windows domains." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3586 +#: sssd.conf.5.xml:3593 msgid "" "The default re_expression uses the <quote>@</quote> character as a separator " "between the name and the domain. As a result of this setting the default " @@ -4163,93 +4169,93 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3638 +#: sssd.conf.5.xml:3645 msgid "Default: <quote>%1$s@%2$s</quote>." msgstr "Standaard: <quote>%1$s@%2$s</quote>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3644 +#: sssd.conf.5.xml:3651 msgid "lookup_family_order (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3647 +#: sssd.conf.5.xml:3654 msgid "" "Provides the ability to select preferred address family to use when " "performing DNS lookups." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3651 +#: sssd.conf.5.xml:3658 msgid "Supported values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3654 +#: sssd.conf.5.xml:3661 msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3657 +#: sssd.conf.5.xml:3664 msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3660 +#: sssd.conf.5.xml:3667 msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3663 +#: sssd.conf.5.xml:3670 msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3666 +#: sssd.conf.5.xml:3673 msgid "Default: ipv4_first" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3672 +#: sssd.conf.5.xml:3679 #, fuzzy #| msgid "entry_negative_timeout (integer)" msgid "dns_resolver_server_timeout (integer)" msgstr "entry_negative_timeout (numeriek)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3675 +#: sssd.conf.5.xml:3682 msgid "" "Defines the amount of time (in milliseconds) SSSD would try to talk to DNS " "server before trying next DNS server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3680 +#: sssd.conf.5.xml:3687 msgid "" "The AD provider will use this option for the CLDAP ping timeouts as well." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3684 sssd.conf.5.xml:3704 sssd.conf.5.xml:3725 +#: sssd.conf.5.xml:3691 sssd.conf.5.xml:3711 sssd.conf.5.xml:3732 msgid "" "Please see the section <quote>FAILOVER</quote> for more information about " "the service resolution." msgstr "" #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3689 sssd-ldap.5.xml:644 include/failover.xml:84 +#: sssd.conf.5.xml:3696 sssd-ldap.5.xml:645 include/failover.xml:84 msgid "Default: 1000" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3695 +#: sssd.conf.5.xml:3702 #, fuzzy #| msgid "entry_negative_timeout (integer)" msgid "dns_resolver_op_timeout (integer)" msgstr "entry_negative_timeout (numeriek)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3698 +#: sssd.conf.5.xml:3705 msgid "" "Defines the amount of time (in seconds) to wait to resolve single DNS query " "(e.g. resolution of a hostname or an SRV record) before trying the next " @@ -4257,12 +4263,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3715 +#: sssd.conf.5.xml:3722 msgid "dns_resolver_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3718 +#: sssd.conf.5.xml:3725 msgid "" "Defines the amount of time (in seconds) to wait for a reply from the " "internal fail over service before assuming that the service is unreachable. " @@ -4271,14 +4277,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3736 +#: sssd.conf.5.xml:3743 #, fuzzy #| msgid "entry_negative_timeout (integer)" msgid "dns_resolver_use_search_list (bool)" msgstr "entry_negative_timeout (numeriek)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3739 +#: sssd.conf.5.xml:3746 msgid "" "Normally, the DNS resolver searches the domain list defined in the " "\"search\" directive from the resolv.conf file. This can lead to delays in " @@ -4286,7 +4292,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3745 +#: sssd.conf.5.xml:3752 msgid "" "If fully qualified domain names (or _srv_) are used in the SSSD " "configuration, setting this option to FALSE can prevent unnecessary DNS " @@ -4294,71 +4300,71 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3751 +#: sssd.conf.5.xml:3758 #, fuzzy #| msgid "Default: 3" msgid "Default: TRUE" msgstr "Standaard: 3" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3757 +#: sssd.conf.5.xml:3764 msgid "dns_discovery_domain (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3760 +#: sssd.conf.5.xml:3767 msgid "" "If service discovery is used in the back end, specifies the domain part of " "the service discovery DNS query." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3764 +#: sssd.conf.5.xml:3771 msgid "Default: Use the domain part of machine's hostname" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3770 +#: sssd.conf.5.xml:3777 msgid "override_gid (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3773 +#: sssd.conf.5.xml:3780 msgid "Override the primary GID value with the one specified." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3779 +#: sssd.conf.5.xml:3786 msgid "case_sensitive (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3786 +#: sssd.conf.5.xml:3793 msgid "True" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3789 +#: sssd.conf.5.xml:3796 msgid "Case sensitive. This value is invalid for AD provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3795 +#: sssd.conf.5.xml:3802 msgid "False" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3797 +#: sssd.conf.5.xml:3804 msgid "Case insensitive." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3801 +#: sssd.conf.5.xml:3808 msgid "Preserving" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3804 +#: sssd.conf.5.xml:3811 msgid "" "Same as False (case insensitive), but does not lowercase names in the result " "of NSS operations. Note that name aliases (and in case of services also " @@ -4366,31 +4372,31 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3812 +#: sssd.conf.5.xml:3819 msgid "" "If you want to set this value for trusted domain with IPA provider, you need " "to set it on both the client and SSSD on the server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3782 +#: sssd.conf.5.xml:3789 msgid "" "Treat user and group names as case sensitive. Possible option values are: " "<placeholder type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3827 +#: sssd.conf.5.xml:3834 msgid "Default: True (False for AD provider)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3833 +#: sssd.conf.5.xml:3840 msgid "subdomain_inherit (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3836 +#: sssd.conf.5.xml:3843 msgid "" "Specifies a list of configuration parameters that should be inherited by a " "subdomain. Please note that only selected parameters can be inherited. " @@ -4398,114 +4404,114 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3842 +#: sssd.conf.5.xml:3849 msgid "ldap_search_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3845 +#: sssd.conf.5.xml:3852 msgid "ldap_network_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3848 +#: sssd.conf.5.xml:3855 msgid "ldap_opt_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3851 +#: sssd.conf.5.xml:3858 #, fuzzy #| msgid "enum_cache_timeout (integer)" msgid "ldap_offline_timeout" msgstr "enum_cache_timeout (numeriek)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3854 +#: sssd.conf.5.xml:3861 #, fuzzy #| msgid "reconnection_retries (integer)" msgid "ldap_enumeration_refresh_timeout" msgstr "reconnection_retries (numeriek)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3857 +#: sssd.conf.5.xml:3864 msgid "ldap_enumeration_refresh_offset" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3860 +#: sssd.conf.5.xml:3867 msgid "ldap_purge_cache_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3863 +#: sssd.conf.5.xml:3870 msgid "ldap_purge_cache_offset" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3866 +#: sssd.conf.5.xml:3873 msgid "" "ldap_krb5_keytab (the value of krb5_keytab will be used if ldap_krb5_keytab " "is not set explicitly)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3870 +#: sssd.conf.5.xml:3877 msgid "ldap_krb5_ticket_lifetime" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3873 +#: sssd.conf.5.xml:3880 #, fuzzy #| msgid "reconnection_retries (integer)" msgid "ldap_enumeration_search_timeout" msgstr "reconnection_retries (numeriek)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3876 +#: sssd.conf.5.xml:3883 #, fuzzy #| msgid "reconnection_retries (integer)" msgid "ldap_connection_expire_timeout" msgstr "reconnection_retries (numeriek)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3879 +#: sssd.conf.5.xml:3886 #, fuzzy #| msgid "reconnection_retries (integer)" msgid "ldap_connection_expire_offset" msgstr "reconnection_retries (numeriek)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3882 +#: sssd.conf.5.xml:3889 msgid "ldap_connection_idle_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3885 sssd-ldap.5.xml:400 +#: sssd.conf.5.xml:3892 sssd-ldap.5.xml:401 msgid "ldap_use_tokengroups" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3888 +#: sssd.conf.5.xml:3895 msgid "ldap_user_principal" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3891 +#: sssd.conf.5.xml:3898 msgid "ignore_group_members" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3894 +#: sssd.conf.5.xml:3901 msgid "auto_private_groups" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3897 +#: sssd.conf.5.xml:3904 msgid "case_sensitive" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:3902 +#: sssd.conf.5.xml:3909 #, no-wrap msgid "" "subdomain_inherit = ldap_purge_cache_timeout\n" @@ -4513,27 +4519,27 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3909 +#: sssd.conf.5.xml:3916 msgid "Note: This option only works with the IPA and AD provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3916 +#: sssd.conf.5.xml:3923 msgid "subdomain_homedir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3927 +#: sssd.conf.5.xml:3934 msgid "%F" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3928 +#: sssd.conf.5.xml:3935 msgid "flat (NetBIOS) name of a subdomain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3919 +#: sssd.conf.5.xml:3926 msgid "" "Use this homedir as default value for all subdomains within this domain in " "IPA AD trust. See <emphasis>override_homedir</emphasis> for info about " @@ -4543,34 +4549,34 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3933 +#: sssd.conf.5.xml:3940 msgid "" "The value can be overridden by <emphasis>override_homedir</emphasis> option." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3937 +#: sssd.conf.5.xml:3944 msgid "Default: <filename>/home/%d/%u</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3942 +#: sssd.conf.5.xml:3949 msgid "realmd_tags (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3945 +#: sssd.conf.5.xml:3952 msgid "" "Various tags stored by the realmd configuration service for this domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3951 +#: sssd.conf.5.xml:3958 msgid "cached_auth_timeout (int)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3954 +#: sssd.conf.5.xml:3961 msgid "" "Specifies time in seconds since last successful online authentication for " "which user will be authenticated using cached credentials while SSSD is in " @@ -4579,19 +4585,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3962 +#: sssd.conf.5.xml:3969 msgid "" "This option's value is inherited by all trusted domains. At the moment it is " "not possible to set a different value per trusted domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3967 +#: sssd.conf.5.xml:3974 msgid "Special value 0 implies that this feature is disabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3971 +#: sssd.conf.5.xml:3978 msgid "" "Please note that if <quote>cached_auth_timeout</quote> is longer than " "<quote>pam_id_timeout</quote> then the back end could be called to handle " @@ -4599,14 +4605,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3982 +#: sssd.conf.5.xml:3989 #, fuzzy #| msgid "re_expression (string)" msgid "local_auth_policy (string)" msgstr "re_expression (tekst)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3985 +#: sssd.conf.5.xml:3992 msgid "" "Local authentication methods policy. Some backends (i.e. LDAP, proxy " "provider) only support a password based authentication, while others can " @@ -4617,7 +4623,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3995 +#: sssd.conf.5.xml:4002 msgid "" "There are three possible values for this option: match, only, enable. " "<quote>match</quote> is used to match offline and online states for Kerberos " @@ -4628,8 +4634,17 @@ msgid "" "separated, such as <quote>enable:passkey, enable:smartcard</quote>" msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4014 +msgid "" +"Please note that if local Smartcard authentication is enabled and a " +"Smartcard is present, Smartcard authentication will be preferred over the " +"authentication methods supported by the backend. I.e. there will be a PIN " +"prompt instead of e.g. a password prompt." +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:4011 +#: sssd.conf.5.xml:4026 #, no-wrap msgid "" "[domain/shadowutils]\n" @@ -4640,7 +4655,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4007 +#: sssd.conf.5.xml:4022 msgid "" "The following configuration example allows local users to authenticate " "locally using any enabled method (i.e. smartcard, passkey). <placeholder " @@ -4648,36 +4663,36 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4019 +#: sssd.conf.5.xml:4034 msgid "This option is ignored for the files provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4022 +#: sssd.conf.5.xml:4037 #, fuzzy #| msgid "Default: 3" msgid "Default: match" msgstr "Standaard: 3" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4027 +#: sssd.conf.5.xml:4042 msgid "auto_private_groups (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4033 +#: sssd.conf.5.xml:4048 msgid "true" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4036 +#: sssd.conf.5.xml:4051 msgid "" "Create user's private group unconditionally from user's UID number. The GID " "number is ignored in this case." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4040 +#: sssd.conf.5.xml:4055 msgid "" "NOTE: Because the GID number and the user private group are inferred from " "the UID number, it is not supported to have multiple entries with the same " @@ -4686,24 +4701,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4049 +#: sssd.conf.5.xml:4064 msgid "false" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4052 +#: sssd.conf.5.xml:4067 msgid "" "Always use the user's primary GID number. The GID number must refer to a " "group object in the LDAP database." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4058 +#: sssd.conf.5.xml:4073 msgid "hybrid" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4061 +#: sssd.conf.5.xml:4076 msgid "" "A primary group is autogenerated for user entries whose UID and GID numbers " "have the same value and at the same time the GID number does not correspond " @@ -4713,14 +4728,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4074 +#: sssd.conf.5.xml:4089 msgid "" "If the UID and GID of a user are different, then the GID must correspond to " "a group entry, otherwise the GID is simply not resolvable." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4081 +#: sssd.conf.5.xml:4096 msgid "" "This feature is useful for environments that wish to stop maintaining a " "separate group objects for the user private groups, but also wish to retain " @@ -4728,21 +4743,21 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4030 +#: sssd.conf.5.xml:4045 msgid "" "This option takes any of three available values: <placeholder " "type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4093 +#: sssd.conf.5.xml:4108 msgid "" "For subdomains, the default value is False for subdomains that use assigned " "POSIX IDs and True for subdomains that use automatic ID-mapping." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:4101 +#: sssd.conf.5.xml:4116 #, no-wrap msgid "" "[domain/forest.domain/sub.domain]\n" @@ -4750,7 +4765,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:4107 +#: sssd.conf.5.xml:4122 #, no-wrap msgid "" "[domain/forest.domain]\n" @@ -4759,7 +4774,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4098 +#: sssd.conf.5.xml:4113 msgid "" "The value of auto_private_groups can either be set per subdomains in a " "subsection, for example: <placeholder type=\"programlisting\" id=\"0\"/> or " @@ -4776,29 +4791,30 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4122 +#: sssd.conf.5.xml:4137 msgid "proxy_pam_target (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4125 +#: sssd.conf.5.xml:4140 msgid "The proxy target PAM proxies to." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4128 +#: sssd.conf.5.xml:4143 msgid "" "Default: not set by default, you have to take an existing pam configuration " -"or create a new one and add the service name here." +"or create a new one and add the service name here. As an alternative you can " +"enable local authentication with the local_auth_policy option." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4136 +#: sssd.conf.5.xml:4153 msgid "proxy_lib_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4139 +#: sssd.conf.5.xml:4156 msgid "" "The name of the NSS library to use in proxy domains. The NSS functions " "searched for in the library are in the form of _nss_$(libName)_$(function), " @@ -4806,12 +4822,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4149 +#: sssd.conf.5.xml:4166 msgid "proxy_resolver_lib_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4152 +#: sssd.conf.5.xml:4169 msgid "" "The name of the NSS library to use for hosts and networks lookups in proxy " "domains. The NSS functions searched for in the library are in the form of " @@ -4819,12 +4835,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4163 +#: sssd.conf.5.xml:4180 msgid "proxy_fast_alias (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4166 +#: sssd.conf.5.xml:4183 msgid "" "When a user or group is looked up by name in the proxy provider, a second " "lookup by ID is performed to \"canonicalize\" the name in case the requested " @@ -4833,12 +4849,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4180 +#: sssd.conf.5.xml:4197 msgid "proxy_max_children (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4183 +#: sssd.conf.5.xml:4200 msgid "" "This option specifies the number of pre-forked proxy children. It is useful " "for high-load SSSD environments where sssd may run out of available child " @@ -4846,19 +4862,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4118 +#: sssd.conf.5.xml:4133 msgid "" "Options valid for proxy domains. <placeholder type=\"variablelist\" " "id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:4199 +#: sssd.conf.5.xml:4216 msgid "Application domains" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4201 +#: sssd.conf.5.xml:4218 msgid "" "SSSD, with its D-Bus interface (see <citerefentry> <refentrytitle>sssd-ifp</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry>) is appealing to " @@ -4875,7 +4891,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4221 +#: sssd.conf.5.xml:4238 msgid "" "Please note that the application domain must still be explicitly enabled in " "the <quote>domains</quote> parameter so that the lookup order between the " @@ -4883,17 +4899,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> -#: sssd.conf.5.xml:4227 +#: sssd.conf.5.xml:4244 msgid "Application domain parameters" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4229 +#: sssd.conf.5.xml:4246 msgid "inherit_from (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4232 +#: sssd.conf.5.xml:4249 msgid "" "The SSSD POSIX-type domain the application domain inherits all settings " "from. The application domain can moreover add its own settings to the " @@ -4902,7 +4918,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4246 +#: sssd.conf.5.xml:4263 msgid "" "The following example illustrates the use of an application domain. In this " "setup, the POSIX domain is connected to an LDAP server and is used by the OS " @@ -4912,7 +4928,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><programlisting> -#: sssd.conf.5.xml:4254 +#: sssd.conf.5.xml:4271 #, no-wrap msgid "" "[sssd]\n" @@ -4932,12 +4948,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4274 +#: sssd.conf.5.xml:4291 msgid "TRUSTED DOMAIN SECTION" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4276 +#: sssd.conf.5.xml:4293 msgid "" "Some options used in the domain section can also be used in the trusted " "domain section, that is, in a section called <quote>[domain/" @@ -4948,69 +4964,69 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4283 +#: sssd.conf.5.xml:4300 msgid "ldap_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4284 +#: sssd.conf.5.xml:4301 msgid "ldap_user_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4285 +#: sssd.conf.5.xml:4302 msgid "ldap_group_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4286 +#: sssd.conf.5.xml:4303 msgid "ldap_netgroup_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4287 +#: sssd.conf.5.xml:4304 msgid "ldap_service_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4288 +#: sssd.conf.5.xml:4305 msgid "ldap_sasl_mech," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4289 +#: sssd.conf.5.xml:4306 msgid "ad_server," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4290 +#: sssd.conf.5.xml:4307 msgid "ad_backup_server," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4291 +#: sssd.conf.5.xml:4308 msgid "ad_site," msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4292 sssd-ipa.5.xml:879 +#: sssd.conf.5.xml:4309 sssd-ipa.5.xml:884 msgid "use_fully_qualified_names" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4296 +#: sssd.conf.5.xml:4313 msgid "" "For more details about these options see their individual description in the " "manual page." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4302 +#: sssd.conf.5.xml:4319 msgid "CERTIFICATE MAPPING SECTION" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4304 +#: sssd.conf.5.xml:4321 msgid "" "To allow authentication with Smartcards and certificates SSSD must be able " "to map certificates to users. This can be done by adding the full " @@ -5023,7 +5039,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4318 +#: sssd.conf.5.xml:4335 msgid "" "To make the mapping more flexible mapping and matching rules were added to " "SSSD (see <citerefentry> <refentrytitle>sss-certmap</refentrytitle> " @@ -5031,7 +5047,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4327 +#: sssd.conf.5.xml:4344 msgid "" "A mapping and matching rule can be added to the SSSD configuration in a " "section on its own with a name like <quote>[certmap/" @@ -5040,55 +5056,55 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4334 +#: sssd.conf.5.xml:4351 msgid "matchrule (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4337 +#: sssd.conf.5.xml:4354 msgid "" "Only certificates from the Smartcard which matches this rule will be " "processed, all others are ignored." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4341 +#: sssd.conf.5.xml:4358 msgid "" "Default: KRB5:<EKU>clientAuth, i.e. only certificates which have the " "Extended Key Usage <quote>clientAuth</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4348 +#: sssd.conf.5.xml:4365 msgid "maprule (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4351 +#: sssd.conf.5.xml:4368 msgid "Defines how the user is found for a given certificate." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4357 +#: sssd.conf.5.xml:4374 msgid "" "LDAP:(userCertificate;binary={cert!bin}) for LDAP based providers like " "<quote>ldap</quote>, <quote>AD</quote> or <quote>ipa</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4363 +#: sssd.conf.5.xml:4380 msgid "" "The RULE_NAME for the <quote>files</quote> provider which tries to find a " "user with the same name." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4372 +#: sssd.conf.5.xml:4389 msgid "domains (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4375 +#: sssd.conf.5.xml:4392 msgid "" "Comma separated list of domain names the rule should be applied. By default " "a rule is only valid in the domain configured in sssd.conf. If the provider " @@ -5097,17 +5113,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4382 +#: sssd.conf.5.xml:4399 msgid "Default: the configured domain in sssd.conf" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4387 +#: sssd.conf.5.xml:4404 msgid "priority (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4390 +#: sssd.conf.5.xml:4407 msgid "" "Unsigned integer value defining the priority of the rule. The higher the " "number the lower the priority. <quote>0</quote> stands for the highest " @@ -5115,26 +5131,26 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4396 +#: sssd.conf.5.xml:4413 msgid "Default: the lowest priority" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4402 +#: sssd.conf.5.xml:4419 msgid "" "To make the configuration simple and reduce the amount of configuration " "options the <quote>files</quote> provider has some special properties:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4408 +#: sssd.conf.5.xml:4425 msgid "" "if maprule is not set the RULE_NAME name is assumed to be the name of the " "matching user" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4414 +#: sssd.conf.5.xml:4431 msgid "" "if a maprule is used both a single user name or a template like " "<quote>{subject_rfc822_name.short_name}</quote> must be in braces like e.g. " @@ -5143,17 +5159,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4423 +#: sssd.conf.5.xml:4440 msgid "the <quote>domains</quote> option is ignored" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4431 +#: sssd.conf.5.xml:4448 msgid "PROMPTING CONFIGURATION SECTION" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4433 +#: sssd.conf.5.xml:4450 msgid "" "If a special file (<filename>/var/lib/sss/pubconf/pam_preauth_available</" "filename>) exists SSSD's PAM module pam_sss will ask SSSD to figure out " @@ -5163,7 +5179,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4441 +#: sssd.conf.5.xml:4458 msgid "" "With the growing number of authentication methods and the possibility that " "there are multiple ones for a single user the heuristic used by pam_sss to " @@ -5172,59 +5188,59 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4453 +#: sssd.conf.5.xml:4470 msgid "[prompting/password]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4456 +#: sssd.conf.5.xml:4473 msgid "password_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4457 +#: sssd.conf.5.xml:4474 msgid "to change the string of the password prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4455 +#: sssd.conf.5.xml:4472 msgid "" "to configure password prompting, allowed options are: <placeholder " "type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4465 +#: sssd.conf.5.xml:4482 msgid "[prompting/2fa]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4469 +#: sssd.conf.5.xml:4486 msgid "first_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4470 +#: sssd.conf.5.xml:4487 msgid "to change the string of the prompt for the first factor" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4473 +#: sssd.conf.5.xml:4490 msgid "second_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4474 +#: sssd.conf.5.xml:4491 msgid "to change the string of the prompt for the second factor" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4477 +#: sssd.conf.5.xml:4494 msgid "single_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4478 +#: sssd.conf.5.xml:4495 msgid "" "boolean value, if True there will be only a single prompt using the value of " "first_prompt where it is expected that both factors are entered as a single " @@ -5233,7 +5249,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4467 +#: sssd.conf.5.xml:4484 msgid "" "to configure two-factor authentication prompting, allowed options are: " "<placeholder type=\"variablelist\" id=\"0\"/> If the second factor is " @@ -5242,17 +5258,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4495 +#: sssd.conf.5.xml:4512 msgid "[prompting/passkey]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4501 sssd-ad.5.xml:1021 +#: sssd.conf.5.xml:4518 sssd-ad.5.xml:1021 msgid "interactive" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4503 +#: sssd.conf.5.xml:4520 msgid "" "boolean value, if True prompt a message and wait before testing the presence " "of a passkey device. Recommended if your device doesn’t have a tactile " @@ -5260,46 +5276,46 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4511 +#: sssd.conf.5.xml:4528 msgid "interactive_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4513 +#: sssd.conf.5.xml:4530 msgid "to change the message of the interactive prompt." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4518 +#: sssd.conf.5.xml:4535 msgid "touch" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4520 +#: sssd.conf.5.xml:4537 msgid "" "boolean value, if True prompt a message to remind the user to touch the " "device." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4526 +#: sssd.conf.5.xml:4543 msgid "touch_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4528 +#: sssd.conf.5.xml:4545 msgid "to change the message of the touch prompt." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4497 +#: sssd.conf.5.xml:4514 msgid "" "to configure passkey authentication prompting, allowed options are: " "<placeholder type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4448 +#: sssd.conf.5.xml:4465 msgid "" "Each supported authentication method has its own configuration subsection " "under <quote>[prompting/...]</quote>. Currently there are: <placeholder " @@ -5308,7 +5324,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4539 +#: sssd.conf.5.xml:4556 msgid "" "It is possible to add a subsection for specific PAM services, e.g. " "<quote>[prompting/password/sshd]</quote> to individual change the prompting " @@ -5316,12 +5332,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4546 pam_sss_gss.8.xml:157 idmap_sss.8.xml:43 +#: sssd.conf.5.xml:4563 pam_sss_gss.8.xml:157 idmap_sss.8.xml:43 msgid "EXAMPLES" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4552 +#: sssd.conf.5.xml:4569 #, no-wrap msgid "" "[sssd]\n" @@ -5351,7 +5367,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4548 +#: sssd.conf.5.xml:4565 msgid "" "1. The following example shows a typical SSSD config. It does not describe " "configuration of the domains themselves - refer to documentation on " @@ -5360,7 +5376,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4585 +#: sssd.conf.5.xml:4602 #, no-wrap msgid "" "[domain/ipa.com/child.ad.com]\n" @@ -5368,7 +5384,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4579 +#: sssd.conf.5.xml:4596 msgid "" "2. The following example shows configuration of IPA AD trust where the AD " "forest consists of two domains in a parent-child structure. Suppose IPA " @@ -5379,7 +5395,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4596 +#: sssd.conf.5.xml:4613 #, no-wrap msgid "" "[certmap/my.domain/rule_name]\n" @@ -5390,7 +5406,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4590 +#: sssd.conf.5.xml:4607 msgid "" "3. The following example shows the configuration of a certificate mapping " "rule. It is valid for the configured domain <quote>my.domain</quote> and " @@ -5444,26 +5460,26 @@ msgid "" "LDAP back end supports id, auth, access and chpass providers. If you want to " "authenticate against an LDAP server either TLS/SSL or LDAPS is required. " "<command>sssd</command> <emphasis>does not</emphasis> support authentication " -"over an unencrypted channel. If the LDAP server is used only as an identity " -"provider, an encrypted channel is not needed. Please refer to " -"<quote>ldap_access_filter</quote> config option for more information about " -"using LDAP as an access provider." +"over an unencrypted channel. Even if the LDAP server is used only as an " +"identity provider, an encrypted channel is strongly recommended. Please " +"refer to <quote>ldap_access_filter</quote> config option for more " +"information about using LDAP as an access provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:82 sssd-ad.5.xml:130 +#: sssd-ldap.5.xml:50 sssd-simple.5.xml:69 sssd-ipa.5.xml:82 sssd-ad.5.xml:130 #: sssd-krb5.5.xml:63 sssd-ifp.5.xml:60 sssd-files.5.xml:77 #: sssd-session-recording.5.xml:58 sssd-kcm.8.xml:202 msgid "CONFIGURATION OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:66 +#: sssd-ldap.5.xml:67 msgid "ldap_uri, ldap_backup_uri (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:69 +#: sssd-ldap.5.xml:70 msgid "" "Specifies the comma-separated list of URIs of the LDAP servers to which SSSD " "should connect in the order of preference. Refer to the <quote>FAILOVER</" @@ -5473,33 +5489,33 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:76 +#: sssd-ldap.5.xml:77 msgid "The format of the URI must match the format defined in RFC 2732:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:79 +#: sssd-ldap.5.xml:80 msgid "ldap[s]://<host>[:port]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:82 +#: sssd-ldap.5.xml:83 msgid "" "For explicit IPv6 addresses, <host> must be enclosed in brackets []" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:85 +#: sssd-ldap.5.xml:86 msgid "example: ldap://[fc00::126:25]:389" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:91 +#: sssd-ldap.5.xml:92 msgid "ldap_chpass_uri, ldap_chpass_backup_uri (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:94 +#: sssd-ldap.5.xml:95 msgid "" "Specifies the comma-separated list of URIs of the LDAP servers to which SSSD " "should connect in the order of preference to change the password of a user. " @@ -5508,71 +5524,71 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:101 +#: sssd-ldap.5.xml:102 msgid "To enable service discovery ldap_chpass_dns_service_name must be set." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:105 +#: sssd-ldap.5.xml:106 msgid "Default: empty, i.e. ldap_uri is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:111 +#: sssd-ldap.5.xml:112 msgid "ldap_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:114 +#: sssd-ldap.5.xml:115 msgid "The default base DN to use for performing LDAP user operations." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:118 +#: sssd-ldap.5.xml:119 msgid "" "Starting with SSSD 1.7.0, SSSD supports multiple search bases using the " "syntax:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:122 +#: sssd-ldap.5.xml:123 msgid "search_base[?scope?[filter][?search_base?scope?[filter]]*]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:125 +#: sssd-ldap.5.xml:126 msgid "The scope can be one of \"base\", \"onelevel\" or \"subtree\"." msgstr "" #. type: Content of: <listitem><para> -#: sssd-ldap.5.xml:128 include/ldap_search_bases.xml:18 +#: sssd-ldap.5.xml:129 include/ldap_search_bases.xml:18 msgid "" "The filter must be a valid LDAP search filter as specified by http://www." "ietf.org/rfc/rfc2254.txt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:132 sssd-ad.5.xml:311 sss_override.8.xml:143 +#: sssd-ldap.5.xml:133 sssd-ad.5.xml:311 sss_override.8.xml:143 #: sss_override.8.xml:240 sssd-ldap-attributes.5.xml:453 msgid "Examples:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:135 +#: sssd-ldap.5.xml:136 msgid "" "ldap_search_base = dc=example,dc=com (which is equivalent to) " "ldap_search_base = dc=example,dc=com?subtree?" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:140 +#: sssd-ldap.5.xml:141 msgid "" "ldap_search_base = cn=host_specific,dc=example,dc=com?subtree?" "(host=thishost)?dc=example.com?subtree?" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:143 +#: sssd-ldap.5.xml:144 msgid "" "Note: It is unsupported to have multiple search bases which reference " "identically-named objects (for example, groups with the same name in two " @@ -5581,7 +5597,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:150 +#: sssd-ldap.5.xml:151 msgid "" "Default: If not set, the value of the defaultNamingContext or namingContexts " "attribute from the RootDSE of the LDAP server is used. If " @@ -5592,12 +5608,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:164 +#: sssd-ldap.5.xml:165 msgid "ldap_schema (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:167 +#: sssd-ldap.5.xml:168 msgid "" "Specifies the Schema Type in use on the target LDAP server. Depending on " "the selected schema, the default attribute names retrieved from the servers " @@ -5605,32 +5621,32 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:174 +#: sssd-ldap.5.xml:175 msgid "Four schema types are currently supported:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:178 +#: sssd-ldap.5.xml:179 msgid "rfc2307" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:183 +#: sssd-ldap.5.xml:184 msgid "rfc2307bis" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:188 +#: sssd-ldap.5.xml:189 msgid "IPA" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:193 +#: sssd-ldap.5.xml:194 msgid "AD" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:199 +#: sssd-ldap.5.xml:200 msgid "" "The main difference between these schema types is how group memberships are " "recorded in the server. With rfc2307, group members are listed by name in " @@ -5641,37 +5657,37 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:209 +#: sssd-ldap.5.xml:210 msgid "Default: rfc2307" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:215 +#: sssd-ldap.5.xml:216 msgid "ldap_pwmodify_mode (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:218 +#: sssd-ldap.5.xml:219 msgid "Specify the operation that is used to modify user password." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:222 +#: sssd-ldap.5.xml:223 msgid "Two modes are currently supported:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:226 +#: sssd-ldap.5.xml:227 msgid "exop - Password Modify Extended Operation (RFC 3062)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:232 +#: sssd-ldap.5.xml:233 msgid "ldap_modify - Direct modification of userPassword (not recommended)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:239 +#: sssd-ldap.5.xml:240 msgid "" "Note: First, a new connection is established to verify current password by " "binding as the user that requested password change. If successful, this " @@ -5680,74 +5696,74 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:247 +#: sssd-ldap.5.xml:248 msgid "Default: exop" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:253 +#: sssd-ldap.5.xml:254 msgid "ldap_default_bind_dn (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:256 +#: sssd-ldap.5.xml:257 msgid "The default bind DN to use for performing LDAP operations." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:263 +#: sssd-ldap.5.xml:264 msgid "ldap_default_authtok_type (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:266 +#: sssd-ldap.5.xml:267 msgid "The type of the authentication token of the default bind DN." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:270 +#: sssd-ldap.5.xml:271 msgid "The two mechanisms currently supported are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:273 +#: sssd-ldap.5.xml:274 msgid "password" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:276 +#: sssd-ldap.5.xml:277 msgid "obfuscated_password" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:279 +#: sssd-ldap.5.xml:280 msgid "Default: password" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:282 +#: sssd-ldap.5.xml:283 msgid "" "See the <citerefentry> <refentrytitle>sss_obfuscate</refentrytitle> " "<manvolnum>8</manvolnum> </citerefentry> manual page for more information." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:293 +#: sssd-ldap.5.xml:294 msgid "ldap_default_authtok (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:296 +#: sssd-ldap.5.xml:297 msgid "The authentication token of the default bind DN." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:302 +#: sssd-ldap.5.xml:303 msgid "ldap_force_upper_case_realm (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:305 +#: sssd-ldap.5.xml:306 msgid "" "Some directory servers, for example Active Directory, might deliver the " "realm part of the UPN in lower case, which might cause the authentication to " @@ -5756,24 +5772,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:318 +#: sssd-ldap.5.xml:319 msgid "ldap_enumeration_refresh_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:321 +#: sssd-ldap.5.xml:322 msgid "" "Specifies how many seconds SSSD has to wait before refreshing its cache of " "enumerated records." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:337 +#: sssd-ldap.5.xml:338 msgid "ldap_purge_cache_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:340 +#: sssd-ldap.5.xml:341 msgid "" "Determine how often to check the cache for inactive entries (such as groups " "with no members and users who have never logged in) and remove them to save " @@ -5781,7 +5797,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:346 +#: sssd-ldap.5.xml:347 msgid "" "Setting this option to zero will disable the cache cleanup operation. Please " "note that if enumeration is enabled, the cleanup task is required in order " @@ -5790,12 +5806,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:366 +#: sssd-ldap.5.xml:367 msgid "ldap_group_nesting_level (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:369 +#: sssd-ldap.5.xml:370 msgid "" "If ldap_schema is set to a schema format that supports nested groups (e.g. " "RFC2307bis), then this option controls how many levels of nesting SSSD will " @@ -5803,7 +5819,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:376 +#: sssd-ldap.5.xml:377 msgid "" "Note: This option specifies the guaranteed level of nested groups to be " "processed for any lookup. However, nested groups beyond this limit " @@ -5813,7 +5829,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:385 +#: sssd-ldap.5.xml:386 msgid "" "If ldap_group_nesting_level is set to 0 then no nested groups are processed " "at all. However, when connected to Active-Directory Server 2008 and later " @@ -5823,67 +5839,67 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:394 +#: sssd-ldap.5.xml:395 msgid "Default: 2" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:403 +#: sssd-ldap.5.xml:404 msgid "" "This options enables or disables use of Token-Groups attribute when " "performing initgroup for users from Active Directory Server 2008 and later." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:413 +#: sssd-ldap.5.xml:414 msgid "Default: True for AD and IPA otherwise False." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:419 +#: sssd-ldap.5.xml:420 msgid "ldap_host_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:422 +#: sssd-ldap.5.xml:423 msgid "Optional. Use the given string as search base for host objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:426 sssd-ipa.5.xml:457 sssd-ipa.5.xml:476 sssd-ipa.5.xml:495 -#: sssd-ipa.5.xml:514 +#: sssd-ldap.5.xml:427 sssd-ipa.5.xml:462 sssd-ipa.5.xml:481 sssd-ipa.5.xml:500 +#: sssd-ipa.5.xml:519 msgid "" "See <quote>ldap_search_base</quote> for information about configuring " "multiple search bases." msgstr "" #. type: Content of: <listitem><para> -#: sssd-ldap.5.xml:431 sssd-ipa.5.xml:462 include/ldap_search_bases.xml:27 +#: sssd-ldap.5.xml:432 sssd-ipa.5.xml:467 include/ldap_search_bases.xml:27 msgid "Default: the value of <emphasis>ldap_search_base</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:438 +#: sssd-ldap.5.xml:439 msgid "ldap_service_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:443 +#: sssd-ldap.5.xml:444 msgid "ldap_iphost_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:448 +#: sssd-ldap.5.xml:449 msgid "ldap_ipnetwork_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:453 +#: sssd-ldap.5.xml:454 msgid "ldap_search_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:456 +#: sssd-ldap.5.xml:457 msgid "" "Specifies the timeout (in seconds) that ldap searches are allowed to run " "before they are cancelled and cached results are returned (and offline mode " @@ -5891,7 +5907,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:462 +#: sssd-ldap.5.xml:463 msgid "" "Note: this option is subject to change in future versions of the SSSD. It " "will likely be replaced at some point by a series of timeouts for specific " @@ -5899,12 +5915,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:479 +#: sssd-ldap.5.xml:480 msgid "ldap_enumeration_search_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:482 +#: sssd-ldap.5.xml:483 msgid "" "Specifies the timeout (in seconds) that ldap searches for user and group " "enumerations are allowed to run before they are cancelled and cached results " @@ -5912,12 +5928,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:500 +#: sssd-ldap.5.xml:501 msgid "ldap_network_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:503 +#: sssd-ldap.5.xml:504 msgid "" "Specifies the timeout (in seconds) after which the <citerefentry> " "<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/" @@ -5928,12 +5944,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:531 +#: sssd-ldap.5.xml:532 msgid "ldap_opt_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:534 +#: sssd-ldap.5.xml:535 msgid "" "Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs " "will abort if no response is received. Also controls the timeout when " @@ -5942,12 +5958,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:554 +#: sssd-ldap.5.xml:555 msgid "ldap_connection_expire_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:557 +#: sssd-ldap.5.xml:558 msgid "" "Specifies a timeout (in seconds) that a connection to an LDAP server will be " "maintained. After this time, the connection will be re-established. If used " @@ -5956,7 +5972,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:565 +#: sssd-ldap.5.xml:566 msgid "" "If the connection is idle (not actively running an operation) within " "<emphasis>ldap_opt_timeout</emphasis> seconds of expiration, then it will be " @@ -5967,38 +5983,38 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:577 +#: sssd-ldap.5.xml:578 msgid "" "This timeout can be extended of a random value specified by " "<emphasis>ldap_connection_expire_offset</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:587 sssd-ldap.5.xml:630 sssd-ldap.5.xml:1711 +#: sssd-ldap.5.xml:588 sssd-ldap.5.xml:631 sssd-ldap.5.xml:1713 msgid "Default: 900 (15 minutes)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:593 +#: sssd-ldap.5.xml:594 msgid "ldap_connection_expire_offset (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:596 +#: sssd-ldap.5.xml:597 msgid "" "Random offset between 0 and configured value is added to " "<emphasis>ldap_connection_expire_timeout</emphasis>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:612 +#: sssd-ldap.5.xml:613 #, fuzzy #| msgid "reconnection_retries (integer)" msgid "ldap_connection_idle_timeout (integer)" msgstr "reconnection_retries (numeriek)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:615 +#: sssd-ldap.5.xml:616 msgid "" "Specifies a timeout (in seconds) that an idle connection to an LDAP server " "will be maintained. If the connection is idle for more than this time then " @@ -6006,29 +6022,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:621 +#: sssd-ldap.5.xml:622 msgid "You can disable this timeout by setting the value to 0." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:636 +#: sssd-ldap.5.xml:637 msgid "ldap_page_size (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:639 +#: sssd-ldap.5.xml:640 msgid "" "Specify the number of records to retrieve from LDAP in a single request. " "Some LDAP servers enforce a maximum limit per-request." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:650 +#: sssd-ldap.5.xml:651 msgid "ldap_disable_paging (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:653 +#: sssd-ldap.5.xml:654 msgid "" "Disable the LDAP paging control. This option should be used if the LDAP " "server reports that it supports the LDAP paging control in its RootDSE but " @@ -6036,14 +6052,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:659 +#: sssd-ldap.5.xml:660 msgid "" "Example: OpenLDAP servers with the paging control module installed on the " "server but not enabled will report it in the RootDSE but be unable to use it." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:665 +#: sssd-ldap.5.xml:666 msgid "" "Example: 389 DS has a bug where it can only support a one paging control at " "a time on a single connection. On busy clients, this can result in some " @@ -6051,17 +6067,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:677 +#: sssd-ldap.5.xml:678 msgid "ldap_disable_range_retrieval (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:680 +#: sssd-ldap.5.xml:681 msgid "Disable Active Directory range retrieval." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:683 +#: sssd-ldap.5.xml:684 msgid "" "Active Directory limits the number of members to be retrieved in a single " "lookup using the MaxValRange policy (which defaults to 1500 members). If a " @@ -6071,12 +6087,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:698 +#: sssd-ldap.5.xml:699 msgid "ldap_sasl_minssf (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:701 +#: sssd-ldap.5.xml:702 msgid "" "When communicating with an LDAP server using SASL, specify the minimum " "security level necessary to establish the connection. The values of this " @@ -6084,17 +6100,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:707 sssd-ldap.5.xml:723 +#: sssd-ldap.5.xml:708 sssd-ldap.5.xml:724 msgid "Default: Use the system default (usually specified by ldap.conf)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:714 +#: sssd-ldap.5.xml:715 msgid "ldap_sasl_maxssf (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:717 +#: sssd-ldap.5.xml:718 msgid "" "When communicating with an LDAP server using SASL, specify the maximal " "security level necessary to establish the connection. The values of this " @@ -6102,12 +6118,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:730 +#: sssd-ldap.5.xml:731 msgid "ldap_deref_threshold (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:733 +#: sssd-ldap.5.xml:734 msgid "" "Specify the number of group members that must be missing from the internal " "cache in order to trigger a dereference lookup. If less members are missing, " @@ -6115,7 +6131,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:739 +#: sssd-ldap.5.xml:740 msgid "" "You can turn off dereference lookups completely by setting the value to 0. " "Please note that there are some codepaths in SSSD, like the IPA HBAC " @@ -6126,7 +6142,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:750 +#: sssd-ldap.5.xml:751 msgid "" "A dereference lookup is a means of fetching all group members in a single " "LDAP call. Different LDAP servers may implement different dereference " @@ -6135,7 +6151,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:758 +#: sssd-ldap.5.xml:759 msgid "" "<emphasis>Note:</emphasis> If any of the search bases specifies a search " "filter, then the dereference lookup performance enhancement will be disabled " @@ -6143,12 +6159,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:771 +#: sssd-ldap.5.xml:772 msgid "ldap_ignore_unreadable_references (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:774 +#: sssd-ldap.5.xml:775 msgid "" "Ignore unreadable LDAP entries referenced in group's member attribute. If " "this parameter is set to false an error will be returned and the operation " @@ -6156,7 +6172,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:781 +#: sssd-ldap.5.xml:782 msgid "" "This parameter may be useful when using the AD provider and the computer " "account that sssd uses to connect to AD does not have access to a particular " @@ -6164,26 +6180,26 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:794 +#: sssd-ldap.5.xml:795 msgid "ldap_tls_reqcert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:797 +#: sssd-ldap.5.xml:798 msgid "" "Specifies what checks to perform on server certificates in a TLS session, if " "any. It can be specified as one of the following values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:803 +#: sssd-ldap.5.xml:804 msgid "" "<emphasis>never</emphasis> = The client will not request or check any server " "certificate." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:807 +#: sssd-ldap.5.xml:808 msgid "" "<emphasis>allow</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -6191,7 +6207,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:814 +#: sssd-ldap.5.xml:815 msgid "" "<emphasis>try</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -6199,7 +6215,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:820 +#: sssd-ldap.5.xml:821 msgid "" "<emphasis>demand</emphasis> = The server certificate is requested. If no " "certificate is provided, or a bad certificate is provided, the session is " @@ -6207,41 +6223,41 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:826 +#: sssd-ldap.5.xml:827 msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:830 +#: sssd-ldap.5.xml:831 msgid "Default: hard" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:836 +#: sssd-ldap.5.xml:837 msgid "ldap_tls_cacert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:839 +#: sssd-ldap.5.xml:840 msgid "" "Specifies the file that contains certificates for all of the Certificate " "Authorities that <command>sssd</command> will recognize." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:844 sssd-ldap.5.xml:862 sssd-ldap.5.xml:903 +#: sssd-ldap.5.xml:845 sssd-ldap.5.xml:863 sssd-ldap.5.xml:904 msgid "" "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap." "conf</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:851 +#: sssd-ldap.5.xml:852 msgid "ldap_tls_cacertdir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:854 +#: sssd-ldap.5.xml:855 msgid "" "Specifies the path of a directory that contains Certificate Authority " "certificates in separate individual files. Typically the file names need to " @@ -6250,32 +6266,32 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:869 +#: sssd-ldap.5.xml:870 msgid "ldap_tls_cert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:872 +#: sssd-ldap.5.xml:873 msgid "Specifies the file that contains the certificate for the client's key." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:882 +#: sssd-ldap.5.xml:883 msgid "ldap_tls_key (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:885 +#: sssd-ldap.5.xml:886 msgid "Specifies the file that contains the client's key." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:894 +#: sssd-ldap.5.xml:895 msgid "ldap_tls_cipher_suite (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:897 +#: sssd-ldap.5.xml:898 msgid "" "Specifies acceptable cipher suites. Typically this is a colon separated " "list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> " @@ -6283,24 +6299,25 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:910 +#: sssd-ldap.5.xml:911 msgid "ldap_id_use_start_tls (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:913 +#: sssd-ldap.5.xml:914 msgid "" "Specifies that the id_provider connection must also use <systemitem " -"class=\"protocol\">tls</systemitem> to protect the channel." +"class=\"protocol\">tls</systemitem> to protect the channel. <emphasis>true</" +"emphasis> is strongly recommended for security reasons." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:923 +#: sssd-ldap.5.xml:925 msgid "ldap_id_mapping (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:926 +#: sssd-ldap.5.xml:928 msgid "" "Specifies that SSSD should attempt to map user and group IDs from the " "ldap_user_objectsid and ldap_group_objectsid attributes instead of relying " @@ -6308,17 +6325,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:932 +#: sssd-ldap.5.xml:934 msgid "Currently this feature supports only ActiveDirectory objectSID mapping." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:942 +#: sssd-ldap.5.xml:944 msgid "ldap_min_id, ldap_max_id (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:945 +#: sssd-ldap.5.xml:947 msgid "" "In contrast to the SID based ID mapping which is used if ldap_id_mapping is " "set to true the allowed ID range for ldap_user_uid_number and " @@ -6329,24 +6346,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:957 +#: sssd-ldap.5.xml:959 msgid "Default: not set (both options are set to 0)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:963 +#: sssd-ldap.5.xml:965 msgid "ldap_sasl_mech (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:966 +#: sssd-ldap.5.xml:968 msgid "" "Specify the SASL mechanism to use. Currently only GSSAPI and GSS-SPNEGO are " "tested and supported." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:970 +#: sssd-ldap.5.xml:972 msgid "" "If the backend supports sub-domains the value of ldap_sasl_mech is " "automatically inherited to the sub-domains. If a different value is needed " @@ -6357,12 +6374,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:986 +#: sssd-ldap.5.xml:988 msgid "ldap_sasl_authid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd-ldap.5.xml:998 +#: sssd-ldap.5.xml:1000 #, no-wrap msgid "" "hostname@REALM\n" @@ -6375,7 +6392,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:989 +#: sssd-ldap.5.xml:991 msgid "" "Specify the SASL authorization id to use. When GSSAPI/GSS-SPNEGO are used, " "this represents the Kerberos principal used for authentication to the " @@ -6387,17 +6404,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1009 +#: sssd-ldap.5.xml:1011 msgid "Default: host/hostname@REALM" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1015 +#: sssd-ldap.5.xml:1017 msgid "ldap_sasl_realm (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1018 +#: sssd-ldap.5.xml:1020 msgid "" "Specify the SASL realm to use. When not specified, this option defaults to " "the value of krb5_realm. If the ldap_sasl_authid contains the realm as " @@ -6405,49 +6422,49 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1024 +#: sssd-ldap.5.xml:1026 msgid "Default: the value of krb5_realm." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1030 +#: sssd-ldap.5.xml:1032 msgid "ldap_sasl_canonicalize (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1033 +#: sssd-ldap.5.xml:1035 msgid "" "If set to true, the LDAP library would perform a reverse lookup to " "canonicalize the host name during a SASL bind." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1038 +#: sssd-ldap.5.xml:1040 msgid "Default: false;" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1044 +#: sssd-ldap.5.xml:1046 msgid "ldap_krb5_keytab (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1047 +#: sssd-ldap.5.xml:1049 msgid "Specify the keytab to use when using SASL/GSSAPI/GSS-SPNEGO." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1056 sssd-krb5.5.xml:247 +#: sssd-ldap.5.xml:1058 sssd-krb5.5.xml:247 msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1062 +#: sssd-ldap.5.xml:1064 msgid "ldap_krb5_init_creds (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1065 +#: sssd-ldap.5.xml:1067 msgid "" "Specifies that the id_provider should init Kerberos credentials (TGT). This " "action is performed only if SASL is used and the mechanism selected is " @@ -6455,28 +6472,28 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1077 +#: sssd-ldap.5.xml:1079 msgid "ldap_krb5_ticket_lifetime (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1080 +#: sssd-ldap.5.xml:1082 msgid "" "Specifies the lifetime in seconds of the TGT if GSSAPI or GSS-SPNEGO is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1089 sssd-ad.5.xml:1252 +#: sssd-ldap.5.xml:1091 sssd-ad.5.xml:1252 msgid "Default: 86400 (24 hours)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1095 sssd-krb5.5.xml:74 +#: sssd-ldap.5.xml:1097 sssd-krb5.5.xml:74 msgid "krb5_server, krb5_backup_server (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1098 +#: sssd-ldap.5.xml:1100 msgid "" "Specifies the comma-separated list of IP addresses or hostnames of the " "Kerberos servers to which SSSD should connect in the order of preference. " @@ -6488,7 +6505,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1110 sssd-krb5.5.xml:89 +#: sssd-ldap.5.xml:1112 sssd-krb5.5.xml:89 msgid "" "When using service discovery for KDC or kpasswd servers, SSSD first searches " "for DNS entries that specify _udp as the protocol and falls back to _tcp if " @@ -6496,7 +6513,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1115 sssd-krb5.5.xml:94 +#: sssd-ldap.5.xml:1117 sssd-krb5.5.xml:94 msgid "" "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. " "While the legacy name is recognized for the time being, users are advised to " @@ -6504,39 +6521,39 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1124 sssd-ipa.5.xml:526 sssd-krb5.5.xml:103 +#: sssd-ldap.5.xml:1126 sssd-ipa.5.xml:531 sssd-krb5.5.xml:103 msgid "krb5_realm (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1127 +#: sssd-ldap.5.xml:1129 msgid "Specify the Kerberos REALM (for SASL/GSSAPI/GSS-SPNEGO auth)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1131 +#: sssd-ldap.5.xml:1133 msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>" msgstr "" #. type: Content of: <variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1137 include/krb5_options.xml:154 +#: sssd-ldap.5.xml:1139 include/krb5_options.xml:154 msgid "krb5_canonicalize (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1140 +#: sssd-ldap.5.xml:1142 msgid "" "Specifies if the host principal should be canonicalized when connecting to " "LDAP server. This feature is available with MIT Kerberos >= 1.7" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1152 sssd-krb5.5.xml:336 +#: sssd-ldap.5.xml:1154 sssd-krb5.5.xml:336 msgid "krb5_use_kdcinfo (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1155 sssd-krb5.5.xml:339 +#: sssd-ldap.5.xml:1157 sssd-krb5.5.xml:339 msgid "" "Specifies if the SSSD should instruct the Kerberos libraries what realm and " "which KDCs to use. This option is on by default, if you disable it, you need " @@ -6546,7 +6563,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1166 sssd-krb5.5.xml:350 +#: sssd-ldap.5.xml:1168 sssd-krb5.5.xml:350 msgid "" "See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</" "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more " @@ -6554,26 +6571,26 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1180 +#: sssd-ldap.5.xml:1182 msgid "ldap_pwd_policy (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1183 +#: sssd-ldap.5.xml:1185 msgid "" "Select the policy to evaluate the password expiration on the client side. " "The following values are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1188 +#: sssd-ldap.5.xml:1190 msgid "" "<emphasis>none</emphasis> - No evaluation on the client side. This option " "cannot disable server-side password policies." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1193 +#: sssd-ldap.5.xml:1195 msgid "" "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</" "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to " @@ -6582,7 +6599,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1201 +#: sssd-ldap.5.xml:1203 msgid "" "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos " "to determine if the password has expired. Use chpass_provider=krb5 to update " @@ -6590,31 +6607,31 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1210 +#: sssd-ldap.5.xml:1212 msgid "" "<emphasis>Note</emphasis>: if a password policy is configured on server " "side, it always takes precedence over policy set with this option." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1218 +#: sssd-ldap.5.xml:1220 msgid "ldap_referrals (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1221 +#: sssd-ldap.5.xml:1223 msgid "Specifies whether automatic referral chasing should be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1225 +#: sssd-ldap.5.xml:1227 msgid "" "Please note that sssd only supports referral chasing when it is compiled " "with OpenLDAP version 2.4.13 or higher." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1230 +#: sssd-ldap.5.xml:1232 msgid "" "Chasing referrals may incur a performance penalty in environments that use " "them heavily, a notable example is Microsoft Active Directory. If your setup " @@ -6627,51 +6644,51 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1249 +#: sssd-ldap.5.xml:1251 msgid "ldap_dns_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1252 +#: sssd-ldap.5.xml:1254 msgid "Specifies the service name to use when service discovery is enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1256 +#: sssd-ldap.5.xml:1258 msgid "Default: ldap" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1262 +#: sssd-ldap.5.xml:1264 msgid "ldap_chpass_dns_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1265 +#: sssd-ldap.5.xml:1267 msgid "" "Specifies the service name to use to find an LDAP server which allows " "password changes when service discovery is enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1270 +#: sssd-ldap.5.xml:1272 msgid "Default: not set, i.e. service discovery is disabled" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1276 +#: sssd-ldap.5.xml:1278 msgid "ldap_chpass_update_last_change (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1279 +#: sssd-ldap.5.xml:1281 msgid "" "Specifies whether to update the ldap_user_shadow_last_change attribute with " "days since the Epoch after a password change operation." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1285 +#: sssd-ldap.5.xml:1287 msgid "" "It is recommend to set this option explicitly if \"ldap_pwd_policy = " "shadow\" is used to let SSSD know if the LDAP server will update " @@ -6680,12 +6697,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1299 +#: sssd-ldap.5.xml:1301 msgid "ldap_access_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1302 +#: sssd-ldap.5.xml:1304 msgid "" "If using access_provider = ldap and ldap_access_order = filter (default), " "this option is mandatory. It specifies an LDAP search filter criteria that " @@ -6701,12 +6718,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1322 +#: sssd-ldap.5.xml:1324 msgid "Example:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> -#: sssd-ldap.5.xml:1325 +#: sssd-ldap.5.xml:1327 #, no-wrap msgid "" "access_provider = ldap\n" @@ -6715,14 +6732,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1329 +#: sssd-ldap.5.xml:1331 msgid "" "This example means that access to this host is restricted to users whose " "employeeType attribute is set to \"admin\"." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1334 +#: sssd-ldap.5.xml:1336 msgid "" "Offline caching for this feature is limited to determining whether the " "user's last online login was granted access permission. If they were granted " @@ -6731,24 +6748,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1342 sssd-ldap.5.xml:1398 +#: sssd-ldap.5.xml:1344 sssd-ldap.5.xml:1400 msgid "Default: Empty" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1348 +#: sssd-ldap.5.xml:1350 msgid "ldap_account_expire_policy (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1351 +#: sssd-ldap.5.xml:1353 msgid "" "With this option a client side evaluation of access control attributes can " "be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1355 +#: sssd-ldap.5.xml:1357 msgid "" "Please note that it is always recommended to use server side access control, " "i.e. the LDAP server should deny the bind request with a suitable error code " @@ -6756,19 +6773,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1362 +#: sssd-ldap.5.xml:1364 msgid "The following values are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1365 +#: sssd-ldap.5.xml:1367 msgid "" "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to " "determine if the account is expired." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1370 +#: sssd-ldap.5.xml:1372 msgid "" "<emphasis>ad</emphasis>: use the value of the 32bit field " "ldap_user_ad_user_account_control and allow access if the second bit is not " @@ -6777,7 +6794,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1377 +#: sssd-ldap.5.xml:1379 msgid "" "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</" "emphasis>: use the value of ldap_ns_account_lock to check if access is " @@ -6785,7 +6802,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1383 +#: sssd-ldap.5.xml:1385 msgid "" "<emphasis>nds</emphasis>: the values of " "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and " @@ -6794,7 +6811,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1391 +#: sssd-ldap.5.xml:1393 msgid "" "Please note that the ldap_access_order configuration option <emphasis>must</" "emphasis> include <quote>expire</quote> in order for the " @@ -6802,22 +6819,22 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1404 +#: sssd-ldap.5.xml:1406 msgid "ldap_access_order (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1407 sssd-ipa.5.xml:351 +#: sssd-ldap.5.xml:1409 sssd-ipa.5.xml:356 msgid "Comma separated list of access control options. Allowed values are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1411 +#: sssd-ldap.5.xml:1413 msgid "<emphasis>filter</emphasis>: use ldap_access_filter" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1414 +#: sssd-ldap.5.xml:1416 msgid "" "<emphasis>lockout</emphasis>: use account locking. If set, this option " "denies access in case that ldap attribute 'pwdAccountLockedTime' is present " @@ -6827,14 +6844,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1424 +#: sssd-ldap.5.xml:1426 msgid "" "<emphasis> Please note that this option is superseded by the <quote>ppolicy</" "quote> option and might be removed in a future release. </emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1431 +#: sssd-ldap.5.xml:1433 msgid "" "<emphasis>ppolicy</emphasis>: use account locking. If set, this option " "denies access in case that ldap attribute 'pwdAccountLockedTime' is present " @@ -6847,12 +6864,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1448 +#: sssd-ldap.5.xml:1450 msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1452 sssd-ipa.5.xml:359 +#: sssd-ldap.5.xml:1454 sssd-ipa.5.xml:364 msgid "" "<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, " "pwd_expire_policy_renew: </emphasis> These options are useful if users are " @@ -6862,81 +6879,81 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1462 sssd-ipa.5.xml:369 +#: sssd-ldap.5.xml:1464 sssd-ipa.5.xml:374 msgid "" "The difference between these options is the action taken if user password is " "expired:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:1467 sssd-ipa.5.xml:374 +#: sssd-ldap.5.xml:1469 sssd-ipa.5.xml:379 msgid "pwd_expire_policy_reject - user is denied to log in," msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:1473 sssd-ipa.5.xml:380 +#: sssd-ldap.5.xml:1475 sssd-ipa.5.xml:385 msgid "pwd_expire_policy_warn - user is still able to log in," msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:1479 sssd-ipa.5.xml:386 +#: sssd-ldap.5.xml:1481 sssd-ipa.5.xml:391 msgid "" "pwd_expire_policy_renew - user is prompted to change their password " "immediately." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1487 +#: sssd-ldap.5.xml:1489 msgid "" "Please note that 'access_provider = ldap' must be set for this feature to " "work. Also 'ldap_pwd_policy' must be set to an appropriate password policy." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1492 +#: sssd-ldap.5.xml:1494 msgid "" "<emphasis>authorized_service</emphasis>: use the authorizedService attribute " "to determine access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1497 +#: sssd-ldap.5.xml:1499 msgid "<emphasis>host</emphasis>: use the host attribute to determine access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1501 +#: sssd-ldap.5.xml:1503 msgid "" "<emphasis>rhost</emphasis>: use the rhost attribute to determine whether " "remote host can access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1505 +#: sssd-ldap.5.xml:1507 msgid "" "Please note, rhost field in pam is set by application, it is better to check " "what the application sends to pam, before enabling this access control option" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1510 +#: sssd-ldap.5.xml:1512 msgid "Default: filter" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1513 +#: sssd-ldap.5.xml:1515 msgid "" "Please note that it is a configuration error if a value is used more than " "once." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1520 +#: sssd-ldap.5.xml:1522 msgid "ldap_pwdlockout_dn (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1523 +#: sssd-ldap.5.xml:1525 msgid "" "This option specifies the DN of password policy entry on LDAP server. Please " "note that absence of this option in sssd.conf in case of enabled account " @@ -6945,74 +6962,74 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1531 +#: sssd-ldap.5.xml:1533 msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1534 +#: sssd-ldap.5.xml:1536 msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1540 +#: sssd-ldap.5.xml:1542 msgid "ldap_deref (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1543 +#: sssd-ldap.5.xml:1545 msgid "" "Specifies how alias dereferencing is done when performing a search. The " "following options are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1548 +#: sssd-ldap.5.xml:1550 msgid "<emphasis>never</emphasis>: Aliases are never dereferenced." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1552 +#: sssd-ldap.5.xml:1554 msgid "" "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of " "the base object, but not in locating the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1557 +#: sssd-ldap.5.xml:1559 msgid "" "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating " "the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1562 +#: sssd-ldap.5.xml:1564 msgid "" "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and " "in locating the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1567 +#: sssd-ldap.5.xml:1569 msgid "" "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP " "client libraries)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1575 +#: sssd-ldap.5.xml:1577 msgid "ldap_rfc2307_fallback_to_local_users (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1578 +#: sssd-ldap.5.xml:1580 msgid "" "Allows to retain local users as members of an LDAP group for servers that " "use the RFC2307 schema." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1582 +#: sssd-ldap.5.xml:1584 msgid "" "In some environments where the RFC2307 schema is used, local users are made " "members of LDAP groups by adding their names to the memberUid attribute. " @@ -7023,7 +7040,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1593 +#: sssd-ldap.5.xml:1595 msgid "" "This option falls back to checking if local users are referenced, and caches " "them so that later initgroups() calls will augment the local users with the " @@ -7031,55 +7048,55 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1605 sssd-ifp.5.xml:152 +#: sssd-ldap.5.xml:1607 sssd-ifp.5.xml:152 msgid "wildcard_limit (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1608 +#: sssd-ldap.5.xml:1610 msgid "" "Specifies an upper limit on the number of entries that are downloaded during " "a wildcard lookup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1612 +#: sssd-ldap.5.xml:1614 msgid "At the moment, only the InfoPipe responder supports wildcard lookups." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1616 +#: sssd-ldap.5.xml:1618 msgid "Default: 1000 (often the size of one page)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1622 +#: sssd-ldap.5.xml:1624 #, fuzzy #| msgid "debug_level (integer)" msgid "ldap_library_debug_level (integer)" msgstr "debug_level (numeriek)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1625 +#: sssd-ldap.5.xml:1627 msgid "" "Switches on libldap debugging with the given level. The libldap debug " "messages will be written independent of the general debug_level." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1630 +#: sssd-ldap.5.xml:1632 msgid "" "OpenLDAP uses a bitmap to enable debugging for specific components, -1 will " "enable full debug output." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1635 +#: sssd-ldap.5.xml:1637 msgid "Default: 0 (libldap debugging disabled)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:51 +#: sssd-ldap.5.xml:52 msgid "" "All of the common configuration options that apply to SSSD domains also " "apply to LDAP domains. Refer to the <quote>DOMAIN SECTIONS</quote> section " @@ -7091,12 +7108,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1645 +#: sssd-ldap.5.xml:1647 msgid "SUDO OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1647 +#: sssd-ldap.5.xml:1649 msgid "" "The detailed instructions for configuration of sudo_provider are in the " "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " @@ -7104,43 +7121,43 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1658 +#: sssd-ldap.5.xml:1660 msgid "ldap_sudo_full_refresh_interval (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1661 +#: sssd-ldap.5.xml:1663 msgid "" "How many seconds SSSD will wait between executing a full refresh of sudo " "rules (which downloads all rules that are stored on the server)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1666 +#: sssd-ldap.5.xml:1668 msgid "" "The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </" "emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1671 +#: sssd-ldap.5.xml:1673 msgid "" "You can disable full refresh by setting this option to 0. However, either " "smart or full refresh must be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1676 +#: sssd-ldap.5.xml:1678 msgid "Default: 21600 (6 hours)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1682 +#: sssd-ldap.5.xml:1684 msgid "ldap_sudo_smart_refresh_interval (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1685 +#: sssd-ldap.5.xml:1687 msgid "" "How many seconds SSSD has to wait before executing a smart refresh of sudo " "rules (which downloads all rules that have USN higher than the highest " @@ -7148,14 +7165,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1691 +#: sssd-ldap.5.xml:1693 msgid "" "If USN attributes are not supported by the server, the modifyTimestamp " "attribute is used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1695 +#: sssd-ldap.5.xml:1697 msgid "" "<emphasis>Note:</emphasis> the highest USN value can be updated by three " "tasks: 1) By sudo full and smart refresh (if updated rules are found), 2) by " @@ -7165,19 +7182,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1706 +#: sssd-ldap.5.xml:1708 msgid "" "You can disable smart refresh by setting this option to 0. However, either " "smart or full refresh must be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1717 +#: sssd-ldap.5.xml:1719 msgid "ldap_sudo_random_offset (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1720 +#: sssd-ldap.5.xml:1722 msgid "" "Random offset between 0 and configured value is added to smart and full " "refresh periods each time the periodic task is scheduled. The value is in " @@ -7185,7 +7202,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1726 +#: sssd-ldap.5.xml:1728 msgid "" "Note that this random offset is also applied on the first SSSD start which " "delays the first sudo rules refresh. This prolongs the time when the sudo " @@ -7193,106 +7210,106 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1732 +#: sssd-ldap.5.xml:1734 msgid "You can disable this offset by setting the value to 0." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1742 +#: sssd-ldap.5.xml:1744 msgid "ldap_sudo_use_host_filter (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1745 +#: sssd-ldap.5.xml:1747 msgid "" "If true, SSSD will download only rules that are applicable to this machine " "(using the IPv4 or IPv6 host/network addresses and hostnames)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1756 +#: sssd-ldap.5.xml:1758 msgid "ldap_sudo_hostnames (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1759 +#: sssd-ldap.5.xml:1761 msgid "" "Space separated list of hostnames or fully qualified domain names that " "should be used to filter the rules." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1764 +#: sssd-ldap.5.xml:1766 msgid "" "If this option is empty, SSSD will try to discover the hostname and the " "fully qualified domain name automatically." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1769 sssd-ldap.5.xml:1792 sssd-ldap.5.xml:1810 -#: sssd-ldap.5.xml:1828 +#: sssd-ldap.5.xml:1771 sssd-ldap.5.xml:1794 sssd-ldap.5.xml:1812 +#: sssd-ldap.5.xml:1830 msgid "" "If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</" "emphasis> then this option has no effect." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1774 sssd-ldap.5.xml:1797 +#: sssd-ldap.5.xml:1776 sssd-ldap.5.xml:1799 msgid "Default: not specified" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1780 +#: sssd-ldap.5.xml:1782 msgid "ldap_sudo_ip (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1783 +#: sssd-ldap.5.xml:1785 msgid "" "Space separated list of IPv4 or IPv6 host/network addresses that should be " "used to filter the rules." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1788 +#: sssd-ldap.5.xml:1790 msgid "" "If this option is empty, SSSD will try to discover the addresses " "automatically." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1803 +#: sssd-ldap.5.xml:1805 msgid "ldap_sudo_include_netgroups (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1806 +#: sssd-ldap.5.xml:1808 msgid "" "If true then SSSD will download every rule that contains a netgroup in " "sudoHost attribute." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1821 +#: sssd-ldap.5.xml:1823 msgid "ldap_sudo_include_regexp (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1824 +#: sssd-ldap.5.xml:1826 msgid "" "If true then SSSD will download every rule that contains a wildcard in " "sudoHost attribute." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><note><para> -#: sssd-ldap.5.xml:1834 +#: sssd-ldap.5.xml:1836 msgid "" "Using wildcard is an operation that is very costly to evaluate on the LDAP " "server side!" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1846 +#: sssd-ldap.5.xml:1848 msgid "" "This manual page only describes attribute name mapping. For detailed " "explanation of sudo related attribute semantics, see <citerefentry> " @@ -7301,59 +7318,59 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1856 +#: sssd-ldap.5.xml:1858 msgid "AUTOFS OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1858 +#: sssd-ldap.5.xml:1860 msgid "" "Some of the defaults for the parameters below are dependent on the LDAP " "schema." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1864 +#: sssd-ldap.5.xml:1866 msgid "ldap_autofs_map_master_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1867 +#: sssd-ldap.5.xml:1869 msgid "The name of the automount master map in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1870 +#: sssd-ldap.5.xml:1872 msgid "Default: auto.master" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1881 +#: sssd-ldap.5.xml:1883 msgid "ADVANCED OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1888 +#: sssd-ldap.5.xml:1890 msgid "ldap_netgroup_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1893 +#: sssd-ldap.5.xml:1895 msgid "ldap_user_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1898 +#: sssd-ldap.5.xml:1900 msgid "ldap_group_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><note> -#: sssd-ldap.5.xml:1903 +#: sssd-ldap.5.xml:1905 msgid "<note>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para> -#: sssd-ldap.5.xml:1905 +#: sssd-ldap.5.xml:1907 msgid "" "If the option <quote>ldap_use_tokengroups</quote> is enabled, the searches " "against Active Directory will not be restricted and return all groups " @@ -7362,22 +7379,22 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist> -#: sssd-ldap.5.xml:1912 +#: sssd-ldap.5.xml:1914 msgid "</note>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1914 +#: sssd-ldap.5.xml:1916 msgid "ldap_sudo_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1919 +#: sssd-ldap.5.xml:1921 msgid "ldap_autofs_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1883 +#: sssd-ldap.5.xml:1885 msgid "" "These options are supported by LDAP domains, but they should be used with " "caution. Please include them in your configuration only if you know what you " @@ -7386,14 +7403,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1934 sssd-simple.5.xml:131 sssd-ipa.5.xml:925 -#: sssd-ad.5.xml:1386 sssd-krb5.5.xml:483 sss_rpcidmapd.5.xml:98 +#: sssd-ldap.5.xml:1936 sssd-simple.5.xml:131 sssd-ipa.5.xml:930 +#: sssd-ad.5.xml:1391 sssd-krb5.5.xml:483 sss_rpcidmapd.5.xml:98 #: sssd-files.5.xml:155 sssd-session-recording.5.xml:176 msgid "EXAMPLE" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1936 +#: sssd-ldap.5.xml:1938 msgid "" "The following example assumes that SSSD is correctly configured and LDAP is " "set to one of the domains in the <replaceable>[domains]</replaceable> " @@ -7401,7 +7418,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ldap.5.xml:1942 +#: sssd-ldap.5.xml:1944 #, no-wrap msgid "" "[domain/LDAP]\n" @@ -7414,27 +7431,27 @@ msgid "" msgstr "" #. type: Content of: <refsect1><refsect2><para> -#: sssd-ldap.5.xml:1941 sssd-ldap.5.xml:1959 sssd-simple.5.xml:139 -#: sssd-ipa.5.xml:933 sssd-ad.5.xml:1394 sssd-sudo.5.xml:56 sssd-krb5.5.xml:492 +#: sssd-ldap.5.xml:1943 sssd-ldap.5.xml:1961 sssd-simple.5.xml:139 +#: sssd-ipa.5.xml:938 sssd-ad.5.xml:1399 sssd-sudo.5.xml:56 sssd-krb5.5.xml:492 #: sssd-files.5.xml:162 sssd-files.5.xml:173 sssd-session-recording.5.xml:182 #: include/ldap_id_mapping.xml:105 msgid "<placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1953 +#: sssd-ldap.5.xml:1955 msgid "LDAP ACCESS FILTER EXAMPLE" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1955 +#: sssd-ldap.5.xml:1957 msgid "" "The following example assumes that SSSD is correctly configured and to use " "the ldap_access_order=lockout." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ldap.5.xml:1960 +#: sssd-ldap.5.xml:1962 #, no-wrap msgid "" "[domain/LDAP]\n" @@ -7450,13 +7467,13 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1975 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148 -#: sssd-ad.5.xml:1409 sssd.8.xml:238 sss_seed.8.xml:163 +#: sssd-ldap.5.xml:1977 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148 +#: sssd-ad.5.xml:1414 sssd.8.xml:238 sss_seed.8.xml:163 msgid "NOTES" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1977 +#: sssd-ldap.5.xml:1979 msgid "" "The descriptions of some of the configuration options in this manual page " "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> " @@ -9793,12 +9810,12 @@ msgid "Example: dyndns_iface = em1, vnet1, vnet2" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:204 sssd-ad.5.xml:1285 +#: sssd-ipa.5.xml:204 sssd-ad.5.xml:1290 msgid "dyndns_auth (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:207 sssd-ad.5.xml:1288 +#: sssd-ipa.5.xml:207 sssd-ad.5.xml:1293 msgid "" "Whether the nsupdate utility should use GSS-TSIG authentication for secure " "updates with the DNS server, insecure updates can be sent by setting this " @@ -9806,17 +9823,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:213 sssd-ad.5.xml:1294 +#: sssd-ipa.5.xml:213 sssd-ad.5.xml:1299 msgid "Default: GSS-TSIG" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:219 sssd-ad.5.xml:1300 +#: sssd-ipa.5.xml:219 sssd-ad.5.xml:1305 msgid "dyndns_auth_ptr (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:222 sssd-ad.5.xml:1303 +#: sssd-ipa.5.xml:222 sssd-ad.5.xml:1308 msgid "" "Whether the nsupdate utility should use GSS-TSIG authentication for secure " "PTR updates with the DNS server, insecure updates can be sent by setting " @@ -9824,7 +9841,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:228 sssd-ad.5.xml:1309 +#: sssd-ipa.5.xml:228 sssd-ad.5.xml:1314 msgid "Default: Same as dyndns_auth" msgstr "" @@ -9883,65 +9900,72 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:290 +#: sssd-ipa.5.xml:290 sssd-ad.5.xml:1266 +msgid "" +"Note that <emphasis>dyndns_update_per_family</emphasis> parameter does not " +"apply for PTR record updates. Those updates are always sent separately." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:295 msgid "Default: False (disabled)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:296 sssd-ad.5.xml:1272 +#: sssd-ipa.5.xml:301 sssd-ad.5.xml:1277 msgid "dyndns_force_tcp (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:299 sssd-ad.5.xml:1275 +#: sssd-ipa.5.xml:304 sssd-ad.5.xml:1280 msgid "" "Whether the nsupdate utility should default to using TCP for communicating " "with the DNS server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:303 sssd-ad.5.xml:1279 +#: sssd-ipa.5.xml:308 sssd-ad.5.xml:1284 msgid "Default: False (let nsupdate choose the protocol)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:309 sssd-ad.5.xml:1315 +#: sssd-ipa.5.xml:314 sssd-ad.5.xml:1320 msgid "dyndns_server (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:312 sssd-ad.5.xml:1318 +#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1323 msgid "" "The DNS server to use when performing a DNS update. In most setups, it's " "recommended to leave this option unset." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1323 +#: sssd-ipa.5.xml:322 sssd-ad.5.xml:1328 msgid "" "Setting this option makes sense for environments where the DNS server is " "different from the identity server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:322 sssd-ad.5.xml:1328 +#: sssd-ipa.5.xml:327 sssd-ad.5.xml:1333 msgid "" "Please note that this option will be only used in fallback attempt when " "previous attempt using autodetected settings failed." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:327 sssd-ad.5.xml:1333 +#: sssd-ipa.5.xml:332 sssd-ad.5.xml:1338 msgid "Default: None (let nsupdate choose the server)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:333 sssd-ad.5.xml:1339 +#: sssd-ipa.5.xml:338 sssd-ad.5.xml:1344 msgid "dyndns_update_per_family (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:336 sssd-ad.5.xml:1342 +#: sssd-ipa.5.xml:341 sssd-ad.5.xml:1347 msgid "" "DNS update is by default performed in two steps - IPv4 update and then IPv6 " "update. In some cases it might be desirable to perform IPv4 and IPv6 update " @@ -9949,179 +9973,179 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:348 +#: sssd-ipa.5.xml:353 #, fuzzy #| msgid "re_expression (string)" msgid "ipa_access_order (string)" msgstr "re_expression (tekst)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:355 +#: sssd-ipa.5.xml:360 msgid "<emphasis>expire</emphasis>: use IPA's account expiration policy." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:394 +#: sssd-ipa.5.xml:399 msgid "" "Please note that 'access_provider = ipa' must be set for this feature to " "work." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:401 +#: sssd-ipa.5.xml:406 msgid "ipa_deskprofile_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:404 +#: sssd-ipa.5.xml:409 msgid "" "Optional. Use the given string as search base for Desktop Profile related " "objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:408 sssd-ipa.5.xml:435 +#: sssd-ipa.5.xml:413 sssd-ipa.5.xml:440 msgid "Default: Use base DN" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:414 +#: sssd-ipa.5.xml:419 msgid "ipa_subid_ranges_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:417 +#: sssd-ipa.5.xml:422 msgid "" "Optional. Use the given string as search base for subordinate ranges related " "objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:421 +#: sssd-ipa.5.xml:426 msgid "Default: the value of <emphasis>cn=subids,%basedn</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:428 +#: sssd-ipa.5.xml:433 msgid "ipa_hbac_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:431 +#: sssd-ipa.5.xml:436 msgid "Optional. Use the given string as search base for HBAC related objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:441 +#: sssd-ipa.5.xml:446 msgid "ipa_host_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:444 +#: sssd-ipa.5.xml:449 msgid "Deprecated. Use ldap_host_search_base instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:450 +#: sssd-ipa.5.xml:455 msgid "ipa_selinux_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:453 +#: sssd-ipa.5.xml:458 msgid "Optional. Use the given string as search base for SELinux user maps." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:469 +#: sssd-ipa.5.xml:474 msgid "ipa_subdomains_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:472 +#: sssd-ipa.5.xml:477 msgid "Optional. Use the given string as search base for trusted domains." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:481 +#: sssd-ipa.5.xml:486 msgid "Default: the value of <emphasis>cn=trusts,%basedn</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:488 +#: sssd-ipa.5.xml:493 msgid "ipa_master_domain_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:491 +#: sssd-ipa.5.xml:496 msgid "Optional. Use the given string as search base for master domain object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:500 +#: sssd-ipa.5.xml:505 msgid "Default: the value of <emphasis>cn=ad,cn=etc,%basedn</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:507 +#: sssd-ipa.5.xml:512 msgid "ipa_views_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:510 +#: sssd-ipa.5.xml:515 msgid "Optional. Use the given string as search base for views containers." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:519 +#: sssd-ipa.5.xml:524 msgid "Default: the value of <emphasis>cn=views,cn=accounts,%basedn</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:529 +#: sssd-ipa.5.xml:534 msgid "" "The name of the Kerberos realm. This is optional and defaults to the value " "of <quote>ipa_domain</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:533 +#: sssd-ipa.5.xml:538 msgid "" "The name of the Kerberos realm has a special meaning in IPA - it is " "converted into the base DN to use for performing LDAP operations." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:541 sssd-ad.5.xml:1357 +#: sssd-ipa.5.xml:546 sssd-ad.5.xml:1362 msgid "krb5_confd_path (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:544 sssd-ad.5.xml:1360 +#: sssd-ipa.5.xml:549 sssd-ad.5.xml:1365 msgid "" "Absolute path of a directory where SSSD should place Kerberos configuration " "snippets." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:548 sssd-ad.5.xml:1364 +#: sssd-ipa.5.xml:553 sssd-ad.5.xml:1369 msgid "" "To disable the creation of the configuration snippets set the parameter to " "'none'." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:552 sssd-ad.5.xml:1368 +#: sssd-ipa.5.xml:557 sssd-ad.5.xml:1373 msgid "" "Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:559 +#: sssd-ipa.5.xml:564 msgid "ipa_deskprofile_refresh (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:562 +#: sssd-ipa.5.xml:567 msgid "" "The amount of time between lookups of the Desktop Profile rules against the " "IPA server. This will reduce the latency and load on the IPA server if there " @@ -10129,34 +10153,34 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:569 sssd-ipa.5.xml:599 sssd-ipa.5.xml:615 sssd-ad.5.xml:599 +#: sssd-ipa.5.xml:574 sssd-ipa.5.xml:604 sssd-ipa.5.xml:620 sssd-ad.5.xml:599 msgid "Default: 5 (seconds)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:575 +#: sssd-ipa.5.xml:580 msgid "ipa_deskprofile_request_interval (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:578 +#: sssd-ipa.5.xml:583 msgid "" "The amount of time between lookups of the Desktop Profile rules against the " "IPA server in case the last request did not return any rule." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:583 +#: sssd-ipa.5.xml:588 msgid "Default: 60 (minutes)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:589 +#: sssd-ipa.5.xml:594 msgid "ipa_hbac_refresh (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:592 +#: sssd-ipa.5.xml:597 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server. " "This will reduce the latency and load on the IPA server if there are many " @@ -10164,12 +10188,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:605 +#: sssd-ipa.5.xml:610 msgid "ipa_hbac_selinux (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:608 +#: sssd-ipa.5.xml:613 msgid "" "The amount of time between lookups of the SELinux maps against the IPA " "server. This will reduce the latency and load on the IPA server if there are " @@ -10177,33 +10201,33 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:621 +#: sssd-ipa.5.xml:626 msgid "ipa_server_mode (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:624 +#: sssd-ipa.5.xml:629 msgid "" "This option will be set by the IPA installer (ipa-server-install) " "automatically and denotes if SSSD is running on an IPA server or not." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:629 +#: sssd-ipa.5.xml:634 msgid "" "On an IPA server SSSD will lookup users and groups from trusted domains " "directly while on a client it will ask an IPA server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:634 +#: sssd-ipa.5.xml:639 msgid "" "NOTE: There are currently some assumptions that must be met when SSSD is " "running on an IPA server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:639 +#: sssd-ipa.5.xml:644 msgid "" "The <quote>ipa_server</quote> option must be configured to point to the IPA " "server itself. This is already the default set by the IPA installer, so no " @@ -10211,59 +10235,59 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:648 +#: sssd-ipa.5.xml:653 msgid "" "The <quote>full_name_format</quote> option must not be tweaked to only print " "short names for users from trusted domains." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:663 +#: sssd-ipa.5.xml:668 msgid "ipa_automount_location (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:666 +#: sssd-ipa.5.xml:671 msgid "The automounter location this IPA client will be using" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:669 +#: sssd-ipa.5.xml:674 msgid "Default: The location named \"default\"" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd-ipa.5.xml:677 +#: sssd-ipa.5.xml:682 msgid "VIEWS AND OVERRIDES" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:686 +#: sssd-ipa.5.xml:691 msgid "ipa_view_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:689 +#: sssd-ipa.5.xml:694 msgid "Objectclass of the view container." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:692 +#: sssd-ipa.5.xml:697 msgid "Default: nsContainer" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:698 +#: sssd-ipa.5.xml:703 msgid "ipa_view_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:701 +#: sssd-ipa.5.xml:706 msgid "Name of the attribute holding the name of the view." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:705 sssd-ldap-attributes.5.xml:496 +#: sssd-ipa.5.xml:710 sssd-ldap-attributes.5.xml:496 #: sssd-ldap-attributes.5.xml:830 sssd-ldap-attributes.5.xml:911 #: sssd-ldap-attributes.5.xml:1008 sssd-ldap-attributes.5.xml:1066 #: sssd-ldap-attributes.5.xml:1224 sssd-ldap-attributes.5.xml:1269 @@ -10271,128 +10295,128 @@ msgid "Default: cn" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:711 +#: sssd-ipa.5.xml:716 msgid "ipa_override_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:714 +#: sssd-ipa.5.xml:719 msgid "Objectclass of the override objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:717 +#: sssd-ipa.5.xml:722 msgid "Default: ipaOverrideAnchor" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:723 +#: sssd-ipa.5.xml:728 msgid "ipa_anchor_uuid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:726 +#: sssd-ipa.5.xml:731 msgid "" "Name of the attribute containing the reference to the original object in a " "remote domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:730 +#: sssd-ipa.5.xml:735 msgid "Default: ipaAnchorUUID" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:736 +#: sssd-ipa.5.xml:741 msgid "ipa_user_override_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:739 +#: sssd-ipa.5.xml:744 msgid "" "Name of the objectclass for user overrides. It is used to determine if the " "found override object is related to a user or a group." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:744 +#: sssd-ipa.5.xml:749 msgid "User overrides can contain attributes given by" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:747 +#: sssd-ipa.5.xml:752 msgid "ldap_user_name" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:750 +#: sssd-ipa.5.xml:755 msgid "ldap_user_uid_number" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:753 +#: sssd-ipa.5.xml:758 msgid "ldap_user_gid_number" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:756 +#: sssd-ipa.5.xml:761 msgid "ldap_user_gecos" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:759 +#: sssd-ipa.5.xml:764 msgid "ldap_user_home_directory" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:762 +#: sssd-ipa.5.xml:767 msgid "ldap_user_shell" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:765 +#: sssd-ipa.5.xml:770 msgid "ldap_user_ssh_public_key" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:770 +#: sssd-ipa.5.xml:775 msgid "Default: ipaUserOverride" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:776 +#: sssd-ipa.5.xml:781 msgid "ipa_group_override_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:779 +#: sssd-ipa.5.xml:784 msgid "" "Name of the objectclass for group overrides. It is used to determine if the " "found override object is related to a user or a group." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:784 +#: sssd-ipa.5.xml:789 msgid "Group overrides can contain attributes given by" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:787 +#: sssd-ipa.5.xml:792 msgid "ldap_group_name" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:790 +#: sssd-ipa.5.xml:795 msgid "ldap_group_gid_number" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:795 +#: sssd-ipa.5.xml:800 msgid "Default: ipaGroupOverride" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd-ipa.5.xml:679 +#: sssd-ipa.5.xml:684 msgid "" "SSSD can handle views and overrides which are offered by FreeIPA 4.1 and " "later version. Since all paths and objectclasses are fixed on the server " @@ -10402,19 +10426,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ipa.5.xml:807 +#: sssd-ipa.5.xml:812 msgid "SUBDOMAINS PROVIDER" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:809 +#: sssd-ipa.5.xml:814 msgid "" "The IPA subdomains provider behaves slightly differently if it is configured " "explicitly or implicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:813 +#: sssd-ipa.5.xml:818 msgid "" "If the option 'subdomains_provider = ipa' is found in the domain section of " "sssd.conf, the IPA subdomains provider is configured explicitly, and all " @@ -10422,7 +10446,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:819 +#: sssd-ipa.5.xml:824 msgid "" "If the option 'subdomains_provider' is not set in the domain section of sssd." "conf but there is the option 'id_provider = ipa', the IPA subdomains " @@ -10434,12 +10458,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ipa.5.xml:830 +#: sssd-ipa.5.xml:835 msgid "TRUSTED DOMAINS CONFIGURATION" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ipa.5.xml:838 +#: sssd-ipa.5.xml:843 #, no-wrap msgid "" "[domain/ipa.domain.com/ad.domain.com]\n" @@ -10447,7 +10471,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:832 +#: sssd-ipa.5.xml:837 msgid "" "Some configuration options can also be set for a trusted domain. A trusted " "domain configuration can be set using the trusted domain subsection as shown " @@ -10457,80 +10481,80 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:843 +#: sssd-ipa.5.xml:848 msgid "" "For more details, see the <citerefentry> <refentrytitle>sssd.conf</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:850 +#: sssd-ipa.5.xml:855 msgid "" "Different configuration options are tunable for a trusted domain depending " "on whether you are configuring SSSD on an IPA server or an IPA client." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd-ipa.5.xml:855 +#: sssd-ipa.5.xml:860 msgid "OPTIONS TUNABLE ON IPA MASTERS" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd-ipa.5.xml:857 +#: sssd-ipa.5.xml:862 msgid "" "The following options can be set in a subdomain section on an IPA master:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:861 sssd-ipa.5.xml:891 +#: sssd-ipa.5.xml:866 sssd-ipa.5.xml:896 msgid "ad_server" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:864 +#: sssd-ipa.5.xml:869 msgid "ad_backup_server" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:867 sssd-ipa.5.xml:894 +#: sssd-ipa.5.xml:872 sssd-ipa.5.xml:899 msgid "ad_site" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:870 +#: sssd-ipa.5.xml:875 msgid "ldap_search_base" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:873 +#: sssd-ipa.5.xml:878 msgid "ldap_user_search_base" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:876 +#: sssd-ipa.5.xml:881 msgid "ldap_group_search_base" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd-ipa.5.xml:885 +#: sssd-ipa.5.xml:890 msgid "OPTIONS TUNABLE ON IPA CLIENTS" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd-ipa.5.xml:887 +#: sssd-ipa.5.xml:892 msgid "" "The following options can be set in a subdomain section on an IPA client:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd-ipa.5.xml:899 +#: sssd-ipa.5.xml:904 msgid "" "Note that if both options are set, only <quote>ad_server</quote> is " "evaluated." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd-ipa.5.xml:903 +#: sssd-ipa.5.xml:908 msgid "" "Since any request for a user or a group identity from a trusted domain " "triggered from an IPA client is resolved by the IPA server, the " @@ -10544,7 +10568,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:927 +#: sssd-ipa.5.xml:932 msgid "" "The following example assumes that SSSD is correctly configured and example." "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " @@ -10552,7 +10576,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ipa.5.xml:934 +#: sssd-ipa.5.xml:939 #, no-wrap msgid "" "[domain/example.com]\n" @@ -11746,7 +11770,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ad.5.xml:1388 +#: sssd-ad.5.xml:1393 msgid "" "The following example assumes that SSSD is correctly configured and example." "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " @@ -11754,7 +11778,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ad.5.xml:1395 +#: sssd-ad.5.xml:1400 #, no-wrap msgid "" "[domain/EXAMPLE]\n" @@ -11769,7 +11793,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ad.5.xml:1415 +#: sssd-ad.5.xml:1420 #, no-wrap msgid "" "access_provider = ldap\n" @@ -11778,7 +11802,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ad.5.xml:1411 +#: sssd-ad.5.xml:1416 msgid "" "The AD access control provider checks if the account is expired. It has the " "same effect as the following configuration of the LDAP provider: " @@ -11786,7 +11810,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ad.5.xml:1421 +#: sssd-ad.5.xml:1426 msgid "" "However, unless the <quote>ad</quote> access control provider is explicitly " "configured, the default access provider is <quote>permit</quote>. Please " @@ -11796,7 +11820,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ad.5.xml:1429 +#: sssd-ad.5.xml:1434 msgid "" "When the autofs provider is set to <quote>ad</quote>, the RFC2307 schema " "attribute mapping (nisMap, nisObject, ...) is used, because these attributes " diff --git a/src/man/po/pt.po b/src/man/po/pt.po index 877b2839667..f64447b3ef8 100644 --- a/src/man/po/pt.po +++ b/src/man/po/pt.po @@ -8,7 +8,7 @@ msgid "" msgstr "" "Project-Id-Version: sssd-docs 2.3.0\n" "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" -"POT-Creation-Date: 2023-09-07 11:47+0200\n" +"POT-Creation-Date: 2023-11-13 11:53+0100\n" "PO-Revision-Date: 2014-12-15 12:05-0500\n" "Last-Translator: Copied by Zanata <copied-by-zanata@zanata.org>\n" "Language-Team: Portuguese (http://www.transifex.com/projects/p/sssd/language/" @@ -212,10 +212,10 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:136 sssd.conf.5.xml:173 sssd.conf.5.xml:358 #: sssd.conf.5.xml:714 sssd.conf.5.xml:729 sssd.conf.5.xml:952 -#: sssd.conf.5.xml:1070 sssd.conf.5.xml:2198 sssd-ldap.5.xml:1071 -#: sssd-ldap.5.xml:1174 sssd-ldap.5.xml:1243 sssd-ldap.5.xml:1750 -#: sssd-ldap.5.xml:1815 sssd-ipa.5.xml:342 sssd-ad.5.xml:252 sssd-ad.5.xml:366 -#: sssd-ad.5.xml:1200 sssd-ad.5.xml:1348 sssd-krb5.5.xml:358 +#: sssd.conf.5.xml:1070 sssd.conf.5.xml:2198 sssd-ldap.5.xml:1073 +#: sssd-ldap.5.xml:1176 sssd-ldap.5.xml:1245 sssd-ldap.5.xml:1752 +#: sssd-ldap.5.xml:1817 sssd-ipa.5.xml:347 sssd-ad.5.xml:252 sssd-ad.5.xml:366 +#: sssd-ad.5.xml:1200 sssd-ad.5.xml:1353 sssd-krb5.5.xml:358 msgid "Default: true" msgstr "" @@ -233,10 +233,10 @@ msgstr "" #. type: Content of: <variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:149 sssd.conf.5.xml:652 sssd.conf.5.xml:949 -#: sssd.conf.5.xml:2101 sssd.conf.5.xml:2168 sssd.conf.5.xml:4174 -#: sssd-ldap.5.xml:312 sssd-ldap.5.xml:917 sssd-ldap.5.xml:936 -#: sssd-ldap.5.xml:1146 sssd-ldap.5.xml:1599 sssd-ldap.5.xml:1839 -#: sssd-ipa.5.xml:152 sssd-ipa.5.xml:254 sssd-ipa.5.xml:657 sssd-ad.5.xml:1106 +#: sssd.conf.5.xml:2101 sssd.conf.5.xml:2168 sssd.conf.5.xml:4191 +#: sssd-ldap.5.xml:313 sssd-ldap.5.xml:919 sssd-ldap.5.xml:938 +#: sssd-ldap.5.xml:1148 sssd-ldap.5.xml:1601 sssd-ldap.5.xml:1841 +#: sssd-ipa.5.xml:152 sssd-ipa.5.xml:254 sssd-ipa.5.xml:662 sssd-ad.5.xml:1106 #: sssd-krb5.5.xml:268 sssd-krb5.5.xml:330 sssd-krb5.5.xml:432 #: include/krb5_options.xml:163 msgid "Default: false" @@ -272,8 +272,8 @@ msgid "" msgstr "" #. type: Content of: outside any tag (error?) -#: sssd.conf.5.xml:109 sssd.conf.5.xml:184 sssd-ldap.5.xml:1656 -#: sssd-ldap.5.xml:1862 sss-certmap.5.xml:645 sssd-systemtap.5.xml:82 +#: sssd.conf.5.xml:109 sssd.conf.5.xml:184 sssd-ldap.5.xml:1658 +#: sssd-ldap.5.xml:1864 sss-certmap.5.xml:645 sssd-systemtap.5.xml:82 #: sssd-systemtap.5.xml:143 sssd-systemtap.5.xml:236 sssd-systemtap.5.xml:274 #: sssd-systemtap.5.xml:330 sssd-ldap-attributes.5.xml:40 #: sssd-ldap-attributes.5.xml:659 sssd-ldap-attributes.5.xml:801 @@ -304,7 +304,7 @@ msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:196 sssd.conf.5.xml:1290 sssd.conf.5.xml:1767 -#: sssd.conf.5.xml:4190 sssd-ldap.5.xml:765 include/ldap_id_mapping.xml:270 +#: sssd.conf.5.xml:4207 sssd-ldap.5.xml:766 include/ldap_id_mapping.xml:270 msgid "Default: 10" msgstr "Padrão: 10" @@ -384,7 +384,7 @@ msgstr "" "falha do provedor de dados ou reiniciar antes de eles desistirem" #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:266 sssd.conf.5.xml:792 sssd.conf.5.xml:3709 +#: sssd.conf.5.xml:266 sssd.conf.5.xml:792 sssd.conf.5.xml:3716 #: include/failover.xml:100 msgid "Default: 3" msgstr "Padrão: 3" @@ -406,7 +406,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:287 sssd.conf.5.xml:3541 +#: sssd.conf.5.xml:287 sssd.conf.5.xml:3548 msgid "re_expression (string)" msgstr "re_expression (string)" @@ -426,12 +426,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:304 sssd.conf.5.xml:3598 +#: sssd.conf.5.xml:304 sssd.conf.5.xml:3605 msgid "full_name_format (string)" msgstr "full_name_format (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:307 sssd.conf.5.xml:3601 +#: sssd.conf.5.xml:307 sssd.conf.5.xml:3608 msgid "" "A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</" "manvolnum> </citerefentry>-compatible format that describes how to compose a " @@ -439,39 +439,39 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:318 sssd.conf.5.xml:3612 +#: sssd.conf.5.xml:318 sssd.conf.5.xml:3619 msgid "%1$s" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:319 sssd.conf.5.xml:3613 +#: sssd.conf.5.xml:319 sssd.conf.5.xml:3620 msgid "user name" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:322 sssd.conf.5.xml:3616 +#: sssd.conf.5.xml:322 sssd.conf.5.xml:3623 msgid "%2$s" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:325 sssd.conf.5.xml:3619 +#: sssd.conf.5.xml:325 sssd.conf.5.xml:3626 msgid "domain name as specified in the SSSD config file." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:331 sssd.conf.5.xml:3625 +#: sssd.conf.5.xml:331 sssd.conf.5.xml:3632 msgid "%3$s" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:334 sssd.conf.5.xml:3628 +#: sssd.conf.5.xml:334 sssd.conf.5.xml:3635 msgid "" "domain flat name. Mostly usable for Active Directory domains, both directly " "configured or discovered via IPA trusts." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:315 sssd.conf.5.xml:3609 +#: sssd.conf.5.xml:315 sssd.conf.5.xml:3616 msgid "" "The following expansions are supported: <placeholder type=\"variablelist\" " "id=\"0\"/>" @@ -614,8 +614,8 @@ msgid "" msgstr "" #. type: Content of: <variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:468 sssd-ldap.5.xml:876 sssd-ldap.5.xml:888 -#: sssd-ldap.5.xml:980 sssd-ad.5.xml:920 sssd-ad.5.xml:995 sssd-krb5.5.xml:468 +#: sssd.conf.5.xml:468 sssd-ldap.5.xml:877 sssd-ldap.5.xml:889 +#: sssd-ldap.5.xml:982 sssd-ad.5.xml:920 sssd-ad.5.xml:995 sssd-krb5.5.xml:468 #: sssd-ldap-attributes.5.xml:470 sssd-ldap-attributes.5.xml:976 #: include/ldap_id_mapping.xml:211 include/ldap_id_mapping.xml:222 #: include/krb5_options.xml:148 @@ -885,7 +885,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:700 sssd.conf.5.xml:1791 sssd.conf.5.xml:4240 +#: sssd.conf.5.xml:700 sssd.conf.5.xml:1791 sssd.conf.5.xml:4257 #: sssd-ad.5.xml:187 sssd-ad.5.xml:327 sssd-ad.5.xml:341 msgid "Default: Not set" msgstr "" @@ -1074,7 +1074,7 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:858 sssd.conf.5.xml:1201 sssd.conf.5.xml:1584 -#: sssd.conf.5.xml:1880 sssd-ldap.5.xml:494 +#: sssd.conf.5.xml:1880 sssd-ldap.5.xml:495 msgid "Default: 60" msgstr "Padrão: 60" @@ -1184,7 +1184,7 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:937 sssd.conf.5.xml:1214 sssd.conf.5.xml:2322 -#: sssd-ldap.5.xml:331 +#: sssd-ldap.5.xml:332 msgid "Default: 300" msgstr "Padrão: 300" @@ -1557,7 +1557,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1240 sssd.conf.5.xml:2964 sssd-ldap.5.xml:548 +#: sssd.conf.5.xml:1240 sssd.conf.5.xml:2971 sssd-ldap.5.xml:549 msgid "Default: 8" msgstr "" @@ -1585,8 +1585,8 @@ msgid "" msgstr "" #. type: Content of: <variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1265 sssd.conf.5.xml:1317 sssd.conf.5.xml:3730 -#: sssd-ldap.5.xml:473 sssd-ldap.5.xml:525 include/failover.xml:116 +#: sssd.conf.5.xml:1265 sssd.conf.5.xml:1317 sssd.conf.5.xml:3737 +#: sssd-ldap.5.xml:474 sssd-ldap.5.xml:526 include/failover.xml:116 #: include/krb5_options.xml:11 msgid "Default: 6" msgstr "Padrão: 6" @@ -1903,7 +1903,7 @@ msgid "pam_pwd_expiration_warning (integer)" msgstr "pam_pwd_expiration_warning (integer)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1553 sssd.conf.5.xml:2988 +#: sssd.conf.5.xml:1553 sssd.conf.5.xml:2995 msgid "Display a warning N days before the password expires." msgstr "" @@ -1916,7 +1916,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1562 sssd.conf.5.xml:2991 +#: sssd.conf.5.xml:1562 sssd.conf.5.xml:2998 msgid "" "If zero is set, then this filter is not applied, i.e. if the expiration " "warning was received from backend server, it will automatically be displayed." @@ -1930,7 +1930,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1572 sssd.conf.5.xml:3977 sssd-ldap.5.xml:606 sssd.8.xml:79 +#: sssd.conf.5.xml:1572 sssd.conf.5.xml:3984 sssd-ldap.5.xml:607 sssd.8.xml:79 msgid "Default: 0" msgstr "" @@ -1993,8 +1993,8 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1632 sssd.conf.5.xml:1657 sssd.conf.5.xml:1676 -#: sssd.conf.5.xml:1913 sssd.conf.5.xml:2733 sssd.conf.5.xml:3906 -#: sssd-ldap.5.xml:1207 +#: sssd.conf.5.xml:1913 sssd.conf.5.xml:2733 sssd.conf.5.xml:3913 +#: sssd-ldap.5.xml:1209 msgid "Default: none" msgstr "Padrão: none" @@ -2057,8 +2057,8 @@ msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1687 sssd.conf.5.xml:1698 sssd.conf.5.xml:1712 -#: sssd-ldap.5.xml:671 sssd-ldap.5.xml:692 sssd-ldap.5.xml:788 -#: sssd-ldap.5.xml:1293 sssd-ad.5.xml:505 sssd-ad.5.xml:581 sssd-ad.5.xml:1126 +#: sssd-ldap.5.xml:672 sssd-ldap.5.xml:693 sssd-ldap.5.xml:789 +#: sssd-ldap.5.xml:1295 sssd-ad.5.xml:505 sssd-ad.5.xml:581 sssd-ad.5.xml:1126 #: sssd-ad.5.xml:1175 include/ldap_id_mapping.xml:250 msgid "Default: False" msgstr "" @@ -2097,7 +2097,7 @@ msgid "The path to the certificate database." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1723 sssd.conf.5.xml:2248 sssd.conf.5.xml:4354 +#: sssd.conf.5.xml:1723 sssd.conf.5.xml:2248 sssd.conf.5.xml:4371 msgid "Default:" msgstr "" @@ -2367,7 +2367,7 @@ msgid "Default: no_session" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1950 sssd.conf.5.xml:4293 +#: sssd.conf.5.xml:1950 sssd.conf.5.xml:4310 msgid "pam_gssapi_services" msgstr "" @@ -2401,7 +2401,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1968 sssd.conf.5.xml:3900 +#: sssd.conf.5.xml:1968 sssd.conf.5.xml:3907 msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" @@ -2411,7 +2411,7 @@ msgid "Default: - (GSSAPI authentication is disabled)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1979 sssd.conf.5.xml:4294 +#: sssd.conf.5.xml:1979 sssd.conf.5.xml:4311 msgid "pam_gssapi_check_upn" msgstr "" @@ -2431,7 +2431,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1999 sssd-ad.5.xml:1266 sss_rpcidmapd.5.xml:76 +#: sssd.conf.5.xml:1999 sssd-ad.5.xml:1271 sss_rpcidmapd.5.xml:76 #: sssd-files.5.xml:145 msgid "Default: True" msgstr "Padrão: TRUE" @@ -3200,7 +3200,7 @@ msgid "FALSE = No enumerations for this domain" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2669 sssd.conf.5.xml:2943 sssd.conf.5.xml:3120 +#: sssd.conf.5.xml:2669 sssd.conf.5.xml:2950 sssd.conf.5.xml:3127 msgid "Default: FALSE" msgstr "Padrão: FALSE" @@ -3469,7 +3469,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2922 sssd-ldap.5.xml:360 sssd-ldap.5.xml:1736 +#: sssd.conf.5.xml:2922 sssd-ldap.5.xml:361 sssd-ldap.5.xml:1738 #: sssd-ipa.5.xml:270 msgid "Default: 0 (disabled)" msgstr "" @@ -3481,11 +3481,17 @@ msgstr "cache_credentials (bool)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:2931 -msgid "Determines if user credentials are also cached in the local LDB cache." +msgid "" +"Determines if user credentials are also cached in the local LDB cache. The " +"cached credentials refer to passwords, which includes the first (long term) " +"factor of two-factor authentication, not other authentication mechanisms. " +"Passkey and Smartcard authentications are expected to work offline as long " +"as a successful online authentication is recorded in the cache without " +"additional configuration." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2935 +#: sssd.conf.5.xml:2942 msgid "" "Take a note that while credentials are stored as a salted SHA512 hash, this " "still potentially poses some security risk in case an attacker manages to " @@ -3494,12 +3500,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2949 +#: sssd.conf.5.xml:2956 msgid "cache_credentials_minimal_first_factor_length (int)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2952 +#: sssd.conf.5.xml:2959 msgid "" "If 2-Factor-Authentication (2FA) is used and credentials should be saved " "this value determines the minimal length the first authentication factor " @@ -3507,19 +3513,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2959 +#: sssd.conf.5.xml:2966 msgid "" "This should avoid that the short PINs of a PIN based 2FA scheme are saved in " "the cache which would make them easy targets for brute-force attacks." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2970 +#: sssd.conf.5.xml:2977 msgid "account_cache_expiration (integer)" msgstr "account_cache_expiration (integer)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2973 +#: sssd.conf.5.xml:2980 msgid "" "Number of days entries are left in cache after last successful login before " "being removed during a cleanup of the cache. 0 means keep forever. The " @@ -3528,17 +3534,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2980 +#: sssd.conf.5.xml:2987 msgid "Default: 0 (unlimited)" msgstr "Padrão: 0 (ilimitado)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2985 +#: sssd.conf.5.xml:2992 msgid "pwd_expiration_warning (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2996 +#: sssd.conf.5.xml:3003 msgid "" "Please note that the backend server has to provide information about the " "expiration time of the password. If this information is missing, sssd " @@ -3547,28 +3553,28 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3003 +#: sssd.conf.5.xml:3010 msgid "Default: 7 (Kerberos), 0 (LDAP)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3009 +#: sssd.conf.5.xml:3016 msgid "id_provider (string)" msgstr "id_provider (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3012 +#: sssd.conf.5.xml:3019 msgid "" "The identification provider used for the domain. Supported ID providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3016 +#: sssd.conf.5.xml:3023 msgid "<quote>proxy</quote>: Support a legacy NSS provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3019 +#: sssd.conf.5.xml:3026 msgid "" "<quote>files</quote>: FILES provider. See <citerefentry> <refentrytitle>sssd-" "files</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more " @@ -3576,7 +3582,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3027 +#: sssd.conf.5.xml:3034 msgid "" "<quote>ldap</quote>: LDAP provider. See <citerefentry> <refentrytitle>sssd-" "ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more " @@ -3584,8 +3590,8 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3035 sssd.conf.5.xml:3146 sssd.conf.5.xml:3197 -#: sssd.conf.5.xml:3260 +#: sssd.conf.5.xml:3042 sssd.conf.5.xml:3153 sssd.conf.5.xml:3204 +#: sssd.conf.5.xml:3267 msgid "" "<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management " "provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> " @@ -3594,8 +3600,8 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3044 sssd.conf.5.xml:3155 sssd.conf.5.xml:3206 -#: sssd.conf.5.xml:3269 +#: sssd.conf.5.xml:3051 sssd.conf.5.xml:3162 sssd.conf.5.xml:3213 +#: sssd.conf.5.xml:3276 msgid "" "<quote>ad</quote>: Active Directory provider. See <citerefentry> " "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3603,19 +3609,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3055 +#: sssd.conf.5.xml:3062 msgid "use_fully_qualified_names (bool)" msgstr "use_fully_qualified_names (bool)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3058 +#: sssd.conf.5.xml:3065 msgid "" "Use the full name and domain (as formatted by the domain's full_name_format) " "as the user's login name reported to NSS." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3063 +#: sssd.conf.5.xml:3070 msgid "" "If set to TRUE, all requests to this domain must use fully qualified names. " "For example, if used in LOCAL domain that contains a \"test\" user, " @@ -3624,7 +3630,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3071 +#: sssd.conf.5.xml:3078 msgid "" "NOTE: This option has no effect on netgroup lookups due to their tendency to " "include nested netgroups without qualified names. For netgroups, all domains " @@ -3632,24 +3638,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3078 +#: sssd.conf.5.xml:3085 msgid "" "Default: FALSE (TRUE for trusted domain/sub-domains or if " "default_domain_suffix is used)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3085 +#: sssd.conf.5.xml:3092 msgid "ignore_group_members (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3088 +#: sssd.conf.5.xml:3095 msgid "Do not return group members for group lookups." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3091 +#: sssd.conf.5.xml:3098 msgid "" "If set to TRUE, the group membership attribute is not requested from the " "ldap server, and group members are not returned when processing group lookup " @@ -3661,7 +3667,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3109 +#: sssd.conf.5.xml:3116 msgid "" "Enabling this option can also make access provider checks for group " "membership significantly faster, especially for groups containing many " @@ -3669,30 +3675,30 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3115 sssd.conf.5.xml:3822 sssd-ldap.5.xml:326 -#: sssd-ldap.5.xml:355 sssd-ldap.5.xml:408 sssd-ldap.5.xml:468 -#: sssd-ldap.5.xml:489 sssd-ldap.5.xml:520 sssd-ldap.5.xml:543 -#: sssd-ldap.5.xml:582 sssd-ldap.5.xml:601 sssd-ldap.5.xml:625 -#: sssd-ldap.5.xml:1051 sssd-ldap.5.xml:1084 +#: sssd.conf.5.xml:3122 sssd.conf.5.xml:3829 sssd-ldap.5.xml:327 +#: sssd-ldap.5.xml:356 sssd-ldap.5.xml:409 sssd-ldap.5.xml:469 +#: sssd-ldap.5.xml:490 sssd-ldap.5.xml:521 sssd-ldap.5.xml:544 +#: sssd-ldap.5.xml:583 sssd-ldap.5.xml:602 sssd-ldap.5.xml:626 +#: sssd-ldap.5.xml:1053 sssd-ldap.5.xml:1086 msgid "" "This option can be also set per subdomain or inherited via " "<emphasis>subdomain_inherit</emphasis>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3125 +#: sssd.conf.5.xml:3132 msgid "auth_provider (string)" msgstr "auth_provider (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3128 +#: sssd.conf.5.xml:3135 msgid "" "The authentication provider used for the domain. Supported auth providers " "are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3132 sssd.conf.5.xml:3190 +#: sssd.conf.5.xml:3139 sssd.conf.5.xml:3197 msgid "" "<quote>ldap</quote> for native LDAP authentication. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3700,7 +3706,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3139 +#: sssd.conf.5.xml:3146 msgid "" "<quote>krb5</quote> for Kerberos authentication. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3708,30 +3714,30 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3163 +#: sssd.conf.5.xml:3170 msgid "" "<quote>proxy</quote> for relaying authentication to some other PAM target." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3166 +#: sssd.conf.5.xml:3173 msgid "<quote>none</quote> disables authentication explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3169 +#: sssd.conf.5.xml:3176 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can handle " "authentication requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3175 +#: sssd.conf.5.xml:3182 msgid "access_provider (string)" msgstr "access_provider (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3178 +#: sssd.conf.5.xml:3185 msgid "" "The access control provider used for the domain. There are two built-in " "access providers (in addition to any included in installed backends) " @@ -3739,19 +3745,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3184 +#: sssd.conf.5.xml:3191 msgid "" "<quote>permit</quote> always allow access. It's the only permitted access " "provider for a local domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3187 +#: sssd.conf.5.xml:3194 msgid "<quote>deny</quote> always deny access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3214 +#: sssd.conf.5.xml:3221 msgid "" "<quote>simple</quote> access control based on access or deny lists. See " "<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</" @@ -3760,7 +3766,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3221 +#: sssd.conf.5.xml:3228 msgid "" "<quote>krb5</quote>: .k5login based access control. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum></" @@ -3768,29 +3774,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3228 +#: sssd.conf.5.xml:3235 msgid "<quote>proxy</quote> for relaying access control to another PAM module." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3231 +#: sssd.conf.5.xml:3238 msgid "Default: <quote>permit</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3236 +#: sssd.conf.5.xml:3243 msgid "chpass_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3239 +#: sssd.conf.5.xml:3246 msgid "" "The provider which should handle change password operations for the domain. " "Supported change password providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3244 +#: sssd.conf.5.xml:3251 msgid "" "<quote>ldap</quote> to change a password stored in a LDAP server. See " "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" @@ -3798,7 +3804,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3252 +#: sssd.conf.5.xml:3259 msgid "" "<quote>krb5</quote> to change the Kerberos password. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3806,35 +3812,35 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3277 +#: sssd.conf.5.xml:3284 msgid "" "<quote>proxy</quote> for relaying password changes to some other PAM target." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3281 +#: sssd.conf.5.xml:3288 msgid "<quote>none</quote> disallows password changes explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3284 +#: sssd.conf.5.xml:3291 msgid "" "Default: <quote>auth_provider</quote> is used if it is set and can handle " "change password requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3291 +#: sssd.conf.5.xml:3298 msgid "sudo_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3294 +#: sssd.conf.5.xml:3301 msgid "The SUDO provider used for the domain. Supported SUDO providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3298 +#: sssd.conf.5.xml:3305 msgid "" "<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3842,32 +3848,32 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3306 +#: sssd.conf.5.xml:3313 msgid "" "<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default " "settings." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3310 +#: sssd.conf.5.xml:3317 msgid "" "<quote>ad</quote> the same as <quote>ldap</quote> but with AD default " "settings." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3314 +#: sssd.conf.5.xml:3321 msgid "<quote>none</quote> disables SUDO explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3317 sssd.conf.5.xml:3403 sssd.conf.5.xml:3473 -#: sssd.conf.5.xml:3498 sssd.conf.5.xml:3534 +#: sssd.conf.5.xml:3324 sssd.conf.5.xml:3410 sssd.conf.5.xml:3480 +#: sssd.conf.5.xml:3505 sssd.conf.5.xml:3541 msgid "Default: The value of <quote>id_provider</quote> is used if it is set." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3321 +#: sssd.conf.5.xml:3328 msgid "" "The detailed instructions for configuration of sudo_provider are in the " "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " @@ -3878,7 +3884,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3336 +#: sssd.conf.5.xml:3343 msgid "" "<emphasis>NOTE:</emphasis> Sudo rules are periodically downloaded in the " "background unless the sudo provider is explicitly disabled. Set " @@ -3887,12 +3893,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3346 +#: sssd.conf.5.xml:3353 msgid "selinux_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3349 +#: sssd.conf.5.xml:3356 msgid "" "The provider which should handle loading of selinux settings. Note that this " "provider will be called right after access provider ends. Supported selinux " @@ -3900,7 +3906,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3355 +#: sssd.conf.5.xml:3362 msgid "" "<quote>ipa</quote> to load selinux settings from an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" @@ -3908,31 +3914,31 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3363 +#: sssd.conf.5.xml:3370 msgid "<quote>none</quote> disallows fetching selinux settings explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3366 +#: sssd.conf.5.xml:3373 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can handle " "selinux loading requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3372 +#: sssd.conf.5.xml:3379 msgid "subdomains_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3375 +#: sssd.conf.5.xml:3382 msgid "" "The provider which should handle fetching of subdomains. This value should " "be always the same as id_provider. Supported subdomain providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3381 +#: sssd.conf.5.xml:3388 msgid "" "<quote>ipa</quote> to load a list of subdomains from an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" @@ -3940,7 +3946,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3390 +#: sssd.conf.5.xml:3397 msgid "" "<quote>ad</quote> to load a list of subdomains from an Active Directory " "server. See <citerefentry> <refentrytitle>sssd-ad</refentrytitle> " @@ -3949,17 +3955,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3399 +#: sssd.conf.5.xml:3406 msgid "<quote>none</quote> disallows fetching subdomains explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3409 +#: sssd.conf.5.xml:3416 msgid "session_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3412 +#: sssd.conf.5.xml:3419 msgid "" "The provider which configures and manages user session related tasks. The " "only user session task currently provided is the integration with Fleet " @@ -3967,43 +3973,43 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3419 +#: sssd.conf.5.xml:3426 msgid "<quote>ipa</quote> to allow performing user session related tasks." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3423 +#: sssd.conf.5.xml:3430 msgid "" "<quote>none</quote> does not perform any kind of user session related tasks." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3427 +#: sssd.conf.5.xml:3434 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can perform " "session related tasks." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3431 +#: sssd.conf.5.xml:3438 msgid "" "<emphasis>NOTE:</emphasis> In order to have this feature working as expected " "SSSD must be running as \"root\" and not as the unprivileged user." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3439 +#: sssd.conf.5.xml:3446 msgid "autofs_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3442 +#: sssd.conf.5.xml:3449 msgid "" "The autofs provider used for the domain. Supported autofs providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3446 +#: sssd.conf.5.xml:3453 msgid "" "<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" @@ -4011,7 +4017,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3453 +#: sssd.conf.5.xml:3460 msgid "" "<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> " "<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </" @@ -4019,7 +4025,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3461 +#: sssd.conf.5.xml:3468 msgid "" "<quote>ad</quote> to load maps stored in an AD server. See <citerefentry> " "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </" @@ -4027,24 +4033,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3470 +#: sssd.conf.5.xml:3477 msgid "<quote>none</quote> disables autofs explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3480 +#: sssd.conf.5.xml:3487 msgid "hostid_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3483 +#: sssd.conf.5.xml:3490 msgid "" "The provider used for retrieving host identity information. Supported " "hostid providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3487 +#: sssd.conf.5.xml:3494 msgid "" "<quote>ipa</quote> to load host identity stored in an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" @@ -4052,31 +4058,31 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3495 +#: sssd.conf.5.xml:3502 msgid "<quote>none</quote> disables hostid explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3505 +#: sssd.conf.5.xml:3512 msgid "resolver_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3508 +#: sssd.conf.5.xml:3515 msgid "" "The provider which should handle hosts and networks lookups. Supported " "resolver providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3512 +#: sssd.conf.5.xml:3519 msgid "" "<quote>proxy</quote> to forward lookups to another NSS library. See " "<quote>proxy_resolver_lib_name</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3516 +#: sssd.conf.5.xml:3523 msgid "" "<quote>ldap</quote> to fetch hosts and networks stored in LDAP. See " "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" @@ -4084,7 +4090,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3523 +#: sssd.conf.5.xml:3530 msgid "" "<quote>ad</quote> to fetch hosts and networks stored in AD. See " "<citerefentry> <refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</" @@ -4093,12 +4099,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3531 +#: sssd.conf.5.xml:3538 msgid "<quote>none</quote> disallows fetching hosts and networks explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3544 +#: sssd.conf.5.xml:3551 msgid "" "Regular expression for this domain that describes how to parse the string " "containing user name and domain into these components. The \"domain\" can " @@ -4108,24 +4114,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3553 +#: sssd.conf.5.xml:3560 msgid "" "Default: <quote>^((?P<name>.+)@(?P<domain>[^@]*)|(?P<name>" "[^@]+))$</quote> which allows two different styles for user names:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:3558 sssd.conf.5.xml:3572 +#: sssd.conf.5.xml:3565 sssd.conf.5.xml:3579 msgid "username" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:3561 sssd.conf.5.xml:3575 +#: sssd.conf.5.xml:3568 sssd.conf.5.xml:3582 msgid "username@domain.name" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3566 +#: sssd.conf.5.xml:3573 msgid "" "Default for the AD and IPA provider: <quote>^(((?P<domain>[^\\\\]+)\\" "\\(?P<name>.+))|((?P<name>.+)@(?P<domain>[^@]+))|((?P<" @@ -4134,19 +4140,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:3578 +#: sssd.conf.5.xml:3585 msgid "domain\\username" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3581 +#: sssd.conf.5.xml:3588 msgid "" "While the first two correspond to the general default the third one is " "introduced to allow easy integration of users from Windows domains." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3586 +#: sssd.conf.5.xml:3593 msgid "" "The default re_expression uses the <quote>@</quote> character as a separator " "between the name and the domain. As a result of this setting the default " @@ -4156,93 +4162,93 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3638 +#: sssd.conf.5.xml:3645 msgid "Default: <quote>%1$s@%2$s</quote>." msgstr "Default: <quote>%1$s@%2$s</quote>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3644 +#: sssd.conf.5.xml:3651 msgid "lookup_family_order (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3647 +#: sssd.conf.5.xml:3654 msgid "" "Provides the ability to select preferred address family to use when " "performing DNS lookups." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3651 +#: sssd.conf.5.xml:3658 msgid "Supported values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3654 +#: sssd.conf.5.xml:3661 msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3657 +#: sssd.conf.5.xml:3664 msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3660 +#: sssd.conf.5.xml:3667 msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3663 +#: sssd.conf.5.xml:3670 msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3666 +#: sssd.conf.5.xml:3673 msgid "Default: ipv4_first" msgstr "Default: ipv4_first" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3672 +#: sssd.conf.5.xml:3679 #, fuzzy #| msgid "dns_resolver_timeout (integer)" msgid "dns_resolver_server_timeout (integer)" msgstr "dns_resolver_timeout (integer)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3675 +#: sssd.conf.5.xml:3682 msgid "" "Defines the amount of time (in milliseconds) SSSD would try to talk to DNS " "server before trying next DNS server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3680 +#: sssd.conf.5.xml:3687 msgid "" "The AD provider will use this option for the CLDAP ping timeouts as well." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3684 sssd.conf.5.xml:3704 sssd.conf.5.xml:3725 +#: sssd.conf.5.xml:3691 sssd.conf.5.xml:3711 sssd.conf.5.xml:3732 msgid "" "Please see the section <quote>FAILOVER</quote> for more information about " "the service resolution." msgstr "" #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3689 sssd-ldap.5.xml:644 include/failover.xml:84 +#: sssd.conf.5.xml:3696 sssd-ldap.5.xml:645 include/failover.xml:84 msgid "Default: 1000" msgstr "Padrão: 1000" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3695 +#: sssd.conf.5.xml:3702 #, fuzzy #| msgid "dns_resolver_timeout (integer)" msgid "dns_resolver_op_timeout (integer)" msgstr "dns_resolver_timeout (integer)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3698 +#: sssd.conf.5.xml:3705 msgid "" "Defines the amount of time (in seconds) to wait to resolve single DNS query " "(e.g. resolution of a hostname or an SRV record) before trying the next " @@ -4250,12 +4256,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3715 +#: sssd.conf.5.xml:3722 msgid "dns_resolver_timeout (integer)" msgstr "dns_resolver_timeout (integer)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3718 +#: sssd.conf.5.xml:3725 msgid "" "Defines the amount of time (in seconds) to wait for a reply from the " "internal fail over service before assuming that the service is unreachable. " @@ -4264,14 +4270,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3736 +#: sssd.conf.5.xml:3743 #, fuzzy #| msgid "dns_resolver_timeout (integer)" msgid "dns_resolver_use_search_list (bool)" msgstr "dns_resolver_timeout (integer)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3739 +#: sssd.conf.5.xml:3746 msgid "" "Normally, the DNS resolver searches the domain list defined in the " "\"search\" directive from the resolv.conf file. This can lead to delays in " @@ -4279,7 +4285,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3745 +#: sssd.conf.5.xml:3752 msgid "" "If fully qualified domain names (or _srv_) are used in the SSSD " "configuration, setting this option to FALSE can prevent unnecessary DNS " @@ -4287,69 +4293,69 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3751 +#: sssd.conf.5.xml:3758 msgid "Default: TRUE" msgstr "Padrão: TRUE" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3757 +#: sssd.conf.5.xml:3764 msgid "dns_discovery_domain (string)" msgstr "dns_discovery_domain (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3760 +#: sssd.conf.5.xml:3767 msgid "" "If service discovery is used in the back end, specifies the domain part of " "the service discovery DNS query." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3764 +#: sssd.conf.5.xml:3771 msgid "Default: Use the domain part of machine's hostname" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3770 +#: sssd.conf.5.xml:3777 msgid "override_gid (integer)" msgstr "override_gid (integer)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3773 +#: sssd.conf.5.xml:3780 msgid "Override the primary GID value with the one specified." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3779 +#: sssd.conf.5.xml:3786 msgid "case_sensitive (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3786 +#: sssd.conf.5.xml:3793 msgid "True" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3789 +#: sssd.conf.5.xml:3796 msgid "Case sensitive. This value is invalid for AD provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3795 +#: sssd.conf.5.xml:3802 msgid "False" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3797 +#: sssd.conf.5.xml:3804 msgid "Case insensitive." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3801 +#: sssd.conf.5.xml:3808 msgid "Preserving" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3804 +#: sssd.conf.5.xml:3811 msgid "" "Same as False (case insensitive), but does not lowercase names in the result " "of NSS operations. Note that name aliases (and in case of services also " @@ -4357,31 +4363,31 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3812 +#: sssd.conf.5.xml:3819 msgid "" "If you want to set this value for trusted domain with IPA provider, you need " "to set it on both the client and SSSD on the server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3782 +#: sssd.conf.5.xml:3789 msgid "" "Treat user and group names as case sensitive. Possible option values are: " "<placeholder type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3827 +#: sssd.conf.5.xml:3834 msgid "Default: True (False for AD provider)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3833 +#: sssd.conf.5.xml:3840 msgid "subdomain_inherit (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3836 +#: sssd.conf.5.xml:3843 msgid "" "Specifies a list of configuration parameters that should be inherited by a " "subdomain. Please note that only selected parameters can be inherited. " @@ -4389,126 +4395,126 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3842 +#: sssd.conf.5.xml:3849 #, fuzzy #| msgid "ldap_search_timeout (integer)" msgid "ldap_search_timeout" msgstr "ldap_search_timeout (integer)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3845 +#: sssd.conf.5.xml:3852 #, fuzzy #| msgid "ldap_network_timeout (integer)" msgid "ldap_network_timeout" msgstr "ldap_network_timeout (integer)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3848 +#: sssd.conf.5.xml:3855 #, fuzzy #| msgid "ldap_opt_timeout (integer)" msgid "ldap_opt_timeout" msgstr "ldap_opt_timeout (integer)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3851 +#: sssd.conf.5.xml:3858 #, fuzzy #| msgid "ldap_enumeration_refresh_timeout (integer)" msgid "ldap_offline_timeout" msgstr "ldap_enumeration_refresh_timeout (integer)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3854 +#: sssd.conf.5.xml:3861 #, fuzzy #| msgid "ldap_enumeration_refresh_timeout (integer)" msgid "ldap_enumeration_refresh_timeout" msgstr "ldap_enumeration_refresh_timeout (integer)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3857 +#: sssd.conf.5.xml:3864 #, fuzzy #| msgid "ldap_enumeration_refresh_timeout (integer)" msgid "ldap_enumeration_refresh_offset" msgstr "ldap_enumeration_refresh_timeout (integer)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3860 +#: sssd.conf.5.xml:3867 msgid "ldap_purge_cache_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3863 +#: sssd.conf.5.xml:3870 msgid "ldap_purge_cache_offset" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3866 +#: sssd.conf.5.xml:3873 msgid "" "ldap_krb5_keytab (the value of krb5_keytab will be used if ldap_krb5_keytab " "is not set explicitly)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3870 +#: sssd.conf.5.xml:3877 #, fuzzy #| msgid "ldap_krb5_ticket_lifetime (integer)" msgid "ldap_krb5_ticket_lifetime" msgstr "ldap_krb5_ticket_lifetime (integer)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3873 +#: sssd.conf.5.xml:3880 #, fuzzy #| msgid "ldap_enumeration_refresh_timeout (integer)" msgid "ldap_enumeration_search_timeout" msgstr "ldap_enumeration_refresh_timeout (integer)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3876 +#: sssd.conf.5.xml:3883 #, fuzzy #| msgid "ldap_enumeration_refresh_timeout (integer)" msgid "ldap_connection_expire_timeout" msgstr "ldap_enumeration_refresh_timeout (integer)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3879 +#: sssd.conf.5.xml:3886 #, fuzzy #| msgid "ldap_enumeration_refresh_timeout (integer)" msgid "ldap_connection_expire_offset" msgstr "ldap_enumeration_refresh_timeout (integer)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3882 +#: sssd.conf.5.xml:3889 #, fuzzy #| msgid "ldap_enumeration_refresh_timeout (integer)" msgid "ldap_connection_idle_timeout" msgstr "ldap_enumeration_refresh_timeout (integer)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3885 sssd-ldap.5.xml:400 +#: sssd.conf.5.xml:3892 sssd-ldap.5.xml:401 msgid "ldap_use_tokengroups" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3888 +#: sssd.conf.5.xml:3895 msgid "ldap_user_principal" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3891 +#: sssd.conf.5.xml:3898 msgid "ignore_group_members" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3894 +#: sssd.conf.5.xml:3901 msgid "auto_private_groups" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3897 +#: sssd.conf.5.xml:3904 msgid "case_sensitive" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:3902 +#: sssd.conf.5.xml:3909 #, no-wrap msgid "" "subdomain_inherit = ldap_purge_cache_timeout\n" @@ -4516,27 +4522,27 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3909 +#: sssd.conf.5.xml:3916 msgid "Note: This option only works with the IPA and AD provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3916 +#: sssd.conf.5.xml:3923 msgid "subdomain_homedir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3927 +#: sssd.conf.5.xml:3934 msgid "%F" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3928 +#: sssd.conf.5.xml:3935 msgid "flat (NetBIOS) name of a subdomain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3919 +#: sssd.conf.5.xml:3926 msgid "" "Use this homedir as default value for all subdomains within this domain in " "IPA AD trust. See <emphasis>override_homedir</emphasis> for info about " @@ -4546,34 +4552,34 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3933 +#: sssd.conf.5.xml:3940 msgid "" "The value can be overridden by <emphasis>override_homedir</emphasis> option." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3937 +#: sssd.conf.5.xml:3944 msgid "Default: <filename>/home/%d/%u</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3942 +#: sssd.conf.5.xml:3949 msgid "realmd_tags (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3945 +#: sssd.conf.5.xml:3952 msgid "" "Various tags stored by the realmd configuration service for this domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3951 +#: sssd.conf.5.xml:3958 msgid "cached_auth_timeout (int)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3954 +#: sssd.conf.5.xml:3961 msgid "" "Specifies time in seconds since last successful online authentication for " "which user will be authenticated using cached credentials while SSSD is in " @@ -4582,19 +4588,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3962 +#: sssd.conf.5.xml:3969 msgid "" "This option's value is inherited by all trusted domains. At the moment it is " "not possible to set a different value per trusted domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3967 +#: sssd.conf.5.xml:3974 msgid "Special value 0 implies that this feature is disabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3971 +#: sssd.conf.5.xml:3978 msgid "" "Please note that if <quote>cached_auth_timeout</quote> is longer than " "<quote>pam_id_timeout</quote> then the back end could be called to handle " @@ -4602,14 +4608,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3982 +#: sssd.conf.5.xml:3989 #, fuzzy #| msgid "ldap_pwd_policy (string)" msgid "local_auth_policy (string)" msgstr "ldap_pwd_policy (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3985 +#: sssd.conf.5.xml:3992 msgid "" "Local authentication methods policy. Some backends (i.e. LDAP, proxy " "provider) only support a password based authentication, while others can " @@ -4620,7 +4626,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3995 +#: sssd.conf.5.xml:4002 msgid "" "There are three possible values for this option: match, only, enable. " "<quote>match</quote> is used to match offline and online states for Kerberos " @@ -4631,8 +4637,17 @@ msgid "" "separated, such as <quote>enable:passkey, enable:smartcard</quote>" msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4014 +msgid "" +"Please note that if local Smartcard authentication is enabled and a " +"Smartcard is present, Smartcard authentication will be preferred over the " +"authentication methods supported by the backend. I.e. there will be a PIN " +"prompt instead of e.g. a password prompt." +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:4011 +#: sssd.conf.5.xml:4026 #, no-wrap msgid "" "[domain/shadowutils]\n" @@ -4643,7 +4658,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4007 +#: sssd.conf.5.xml:4022 msgid "" "The following configuration example allows local users to authenticate " "locally using any enabled method (i.e. smartcard, passkey). <placeholder " @@ -4651,36 +4666,36 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4019 +#: sssd.conf.5.xml:4034 msgid "This option is ignored for the files provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4022 +#: sssd.conf.5.xml:4037 #, fuzzy #| msgid "Default: cn" msgid "Default: match" msgstr "Padrão: NC" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4027 +#: sssd.conf.5.xml:4042 msgid "auto_private_groups (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4033 +#: sssd.conf.5.xml:4048 msgid "true" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4036 +#: sssd.conf.5.xml:4051 msgid "" "Create user's private group unconditionally from user's UID number. The GID " "number is ignored in this case." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4040 +#: sssd.conf.5.xml:4055 msgid "" "NOTE: Because the GID number and the user private group are inferred from " "the UID number, it is not supported to have multiple entries with the same " @@ -4689,24 +4704,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4049 +#: sssd.conf.5.xml:4064 msgid "false" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4052 +#: sssd.conf.5.xml:4067 msgid "" "Always use the user's primary GID number. The GID number must refer to a " "group object in the LDAP database." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4058 +#: sssd.conf.5.xml:4073 msgid "hybrid" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4061 +#: sssd.conf.5.xml:4076 msgid "" "A primary group is autogenerated for user entries whose UID and GID numbers " "have the same value and at the same time the GID number does not correspond " @@ -4716,14 +4731,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4074 +#: sssd.conf.5.xml:4089 msgid "" "If the UID and GID of a user are different, then the GID must correspond to " "a group entry, otherwise the GID is simply not resolvable." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4081 +#: sssd.conf.5.xml:4096 msgid "" "This feature is useful for environments that wish to stop maintaining a " "separate group objects for the user private groups, but also wish to retain " @@ -4731,21 +4746,21 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4030 +#: sssd.conf.5.xml:4045 msgid "" "This option takes any of three available values: <placeholder " "type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4093 +#: sssd.conf.5.xml:4108 msgid "" "For subdomains, the default value is False for subdomains that use assigned " "POSIX IDs and True for subdomains that use automatic ID-mapping." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:4101 +#: sssd.conf.5.xml:4116 #, no-wrap msgid "" "[domain/forest.domain/sub.domain]\n" @@ -4753,7 +4768,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:4107 +#: sssd.conf.5.xml:4122 #, no-wrap msgid "" "[domain/forest.domain]\n" @@ -4762,7 +4777,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4098 +#: sssd.conf.5.xml:4113 msgid "" "The value of auto_private_groups can either be set per subdomains in a " "subsection, for example: <placeholder type=\"programlisting\" id=\"0\"/> or " @@ -4779,29 +4794,30 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4122 +#: sssd.conf.5.xml:4137 msgid "proxy_pam_target (string)" msgstr "proxy_pam_target (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4125 +#: sssd.conf.5.xml:4140 msgid "The proxy target PAM proxies to." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4128 +#: sssd.conf.5.xml:4143 msgid "" "Default: not set by default, you have to take an existing pam configuration " -"or create a new one and add the service name here." +"or create a new one and add the service name here. As an alternative you can " +"enable local authentication with the local_auth_policy option." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4136 +#: sssd.conf.5.xml:4153 msgid "proxy_lib_name (string)" msgstr "proxy_lib_name (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4139 +#: sssd.conf.5.xml:4156 msgid "" "The name of the NSS library to use in proxy domains. The NSS functions " "searched for in the library are in the form of _nss_$(libName)_$(function), " @@ -4809,12 +4825,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4149 +#: sssd.conf.5.xml:4166 msgid "proxy_resolver_lib_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4152 +#: sssd.conf.5.xml:4169 msgid "" "The name of the NSS library to use for hosts and networks lookups in proxy " "domains. The NSS functions searched for in the library are in the form of " @@ -4822,12 +4838,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4163 +#: sssd.conf.5.xml:4180 msgid "proxy_fast_alias (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4166 +#: sssd.conf.5.xml:4183 msgid "" "When a user or group is looked up by name in the proxy provider, a second " "lookup by ID is performed to \"canonicalize\" the name in case the requested " @@ -4836,12 +4852,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4180 +#: sssd.conf.5.xml:4197 msgid "proxy_max_children (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4183 +#: sssd.conf.5.xml:4200 msgid "" "This option specifies the number of pre-forked proxy children. It is useful " "for high-load SSSD environments where sssd may run out of available child " @@ -4849,19 +4865,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4118 +#: sssd.conf.5.xml:4133 msgid "" "Options valid for proxy domains. <placeholder type=\"variablelist\" " "id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:4199 +#: sssd.conf.5.xml:4216 msgid "Application domains" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4201 +#: sssd.conf.5.xml:4218 msgid "" "SSSD, with its D-Bus interface (see <citerefentry> <refentrytitle>sssd-ifp</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry>) is appealing to " @@ -4878,7 +4894,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4221 +#: sssd.conf.5.xml:4238 msgid "" "Please note that the application domain must still be explicitly enabled in " "the <quote>domains</quote> parameter so that the lookup order between the " @@ -4886,17 +4902,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> -#: sssd.conf.5.xml:4227 +#: sssd.conf.5.xml:4244 msgid "Application domain parameters" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4229 +#: sssd.conf.5.xml:4246 msgid "inherit_from (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4232 +#: sssd.conf.5.xml:4249 msgid "" "The SSSD POSIX-type domain the application domain inherits all settings " "from. The application domain can moreover add its own settings to the " @@ -4905,7 +4921,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4246 +#: sssd.conf.5.xml:4263 msgid "" "The following example illustrates the use of an application domain. In this " "setup, the POSIX domain is connected to an LDAP server and is used by the OS " @@ -4915,7 +4931,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><programlisting> -#: sssd.conf.5.xml:4254 +#: sssd.conf.5.xml:4271 #, no-wrap msgid "" "[sssd]\n" @@ -4935,12 +4951,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4274 +#: sssd.conf.5.xml:4291 msgid "TRUSTED DOMAIN SECTION" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4276 +#: sssd.conf.5.xml:4293 msgid "" "Some options used in the domain section can also be used in the trusted " "domain section, that is, in a section called <quote>[domain/" @@ -4951,69 +4967,69 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4283 +#: sssd.conf.5.xml:4300 msgid "ldap_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4284 +#: sssd.conf.5.xml:4301 msgid "ldap_user_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4285 +#: sssd.conf.5.xml:4302 msgid "ldap_group_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4286 +#: sssd.conf.5.xml:4303 msgid "ldap_netgroup_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4287 +#: sssd.conf.5.xml:4304 msgid "ldap_service_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4288 +#: sssd.conf.5.xml:4305 msgid "ldap_sasl_mech," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4289 +#: sssd.conf.5.xml:4306 msgid "ad_server," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4290 +#: sssd.conf.5.xml:4307 msgid "ad_backup_server," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4291 +#: sssd.conf.5.xml:4308 msgid "ad_site," msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4292 sssd-ipa.5.xml:879 +#: sssd.conf.5.xml:4309 sssd-ipa.5.xml:884 msgid "use_fully_qualified_names" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4296 +#: sssd.conf.5.xml:4313 msgid "" "For more details about these options see their individual description in the " "manual page." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4302 +#: sssd.conf.5.xml:4319 msgid "CERTIFICATE MAPPING SECTION" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4304 +#: sssd.conf.5.xml:4321 msgid "" "To allow authentication with Smartcards and certificates SSSD must be able " "to map certificates to users. This can be done by adding the full " @@ -5026,7 +5042,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4318 +#: sssd.conf.5.xml:4335 msgid "" "To make the mapping more flexible mapping and matching rules were added to " "SSSD (see <citerefentry> <refentrytitle>sss-certmap</refentrytitle> " @@ -5034,7 +5050,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4327 +#: sssd.conf.5.xml:4344 msgid "" "A mapping and matching rule can be added to the SSSD configuration in a " "section on its own with a name like <quote>[certmap/" @@ -5043,55 +5059,55 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4334 +#: sssd.conf.5.xml:4351 msgid "matchrule (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4337 +#: sssd.conf.5.xml:4354 msgid "" "Only certificates from the Smartcard which matches this rule will be " "processed, all others are ignored." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4341 +#: sssd.conf.5.xml:4358 msgid "" "Default: KRB5:<EKU>clientAuth, i.e. only certificates which have the " "Extended Key Usage <quote>clientAuth</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4348 +#: sssd.conf.5.xml:4365 msgid "maprule (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4351 +#: sssd.conf.5.xml:4368 msgid "Defines how the user is found for a given certificate." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4357 +#: sssd.conf.5.xml:4374 msgid "" "LDAP:(userCertificate;binary={cert!bin}) for LDAP based providers like " "<quote>ldap</quote>, <quote>AD</quote> or <quote>ipa</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4363 +#: sssd.conf.5.xml:4380 msgid "" "The RULE_NAME for the <quote>files</quote> provider which tries to find a " "user with the same name." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4372 +#: sssd.conf.5.xml:4389 msgid "domains (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4375 +#: sssd.conf.5.xml:4392 msgid "" "Comma separated list of domain names the rule should be applied. By default " "a rule is only valid in the domain configured in sssd.conf. If the provider " @@ -5100,17 +5116,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4382 +#: sssd.conf.5.xml:4399 msgid "Default: the configured domain in sssd.conf" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4387 +#: sssd.conf.5.xml:4404 msgid "priority (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4390 +#: sssd.conf.5.xml:4407 msgid "" "Unsigned integer value defining the priority of the rule. The higher the " "number the lower the priority. <quote>0</quote> stands for the highest " @@ -5118,26 +5134,26 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4396 +#: sssd.conf.5.xml:4413 msgid "Default: the lowest priority" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4402 +#: sssd.conf.5.xml:4419 msgid "" "To make the configuration simple and reduce the amount of configuration " "options the <quote>files</quote> provider has some special properties:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4408 +#: sssd.conf.5.xml:4425 msgid "" "if maprule is not set the RULE_NAME name is assumed to be the name of the " "matching user" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4414 +#: sssd.conf.5.xml:4431 msgid "" "if a maprule is used both a single user name or a template like " "<quote>{subject_rfc822_name.short_name}</quote> must be in braces like e.g. " @@ -5146,17 +5162,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4423 +#: sssd.conf.5.xml:4440 msgid "the <quote>domains</quote> option is ignored" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4431 +#: sssd.conf.5.xml:4448 msgid "PROMPTING CONFIGURATION SECTION" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4433 +#: sssd.conf.5.xml:4450 msgid "" "If a special file (<filename>/var/lib/sss/pubconf/pam_preauth_available</" "filename>) exists SSSD's PAM module pam_sss will ask SSSD to figure out " @@ -5166,7 +5182,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4441 +#: sssd.conf.5.xml:4458 msgid "" "With the growing number of authentication methods and the possibility that " "there are multiple ones for a single user the heuristic used by pam_sss to " @@ -5175,59 +5191,59 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4453 +#: sssd.conf.5.xml:4470 msgid "[prompting/password]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4456 +#: sssd.conf.5.xml:4473 msgid "password_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4457 +#: sssd.conf.5.xml:4474 msgid "to change the string of the password prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4455 +#: sssd.conf.5.xml:4472 msgid "" "to configure password prompting, allowed options are: <placeholder " "type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4465 +#: sssd.conf.5.xml:4482 msgid "[prompting/2fa]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4469 +#: sssd.conf.5.xml:4486 msgid "first_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4470 +#: sssd.conf.5.xml:4487 msgid "to change the string of the prompt for the first factor" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4473 +#: sssd.conf.5.xml:4490 msgid "second_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4474 +#: sssd.conf.5.xml:4491 msgid "to change the string of the prompt for the second factor" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4477 +#: sssd.conf.5.xml:4494 msgid "single_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4478 +#: sssd.conf.5.xml:4495 msgid "" "boolean value, if True there will be only a single prompt using the value of " "first_prompt where it is expected that both factors are entered as a single " @@ -5236,7 +5252,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4467 +#: sssd.conf.5.xml:4484 msgid "" "to configure two-factor authentication prompting, allowed options are: " "<placeholder type=\"variablelist\" id=\"0\"/> If the second factor is " @@ -5245,17 +5261,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4495 +#: sssd.conf.5.xml:4512 msgid "[prompting/passkey]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4501 sssd-ad.5.xml:1021 +#: sssd.conf.5.xml:4518 sssd-ad.5.xml:1021 msgid "interactive" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4503 +#: sssd.conf.5.xml:4520 msgid "" "boolean value, if True prompt a message and wait before testing the presence " "of a passkey device. Recommended if your device doesn’t have a tactile " @@ -5263,46 +5279,46 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4511 +#: sssd.conf.5.xml:4528 msgid "interactive_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4513 +#: sssd.conf.5.xml:4530 msgid "to change the message of the interactive prompt." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4518 +#: sssd.conf.5.xml:4535 msgid "touch" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4520 +#: sssd.conf.5.xml:4537 msgid "" "boolean value, if True prompt a message to remind the user to touch the " "device." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4526 +#: sssd.conf.5.xml:4543 msgid "touch_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4528 +#: sssd.conf.5.xml:4545 msgid "to change the message of the touch prompt." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4497 +#: sssd.conf.5.xml:4514 msgid "" "to configure passkey authentication prompting, allowed options are: " "<placeholder type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4448 +#: sssd.conf.5.xml:4465 msgid "" "Each supported authentication method has its own configuration subsection " "under <quote>[prompting/...]</quote>. Currently there are: <placeholder " @@ -5311,7 +5327,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4539 +#: sssd.conf.5.xml:4556 msgid "" "It is possible to add a subsection for specific PAM services, e.g. " "<quote>[prompting/password/sshd]</quote> to individual change the prompting " @@ -5319,12 +5335,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4546 pam_sss_gss.8.xml:157 idmap_sss.8.xml:43 +#: sssd.conf.5.xml:4563 pam_sss_gss.8.xml:157 idmap_sss.8.xml:43 msgid "EXAMPLES" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4552 +#: sssd.conf.5.xml:4569 #, no-wrap msgid "" "[sssd]\n" @@ -5378,7 +5394,7 @@ msgstr "" "enumerate = False\n" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4548 +#: sssd.conf.5.xml:4565 msgid "" "1. The following example shows a typical SSSD config. It does not describe " "configuration of the domains themselves - refer to documentation on " @@ -5387,7 +5403,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4585 +#: sssd.conf.5.xml:4602 #, no-wrap msgid "" "[domain/ipa.com/child.ad.com]\n" @@ -5395,7 +5411,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4579 +#: sssd.conf.5.xml:4596 msgid "" "2. The following example shows configuration of IPA AD trust where the AD " "forest consists of two domains in a parent-child structure. Suppose IPA " @@ -5406,7 +5422,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4596 +#: sssd.conf.5.xml:4613 #, no-wrap msgid "" "[certmap/my.domain/rule_name]\n" @@ -5417,7 +5433,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4590 +#: sssd.conf.5.xml:4607 msgid "" "3. The following example shows the configuration of a certificate mapping " "rule. It is valid for the configured domain <quote>my.domain</quote> and " @@ -5471,26 +5487,26 @@ msgid "" "LDAP back end supports id, auth, access and chpass providers. If you want to " "authenticate against an LDAP server either TLS/SSL or LDAPS is required. " "<command>sssd</command> <emphasis>does not</emphasis> support authentication " -"over an unencrypted channel. If the LDAP server is used only as an identity " -"provider, an encrypted channel is not needed. Please refer to " -"<quote>ldap_access_filter</quote> config option for more information about " -"using LDAP as an access provider." +"over an unencrypted channel. Even if the LDAP server is used only as an " +"identity provider, an encrypted channel is strongly recommended. Please " +"refer to <quote>ldap_access_filter</quote> config option for more " +"information about using LDAP as an access provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:82 sssd-ad.5.xml:130 +#: sssd-ldap.5.xml:50 sssd-simple.5.xml:69 sssd-ipa.5.xml:82 sssd-ad.5.xml:130 #: sssd-krb5.5.xml:63 sssd-ifp.5.xml:60 sssd-files.5.xml:77 #: sssd-session-recording.5.xml:58 sssd-kcm.8.xml:202 msgid "CONFIGURATION OPTIONS" msgstr "OPÇÕES DE CONFIGURAÇÃO" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:66 +#: sssd-ldap.5.xml:67 msgid "ldap_uri, ldap_backup_uri (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:69 +#: sssd-ldap.5.xml:70 msgid "" "Specifies the comma-separated list of URIs of the LDAP servers to which SSSD " "should connect in the order of preference. Refer to the <quote>FAILOVER</" @@ -5500,33 +5516,33 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:76 +#: sssd-ldap.5.xml:77 msgid "The format of the URI must match the format defined in RFC 2732:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:79 +#: sssd-ldap.5.xml:80 msgid "ldap[s]://<host>[:port]" msgstr "ldap[s]://<host>[:port]" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:82 +#: sssd-ldap.5.xml:83 msgid "" "For explicit IPv6 addresses, <host> must be enclosed in brackets []" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:85 +#: sssd-ldap.5.xml:86 msgid "example: ldap://[fc00::126:25]:389" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:91 +#: sssd-ldap.5.xml:92 msgid "ldap_chpass_uri, ldap_chpass_backup_uri (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:94 +#: sssd-ldap.5.xml:95 msgid "" "Specifies the comma-separated list of URIs of the LDAP servers to which SSSD " "should connect in the order of preference to change the password of a user. " @@ -5535,57 +5551,57 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:101 +#: sssd-ldap.5.xml:102 msgid "To enable service discovery ldap_chpass_dns_service_name must be set." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:105 +#: sssd-ldap.5.xml:106 msgid "Default: empty, i.e. ldap_uri is used." msgstr "Padrão: empty, ou seja, ldap_uri é usado." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:111 +#: sssd-ldap.5.xml:112 msgid "ldap_search_base (string)" msgstr "ldap_search_base (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:114 +#: sssd-ldap.5.xml:115 msgid "The default base DN to use for performing LDAP user operations." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:118 +#: sssd-ldap.5.xml:119 msgid "" "Starting with SSSD 1.7.0, SSSD supports multiple search bases using the " "syntax:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:122 +#: sssd-ldap.5.xml:123 msgid "search_base[?scope?[filter][?search_base?scope?[filter]]*]" msgstr "search_base[?scope?[filter][?search_base?scope?[filter]]*]" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:125 +#: sssd-ldap.5.xml:126 msgid "The scope can be one of \"base\", \"onelevel\" or \"subtree\"." msgstr "" #. type: Content of: <listitem><para> -#: sssd-ldap.5.xml:128 include/ldap_search_bases.xml:18 +#: sssd-ldap.5.xml:129 include/ldap_search_bases.xml:18 msgid "" "The filter must be a valid LDAP search filter as specified by http://www." "ietf.org/rfc/rfc2254.txt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:132 sssd-ad.5.xml:311 sss_override.8.xml:143 +#: sssd-ldap.5.xml:133 sssd-ad.5.xml:311 sss_override.8.xml:143 #: sss_override.8.xml:240 sssd-ldap-attributes.5.xml:453 msgid "Examples:" msgstr "Exemplos:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:135 +#: sssd-ldap.5.xml:136 msgid "" "ldap_search_base = dc=example,dc=com (which is equivalent to) " "ldap_search_base = dc=example,dc=com?subtree?" @@ -5594,7 +5610,7 @@ msgstr "" "ldap_search_base = dc=example,dc=com?subtree?" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:140 +#: sssd-ldap.5.xml:141 msgid "" "ldap_search_base = cn=host_specific,dc=example,dc=com?subtree?" "(host=thishost)?dc=example.com?subtree?" @@ -5603,7 +5619,7 @@ msgstr "" "(host=thishost)?dc=example.com?subtree?" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:143 +#: sssd-ldap.5.xml:144 msgid "" "Note: It is unsupported to have multiple search bases which reference " "identically-named objects (for example, groups with the same name in two " @@ -5612,7 +5628,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:150 +#: sssd-ldap.5.xml:151 msgid "" "Default: If not set, the value of the defaultNamingContext or namingContexts " "attribute from the RootDSE of the LDAP server is used. If " @@ -5623,12 +5639,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:164 +#: sssd-ldap.5.xml:165 msgid "ldap_schema (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:167 +#: sssd-ldap.5.xml:168 msgid "" "Specifies the Schema Type in use on the target LDAP server. Depending on " "the selected schema, the default attribute names retrieved from the servers " @@ -5636,32 +5652,32 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:174 +#: sssd-ldap.5.xml:175 msgid "Four schema types are currently supported:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:178 +#: sssd-ldap.5.xml:179 msgid "rfc2307" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:183 +#: sssd-ldap.5.xml:184 msgid "rfc2307bis" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:188 +#: sssd-ldap.5.xml:189 msgid "IPA" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:193 +#: sssd-ldap.5.xml:194 msgid "AD" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:199 +#: sssd-ldap.5.xml:200 msgid "" "The main difference between these schema types is how group memberships are " "recorded in the server. With rfc2307, group members are listed by name in " @@ -5672,37 +5688,37 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:209 +#: sssd-ldap.5.xml:210 msgid "Default: rfc2307" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:215 +#: sssd-ldap.5.xml:216 msgid "ldap_pwmodify_mode (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:218 +#: sssd-ldap.5.xml:219 msgid "Specify the operation that is used to modify user password." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:222 +#: sssd-ldap.5.xml:223 msgid "Two modes are currently supported:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:226 +#: sssd-ldap.5.xml:227 msgid "exop - Password Modify Extended Operation (RFC 3062)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:232 +#: sssd-ldap.5.xml:233 msgid "ldap_modify - Direct modification of userPassword (not recommended)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:239 +#: sssd-ldap.5.xml:240 msgid "" "Note: First, a new connection is established to verify current password by " "binding as the user that requested password change. If successful, this " @@ -5711,74 +5727,74 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:247 +#: sssd-ldap.5.xml:248 msgid "Default: exop" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:253 +#: sssd-ldap.5.xml:254 msgid "ldap_default_bind_dn (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:256 +#: sssd-ldap.5.xml:257 msgid "The default bind DN to use for performing LDAP operations." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:263 +#: sssd-ldap.5.xml:264 msgid "ldap_default_authtok_type (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:266 +#: sssd-ldap.5.xml:267 msgid "The type of the authentication token of the default bind DN." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:270 +#: sssd-ldap.5.xml:271 msgid "The two mechanisms currently supported are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:273 +#: sssd-ldap.5.xml:274 msgid "password" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:276 +#: sssd-ldap.5.xml:277 msgid "obfuscated_password" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:279 +#: sssd-ldap.5.xml:280 msgid "Default: password" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:282 +#: sssd-ldap.5.xml:283 msgid "" "See the <citerefentry> <refentrytitle>sss_obfuscate</refentrytitle> " "<manvolnum>8</manvolnum> </citerefentry> manual page for more information." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:293 +#: sssd-ldap.5.xml:294 msgid "ldap_default_authtok (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:296 +#: sssd-ldap.5.xml:297 msgid "The authentication token of the default bind DN." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:302 +#: sssd-ldap.5.xml:303 msgid "ldap_force_upper_case_realm (boolean)" msgstr "ldap_force_upper_case_realm (boolean)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:305 +#: sssd-ldap.5.xml:306 msgid "" "Some directory servers, for example Active Directory, might deliver the " "realm part of the UPN in lower case, which might cause the authentication to " @@ -5787,24 +5803,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:318 +#: sssd-ldap.5.xml:319 msgid "ldap_enumeration_refresh_timeout (integer)" msgstr "ldap_enumeration_refresh_timeout (integer)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:321 +#: sssd-ldap.5.xml:322 msgid "" "Specifies how many seconds SSSD has to wait before refreshing its cache of " "enumerated records." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:337 +#: sssd-ldap.5.xml:338 msgid "ldap_purge_cache_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:340 +#: sssd-ldap.5.xml:341 msgid "" "Determine how often to check the cache for inactive entries (such as groups " "with no members and users who have never logged in) and remove them to save " @@ -5812,7 +5828,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:346 +#: sssd-ldap.5.xml:347 msgid "" "Setting this option to zero will disable the cache cleanup operation. Please " "note that if enumeration is enabled, the cleanup task is required in order " @@ -5821,12 +5837,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:366 +#: sssd-ldap.5.xml:367 msgid "ldap_group_nesting_level (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:369 +#: sssd-ldap.5.xml:370 msgid "" "If ldap_schema is set to a schema format that supports nested groups (e.g. " "RFC2307bis), then this option controls how many levels of nesting SSSD will " @@ -5834,7 +5850,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:376 +#: sssd-ldap.5.xml:377 msgid "" "Note: This option specifies the guaranteed level of nested groups to be " "processed for any lookup. However, nested groups beyond this limit " @@ -5844,7 +5860,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:385 +#: sssd-ldap.5.xml:386 msgid "" "If ldap_group_nesting_level is set to 0 then no nested groups are processed " "at all. However, when connected to Active-Directory Server 2008 and later " @@ -5854,67 +5870,67 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:394 +#: sssd-ldap.5.xml:395 msgid "Default: 2" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:403 +#: sssd-ldap.5.xml:404 msgid "" "This options enables or disables use of Token-Groups attribute when " "performing initgroup for users from Active Directory Server 2008 and later." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:413 +#: sssd-ldap.5.xml:414 msgid "Default: True for AD and IPA otherwise False." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:419 +#: sssd-ldap.5.xml:420 msgid "ldap_host_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:422 +#: sssd-ldap.5.xml:423 msgid "Optional. Use the given string as search base for host objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:426 sssd-ipa.5.xml:457 sssd-ipa.5.xml:476 sssd-ipa.5.xml:495 -#: sssd-ipa.5.xml:514 +#: sssd-ldap.5.xml:427 sssd-ipa.5.xml:462 sssd-ipa.5.xml:481 sssd-ipa.5.xml:500 +#: sssd-ipa.5.xml:519 msgid "" "See <quote>ldap_search_base</quote> for information about configuring " "multiple search bases." msgstr "" #. type: Content of: <listitem><para> -#: sssd-ldap.5.xml:431 sssd-ipa.5.xml:462 include/ldap_search_bases.xml:27 +#: sssd-ldap.5.xml:432 sssd-ipa.5.xml:467 include/ldap_search_bases.xml:27 msgid "Default: the value of <emphasis>ldap_search_base</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:438 +#: sssd-ldap.5.xml:439 msgid "ldap_service_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:443 +#: sssd-ldap.5.xml:444 msgid "ldap_iphost_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:448 +#: sssd-ldap.5.xml:449 msgid "ldap_ipnetwork_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:453 +#: sssd-ldap.5.xml:454 msgid "ldap_search_timeout (integer)" msgstr "ldap_search_timeout (integer)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:456 +#: sssd-ldap.5.xml:457 msgid "" "Specifies the timeout (in seconds) that ldap searches are allowed to run " "before they are cancelled and cached results are returned (and offline mode " @@ -5922,7 +5938,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:462 +#: sssd-ldap.5.xml:463 msgid "" "Note: this option is subject to change in future versions of the SSSD. It " "will likely be replaced at some point by a series of timeouts for specific " @@ -5930,12 +5946,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:479 +#: sssd-ldap.5.xml:480 msgid "ldap_enumeration_search_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:482 +#: sssd-ldap.5.xml:483 msgid "" "Specifies the timeout (in seconds) that ldap searches for user and group " "enumerations are allowed to run before they are cancelled and cached results " @@ -5943,12 +5959,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:500 +#: sssd-ldap.5.xml:501 msgid "ldap_network_timeout (integer)" msgstr "ldap_network_timeout (integer)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:503 +#: sssd-ldap.5.xml:504 msgid "" "Specifies the timeout (in seconds) after which the <citerefentry> " "<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/" @@ -5959,12 +5975,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:531 +#: sssd-ldap.5.xml:532 msgid "ldap_opt_timeout (integer)" msgstr "ldap_opt_timeout (integer)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:534 +#: sssd-ldap.5.xml:535 msgid "" "Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs " "will abort if no response is received. Also controls the timeout when " @@ -5973,12 +5989,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:554 +#: sssd-ldap.5.xml:555 msgid "ldap_connection_expire_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:557 +#: sssd-ldap.5.xml:558 msgid "" "Specifies a timeout (in seconds) that a connection to an LDAP server will be " "maintained. After this time, the connection will be re-established. If used " @@ -5987,7 +6003,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:565 +#: sssd-ldap.5.xml:566 msgid "" "If the connection is idle (not actively running an operation) within " "<emphasis>ldap_opt_timeout</emphasis> seconds of expiration, then it will be " @@ -5998,38 +6014,38 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:577 +#: sssd-ldap.5.xml:578 msgid "" "This timeout can be extended of a random value specified by " "<emphasis>ldap_connection_expire_offset</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:587 sssd-ldap.5.xml:630 sssd-ldap.5.xml:1711 +#: sssd-ldap.5.xml:588 sssd-ldap.5.xml:631 sssd-ldap.5.xml:1713 msgid "Default: 900 (15 minutes)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:593 +#: sssd-ldap.5.xml:594 msgid "ldap_connection_expire_offset (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:596 +#: sssd-ldap.5.xml:597 msgid "" "Random offset between 0 and configured value is added to " "<emphasis>ldap_connection_expire_timeout</emphasis>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:612 +#: sssd-ldap.5.xml:613 #, fuzzy #| msgid "ldap_network_timeout (integer)" msgid "ldap_connection_idle_timeout (integer)" msgstr "ldap_network_timeout (integer)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:615 +#: sssd-ldap.5.xml:616 msgid "" "Specifies a timeout (in seconds) that an idle connection to an LDAP server " "will be maintained. If the connection is idle for more than this time then " @@ -6037,29 +6053,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:621 +#: sssd-ldap.5.xml:622 msgid "You can disable this timeout by setting the value to 0." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:636 +#: sssd-ldap.5.xml:637 msgid "ldap_page_size (integer)" msgstr "ldap_page_size (integer)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:639 +#: sssd-ldap.5.xml:640 msgid "" "Specify the number of records to retrieve from LDAP in a single request. " "Some LDAP servers enforce a maximum limit per-request." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:650 +#: sssd-ldap.5.xml:651 msgid "ldap_disable_paging (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:653 +#: sssd-ldap.5.xml:654 msgid "" "Disable the LDAP paging control. This option should be used if the LDAP " "server reports that it supports the LDAP paging control in its RootDSE but " @@ -6067,14 +6083,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:659 +#: sssd-ldap.5.xml:660 msgid "" "Example: OpenLDAP servers with the paging control module installed on the " "server but not enabled will report it in the RootDSE but be unable to use it." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:665 +#: sssd-ldap.5.xml:666 msgid "" "Example: 389 DS has a bug where it can only support a one paging control at " "a time on a single connection. On busy clients, this can result in some " @@ -6082,17 +6098,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:677 +#: sssd-ldap.5.xml:678 msgid "ldap_disable_range_retrieval (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:680 +#: sssd-ldap.5.xml:681 msgid "Disable Active Directory range retrieval." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:683 +#: sssd-ldap.5.xml:684 msgid "" "Active Directory limits the number of members to be retrieved in a single " "lookup using the MaxValRange policy (which defaults to 1500 members). If a " @@ -6102,12 +6118,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:698 +#: sssd-ldap.5.xml:699 msgid "ldap_sasl_minssf (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:701 +#: sssd-ldap.5.xml:702 msgid "" "When communicating with an LDAP server using SASL, specify the minimum " "security level necessary to establish the connection. The values of this " @@ -6115,17 +6131,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:707 sssd-ldap.5.xml:723 +#: sssd-ldap.5.xml:708 sssd-ldap.5.xml:724 msgid "Default: Use the system default (usually specified by ldap.conf)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:714 +#: sssd-ldap.5.xml:715 msgid "ldap_sasl_maxssf (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:717 +#: sssd-ldap.5.xml:718 msgid "" "When communicating with an LDAP server using SASL, specify the maximal " "security level necessary to establish the connection. The values of this " @@ -6133,12 +6149,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:730 +#: sssd-ldap.5.xml:731 msgid "ldap_deref_threshold (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:733 +#: sssd-ldap.5.xml:734 msgid "" "Specify the number of group members that must be missing from the internal " "cache in order to trigger a dereference lookup. If less members are missing, " @@ -6146,7 +6162,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:739 +#: sssd-ldap.5.xml:740 msgid "" "You can turn off dereference lookups completely by setting the value to 0. " "Please note that there are some codepaths in SSSD, like the IPA HBAC " @@ -6157,7 +6173,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:750 +#: sssd-ldap.5.xml:751 msgid "" "A dereference lookup is a means of fetching all group members in a single " "LDAP call. Different LDAP servers may implement different dereference " @@ -6166,7 +6182,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:758 +#: sssd-ldap.5.xml:759 msgid "" "<emphasis>Note:</emphasis> If any of the search bases specifies a search " "filter, then the dereference lookup performance enhancement will be disabled " @@ -6174,12 +6190,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:771 +#: sssd-ldap.5.xml:772 msgid "ldap_ignore_unreadable_references (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:774 +#: sssd-ldap.5.xml:775 msgid "" "Ignore unreadable LDAP entries referenced in group's member attribute. If " "this parameter is set to false an error will be returned and the operation " @@ -6187,7 +6203,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:781 +#: sssd-ldap.5.xml:782 msgid "" "This parameter may be useful when using the AD provider and the computer " "account that sssd uses to connect to AD does not have access to a particular " @@ -6195,19 +6211,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:794 +#: sssd-ldap.5.xml:795 msgid "ldap_tls_reqcert (string)" msgstr "ldap_tls_reqcert (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:797 +#: sssd-ldap.5.xml:798 msgid "" "Specifies what checks to perform on server certificates in a TLS session, if " "any. It can be specified as one of the following values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:803 +#: sssd-ldap.5.xml:804 msgid "" "<emphasis>never</emphasis> = The client will not request or check any server " "certificate." @@ -6216,7 +6232,7 @@ msgstr "" "qualquer certificado de servidor." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:807 +#: sssd-ldap.5.xml:808 msgid "" "<emphasis>allow</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -6224,7 +6240,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:814 +#: sssd-ldap.5.xml:815 msgid "" "<emphasis>try</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -6232,7 +6248,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:820 +#: sssd-ldap.5.xml:821 msgid "" "<emphasis>demand</emphasis> = The server certificate is requested. If no " "certificate is provided, or a bad certificate is provided, the session is " @@ -6240,41 +6256,41 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:826 +#: sssd-ldap.5.xml:827 msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:830 +#: sssd-ldap.5.xml:831 msgid "Default: hard" msgstr "Padrão: hard" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:836 +#: sssd-ldap.5.xml:837 msgid "ldap_tls_cacert (string)" msgstr "ldap_tls_cacert (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:839 +#: sssd-ldap.5.xml:840 msgid "" "Specifies the file that contains certificates for all of the Certificate " "Authorities that <command>sssd</command> will recognize." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:844 sssd-ldap.5.xml:862 sssd-ldap.5.xml:903 +#: sssd-ldap.5.xml:845 sssd-ldap.5.xml:863 sssd-ldap.5.xml:904 msgid "" "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap." "conf</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:851 +#: sssd-ldap.5.xml:852 msgid "ldap_tls_cacertdir (string)" msgstr "ldap_tls_cacertdir (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:854 +#: sssd-ldap.5.xml:855 msgid "" "Specifies the path of a directory that contains Certificate Authority " "certificates in separate individual files. Typically the file names need to " @@ -6283,32 +6299,32 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:869 +#: sssd-ldap.5.xml:870 msgid "ldap_tls_cert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:872 +#: sssd-ldap.5.xml:873 msgid "Specifies the file that contains the certificate for the client's key." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:882 +#: sssd-ldap.5.xml:883 msgid "ldap_tls_key (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:885 +#: sssd-ldap.5.xml:886 msgid "Specifies the file that contains the client's key." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:894 +#: sssd-ldap.5.xml:895 msgid "ldap_tls_cipher_suite (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:897 +#: sssd-ldap.5.xml:898 msgid "" "Specifies acceptable cipher suites. Typically this is a colon separated " "list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> " @@ -6316,24 +6332,25 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:910 +#: sssd-ldap.5.xml:911 msgid "ldap_id_use_start_tls (boolean)" msgstr "ldap_id_use_start_tls (boolean)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:913 +#: sssd-ldap.5.xml:914 msgid "" "Specifies that the id_provider connection must also use <systemitem " -"class=\"protocol\">tls</systemitem> to protect the channel." +"class=\"protocol\">tls</systemitem> to protect the channel. <emphasis>true</" +"emphasis> is strongly recommended for security reasons." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:923 +#: sssd-ldap.5.xml:925 msgid "ldap_id_mapping (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:926 +#: sssd-ldap.5.xml:928 msgid "" "Specifies that SSSD should attempt to map user and group IDs from the " "ldap_user_objectsid and ldap_group_objectsid attributes instead of relying " @@ -6341,17 +6358,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:932 +#: sssd-ldap.5.xml:934 msgid "Currently this feature supports only ActiveDirectory objectSID mapping." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:942 +#: sssd-ldap.5.xml:944 msgid "ldap_min_id, ldap_max_id (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:945 +#: sssd-ldap.5.xml:947 msgid "" "In contrast to the SID based ID mapping which is used if ldap_id_mapping is " "set to true the allowed ID range for ldap_user_uid_number and " @@ -6362,24 +6379,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:957 +#: sssd-ldap.5.xml:959 msgid "Default: not set (both options are set to 0)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:963 +#: sssd-ldap.5.xml:965 msgid "ldap_sasl_mech (string)" msgstr "ldap_sasl_mech (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:966 +#: sssd-ldap.5.xml:968 msgid "" "Specify the SASL mechanism to use. Currently only GSSAPI and GSS-SPNEGO are " "tested and supported." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:970 +#: sssd-ldap.5.xml:972 msgid "" "If the backend supports sub-domains the value of ldap_sasl_mech is " "automatically inherited to the sub-domains. If a different value is needed " @@ -6390,12 +6407,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:986 +#: sssd-ldap.5.xml:988 msgid "ldap_sasl_authid (string)" msgstr "ldap_sasl_authid (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd-ldap.5.xml:998 +#: sssd-ldap.5.xml:1000 #, no-wrap msgid "" "hostname@REALM\n" @@ -6408,7 +6425,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:989 +#: sssd-ldap.5.xml:991 msgid "" "Specify the SASL authorization id to use. When GSSAPI/GSS-SPNEGO are used, " "this represents the Kerberos principal used for authentication to the " @@ -6420,17 +6437,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1009 +#: sssd-ldap.5.xml:1011 msgid "Default: host/hostname@REALM" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1015 +#: sssd-ldap.5.xml:1017 msgid "ldap_sasl_realm (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1018 +#: sssd-ldap.5.xml:1020 msgid "" "Specify the SASL realm to use. When not specified, this option defaults to " "the value of krb5_realm. If the ldap_sasl_authid contains the realm as " @@ -6438,50 +6455,50 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1024 +#: sssd-ldap.5.xml:1026 msgid "Default: the value of krb5_realm." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1030 +#: sssd-ldap.5.xml:1032 msgid "ldap_sasl_canonicalize (boolean)" msgstr "ldap_sasl_canonicalize (boolean)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1033 +#: sssd-ldap.5.xml:1035 msgid "" "If set to true, the LDAP library would perform a reverse lookup to " "canonicalize the host name during a SASL bind." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1038 +#: sssd-ldap.5.xml:1040 msgid "Default: false;" msgstr "Padrão: false;" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1044 +#: sssd-ldap.5.xml:1046 msgid "ldap_krb5_keytab (string)" msgstr "ldap_krb5_keytab (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1047 +#: sssd-ldap.5.xml:1049 msgid "Specify the keytab to use when using SASL/GSSAPI/GSS-SPNEGO." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1056 sssd-krb5.5.xml:247 +#: sssd-ldap.5.xml:1058 sssd-krb5.5.xml:247 msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>" msgstr "" "Padrão: Sistema keytab, normalmente <filename>/etc/krb5.keytab</filename>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1062 +#: sssd-ldap.5.xml:1064 msgid "ldap_krb5_init_creds (boolean)" msgstr "ldap_krb5_init_creds (boolean)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1065 +#: sssd-ldap.5.xml:1067 msgid "" "Specifies that the id_provider should init Kerberos credentials (TGT). This " "action is performed only if SASL is used and the mechanism selected is " @@ -6489,28 +6506,28 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1077 +#: sssd-ldap.5.xml:1079 msgid "ldap_krb5_ticket_lifetime (integer)" msgstr "ldap_krb5_ticket_lifetime (integer)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1080 +#: sssd-ldap.5.xml:1082 msgid "" "Specifies the lifetime in seconds of the TGT if GSSAPI or GSS-SPNEGO is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1089 sssd-ad.5.xml:1252 +#: sssd-ldap.5.xml:1091 sssd-ad.5.xml:1252 msgid "Default: 86400 (24 hours)" msgstr "Padrão: 86400 (24 horas)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1095 sssd-krb5.5.xml:74 +#: sssd-ldap.5.xml:1097 sssd-krb5.5.xml:74 msgid "krb5_server, krb5_backup_server (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1098 +#: sssd-ldap.5.xml:1100 msgid "" "Specifies the comma-separated list of IP addresses or hostnames of the " "Kerberos servers to which SSSD should connect in the order of preference. " @@ -6522,7 +6539,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1110 sssd-krb5.5.xml:89 +#: sssd-ldap.5.xml:1112 sssd-krb5.5.xml:89 msgid "" "When using service discovery for KDC or kpasswd servers, SSSD first searches " "for DNS entries that specify _udp as the protocol and falls back to _tcp if " @@ -6530,7 +6547,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1115 sssd-krb5.5.xml:94 +#: sssd-ldap.5.xml:1117 sssd-krb5.5.xml:94 msgid "" "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. " "While the legacy name is recognized for the time being, users are advised to " @@ -6538,39 +6555,39 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1124 sssd-ipa.5.xml:526 sssd-krb5.5.xml:103 +#: sssd-ldap.5.xml:1126 sssd-ipa.5.xml:531 sssd-krb5.5.xml:103 msgid "krb5_realm (string)" msgstr "krb5_realm (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1127 +#: sssd-ldap.5.xml:1129 msgid "Specify the Kerberos REALM (for SASL/GSSAPI/GSS-SPNEGO auth)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1131 +#: sssd-ldap.5.xml:1133 msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>" msgstr "" #. type: Content of: <variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1137 include/krb5_options.xml:154 +#: sssd-ldap.5.xml:1139 include/krb5_options.xml:154 msgid "krb5_canonicalize (boolean)" msgstr "krb5_canonicalize (boolean)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1140 +#: sssd-ldap.5.xml:1142 msgid "" "Specifies if the host principal should be canonicalized when connecting to " "LDAP server. This feature is available with MIT Kerberos >= 1.7" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1152 sssd-krb5.5.xml:336 +#: sssd-ldap.5.xml:1154 sssd-krb5.5.xml:336 msgid "krb5_use_kdcinfo (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1155 sssd-krb5.5.xml:339 +#: sssd-ldap.5.xml:1157 sssd-krb5.5.xml:339 msgid "" "Specifies if the SSSD should instruct the Kerberos libraries what realm and " "which KDCs to use. This option is on by default, if you disable it, you need " @@ -6580,7 +6597,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1166 sssd-krb5.5.xml:350 +#: sssd-ldap.5.xml:1168 sssd-krb5.5.xml:350 msgid "" "See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</" "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more " @@ -6588,26 +6605,26 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1180 +#: sssd-ldap.5.xml:1182 msgid "ldap_pwd_policy (string)" msgstr "ldap_pwd_policy (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1183 +#: sssd-ldap.5.xml:1185 msgid "" "Select the policy to evaluate the password expiration on the client side. " "The following values are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1188 +#: sssd-ldap.5.xml:1190 msgid "" "<emphasis>none</emphasis> - No evaluation on the client side. This option " "cannot disable server-side password policies." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1193 +#: sssd-ldap.5.xml:1195 msgid "" "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</" "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to " @@ -6616,7 +6633,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1201 +#: sssd-ldap.5.xml:1203 msgid "" "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos " "to determine if the password has expired. Use chpass_provider=krb5 to update " @@ -6624,31 +6641,31 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1210 +#: sssd-ldap.5.xml:1212 msgid "" "<emphasis>Note</emphasis>: if a password policy is configured on server " "side, it always takes precedence over policy set with this option." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1218 +#: sssd-ldap.5.xml:1220 msgid "ldap_referrals (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1221 +#: sssd-ldap.5.xml:1223 msgid "Specifies whether automatic referral chasing should be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1225 +#: sssd-ldap.5.xml:1227 msgid "" "Please note that sssd only supports referral chasing when it is compiled " "with OpenLDAP version 2.4.13 or higher." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1230 +#: sssd-ldap.5.xml:1232 msgid "" "Chasing referrals may incur a performance penalty in environments that use " "them heavily, a notable example is Microsoft Active Directory. If your setup " @@ -6661,51 +6678,51 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1249 +#: sssd-ldap.5.xml:1251 msgid "ldap_dns_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1252 +#: sssd-ldap.5.xml:1254 msgid "Specifies the service name to use when service discovery is enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1256 +#: sssd-ldap.5.xml:1258 msgid "Default: ldap" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1262 +#: sssd-ldap.5.xml:1264 msgid "ldap_chpass_dns_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1265 +#: sssd-ldap.5.xml:1267 msgid "" "Specifies the service name to use to find an LDAP server which allows " "password changes when service discovery is enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1270 +#: sssd-ldap.5.xml:1272 msgid "Default: not set, i.e. service discovery is disabled" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1276 +#: sssd-ldap.5.xml:1278 msgid "ldap_chpass_update_last_change (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1279 +#: sssd-ldap.5.xml:1281 msgid "" "Specifies whether to update the ldap_user_shadow_last_change attribute with " "days since the Epoch after a password change operation." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1285 +#: sssd-ldap.5.xml:1287 msgid "" "It is recommend to set this option explicitly if \"ldap_pwd_policy = " "shadow\" is used to let SSSD know if the LDAP server will update " @@ -6714,12 +6731,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1299 +#: sssd-ldap.5.xml:1301 msgid "ldap_access_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1302 +#: sssd-ldap.5.xml:1304 msgid "" "If using access_provider = ldap and ldap_access_order = filter (default), " "this option is mandatory. It specifies an LDAP search filter criteria that " @@ -6735,12 +6752,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1322 +#: sssd-ldap.5.xml:1324 msgid "Example:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> -#: sssd-ldap.5.xml:1325 +#: sssd-ldap.5.xml:1327 #, no-wrap msgid "" "access_provider = ldap\n" @@ -6749,14 +6766,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1329 +#: sssd-ldap.5.xml:1331 msgid "" "This example means that access to this host is restricted to users whose " "employeeType attribute is set to \"admin\"." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1334 +#: sssd-ldap.5.xml:1336 msgid "" "Offline caching for this feature is limited to determining whether the " "user's last online login was granted access permission. If they were granted " @@ -6765,24 +6782,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1342 sssd-ldap.5.xml:1398 +#: sssd-ldap.5.xml:1344 sssd-ldap.5.xml:1400 msgid "Default: Empty" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1348 +#: sssd-ldap.5.xml:1350 msgid "ldap_account_expire_policy (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1351 +#: sssd-ldap.5.xml:1353 msgid "" "With this option a client side evaluation of access control attributes can " "be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1355 +#: sssd-ldap.5.xml:1357 msgid "" "Please note that it is always recommended to use server side access control, " "i.e. the LDAP server should deny the bind request with a suitable error code " @@ -6790,19 +6807,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1362 +#: sssd-ldap.5.xml:1364 msgid "The following values are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1365 +#: sssd-ldap.5.xml:1367 msgid "" "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to " "determine if the account is expired." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1370 +#: sssd-ldap.5.xml:1372 msgid "" "<emphasis>ad</emphasis>: use the value of the 32bit field " "ldap_user_ad_user_account_control and allow access if the second bit is not " @@ -6811,7 +6828,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1377 +#: sssd-ldap.5.xml:1379 msgid "" "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</" "emphasis>: use the value of ldap_ns_account_lock to check if access is " @@ -6819,7 +6836,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1383 +#: sssd-ldap.5.xml:1385 msgid "" "<emphasis>nds</emphasis>: the values of " "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and " @@ -6828,7 +6845,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1391 +#: sssd-ldap.5.xml:1393 msgid "" "Please note that the ldap_access_order configuration option <emphasis>must</" "emphasis> include <quote>expire</quote> in order for the " @@ -6836,22 +6853,22 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1404 +#: sssd-ldap.5.xml:1406 msgid "ldap_access_order (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1407 sssd-ipa.5.xml:351 +#: sssd-ldap.5.xml:1409 sssd-ipa.5.xml:356 msgid "Comma separated list of access control options. Allowed values are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1411 +#: sssd-ldap.5.xml:1413 msgid "<emphasis>filter</emphasis>: use ldap_access_filter" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1414 +#: sssd-ldap.5.xml:1416 msgid "" "<emphasis>lockout</emphasis>: use account locking. If set, this option " "denies access in case that ldap attribute 'pwdAccountLockedTime' is present " @@ -6861,14 +6878,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1424 +#: sssd-ldap.5.xml:1426 msgid "" "<emphasis> Please note that this option is superseded by the <quote>ppolicy</" "quote> option and might be removed in a future release. </emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1431 +#: sssd-ldap.5.xml:1433 msgid "" "<emphasis>ppolicy</emphasis>: use account locking. If set, this option " "denies access in case that ldap attribute 'pwdAccountLockedTime' is present " @@ -6881,12 +6898,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1448 +#: sssd-ldap.5.xml:1450 msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1452 sssd-ipa.5.xml:359 +#: sssd-ldap.5.xml:1454 sssd-ipa.5.xml:364 msgid "" "<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, " "pwd_expire_policy_renew: </emphasis> These options are useful if users are " @@ -6896,81 +6913,81 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1462 sssd-ipa.5.xml:369 +#: sssd-ldap.5.xml:1464 sssd-ipa.5.xml:374 msgid "" "The difference between these options is the action taken if user password is " "expired:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:1467 sssd-ipa.5.xml:374 +#: sssd-ldap.5.xml:1469 sssd-ipa.5.xml:379 msgid "pwd_expire_policy_reject - user is denied to log in," msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:1473 sssd-ipa.5.xml:380 +#: sssd-ldap.5.xml:1475 sssd-ipa.5.xml:385 msgid "pwd_expire_policy_warn - user is still able to log in," msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:1479 sssd-ipa.5.xml:386 +#: sssd-ldap.5.xml:1481 sssd-ipa.5.xml:391 msgid "" "pwd_expire_policy_renew - user is prompted to change their password " "immediately." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1487 +#: sssd-ldap.5.xml:1489 msgid "" "Please note that 'access_provider = ldap' must be set for this feature to " "work. Also 'ldap_pwd_policy' must be set to an appropriate password policy." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1492 +#: sssd-ldap.5.xml:1494 msgid "" "<emphasis>authorized_service</emphasis>: use the authorizedService attribute " "to determine access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1497 +#: sssd-ldap.5.xml:1499 msgid "<emphasis>host</emphasis>: use the host attribute to determine access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1501 +#: sssd-ldap.5.xml:1503 msgid "" "<emphasis>rhost</emphasis>: use the rhost attribute to determine whether " "remote host can access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1505 +#: sssd-ldap.5.xml:1507 msgid "" "Please note, rhost field in pam is set by application, it is better to check " "what the application sends to pam, before enabling this access control option" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1510 +#: sssd-ldap.5.xml:1512 msgid "Default: filter" msgstr "Padrão: filter" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1513 +#: sssd-ldap.5.xml:1515 msgid "" "Please note that it is a configuration error if a value is used more than " "once." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1520 +#: sssd-ldap.5.xml:1522 msgid "ldap_pwdlockout_dn (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1523 +#: sssd-ldap.5.xml:1525 msgid "" "This option specifies the DN of password policy entry on LDAP server. Please " "note that absence of this option in sssd.conf in case of enabled account " @@ -6979,74 +6996,74 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1531 +#: sssd-ldap.5.xml:1533 msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1534 +#: sssd-ldap.5.xml:1536 msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1540 +#: sssd-ldap.5.xml:1542 msgid "ldap_deref (string)" msgstr "ldap_deref (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1543 +#: sssd-ldap.5.xml:1545 msgid "" "Specifies how alias dereferencing is done when performing a search. The " "following options are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1548 +#: sssd-ldap.5.xml:1550 msgid "<emphasis>never</emphasis>: Aliases are never dereferenced." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1552 +#: sssd-ldap.5.xml:1554 msgid "" "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of " "the base object, but not in locating the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1557 +#: sssd-ldap.5.xml:1559 msgid "" "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating " "the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1562 +#: sssd-ldap.5.xml:1564 msgid "" "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and " "in locating the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1567 +#: sssd-ldap.5.xml:1569 msgid "" "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP " "client libraries)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1575 +#: sssd-ldap.5.xml:1577 msgid "ldap_rfc2307_fallback_to_local_users (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1578 +#: sssd-ldap.5.xml:1580 msgid "" "Allows to retain local users as members of an LDAP group for servers that " "use the RFC2307 schema." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1582 +#: sssd-ldap.5.xml:1584 msgid "" "In some environments where the RFC2307 schema is used, local users are made " "members of LDAP groups by adding their names to the memberUid attribute. " @@ -7057,7 +7074,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1593 +#: sssd-ldap.5.xml:1595 msgid "" "This option falls back to checking if local users are referenced, and caches " "them so that later initgroups() calls will augment the local users with the " @@ -7065,55 +7082,55 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1605 sssd-ifp.5.xml:152 +#: sssd-ldap.5.xml:1607 sssd-ifp.5.xml:152 msgid "wildcard_limit (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1608 +#: sssd-ldap.5.xml:1610 msgid "" "Specifies an upper limit on the number of entries that are downloaded during " "a wildcard lookup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1612 +#: sssd-ldap.5.xml:1614 msgid "At the moment, only the InfoPipe responder supports wildcard lookups." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1616 +#: sssd-ldap.5.xml:1618 msgid "Default: 1000 (often the size of one page)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1622 +#: sssd-ldap.5.xml:1624 #, fuzzy #| msgid "ldap_page_size (integer)" msgid "ldap_library_debug_level (integer)" msgstr "ldap_page_size (integer)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1625 +#: sssd-ldap.5.xml:1627 msgid "" "Switches on libldap debugging with the given level. The libldap debug " "messages will be written independent of the general debug_level." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1630 +#: sssd-ldap.5.xml:1632 msgid "" "OpenLDAP uses a bitmap to enable debugging for specific components, -1 will " "enable full debug output." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1635 +#: sssd-ldap.5.xml:1637 msgid "Default: 0 (libldap debugging disabled)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:51 +#: sssd-ldap.5.xml:52 msgid "" "All of the common configuration options that apply to SSSD domains also " "apply to LDAP domains. Refer to the <quote>DOMAIN SECTIONS</quote> section " @@ -7125,12 +7142,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1645 +#: sssd-ldap.5.xml:1647 msgid "SUDO OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1647 +#: sssd-ldap.5.xml:1649 msgid "" "The detailed instructions for configuration of sudo_provider are in the " "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " @@ -7138,43 +7155,43 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1658 +#: sssd-ldap.5.xml:1660 msgid "ldap_sudo_full_refresh_interval (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1661 +#: sssd-ldap.5.xml:1663 msgid "" "How many seconds SSSD will wait between executing a full refresh of sudo " "rules (which downloads all rules that are stored on the server)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1666 +#: sssd-ldap.5.xml:1668 msgid "" "The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </" "emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1671 +#: sssd-ldap.5.xml:1673 msgid "" "You can disable full refresh by setting this option to 0. However, either " "smart or full refresh must be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1676 +#: sssd-ldap.5.xml:1678 msgid "Default: 21600 (6 hours)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1682 +#: sssd-ldap.5.xml:1684 msgid "ldap_sudo_smart_refresh_interval (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1685 +#: sssd-ldap.5.xml:1687 msgid "" "How many seconds SSSD has to wait before executing a smart refresh of sudo " "rules (which downloads all rules that have USN higher than the highest " @@ -7182,14 +7199,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1691 +#: sssd-ldap.5.xml:1693 msgid "" "If USN attributes are not supported by the server, the modifyTimestamp " "attribute is used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1695 +#: sssd-ldap.5.xml:1697 msgid "" "<emphasis>Note:</emphasis> the highest USN value can be updated by three " "tasks: 1) By sudo full and smart refresh (if updated rules are found), 2) by " @@ -7199,21 +7216,21 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1706 +#: sssd-ldap.5.xml:1708 msgid "" "You can disable smart refresh by setting this option to 0. However, either " "smart or full refresh must be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1717 +#: sssd-ldap.5.xml:1719 #, fuzzy #| msgid "ldap_opt_timeout (integer)" msgid "ldap_sudo_random_offset (integer)" msgstr "ldap_opt_timeout (integer)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1720 +#: sssd-ldap.5.xml:1722 msgid "" "Random offset between 0 and configured value is added to smart and full " "refresh periods each time the periodic task is scheduled. The value is in " @@ -7221,7 +7238,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1726 +#: sssd-ldap.5.xml:1728 msgid "" "Note that this random offset is also applied on the first SSSD start which " "delays the first sudo rules refresh. This prolongs the time when the sudo " @@ -7229,106 +7246,106 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1732 +#: sssd-ldap.5.xml:1734 msgid "You can disable this offset by setting the value to 0." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1742 +#: sssd-ldap.5.xml:1744 msgid "ldap_sudo_use_host_filter (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1745 +#: sssd-ldap.5.xml:1747 msgid "" "If true, SSSD will download only rules that are applicable to this machine " "(using the IPv4 or IPv6 host/network addresses and hostnames)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1756 +#: sssd-ldap.5.xml:1758 msgid "ldap_sudo_hostnames (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1759 +#: sssd-ldap.5.xml:1761 msgid "" "Space separated list of hostnames or fully qualified domain names that " "should be used to filter the rules." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1764 +#: sssd-ldap.5.xml:1766 msgid "" "If this option is empty, SSSD will try to discover the hostname and the " "fully qualified domain name automatically." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1769 sssd-ldap.5.xml:1792 sssd-ldap.5.xml:1810 -#: sssd-ldap.5.xml:1828 +#: sssd-ldap.5.xml:1771 sssd-ldap.5.xml:1794 sssd-ldap.5.xml:1812 +#: sssd-ldap.5.xml:1830 msgid "" "If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</" "emphasis> then this option has no effect." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1774 sssd-ldap.5.xml:1797 +#: sssd-ldap.5.xml:1776 sssd-ldap.5.xml:1799 msgid "Default: not specified" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1780 +#: sssd-ldap.5.xml:1782 msgid "ldap_sudo_ip (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1783 +#: sssd-ldap.5.xml:1785 msgid "" "Space separated list of IPv4 or IPv6 host/network addresses that should be " "used to filter the rules." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1788 +#: sssd-ldap.5.xml:1790 msgid "" "If this option is empty, SSSD will try to discover the addresses " "automatically." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1803 +#: sssd-ldap.5.xml:1805 msgid "ldap_sudo_include_netgroups (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1806 +#: sssd-ldap.5.xml:1808 msgid "" "If true then SSSD will download every rule that contains a netgroup in " "sudoHost attribute." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1821 +#: sssd-ldap.5.xml:1823 msgid "ldap_sudo_include_regexp (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1824 +#: sssd-ldap.5.xml:1826 msgid "" "If true then SSSD will download every rule that contains a wildcard in " "sudoHost attribute." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><note><para> -#: sssd-ldap.5.xml:1834 +#: sssd-ldap.5.xml:1836 msgid "" "Using wildcard is an operation that is very costly to evaluate on the LDAP " "server side!" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1846 +#: sssd-ldap.5.xml:1848 msgid "" "This manual page only describes attribute name mapping. For detailed " "explanation of sudo related attribute semantics, see <citerefentry> " @@ -7337,59 +7354,59 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1856 +#: sssd-ldap.5.xml:1858 msgid "AUTOFS OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1858 +#: sssd-ldap.5.xml:1860 msgid "" "Some of the defaults for the parameters below are dependent on the LDAP " "schema." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1864 +#: sssd-ldap.5.xml:1866 msgid "ldap_autofs_map_master_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1867 +#: sssd-ldap.5.xml:1869 msgid "The name of the automount master map in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1870 +#: sssd-ldap.5.xml:1872 msgid "Default: auto.master" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1881 +#: sssd-ldap.5.xml:1883 msgid "ADVANCED OPTIONS" msgstr "OPÇÕES AVANÇADAS" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1888 +#: sssd-ldap.5.xml:1890 msgid "ldap_netgroup_search_base (string)" msgstr "ldap_netgroup_search_base (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1893 +#: sssd-ldap.5.xml:1895 msgid "ldap_user_search_base (string)" msgstr "ldap_user_search_base (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1898 +#: sssd-ldap.5.xml:1900 msgid "ldap_group_search_base (string)" msgstr "ldap_group_search_base (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><note> -#: sssd-ldap.5.xml:1903 +#: sssd-ldap.5.xml:1905 msgid "<note>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para> -#: sssd-ldap.5.xml:1905 +#: sssd-ldap.5.xml:1907 msgid "" "If the option <quote>ldap_use_tokengroups</quote> is enabled, the searches " "against Active Directory will not be restricted and return all groups " @@ -7398,22 +7415,22 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist> -#: sssd-ldap.5.xml:1912 +#: sssd-ldap.5.xml:1914 msgid "</note>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1914 +#: sssd-ldap.5.xml:1916 msgid "ldap_sudo_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1919 +#: sssd-ldap.5.xml:1921 msgid "ldap_autofs_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1883 +#: sssd-ldap.5.xml:1885 msgid "" "These options are supported by LDAP domains, but they should be used with " "caution. Please include them in your configuration only if you know what you " @@ -7422,14 +7439,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1934 sssd-simple.5.xml:131 sssd-ipa.5.xml:925 -#: sssd-ad.5.xml:1386 sssd-krb5.5.xml:483 sss_rpcidmapd.5.xml:98 +#: sssd-ldap.5.xml:1936 sssd-simple.5.xml:131 sssd-ipa.5.xml:930 +#: sssd-ad.5.xml:1391 sssd-krb5.5.xml:483 sss_rpcidmapd.5.xml:98 #: sssd-files.5.xml:155 sssd-session-recording.5.xml:176 msgid "EXAMPLE" msgstr "EXEMPLO" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1936 +#: sssd-ldap.5.xml:1938 msgid "" "The following example assumes that SSSD is correctly configured and LDAP is " "set to one of the domains in the <replaceable>[domains]</replaceable> " @@ -7437,7 +7454,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ldap.5.xml:1942 +#: sssd-ldap.5.xml:1944 #, no-wrap msgid "" "[domain/LDAP]\n" @@ -7450,27 +7467,27 @@ msgid "" msgstr "" #. type: Content of: <refsect1><refsect2><para> -#: sssd-ldap.5.xml:1941 sssd-ldap.5.xml:1959 sssd-simple.5.xml:139 -#: sssd-ipa.5.xml:933 sssd-ad.5.xml:1394 sssd-sudo.5.xml:56 sssd-krb5.5.xml:492 +#: sssd-ldap.5.xml:1943 sssd-ldap.5.xml:1961 sssd-simple.5.xml:139 +#: sssd-ipa.5.xml:938 sssd-ad.5.xml:1399 sssd-sudo.5.xml:56 sssd-krb5.5.xml:492 #: sssd-files.5.xml:162 sssd-files.5.xml:173 sssd-session-recording.5.xml:182 #: include/ldap_id_mapping.xml:105 msgid "<placeholder type=\"programlisting\" id=\"0\"/>" msgstr "<placeholder type=\"programlisting\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1953 +#: sssd-ldap.5.xml:1955 msgid "LDAP ACCESS FILTER EXAMPLE" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1955 +#: sssd-ldap.5.xml:1957 msgid "" "The following example assumes that SSSD is correctly configured and to use " "the ldap_access_order=lockout." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ldap.5.xml:1960 +#: sssd-ldap.5.xml:1962 #, no-wrap msgid "" "[domain/LDAP]\n" @@ -7486,13 +7503,13 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1975 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148 -#: sssd-ad.5.xml:1409 sssd.8.xml:238 sss_seed.8.xml:163 +#: sssd-ldap.5.xml:1977 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148 +#: sssd-ad.5.xml:1414 sssd.8.xml:238 sss_seed.8.xml:163 msgid "NOTES" msgstr "NOTAS" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1977 +#: sssd-ldap.5.xml:1979 msgid "" "The descriptions of some of the configuration options in this manual page " "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> " @@ -9833,12 +9850,12 @@ msgid "Example: dyndns_iface = em1, vnet1, vnet2" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:204 sssd-ad.5.xml:1285 +#: sssd-ipa.5.xml:204 sssd-ad.5.xml:1290 msgid "dyndns_auth (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:207 sssd-ad.5.xml:1288 +#: sssd-ipa.5.xml:207 sssd-ad.5.xml:1293 msgid "" "Whether the nsupdate utility should use GSS-TSIG authentication for secure " "updates with the DNS server, insecure updates can be sent by setting this " @@ -9846,19 +9863,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:213 sssd-ad.5.xml:1294 +#: sssd-ipa.5.xml:213 sssd-ad.5.xml:1299 msgid "Default: GSS-TSIG" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:219 sssd-ad.5.xml:1300 +#: sssd-ipa.5.xml:219 sssd-ad.5.xml:1305 #, fuzzy #| msgid "auth_provider (string)" msgid "dyndns_auth_ptr (string)" msgstr "auth_provider (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:222 sssd-ad.5.xml:1303 +#: sssd-ipa.5.xml:222 sssd-ad.5.xml:1308 msgid "" "Whether the nsupdate utility should use GSS-TSIG authentication for secure " "PTR updates with the DNS server, insecure updates can be sent by setting " @@ -9866,7 +9883,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:228 sssd-ad.5.xml:1309 +#: sssd-ipa.5.xml:228 sssd-ad.5.xml:1314 msgid "Default: Same as dyndns_auth" msgstr "" @@ -9925,65 +9942,72 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:290 +#: sssd-ipa.5.xml:290 sssd-ad.5.xml:1266 +msgid "" +"Note that <emphasis>dyndns_update_per_family</emphasis> parameter does not " +"apply for PTR record updates. Those updates are always sent separately." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:295 msgid "Default: False (disabled)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:296 sssd-ad.5.xml:1272 +#: sssd-ipa.5.xml:301 sssd-ad.5.xml:1277 msgid "dyndns_force_tcp (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:299 sssd-ad.5.xml:1275 +#: sssd-ipa.5.xml:304 sssd-ad.5.xml:1280 msgid "" "Whether the nsupdate utility should default to using TCP for communicating " "with the DNS server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:303 sssd-ad.5.xml:1279 +#: sssd-ipa.5.xml:308 sssd-ad.5.xml:1284 msgid "Default: False (let nsupdate choose the protocol)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:309 sssd-ad.5.xml:1315 +#: sssd-ipa.5.xml:314 sssd-ad.5.xml:1320 msgid "dyndns_server (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:312 sssd-ad.5.xml:1318 +#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1323 msgid "" "The DNS server to use when performing a DNS update. In most setups, it's " "recommended to leave this option unset." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1323 +#: sssd-ipa.5.xml:322 sssd-ad.5.xml:1328 msgid "" "Setting this option makes sense for environments where the DNS server is " "different from the identity server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:322 sssd-ad.5.xml:1328 +#: sssd-ipa.5.xml:327 sssd-ad.5.xml:1333 msgid "" "Please note that this option will be only used in fallback attempt when " "previous attempt using autodetected settings failed." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:327 sssd-ad.5.xml:1333 +#: sssd-ipa.5.xml:332 sssd-ad.5.xml:1338 msgid "Default: None (let nsupdate choose the server)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:333 sssd-ad.5.xml:1339 +#: sssd-ipa.5.xml:338 sssd-ad.5.xml:1344 msgid "dyndns_update_per_family (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:336 sssd-ad.5.xml:1342 +#: sssd-ipa.5.xml:341 sssd-ad.5.xml:1347 msgid "" "DNS update is by default performed in two steps - IPv4 update and then IPv6 " "update. In some cases it might be desirable to perform IPv4 and IPv6 update " @@ -9991,181 +10015,181 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:348 +#: sssd-ipa.5.xml:353 #, fuzzy #| msgid "access_provider (string)" msgid "ipa_access_order (string)" msgstr "access_provider (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:355 +#: sssd-ipa.5.xml:360 msgid "<emphasis>expire</emphasis>: use IPA's account expiration policy." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:394 +#: sssd-ipa.5.xml:399 msgid "" "Please note that 'access_provider = ipa' must be set for this feature to " "work." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:401 +#: sssd-ipa.5.xml:406 msgid "ipa_deskprofile_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:404 +#: sssd-ipa.5.xml:409 msgid "" "Optional. Use the given string as search base for Desktop Profile related " "objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:408 sssd-ipa.5.xml:435 +#: sssd-ipa.5.xml:413 sssd-ipa.5.xml:440 msgid "Default: Use base DN" msgstr "Default: Use base DN" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:414 +#: sssd-ipa.5.xml:419 #, fuzzy #| msgid "ipa_hbac_search_base (string)" msgid "ipa_subid_ranges_search_base (string)" msgstr "ipa_hbac_search_base (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:417 +#: sssd-ipa.5.xml:422 msgid "" "Optional. Use the given string as search base for subordinate ranges related " "objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:421 +#: sssd-ipa.5.xml:426 msgid "Default: the value of <emphasis>cn=subids,%basedn</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:428 +#: sssd-ipa.5.xml:433 msgid "ipa_hbac_search_base (string)" msgstr "ipa_hbac_search_base (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:431 +#: sssd-ipa.5.xml:436 msgid "Optional. Use the given string as search base for HBAC related objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:441 +#: sssd-ipa.5.xml:446 msgid "ipa_host_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:444 +#: sssd-ipa.5.xml:449 msgid "Deprecated. Use ldap_host_search_base instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:450 +#: sssd-ipa.5.xml:455 msgid "ipa_selinux_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:453 +#: sssd-ipa.5.xml:458 msgid "Optional. Use the given string as search base for SELinux user maps." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:469 +#: sssd-ipa.5.xml:474 msgid "ipa_subdomains_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:472 +#: sssd-ipa.5.xml:477 msgid "Optional. Use the given string as search base for trusted domains." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:481 +#: sssd-ipa.5.xml:486 msgid "Default: the value of <emphasis>cn=trusts,%basedn</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:488 +#: sssd-ipa.5.xml:493 msgid "ipa_master_domain_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:491 +#: sssd-ipa.5.xml:496 msgid "Optional. Use the given string as search base for master domain object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:500 +#: sssd-ipa.5.xml:505 msgid "Default: the value of <emphasis>cn=ad,cn=etc,%basedn</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:507 +#: sssd-ipa.5.xml:512 msgid "ipa_views_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:510 +#: sssd-ipa.5.xml:515 msgid "Optional. Use the given string as search base for views containers." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:519 +#: sssd-ipa.5.xml:524 msgid "Default: the value of <emphasis>cn=views,cn=accounts,%basedn</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:529 +#: sssd-ipa.5.xml:534 msgid "" "The name of the Kerberos realm. This is optional and defaults to the value " "of <quote>ipa_domain</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:533 +#: sssd-ipa.5.xml:538 msgid "" "The name of the Kerberos realm has a special meaning in IPA - it is " "converted into the base DN to use for performing LDAP operations." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:541 sssd-ad.5.xml:1357 +#: sssd-ipa.5.xml:546 sssd-ad.5.xml:1362 msgid "krb5_confd_path (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:544 sssd-ad.5.xml:1360 +#: sssd-ipa.5.xml:549 sssd-ad.5.xml:1365 msgid "" "Absolute path of a directory where SSSD should place Kerberos configuration " "snippets." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:548 sssd-ad.5.xml:1364 +#: sssd-ipa.5.xml:553 sssd-ad.5.xml:1369 msgid "" "To disable the creation of the configuration snippets set the parameter to " "'none'." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:552 sssd-ad.5.xml:1368 +#: sssd-ipa.5.xml:557 sssd-ad.5.xml:1373 msgid "" "Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:559 +#: sssd-ipa.5.xml:564 msgid "ipa_deskprofile_refresh (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:562 +#: sssd-ipa.5.xml:567 msgid "" "The amount of time between lookups of the Desktop Profile rules against the " "IPA server. This will reduce the latency and load on the IPA server if there " @@ -10173,34 +10197,34 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:569 sssd-ipa.5.xml:599 sssd-ipa.5.xml:615 sssd-ad.5.xml:599 +#: sssd-ipa.5.xml:574 sssd-ipa.5.xml:604 sssd-ipa.5.xml:620 sssd-ad.5.xml:599 msgid "Default: 5 (seconds)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:575 +#: sssd-ipa.5.xml:580 msgid "ipa_deskprofile_request_interval (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:578 +#: sssd-ipa.5.xml:583 msgid "" "The amount of time between lookups of the Desktop Profile rules against the " "IPA server in case the last request did not return any rule." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:583 +#: sssd-ipa.5.xml:588 msgid "Default: 60 (minutes)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:589 +#: sssd-ipa.5.xml:594 msgid "ipa_hbac_refresh (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:592 +#: sssd-ipa.5.xml:597 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server. " "This will reduce the latency and load on the IPA server if there are many " @@ -10208,12 +10232,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:605 +#: sssd-ipa.5.xml:610 msgid "ipa_hbac_selinux (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:608 +#: sssd-ipa.5.xml:613 msgid "" "The amount of time between lookups of the SELinux maps against the IPA " "server. This will reduce the latency and load on the IPA server if there are " @@ -10221,33 +10245,33 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:621 +#: sssd-ipa.5.xml:626 msgid "ipa_server_mode (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:624 +#: sssd-ipa.5.xml:629 msgid "" "This option will be set by the IPA installer (ipa-server-install) " "automatically and denotes if SSSD is running on an IPA server or not." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:629 +#: sssd-ipa.5.xml:634 msgid "" "On an IPA server SSSD will lookup users and groups from trusted domains " "directly while on a client it will ask an IPA server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:634 +#: sssd-ipa.5.xml:639 msgid "" "NOTE: There are currently some assumptions that must be met when SSSD is " "running on an IPA server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:639 +#: sssd-ipa.5.xml:644 msgid "" "The <quote>ipa_server</quote> option must be configured to point to the IPA " "server itself. This is already the default set by the IPA installer, so no " @@ -10255,59 +10279,59 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:648 +#: sssd-ipa.5.xml:653 msgid "" "The <quote>full_name_format</quote> option must not be tweaked to only print " "short names for users from trusted domains." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:663 +#: sssd-ipa.5.xml:668 msgid "ipa_automount_location (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:666 +#: sssd-ipa.5.xml:671 msgid "The automounter location this IPA client will be using" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:669 +#: sssd-ipa.5.xml:674 msgid "Default: The location named \"default\"" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd-ipa.5.xml:677 +#: sssd-ipa.5.xml:682 msgid "VIEWS AND OVERRIDES" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:686 +#: sssd-ipa.5.xml:691 msgid "ipa_view_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:689 +#: sssd-ipa.5.xml:694 msgid "Objectclass of the view container." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:692 +#: sssd-ipa.5.xml:697 msgid "Default: nsContainer" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:698 +#: sssd-ipa.5.xml:703 msgid "ipa_view_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:701 +#: sssd-ipa.5.xml:706 msgid "Name of the attribute holding the name of the view." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:705 sssd-ldap-attributes.5.xml:496 +#: sssd-ipa.5.xml:710 sssd-ldap-attributes.5.xml:496 #: sssd-ldap-attributes.5.xml:830 sssd-ldap-attributes.5.xml:911 #: sssd-ldap-attributes.5.xml:1008 sssd-ldap-attributes.5.xml:1066 #: sssd-ldap-attributes.5.xml:1224 sssd-ldap-attributes.5.xml:1269 @@ -10315,128 +10339,128 @@ msgid "Default: cn" msgstr "Padrão: NC" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:711 +#: sssd-ipa.5.xml:716 msgid "ipa_override_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:714 +#: sssd-ipa.5.xml:719 msgid "Objectclass of the override objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:717 +#: sssd-ipa.5.xml:722 msgid "Default: ipaOverrideAnchor" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:723 +#: sssd-ipa.5.xml:728 msgid "ipa_anchor_uuid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:726 +#: sssd-ipa.5.xml:731 msgid "" "Name of the attribute containing the reference to the original object in a " "remote domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:730 +#: sssd-ipa.5.xml:735 msgid "Default: ipaAnchorUUID" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:736 +#: sssd-ipa.5.xml:741 msgid "ipa_user_override_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:739 +#: sssd-ipa.5.xml:744 msgid "" "Name of the objectclass for user overrides. It is used to determine if the " "found override object is related to a user or a group." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:744 +#: sssd-ipa.5.xml:749 msgid "User overrides can contain attributes given by" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:747 +#: sssd-ipa.5.xml:752 msgid "ldap_user_name" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:750 +#: sssd-ipa.5.xml:755 msgid "ldap_user_uid_number" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:753 +#: sssd-ipa.5.xml:758 msgid "ldap_user_gid_number" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:756 +#: sssd-ipa.5.xml:761 msgid "ldap_user_gecos" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:759 +#: sssd-ipa.5.xml:764 msgid "ldap_user_home_directory" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:762 +#: sssd-ipa.5.xml:767 msgid "ldap_user_shell" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:765 +#: sssd-ipa.5.xml:770 msgid "ldap_user_ssh_public_key" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:770 +#: sssd-ipa.5.xml:775 msgid "Default: ipaUserOverride" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:776 +#: sssd-ipa.5.xml:781 msgid "ipa_group_override_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:779 +#: sssd-ipa.5.xml:784 msgid "" "Name of the objectclass for group overrides. It is used to determine if the " "found override object is related to a user or a group." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:784 +#: sssd-ipa.5.xml:789 msgid "Group overrides can contain attributes given by" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:787 +#: sssd-ipa.5.xml:792 msgid "ldap_group_name" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:790 +#: sssd-ipa.5.xml:795 msgid "ldap_group_gid_number" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:795 +#: sssd-ipa.5.xml:800 msgid "Default: ipaGroupOverride" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd-ipa.5.xml:679 +#: sssd-ipa.5.xml:684 msgid "" "SSSD can handle views and overrides which are offered by FreeIPA 4.1 and " "later version. Since all paths and objectclasses are fixed on the server " @@ -10446,19 +10470,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ipa.5.xml:807 +#: sssd-ipa.5.xml:812 msgid "SUBDOMAINS PROVIDER" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:809 +#: sssd-ipa.5.xml:814 msgid "" "The IPA subdomains provider behaves slightly differently if it is configured " "explicitly or implicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:813 +#: sssd-ipa.5.xml:818 msgid "" "If the option 'subdomains_provider = ipa' is found in the domain section of " "sssd.conf, the IPA subdomains provider is configured explicitly, and all " @@ -10466,7 +10490,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:819 +#: sssd-ipa.5.xml:824 msgid "" "If the option 'subdomains_provider' is not set in the domain section of sssd." "conf but there is the option 'id_provider = ipa', the IPA subdomains " @@ -10478,12 +10502,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ipa.5.xml:830 +#: sssd-ipa.5.xml:835 msgid "TRUSTED DOMAINS CONFIGURATION" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ipa.5.xml:838 +#: sssd-ipa.5.xml:843 #, no-wrap msgid "" "[domain/ipa.domain.com/ad.domain.com]\n" @@ -10491,7 +10515,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:832 +#: sssd-ipa.5.xml:837 msgid "" "Some configuration options can also be set for a trusted domain. A trusted " "domain configuration can be set using the trusted domain subsection as shown " @@ -10501,80 +10525,80 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:843 +#: sssd-ipa.5.xml:848 msgid "" "For more details, see the <citerefentry> <refentrytitle>sssd.conf</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:850 +#: sssd-ipa.5.xml:855 msgid "" "Different configuration options are tunable for a trusted domain depending " "on whether you are configuring SSSD on an IPA server or an IPA client." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd-ipa.5.xml:855 +#: sssd-ipa.5.xml:860 msgid "OPTIONS TUNABLE ON IPA MASTERS" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd-ipa.5.xml:857 +#: sssd-ipa.5.xml:862 msgid "" "The following options can be set in a subdomain section on an IPA master:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:861 sssd-ipa.5.xml:891 +#: sssd-ipa.5.xml:866 sssd-ipa.5.xml:896 msgid "ad_server" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:864 +#: sssd-ipa.5.xml:869 msgid "ad_backup_server" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:867 sssd-ipa.5.xml:894 +#: sssd-ipa.5.xml:872 sssd-ipa.5.xml:899 msgid "ad_site" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:870 +#: sssd-ipa.5.xml:875 msgid "ldap_search_base" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:873 +#: sssd-ipa.5.xml:878 msgid "ldap_user_search_base" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:876 +#: sssd-ipa.5.xml:881 msgid "ldap_group_search_base" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd-ipa.5.xml:885 +#: sssd-ipa.5.xml:890 msgid "OPTIONS TUNABLE ON IPA CLIENTS" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd-ipa.5.xml:887 +#: sssd-ipa.5.xml:892 msgid "" "The following options can be set in a subdomain section on an IPA client:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd-ipa.5.xml:899 +#: sssd-ipa.5.xml:904 msgid "" "Note that if both options are set, only <quote>ad_server</quote> is " "evaluated." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd-ipa.5.xml:903 +#: sssd-ipa.5.xml:908 msgid "" "Since any request for a user or a group identity from a trusted domain " "triggered from an IPA client is resolved by the IPA server, the " @@ -10588,7 +10612,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:927 +#: sssd-ipa.5.xml:932 msgid "" "The following example assumes that SSSD is correctly configured and example." "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " @@ -10596,7 +10620,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ipa.5.xml:934 +#: sssd-ipa.5.xml:939 #, no-wrap msgid "" "[domain/example.com]\n" @@ -11790,7 +11814,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ad.5.xml:1388 +#: sssd-ad.5.xml:1393 msgid "" "The following example assumes that SSSD is correctly configured and example." "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " @@ -11798,7 +11822,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ad.5.xml:1395 +#: sssd-ad.5.xml:1400 #, no-wrap msgid "" "[domain/EXAMPLE]\n" @@ -11813,7 +11837,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ad.5.xml:1415 +#: sssd-ad.5.xml:1420 #, no-wrap msgid "" "access_provider = ldap\n" @@ -11822,7 +11846,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ad.5.xml:1411 +#: sssd-ad.5.xml:1416 msgid "" "The AD access control provider checks if the account is expired. It has the " "same effect as the following configuration of the LDAP provider: " @@ -11830,7 +11854,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ad.5.xml:1421 +#: sssd-ad.5.xml:1426 msgid "" "However, unless the <quote>ad</quote> access control provider is explicitly " "configured, the default access provider is <quote>permit</quote>. Please " @@ -11840,7 +11864,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ad.5.xml:1429 +#: sssd-ad.5.xml:1434 msgid "" "When the autofs provider is set to <quote>ad</quote>, the RFC2307 schema " "attribute mapping (nisMap, nisObject, ...) is used, because these attributes " diff --git a/src/man/po/pt_BR.po b/src/man/po/pt_BR.po index e3bd10dc153..376eb909e43 100644 --- a/src/man/po/pt_BR.po +++ b/src/man/po/pt_BR.po @@ -4,7 +4,7 @@ msgid "" msgstr "" "Project-Id-Version: sssd-docs 2.3.0\n" "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" -"POT-Creation-Date: 2023-09-07 11:47+0200\n" +"POT-Creation-Date: 2023-11-13 11:53+0100\n" "PO-Revision-Date: 2017-01-29 10:11-0500\n" "Last-Translator: Rodrigo de Araujo Sousa Fonseca " "<rodrigodearaujo@fedoraproject.org>\n" @@ -202,10 +202,10 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:136 sssd.conf.5.xml:173 sssd.conf.5.xml:358 #: sssd.conf.5.xml:714 sssd.conf.5.xml:729 sssd.conf.5.xml:952 -#: sssd.conf.5.xml:1070 sssd.conf.5.xml:2198 sssd-ldap.5.xml:1071 -#: sssd-ldap.5.xml:1174 sssd-ldap.5.xml:1243 sssd-ldap.5.xml:1750 -#: sssd-ldap.5.xml:1815 sssd-ipa.5.xml:342 sssd-ad.5.xml:252 sssd-ad.5.xml:366 -#: sssd-ad.5.xml:1200 sssd-ad.5.xml:1348 sssd-krb5.5.xml:358 +#: sssd.conf.5.xml:1070 sssd.conf.5.xml:2198 sssd-ldap.5.xml:1073 +#: sssd-ldap.5.xml:1176 sssd-ldap.5.xml:1245 sssd-ldap.5.xml:1752 +#: sssd-ldap.5.xml:1817 sssd-ipa.5.xml:347 sssd-ad.5.xml:252 sssd-ad.5.xml:366 +#: sssd-ad.5.xml:1200 sssd-ad.5.xml:1353 sssd-krb5.5.xml:358 msgid "Default: true" msgstr "" @@ -223,10 +223,10 @@ msgstr "" #. type: Content of: <variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:149 sssd.conf.5.xml:652 sssd.conf.5.xml:949 -#: sssd.conf.5.xml:2101 sssd.conf.5.xml:2168 sssd.conf.5.xml:4174 -#: sssd-ldap.5.xml:312 sssd-ldap.5.xml:917 sssd-ldap.5.xml:936 -#: sssd-ldap.5.xml:1146 sssd-ldap.5.xml:1599 sssd-ldap.5.xml:1839 -#: sssd-ipa.5.xml:152 sssd-ipa.5.xml:254 sssd-ipa.5.xml:657 sssd-ad.5.xml:1106 +#: sssd.conf.5.xml:2101 sssd.conf.5.xml:2168 sssd.conf.5.xml:4191 +#: sssd-ldap.5.xml:313 sssd-ldap.5.xml:919 sssd-ldap.5.xml:938 +#: sssd-ldap.5.xml:1148 sssd-ldap.5.xml:1601 sssd-ldap.5.xml:1841 +#: sssd-ipa.5.xml:152 sssd-ipa.5.xml:254 sssd-ipa.5.xml:662 sssd-ad.5.xml:1106 #: sssd-krb5.5.xml:268 sssd-krb5.5.xml:330 sssd-krb5.5.xml:432 #: include/krb5_options.xml:163 msgid "Default: false" @@ -260,8 +260,8 @@ msgid "" msgstr "" #. type: Content of: outside any tag (error?) -#: sssd.conf.5.xml:109 sssd.conf.5.xml:184 sssd-ldap.5.xml:1656 -#: sssd-ldap.5.xml:1862 sss-certmap.5.xml:645 sssd-systemtap.5.xml:82 +#: sssd.conf.5.xml:109 sssd.conf.5.xml:184 sssd-ldap.5.xml:1658 +#: sssd-ldap.5.xml:1864 sss-certmap.5.xml:645 sssd-systemtap.5.xml:82 #: sssd-systemtap.5.xml:143 sssd-systemtap.5.xml:236 sssd-systemtap.5.xml:274 #: sssd-systemtap.5.xml:330 sssd-ldap-attributes.5.xml:40 #: sssd-ldap-attributes.5.xml:659 sssd-ldap-attributes.5.xml:801 @@ -292,7 +292,7 @@ msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:196 sssd.conf.5.xml:1290 sssd.conf.5.xml:1767 -#: sssd.conf.5.xml:4190 sssd-ldap.5.xml:765 include/ldap_id_mapping.xml:270 +#: sssd.conf.5.xml:4207 sssd-ldap.5.xml:766 include/ldap_id_mapping.xml:270 msgid "Default: 10" msgstr "" @@ -368,7 +368,7 @@ msgid "" msgstr "" #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:266 sssd.conf.5.xml:792 sssd.conf.5.xml:3709 +#: sssd.conf.5.xml:266 sssd.conf.5.xml:792 sssd.conf.5.xml:3716 #: include/failover.xml:100 msgid "Default: 3" msgstr "" @@ -390,7 +390,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:287 sssd.conf.5.xml:3541 +#: sssd.conf.5.xml:287 sssd.conf.5.xml:3548 msgid "re_expression (string)" msgstr "" @@ -410,12 +410,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:304 sssd.conf.5.xml:3598 +#: sssd.conf.5.xml:304 sssd.conf.5.xml:3605 msgid "full_name_format (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:307 sssd.conf.5.xml:3601 +#: sssd.conf.5.xml:307 sssd.conf.5.xml:3608 msgid "" "A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</" "manvolnum> </citerefentry>-compatible format that describes how to compose a " @@ -423,39 +423,39 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:318 sssd.conf.5.xml:3612 +#: sssd.conf.5.xml:318 sssd.conf.5.xml:3619 msgid "%1$s" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:319 sssd.conf.5.xml:3613 +#: sssd.conf.5.xml:319 sssd.conf.5.xml:3620 msgid "user name" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:322 sssd.conf.5.xml:3616 +#: sssd.conf.5.xml:322 sssd.conf.5.xml:3623 msgid "%2$s" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:325 sssd.conf.5.xml:3619 +#: sssd.conf.5.xml:325 sssd.conf.5.xml:3626 msgid "domain name as specified in the SSSD config file." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:331 sssd.conf.5.xml:3625 +#: sssd.conf.5.xml:331 sssd.conf.5.xml:3632 msgid "%3$s" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:334 sssd.conf.5.xml:3628 +#: sssd.conf.5.xml:334 sssd.conf.5.xml:3635 msgid "" "domain flat name. Mostly usable for Active Directory domains, both directly " "configured or discovered via IPA trusts." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:315 sssd.conf.5.xml:3609 +#: sssd.conf.5.xml:315 sssd.conf.5.xml:3616 msgid "" "The following expansions are supported: <placeholder type=\"variablelist\" " "id=\"0\"/>" @@ -598,8 +598,8 @@ msgid "" msgstr "" #. type: Content of: <variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:468 sssd-ldap.5.xml:876 sssd-ldap.5.xml:888 -#: sssd-ldap.5.xml:980 sssd-ad.5.xml:920 sssd-ad.5.xml:995 sssd-krb5.5.xml:468 +#: sssd.conf.5.xml:468 sssd-ldap.5.xml:877 sssd-ldap.5.xml:889 +#: sssd-ldap.5.xml:982 sssd-ad.5.xml:920 sssd-ad.5.xml:995 sssd-krb5.5.xml:468 #: sssd-ldap-attributes.5.xml:470 sssd-ldap-attributes.5.xml:976 #: include/ldap_id_mapping.xml:211 include/ldap_id_mapping.xml:222 #: include/krb5_options.xml:148 @@ -869,7 +869,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:700 sssd.conf.5.xml:1791 sssd.conf.5.xml:4240 +#: sssd.conf.5.xml:700 sssd.conf.5.xml:1791 sssd.conf.5.xml:4257 #: sssd-ad.5.xml:187 sssd-ad.5.xml:327 sssd-ad.5.xml:341 msgid "Default: Not set" msgstr "" @@ -1048,7 +1048,7 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:858 sssd.conf.5.xml:1201 sssd.conf.5.xml:1584 -#: sssd.conf.5.xml:1880 sssd-ldap.5.xml:494 +#: sssd.conf.5.xml:1880 sssd-ldap.5.xml:495 msgid "Default: 60" msgstr "" @@ -1150,7 +1150,7 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:937 sssd.conf.5.xml:1214 sssd.conf.5.xml:2322 -#: sssd-ldap.5.xml:331 +#: sssd-ldap.5.xml:332 msgid "Default: 300" msgstr "" @@ -1519,7 +1519,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1240 sssd.conf.5.xml:2964 sssd-ldap.5.xml:548 +#: sssd.conf.5.xml:1240 sssd.conf.5.xml:2971 sssd-ldap.5.xml:549 msgid "Default: 8" msgstr "" @@ -1545,8 +1545,8 @@ msgid "" msgstr "" #. type: Content of: <variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1265 sssd.conf.5.xml:1317 sssd.conf.5.xml:3730 -#: sssd-ldap.5.xml:473 sssd-ldap.5.xml:525 include/failover.xml:116 +#: sssd.conf.5.xml:1265 sssd.conf.5.xml:1317 sssd.conf.5.xml:3737 +#: sssd-ldap.5.xml:474 sssd-ldap.5.xml:526 include/failover.xml:116 #: include/krb5_options.xml:11 msgid "Default: 6" msgstr "" @@ -1855,7 +1855,7 @@ msgid "pam_pwd_expiration_warning (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1553 sssd.conf.5.xml:2988 +#: sssd.conf.5.xml:1553 sssd.conf.5.xml:2995 msgid "Display a warning N days before the password expires." msgstr "" @@ -1868,7 +1868,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1562 sssd.conf.5.xml:2991 +#: sssd.conf.5.xml:1562 sssd.conf.5.xml:2998 msgid "" "If zero is set, then this filter is not applied, i.e. if the expiration " "warning was received from backend server, it will automatically be displayed." @@ -1882,7 +1882,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1572 sssd.conf.5.xml:3977 sssd-ldap.5.xml:606 sssd.8.xml:79 +#: sssd.conf.5.xml:1572 sssd.conf.5.xml:3984 sssd-ldap.5.xml:607 sssd.8.xml:79 msgid "Default: 0" msgstr "" @@ -1945,8 +1945,8 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1632 sssd.conf.5.xml:1657 sssd.conf.5.xml:1676 -#: sssd.conf.5.xml:1913 sssd.conf.5.xml:2733 sssd.conf.5.xml:3906 -#: sssd-ldap.5.xml:1207 +#: sssd.conf.5.xml:1913 sssd.conf.5.xml:2733 sssd.conf.5.xml:3913 +#: sssd-ldap.5.xml:1209 msgid "Default: none" msgstr "" @@ -2009,8 +2009,8 @@ msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1687 sssd.conf.5.xml:1698 sssd.conf.5.xml:1712 -#: sssd-ldap.5.xml:671 sssd-ldap.5.xml:692 sssd-ldap.5.xml:788 -#: sssd-ldap.5.xml:1293 sssd-ad.5.xml:505 sssd-ad.5.xml:581 sssd-ad.5.xml:1126 +#: sssd-ldap.5.xml:672 sssd-ldap.5.xml:693 sssd-ldap.5.xml:789 +#: sssd-ldap.5.xml:1295 sssd-ad.5.xml:505 sssd-ad.5.xml:581 sssd-ad.5.xml:1126 #: sssd-ad.5.xml:1175 include/ldap_id_mapping.xml:250 msgid "Default: False" msgstr "" @@ -2049,7 +2049,7 @@ msgid "The path to the certificate database." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1723 sssd.conf.5.xml:2248 sssd.conf.5.xml:4354 +#: sssd.conf.5.xml:1723 sssd.conf.5.xml:2248 sssd.conf.5.xml:4371 msgid "Default:" msgstr "" @@ -2315,7 +2315,7 @@ msgid "Default: no_session" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1950 sssd.conf.5.xml:4293 +#: sssd.conf.5.xml:1950 sssd.conf.5.xml:4310 msgid "pam_gssapi_services" msgstr "" @@ -2349,7 +2349,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1968 sssd.conf.5.xml:3900 +#: sssd.conf.5.xml:1968 sssd.conf.5.xml:3907 msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" @@ -2359,7 +2359,7 @@ msgid "Default: - (GSSAPI authentication is disabled)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1979 sssd.conf.5.xml:4294 +#: sssd.conf.5.xml:1979 sssd.conf.5.xml:4311 msgid "pam_gssapi_check_upn" msgstr "" @@ -2379,7 +2379,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1999 sssd-ad.5.xml:1266 sss_rpcidmapd.5.xml:76 +#: sssd.conf.5.xml:1999 sssd-ad.5.xml:1271 sss_rpcidmapd.5.xml:76 #: sssd-files.5.xml:145 msgid "Default: True" msgstr "" @@ -3138,7 +3138,7 @@ msgid "FALSE = No enumerations for this domain" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2669 sssd.conf.5.xml:2943 sssd.conf.5.xml:3120 +#: sssd.conf.5.xml:2669 sssd.conf.5.xml:2950 sssd.conf.5.xml:3127 msgid "Default: FALSE" msgstr "" @@ -3407,7 +3407,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2922 sssd-ldap.5.xml:360 sssd-ldap.5.xml:1736 +#: sssd.conf.5.xml:2922 sssd-ldap.5.xml:361 sssd-ldap.5.xml:1738 #: sssd-ipa.5.xml:270 msgid "Default: 0 (disabled)" msgstr "" @@ -3419,11 +3419,17 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:2931 -msgid "Determines if user credentials are also cached in the local LDB cache." +msgid "" +"Determines if user credentials are also cached in the local LDB cache. The " +"cached credentials refer to passwords, which includes the first (long term) " +"factor of two-factor authentication, not other authentication mechanisms. " +"Passkey and Smartcard authentications are expected to work offline as long " +"as a successful online authentication is recorded in the cache without " +"additional configuration." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2935 +#: sssd.conf.5.xml:2942 msgid "" "Take a note that while credentials are stored as a salted SHA512 hash, this " "still potentially poses some security risk in case an attacker manages to " @@ -3432,12 +3438,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2949 +#: sssd.conf.5.xml:2956 msgid "cache_credentials_minimal_first_factor_length (int)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2952 +#: sssd.conf.5.xml:2959 msgid "" "If 2-Factor-Authentication (2FA) is used and credentials should be saved " "this value determines the minimal length the first authentication factor " @@ -3445,19 +3451,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2959 +#: sssd.conf.5.xml:2966 msgid "" "This should avoid that the short PINs of a PIN based 2FA scheme are saved in " "the cache which would make them easy targets for brute-force attacks." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2970 +#: sssd.conf.5.xml:2977 msgid "account_cache_expiration (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2973 +#: sssd.conf.5.xml:2980 msgid "" "Number of days entries are left in cache after last successful login before " "being removed during a cleanup of the cache. 0 means keep forever. The " @@ -3466,17 +3472,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2980 +#: sssd.conf.5.xml:2987 msgid "Default: 0 (unlimited)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2985 +#: sssd.conf.5.xml:2992 msgid "pwd_expiration_warning (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2996 +#: sssd.conf.5.xml:3003 msgid "" "Please note that the backend server has to provide information about the " "expiration time of the password. If this information is missing, sssd " @@ -3485,28 +3491,28 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3003 +#: sssd.conf.5.xml:3010 msgid "Default: 7 (Kerberos), 0 (LDAP)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3009 +#: sssd.conf.5.xml:3016 msgid "id_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3012 +#: sssd.conf.5.xml:3019 msgid "" "The identification provider used for the domain. Supported ID providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3016 +#: sssd.conf.5.xml:3023 msgid "<quote>proxy</quote>: Support a legacy NSS provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3019 +#: sssd.conf.5.xml:3026 msgid "" "<quote>files</quote>: FILES provider. See <citerefentry> <refentrytitle>sssd-" "files</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more " @@ -3514,7 +3520,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3027 +#: sssd.conf.5.xml:3034 msgid "" "<quote>ldap</quote>: LDAP provider. See <citerefentry> <refentrytitle>sssd-" "ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more " @@ -3522,8 +3528,8 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3035 sssd.conf.5.xml:3146 sssd.conf.5.xml:3197 -#: sssd.conf.5.xml:3260 +#: sssd.conf.5.xml:3042 sssd.conf.5.xml:3153 sssd.conf.5.xml:3204 +#: sssd.conf.5.xml:3267 msgid "" "<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management " "provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> " @@ -3532,8 +3538,8 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3044 sssd.conf.5.xml:3155 sssd.conf.5.xml:3206 -#: sssd.conf.5.xml:3269 +#: sssd.conf.5.xml:3051 sssd.conf.5.xml:3162 sssd.conf.5.xml:3213 +#: sssd.conf.5.xml:3276 msgid "" "<quote>ad</quote>: Active Directory provider. See <citerefentry> " "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3541,19 +3547,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3055 +#: sssd.conf.5.xml:3062 msgid "use_fully_qualified_names (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3058 +#: sssd.conf.5.xml:3065 msgid "" "Use the full name and domain (as formatted by the domain's full_name_format) " "as the user's login name reported to NSS." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3063 +#: sssd.conf.5.xml:3070 msgid "" "If set to TRUE, all requests to this domain must use fully qualified names. " "For example, if used in LOCAL domain that contains a \"test\" user, " @@ -3562,7 +3568,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3071 +#: sssd.conf.5.xml:3078 msgid "" "NOTE: This option has no effect on netgroup lookups due to their tendency to " "include nested netgroups without qualified names. For netgroups, all domains " @@ -3570,24 +3576,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3078 +#: sssd.conf.5.xml:3085 msgid "" "Default: FALSE (TRUE for trusted domain/sub-domains or if " "default_domain_suffix is used)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3085 +#: sssd.conf.5.xml:3092 msgid "ignore_group_members (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3088 +#: sssd.conf.5.xml:3095 msgid "Do not return group members for group lookups." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3091 +#: sssd.conf.5.xml:3098 msgid "" "If set to TRUE, the group membership attribute is not requested from the " "ldap server, and group members are not returned when processing group lookup " @@ -3599,7 +3605,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3109 +#: sssd.conf.5.xml:3116 msgid "" "Enabling this option can also make access provider checks for group " "membership significantly faster, especially for groups containing many " @@ -3607,30 +3613,30 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3115 sssd.conf.5.xml:3822 sssd-ldap.5.xml:326 -#: sssd-ldap.5.xml:355 sssd-ldap.5.xml:408 sssd-ldap.5.xml:468 -#: sssd-ldap.5.xml:489 sssd-ldap.5.xml:520 sssd-ldap.5.xml:543 -#: sssd-ldap.5.xml:582 sssd-ldap.5.xml:601 sssd-ldap.5.xml:625 -#: sssd-ldap.5.xml:1051 sssd-ldap.5.xml:1084 +#: sssd.conf.5.xml:3122 sssd.conf.5.xml:3829 sssd-ldap.5.xml:327 +#: sssd-ldap.5.xml:356 sssd-ldap.5.xml:409 sssd-ldap.5.xml:469 +#: sssd-ldap.5.xml:490 sssd-ldap.5.xml:521 sssd-ldap.5.xml:544 +#: sssd-ldap.5.xml:583 sssd-ldap.5.xml:602 sssd-ldap.5.xml:626 +#: sssd-ldap.5.xml:1053 sssd-ldap.5.xml:1086 msgid "" "This option can be also set per subdomain or inherited via " "<emphasis>subdomain_inherit</emphasis>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3125 +#: sssd.conf.5.xml:3132 msgid "auth_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3128 +#: sssd.conf.5.xml:3135 msgid "" "The authentication provider used for the domain. Supported auth providers " "are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3132 sssd.conf.5.xml:3190 +#: sssd.conf.5.xml:3139 sssd.conf.5.xml:3197 msgid "" "<quote>ldap</quote> for native LDAP authentication. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3638,7 +3644,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3139 +#: sssd.conf.5.xml:3146 msgid "" "<quote>krb5</quote> for Kerberos authentication. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3646,30 +3652,30 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3163 +#: sssd.conf.5.xml:3170 msgid "" "<quote>proxy</quote> for relaying authentication to some other PAM target." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3166 +#: sssd.conf.5.xml:3173 msgid "<quote>none</quote> disables authentication explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3169 +#: sssd.conf.5.xml:3176 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can handle " "authentication requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3175 +#: sssd.conf.5.xml:3182 msgid "access_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3178 +#: sssd.conf.5.xml:3185 msgid "" "The access control provider used for the domain. There are two built-in " "access providers (in addition to any included in installed backends) " @@ -3677,19 +3683,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3184 +#: sssd.conf.5.xml:3191 msgid "" "<quote>permit</quote> always allow access. It's the only permitted access " "provider for a local domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3187 +#: sssd.conf.5.xml:3194 msgid "<quote>deny</quote> always deny access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3214 +#: sssd.conf.5.xml:3221 msgid "" "<quote>simple</quote> access control based on access or deny lists. See " "<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</" @@ -3698,7 +3704,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3221 +#: sssd.conf.5.xml:3228 msgid "" "<quote>krb5</quote>: .k5login based access control. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum></" @@ -3706,29 +3712,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3228 +#: sssd.conf.5.xml:3235 msgid "<quote>proxy</quote> for relaying access control to another PAM module." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3231 +#: sssd.conf.5.xml:3238 msgid "Default: <quote>permit</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3236 +#: sssd.conf.5.xml:3243 msgid "chpass_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3239 +#: sssd.conf.5.xml:3246 msgid "" "The provider which should handle change password operations for the domain. " "Supported change password providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3244 +#: sssd.conf.5.xml:3251 msgid "" "<quote>ldap</quote> to change a password stored in a LDAP server. See " "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" @@ -3736,7 +3742,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3252 +#: sssd.conf.5.xml:3259 msgid "" "<quote>krb5</quote> to change the Kerberos password. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3744,35 +3750,35 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3277 +#: sssd.conf.5.xml:3284 msgid "" "<quote>proxy</quote> for relaying password changes to some other PAM target." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3281 +#: sssd.conf.5.xml:3288 msgid "<quote>none</quote> disallows password changes explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3284 +#: sssd.conf.5.xml:3291 msgid "" "Default: <quote>auth_provider</quote> is used if it is set and can handle " "change password requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3291 +#: sssd.conf.5.xml:3298 msgid "sudo_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3294 +#: sssd.conf.5.xml:3301 msgid "The SUDO provider used for the domain. Supported SUDO providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3298 +#: sssd.conf.5.xml:3305 msgid "" "<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3780,32 +3786,32 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3306 +#: sssd.conf.5.xml:3313 msgid "" "<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default " "settings." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3310 +#: sssd.conf.5.xml:3317 msgid "" "<quote>ad</quote> the same as <quote>ldap</quote> but with AD default " "settings." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3314 +#: sssd.conf.5.xml:3321 msgid "<quote>none</quote> disables SUDO explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3317 sssd.conf.5.xml:3403 sssd.conf.5.xml:3473 -#: sssd.conf.5.xml:3498 sssd.conf.5.xml:3534 +#: sssd.conf.5.xml:3324 sssd.conf.5.xml:3410 sssd.conf.5.xml:3480 +#: sssd.conf.5.xml:3505 sssd.conf.5.xml:3541 msgid "Default: The value of <quote>id_provider</quote> is used if it is set." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3321 +#: sssd.conf.5.xml:3328 msgid "" "The detailed instructions for configuration of sudo_provider are in the " "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " @@ -3816,7 +3822,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3336 +#: sssd.conf.5.xml:3343 msgid "" "<emphasis>NOTE:</emphasis> Sudo rules are periodically downloaded in the " "background unless the sudo provider is explicitly disabled. Set " @@ -3825,12 +3831,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3346 +#: sssd.conf.5.xml:3353 msgid "selinux_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3349 +#: sssd.conf.5.xml:3356 msgid "" "The provider which should handle loading of selinux settings. Note that this " "provider will be called right after access provider ends. Supported selinux " @@ -3838,7 +3844,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3355 +#: sssd.conf.5.xml:3362 msgid "" "<quote>ipa</quote> to load selinux settings from an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" @@ -3846,31 +3852,31 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3363 +#: sssd.conf.5.xml:3370 msgid "<quote>none</quote> disallows fetching selinux settings explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3366 +#: sssd.conf.5.xml:3373 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can handle " "selinux loading requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3372 +#: sssd.conf.5.xml:3379 msgid "subdomains_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3375 +#: sssd.conf.5.xml:3382 msgid "" "The provider which should handle fetching of subdomains. This value should " "be always the same as id_provider. Supported subdomain providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3381 +#: sssd.conf.5.xml:3388 msgid "" "<quote>ipa</quote> to load a list of subdomains from an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" @@ -3878,7 +3884,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3390 +#: sssd.conf.5.xml:3397 msgid "" "<quote>ad</quote> to load a list of subdomains from an Active Directory " "server. See <citerefentry> <refentrytitle>sssd-ad</refentrytitle> " @@ -3887,17 +3893,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3399 +#: sssd.conf.5.xml:3406 msgid "<quote>none</quote> disallows fetching subdomains explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3409 +#: sssd.conf.5.xml:3416 msgid "session_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3412 +#: sssd.conf.5.xml:3419 msgid "" "The provider which configures and manages user session related tasks. The " "only user session task currently provided is the integration with Fleet " @@ -3905,43 +3911,43 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3419 +#: sssd.conf.5.xml:3426 msgid "<quote>ipa</quote> to allow performing user session related tasks." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3423 +#: sssd.conf.5.xml:3430 msgid "" "<quote>none</quote> does not perform any kind of user session related tasks." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3427 +#: sssd.conf.5.xml:3434 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can perform " "session related tasks." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3431 +#: sssd.conf.5.xml:3438 msgid "" "<emphasis>NOTE:</emphasis> In order to have this feature working as expected " "SSSD must be running as \"root\" and not as the unprivileged user." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3439 +#: sssd.conf.5.xml:3446 msgid "autofs_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3442 +#: sssd.conf.5.xml:3449 msgid "" "The autofs provider used for the domain. Supported autofs providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3446 +#: sssd.conf.5.xml:3453 msgid "" "<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3949,7 +3955,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3453 +#: sssd.conf.5.xml:3460 msgid "" "<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> " "<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3957,7 +3963,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3461 +#: sssd.conf.5.xml:3468 msgid "" "<quote>ad</quote> to load maps stored in an AD server. See <citerefentry> " "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3965,24 +3971,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3470 +#: sssd.conf.5.xml:3477 msgid "<quote>none</quote> disables autofs explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3480 +#: sssd.conf.5.xml:3487 msgid "hostid_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3483 +#: sssd.conf.5.xml:3490 msgid "" "The provider used for retrieving host identity information. Supported " "hostid providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3487 +#: sssd.conf.5.xml:3494 msgid "" "<quote>ipa</quote> to load host identity stored in an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" @@ -3990,31 +3996,31 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3495 +#: sssd.conf.5.xml:3502 msgid "<quote>none</quote> disables hostid explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3505 +#: sssd.conf.5.xml:3512 msgid "resolver_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3508 +#: sssd.conf.5.xml:3515 msgid "" "The provider which should handle hosts and networks lookups. Supported " "resolver providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3512 +#: sssd.conf.5.xml:3519 msgid "" "<quote>proxy</quote> to forward lookups to another NSS library. See " "<quote>proxy_resolver_lib_name</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3516 +#: sssd.conf.5.xml:3523 msgid "" "<quote>ldap</quote> to fetch hosts and networks stored in LDAP. See " "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" @@ -4022,7 +4028,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3523 +#: sssd.conf.5.xml:3530 msgid "" "<quote>ad</quote> to fetch hosts and networks stored in AD. See " "<citerefentry> <refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</" @@ -4031,12 +4037,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3531 +#: sssd.conf.5.xml:3538 msgid "<quote>none</quote> disallows fetching hosts and networks explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3544 +#: sssd.conf.5.xml:3551 msgid "" "Regular expression for this domain that describes how to parse the string " "containing user name and domain into these components. The \"domain\" can " @@ -4046,24 +4052,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3553 +#: sssd.conf.5.xml:3560 msgid "" "Default: <quote>^((?P<name>.+)@(?P<domain>[^@]*)|(?P<name>" "[^@]+))$</quote> which allows two different styles for user names:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:3558 sssd.conf.5.xml:3572 +#: sssd.conf.5.xml:3565 sssd.conf.5.xml:3579 msgid "username" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:3561 sssd.conf.5.xml:3575 +#: sssd.conf.5.xml:3568 sssd.conf.5.xml:3582 msgid "username@domain.name" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3566 +#: sssd.conf.5.xml:3573 msgid "" "Default for the AD and IPA provider: <quote>^(((?P<domain>[^\\\\]+)\\" "\\(?P<name>.+))|((?P<name>.+)@(?P<domain>[^@]+))|((?P<" @@ -4072,19 +4078,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:3578 +#: sssd.conf.5.xml:3585 msgid "domain\\username" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3581 +#: sssd.conf.5.xml:3588 msgid "" "While the first two correspond to the general default the third one is " "introduced to allow easy integration of users from Windows domains." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3586 +#: sssd.conf.5.xml:3593 msgid "" "The default re_expression uses the <quote>@</quote> character as a separator " "between the name and the domain. As a result of this setting the default " @@ -4094,89 +4100,89 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3638 +#: sssd.conf.5.xml:3645 msgid "Default: <quote>%1$s@%2$s</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3644 +#: sssd.conf.5.xml:3651 msgid "lookup_family_order (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3647 +#: sssd.conf.5.xml:3654 msgid "" "Provides the ability to select preferred address family to use when " "performing DNS lookups." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3651 +#: sssd.conf.5.xml:3658 msgid "Supported values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3654 +#: sssd.conf.5.xml:3661 msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3657 +#: sssd.conf.5.xml:3664 msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3660 +#: sssd.conf.5.xml:3667 msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3663 +#: sssd.conf.5.xml:3670 msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3666 +#: sssd.conf.5.xml:3673 msgid "Default: ipv4_first" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3672 +#: sssd.conf.5.xml:3679 msgid "dns_resolver_server_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3675 +#: sssd.conf.5.xml:3682 msgid "" "Defines the amount of time (in milliseconds) SSSD would try to talk to DNS " "server before trying next DNS server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3680 +#: sssd.conf.5.xml:3687 msgid "" "The AD provider will use this option for the CLDAP ping timeouts as well." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3684 sssd.conf.5.xml:3704 sssd.conf.5.xml:3725 +#: sssd.conf.5.xml:3691 sssd.conf.5.xml:3711 sssd.conf.5.xml:3732 msgid "" "Please see the section <quote>FAILOVER</quote> for more information about " "the service resolution." msgstr "" #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3689 sssd-ldap.5.xml:644 include/failover.xml:84 +#: sssd.conf.5.xml:3696 sssd-ldap.5.xml:645 include/failover.xml:84 msgid "Default: 1000" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3695 +#: sssd.conf.5.xml:3702 msgid "dns_resolver_op_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3698 +#: sssd.conf.5.xml:3705 msgid "" "Defines the amount of time (in seconds) to wait to resolve single DNS query " "(e.g. resolution of a hostname or an SRV record) before trying the next " @@ -4184,12 +4190,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3715 +#: sssd.conf.5.xml:3722 msgid "dns_resolver_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3718 +#: sssd.conf.5.xml:3725 msgid "" "Defines the amount of time (in seconds) to wait for a reply from the " "internal fail over service before assuming that the service is unreachable. " @@ -4198,12 +4204,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3736 +#: sssd.conf.5.xml:3743 msgid "dns_resolver_use_search_list (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3739 +#: sssd.conf.5.xml:3746 msgid "" "Normally, the DNS resolver searches the domain list defined in the " "\"search\" directive from the resolv.conf file. This can lead to delays in " @@ -4211,7 +4217,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3745 +#: sssd.conf.5.xml:3752 msgid "" "If fully qualified domain names (or _srv_) are used in the SSSD " "configuration, setting this option to FALSE can prevent unnecessary DNS " @@ -4219,69 +4225,69 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3751 +#: sssd.conf.5.xml:3758 msgid "Default: TRUE" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3757 +#: sssd.conf.5.xml:3764 msgid "dns_discovery_domain (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3760 +#: sssd.conf.5.xml:3767 msgid "" "If service discovery is used in the back end, specifies the domain part of " "the service discovery DNS query." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3764 +#: sssd.conf.5.xml:3771 msgid "Default: Use the domain part of machine's hostname" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3770 +#: sssd.conf.5.xml:3777 msgid "override_gid (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3773 +#: sssd.conf.5.xml:3780 msgid "Override the primary GID value with the one specified." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3779 +#: sssd.conf.5.xml:3786 msgid "case_sensitive (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3786 +#: sssd.conf.5.xml:3793 msgid "True" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3789 +#: sssd.conf.5.xml:3796 msgid "Case sensitive. This value is invalid for AD provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3795 +#: sssd.conf.5.xml:3802 msgid "False" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3797 +#: sssd.conf.5.xml:3804 msgid "Case insensitive." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3801 +#: sssd.conf.5.xml:3808 msgid "Preserving" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3804 +#: sssd.conf.5.xml:3811 msgid "" "Same as False (case insensitive), but does not lowercase names in the result " "of NSS operations. Note that name aliases (and in case of services also " @@ -4289,31 +4295,31 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3812 +#: sssd.conf.5.xml:3819 msgid "" "If you want to set this value for trusted domain with IPA provider, you need " "to set it on both the client and SSSD on the server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3782 +#: sssd.conf.5.xml:3789 msgid "" "Treat user and group names as case sensitive. Possible option values are: " "<placeholder type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3827 +#: sssd.conf.5.xml:3834 msgid "Default: True (False for AD provider)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3833 +#: sssd.conf.5.xml:3840 msgid "subdomain_inherit (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3836 +#: sssd.conf.5.xml:3843 msgid "" "Specifies a list of configuration parameters that should be inherited by a " "subdomain. Please note that only selected parameters can be inherited. " @@ -4321,104 +4327,104 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3842 +#: sssd.conf.5.xml:3849 msgid "ldap_search_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3845 +#: sssd.conf.5.xml:3852 msgid "ldap_network_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3848 +#: sssd.conf.5.xml:3855 msgid "ldap_opt_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3851 +#: sssd.conf.5.xml:3858 msgid "ldap_offline_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3854 +#: sssd.conf.5.xml:3861 msgid "ldap_enumeration_refresh_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3857 +#: sssd.conf.5.xml:3864 msgid "ldap_enumeration_refresh_offset" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3860 +#: sssd.conf.5.xml:3867 msgid "ldap_purge_cache_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3863 +#: sssd.conf.5.xml:3870 msgid "ldap_purge_cache_offset" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3866 +#: sssd.conf.5.xml:3873 msgid "" "ldap_krb5_keytab (the value of krb5_keytab will be used if ldap_krb5_keytab " "is not set explicitly)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3870 +#: sssd.conf.5.xml:3877 msgid "ldap_krb5_ticket_lifetime" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3873 +#: sssd.conf.5.xml:3880 msgid "ldap_enumeration_search_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3876 +#: sssd.conf.5.xml:3883 msgid "ldap_connection_expire_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3879 +#: sssd.conf.5.xml:3886 msgid "ldap_connection_expire_offset" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3882 +#: sssd.conf.5.xml:3889 msgid "ldap_connection_idle_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3885 sssd-ldap.5.xml:400 +#: sssd.conf.5.xml:3892 sssd-ldap.5.xml:401 msgid "ldap_use_tokengroups" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3888 +#: sssd.conf.5.xml:3895 msgid "ldap_user_principal" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3891 +#: sssd.conf.5.xml:3898 msgid "ignore_group_members" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3894 +#: sssd.conf.5.xml:3901 msgid "auto_private_groups" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3897 +#: sssd.conf.5.xml:3904 msgid "case_sensitive" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:3902 +#: sssd.conf.5.xml:3909 #, no-wrap msgid "" "subdomain_inherit = ldap_purge_cache_timeout\n" @@ -4426,27 +4432,27 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3909 +#: sssd.conf.5.xml:3916 msgid "Note: This option only works with the IPA and AD provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3916 +#: sssd.conf.5.xml:3923 msgid "subdomain_homedir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3927 +#: sssd.conf.5.xml:3934 msgid "%F" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3928 +#: sssd.conf.5.xml:3935 msgid "flat (NetBIOS) name of a subdomain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3919 +#: sssd.conf.5.xml:3926 msgid "" "Use this homedir as default value for all subdomains within this domain in " "IPA AD trust. See <emphasis>override_homedir</emphasis> for info about " @@ -4456,34 +4462,34 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3933 +#: sssd.conf.5.xml:3940 msgid "" "The value can be overridden by <emphasis>override_homedir</emphasis> option." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3937 +#: sssd.conf.5.xml:3944 msgid "Default: <filename>/home/%d/%u</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3942 +#: sssd.conf.5.xml:3949 msgid "realmd_tags (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3945 +#: sssd.conf.5.xml:3952 msgid "" "Various tags stored by the realmd configuration service for this domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3951 +#: sssd.conf.5.xml:3958 msgid "cached_auth_timeout (int)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3954 +#: sssd.conf.5.xml:3961 msgid "" "Specifies time in seconds since last successful online authentication for " "which user will be authenticated using cached credentials while SSSD is in " @@ -4492,19 +4498,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3962 +#: sssd.conf.5.xml:3969 msgid "" "This option's value is inherited by all trusted domains. At the moment it is " "not possible to set a different value per trusted domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3967 +#: sssd.conf.5.xml:3974 msgid "Special value 0 implies that this feature is disabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3971 +#: sssd.conf.5.xml:3978 msgid "" "Please note that if <quote>cached_auth_timeout</quote> is longer than " "<quote>pam_id_timeout</quote> then the back end could be called to handle " @@ -4512,12 +4518,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3982 +#: sssd.conf.5.xml:3989 msgid "local_auth_policy (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3985 +#: sssd.conf.5.xml:3992 msgid "" "Local authentication methods policy. Some backends (i.e. LDAP, proxy " "provider) only support a password based authentication, while others can " @@ -4528,7 +4534,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3995 +#: sssd.conf.5.xml:4002 msgid "" "There are three possible values for this option: match, only, enable. " "<quote>match</quote> is used to match offline and online states for Kerberos " @@ -4539,8 +4545,17 @@ msgid "" "separated, such as <quote>enable:passkey, enable:smartcard</quote>" msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4014 +msgid "" +"Please note that if local Smartcard authentication is enabled and a " +"Smartcard is present, Smartcard authentication will be preferred over the " +"authentication methods supported by the backend. I.e. there will be a PIN " +"prompt instead of e.g. a password prompt." +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:4011 +#: sssd.conf.5.xml:4026 #, no-wrap msgid "" "[domain/shadowutils]\n" @@ -4551,7 +4566,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4007 +#: sssd.conf.5.xml:4022 msgid "" "The following configuration example allows local users to authenticate " "locally using any enabled method (i.e. smartcard, passkey). <placeholder " @@ -4559,34 +4574,34 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4019 +#: sssd.conf.5.xml:4034 msgid "This option is ignored for the files provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4022 +#: sssd.conf.5.xml:4037 msgid "Default: match" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4027 +#: sssd.conf.5.xml:4042 msgid "auto_private_groups (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4033 +#: sssd.conf.5.xml:4048 msgid "true" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4036 +#: sssd.conf.5.xml:4051 msgid "" "Create user's private group unconditionally from user's UID number. The GID " "number is ignored in this case." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4040 +#: sssd.conf.5.xml:4055 msgid "" "NOTE: Because the GID number and the user private group are inferred from " "the UID number, it is not supported to have multiple entries with the same " @@ -4595,24 +4610,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4049 +#: sssd.conf.5.xml:4064 msgid "false" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4052 +#: sssd.conf.5.xml:4067 msgid "" "Always use the user's primary GID number. The GID number must refer to a " "group object in the LDAP database." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4058 +#: sssd.conf.5.xml:4073 msgid "hybrid" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4061 +#: sssd.conf.5.xml:4076 msgid "" "A primary group is autogenerated for user entries whose UID and GID numbers " "have the same value and at the same time the GID number does not correspond " @@ -4622,14 +4637,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4074 +#: sssd.conf.5.xml:4089 msgid "" "If the UID and GID of a user are different, then the GID must correspond to " "a group entry, otherwise the GID is simply not resolvable." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4081 +#: sssd.conf.5.xml:4096 msgid "" "This feature is useful for environments that wish to stop maintaining a " "separate group objects for the user private groups, but also wish to retain " @@ -4637,21 +4652,21 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4030 +#: sssd.conf.5.xml:4045 msgid "" "This option takes any of three available values: <placeholder " "type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4093 +#: sssd.conf.5.xml:4108 msgid "" "For subdomains, the default value is False for subdomains that use assigned " "POSIX IDs and True for subdomains that use automatic ID-mapping." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:4101 +#: sssd.conf.5.xml:4116 #, no-wrap msgid "" "[domain/forest.domain/sub.domain]\n" @@ -4659,7 +4674,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:4107 +#: sssd.conf.5.xml:4122 #, no-wrap msgid "" "[domain/forest.domain]\n" @@ -4668,7 +4683,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4098 +#: sssd.conf.5.xml:4113 msgid "" "The value of auto_private_groups can either be set per subdomains in a " "subsection, for example: <placeholder type=\"programlisting\" id=\"0\"/> or " @@ -4685,29 +4700,30 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4122 +#: sssd.conf.5.xml:4137 msgid "proxy_pam_target (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4125 +#: sssd.conf.5.xml:4140 msgid "The proxy target PAM proxies to." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4128 +#: sssd.conf.5.xml:4143 msgid "" "Default: not set by default, you have to take an existing pam configuration " -"or create a new one and add the service name here." +"or create a new one and add the service name here. As an alternative you can " +"enable local authentication with the local_auth_policy option." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4136 +#: sssd.conf.5.xml:4153 msgid "proxy_lib_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4139 +#: sssd.conf.5.xml:4156 msgid "" "The name of the NSS library to use in proxy domains. The NSS functions " "searched for in the library are in the form of _nss_$(libName)_$(function), " @@ -4715,12 +4731,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4149 +#: sssd.conf.5.xml:4166 msgid "proxy_resolver_lib_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4152 +#: sssd.conf.5.xml:4169 msgid "" "The name of the NSS library to use for hosts and networks lookups in proxy " "domains. The NSS functions searched for in the library are in the form of " @@ -4728,12 +4744,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4163 +#: sssd.conf.5.xml:4180 msgid "proxy_fast_alias (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4166 +#: sssd.conf.5.xml:4183 msgid "" "When a user or group is looked up by name in the proxy provider, a second " "lookup by ID is performed to \"canonicalize\" the name in case the requested " @@ -4742,12 +4758,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4180 +#: sssd.conf.5.xml:4197 msgid "proxy_max_children (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4183 +#: sssd.conf.5.xml:4200 msgid "" "This option specifies the number of pre-forked proxy children. It is useful " "for high-load SSSD environments where sssd may run out of available child " @@ -4755,19 +4771,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4118 +#: sssd.conf.5.xml:4133 msgid "" "Options valid for proxy domains. <placeholder type=\"variablelist\" " "id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:4199 +#: sssd.conf.5.xml:4216 msgid "Application domains" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4201 +#: sssd.conf.5.xml:4218 msgid "" "SSSD, with its D-Bus interface (see <citerefentry> <refentrytitle>sssd-ifp</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry>) is appealing to " @@ -4784,7 +4800,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4221 +#: sssd.conf.5.xml:4238 msgid "" "Please note that the application domain must still be explicitly enabled in " "the <quote>domains</quote> parameter so that the lookup order between the " @@ -4792,17 +4808,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> -#: sssd.conf.5.xml:4227 +#: sssd.conf.5.xml:4244 msgid "Application domain parameters" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4229 +#: sssd.conf.5.xml:4246 msgid "inherit_from (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4232 +#: sssd.conf.5.xml:4249 msgid "" "The SSSD POSIX-type domain the application domain inherits all settings " "from. The application domain can moreover add its own settings to the " @@ -4811,7 +4827,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4246 +#: sssd.conf.5.xml:4263 msgid "" "The following example illustrates the use of an application domain. In this " "setup, the POSIX domain is connected to an LDAP server and is used by the OS " @@ -4821,7 +4837,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><programlisting> -#: sssd.conf.5.xml:4254 +#: sssd.conf.5.xml:4271 #, no-wrap msgid "" "[sssd]\n" @@ -4841,12 +4857,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4274 +#: sssd.conf.5.xml:4291 msgid "TRUSTED DOMAIN SECTION" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4276 +#: sssd.conf.5.xml:4293 msgid "" "Some options used in the domain section can also be used in the trusted " "domain section, that is, in a section called <quote>[domain/" @@ -4857,69 +4873,69 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4283 +#: sssd.conf.5.xml:4300 msgid "ldap_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4284 +#: sssd.conf.5.xml:4301 msgid "ldap_user_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4285 +#: sssd.conf.5.xml:4302 msgid "ldap_group_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4286 +#: sssd.conf.5.xml:4303 msgid "ldap_netgroup_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4287 +#: sssd.conf.5.xml:4304 msgid "ldap_service_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4288 +#: sssd.conf.5.xml:4305 msgid "ldap_sasl_mech," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4289 +#: sssd.conf.5.xml:4306 msgid "ad_server," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4290 +#: sssd.conf.5.xml:4307 msgid "ad_backup_server," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4291 +#: sssd.conf.5.xml:4308 msgid "ad_site," msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4292 sssd-ipa.5.xml:879 +#: sssd.conf.5.xml:4309 sssd-ipa.5.xml:884 msgid "use_fully_qualified_names" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4296 +#: sssd.conf.5.xml:4313 msgid "" "For more details about these options see their individual description in the " "manual page." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4302 +#: sssd.conf.5.xml:4319 msgid "CERTIFICATE MAPPING SECTION" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4304 +#: sssd.conf.5.xml:4321 msgid "" "To allow authentication with Smartcards and certificates SSSD must be able " "to map certificates to users. This can be done by adding the full " @@ -4932,7 +4948,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4318 +#: sssd.conf.5.xml:4335 msgid "" "To make the mapping more flexible mapping and matching rules were added to " "SSSD (see <citerefentry> <refentrytitle>sss-certmap</refentrytitle> " @@ -4940,7 +4956,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4327 +#: sssd.conf.5.xml:4344 msgid "" "A mapping and matching rule can be added to the SSSD configuration in a " "section on its own with a name like <quote>[certmap/" @@ -4949,55 +4965,55 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4334 +#: sssd.conf.5.xml:4351 msgid "matchrule (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4337 +#: sssd.conf.5.xml:4354 msgid "" "Only certificates from the Smartcard which matches this rule will be " "processed, all others are ignored." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4341 +#: sssd.conf.5.xml:4358 msgid "" "Default: KRB5:<EKU>clientAuth, i.e. only certificates which have the " "Extended Key Usage <quote>clientAuth</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4348 +#: sssd.conf.5.xml:4365 msgid "maprule (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4351 +#: sssd.conf.5.xml:4368 msgid "Defines how the user is found for a given certificate." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4357 +#: sssd.conf.5.xml:4374 msgid "" "LDAP:(userCertificate;binary={cert!bin}) for LDAP based providers like " "<quote>ldap</quote>, <quote>AD</quote> or <quote>ipa</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4363 +#: sssd.conf.5.xml:4380 msgid "" "The RULE_NAME for the <quote>files</quote> provider which tries to find a " "user with the same name." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4372 +#: sssd.conf.5.xml:4389 msgid "domains (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4375 +#: sssd.conf.5.xml:4392 msgid "" "Comma separated list of domain names the rule should be applied. By default " "a rule is only valid in the domain configured in sssd.conf. If the provider " @@ -5006,17 +5022,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4382 +#: sssd.conf.5.xml:4399 msgid "Default: the configured domain in sssd.conf" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4387 +#: sssd.conf.5.xml:4404 msgid "priority (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4390 +#: sssd.conf.5.xml:4407 msgid "" "Unsigned integer value defining the priority of the rule. The higher the " "number the lower the priority. <quote>0</quote> stands for the highest " @@ -5024,26 +5040,26 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4396 +#: sssd.conf.5.xml:4413 msgid "Default: the lowest priority" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4402 +#: sssd.conf.5.xml:4419 msgid "" "To make the configuration simple and reduce the amount of configuration " "options the <quote>files</quote> provider has some special properties:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4408 +#: sssd.conf.5.xml:4425 msgid "" "if maprule is not set the RULE_NAME name is assumed to be the name of the " "matching user" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4414 +#: sssd.conf.5.xml:4431 msgid "" "if a maprule is used both a single user name or a template like " "<quote>{subject_rfc822_name.short_name}</quote> must be in braces like e.g. " @@ -5052,17 +5068,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4423 +#: sssd.conf.5.xml:4440 msgid "the <quote>domains</quote> option is ignored" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4431 +#: sssd.conf.5.xml:4448 msgid "PROMPTING CONFIGURATION SECTION" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4433 +#: sssd.conf.5.xml:4450 msgid "" "If a special file (<filename>/var/lib/sss/pubconf/pam_preauth_available</" "filename>) exists SSSD's PAM module pam_sss will ask SSSD to figure out " @@ -5072,7 +5088,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4441 +#: sssd.conf.5.xml:4458 msgid "" "With the growing number of authentication methods and the possibility that " "there are multiple ones for a single user the heuristic used by pam_sss to " @@ -5081,59 +5097,59 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4453 +#: sssd.conf.5.xml:4470 msgid "[prompting/password]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4456 +#: sssd.conf.5.xml:4473 msgid "password_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4457 +#: sssd.conf.5.xml:4474 msgid "to change the string of the password prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4455 +#: sssd.conf.5.xml:4472 msgid "" "to configure password prompting, allowed options are: <placeholder " "type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4465 +#: sssd.conf.5.xml:4482 msgid "[prompting/2fa]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4469 +#: sssd.conf.5.xml:4486 msgid "first_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4470 +#: sssd.conf.5.xml:4487 msgid "to change the string of the prompt for the first factor" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4473 +#: sssd.conf.5.xml:4490 msgid "second_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4474 +#: sssd.conf.5.xml:4491 msgid "to change the string of the prompt for the second factor" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4477 +#: sssd.conf.5.xml:4494 msgid "single_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4478 +#: sssd.conf.5.xml:4495 msgid "" "boolean value, if True there will be only a single prompt using the value of " "first_prompt where it is expected that both factors are entered as a single " @@ -5142,7 +5158,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4467 +#: sssd.conf.5.xml:4484 msgid "" "to configure two-factor authentication prompting, allowed options are: " "<placeholder type=\"variablelist\" id=\"0\"/> If the second factor is " @@ -5151,17 +5167,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4495 +#: sssd.conf.5.xml:4512 msgid "[prompting/passkey]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4501 sssd-ad.5.xml:1021 +#: sssd.conf.5.xml:4518 sssd-ad.5.xml:1021 msgid "interactive" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4503 +#: sssd.conf.5.xml:4520 msgid "" "boolean value, if True prompt a message and wait before testing the presence " "of a passkey device. Recommended if your device doesn’t have a tactile " @@ -5169,46 +5185,46 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4511 +#: sssd.conf.5.xml:4528 msgid "interactive_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4513 +#: sssd.conf.5.xml:4530 msgid "to change the message of the interactive prompt." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4518 +#: sssd.conf.5.xml:4535 msgid "touch" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4520 +#: sssd.conf.5.xml:4537 msgid "" "boolean value, if True prompt a message to remind the user to touch the " "device." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4526 +#: sssd.conf.5.xml:4543 msgid "touch_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4528 +#: sssd.conf.5.xml:4545 msgid "to change the message of the touch prompt." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4497 +#: sssd.conf.5.xml:4514 msgid "" "to configure passkey authentication prompting, allowed options are: " "<placeholder type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4448 +#: sssd.conf.5.xml:4465 msgid "" "Each supported authentication method has its own configuration subsection " "under <quote>[prompting/...]</quote>. Currently there are: <placeholder " @@ -5217,7 +5233,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4539 +#: sssd.conf.5.xml:4556 msgid "" "It is possible to add a subsection for specific PAM services, e.g. " "<quote>[prompting/password/sshd]</quote> to individual change the prompting " @@ -5225,12 +5241,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4546 pam_sss_gss.8.xml:157 idmap_sss.8.xml:43 +#: sssd.conf.5.xml:4563 pam_sss_gss.8.xml:157 idmap_sss.8.xml:43 msgid "EXAMPLES" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4552 +#: sssd.conf.5.xml:4569 #, no-wrap msgid "" "[sssd]\n" @@ -5260,7 +5276,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4548 +#: sssd.conf.5.xml:4565 msgid "" "1. The following example shows a typical SSSD config. It does not describe " "configuration of the domains themselves - refer to documentation on " @@ -5269,7 +5285,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4585 +#: sssd.conf.5.xml:4602 #, no-wrap msgid "" "[domain/ipa.com/child.ad.com]\n" @@ -5277,7 +5293,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4579 +#: sssd.conf.5.xml:4596 msgid "" "2. The following example shows configuration of IPA AD trust where the AD " "forest consists of two domains in a parent-child structure. Suppose IPA " @@ -5288,7 +5304,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4596 +#: sssd.conf.5.xml:4613 #, no-wrap msgid "" "[certmap/my.domain/rule_name]\n" @@ -5299,7 +5315,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4590 +#: sssd.conf.5.xml:4607 msgid "" "3. The following example shows the configuration of a certificate mapping " "rule. It is valid for the configured domain <quote>my.domain</quote> and " @@ -5353,26 +5369,26 @@ msgid "" "LDAP back end supports id, auth, access and chpass providers. If you want to " "authenticate against an LDAP server either TLS/SSL or LDAPS is required. " "<command>sssd</command> <emphasis>does not</emphasis> support authentication " -"over an unencrypted channel. If the LDAP server is used only as an identity " -"provider, an encrypted channel is not needed. Please refer to " -"<quote>ldap_access_filter</quote> config option for more information about " -"using LDAP as an access provider." +"over an unencrypted channel. Even if the LDAP server is used only as an " +"identity provider, an encrypted channel is strongly recommended. Please " +"refer to <quote>ldap_access_filter</quote> config option for more " +"information about using LDAP as an access provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:82 sssd-ad.5.xml:130 +#: sssd-ldap.5.xml:50 sssd-simple.5.xml:69 sssd-ipa.5.xml:82 sssd-ad.5.xml:130 #: sssd-krb5.5.xml:63 sssd-ifp.5.xml:60 sssd-files.5.xml:77 #: sssd-session-recording.5.xml:58 sssd-kcm.8.xml:202 msgid "CONFIGURATION OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:66 +#: sssd-ldap.5.xml:67 msgid "ldap_uri, ldap_backup_uri (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:69 +#: sssd-ldap.5.xml:70 msgid "" "Specifies the comma-separated list of URIs of the LDAP servers to which SSSD " "should connect in the order of preference. Refer to the <quote>FAILOVER</" @@ -5382,33 +5398,33 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:76 +#: sssd-ldap.5.xml:77 msgid "The format of the URI must match the format defined in RFC 2732:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:79 +#: sssd-ldap.5.xml:80 msgid "ldap[s]://<host>[:port]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:82 +#: sssd-ldap.5.xml:83 msgid "" "For explicit IPv6 addresses, <host> must be enclosed in brackets []" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:85 +#: sssd-ldap.5.xml:86 msgid "example: ldap://[fc00::126:25]:389" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:91 +#: sssd-ldap.5.xml:92 msgid "ldap_chpass_uri, ldap_chpass_backup_uri (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:94 +#: sssd-ldap.5.xml:95 msgid "" "Specifies the comma-separated list of URIs of the LDAP servers to which SSSD " "should connect in the order of preference to change the password of a user. " @@ -5417,71 +5433,71 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:101 +#: sssd-ldap.5.xml:102 msgid "To enable service discovery ldap_chpass_dns_service_name must be set." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:105 +#: sssd-ldap.5.xml:106 msgid "Default: empty, i.e. ldap_uri is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:111 +#: sssd-ldap.5.xml:112 msgid "ldap_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:114 +#: sssd-ldap.5.xml:115 msgid "The default base DN to use for performing LDAP user operations." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:118 +#: sssd-ldap.5.xml:119 msgid "" "Starting with SSSD 1.7.0, SSSD supports multiple search bases using the " "syntax:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:122 +#: sssd-ldap.5.xml:123 msgid "search_base[?scope?[filter][?search_base?scope?[filter]]*]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:125 +#: sssd-ldap.5.xml:126 msgid "The scope can be one of \"base\", \"onelevel\" or \"subtree\"." msgstr "" #. type: Content of: <listitem><para> -#: sssd-ldap.5.xml:128 include/ldap_search_bases.xml:18 +#: sssd-ldap.5.xml:129 include/ldap_search_bases.xml:18 msgid "" "The filter must be a valid LDAP search filter as specified by http://www." "ietf.org/rfc/rfc2254.txt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:132 sssd-ad.5.xml:311 sss_override.8.xml:143 +#: sssd-ldap.5.xml:133 sssd-ad.5.xml:311 sss_override.8.xml:143 #: sss_override.8.xml:240 sssd-ldap-attributes.5.xml:453 msgid "Examples:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:135 +#: sssd-ldap.5.xml:136 msgid "" "ldap_search_base = dc=example,dc=com (which is equivalent to) " "ldap_search_base = dc=example,dc=com?subtree?" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:140 +#: sssd-ldap.5.xml:141 msgid "" "ldap_search_base = cn=host_specific,dc=example,dc=com?subtree?" "(host=thishost)?dc=example.com?subtree?" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:143 +#: sssd-ldap.5.xml:144 msgid "" "Note: It is unsupported to have multiple search bases which reference " "identically-named objects (for example, groups with the same name in two " @@ -5490,7 +5506,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:150 +#: sssd-ldap.5.xml:151 msgid "" "Default: If not set, the value of the defaultNamingContext or namingContexts " "attribute from the RootDSE of the LDAP server is used. If " @@ -5501,12 +5517,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:164 +#: sssd-ldap.5.xml:165 msgid "ldap_schema (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:167 +#: sssd-ldap.5.xml:168 msgid "" "Specifies the Schema Type in use on the target LDAP server. Depending on " "the selected schema, the default attribute names retrieved from the servers " @@ -5514,32 +5530,32 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:174 +#: sssd-ldap.5.xml:175 msgid "Four schema types are currently supported:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:178 +#: sssd-ldap.5.xml:179 msgid "rfc2307" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:183 +#: sssd-ldap.5.xml:184 msgid "rfc2307bis" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:188 +#: sssd-ldap.5.xml:189 msgid "IPA" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:193 +#: sssd-ldap.5.xml:194 msgid "AD" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:199 +#: sssd-ldap.5.xml:200 msgid "" "The main difference between these schema types is how group memberships are " "recorded in the server. With rfc2307, group members are listed by name in " @@ -5550,37 +5566,37 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:209 +#: sssd-ldap.5.xml:210 msgid "Default: rfc2307" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:215 +#: sssd-ldap.5.xml:216 msgid "ldap_pwmodify_mode (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:218 +#: sssd-ldap.5.xml:219 msgid "Specify the operation that is used to modify user password." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:222 +#: sssd-ldap.5.xml:223 msgid "Two modes are currently supported:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:226 +#: sssd-ldap.5.xml:227 msgid "exop - Password Modify Extended Operation (RFC 3062)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:232 +#: sssd-ldap.5.xml:233 msgid "ldap_modify - Direct modification of userPassword (not recommended)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:239 +#: sssd-ldap.5.xml:240 msgid "" "Note: First, a new connection is established to verify current password by " "binding as the user that requested password change. If successful, this " @@ -5589,74 +5605,74 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:247 +#: sssd-ldap.5.xml:248 msgid "Default: exop" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:253 +#: sssd-ldap.5.xml:254 msgid "ldap_default_bind_dn (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:256 +#: sssd-ldap.5.xml:257 msgid "The default bind DN to use for performing LDAP operations." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:263 +#: sssd-ldap.5.xml:264 msgid "ldap_default_authtok_type (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:266 +#: sssd-ldap.5.xml:267 msgid "The type of the authentication token of the default bind DN." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:270 +#: sssd-ldap.5.xml:271 msgid "The two mechanisms currently supported are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:273 +#: sssd-ldap.5.xml:274 msgid "password" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:276 +#: sssd-ldap.5.xml:277 msgid "obfuscated_password" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:279 +#: sssd-ldap.5.xml:280 msgid "Default: password" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:282 +#: sssd-ldap.5.xml:283 msgid "" "See the <citerefentry> <refentrytitle>sss_obfuscate</refentrytitle> " "<manvolnum>8</manvolnum> </citerefentry> manual page for more information." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:293 +#: sssd-ldap.5.xml:294 msgid "ldap_default_authtok (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:296 +#: sssd-ldap.5.xml:297 msgid "The authentication token of the default bind DN." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:302 +#: sssd-ldap.5.xml:303 msgid "ldap_force_upper_case_realm (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:305 +#: sssd-ldap.5.xml:306 msgid "" "Some directory servers, for example Active Directory, might deliver the " "realm part of the UPN in lower case, which might cause the authentication to " @@ -5665,24 +5681,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:318 +#: sssd-ldap.5.xml:319 msgid "ldap_enumeration_refresh_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:321 +#: sssd-ldap.5.xml:322 msgid "" "Specifies how many seconds SSSD has to wait before refreshing its cache of " "enumerated records." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:337 +#: sssd-ldap.5.xml:338 msgid "ldap_purge_cache_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:340 +#: sssd-ldap.5.xml:341 msgid "" "Determine how often to check the cache for inactive entries (such as groups " "with no members and users who have never logged in) and remove them to save " @@ -5690,7 +5706,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:346 +#: sssd-ldap.5.xml:347 msgid "" "Setting this option to zero will disable the cache cleanup operation. Please " "note that if enumeration is enabled, the cleanup task is required in order " @@ -5699,12 +5715,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:366 +#: sssd-ldap.5.xml:367 msgid "ldap_group_nesting_level (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:369 +#: sssd-ldap.5.xml:370 msgid "" "If ldap_schema is set to a schema format that supports nested groups (e.g. " "RFC2307bis), then this option controls how many levels of nesting SSSD will " @@ -5712,7 +5728,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:376 +#: sssd-ldap.5.xml:377 msgid "" "Note: This option specifies the guaranteed level of nested groups to be " "processed for any lookup. However, nested groups beyond this limit " @@ -5722,7 +5738,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:385 +#: sssd-ldap.5.xml:386 msgid "" "If ldap_group_nesting_level is set to 0 then no nested groups are processed " "at all. However, when connected to Active-Directory Server 2008 and later " @@ -5732,67 +5748,67 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:394 +#: sssd-ldap.5.xml:395 msgid "Default: 2" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:403 +#: sssd-ldap.5.xml:404 msgid "" "This options enables or disables use of Token-Groups attribute when " "performing initgroup for users from Active Directory Server 2008 and later." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:413 +#: sssd-ldap.5.xml:414 msgid "Default: True for AD and IPA otherwise False." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:419 +#: sssd-ldap.5.xml:420 msgid "ldap_host_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:422 +#: sssd-ldap.5.xml:423 msgid "Optional. Use the given string as search base for host objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:426 sssd-ipa.5.xml:457 sssd-ipa.5.xml:476 sssd-ipa.5.xml:495 -#: sssd-ipa.5.xml:514 +#: sssd-ldap.5.xml:427 sssd-ipa.5.xml:462 sssd-ipa.5.xml:481 sssd-ipa.5.xml:500 +#: sssd-ipa.5.xml:519 msgid "" "See <quote>ldap_search_base</quote> for information about configuring " "multiple search bases." msgstr "" #. type: Content of: <listitem><para> -#: sssd-ldap.5.xml:431 sssd-ipa.5.xml:462 include/ldap_search_bases.xml:27 +#: sssd-ldap.5.xml:432 sssd-ipa.5.xml:467 include/ldap_search_bases.xml:27 msgid "Default: the value of <emphasis>ldap_search_base</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:438 +#: sssd-ldap.5.xml:439 msgid "ldap_service_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:443 +#: sssd-ldap.5.xml:444 msgid "ldap_iphost_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:448 +#: sssd-ldap.5.xml:449 msgid "ldap_ipnetwork_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:453 +#: sssd-ldap.5.xml:454 msgid "ldap_search_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:456 +#: sssd-ldap.5.xml:457 msgid "" "Specifies the timeout (in seconds) that ldap searches are allowed to run " "before they are cancelled and cached results are returned (and offline mode " @@ -5800,7 +5816,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:462 +#: sssd-ldap.5.xml:463 msgid "" "Note: this option is subject to change in future versions of the SSSD. It " "will likely be replaced at some point by a series of timeouts for specific " @@ -5808,12 +5824,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:479 +#: sssd-ldap.5.xml:480 msgid "ldap_enumeration_search_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:482 +#: sssd-ldap.5.xml:483 msgid "" "Specifies the timeout (in seconds) that ldap searches for user and group " "enumerations are allowed to run before they are cancelled and cached results " @@ -5821,12 +5837,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:500 +#: sssd-ldap.5.xml:501 msgid "ldap_network_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:503 +#: sssd-ldap.5.xml:504 msgid "" "Specifies the timeout (in seconds) after which the <citerefentry> " "<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/" @@ -5837,12 +5853,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:531 +#: sssd-ldap.5.xml:532 msgid "ldap_opt_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:534 +#: sssd-ldap.5.xml:535 msgid "" "Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs " "will abort if no response is received. Also controls the timeout when " @@ -5851,12 +5867,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:554 +#: sssd-ldap.5.xml:555 msgid "ldap_connection_expire_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:557 +#: sssd-ldap.5.xml:558 msgid "" "Specifies a timeout (in seconds) that a connection to an LDAP server will be " "maintained. After this time, the connection will be re-established. If used " @@ -5865,7 +5881,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:565 +#: sssd-ldap.5.xml:566 msgid "" "If the connection is idle (not actively running an operation) within " "<emphasis>ldap_opt_timeout</emphasis> seconds of expiration, then it will be " @@ -5876,36 +5892,36 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:577 +#: sssd-ldap.5.xml:578 msgid "" "This timeout can be extended of a random value specified by " "<emphasis>ldap_connection_expire_offset</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:587 sssd-ldap.5.xml:630 sssd-ldap.5.xml:1711 +#: sssd-ldap.5.xml:588 sssd-ldap.5.xml:631 sssd-ldap.5.xml:1713 msgid "Default: 900 (15 minutes)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:593 +#: sssd-ldap.5.xml:594 msgid "ldap_connection_expire_offset (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:596 +#: sssd-ldap.5.xml:597 msgid "" "Random offset between 0 and configured value is added to " "<emphasis>ldap_connection_expire_timeout</emphasis>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:612 +#: sssd-ldap.5.xml:613 msgid "ldap_connection_idle_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:615 +#: sssd-ldap.5.xml:616 msgid "" "Specifies a timeout (in seconds) that an idle connection to an LDAP server " "will be maintained. If the connection is idle for more than this time then " @@ -5913,29 +5929,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:621 +#: sssd-ldap.5.xml:622 msgid "You can disable this timeout by setting the value to 0." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:636 +#: sssd-ldap.5.xml:637 msgid "ldap_page_size (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:639 +#: sssd-ldap.5.xml:640 msgid "" "Specify the number of records to retrieve from LDAP in a single request. " "Some LDAP servers enforce a maximum limit per-request." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:650 +#: sssd-ldap.5.xml:651 msgid "ldap_disable_paging (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:653 +#: sssd-ldap.5.xml:654 msgid "" "Disable the LDAP paging control. This option should be used if the LDAP " "server reports that it supports the LDAP paging control in its RootDSE but " @@ -5943,14 +5959,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:659 +#: sssd-ldap.5.xml:660 msgid "" "Example: OpenLDAP servers with the paging control module installed on the " "server but not enabled will report it in the RootDSE but be unable to use it." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:665 +#: sssd-ldap.5.xml:666 msgid "" "Example: 389 DS has a bug where it can only support a one paging control at " "a time on a single connection. On busy clients, this can result in some " @@ -5958,17 +5974,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:677 +#: sssd-ldap.5.xml:678 msgid "ldap_disable_range_retrieval (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:680 +#: sssd-ldap.5.xml:681 msgid "Disable Active Directory range retrieval." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:683 +#: sssd-ldap.5.xml:684 msgid "" "Active Directory limits the number of members to be retrieved in a single " "lookup using the MaxValRange policy (which defaults to 1500 members). If a " @@ -5978,12 +5994,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:698 +#: sssd-ldap.5.xml:699 msgid "ldap_sasl_minssf (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:701 +#: sssd-ldap.5.xml:702 msgid "" "When communicating with an LDAP server using SASL, specify the minimum " "security level necessary to establish the connection. The values of this " @@ -5991,17 +6007,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:707 sssd-ldap.5.xml:723 +#: sssd-ldap.5.xml:708 sssd-ldap.5.xml:724 msgid "Default: Use the system default (usually specified by ldap.conf)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:714 +#: sssd-ldap.5.xml:715 msgid "ldap_sasl_maxssf (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:717 +#: sssd-ldap.5.xml:718 msgid "" "When communicating with an LDAP server using SASL, specify the maximal " "security level necessary to establish the connection. The values of this " @@ -6009,12 +6025,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:730 +#: sssd-ldap.5.xml:731 msgid "ldap_deref_threshold (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:733 +#: sssd-ldap.5.xml:734 msgid "" "Specify the number of group members that must be missing from the internal " "cache in order to trigger a dereference lookup. If less members are missing, " @@ -6022,7 +6038,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:739 +#: sssd-ldap.5.xml:740 msgid "" "You can turn off dereference lookups completely by setting the value to 0. " "Please note that there are some codepaths in SSSD, like the IPA HBAC " @@ -6033,7 +6049,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:750 +#: sssd-ldap.5.xml:751 msgid "" "A dereference lookup is a means of fetching all group members in a single " "LDAP call. Different LDAP servers may implement different dereference " @@ -6042,7 +6058,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:758 +#: sssd-ldap.5.xml:759 msgid "" "<emphasis>Note:</emphasis> If any of the search bases specifies a search " "filter, then the dereference lookup performance enhancement will be disabled " @@ -6050,12 +6066,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:771 +#: sssd-ldap.5.xml:772 msgid "ldap_ignore_unreadable_references (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:774 +#: sssd-ldap.5.xml:775 msgid "" "Ignore unreadable LDAP entries referenced in group's member attribute. If " "this parameter is set to false an error will be returned and the operation " @@ -6063,7 +6079,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:781 +#: sssd-ldap.5.xml:782 msgid "" "This parameter may be useful when using the AD provider and the computer " "account that sssd uses to connect to AD does not have access to a particular " @@ -6071,26 +6087,26 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:794 +#: sssd-ldap.5.xml:795 msgid "ldap_tls_reqcert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:797 +#: sssd-ldap.5.xml:798 msgid "" "Specifies what checks to perform on server certificates in a TLS session, if " "any. It can be specified as one of the following values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:803 +#: sssd-ldap.5.xml:804 msgid "" "<emphasis>never</emphasis> = The client will not request or check any server " "certificate." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:807 +#: sssd-ldap.5.xml:808 msgid "" "<emphasis>allow</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -6098,7 +6114,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:814 +#: sssd-ldap.5.xml:815 msgid "" "<emphasis>try</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -6106,7 +6122,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:820 +#: sssd-ldap.5.xml:821 msgid "" "<emphasis>demand</emphasis> = The server certificate is requested. If no " "certificate is provided, or a bad certificate is provided, the session is " @@ -6114,41 +6130,41 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:826 +#: sssd-ldap.5.xml:827 msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:830 +#: sssd-ldap.5.xml:831 msgid "Default: hard" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:836 +#: sssd-ldap.5.xml:837 msgid "ldap_tls_cacert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:839 +#: sssd-ldap.5.xml:840 msgid "" "Specifies the file that contains certificates for all of the Certificate " "Authorities that <command>sssd</command> will recognize." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:844 sssd-ldap.5.xml:862 sssd-ldap.5.xml:903 +#: sssd-ldap.5.xml:845 sssd-ldap.5.xml:863 sssd-ldap.5.xml:904 msgid "" "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap." "conf</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:851 +#: sssd-ldap.5.xml:852 msgid "ldap_tls_cacertdir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:854 +#: sssd-ldap.5.xml:855 msgid "" "Specifies the path of a directory that contains Certificate Authority " "certificates in separate individual files. Typically the file names need to " @@ -6157,32 +6173,32 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:869 +#: sssd-ldap.5.xml:870 msgid "ldap_tls_cert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:872 +#: sssd-ldap.5.xml:873 msgid "Specifies the file that contains the certificate for the client's key." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:882 +#: sssd-ldap.5.xml:883 msgid "ldap_tls_key (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:885 +#: sssd-ldap.5.xml:886 msgid "Specifies the file that contains the client's key." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:894 +#: sssd-ldap.5.xml:895 msgid "ldap_tls_cipher_suite (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:897 +#: sssd-ldap.5.xml:898 msgid "" "Specifies acceptable cipher suites. Typically this is a colon separated " "list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> " @@ -6190,24 +6206,25 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:910 +#: sssd-ldap.5.xml:911 msgid "ldap_id_use_start_tls (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:913 +#: sssd-ldap.5.xml:914 msgid "" "Specifies that the id_provider connection must also use <systemitem " -"class=\"protocol\">tls</systemitem> to protect the channel." +"class=\"protocol\">tls</systemitem> to protect the channel. <emphasis>true</" +"emphasis> is strongly recommended for security reasons." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:923 +#: sssd-ldap.5.xml:925 msgid "ldap_id_mapping (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:926 +#: sssd-ldap.5.xml:928 msgid "" "Specifies that SSSD should attempt to map user and group IDs from the " "ldap_user_objectsid and ldap_group_objectsid attributes instead of relying " @@ -6215,17 +6232,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:932 +#: sssd-ldap.5.xml:934 msgid "Currently this feature supports only ActiveDirectory objectSID mapping." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:942 +#: sssd-ldap.5.xml:944 msgid "ldap_min_id, ldap_max_id (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:945 +#: sssd-ldap.5.xml:947 msgid "" "In contrast to the SID based ID mapping which is used if ldap_id_mapping is " "set to true the allowed ID range for ldap_user_uid_number and " @@ -6236,24 +6253,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:957 +#: sssd-ldap.5.xml:959 msgid "Default: not set (both options are set to 0)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:963 +#: sssd-ldap.5.xml:965 msgid "ldap_sasl_mech (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:966 +#: sssd-ldap.5.xml:968 msgid "" "Specify the SASL mechanism to use. Currently only GSSAPI and GSS-SPNEGO are " "tested and supported." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:970 +#: sssd-ldap.5.xml:972 msgid "" "If the backend supports sub-domains the value of ldap_sasl_mech is " "automatically inherited to the sub-domains. If a different value is needed " @@ -6264,12 +6281,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:986 +#: sssd-ldap.5.xml:988 msgid "ldap_sasl_authid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd-ldap.5.xml:998 +#: sssd-ldap.5.xml:1000 #, no-wrap msgid "" "hostname@REALM\n" @@ -6282,7 +6299,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:989 +#: sssd-ldap.5.xml:991 msgid "" "Specify the SASL authorization id to use. When GSSAPI/GSS-SPNEGO are used, " "this represents the Kerberos principal used for authentication to the " @@ -6294,17 +6311,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1009 +#: sssd-ldap.5.xml:1011 msgid "Default: host/hostname@REALM" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1015 +#: sssd-ldap.5.xml:1017 msgid "ldap_sasl_realm (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1018 +#: sssd-ldap.5.xml:1020 msgid "" "Specify the SASL realm to use. When not specified, this option defaults to " "the value of krb5_realm. If the ldap_sasl_authid contains the realm as " @@ -6312,49 +6329,49 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1024 +#: sssd-ldap.5.xml:1026 msgid "Default: the value of krb5_realm." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1030 +#: sssd-ldap.5.xml:1032 msgid "ldap_sasl_canonicalize (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1033 +#: sssd-ldap.5.xml:1035 msgid "" "If set to true, the LDAP library would perform a reverse lookup to " "canonicalize the host name during a SASL bind." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1038 +#: sssd-ldap.5.xml:1040 msgid "Default: false;" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1044 +#: sssd-ldap.5.xml:1046 msgid "ldap_krb5_keytab (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1047 +#: sssd-ldap.5.xml:1049 msgid "Specify the keytab to use when using SASL/GSSAPI/GSS-SPNEGO." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1056 sssd-krb5.5.xml:247 +#: sssd-ldap.5.xml:1058 sssd-krb5.5.xml:247 msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1062 +#: sssd-ldap.5.xml:1064 msgid "ldap_krb5_init_creds (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1065 +#: sssd-ldap.5.xml:1067 msgid "" "Specifies that the id_provider should init Kerberos credentials (TGT). This " "action is performed only if SASL is used and the mechanism selected is " @@ -6362,28 +6379,28 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1077 +#: sssd-ldap.5.xml:1079 msgid "ldap_krb5_ticket_lifetime (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1080 +#: sssd-ldap.5.xml:1082 msgid "" "Specifies the lifetime in seconds of the TGT if GSSAPI or GSS-SPNEGO is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1089 sssd-ad.5.xml:1252 +#: sssd-ldap.5.xml:1091 sssd-ad.5.xml:1252 msgid "Default: 86400 (24 hours)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1095 sssd-krb5.5.xml:74 +#: sssd-ldap.5.xml:1097 sssd-krb5.5.xml:74 msgid "krb5_server, krb5_backup_server (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1098 +#: sssd-ldap.5.xml:1100 msgid "" "Specifies the comma-separated list of IP addresses or hostnames of the " "Kerberos servers to which SSSD should connect in the order of preference. " @@ -6395,7 +6412,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1110 sssd-krb5.5.xml:89 +#: sssd-ldap.5.xml:1112 sssd-krb5.5.xml:89 msgid "" "When using service discovery for KDC or kpasswd servers, SSSD first searches " "for DNS entries that specify _udp as the protocol and falls back to _tcp if " @@ -6403,7 +6420,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1115 sssd-krb5.5.xml:94 +#: sssd-ldap.5.xml:1117 sssd-krb5.5.xml:94 msgid "" "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. " "While the legacy name is recognized for the time being, users are advised to " @@ -6411,39 +6428,39 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1124 sssd-ipa.5.xml:526 sssd-krb5.5.xml:103 +#: sssd-ldap.5.xml:1126 sssd-ipa.5.xml:531 sssd-krb5.5.xml:103 msgid "krb5_realm (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1127 +#: sssd-ldap.5.xml:1129 msgid "Specify the Kerberos REALM (for SASL/GSSAPI/GSS-SPNEGO auth)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1131 +#: sssd-ldap.5.xml:1133 msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>" msgstr "" #. type: Content of: <variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1137 include/krb5_options.xml:154 +#: sssd-ldap.5.xml:1139 include/krb5_options.xml:154 msgid "krb5_canonicalize (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1140 +#: sssd-ldap.5.xml:1142 msgid "" "Specifies if the host principal should be canonicalized when connecting to " "LDAP server. This feature is available with MIT Kerberos >= 1.7" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1152 sssd-krb5.5.xml:336 +#: sssd-ldap.5.xml:1154 sssd-krb5.5.xml:336 msgid "krb5_use_kdcinfo (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1155 sssd-krb5.5.xml:339 +#: sssd-ldap.5.xml:1157 sssd-krb5.5.xml:339 msgid "" "Specifies if the SSSD should instruct the Kerberos libraries what realm and " "which KDCs to use. This option is on by default, if you disable it, you need " @@ -6453,7 +6470,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1166 sssd-krb5.5.xml:350 +#: sssd-ldap.5.xml:1168 sssd-krb5.5.xml:350 msgid "" "See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</" "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more " @@ -6461,26 +6478,26 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1180 +#: sssd-ldap.5.xml:1182 msgid "ldap_pwd_policy (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1183 +#: sssd-ldap.5.xml:1185 msgid "" "Select the policy to evaluate the password expiration on the client side. " "The following values are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1188 +#: sssd-ldap.5.xml:1190 msgid "" "<emphasis>none</emphasis> - No evaluation on the client side. This option " "cannot disable server-side password policies." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1193 +#: sssd-ldap.5.xml:1195 msgid "" "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</" "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to " @@ -6489,7 +6506,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1201 +#: sssd-ldap.5.xml:1203 msgid "" "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos " "to determine if the password has expired. Use chpass_provider=krb5 to update " @@ -6497,31 +6514,31 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1210 +#: sssd-ldap.5.xml:1212 msgid "" "<emphasis>Note</emphasis>: if a password policy is configured on server " "side, it always takes precedence over policy set with this option." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1218 +#: sssd-ldap.5.xml:1220 msgid "ldap_referrals (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1221 +#: sssd-ldap.5.xml:1223 msgid "Specifies whether automatic referral chasing should be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1225 +#: sssd-ldap.5.xml:1227 msgid "" "Please note that sssd only supports referral chasing when it is compiled " "with OpenLDAP version 2.4.13 or higher." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1230 +#: sssd-ldap.5.xml:1232 msgid "" "Chasing referrals may incur a performance penalty in environments that use " "them heavily, a notable example is Microsoft Active Directory. If your setup " @@ -6534,51 +6551,51 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1249 +#: sssd-ldap.5.xml:1251 msgid "ldap_dns_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1252 +#: sssd-ldap.5.xml:1254 msgid "Specifies the service name to use when service discovery is enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1256 +#: sssd-ldap.5.xml:1258 msgid "Default: ldap" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1262 +#: sssd-ldap.5.xml:1264 msgid "ldap_chpass_dns_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1265 +#: sssd-ldap.5.xml:1267 msgid "" "Specifies the service name to use to find an LDAP server which allows " "password changes when service discovery is enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1270 +#: sssd-ldap.5.xml:1272 msgid "Default: not set, i.e. service discovery is disabled" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1276 +#: sssd-ldap.5.xml:1278 msgid "ldap_chpass_update_last_change (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1279 +#: sssd-ldap.5.xml:1281 msgid "" "Specifies whether to update the ldap_user_shadow_last_change attribute with " "days since the Epoch after a password change operation." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1285 +#: sssd-ldap.5.xml:1287 msgid "" "It is recommend to set this option explicitly if \"ldap_pwd_policy = " "shadow\" is used to let SSSD know if the LDAP server will update " @@ -6587,12 +6604,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1299 +#: sssd-ldap.5.xml:1301 msgid "ldap_access_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1302 +#: sssd-ldap.5.xml:1304 msgid "" "If using access_provider = ldap and ldap_access_order = filter (default), " "this option is mandatory. It specifies an LDAP search filter criteria that " @@ -6608,12 +6625,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1322 +#: sssd-ldap.5.xml:1324 msgid "Example:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> -#: sssd-ldap.5.xml:1325 +#: sssd-ldap.5.xml:1327 #, no-wrap msgid "" "access_provider = ldap\n" @@ -6622,14 +6639,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1329 +#: sssd-ldap.5.xml:1331 msgid "" "This example means that access to this host is restricted to users whose " "employeeType attribute is set to \"admin\"." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1334 +#: sssd-ldap.5.xml:1336 msgid "" "Offline caching for this feature is limited to determining whether the " "user's last online login was granted access permission. If they were granted " @@ -6638,24 +6655,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1342 sssd-ldap.5.xml:1398 +#: sssd-ldap.5.xml:1344 sssd-ldap.5.xml:1400 msgid "Default: Empty" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1348 +#: sssd-ldap.5.xml:1350 msgid "ldap_account_expire_policy (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1351 +#: sssd-ldap.5.xml:1353 msgid "" "With this option a client side evaluation of access control attributes can " "be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1355 +#: sssd-ldap.5.xml:1357 msgid "" "Please note that it is always recommended to use server side access control, " "i.e. the LDAP server should deny the bind request with a suitable error code " @@ -6663,19 +6680,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1362 +#: sssd-ldap.5.xml:1364 msgid "The following values are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1365 +#: sssd-ldap.5.xml:1367 msgid "" "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to " "determine if the account is expired." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1370 +#: sssd-ldap.5.xml:1372 msgid "" "<emphasis>ad</emphasis>: use the value of the 32bit field " "ldap_user_ad_user_account_control and allow access if the second bit is not " @@ -6684,7 +6701,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1377 +#: sssd-ldap.5.xml:1379 msgid "" "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</" "emphasis>: use the value of ldap_ns_account_lock to check if access is " @@ -6692,7 +6709,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1383 +#: sssd-ldap.5.xml:1385 msgid "" "<emphasis>nds</emphasis>: the values of " "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and " @@ -6701,7 +6718,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1391 +#: sssd-ldap.5.xml:1393 msgid "" "Please note that the ldap_access_order configuration option <emphasis>must</" "emphasis> include <quote>expire</quote> in order for the " @@ -6709,22 +6726,22 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1404 +#: sssd-ldap.5.xml:1406 msgid "ldap_access_order (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1407 sssd-ipa.5.xml:351 +#: sssd-ldap.5.xml:1409 sssd-ipa.5.xml:356 msgid "Comma separated list of access control options. Allowed values are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1411 +#: sssd-ldap.5.xml:1413 msgid "<emphasis>filter</emphasis>: use ldap_access_filter" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1414 +#: sssd-ldap.5.xml:1416 msgid "" "<emphasis>lockout</emphasis>: use account locking. If set, this option " "denies access in case that ldap attribute 'pwdAccountLockedTime' is present " @@ -6734,14 +6751,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1424 +#: sssd-ldap.5.xml:1426 msgid "" "<emphasis> Please note that this option is superseded by the <quote>ppolicy</" "quote> option and might be removed in a future release. </emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1431 +#: sssd-ldap.5.xml:1433 msgid "" "<emphasis>ppolicy</emphasis>: use account locking. If set, this option " "denies access in case that ldap attribute 'pwdAccountLockedTime' is present " @@ -6754,12 +6771,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1448 +#: sssd-ldap.5.xml:1450 msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1452 sssd-ipa.5.xml:359 +#: sssd-ldap.5.xml:1454 sssd-ipa.5.xml:364 msgid "" "<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, " "pwd_expire_policy_renew: </emphasis> These options are useful if users are " @@ -6769,81 +6786,81 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1462 sssd-ipa.5.xml:369 +#: sssd-ldap.5.xml:1464 sssd-ipa.5.xml:374 msgid "" "The difference between these options is the action taken if user password is " "expired:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:1467 sssd-ipa.5.xml:374 +#: sssd-ldap.5.xml:1469 sssd-ipa.5.xml:379 msgid "pwd_expire_policy_reject - user is denied to log in," msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:1473 sssd-ipa.5.xml:380 +#: sssd-ldap.5.xml:1475 sssd-ipa.5.xml:385 msgid "pwd_expire_policy_warn - user is still able to log in," msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:1479 sssd-ipa.5.xml:386 +#: sssd-ldap.5.xml:1481 sssd-ipa.5.xml:391 msgid "" "pwd_expire_policy_renew - user is prompted to change their password " "immediately." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1487 +#: sssd-ldap.5.xml:1489 msgid "" "Please note that 'access_provider = ldap' must be set for this feature to " "work. Also 'ldap_pwd_policy' must be set to an appropriate password policy." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1492 +#: sssd-ldap.5.xml:1494 msgid "" "<emphasis>authorized_service</emphasis>: use the authorizedService attribute " "to determine access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1497 +#: sssd-ldap.5.xml:1499 msgid "<emphasis>host</emphasis>: use the host attribute to determine access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1501 +#: sssd-ldap.5.xml:1503 msgid "" "<emphasis>rhost</emphasis>: use the rhost attribute to determine whether " "remote host can access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1505 +#: sssd-ldap.5.xml:1507 msgid "" "Please note, rhost field in pam is set by application, it is better to check " "what the application sends to pam, before enabling this access control option" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1510 +#: sssd-ldap.5.xml:1512 msgid "Default: filter" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1513 +#: sssd-ldap.5.xml:1515 msgid "" "Please note that it is a configuration error if a value is used more than " "once." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1520 +#: sssd-ldap.5.xml:1522 msgid "ldap_pwdlockout_dn (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1523 +#: sssd-ldap.5.xml:1525 msgid "" "This option specifies the DN of password policy entry on LDAP server. Please " "note that absence of this option in sssd.conf in case of enabled account " @@ -6852,74 +6869,74 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1531 +#: sssd-ldap.5.xml:1533 msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1534 +#: sssd-ldap.5.xml:1536 msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1540 +#: sssd-ldap.5.xml:1542 msgid "ldap_deref (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1543 +#: sssd-ldap.5.xml:1545 msgid "" "Specifies how alias dereferencing is done when performing a search. The " "following options are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1548 +#: sssd-ldap.5.xml:1550 msgid "<emphasis>never</emphasis>: Aliases are never dereferenced." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1552 +#: sssd-ldap.5.xml:1554 msgid "" "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of " "the base object, but not in locating the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1557 +#: sssd-ldap.5.xml:1559 msgid "" "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating " "the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1562 +#: sssd-ldap.5.xml:1564 msgid "" "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and " "in locating the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1567 +#: sssd-ldap.5.xml:1569 msgid "" "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP " "client libraries)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1575 +#: sssd-ldap.5.xml:1577 msgid "ldap_rfc2307_fallback_to_local_users (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1578 +#: sssd-ldap.5.xml:1580 msgid "" "Allows to retain local users as members of an LDAP group for servers that " "use the RFC2307 schema." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1582 +#: sssd-ldap.5.xml:1584 msgid "" "In some environments where the RFC2307 schema is used, local users are made " "members of LDAP groups by adding their names to the memberUid attribute. " @@ -6930,7 +6947,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1593 +#: sssd-ldap.5.xml:1595 msgid "" "This option falls back to checking if local users are referenced, and caches " "them so that later initgroups() calls will augment the local users with the " @@ -6938,53 +6955,53 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1605 sssd-ifp.5.xml:152 +#: sssd-ldap.5.xml:1607 sssd-ifp.5.xml:152 msgid "wildcard_limit (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1608 +#: sssd-ldap.5.xml:1610 msgid "" "Specifies an upper limit on the number of entries that are downloaded during " "a wildcard lookup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1612 +#: sssd-ldap.5.xml:1614 msgid "At the moment, only the InfoPipe responder supports wildcard lookups." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1616 +#: sssd-ldap.5.xml:1618 msgid "Default: 1000 (often the size of one page)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1622 +#: sssd-ldap.5.xml:1624 msgid "ldap_library_debug_level (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1625 +#: sssd-ldap.5.xml:1627 msgid "" "Switches on libldap debugging with the given level. The libldap debug " "messages will be written independent of the general debug_level." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1630 +#: sssd-ldap.5.xml:1632 msgid "" "OpenLDAP uses a bitmap to enable debugging for specific components, -1 will " "enable full debug output." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1635 +#: sssd-ldap.5.xml:1637 msgid "Default: 0 (libldap debugging disabled)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:51 +#: sssd-ldap.5.xml:52 msgid "" "All of the common configuration options that apply to SSSD domains also " "apply to LDAP domains. Refer to the <quote>DOMAIN SECTIONS</quote> section " @@ -6996,12 +7013,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1645 +#: sssd-ldap.5.xml:1647 msgid "SUDO OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1647 +#: sssd-ldap.5.xml:1649 msgid "" "The detailed instructions for configuration of sudo_provider are in the " "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " @@ -7009,43 +7026,43 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1658 +#: sssd-ldap.5.xml:1660 msgid "ldap_sudo_full_refresh_interval (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1661 +#: sssd-ldap.5.xml:1663 msgid "" "How many seconds SSSD will wait between executing a full refresh of sudo " "rules (which downloads all rules that are stored on the server)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1666 +#: sssd-ldap.5.xml:1668 msgid "" "The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </" "emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1671 +#: sssd-ldap.5.xml:1673 msgid "" "You can disable full refresh by setting this option to 0. However, either " "smart or full refresh must be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1676 +#: sssd-ldap.5.xml:1678 msgid "Default: 21600 (6 hours)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1682 +#: sssd-ldap.5.xml:1684 msgid "ldap_sudo_smart_refresh_interval (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1685 +#: sssd-ldap.5.xml:1687 msgid "" "How many seconds SSSD has to wait before executing a smart refresh of sudo " "rules (which downloads all rules that have USN higher than the highest " @@ -7053,14 +7070,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1691 +#: sssd-ldap.5.xml:1693 msgid "" "If USN attributes are not supported by the server, the modifyTimestamp " "attribute is used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1695 +#: sssd-ldap.5.xml:1697 msgid "" "<emphasis>Note:</emphasis> the highest USN value can be updated by three " "tasks: 1) By sudo full and smart refresh (if updated rules are found), 2) by " @@ -7070,19 +7087,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1706 +#: sssd-ldap.5.xml:1708 msgid "" "You can disable smart refresh by setting this option to 0. However, either " "smart or full refresh must be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1717 +#: sssd-ldap.5.xml:1719 msgid "ldap_sudo_random_offset (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1720 +#: sssd-ldap.5.xml:1722 msgid "" "Random offset between 0 and configured value is added to smart and full " "refresh periods each time the periodic task is scheduled. The value is in " @@ -7090,7 +7107,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1726 +#: sssd-ldap.5.xml:1728 msgid "" "Note that this random offset is also applied on the first SSSD start which " "delays the first sudo rules refresh. This prolongs the time when the sudo " @@ -7098,106 +7115,106 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1732 +#: sssd-ldap.5.xml:1734 msgid "You can disable this offset by setting the value to 0." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1742 +#: sssd-ldap.5.xml:1744 msgid "ldap_sudo_use_host_filter (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1745 +#: sssd-ldap.5.xml:1747 msgid "" "If true, SSSD will download only rules that are applicable to this machine " "(using the IPv4 or IPv6 host/network addresses and hostnames)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1756 +#: sssd-ldap.5.xml:1758 msgid "ldap_sudo_hostnames (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1759 +#: sssd-ldap.5.xml:1761 msgid "" "Space separated list of hostnames or fully qualified domain names that " "should be used to filter the rules." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1764 +#: sssd-ldap.5.xml:1766 msgid "" "If this option is empty, SSSD will try to discover the hostname and the " "fully qualified domain name automatically." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1769 sssd-ldap.5.xml:1792 sssd-ldap.5.xml:1810 -#: sssd-ldap.5.xml:1828 +#: sssd-ldap.5.xml:1771 sssd-ldap.5.xml:1794 sssd-ldap.5.xml:1812 +#: sssd-ldap.5.xml:1830 msgid "" "If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</" "emphasis> then this option has no effect." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1774 sssd-ldap.5.xml:1797 +#: sssd-ldap.5.xml:1776 sssd-ldap.5.xml:1799 msgid "Default: not specified" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1780 +#: sssd-ldap.5.xml:1782 msgid "ldap_sudo_ip (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1783 +#: sssd-ldap.5.xml:1785 msgid "" "Space separated list of IPv4 or IPv6 host/network addresses that should be " "used to filter the rules." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1788 +#: sssd-ldap.5.xml:1790 msgid "" "If this option is empty, SSSD will try to discover the addresses " "automatically." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1803 +#: sssd-ldap.5.xml:1805 msgid "ldap_sudo_include_netgroups (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1806 +#: sssd-ldap.5.xml:1808 msgid "" "If true then SSSD will download every rule that contains a netgroup in " "sudoHost attribute." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1821 +#: sssd-ldap.5.xml:1823 msgid "ldap_sudo_include_regexp (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1824 +#: sssd-ldap.5.xml:1826 msgid "" "If true then SSSD will download every rule that contains a wildcard in " "sudoHost attribute." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><note><para> -#: sssd-ldap.5.xml:1834 +#: sssd-ldap.5.xml:1836 msgid "" "Using wildcard is an operation that is very costly to evaluate on the LDAP " "server side!" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1846 +#: sssd-ldap.5.xml:1848 msgid "" "This manual page only describes attribute name mapping. For detailed " "explanation of sudo related attribute semantics, see <citerefentry> " @@ -7206,59 +7223,59 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1856 +#: sssd-ldap.5.xml:1858 msgid "AUTOFS OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1858 +#: sssd-ldap.5.xml:1860 msgid "" "Some of the defaults for the parameters below are dependent on the LDAP " "schema." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1864 +#: sssd-ldap.5.xml:1866 msgid "ldap_autofs_map_master_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1867 +#: sssd-ldap.5.xml:1869 msgid "The name of the automount master map in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1870 +#: sssd-ldap.5.xml:1872 msgid "Default: auto.master" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1881 +#: sssd-ldap.5.xml:1883 msgid "ADVANCED OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1888 +#: sssd-ldap.5.xml:1890 msgid "ldap_netgroup_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1893 +#: sssd-ldap.5.xml:1895 msgid "ldap_user_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1898 +#: sssd-ldap.5.xml:1900 msgid "ldap_group_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><note> -#: sssd-ldap.5.xml:1903 +#: sssd-ldap.5.xml:1905 msgid "<note>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para> -#: sssd-ldap.5.xml:1905 +#: sssd-ldap.5.xml:1907 msgid "" "If the option <quote>ldap_use_tokengroups</quote> is enabled, the searches " "against Active Directory will not be restricted and return all groups " @@ -7267,22 +7284,22 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist> -#: sssd-ldap.5.xml:1912 +#: sssd-ldap.5.xml:1914 msgid "</note>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1914 +#: sssd-ldap.5.xml:1916 msgid "ldap_sudo_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1919 +#: sssd-ldap.5.xml:1921 msgid "ldap_autofs_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1883 +#: sssd-ldap.5.xml:1885 msgid "" "These options are supported by LDAP domains, but they should be used with " "caution. Please include them in your configuration only if you know what you " @@ -7291,14 +7308,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1934 sssd-simple.5.xml:131 sssd-ipa.5.xml:925 -#: sssd-ad.5.xml:1386 sssd-krb5.5.xml:483 sss_rpcidmapd.5.xml:98 +#: sssd-ldap.5.xml:1936 sssd-simple.5.xml:131 sssd-ipa.5.xml:930 +#: sssd-ad.5.xml:1391 sssd-krb5.5.xml:483 sss_rpcidmapd.5.xml:98 #: sssd-files.5.xml:155 sssd-session-recording.5.xml:176 msgid "EXAMPLE" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1936 +#: sssd-ldap.5.xml:1938 msgid "" "The following example assumes that SSSD is correctly configured and LDAP is " "set to one of the domains in the <replaceable>[domains]</replaceable> " @@ -7306,7 +7323,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ldap.5.xml:1942 +#: sssd-ldap.5.xml:1944 #, no-wrap msgid "" "[domain/LDAP]\n" @@ -7319,27 +7336,27 @@ msgid "" msgstr "" #. type: Content of: <refsect1><refsect2><para> -#: sssd-ldap.5.xml:1941 sssd-ldap.5.xml:1959 sssd-simple.5.xml:139 -#: sssd-ipa.5.xml:933 sssd-ad.5.xml:1394 sssd-sudo.5.xml:56 sssd-krb5.5.xml:492 +#: sssd-ldap.5.xml:1943 sssd-ldap.5.xml:1961 sssd-simple.5.xml:139 +#: sssd-ipa.5.xml:938 sssd-ad.5.xml:1399 sssd-sudo.5.xml:56 sssd-krb5.5.xml:492 #: sssd-files.5.xml:162 sssd-files.5.xml:173 sssd-session-recording.5.xml:182 #: include/ldap_id_mapping.xml:105 msgid "<placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1953 +#: sssd-ldap.5.xml:1955 msgid "LDAP ACCESS FILTER EXAMPLE" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1955 +#: sssd-ldap.5.xml:1957 msgid "" "The following example assumes that SSSD is correctly configured and to use " "the ldap_access_order=lockout." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ldap.5.xml:1960 +#: sssd-ldap.5.xml:1962 #, no-wrap msgid "" "[domain/LDAP]\n" @@ -7355,13 +7372,13 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1975 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148 -#: sssd-ad.5.xml:1409 sssd.8.xml:238 sss_seed.8.xml:163 +#: sssd-ldap.5.xml:1977 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148 +#: sssd-ad.5.xml:1414 sssd.8.xml:238 sss_seed.8.xml:163 msgid "NOTES" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1977 +#: sssd-ldap.5.xml:1979 msgid "" "The descriptions of some of the configuration options in this manual page " "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> " @@ -9690,12 +9707,12 @@ msgid "Example: dyndns_iface = em1, vnet1, vnet2" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:204 sssd-ad.5.xml:1285 +#: sssd-ipa.5.xml:204 sssd-ad.5.xml:1290 msgid "dyndns_auth (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:207 sssd-ad.5.xml:1288 +#: sssd-ipa.5.xml:207 sssd-ad.5.xml:1293 msgid "" "Whether the nsupdate utility should use GSS-TSIG authentication for secure " "updates with the DNS server, insecure updates can be sent by setting this " @@ -9703,17 +9720,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:213 sssd-ad.5.xml:1294 +#: sssd-ipa.5.xml:213 sssd-ad.5.xml:1299 msgid "Default: GSS-TSIG" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:219 sssd-ad.5.xml:1300 +#: sssd-ipa.5.xml:219 sssd-ad.5.xml:1305 msgid "dyndns_auth_ptr (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:222 sssd-ad.5.xml:1303 +#: sssd-ipa.5.xml:222 sssd-ad.5.xml:1308 msgid "" "Whether the nsupdate utility should use GSS-TSIG authentication for secure " "PTR updates with the DNS server, insecure updates can be sent by setting " @@ -9721,7 +9738,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:228 sssd-ad.5.xml:1309 +#: sssd-ipa.5.xml:228 sssd-ad.5.xml:1314 msgid "Default: Same as dyndns_auth" msgstr "" @@ -9780,65 +9797,72 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:290 +#: sssd-ipa.5.xml:290 sssd-ad.5.xml:1266 +msgid "" +"Note that <emphasis>dyndns_update_per_family</emphasis> parameter does not " +"apply for PTR record updates. Those updates are always sent separately." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:295 msgid "Default: False (disabled)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:296 sssd-ad.5.xml:1272 +#: sssd-ipa.5.xml:301 sssd-ad.5.xml:1277 msgid "dyndns_force_tcp (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:299 sssd-ad.5.xml:1275 +#: sssd-ipa.5.xml:304 sssd-ad.5.xml:1280 msgid "" "Whether the nsupdate utility should default to using TCP for communicating " "with the DNS server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:303 sssd-ad.5.xml:1279 +#: sssd-ipa.5.xml:308 sssd-ad.5.xml:1284 msgid "Default: False (let nsupdate choose the protocol)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:309 sssd-ad.5.xml:1315 +#: sssd-ipa.5.xml:314 sssd-ad.5.xml:1320 msgid "dyndns_server (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:312 sssd-ad.5.xml:1318 +#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1323 msgid "" "The DNS server to use when performing a DNS update. In most setups, it's " "recommended to leave this option unset." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1323 +#: sssd-ipa.5.xml:322 sssd-ad.5.xml:1328 msgid "" "Setting this option makes sense for environments where the DNS server is " "different from the identity server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:322 sssd-ad.5.xml:1328 +#: sssd-ipa.5.xml:327 sssd-ad.5.xml:1333 msgid "" "Please note that this option will be only used in fallback attempt when " "previous attempt using autodetected settings failed." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:327 sssd-ad.5.xml:1333 +#: sssd-ipa.5.xml:332 sssd-ad.5.xml:1338 msgid "Default: None (let nsupdate choose the server)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:333 sssd-ad.5.xml:1339 +#: sssd-ipa.5.xml:338 sssd-ad.5.xml:1344 msgid "dyndns_update_per_family (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:336 sssd-ad.5.xml:1342 +#: sssd-ipa.5.xml:341 sssd-ad.5.xml:1347 msgid "" "DNS update is by default performed in two steps - IPv4 update and then IPv6 " "update. In some cases it might be desirable to perform IPv4 and IPv6 update " @@ -9846,177 +9870,177 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:348 +#: sssd-ipa.5.xml:353 msgid "ipa_access_order (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:355 +#: sssd-ipa.5.xml:360 msgid "<emphasis>expire</emphasis>: use IPA's account expiration policy." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:394 +#: sssd-ipa.5.xml:399 msgid "" "Please note that 'access_provider = ipa' must be set for this feature to " "work." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:401 +#: sssd-ipa.5.xml:406 msgid "ipa_deskprofile_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:404 +#: sssd-ipa.5.xml:409 msgid "" "Optional. Use the given string as search base for Desktop Profile related " "objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:408 sssd-ipa.5.xml:435 +#: sssd-ipa.5.xml:413 sssd-ipa.5.xml:440 msgid "Default: Use base DN" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:414 +#: sssd-ipa.5.xml:419 msgid "ipa_subid_ranges_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:417 +#: sssd-ipa.5.xml:422 msgid "" "Optional. Use the given string as search base for subordinate ranges related " "objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:421 +#: sssd-ipa.5.xml:426 msgid "Default: the value of <emphasis>cn=subids,%basedn</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:428 +#: sssd-ipa.5.xml:433 msgid "ipa_hbac_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:431 +#: sssd-ipa.5.xml:436 msgid "Optional. Use the given string as search base for HBAC related objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:441 +#: sssd-ipa.5.xml:446 msgid "ipa_host_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:444 +#: sssd-ipa.5.xml:449 msgid "Deprecated. Use ldap_host_search_base instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:450 +#: sssd-ipa.5.xml:455 msgid "ipa_selinux_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:453 +#: sssd-ipa.5.xml:458 msgid "Optional. Use the given string as search base for SELinux user maps." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:469 +#: sssd-ipa.5.xml:474 msgid "ipa_subdomains_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:472 +#: sssd-ipa.5.xml:477 msgid "Optional. Use the given string as search base for trusted domains." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:481 +#: sssd-ipa.5.xml:486 msgid "Default: the value of <emphasis>cn=trusts,%basedn</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:488 +#: sssd-ipa.5.xml:493 msgid "ipa_master_domain_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:491 +#: sssd-ipa.5.xml:496 msgid "Optional. Use the given string as search base for master domain object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:500 +#: sssd-ipa.5.xml:505 msgid "Default: the value of <emphasis>cn=ad,cn=etc,%basedn</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:507 +#: sssd-ipa.5.xml:512 msgid "ipa_views_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:510 +#: sssd-ipa.5.xml:515 msgid "Optional. Use the given string as search base for views containers." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:519 +#: sssd-ipa.5.xml:524 msgid "Default: the value of <emphasis>cn=views,cn=accounts,%basedn</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:529 +#: sssd-ipa.5.xml:534 msgid "" "The name of the Kerberos realm. This is optional and defaults to the value " "of <quote>ipa_domain</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:533 +#: sssd-ipa.5.xml:538 msgid "" "The name of the Kerberos realm has a special meaning in IPA - it is " "converted into the base DN to use for performing LDAP operations." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:541 sssd-ad.5.xml:1357 +#: sssd-ipa.5.xml:546 sssd-ad.5.xml:1362 msgid "krb5_confd_path (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:544 sssd-ad.5.xml:1360 +#: sssd-ipa.5.xml:549 sssd-ad.5.xml:1365 msgid "" "Absolute path of a directory where SSSD should place Kerberos configuration " "snippets." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:548 sssd-ad.5.xml:1364 +#: sssd-ipa.5.xml:553 sssd-ad.5.xml:1369 msgid "" "To disable the creation of the configuration snippets set the parameter to " "'none'." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:552 sssd-ad.5.xml:1368 +#: sssd-ipa.5.xml:557 sssd-ad.5.xml:1373 msgid "" "Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:559 +#: sssd-ipa.5.xml:564 msgid "ipa_deskprofile_refresh (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:562 +#: sssd-ipa.5.xml:567 msgid "" "The amount of time between lookups of the Desktop Profile rules against the " "IPA server. This will reduce the latency and load on the IPA server if there " @@ -10024,34 +10048,34 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:569 sssd-ipa.5.xml:599 sssd-ipa.5.xml:615 sssd-ad.5.xml:599 +#: sssd-ipa.5.xml:574 sssd-ipa.5.xml:604 sssd-ipa.5.xml:620 sssd-ad.5.xml:599 msgid "Default: 5 (seconds)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:575 +#: sssd-ipa.5.xml:580 msgid "ipa_deskprofile_request_interval (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:578 +#: sssd-ipa.5.xml:583 msgid "" "The amount of time between lookups of the Desktop Profile rules against the " "IPA server in case the last request did not return any rule." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:583 +#: sssd-ipa.5.xml:588 msgid "Default: 60 (minutes)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:589 +#: sssd-ipa.5.xml:594 msgid "ipa_hbac_refresh (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:592 +#: sssd-ipa.5.xml:597 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server. " "This will reduce the latency and load on the IPA server if there are many " @@ -10059,12 +10083,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:605 +#: sssd-ipa.5.xml:610 msgid "ipa_hbac_selinux (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:608 +#: sssd-ipa.5.xml:613 msgid "" "The amount of time between lookups of the SELinux maps against the IPA " "server. This will reduce the latency and load on the IPA server if there are " @@ -10072,33 +10096,33 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:621 +#: sssd-ipa.5.xml:626 msgid "ipa_server_mode (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:624 +#: sssd-ipa.5.xml:629 msgid "" "This option will be set by the IPA installer (ipa-server-install) " "automatically and denotes if SSSD is running on an IPA server or not." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:629 +#: sssd-ipa.5.xml:634 msgid "" "On an IPA server SSSD will lookup users and groups from trusted domains " "directly while on a client it will ask an IPA server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:634 +#: sssd-ipa.5.xml:639 msgid "" "NOTE: There are currently some assumptions that must be met when SSSD is " "running on an IPA server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:639 +#: sssd-ipa.5.xml:644 msgid "" "The <quote>ipa_server</quote> option must be configured to point to the IPA " "server itself. This is already the default set by the IPA installer, so no " @@ -10106,59 +10130,59 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:648 +#: sssd-ipa.5.xml:653 msgid "" "The <quote>full_name_format</quote> option must not be tweaked to only print " "short names for users from trusted domains." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:663 +#: sssd-ipa.5.xml:668 msgid "ipa_automount_location (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:666 +#: sssd-ipa.5.xml:671 msgid "The automounter location this IPA client will be using" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:669 +#: sssd-ipa.5.xml:674 msgid "Default: The location named \"default\"" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd-ipa.5.xml:677 +#: sssd-ipa.5.xml:682 msgid "VIEWS AND OVERRIDES" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:686 +#: sssd-ipa.5.xml:691 msgid "ipa_view_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:689 +#: sssd-ipa.5.xml:694 msgid "Objectclass of the view container." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:692 +#: sssd-ipa.5.xml:697 msgid "Default: nsContainer" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:698 +#: sssd-ipa.5.xml:703 msgid "ipa_view_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:701 +#: sssd-ipa.5.xml:706 msgid "Name of the attribute holding the name of the view." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:705 sssd-ldap-attributes.5.xml:496 +#: sssd-ipa.5.xml:710 sssd-ldap-attributes.5.xml:496 #: sssd-ldap-attributes.5.xml:830 sssd-ldap-attributes.5.xml:911 #: sssd-ldap-attributes.5.xml:1008 sssd-ldap-attributes.5.xml:1066 #: sssd-ldap-attributes.5.xml:1224 sssd-ldap-attributes.5.xml:1269 @@ -10166,128 +10190,128 @@ msgid "Default: cn" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:711 +#: sssd-ipa.5.xml:716 msgid "ipa_override_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:714 +#: sssd-ipa.5.xml:719 msgid "Objectclass of the override objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:717 +#: sssd-ipa.5.xml:722 msgid "Default: ipaOverrideAnchor" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:723 +#: sssd-ipa.5.xml:728 msgid "ipa_anchor_uuid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:726 +#: sssd-ipa.5.xml:731 msgid "" "Name of the attribute containing the reference to the original object in a " "remote domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:730 +#: sssd-ipa.5.xml:735 msgid "Default: ipaAnchorUUID" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:736 +#: sssd-ipa.5.xml:741 msgid "ipa_user_override_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:739 +#: sssd-ipa.5.xml:744 msgid "" "Name of the objectclass for user overrides. It is used to determine if the " "found override object is related to a user or a group." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:744 +#: sssd-ipa.5.xml:749 msgid "User overrides can contain attributes given by" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:747 +#: sssd-ipa.5.xml:752 msgid "ldap_user_name" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:750 +#: sssd-ipa.5.xml:755 msgid "ldap_user_uid_number" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:753 +#: sssd-ipa.5.xml:758 msgid "ldap_user_gid_number" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:756 +#: sssd-ipa.5.xml:761 msgid "ldap_user_gecos" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:759 +#: sssd-ipa.5.xml:764 msgid "ldap_user_home_directory" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:762 +#: sssd-ipa.5.xml:767 msgid "ldap_user_shell" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:765 +#: sssd-ipa.5.xml:770 msgid "ldap_user_ssh_public_key" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:770 +#: sssd-ipa.5.xml:775 msgid "Default: ipaUserOverride" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:776 +#: sssd-ipa.5.xml:781 msgid "ipa_group_override_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:779 +#: sssd-ipa.5.xml:784 msgid "" "Name of the objectclass for group overrides. It is used to determine if the " "found override object is related to a user or a group." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:784 +#: sssd-ipa.5.xml:789 msgid "Group overrides can contain attributes given by" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:787 +#: sssd-ipa.5.xml:792 msgid "ldap_group_name" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:790 +#: sssd-ipa.5.xml:795 msgid "ldap_group_gid_number" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:795 +#: sssd-ipa.5.xml:800 msgid "Default: ipaGroupOverride" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd-ipa.5.xml:679 +#: sssd-ipa.5.xml:684 msgid "" "SSSD can handle views and overrides which are offered by FreeIPA 4.1 and " "later version. Since all paths and objectclasses are fixed on the server " @@ -10297,19 +10321,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ipa.5.xml:807 +#: sssd-ipa.5.xml:812 msgid "SUBDOMAINS PROVIDER" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:809 +#: sssd-ipa.5.xml:814 msgid "" "The IPA subdomains provider behaves slightly differently if it is configured " "explicitly or implicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:813 +#: sssd-ipa.5.xml:818 msgid "" "If the option 'subdomains_provider = ipa' is found in the domain section of " "sssd.conf, the IPA subdomains provider is configured explicitly, and all " @@ -10317,7 +10341,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:819 +#: sssd-ipa.5.xml:824 msgid "" "If the option 'subdomains_provider' is not set in the domain section of sssd." "conf but there is the option 'id_provider = ipa', the IPA subdomains " @@ -10329,12 +10353,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ipa.5.xml:830 +#: sssd-ipa.5.xml:835 msgid "TRUSTED DOMAINS CONFIGURATION" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ipa.5.xml:838 +#: sssd-ipa.5.xml:843 #, no-wrap msgid "" "[domain/ipa.domain.com/ad.domain.com]\n" @@ -10342,7 +10366,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:832 +#: sssd-ipa.5.xml:837 msgid "" "Some configuration options can also be set for a trusted domain. A trusted " "domain configuration can be set using the trusted domain subsection as shown " @@ -10352,80 +10376,80 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:843 +#: sssd-ipa.5.xml:848 msgid "" "For more details, see the <citerefentry> <refentrytitle>sssd.conf</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:850 +#: sssd-ipa.5.xml:855 msgid "" "Different configuration options are tunable for a trusted domain depending " "on whether you are configuring SSSD on an IPA server or an IPA client." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd-ipa.5.xml:855 +#: sssd-ipa.5.xml:860 msgid "OPTIONS TUNABLE ON IPA MASTERS" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd-ipa.5.xml:857 +#: sssd-ipa.5.xml:862 msgid "" "The following options can be set in a subdomain section on an IPA master:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:861 sssd-ipa.5.xml:891 +#: sssd-ipa.5.xml:866 sssd-ipa.5.xml:896 msgid "ad_server" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:864 +#: sssd-ipa.5.xml:869 msgid "ad_backup_server" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:867 sssd-ipa.5.xml:894 +#: sssd-ipa.5.xml:872 sssd-ipa.5.xml:899 msgid "ad_site" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:870 +#: sssd-ipa.5.xml:875 msgid "ldap_search_base" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:873 +#: sssd-ipa.5.xml:878 msgid "ldap_user_search_base" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:876 +#: sssd-ipa.5.xml:881 msgid "ldap_group_search_base" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd-ipa.5.xml:885 +#: sssd-ipa.5.xml:890 msgid "OPTIONS TUNABLE ON IPA CLIENTS" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd-ipa.5.xml:887 +#: sssd-ipa.5.xml:892 msgid "" "The following options can be set in a subdomain section on an IPA client:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd-ipa.5.xml:899 +#: sssd-ipa.5.xml:904 msgid "" "Note that if both options are set, only <quote>ad_server</quote> is " "evaluated." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd-ipa.5.xml:903 +#: sssd-ipa.5.xml:908 msgid "" "Since any request for a user or a group identity from a trusted domain " "triggered from an IPA client is resolved by the IPA server, the " @@ -10439,7 +10463,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:927 +#: sssd-ipa.5.xml:932 msgid "" "The following example assumes that SSSD is correctly configured and example." "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " @@ -10447,7 +10471,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ipa.5.xml:934 +#: sssd-ipa.5.xml:939 #, no-wrap msgid "" "[domain/example.com]\n" @@ -11641,7 +11665,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ad.5.xml:1388 +#: sssd-ad.5.xml:1393 msgid "" "The following example assumes that SSSD is correctly configured and example." "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " @@ -11649,7 +11673,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ad.5.xml:1395 +#: sssd-ad.5.xml:1400 #, no-wrap msgid "" "[domain/EXAMPLE]\n" @@ -11664,7 +11688,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ad.5.xml:1415 +#: sssd-ad.5.xml:1420 #, no-wrap msgid "" "access_provider = ldap\n" @@ -11673,7 +11697,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ad.5.xml:1411 +#: sssd-ad.5.xml:1416 msgid "" "The AD access control provider checks if the account is expired. It has the " "same effect as the following configuration of the LDAP provider: " @@ -11681,7 +11705,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ad.5.xml:1421 +#: sssd-ad.5.xml:1426 msgid "" "However, unless the <quote>ad</quote> access control provider is explicitly " "configured, the default access provider is <quote>permit</quote>. Please " @@ -11691,7 +11715,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ad.5.xml:1429 +#: sssd-ad.5.xml:1434 msgid "" "When the autofs provider is set to <quote>ad</quote>, the RFC2307 schema " "attribute mapping (nisMap, nisObject, ...) is used, because these attributes " diff --git a/src/man/po/ru.po b/src/man/po/ru.po index 37d9de874de..85c4a57d472 100644 --- a/src/man/po/ru.po +++ b/src/man/po/ru.po @@ -8,7 +8,7 @@ msgid "" msgstr "" "Project-Id-Version: sssd-docs 2.3.0\n" "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" -"POT-Creation-Date: 2023-09-07 11:47+0200\n" +"POT-Creation-Date: 2023-11-13 11:53+0100\n" "PO-Revision-Date: 2022-12-14 19:20+0000\n" "Last-Translator: Elena Mishina <lepata@basealt.ru>\n" "Language-Team: Russian <https://translate.fedoraproject.org/projects/sssd/" @@ -253,10 +253,10 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:136 sssd.conf.5.xml:173 sssd.conf.5.xml:358 #: sssd.conf.5.xml:714 sssd.conf.5.xml:729 sssd.conf.5.xml:952 -#: sssd.conf.5.xml:1070 sssd.conf.5.xml:2198 sssd-ldap.5.xml:1071 -#: sssd-ldap.5.xml:1174 sssd-ldap.5.xml:1243 sssd-ldap.5.xml:1750 -#: sssd-ldap.5.xml:1815 sssd-ipa.5.xml:342 sssd-ad.5.xml:252 sssd-ad.5.xml:366 -#: sssd-ad.5.xml:1200 sssd-ad.5.xml:1348 sssd-krb5.5.xml:358 +#: sssd.conf.5.xml:1070 sssd.conf.5.xml:2198 sssd-ldap.5.xml:1073 +#: sssd-ldap.5.xml:1176 sssd-ldap.5.xml:1245 sssd-ldap.5.xml:1752 +#: sssd-ldap.5.xml:1817 sssd-ipa.5.xml:347 sssd-ad.5.xml:252 sssd-ad.5.xml:366 +#: sssd-ad.5.xml:1200 sssd-ad.5.xml:1353 sssd-krb5.5.xml:358 msgid "Default: true" msgstr "По умолчанию: true" @@ -277,10 +277,10 @@ msgstr "" #. type: Content of: <variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:149 sssd.conf.5.xml:652 sssd.conf.5.xml:949 -#: sssd.conf.5.xml:2101 sssd.conf.5.xml:2168 sssd.conf.5.xml:4174 -#: sssd-ldap.5.xml:312 sssd-ldap.5.xml:917 sssd-ldap.5.xml:936 -#: sssd-ldap.5.xml:1146 sssd-ldap.5.xml:1599 sssd-ldap.5.xml:1839 -#: sssd-ipa.5.xml:152 sssd-ipa.5.xml:254 sssd-ipa.5.xml:657 sssd-ad.5.xml:1106 +#: sssd.conf.5.xml:2101 sssd.conf.5.xml:2168 sssd.conf.5.xml:4191 +#: sssd-ldap.5.xml:313 sssd-ldap.5.xml:919 sssd-ldap.5.xml:938 +#: sssd-ldap.5.xml:1148 sssd-ldap.5.xml:1601 sssd-ldap.5.xml:1841 +#: sssd-ipa.5.xml:152 sssd-ipa.5.xml:254 sssd-ipa.5.xml:662 sssd-ad.5.xml:1106 #: sssd-krb5.5.xml:268 sssd-krb5.5.xml:330 sssd-krb5.5.xml:432 #: include/krb5_options.xml:163 msgid "Default: false" @@ -322,8 +322,8 @@ msgstr "" "на другие типы журнала)." #. type: Content of: outside any tag (error?) -#: sssd.conf.5.xml:109 sssd.conf.5.xml:184 sssd-ldap.5.xml:1656 -#: sssd-ldap.5.xml:1862 sss-certmap.5.xml:645 sssd-systemtap.5.xml:82 +#: sssd.conf.5.xml:109 sssd.conf.5.xml:184 sssd-ldap.5.xml:1658 +#: sssd-ldap.5.xml:1864 sss-certmap.5.xml:645 sssd-systemtap.5.xml:82 #: sssd-systemtap.5.xml:143 sssd-systemtap.5.xml:236 sssd-systemtap.5.xml:274 #: sssd-systemtap.5.xml:330 sssd-ldap-attributes.5.xml:40 #: sssd-ldap-attributes.5.xml:659 sssd-ldap-attributes.5.xml:801 @@ -358,7 +358,7 @@ msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:196 sssd.conf.5.xml:1290 sssd.conf.5.xml:1767 -#: sssd.conf.5.xml:4190 sssd-ldap.5.xml:765 include/ldap_id_mapping.xml:270 +#: sssd.conf.5.xml:4207 sssd-ldap.5.xml:766 include/ldap_id_mapping.xml:270 msgid "Default: 10" msgstr "По умолчанию: 10" @@ -450,7 +450,7 @@ msgstr "" "перезапуска поставщика данных" #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:266 sssd.conf.5.xml:792 sssd.conf.5.xml:3709 +#: sssd.conf.5.xml:266 sssd.conf.5.xml:792 sssd.conf.5.xml:3716 #: include/failover.xml:100 msgid "Default: 3" msgstr "По умолчанию: 3" @@ -479,7 +479,7 @@ msgstr "" "Символ «/» использовать нельзя." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:287 sssd.conf.5.xml:3541 +#: sssd.conf.5.xml:287 sssd.conf.5.xml:3548 msgid "re_expression (string)" msgstr "re_expression (строка)" @@ -505,12 +505,12 @@ msgstr "" "разделе справки «РАЗДЕЛЫ ДОМЕНА»." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:304 sssd.conf.5.xml:3598 +#: sssd.conf.5.xml:304 sssd.conf.5.xml:3605 msgid "full_name_format (string)" msgstr "full_name_format (строка)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:307 sssd.conf.5.xml:3601 +#: sssd.conf.5.xml:307 sssd.conf.5.xml:3608 msgid "" "A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</" "manvolnum> </citerefentry>-compatible format that describes how to compose a " @@ -521,32 +521,32 @@ msgstr "" "создания полностью определённого имени из имени пользователя и имени домена." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:318 sssd.conf.5.xml:3612 +#: sssd.conf.5.xml:318 sssd.conf.5.xml:3619 msgid "%1$s" msgstr "%1$s" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:319 sssd.conf.5.xml:3613 +#: sssd.conf.5.xml:319 sssd.conf.5.xml:3620 msgid "user name" msgstr "имя пользователя" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:322 sssd.conf.5.xml:3616 +#: sssd.conf.5.xml:322 sssd.conf.5.xml:3623 msgid "%2$s" msgstr "%2$s" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:325 sssd.conf.5.xml:3619 +#: sssd.conf.5.xml:325 sssd.conf.5.xml:3626 msgid "domain name as specified in the SSSD config file." msgstr "имя домена, указанное в файле конфигурации SSSD." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:331 sssd.conf.5.xml:3625 +#: sssd.conf.5.xml:331 sssd.conf.5.xml:3632 msgid "%3$s" msgstr "%3$s" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:334 sssd.conf.5.xml:3628 +#: sssd.conf.5.xml:334 sssd.conf.5.xml:3635 msgid "" "domain flat name. Mostly usable for Active Directory domains, both directly " "configured or discovered via IPA trusts." @@ -556,7 +556,7 @@ msgstr "" "доверия IPA." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:315 sssd.conf.5.xml:3609 +#: sssd.conf.5.xml:315 sssd.conf.5.xml:3616 msgid "" "The following expansions are supported: <placeholder type=\"variablelist\" " "id=\"0\"/>" @@ -769,8 +769,8 @@ msgstr "" "параметр default_domain_suffix." #. type: Content of: <variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:468 sssd-ldap.5.xml:876 sssd-ldap.5.xml:888 -#: sssd-ldap.5.xml:980 sssd-ad.5.xml:920 sssd-ad.5.xml:995 sssd-krb5.5.xml:468 +#: sssd.conf.5.xml:468 sssd-ldap.5.xml:877 sssd-ldap.5.xml:889 +#: sssd-ldap.5.xml:982 sssd-ad.5.xml:920 sssd-ad.5.xml:995 sssd-krb5.5.xml:468 #: sssd-ldap-attributes.5.xml:470 sssd-ldap-attributes.5.xml:976 #: include/ldap_id_mapping.xml:211 include/ldap_id_mapping.xml:222 #: include/krb5_options.xml:148 @@ -1124,7 +1124,7 @@ msgstr "" "пользователей в разных доменах могут быть одинаковыми." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:700 sssd.conf.5.xml:1791 sssd.conf.5.xml:4240 +#: sssd.conf.5.xml:700 sssd.conf.5.xml:1791 sssd.conf.5.xml:4257 #: sssd-ad.5.xml:187 sssd-ad.5.xml:327 sssd-ad.5.xml:341 msgid "Default: Not set" msgstr "По умолчанию: не задано" @@ -1358,7 +1358,7 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:858 sssd.conf.5.xml:1201 sssd.conf.5.xml:1584 -#: sssd.conf.5.xml:1880 sssd-ldap.5.xml:494 +#: sssd.conf.5.xml:1880 sssd-ldap.5.xml:495 msgid "Default: 60" msgstr "По умолчанию: 60" @@ -1484,7 +1484,7 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:937 sssd.conf.5.xml:1214 sssd.conf.5.xml:2322 -#: sssd-ldap.5.xml:331 +#: sssd-ldap.5.xml:332 msgid "Default: 300" msgstr "По умолчанию: 300" @@ -1943,7 +1943,7 @@ msgstr "" "памяти для запросов passwd." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1240 sssd.conf.5.xml:2964 sssd-ldap.5.xml:548 +#: sssd.conf.5.xml:1240 sssd.conf.5.xml:2971 sssd-ldap.5.xml:549 msgid "Default: 8" msgstr "По умолчанию: 8" @@ -1974,8 +1974,8 @@ msgstr "" "памяти для запросов group." #. type: Content of: <variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1265 sssd.conf.5.xml:1317 sssd.conf.5.xml:3730 -#: sssd-ldap.5.xml:473 sssd-ldap.5.xml:525 include/failover.xml:116 +#: sssd.conf.5.xml:1265 sssd.conf.5.xml:1317 sssd.conf.5.xml:3737 +#: sssd-ldap.5.xml:474 sssd-ldap.5.xml:526 include/failover.xml:116 #: include/krb5_options.xml:11 msgid "Default: 6" msgstr "По умолчанию: 6" @@ -2353,7 +2353,7 @@ msgid "pam_pwd_expiration_warning (integer)" msgstr "pam_pwd_expiration_warning (целое число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1553 sssd.conf.5.xml:2988 +#: sssd.conf.5.xml:1553 sssd.conf.5.xml:2995 msgid "Display a warning N days before the password expires." msgstr "Показать предупреждение за N дней до истечения срока действия пароля." @@ -2369,7 +2369,7 @@ msgstr "" "сможет показать предупреждение." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1562 sssd.conf.5.xml:2991 +#: sssd.conf.5.xml:1562 sssd.conf.5.xml:2998 msgid "" "If zero is set, then this filter is not applied, i.e. if the expiration " "warning was received from backend server, it will automatically be displayed." @@ -2388,7 +2388,7 @@ msgstr "" "<emphasis>pwd_expiration_warning</emphasis> для конкретного домена." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1572 sssd.conf.5.xml:3977 sssd-ldap.5.xml:606 sssd.8.xml:79 +#: sssd.conf.5.xml:1572 sssd.conf.5.xml:3984 sssd-ldap.5.xml:607 sssd.8.xml:79 msgid "Default: 0" msgstr "По умолчанию: 0" @@ -2464,8 +2464,8 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1632 sssd.conf.5.xml:1657 sssd.conf.5.xml:1676 -#: sssd.conf.5.xml:1913 sssd.conf.5.xml:2733 sssd.conf.5.xml:3906 -#: sssd-ldap.5.xml:1207 +#: sssd.conf.5.xml:1913 sssd.conf.5.xml:2733 sssd.conf.5.xml:3913 +#: sssd-ldap.5.xml:1209 msgid "Default: none" msgstr "По умолчанию: none" @@ -2541,8 +2541,8 @@ msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1687 sssd.conf.5.xml:1698 sssd.conf.5.xml:1712 -#: sssd-ldap.5.xml:671 sssd-ldap.5.xml:692 sssd-ldap.5.xml:788 -#: sssd-ldap.5.xml:1293 sssd-ad.5.xml:505 sssd-ad.5.xml:581 sssd-ad.5.xml:1126 +#: sssd-ldap.5.xml:672 sssd-ldap.5.xml:693 sssd-ldap.5.xml:789 +#: sssd-ldap.5.xml:1295 sssd-ad.5.xml:505 sssd-ad.5.xml:581 sssd-ad.5.xml:1126 #: sssd-ad.5.xml:1175 include/ldap_id_mapping.xml:250 msgid "Default: False" msgstr "По умолчанию: false" @@ -2584,7 +2584,7 @@ msgid "The path to the certificate database." msgstr "Путь к базе данных сертификатов." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1723 sssd.conf.5.xml:2248 sssd.conf.5.xml:4354 +#: sssd.conf.5.xml:1723 sssd.conf.5.xml:2248 sssd.conf.5.xml:4371 msgid "Default:" msgstr "По умолчанию:" @@ -2912,7 +2912,7 @@ msgid "Default: no_session" msgstr "По умолчанию: no_session" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1950 sssd.conf.5.xml:4293 +#: sssd.conf.5.xml:1950 sssd.conf.5.xml:4310 msgid "pam_gssapi_services" msgstr "pam_gssapi_services" @@ -2956,7 +2956,7 @@ msgstr "" " " #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1968 sssd.conf.5.xml:3900 +#: sssd.conf.5.xml:1968 sssd.conf.5.xml:3907 msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>" msgstr "Пример: <placeholder type=\"programlisting\" id=\"0\"/>" @@ -2966,7 +2966,7 @@ msgid "Default: - (GSSAPI authentication is disabled)" msgstr "По умолчанию: - (проверка подлинности с помощью GSSAPI отключена)" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1979 sssd.conf.5.xml:4294 +#: sssd.conf.5.xml:1979 sssd.conf.5.xml:4311 msgid "pam_gssapi_check_upn" msgstr "pam_gssapi_check_upn" @@ -2992,7 +2992,7 @@ msgstr "" "пользователей, получивших необходимый билет службы." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1999 sssd-ad.5.xml:1266 sss_rpcidmapd.5.xml:76 +#: sssd.conf.5.xml:1999 sssd-ad.5.xml:1271 sss_rpcidmapd.5.xml:76 #: sssd-files.5.xml:145 msgid "Default: True" msgstr "По умолчанию: true" @@ -3957,7 +3957,7 @@ msgid "FALSE = No enumerations for this domain" msgstr "FALSE = для этого домена не выполняется перечисление" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2669 sssd.conf.5.xml:2943 sssd.conf.5.xml:3120 +#: sssd.conf.5.xml:2669 sssd.conf.5.xml:2950 sssd.conf.5.xml:3127 msgid "Default: FALSE" msgstr "По умолчанию: FALSE" @@ -4298,7 +4298,7 @@ msgstr "" "существующего кэша." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2922 sssd-ldap.5.xml:360 sssd-ldap.5.xml:1736 +#: sssd.conf.5.xml:2922 sssd-ldap.5.xml:361 sssd-ldap.5.xml:1738 #: sssd-ipa.5.xml:270 msgid "Default: 0 (disabled)" msgstr "По умолчанию: 0 (отключено)" @@ -4310,16 +4310,17 @@ msgstr "cache_credentials (логическое значение)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:2931 -#, fuzzy -#| msgid "" -#| "Determines if user credentials are also cached in the local LDB cache" -msgid "Determines if user credentials are also cached in the local LDB cache." +msgid "" +"Determines if user credentials are also cached in the local LDB cache. The " +"cached credentials refer to passwords, which includes the first (long term) " +"factor of two-factor authentication, not other authentication mechanisms. " +"Passkey and Smartcard authentications are expected to work offline as long " +"as a successful online authentication is recorded in the cache without " +"additional configuration." msgstr "" -"Определяет, следует ли также кэшировать учётные данные пользователя в " -"локальном кэше LDB" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2935 +#: sssd.conf.5.xml:2942 msgid "" "Take a note that while credentials are stored as a salted SHA512 hash, this " "still potentially poses some security risk in case an attacker manages to " @@ -4328,12 +4329,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2949 +#: sssd.conf.5.xml:2956 msgid "cache_credentials_minimal_first_factor_length (int)" msgstr "cache_credentials_minimal_first_factor_length (целое число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2952 +#: sssd.conf.5.xml:2959 msgid "" "If 2-Factor-Authentication (2FA) is used and credentials should be saved " "this value determines the minimal length the first authentication factor " @@ -4345,7 +4346,7 @@ msgstr "" "сохранён в формате контрольной суммы SHA512 в кэше." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2959 +#: sssd.conf.5.xml:2966 msgid "" "This should avoid that the short PINs of a PIN based 2FA scheme are saved in " "the cache which would make them easy targets for brute-force attacks." @@ -4355,12 +4356,12 @@ msgstr "" "мишенью для атак методом подбора." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2970 +#: sssd.conf.5.xml:2977 msgid "account_cache_expiration (integer)" msgstr "account_cache_expiration (целое число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2973 +#: sssd.conf.5.xml:2980 msgid "" "Number of days entries are left in cache after last successful login before " "being removed during a cleanup of the cache. 0 means keep forever. The " @@ -4373,17 +4374,17 @@ msgstr "" "быть больше или равно значению offline_credentials_expiration." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2980 +#: sssd.conf.5.xml:2987 msgid "Default: 0 (unlimited)" msgstr "По умолчанию: 0 (без ограничений)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2985 +#: sssd.conf.5.xml:2992 msgid "pwd_expiration_warning (integer)" msgstr "pwd_expiration_warning (целое число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2996 +#: sssd.conf.5.xml:3003 msgid "" "Please note that the backend server has to provide information about the " "expiration time of the password. If this information is missing, sssd " @@ -4396,17 +4397,17 @@ msgstr "" "настроить поставщика данных проверки подлинности." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3003 +#: sssd.conf.5.xml:3010 msgid "Default: 7 (Kerberos), 0 (LDAP)" msgstr "По умолчанию: 7 (Kerberos), 0 (LDAP)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3009 +#: sssd.conf.5.xml:3016 msgid "id_provider (string)" msgstr "id_provider (строка)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3012 +#: sssd.conf.5.xml:3019 msgid "" "The identification provider used for the domain. Supported ID providers are:" msgstr "" @@ -4414,12 +4415,12 @@ msgstr "" "Поддерживаемые поставщики ID:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3016 +#: sssd.conf.5.xml:3023 msgid "<quote>proxy</quote>: Support a legacy NSS provider." msgstr "<quote>proxy</quote>: поддержка устаревшего поставщика NSS." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3019 +#: sssd.conf.5.xml:3026 msgid "" "<quote>files</quote>: FILES provider. See <citerefentry> <refentrytitle>sssd-" "files</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more " @@ -4431,7 +4432,7 @@ msgstr "" "citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3027 +#: sssd.conf.5.xml:3034 msgid "" "<quote>ldap</quote>: LDAP provider. See <citerefentry> <refentrytitle>sssd-" "ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more " @@ -4442,8 +4443,8 @@ msgstr "" "<manvolnum>5</manvolnum> </citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3035 sssd.conf.5.xml:3146 sssd.conf.5.xml:3197 -#: sssd.conf.5.xml:3260 +#: sssd.conf.5.xml:3042 sssd.conf.5.xml:3153 sssd.conf.5.xml:3204 +#: sssd.conf.5.xml:3267 msgid "" "<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management " "provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> " @@ -4456,8 +4457,8 @@ msgstr "" "citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3044 sssd.conf.5.xml:3155 sssd.conf.5.xml:3206 -#: sssd.conf.5.xml:3269 +#: sssd.conf.5.xml:3051 sssd.conf.5.xml:3162 sssd.conf.5.xml:3213 +#: sssd.conf.5.xml:3276 msgid "" "<quote>ad</quote>: Active Directory provider. See <citerefentry> " "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </" @@ -4468,12 +4469,12 @@ msgstr "" "ad</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3055 +#: sssd.conf.5.xml:3062 msgid "use_fully_qualified_names (bool)" msgstr "use_fully_qualified_names (логическое значение)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3058 +#: sssd.conf.5.xml:3065 msgid "" "Use the full name and domain (as formatted by the domain's full_name_format) " "as the user's login name reported to NSS." @@ -4482,7 +4483,7 @@ msgstr "" "домена) в качестве имени для входа пользователя, которое сообщается NSS." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3063 +#: sssd.conf.5.xml:3070 msgid "" "If set to TRUE, all requests to this domain must use fully qualified names. " "For example, if used in LOCAL domain that contains a \"test\" user, " @@ -4496,7 +4497,7 @@ msgstr "" "passwd test@LOCAL</command> получится это сделать." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3071 +#: sssd.conf.5.xml:3078 msgid "" "NOTE: This option has no effect on netgroup lookups due to their tendency to " "include nested netgroups without qualified names. For netgroups, all domains " @@ -4507,7 +4508,7 @@ msgstr "" "групп выполняется поиск во всех доменах, когда запрашивается неполное имя." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3078 +#: sssd.conf.5.xml:3085 msgid "" "Default: FALSE (TRUE for trusted domain/sub-domains or if " "default_domain_suffix is used)" @@ -4516,17 +4517,17 @@ msgstr "" "использования default_domain_suffix)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3085 +#: sssd.conf.5.xml:3092 msgid "ignore_group_members (bool)" msgstr "ignore_group_members (логическое значение)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3088 +#: sssd.conf.5.xml:3095 msgid "Do not return group members for group lookups." msgstr "Не возвращать участников групп для поиска групп." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3091 +#: sssd.conf.5.xml:3098 msgid "" "If set to TRUE, the group membership attribute is not requested from the " "ldap server, and group members are not returned when processing group lookup " @@ -4545,7 +4546,7 @@ msgstr "" "запрошенную группу так, как будто она пуста." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3109 +#: sssd.conf.5.xml:3116 msgid "" "Enabling this option can also make access provider checks for group " "membership significantly faster, especially for groups containing many " @@ -4556,11 +4557,11 @@ msgstr "" "количество участников)." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3115 sssd.conf.5.xml:3822 sssd-ldap.5.xml:326 -#: sssd-ldap.5.xml:355 sssd-ldap.5.xml:408 sssd-ldap.5.xml:468 -#: sssd-ldap.5.xml:489 sssd-ldap.5.xml:520 sssd-ldap.5.xml:543 -#: sssd-ldap.5.xml:582 sssd-ldap.5.xml:601 sssd-ldap.5.xml:625 -#: sssd-ldap.5.xml:1051 sssd-ldap.5.xml:1084 +#: sssd.conf.5.xml:3122 sssd.conf.5.xml:3829 sssd-ldap.5.xml:327 +#: sssd-ldap.5.xml:356 sssd-ldap.5.xml:409 sssd-ldap.5.xml:469 +#: sssd-ldap.5.xml:490 sssd-ldap.5.xml:521 sssd-ldap.5.xml:544 +#: sssd-ldap.5.xml:583 sssd-ldap.5.xml:602 sssd-ldap.5.xml:626 +#: sssd-ldap.5.xml:1053 sssd-ldap.5.xml:1086 msgid "" "This option can be also set per subdomain or inherited via " "<emphasis>subdomain_inherit</emphasis>." @@ -4569,12 +4570,12 @@ msgstr "" "унаследован с помощью <emphasis>subdomain_inherit</emphasis>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3125 +#: sssd.conf.5.xml:3132 msgid "auth_provider (string)" msgstr "auth_provider (строка)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3128 +#: sssd.conf.5.xml:3135 msgid "" "The authentication provider used for the domain. Supported auth providers " "are:" @@ -4583,7 +4584,7 @@ msgstr "" "Поддерживаемые поставщики данных для проверки подлинности:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3132 sssd.conf.5.xml:3190 +#: sssd.conf.5.xml:3139 sssd.conf.5.xml:3197 msgid "" "<quote>ldap</quote> for native LDAP authentication. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" @@ -4594,7 +4595,7 @@ msgstr "" "ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3139 +#: sssd.conf.5.xml:3146 msgid "" "<quote>krb5</quote> for Kerberos authentication. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" @@ -4606,7 +4607,7 @@ msgstr "" "citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3163 +#: sssd.conf.5.xml:3170 msgid "" "<quote>proxy</quote> for relaying authentication to some other PAM target." msgstr "" @@ -4614,12 +4615,12 @@ msgstr "" "PAM." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3166 +#: sssd.conf.5.xml:3173 msgid "<quote>none</quote> disables authentication explicitly." msgstr "<quote>none</quote> — явно отключить проверку подлинности." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3169 +#: sssd.conf.5.xml:3176 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can handle " "authentication requests." @@ -4628,12 +4629,12 @@ msgstr "" "задан и поддерживает обработку запросов проверки подлинности." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3175 +#: sssd.conf.5.xml:3182 msgid "access_provider (string)" msgstr "access_provider (строка)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3178 +#: sssd.conf.5.xml:3185 msgid "" "The access control provider used for the domain. There are two built-in " "access providers (in addition to any included in installed backends) " @@ -4644,7 +4645,7 @@ msgstr "" "включены в установленные внутренние серверы). Внутренние особые поставщики:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3184 +#: sssd.conf.5.xml:3191 msgid "" "<quote>permit</quote> always allow access. It's the only permitted access " "provider for a local domain." @@ -4653,12 +4654,12 @@ msgstr "" "разрешённого доступа для локального домена." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3187 +#: sssd.conf.5.xml:3194 msgid "<quote>deny</quote> always deny access." msgstr "<quote>deny</quote> — всегда отказывать в доступе." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3214 +#: sssd.conf.5.xml:3221 msgid "" "<quote>simple</quote> access control based on access or deny lists. See " "<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</" @@ -4671,7 +4672,7 @@ msgstr "" "<manvolnum>5</manvolnum></citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3221 +#: sssd.conf.5.xml:3228 msgid "" "<quote>krb5</quote>: .k5login based access control. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum></" @@ -4682,23 +4683,23 @@ msgstr "" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3228 +#: sssd.conf.5.xml:3235 msgid "<quote>proxy</quote> for relaying access control to another PAM module." msgstr "" "<quote>proxy</quote> — передать управление доступом другому модулю PAM." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3231 +#: sssd.conf.5.xml:3238 msgid "Default: <quote>permit</quote>" msgstr "По умолчанию: <quote>permit</quote>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3236 +#: sssd.conf.5.xml:3243 msgid "chpass_provider (string)" msgstr "chpass_provider (строка)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3239 +#: sssd.conf.5.xml:3246 msgid "" "The provider which should handle change password operations for the domain. " "Supported change password providers are:" @@ -4707,7 +4708,7 @@ msgstr "" "домена. Поддерживаемые поставщики данных смены пароля:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3244 +#: sssd.conf.5.xml:3251 msgid "" "<quote>ldap</quote> to change a password stored in a LDAP server. See " "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" @@ -4718,7 +4719,7 @@ msgstr "" "ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3252 +#: sssd.conf.5.xml:3259 msgid "" "<quote>krb5</quote> to change the Kerberos password. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" @@ -4729,19 +4730,19 @@ msgstr "" "<manvolnum>5</manvolnum> </citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3277 +#: sssd.conf.5.xml:3284 msgid "" "<quote>proxy</quote> for relaying password changes to some other PAM target." msgstr "" "<quote>proxy</quote> — передать смену пароля какой-либо другой цели PAM." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3281 +#: sssd.conf.5.xml:3288 msgid "<quote>none</quote> disallows password changes explicitly." msgstr "<quote>none</quote> — явно запретить смену пароля." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3284 +#: sssd.conf.5.xml:3291 msgid "" "Default: <quote>auth_provider</quote> is used if it is set and can handle " "change password requests." @@ -4750,19 +4751,19 @@ msgstr "" "задан и поддерживает обработку запросов смены пароля." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3291 +#: sssd.conf.5.xml:3298 msgid "sudo_provider (string)" msgstr "sudo_provider (строка)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3294 +#: sssd.conf.5.xml:3301 msgid "The SUDO provider used for the domain. Supported SUDO providers are:" msgstr "" "Поставщик данных SUDO, который используется для домена. Поддерживаемые " "поставщики данных SUDO:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3298 +#: sssd.conf.5.xml:3305 msgid "" "<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" @@ -4773,7 +4774,7 @@ msgstr "" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3306 +#: sssd.conf.5.xml:3313 msgid "" "<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default " "settings." @@ -4782,7 +4783,7 @@ msgstr "" "параметрами IPA." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3310 +#: sssd.conf.5.xml:3317 msgid "" "<quote>ad</quote> the same as <quote>ldap</quote> but with AD default " "settings." @@ -4791,20 +4792,20 @@ msgstr "" "параметрами AD." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3314 +#: sssd.conf.5.xml:3321 msgid "<quote>none</quote> disables SUDO explicitly." msgstr "<quote>none</quote> — явно отключить SUDO." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3317 sssd.conf.5.xml:3403 sssd.conf.5.xml:3473 -#: sssd.conf.5.xml:3498 sssd.conf.5.xml:3534 +#: sssd.conf.5.xml:3324 sssd.conf.5.xml:3410 sssd.conf.5.xml:3480 +#: sssd.conf.5.xml:3505 sssd.conf.5.xml:3541 msgid "Default: The value of <quote>id_provider</quote> is used if it is set." msgstr "" "По умолчанию: использовать значение <quote>id_provider</quote>, если этот " "параметр задан." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3321 +#: sssd.conf.5.xml:3328 msgid "" "The detailed instructions for configuration of sudo_provider are in the " "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " @@ -4822,7 +4823,7 @@ msgstr "" "citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3336 +#: sssd.conf.5.xml:3343 msgid "" "<emphasis>NOTE:</emphasis> Sudo rules are periodically downloaded in the " "background unless the sudo provider is explicitly disabled. Set " @@ -4836,12 +4837,12 @@ msgstr "" "планируется использовать sudo." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3346 +#: sssd.conf.5.xml:3353 msgid "selinux_provider (string)" msgstr "selinux_provider (строка)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3349 +#: sssd.conf.5.xml:3356 msgid "" "The provider which should handle loading of selinux settings. Note that this " "provider will be called right after access provider ends. Supported selinux " @@ -4852,7 +4853,7 @@ msgstr "" "работы поставщика доступа. Поддерживаемые поставщики данных SELinux:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3355 +#: sssd.conf.5.xml:3362 msgid "" "<quote>ipa</quote> to load selinux settings from an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" @@ -4863,12 +4864,12 @@ msgstr "" "ipa</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3363 +#: sssd.conf.5.xml:3370 msgid "<quote>none</quote> disallows fetching selinux settings explicitly." msgstr "<quote>none</quote> — явно отключает получение параметров SELinux." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3366 +#: sssd.conf.5.xml:3373 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can handle " "selinux loading requests." @@ -4877,12 +4878,12 @@ msgstr "" "задан и поддерживает обработку запросов загрузки параметров SELinux." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3372 +#: sssd.conf.5.xml:3379 msgid "subdomains_provider (string)" msgstr "subdomains_provider (строка)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3375 +#: sssd.conf.5.xml:3382 msgid "" "The provider which should handle fetching of subdomains. This value should " "be always the same as id_provider. Supported subdomain providers are:" @@ -4892,7 +4893,7 @@ msgstr "" "Поддерживаемые поставщики данных поддоменов:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3381 +#: sssd.conf.5.xml:3388 msgid "" "<quote>ipa</quote> to load a list of subdomains from an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" @@ -4903,7 +4904,7 @@ msgstr "" "ipa</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3390 +#: sssd.conf.5.xml:3397 msgid "" "<quote>ad</quote> to load a list of subdomains from an Active Directory " "server. See <citerefentry> <refentrytitle>sssd-ad</refentrytitle> " @@ -4916,17 +4917,17 @@ msgstr "" "citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3399 +#: sssd.conf.5.xml:3406 msgid "<quote>none</quote> disallows fetching subdomains explicitly." msgstr "<quote>none</quote> — явно отключает получение данных поддоменов." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3409 +#: sssd.conf.5.xml:3416 msgid "session_provider (string)" msgstr "session_provider (строка)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3412 +#: sssd.conf.5.xml:3419 msgid "" "The provider which configures and manages user session related tasks. The " "only user session task currently provided is the integration with Fleet " @@ -4938,14 +4939,14 @@ msgstr "" "Commander (работает только c IPA). Поддерживаемые поставщики данных сеансов:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3419 +#: sssd.conf.5.xml:3426 msgid "<quote>ipa</quote> to allow performing user session related tasks." msgstr "" "<quote>ipa</quote> — разрешить выполнение заданий, связанных с сеансами " "пользователей." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3423 +#: sssd.conf.5.xml:3430 msgid "" "<quote>none</quote> does not perform any kind of user session related tasks." msgstr "" @@ -4953,7 +4954,7 @@ msgstr "" "пользователей." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3427 +#: sssd.conf.5.xml:3434 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can perform " "session related tasks." @@ -4962,7 +4963,7 @@ msgstr "" "задан и поддерживает выполнение заданий, связанных с сеансами." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3431 +#: sssd.conf.5.xml:3438 msgid "" "<emphasis>NOTE:</emphasis> In order to have this feature working as expected " "SSSD must be running as \"root\" and not as the unprivileged user." @@ -4972,12 +4973,12 @@ msgstr "" "пользователя без привилегий." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3439 +#: sssd.conf.5.xml:3446 msgid "autofs_provider (string)" msgstr "autofs_provider (строка)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3442 +#: sssd.conf.5.xml:3449 msgid "" "The autofs provider used for the domain. Supported autofs providers are:" msgstr "" @@ -4985,7 +4986,7 @@ msgstr "" "поставщики данных autofs:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3446 +#: sssd.conf.5.xml:3453 msgid "" "<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" @@ -4996,7 +4997,7 @@ msgstr "" "ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3453 +#: sssd.conf.5.xml:3460 msgid "" "<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> " "<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </" @@ -5007,7 +5008,7 @@ msgstr "" "ipa</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3461 +#: sssd.conf.5.xml:3468 msgid "" "<quote>ad</quote> to load maps stored in an AD server. See <citerefentry> " "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </" @@ -5019,17 +5020,17 @@ msgstr "" "citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3470 +#: sssd.conf.5.xml:3477 msgid "<quote>none</quote> disables autofs explicitly." msgstr "<quote>none</quote> — явно отключить autofs." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3480 +#: sssd.conf.5.xml:3487 msgid "hostid_provider (string)" msgstr "hostid_provider (строка)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3483 +#: sssd.conf.5.xml:3490 msgid "" "The provider used for retrieving host identity information. Supported " "hostid providers are:" @@ -5038,7 +5039,7 @@ msgstr "" "узла. Поддерживаемые поставщики hostid:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3487 +#: sssd.conf.5.xml:3494 msgid "" "<quote>ipa</quote> to load host identity stored in an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" @@ -5050,17 +5051,17 @@ msgstr "" "citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3495 +#: sssd.conf.5.xml:3502 msgid "<quote>none</quote> disables hostid explicitly." msgstr "<quote>none</quote> — явно отключить hostid." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3505 +#: sssd.conf.5.xml:3512 msgid "resolver_provider (string)" msgstr "resolver_provider (строка)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3508 +#: sssd.conf.5.xml:3515 msgid "" "The provider which should handle hosts and networks lookups. Supported " "resolver providers are:" @@ -5069,7 +5070,7 @@ msgstr "" "Поддерживаемые поставщики данных сопоставления:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3512 +#: sssd.conf.5.xml:3519 msgid "" "<quote>proxy</quote> to forward lookups to another NSS library. See " "<quote>proxy_resolver_lib_name</quote>" @@ -5078,7 +5079,7 @@ msgstr "" "NSS. См. <quote>proxy_resolver_lib_name</quote>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3516 +#: sssd.conf.5.xml:3523 msgid "" "<quote>ldap</quote> to fetch hosts and networks stored in LDAP. See " "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" @@ -5090,7 +5091,7 @@ msgstr "" "citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3523 +#: sssd.conf.5.xml:3530 msgid "" "<quote>ad</quote> to fetch hosts and networks stored in AD. See " "<citerefentry> <refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</" @@ -5103,12 +5104,12 @@ msgstr "" "manvolnum> </citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3531 +#: sssd.conf.5.xml:3538 msgid "<quote>none</quote> disallows fetching hosts and networks explicitly." msgstr "<quote>none</quote> — явно отключает получение записей узлов и сетей." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3544 +#: sssd.conf.5.xml:3551 msgid "" "Regular expression for this domain that describes how to parse the string " "containing user name and domain into these components. The \"domain\" can " @@ -5123,7 +5124,7 @@ msgstr "" "домена." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3553 +#: sssd.conf.5.xml:3560 #, fuzzy #| msgid "" #| "Default for the AD and IPA provider: <quote>(((?P<domain>[^\\\\]+)\\" @@ -5140,17 +5141,17 @@ msgstr "" "назначать три разных стиля записи имён пользователей:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:3558 sssd.conf.5.xml:3572 +#: sssd.conf.5.xml:3565 sssd.conf.5.xml:3579 msgid "username" msgstr "username" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:3561 sssd.conf.5.xml:3575 +#: sssd.conf.5.xml:3568 sssd.conf.5.xml:3582 msgid "username@domain.name" msgstr "username@domain.name" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3566 +#: sssd.conf.5.xml:3573 #, fuzzy #| msgid "" #| "Default for the AD and IPA provider: <quote>(((?P<domain>[^\\\\]+)\\" @@ -5169,12 +5170,12 @@ msgstr "" "назначать три разных стиля записи имён пользователей:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:3578 +#: sssd.conf.5.xml:3585 msgid "domain\\username" msgstr "domain\\username" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3581 +#: sssd.conf.5.xml:3588 msgid "" "While the first two correspond to the general default the third one is " "introduced to allow easy integration of users from Windows domains." @@ -5183,7 +5184,7 @@ msgstr "" "обеспечения простой интеграции пользователей из доменов Windows." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3586 +#: sssd.conf.5.xml:3593 msgid "" "The default re_expression uses the <quote>@</quote> character as a separator " "between the name and the domain. As a result of this setting the default " @@ -5193,17 +5194,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3638 +#: sssd.conf.5.xml:3645 msgid "Default: <quote>%1$s@%2$s</quote>." msgstr "По умолчанию: <quote>%1$s@%2$s</quote>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3644 +#: sssd.conf.5.xml:3651 msgid "lookup_family_order (string)" msgstr "lookup_family_order (строка)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3647 +#: sssd.conf.5.xml:3654 msgid "" "Provides the ability to select preferred address family to use when " "performing DNS lookups." @@ -5212,46 +5213,46 @@ msgstr "" "следует использовать при выполнении запросов DNS." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3651 +#: sssd.conf.5.xml:3658 msgid "Supported values:" msgstr "Поддерживаемые значения:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3654 +#: sssd.conf.5.xml:3661 msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6" msgstr "" "ipv4_first: попытаться найти адрес IPv4, в случае неудачи попытаться найти " "адрес IPv6" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3657 +#: sssd.conf.5.xml:3664 msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses." msgstr "ipv4_only: пытаться разрешать имена узлов только в адреса IPv4." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3660 +#: sssd.conf.5.xml:3667 msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4" msgstr "" "ipv6_first: попытаться найти адрес IPv6, в случае неудачи попытаться найти " "адрес IPv4" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3663 +#: sssd.conf.5.xml:3670 msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses." msgstr "ipv6_only: пытаться разрешать имена узлов только в адреса IPv6." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3666 +#: sssd.conf.5.xml:3673 msgid "Default: ipv4_first" msgstr "По умолчанию: ipv4_first" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3672 +#: sssd.conf.5.xml:3679 msgid "dns_resolver_server_timeout (integer)" msgstr "dns_resolver_server_timeout (целое число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3675 +#: sssd.conf.5.xml:3682 msgid "" "Defines the amount of time (in milliseconds) SSSD would try to talk to DNS " "server before trying next DNS server." @@ -5261,7 +5262,7 @@ msgstr "" "следующему." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3680 +#: sssd.conf.5.xml:3687 msgid "" "The AD provider will use this option for the CLDAP ping timeouts as well." msgstr "" @@ -5269,7 +5270,7 @@ msgstr "" "времени проверки связи CLDAP." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3684 sssd.conf.5.xml:3704 sssd.conf.5.xml:3725 +#: sssd.conf.5.xml:3691 sssd.conf.5.xml:3711 sssd.conf.5.xml:3732 msgid "" "Please see the section <quote>FAILOVER</quote> for more information about " "the service resolution." @@ -5278,17 +5279,17 @@ msgstr "" "<quote>ОБРАБОТКА ОТКАЗА</quote>." #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3689 sssd-ldap.5.xml:644 include/failover.xml:84 +#: sssd.conf.5.xml:3696 sssd-ldap.5.xml:645 include/failover.xml:84 msgid "Default: 1000" msgstr "По умолчанию: 1000" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3695 +#: sssd.conf.5.xml:3702 msgid "dns_resolver_op_timeout (integer)" msgstr "dns_resolver_op_timeout (целое число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3698 +#: sssd.conf.5.xml:3705 msgid "" "Defines the amount of time (in seconds) to wait to resolve single DNS query " "(e.g. resolution of a hostname or an SRV record) before trying the next " @@ -5300,12 +5301,12 @@ msgstr "" "следующего DNS." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3715 +#: sssd.conf.5.xml:3722 msgid "dns_resolver_timeout (integer)" msgstr "dns_resolver_timeout (целое число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3718 +#: sssd.conf.5.xml:3725 msgid "" "Defines the amount of time (in seconds) to wait for a reply from the " "internal fail over service before assuming that the service is unreachable. " @@ -5318,12 +5319,12 @@ msgstr "" "работу в автономном режиме." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3736 +#: sssd.conf.5.xml:3743 msgid "dns_resolver_use_search_list (bool)" msgstr "dns_resolver_use_search_list (логическое значение)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3739 +#: sssd.conf.5.xml:3746 msgid "" "Normally, the DNS resolver searches the domain list defined in the " "\"search\" directive from the resolv.conf file. This can lead to delays in " @@ -5334,7 +5335,7 @@ msgstr "" "средах с неправильно настроенным DNS." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3745 +#: sssd.conf.5.xml:3752 msgid "" "If fully qualified domain names (or _srv_) are used in the SSSD " "configuration, setting this option to FALSE can prevent unnecessary DNS " @@ -5345,17 +5346,17 @@ msgstr "" "запросы DNS в таких средах." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3751 +#: sssd.conf.5.xml:3758 msgid "Default: TRUE" msgstr "По умолчанию: TRUE" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3757 +#: sssd.conf.5.xml:3764 msgid "dns_discovery_domain (string)" msgstr "dns_discovery_domain (строка)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3760 +#: sssd.conf.5.xml:3767 msgid "" "If service discovery is used in the back end, specifies the domain part of " "the service discovery DNS query." @@ -5364,54 +5365,54 @@ msgstr "" "доменную часть запроса обнаружения служб DNS." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3764 +#: sssd.conf.5.xml:3771 msgid "Default: Use the domain part of machine's hostname" msgstr "По умолчанию: использовать доменную часть имени узла компьютера" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3770 +#: sssd.conf.5.xml:3777 msgid "override_gid (integer)" msgstr "override_gid (целое число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3773 +#: sssd.conf.5.xml:3780 msgid "Override the primary GID value with the one specified." msgstr "Переопределить значение основного GID указанным значением." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3779 +#: sssd.conf.5.xml:3786 msgid "case_sensitive (string)" msgstr "case_sensitive (строка)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3786 +#: sssd.conf.5.xml:3793 msgid "True" msgstr "True" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3789 +#: sssd.conf.5.xml:3796 msgid "Case sensitive. This value is invalid for AD provider." msgstr "" "С учётом регистра. Это значение не является корректным для поставщика данных " "AD." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3795 +#: sssd.conf.5.xml:3802 msgid "False" msgstr "False" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3797 +#: sssd.conf.5.xml:3804 msgid "Case insensitive." msgstr "Без учёта регистра." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3801 +#: sssd.conf.5.xml:3808 msgid "Preserving" msgstr "Preserving" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3804 +#: sssd.conf.5.xml:3811 msgid "" "Same as False (case insensitive), but does not lowercase names in the result " "of NSS operations. Note that name aliases (and in case of services also " @@ -5423,7 +5424,7 @@ msgstr "" "регистр в выведенных данных." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3812 +#: sssd.conf.5.xml:3819 msgid "" "If you want to set this value for trusted domain with IPA provider, you need " "to set it on both the client and SSSD on the server." @@ -5433,7 +5434,7 @@ msgstr "" "на сервере." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3782 +#: sssd.conf.5.xml:3789 msgid "" "Treat user and group names as case sensitive. Possible option values are: " "<placeholder type=\"variablelist\" id=\"0\"/>" @@ -5442,17 +5443,17 @@ msgstr "" "значения: <placeholder type=\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3827 +#: sssd.conf.5.xml:3834 msgid "Default: True (False for AD provider)" msgstr "По умолчанию: True (False для поставщика данных AD)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3833 +#: sssd.conf.5.xml:3840 msgid "subdomain_inherit (string)" msgstr "subdomain_inherit (строка)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3836 +#: sssd.conf.5.xml:3843 msgid "" "Specifies a list of configuration parameters that should be inherited by a " "subdomain. Please note that only selected parameters can be inherited. " @@ -5464,47 +5465,47 @@ msgstr "" "параметров:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3842 +#: sssd.conf.5.xml:3849 msgid "ldap_search_timeout" msgstr "ldap_search_timeout" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3845 +#: sssd.conf.5.xml:3852 msgid "ldap_network_timeout" msgstr "ldap_network_timeout" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3848 +#: sssd.conf.5.xml:3855 msgid "ldap_opt_timeout" msgstr "ldap_opt_timeout" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3851 +#: sssd.conf.5.xml:3858 msgid "ldap_offline_timeout" msgstr "ldap_offline_timeout" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3854 +#: sssd.conf.5.xml:3861 msgid "ldap_enumeration_refresh_timeout" msgstr "ldap_enumeration_refresh_timeout" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3857 +#: sssd.conf.5.xml:3864 msgid "ldap_enumeration_refresh_offset" msgstr "ldap_enumeration_refresh_offset" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3860 +#: sssd.conf.5.xml:3867 msgid "ldap_purge_cache_timeout" msgstr "ldap_purge_cache_timeout" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3863 +#: sssd.conf.5.xml:3870 msgid "ldap_purge_cache_offset" msgstr "ldap_purge_cache_offset" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3866 +#: sssd.conf.5.xml:3873 msgid "" "ldap_krb5_keytab (the value of krb5_keytab will be used if ldap_krb5_keytab " "is not set explicitly)" @@ -5513,57 +5514,57 @@ msgstr "" "ldap_krb5_keytab не задан явно)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3870 +#: sssd.conf.5.xml:3877 msgid "ldap_krb5_ticket_lifetime" msgstr "ldap_krb5_ticket_lifetime" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3873 +#: sssd.conf.5.xml:3880 msgid "ldap_enumeration_search_timeout" msgstr "ldap_enumeration_search_timeout" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3876 +#: sssd.conf.5.xml:3883 msgid "ldap_connection_expire_timeout" msgstr "ldap_connection_expire_timeout" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3879 +#: sssd.conf.5.xml:3886 msgid "ldap_connection_expire_offset" msgstr "ldap_connection_expire_offset" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3882 +#: sssd.conf.5.xml:3889 msgid "ldap_connection_idle_timeout" msgstr "ldap_connection_idle_timeout" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3885 sssd-ldap.5.xml:400 +#: sssd.conf.5.xml:3892 sssd-ldap.5.xml:401 msgid "ldap_use_tokengroups" msgstr "ldap_use_tokengroups" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3888 +#: sssd.conf.5.xml:3895 msgid "ldap_user_principal" msgstr "ldap_user_principal" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3891 +#: sssd.conf.5.xml:3898 msgid "ignore_group_members" msgstr "ignore_group_members" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3894 +#: sssd.conf.5.xml:3901 msgid "auto_private_groups" msgstr "auto_private_groups" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3897 +#: sssd.conf.5.xml:3904 msgid "case_sensitive" msgstr "case_sensitive" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:3902 +#: sssd.conf.5.xml:3909 #, no-wrap msgid "" "subdomain_inherit = ldap_purge_cache_timeout\n" @@ -5573,28 +5574,28 @@ msgstr "" " " #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3909 +#: sssd.conf.5.xml:3916 msgid "Note: This option only works with the IPA and AD provider." msgstr "" "Примечание: этот параметр работает только для поставщиков данных IPA и AD." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3916 +#: sssd.conf.5.xml:3923 msgid "subdomain_homedir (string)" msgstr "subdomain_homedir (строка)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3927 +#: sssd.conf.5.xml:3934 msgid "%F" msgstr "%F" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3928 +#: sssd.conf.5.xml:3935 msgid "flat (NetBIOS) name of a subdomain." msgstr "плоское (NetBIOS) имя поддомена." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3919 +#: sssd.conf.5.xml:3926 msgid "" "Use this homedir as default value for all subdomains within this domain in " "IPA AD trust. See <emphasis>override_homedir</emphasis> for info about " @@ -5610,7 +5611,7 @@ msgstr "" "id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3933 +#: sssd.conf.5.xml:3940 msgid "" "The value can be overridden by <emphasis>override_homedir</emphasis> option." msgstr "" @@ -5618,29 +5619,29 @@ msgstr "" "<emphasis>override_homedir</emphasis>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3937 +#: sssd.conf.5.xml:3944 msgid "Default: <filename>/home/%d/%u</filename>" msgstr "По умолчанию: <filename>/home/%d/%u</filename>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3942 +#: sssd.conf.5.xml:3949 msgid "realmd_tags (string)" msgstr "realmd_tags (строка)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3945 +#: sssd.conf.5.xml:3952 msgid "" "Various tags stored by the realmd configuration service for this domain." msgstr "" "Различные метки, сохранённые службой настройки realmd для этого домена." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3951 +#: sssd.conf.5.xml:3958 msgid "cached_auth_timeout (int)" msgstr "cached_auth_timeout (целое число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3954 +#: sssd.conf.5.xml:3961 msgid "" "Specifies time in seconds since last successful online authentication for " "which user will be authenticated using cached credentials while SSSD is in " @@ -5654,7 +5655,7 @@ msgstr "" "сетевом режиме." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3962 +#: sssd.conf.5.xml:3969 msgid "" "This option's value is inherited by all trusted domains. At the moment it is " "not possible to set a different value per trusted domain." @@ -5664,12 +5665,12 @@ msgstr "" "значения." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3967 +#: sssd.conf.5.xml:3974 msgid "Special value 0 implies that this feature is disabled." msgstr "Специальное значение «0» подразумевает, что эта возможность отключена." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3971 +#: sssd.conf.5.xml:3978 msgid "" "Please note that if <quote>cached_auth_timeout</quote> is longer than " "<quote>pam_id_timeout</quote> then the back end could be called to handle " @@ -5680,14 +5681,14 @@ msgstr "" "обработки <quote>initgroups.</quote>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3982 +#: sssd.conf.5.xml:3989 #, fuzzy #| msgid "ldap_pwd_policy (string)" msgid "local_auth_policy (string)" msgstr "ldap_pwd_policy (строка)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3985 +#: sssd.conf.5.xml:3992 msgid "" "Local authentication methods policy. Some backends (i.e. LDAP, proxy " "provider) only support a password based authentication, while others can " @@ -5698,7 +5699,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3995 +#: sssd.conf.5.xml:4002 msgid "" "There are three possible values for this option: match, only, enable. " "<quote>match</quote> is used to match offline and online states for Kerberos " @@ -5709,8 +5710,17 @@ msgid "" "separated, such as <quote>enable:passkey, enable:smartcard</quote>" msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4014 +msgid "" +"Please note that if local Smartcard authentication is enabled and a " +"Smartcard is present, Smartcard authentication will be preferred over the " +"authentication methods supported by the backend. I.e. there will be a PIN " +"prompt instead of e.g. a password prompt." +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:4011 +#: sssd.conf.5.xml:4026 #, no-wrap msgid "" "[domain/shadowutils]\n" @@ -5721,7 +5731,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4007 +#: sssd.conf.5.xml:4022 #, fuzzy #| msgid "" #| "The following example creates a container named 'mycontainer': " @@ -5735,31 +5745,31 @@ msgstr "" "type=\"programlisting\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4019 +#: sssd.conf.5.xml:4034 #, fuzzy #| msgid "This option is not available in IPA provider." msgid "This option is ignored for the files provider." msgstr "Этот параметр недоступен в поставщике данных IPA." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4022 +#: sssd.conf.5.xml:4037 #, fuzzy #| msgid "Default: mail" msgid "Default: match" msgstr "По умолчанию: mail" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4027 +#: sssd.conf.5.xml:4042 msgid "auto_private_groups (string)" msgstr "auto_private_groups (строка)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4033 +#: sssd.conf.5.xml:4048 msgid "true" msgstr "true" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4036 +#: sssd.conf.5.xml:4051 msgid "" "Create user's private group unconditionally from user's UID number. The GID " "number is ignored in this case." @@ -5768,7 +5778,7 @@ msgstr "" "UID пользователя. Номер GID в этом случае игнорируется." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4040 +#: sssd.conf.5.xml:4055 msgid "" "NOTE: Because the GID number and the user private group are inferred from " "the UID number, it is not supported to have multiple entries with the same " @@ -5782,12 +5792,12 @@ msgstr "" "пространстве идентификаторов." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4049 +#: sssd.conf.5.xml:4064 msgid "false" msgstr "false" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4052 +#: sssd.conf.5.xml:4067 msgid "" "Always use the user's primary GID number. The GID number must refer to a " "group object in the LDAP database." @@ -5796,12 +5806,12 @@ msgstr "" "ссылаться на объект группы в базе данных LDAP." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4058 +#: sssd.conf.5.xml:4073 msgid "hybrid" msgstr "hybrid" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4061 +#: sssd.conf.5.xml:4076 msgid "" "A primary group is autogenerated for user entries whose UID and GID numbers " "have the same value and at the same time the GID number does not correspond " @@ -5816,7 +5826,7 @@ msgstr "" "основной GID этого пользователя разрешается в этот объект группы." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4074 +#: sssd.conf.5.xml:4089 msgid "" "If the UID and GID of a user are different, then the GID must correspond to " "a group entry, otherwise the GID is simply not resolvable." @@ -5825,7 +5835,7 @@ msgstr "" "группы; в ином случае GID просто будет невозможно разрешить." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4081 +#: sssd.conf.5.xml:4096 msgid "" "This feature is useful for environments that wish to stop maintaining a " "separate group objects for the user private groups, but also wish to retain " @@ -5836,7 +5846,7 @@ msgstr "" "сохранить существующие закрытые группы пользователей." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4030 +#: sssd.conf.5.xml:4045 msgid "" "This option takes any of three available values: <placeholder " "type=\"variablelist\" id=\"0\"/>" @@ -5845,7 +5855,7 @@ msgstr "" "type=\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4093 +#: sssd.conf.5.xml:4108 msgid "" "For subdomains, the default value is False for subdomains that use assigned " "POSIX IDs and True for subdomains that use automatic ID-mapping." @@ -5855,7 +5865,7 @@ msgstr "" "поддоменов, которые используют автоматическое сопоставление идентификаторов." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:4101 +#: sssd.conf.5.xml:4116 #, no-wrap msgid "" "[domain/forest.domain/sub.domain]\n" @@ -5865,7 +5875,7 @@ msgstr "" "auto_private_groups = false\n" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:4107 +#: sssd.conf.5.xml:4122 #, no-wrap msgid "" "[domain/forest.domain]\n" @@ -5877,7 +5887,7 @@ msgstr "" "auto_private_groups = false\n" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4098 +#: sssd.conf.5.xml:4113 msgid "" "The value of auto_private_groups can either be set per subdomains in a " "subsection, for example: <placeholder type=\"programlisting\" id=\"0\"/> or " @@ -5902,31 +5912,36 @@ msgstr "" "replaceable>]</quote> <placeholder type=\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4122 +#: sssd.conf.5.xml:4137 msgid "proxy_pam_target (string)" msgstr "proxy_pam_target (строка)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4125 +#: sssd.conf.5.xml:4140 msgid "The proxy target PAM proxies to." msgstr "Цель, которой пересылает данные прокси PAM." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4128 +#: sssd.conf.5.xml:4143 +#, fuzzy +#| msgid "" +#| "Default: not set by default, you have to take an existing pam " +#| "configuration or create a new one and add the service name here." msgid "" "Default: not set by default, you have to take an existing pam configuration " -"or create a new one and add the service name here." +"or create a new one and add the service name here. As an alternative you can " +"enable local authentication with the local_auth_policy option." msgstr "" "По умолчанию: не задано по умолчанию; следует воспользоваться существующей " "конфигурацией PAM или создать новую и добавить здесь имя службы." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4136 +#: sssd.conf.5.xml:4153 msgid "proxy_lib_name (string)" msgstr "proxy_lib_name (строка)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4139 +#: sssd.conf.5.xml:4156 msgid "" "The name of the NSS library to use in proxy domains. The NSS functions " "searched for in the library are in the form of _nss_$(libName)_$(function), " @@ -5937,12 +5952,12 @@ msgstr "" "_nss_$(libName)_$(function), например: _nss_files_getpwent." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4149 +#: sssd.conf.5.xml:4166 msgid "proxy_resolver_lib_name (string)" msgstr "proxy_resolver_lib_name (строка)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4152 +#: sssd.conf.5.xml:4169 msgid "" "The name of the NSS library to use for hosts and networks lookups in proxy " "domains. The NSS functions searched for in the library are in the form of " @@ -5953,12 +5968,12 @@ msgstr "" "вид _nss_$(libName)_$(function), например: _nss_dns_gethostbyname2_r." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4163 +#: sssd.conf.5.xml:4180 msgid "proxy_fast_alias (boolean)" msgstr "proxy_fast_alias (логическое значение)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4166 +#: sssd.conf.5.xml:4183 msgid "" "When a user or group is looked up by name in the proxy provider, a second " "lookup by ID is performed to \"canonicalize\" the name in case the requested " @@ -5972,12 +5987,12 @@ msgstr "" "идентификатора в кэше в целях ускорения предоставления результатов." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4180 +#: sssd.conf.5.xml:4197 msgid "proxy_max_children (integer)" msgstr "proxy_max_children (целое число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4183 +#: sssd.conf.5.xml:4200 msgid "" "This option specifies the number of pre-forked proxy children. It is useful " "for high-load SSSD environments where sssd may run out of available child " @@ -5989,7 +6004,7 @@ msgstr "" "постановки запросов в очередь." #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4118 +#: sssd.conf.5.xml:4133 msgid "" "Options valid for proxy domains. <placeholder type=\"variablelist\" " "id=\"0\"/>" @@ -5998,12 +6013,12 @@ msgstr "" "<placeholder type=\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:4199 +#: sssd.conf.5.xml:4216 msgid "Application domains" msgstr "Домены приложений" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4201 +#: sssd.conf.5.xml:4218 msgid "" "SSSD, with its D-Bus interface (see <citerefentry> <refentrytitle>sssd-ifp</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry>) is appealing to " @@ -6032,7 +6047,7 @@ msgstr "" "традиционного домена SSSD." #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4221 +#: sssd.conf.5.xml:4238 msgid "" "Please note that the application domain must still be explicitly enabled in " "the <quote>domains</quote> parameter so that the lookup order between the " @@ -6043,17 +6058,17 @@ msgstr "" "порядок поиска для домена приложений и его родственного домена POSIX." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> -#: sssd.conf.5.xml:4227 +#: sssd.conf.5.xml:4244 msgid "Application domain parameters" msgstr "Параметры доменов приложений" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4229 +#: sssd.conf.5.xml:4246 msgid "inherit_from (string)" msgstr "inherit_from (строка)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4232 +#: sssd.conf.5.xml:4249 msgid "" "The SSSD POSIX-type domain the application domain inherits all settings " "from. The application domain can moreover add its own settings to the " @@ -6066,7 +6081,7 @@ msgstr "" "<quote>родственного</quote> домена." #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4246 +#: sssd.conf.5.xml:4263 msgid "" "The following example illustrates the use of an application domain. In this " "setup, the POSIX domain is connected to an LDAP server and is used by the OS " @@ -6081,7 +6096,7 @@ msgstr "" "атрибут phone доступным через интерфейс D-Bus." #. type: Content of: <reference><refentry><refsect1><refsect2><programlisting> -#: sssd.conf.5.xml:4254 +#: sssd.conf.5.xml:4271 #, no-wrap msgid "" "[sssd]\n" @@ -6115,12 +6130,12 @@ msgstr "" "ldap_user_extra_attrs = phone:telephoneNumber\n" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4274 +#: sssd.conf.5.xml:4291 msgid "TRUSTED DOMAIN SECTION" msgstr "РАЗДЕЛ ДОВЕРЕННЫХ ДОМЕНОВ" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4276 +#: sssd.conf.5.xml:4293 msgid "" "Some options used in the domain section can also be used in the trusted " "domain section, that is, in a section called <quote>[domain/" @@ -6138,57 +6153,57 @@ msgstr "" "поддерживаются следующие параметры:" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4283 +#: sssd.conf.5.xml:4300 msgid "ldap_search_base," msgstr "ldap_search_base," #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4284 +#: sssd.conf.5.xml:4301 msgid "ldap_user_search_base," msgstr "ldap_user_search_base," #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4285 +#: sssd.conf.5.xml:4302 msgid "ldap_group_search_base," msgstr "ldap_group_search_base," #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4286 +#: sssd.conf.5.xml:4303 msgid "ldap_netgroup_search_base," msgstr "ldap_netgroup_search_base," #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4287 +#: sssd.conf.5.xml:4304 msgid "ldap_service_search_base," msgstr "ldap_service_search_base," #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4288 +#: sssd.conf.5.xml:4305 msgid "ldap_sasl_mech," msgstr "ldap_sasl_mech," #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4289 +#: sssd.conf.5.xml:4306 msgid "ad_server," msgstr "ad_server," #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4290 +#: sssd.conf.5.xml:4307 msgid "ad_backup_server," msgstr "ad_backup_server," #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4291 +#: sssd.conf.5.xml:4308 msgid "ad_site," msgstr "ad_site," #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4292 sssd-ipa.5.xml:879 +#: sssd.conf.5.xml:4309 sssd-ipa.5.xml:884 msgid "use_fully_qualified_names" msgstr "use_fully_qualified_names" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4296 +#: sssd.conf.5.xml:4313 msgid "" "For more details about these options see their individual description in the " "manual page." @@ -6197,12 +6212,12 @@ msgstr "" "справочной странице." #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4302 +#: sssd.conf.5.xml:4319 msgid "CERTIFICATE MAPPING SECTION" msgstr "РАЗДЕЛ СОПОСТАВЛЕНИЯ СЕРТИФИКАТОВ" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4304 +#: sssd.conf.5.xml:4321 msgid "" "To allow authentication with Smartcards and certificates SSSD must be able " "to map certificates to users. This can be done by adding the full " @@ -6225,7 +6240,7 @@ msgstr "" "проверки подлинности." #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4318 +#: sssd.conf.5.xml:4335 msgid "" "To make the mapping more flexible mapping and matching rules were added to " "SSSD (see <citerefentry> <refentrytitle>sss-certmap</refentrytitle> " @@ -6236,7 +6251,7 @@ msgstr "" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry>)." #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4327 +#: sssd.conf.5.xml:4344 msgid "" "A mapping and matching rule can be added to the SSSD configuration in a " "section on its own with a name like <quote>[certmap/" @@ -6249,12 +6264,12 @@ msgstr "" "replaceable>]</quote>. В этом разделе допустимы следующие параметры:" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4334 +#: sssd.conf.5.xml:4351 msgid "matchrule (string)" msgstr "matchrule (строка)" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4337 +#: sssd.conf.5.xml:4354 msgid "" "Only certificates from the Smartcard which matches this rule will be " "processed, all others are ignored." @@ -6263,7 +6278,7 @@ msgstr "" "соответствуют этому правилу. Все остальные будут игнорироваться." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4341 +#: sssd.conf.5.xml:4358 msgid "" "Default: KRB5:<EKU>clientAuth, i.e. only certificates which have the " "Extended Key Usage <quote>clientAuth</quote>" @@ -6273,17 +6288,17 @@ msgstr "" "<quote>clientAuth</quote>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4348 +#: sssd.conf.5.xml:4365 msgid "maprule (string)" msgstr "maprule (строка)" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4351 +#: sssd.conf.5.xml:4368 msgid "Defines how the user is found for a given certificate." msgstr "Определяет способ поиска пользователя для указанного сертификата." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4357 +#: sssd.conf.5.xml:4374 msgid "" "LDAP:(userCertificate;binary={cert!bin}) for LDAP based providers like " "<quote>ldap</quote>, <quote>AD</quote> or <quote>ipa</quote>." @@ -6293,7 +6308,7 @@ msgstr "" "quote>." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4363 +#: sssd.conf.5.xml:4380 msgid "" "The RULE_NAME for the <quote>files</quote> provider which tries to find a " "user with the same name." @@ -6302,12 +6317,12 @@ msgstr "" "пользователя с таким же именем." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4372 +#: sssd.conf.5.xml:4389 msgid "domains (string)" msgstr "domains (строка)" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4375 +#: sssd.conf.5.xml:4392 msgid "" "Comma separated list of domain names the rule should be applied. By default " "a rule is only valid in the domain configured in sssd.conf. If the provider " @@ -6320,17 +6335,17 @@ msgstr "" "параметра можно добавить правило также и в поддомены." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4382 +#: sssd.conf.5.xml:4399 msgid "Default: the configured domain in sssd.conf" msgstr "По умолчанию: настроенный домен в sssd.conf" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4387 +#: sssd.conf.5.xml:4404 msgid "priority (integer)" msgstr "priority (целое число)" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4390 +#: sssd.conf.5.xml:4407 msgid "" "Unsigned integer value defining the priority of the rule. The higher the " "number the lower the priority. <quote>0</quote> stands for the highest " @@ -6341,12 +6356,12 @@ msgstr "" "приоритет, а <quote>4294967295</quote> — самый низкий." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4396 +#: sssd.conf.5.xml:4413 msgid "Default: the lowest priority" msgstr "По умолчанию: самый низкий приоритет" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4402 +#: sssd.conf.5.xml:4419 msgid "" "To make the configuration simple and reduce the amount of configuration " "options the <quote>files</quote> provider has some special properties:" @@ -6356,7 +6371,7 @@ msgstr "" "свойства:" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4408 +#: sssd.conf.5.xml:4425 msgid "" "if maprule is not set the RULE_NAME name is assumed to be the name of the " "matching user" @@ -6365,7 +6380,7 @@ msgstr "" "RULE_NAME" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4414 +#: sssd.conf.5.xml:4431 msgid "" "if a maprule is used both a single user name or a template like " "<quote>{subject_rfc822_name.short_name}</quote> must be in braces like e.g. " @@ -6378,17 +6393,17 @@ msgstr "" "<quote>({subject_rfc822_name.short_name})</quote>" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4423 +#: sssd.conf.5.xml:4440 msgid "the <quote>domains</quote> option is ignored" msgstr "параметр <quote>domains</quote> игнорируется" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4431 +#: sssd.conf.5.xml:4448 msgid "PROMPTING CONFIGURATION SECTION" msgstr "РАЗДЕЛ НАСТРОЙКИ ЗАПРОСОВ" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4433 +#: sssd.conf.5.xml:4450 msgid "" "If a special file (<filename>/var/lib/sss/pubconf/pam_preauth_available</" "filename>) exists SSSD's PAM module pam_sss will ask SSSD to figure out " @@ -6403,7 +6418,7 @@ msgstr "" "запросит у пользователя соответствующие учётные данные." #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4441 +#: sssd.conf.5.xml:4458 msgid "" "With the growing number of authentication methods and the possibility that " "there are multiple ones for a single user the heuristic used by pam_sss to " @@ -6416,22 +6431,22 @@ msgstr "" "Следующие параметры обеспечивают более гибкую настройку." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4453 +#: sssd.conf.5.xml:4470 msgid "[prompting/password]" msgstr "[prompting/password]" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4456 +#: sssd.conf.5.xml:4473 msgid "password_prompt" msgstr "password_prompt" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4457 +#: sssd.conf.5.xml:4474 msgid "to change the string of the password prompt" msgstr "изменить строку запроса пароля" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4455 +#: sssd.conf.5.xml:4472 msgid "" "to configure password prompting, allowed options are: <placeholder " "type=\"variablelist\" id=\"0\"/>" @@ -6440,37 +6455,37 @@ msgstr "" "type=\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4465 +#: sssd.conf.5.xml:4482 msgid "[prompting/2fa]" msgstr "[prompting/2fa]" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4469 +#: sssd.conf.5.xml:4486 msgid "first_prompt" msgstr "first_prompt" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4470 +#: sssd.conf.5.xml:4487 msgid "to change the string of the prompt for the first factor" msgstr "изменить строку запроса первого фактора" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4473 +#: sssd.conf.5.xml:4490 msgid "second_prompt" msgstr "second_prompt" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4474 +#: sssd.conf.5.xml:4491 msgid "to change the string of the prompt for the second factor" msgstr "изменить строку запроса второго фактора" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4477 +#: sssd.conf.5.xml:4494 msgid "single_prompt" msgstr "single_prompt" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4478 +#: sssd.conf.5.xml:4495 msgid "" "boolean value, if True there will be only a single prompt using the value of " "first_prompt where it is expected that both factors are entered as a single " @@ -6483,7 +6498,7 @@ msgstr "" "фактора, даже если второй фактор является необязательным." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4467 +#: sssd.conf.5.xml:4484 msgid "" "to configure two-factor authentication prompting, allowed options are: " "<placeholder type=\"variablelist\" id=\"0\"/> If the second factor is " @@ -6496,19 +6511,19 @@ msgstr "" "пароль, либо оба фактора, следует использовать двухэтапный запрос." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4495 +#: sssd.conf.5.xml:4512 #, fuzzy #| msgid "[prompting/password]" msgid "[prompting/passkey]" msgstr "[prompting/password]" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4501 sssd-ad.5.xml:1021 +#: sssd.conf.5.xml:4518 sssd-ad.5.xml:1021 msgid "interactive" msgstr "interactive" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4503 +#: sssd.conf.5.xml:4520 msgid "" "boolean value, if True prompt a message and wait before testing the presence " "of a passkey device. Recommended if your device doesn’t have a tactile " @@ -6516,47 +6531,47 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4511 +#: sssd.conf.5.xml:4528 #, fuzzy #| msgid "interactive" msgid "interactive_prompt" msgstr "interactive" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4513 +#: sssd.conf.5.xml:4530 #, fuzzy #| msgid "to change the string of the password prompt" msgid "to change the message of the interactive prompt." msgstr "изменить строку запроса пароля" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4518 +#: sssd.conf.5.xml:4535 msgid "touch" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4520 +#: sssd.conf.5.xml:4537 msgid "" "boolean value, if True prompt a message to remind the user to touch the " "device." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4526 +#: sssd.conf.5.xml:4543 #, fuzzy #| msgid "first_prompt" msgid "touch_prompt" msgstr "first_prompt" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4528 +#: sssd.conf.5.xml:4545 #, fuzzy #| msgid "to change the string of the password prompt" msgid "to change the message of the touch prompt." msgstr "изменить строку запроса пароля" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4497 +#: sssd.conf.5.xml:4514 #, fuzzy #| msgid "" #| "to configure password prompting, allowed options are: <placeholder " @@ -6569,7 +6584,7 @@ msgstr "" "type=\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4448 +#: sssd.conf.5.xml:4465 #, fuzzy #| msgid "" #| "Each supported authentication method has its own configuration subsection " @@ -6588,7 +6603,7 @@ msgstr "" "<placeholder type=\"variablelist\" id=\"1\"/>" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4539 +#: sssd.conf.5.xml:4556 msgid "" "It is possible to add a subsection for specific PAM services, e.g. " "<quote>[prompting/password/sshd]</quote> to individual change the prompting " @@ -6599,12 +6614,12 @@ msgstr "" "конкретно для этой службы." #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4546 pam_sss_gss.8.xml:157 idmap_sss.8.xml:43 +#: sssd.conf.5.xml:4563 pam_sss_gss.8.xml:157 idmap_sss.8.xml:43 msgid "EXAMPLES" msgstr "ПРИМЕРЫ" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4552 +#: sssd.conf.5.xml:4569 #, no-wrap msgid "" "[sssd]\n" @@ -6658,7 +6673,7 @@ msgstr "" "enumerate = False\n" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4548 +#: sssd.conf.5.xml:4565 msgid "" "1. The following example shows a typical SSSD config. It does not describe " "configuration of the domains themselves - refer to documentation on " @@ -6670,7 +6685,7 @@ msgstr "" "документации. <placeholder type=\"programlisting\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4585 +#: sssd.conf.5.xml:4602 #, no-wrap msgid "" "[domain/ipa.com/child.ad.com]\n" @@ -6680,7 +6695,7 @@ msgstr "" "use_fully_qualified_names = false\n" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4579 +#: sssd.conf.5.xml:4596 msgid "" "2. The following example shows configuration of IPA AD trust where the AD " "forest consists of two domains in a parent-child structure. Suppose IPA " @@ -6697,7 +6712,7 @@ msgstr "" "type=\"programlisting\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4596 +#: sssd.conf.5.xml:4613 #, fuzzy, no-wrap #| msgid "" #| "[certmap/my.domain/rule_name]\n" @@ -6725,7 +6740,7 @@ msgstr "" "matchrule = <ISSUER>^CN=My-CA,DC=MY,DC=DOMAIN$<SUBJECT>^CN=User.Name,DC=MY,DC=DOMAIN$\n" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4590 +#: sssd.conf.5.xml:4607 #, fuzzy #| msgid "" #| "3. The following example shows the configuration for two certificate " @@ -6799,14 +6814,23 @@ msgstr "Возможно настроить SSSD на использование #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ldap.5.xml:38 +#, fuzzy +#| msgid "" +#| "LDAP back end supports id, auth, access and chpass providers. If you want " +#| "to authenticate against an LDAP server either TLS/SSL or LDAPS is " +#| "required. <command>sssd</command> <emphasis>does not</emphasis> support " +#| "authentication over an unencrypted channel. If the LDAP server is used " +#| "only as an identity provider, an encrypted channel is not needed. Please " +#| "refer to <quote>ldap_access_filter</quote> config option for more " +#| "information about using LDAP as an access provider." msgid "" "LDAP back end supports id, auth, access and chpass providers. If you want to " "authenticate against an LDAP server either TLS/SSL or LDAPS is required. " "<command>sssd</command> <emphasis>does not</emphasis> support authentication " -"over an unencrypted channel. If the LDAP server is used only as an identity " -"provider, an encrypted channel is not needed. Please refer to " -"<quote>ldap_access_filter</quote> config option for more information about " -"using LDAP as an access provider." +"over an unencrypted channel. Even if the LDAP server is used only as an " +"identity provider, an encrypted channel is strongly recommended. Please " +"refer to <quote>ldap_access_filter</quote> config option for more " +"information about using LDAP as an access provider." msgstr "" "Внутренний сервер LDAP поддерживает поставщиков данных идентификаторов (id), " "проверки подлинности (auth), управления доступом (access) и смены пароля " @@ -6819,19 +6843,19 @@ msgstr "" "конфигурации <quote>ldap_access_filter</quote>." #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:82 sssd-ad.5.xml:130 +#: sssd-ldap.5.xml:50 sssd-simple.5.xml:69 sssd-ipa.5.xml:82 sssd-ad.5.xml:130 #: sssd-krb5.5.xml:63 sssd-ifp.5.xml:60 sssd-files.5.xml:77 #: sssd-session-recording.5.xml:58 sssd-kcm.8.xml:202 msgid "CONFIGURATION OPTIONS" msgstr "ПАРАМЕТРЫ КОНФИГУРАЦИИ" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:66 +#: sssd-ldap.5.xml:67 msgid "ldap_uri, ldap_backup_uri (string)" msgstr "ldap_uri, ldap_backup_uri (строка)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:69 +#: sssd-ldap.5.xml:70 msgid "" "Specifies the comma-separated list of URIs of the LDAP servers to which SSSD " "should connect in the order of preference. Refer to the <quote>FAILOVER</" @@ -6847,17 +6871,17 @@ msgstr "" "quote>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:76 +#: sssd-ldap.5.xml:77 msgid "The format of the URI must match the format defined in RFC 2732:" msgstr "Формат URI должен соответствовать формату, определённому в RFC 2732:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:79 +#: sssd-ldap.5.xml:80 msgid "ldap[s]://<host>[:port]" msgstr "ldap[s]://<host>[:port]" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:82 +#: sssd-ldap.5.xml:83 msgid "" "For explicit IPv6 addresses, <host> must be enclosed in brackets []" msgstr "" @@ -6865,17 +6889,17 @@ msgstr "" "[]" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:85 +#: sssd-ldap.5.xml:86 msgid "example: ldap://[fc00::126:25]:389" msgstr "пример: ldap://[fc00::126:25]:389" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:91 +#: sssd-ldap.5.xml:92 msgid "ldap_chpass_uri, ldap_chpass_backup_uri (string)" msgstr "ldap_chpass_uri, ldap_chpass_backup_uri (строка)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:94 +#: sssd-ldap.5.xml:95 msgid "" "Specifies the comma-separated list of URIs of the LDAP servers to which SSSD " "should connect in the order of preference to change the password of a user. " @@ -6888,31 +6912,31 @@ msgstr "" "в разделе <quote>ОТРАБОТКА ОТКАЗА</quote>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:101 +#: sssd-ldap.5.xml:102 msgid "To enable service discovery ldap_chpass_dns_service_name must be set." msgstr "" "Для включения обнаружения служб необходимо установить значение параметра " "ldap_chpass_dns_service_name." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:105 +#: sssd-ldap.5.xml:106 msgid "Default: empty, i.e. ldap_uri is used." msgstr "По умолчанию: пусто, то есть используется ldap_uri." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:111 +#: sssd-ldap.5.xml:112 msgid "ldap_search_base (string)" msgstr "ldap_search_base (строка)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:114 +#: sssd-ldap.5.xml:115 msgid "The default base DN to use for performing LDAP user operations." msgstr "" "Стандартное base DN, которое следует использовать для выполнения действий от " "имени пользователя LDAP." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:118 +#: sssd-ldap.5.xml:119 msgid "" "Starting with SSSD 1.7.0, SSSD supports multiple search bases using the " "syntax:" @@ -6921,19 +6945,19 @@ msgstr "" "следующий синтаксис:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:122 +#: sssd-ldap.5.xml:123 msgid "search_base[?scope?[filter][?search_base?scope?[filter]]*]" msgstr "search_base[?scope?[filter][?search_base?scope?[filter]]*]" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:125 +#: sssd-ldap.5.xml:126 msgid "The scope can be one of \"base\", \"onelevel\" or \"subtree\"." msgstr "" "Значением области может быть одно из следующих: «base», «onelevel» или " "«subtree»." #. type: Content of: <listitem><para> -#: sssd-ldap.5.xml:128 include/ldap_search_bases.xml:18 +#: sssd-ldap.5.xml:129 include/ldap_search_bases.xml:18 msgid "" "The filter must be a valid LDAP search filter as specified by http://www." "ietf.org/rfc/rfc2254.txt" @@ -6942,13 +6966,13 @@ msgstr "" "http://www.ietf.org/rfc/rfc2254.txt" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:132 sssd-ad.5.xml:311 sss_override.8.xml:143 +#: sssd-ldap.5.xml:133 sssd-ad.5.xml:311 sss_override.8.xml:143 #: sss_override.8.xml:240 sssd-ldap-attributes.5.xml:453 msgid "Examples:" msgstr "Примеры:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:135 +#: sssd-ldap.5.xml:136 msgid "" "ldap_search_base = dc=example,dc=com (which is equivalent to) " "ldap_search_base = dc=example,dc=com?subtree?" @@ -6957,7 +6981,7 @@ msgstr "" "dc=example,dc=com?subtree?" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:140 +#: sssd-ldap.5.xml:141 msgid "" "ldap_search_base = cn=host_specific,dc=example,dc=com?subtree?" "(host=thishost)?dc=example.com?subtree?" @@ -6966,7 +6990,7 @@ msgstr "" "(host=thishost)?dc=example.com?subtree?" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:143 +#: sssd-ldap.5.xml:144 msgid "" "Note: It is unsupported to have multiple search bases which reference " "identically-named objects (for example, groups with the same name in two " @@ -6979,7 +7003,7 @@ msgstr "" "поведению программы на клиентских компьютерах." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:150 +#: sssd-ldap.5.xml:151 msgid "" "Default: If not set, the value of the defaultNamingContext or namingContexts " "attribute from the RootDSE of the LDAP server is used. If " @@ -6996,12 +7020,12 @@ msgstr "" "LDAP. Использование нескольких значений не поддерживается." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:164 +#: sssd-ldap.5.xml:165 msgid "ldap_schema (string)" msgstr "ldap_schema (строка)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:167 +#: sssd-ldap.5.xml:168 msgid "" "Specifies the Schema Type in use on the target LDAP server. Depending on " "the selected schema, the default attribute names retrieved from the servers " @@ -7012,32 +7036,32 @@ msgstr "" "может различаться и способ обработки некоторых атрибутов." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:174 +#: sssd-ldap.5.xml:175 msgid "Four schema types are currently supported:" msgstr "В настоящее время поддерживаются четыре типа схем:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:178 +#: sssd-ldap.5.xml:179 msgid "rfc2307" msgstr "rfc2307" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:183 +#: sssd-ldap.5.xml:184 msgid "rfc2307bis" msgstr "rfc2307bis" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:188 +#: sssd-ldap.5.xml:189 msgid "IPA" msgstr "IPA" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:193 +#: sssd-ldap.5.xml:194 msgid "AD" msgstr "AD" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:199 +#: sssd-ldap.5.xml:200 msgid "" "The main difference between these schema types is how group memberships are " "recorded in the server. With rfc2307, group members are listed by name in " @@ -7054,39 +7078,39 @@ msgstr "" "соответствовать значениям 2008r2 Active Directory." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:209 +#: sssd-ldap.5.xml:210 msgid "Default: rfc2307" msgstr "По умолчанию: rfc2307" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:215 +#: sssd-ldap.5.xml:216 msgid "ldap_pwmodify_mode (string)" msgstr "ldap_pwmodify_mode (строка)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:218 +#: sssd-ldap.5.xml:219 msgid "Specify the operation that is used to modify user password." msgstr "" "Позволяет указать действие, которое выполняется для смены пароля " "пользователя." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:222 +#: sssd-ldap.5.xml:223 msgid "Two modes are currently supported:" msgstr "В настоящее время поддерживаются два режима:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:226 +#: sssd-ldap.5.xml:227 msgid "exop - Password Modify Extended Operation (RFC 3062)" msgstr "exop — расширенное действие по изменению пароля (RFC 3062)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:232 +#: sssd-ldap.5.xml:233 msgid "ldap_modify - Direct modification of userPassword (not recommended)." msgstr "ldap_modify — прямое изменение userPassword (не рекомендуется)." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:239 +#: sssd-ldap.5.xml:240 msgid "" "Note: First, a new connection is established to verify current password by " "binding as the user that requested password change. If successful, this " @@ -7099,54 +7123,54 @@ msgstr "" "пользователя должны быть права на запись в атрибут userPassword." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:247 +#: sssd-ldap.5.xml:248 msgid "Default: exop" msgstr "По умолчанию: exop" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:253 +#: sssd-ldap.5.xml:254 msgid "ldap_default_bind_dn (string)" msgstr "ldap_default_bind_dn (строка)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:256 +#: sssd-ldap.5.xml:257 msgid "The default bind DN to use for performing LDAP operations." msgstr "" "Стандартное DN привязки, которое следует использовать для выполнения " "действий LDAP." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:263 +#: sssd-ldap.5.xml:264 msgid "ldap_default_authtok_type (string)" msgstr "ldap_default_authtok_type (строка)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:266 +#: sssd-ldap.5.xml:267 msgid "The type of the authentication token of the default bind DN." msgstr "Тип маркера проверки подлинности для bind DN по умолчанию." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:270 +#: sssd-ldap.5.xml:271 msgid "The two mechanisms currently supported are:" msgstr "В настоящее время поддерживаются два механизма:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:273 +#: sssd-ldap.5.xml:274 msgid "password" msgstr "password" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:276 +#: sssd-ldap.5.xml:277 msgid "obfuscated_password" msgstr "obfuscated_password" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:279 +#: sssd-ldap.5.xml:280 msgid "Default: password" msgstr "По умолчанию: password" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:282 +#: sssd-ldap.5.xml:283 msgid "" "See the <citerefentry> <refentrytitle>sss_obfuscate</refentrytitle> " "<manvolnum>8</manvolnum> </citerefentry> manual page for more information." @@ -7156,22 +7180,22 @@ msgstr "" "citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:293 +#: sssd-ldap.5.xml:294 msgid "ldap_default_authtok (string)" msgstr "ldap_default_authtok (строка)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:296 +#: sssd-ldap.5.xml:297 msgid "The authentication token of the default bind DN." msgstr "Маркер проверки подлинности стандартного DN привязки." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:302 +#: sssd-ldap.5.xml:303 msgid "ldap_force_upper_case_realm (boolean)" msgstr "ldap_force_upper_case_realm (логическое значение)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:305 +#: sssd-ldap.5.xml:306 msgid "" "Some directory servers, for example Active Directory, might deliver the " "realm part of the UPN in lower case, which might cause the authentication to " @@ -7184,12 +7208,12 @@ msgstr "" "следует использовать название области в верхнем регистре." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:318 +#: sssd-ldap.5.xml:319 msgid "ldap_enumeration_refresh_timeout (integer)" msgstr "ldap_enumeration_refresh_timeout (целое число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:321 +#: sssd-ldap.5.xml:322 msgid "" "Specifies how many seconds SSSD has to wait before refreshing its cache of " "enumerated records." @@ -7198,12 +7222,12 @@ msgstr "" "перечисленных записей." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:337 +#: sssd-ldap.5.xml:338 msgid "ldap_purge_cache_timeout (integer)" msgstr "ldap_purge_cache_timeout (целое число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:340 +#: sssd-ldap.5.xml:341 msgid "" "Determine how often to check the cache for inactive entries (such as groups " "with no members and users who have never logged in) and remove them to save " @@ -7214,7 +7238,7 @@ msgstr "" "выполняли вход) и удалять эти записи для экономии места." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:346 +#: sssd-ldap.5.xml:347 msgid "" "Setting this option to zero will disable the cache cleanup operation. Please " "note that if enumeration is enabled, the cleanup task is required in order " @@ -7228,12 +7252,12 @@ msgstr "" "включено." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:366 +#: sssd-ldap.5.xml:367 msgid "ldap_group_nesting_level (integer)" msgstr "ldap_group_nesting_level (целое число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:369 +#: sssd-ldap.5.xml:370 msgid "" "If ldap_schema is set to a schema format that supports nested groups (e.g. " "RFC2307bis), then this option controls how many levels of nesting SSSD will " @@ -7245,7 +7269,7 @@ msgstr "" "SSSD. Если используется схема RFC2307, этот параметр ни на что не влияет." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:376 +#: sssd-ldap.5.xml:377 msgid "" "Note: This option specifies the guaranteed level of nested groups to be " "processed for any lookup. However, nested groups beyond this limit " @@ -7262,7 +7286,7 @@ msgstr "" "исходного поиска, когда он будет выполнен повторно." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:385 +#: sssd-ldap.5.xml:386 msgid "" "If ldap_group_nesting_level is set to 0 then no nested groups are processed " "at all. However, when connected to Active-Directory Server 2008 and later " @@ -7278,12 +7302,12 @@ msgstr "" "для ограничения вложенности групп." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:394 +#: sssd-ldap.5.xml:395 msgid "Default: 2" msgstr "По умолчанию: 2" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:403 +#: sssd-ldap.5.xml:404 msgid "" "This options enables or disables use of Token-Groups attribute when " "performing initgroup for users from Active Directory Server 2008 and later." @@ -7293,25 +7317,25 @@ msgstr "" "выше." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:413 +#: sssd-ldap.5.xml:414 msgid "Default: True for AD and IPA otherwise False." msgstr "По умолчанию: True для AD и IPA, в ином случае — False." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:419 +#: sssd-ldap.5.xml:420 msgid "ldap_host_search_base (string)" msgstr "ldap_host_search_base (строка)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:422 +#: sssd-ldap.5.xml:423 msgid "Optional. Use the given string as search base for host objects." msgstr "" "Необязательный параметр. Использовать указанную строку как базу поиска " "объектов узлов." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:426 sssd-ipa.5.xml:457 sssd-ipa.5.xml:476 sssd-ipa.5.xml:495 -#: sssd-ipa.5.xml:514 +#: sssd-ldap.5.xml:427 sssd-ipa.5.xml:462 sssd-ipa.5.xml:481 sssd-ipa.5.xml:500 +#: sssd-ipa.5.xml:519 msgid "" "See <quote>ldap_search_base</quote> for information about configuring " "multiple search bases." @@ -7320,32 +7344,32 @@ msgstr "" "<quote>ldap_search_base</quote>." #. type: Content of: <listitem><para> -#: sssd-ldap.5.xml:431 sssd-ipa.5.xml:462 include/ldap_search_bases.xml:27 +#: sssd-ldap.5.xml:432 sssd-ipa.5.xml:467 include/ldap_search_bases.xml:27 msgid "Default: the value of <emphasis>ldap_search_base</emphasis>" msgstr "По умолчанию: значение <emphasis>ldap_search_base</emphasis>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:438 +#: sssd-ldap.5.xml:439 msgid "ldap_service_search_base (string)" msgstr "ldap_service_search_base (строка)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:443 +#: sssd-ldap.5.xml:444 msgid "ldap_iphost_search_base (string)" msgstr "ldap_iphost_search_base (строка)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:448 +#: sssd-ldap.5.xml:449 msgid "ldap_ipnetwork_search_base (string)" msgstr "ldap_ipnetwork_search_base (строка)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:453 +#: sssd-ldap.5.xml:454 msgid "ldap_search_timeout (integer)" msgstr "ldap_search_timeout (целое число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:456 +#: sssd-ldap.5.xml:457 msgid "" "Specifies the timeout (in seconds) that ldap searches are allowed to run " "before they are cancelled and cached results are returned (and offline mode " @@ -7356,7 +7380,7 @@ msgstr "" "результаты (и выполнен переход в автономный режим)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:462 +#: sssd-ldap.5.xml:463 msgid "" "Note: this option is subject to change in future versions of the SSSD. It " "will likely be replaced at some point by a series of timeouts for specific " @@ -7366,12 +7390,12 @@ msgstr "" "его заменит ряд тайм-аутов для отдельных типов поиска." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:479 +#: sssd-ldap.5.xml:480 msgid "ldap_enumeration_search_timeout (integer)" msgstr "ldap_enumeration_search_timeout (целое число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:482 +#: sssd-ldap.5.xml:483 msgid "" "Specifies the timeout (in seconds) that ldap searches for user and group " "enumerations are allowed to run before they are cancelled and cached results " @@ -7383,12 +7407,12 @@ msgstr "" "автономный режим)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:500 +#: sssd-ldap.5.xml:501 msgid "ldap_network_timeout (integer)" msgstr "ldap_network_timeout (целое число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:503 +#: sssd-ldap.5.xml:504 msgid "" "Specifies the timeout (in seconds) after which the <citerefentry> " "<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/" @@ -7405,12 +7429,12 @@ msgstr "" "<manvolnum>2</manvolnum> </citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:531 +#: sssd-ldap.5.xml:532 msgid "ldap_opt_timeout (integer)" msgstr "ldap_opt_timeout (целое число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:534 +#: sssd-ldap.5.xml:535 msgid "" "Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs " "will abort if no response is received. Also controls the timeout when " @@ -7424,12 +7448,12 @@ msgstr "" "расширенного действия по смене пароля и действия StartTLS." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:554 +#: sssd-ldap.5.xml:555 msgid "ldap_connection_expire_timeout (integer)" msgstr "ldap_connection_expire_timeout (целое число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:557 +#: sssd-ldap.5.xml:558 msgid "" "Specifies a timeout (in seconds) that a connection to an LDAP server will be " "maintained. After this time, the connection will be re-established. If used " @@ -7443,7 +7467,7 @@ msgstr "" "значений (значение этого параметра или значение времени жизни TGT)." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:565 +#: sssd-ldap.5.xml:566 msgid "" "If the connection is idle (not actively running an operation) within " "<emphasis>ldap_opt_timeout</emphasis> seconds of expiration, then it will be " @@ -7461,7 +7485,7 @@ msgstr "" "<emphasis>ldap_connection_expire_timeout <= ldap_opt_timout</emphasis>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:577 +#: sssd-ldap.5.xml:578 msgid "" "This timeout can be extended of a random value specified by " "<emphasis>ldap_connection_expire_offset</emphasis>" @@ -7470,17 +7494,17 @@ msgstr "" "параметра <emphasis>ldap_connection_expire_offset</emphasis>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:587 sssd-ldap.5.xml:630 sssd-ldap.5.xml:1711 +#: sssd-ldap.5.xml:588 sssd-ldap.5.xml:631 sssd-ldap.5.xml:1713 msgid "Default: 900 (15 minutes)" msgstr "По умолчанию: 900 (15 минут)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:593 +#: sssd-ldap.5.xml:594 msgid "ldap_connection_expire_offset (integer)" msgstr "ldap_connection_expire_offset (целое число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:596 +#: sssd-ldap.5.xml:597 msgid "" "Random offset between 0 and configured value is added to " "<emphasis>ldap_connection_expire_timeout</emphasis>." @@ -7489,12 +7513,12 @@ msgstr "" "<emphasis>ldap_connection_expire_timeout</emphasis>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:612 +#: sssd-ldap.5.xml:613 msgid "ldap_connection_idle_timeout (integer)" msgstr "ldap_connection_idle_timeout (целое число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:615 +#: sssd-ldap.5.xml:616 msgid "" "Specifies a timeout (in seconds) that an idle connection to an LDAP server " "will be maintained. If the connection is idle for more than this time then " @@ -7505,17 +7529,17 @@ msgstr "" "бездействует дольше этого времени, соединение будет закрыто." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:621 +#: sssd-ldap.5.xml:622 msgid "You can disable this timeout by setting the value to 0." msgstr "Можно отключить этот тайм-аут, установив значение «0»." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:636 +#: sssd-ldap.5.xml:637 msgid "ldap_page_size (integer)" msgstr "ldap_page_size (целое число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:639 +#: sssd-ldap.5.xml:640 msgid "" "Specify the number of records to retrieve from LDAP in a single request. " "Some LDAP servers enforce a maximum limit per-request." @@ -7525,12 +7549,12 @@ msgstr "" "количества на один запрос." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:650 +#: sssd-ldap.5.xml:651 msgid "ldap_disable_paging (boolean)" msgstr "ldap_disable_paging (логическое значение)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:653 +#: sssd-ldap.5.xml:654 msgid "" "Disable the LDAP paging control. This option should be used if the LDAP " "server reports that it supports the LDAP paging control in its RootDSE but " @@ -7542,7 +7566,7 @@ msgstr "" "работает надлежащим образом." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:659 +#: sssd-ldap.5.xml:660 msgid "" "Example: OpenLDAP servers with the paging control module installed on the " "server but not enabled will report it in the RootDSE but be unable to use it." @@ -7552,7 +7576,7 @@ msgstr "" "RootDSE, но не смогут использовать его." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:665 +#: sssd-ldap.5.xml:666 msgid "" "Example: 389 DS has a bug where it can only support a one paging control at " "a time on a single connection. On busy clients, this can result in some " @@ -7564,17 +7588,17 @@ msgstr "" "привести к отказам в выполнении некоторых из них." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:677 +#: sssd-ldap.5.xml:678 msgid "ldap_disable_range_retrieval (boolean)" msgstr "ldap_disable_range_retrieval (логическое значение)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:680 +#: sssd-ldap.5.xml:681 msgid "Disable Active Directory range retrieval." msgstr "Отключить получение диапазонов Active Directory." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:683 +#: sssd-ldap.5.xml:684 msgid "" "Active Directory limits the number of members to be retrieved in a single " "lookup using the MaxValRange policy (which defaults to 1500 members). If a " @@ -7590,12 +7614,12 @@ msgstr "" "большие группы будут показаны как группы без участников." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:698 +#: sssd-ldap.5.xml:699 msgid "ldap_sasl_minssf (integer)" msgstr "ldap_sasl_minssf (целое число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:701 +#: sssd-ldap.5.xml:702 msgid "" "When communicating with an LDAP server using SASL, specify the minimum " "security level necessary to establish the connection. The values of this " @@ -7606,19 +7630,19 @@ msgstr "" "Значение этого параметра определяется OpenLDAP." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:707 sssd-ldap.5.xml:723 +#: sssd-ldap.5.xml:708 sssd-ldap.5.xml:724 msgid "Default: Use the system default (usually specified by ldap.conf)" msgstr "" "По умолчанию: использовать стандартное системное значение (обычно " "указывается в ldap.conf)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:714 +#: sssd-ldap.5.xml:715 msgid "ldap_sasl_maxssf (integer)" msgstr "ldap_sasl_maxssf (целое число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:717 +#: sssd-ldap.5.xml:718 msgid "" "When communicating with an LDAP server using SASL, specify the maximal " "security level necessary to establish the connection. The values of this " @@ -7629,12 +7653,12 @@ msgstr "" "Значение этого параметра определяется OpenLDAP." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:730 +#: sssd-ldap.5.xml:731 msgid "ldap_deref_threshold (integer)" msgstr "ldap_deref_threshold (целое число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:733 +#: sssd-ldap.5.xml:734 msgid "" "Specify the number of group members that must be missing from the internal " "cache in order to trigger a dereference lookup. If less members are missing, " @@ -7646,7 +7670,7 @@ msgstr "" "для каждого из них по отдельности." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:739 +#: sssd-ldap.5.xml:740 msgid "" "You can turn off dereference lookups completely by setting the value to 0. " "Please note that there are some codepaths in SSSD, like the IPA HBAC " @@ -7663,7 +7687,7 @@ msgstr "" "поддерживает его и объявляет управление разыменованием в объекте rootDSE." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:750 +#: sssd-ldap.5.xml:751 msgid "" "A dereference lookup is a means of fetching all group members in a single " "LDAP call. Different LDAP servers may implement different dereference " @@ -7676,7 +7700,7 @@ msgstr "" "OpenLDAP и Active Directory." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:758 +#: sssd-ldap.5.xml:759 msgid "" "<emphasis>Note:</emphasis> If any of the search bases specifies a search " "filter, then the dereference lookup performance enhancement will be disabled " @@ -7687,12 +7711,12 @@ msgstr "" "независимо от значения этого параметра." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:771 +#: sssd-ldap.5.xml:772 msgid "ldap_ignore_unreadable_references (bool)" msgstr "ldap_ignore_unreadable_references (логическое значение)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:774 +#: sssd-ldap.5.xml:775 msgid "" "Ignore unreadable LDAP entries referenced in group's member attribute. If " "this parameter is set to false an error will be returned and the operation " @@ -7704,7 +7728,7 @@ msgstr "" "игнорирования нечитаемой записи." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:781 +#: sssd-ldap.5.xml:782 msgid "" "This parameter may be useful when using the AD provider and the computer " "account that sssd uses to connect to AD does not have access to a particular " @@ -7716,12 +7740,12 @@ msgstr "" "безопасности." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:794 +#: sssd-ldap.5.xml:795 msgid "ldap_tls_reqcert (string)" msgstr "ldap_tls_reqcert (строка)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:797 +#: sssd-ldap.5.xml:798 msgid "" "Specifies what checks to perform on server certificates in a TLS session, if " "any. It can be specified as one of the following values:" @@ -7730,7 +7754,7 @@ msgstr "" "в сеансе TLS, если это требуется. Можно указать одно из следующих значений:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:803 +#: sssd-ldap.5.xml:804 msgid "" "<emphasis>never</emphasis> = The client will not request or check any server " "certificate." @@ -7739,7 +7763,7 @@ msgstr "" "сертификаты сервера." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:807 +#: sssd-ldap.5.xml:808 msgid "" "<emphasis>allow</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -7751,7 +7775,7 @@ msgstr "" "продолжится в обычном режиме." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:814 +#: sssd-ldap.5.xml:815 msgid "" "<emphasis>try</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -7762,7 +7786,7 @@ msgstr "" "предоставлен ошибочный сертификат, сеанс немедленно будет завершён." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:820 +#: sssd-ldap.5.xml:821 msgid "" "<emphasis>demand</emphasis> = The server certificate is requested. If no " "certificate is provided, or a bad certificate is provided, the session is " @@ -7773,22 +7797,22 @@ msgstr "" "немедленно будет завершён." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:826 +#: sssd-ldap.5.xml:827 msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>" msgstr "<emphasis>hard</emphasis> = аналогично <quote>demand</quote>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:830 +#: sssd-ldap.5.xml:831 msgid "Default: hard" msgstr "По умолчанию: hard" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:836 +#: sssd-ldap.5.xml:837 msgid "ldap_tls_cacert (string)" msgstr "ldap_tls_cacert (строка)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:839 +#: sssd-ldap.5.xml:840 msgid "" "Specifies the file that contains certificates for all of the Certificate " "Authorities that <command>sssd</command> will recognize." @@ -7797,7 +7821,7 @@ msgstr "" "сертификации, которые распознаются <command>sssd</command>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:844 sssd-ldap.5.xml:862 sssd-ldap.5.xml:903 +#: sssd-ldap.5.xml:845 sssd-ldap.5.xml:863 sssd-ldap.5.xml:904 msgid "" "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap." "conf</filename>" @@ -7806,12 +7830,12 @@ msgstr "" "хранятся в <filename>/etc/openldap/ldap.conf</filename>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:851 +#: sssd-ldap.5.xml:852 msgid "ldap_tls_cacertdir (string)" msgstr "ldap_tls_cacertdir (строка)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:854 +#: sssd-ldap.5.xml:855 msgid "" "Specifies the path of a directory that contains Certificate Authority " "certificates in separate individual files. Typically the file names need to " @@ -7824,32 +7848,32 @@ msgstr "" "использовать команду <command>cacertdir_rehash</command>, если она доступна." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:869 +#: sssd-ldap.5.xml:870 msgid "ldap_tls_cert (string)" msgstr "ldap_tls_cert (строка)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:872 +#: sssd-ldap.5.xml:873 msgid "Specifies the file that contains the certificate for the client's key." msgstr "Позволяет указать файл, который содержит сертификат для ключа клиента." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:882 +#: sssd-ldap.5.xml:883 msgid "ldap_tls_key (string)" msgstr "ldap_tls_key (строка)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:885 +#: sssd-ldap.5.xml:886 msgid "Specifies the file that contains the client's key." msgstr "Позволяет указать файл, который содержит ключ клиента." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:894 +#: sssd-ldap.5.xml:895 msgid "ldap_tls_cipher_suite (string)" msgstr "ldap_tls_cipher_suite (строка)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:897 +#: sssd-ldap.5.xml:898 msgid "" "Specifies acceptable cipher suites. Typically this is a colon separated " "list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> " @@ -7861,26 +7885,31 @@ msgstr "" "<manvolnum>5</manvolnum></citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:910 +#: sssd-ldap.5.xml:911 msgid "ldap_id_use_start_tls (boolean)" msgstr "ldap_id_use_start_tls (логическое значение)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:913 +#: sssd-ldap.5.xml:914 +#, fuzzy +#| msgid "" +#| "Specifies that the id_provider connection must also use <systemitem " +#| "class=\"protocol\">tls</systemitem> to protect the channel." msgid "" "Specifies that the id_provider connection must also use <systemitem " -"class=\"protocol\">tls</systemitem> to protect the channel." +"class=\"protocol\">tls</systemitem> to protect the channel. <emphasis>true</" +"emphasis> is strongly recommended for security reasons." msgstr "" "Позволяет указать, что подключение id_provider должно также использовать " "<systemitem class=\"protocol\">tls</systemitem> для защиты канала." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:923 +#: sssd-ldap.5.xml:925 msgid "ldap_id_mapping (boolean)" msgstr "ldap_id_mapping (логическое значение)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:926 +#: sssd-ldap.5.xml:928 msgid "" "Specifies that SSSD should attempt to map user and group IDs from the " "ldap_user_objectsid and ldap_group_objectsid attributes instead of relying " @@ -7892,19 +7921,19 @@ msgstr "" "ldap_group_gid_number." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:932 +#: sssd-ldap.5.xml:934 msgid "Currently this feature supports only ActiveDirectory objectSID mapping." msgstr "" "В настоящее время эта функциональная возможность поддерживает только " "сопоставление objectSID Active Directory." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:942 +#: sssd-ldap.5.xml:944 msgid "ldap_min_id, ldap_max_id (integer)" msgstr "ldap_min_id, ldap_max_id (целое число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:945 +#: sssd-ldap.5.xml:947 msgid "" "In contrast to the SID based ID mapping which is used if ldap_id_mapping is " "set to true the allowed ID range for ldap_user_uid_number and " @@ -7924,17 +7953,17 @@ msgstr "" "другие диапазоны для сопоставления идентификаторов." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:957 +#: sssd-ldap.5.xml:959 msgid "Default: not set (both options are set to 0)" msgstr "По умолчанию: не задано (оба параметра установлены в значение 0)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:963 +#: sssd-ldap.5.xml:965 msgid "ldap_sasl_mech (string)" msgstr "ldap_sasl_mech (строка)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:966 +#: sssd-ldap.5.xml:968 msgid "" "Specify the SASL mechanism to use. Currently only GSSAPI and GSS-SPNEGO are " "tested and supported." @@ -7943,7 +7972,7 @@ msgstr "" "время протестированы и поддерживаются только GSSAPI и GSS-SPNEGO." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:970 +#: sssd-ldap.5.xml:972 msgid "" "If the backend supports sub-domains the value of ldap_sasl_mech is " "automatically inherited to the sub-domains. If a different value is needed " @@ -7961,12 +7990,12 @@ msgstr "" "manvolnum></citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:986 +#: sssd-ldap.5.xml:988 msgid "ldap_sasl_authid (string)" msgstr "ldap_sasl_authid (строка)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd-ldap.5.xml:998 +#: sssd-ldap.5.xml:1000 #, no-wrap msgid "" "hostname@REALM\n" @@ -7986,7 +8015,7 @@ msgstr "" " " #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:989 +#: sssd-ldap.5.xml:991 msgid "" "Specify the SASL authorization id to use. When GSSAPI/GSS-SPNEGO are used, " "this represents the Kerberos principal used for authentication to the " @@ -8006,17 +8035,17 @@ msgstr "" "найдены, возвращается первый участник из таблицы ключей." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1009 +#: sssd-ldap.5.xml:1011 msgid "Default: host/hostname@REALM" msgstr "По умолчанию: host/hostname@REALM" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1015 +#: sssd-ldap.5.xml:1017 msgid "ldap_sasl_realm (string)" msgstr "ldap_sasl_realm (строка)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1018 +#: sssd-ldap.5.xml:1020 msgid "" "Specify the SASL realm to use. When not specified, this option defaults to " "the value of krb5_realm. If the ldap_sasl_authid contains the realm as " @@ -8027,17 +8056,17 @@ msgstr "" "ldap_sasl_authid также содержит область, этот параметр игнорируется." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1024 +#: sssd-ldap.5.xml:1026 msgid "Default: the value of krb5_realm." msgstr "По умолчанию: значение krb5_realm." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1030 +#: sssd-ldap.5.xml:1032 msgid "ldap_sasl_canonicalize (boolean)" msgstr "ldap_sasl_canonicalize (логическое значение)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1033 +#: sssd-ldap.5.xml:1035 msgid "" "If set to true, the LDAP library would perform a reverse lookup to " "canonicalize the host name during a SASL bind." @@ -8047,36 +8076,36 @@ msgstr "" "привязки SASL." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1038 +#: sssd-ldap.5.xml:1040 msgid "Default: false;" msgstr "По умолчанию: false;" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1044 +#: sssd-ldap.5.xml:1046 msgid "ldap_krb5_keytab (string)" msgstr "ldap_krb5_keytab (строка)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1047 +#: sssd-ldap.5.xml:1049 msgid "Specify the keytab to use when using SASL/GSSAPI/GSS-SPNEGO." msgstr "" "Позволяет указать таблицу ключей, которую следует использовать при " "использовании проверки подлинности с помощью SASL/GSSAPI/GSS-SPNEGO." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1056 sssd-krb5.5.xml:247 +#: sssd-ldap.5.xml:1058 sssd-krb5.5.xml:247 msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>" msgstr "" "По умолчанию: системная таблица ключей, обычно <filename>/etc/krb5.keytab</" "filename>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1062 +#: sssd-ldap.5.xml:1064 msgid "ldap_krb5_init_creds (boolean)" msgstr "ldap_krb5_init_creds (логическое значение)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1065 +#: sssd-ldap.5.xml:1067 msgid "" "Specifies that the id_provider should init Kerberos credentials (TGT). This " "action is performed only if SASL is used and the mechanism selected is " @@ -8087,12 +8116,12 @@ msgstr "" "используется SASL и выбран механизм GSSAPI или GSS-SPNEGO." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1077 +#: sssd-ldap.5.xml:1079 msgid "ldap_krb5_ticket_lifetime (integer)" msgstr "ldap_krb5_ticket_lifetime (целое число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1080 +#: sssd-ldap.5.xml:1082 msgid "" "Specifies the lifetime in seconds of the TGT if GSSAPI or GSS-SPNEGO is used." msgstr "" @@ -8100,17 +8129,17 @@ msgstr "" "GSS-SPNEGO." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1089 sssd-ad.5.xml:1252 +#: sssd-ldap.5.xml:1091 sssd-ad.5.xml:1252 msgid "Default: 86400 (24 hours)" msgstr "По умолчанию: 86400 (24 часа)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1095 sssd-krb5.5.xml:74 +#: sssd-ldap.5.xml:1097 sssd-krb5.5.xml:74 msgid "krb5_server, krb5_backup_server (string)" msgstr "krb5_server, krb5_backup_server (строка)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1098 +#: sssd-ldap.5.xml:1100 msgid "" "Specifies the comma-separated list of IP addresses or hostnames of the " "Kerberos servers to which SSSD should connect in the order of preference. " @@ -8129,7 +8158,7 @@ msgstr "" "сведения доступны в разделе <quote>ОБНАРУЖЕНИЕ СЛУЖБ</quote>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1110 sssd-krb5.5.xml:89 +#: sssd-ldap.5.xml:1112 sssd-krb5.5.xml:89 msgid "" "When using service discovery for KDC or kpasswd servers, SSSD first searches " "for DNS entries that specify _udp as the protocol and falls back to _tcp if " @@ -8141,7 +8170,7 @@ msgstr "" "в которых в качестве протокола указан _tcp." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1115 sssd-krb5.5.xml:94 +#: sssd-ldap.5.xml:1117 sssd-krb5.5.xml:94 msgid "" "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. " "While the legacy name is recognized for the time being, users are advised to " @@ -8152,31 +8181,31 @@ msgstr "" "перейти на использование <quote>krb5_server</quote> в файлах конфигурации." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1124 sssd-ipa.5.xml:526 sssd-krb5.5.xml:103 +#: sssd-ldap.5.xml:1126 sssd-ipa.5.xml:531 sssd-krb5.5.xml:103 msgid "krb5_realm (string)" msgstr "krb5_realm (строка)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1127 +#: sssd-ldap.5.xml:1129 msgid "Specify the Kerberos REALM (for SASL/GSSAPI/GSS-SPNEGO auth)." msgstr "" "Позволяет указать область Kerberos (для проверки подлинности с помощью SASL/" "GSSAPI/GSS-SPNEGO)." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1131 +#: sssd-ldap.5.xml:1133 msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>" msgstr "" "По умолчанию: стандартные параметры системы, см. <filename>/etc/krb5.conf</" "filename>" #. type: Content of: <variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1137 include/krb5_options.xml:154 +#: sssd-ldap.5.xml:1139 include/krb5_options.xml:154 msgid "krb5_canonicalize (boolean)" msgstr "krb5_canonicalize (логическое значение)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1140 +#: sssd-ldap.5.xml:1142 msgid "" "Specifies if the host principal should be canonicalized when connecting to " "LDAP server. This feature is available with MIT Kerberos >= 1.7" @@ -8186,12 +8215,12 @@ msgstr "" ">= 1.7" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1152 sssd-krb5.5.xml:336 +#: sssd-ldap.5.xml:1154 sssd-krb5.5.xml:336 msgid "krb5_use_kdcinfo (boolean)" msgstr "krb5_use_kdcinfo (логическое значение)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1155 sssd-krb5.5.xml:339 +#: sssd-ldap.5.xml:1157 sssd-krb5.5.xml:339 msgid "" "Specifies if the SSSD should instruct the Kerberos libraries what realm and " "which KDCs to use. This option is on by default, if you disable it, you need " @@ -8206,7 +8235,7 @@ msgstr "" "<manvolnum>5</manvolnum> </citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1166 sssd-krb5.5.xml:350 +#: sssd-ldap.5.xml:1168 sssd-krb5.5.xml:350 msgid "" "See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</" "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more " @@ -8217,12 +8246,12 @@ msgstr "" "<manvolnum>8</manvolnum> </citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1180 +#: sssd-ldap.5.xml:1182 msgid "ldap_pwd_policy (string)" msgstr "ldap_pwd_policy (строка)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1183 +#: sssd-ldap.5.xml:1185 msgid "" "Select the policy to evaluate the password expiration on the client side. " "The following values are allowed:" @@ -8231,7 +8260,7 @@ msgstr "" "клиента. Допускаются следующие значения:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1188 +#: sssd-ldap.5.xml:1190 msgid "" "<emphasis>none</emphasis> - No evaluation on the client side. This option " "cannot disable server-side password policies." @@ -8240,7 +8269,7 @@ msgstr "" "параметра нельзя отключить политики паролей на стороне сервера." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1193 +#: sssd-ldap.5.xml:1195 msgid "" "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</" "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to " @@ -8253,7 +8282,7 @@ msgstr "" "пароля. См. также опцию «ldap_chpass_update_last_change»." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1201 +#: sssd-ldap.5.xml:1203 msgid "" "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos " "to determine if the password has expired. Use chpass_provider=krb5 to update " @@ -8265,7 +8294,7 @@ msgstr "" "chpass_provider=krb5." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1210 +#: sssd-ldap.5.xml:1212 msgid "" "<emphasis>Note</emphasis>: if a password policy is configured on server " "side, it always takes precedence over policy set with this option." @@ -8275,18 +8304,18 @@ msgstr "" "этого параметра." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1218 +#: sssd-ldap.5.xml:1220 msgid "ldap_referrals (boolean)" msgstr "ldap_referrals (логическое значение)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1221 +#: sssd-ldap.5.xml:1223 msgid "Specifies whether automatic referral chasing should be enabled." msgstr "" "Позволяет указать, следует ли включить автоматическое прослеживание ссылок." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1225 +#: sssd-ldap.5.xml:1227 msgid "" "Please note that sssd only supports referral chasing when it is compiled " "with OpenLDAP version 2.4.13 or higher." @@ -8295,7 +8324,7 @@ msgstr "" "случае, если сервис собран с OpenLDAP версии 2.4.13 или выше." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1230 +#: sssd-ldap.5.xml:1232 msgid "" "Chasing referrals may incur a performance penalty in environments that use " "them heavily, a notable example is Microsoft Active Directory. If your setup " @@ -8317,29 +8346,29 @@ msgstr "" "домена AD, это не позволило бы получить дополнительные данные." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1249 +#: sssd-ldap.5.xml:1251 msgid "ldap_dns_service_name (string)" msgstr "ldap_dns_service_name (строка)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1252 +#: sssd-ldap.5.xml:1254 msgid "Specifies the service name to use when service discovery is enabled." msgstr "" "Позволяет указать имя службы, которое будет использоваться, когда включено " "обнаружение служб." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1256 +#: sssd-ldap.5.xml:1258 msgid "Default: ldap" msgstr "По умолчанию: ldap" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1262 +#: sssd-ldap.5.xml:1264 msgid "ldap_chpass_dns_service_name (string)" msgstr "ldap_chpass_dns_service_name (строка)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1265 +#: sssd-ldap.5.xml:1267 msgid "" "Specifies the service name to use to find an LDAP server which allows " "password changes when service discovery is enabled." @@ -8348,17 +8377,17 @@ msgstr "" "менять пароль, когда включено обнаружение служб." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1270 +#: sssd-ldap.5.xml:1272 msgid "Default: not set, i.e. service discovery is disabled" msgstr "По умолчанию: не задано, то есть обнаружение служб отключено" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1276 +#: sssd-ldap.5.xml:1278 msgid "ldap_chpass_update_last_change (bool)" msgstr "ldap_chpass_update_last_change (логическое значение)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1279 +#: sssd-ldap.5.xml:1281 msgid "" "Specifies whether to update the ldap_user_shadow_last_change attribute with " "days since the Epoch after a password change operation." @@ -8367,7 +8396,7 @@ msgstr "" "данными о количестве дней с момента выполнения действия по смены пароля." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1285 +#: sssd-ldap.5.xml:1287 msgid "" "It is recommend to set this option explicitly if \"ldap_pwd_policy = " "shadow\" is used to let SSSD know if the LDAP server will update " @@ -8380,12 +8409,12 @@ msgstr "" "SSSD должен обновить его." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1299 +#: sssd-ldap.5.xml:1301 msgid "ldap_access_filter (string)" msgstr "ldap_access_filter (строка)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1302 +#: sssd-ldap.5.xml:1304 msgid "" "If using access_provider = ldap and ldap_access_order = filter (default), " "this option is mandatory. It specifies an LDAP search filter criteria that " @@ -8414,12 +8443,12 @@ msgstr "" "refentrytitle><manvolnum>5</manvolnum> </citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1322 +#: sssd-ldap.5.xml:1324 msgid "Example:" msgstr "Пример:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> -#: sssd-ldap.5.xml:1325 +#: sssd-ldap.5.xml:1327 #, no-wrap msgid "" "access_provider = ldap\n" @@ -8431,7 +8460,7 @@ msgstr "" " " #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1329 +#: sssd-ldap.5.xml:1331 msgid "" "This example means that access to this host is restricted to users whose " "employeeType attribute is set to \"admin\"." @@ -8440,7 +8469,7 @@ msgstr "" "атрибут employeeType которых установлен в значение «admin»." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1334 +#: sssd-ldap.5.xml:1336 msgid "" "Offline caching for this feature is limited to determining whether the " "user's last online login was granted access permission. If they were granted " @@ -8455,17 +8484,17 @@ msgstr "" "в автономном режиме." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1342 sssd-ldap.5.xml:1398 +#: sssd-ldap.5.xml:1344 sssd-ldap.5.xml:1400 msgid "Default: Empty" msgstr "По умолчанию: пусто" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1348 +#: sssd-ldap.5.xml:1350 msgid "ldap_account_expire_policy (string)" msgstr "ldap_account_expire_policy (строка)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1351 +#: sssd-ldap.5.xml:1353 msgid "" "With this option a client side evaluation of access control attributes can " "be enabled." @@ -8474,7 +8503,7 @@ msgstr "" "доступом на стороне клиента." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1355 +#: sssd-ldap.5.xml:1357 msgid "" "Please note that it is always recommended to use server side access control, " "i.e. the LDAP server should deny the bind request with a suitable error code " @@ -8485,12 +8514,12 @@ msgstr "" "соответствующим кодом ошибки, даже если пароль верен." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1362 +#: sssd-ldap.5.xml:1364 msgid "The following values are allowed:" msgstr "Допускаются следующие значения:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1365 +#: sssd-ldap.5.xml:1367 msgid "" "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to " "determine if the account is expired." @@ -8499,7 +8528,7 @@ msgstr "" "для определения того, не истёк ли срок действия учётной записи." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1370 +#: sssd-ldap.5.xml:1372 msgid "" "<emphasis>ad</emphasis>: use the value of the 32bit field " "ldap_user_ad_user_account_control and allow access if the second bit is not " @@ -8512,7 +8541,7 @@ msgstr "" "не истёк ли срок действия учётной записи." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1377 +#: sssd-ldap.5.xml:1379 msgid "" "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</" "emphasis>: use the value of ldap_ns_account_lock to check if access is " @@ -8523,7 +8552,7 @@ msgstr "" "разрешён ли доступ." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1383 +#: sssd-ldap.5.xml:1385 msgid "" "<emphasis>nds</emphasis>: the values of " "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and " @@ -8536,7 +8565,7 @@ msgstr "" "Если все атрибуты отсутствуют, доступ предоставляется." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1391 +#: sssd-ldap.5.xml:1393 msgid "" "Please note that the ldap_access_order configuration option <emphasis>must</" "emphasis> include <quote>expire</quote> in order for the " @@ -8547,24 +8576,24 @@ msgstr "" "использовать параметр ldap_account_expire_policy." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1404 +#: sssd-ldap.5.xml:1406 msgid "ldap_access_order (string)" msgstr "ldap_access_order (строка)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1407 sssd-ipa.5.xml:351 +#: sssd-ldap.5.xml:1409 sssd-ipa.5.xml:356 msgid "Comma separated list of access control options. Allowed values are:" msgstr "" "Разделённый запятыми список параметров управления доступом. Допустимые " "значения:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1411 +#: sssd-ldap.5.xml:1413 msgid "<emphasis>filter</emphasis>: use ldap_access_filter" msgstr "<emphasis>filter</emphasis>: использовать ldap_access_filter" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1414 +#: sssd-ldap.5.xml:1416 msgid "" "<emphasis>lockout</emphasis>: use account locking. If set, this option " "denies access in case that ldap attribute 'pwdAccountLockedTime' is present " @@ -8580,7 +8609,7 @@ msgstr "" "«access_provider = ldap»." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1424 +#: sssd-ldap.5.xml:1426 msgid "" "<emphasis> Please note that this option is superseded by the <quote>ppolicy</" "quote> option and might be removed in a future release. </emphasis>" @@ -8590,7 +8619,7 @@ msgstr "" "следующей версии. </emphasis>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1431 +#: sssd-ldap.5.xml:1433 msgid "" "<emphasis>ppolicy</emphasis>: use account locking. If set, this option " "denies access in case that ldap attribute 'pwdAccountLockedTime' is present " @@ -8613,12 +8642,12 @@ msgstr "" "возможности необходимо задать «access_provider = ldap»." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1448 +#: sssd-ldap.5.xml:1450 msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" msgstr "<emphasis>expire</emphasis>: использовать ldap_account_expire_policy" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1452 sssd-ipa.5.xml:359 +#: sssd-ldap.5.xml:1454 sssd-ipa.5.xml:364 msgid "" "<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, " "pwd_expire_policy_renew: </emphasis> These options are useful if users are " @@ -8632,31 +8661,31 @@ msgstr "" "и для проверки подлинности используются не пароли, а, например, ключи SSH." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1462 sssd-ipa.5.xml:369 +#: sssd-ldap.5.xml:1464 sssd-ipa.5.xml:374 msgid "" "The difference between these options is the action taken if user password is " "expired:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:1467 sssd-ipa.5.xml:374 +#: sssd-ldap.5.xml:1469 sssd-ipa.5.xml:379 msgid "pwd_expire_policy_reject - user is denied to log in," msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:1473 sssd-ipa.5.xml:380 +#: sssd-ldap.5.xml:1475 sssd-ipa.5.xml:385 msgid "pwd_expire_policy_warn - user is still able to log in," msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:1479 sssd-ipa.5.xml:386 +#: sssd-ldap.5.xml:1481 sssd-ipa.5.xml:391 msgid "" "pwd_expire_policy_renew - user is prompted to change their password " "immediately." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1487 +#: sssd-ldap.5.xml:1489 msgid "" "Please note that 'access_provider = ldap' must be set for this feature to " "work. Also 'ldap_pwd_policy' must be set to an appropriate password policy." @@ -8666,7 +8695,7 @@ msgstr "" "паролей в качестве значения параметра «ldap_pwd_policy»." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1492 +#: sssd-ldap.5.xml:1494 msgid "" "<emphasis>authorized_service</emphasis>: use the authorizedService attribute " "to determine access" @@ -8675,14 +8704,14 @@ msgstr "" "authorizedService для определения возможности доступа" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1497 +#: sssd-ldap.5.xml:1499 msgid "<emphasis>host</emphasis>: use the host attribute to determine access" msgstr "" "<emphasis>host</emphasis>: использовать атрибут host для определения " "возможности доступа" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1501 +#: sssd-ldap.5.xml:1503 msgid "" "<emphasis>rhost</emphasis>: use the rhost attribute to determine whether " "remote host can access" @@ -8691,7 +8720,7 @@ msgstr "" "возможности доступа удалённого узла" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1505 +#: sssd-ldap.5.xml:1507 msgid "" "Please note, rhost field in pam is set by application, it is better to check " "what the application sends to pam, before enabling this access control option" @@ -8701,12 +8730,12 @@ msgstr "" "прежде чем включать этот параметр управления доступом" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1510 +#: sssd-ldap.5.xml:1512 msgid "Default: filter" msgstr "По умолчанию: filter" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1513 +#: sssd-ldap.5.xml:1515 msgid "" "Please note that it is a configuration error if a value is used more than " "once." @@ -8715,12 +8744,12 @@ msgstr "" "ошибкой конфигурации." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1520 +#: sssd-ldap.5.xml:1522 msgid "ldap_pwdlockout_dn (string)" msgstr "ldap_pwdlockout_dn (строка)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1523 +#: sssd-ldap.5.xml:1525 msgid "" "This option specifies the DN of password policy entry on LDAP server. Please " "note that absence of this option in sssd.conf in case of enabled account " @@ -8733,22 +8762,22 @@ msgstr "" "невозможности надлежащим образом проверить атрибуты ppolicy на сервере LDAP." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1531 +#: sssd-ldap.5.xml:1533 msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com" msgstr "Пример: cn=ppolicy,ou=policies,dc=example,dc=com" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1534 +#: sssd-ldap.5.xml:1536 msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base" msgstr "По умолчанию: cn=ppolicy,ou=policies,$ldap_search_base" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1540 +#: sssd-ldap.5.xml:1542 msgid "ldap_deref (string)" msgstr "ldap_deref (строка)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1543 +#: sssd-ldap.5.xml:1545 msgid "" "Specifies how alias dereferencing is done when performing a search. The " "following options are allowed:" @@ -8757,12 +8786,12 @@ msgstr "" "выполнении поиска. Допустимые варианты:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1548 +#: sssd-ldap.5.xml:1550 msgid "<emphasis>never</emphasis>: Aliases are never dereferenced." msgstr "<emphasis>never</emphasis>: разыменование псевдонимов не выполняется." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1552 +#: sssd-ldap.5.xml:1554 msgid "" "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of " "the base object, but not in locating the base object of the search." @@ -8772,7 +8801,7 @@ msgstr "" "объекта поиска." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1557 +#: sssd-ldap.5.xml:1559 msgid "" "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating " "the base object of the search." @@ -8781,7 +8810,7 @@ msgstr "" "при определении расположения базового объекта поиска." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1562 +#: sssd-ldap.5.xml:1564 msgid "" "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and " "in locating the base object of the search." @@ -8790,7 +8819,7 @@ msgstr "" "поиске, так и при определении расположения базового объекта поиска." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1567 +#: sssd-ldap.5.xml:1569 msgid "" "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP " "client libraries)" @@ -8799,12 +8828,12 @@ msgstr "" "клиентскими библиотеками LDAP)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1575 +#: sssd-ldap.5.xml:1577 msgid "ldap_rfc2307_fallback_to_local_users (boolean)" msgstr "ldap_rfc2307_fallback_to_local_users (логическое значение)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1578 +#: sssd-ldap.5.xml:1580 msgid "" "Allows to retain local users as members of an LDAP group for servers that " "use the RFC2307 schema." @@ -8813,7 +8842,7 @@ msgstr "" "серверов, которые используют схему RFC2307." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1582 +#: sssd-ldap.5.xml:1584 msgid "" "In some environments where the RFC2307 schema is used, local users are made " "members of LDAP groups by adding their names to the memberUid attribute. " @@ -8830,7 +8859,7 @@ msgstr "" "информацию о пользователе через вызовы getpw*() или initgroups()." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1593 +#: sssd-ldap.5.xml:1595 msgid "" "This option falls back to checking if local users are referenced, and caches " "them so that later initgroups() calls will augment the local users with the " @@ -8842,12 +8871,12 @@ msgstr "" "группами LDAP." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1605 sssd-ifp.5.xml:152 +#: sssd-ldap.5.xml:1607 sssd-ifp.5.xml:152 msgid "wildcard_limit (integer)" msgstr "wildcard_limit (целое число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1608 +#: sssd-ldap.5.xml:1610 msgid "" "Specifies an upper limit on the number of entries that are downloaded during " "a wildcard lookup." @@ -8856,24 +8885,24 @@ msgstr "" "поиска с использованием подстановочных знаков." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1612 +#: sssd-ldap.5.xml:1614 msgid "At the moment, only the InfoPipe responder supports wildcard lookups." msgstr "" "В настоящее время только ответчик InfoPipe поддерживает поиск с " "использованием подстановочных знаков." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1616 +#: sssd-ldap.5.xml:1618 msgid "Default: 1000 (often the size of one page)" msgstr "По умолчанию: 1000 (часто размер одной страницы)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1622 +#: sssd-ldap.5.xml:1624 msgid "ldap_library_debug_level (integer)" msgstr "ldap_library_debug_level (целое число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1625 +#: sssd-ldap.5.xml:1627 msgid "" "Switches on libldap debugging with the given level. The libldap debug " "messages will be written independent of the general debug_level." @@ -8882,7 +8911,7 @@ msgstr "" "записываются независимо от общего debug_level." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1630 +#: sssd-ldap.5.xml:1632 msgid "" "OpenLDAP uses a bitmap to enable debugging for specific components, -1 will " "enable full debug output." @@ -8891,12 +8920,12 @@ msgstr "" "компонентов, -1 включает полный отладочный вывод." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1635 +#: sssd-ldap.5.xml:1637 msgid "Default: 0 (libldap debugging disabled)" msgstr "По умолчанию: 0 (отладка libldap отключена)" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:51 +#: sssd-ldap.5.xml:52 msgid "" "All of the common configuration options that apply to SSSD domains also " "apply to LDAP domains. Refer to the <quote>DOMAIN SECTIONS</quote> section " @@ -8916,12 +8945,12 @@ msgstr "" "</citerefentry>. <placeholder type=\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1645 +#: sssd-ldap.5.xml:1647 msgid "SUDO OPTIONS" msgstr "ПАРАМЕТРЫ SUDO" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1647 +#: sssd-ldap.5.xml:1649 msgid "" "The detailed instructions for configuration of sudo_provider are in the " "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " @@ -8932,12 +8961,12 @@ msgstr "" "<manvolnum>5</manvolnum> </citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1658 +#: sssd-ldap.5.xml:1660 msgid "ldap_sudo_full_refresh_interval (integer)" msgstr "ldap_sudo_full_refresh_interval (целое число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1661 +#: sssd-ldap.5.xml:1663 msgid "" "How many seconds SSSD will wait between executing a full refresh of sudo " "rules (which downloads all rules that are stored on the server)." @@ -8946,7 +8975,7 @@ msgstr "" "загружаются все правила, которые хранятся на сервере)." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1666 +#: sssd-ldap.5.xml:1668 msgid "" "The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </" "emphasis>" @@ -8955,7 +8984,7 @@ msgstr "" "<emphasis>ldap_sudo_smart_refresh_interval </emphasis>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1671 +#: sssd-ldap.5.xml:1673 msgid "" "You can disable full refresh by setting this option to 0. However, either " "smart or full refresh must be enabled." @@ -8964,17 +8993,17 @@ msgstr "" "Но должно быть включено либо интеллектуальное, либо полное обновление." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1676 +#: sssd-ldap.5.xml:1678 msgid "Default: 21600 (6 hours)" msgstr "По умолчанию: 21600 (6 часов)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1682 +#: sssd-ldap.5.xml:1684 msgid "ldap_sudo_smart_refresh_interval (integer)" msgstr "ldap_sudo_smart_refresh_interval (целое число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1685 +#: sssd-ldap.5.xml:1687 msgid "" "How many seconds SSSD has to wait before executing a smart refresh of sudo " "rules (which downloads all rules that have USN higher than the highest " @@ -8986,7 +9015,7 @@ msgstr "" "в настоящее время известно SSSD)." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1691 +#: sssd-ldap.5.xml:1693 msgid "" "If USN attributes are not supported by the server, the modifyTimestamp " "attribute is used instead." @@ -8995,7 +9024,7 @@ msgstr "" "modifyTimestamp." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1695 +#: sssd-ldap.5.xml:1697 msgid "" "<emphasis>Note:</emphasis> the highest USN value can be updated by three " "tasks: 1) By sudo full and smart refresh (if updated rules are found), 2) by " @@ -9011,7 +9040,7 @@ msgstr "" "<emphasis>ldap_connection_expire_timeout</emphasis>)." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1706 +#: sssd-ldap.5.xml:1708 msgid "" "You can disable smart refresh by setting this option to 0. However, either " "smart or full refresh must be enabled." @@ -9021,12 +9050,12 @@ msgstr "" "обновление." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1717 +#: sssd-ldap.5.xml:1719 msgid "ldap_sudo_random_offset (integer)" msgstr "ldap_sudo_random_offset (целое число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1720 +#: sssd-ldap.5.xml:1722 msgid "" "Random offset between 0 and configured value is added to smart and full " "refresh periods each time the periodic task is scheduled. The value is in " @@ -9037,7 +9066,7 @@ msgstr "" "периодического задания. Значение указывается в секундах." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1726 +#: sssd-ldap.5.xml:1728 msgid "" "Note that this random offset is also applied on the first SSSD start which " "delays the first sudo rules refresh. This prolongs the time when the sudo " @@ -9048,17 +9077,17 @@ msgstr "" "время, в течение которого правила sudo недоступны для использования." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1732 +#: sssd-ldap.5.xml:1734 msgid "You can disable this offset by setting the value to 0." msgstr "Можно отключить эту задержку, установив значение «0»." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1742 +#: sssd-ldap.5.xml:1744 msgid "ldap_sudo_use_host_filter (boolean)" msgstr "ldap_sudo_use_host_filter (логическое значение)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1745 +#: sssd-ldap.5.xml:1747 msgid "" "If true, SSSD will download only rules that are applicable to this machine " "(using the IPv4 or IPv6 host/network addresses and hostnames)." @@ -9068,12 +9097,12 @@ msgstr "" "адресов узлов/сетей в формате IPv4 или IPv6)." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1756 +#: sssd-ldap.5.xml:1758 msgid "ldap_sudo_hostnames (string)" msgstr "ldap_sudo_hostnames (строка)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1759 +#: sssd-ldap.5.xml:1761 msgid "" "Space separated list of hostnames or fully qualified domain names that " "should be used to filter the rules." @@ -9082,7 +9111,7 @@ msgstr "" "следует использовать для фильтрации правил." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1764 +#: sssd-ldap.5.xml:1766 msgid "" "If this option is empty, SSSD will try to discover the hostname and the " "fully qualified domain name automatically." @@ -9091,8 +9120,8 @@ msgstr "" "обнаружить имя узла и полное доменное имя." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1769 sssd-ldap.5.xml:1792 sssd-ldap.5.xml:1810 -#: sssd-ldap.5.xml:1828 +#: sssd-ldap.5.xml:1771 sssd-ldap.5.xml:1794 sssd-ldap.5.xml:1812 +#: sssd-ldap.5.xml:1830 msgid "" "If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</" "emphasis> then this option has no effect." @@ -9101,17 +9130,17 @@ msgstr "" "<emphasis>false</emphasis>, этот параметр ни на что не влияет." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1774 sssd-ldap.5.xml:1797 +#: sssd-ldap.5.xml:1776 sssd-ldap.5.xml:1799 msgid "Default: not specified" msgstr "По умолчанию: не указано" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1780 +#: sssd-ldap.5.xml:1782 msgid "ldap_sudo_ip (string)" msgstr "ldap_sudo_ip (строка)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1783 +#: sssd-ldap.5.xml:1785 msgid "" "Space separated list of IPv4 or IPv6 host/network addresses that should be " "used to filter the rules." @@ -9120,7 +9149,7 @@ msgstr "" "следует использовать для фильтрации правил." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1788 +#: sssd-ldap.5.xml:1790 msgid "" "If this option is empty, SSSD will try to discover the addresses " "automatically." @@ -9129,12 +9158,12 @@ msgstr "" "обнаружить адреса." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1803 +#: sssd-ldap.5.xml:1805 msgid "ldap_sudo_include_netgroups (boolean)" msgstr "ldap_sudo_include_netgroups (логическое значение)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1806 +#: sssd-ldap.5.xml:1808 msgid "" "If true then SSSD will download every rule that contains a netgroup in " "sudoHost attribute." @@ -9143,12 +9172,12 @@ msgstr "" "правила, которые содержат сетевую группу в атрибуте sudoHost." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1821 +#: sssd-ldap.5.xml:1823 msgid "ldap_sudo_include_regexp (boolean)" msgstr "ldap_sudo_include_regexp (логическое значение)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1824 +#: sssd-ldap.5.xml:1826 msgid "" "If true then SSSD will download every rule that contains a wildcard in " "sudoHost attribute." @@ -9157,7 +9186,7 @@ msgstr "" "правила, которые содержат подстановочный знак в атрибуте sudoHost." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><note><para> -#: sssd-ldap.5.xml:1834 +#: sssd-ldap.5.xml:1836 msgid "" "Using wildcard is an operation that is very costly to evaluate on the LDAP " "server side!" @@ -9166,7 +9195,7 @@ msgstr "" "операция на стороне сервера LDAP!" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1846 +#: sssd-ldap.5.xml:1848 msgid "" "This manual page only describes attribute name mapping. For detailed " "explanation of sudo related attribute semantics, see <citerefentry> " @@ -9179,12 +9208,12 @@ msgstr "" "refentrytitle><manvolnum>5</manvolnum> </citerefentry>" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1856 +#: sssd-ldap.5.xml:1858 msgid "AUTOFS OPTIONS" msgstr "ПАРАМЕТРЫ AUTOFS" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1858 +#: sssd-ldap.5.xml:1860 msgid "" "Some of the defaults for the parameters below are dependent on the LDAP " "schema." @@ -9193,47 +9222,47 @@ msgstr "" "схемы LDAP." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1864 +#: sssd-ldap.5.xml:1866 msgid "ldap_autofs_map_master_name (string)" msgstr "ldap_autofs_map_master_name (строка)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1867 +#: sssd-ldap.5.xml:1869 msgid "The name of the automount master map in LDAP." msgstr "Имя основной карты автоматического монтирования в LDAP." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1870 +#: sssd-ldap.5.xml:1872 msgid "Default: auto.master" msgstr "По умолчанию: auto.master" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1881 +#: sssd-ldap.5.xml:1883 msgid "ADVANCED OPTIONS" msgstr "ДОПОЛНИТЕЛЬНЫЕ ПАРАМЕТРЫ" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1888 +#: sssd-ldap.5.xml:1890 msgid "ldap_netgroup_search_base (string)" msgstr "ldap_netgroup_search_base (строка)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1893 +#: sssd-ldap.5.xml:1895 msgid "ldap_user_search_base (string)" msgstr "ldap_user_search_base (строка)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1898 +#: sssd-ldap.5.xml:1900 msgid "ldap_group_search_base (string)" msgstr "ldap_group_search_base (строка)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><note> -#: sssd-ldap.5.xml:1903 +#: sssd-ldap.5.xml:1905 msgid "<note>" msgstr "<note>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para> -#: sssd-ldap.5.xml:1905 +#: sssd-ldap.5.xml:1907 msgid "" "If the option <quote>ldap_use_tokengroups</quote> is enabled, the searches " "against Active Directory will not be restricted and return all groups " @@ -9246,22 +9275,22 @@ msgstr "" "эту возможность, если имена групп отображаются некорректно." #. type: Content of: <reference><refentry><refsect1><para><variablelist> -#: sssd-ldap.5.xml:1912 +#: sssd-ldap.5.xml:1914 msgid "</note>" msgstr "</note>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1914 +#: sssd-ldap.5.xml:1916 msgid "ldap_sudo_search_base (string)" msgstr "ldap_sudo_search_base (строка)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1919 +#: sssd-ldap.5.xml:1921 msgid "ldap_autofs_search_base (string)" msgstr "ldap_autofs_search_base (строка)" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1883 +#: sssd-ldap.5.xml:1885 msgid "" "These options are supported by LDAP domains, but they should be used with " "caution. Please include them in your configuration only if you know what you " @@ -9274,14 +9303,14 @@ msgstr "" "<placeholder type=\"variablelist\" id=\"1\"/>" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1934 sssd-simple.5.xml:131 sssd-ipa.5.xml:925 -#: sssd-ad.5.xml:1386 sssd-krb5.5.xml:483 sss_rpcidmapd.5.xml:98 +#: sssd-ldap.5.xml:1936 sssd-simple.5.xml:131 sssd-ipa.5.xml:930 +#: sssd-ad.5.xml:1391 sssd-krb5.5.xml:483 sss_rpcidmapd.5.xml:98 #: sssd-files.5.xml:155 sssd-session-recording.5.xml:176 msgid "EXAMPLE" msgstr "ПРИМЕР" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1936 +#: sssd-ldap.5.xml:1938 msgid "" "The following example assumes that SSSD is correctly configured and LDAP is " "set to one of the domains in the <replaceable>[domains]</replaceable> " @@ -9292,7 +9321,7 @@ msgstr "" "<replaceable>[domains]</replaceable>." #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ldap.5.xml:1942 +#: sssd-ldap.5.xml:1944 #, no-wrap msgid "" "[domain/LDAP]\n" @@ -9312,20 +9341,20 @@ msgstr "" "cache_credentials = true\n" #. type: Content of: <refsect1><refsect2><para> -#: sssd-ldap.5.xml:1941 sssd-ldap.5.xml:1959 sssd-simple.5.xml:139 -#: sssd-ipa.5.xml:933 sssd-ad.5.xml:1394 sssd-sudo.5.xml:56 sssd-krb5.5.xml:492 +#: sssd-ldap.5.xml:1943 sssd-ldap.5.xml:1961 sssd-simple.5.xml:139 +#: sssd-ipa.5.xml:938 sssd-ad.5.xml:1399 sssd-sudo.5.xml:56 sssd-krb5.5.xml:492 #: sssd-files.5.xml:162 sssd-files.5.xml:173 sssd-session-recording.5.xml:182 #: include/ldap_id_mapping.xml:105 msgid "<placeholder type=\"programlisting\" id=\"0\"/>" msgstr "<placeholder type=\"programlisting\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1953 +#: sssd-ldap.5.xml:1955 msgid "LDAP ACCESS FILTER EXAMPLE" msgstr "ПРИМЕР ФИЛЬТРА ДОСТУПА LDAP" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1955 +#: sssd-ldap.5.xml:1957 msgid "" "The following example assumes that SSSD is correctly configured and to use " "the ldap_access_order=lockout." @@ -9334,7 +9363,7 @@ msgstr "" "используется ldap_access_order=lockout." #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ldap.5.xml:1960 +#: sssd-ldap.5.xml:1962 #, no-wrap msgid "" "[domain/LDAP]\n" @@ -9360,13 +9389,13 @@ msgstr "" "cache_credentials = true\n" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1975 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148 -#: sssd-ad.5.xml:1409 sssd.8.xml:238 sss_seed.8.xml:163 +#: sssd-ldap.5.xml:1977 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148 +#: sssd-ad.5.xml:1414 sssd.8.xml:238 sss_seed.8.xml:163 msgid "NOTES" msgstr "ПРИМЕЧАНИЯ" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1977 +#: sssd-ldap.5.xml:1979 msgid "" "The descriptions of some of the configuration options in this manual page " "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> " @@ -12323,12 +12352,12 @@ msgid "Example: dyndns_iface = em1, vnet1, vnet2" msgstr "Пример: dyndns_iface = em1, vnet1, vnet2" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:204 sssd-ad.5.xml:1285 +#: sssd-ipa.5.xml:204 sssd-ad.5.xml:1290 msgid "dyndns_auth (string)" msgstr "dyndns_auth (строка)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:207 sssd-ad.5.xml:1288 +#: sssd-ipa.5.xml:207 sssd-ad.5.xml:1293 msgid "" "Whether the nsupdate utility should use GSS-TSIG authentication for secure " "updates with the DNS server, insecure updates can be sent by setting this " @@ -12339,17 +12368,17 @@ msgstr "" "отправлять, установив этот параметр в значение «none»." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:213 sssd-ad.5.xml:1294 +#: sssd-ipa.5.xml:213 sssd-ad.5.xml:1299 msgid "Default: GSS-TSIG" msgstr "По умолчанию: GSS-TSIG" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:219 sssd-ad.5.xml:1300 +#: sssd-ipa.5.xml:219 sssd-ad.5.xml:1305 msgid "dyndns_auth_ptr (string)" msgstr "dyndns_auth_ptr (строка)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:222 sssd-ad.5.xml:1303 +#: sssd-ipa.5.xml:222 sssd-ad.5.xml:1308 msgid "" "Whether the nsupdate utility should use GSS-TSIG authentication for secure " "PTR updates with the DNS server, insecure updates can be sent by setting " @@ -12360,7 +12389,7 @@ msgstr "" "отправлять, установив этот параметр в значение «none»." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:228 sssd-ad.5.xml:1309 +#: sssd-ipa.5.xml:228 sssd-ad.5.xml:1314 msgid "Default: Same as dyndns_auth" msgstr "По умолчанию: то же, что и dyndns_auth" @@ -12439,17 +12468,24 @@ msgstr "" "автоматически при смене записей перенаправления." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:290 +#: sssd-ipa.5.xml:290 sssd-ad.5.xml:1266 +msgid "" +"Note that <emphasis>dyndns_update_per_family</emphasis> parameter does not " +"apply for PTR record updates. Those updates are always sent separately." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:295 msgid "Default: False (disabled)" msgstr "По умолчанию: false (отключено)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:296 sssd-ad.5.xml:1272 +#: sssd-ipa.5.xml:301 sssd-ad.5.xml:1277 msgid "dyndns_force_tcp (bool)" msgstr "dyndns_force_tcp (логическое значение)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:299 sssd-ad.5.xml:1275 +#: sssd-ipa.5.xml:304 sssd-ad.5.xml:1280 msgid "" "Whether the nsupdate utility should default to using TCP for communicating " "with the DNS server." @@ -12458,17 +12494,17 @@ msgstr "" "с сервером DNS." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:303 sssd-ad.5.xml:1279 +#: sssd-ipa.5.xml:308 sssd-ad.5.xml:1284 msgid "Default: False (let nsupdate choose the protocol)" msgstr "По умолчанию: false (разрешить nsupdate выбрать протокол)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:309 sssd-ad.5.xml:1315 +#: sssd-ipa.5.xml:314 sssd-ad.5.xml:1320 msgid "dyndns_server (string)" msgstr "dyndns_server (строка)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:312 sssd-ad.5.xml:1318 +#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1323 msgid "" "The DNS server to use when performing a DNS update. In most setups, it's " "recommended to leave this option unset." @@ -12478,7 +12514,7 @@ msgstr "" "параметра." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1323 +#: sssd-ipa.5.xml:322 sssd-ad.5.xml:1328 msgid "" "Setting this option makes sense for environments where the DNS server is " "different from the identity server." @@ -12487,7 +12523,7 @@ msgstr "" "отличается от сервера данных идентификации." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:322 sssd-ad.5.xml:1328 +#: sssd-ipa.5.xml:327 sssd-ad.5.xml:1333 msgid "" "Please note that this option will be only used in fallback attempt when " "previous attempt using autodetected settings failed." @@ -12497,17 +12533,17 @@ msgstr "" "использованием автоматически определённых параметров завершилась неудачей." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:327 sssd-ad.5.xml:1333 +#: sssd-ipa.5.xml:332 sssd-ad.5.xml:1338 msgid "Default: None (let nsupdate choose the server)" msgstr "По умолчанию: none (разрешить nsupdate выбрать сервер)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:333 sssd-ad.5.xml:1339 +#: sssd-ipa.5.xml:338 sssd-ad.5.xml:1344 msgid "dyndns_update_per_family (boolean)" msgstr "dyndns_update_per_family (логическое значение)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:336 sssd-ad.5.xml:1342 +#: sssd-ipa.5.xml:341 sssd-ad.5.xml:1347 msgid "" "DNS update is by default performed in two steps - IPv4 update and then IPv6 " "update. In some cases it might be desirable to perform IPv4 and IPv6 update " @@ -12518,21 +12554,21 @@ msgstr "" "обновление IPv4 и IPv6 за один шаг." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:348 +#: sssd-ipa.5.xml:353 #, fuzzy #| msgid "ldap_access_order (string)" msgid "ipa_access_order (string)" msgstr "ldap_access_order (строка)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:355 +#: sssd-ipa.5.xml:360 #, fuzzy #| msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" msgid "<emphasis>expire</emphasis>: use IPA's account expiration policy." msgstr "<emphasis>expire</emphasis>: использовать ldap_account_expire_policy" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:394 +#: sssd-ipa.5.xml:399 #, fuzzy #| msgid "" #| "Please note that 'access_provider = ldap' must be set for this feature to " @@ -12547,12 +12583,12 @@ msgstr "" "паролей в качестве значения параметра «ldap_pwd_policy»." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:401 +#: sssd-ipa.5.xml:406 msgid "ipa_deskprofile_search_base (string)" msgstr "ipa_deskprofile_search_base (строка)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:404 +#: sssd-ipa.5.xml:409 msgid "" "Optional. Use the given string as search base for Desktop Profile related " "objects." @@ -12561,17 +12597,17 @@ msgstr "" "объектов, связанных с профилями рабочего стола." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:408 sssd-ipa.5.xml:435 +#: sssd-ipa.5.xml:413 sssd-ipa.5.xml:440 msgid "Default: Use base DN" msgstr "По умолчанию: использовать base DN" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:414 +#: sssd-ipa.5.xml:419 msgid "ipa_subid_ranges_search_base (string)" msgstr "ipa_subid_ranges_search_base (строка)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:417 +#: sssd-ipa.5.xml:422 msgid "" "Optional. Use the given string as search base for subordinate ranges related " "objects." @@ -12580,98 +12616,98 @@ msgstr "" "объектов, связанных с подчиненными диапазонами объектов." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:421 +#: sssd-ipa.5.xml:426 msgid "Default: the value of <emphasis>cn=subids,%basedn</emphasis>" msgstr "По умолчанию: значение <emphasis>cn=subids,%basedn</emphasis>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:428 +#: sssd-ipa.5.xml:433 msgid "ipa_hbac_search_base (string)" msgstr "ipa_hbac_search_base (строка)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:431 +#: sssd-ipa.5.xml:436 msgid "Optional. Use the given string as search base for HBAC related objects." msgstr "" "Необязательный параметр. Использовать указанную строку как базу поиска " "объектов, связанных с HBAC." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:441 +#: sssd-ipa.5.xml:446 msgid "ipa_host_search_base (string)" msgstr "ipa_host_search_base (строка)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:444 +#: sssd-ipa.5.xml:449 msgid "Deprecated. Use ldap_host_search_base instead." msgstr "Не рекомендуется. Используйте ldap_host_search_base." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:450 +#: sssd-ipa.5.xml:455 msgid "ipa_selinux_search_base (string)" msgstr "ipa_selinux_search_base (строка)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:453 +#: sssd-ipa.5.xml:458 msgid "Optional. Use the given string as search base for SELinux user maps." msgstr "" "Необязательный параметр. Использовать указанную строку как базу поиска карт " "пользователей SELinux." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:469 +#: sssd-ipa.5.xml:474 msgid "ipa_subdomains_search_base (string)" msgstr "ipa_subdomains_search_base (строка)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:472 +#: sssd-ipa.5.xml:477 msgid "Optional. Use the given string as search base for trusted domains." msgstr "" "Необязательный параметр. Использовать указанную строку как базу поиска " "доверенных доменов." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:481 +#: sssd-ipa.5.xml:486 msgid "Default: the value of <emphasis>cn=trusts,%basedn</emphasis>" msgstr "По умолчанию: значение <emphasis>cn=trusts,%basedn</emphasis>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:488 +#: sssd-ipa.5.xml:493 msgid "ipa_master_domain_search_base (string)" msgstr "ipa_master_domain_search_base (строка)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:491 +#: sssd-ipa.5.xml:496 msgid "Optional. Use the given string as search base for master domain object." msgstr "" "Необязательный параметр. Использовать указанную строку как базу поиска " "объекта главного домена." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:500 +#: sssd-ipa.5.xml:505 msgid "Default: the value of <emphasis>cn=ad,cn=etc,%basedn</emphasis>" msgstr "По умолчанию: значение <emphasis>cn=ad,cn=etc,%basedn</emphasis>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:507 +#: sssd-ipa.5.xml:512 msgid "ipa_views_search_base (string)" msgstr "ipa_views_search_base (строка)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:510 +#: sssd-ipa.5.xml:515 msgid "Optional. Use the given string as search base for views containers." msgstr "" "Необязательный параметр. Использовать указанную строку как базу поиска " "контейнеров просмотра." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:519 +#: sssd-ipa.5.xml:524 msgid "Default: the value of <emphasis>cn=views,cn=accounts,%basedn</emphasis>" msgstr "" "По умолчанию: значение <emphasis>cn=views,cn=accounts,%basedn</emphasis>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:529 +#: sssd-ipa.5.xml:534 msgid "" "The name of the Kerberos realm. This is optional and defaults to the value " "of <quote>ipa_domain</quote>." @@ -12680,7 +12716,7 @@ msgstr "" "значение <quote>ipa_domain</quote>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:533 +#: sssd-ipa.5.xml:538 msgid "" "The name of the Kerberos realm has a special meaning in IPA - it is " "converted into the base DN to use for performing LDAP operations." @@ -12689,12 +12725,12 @@ msgstr "" "DN, которое следует использовать для выполнения действий LDAP." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:541 sssd-ad.5.xml:1357 +#: sssd-ipa.5.xml:546 sssd-ad.5.xml:1362 msgid "krb5_confd_path (string)" msgstr "krb5_confd_path (строка)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:544 sssd-ad.5.xml:1360 +#: sssd-ipa.5.xml:549 sssd-ad.5.xml:1365 msgid "" "Absolute path of a directory where SSSD should place Kerberos configuration " "snippets." @@ -12703,7 +12739,7 @@ msgstr "" "конфигурации Kerberos." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:548 sssd-ad.5.xml:1364 +#: sssd-ipa.5.xml:553 sssd-ad.5.xml:1369 msgid "" "To disable the creation of the configuration snippets set the parameter to " "'none'." @@ -12712,19 +12748,19 @@ msgstr "" "значение «none»." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:552 sssd-ad.5.xml:1368 +#: sssd-ipa.5.xml:557 sssd-ad.5.xml:1373 msgid "" "Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)" msgstr "" "По умолчанию: не задано (подкаталог krb5.include.d каталога pubconf SSSD)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:559 +#: sssd-ipa.5.xml:564 msgid "ipa_deskprofile_refresh (integer)" msgstr "ipa_deskprofile_refresh (целое число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:562 +#: sssd-ipa.5.xml:567 msgid "" "The amount of time between lookups of the Desktop Profile rules against the " "IPA server. This will reduce the latency and load on the IPA server if there " @@ -12735,17 +12771,17 @@ msgstr "" "короткое время поступает много запросов на профили рабочего стола." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:569 sssd-ipa.5.xml:599 sssd-ipa.5.xml:615 sssd-ad.5.xml:599 +#: sssd-ipa.5.xml:574 sssd-ipa.5.xml:604 sssd-ipa.5.xml:620 sssd-ad.5.xml:599 msgid "Default: 5 (seconds)" msgstr "По умолчанию: 5 (секунд)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:575 +#: sssd-ipa.5.xml:580 msgid "ipa_deskprofile_request_interval (integer)" msgstr "ipa_deskprofile_request_interval (целое число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:578 +#: sssd-ipa.5.xml:583 msgid "" "The amount of time between lookups of the Desktop Profile rules against the " "IPA server in case the last request did not return any rule." @@ -12754,17 +12790,17 @@ msgstr "" "сервере IPA, если при последнем запросе не было возвращено ни одного правила." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:583 +#: sssd-ipa.5.xml:588 msgid "Default: 60 (minutes)" msgstr "По умолчанию: 60 (минут)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:589 +#: sssd-ipa.5.xml:594 msgid "ipa_hbac_refresh (integer)" msgstr "ipa_hbac_refresh (целое число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:592 +#: sssd-ipa.5.xml:597 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server. " "This will reduce the latency and load on the IPA server if there are many " @@ -12775,12 +12811,12 @@ msgstr "" "поступает много запросов на управление доступом." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:605 +#: sssd-ipa.5.xml:610 msgid "ipa_hbac_selinux (integer)" msgstr "ipa_hbac_selinux (целое число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:608 +#: sssd-ipa.5.xml:613 msgid "" "The amount of time between lookups of the SELinux maps against the IPA " "server. This will reduce the latency and load on the IPA server if there are " @@ -12791,12 +12827,12 @@ msgstr "" "поступает много запросов на вход пользователей." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:621 +#: sssd-ipa.5.xml:626 msgid "ipa_server_mode (boolean)" msgstr "ipa_server_mode (логическое значение)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:624 +#: sssd-ipa.5.xml:629 msgid "" "This option will be set by the IPA installer (ipa-server-install) " "automatically and denotes if SSSD is running on an IPA server or not." @@ -12805,7 +12841,7 @@ msgstr "" "server-install). Оно определяет, работает SSSD на сервере IPA или нет." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:629 +#: sssd-ipa.5.xml:634 msgid "" "On an IPA server SSSD will lookup users and groups from trusted domains " "directly while on a client it will ask an IPA server." @@ -12814,7 +12850,7 @@ msgstr "" "доменов напрямую, но на клиенте SSSD отправит запрос серверу IPA." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:634 +#: sssd-ipa.5.xml:639 msgid "" "NOTE: There are currently some assumptions that must be met when SSSD is " "running on an IPA server." @@ -12823,7 +12859,7 @@ msgstr "" "сервере IPA." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:639 +#: sssd-ipa.5.xml:644 msgid "" "The <quote>ipa_server</quote> option must be configured to point to the IPA " "server itself. This is already the default set by the IPA installer, so no " @@ -12834,7 +12870,7 @@ msgstr "" "установщиком IPA, поэтому вносить изменения вручную не требуется." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:648 +#: sssd-ipa.5.xml:653 msgid "" "The <quote>full_name_format</quote> option must not be tweaked to only print " "short names for users from trusted domains." @@ -12844,54 +12880,54 @@ msgstr "" "доменов." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:663 +#: sssd-ipa.5.xml:668 msgid "ipa_automount_location (string)" msgstr "ipa_automount_location (строка)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:666 +#: sssd-ipa.5.xml:671 msgid "The automounter location this IPA client will be using" msgstr "" "Расположение автоматического монтирования, которое будет использовать этот " "клиент IPA" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:669 +#: sssd-ipa.5.xml:674 msgid "Default: The location named \"default\"" msgstr "По умолчанию: расположение с именем «default»" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd-ipa.5.xml:677 +#: sssd-ipa.5.xml:682 msgid "VIEWS AND OVERRIDES" msgstr "ПРЕДСТАВЛЕНИЯ И ПЕРЕОПРЕДЕЛЕНИЯ" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:686 +#: sssd-ipa.5.xml:691 msgid "ipa_view_class (string)" msgstr "ipa_view_class (строка)" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:689 +#: sssd-ipa.5.xml:694 msgid "Objectclass of the view container." msgstr "Класс объектов контейнера просмотра." #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:692 +#: sssd-ipa.5.xml:697 msgid "Default: nsContainer" msgstr "По умолчанию: nsContainer" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:698 +#: sssd-ipa.5.xml:703 msgid "ipa_view_name (string)" msgstr "ipa_view_name (строка)" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:701 +#: sssd-ipa.5.xml:706 msgid "Name of the attribute holding the name of the view." msgstr "Имя атрибута, в котором хранится имя представления." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:705 sssd-ldap-attributes.5.xml:496 +#: sssd-ipa.5.xml:710 sssd-ldap-attributes.5.xml:496 #: sssd-ldap-attributes.5.xml:830 sssd-ldap-attributes.5.xml:911 #: sssd-ldap-attributes.5.xml:1008 sssd-ldap-attributes.5.xml:1066 #: sssd-ldap-attributes.5.xml:1224 sssd-ldap-attributes.5.xml:1269 @@ -12899,27 +12935,27 @@ msgid "Default: cn" msgstr "По умолчанию: cn" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:711 +#: sssd-ipa.5.xml:716 msgid "ipa_override_object_class (string)" msgstr "ipa_override_object_class (строка)" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:714 +#: sssd-ipa.5.xml:719 msgid "Objectclass of the override objects." msgstr "Объектный класс переопределяемых объектов." #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:717 +#: sssd-ipa.5.xml:722 msgid "Default: ipaOverrideAnchor" msgstr "По умолчанию: ipaOverrideAnchor" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:723 +#: sssd-ipa.5.xml:728 msgid "ipa_anchor_uuid (string)" msgstr "ipa_anchor_uuid (строка)" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:726 +#: sssd-ipa.5.xml:731 msgid "" "Name of the attribute containing the reference to the original object in a " "remote domain." @@ -12927,17 +12963,17 @@ msgstr "" "Имя атрибута, содержащего ссылку на исходный объект в удалённом домене." #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:730 +#: sssd-ipa.5.xml:735 msgid "Default: ipaAnchorUUID" msgstr "По умолчанию: ipaAnchorUUID" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:736 +#: sssd-ipa.5.xml:741 msgid "ipa_user_override_object_class (string)" msgstr "ipa_user_override_object_class (строка)" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:739 +#: sssd-ipa.5.xml:744 msgid "" "Name of the objectclass for user overrides. It is used to determine if the " "found override object is related to a user or a group." @@ -12947,58 +12983,58 @@ msgstr "" "или группой." #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:744 +#: sssd-ipa.5.xml:749 msgid "User overrides can contain attributes given by" msgstr "" "Переопределения пользователя могут содержать атрибуты, указанные с помощью" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:747 +#: sssd-ipa.5.xml:752 msgid "ldap_user_name" msgstr "ldap_user_name" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:750 +#: sssd-ipa.5.xml:755 msgid "ldap_user_uid_number" msgstr "ldap_user_uid_number" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:753 +#: sssd-ipa.5.xml:758 msgid "ldap_user_gid_number" msgstr "ldap_user_gid_number" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:756 +#: sssd-ipa.5.xml:761 msgid "ldap_user_gecos" msgstr "ldap_user_gecos" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:759 +#: sssd-ipa.5.xml:764 msgid "ldap_user_home_directory" msgstr "ldap_user_home_directory" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:762 +#: sssd-ipa.5.xml:767 msgid "ldap_user_shell" msgstr "ldap_user_shell" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:765 +#: sssd-ipa.5.xml:770 msgid "ldap_user_ssh_public_key" msgstr "ldap_user_ssh_public_key" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:770 +#: sssd-ipa.5.xml:775 msgid "Default: ipaUserOverride" msgstr "По умолчанию: ipaUserOverride" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:776 +#: sssd-ipa.5.xml:781 msgid "ipa_group_override_object_class (string)" msgstr "ipa_group_override_object_class (строка)" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:779 +#: sssd-ipa.5.xml:784 msgid "" "Name of the objectclass for group overrides. It is used to determine if the " "found override object is related to a user or a group." @@ -13008,27 +13044,27 @@ msgstr "" "группой." #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:784 +#: sssd-ipa.5.xml:789 msgid "Group overrides can contain attributes given by" msgstr "Переопределения группы могут содержать атрибуты, указанные с помощью" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:787 +#: sssd-ipa.5.xml:792 msgid "ldap_group_name" msgstr "ldap_group_name" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:790 +#: sssd-ipa.5.xml:795 msgid "ldap_group_gid_number" msgstr "ldap_group_gid_number" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:795 +#: sssd-ipa.5.xml:800 msgid "Default: ipaGroupOverride" msgstr "По умолчанию: ipaGroupOverride" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd-ipa.5.xml:679 +#: sssd-ipa.5.xml:684 msgid "" "SSSD can handle views and overrides which are offered by FreeIPA 4.1 and " "later version. Since all paths and objectclasses are fixed on the server " @@ -13043,12 +13079,12 @@ msgstr "" "их стандартные значения. <placeholder type=\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ipa.5.xml:807 +#: sssd-ipa.5.xml:812 msgid "SUBDOMAINS PROVIDER" msgstr "ПОСТАВЩИК ДАННЫХ ПОДДОМЕНОВ" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:809 +#: sssd-ipa.5.xml:814 msgid "" "The IPA subdomains provider behaves slightly differently if it is configured " "explicitly or implicitly." @@ -13057,7 +13093,7 @@ msgstr "" "неявным образом, его поведение будет немного отличаться." #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:813 +#: sssd-ipa.5.xml:818 msgid "" "If the option 'subdomains_provider = ipa' is found in the domain section of " "sssd.conf, the IPA subdomains provider is configured explicitly, and all " @@ -13068,7 +13104,7 @@ msgstr "" "все запросы поддоменов отправляются серверу IPA." #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:819 +#: sssd-ipa.5.xml:824 msgid "" "If the option 'subdomains_provider' is not set in the domain section of sssd." "conf but there is the option 'id_provider = ipa', the IPA subdomains " @@ -13087,12 +13123,12 @@ msgstr "" "сеть, поставщик данных поддоменов включается снова." #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ipa.5.xml:830 +#: sssd-ipa.5.xml:835 msgid "TRUSTED DOMAINS CONFIGURATION" msgstr "КОНФИГУРАЦИЯ ДОВЕРЕННЫХ ДОМЕНОВ" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ipa.5.xml:838 +#: sssd-ipa.5.xml:843 #, no-wrap msgid "" "[domain/ipa.domain.com/ad.domain.com]\n" @@ -13102,7 +13138,7 @@ msgstr "" "ad_server = dc.ad.domain.com\n" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:832 +#: sssd-ipa.5.xml:837 msgid "" "Some configuration options can also be set for a trusted domain. A trusted " "domain configuration can be set using the trusted domain subsection as shown " @@ -13117,7 +13153,7 @@ msgstr "" "<placeholder type=\"programlisting\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:843 +#: sssd-ipa.5.xml:848 msgid "" "For more details, see the <citerefentry> <refentrytitle>sssd.conf</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page." @@ -13127,7 +13163,7 @@ msgstr "" "citerefentry>." #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:850 +#: sssd-ipa.5.xml:855 msgid "" "Different configuration options are tunable for a trusted domain depending " "on whether you are configuring SSSD on an IPA server or an IPA client." @@ -13137,12 +13173,12 @@ msgstr "" "или на клиенте IPA." #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd-ipa.5.xml:855 +#: sssd-ipa.5.xml:860 msgid "OPTIONS TUNABLE ON IPA MASTERS" msgstr "ПАРАМЕТРЫ, КОТОРЫЕ МОЖНО НАСТРОИТЬ НА ОСНОВНЫХ СЕРВЕРАХ IPA" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd-ipa.5.xml:857 +#: sssd-ipa.5.xml:862 msgid "" "The following options can be set in a subdomain section on an IPA master:" msgstr "" @@ -13150,49 +13186,49 @@ msgstr "" "параметры:" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:861 sssd-ipa.5.xml:891 +#: sssd-ipa.5.xml:866 sssd-ipa.5.xml:896 msgid "ad_server" msgstr "ad_server" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:864 +#: sssd-ipa.5.xml:869 msgid "ad_backup_server" msgstr "ad_backup_server" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:867 sssd-ipa.5.xml:894 +#: sssd-ipa.5.xml:872 sssd-ipa.5.xml:899 msgid "ad_site" msgstr "ad_site" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:870 +#: sssd-ipa.5.xml:875 msgid "ldap_search_base" msgstr "ldap_search_base" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:873 +#: sssd-ipa.5.xml:878 msgid "ldap_user_search_base" msgstr "ldap_user_search_base" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:876 +#: sssd-ipa.5.xml:881 msgid "ldap_group_search_base" msgstr "ldap_group_search_base" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd-ipa.5.xml:885 +#: sssd-ipa.5.xml:890 msgid "OPTIONS TUNABLE ON IPA CLIENTS" msgstr "ПАРАМЕТРЫ, КОТОРЫЕ МОЖНО НАСТРОИТЬ НА КЛИЕНТАХ IPA" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd-ipa.5.xml:887 +#: sssd-ipa.5.xml:892 msgid "" "The following options can be set in a subdomain section on an IPA client:" msgstr "" "В разделе поддомена на клиенте IPA можно настроить следующие параметры:" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd-ipa.5.xml:899 +#: sssd-ipa.5.xml:904 msgid "" "Note that if both options are set, only <quote>ad_server</quote> is " "evaluated." @@ -13201,7 +13237,7 @@ msgstr "" "<quote>ad_server</quote>." #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd-ipa.5.xml:903 +#: sssd-ipa.5.xml:908 msgid "" "Since any request for a user or a group identity from a trusted domain " "triggered from an IPA client is resolved by the IPA server, the " @@ -13224,7 +13260,7 @@ msgstr "" "refentrytitle> <manvolnum>8</manvolnum> </citerefentry>." #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:927 +#: sssd-ipa.5.xml:932 msgid "" "The following example assumes that SSSD is correctly configured and example." "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " @@ -13235,7 +13271,7 @@ msgstr "" "примере показаны только параметры, относящиеся к поставщику данных IPA." #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ipa.5.xml:934 +#: sssd-ipa.5.xml:939 #, no-wrap msgid "" "[domain/example.com]\n" @@ -14889,7 +14925,7 @@ msgstr "" "допустимое значение (60 секунд)." #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ad.5.xml:1388 +#: sssd-ad.5.xml:1393 msgid "" "The following example assumes that SSSD is correctly configured and example." "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " @@ -14900,7 +14936,7 @@ msgstr "" "примере показаны только параметры, относящиеся к поставщику данных AD." #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ad.5.xml:1395 +#: sssd-ad.5.xml:1400 #, no-wrap msgid "" "[domain/EXAMPLE]\n" @@ -14924,7 +14960,7 @@ msgstr "" "ad_domain = example.com\n" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ad.5.xml:1415 +#: sssd-ad.5.xml:1420 #, no-wrap msgid "" "access_provider = ldap\n" @@ -14936,7 +14972,7 @@ msgstr "" "ldap_account_expire_policy = ad\n" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ad.5.xml:1411 +#: sssd-ad.5.xml:1416 msgid "" "The AD access control provider checks if the account is expired. It has the " "same effect as the following configuration of the LDAP provider: " @@ -14947,7 +14983,7 @@ msgstr "" "данных LDAP: <placeholder type=\"programlisting\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ad.5.xml:1421 +#: sssd-ad.5.xml:1426 msgid "" "However, unless the <quote>ad</quote> access control provider is explicitly " "configured, the default access provider is <quote>permit</quote>. Please " @@ -14962,7 +14998,7 @@ msgstr "" "параметры подключения, такие как URI LDAP и параметры шифрования." #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ad.5.xml:1429 +#: sssd-ad.5.xml:1434 msgid "" "When the autofs provider is set to <quote>ad</quote>, the RFC2307 schema " "attribute mapping (nisMap, nisObject, ...) is used, because these attributes " @@ -23124,6 +23160,15 @@ msgstr "" "узла и участника-пользователя. Эта возможность доступна в MIT Kerberos 1.7 и " "выше." +#, fuzzy +#~| msgid "" +#~| "Determines if user credentials are also cached in the local LDB cache" +#~ msgid "" +#~ "Determines if user credentials are also cached in the local LDB cache." +#~ msgstr "" +#~ "Определяет, следует ли также кэшировать учётные данные пользователя в " +#~ "локальном кэше LDB" + #~ msgid "User credentials are stored in a SHA512 hash, not in plaintext" #~ msgstr "" #~ "Учётные данные пользователя хранятся в хэше SHA512, а не в виде простого " diff --git a/src/man/po/sssd-docs.pot b/src/man/po/sssd-docs.pot index 84998664a7d..92bceb9d5f2 100644 --- a/src/man/po/sssd-docs.pot +++ b/src/man/po/sssd-docs.pot @@ -6,9 +6,9 @@ #, fuzzy msgid "" msgstr "" -"Project-Id-Version: sssd-docs 2.9.1\n" +"Project-Id-Version: sssd-docs 2.9.2\n" "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" -"POT-Creation-Date: 2023-09-07 11:47+0200\n" +"POT-Creation-Date: 2023-11-13 11:53+0100\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" "Language-Team: LANGUAGE <LL@li.org>\n" @@ -203,10 +203,10 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:136 sssd.conf.5.xml:173 sssd.conf.5.xml:358 #: sssd.conf.5.xml:714 sssd.conf.5.xml:729 sssd.conf.5.xml:952 -#: sssd.conf.5.xml:1070 sssd.conf.5.xml:2198 sssd-ldap.5.xml:1071 -#: sssd-ldap.5.xml:1174 sssd-ldap.5.xml:1243 sssd-ldap.5.xml:1750 -#: sssd-ldap.5.xml:1815 sssd-ipa.5.xml:342 sssd-ad.5.xml:252 sssd-ad.5.xml:366 -#: sssd-ad.5.xml:1200 sssd-ad.5.xml:1348 sssd-krb5.5.xml:358 +#: sssd.conf.5.xml:1070 sssd.conf.5.xml:2198 sssd-ldap.5.xml:1073 +#: sssd-ldap.5.xml:1176 sssd-ldap.5.xml:1245 sssd-ldap.5.xml:1752 +#: sssd-ldap.5.xml:1817 sssd-ipa.5.xml:347 sssd-ad.5.xml:252 sssd-ad.5.xml:366 +#: sssd-ad.5.xml:1200 sssd-ad.5.xml:1353 sssd-krb5.5.xml:358 msgid "Default: true" msgstr "" @@ -224,10 +224,10 @@ msgstr "" #. type: Content of: <variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:149 sssd.conf.5.xml:652 sssd.conf.5.xml:949 -#: sssd.conf.5.xml:2101 sssd.conf.5.xml:2168 sssd.conf.5.xml:4174 -#: sssd-ldap.5.xml:312 sssd-ldap.5.xml:917 sssd-ldap.5.xml:936 -#: sssd-ldap.5.xml:1146 sssd-ldap.5.xml:1599 sssd-ldap.5.xml:1839 -#: sssd-ipa.5.xml:152 sssd-ipa.5.xml:254 sssd-ipa.5.xml:657 sssd-ad.5.xml:1106 +#: sssd.conf.5.xml:2101 sssd.conf.5.xml:2168 sssd.conf.5.xml:4191 +#: sssd-ldap.5.xml:313 sssd-ldap.5.xml:919 sssd-ldap.5.xml:938 +#: sssd-ldap.5.xml:1148 sssd-ldap.5.xml:1601 sssd-ldap.5.xml:1841 +#: sssd-ipa.5.xml:152 sssd-ipa.5.xml:254 sssd-ipa.5.xml:662 sssd-ad.5.xml:1106 #: sssd-krb5.5.xml:268 sssd-krb5.5.xml:330 sssd-krb5.5.xml:432 #: include/krb5_options.xml:163 msgid "Default: false" @@ -261,8 +261,8 @@ msgid "" msgstr "" #. type: Content of: outside any tag (error?) -#: sssd.conf.5.xml:109 sssd.conf.5.xml:184 sssd-ldap.5.xml:1656 -#: sssd-ldap.5.xml:1862 sss-certmap.5.xml:645 sssd-systemtap.5.xml:82 +#: sssd.conf.5.xml:109 sssd.conf.5.xml:184 sssd-ldap.5.xml:1658 +#: sssd-ldap.5.xml:1864 sss-certmap.5.xml:645 sssd-systemtap.5.xml:82 #: sssd-systemtap.5.xml:143 sssd-systemtap.5.xml:236 sssd-systemtap.5.xml:274 #: sssd-systemtap.5.xml:330 sssd-ldap-attributes.5.xml:40 #: sssd-ldap-attributes.5.xml:659 sssd-ldap-attributes.5.xml:801 @@ -293,7 +293,7 @@ msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:196 sssd.conf.5.xml:1290 sssd.conf.5.xml:1767 -#: sssd.conf.5.xml:4190 sssd-ldap.5.xml:765 include/ldap_id_mapping.xml:270 +#: sssd.conf.5.xml:4207 sssd-ldap.5.xml:766 include/ldap_id_mapping.xml:270 msgid "Default: 10" msgstr "" @@ -369,7 +369,7 @@ msgid "" msgstr "" #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:266 sssd.conf.5.xml:792 sssd.conf.5.xml:3709 +#: sssd.conf.5.xml:266 sssd.conf.5.xml:792 sssd.conf.5.xml:3716 #: include/failover.xml:100 msgid "Default: 3" msgstr "" @@ -391,7 +391,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:287 sssd.conf.5.xml:3541 +#: sssd.conf.5.xml:287 sssd.conf.5.xml:3548 msgid "re_expression (string)" msgstr "" @@ -411,12 +411,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:304 sssd.conf.5.xml:3598 +#: sssd.conf.5.xml:304 sssd.conf.5.xml:3605 msgid "full_name_format (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:307 sssd.conf.5.xml:3601 +#: sssd.conf.5.xml:307 sssd.conf.5.xml:3608 msgid "" "A <citerefentry> <refentrytitle>printf</refentrytitle> " "<manvolnum>3</manvolnum> </citerefentry>-compatible format that describes " @@ -425,39 +425,39 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:318 sssd.conf.5.xml:3612 +#: sssd.conf.5.xml:318 sssd.conf.5.xml:3619 msgid "%1$s" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:319 sssd.conf.5.xml:3613 +#: sssd.conf.5.xml:319 sssd.conf.5.xml:3620 msgid "user name" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:322 sssd.conf.5.xml:3616 +#: sssd.conf.5.xml:322 sssd.conf.5.xml:3623 msgid "%2$s" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:325 sssd.conf.5.xml:3619 +#: sssd.conf.5.xml:325 sssd.conf.5.xml:3626 msgid "domain name as specified in the SSSD config file." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:331 sssd.conf.5.xml:3625 +#: sssd.conf.5.xml:331 sssd.conf.5.xml:3632 msgid "%3$s" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:334 sssd.conf.5.xml:3628 +#: sssd.conf.5.xml:334 sssd.conf.5.xml:3635 msgid "" "domain flat name. Mostly usable for Active Directory domains, both directly " "configured or discovered via IPA trusts." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:315 sssd.conf.5.xml:3609 +#: sssd.conf.5.xml:315 sssd.conf.5.xml:3616 msgid "" "The following expansions are supported: <placeholder type=\"variablelist\" " "id=\"0\"/>" @@ -601,8 +601,8 @@ msgid "" msgstr "" #. type: Content of: <variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:468 sssd-ldap.5.xml:876 sssd-ldap.5.xml:888 -#: sssd-ldap.5.xml:980 sssd-ad.5.xml:920 sssd-ad.5.xml:995 sssd-krb5.5.xml:468 +#: sssd.conf.5.xml:468 sssd-ldap.5.xml:877 sssd-ldap.5.xml:889 +#: sssd-ldap.5.xml:982 sssd-ad.5.xml:920 sssd-ad.5.xml:995 sssd-krb5.5.xml:468 #: sssd-ldap-attributes.5.xml:470 sssd-ldap-attributes.5.xml:976 #: include/ldap_id_mapping.xml:211 include/ldap_id_mapping.xml:222 #: include/krb5_options.xml:148 @@ -872,7 +872,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:700 sssd.conf.5.xml:1791 sssd.conf.5.xml:4240 +#: sssd.conf.5.xml:700 sssd.conf.5.xml:1791 sssd.conf.5.xml:4257 #: sssd-ad.5.xml:187 sssd-ad.5.xml:327 sssd-ad.5.xml:341 msgid "Default: Not set" msgstr "" @@ -1051,7 +1051,7 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:858 sssd.conf.5.xml:1201 sssd.conf.5.xml:1584 -#: sssd.conf.5.xml:1880 sssd-ldap.5.xml:494 +#: sssd.conf.5.xml:1880 sssd-ldap.5.xml:495 msgid "Default: 60" msgstr "" @@ -1153,7 +1153,7 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:937 sssd.conf.5.xml:1214 sssd.conf.5.xml:2322 -#: sssd-ldap.5.xml:331 +#: sssd-ldap.5.xml:332 msgid "Default: 300" msgstr "" @@ -1522,7 +1522,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1240 sssd.conf.5.xml:2964 sssd-ldap.5.xml:548 +#: sssd.conf.5.xml:1240 sssd.conf.5.xml:2971 sssd-ldap.5.xml:549 msgid "Default: 8" msgstr "" @@ -1548,8 +1548,8 @@ msgid "" msgstr "" #. type: Content of: <variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1265 sssd.conf.5.xml:1317 sssd.conf.5.xml:3730 -#: sssd-ldap.5.xml:473 sssd-ldap.5.xml:525 include/failover.xml:116 +#: sssd.conf.5.xml:1265 sssd.conf.5.xml:1317 sssd.conf.5.xml:3737 +#: sssd-ldap.5.xml:474 sssd-ldap.5.xml:526 include/failover.xml:116 #: include/krb5_options.xml:11 msgid "Default: 6" msgstr "" @@ -1859,7 +1859,7 @@ msgid "pam_pwd_expiration_warning (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1553 sssd.conf.5.xml:2988 +#: sssd.conf.5.xml:1553 sssd.conf.5.xml:2995 msgid "Display a warning N days before the password expires." msgstr "" @@ -1872,7 +1872,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1562 sssd.conf.5.xml:2991 +#: sssd.conf.5.xml:1562 sssd.conf.5.xml:2998 msgid "" "If zero is set, then this filter is not applied, i.e. if the expiration " "warning was received from backend server, it will automatically be " @@ -1887,7 +1887,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1572 sssd.conf.5.xml:3977 sssd-ldap.5.xml:606 sssd.8.xml:79 +#: sssd.conf.5.xml:1572 sssd.conf.5.xml:3984 sssd-ldap.5.xml:607 sssd.8.xml:79 msgid "Default: 0" msgstr "" @@ -1949,8 +1949,8 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1632 sssd.conf.5.xml:1657 sssd.conf.5.xml:1676 -#: sssd.conf.5.xml:1913 sssd.conf.5.xml:2733 sssd.conf.5.xml:3906 -#: sssd-ldap.5.xml:1207 +#: sssd.conf.5.xml:1913 sssd.conf.5.xml:2733 sssd.conf.5.xml:3913 +#: sssd-ldap.5.xml:1209 msgid "Default: none" msgstr "" @@ -2013,8 +2013,8 @@ msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1687 sssd.conf.5.xml:1698 sssd.conf.5.xml:1712 -#: sssd-ldap.5.xml:671 sssd-ldap.5.xml:692 sssd-ldap.5.xml:788 -#: sssd-ldap.5.xml:1293 sssd-ad.5.xml:505 sssd-ad.5.xml:581 sssd-ad.5.xml:1126 +#: sssd-ldap.5.xml:672 sssd-ldap.5.xml:693 sssd-ldap.5.xml:789 +#: sssd-ldap.5.xml:1295 sssd-ad.5.xml:505 sssd-ad.5.xml:581 sssd-ad.5.xml:1126 #: sssd-ad.5.xml:1175 include/ldap_id_mapping.xml:250 msgid "Default: False" msgstr "" @@ -2053,7 +2053,7 @@ msgid "The path to the certificate database." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1723 sssd.conf.5.xml:2248 sssd.conf.5.xml:4354 +#: sssd.conf.5.xml:1723 sssd.conf.5.xml:2248 sssd.conf.5.xml:4371 msgid "Default:" msgstr "" @@ -2318,7 +2318,7 @@ msgid "Default: no_session" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1950 sssd.conf.5.xml:4293 +#: sssd.conf.5.xml:1950 sssd.conf.5.xml:4310 msgid "pam_gssapi_services" msgstr "" @@ -2353,7 +2353,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1968 sssd.conf.5.xml:3900 +#: sssd.conf.5.xml:1968 sssd.conf.5.xml:3907 msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" @@ -2363,7 +2363,7 @@ msgid "Default: - (GSSAPI authentication is disabled)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1979 sssd.conf.5.xml:4294 +#: sssd.conf.5.xml:1979 sssd.conf.5.xml:4311 msgid "pam_gssapi_check_upn" msgstr "" @@ -2383,7 +2383,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1999 sssd-ad.5.xml:1266 sss_rpcidmapd.5.xml:76 +#: sssd.conf.5.xml:1999 sssd-ad.5.xml:1271 sss_rpcidmapd.5.xml:76 #: sssd-files.5.xml:145 msgid "Default: True" msgstr "" @@ -3146,7 +3146,7 @@ msgid "FALSE = No enumerations for this domain" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2669 sssd.conf.5.xml:2943 sssd.conf.5.xml:3120 +#: sssd.conf.5.xml:2669 sssd.conf.5.xml:2950 sssd.conf.5.xml:3127 msgid "Default: FALSE" msgstr "" @@ -3415,7 +3415,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2922 sssd-ldap.5.xml:360 sssd-ldap.5.xml:1736 +#: sssd.conf.5.xml:2922 sssd-ldap.5.xml:361 sssd-ldap.5.xml:1738 #: sssd-ipa.5.xml:270 msgid "Default: 0 (disabled)" msgstr "" @@ -3427,11 +3427,17 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:2931 -msgid "Determines if user credentials are also cached in the local LDB cache." +msgid "" +"Determines if user credentials are also cached in the local LDB cache. The " +"cached credentials refer to passwords, which includes the first (long term) " +"factor of two-factor authentication, not other authentication " +"mechanisms. Passkey and Smartcard authentications are expected to work " +"offline as long as a successful online authentication is recorded in the " +"cache without additional configuration." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2935 +#: sssd.conf.5.xml:2942 msgid "" "Take a note that while credentials are stored as a salted SHA512 hash, this " "still potentially poses some security risk in case an attacker manages to " @@ -3440,12 +3446,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2949 +#: sssd.conf.5.xml:2956 msgid "cache_credentials_minimal_first_factor_length (int)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2952 +#: sssd.conf.5.xml:2959 msgid "" "If 2-Factor-Authentication (2FA) is used and credentials should be saved " "this value determines the minimal length the first authentication factor " @@ -3453,19 +3459,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2959 +#: sssd.conf.5.xml:2966 msgid "" "This should avoid that the short PINs of a PIN based 2FA scheme are saved in " "the cache which would make them easy targets for brute-force attacks." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2970 +#: sssd.conf.5.xml:2977 msgid "account_cache_expiration (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2973 +#: sssd.conf.5.xml:2980 msgid "" "Number of days entries are left in cache after last successful login before " "being removed during a cleanup of the cache. 0 means keep forever. The " @@ -3474,17 +3480,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2980 +#: sssd.conf.5.xml:2987 msgid "Default: 0 (unlimited)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2985 +#: sssd.conf.5.xml:2992 msgid "pwd_expiration_warning (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2996 +#: sssd.conf.5.xml:3003 msgid "" "Please note that the backend server has to provide information about the " "expiration time of the password. If this information is missing, sssd " @@ -3493,29 +3499,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3003 +#: sssd.conf.5.xml:3010 msgid "Default: 7 (Kerberos), 0 (LDAP)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3009 +#: sssd.conf.5.xml:3016 msgid "id_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3012 +#: sssd.conf.5.xml:3019 msgid "" "The identification provider used for the domain. Supported ID providers " "are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3016 +#: sssd.conf.5.xml:3023 msgid "<quote>proxy</quote>: Support a legacy NSS provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3019 +#: sssd.conf.5.xml:3026 msgid "" "<quote>files</quote>: FILES provider. See <citerefentry> " "<refentrytitle>sssd-files</refentrytitle> <manvolnum>5</manvolnum> " @@ -3524,7 +3530,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3027 +#: sssd.conf.5.xml:3034 msgid "" "<quote>ldap</quote>: LDAP provider. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> " @@ -3532,8 +3538,8 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3035 sssd.conf.5.xml:3146 sssd.conf.5.xml:3197 -#: sssd.conf.5.xml:3260 +#: sssd.conf.5.xml:3042 sssd.conf.5.xml:3153 sssd.conf.5.xml:3204 +#: sssd.conf.5.xml:3267 msgid "" "<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management " "provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> " @@ -3542,8 +3548,8 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3044 sssd.conf.5.xml:3155 sssd.conf.5.xml:3206 -#: sssd.conf.5.xml:3269 +#: sssd.conf.5.xml:3051 sssd.conf.5.xml:3162 sssd.conf.5.xml:3213 +#: sssd.conf.5.xml:3276 msgid "" "<quote>ad</quote>: Active Directory provider. See <citerefentry> " "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> " @@ -3551,19 +3557,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3055 +#: sssd.conf.5.xml:3062 msgid "use_fully_qualified_names (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3058 +#: sssd.conf.5.xml:3065 msgid "" "Use the full name and domain (as formatted by the domain's full_name_format) " "as the user's login name reported to NSS." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3063 +#: sssd.conf.5.xml:3070 msgid "" "If set to TRUE, all requests to this domain must use fully qualified " "names. For example, if used in LOCAL domain that contains a \"test\" user, " @@ -3572,7 +3578,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3071 +#: sssd.conf.5.xml:3078 msgid "" "NOTE: This option has no effect on netgroup lookups due to their tendency to " "include nested netgroups without qualified names. For netgroups, all domains " @@ -3580,24 +3586,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3078 +#: sssd.conf.5.xml:3085 msgid "" "Default: FALSE (TRUE for trusted domain/sub-domains or if " "default_domain_suffix is used)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3085 +#: sssd.conf.5.xml:3092 msgid "ignore_group_members (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3088 +#: sssd.conf.5.xml:3095 msgid "Do not return group members for group lookups." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3091 +#: sssd.conf.5.xml:3098 msgid "" "If set to TRUE, the group membership attribute is not requested from the " "ldap server, and group members are not returned when processing group lookup " @@ -3609,7 +3615,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3109 +#: sssd.conf.5.xml:3116 msgid "" "Enabling this option can also make access provider checks for group " "membership significantly faster, especially for groups containing many " @@ -3617,30 +3623,30 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3115 sssd.conf.5.xml:3822 sssd-ldap.5.xml:326 -#: sssd-ldap.5.xml:355 sssd-ldap.5.xml:408 sssd-ldap.5.xml:468 -#: sssd-ldap.5.xml:489 sssd-ldap.5.xml:520 sssd-ldap.5.xml:543 -#: sssd-ldap.5.xml:582 sssd-ldap.5.xml:601 sssd-ldap.5.xml:625 -#: sssd-ldap.5.xml:1051 sssd-ldap.5.xml:1084 +#: sssd.conf.5.xml:3122 sssd.conf.5.xml:3829 sssd-ldap.5.xml:327 +#: sssd-ldap.5.xml:356 sssd-ldap.5.xml:409 sssd-ldap.5.xml:469 +#: sssd-ldap.5.xml:490 sssd-ldap.5.xml:521 sssd-ldap.5.xml:544 +#: sssd-ldap.5.xml:583 sssd-ldap.5.xml:602 sssd-ldap.5.xml:626 +#: sssd-ldap.5.xml:1053 sssd-ldap.5.xml:1086 msgid "" "This option can be also set per subdomain or inherited via " "<emphasis>subdomain_inherit</emphasis>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3125 +#: sssd.conf.5.xml:3132 msgid "auth_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3128 +#: sssd.conf.5.xml:3135 msgid "" "The authentication provider used for the domain. Supported auth providers " "are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3132 sssd.conf.5.xml:3190 +#: sssd.conf.5.xml:3139 sssd.conf.5.xml:3197 msgid "" "<quote>ldap</quote> for native LDAP authentication. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> " @@ -3648,7 +3654,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3139 +#: sssd.conf.5.xml:3146 msgid "" "<quote>krb5</quote> for Kerberos authentication. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> " @@ -3656,29 +3662,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3163 +#: sssd.conf.5.xml:3170 msgid "<quote>proxy</quote> for relaying authentication to some other PAM target." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3166 +#: sssd.conf.5.xml:3173 msgid "<quote>none</quote> disables authentication explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3169 +#: sssd.conf.5.xml:3176 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can handle " "authentication requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3175 +#: sssd.conf.5.xml:3182 msgid "access_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3178 +#: sssd.conf.5.xml:3185 msgid "" "The access control provider used for the domain. There are two built-in " "access providers (in addition to any included in installed backends) " @@ -3686,19 +3692,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3184 +#: sssd.conf.5.xml:3191 msgid "" "<quote>permit</quote> always allow access. It's the only permitted access " "provider for a local domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3187 +#: sssd.conf.5.xml:3194 msgid "<quote>deny</quote> always deny access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3214 +#: sssd.conf.5.xml:3221 msgid "" "<quote>simple</quote> access control based on access or deny lists. See " "<citerefentry> <refentrytitle>sssd-simple</refentrytitle> " @@ -3707,7 +3713,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3221 +#: sssd.conf.5.xml:3228 msgid "" "<quote>krb5</quote>: .k5login based access control. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> " @@ -3716,29 +3722,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3228 +#: sssd.conf.5.xml:3235 msgid "<quote>proxy</quote> for relaying access control to another PAM module." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3231 +#: sssd.conf.5.xml:3238 msgid "Default: <quote>permit</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3236 +#: sssd.conf.5.xml:3243 msgid "chpass_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3239 +#: sssd.conf.5.xml:3246 msgid "" "The provider which should handle change password operations for the domain. " "Supported change password providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3244 +#: sssd.conf.5.xml:3251 msgid "" "<quote>ldap</quote> to change a password stored in a LDAP server. See " "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> " @@ -3747,7 +3753,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3252 +#: sssd.conf.5.xml:3259 msgid "" "<quote>krb5</quote> to change the Kerberos password. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> " @@ -3755,34 +3761,34 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3277 +#: sssd.conf.5.xml:3284 msgid "<quote>proxy</quote> for relaying password changes to some other PAM target." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3281 +#: sssd.conf.5.xml:3288 msgid "<quote>none</quote> disallows password changes explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3284 +#: sssd.conf.5.xml:3291 msgid "" "Default: <quote>auth_provider</quote> is used if it is set and can handle " "change password requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3291 +#: sssd.conf.5.xml:3298 msgid "sudo_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3294 +#: sssd.conf.5.xml:3301 msgid "The SUDO provider used for the domain. Supported SUDO providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3298 +#: sssd.conf.5.xml:3305 msgid "" "<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> " @@ -3790,32 +3796,32 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3306 +#: sssd.conf.5.xml:3313 msgid "" "<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default " "settings." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3310 +#: sssd.conf.5.xml:3317 msgid "" "<quote>ad</quote> the same as <quote>ldap</quote> but with AD default " "settings." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3314 +#: sssd.conf.5.xml:3321 msgid "<quote>none</quote> disables SUDO explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3317 sssd.conf.5.xml:3403 sssd.conf.5.xml:3473 -#: sssd.conf.5.xml:3498 sssd.conf.5.xml:3534 +#: sssd.conf.5.xml:3324 sssd.conf.5.xml:3410 sssd.conf.5.xml:3480 +#: sssd.conf.5.xml:3505 sssd.conf.5.xml:3541 msgid "Default: The value of <quote>id_provider</quote> is used if it is set." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3321 +#: sssd.conf.5.xml:3328 msgid "" "The detailed instructions for configuration of sudo_provider are in the " "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " @@ -3826,7 +3832,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3336 +#: sssd.conf.5.xml:3343 msgid "" "<emphasis>NOTE:</emphasis> Sudo rules are periodically downloaded in the " "background unless the sudo provider is explicitly disabled. Set " @@ -3835,12 +3841,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3346 +#: sssd.conf.5.xml:3353 msgid "selinux_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3349 +#: sssd.conf.5.xml:3356 msgid "" "The provider which should handle loading of selinux settings. Note that this " "provider will be called right after access provider ends. Supported selinux " @@ -3848,7 +3854,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3355 +#: sssd.conf.5.xml:3362 msgid "" "<quote>ipa</quote> to load selinux settings from an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> " @@ -3857,31 +3863,31 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3363 +#: sssd.conf.5.xml:3370 msgid "<quote>none</quote> disallows fetching selinux settings explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3366 +#: sssd.conf.5.xml:3373 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can handle " "selinux loading requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3372 +#: sssd.conf.5.xml:3379 msgid "subdomains_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3375 +#: sssd.conf.5.xml:3382 msgid "" "The provider which should handle fetching of subdomains. This value should " "be always the same as id_provider. Supported subdomain providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3381 +#: sssd.conf.5.xml:3388 msgid "" "<quote>ipa</quote> to load a list of subdomains from an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> " @@ -3890,7 +3896,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3390 +#: sssd.conf.5.xml:3397 msgid "" "<quote>ad</quote> to load a list of subdomains from an Active Directory " "server. See <citerefentry> <refentrytitle>sssd-ad</refentrytitle> " @@ -3899,17 +3905,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3399 +#: sssd.conf.5.xml:3406 msgid "<quote>none</quote> disallows fetching subdomains explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3409 +#: sssd.conf.5.xml:3416 msgid "session_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3412 +#: sssd.conf.5.xml:3419 msgid "" "The provider which configures and manages user session related tasks. The " "only user session task currently provided is the integration with Fleet " @@ -3917,41 +3923,41 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3419 +#: sssd.conf.5.xml:3426 msgid "<quote>ipa</quote> to allow performing user session related tasks." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3423 +#: sssd.conf.5.xml:3430 msgid "<quote>none</quote> does not perform any kind of user session related tasks." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3427 +#: sssd.conf.5.xml:3434 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can perform " "session related tasks." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3431 +#: sssd.conf.5.xml:3438 msgid "" "<emphasis>NOTE:</emphasis> In order to have this feature working as expected " "SSSD must be running as \"root\" and not as the unprivileged user." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3439 +#: sssd.conf.5.xml:3446 msgid "autofs_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3442 +#: sssd.conf.5.xml:3449 msgid "The autofs provider used for the domain. Supported autofs providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3446 +#: sssd.conf.5.xml:3453 msgid "" "<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> " @@ -3959,7 +3965,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3453 +#: sssd.conf.5.xml:3460 msgid "" "<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> " "<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> " @@ -3967,7 +3973,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3461 +#: sssd.conf.5.xml:3468 msgid "" "<quote>ad</quote> to load maps stored in an AD server. See <citerefentry> " "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> " @@ -3975,24 +3981,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3470 +#: sssd.conf.5.xml:3477 msgid "<quote>none</quote> disables autofs explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3480 +#: sssd.conf.5.xml:3487 msgid "hostid_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3483 +#: sssd.conf.5.xml:3490 msgid "" "The provider used for retrieving host identity information. Supported " "hostid providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3487 +#: sssd.conf.5.xml:3494 msgid "" "<quote>ipa</quote> to load host identity stored in an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> " @@ -4001,31 +4007,31 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3495 +#: sssd.conf.5.xml:3502 msgid "<quote>none</quote> disables hostid explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3505 +#: sssd.conf.5.xml:3512 msgid "resolver_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3508 +#: sssd.conf.5.xml:3515 msgid "" "The provider which should handle hosts and networks lookups. Supported " "resolver providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3512 +#: sssd.conf.5.xml:3519 msgid "" "<quote>proxy</quote> to forward lookups to another NSS library. See " "<quote>proxy_resolver_lib_name</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3516 +#: sssd.conf.5.xml:3523 msgid "" "<quote>ldap</quote> to fetch hosts and networks stored in LDAP. See " "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> " @@ -4034,7 +4040,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3523 +#: sssd.conf.5.xml:3530 msgid "" "<quote>ad</quote> to fetch hosts and networks stored in AD. See " "<citerefentry> <refentrytitle>sssd-ad</refentrytitle> " @@ -4043,12 +4049,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3531 +#: sssd.conf.5.xml:3538 msgid "<quote>none</quote> disallows fetching hosts and networks explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3544 +#: sssd.conf.5.xml:3551 msgid "" "Regular expression for this domain that describes how to parse the string " "containing user name and domain into these components. The \"domain\" can " @@ -4058,7 +4064,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3553 +#: sssd.conf.5.xml:3560 msgid "" "Default: " "<quote>^((?P<name>.+)@(?P<domain>[^@]*)|(?P<name>[^@]+))$</quote> " @@ -4066,17 +4072,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:3558 sssd.conf.5.xml:3572 +#: sssd.conf.5.xml:3565 sssd.conf.5.xml:3579 msgid "username" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:3561 sssd.conf.5.xml:3575 +#: sssd.conf.5.xml:3568 sssd.conf.5.xml:3582 msgid "username@domain.name" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3566 +#: sssd.conf.5.xml:3573 msgid "" "Default for the AD and IPA provider: " "<quote>^(((?P<domain>[^\\\\]+)\\\\(?P<name>.+))|((?P<name>.+)@(?P<domain>[^@]+))|((?P<name>[^@\\\\]+)))$</quote> " @@ -4084,19 +4090,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:3578 +#: sssd.conf.5.xml:3585 msgid "domain\\username" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3581 +#: sssd.conf.5.xml:3588 msgid "" "While the first two correspond to the general default the third one is " "introduced to allow easy integration of users from Windows domains." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3586 +#: sssd.conf.5.xml:3593 msgid "" "The default re_expression uses the <quote>@</quote> character as a separator " "between the name and the domain. As a result of this setting the default " @@ -4106,88 +4112,88 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3638 +#: sssd.conf.5.xml:3645 msgid "Default: <quote>%1$s@%2$s</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3644 +#: sssd.conf.5.xml:3651 msgid "lookup_family_order (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3647 +#: sssd.conf.5.xml:3654 msgid "" "Provides the ability to select preferred address family to use when " "performing DNS lookups." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3651 +#: sssd.conf.5.xml:3658 msgid "Supported values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3654 +#: sssd.conf.5.xml:3661 msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3657 +#: sssd.conf.5.xml:3664 msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3660 +#: sssd.conf.5.xml:3667 msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3663 +#: sssd.conf.5.xml:3670 msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3666 +#: sssd.conf.5.xml:3673 msgid "Default: ipv4_first" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3672 +#: sssd.conf.5.xml:3679 msgid "dns_resolver_server_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3675 +#: sssd.conf.5.xml:3682 msgid "" "Defines the amount of time (in milliseconds) SSSD would try to talk to DNS " "server before trying next DNS server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3680 +#: sssd.conf.5.xml:3687 msgid "The AD provider will use this option for the CLDAP ping timeouts as well." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3684 sssd.conf.5.xml:3704 sssd.conf.5.xml:3725 +#: sssd.conf.5.xml:3691 sssd.conf.5.xml:3711 sssd.conf.5.xml:3732 msgid "" "Please see the section <quote>FAILOVER</quote> for more information about " "the service resolution." msgstr "" #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3689 sssd-ldap.5.xml:644 include/failover.xml:84 +#: sssd.conf.5.xml:3696 sssd-ldap.5.xml:645 include/failover.xml:84 msgid "Default: 1000" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3695 +#: sssd.conf.5.xml:3702 msgid "dns_resolver_op_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3698 +#: sssd.conf.5.xml:3705 msgid "" "Defines the amount of time (in seconds) to wait to resolve single DNS query " "(e.g. resolution of a hostname or an SRV record) before trying the next " @@ -4195,12 +4201,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3715 +#: sssd.conf.5.xml:3722 msgid "dns_resolver_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3718 +#: sssd.conf.5.xml:3725 msgid "" "Defines the amount of time (in seconds) to wait for a reply from the " "internal fail over service before assuming that the service is " @@ -4209,12 +4215,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3736 +#: sssd.conf.5.xml:3743 msgid "dns_resolver_use_search_list (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3739 +#: sssd.conf.5.xml:3746 msgid "" "Normally, the DNS resolver searches the domain list defined in the " "\"search\" directive from the resolv.conf file. This can lead to delays in " @@ -4222,7 +4228,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3745 +#: sssd.conf.5.xml:3752 msgid "" "If fully qualified domain names (or _srv_) are used in the SSSD " "configuration, setting this option to FALSE can prevent unnecessary DNS " @@ -4230,69 +4236,69 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3751 +#: sssd.conf.5.xml:3758 msgid "Default: TRUE" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3757 +#: sssd.conf.5.xml:3764 msgid "dns_discovery_domain (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3760 +#: sssd.conf.5.xml:3767 msgid "" "If service discovery is used in the back end, specifies the domain part of " "the service discovery DNS query." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3764 +#: sssd.conf.5.xml:3771 msgid "Default: Use the domain part of machine's hostname" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3770 +#: sssd.conf.5.xml:3777 msgid "override_gid (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3773 +#: sssd.conf.5.xml:3780 msgid "Override the primary GID value with the one specified." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3779 +#: sssd.conf.5.xml:3786 msgid "case_sensitive (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3786 +#: sssd.conf.5.xml:3793 msgid "True" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3789 +#: sssd.conf.5.xml:3796 msgid "Case sensitive. This value is invalid for AD provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3795 +#: sssd.conf.5.xml:3802 msgid "False" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3797 +#: sssd.conf.5.xml:3804 msgid "Case insensitive." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3801 +#: sssd.conf.5.xml:3808 msgid "Preserving" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3804 +#: sssd.conf.5.xml:3811 msgid "" "Same as False (case insensitive), but does not lowercase names in the result " "of NSS operations. Note that name aliases (and in case of services also " @@ -4300,31 +4306,31 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3812 +#: sssd.conf.5.xml:3819 msgid "" "If you want to set this value for trusted domain with IPA provider, you need " "to set it on both the client and SSSD on the server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3782 +#: sssd.conf.5.xml:3789 msgid "" "Treat user and group names as case sensitive. Possible option values are: " "<placeholder type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3827 +#: sssd.conf.5.xml:3834 msgid "Default: True (False for AD provider)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3833 +#: sssd.conf.5.xml:3840 msgid "subdomain_inherit (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3836 +#: sssd.conf.5.xml:3843 msgid "" "Specifies a list of configuration parameters that should be inherited by a " "subdomain. Please note that only selected parameters can be inherited. " @@ -4332,104 +4338,104 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3842 +#: sssd.conf.5.xml:3849 msgid "ldap_search_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3845 +#: sssd.conf.5.xml:3852 msgid "ldap_network_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3848 +#: sssd.conf.5.xml:3855 msgid "ldap_opt_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3851 +#: sssd.conf.5.xml:3858 msgid "ldap_offline_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3854 +#: sssd.conf.5.xml:3861 msgid "ldap_enumeration_refresh_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3857 +#: sssd.conf.5.xml:3864 msgid "ldap_enumeration_refresh_offset" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3860 +#: sssd.conf.5.xml:3867 msgid "ldap_purge_cache_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3863 +#: sssd.conf.5.xml:3870 msgid "ldap_purge_cache_offset" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3866 +#: sssd.conf.5.xml:3873 msgid "" "ldap_krb5_keytab (the value of krb5_keytab will be used if ldap_krb5_keytab " "is not set explicitly)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3870 +#: sssd.conf.5.xml:3877 msgid "ldap_krb5_ticket_lifetime" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3873 +#: sssd.conf.5.xml:3880 msgid "ldap_enumeration_search_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3876 +#: sssd.conf.5.xml:3883 msgid "ldap_connection_expire_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3879 +#: sssd.conf.5.xml:3886 msgid "ldap_connection_expire_offset" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3882 +#: sssd.conf.5.xml:3889 msgid "ldap_connection_idle_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3885 sssd-ldap.5.xml:400 +#: sssd.conf.5.xml:3892 sssd-ldap.5.xml:401 msgid "ldap_use_tokengroups" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3888 +#: sssd.conf.5.xml:3895 msgid "ldap_user_principal" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3891 +#: sssd.conf.5.xml:3898 msgid "ignore_group_members" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3894 +#: sssd.conf.5.xml:3901 msgid "auto_private_groups" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3897 +#: sssd.conf.5.xml:3904 msgid "case_sensitive" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:3902 +#: sssd.conf.5.xml:3909 #, no-wrap msgid "" "subdomain_inherit = ldap_purge_cache_timeout\n" @@ -4437,27 +4443,27 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3909 +#: sssd.conf.5.xml:3916 msgid "Note: This option only works with the IPA and AD provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3916 +#: sssd.conf.5.xml:3923 msgid "subdomain_homedir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3927 +#: sssd.conf.5.xml:3934 msgid "%F" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3928 +#: sssd.conf.5.xml:3935 msgid "flat (NetBIOS) name of a subdomain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3919 +#: sssd.conf.5.xml:3926 msgid "" "Use this homedir as default value for all subdomains within this domain in " "IPA AD trust. See <emphasis>override_homedir</emphasis> for info about " @@ -4467,32 +4473,32 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3933 +#: sssd.conf.5.xml:3940 msgid "The value can be overridden by <emphasis>override_homedir</emphasis> option." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3937 +#: sssd.conf.5.xml:3944 msgid "Default: <filename>/home/%d/%u</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3942 +#: sssd.conf.5.xml:3949 msgid "realmd_tags (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3945 +#: sssd.conf.5.xml:3952 msgid "Various tags stored by the realmd configuration service for this domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3951 +#: sssd.conf.5.xml:3958 msgid "cached_auth_timeout (int)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3954 +#: sssd.conf.5.xml:3961 msgid "" "Specifies time in seconds since last successful online authentication for " "which user will be authenticated using cached credentials while SSSD is in " @@ -4501,19 +4507,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3962 +#: sssd.conf.5.xml:3969 msgid "" "This option's value is inherited by all trusted domains. At the moment it is " "not possible to set a different value per trusted domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3967 +#: sssd.conf.5.xml:3974 msgid "Special value 0 implies that this feature is disabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3971 +#: sssd.conf.5.xml:3978 msgid "" "Please note that if <quote>cached_auth_timeout</quote> is longer than " "<quote>pam_id_timeout</quote> then the back end could be called to handle " @@ -4521,12 +4527,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3982 +#: sssd.conf.5.xml:3989 msgid "local_auth_policy (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3985 +#: sssd.conf.5.xml:3992 msgid "" "Local authentication methods policy. Some backends (i.e. LDAP, proxy " "provider) only support a password based authentication, while others can " @@ -4537,7 +4543,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3995 +#: sssd.conf.5.xml:4002 msgid "" "There are three possible values for this option: match, only, " "enable. <quote>match</quote> is used to match offline and online states for " @@ -4548,8 +4554,17 @@ msgid "" "comma-separated, such as <quote>enable:passkey, enable:smartcard</quote>" msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4014 +msgid "" +"Please note that if local Smartcard authentication is enabled and a " +"Smartcard is present, Smartcard authentication will be preferred over the " +"authentication methods supported by the backend. I.e. there will be a PIN " +"prompt instead of e.g. a password prompt." +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:4011 +#: sssd.conf.5.xml:4026 #, no-wrap msgid "" "[domain/shadowutils]\n" @@ -4560,7 +4575,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4007 +#: sssd.conf.5.xml:4022 msgid "" "The following configuration example allows local users to authenticate " "locally using any enabled method (i.e. smartcard, passkey). <placeholder " @@ -4568,34 +4583,34 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4019 +#: sssd.conf.5.xml:4034 msgid "This option is ignored for the files provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4022 +#: sssd.conf.5.xml:4037 msgid "Default: match" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4027 +#: sssd.conf.5.xml:4042 msgid "auto_private_groups (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4033 +#: sssd.conf.5.xml:4048 msgid "true" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4036 +#: sssd.conf.5.xml:4051 msgid "" "Create user's private group unconditionally from user's UID number. The GID " "number is ignored in this case." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4040 +#: sssd.conf.5.xml:4055 msgid "" "NOTE: Because the GID number and the user private group are inferred from " "the UID number, it is not supported to have multiple entries with the same " @@ -4604,24 +4619,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4049 +#: sssd.conf.5.xml:4064 msgid "false" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4052 +#: sssd.conf.5.xml:4067 msgid "" "Always use the user's primary GID number. The GID number must refer to a " "group object in the LDAP database." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4058 +#: sssd.conf.5.xml:4073 msgid "hybrid" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4061 +#: sssd.conf.5.xml:4076 msgid "" "A primary group is autogenerated for user entries whose UID and GID numbers " "have the same value and at the same time the GID number does not correspond " @@ -4631,14 +4646,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4074 +#: sssd.conf.5.xml:4089 msgid "" "If the UID and GID of a user are different, then the GID must correspond to " "a group entry, otherwise the GID is simply not resolvable." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4081 +#: sssd.conf.5.xml:4096 msgid "" "This feature is useful for environments that wish to stop maintaining a " "separate group objects for the user private groups, but also wish to retain " @@ -4646,21 +4661,21 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4030 +#: sssd.conf.5.xml:4045 msgid "" "This option takes any of three available values: <placeholder " "type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4093 +#: sssd.conf.5.xml:4108 msgid "" "For subdomains, the default value is False for subdomains that use assigned " "POSIX IDs and True for subdomains that use automatic ID-mapping." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:4101 +#: sssd.conf.5.xml:4116 #, no-wrap msgid "" "[domain/forest.domain/sub.domain]\n" @@ -4668,7 +4683,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:4107 +#: sssd.conf.5.xml:4122 #, no-wrap msgid "" "[domain/forest.domain]\n" @@ -4677,7 +4692,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4098 +#: sssd.conf.5.xml:4113 msgid "" "The value of auto_private_groups can either be set per subdomains in a " "subsection, for example: <placeholder type=\"programlisting\" id=\"0\"/> or " @@ -4695,29 +4710,30 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4122 +#: sssd.conf.5.xml:4137 msgid "proxy_pam_target (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4125 +#: sssd.conf.5.xml:4140 msgid "The proxy target PAM proxies to." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4128 +#: sssd.conf.5.xml:4143 msgid "" "Default: not set by default, you have to take an existing pam configuration " -"or create a new one and add the service name here." +"or create a new one and add the service name here. As an alternative you can " +"enable local authentication with the local_auth_policy option." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4136 +#: sssd.conf.5.xml:4153 msgid "proxy_lib_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4139 +#: sssd.conf.5.xml:4156 msgid "" "The name of the NSS library to use in proxy domains. The NSS functions " "searched for in the library are in the form of _nss_$(libName)_$(function), " @@ -4725,12 +4741,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4149 +#: sssd.conf.5.xml:4166 msgid "proxy_resolver_lib_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4152 +#: sssd.conf.5.xml:4169 msgid "" "The name of the NSS library to use for hosts and networks lookups in proxy " "domains. The NSS functions searched for in the library are in the form of " @@ -4738,12 +4754,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4163 +#: sssd.conf.5.xml:4180 msgid "proxy_fast_alias (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4166 +#: sssd.conf.5.xml:4183 msgid "" "When a user or group is looked up by name in the proxy provider, a second " "lookup by ID is performed to \"canonicalize\" the name in case the requested " @@ -4752,12 +4768,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4180 +#: sssd.conf.5.xml:4197 msgid "proxy_max_children (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4183 +#: sssd.conf.5.xml:4200 msgid "" "This option specifies the number of pre-forked proxy children. It is useful " "for high-load SSSD environments where sssd may run out of available child " @@ -4765,19 +4781,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4118 +#: sssd.conf.5.xml:4133 msgid "" "Options valid for proxy domains. <placeholder type=\"variablelist\" " "id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:4199 +#: sssd.conf.5.xml:4216 msgid "Application domains" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4201 +#: sssd.conf.5.xml:4218 msgid "" "SSSD, with its D-Bus interface (see <citerefentry> " "<refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</manvolnum> " @@ -4795,7 +4811,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4221 +#: sssd.conf.5.xml:4238 msgid "" "Please note that the application domain must still be explicitly enabled in " "the <quote>domains</quote> parameter so that the lookup order between the " @@ -4803,17 +4819,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> -#: sssd.conf.5.xml:4227 +#: sssd.conf.5.xml:4244 msgid "Application domain parameters" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4229 +#: sssd.conf.5.xml:4246 msgid "inherit_from (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4232 +#: sssd.conf.5.xml:4249 msgid "" "The SSSD POSIX-type domain the application domain inherits all settings " "from. The application domain can moreover add its own settings to the " @@ -4822,7 +4838,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4246 +#: sssd.conf.5.xml:4263 msgid "" "The following example illustrates the use of an application domain. In this " "setup, the POSIX domain is connected to an LDAP server and is used by the OS " @@ -4832,7 +4848,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><programlisting> -#: sssd.conf.5.xml:4254 +#: sssd.conf.5.xml:4271 #, no-wrap msgid "" "[sssd]\n" @@ -4852,12 +4868,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4274 +#: sssd.conf.5.xml:4291 msgid "TRUSTED DOMAIN SECTION" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4276 +#: sssd.conf.5.xml:4293 msgid "" "Some options used in the domain section can also be used in the trusted " "domain section, that is, in a section called " @@ -4868,69 +4884,69 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4283 +#: sssd.conf.5.xml:4300 msgid "ldap_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4284 +#: sssd.conf.5.xml:4301 msgid "ldap_user_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4285 +#: sssd.conf.5.xml:4302 msgid "ldap_group_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4286 +#: sssd.conf.5.xml:4303 msgid "ldap_netgroup_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4287 +#: sssd.conf.5.xml:4304 msgid "ldap_service_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4288 +#: sssd.conf.5.xml:4305 msgid "ldap_sasl_mech," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4289 +#: sssd.conf.5.xml:4306 msgid "ad_server," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4290 +#: sssd.conf.5.xml:4307 msgid "ad_backup_server," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4291 +#: sssd.conf.5.xml:4308 msgid "ad_site," msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4292 sssd-ipa.5.xml:879 +#: sssd.conf.5.xml:4309 sssd-ipa.5.xml:884 msgid "use_fully_qualified_names" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4296 +#: sssd.conf.5.xml:4313 msgid "" "For more details about these options see their individual description in the " "manual page." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4302 +#: sssd.conf.5.xml:4319 msgid "CERTIFICATE MAPPING SECTION" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4304 +#: sssd.conf.5.xml:4321 msgid "" "To allow authentication with Smartcards and certificates SSSD must be able " "to map certificates to users. This can be done by adding the full " @@ -4944,7 +4960,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4318 +#: sssd.conf.5.xml:4335 msgid "" "To make the mapping more flexible mapping and matching rules were added to " "SSSD (see <citerefentry> <refentrytitle>sss-certmap</refentrytitle> " @@ -4952,7 +4968,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4327 +#: sssd.conf.5.xml:4344 msgid "" "A mapping and matching rule can be added to the SSSD configuration in a " "section on its own with a name like " @@ -4961,55 +4977,55 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4334 +#: sssd.conf.5.xml:4351 msgid "matchrule (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4337 +#: sssd.conf.5.xml:4354 msgid "" "Only certificates from the Smartcard which matches this rule will be " "processed, all others are ignored." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4341 +#: sssd.conf.5.xml:4358 msgid "" "Default: KRB5:<EKU>clientAuth, i.e. only certificates which have the " "Extended Key Usage <quote>clientAuth</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4348 +#: sssd.conf.5.xml:4365 msgid "maprule (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4351 +#: sssd.conf.5.xml:4368 msgid "Defines how the user is found for a given certificate." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4357 +#: sssd.conf.5.xml:4374 msgid "" "LDAP:(userCertificate;binary={cert!bin}) for LDAP based providers like " "<quote>ldap</quote>, <quote>AD</quote> or <quote>ipa</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4363 +#: sssd.conf.5.xml:4380 msgid "" "The RULE_NAME for the <quote>files</quote> provider which tries to find a " "user with the same name." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4372 +#: sssd.conf.5.xml:4389 msgid "domains (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4375 +#: sssd.conf.5.xml:4392 msgid "" "Comma separated list of domain names the rule should be applied. By default " "a rule is only valid in the domain configured in sssd.conf. If the provider " @@ -5018,17 +5034,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4382 +#: sssd.conf.5.xml:4399 msgid "Default: the configured domain in sssd.conf" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4387 +#: sssd.conf.5.xml:4404 msgid "priority (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4390 +#: sssd.conf.5.xml:4407 msgid "" "Unsigned integer value defining the priority of the rule. The higher the " "number the lower the priority. <quote>0</quote> stands for the highest " @@ -5036,26 +5052,26 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4396 +#: sssd.conf.5.xml:4413 msgid "Default: the lowest priority" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4402 +#: sssd.conf.5.xml:4419 msgid "" "To make the configuration simple and reduce the amount of configuration " "options the <quote>files</quote> provider has some special properties:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4408 +#: sssd.conf.5.xml:4425 msgid "" "if maprule is not set the RULE_NAME name is assumed to be the name of the " "matching user" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4414 +#: sssd.conf.5.xml:4431 msgid "" "if a maprule is used both a single user name or a template like " "<quote>{subject_rfc822_name.short_name}</quote> must be in braces like " @@ -5064,17 +5080,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4423 +#: sssd.conf.5.xml:4440 msgid "the <quote>domains</quote> option is ignored" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4431 +#: sssd.conf.5.xml:4448 msgid "PROMPTING CONFIGURATION SECTION" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4433 +#: sssd.conf.5.xml:4450 msgid "" "If a special file " "(<filename>/var/lib/sss/pubconf/pam_preauth_available</filename>) exists " @@ -5084,7 +5100,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4441 +#: sssd.conf.5.xml:4458 msgid "" "With the growing number of authentication methods and the possibility that " "there are multiple ones for a single user the heuristic used by pam_sss to " @@ -5093,59 +5109,59 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4453 +#: sssd.conf.5.xml:4470 msgid "[prompting/password]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4456 +#: sssd.conf.5.xml:4473 msgid "password_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4457 +#: sssd.conf.5.xml:4474 msgid "to change the string of the password prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4455 +#: sssd.conf.5.xml:4472 msgid "" "to configure password prompting, allowed options are: <placeholder " "type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4465 +#: sssd.conf.5.xml:4482 msgid "[prompting/2fa]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4469 +#: sssd.conf.5.xml:4486 msgid "first_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4470 +#: sssd.conf.5.xml:4487 msgid "to change the string of the prompt for the first factor" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4473 +#: sssd.conf.5.xml:4490 msgid "second_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4474 +#: sssd.conf.5.xml:4491 msgid "to change the string of the prompt for the second factor" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4477 +#: sssd.conf.5.xml:4494 msgid "single_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4478 +#: sssd.conf.5.xml:4495 msgid "" "boolean value, if True there will be only a single prompt using the value of " "first_prompt where it is expected that both factors are entered as a single " @@ -5154,7 +5170,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4467 +#: sssd.conf.5.xml:4484 msgid "" "to configure two-factor authentication prompting, allowed options are: " "<placeholder type=\"variablelist\" id=\"0\"/> If the second factor is " @@ -5163,17 +5179,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4495 +#: sssd.conf.5.xml:4512 msgid "[prompting/passkey]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4501 sssd-ad.5.xml:1021 +#: sssd.conf.5.xml:4518 sssd-ad.5.xml:1021 msgid "interactive" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4503 +#: sssd.conf.5.xml:4520 msgid "" "boolean value, if True prompt a message and wait before testing the presence " "of a passkey device. Recommended if your device doesn’t have a tactile " @@ -5181,46 +5197,46 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4511 +#: sssd.conf.5.xml:4528 msgid "interactive_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4513 +#: sssd.conf.5.xml:4530 msgid "to change the message of the interactive prompt." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4518 +#: sssd.conf.5.xml:4535 msgid "touch" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4520 +#: sssd.conf.5.xml:4537 msgid "" "boolean value, if True prompt a message to remind the user to touch the " "device." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4526 +#: sssd.conf.5.xml:4543 msgid "touch_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4528 +#: sssd.conf.5.xml:4545 msgid "to change the message of the touch prompt." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4497 +#: sssd.conf.5.xml:4514 msgid "" "to configure passkey authentication prompting, allowed options are: " "<placeholder type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4448 +#: sssd.conf.5.xml:4465 msgid "" "Each supported authentication method has its own configuration subsection " "under <quote>[prompting/...]</quote>. Currently there are: <placeholder " @@ -5229,7 +5245,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4539 +#: sssd.conf.5.xml:4556 msgid "" "It is possible to add a subsection for specific PAM services, " "e.g. <quote>[prompting/password/sshd]</quote> to individual change the " @@ -5237,12 +5253,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4546 pam_sss_gss.8.xml:157 idmap_sss.8.xml:43 +#: sssd.conf.5.xml:4563 pam_sss_gss.8.xml:157 idmap_sss.8.xml:43 msgid "EXAMPLES" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4552 +#: sssd.conf.5.xml:4569 #, no-wrap msgid "" "[sssd]\n" @@ -5272,7 +5288,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4548 +#: sssd.conf.5.xml:4565 msgid "" "1. The following example shows a typical SSSD config. It does not describe " "configuration of the domains themselves - refer to documentation on " @@ -5281,7 +5297,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4585 +#: sssd.conf.5.xml:4602 #, no-wrap msgid "" "[domain/ipa.com/child.ad.com]\n" @@ -5289,7 +5305,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4579 +#: sssd.conf.5.xml:4596 msgid "" "2. The following example shows configuration of IPA AD trust where the AD " "forest consists of two domains in a parent-child structure. Suppose IPA " @@ -5300,7 +5316,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4596 +#: sssd.conf.5.xml:4613 #, no-wrap msgid "" "[certmap/my.domain/rule_name]\n" @@ -5311,7 +5327,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4590 +#: sssd.conf.5.xml:4607 msgid "" "3. The following example shows the configuration of a certificate mapping " "rule. It is valid for the configured domain <quote>my.domain</quote> and " @@ -5366,26 +5382,26 @@ msgid "" "LDAP back end supports id, auth, access and chpass providers. If you want to " "authenticate against an LDAP server either TLS/SSL or LDAPS is " "required. <command>sssd</command> <emphasis>does not</emphasis> support " -"authentication over an unencrypted channel. If the LDAP server is used only " -"as an identity provider, an encrypted channel is not needed. Please refer to " -"<quote>ldap_access_filter</quote> config option for more information about " -"using LDAP as an access provider." +"authentication over an unencrypted channel. Even if the LDAP server is used " +"only as an identity provider, an encrypted channel is strongly " +"recommended. Please refer to <quote>ldap_access_filter</quote> config option " +"for more information about using LDAP as an access provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:82 sssd-ad.5.xml:130 +#: sssd-ldap.5.xml:50 sssd-simple.5.xml:69 sssd-ipa.5.xml:82 sssd-ad.5.xml:130 #: sssd-krb5.5.xml:63 sssd-ifp.5.xml:60 sssd-files.5.xml:77 #: sssd-session-recording.5.xml:58 sssd-kcm.8.xml:202 msgid "CONFIGURATION OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:66 +#: sssd-ldap.5.xml:67 msgid "ldap_uri, ldap_backup_uri (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:69 +#: sssd-ldap.5.xml:70 msgid "" "Specifies the comma-separated list of URIs of the LDAP servers to which SSSD " "should connect in the order of preference. Refer to the " @@ -5396,32 +5412,32 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:76 +#: sssd-ldap.5.xml:77 msgid "The format of the URI must match the format defined in RFC 2732:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:79 +#: sssd-ldap.5.xml:80 msgid "ldap[s]://<host>[:port]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:82 +#: sssd-ldap.5.xml:83 msgid "For explicit IPv6 addresses, <host> must be enclosed in brackets []" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:85 +#: sssd-ldap.5.xml:86 msgid "example: ldap://[fc00::126:25]:389" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:91 +#: sssd-ldap.5.xml:92 msgid "ldap_chpass_uri, ldap_chpass_backup_uri (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:94 +#: sssd-ldap.5.xml:95 msgid "" "Specifies the comma-separated list of URIs of the LDAP servers to which SSSD " "should connect in the order of preference to change the password of a " @@ -5430,71 +5446,71 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:101 +#: sssd-ldap.5.xml:102 msgid "To enable service discovery ldap_chpass_dns_service_name must be set." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:105 +#: sssd-ldap.5.xml:106 msgid "Default: empty, i.e. ldap_uri is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:111 +#: sssd-ldap.5.xml:112 msgid "ldap_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:114 +#: sssd-ldap.5.xml:115 msgid "The default base DN to use for performing LDAP user operations." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:118 +#: sssd-ldap.5.xml:119 msgid "" "Starting with SSSD 1.7.0, SSSD supports multiple search bases using the " "syntax:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:122 +#: sssd-ldap.5.xml:123 msgid "search_base[?scope?[filter][?search_base?scope?[filter]]*]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:125 +#: sssd-ldap.5.xml:126 msgid "The scope can be one of \"base\", \"onelevel\" or \"subtree\"." msgstr "" #. type: Content of: <listitem><para> -#: sssd-ldap.5.xml:128 include/ldap_search_bases.xml:18 +#: sssd-ldap.5.xml:129 include/ldap_search_bases.xml:18 msgid "" "The filter must be a valid LDAP search filter as specified by " "http://www.ietf.org/rfc/rfc2254.txt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:132 sssd-ad.5.xml:311 sss_override.8.xml:143 +#: sssd-ldap.5.xml:133 sssd-ad.5.xml:311 sss_override.8.xml:143 #: sss_override.8.xml:240 sssd-ldap-attributes.5.xml:453 msgid "Examples:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:135 +#: sssd-ldap.5.xml:136 msgid "" "ldap_search_base = dc=example,dc=com (which is equivalent to) " "ldap_search_base = dc=example,dc=com?subtree?" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:140 +#: sssd-ldap.5.xml:141 msgid "" "ldap_search_base = " "cn=host_specific,dc=example,dc=com?subtree?(host=thishost)?dc=example.com?subtree?" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:143 +#: sssd-ldap.5.xml:144 msgid "" "Note: It is unsupported to have multiple search bases which reference " "identically-named objects (for example, groups with the same name in two " @@ -5503,7 +5519,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:150 +#: sssd-ldap.5.xml:151 msgid "" "Default: If not set, the value of the defaultNamingContext or namingContexts " "attribute from the RootDSE of the LDAP server is used. If " @@ -5514,12 +5530,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:164 +#: sssd-ldap.5.xml:165 msgid "ldap_schema (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:167 +#: sssd-ldap.5.xml:168 msgid "" "Specifies the Schema Type in use on the target LDAP server. Depending on " "the selected schema, the default attribute names retrieved from the servers " @@ -5527,32 +5543,32 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:174 +#: sssd-ldap.5.xml:175 msgid "Four schema types are currently supported:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:178 +#: sssd-ldap.5.xml:179 msgid "rfc2307" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:183 +#: sssd-ldap.5.xml:184 msgid "rfc2307bis" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:188 +#: sssd-ldap.5.xml:189 msgid "IPA" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:193 +#: sssd-ldap.5.xml:194 msgid "AD" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:199 +#: sssd-ldap.5.xml:200 msgid "" "The main difference between these schema types is how group memberships are " "recorded in the server. With rfc2307, group members are listed by name in " @@ -5563,37 +5579,37 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:209 +#: sssd-ldap.5.xml:210 msgid "Default: rfc2307" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:215 +#: sssd-ldap.5.xml:216 msgid "ldap_pwmodify_mode (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:218 +#: sssd-ldap.5.xml:219 msgid "Specify the operation that is used to modify user password." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:222 +#: sssd-ldap.5.xml:223 msgid "Two modes are currently supported:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:226 +#: sssd-ldap.5.xml:227 msgid "exop - Password Modify Extended Operation (RFC 3062)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:232 +#: sssd-ldap.5.xml:233 msgid "ldap_modify - Direct modification of userPassword (not recommended)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:239 +#: sssd-ldap.5.xml:240 msgid "" "Note: First, a new connection is established to verify current password by " "binding as the user that requested password change. If successful, this " @@ -5602,74 +5618,74 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:247 +#: sssd-ldap.5.xml:248 msgid "Default: exop" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:253 +#: sssd-ldap.5.xml:254 msgid "ldap_default_bind_dn (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:256 +#: sssd-ldap.5.xml:257 msgid "The default bind DN to use for performing LDAP operations." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:263 +#: sssd-ldap.5.xml:264 msgid "ldap_default_authtok_type (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:266 +#: sssd-ldap.5.xml:267 msgid "The type of the authentication token of the default bind DN." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:270 +#: sssd-ldap.5.xml:271 msgid "The two mechanisms currently supported are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:273 +#: sssd-ldap.5.xml:274 msgid "password" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:276 +#: sssd-ldap.5.xml:277 msgid "obfuscated_password" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:279 +#: sssd-ldap.5.xml:280 msgid "Default: password" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:282 +#: sssd-ldap.5.xml:283 msgid "" "See the <citerefentry> <refentrytitle>sss_obfuscate</refentrytitle> " "<manvolnum>8</manvolnum> </citerefentry> manual page for more information." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:293 +#: sssd-ldap.5.xml:294 msgid "ldap_default_authtok (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:296 +#: sssd-ldap.5.xml:297 msgid "The authentication token of the default bind DN." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:302 +#: sssd-ldap.5.xml:303 msgid "ldap_force_upper_case_realm (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:305 +#: sssd-ldap.5.xml:306 msgid "" "Some directory servers, for example Active Directory, might deliver the " "realm part of the UPN in lower case, which might cause the authentication to " @@ -5678,24 +5694,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:318 +#: sssd-ldap.5.xml:319 msgid "ldap_enumeration_refresh_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:321 +#: sssd-ldap.5.xml:322 msgid "" "Specifies how many seconds SSSD has to wait before refreshing its cache of " "enumerated records." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:337 +#: sssd-ldap.5.xml:338 msgid "ldap_purge_cache_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:340 +#: sssd-ldap.5.xml:341 msgid "" "Determine how often to check the cache for inactive entries (such as groups " "with no members and users who have never logged in) and remove them to save " @@ -5703,7 +5719,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:346 +#: sssd-ldap.5.xml:347 msgid "" "Setting this option to zero will disable the cache cleanup operation. Please " "note that if enumeration is enabled, the cleanup task is required in order " @@ -5712,12 +5728,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:366 +#: sssd-ldap.5.xml:367 msgid "ldap_group_nesting_level (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:369 +#: sssd-ldap.5.xml:370 msgid "" "If ldap_schema is set to a schema format that supports nested groups " "(e.g. RFC2307bis), then this option controls how many levels of nesting SSSD " @@ -5725,7 +5741,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:376 +#: sssd-ldap.5.xml:377 msgid "" "Note: This option specifies the guaranteed level of nested groups to be " "processed for any lookup. However, nested groups beyond this limit " @@ -5735,7 +5751,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:385 +#: sssd-ldap.5.xml:386 msgid "" "If ldap_group_nesting_level is set to 0 then no nested groups are processed " "at all. However, when connected to Active-Directory Server 2008 and later " @@ -5745,67 +5761,67 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:394 +#: sssd-ldap.5.xml:395 msgid "Default: 2" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:403 +#: sssd-ldap.5.xml:404 msgid "" "This options enables or disables use of Token-Groups attribute when " "performing initgroup for users from Active Directory Server 2008 and later." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:413 +#: sssd-ldap.5.xml:414 msgid "Default: True for AD and IPA otherwise False." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:419 +#: sssd-ldap.5.xml:420 msgid "ldap_host_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:422 +#: sssd-ldap.5.xml:423 msgid "Optional. Use the given string as search base for host objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:426 sssd-ipa.5.xml:457 sssd-ipa.5.xml:476 sssd-ipa.5.xml:495 -#: sssd-ipa.5.xml:514 +#: sssd-ldap.5.xml:427 sssd-ipa.5.xml:462 sssd-ipa.5.xml:481 sssd-ipa.5.xml:500 +#: sssd-ipa.5.xml:519 msgid "" "See <quote>ldap_search_base</quote> for information about configuring " "multiple search bases." msgstr "" #. type: Content of: <listitem><para> -#: sssd-ldap.5.xml:431 sssd-ipa.5.xml:462 include/ldap_search_bases.xml:27 +#: sssd-ldap.5.xml:432 sssd-ipa.5.xml:467 include/ldap_search_bases.xml:27 msgid "Default: the value of <emphasis>ldap_search_base</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:438 +#: sssd-ldap.5.xml:439 msgid "ldap_service_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:443 +#: sssd-ldap.5.xml:444 msgid "ldap_iphost_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:448 +#: sssd-ldap.5.xml:449 msgid "ldap_ipnetwork_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:453 +#: sssd-ldap.5.xml:454 msgid "ldap_search_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:456 +#: sssd-ldap.5.xml:457 msgid "" "Specifies the timeout (in seconds) that ldap searches are allowed to run " "before they are cancelled and cached results are returned (and offline mode " @@ -5813,7 +5829,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:462 +#: sssd-ldap.5.xml:463 msgid "" "Note: this option is subject to change in future versions of the SSSD. It " "will likely be replaced at some point by a series of timeouts for specific " @@ -5821,12 +5837,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:479 +#: sssd-ldap.5.xml:480 msgid "ldap_enumeration_search_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:482 +#: sssd-ldap.5.xml:483 msgid "" "Specifies the timeout (in seconds) that ldap searches for user and group " "enumerations are allowed to run before they are cancelled and cached results " @@ -5834,12 +5850,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:500 +#: sssd-ldap.5.xml:501 msgid "ldap_network_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:503 +#: sssd-ldap.5.xml:504 msgid "" "Specifies the timeout (in seconds) after which the <citerefentry> " "<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> " @@ -5850,12 +5866,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:531 +#: sssd-ldap.5.xml:532 msgid "ldap_opt_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:534 +#: sssd-ldap.5.xml:535 msgid "" "Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs " "will abort if no response is received. Also controls the timeout when " @@ -5864,12 +5880,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:554 +#: sssd-ldap.5.xml:555 msgid "ldap_connection_expire_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:557 +#: sssd-ldap.5.xml:558 msgid "" "Specifies a timeout (in seconds) that a connection to an LDAP server will be " "maintained. After this time, the connection will be re-established. If used " @@ -5878,7 +5894,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:565 +#: sssd-ldap.5.xml:566 msgid "" "If the connection is idle (not actively running an operation) within " "<emphasis>ldap_opt_timeout</emphasis> seconds of expiration, then it will be " @@ -5889,36 +5905,36 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:577 +#: sssd-ldap.5.xml:578 msgid "" "This timeout can be extended of a random value specified by " "<emphasis>ldap_connection_expire_offset</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:587 sssd-ldap.5.xml:630 sssd-ldap.5.xml:1711 +#: sssd-ldap.5.xml:588 sssd-ldap.5.xml:631 sssd-ldap.5.xml:1713 msgid "Default: 900 (15 minutes)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:593 +#: sssd-ldap.5.xml:594 msgid "ldap_connection_expire_offset (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:596 +#: sssd-ldap.5.xml:597 msgid "" "Random offset between 0 and configured value is added to " "<emphasis>ldap_connection_expire_timeout</emphasis>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:612 +#: sssd-ldap.5.xml:613 msgid "ldap_connection_idle_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:615 +#: sssd-ldap.5.xml:616 msgid "" "Specifies a timeout (in seconds) that an idle connection to an LDAP server " "will be maintained. If the connection is idle for more than this time then " @@ -5926,29 +5942,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:621 +#: sssd-ldap.5.xml:622 msgid "You can disable this timeout by setting the value to 0." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:636 +#: sssd-ldap.5.xml:637 msgid "ldap_page_size (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:639 +#: sssd-ldap.5.xml:640 msgid "" "Specify the number of records to retrieve from LDAP in a single " "request. Some LDAP servers enforce a maximum limit per-request." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:650 +#: sssd-ldap.5.xml:651 msgid "ldap_disable_paging (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:653 +#: sssd-ldap.5.xml:654 msgid "" "Disable the LDAP paging control. This option should be used if the LDAP " "server reports that it supports the LDAP paging control in its RootDSE but " @@ -5956,7 +5972,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:659 +#: sssd-ldap.5.xml:660 msgid "" "Example: OpenLDAP servers with the paging control module installed on the " "server but not enabled will report it in the RootDSE but be unable to use " @@ -5964,7 +5980,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:665 +#: sssd-ldap.5.xml:666 msgid "" "Example: 389 DS has a bug where it can only support a one paging control at " "a time on a single connection. On busy clients, this can result in some " @@ -5972,17 +5988,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:677 +#: sssd-ldap.5.xml:678 msgid "ldap_disable_range_retrieval (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:680 +#: sssd-ldap.5.xml:681 msgid "Disable Active Directory range retrieval." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:683 +#: sssd-ldap.5.xml:684 msgid "" "Active Directory limits the number of members to be retrieved in a single " "lookup using the MaxValRange policy (which defaults to 1500 members). If a " @@ -5992,12 +6008,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:698 +#: sssd-ldap.5.xml:699 msgid "ldap_sasl_minssf (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:701 +#: sssd-ldap.5.xml:702 msgid "" "When communicating with an LDAP server using SASL, specify the minimum " "security level necessary to establish the connection. The values of this " @@ -6005,17 +6021,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:707 sssd-ldap.5.xml:723 +#: sssd-ldap.5.xml:708 sssd-ldap.5.xml:724 msgid "Default: Use the system default (usually specified by ldap.conf)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:714 +#: sssd-ldap.5.xml:715 msgid "ldap_sasl_maxssf (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:717 +#: sssd-ldap.5.xml:718 msgid "" "When communicating with an LDAP server using SASL, specify the maximal " "security level necessary to establish the connection. The values of this " @@ -6023,12 +6039,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:730 +#: sssd-ldap.5.xml:731 msgid "ldap_deref_threshold (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:733 +#: sssd-ldap.5.xml:734 msgid "" "Specify the number of group members that must be missing from the internal " "cache in order to trigger a dereference lookup. If less members are missing, " @@ -6036,7 +6052,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:739 +#: sssd-ldap.5.xml:740 msgid "" "You can turn off dereference lookups completely by setting the value to " "0. Please note that there are some codepaths in SSSD, like the IPA HBAC " @@ -6047,7 +6063,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:750 +#: sssd-ldap.5.xml:751 msgid "" "A dereference lookup is a means of fetching all group members in a single " "LDAP call. Different LDAP servers may implement different dereference " @@ -6056,7 +6072,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:758 +#: sssd-ldap.5.xml:759 msgid "" "<emphasis>Note:</emphasis> If any of the search bases specifies a search " "filter, then the dereference lookup performance enhancement will be disabled " @@ -6064,12 +6080,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:771 +#: sssd-ldap.5.xml:772 msgid "ldap_ignore_unreadable_references (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:774 +#: sssd-ldap.5.xml:775 msgid "" "Ignore unreadable LDAP entries referenced in group's member attribute. If " "this parameter is set to false an error will be returned and the operation " @@ -6077,7 +6093,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:781 +#: sssd-ldap.5.xml:782 msgid "" "This parameter may be useful when using the AD provider and the computer " "account that sssd uses to connect to AD does not have access to a particular " @@ -6085,26 +6101,26 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:794 +#: sssd-ldap.5.xml:795 msgid "ldap_tls_reqcert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:797 +#: sssd-ldap.5.xml:798 msgid "" "Specifies what checks to perform on server certificates in a TLS session, if " "any. It can be specified as one of the following values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:803 +#: sssd-ldap.5.xml:804 msgid "" "<emphasis>never</emphasis> = The client will not request or check any server " "certificate." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:807 +#: sssd-ldap.5.xml:808 msgid "" "<emphasis>allow</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -6112,7 +6128,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:814 +#: sssd-ldap.5.xml:815 msgid "" "<emphasis>try</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -6120,7 +6136,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:820 +#: sssd-ldap.5.xml:821 msgid "" "<emphasis>demand</emphasis> = The server certificate is requested. If no " "certificate is provided, or a bad certificate is provided, the session is " @@ -6128,41 +6144,41 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:826 +#: sssd-ldap.5.xml:827 msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:830 +#: sssd-ldap.5.xml:831 msgid "Default: hard" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:836 +#: sssd-ldap.5.xml:837 msgid "ldap_tls_cacert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:839 +#: sssd-ldap.5.xml:840 msgid "" "Specifies the file that contains certificates for all of the Certificate " "Authorities that <command>sssd</command> will recognize." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:844 sssd-ldap.5.xml:862 sssd-ldap.5.xml:903 +#: sssd-ldap.5.xml:845 sssd-ldap.5.xml:863 sssd-ldap.5.xml:904 msgid "" "Default: use OpenLDAP defaults, typically in " "<filename>/etc/openldap/ldap.conf</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:851 +#: sssd-ldap.5.xml:852 msgid "ldap_tls_cacertdir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:854 +#: sssd-ldap.5.xml:855 msgid "" "Specifies the path of a directory that contains Certificate Authority " "certificates in separate individual files. Typically the file names need to " @@ -6171,32 +6187,32 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:869 +#: sssd-ldap.5.xml:870 msgid "ldap_tls_cert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:872 +#: sssd-ldap.5.xml:873 msgid "Specifies the file that contains the certificate for the client's key." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:882 +#: sssd-ldap.5.xml:883 msgid "ldap_tls_key (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:885 +#: sssd-ldap.5.xml:886 msgid "Specifies the file that contains the client's key." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:894 +#: sssd-ldap.5.xml:895 msgid "ldap_tls_cipher_suite (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:897 +#: sssd-ldap.5.xml:898 msgid "" "Specifies acceptable cipher suites. Typically this is a colon separated " "list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> " @@ -6204,24 +6220,25 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:910 +#: sssd-ldap.5.xml:911 msgid "ldap_id_use_start_tls (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:913 +#: sssd-ldap.5.xml:914 msgid "" "Specifies that the id_provider connection must also use <systemitem " -"class=\"protocol\">tls</systemitem> to protect the channel." +"class=\"protocol\">tls</systemitem> to protect the channel. " +"<emphasis>true</emphasis> is strongly recommended for security reasons." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:923 +#: sssd-ldap.5.xml:925 msgid "ldap_id_mapping (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:926 +#: sssd-ldap.5.xml:928 msgid "" "Specifies that SSSD should attempt to map user and group IDs from the " "ldap_user_objectsid and ldap_group_objectsid attributes instead of relying " @@ -6229,17 +6246,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:932 +#: sssd-ldap.5.xml:934 msgid "Currently this feature supports only ActiveDirectory objectSID mapping." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:942 +#: sssd-ldap.5.xml:944 msgid "ldap_min_id, ldap_max_id (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:945 +#: sssd-ldap.5.xml:947 msgid "" "In contrast to the SID based ID mapping which is used if ldap_id_mapping is " "set to true the allowed ID range for ldap_user_uid_number and " @@ -6250,24 +6267,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:957 +#: sssd-ldap.5.xml:959 msgid "Default: not set (both options are set to 0)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:963 +#: sssd-ldap.5.xml:965 msgid "ldap_sasl_mech (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:966 +#: sssd-ldap.5.xml:968 msgid "" "Specify the SASL mechanism to use. Currently only GSSAPI and GSS-SPNEGO are " "tested and supported." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:970 +#: sssd-ldap.5.xml:972 msgid "" "If the backend supports sub-domains the value of ldap_sasl_mech is " "automatically inherited to the sub-domains. If a different value is needed " @@ -6278,12 +6295,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:986 +#: sssd-ldap.5.xml:988 msgid "ldap_sasl_authid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd-ldap.5.xml:998 +#: sssd-ldap.5.xml:1000 #, no-wrap msgid "" "hostname@REALM\n" @@ -6296,7 +6313,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:989 +#: sssd-ldap.5.xml:991 msgid "" "Specify the SASL authorization id to use. When GSSAPI/GSS-SPNEGO are used, " "this represents the Kerberos principal used for authentication to the " @@ -6308,17 +6325,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1009 +#: sssd-ldap.5.xml:1011 msgid "Default: host/hostname@REALM" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1015 +#: sssd-ldap.5.xml:1017 msgid "ldap_sasl_realm (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1018 +#: sssd-ldap.5.xml:1020 msgid "" "Specify the SASL realm to use. When not specified, this option defaults to " "the value of krb5_realm. If the ldap_sasl_authid contains the realm as " @@ -6326,49 +6343,49 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1024 +#: sssd-ldap.5.xml:1026 msgid "Default: the value of krb5_realm." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1030 +#: sssd-ldap.5.xml:1032 msgid "ldap_sasl_canonicalize (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1033 +#: sssd-ldap.5.xml:1035 msgid "" "If set to true, the LDAP library would perform a reverse lookup to " "canonicalize the host name during a SASL bind." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1038 +#: sssd-ldap.5.xml:1040 msgid "Default: false;" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1044 +#: sssd-ldap.5.xml:1046 msgid "ldap_krb5_keytab (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1047 +#: sssd-ldap.5.xml:1049 msgid "Specify the keytab to use when using SASL/GSSAPI/GSS-SPNEGO." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1056 sssd-krb5.5.xml:247 +#: sssd-ldap.5.xml:1058 sssd-krb5.5.xml:247 msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1062 +#: sssd-ldap.5.xml:1064 msgid "ldap_krb5_init_creds (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1065 +#: sssd-ldap.5.xml:1067 msgid "" "Specifies that the id_provider should init Kerberos credentials (TGT). This " "action is performed only if SASL is used and the mechanism selected is " @@ -6376,29 +6393,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1077 +#: sssd-ldap.5.xml:1079 msgid "ldap_krb5_ticket_lifetime (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1080 +#: sssd-ldap.5.xml:1082 msgid "" "Specifies the lifetime in seconds of the TGT if GSSAPI or GSS-SPNEGO is " "used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1089 sssd-ad.5.xml:1252 +#: sssd-ldap.5.xml:1091 sssd-ad.5.xml:1252 msgid "Default: 86400 (24 hours)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1095 sssd-krb5.5.xml:74 +#: sssd-ldap.5.xml:1097 sssd-krb5.5.xml:74 msgid "krb5_server, krb5_backup_server (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1098 +#: sssd-ldap.5.xml:1100 msgid "" "Specifies the comma-separated list of IP addresses or hostnames of the " "Kerberos servers to which SSSD should connect in the order of " @@ -6410,7 +6427,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1110 sssd-krb5.5.xml:89 +#: sssd-ldap.5.xml:1112 sssd-krb5.5.xml:89 msgid "" "When using service discovery for KDC or kpasswd servers, SSSD first searches " "for DNS entries that specify _udp as the protocol and falls back to _tcp if " @@ -6418,7 +6435,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1115 sssd-krb5.5.xml:94 +#: sssd-ldap.5.xml:1117 sssd-krb5.5.xml:94 msgid "" "This option was named <quote>krb5_kdcip</quote> in earlier releases of " "SSSD. While the legacy name is recognized for the time being, users are " @@ -6427,39 +6444,39 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1124 sssd-ipa.5.xml:526 sssd-krb5.5.xml:103 +#: sssd-ldap.5.xml:1126 sssd-ipa.5.xml:531 sssd-krb5.5.xml:103 msgid "krb5_realm (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1127 +#: sssd-ldap.5.xml:1129 msgid "Specify the Kerberos REALM (for SASL/GSSAPI/GSS-SPNEGO auth)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1131 +#: sssd-ldap.5.xml:1133 msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>" msgstr "" #. type: Content of: <variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1137 include/krb5_options.xml:154 +#: sssd-ldap.5.xml:1139 include/krb5_options.xml:154 msgid "krb5_canonicalize (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1140 +#: sssd-ldap.5.xml:1142 msgid "" "Specifies if the host principal should be canonicalized when connecting to " "LDAP server. This feature is available with MIT Kerberos >= 1.7" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1152 sssd-krb5.5.xml:336 +#: sssd-ldap.5.xml:1154 sssd-krb5.5.xml:336 msgid "krb5_use_kdcinfo (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1155 sssd-krb5.5.xml:339 +#: sssd-ldap.5.xml:1157 sssd-krb5.5.xml:339 msgid "" "Specifies if the SSSD should instruct the Kerberos libraries what realm and " "which KDCs to use. This option is on by default, if you disable it, you need " @@ -6469,7 +6486,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1166 sssd-krb5.5.xml:350 +#: sssd-ldap.5.xml:1168 sssd-krb5.5.xml:350 msgid "" "See the <citerefentry> " "<refentrytitle>sssd_krb5_locator_plugin</refentrytitle> " @@ -6478,26 +6495,26 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1180 +#: sssd-ldap.5.xml:1182 msgid "ldap_pwd_policy (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1183 +#: sssd-ldap.5.xml:1185 msgid "" "Select the policy to evaluate the password expiration on the client " "side. The following values are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1188 +#: sssd-ldap.5.xml:1190 msgid "" "<emphasis>none</emphasis> - No evaluation on the client side. This option " "cannot disable server-side password policies." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1193 +#: sssd-ldap.5.xml:1195 msgid "" "<emphasis>shadow</emphasis> - Use " "<citerefentry><refentrytitle>shadow</refentrytitle> " @@ -6507,7 +6524,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1201 +#: sssd-ldap.5.xml:1203 msgid "" "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos " "to determine if the password has expired. Use chpass_provider=krb5 to update " @@ -6515,31 +6532,31 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1210 +#: sssd-ldap.5.xml:1212 msgid "" "<emphasis>Note</emphasis>: if a password policy is configured on server " "side, it always takes precedence over policy set with this option." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1218 +#: sssd-ldap.5.xml:1220 msgid "ldap_referrals (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1221 +#: sssd-ldap.5.xml:1223 msgid "Specifies whether automatic referral chasing should be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1225 +#: sssd-ldap.5.xml:1227 msgid "" "Please note that sssd only supports referral chasing when it is compiled " "with OpenLDAP version 2.4.13 or higher." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1230 +#: sssd-ldap.5.xml:1232 msgid "" "Chasing referrals may incur a performance penalty in environments that use " "them heavily, a notable example is Microsoft Active Directory. If your setup " @@ -6552,51 +6569,51 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1249 +#: sssd-ldap.5.xml:1251 msgid "ldap_dns_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1252 +#: sssd-ldap.5.xml:1254 msgid "Specifies the service name to use when service discovery is enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1256 +#: sssd-ldap.5.xml:1258 msgid "Default: ldap" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1262 +#: sssd-ldap.5.xml:1264 msgid "ldap_chpass_dns_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1265 +#: sssd-ldap.5.xml:1267 msgid "" "Specifies the service name to use to find an LDAP server which allows " "password changes when service discovery is enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1270 +#: sssd-ldap.5.xml:1272 msgid "Default: not set, i.e. service discovery is disabled" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1276 +#: sssd-ldap.5.xml:1278 msgid "ldap_chpass_update_last_change (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1279 +#: sssd-ldap.5.xml:1281 msgid "" "Specifies whether to update the ldap_user_shadow_last_change attribute with " "days since the Epoch after a password change operation." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1285 +#: sssd-ldap.5.xml:1287 msgid "" "It is recommend to set this option explicitly if \"ldap_pwd_policy = " "shadow\" is used to let SSSD know if the LDAP server will update " @@ -6605,12 +6622,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1299 +#: sssd-ldap.5.xml:1301 msgid "ldap_access_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1302 +#: sssd-ldap.5.xml:1304 msgid "" "If using access_provider = ldap and ldap_access_order = filter (default), " "this option is mandatory. It specifies an LDAP search filter criteria that " @@ -6627,12 +6644,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1322 +#: sssd-ldap.5.xml:1324 msgid "Example:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> -#: sssd-ldap.5.xml:1325 +#: sssd-ldap.5.xml:1327 #, no-wrap msgid "" "access_provider = ldap\n" @@ -6641,14 +6658,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1329 +#: sssd-ldap.5.xml:1331 msgid "" "This example means that access to this host is restricted to users whose " "employeeType attribute is set to \"admin\"." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1334 +#: sssd-ldap.5.xml:1336 msgid "" "Offline caching for this feature is limited to determining whether the " "user's last online login was granted access permission. If they were granted " @@ -6657,24 +6674,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1342 sssd-ldap.5.xml:1398 +#: sssd-ldap.5.xml:1344 sssd-ldap.5.xml:1400 msgid "Default: Empty" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1348 +#: sssd-ldap.5.xml:1350 msgid "ldap_account_expire_policy (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1351 +#: sssd-ldap.5.xml:1353 msgid "" "With this option a client side evaluation of access control attributes can " "be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1355 +#: sssd-ldap.5.xml:1357 msgid "" "Please note that it is always recommended to use server side access control, " "i.e. the LDAP server should deny the bind request with a suitable error code " @@ -6682,19 +6699,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1362 +#: sssd-ldap.5.xml:1364 msgid "The following values are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1365 +#: sssd-ldap.5.xml:1367 msgid "" "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to " "determine if the account is expired." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1370 +#: sssd-ldap.5.xml:1372 msgid "" "<emphasis>ad</emphasis>: use the value of the 32bit field " "ldap_user_ad_user_account_control and allow access if the second bit is not " @@ -6703,7 +6720,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1377 +#: sssd-ldap.5.xml:1379 msgid "" "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, " "<emphasis>389ds</emphasis>: use the value of ldap_ns_account_lock to check " @@ -6711,7 +6728,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1383 +#: sssd-ldap.5.xml:1385 msgid "" "<emphasis>nds</emphasis>: the values of " "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and " @@ -6720,7 +6737,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1391 +#: sssd-ldap.5.xml:1393 msgid "" "Please note that the ldap_access_order configuration option " "<emphasis>must</emphasis> include <quote>expire</quote> in order for the " @@ -6728,22 +6745,22 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1404 +#: sssd-ldap.5.xml:1406 msgid "ldap_access_order (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1407 sssd-ipa.5.xml:351 +#: sssd-ldap.5.xml:1409 sssd-ipa.5.xml:356 msgid "Comma separated list of access control options. Allowed values are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1411 +#: sssd-ldap.5.xml:1413 msgid "<emphasis>filter</emphasis>: use ldap_access_filter" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1414 +#: sssd-ldap.5.xml:1416 msgid "" "<emphasis>lockout</emphasis>: use account locking. If set, this option " "denies access in case that ldap attribute 'pwdAccountLockedTime' is present " @@ -6753,7 +6770,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1424 +#: sssd-ldap.5.xml:1426 msgid "" "<emphasis> Please note that this option is superseded by the " "<quote>ppolicy</quote> option and might be removed in a future release. " @@ -6761,7 +6778,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1431 +#: sssd-ldap.5.xml:1433 msgid "" "<emphasis>ppolicy</emphasis>: use account locking. If set, this option " "denies access in case that ldap attribute 'pwdAccountLockedTime' is present " @@ -6774,12 +6791,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1448 +#: sssd-ldap.5.xml:1450 msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1452 sssd-ipa.5.xml:359 +#: sssd-ldap.5.xml:1454 sssd-ipa.5.xml:364 msgid "" "<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, " "pwd_expire_policy_renew: </emphasis> These options are useful if users are " @@ -6789,57 +6806,57 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1462 sssd-ipa.5.xml:369 +#: sssd-ldap.5.xml:1464 sssd-ipa.5.xml:374 msgid "" "The difference between these options is the action taken if user password is " "expired:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:1467 sssd-ipa.5.xml:374 +#: sssd-ldap.5.xml:1469 sssd-ipa.5.xml:379 msgid "pwd_expire_policy_reject - user is denied to log in," msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:1473 sssd-ipa.5.xml:380 +#: sssd-ldap.5.xml:1475 sssd-ipa.5.xml:385 msgid "pwd_expire_policy_warn - user is still able to log in," msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:1479 sssd-ipa.5.xml:386 +#: sssd-ldap.5.xml:1481 sssd-ipa.5.xml:391 msgid "" "pwd_expire_policy_renew - user is prompted to change their password " "immediately." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1487 +#: sssd-ldap.5.xml:1489 msgid "" "Please note that 'access_provider = ldap' must be set for this feature to " "work. Also 'ldap_pwd_policy' must be set to an appropriate password policy." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1492 +#: sssd-ldap.5.xml:1494 msgid "" "<emphasis>authorized_service</emphasis>: use the authorizedService attribute " "to determine access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1497 +#: sssd-ldap.5.xml:1499 msgid "<emphasis>host</emphasis>: use the host attribute to determine access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1501 +#: sssd-ldap.5.xml:1503 msgid "" "<emphasis>rhost</emphasis>: use the rhost attribute to determine whether " "remote host can access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1505 +#: sssd-ldap.5.xml:1507 msgid "" "Please note, rhost field in pam is set by application, it is better to check " "what the application sends to pam, before enabling this access control " @@ -6847,24 +6864,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1510 +#: sssd-ldap.5.xml:1512 msgid "Default: filter" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1513 +#: sssd-ldap.5.xml:1515 msgid "" "Please note that it is a configuration error if a value is used more than " "once." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1520 +#: sssd-ldap.5.xml:1522 msgid "ldap_pwdlockout_dn (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1523 +#: sssd-ldap.5.xml:1525 msgid "" "This option specifies the DN of password policy entry on LDAP server. Please " "note that absence of this option in sssd.conf in case of enabled account " @@ -6873,74 +6890,74 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1531 +#: sssd-ldap.5.xml:1533 msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1534 +#: sssd-ldap.5.xml:1536 msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1540 +#: sssd-ldap.5.xml:1542 msgid "ldap_deref (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1543 +#: sssd-ldap.5.xml:1545 msgid "" "Specifies how alias dereferencing is done when performing a search. The " "following options are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1548 +#: sssd-ldap.5.xml:1550 msgid "<emphasis>never</emphasis>: Aliases are never dereferenced." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1552 +#: sssd-ldap.5.xml:1554 msgid "" "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of " "the base object, but not in locating the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1557 +#: sssd-ldap.5.xml:1559 msgid "" "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating " "the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1562 +#: sssd-ldap.5.xml:1564 msgid "" "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and " "in locating the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1567 +#: sssd-ldap.5.xml:1569 msgid "" "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP " "client libraries)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1575 +#: sssd-ldap.5.xml:1577 msgid "ldap_rfc2307_fallback_to_local_users (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1578 +#: sssd-ldap.5.xml:1580 msgid "" "Allows to retain local users as members of an LDAP group for servers that " "use the RFC2307 schema." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1582 +#: sssd-ldap.5.xml:1584 msgid "" "In some environments where the RFC2307 schema is used, local users are made " "members of LDAP groups by adding their names to the memberUid attribute. " @@ -6951,7 +6968,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1593 +#: sssd-ldap.5.xml:1595 msgid "" "This option falls back to checking if local users are referenced, and caches " "them so that later initgroups() calls will augment the local users with the " @@ -6959,53 +6976,53 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1605 sssd-ifp.5.xml:152 +#: sssd-ldap.5.xml:1607 sssd-ifp.5.xml:152 msgid "wildcard_limit (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1608 +#: sssd-ldap.5.xml:1610 msgid "" "Specifies an upper limit on the number of entries that are downloaded during " "a wildcard lookup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1612 +#: sssd-ldap.5.xml:1614 msgid "At the moment, only the InfoPipe responder supports wildcard lookups." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1616 +#: sssd-ldap.5.xml:1618 msgid "Default: 1000 (often the size of one page)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1622 +#: sssd-ldap.5.xml:1624 msgid "ldap_library_debug_level (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1625 +#: sssd-ldap.5.xml:1627 msgid "" "Switches on libldap debugging with the given level. The libldap debug " "messages will be written independent of the general debug_level." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1630 +#: sssd-ldap.5.xml:1632 msgid "" "OpenLDAP uses a bitmap to enable debugging for specific components, -1 will " "enable full debug output." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1635 +#: sssd-ldap.5.xml:1637 msgid "Default: 0 (libldap debugging disabled)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:51 +#: sssd-ldap.5.xml:52 msgid "" "All of the common configuration options that apply to SSSD domains also " "apply to LDAP domains. Refer to the <quote>DOMAIN SECTIONS</quote> section " @@ -7017,12 +7034,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1645 +#: sssd-ldap.5.xml:1647 msgid "SUDO OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1647 +#: sssd-ldap.5.xml:1649 msgid "" "The detailed instructions for configuration of sudo_provider are in the " "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " @@ -7030,43 +7047,43 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1658 +#: sssd-ldap.5.xml:1660 msgid "ldap_sudo_full_refresh_interval (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1661 +#: sssd-ldap.5.xml:1663 msgid "" "How many seconds SSSD will wait between executing a full refresh of sudo " "rules (which downloads all rules that are stored on the server)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1666 +#: sssd-ldap.5.xml:1668 msgid "" "The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval " "</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1671 +#: sssd-ldap.5.xml:1673 msgid "" "You can disable full refresh by setting this option to 0. However, either " "smart or full refresh must be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1676 +#: sssd-ldap.5.xml:1678 msgid "Default: 21600 (6 hours)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1682 +#: sssd-ldap.5.xml:1684 msgid "ldap_sudo_smart_refresh_interval (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1685 +#: sssd-ldap.5.xml:1687 msgid "" "How many seconds SSSD has to wait before executing a smart refresh of sudo " "rules (which downloads all rules that have USN higher than the highest " @@ -7074,14 +7091,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1691 +#: sssd-ldap.5.xml:1693 msgid "" "If USN attributes are not supported by the server, the modifyTimestamp " "attribute is used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1695 +#: sssd-ldap.5.xml:1697 msgid "" "<emphasis>Note:</emphasis> the highest USN value can be updated by three " "tasks: 1) By sudo full and smart refresh (if updated rules are found), 2) by " @@ -7091,19 +7108,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1706 +#: sssd-ldap.5.xml:1708 msgid "" "You can disable smart refresh by setting this option to 0. However, either " "smart or full refresh must be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1717 +#: sssd-ldap.5.xml:1719 msgid "ldap_sudo_random_offset (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1720 +#: sssd-ldap.5.xml:1722 msgid "" "Random offset between 0 and configured value is added to smart and full " "refresh periods each time the periodic task is scheduled. The value is in " @@ -7111,7 +7128,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1726 +#: sssd-ldap.5.xml:1728 msgid "" "Note that this random offset is also applied on the first SSSD start which " "delays the first sudo rules refresh. This prolongs the time when the sudo " @@ -7119,106 +7136,106 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1732 +#: sssd-ldap.5.xml:1734 msgid "You can disable this offset by setting the value to 0." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1742 +#: sssd-ldap.5.xml:1744 msgid "ldap_sudo_use_host_filter (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1745 +#: sssd-ldap.5.xml:1747 msgid "" "If true, SSSD will download only rules that are applicable to this machine " "(using the IPv4 or IPv6 host/network addresses and hostnames)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1756 +#: sssd-ldap.5.xml:1758 msgid "ldap_sudo_hostnames (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1759 +#: sssd-ldap.5.xml:1761 msgid "" "Space separated list of hostnames or fully qualified domain names that " "should be used to filter the rules." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1764 +#: sssd-ldap.5.xml:1766 msgid "" "If this option is empty, SSSD will try to discover the hostname and the " "fully qualified domain name automatically." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1769 sssd-ldap.5.xml:1792 sssd-ldap.5.xml:1810 -#: sssd-ldap.5.xml:1828 +#: sssd-ldap.5.xml:1771 sssd-ldap.5.xml:1794 sssd-ldap.5.xml:1812 +#: sssd-ldap.5.xml:1830 msgid "" "If <emphasis>ldap_sudo_use_host_filter</emphasis> is " "<emphasis>false</emphasis> then this option has no effect." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1774 sssd-ldap.5.xml:1797 +#: sssd-ldap.5.xml:1776 sssd-ldap.5.xml:1799 msgid "Default: not specified" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1780 +#: sssd-ldap.5.xml:1782 msgid "ldap_sudo_ip (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1783 +#: sssd-ldap.5.xml:1785 msgid "" "Space separated list of IPv4 or IPv6 host/network addresses that should be " "used to filter the rules." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1788 +#: sssd-ldap.5.xml:1790 msgid "" "If this option is empty, SSSD will try to discover the addresses " "automatically." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1803 +#: sssd-ldap.5.xml:1805 msgid "ldap_sudo_include_netgroups (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1806 +#: sssd-ldap.5.xml:1808 msgid "" "If true then SSSD will download every rule that contains a netgroup in " "sudoHost attribute." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1821 +#: sssd-ldap.5.xml:1823 msgid "ldap_sudo_include_regexp (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1824 +#: sssd-ldap.5.xml:1826 msgid "" "If true then SSSD will download every rule that contains a wildcard in " "sudoHost attribute." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><note><para> -#: sssd-ldap.5.xml:1834 +#: sssd-ldap.5.xml:1836 msgid "" "Using wildcard is an operation that is very costly to evaluate on the LDAP " "server side!" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1846 +#: sssd-ldap.5.xml:1848 msgid "" "This manual page only describes attribute name mapping. For detailed " "explanation of sudo related attribute semantics, see <citerefentry> " @@ -7227,59 +7244,59 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1856 +#: sssd-ldap.5.xml:1858 msgid "AUTOFS OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1858 +#: sssd-ldap.5.xml:1860 msgid "" "Some of the defaults for the parameters below are dependent on the LDAP " "schema." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1864 +#: sssd-ldap.5.xml:1866 msgid "ldap_autofs_map_master_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1867 +#: sssd-ldap.5.xml:1869 msgid "The name of the automount master map in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1870 +#: sssd-ldap.5.xml:1872 msgid "Default: auto.master" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1881 +#: sssd-ldap.5.xml:1883 msgid "ADVANCED OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1888 +#: sssd-ldap.5.xml:1890 msgid "ldap_netgroup_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1893 +#: sssd-ldap.5.xml:1895 msgid "ldap_user_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1898 +#: sssd-ldap.5.xml:1900 msgid "ldap_group_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><note> -#: sssd-ldap.5.xml:1903 +#: sssd-ldap.5.xml:1905 msgid "<note>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para> -#: sssd-ldap.5.xml:1905 +#: sssd-ldap.5.xml:1907 msgid "" "If the option <quote>ldap_use_tokengroups</quote> is enabled, the searches " "against Active Directory will not be restricted and return all groups " @@ -7288,22 +7305,22 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist> -#: sssd-ldap.5.xml:1912 +#: sssd-ldap.5.xml:1914 msgid "</note>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1914 +#: sssd-ldap.5.xml:1916 msgid "ldap_sudo_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1919 +#: sssd-ldap.5.xml:1921 msgid "ldap_autofs_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1883 +#: sssd-ldap.5.xml:1885 msgid "" "These options are supported by LDAP domains, but they should be used with " "caution. Please include them in your configuration only if you know what you " @@ -7312,14 +7329,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1934 sssd-simple.5.xml:131 sssd-ipa.5.xml:925 -#: sssd-ad.5.xml:1386 sssd-krb5.5.xml:483 sss_rpcidmapd.5.xml:98 +#: sssd-ldap.5.xml:1936 sssd-simple.5.xml:131 sssd-ipa.5.xml:930 +#: sssd-ad.5.xml:1391 sssd-krb5.5.xml:483 sss_rpcidmapd.5.xml:98 #: sssd-files.5.xml:155 sssd-session-recording.5.xml:176 msgid "EXAMPLE" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1936 +#: sssd-ldap.5.xml:1938 msgid "" "The following example assumes that SSSD is correctly configured and LDAP is " "set to one of the domains in the <replaceable>[domains]</replaceable> " @@ -7327,7 +7344,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ldap.5.xml:1942 +#: sssd-ldap.5.xml:1944 #, no-wrap msgid "" "[domain/LDAP]\n" @@ -7340,27 +7357,27 @@ msgid "" msgstr "" #. type: Content of: <refsect1><refsect2><para> -#: sssd-ldap.5.xml:1941 sssd-ldap.5.xml:1959 sssd-simple.5.xml:139 -#: sssd-ipa.5.xml:933 sssd-ad.5.xml:1394 sssd-sudo.5.xml:56 sssd-krb5.5.xml:492 +#: sssd-ldap.5.xml:1943 sssd-ldap.5.xml:1961 sssd-simple.5.xml:139 +#: sssd-ipa.5.xml:938 sssd-ad.5.xml:1399 sssd-sudo.5.xml:56 sssd-krb5.5.xml:492 #: sssd-files.5.xml:162 sssd-files.5.xml:173 sssd-session-recording.5.xml:182 #: include/ldap_id_mapping.xml:105 msgid "<placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1953 +#: sssd-ldap.5.xml:1955 msgid "LDAP ACCESS FILTER EXAMPLE" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1955 +#: sssd-ldap.5.xml:1957 msgid "" "The following example assumes that SSSD is correctly configured and to use " "the ldap_access_order=lockout." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ldap.5.xml:1960 +#: sssd-ldap.5.xml:1962 #, no-wrap msgid "" "[domain/LDAP]\n" @@ -7376,13 +7393,13 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1975 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148 -#: sssd-ad.5.xml:1409 sssd.8.xml:238 sss_seed.8.xml:163 +#: sssd-ldap.5.xml:1977 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148 +#: sssd-ad.5.xml:1414 sssd.8.xml:238 sss_seed.8.xml:163 msgid "NOTES" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1977 +#: sssd-ldap.5.xml:1979 msgid "" "The descriptions of some of the configuration options in this manual page " "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> " @@ -9717,12 +9734,12 @@ msgid "Example: dyndns_iface = em1, vnet1, vnet2" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:204 sssd-ad.5.xml:1285 +#: sssd-ipa.5.xml:204 sssd-ad.5.xml:1290 msgid "dyndns_auth (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:207 sssd-ad.5.xml:1288 +#: sssd-ipa.5.xml:207 sssd-ad.5.xml:1293 msgid "" "Whether the nsupdate utility should use GSS-TSIG authentication for secure " "updates with the DNS server, insecure updates can be sent by setting this " @@ -9730,17 +9747,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:213 sssd-ad.5.xml:1294 +#: sssd-ipa.5.xml:213 sssd-ad.5.xml:1299 msgid "Default: GSS-TSIG" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:219 sssd-ad.5.xml:1300 +#: sssd-ipa.5.xml:219 sssd-ad.5.xml:1305 msgid "dyndns_auth_ptr (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:222 sssd-ad.5.xml:1303 +#: sssd-ipa.5.xml:222 sssd-ad.5.xml:1308 msgid "" "Whether the nsupdate utility should use GSS-TSIG authentication for secure " "PTR updates with the DNS server, insecure updates can be sent by setting " @@ -9748,7 +9765,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:228 sssd-ad.5.xml:1309 +#: sssd-ipa.5.xml:228 sssd-ad.5.xml:1314 msgid "Default: Same as dyndns_auth" msgstr "" @@ -9808,65 +9825,72 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:290 +#: sssd-ipa.5.xml:290 sssd-ad.5.xml:1266 +msgid "" +"Note that <emphasis>dyndns_update_per_family</emphasis> parameter does not " +"apply for PTR record updates. Those updates are always sent separately." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:295 msgid "Default: False (disabled)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:296 sssd-ad.5.xml:1272 +#: sssd-ipa.5.xml:301 sssd-ad.5.xml:1277 msgid "dyndns_force_tcp (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:299 sssd-ad.5.xml:1275 +#: sssd-ipa.5.xml:304 sssd-ad.5.xml:1280 msgid "" "Whether the nsupdate utility should default to using TCP for communicating " "with the DNS server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:303 sssd-ad.5.xml:1279 +#: sssd-ipa.5.xml:308 sssd-ad.5.xml:1284 msgid "Default: False (let nsupdate choose the protocol)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:309 sssd-ad.5.xml:1315 +#: sssd-ipa.5.xml:314 sssd-ad.5.xml:1320 msgid "dyndns_server (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:312 sssd-ad.5.xml:1318 +#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1323 msgid "" "The DNS server to use when performing a DNS update. In most setups, it's " "recommended to leave this option unset." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1323 +#: sssd-ipa.5.xml:322 sssd-ad.5.xml:1328 msgid "" "Setting this option makes sense for environments where the DNS server is " "different from the identity server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:322 sssd-ad.5.xml:1328 +#: sssd-ipa.5.xml:327 sssd-ad.5.xml:1333 msgid "" "Please note that this option will be only used in fallback attempt when " "previous attempt using autodetected settings failed." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:327 sssd-ad.5.xml:1333 +#: sssd-ipa.5.xml:332 sssd-ad.5.xml:1338 msgid "Default: None (let nsupdate choose the server)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:333 sssd-ad.5.xml:1339 +#: sssd-ipa.5.xml:338 sssd-ad.5.xml:1344 msgid "dyndns_update_per_family (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:336 sssd-ad.5.xml:1342 +#: sssd-ipa.5.xml:341 sssd-ad.5.xml:1347 msgid "" "DNS update is by default performed in two steps - IPv4 update and then IPv6 " "update. In some cases it might be desirable to perform IPv4 and IPv6 update " @@ -9874,176 +9898,176 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:348 +#: sssd-ipa.5.xml:353 msgid "ipa_access_order (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:355 +#: sssd-ipa.5.xml:360 msgid "<emphasis>expire</emphasis>: use IPA's account expiration policy." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:394 +#: sssd-ipa.5.xml:399 msgid "" "Please note that 'access_provider = ipa' must be set for this feature to " "work." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:401 +#: sssd-ipa.5.xml:406 msgid "ipa_deskprofile_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:404 +#: sssd-ipa.5.xml:409 msgid "" "Optional. Use the given string as search base for Desktop Profile related " "objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:408 sssd-ipa.5.xml:435 +#: sssd-ipa.5.xml:413 sssd-ipa.5.xml:440 msgid "Default: Use base DN" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:414 +#: sssd-ipa.5.xml:419 msgid "ipa_subid_ranges_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:417 +#: sssd-ipa.5.xml:422 msgid "" "Optional. Use the given string as search base for subordinate ranges related " "objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:421 +#: sssd-ipa.5.xml:426 msgid "Default: the value of <emphasis>cn=subids,%basedn</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:428 +#: sssd-ipa.5.xml:433 msgid "ipa_hbac_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:431 +#: sssd-ipa.5.xml:436 msgid "Optional. Use the given string as search base for HBAC related objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:441 +#: sssd-ipa.5.xml:446 msgid "ipa_host_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:444 +#: sssd-ipa.5.xml:449 msgid "Deprecated. Use ldap_host_search_base instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:450 +#: sssd-ipa.5.xml:455 msgid "ipa_selinux_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:453 +#: sssd-ipa.5.xml:458 msgid "Optional. Use the given string as search base for SELinux user maps." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:469 +#: sssd-ipa.5.xml:474 msgid "ipa_subdomains_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:472 +#: sssd-ipa.5.xml:477 msgid "Optional. Use the given string as search base for trusted domains." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:481 +#: sssd-ipa.5.xml:486 msgid "Default: the value of <emphasis>cn=trusts,%basedn</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:488 +#: sssd-ipa.5.xml:493 msgid "ipa_master_domain_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:491 +#: sssd-ipa.5.xml:496 msgid "Optional. Use the given string as search base for master domain object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:500 +#: sssd-ipa.5.xml:505 msgid "Default: the value of <emphasis>cn=ad,cn=etc,%basedn</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:507 +#: sssd-ipa.5.xml:512 msgid "ipa_views_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:510 +#: sssd-ipa.5.xml:515 msgid "Optional. Use the given string as search base for views containers." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:519 +#: sssd-ipa.5.xml:524 msgid "Default: the value of <emphasis>cn=views,cn=accounts,%basedn</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:529 +#: sssd-ipa.5.xml:534 msgid "" "The name of the Kerberos realm. This is optional and defaults to the value " "of <quote>ipa_domain</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:533 +#: sssd-ipa.5.xml:538 msgid "" "The name of the Kerberos realm has a special meaning in IPA - it is " "converted into the base DN to use for performing LDAP operations." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:541 sssd-ad.5.xml:1357 +#: sssd-ipa.5.xml:546 sssd-ad.5.xml:1362 msgid "krb5_confd_path (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:544 sssd-ad.5.xml:1360 +#: sssd-ipa.5.xml:549 sssd-ad.5.xml:1365 msgid "" "Absolute path of a directory where SSSD should place Kerberos configuration " "snippets." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:548 sssd-ad.5.xml:1364 +#: sssd-ipa.5.xml:553 sssd-ad.5.xml:1369 msgid "" "To disable the creation of the configuration snippets set the parameter to " "'none'." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:552 sssd-ad.5.xml:1368 +#: sssd-ipa.5.xml:557 sssd-ad.5.xml:1373 msgid "Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:559 +#: sssd-ipa.5.xml:564 msgid "ipa_deskprofile_refresh (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:562 +#: sssd-ipa.5.xml:567 msgid "" "The amount of time between lookups of the Desktop Profile rules against the " "IPA server. This will reduce the latency and load on the IPA server if there " @@ -10051,34 +10075,34 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:569 sssd-ipa.5.xml:599 sssd-ipa.5.xml:615 sssd-ad.5.xml:599 +#: sssd-ipa.5.xml:574 sssd-ipa.5.xml:604 sssd-ipa.5.xml:620 sssd-ad.5.xml:599 msgid "Default: 5 (seconds)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:575 +#: sssd-ipa.5.xml:580 msgid "ipa_deskprofile_request_interval (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:578 +#: sssd-ipa.5.xml:583 msgid "" "The amount of time between lookups of the Desktop Profile rules against the " "IPA server in case the last request did not return any rule." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:583 +#: sssd-ipa.5.xml:588 msgid "Default: 60 (minutes)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:589 +#: sssd-ipa.5.xml:594 msgid "ipa_hbac_refresh (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:592 +#: sssd-ipa.5.xml:597 msgid "" "The amount of time between lookups of the HBAC rules against the IPA " "server. This will reduce the latency and load on the IPA server if there are " @@ -10086,12 +10110,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:605 +#: sssd-ipa.5.xml:610 msgid "ipa_hbac_selinux (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:608 +#: sssd-ipa.5.xml:613 msgid "" "The amount of time between lookups of the SELinux maps against the IPA " "server. This will reduce the latency and load on the IPA server if there are " @@ -10099,33 +10123,33 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:621 +#: sssd-ipa.5.xml:626 msgid "ipa_server_mode (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:624 +#: sssd-ipa.5.xml:629 msgid "" "This option will be set by the IPA installer (ipa-server-install) " "automatically and denotes if SSSD is running on an IPA server or not." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:629 +#: sssd-ipa.5.xml:634 msgid "" "On an IPA server SSSD will lookup users and groups from trusted domains " "directly while on a client it will ask an IPA server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:634 +#: sssd-ipa.5.xml:639 msgid "" "NOTE: There are currently some assumptions that must be met when SSSD is " "running on an IPA server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:639 +#: sssd-ipa.5.xml:644 msgid "" "The <quote>ipa_server</quote> option must be configured to point to the IPA " "server itself. This is already the default set by the IPA installer, so no " @@ -10133,59 +10157,59 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:648 +#: sssd-ipa.5.xml:653 msgid "" "The <quote>full_name_format</quote> option must not be tweaked to only print " "short names for users from trusted domains." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:663 +#: sssd-ipa.5.xml:668 msgid "ipa_automount_location (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:666 +#: sssd-ipa.5.xml:671 msgid "The automounter location this IPA client will be using" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:669 +#: sssd-ipa.5.xml:674 msgid "Default: The location named \"default\"" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd-ipa.5.xml:677 +#: sssd-ipa.5.xml:682 msgid "VIEWS AND OVERRIDES" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:686 +#: sssd-ipa.5.xml:691 msgid "ipa_view_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:689 +#: sssd-ipa.5.xml:694 msgid "Objectclass of the view container." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:692 +#: sssd-ipa.5.xml:697 msgid "Default: nsContainer" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:698 +#: sssd-ipa.5.xml:703 msgid "ipa_view_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:701 +#: sssd-ipa.5.xml:706 msgid "Name of the attribute holding the name of the view." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:705 sssd-ldap-attributes.5.xml:496 +#: sssd-ipa.5.xml:710 sssd-ldap-attributes.5.xml:496 #: sssd-ldap-attributes.5.xml:830 sssd-ldap-attributes.5.xml:911 #: sssd-ldap-attributes.5.xml:1008 sssd-ldap-attributes.5.xml:1066 #: sssd-ldap-attributes.5.xml:1224 sssd-ldap-attributes.5.xml:1269 @@ -10193,128 +10217,128 @@ msgid "Default: cn" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:711 +#: sssd-ipa.5.xml:716 msgid "ipa_override_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:714 +#: sssd-ipa.5.xml:719 msgid "Objectclass of the override objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:717 +#: sssd-ipa.5.xml:722 msgid "Default: ipaOverrideAnchor" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:723 +#: sssd-ipa.5.xml:728 msgid "ipa_anchor_uuid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:726 +#: sssd-ipa.5.xml:731 msgid "" "Name of the attribute containing the reference to the original object in a " "remote domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:730 +#: sssd-ipa.5.xml:735 msgid "Default: ipaAnchorUUID" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:736 +#: sssd-ipa.5.xml:741 msgid "ipa_user_override_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:739 +#: sssd-ipa.5.xml:744 msgid "" "Name of the objectclass for user overrides. It is used to determine if the " "found override object is related to a user or a group." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:744 +#: sssd-ipa.5.xml:749 msgid "User overrides can contain attributes given by" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:747 +#: sssd-ipa.5.xml:752 msgid "ldap_user_name" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:750 +#: sssd-ipa.5.xml:755 msgid "ldap_user_uid_number" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:753 +#: sssd-ipa.5.xml:758 msgid "ldap_user_gid_number" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:756 +#: sssd-ipa.5.xml:761 msgid "ldap_user_gecos" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:759 +#: sssd-ipa.5.xml:764 msgid "ldap_user_home_directory" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:762 +#: sssd-ipa.5.xml:767 msgid "ldap_user_shell" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:765 +#: sssd-ipa.5.xml:770 msgid "ldap_user_ssh_public_key" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:770 +#: sssd-ipa.5.xml:775 msgid "Default: ipaUserOverride" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:776 +#: sssd-ipa.5.xml:781 msgid "ipa_group_override_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:779 +#: sssd-ipa.5.xml:784 msgid "" "Name of the objectclass for group overrides. It is used to determine if the " "found override object is related to a user or a group." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:784 +#: sssd-ipa.5.xml:789 msgid "Group overrides can contain attributes given by" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:787 +#: sssd-ipa.5.xml:792 msgid "ldap_group_name" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:790 +#: sssd-ipa.5.xml:795 msgid "ldap_group_gid_number" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:795 +#: sssd-ipa.5.xml:800 msgid "Default: ipaGroupOverride" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd-ipa.5.xml:679 +#: sssd-ipa.5.xml:684 msgid "" "SSSD can handle views and overrides which are offered by FreeIPA 4.1 and " "later version. Since all paths and objectclasses are fixed on the server " @@ -10324,19 +10348,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ipa.5.xml:807 +#: sssd-ipa.5.xml:812 msgid "SUBDOMAINS PROVIDER" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:809 +#: sssd-ipa.5.xml:814 msgid "" "The IPA subdomains provider behaves slightly differently if it is configured " "explicitly or implicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:813 +#: sssd-ipa.5.xml:818 msgid "" "If the option 'subdomains_provider = ipa' is found in the domain section of " "sssd.conf, the IPA subdomains provider is configured explicitly, and all " @@ -10344,7 +10368,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:819 +#: sssd-ipa.5.xml:824 msgid "" "If the option 'subdomains_provider' is not set in the domain section of " "sssd.conf but there is the option 'id_provider = ipa', the IPA subdomains " @@ -10356,12 +10380,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ipa.5.xml:830 +#: sssd-ipa.5.xml:835 msgid "TRUSTED DOMAINS CONFIGURATION" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ipa.5.xml:838 +#: sssd-ipa.5.xml:843 #, no-wrap msgid "" "[domain/ipa.domain.com/ad.domain.com]\n" @@ -10369,7 +10393,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:832 +#: sssd-ipa.5.xml:837 msgid "" "Some configuration options can also be set for a trusted domain. A trusted " "domain configuration can be set using the trusted domain subsection as shown " @@ -10379,7 +10403,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:843 +#: sssd-ipa.5.xml:848 msgid "" "For more details, see the <citerefentry> " "<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> " @@ -10387,71 +10411,71 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:850 +#: sssd-ipa.5.xml:855 msgid "" "Different configuration options are tunable for a trusted domain depending " "on whether you are configuring SSSD on an IPA server or an IPA client." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd-ipa.5.xml:855 +#: sssd-ipa.5.xml:860 msgid "OPTIONS TUNABLE ON IPA MASTERS" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd-ipa.5.xml:857 +#: sssd-ipa.5.xml:862 msgid "The following options can be set in a subdomain section on an IPA master:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:861 sssd-ipa.5.xml:891 +#: sssd-ipa.5.xml:866 sssd-ipa.5.xml:896 msgid "ad_server" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:864 +#: sssd-ipa.5.xml:869 msgid "ad_backup_server" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:867 sssd-ipa.5.xml:894 +#: sssd-ipa.5.xml:872 sssd-ipa.5.xml:899 msgid "ad_site" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:870 +#: sssd-ipa.5.xml:875 msgid "ldap_search_base" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:873 +#: sssd-ipa.5.xml:878 msgid "ldap_user_search_base" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:876 +#: sssd-ipa.5.xml:881 msgid "ldap_group_search_base" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd-ipa.5.xml:885 +#: sssd-ipa.5.xml:890 msgid "OPTIONS TUNABLE ON IPA CLIENTS" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd-ipa.5.xml:887 +#: sssd-ipa.5.xml:892 msgid "The following options can be set in a subdomain section on an IPA client:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd-ipa.5.xml:899 +#: sssd-ipa.5.xml:904 msgid "" "Note that if both options are set, only <quote>ad_server</quote> is " "evaluated." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd-ipa.5.xml:903 +#: sssd-ipa.5.xml:908 msgid "" "Since any request for a user or a group identity from a trusted domain " "triggered from an IPA client is resolved by the IPA server, the " @@ -10466,7 +10490,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:927 +#: sssd-ipa.5.xml:932 msgid "" "The following example assumes that SSSD is correctly configured and " "example.com is one of the domains in the <replaceable>[sssd]</replaceable> " @@ -10474,7 +10498,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ipa.5.xml:934 +#: sssd-ipa.5.xml:939 #, no-wrap msgid "" "[domain/example.com]\n" @@ -11669,7 +11693,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ad.5.xml:1388 +#: sssd-ad.5.xml:1393 msgid "" "The following example assumes that SSSD is correctly configured and " "example.com is one of the domains in the <replaceable>[sssd]</replaceable> " @@ -11677,7 +11701,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ad.5.xml:1395 +#: sssd-ad.5.xml:1400 #, no-wrap msgid "" "[domain/EXAMPLE]\n" @@ -11692,7 +11716,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ad.5.xml:1415 +#: sssd-ad.5.xml:1420 #, no-wrap msgid "" "access_provider = ldap\n" @@ -11701,7 +11725,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ad.5.xml:1411 +#: sssd-ad.5.xml:1416 msgid "" "The AD access control provider checks if the account is expired. It has the " "same effect as the following configuration of the LDAP provider: " @@ -11709,7 +11733,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ad.5.xml:1421 +#: sssd-ad.5.xml:1426 msgid "" "However, unless the <quote>ad</quote> access control provider is explicitly " "configured, the default access provider is <quote>permit</quote>. Please " @@ -11719,7 +11743,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ad.5.xml:1429 +#: sssd-ad.5.xml:1434 msgid "" "When the autofs provider is set to <quote>ad</quote>, the RFC2307 schema " "attribute mapping (nisMap, nisObject, ...) is used, because these attributes " diff --git a/src/man/po/sv.po b/src/man/po/sv.po index 49d01be5baa..f9fb3070d4d 100644 --- a/src/man/po/sv.po +++ b/src/man/po/sv.po @@ -6,7 +6,7 @@ msgid "" msgstr "" "Project-Id-Version: sssd-docs 2.3.0\n" "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" -"POT-Creation-Date: 2023-09-07 11:47+0200\n" +"POT-Creation-Date: 2023-11-13 11:53+0100\n" "PO-Revision-Date: 2023-02-15 14:20+0000\n" "Last-Translator: Göran Uddeborg <goeran@uddeborg.se>\n" "Language-Team: Swedish <https://translate.fedoraproject.org/projects/sssd/" @@ -244,10 +244,10 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:136 sssd.conf.5.xml:173 sssd.conf.5.xml:358 #: sssd.conf.5.xml:714 sssd.conf.5.xml:729 sssd.conf.5.xml:952 -#: sssd.conf.5.xml:1070 sssd.conf.5.xml:2198 sssd-ldap.5.xml:1071 -#: sssd-ldap.5.xml:1174 sssd-ldap.5.xml:1243 sssd-ldap.5.xml:1750 -#: sssd-ldap.5.xml:1815 sssd-ipa.5.xml:342 sssd-ad.5.xml:252 sssd-ad.5.xml:366 -#: sssd-ad.5.xml:1200 sssd-ad.5.xml:1348 sssd-krb5.5.xml:358 +#: sssd.conf.5.xml:1070 sssd.conf.5.xml:2198 sssd-ldap.5.xml:1073 +#: sssd-ldap.5.xml:1176 sssd-ldap.5.xml:1245 sssd-ldap.5.xml:1752 +#: sssd-ldap.5.xml:1817 sssd-ipa.5.xml:347 sssd-ad.5.xml:252 sssd-ad.5.xml:366 +#: sssd-ad.5.xml:1200 sssd-ad.5.xml:1353 sssd-krb5.5.xml:358 msgid "Default: true" msgstr "Standard: true" @@ -267,10 +267,10 @@ msgstr "" #. type: Content of: <variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:149 sssd.conf.5.xml:652 sssd.conf.5.xml:949 -#: sssd.conf.5.xml:2101 sssd.conf.5.xml:2168 sssd.conf.5.xml:4174 -#: sssd-ldap.5.xml:312 sssd-ldap.5.xml:917 sssd-ldap.5.xml:936 -#: sssd-ldap.5.xml:1146 sssd-ldap.5.xml:1599 sssd-ldap.5.xml:1839 -#: sssd-ipa.5.xml:152 sssd-ipa.5.xml:254 sssd-ipa.5.xml:657 sssd-ad.5.xml:1106 +#: sssd.conf.5.xml:2101 sssd.conf.5.xml:2168 sssd.conf.5.xml:4191 +#: sssd-ldap.5.xml:313 sssd-ldap.5.xml:919 sssd-ldap.5.xml:938 +#: sssd-ldap.5.xml:1148 sssd-ldap.5.xml:1601 sssd-ldap.5.xml:1841 +#: sssd-ipa.5.xml:152 sssd-ipa.5.xml:254 sssd-ipa.5.xml:662 sssd-ad.5.xml:1106 #: sssd-krb5.5.xml:268 sssd-krb5.5.xml:330 sssd-krb5.5.xml:432 #: include/krb5_options.xml:163 msgid "Default: false" @@ -311,8 +311,8 @@ msgstr "" "ingen effekt för andra loggningstyper)." #. type: Content of: outside any tag (error?) -#: sssd.conf.5.xml:109 sssd.conf.5.xml:184 sssd-ldap.5.xml:1656 -#: sssd-ldap.5.xml:1862 sss-certmap.5.xml:645 sssd-systemtap.5.xml:82 +#: sssd.conf.5.xml:109 sssd.conf.5.xml:184 sssd-ldap.5.xml:1658 +#: sssd-ldap.5.xml:1864 sss-certmap.5.xml:645 sssd-systemtap.5.xml:82 #: sssd-systemtap.5.xml:143 sssd-systemtap.5.xml:236 sssd-systemtap.5.xml:274 #: sssd-systemtap.5.xml:330 sssd-ldap-attributes.5.xml:40 #: sssd-ldap-attributes.5.xml:659 sssd-ldap-attributes.5.xml:801 @@ -346,7 +346,7 @@ msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:196 sssd.conf.5.xml:1290 sssd.conf.5.xml:1767 -#: sssd.conf.5.xml:4190 sssd-ldap.5.xml:765 include/ldap_id_mapping.xml:270 +#: sssd.conf.5.xml:4207 sssd-ldap.5.xml:766 include/ldap_id_mapping.xml:270 msgid "Default: 10" msgstr "Standard: 10" @@ -438,7 +438,7 @@ msgstr "" "dataleverantörskrasch eller -omstart innan de ger upp" #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:266 sssd.conf.5.xml:792 sssd.conf.5.xml:3709 +#: sssd.conf.5.xml:266 sssd.conf.5.xml:792 sssd.conf.5.xml:3716 #: include/failover.xml:100 msgid "Default: 3" msgstr "Standard: 3" @@ -466,7 +466,7 @@ msgstr "" "understrykningstecken. Tecknet ”/” är förbjudet." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:287 sssd.conf.5.xml:3541 +#: sssd.conf.5.xml:287 sssd.conf.5.xml:3548 msgid "re_expression (string)" msgstr "re_expression (sträng)" @@ -491,12 +491,12 @@ msgstr "" "för mer information om dessa reguljära uttryck." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:304 sssd.conf.5.xml:3598 +#: sssd.conf.5.xml:304 sssd.conf.5.xml:3605 msgid "full_name_format (string)" msgstr "full_name_format (sträng)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:307 sssd.conf.5.xml:3601 +#: sssd.conf.5.xml:307 sssd.conf.5.xml:3608 msgid "" "A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</" "manvolnum> </citerefentry>-compatible format that describes how to compose a " @@ -507,32 +507,32 @@ msgstr "" "samman ett fullständigt kvalificerat namn från namn- och domänkomponenter." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:318 sssd.conf.5.xml:3612 +#: sssd.conf.5.xml:318 sssd.conf.5.xml:3619 msgid "%1$s" msgstr "%1$s" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:319 sssd.conf.5.xml:3613 +#: sssd.conf.5.xml:319 sssd.conf.5.xml:3620 msgid "user name" msgstr "användarnamn" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:322 sssd.conf.5.xml:3616 +#: sssd.conf.5.xml:322 sssd.conf.5.xml:3623 msgid "%2$s" msgstr "%2$s" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:325 sssd.conf.5.xml:3619 +#: sssd.conf.5.xml:325 sssd.conf.5.xml:3626 msgid "domain name as specified in the SSSD config file." msgstr "domännamn som det anges i SSSD-konfigurationsfilen." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:331 sssd.conf.5.xml:3625 +#: sssd.conf.5.xml:331 sssd.conf.5.xml:3632 msgid "%3$s" msgstr "%3$s" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:334 sssd.conf.5.xml:3628 +#: sssd.conf.5.xml:334 sssd.conf.5.xml:3635 msgid "" "domain flat name. Mostly usable for Active Directory domains, both directly " "configured or discovered via IPA trusts." @@ -541,7 +541,7 @@ msgstr "" "direkt konfigurerade eller hittade via IPA-förtroenden." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:315 sssd.conf.5.xml:3609 +#: sssd.conf.5.xml:315 sssd.conf.5.xml:3616 msgid "" "The following expansions are supported: <placeholder type=\"variablelist\" " "id=\"0\"/>" @@ -747,8 +747,8 @@ msgstr "" "utdata inte kvalificerat ens när flaggan default_domain_suffix används." #. type: Content of: <variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:468 sssd-ldap.5.xml:876 sssd-ldap.5.xml:888 -#: sssd-ldap.5.xml:980 sssd-ad.5.xml:920 sssd-ad.5.xml:995 sssd-krb5.5.xml:468 +#: sssd.conf.5.xml:468 sssd-ldap.5.xml:877 sssd-ldap.5.xml:889 +#: sssd-ldap.5.xml:982 sssd-ad.5.xml:920 sssd-ad.5.xml:995 sssd-krb5.5.xml:468 #: sssd-ldap-attributes.5.xml:470 sssd-ldap-attributes.5.xml:976 #: include/ldap_id_mapping.xml:211 include/ldap_id_mapping.xml:222 #: include/krb5_options.xml:148 @@ -1098,7 +1098,7 @@ msgstr "" "användarnamn kan överlappa mellan domäner." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:700 sssd.conf.5.xml:1791 sssd.conf.5.xml:4240 +#: sssd.conf.5.xml:700 sssd.conf.5.xml:1791 sssd.conf.5.xml:4257 #: sssd-ad.5.xml:187 sssd-ad.5.xml:327 sssd-ad.5.xml:341 msgid "Default: Not set" msgstr "Standard: inte satt" @@ -1328,7 +1328,7 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:858 sssd.conf.5.xml:1201 sssd.conf.5.xml:1584 -#: sssd.conf.5.xml:1880 sssd-ldap.5.xml:494 +#: sssd.conf.5.xml:1880 sssd-ldap.5.xml:495 msgid "Default: 60" msgstr "Standard: 60" @@ -1452,7 +1452,7 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:937 sssd.conf.5.xml:1214 sssd.conf.5.xml:2322 -#: sssd-ldap.5.xml:331 +#: sssd-ldap.5.xml:332 msgid "Default: 300" msgstr "Standard: 300" @@ -1895,7 +1895,7 @@ msgstr "" "lösenords-cachen i minnet." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1240 sssd.conf.5.xml:2964 sssd-ldap.5.xml:548 +#: sssd.conf.5.xml:1240 sssd.conf.5.xml:2971 sssd-ldap.5.xml:549 msgid "Default: 8" msgstr "Standard: 8" @@ -1926,8 +1926,8 @@ msgstr "" "grupp-cachen i minnet." #. type: Content of: <variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1265 sssd.conf.5.xml:1317 sssd.conf.5.xml:3730 -#: sssd-ldap.5.xml:473 sssd-ldap.5.xml:525 include/failover.xml:116 +#: sssd.conf.5.xml:1265 sssd.conf.5.xml:1317 sssd.conf.5.xml:3737 +#: sssd-ldap.5.xml:474 sssd-ldap.5.xml:526 include/failover.xml:116 #: include/krb5_options.xml:11 msgid "Default: 6" msgstr "Standard: 6" @@ -2302,7 +2302,7 @@ msgid "pam_pwd_expiration_warning (integer)" msgstr "pam_pwd_expiration_warning (heltal)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1553 sssd.conf.5.xml:2988 +#: sssd.conf.5.xml:1553 sssd.conf.5.xml:2995 msgid "Display a warning N days before the password expires." msgstr "Visa en varning N dagar före lösenordet går ut." @@ -2317,7 +2317,7 @@ msgstr "" "lösenordet. Om denna information saknas kan sssd inte visa någon varning." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1562 sssd.conf.5.xml:2991 +#: sssd.conf.5.xml:1562 sssd.conf.5.xml:2998 msgid "" "If zero is set, then this filter is not applied, i.e. if the expiration " "warning was received from backend server, it will automatically be displayed." @@ -2335,7 +2335,7 @@ msgstr "" "<emphasis>pwd_expiration_warning</emphasis> för en viss domän." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1572 sssd.conf.5.xml:3977 sssd-ldap.5.xml:606 sssd.8.xml:79 +#: sssd.conf.5.xml:1572 sssd.conf.5.xml:3984 sssd-ldap.5.xml:607 sssd.8.xml:79 msgid "Default: 0" msgstr "Standard: 0" @@ -2411,8 +2411,8 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1632 sssd.conf.5.xml:1657 sssd.conf.5.xml:1676 -#: sssd.conf.5.xml:1913 sssd.conf.5.xml:2733 sssd.conf.5.xml:3906 -#: sssd-ldap.5.xml:1207 +#: sssd.conf.5.xml:1913 sssd.conf.5.xml:2733 sssd.conf.5.xml:3913 +#: sssd-ldap.5.xml:1209 msgid "Default: none" msgstr "Standard: none" @@ -2488,8 +2488,8 @@ msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1687 sssd.conf.5.xml:1698 sssd.conf.5.xml:1712 -#: sssd-ldap.5.xml:671 sssd-ldap.5.xml:692 sssd-ldap.5.xml:788 -#: sssd-ldap.5.xml:1293 sssd-ad.5.xml:505 sssd-ad.5.xml:581 sssd-ad.5.xml:1126 +#: sssd-ldap.5.xml:672 sssd-ldap.5.xml:693 sssd-ldap.5.xml:789 +#: sssd-ldap.5.xml:1295 sssd-ad.5.xml:505 sssd-ad.5.xml:581 sssd-ad.5.xml:1126 #: sssd-ad.5.xml:1175 include/ldap_id_mapping.xml:250 msgid "Default: False" msgstr "Standard: False" @@ -2531,7 +2531,7 @@ msgid "The path to the certificate database." msgstr "Sökvägen till certifikatdatabasen." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1723 sssd.conf.5.xml:2248 sssd.conf.5.xml:4354 +#: sssd.conf.5.xml:1723 sssd.conf.5.xml:2248 sssd.conf.5.xml:4371 msgid "Default:" msgstr "Standard:" @@ -2852,7 +2852,7 @@ msgid "Default: no_session" msgstr "Standard: no_session" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1950 sssd.conf.5.xml:4293 +#: sssd.conf.5.xml:1950 sssd.conf.5.xml:4310 msgid "pam_gssapi_services" msgstr "pam_gssapi_services" @@ -2895,7 +2895,7 @@ msgstr "" " " #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1968 sssd.conf.5.xml:3900 +#: sssd.conf.5.xml:1968 sssd.conf.5.xml:3907 msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>" msgstr "Exempel: <placeholder type=\"programlisting\" id=\"0\"/>" @@ -2905,7 +2905,7 @@ msgid "Default: - (GSSAPI authentication is disabled)" msgstr "Standard: - (GSSAPI-autentisering är avaktiverat)" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1979 sssd.conf.5.xml:4294 +#: sssd.conf.5.xml:1979 sssd.conf.5.xml:4311 msgid "pam_gssapi_check_upn" msgstr "pam_gssapi_check_upn" @@ -2930,7 +2930,7 @@ msgstr "" "autentiseras." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1999 sssd-ad.5.xml:1266 sss_rpcidmapd.5.xml:76 +#: sssd.conf.5.xml:1999 sssd-ad.5.xml:1271 sss_rpcidmapd.5.xml:76 #: sssd-files.5.xml:145 msgid "Default: True" msgstr "Standard: True" @@ -3877,7 +3877,7 @@ msgid "FALSE = No enumerations for this domain" msgstr "FALSE = Inga uppräkningar för denna domän" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2669 sssd.conf.5.xml:2943 sssd.conf.5.xml:3120 +#: sssd.conf.5.xml:2669 sssd.conf.5.xml:2950 sssd.conf.5.xml:3127 msgid "Default: FALSE" msgstr "Standard: FALSE" @@ -4210,7 +4210,7 @@ msgstr "" "vilja manuellt invalidera den befintliga cachen." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2922 sssd-ldap.5.xml:360 sssd-ldap.5.xml:1736 +#: sssd.conf.5.xml:2922 sssd-ldap.5.xml:361 sssd-ldap.5.xml:1738 #: sssd-ipa.5.xml:270 msgid "Default: 0 (disabled)" msgstr "Standard: 0 (avaktiverat)" @@ -4222,14 +4222,17 @@ msgstr "cache_credentials (bool)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:2931 -#, fuzzy -#| msgid "" -#| "Determines if user credentials are also cached in the local LDB cache" -msgid "Determines if user credentials are also cached in the local LDB cache." -msgstr "Bestämmer om användarkreditiv också cachas i den lokala LDB-cachen" +msgid "" +"Determines if user credentials are also cached in the local LDB cache. The " +"cached credentials refer to passwords, which includes the first (long term) " +"factor of two-factor authentication, not other authentication mechanisms. " +"Passkey and Smartcard authentications are expected to work offline as long " +"as a successful online authentication is recorded in the cache without " +"additional configuration." +msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2935 +#: sssd.conf.5.xml:2942 msgid "" "Take a note that while credentials are stored as a salted SHA512 hash, this " "still potentially poses some security risk in case an attacker manages to " @@ -4238,12 +4241,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2949 +#: sssd.conf.5.xml:2956 msgid "cache_credentials_minimal_first_factor_length (int)" msgstr "cache_credentials_minimal_first_factor_length (heltal)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2952 +#: sssd.conf.5.xml:2959 msgid "" "If 2-Factor-Authentication (2FA) is used and credentials should be saved " "this value determines the minimal length the first authentication factor " @@ -4254,7 +4257,7 @@ msgstr "" "lösenord) måste ha för att sparas som en SHA512-kontrollsumma i cachen." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2959 +#: sssd.conf.5.xml:2966 msgid "" "This should avoid that the short PINs of a PIN based 2FA scheme are saved in " "the cache which would make them easy targets for brute-force attacks." @@ -4264,12 +4267,12 @@ msgstr "" "attacker." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2970 +#: sssd.conf.5.xml:2977 msgid "account_cache_expiration (integer)" msgstr "account_cache_expiration (heltal)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2973 +#: sssd.conf.5.xml:2980 msgid "" "Number of days entries are left in cache after last successful login before " "being removed during a cleanup of the cache. 0 means keep forever. The " @@ -4282,17 +4285,17 @@ msgstr "" "offline_credentials_expiration." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2980 +#: sssd.conf.5.xml:2987 msgid "Default: 0 (unlimited)" msgstr "Standard: 0 (obegränsat)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2985 +#: sssd.conf.5.xml:2992 msgid "pwd_expiration_warning (integer)" msgstr "pwd_expiration_warning (heltal)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2996 +#: sssd.conf.5.xml:3003 msgid "" "Please note that the backend server has to provide information about the " "expiration time of the password. If this information is missing, sssd " @@ -4304,17 +4307,17 @@ msgstr "" "Dessutom måste en autentiseringsleverantör ha konfigurerats för bakänden." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3003 +#: sssd.conf.5.xml:3010 msgid "Default: 7 (Kerberos), 0 (LDAP)" msgstr "Standard: 7 (Kerberos), 0 (LDAP)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3009 +#: sssd.conf.5.xml:3016 msgid "id_provider (string)" msgstr "id_provider (sträng)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3012 +#: sssd.conf.5.xml:3019 msgid "" "The identification provider used for the domain. Supported ID providers are:" msgstr "" @@ -4322,12 +4325,12 @@ msgstr "" "stödjs är:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3016 +#: sssd.conf.5.xml:3023 msgid "<quote>proxy</quote>: Support a legacy NSS provider." msgstr "<quote>proxy</quote>: Stöd en tidigare NSS-leverantör." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3019 +#: sssd.conf.5.xml:3026 msgid "" "<quote>files</quote>: FILES provider. See <citerefentry> <refentrytitle>sssd-" "files</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more " @@ -4338,7 +4341,7 @@ msgstr "" "information om hur lokala användare och grupper kan speglas in i SSSD." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3027 +#: sssd.conf.5.xml:3034 msgid "" "<quote>ldap</quote>: LDAP provider. See <citerefentry> <refentrytitle>sssd-" "ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more " @@ -4349,8 +4352,8 @@ msgstr "" "information om att konfigurera LDAP." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3035 sssd.conf.5.xml:3146 sssd.conf.5.xml:3197 -#: sssd.conf.5.xml:3260 +#: sssd.conf.5.xml:3042 sssd.conf.5.xml:3153 sssd.conf.5.xml:3204 +#: sssd.conf.5.xml:3267 msgid "" "<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management " "provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> " @@ -4363,8 +4366,8 @@ msgstr "" "konfigurera FreeIPA." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3044 sssd.conf.5.xml:3155 sssd.conf.5.xml:3206 -#: sssd.conf.5.xml:3269 +#: sssd.conf.5.xml:3051 sssd.conf.5.xml:3162 sssd.conf.5.xml:3213 +#: sssd.conf.5.xml:3276 msgid "" "<quote>ad</quote>: Active Directory provider. See <citerefentry> " "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </" @@ -4375,12 +4378,12 @@ msgstr "" "citerefentry> för mer information om att konfigurera Active Directory." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3055 +#: sssd.conf.5.xml:3062 msgid "use_fully_qualified_names (bool)" msgstr "use_fully_qualified_names (bool)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3058 +#: sssd.conf.5.xml:3065 msgid "" "Use the full name and domain (as formatted by the domain's full_name_format) " "as the user's login name reported to NSS." @@ -4389,7 +4392,7 @@ msgstr "" "full_name_format) som användarens inloggningsnamn rapporterat till NSS." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3063 +#: sssd.conf.5.xml:3070 msgid "" "If set to TRUE, all requests to this domain must use fully qualified names. " "For example, if used in LOCAL domain that contains a \"test\" user, " @@ -4403,7 +4406,7 @@ msgstr "" "command> skulle det." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3071 +#: sssd.conf.5.xml:3078 msgid "" "NOTE: This option has no effect on netgroup lookups due to their tendency to " "include nested netgroups without qualified names. For netgroups, all domains " @@ -4415,7 +4418,7 @@ msgstr "" "namn begärs." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3078 +#: sssd.conf.5.xml:3085 msgid "" "Default: FALSE (TRUE for trusted domain/sub-domains or if " "default_domain_suffix is used)" @@ -4424,17 +4427,17 @@ msgstr "" "default_domain_suffix används)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3085 +#: sssd.conf.5.xml:3092 msgid "ignore_group_members (bool)" msgstr "ignore_group_members (bool)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3088 +#: sssd.conf.5.xml:3095 msgid "Do not return group members for group lookups." msgstr "Returnera inte gruppmedlemmar för gruppuppslagningar." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3091 +#: sssd.conf.5.xml:3098 msgid "" "If set to TRUE, the group membership attribute is not requested from the " "ldap server, and group members are not returned when processing group lookup " @@ -4453,7 +4456,7 @@ msgstr "" "som om den vore tom." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3109 +#: sssd.conf.5.xml:3116 msgid "" "Enabling this option can also make access provider checks for group " "membership significantly faster, especially for groups containing many " @@ -4464,11 +4467,11 @@ msgstr "" "innehåller många medlemmar." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3115 sssd.conf.5.xml:3822 sssd-ldap.5.xml:326 -#: sssd-ldap.5.xml:355 sssd-ldap.5.xml:408 sssd-ldap.5.xml:468 -#: sssd-ldap.5.xml:489 sssd-ldap.5.xml:520 sssd-ldap.5.xml:543 -#: sssd-ldap.5.xml:582 sssd-ldap.5.xml:601 sssd-ldap.5.xml:625 -#: sssd-ldap.5.xml:1051 sssd-ldap.5.xml:1084 +#: sssd.conf.5.xml:3122 sssd.conf.5.xml:3829 sssd-ldap.5.xml:327 +#: sssd-ldap.5.xml:356 sssd-ldap.5.xml:409 sssd-ldap.5.xml:469 +#: sssd-ldap.5.xml:490 sssd-ldap.5.xml:521 sssd-ldap.5.xml:544 +#: sssd-ldap.5.xml:583 sssd-ldap.5.xml:602 sssd-ldap.5.xml:626 +#: sssd-ldap.5.xml:1053 sssd-ldap.5.xml:1086 msgid "" "This option can be also set per subdomain or inherited via " "<emphasis>subdomain_inherit</emphasis>." @@ -4477,12 +4480,12 @@ msgstr "" "<emphasis>subdomain_inherit</emphasis>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3125 +#: sssd.conf.5.xml:3132 msgid "auth_provider (string)" msgstr "auth_provider (sträng)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3128 +#: sssd.conf.5.xml:3135 msgid "" "The authentication provider used for the domain. Supported auth providers " "are:" @@ -4491,7 +4494,7 @@ msgstr "" "är:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3132 sssd.conf.5.xml:3190 +#: sssd.conf.5.xml:3139 sssd.conf.5.xml:3197 msgid "" "<quote>ldap</quote> for native LDAP authentication. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" @@ -4502,7 +4505,7 @@ msgstr "" "citerefentry> för mer information om att konfigurera LDAP." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3139 +#: sssd.conf.5.xml:3146 msgid "" "<quote>krb5</quote> for Kerberos authentication. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" @@ -4513,7 +4516,7 @@ msgstr "" "citerefentry> för mer information om att konfigurera Kerberos." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3163 +#: sssd.conf.5.xml:3170 msgid "" "<quote>proxy</quote> for relaying authentication to some other PAM target." msgstr "" @@ -4521,12 +4524,12 @@ msgstr "" "PAM-mål." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3166 +#: sssd.conf.5.xml:3173 msgid "<quote>none</quote> disables authentication explicitly." msgstr "<quote>none</quote> avaktiverar explicit autentisering." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3169 +#: sssd.conf.5.xml:3176 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can handle " "authentication requests." @@ -4535,12 +4538,12 @@ msgstr "" "autentiseringsbegäranden." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3175 +#: sssd.conf.5.xml:3182 msgid "access_provider (string)" msgstr "access_provider (sträng)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3178 +#: sssd.conf.5.xml:3185 msgid "" "The access control provider used for the domain. There are two built-in " "access providers (in addition to any included in installed backends) " @@ -4551,7 +4554,7 @@ msgstr "" "Interna specialleverantörer är:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3184 +#: sssd.conf.5.xml:3191 msgid "" "<quote>permit</quote> always allow access. It's the only permitted access " "provider for a local domain." @@ -4560,12 +4563,12 @@ msgstr "" "åtkomstleverantören för en lokal domän." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3187 +#: sssd.conf.5.xml:3194 msgid "<quote>deny</quote> always deny access." msgstr "<quote>deny</quote> neka alltid åtkomst." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3214 +#: sssd.conf.5.xml:3221 msgid "" "<quote>simple</quote> access control based on access or deny lists. See " "<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</" @@ -4578,7 +4581,7 @@ msgstr "" "konfigurera åtkomstmodulen simple." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3221 +#: sssd.conf.5.xml:3228 msgid "" "<quote>krb5</quote>: .k5login based access control. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum></" @@ -4589,24 +4592,24 @@ msgstr "" "citerefentry> för mer information om att konfigurera Kerberos." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3228 +#: sssd.conf.5.xml:3235 msgid "<quote>proxy</quote> for relaying access control to another PAM module." msgstr "" "<quote>proxy</quote> för att skicka vidare åtkomstkontroll till någon annan " "PAM-modul." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3231 +#: sssd.conf.5.xml:3238 msgid "Default: <quote>permit</quote>" msgstr "Standard: <quote>permit</quote>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3236 +#: sssd.conf.5.xml:3243 msgid "chpass_provider (string)" msgstr "chpass_provider (sträng)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3239 +#: sssd.conf.5.xml:3246 msgid "" "The provider which should handle change password operations for the domain. " "Supported change password providers are:" @@ -4615,7 +4618,7 @@ msgstr "" "av lösenordsändring som stödjs är:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3244 +#: sssd.conf.5.xml:3251 msgid "" "<quote>ldap</quote> to change a password stored in a LDAP server. See " "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" @@ -4626,7 +4629,7 @@ msgstr "" "manvolnum> </citerefentry> för mer information om att konfigurera LDAP." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3252 +#: sssd.conf.5.xml:3259 msgid "" "<quote>krb5</quote> to change the Kerberos password. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" @@ -4637,7 +4640,7 @@ msgstr "" "citerefentry> för mer information om att konfigurera Kerberos." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3277 +#: sssd.conf.5.xml:3284 msgid "" "<quote>proxy</quote> for relaying password changes to some other PAM target." msgstr "" @@ -4645,12 +4648,12 @@ msgstr "" "annat PAM-mål." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3281 +#: sssd.conf.5.xml:3288 msgid "<quote>none</quote> disallows password changes explicitly." msgstr "<quote>none</quote> tillåter uttryckligen inte lösenordsändringar." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3284 +#: sssd.conf.5.xml:3291 msgid "" "Default: <quote>auth_provider</quote> is used if it is set and can handle " "change password requests." @@ -4659,18 +4662,18 @@ msgstr "" "hantera begäranden om ändring av lösenord." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3291 +#: sssd.conf.5.xml:3298 msgid "sudo_provider (string)" msgstr "sudo_provider (sträng)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3294 +#: sssd.conf.5.xml:3301 msgid "The SUDO provider used for the domain. Supported SUDO providers are:" msgstr "" "SUDO-leverantören som används för domänen. SUDO-leverantörer som stödjs är:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3298 +#: sssd.conf.5.xml:3305 msgid "" "<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" @@ -4681,7 +4684,7 @@ msgstr "" "citerefentry> för mer information om att konfigurera LDAP." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3306 +#: sssd.conf.5.xml:3313 msgid "" "<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default " "settings." @@ -4690,7 +4693,7 @@ msgstr "" "standardsinställningar för IPA." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3310 +#: sssd.conf.5.xml:3317 msgid "" "<quote>ad</quote> the same as <quote>ldap</quote> but with AD default " "settings." @@ -4699,18 +4702,18 @@ msgstr "" "standardsinställningar för AD." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3314 +#: sssd.conf.5.xml:3321 msgid "<quote>none</quote> disables SUDO explicitly." msgstr "<quote>none</quote> avaktiverar explicit SUDO." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3317 sssd.conf.5.xml:3403 sssd.conf.5.xml:3473 -#: sssd.conf.5.xml:3498 sssd.conf.5.xml:3534 +#: sssd.conf.5.xml:3324 sssd.conf.5.xml:3410 sssd.conf.5.xml:3480 +#: sssd.conf.5.xml:3505 sssd.conf.5.xml:3541 msgid "Default: The value of <quote>id_provider</quote> is used if it is set." msgstr "Standard: värdet på <quote>id_provider</quote> används om det är satt." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3321 +#: sssd.conf.5.xml:3328 msgid "" "The detailed instructions for configuration of sudo_provider are in the " "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " @@ -4727,7 +4730,7 @@ msgstr "" "<manvolnum>5</manvolnum> </citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3336 +#: sssd.conf.5.xml:3343 msgid "" "<emphasis>NOTE:</emphasis> Sudo rules are periodically downloaded in the " "background unless the sudo provider is explicitly disabled. Set " @@ -4740,12 +4743,12 @@ msgstr "" "relaterad aktivitet i SSSD om du inte vill använda sudo med SSSD alls." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3346 +#: sssd.conf.5.xml:3353 msgid "selinux_provider (string)" msgstr "selinux_provider (sträng)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3349 +#: sssd.conf.5.xml:3356 msgid "" "The provider which should handle loading of selinux settings. Note that this " "provider will be called right after access provider ends. Supported selinux " @@ -4756,7 +4759,7 @@ msgstr "" "åtkomstleverantören avslutar. Selinux-leverantörer som stödjs är:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3355 +#: sssd.conf.5.xml:3362 msgid "" "<quote>ipa</quote> to load selinux settings from an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" @@ -4767,14 +4770,14 @@ msgstr "" "manvolnum> </citerefentry> för mer information om att konfigurera IPA." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3363 +#: sssd.conf.5.xml:3370 msgid "<quote>none</quote> disallows fetching selinux settings explicitly." msgstr "" "<quote>none</quote> tillåter uttryckligen inte att hämta selinux-" "inställningar." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3366 +#: sssd.conf.5.xml:3373 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can handle " "selinux loading requests." @@ -4783,12 +4786,12 @@ msgstr "" "begäranden om inläsning av selinux." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3372 +#: sssd.conf.5.xml:3379 msgid "subdomains_provider (string)" msgstr "subdomains_provider (sträng)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3375 +#: sssd.conf.5.xml:3382 msgid "" "The provider which should handle fetching of subdomains. This value should " "be always the same as id_provider. Supported subdomain providers are:" @@ -4797,7 +4800,7 @@ msgstr "" "alltid vara samma som id_provider. Underdomänsleverantörer som stödjs är:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3381 +#: sssd.conf.5.xml:3388 msgid "" "<quote>ipa</quote> to load a list of subdomains from an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" @@ -4809,7 +4812,7 @@ msgstr "" "konfigurera IPA." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3390 +#: sssd.conf.5.xml:3397 msgid "" "<quote>ad</quote> to load a list of subdomains from an Active Directory " "server. See <citerefentry> <refentrytitle>sssd-ad</refentrytitle> " @@ -4822,17 +4825,17 @@ msgstr "" "konfigurera AD-leverantören." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3399 +#: sssd.conf.5.xml:3406 msgid "<quote>none</quote> disallows fetching subdomains explicitly." msgstr "<quote>none</quote> tillåter uttryckligen inte att hämta underdomäner." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3409 +#: sssd.conf.5.xml:3416 msgid "session_provider (string)" msgstr "session_provider (sträng)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3412 +#: sssd.conf.5.xml:3419 msgid "" "The provider which configures and manages user session related tasks. The " "only user session task currently provided is the integration with Fleet " @@ -4844,14 +4847,14 @@ msgstr "" "med IPA. Sessionsleverantörer som stödjs är:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3419 +#: sssd.conf.5.xml:3426 msgid "<quote>ipa</quote> to allow performing user session related tasks." msgstr "" "<quote>ipa</quote> för att utföra uppgifter relaterade till " "användarsessioner." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3423 +#: sssd.conf.5.xml:3430 msgid "" "<quote>none</quote> does not perform any kind of user session related tasks." msgstr "" @@ -4859,7 +4862,7 @@ msgstr "" "användarsessioner." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3427 +#: sssd.conf.5.xml:3434 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can perform " "session related tasks." @@ -4868,7 +4871,7 @@ msgstr "" "sessionsrelaterade uppgifter." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3431 +#: sssd.conf.5.xml:3438 msgid "" "<emphasis>NOTE:</emphasis> In order to have this feature working as expected " "SSSD must be running as \"root\" and not as the unprivileged user." @@ -4878,12 +4881,12 @@ msgstr "" "användaren." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3439 +#: sssd.conf.5.xml:3446 msgid "autofs_provider (string)" msgstr "autofs_provider (sträng)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3442 +#: sssd.conf.5.xml:3449 msgid "" "The autofs provider used for the domain. Supported autofs providers are:" msgstr "" @@ -4891,7 +4894,7 @@ msgstr "" "är:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3446 +#: sssd.conf.5.xml:3453 msgid "" "<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" @@ -4902,7 +4905,7 @@ msgstr "" "citerefentry> för mer information om att konfigurera LDAP." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3453 +#: sssd.conf.5.xml:3460 msgid "" "<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> " "<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </" @@ -4913,7 +4916,7 @@ msgstr "" "manvolnum> </citerefentry> för mer information om att konfigurera IPA." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3461 +#: sssd.conf.5.xml:3468 msgid "" "<quote>ad</quote> to load maps stored in an AD server. See <citerefentry> " "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </" @@ -4925,17 +4928,17 @@ msgstr "" "leverantören." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3470 +#: sssd.conf.5.xml:3477 msgid "<quote>none</quote> disables autofs explicitly." msgstr "<quote>none</quote> avaktiverar explicit autofs." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3480 +#: sssd.conf.5.xml:3487 msgid "hostid_provider (string)" msgstr "hostid_provider (sträng)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3483 +#: sssd.conf.5.xml:3490 msgid "" "The provider used for retrieving host identity information. Supported " "hostid providers are:" @@ -4944,7 +4947,7 @@ msgstr "" "leverantörer som stödjs är:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3487 +#: sssd.conf.5.xml:3494 msgid "" "<quote>ipa</quote> to load host identity stored in an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" @@ -4955,17 +4958,17 @@ msgstr "" "manvolnum> </citerefentry> för mer information om att konfigurera IPA." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3495 +#: sssd.conf.5.xml:3502 msgid "<quote>none</quote> disables hostid explicitly." msgstr "<quote>none</quote> avaktiverar explicit värd-id:n." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3505 +#: sssd.conf.5.xml:3512 msgid "resolver_provider (string)" msgstr "resolver_provider (sträng)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3508 +#: sssd.conf.5.xml:3515 msgid "" "The provider which should handle hosts and networks lookups. Supported " "resolver providers are:" @@ -4974,7 +4977,7 @@ msgstr "" "Uppslagsleverantörer som stödjs är:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3512 +#: sssd.conf.5.xml:3519 msgid "" "<quote>proxy</quote> to forward lookups to another NSS library. See " "<quote>proxy_resolver_lib_name</quote>" @@ -4983,7 +4986,7 @@ msgstr "" "bibliotek. Se <quote>proxy_resolver_lib_name</quote>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3516 +#: sssd.conf.5.xml:3523 msgid "" "<quote>ldap</quote> to fetch hosts and networks stored in LDAP. See " "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" @@ -4994,7 +4997,7 @@ msgstr "" "manvolnum> </citerefentry> för mer information om att konfigurera LDAP." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3523 +#: sssd.conf.5.xml:3530 msgid "" "<quote>ad</quote> to fetch hosts and networks stored in AD. See " "<citerefentry> <refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</" @@ -5007,13 +5010,13 @@ msgstr "" "leverantören." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3531 +#: sssd.conf.5.xml:3538 msgid "<quote>none</quote> disallows fetching hosts and networks explicitly." msgstr "" "<quote>none</quote> tillåter uttryckligen inte att hämta värdar och nätverk." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3544 +#: sssd.conf.5.xml:3551 msgid "" "Regular expression for this domain that describes how to parse the string " "containing user name and domain into these components. The \"domain\" can " @@ -5028,7 +5031,7 @@ msgstr "" "(NetBIOS) namnet på domänen." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3553 +#: sssd.conf.5.xml:3560 #, fuzzy #| msgid "" #| "Default for the AD and IPA provider: <quote>(((?P<domain>[^\\\\]+)\\" @@ -5045,17 +5048,17 @@ msgstr "" "användarnamn:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:3558 sssd.conf.5.xml:3572 +#: sssd.conf.5.xml:3565 sssd.conf.5.xml:3579 msgid "username" msgstr "användarnamn" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:3561 sssd.conf.5.xml:3575 +#: sssd.conf.5.xml:3568 sssd.conf.5.xml:3582 msgid "username@domain.name" msgstr "användarnamn@domän.namn" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3566 +#: sssd.conf.5.xml:3573 #, fuzzy #| msgid "" #| "Default for the AD and IPA provider: <quote>(((?P<domain>[^\\\\]+)\\" @@ -5074,12 +5077,12 @@ msgstr "" "användarnamn:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:3578 +#: sssd.conf.5.xml:3585 msgid "domain\\username" msgstr "domän\\användarnamn" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3581 +#: sssd.conf.5.xml:3588 msgid "" "While the first two correspond to the general default the third one is " "introduced to allow easy integration of users from Windows domains." @@ -5088,7 +5091,7 @@ msgstr "" "tredje för att tillåta enkel integration av användare från Windows-domäner." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3586 +#: sssd.conf.5.xml:3593 msgid "" "The default re_expression uses the <quote>@</quote> character as a separator " "between the name and the domain. As a result of this setting the default " @@ -5098,17 +5101,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3638 +#: sssd.conf.5.xml:3645 msgid "Default: <quote>%1$s@%2$s</quote>." msgstr "Standard: <quote>%1$s@%2$s</quote>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3644 +#: sssd.conf.5.xml:3651 msgid "lookup_family_order (string)" msgstr "lookup_family_order (sträng)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3647 +#: sssd.conf.5.xml:3654 msgid "" "Provides the ability to select preferred address family to use when " "performing DNS lookups." @@ -5117,44 +5120,44 @@ msgstr "" "uppslagningar." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3651 +#: sssd.conf.5.xml:3658 msgid "Supported values:" msgstr "Värden som stödjs:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3654 +#: sssd.conf.5.xml:3661 msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6" msgstr "" "ipv4_first: Försök slå upp IPv4-adresser, om det misslyckas, prova IPv6" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3657 +#: sssd.conf.5.xml:3664 msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses." msgstr "ipv4_only: Försök endast slå upp värdnamn som IPv4-adresser." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3660 +#: sssd.conf.5.xml:3667 msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4" msgstr "" "ipv6_first: Försök slå upp IPv6-adresser, om det misslyckas, prova IPv4" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3663 +#: sssd.conf.5.xml:3670 msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses." msgstr "ipv6_only: Försök endast slå upp värdnamn som IPv6-adresser." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3666 +#: sssd.conf.5.xml:3673 msgid "Default: ipv4_first" msgstr "Standard: ipv4_first" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3672 +#: sssd.conf.5.xml:3679 msgid "dns_resolver_server_timeout (integer)" msgstr "dns_resolver_server_timeout (heltal)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3675 +#: sssd.conf.5.xml:3682 msgid "" "Defines the amount of time (in milliseconds) SSSD would try to talk to DNS " "server before trying next DNS server." @@ -5163,7 +5166,7 @@ msgstr "" "DNS-server före den provar nästa DNS-server." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3680 +#: sssd.conf.5.xml:3687 msgid "" "The AD provider will use this option for the CLDAP ping timeouts as well." msgstr "" @@ -5171,7 +5174,7 @@ msgstr "" "pingtidsgränsen." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3684 sssd.conf.5.xml:3704 sssd.conf.5.xml:3725 +#: sssd.conf.5.xml:3691 sssd.conf.5.xml:3711 sssd.conf.5.xml:3732 msgid "" "Please see the section <quote>FAILOVER</quote> for more information about " "the service resolution." @@ -5179,17 +5182,17 @@ msgstr "" "Se avsnittet <quote>RESERVER</quote> för mer information om tjänstevalet." #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3689 sssd-ldap.5.xml:644 include/failover.xml:84 +#: sssd.conf.5.xml:3696 sssd-ldap.5.xml:645 include/failover.xml:84 msgid "Default: 1000" msgstr "Standard: 1000" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3695 +#: sssd.conf.5.xml:3702 msgid "dns_resolver_op_timeout (integer)" msgstr "dns_resolver_op_timeout (heltal)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3698 +#: sssd.conf.5.xml:3705 msgid "" "Defines the amount of time (in seconds) to wait to resolve single DNS query " "(e.g. resolution of a hostname or an SRV record) before trying the next " @@ -5200,12 +5203,12 @@ msgstr "" "nästa värdnamn eller DNS-upptäckt." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3715 +#: sssd.conf.5.xml:3722 msgid "dns_resolver_timeout (integer)" msgstr "dns_resolver_timeout (heltal)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3718 +#: sssd.conf.5.xml:3725 msgid "" "Defines the amount of time (in seconds) to wait for a reply from the " "internal fail over service before assuming that the service is unreachable. " @@ -5217,12 +5220,12 @@ msgstr "" "nås kommer domänen fortsätta att fungera i frånkopplat läge." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3736 +#: sssd.conf.5.xml:3743 msgid "dns_resolver_use_search_list (bool)" msgstr "dns_resolver_use_search_list (bool)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3739 +#: sssd.conf.5.xml:3746 msgid "" "Normally, the DNS resolver searches the domain list defined in the " "\"search\" directive from the resolv.conf file. This can lead to delays in " @@ -5233,7 +5236,7 @@ msgstr "" "med felaktigt konfigurerad DNS." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3745 +#: sssd.conf.5.xml:3752 msgid "" "If fully qualified domain names (or _srv_) are used in the SSSD " "configuration, setting this option to FALSE can prevent unnecessary DNS " @@ -5244,17 +5247,17 @@ msgstr "" "DNS-uppslagningar i sådana miljöer." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3751 +#: sssd.conf.5.xml:3758 msgid "Default: TRUE" msgstr "Standard: TRUE" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3757 +#: sssd.conf.5.xml:3764 msgid "dns_discovery_domain (string)" msgstr "dns_discovery_domain (sträng)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3760 +#: sssd.conf.5.xml:3767 msgid "" "If service discovery is used in the back end, specifies the domain part of " "the service discovery DNS query." @@ -5263,52 +5266,52 @@ msgstr "" "fråga om tjänsteupptäckt." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3764 +#: sssd.conf.5.xml:3771 msgid "Default: Use the domain part of machine's hostname" msgstr "Standard: använd domändelen av maskinens värdnamn" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3770 +#: sssd.conf.5.xml:3777 msgid "override_gid (integer)" msgstr "override_gid (heltal)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3773 +#: sssd.conf.5.xml:3780 msgid "Override the primary GID value with the one specified." msgstr "Ersätt det primära GID-värdet med det angivna." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3779 +#: sssd.conf.5.xml:3786 msgid "case_sensitive (string)" msgstr "case_sensitive (sträng)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3786 +#: sssd.conf.5.xml:3793 msgid "True" msgstr "True" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3789 +#: sssd.conf.5.xml:3796 msgid "Case sensitive. This value is invalid for AD provider." msgstr "Skiftlägeskänsligt. Detta värde är inte giltigt för AD-leverantörer." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3795 +#: sssd.conf.5.xml:3802 msgid "False" msgstr "False" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3797 +#: sssd.conf.5.xml:3804 msgid "Case insensitive." msgstr "Skiftlägesokänsligt." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3801 +#: sssd.conf.5.xml:3808 msgid "Preserving" msgstr "Preserving" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3804 +#: sssd.conf.5.xml:3811 msgid "" "Same as False (case insensitive), but does not lowercase names in the result " "of NSS operations. Note that name aliases (and in case of services also " @@ -5319,7 +5322,7 @@ msgstr "" "tjänster även protokollnamn) fortfarande skiftas ner i utdata." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3812 +#: sssd.conf.5.xml:3819 msgid "" "If you want to set this value for trusted domain with IPA provider, you need " "to set it on both the client and SSSD on the server." @@ -5328,7 +5331,7 @@ msgstr "" "du sätta det på både klienten och SSSD på servern." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3782 +#: sssd.conf.5.xml:3789 msgid "" "Treat user and group names as case sensitive. Possible option values are: " "<placeholder type=\"variablelist\" id=\"0\"/>" @@ -5337,17 +5340,17 @@ msgstr "" "värdena på alternativen är: <placeholder type=\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3827 +#: sssd.conf.5.xml:3834 msgid "Default: True (False for AD provider)" msgstr "Standard: True (False för AD-leverantören)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3833 +#: sssd.conf.5.xml:3840 msgid "subdomain_inherit (string)" msgstr "subdomain_inherit (sträng)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3836 +#: sssd.conf.5.xml:3843 msgid "" "Specifies a list of configuration parameters that should be inherited by a " "subdomain. Please note that only selected parameters can be inherited. " @@ -5358,47 +5361,47 @@ msgstr "" "följande alternativ ärvas:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3842 +#: sssd.conf.5.xml:3849 msgid "ldap_search_timeout" msgstr "ldap_search_timeout" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3845 +#: sssd.conf.5.xml:3852 msgid "ldap_network_timeout" msgstr "ldap_network_timeout" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3848 +#: sssd.conf.5.xml:3855 msgid "ldap_opt_timeout" msgstr "ldap_opt_timeout" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3851 +#: sssd.conf.5.xml:3858 msgid "ldap_offline_timeout" msgstr "ldap_offline_timeout" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3854 +#: sssd.conf.5.xml:3861 msgid "ldap_enumeration_refresh_timeout" msgstr "ldap_enumeration_refresh_timeout" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3857 +#: sssd.conf.5.xml:3864 msgid "ldap_enumeration_refresh_offset" msgstr "ldap_enumeration_refresh_offset" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3860 +#: sssd.conf.5.xml:3867 msgid "ldap_purge_cache_timeout" msgstr "ldap_purge_cache_timeout" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3863 +#: sssd.conf.5.xml:3870 msgid "ldap_purge_cache_offset" msgstr "ldap_purge_cache_offset" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3866 +#: sssd.conf.5.xml:3873 msgid "" "ldap_krb5_keytab (the value of krb5_keytab will be used if ldap_krb5_keytab " "is not set explicitly)" @@ -5407,57 +5410,57 @@ msgstr "" "ldap_krb5_keytab sätts särskilt)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3870 +#: sssd.conf.5.xml:3877 msgid "ldap_krb5_ticket_lifetime" msgstr "ldap_krb5_ticket_lifetime" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3873 +#: sssd.conf.5.xml:3880 msgid "ldap_enumeration_search_timeout" msgstr "ldap_enumeration_search_timeout" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3876 +#: sssd.conf.5.xml:3883 msgid "ldap_connection_expire_timeout" msgstr "ldap_connection_expire_timeout" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3879 +#: sssd.conf.5.xml:3886 msgid "ldap_connection_expire_offset" msgstr "ldap_connection_expire_offset" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3882 +#: sssd.conf.5.xml:3889 msgid "ldap_connection_idle_timeout" msgstr "ldap_connection_idle_timeout" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3885 sssd-ldap.5.xml:400 +#: sssd.conf.5.xml:3892 sssd-ldap.5.xml:401 msgid "ldap_use_tokengroups" msgstr "ldap_use_tokengroups" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3888 +#: sssd.conf.5.xml:3895 msgid "ldap_user_principal" msgstr "ldap_user_principal" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3891 +#: sssd.conf.5.xml:3898 msgid "ignore_group_members" msgstr "ignore_group_members" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3894 +#: sssd.conf.5.xml:3901 msgid "auto_private_groups" msgstr "auto_private_groups" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3897 +#: sssd.conf.5.xml:3904 msgid "case_sensitive" msgstr "case_sensitive" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:3902 +#: sssd.conf.5.xml:3909 #, no-wrap msgid "" "subdomain_inherit = ldap_purge_cache_timeout\n" @@ -5467,28 +5470,28 @@ msgstr "" " " #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3909 +#: sssd.conf.5.xml:3916 msgid "Note: This option only works with the IPA and AD provider." msgstr "" "Observera: detta alternativ fungerar endast med leverantörerna IPA och AD." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3916 +#: sssd.conf.5.xml:3923 msgid "subdomain_homedir (string)" msgstr "subdomain_homedir (sträng)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3927 +#: sssd.conf.5.xml:3934 msgid "%F" msgstr "%F" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3928 +#: sssd.conf.5.xml:3935 msgid "flat (NetBIOS) name of a subdomain." msgstr "platt (NetBIOS) namn på en underdomän." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3919 +#: sssd.conf.5.xml:3926 msgid "" "Use this homedir as default value for all subdomains within this domain in " "IPA AD trust. See <emphasis>override_homedir</emphasis> for info about " @@ -5503,36 +5506,36 @@ msgstr "" "type=\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3933 +#: sssd.conf.5.xml:3940 msgid "" "The value can be overridden by <emphasis>override_homedir</emphasis> option." msgstr "" "Värdet kan åsidosättas av alternativet <emphasis>override_homedir</emphasis>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3937 +#: sssd.conf.5.xml:3944 msgid "Default: <filename>/home/%d/%u</filename>" msgstr "Standard: <filename>/home/%d/%u</filename>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3942 +#: sssd.conf.5.xml:3949 msgid "realmd_tags (string)" msgstr "realmd_tags (sträng)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3945 +#: sssd.conf.5.xml:3952 msgid "" "Various tags stored by the realmd configuration service for this domain." msgstr "" "Diverse taggar lagrade av realmd-konfigurationstjänsten för denna domän." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3951 +#: sssd.conf.5.xml:3958 msgid "cached_auth_timeout (int)" msgstr "cached_auth_timeout (heltal)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3954 +#: sssd.conf.5.xml:3961 msgid "" "Specifies time in seconds since last successful online authentication for " "which user will be authenticated using cached credentials while SSSD is in " @@ -5545,7 +5548,7 @@ msgstr "" "uppkopplad autentisering." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3962 +#: sssd.conf.5.xml:3969 msgid "" "This option's value is inherited by all trusted domains. At the moment it is " "not possible to set a different value per trusted domain." @@ -5554,12 +5557,12 @@ msgstr "" "inte möjligt att ange olika värden för varje betrodd domän." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3967 +#: sssd.conf.5.xml:3974 msgid "Special value 0 implies that this feature is disabled." msgstr "Specialvärdet 0 betyder att denna funktion är avaktiverad." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3971 +#: sssd.conf.5.xml:3978 msgid "" "Please note that if <quote>cached_auth_timeout</quote> is longer than " "<quote>pam_id_timeout</quote> then the back end could be called to handle " @@ -5570,14 +5573,14 @@ msgstr "" "<quote>initgroups.</quote>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3982 +#: sssd.conf.5.xml:3989 #, fuzzy #| msgid "ldap_pwd_policy (string)" msgid "local_auth_policy (string)" msgstr "ldap_pwd_policy (sträng)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3985 +#: sssd.conf.5.xml:3992 msgid "" "Local authentication methods policy. Some backends (i.e. LDAP, proxy " "provider) only support a password based authentication, while others can " @@ -5588,7 +5591,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3995 +#: sssd.conf.5.xml:4002 msgid "" "There are three possible values for this option: match, only, enable. " "<quote>match</quote> is used to match offline and online states for Kerberos " @@ -5599,8 +5602,17 @@ msgid "" "separated, such as <quote>enable:passkey, enable:smartcard</quote>" msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4014 +msgid "" +"Please note that if local Smartcard authentication is enabled and a " +"Smartcard is present, Smartcard authentication will be preferred over the " +"authentication methods supported by the backend. I.e. there will be a PIN " +"prompt instead of e.g. a password prompt." +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:4011 +#: sssd.conf.5.xml:4026 #, no-wrap msgid "" "[domain/shadowutils]\n" @@ -5611,7 +5623,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4007 +#: sssd.conf.5.xml:4022 #, fuzzy #| msgid "" #| "The following example creates a container named 'mycontainer': " @@ -5625,31 +5637,31 @@ msgstr "" "type=\"programlisting\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4019 +#: sssd.conf.5.xml:4034 #, fuzzy #| msgid "This option is not available in IPA provider." msgid "This option is ignored for the files provider." msgstr "Detta alternativ är inte tillgängligt i IPA-leverantören." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4022 +#: sssd.conf.5.xml:4037 #, fuzzy #| msgid "Default: mail" msgid "Default: match" msgstr "Standard: mail" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4027 +#: sssd.conf.5.xml:4042 msgid "auto_private_groups (string)" msgstr "auto_private_groups (sträng)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4033 +#: sssd.conf.5.xml:4048 msgid "true" msgstr "true" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4036 +#: sssd.conf.5.xml:4051 msgid "" "Create user's private group unconditionally from user's UID number. The GID " "number is ignored in this case." @@ -5658,7 +5670,7 @@ msgstr "" "GID-numret ignoreras i detta läge." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4040 +#: sssd.conf.5.xml:4055 msgid "" "NOTE: Because the GID number and the user private group are inferred from " "the UID number, it is not supported to have multiple entries with the same " @@ -5671,12 +5683,12 @@ msgstr "" "framtvingar unika nummer över hela ID-rymden." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4049 +#: sssd.conf.5.xml:4064 msgid "false" msgstr "false" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4052 +#: sssd.conf.5.xml:4067 msgid "" "Always use the user's primary GID number. The GID number must refer to a " "group object in the LDAP database." @@ -5685,12 +5697,12 @@ msgstr "" "ett gruppobjekt i LDAP-databasen." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4058 +#: sssd.conf.5.xml:4073 msgid "hybrid" msgstr "hybrid" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4061 +#: sssd.conf.5.xml:4076 msgid "" "A primary group is autogenerated for user entries whose UID and GID numbers " "have the same value and at the same time the GID number does not correspond " @@ -5705,7 +5717,7 @@ msgstr "" "upp till det gruppobjektet." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4074 +#: sssd.conf.5.xml:4089 msgid "" "If the UID and GID of a user are different, then the GID must correspond to " "a group entry, otherwise the GID is simply not resolvable." @@ -5714,7 +5726,7 @@ msgstr "" "kan GID:t helt enkelt inte slås upp." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4081 +#: sssd.conf.5.xml:4096 msgid "" "This feature is useful for environments that wish to stop maintaining a " "separate group objects for the user private groups, but also wish to retain " @@ -5725,7 +5737,7 @@ msgstr "" "befintliga användarnas privata grupper." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4030 +#: sssd.conf.5.xml:4045 msgid "" "This option takes any of three available values: <placeholder " "type=\"variablelist\" id=\"0\"/>" @@ -5734,7 +5746,7 @@ msgstr "" "type=\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4093 +#: sssd.conf.5.xml:4108 msgid "" "For subdomains, the default value is False for subdomains that use assigned " "POSIX IDs and True for subdomains that use automatic ID-mapping." @@ -5744,7 +5756,7 @@ msgstr "" "översättning." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:4101 +#: sssd.conf.5.xml:4116 #, no-wrap msgid "" "[domain/forest.domain/sub.domain]\n" @@ -5754,7 +5766,7 @@ msgstr "" "auto_private_groups = false\n" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:4107 +#: sssd.conf.5.xml:4122 #, no-wrap msgid "" "[domain/forest.domain]\n" @@ -5766,7 +5778,7 @@ msgstr "" "auto_private_groups = false\n" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4098 +#: sssd.conf.5.xml:4113 msgid "" "The value of auto_private_groups can either be set per subdomains in a " "subsection, for example: <placeholder type=\"programlisting\" id=\"0\"/> or " @@ -5791,31 +5803,36 @@ msgstr "" "replaceable>]</quote> <placeholder type=\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4122 +#: sssd.conf.5.xml:4137 msgid "proxy_pam_target (string)" msgstr "proxy_pam_target (sträng)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4125 +#: sssd.conf.5.xml:4140 msgid "The proxy target PAM proxies to." msgstr "Proxymålet PAM är en proxy för." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4128 +#: sssd.conf.5.xml:4143 +#, fuzzy +#| msgid "" +#| "Default: not set by default, you have to take an existing pam " +#| "configuration or create a new one and add the service name here." msgid "" "Default: not set by default, you have to take an existing pam configuration " -"or create a new one and add the service name here." +"or create a new one and add the service name here. As an alternative you can " +"enable local authentication with the local_auth_policy option." msgstr "" "Standard: inte satt som standard, du måste ta en befintlig pam-konfiguration " "eller skapa en ny och lägga till tjänstenamnet här." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4136 +#: sssd.conf.5.xml:4153 msgid "proxy_lib_name (string)" msgstr "proxy_lib_name (sträng)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4139 +#: sssd.conf.5.xml:4156 msgid "" "The name of the NSS library to use in proxy domains. The NSS functions " "searched for in the library are in the form of _nss_$(libName)_$(function), " @@ -5826,12 +5843,12 @@ msgstr "" "exempel _nss_files_getpwent." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4149 +#: sssd.conf.5.xml:4166 msgid "proxy_resolver_lib_name (string)" msgstr "proxy_resolver_lib_name (sträng)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4152 +#: sssd.conf.5.xml:4169 msgid "" "The name of the NSS library to use for hosts and networks lookups in proxy " "domains. The NSS functions searched for in the library are in the form of " @@ -5842,12 +5859,12 @@ msgstr "" "_nss_$(libName)_$(function), till exempel _nss_dns_gethostbyname2_r." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4163 +#: sssd.conf.5.xml:4180 msgid "proxy_fast_alias (boolean)" msgstr "proxy_fast_alias (boolean)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4166 +#: sssd.conf.5.xml:4183 msgid "" "When a user or group is looked up by name in the proxy provider, a second " "lookup by ID is performed to \"canonicalize\" the name in case the requested " @@ -5860,12 +5877,12 @@ msgstr "" "SSSD att utföra ID-uppslagningen från cachen av prestandaskäl." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4180 +#: sssd.conf.5.xml:4197 msgid "proxy_max_children (integer)" msgstr "proxy_max_children (heltal)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4183 +#: sssd.conf.5.xml:4200 msgid "" "This option specifies the number of pre-forked proxy children. It is useful " "for high-load SSSD environments where sssd may run out of available child " @@ -5877,7 +5894,7 @@ msgstr "" "begäranden skulle köas upp." #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4118 +#: sssd.conf.5.xml:4133 msgid "" "Options valid for proxy domains. <placeholder type=\"variablelist\" " "id=\"0\"/>" @@ -5886,12 +5903,12 @@ msgstr "" "id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:4199 +#: sssd.conf.5.xml:4216 msgid "Application domains" msgstr "Programdomäner" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4201 +#: sssd.conf.5.xml:4218 msgid "" "SSSD, with its D-Bus interface (see <citerefentry> <refentrytitle>sssd-ifp</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry>) is appealing to " @@ -5920,7 +5937,7 @@ msgstr "" "traditionell SSSD-domän." #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4221 +#: sssd.conf.5.xml:4238 msgid "" "Please note that the application domain must still be explicitly enabled in " "the <quote>domains</quote> parameter so that the lookup order between the " @@ -5931,17 +5948,17 @@ msgstr "" "programdomänen och dess POSIX-syskondomän sätts korrekt." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> -#: sssd.conf.5.xml:4227 +#: sssd.conf.5.xml:4244 msgid "Application domain parameters" msgstr "Programdomänparametrar" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4229 +#: sssd.conf.5.xml:4246 msgid "inherit_from (string)" msgstr "inherit_from (sträng)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4232 +#: sssd.conf.5.xml:4249 msgid "" "The SSSD POSIX-type domain the application domain inherits all settings " "from. The application domain can moreover add its own settings to the " @@ -5954,7 +5971,7 @@ msgstr "" "quote>domänens inställningar." #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4246 +#: sssd.conf.5.xml:4263 msgid "" "The following example illustrates the use of an application domain. In this " "setup, the POSIX domain is connected to an LDAP server and is used by the OS " @@ -5969,7 +5986,7 @@ msgstr "" "attributet telefon nåbart via D-Bus-gränssnittet." #. type: Content of: <reference><refentry><refsect1><refsect2><programlisting> -#: sssd.conf.5.xml:4254 +#: sssd.conf.5.xml:4271 #, no-wrap msgid "" "[sssd]\n" @@ -6003,12 +6020,12 @@ msgstr "" "ldap_user_extra_attrs = telefon:telephoneNumber\n" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4274 +#: sssd.conf.5.xml:4291 msgid "TRUSTED DOMAIN SECTION" msgstr "SEKTIONEN BETRODDA DOMÄNER" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4276 +#: sssd.conf.5.xml:4293 msgid "" "Some options used in the domain section can also be used in the trusted " "domain section, that is, in a section called <quote>[domain/" @@ -6025,57 +6042,57 @@ msgstr "" "alternativ i sektionen för betrodda domäner är:" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4283 +#: sssd.conf.5.xml:4300 msgid "ldap_search_base," msgstr "ldap_search_base," #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4284 +#: sssd.conf.5.xml:4301 msgid "ldap_user_search_base," msgstr "ldap_user_search_base," #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4285 +#: sssd.conf.5.xml:4302 msgid "ldap_group_search_base," msgstr "ldap_group_search_base," #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4286 +#: sssd.conf.5.xml:4303 msgid "ldap_netgroup_search_base," msgstr "ldap_netgroup_search_base," #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4287 +#: sssd.conf.5.xml:4304 msgid "ldap_service_search_base," msgstr "ldap_service_search_base," #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4288 +#: sssd.conf.5.xml:4305 msgid "ldap_sasl_mech," msgstr "ldap_sasl_mech," #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4289 +#: sssd.conf.5.xml:4306 msgid "ad_server," msgstr "ad_server," #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4290 +#: sssd.conf.5.xml:4307 msgid "ad_backup_server," msgstr "ad_backup_server," #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4291 +#: sssd.conf.5.xml:4308 msgid "ad_site," msgstr "ad_site," #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4292 sssd-ipa.5.xml:879 +#: sssd.conf.5.xml:4309 sssd-ipa.5.xml:884 msgid "use_fully_qualified_names" msgstr "use_fully_qualified_names" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4296 +#: sssd.conf.5.xml:4313 msgid "" "For more details about these options see their individual description in the " "manual page." @@ -6084,12 +6101,12 @@ msgstr "" "manualsidan." #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4302 +#: sssd.conf.5.xml:4319 msgid "CERTIFICATE MAPPING SECTION" msgstr "CERTIFIKATSMAPPNINGSSEKTION" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4304 +#: sssd.conf.5.xml:4321 msgid "" "To allow authentication with Smartcards and certificates SSSD must be able " "to map certificates to users. This can be done by adding the full " @@ -6111,7 +6128,7 @@ msgstr "" "fallet när lokala tjänster använder PAM för autentisering." #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4318 +#: sssd.conf.5.xml:4335 msgid "" "To make the mapping more flexible mapping and matching rules were added to " "SSSD (see <citerefentry> <refentrytitle>sss-certmap</refentrytitle> " @@ -6123,7 +6140,7 @@ msgstr "" "detaljer)." #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4327 +#: sssd.conf.5.xml:4344 msgid "" "A mapping and matching rule can be added to the SSSD configuration in a " "section on its own with a name like <quote>[certmap/" @@ -6136,12 +6153,12 @@ msgstr "" "replaceable>]</quote>. I denna sektion är följande alternativ tillåtna:" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4334 +#: sssd.conf.5.xml:4351 msgid "matchrule (string)" msgstr "matchrule (sträng)" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4337 +#: sssd.conf.5.xml:4354 msgid "" "Only certificates from the Smartcard which matches this rule will be " "processed, all others are ignored." @@ -6150,7 +6167,7 @@ msgstr "" "alla andra ignoreras." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4341 +#: sssd.conf.5.xml:4358 msgid "" "Default: KRB5:<EKU>clientAuth, i.e. only certificates which have the " "Extended Key Usage <quote>clientAuth</quote>" @@ -6159,17 +6176,17 @@ msgstr "" "Extended Key Usage <quote>clientAuth</quote>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4348 +#: sssd.conf.5.xml:4365 msgid "maprule (string)" msgstr "maprule (sträng)" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4351 +#: sssd.conf.5.xml:4368 msgid "Defines how the user is found for a given certificate." msgstr "Definierar hur användaren hittas för ett givet certifikat." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4357 +#: sssd.conf.5.xml:4374 msgid "" "LDAP:(userCertificate;binary={cert!bin}) for LDAP based providers like " "<quote>ldap</quote>, <quote>AD</quote> or <quote>ipa</quote>." @@ -6178,7 +6195,7 @@ msgstr "" "<quote>ldap</quote>, <quote>AD</quote> eller <quote>ipa</quote>." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4363 +#: sssd.conf.5.xml:4380 msgid "" "The RULE_NAME for the <quote>files</quote> provider which tries to find a " "user with the same name." @@ -6187,12 +6204,12 @@ msgstr "" "användare med samma namn." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4372 +#: sssd.conf.5.xml:4389 msgid "domains (string)" msgstr "domains (sträng)" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4375 +#: sssd.conf.5.xml:4392 msgid "" "Comma separated list of domain names the rule should be applied. By default " "a rule is only valid in the domain configured in sssd.conf. If the provider " @@ -6205,17 +6222,17 @@ msgstr "" "lägga till regeln till underdomäner också." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4382 +#: sssd.conf.5.xml:4399 msgid "Default: the configured domain in sssd.conf" msgstr "Standard: den konfigurerade domänen i sssd.conf" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4387 +#: sssd.conf.5.xml:4404 msgid "priority (integer)" msgstr "priority (heltal)" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4390 +#: sssd.conf.5.xml:4407 msgid "" "Unsigned integer value defining the priority of the rule. The higher the " "number the lower the priority. <quote>0</quote> stands for the highest " @@ -6226,12 +6243,12 @@ msgstr "" "prioriteten medan <quote>4294967295</quote> är den lägsta." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4396 +#: sssd.conf.5.xml:4413 msgid "Default: the lowest priority" msgstr "Standard: den lägsta prioriteten" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4402 +#: sssd.conf.5.xml:4419 msgid "" "To make the configuration simple and reduce the amount of configuration " "options the <quote>files</quote> provider has some special properties:" @@ -6241,7 +6258,7 @@ msgstr "" "speciella egenskaper:" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4408 +#: sssd.conf.5.xml:4425 msgid "" "if maprule is not set the RULE_NAME name is assumed to be the name of the " "matching user" @@ -6250,7 +6267,7 @@ msgstr "" "användaren" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4414 +#: sssd.conf.5.xml:4431 msgid "" "if a maprule is used both a single user name or a template like " "<quote>{subject_rfc822_name.short_name}</quote> must be in braces like e.g. " @@ -6263,17 +6280,17 @@ msgstr "" "short_name})</quote>" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4423 +#: sssd.conf.5.xml:4440 msgid "the <quote>domains</quote> option is ignored" msgstr "alternativet <quote>domains</quote> ignoreras" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4431 +#: sssd.conf.5.xml:4448 msgid "PROMPTING CONFIGURATION SECTION" msgstr "SEKTIONEN FÖR FRÅGEKONFIGURATION" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4433 +#: sssd.conf.5.xml:4450 msgid "" "If a special file (<filename>/var/lib/sss/pubconf/pam_preauth_available</" "filename>) exists SSSD's PAM module pam_sss will ask SSSD to figure out " @@ -6288,7 +6305,7 @@ msgstr "" "tillämpliga kreditiv." #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4441 +#: sssd.conf.5.xml:4458 msgid "" "With the growing number of authentication methods and the possibility that " "there are multiple ones for a single user the heuristic used by pam_sss to " @@ -6301,22 +6318,22 @@ msgstr "" "användarfall. Följande alternativ bör ge en bättre flexibilitet här." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4453 +#: sssd.conf.5.xml:4470 msgid "[prompting/password]" msgstr "[prompting/password]" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4456 +#: sssd.conf.5.xml:4473 msgid "password_prompt" msgstr "password_prompt" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4457 +#: sssd.conf.5.xml:4474 msgid "to change the string of the password prompt" msgstr "för att ändra strängen i lösenordsfrågan" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4455 +#: sssd.conf.5.xml:4472 msgid "" "to configure password prompting, allowed options are: <placeholder " "type=\"variablelist\" id=\"0\"/>" @@ -6325,37 +6342,37 @@ msgstr "" "type=\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4465 +#: sssd.conf.5.xml:4482 msgid "[prompting/2fa]" msgstr "[prompting/2fa]" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4469 +#: sssd.conf.5.xml:4486 msgid "first_prompt" msgstr "first_prompt" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4470 +#: sssd.conf.5.xml:4487 msgid "to change the string of the prompt for the first factor" msgstr "för att ändra strängen som frågar efter den första faktorn" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4473 +#: sssd.conf.5.xml:4490 msgid "second_prompt" msgstr "second_prompt" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4474 +#: sssd.conf.5.xml:4491 msgid "to change the string of the prompt for the second factor" msgstr "för att ändra strängen som frågar efter den andra faktorn" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4477 +#: sssd.conf.5.xml:4494 msgid "single_prompt" msgstr "single_prompt" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4478 +#: sssd.conf.5.xml:4495 msgid "" "boolean value, if True there will be only a single prompt using the value of " "first_prompt where it is expected that both factors are entered as a single " @@ -6368,7 +6385,7 @@ msgstr "" "faktorn är frivillig." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4467 +#: sssd.conf.5.xml:4484 msgid "" "to configure two-factor authentication prompting, allowed options are: " "<placeholder type=\"variablelist\" id=\"0\"/> If the second factor is " @@ -6381,19 +6398,19 @@ msgstr "" "med lösenordet eller med båda faktorerna måste tvåstegsförfrågan användas." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4495 +#: sssd.conf.5.xml:4512 #, fuzzy #| msgid "[prompting/password]" msgid "[prompting/passkey]" msgstr "[prompting/password]" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4501 sssd-ad.5.xml:1021 +#: sssd.conf.5.xml:4518 sssd-ad.5.xml:1021 msgid "interactive" msgstr "interactive" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4503 +#: sssd.conf.5.xml:4520 msgid "" "boolean value, if True prompt a message and wait before testing the presence " "of a passkey device. Recommended if your device doesn’t have a tactile " @@ -6401,47 +6418,47 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4511 +#: sssd.conf.5.xml:4528 #, fuzzy #| msgid "interactive" msgid "interactive_prompt" msgstr "interactive" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4513 +#: sssd.conf.5.xml:4530 #, fuzzy #| msgid "to change the string of the password prompt" msgid "to change the message of the interactive prompt." msgstr "för att ändra strängen i lösenordsfrågan" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4518 +#: sssd.conf.5.xml:4535 msgid "touch" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4520 +#: sssd.conf.5.xml:4537 msgid "" "boolean value, if True prompt a message to remind the user to touch the " "device." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4526 +#: sssd.conf.5.xml:4543 #, fuzzy #| msgid "first_prompt" msgid "touch_prompt" msgstr "first_prompt" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4528 +#: sssd.conf.5.xml:4545 #, fuzzy #| msgid "to change the string of the password prompt" msgid "to change the message of the touch prompt." msgstr "för att ändra strängen i lösenordsfrågan" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4497 +#: sssd.conf.5.xml:4514 #, fuzzy #| msgid "" #| "to configure two-factor authentication prompting, allowed options are: " @@ -6454,7 +6471,7 @@ msgstr "" "alternativen: <placeholder type=\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4448 +#: sssd.conf.5.xml:4465 #, fuzzy #| msgid "" #| "Each supported authentication method has its own configuration subsection " @@ -6473,7 +6490,7 @@ msgstr "" ">" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4539 +#: sssd.conf.5.xml:4556 msgid "" "It is possible to add a subsection for specific PAM services, e.g. " "<quote>[prompting/password/sshd]</quote> to individual change the prompting " @@ -6484,12 +6501,12 @@ msgstr "" "enskilt för denna tjänst." #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4546 pam_sss_gss.8.xml:157 idmap_sss.8.xml:43 +#: sssd.conf.5.xml:4563 pam_sss_gss.8.xml:157 idmap_sss.8.xml:43 msgid "EXAMPLES" msgstr "EXEMPEL" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4552 +#: sssd.conf.5.xml:4569 #, no-wrap msgid "" "[sssd]\n" @@ -6543,7 +6560,7 @@ msgstr "" "enumerate = False\n" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4548 +#: sssd.conf.5.xml:4565 msgid "" "1. The following example shows a typical SSSD config. It does not describe " "configuration of the domains themselves - refer to documentation on " @@ -6555,7 +6572,7 @@ msgstr "" "domäner för fler detaljer. <placeholder type=\"programlisting\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4585 +#: sssd.conf.5.xml:4602 #, no-wrap msgid "" "[domain/ipa.com/child.ad.com]\n" @@ -6565,7 +6582,7 @@ msgstr "" "use_fully_qualified_names = false\n" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4579 +#: sssd.conf.5.xml:4596 msgid "" "2. The following example shows configuration of IPA AD trust where the AD " "forest consists of two domains in a parent-child structure. Suppose IPA " @@ -6581,7 +6598,7 @@ msgstr "" "type=\"programlisting\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4596 +#: sssd.conf.5.xml:4613 #, fuzzy, no-wrap #| msgid "" #| "[certmap/my.domain/rule_name]\n" @@ -6609,7 +6626,7 @@ msgstr "" "matchrule = <ISSUER>^CN=My-CA,DC=MIN,DC=DOMÄN$<SUBJECT>^CN=User.Name,DC=MIN,DC=DOMÄN$\n" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4590 +#: sssd.conf.5.xml:4607 #, fuzzy #| msgid "" #| "3. The following example shows the configuration for two certificate " @@ -6682,14 +6699,23 @@ msgstr "Du kan konfigurera SSSD för att använda mer än en LDAP-domän." #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ldap.5.xml:38 +#, fuzzy +#| msgid "" +#| "LDAP back end supports id, auth, access and chpass providers. If you want " +#| "to authenticate against an LDAP server either TLS/SSL or LDAPS is " +#| "required. <command>sssd</command> <emphasis>does not</emphasis> support " +#| "authentication over an unencrypted channel. If the LDAP server is used " +#| "only as an identity provider, an encrypted channel is not needed. Please " +#| "refer to <quote>ldap_access_filter</quote> config option for more " +#| "information about using LDAP as an access provider." msgid "" "LDAP back end supports id, auth, access and chpass providers. If you want to " "authenticate against an LDAP server either TLS/SSL or LDAPS is required. " "<command>sssd</command> <emphasis>does not</emphasis> support authentication " -"over an unencrypted channel. If the LDAP server is used only as an identity " -"provider, an encrypted channel is not needed. Please refer to " -"<quote>ldap_access_filter</quote> config option for more information about " -"using LDAP as an access provider." +"over an unencrypted channel. Even if the LDAP server is used only as an " +"identity provider, an encrypted channel is strongly recommended. Please " +"refer to <quote>ldap_access_filter</quote> config option for more " +"information about using LDAP as an access provider." msgstr "" "LDAP-bakändar stödjer leverantörer av id, autentisering, åtkomst och " "lösenordsändring. Om du vill autentisera mot en LDAP-server krävs antingen " @@ -6700,19 +6726,19 @@ msgstr "" "information om att använda LDAP som en åtkomstleverantör." #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:82 sssd-ad.5.xml:130 +#: sssd-ldap.5.xml:50 sssd-simple.5.xml:69 sssd-ipa.5.xml:82 sssd-ad.5.xml:130 #: sssd-krb5.5.xml:63 sssd-ifp.5.xml:60 sssd-files.5.xml:77 #: sssd-session-recording.5.xml:58 sssd-kcm.8.xml:202 msgid "CONFIGURATION OPTIONS" msgstr "KONFIGURATIONSALTERNATIV" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:66 +#: sssd-ldap.5.xml:67 msgid "ldap_uri, ldap_backup_uri (string)" msgstr "ldap_uri, ldap_backup_uri (sträng)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:69 +#: sssd-ldap.5.xml:70 msgid "" "Specifies the comma-separated list of URIs of the LDAP servers to which SSSD " "should connect in the order of preference. Refer to the <quote>FAILOVER</" @@ -6727,17 +6753,17 @@ msgstr "" "<quote>TJÄNSTEUPPTÄCKT</quote>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:76 +#: sssd-ldap.5.xml:77 msgid "The format of the URI must match the format defined in RFC 2732:" msgstr "Formatet på URI:n måste stämma med formatet som definieras i RFC 2732:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:79 +#: sssd-ldap.5.xml:80 msgid "ldap[s]://<host>[:port]" msgstr "ldap[s]://<värd>[:port]" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:82 +#: sssd-ldap.5.xml:83 msgid "" "For explicit IPv6 addresses, <host> must be enclosed in brackets []" msgstr "" @@ -6745,17 +6771,17 @@ msgstr "" "hakparenteser []" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:85 +#: sssd-ldap.5.xml:86 msgid "example: ldap://[fc00::126:25]:389" msgstr "exempel: ldap://[fc00::126:25]:389" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:91 +#: sssd-ldap.5.xml:92 msgid "ldap_chpass_uri, ldap_chpass_backup_uri (string)" msgstr "ldap_chpass_uri, ldap_chpass_backup_uri (sträng)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:94 +#: sssd-ldap.5.xml:95 msgid "" "Specifies the comma-separated list of URIs of the LDAP servers to which SSSD " "should connect in the order of preference to change the password of a user. " @@ -6768,29 +6794,29 @@ msgstr "" "serverredundans." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:101 +#: sssd-ldap.5.xml:102 msgid "To enable service discovery ldap_chpass_dns_service_name must be set." msgstr "" "För att aktivera tjänsteuppslagning måste ldap_chpass_dns_service_name vara " "satt." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:105 +#: sssd-ldap.5.xml:106 msgid "Default: empty, i.e. ldap_uri is used." msgstr "Standard: tomt, d.v.s. ldap_uri används." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:111 +#: sssd-ldap.5.xml:112 msgid "ldap_search_base (string)" msgstr "ldap_search_base (sträng)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:114 +#: sssd-ldap.5.xml:115 msgid "The default base DN to use for performing LDAP user operations." msgstr "Standard bas-DN att använda för att utföra LDAP-användaroperationer." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:118 +#: sssd-ldap.5.xml:119 msgid "" "Starting with SSSD 1.7.0, SSSD supports multiple search bases using the " "syntax:" @@ -6799,17 +6825,17 @@ msgstr "" "syntaxen:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:122 +#: sssd-ldap.5.xml:123 msgid "search_base[?scope?[filter][?search_base?scope?[filter]]*]" msgstr "sökbas[?räckvidd?[filter][?sökbas?räckvidd?[filter]]*]" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:125 +#: sssd-ldap.5.xml:126 msgid "The scope can be one of \"base\", \"onelevel\" or \"subtree\"." msgstr "Räckvidden kan vara en av ”base”, ”onelevel” eller ”subtree”." #. type: Content of: <listitem><para> -#: sssd-ldap.5.xml:128 include/ldap_search_bases.xml:18 +#: sssd-ldap.5.xml:129 include/ldap_search_bases.xml:18 msgid "" "The filter must be a valid LDAP search filter as specified by http://www." "ietf.org/rfc/rfc2254.txt" @@ -6818,13 +6844,13 @@ msgstr "" "ietf.org/rfc/rfc2254.txt" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:132 sssd-ad.5.xml:311 sss_override.8.xml:143 +#: sssd-ldap.5.xml:133 sssd-ad.5.xml:311 sss_override.8.xml:143 #: sss_override.8.xml:240 sssd-ldap-attributes.5.xml:453 msgid "Examples:" msgstr "Exempel:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:135 +#: sssd-ldap.5.xml:136 msgid "" "ldap_search_base = dc=example,dc=com (which is equivalent to) " "ldap_search_base = dc=example,dc=com?subtree?" @@ -6833,7 +6859,7 @@ msgstr "" "ldap_search_base = dc=example,dc=com?subtree?" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:140 +#: sssd-ldap.5.xml:141 msgid "" "ldap_search_base = cn=host_specific,dc=example,dc=com?subtree?" "(host=thishost)?dc=example.com?subtree?" @@ -6842,7 +6868,7 @@ msgstr "" "(host=thishost)?dc=example.com?subtree?" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:143 +#: sssd-ldap.5.xml:144 msgid "" "Note: It is unsupported to have multiple search bases which reference " "identically-named objects (for example, groups with the same name in two " @@ -6854,7 +6880,7 @@ msgstr "" "sökbaser). Detta kommer medföra oförutsägbart beteende på klientmaskinerna." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:150 +#: sssd-ldap.5.xml:151 msgid "" "Default: If not set, the value of the defaultNamingContext or namingContexts " "attribute from the RootDSE of the LDAP server is used. If " @@ -6871,12 +6897,12 @@ msgstr "" "stödjs inte." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:164 +#: sssd-ldap.5.xml:165 msgid "ldap_schema (string)" msgstr "ldap_schema (sträng)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:167 +#: sssd-ldap.5.xml:168 msgid "" "Specifies the Schema Type in use on the target LDAP server. Depending on " "the selected schema, the default attribute names retrieved from the servers " @@ -6887,32 +6913,32 @@ msgstr "" "Sättet som en del attribut hanteras kan också skilja." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:174 +#: sssd-ldap.5.xml:175 msgid "Four schema types are currently supported:" msgstr "Fyra schematyper stödjs för närvarande:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:178 +#: sssd-ldap.5.xml:179 msgid "rfc2307" msgstr "rfc2307" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:183 +#: sssd-ldap.5.xml:184 msgid "rfc2307bis" msgstr "rfc2307bis" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:188 +#: sssd-ldap.5.xml:189 msgid "IPA" msgstr "IPA" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:193 +#: sssd-ldap.5.xml:194 msgid "AD" msgstr "AD" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:199 +#: sssd-ldap.5.xml:200 msgid "" "The main difference between these schema types is how group memberships are " "recorded in the server. With rfc2307, group members are listed by name in " @@ -6929,37 +6955,37 @@ msgstr "" "värden." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:209 +#: sssd-ldap.5.xml:210 msgid "Default: rfc2307" msgstr "Standard: rfc2307" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:215 +#: sssd-ldap.5.xml:216 msgid "ldap_pwmodify_mode (string)" msgstr "ldap_pwmodify_mode (sträng)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:218 +#: sssd-ldap.5.xml:219 msgid "Specify the operation that is used to modify user password." msgstr "Ange operationen som används för att ändra användarens lösenord." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:222 +#: sssd-ldap.5.xml:223 msgid "Two modes are currently supported:" msgstr "Två lägen stödjs för närvarande:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:226 +#: sssd-ldap.5.xml:227 msgid "exop - Password Modify Extended Operation (RFC 3062)" msgstr "exop - Password Modify Extended Operation (RFC 3062)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:232 +#: sssd-ldap.5.xml:233 msgid "ldap_modify - Direct modification of userPassword (not recommended)." msgstr "ldap_modify - Direkt ändring av userPassword (rekommenderas inte)." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:239 +#: sssd-ldap.5.xml:240 msgid "" "Note: First, a new connection is established to verify current password by " "binding as the user that requested password change. If successful, this " @@ -6972,52 +6998,52 @@ msgstr "" "måste användaren ha skrivrätt på attributet userPassword." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:247 +#: sssd-ldap.5.xml:248 msgid "Default: exop" msgstr "Standard: exop" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:253 +#: sssd-ldap.5.xml:254 msgid "ldap_default_bind_dn (string)" msgstr "ldap_default_bind_dn (sträng)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:256 +#: sssd-ldap.5.xml:257 msgid "The default bind DN to use for performing LDAP operations." msgstr "Standardbindnings-DN att använda för att utföra LDAP-operationer." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:263 +#: sssd-ldap.5.xml:264 msgid "ldap_default_authtok_type (string)" msgstr "ldap_default_authtok_type (sträng)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:266 +#: sssd-ldap.5.xml:267 msgid "The type of the authentication token of the default bind DN." msgstr "Typen på autentiseringstecknet hos standardbindnings-DN." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:270 +#: sssd-ldap.5.xml:271 msgid "The two mechanisms currently supported are:" msgstr "De två mekanismerna som stödjs för närvarande är:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:273 +#: sssd-ldap.5.xml:274 msgid "password" msgstr "password" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:276 +#: sssd-ldap.5.xml:277 msgid "obfuscated_password" msgstr "obfuscated_password" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:279 +#: sssd-ldap.5.xml:280 msgid "Default: password" msgstr "Standard: password" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:282 +#: sssd-ldap.5.xml:283 msgid "" "See the <citerefentry> <refentrytitle>sss_obfuscate</refentrytitle> " "<manvolnum>8</manvolnum> </citerefentry> manual page for more information." @@ -7026,22 +7052,22 @@ msgstr "" "<manvolnum>8</manvolnum> </citerefentry> för mer information." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:293 +#: sssd-ldap.5.xml:294 msgid "ldap_default_authtok (string)" msgstr "ldap_default_authtok (sträng)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:296 +#: sssd-ldap.5.xml:297 msgid "The authentication token of the default bind DN." msgstr "Autentiseringstecknet hos standardbindnings-DN." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:302 +#: sssd-ldap.5.xml:303 msgid "ldap_force_upper_case_realm (boolean)" msgstr "ldap_force_upper_case_realm (boolean)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:305 +#: sssd-ldap.5.xml:306 msgid "" "Some directory servers, for example Active Directory, might deliver the " "realm part of the UPN in lower case, which might cause the authentication to " @@ -7054,12 +7080,12 @@ msgstr "" "rike i versaler." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:318 +#: sssd-ldap.5.xml:319 msgid "ldap_enumeration_refresh_timeout (integer)" msgstr "ldap_enumeration_refresh_timeout (heltal)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:321 +#: sssd-ldap.5.xml:322 msgid "" "Specifies how many seconds SSSD has to wait before refreshing its cache of " "enumerated records." @@ -7068,12 +7094,12 @@ msgstr "" "uppräknade poster." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:337 +#: sssd-ldap.5.xml:338 msgid "ldap_purge_cache_timeout (integer)" msgstr "ldap_purge_cache_timeout (heltal)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:340 +#: sssd-ldap.5.xml:341 msgid "" "Determine how often to check the cache for inactive entries (such as groups " "with no members and users who have never logged in) and remove them to save " @@ -7084,7 +7110,7 @@ msgstr "" "att spara utrymme." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:346 +#: sssd-ldap.5.xml:347 msgid "" "Setting this option to zero will disable the cache cleanup operation. Please " "note that if enumeration is enabled, the cleanup task is required in order " @@ -7097,12 +7123,12 @@ msgstr "" "Som standard kör rensningsjobbet var 3:e timma när uppräkning är aktiverat." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:366 +#: sssd-ldap.5.xml:367 msgid "ldap_group_nesting_level (integer)" msgstr "ldap_group_nesting_level (heltal)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:369 +#: sssd-ldap.5.xml:370 msgid "" "If ldap_schema is set to a schema format that supports nested groups (e.g. " "RFC2307bis), then this option controls how many levels of nesting SSSD will " @@ -7113,7 +7139,7 @@ msgstr "" "kommer följa. Detta alternativ har ingen effekt på schemat RFC2307." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:376 +#: sssd-ldap.5.xml:377 msgid "" "Note: This option specifies the guaranteed level of nested groups to be " "processed for any lookup. However, nested groups beyond this limit " @@ -7129,7 +7155,7 @@ msgstr "" "ursprungliga uppslagningen om den slås upp igen." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:385 +#: sssd-ldap.5.xml:386 msgid "" "If ldap_group_nesting_level is set to 0 then no nested groups are processed " "at all. However, when connected to Active-Directory Server 2008 and later " @@ -7144,12 +7170,12 @@ msgstr "" "false för att begränsa gruppnästning." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:394 +#: sssd-ldap.5.xml:395 msgid "Default: 2" msgstr "Standard: 2" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:403 +#: sssd-ldap.5.xml:404 msgid "" "This options enables or disables use of Token-Groups attribute when " "performing initgroup for users from Active Directory Server 2008 and later." @@ -7159,23 +7185,23 @@ msgstr "" "2008 och senare." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:413 +#: sssd-ldap.5.xml:414 msgid "Default: True for AD and IPA otherwise False." msgstr "Standard: true för AD och IPA annars false." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:419 +#: sssd-ldap.5.xml:420 msgid "ldap_host_search_base (string)" msgstr "ldap_host_search_base (sträng)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:422 +#: sssd-ldap.5.xml:423 msgid "Optional. Use the given string as search base for host objects." msgstr "Frivillig. Använd den givna strängen som en sökbas för värdobjekt." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:426 sssd-ipa.5.xml:457 sssd-ipa.5.xml:476 sssd-ipa.5.xml:495 -#: sssd-ipa.5.xml:514 +#: sssd-ldap.5.xml:427 sssd-ipa.5.xml:462 sssd-ipa.5.xml:481 sssd-ipa.5.xml:500 +#: sssd-ipa.5.xml:519 msgid "" "See <quote>ldap_search_base</quote> for information about configuring " "multiple search bases." @@ -7184,32 +7210,32 @@ msgstr "" "multipla sökbaser." #. type: Content of: <listitem><para> -#: sssd-ldap.5.xml:431 sssd-ipa.5.xml:462 include/ldap_search_bases.xml:27 +#: sssd-ldap.5.xml:432 sssd-ipa.5.xml:467 include/ldap_search_bases.xml:27 msgid "Default: the value of <emphasis>ldap_search_base</emphasis>" msgstr "Standard: värdet på <emphasis>ldap_search_base</emphasis>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:438 +#: sssd-ldap.5.xml:439 msgid "ldap_service_search_base (string)" msgstr "ldap_service_search_base (sträng)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:443 +#: sssd-ldap.5.xml:444 msgid "ldap_iphost_search_base (string)" msgstr "ldap_iphost_search_base (sträng)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:448 +#: sssd-ldap.5.xml:449 msgid "ldap_ipnetwork_search_base (string)" msgstr "ldap_ipnetwork_search_base (sträng)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:453 +#: sssd-ldap.5.xml:454 msgid "ldap_search_timeout (integer)" msgstr "ldap_search_timeout (heltal)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:456 +#: sssd-ldap.5.xml:457 msgid "" "Specifies the timeout (in seconds) that ldap searches are allowed to run " "before they are cancelled and cached results are returned (and offline mode " @@ -7219,7 +7245,7 @@ msgstr "" "och cachade resultat returneras (och går in i frånkopplat läge)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:462 +#: sssd-ldap.5.xml:463 msgid "" "Note: this option is subject to change in future versions of the SSSD. It " "will likely be replaced at some point by a series of timeouts for specific " @@ -7230,12 +7256,12 @@ msgstr "" "specifika uppslagningstyper." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:479 +#: sssd-ldap.5.xml:480 msgid "ldap_enumeration_search_timeout (integer)" msgstr "ldap_enumeration_search_timeout (heltal)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:482 +#: sssd-ldap.5.xml:483 msgid "" "Specifies the timeout (in seconds) that ldap searches for user and group " "enumerations are allowed to run before they are cancelled and cached results " @@ -7246,12 +7272,12 @@ msgstr "" "returneras (och går in i frånkopplat läge)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:500 +#: sssd-ldap.5.xml:501 msgid "ldap_network_timeout (integer)" msgstr "ldap_network_timeout (heltal)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:503 +#: sssd-ldap.5.xml:504 msgid "" "Specifies the timeout (in seconds) after which the <citerefentry> " "<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/" @@ -7268,12 +7294,12 @@ msgstr "" "citerefentry> returnerar om inget händer." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:531 +#: sssd-ldap.5.xml:532 msgid "ldap_opt_timeout (integer)" msgstr "ldap_opt_timeout (heltal)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:534 +#: sssd-ldap.5.xml:535 msgid "" "Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs " "will abort if no response is received. Also controls the timeout when " @@ -7287,12 +7313,12 @@ msgstr "" "operationen." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:554 +#: sssd-ldap.5.xml:555 msgid "ldap_connection_expire_timeout (integer)" msgstr "ldap_connection_expire_timeout (heltal)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:557 +#: sssd-ldap.5.xml:558 msgid "" "Specifies a timeout (in seconds) that a connection to an LDAP server will be " "maintained. After this time, the connection will be re-established. If used " @@ -7305,7 +7331,7 @@ msgstr "" "(detta värde eller TGT-livslängden) användas." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:565 +#: sssd-ldap.5.xml:566 msgid "" "If the connection is idle (not actively running an operation) within " "<emphasis>ldap_opt_timeout</emphasis> seconds of expiration, then it will be " @@ -7323,7 +7349,7 @@ msgstr "" "emphasis>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:577 +#: sssd-ldap.5.xml:578 msgid "" "This timeout can be extended of a random value specified by " "<emphasis>ldap_connection_expire_offset</emphasis>" @@ -7332,17 +7358,17 @@ msgstr "" "<emphasis>ldap_connection_expire_offset</emphasis>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:587 sssd-ldap.5.xml:630 sssd-ldap.5.xml:1711 +#: sssd-ldap.5.xml:588 sssd-ldap.5.xml:631 sssd-ldap.5.xml:1713 msgid "Default: 900 (15 minutes)" msgstr "Standard: 900 (15 minuter)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:593 +#: sssd-ldap.5.xml:594 msgid "ldap_connection_expire_offset (integer)" msgstr "ldap_connection_expire_offset (heltal)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:596 +#: sssd-ldap.5.xml:597 msgid "" "Random offset between 0 and configured value is added to " "<emphasis>ldap_connection_expire_timeout</emphasis>." @@ -7351,12 +7377,12 @@ msgstr "" "till<emphasis>ldap_connection_expire_timeout</emphasis>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:612 +#: sssd-ldap.5.xml:613 msgid "ldap_connection_idle_timeout (integer)" msgstr "ldap_connection_idle_timeout (heltal)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:615 +#: sssd-ldap.5.xml:616 msgid "" "Specifies a timeout (in seconds) that an idle connection to an LDAP server " "will be maintained. If the connection is idle for more than this time then " @@ -7367,17 +7393,17 @@ msgstr "" "kommer förbindelsen att stängas." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:621 +#: sssd-ldap.5.xml:622 msgid "You can disable this timeout by setting the value to 0." msgstr "Man kan avaktivera denna tidsgräns genom att sätta värdet till 0." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:636 +#: sssd-ldap.5.xml:637 msgid "ldap_page_size (integer)" msgstr "ldap_page_size (heltal)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:639 +#: sssd-ldap.5.xml:640 msgid "" "Specify the number of records to retrieve from LDAP in a single request. " "Some LDAP servers enforce a maximum limit per-request." @@ -7386,12 +7412,12 @@ msgstr "" "LDAP-servrar framtvingar en maximal gräns per begäran." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:650 +#: sssd-ldap.5.xml:651 msgid "ldap_disable_paging (boolean)" msgstr "ldap_disable_paging (boolean)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:653 +#: sssd-ldap.5.xml:654 msgid "" "Disable the LDAP paging control. This option should be used if the LDAP " "server reports that it supports the LDAP paging control in its RootDSE but " @@ -7402,7 +7428,7 @@ msgstr "" "RootDSE men det inte är aktiverat eller inte fungerar som det skall." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:659 +#: sssd-ldap.5.xml:660 msgid "" "Example: OpenLDAP servers with the paging control module installed on the " "server but not enabled will report it in the RootDSE but be unable to use it." @@ -7412,7 +7438,7 @@ msgstr "" "den." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:665 +#: sssd-ldap.5.xml:666 msgid "" "Example: 389 DS has a bug where it can only support a one paging control at " "a time on a single connection. On busy clients, this can result in some " @@ -7423,17 +7449,17 @@ msgstr "" "att några begäranden nekas." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:677 +#: sssd-ldap.5.xml:678 msgid "ldap_disable_range_retrieval (boolean)" msgstr "ldap_disable_range_retrieval (boolean)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:680 +#: sssd-ldap.5.xml:681 msgid "Disable Active Directory range retrieval." msgstr "Avaktivera Active Directory intervallhämtning." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:683 +#: sssd-ldap.5.xml:684 msgid "" "Active Directory limits the number of members to be retrieved in a single " "lookup using the MaxValRange policy (which defaults to 1500 members). If a " @@ -7449,12 +7475,12 @@ msgstr "" "medlemmar." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:698 +#: sssd-ldap.5.xml:699 msgid "ldap_sasl_minssf (integer)" msgstr "ldap_sasl_minssf (heltal)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:701 +#: sssd-ldap.5.xml:702 msgid "" "When communicating with an LDAP server using SASL, specify the minimum " "security level necessary to establish the connection. The values of this " @@ -7465,17 +7491,17 @@ msgstr "" "detta alternativ är definierat av OpenLDAP." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:707 sssd-ldap.5.xml:723 +#: sssd-ldap.5.xml:708 sssd-ldap.5.xml:724 msgid "Default: Use the system default (usually specified by ldap.conf)" msgstr "Standard: använd systemstandard (vanligen angivet i ldap.conf)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:714 +#: sssd-ldap.5.xml:715 msgid "ldap_sasl_maxssf (integer)" msgstr "ldap_sasl_maxssf (heltal)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:717 +#: sssd-ldap.5.xml:718 msgid "" "When communicating with an LDAP server using SASL, specify the maximal " "security level necessary to establish the connection. The values of this " @@ -7486,12 +7512,12 @@ msgstr "" "detta alternativ är definierat av OpenLDAP." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:730 +#: sssd-ldap.5.xml:731 msgid "ldap_deref_threshold (integer)" msgstr "ldap_deref_threshold (heltal)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:733 +#: sssd-ldap.5.xml:734 msgid "" "Specify the number of group members that must be missing from the internal " "cache in order to trigger a dereference lookup. If less members are missing, " @@ -7502,7 +7528,7 @@ msgstr "" "individuellt." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:739 +#: sssd-ldap.5.xml:740 msgid "" "You can turn off dereference lookups completely by setting the value to 0. " "Please note that there are some codepaths in SSSD, like the IPA HBAC " @@ -7519,7 +7545,7 @@ msgstr "" "rootDSE-objektet." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:750 +#: sssd-ldap.5.xml:751 msgid "" "A dereference lookup is a means of fetching all group members in a single " "LDAP call. Different LDAP servers may implement different dereference " @@ -7532,7 +7558,7 @@ msgstr "" "OpenLDAP och Active Directory." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:758 +#: sssd-ldap.5.xml:759 msgid "" "<emphasis>Note:</emphasis> If any of the search bases specifies a search " "filter, then the dereference lookup performance enhancement will be disabled " @@ -7543,12 +7569,12 @@ msgstr "" "oavsett denna inställning." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:771 +#: sssd-ldap.5.xml:772 msgid "ldap_ignore_unreadable_references (bool)" msgstr "ldap_ignore_unreadable_references (bool)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:774 +#: sssd-ldap.5.xml:775 msgid "" "Ignore unreadable LDAP entries referenced in group's member attribute. If " "this parameter is set to false an error will be returned and the operation " @@ -7559,7 +7585,7 @@ msgstr "" "misslyckas istället för att den oläsbara posten bara ignoreras." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:781 +#: sssd-ldap.5.xml:782 msgid "" "This parameter may be useful when using the AD provider and the computer " "account that sssd uses to connect to AD does not have access to a particular " @@ -7570,12 +7596,12 @@ msgstr "" "en viss post eller ett visst LDAP-underträd av säkerhetsskäl." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:794 +#: sssd-ldap.5.xml:795 msgid "ldap_tls_reqcert (string)" msgstr "ldap_tls_reqcert (sträng)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:797 +#: sssd-ldap.5.xml:798 msgid "" "Specifies what checks to perform on server certificates in a TLS session, if " "any. It can be specified as one of the following values:" @@ -7584,7 +7610,7 @@ msgstr "" "några. Det kan anges som ett av följande värden:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:803 +#: sssd-ldap.5.xml:804 msgid "" "<emphasis>never</emphasis> = The client will not request or check any server " "certificate." @@ -7593,7 +7619,7 @@ msgstr "" "några servercertifikat." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:807 +#: sssd-ldap.5.xml:808 msgid "" "<emphasis>allow</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -7604,7 +7630,7 @@ msgstr "" "tillhandahålls kommer det ignoreras och sessionen fortsätta normalt." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:814 +#: sssd-ldap.5.xml:815 msgid "" "<emphasis>try</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -7615,7 +7641,7 @@ msgstr "" "tillhandahålls avslutas sessionen omedelbart." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:820 +#: sssd-ldap.5.xml:821 msgid "" "<emphasis>demand</emphasis> = The server certificate is requested. If no " "certificate is provided, or a bad certificate is provided, the session is " @@ -7626,22 +7652,22 @@ msgstr "" "sessionen omedelbart." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:826 +#: sssd-ldap.5.xml:827 msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>" msgstr "<emphasis>hard</emphasis> = Samma som <quote>demand</quote>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:830 +#: sssd-ldap.5.xml:831 msgid "Default: hard" msgstr "Standard: hard" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:836 +#: sssd-ldap.5.xml:837 msgid "ldap_tls_cacert (string)" msgstr "ldap_tls_cacert (sträng)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:839 +#: sssd-ldap.5.xml:840 msgid "" "Specifies the file that contains certificates for all of the Certificate " "Authorities that <command>sssd</command> will recognize." @@ -7650,7 +7676,7 @@ msgstr "" "<command>sssd</command> kommer godkänna." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:844 sssd-ldap.5.xml:862 sssd-ldap.5.xml:903 +#: sssd-ldap.5.xml:845 sssd-ldap.5.xml:863 sssd-ldap.5.xml:904 msgid "" "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap." "conf</filename>" @@ -7659,12 +7685,12 @@ msgstr "" "openldap/ldap.conf</filename>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:851 +#: sssd-ldap.5.xml:852 msgid "ldap_tls_cacertdir (string)" msgstr "ldap_tls_cacertdir (sträng)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:854 +#: sssd-ldap.5.xml:855 msgid "" "Specifies the path of a directory that contains Certificate Authority " "certificates in separate individual files. Typically the file names need to " @@ -7678,32 +7704,32 @@ msgstr "" "namnen." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:869 +#: sssd-ldap.5.xml:870 msgid "ldap_tls_cert (string)" msgstr "ldap_tls_cert (sträng)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:872 +#: sssd-ldap.5.xml:873 msgid "Specifies the file that contains the certificate for the client's key." msgstr "Anger filen som innehåller certifikatet för klientens nyckel." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:882 +#: sssd-ldap.5.xml:883 msgid "ldap_tls_key (string)" msgstr "ldap_tls_key (sträng)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:885 +#: sssd-ldap.5.xml:886 msgid "Specifies the file that contains the client's key." msgstr "Anger filen som innehåller klientens nyckel." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:894 +#: sssd-ldap.5.xml:895 msgid "ldap_tls_cipher_suite (string)" msgstr "ldap_tls_cipher_suite (sträng)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:897 +#: sssd-ldap.5.xml:898 msgid "" "Specifies acceptable cipher suites. Typically this is a colon separated " "list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> " @@ -7714,26 +7740,31 @@ msgstr "" "manvolnum></citerefentry> för formatet." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:910 +#: sssd-ldap.5.xml:911 msgid "ldap_id_use_start_tls (boolean)" msgstr "ldap_id_use_start_tls (boolean)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:913 +#: sssd-ldap.5.xml:914 +#, fuzzy +#| msgid "" +#| "Specifies that the id_provider connection must also use <systemitem " +#| "class=\"protocol\">tls</systemitem> to protect the channel." msgid "" "Specifies that the id_provider connection must also use <systemitem " -"class=\"protocol\">tls</systemitem> to protect the channel." +"class=\"protocol\">tls</systemitem> to protect the channel. <emphasis>true</" +"emphasis> is strongly recommended for security reasons." msgstr "" "Anger att id-leverantörsförbindelsen också måste använda <systemitem " "class=\"protocol\">tls</systemitem> för att skydda kanalen." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:923 +#: sssd-ldap.5.xml:925 msgid "ldap_id_mapping (boolean)" msgstr "ldap_id_mapping (boolean)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:926 +#: sssd-ldap.5.xml:928 msgid "" "Specifies that SSSD should attempt to map user and group IDs from the " "ldap_user_objectsid and ldap_group_objectsid attributes instead of relying " @@ -7744,18 +7775,18 @@ msgstr "" "förlita sig på ldap_user_uid_number och ldap_group_gid_number." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:932 +#: sssd-ldap.5.xml:934 msgid "Currently this feature supports only ActiveDirectory objectSID mapping." msgstr "" "För närvarande stödjer denna funktion endast ActiveDirectory objectSID." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:942 +#: sssd-ldap.5.xml:944 msgid "ldap_min_id, ldap_max_id (integer)" msgstr "ldap_min_id, ldap_max_id (heltal)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:945 +#: sssd-ldap.5.xml:947 msgid "" "In contrast to the SID based ID mapping which is used if ldap_id_mapping is " "set to true the allowed ID range for ldap_user_uid_number and " @@ -7773,17 +7804,17 @@ msgstr "" "Underdomäner kan sedan välja andra intervall för att översätta ID:n." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:957 +#: sssd-ldap.5.xml:959 msgid "Default: not set (both options are set to 0)" msgstr "Standard: inte satt (båda alternativen är satta till 0)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:963 +#: sssd-ldap.5.xml:965 msgid "ldap_sasl_mech (string)" msgstr "ldap_sasl_mech (sträng)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:966 +#: sssd-ldap.5.xml:968 msgid "" "Specify the SASL mechanism to use. Currently only GSSAPI and GSS-SPNEGO are " "tested and supported." @@ -7792,7 +7823,7 @@ msgstr "" "GSSAPI och GSS-SPNEGO." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:970 +#: sssd-ldap.5.xml:972 msgid "" "If the backend supports sub-domains the value of ldap_sasl_mech is " "automatically inherited to the sub-domains. If a different value is needed " @@ -7808,12 +7839,12 @@ msgstr "" "conf</refentrytitle> <manvolnum>5</manvolnum></citerefentry> för detaljer." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:986 +#: sssd-ldap.5.xml:988 msgid "ldap_sasl_authid (string)" msgstr "ldap_sasl_authid (sträng)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd-ldap.5.xml:998 +#: sssd-ldap.5.xml:1000 #, no-wrap msgid "" "hostname@REALM\n" @@ -7833,7 +7864,7 @@ msgstr "" " " #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:989 +#: sssd-ldap.5.xml:991 msgid "" "Specify the SASL authorization id to use. When GSSAPI/GSS-SPNEGO are used, " "this represents the Kerberos principal used for authentication to the " @@ -7853,17 +7884,17 @@ msgstr "" "keytab." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1009 +#: sssd-ldap.5.xml:1011 msgid "Default: host/hostname@REALM" msgstr "Standard: host/värdnamn@RIKE" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1015 +#: sssd-ldap.5.xml:1017 msgid "ldap_sasl_realm (string)" msgstr "ldap_sasl_realm (sträng)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1018 +#: sssd-ldap.5.xml:1020 msgid "" "Specify the SASL realm to use. When not specified, this option defaults to " "the value of krb5_realm. If the ldap_sasl_authid contains the realm as " @@ -7874,17 +7905,17 @@ msgstr "" "ignoreras detta alternativ." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1024 +#: sssd-ldap.5.xml:1026 msgid "Default: the value of krb5_realm." msgstr "Standard: värdet på krb5_realm." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1030 +#: sssd-ldap.5.xml:1032 msgid "ldap_sasl_canonicalize (boolean)" msgstr "ldap_sasl_canonicalize (boolean)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1033 +#: sssd-ldap.5.xml:1035 msgid "" "If set to true, the LDAP library would perform a reverse lookup to " "canonicalize the host name during a SASL bind." @@ -7893,34 +7924,34 @@ msgstr "" "att ta fram värdnamnets kanoniska form under en SASL-bindning." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1038 +#: sssd-ldap.5.xml:1040 msgid "Default: false;" msgstr "Standard: false;" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1044 +#: sssd-ldap.5.xml:1046 msgid "ldap_krb5_keytab (string)" msgstr "ldap_krb5_keytab (sträng)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1047 +#: sssd-ldap.5.xml:1049 msgid "Specify the keytab to use when using SASL/GSSAPI/GSS-SPNEGO." msgstr "" "Ange den keytab som skall användas vid användning av SASL/GSSAPI/GSS-SPNEGO." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1056 sssd-krb5.5.xml:247 +#: sssd-ldap.5.xml:1058 sssd-krb5.5.xml:247 msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>" msgstr "" "Standard: Systemets keytab, normalt <filename>/etc/krb5.keytab</filename>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1062 +#: sssd-ldap.5.xml:1064 msgid "ldap_krb5_init_creds (boolean)" msgstr "ldap_krb5_init_creds (boolean)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1065 +#: sssd-ldap.5.xml:1067 msgid "" "Specifies that the id_provider should init Kerberos credentials (TGT). This " "action is performed only if SASL is used and the mechanism selected is " @@ -7931,29 +7962,29 @@ msgstr "" "eller GSS-SPNEGO." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1077 +#: sssd-ldap.5.xml:1079 msgid "ldap_krb5_ticket_lifetime (integer)" msgstr "ldap_krb5_ticket_lifetime (heltal)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1080 +#: sssd-ldap.5.xml:1082 msgid "" "Specifies the lifetime in seconds of the TGT if GSSAPI or GSS-SPNEGO is used." msgstr "" "Anger livslängden i sekunder på TGT:n om GSSAPI eller GSS-SPNEGO används." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1089 sssd-ad.5.xml:1252 +#: sssd-ldap.5.xml:1091 sssd-ad.5.xml:1252 msgid "Default: 86400 (24 hours)" msgstr "Standard: 86400 (24 timmar)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1095 sssd-krb5.5.xml:74 +#: sssd-ldap.5.xml:1097 sssd-krb5.5.xml:74 msgid "krb5_server, krb5_backup_server (string)" msgstr "krb5_server, krb5_backup_server (sträng)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1098 +#: sssd-ldap.5.xml:1100 msgid "" "Specifies the comma-separated list of IP addresses or hostnames of the " "Kerberos servers to which SSSD should connect in the order of preference. " @@ -7971,7 +8002,7 @@ msgstr "" "mer information, se avsnittet <quote>TJÄNSTEUPPTÄCKT</quote>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1110 sssd-krb5.5.xml:89 +#: sssd-ldap.5.xml:1112 sssd-krb5.5.xml:89 msgid "" "When using service discovery for KDC or kpasswd servers, SSSD first searches " "for DNS entries that specify _udp as the protocol and falls back to _tcp if " @@ -7982,7 +8013,7 @@ msgstr "" "hittas." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1115 sssd-krb5.5.xml:94 +#: sssd-ldap.5.xml:1117 sssd-krb5.5.xml:94 msgid "" "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. " "While the legacy name is recognized for the time being, users are advised to " @@ -7994,27 +8025,27 @@ msgstr "" "quote> istället." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1124 sssd-ipa.5.xml:526 sssd-krb5.5.xml:103 +#: sssd-ldap.5.xml:1126 sssd-ipa.5.xml:531 sssd-krb5.5.xml:103 msgid "krb5_realm (string)" msgstr "krb5_realm (sträng)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1127 +#: sssd-ldap.5.xml:1129 msgid "Specify the Kerberos REALM (for SASL/GSSAPI/GSS-SPNEGO auth)." msgstr "Ange Kerberos-RIKE (för SASL/GSSAPI/GSS-SPNEGO aut)." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1131 +#: sssd-ldap.5.xml:1133 msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>" msgstr "Standard: Systemstandard, se <filename>/etc/krb5.conf</filename>" #. type: Content of: <variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1137 include/krb5_options.xml:154 +#: sssd-ldap.5.xml:1139 include/krb5_options.xml:154 msgid "krb5_canonicalize (boolean)" msgstr "krb5_canonicalize (boolean)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1140 +#: sssd-ldap.5.xml:1142 msgid "" "Specifies if the host principal should be canonicalized when connecting to " "LDAP server. This feature is available with MIT Kerberos >= 1.7" @@ -8023,12 +8054,12 @@ msgstr "" "servern. Denna funktion är tillgänglig med MIT Kerberos ≥ 1.7" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1152 sssd-krb5.5.xml:336 +#: sssd-ldap.5.xml:1154 sssd-krb5.5.xml:336 msgid "krb5_use_kdcinfo (boolean)" msgstr "krb5_use_kdcinfo (boolean)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1155 sssd-krb5.5.xml:339 +#: sssd-ldap.5.xml:1157 sssd-krb5.5.xml:339 msgid "" "Specifies if the SSSD should instruct the Kerberos libraries what realm and " "which KDCs to use. This option is on by default, if you disable it, you need " @@ -8043,7 +8074,7 @@ msgstr "" "<manvolnum>5</manvolnum> </citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1166 sssd-krb5.5.xml:350 +#: sssd-ldap.5.xml:1168 sssd-krb5.5.xml:350 msgid "" "See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</" "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more " @@ -8054,12 +8085,12 @@ msgstr "" "om lokaliseringsinsticksmodulen." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1180 +#: sssd-ldap.5.xml:1182 msgid "ldap_pwd_policy (string)" msgstr "ldap_pwd_policy (sträng)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1183 +#: sssd-ldap.5.xml:1185 msgid "" "Select the policy to evaluate the password expiration on the client side. " "The following values are allowed:" @@ -8068,7 +8099,7 @@ msgstr "" "värden är tillåtna:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1188 +#: sssd-ldap.5.xml:1190 msgid "" "<emphasis>none</emphasis> - No evaluation on the client side. This option " "cannot disable server-side password policies." @@ -8077,7 +8108,7 @@ msgstr "" "alternativ kan inte avaktivera lösenordspolicyer på serversidan." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1193 +#: sssd-ldap.5.xml:1195 msgid "" "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</" "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to " @@ -8090,7 +8121,7 @@ msgstr "" "även alternativet ”ldap_chpass_update_last_change”." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1201 +#: sssd-ldap.5.xml:1203 msgid "" "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos " "to determine if the password has expired. Use chpass_provider=krb5 to update " @@ -8101,7 +8132,7 @@ msgstr "" "chpass_provider=krb5 för att uppdatera dessa attribut när lösenordet ändras." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1210 +#: sssd-ldap.5.xml:1212 msgid "" "<emphasis>Note</emphasis>: if a password policy is configured on server " "side, it always takes precedence over policy set with this option." @@ -8110,17 +8141,17 @@ msgstr "" "kommer den alltid gå före framför policyn som sätts med detta alternativ." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1218 +#: sssd-ldap.5.xml:1220 msgid "ldap_referrals (boolean)" msgstr "ldap_referrals (boolean)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1221 +#: sssd-ldap.5.xml:1223 msgid "Specifies whether automatic referral chasing should be enabled." msgstr "Anger huruvida automatisk uppföljning av referenser skall aktiveras." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1225 +#: sssd-ldap.5.xml:1227 msgid "" "Please note that sssd only supports referral chasing when it is compiled " "with OpenLDAP version 2.4.13 or higher." @@ -8129,7 +8160,7 @@ msgstr "" "kompilerad med OpenLDAP version 2.4.13 eller senare." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1230 +#: sssd-ldap.5.xml:1232 msgid "" "Chasing referrals may incur a performance penalty in environments that use " "them heavily, a notable example is Microsoft Active Directory. If your setup " @@ -8150,28 +8181,28 @@ msgstr "" "data vara tillgängliga." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1249 +#: sssd-ldap.5.xml:1251 msgid "ldap_dns_service_name (string)" msgstr "ldap_dns_service_name (sträng)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1252 +#: sssd-ldap.5.xml:1254 msgid "Specifies the service name to use when service discovery is enabled." msgstr "" "Anger tjänstenamnet som skall användas när tjänsteupptäckt är aktiverat." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1256 +#: sssd-ldap.5.xml:1258 msgid "Default: ldap" msgstr "Standard: ldap" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1262 +#: sssd-ldap.5.xml:1264 msgid "ldap_chpass_dns_service_name (string)" msgstr "ldap_chpass_dns_service_name (sträng)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1265 +#: sssd-ldap.5.xml:1267 msgid "" "Specifies the service name to use to find an LDAP server which allows " "password changes when service discovery is enabled." @@ -8180,17 +8211,17 @@ msgstr "" "lösenordsändringar när tjänsteupptäckt är aktiverat." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1270 +#: sssd-ldap.5.xml:1272 msgid "Default: not set, i.e. service discovery is disabled" msgstr "Standard: inte satt, d.v.s. tjänsteupptäckt är avaktiverat" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1276 +#: sssd-ldap.5.xml:1278 msgid "ldap_chpass_update_last_change (bool)" msgstr "ldap_chpass_update_last_change (boolean)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1279 +#: sssd-ldap.5.xml:1281 msgid "" "Specifies whether to update the ldap_user_shadow_last_change attribute with " "days since the Epoch after a password change operation." @@ -8199,7 +8230,7 @@ msgstr "" "dagar sedan epoken efter en ändring av lösenord." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1285 +#: sssd-ldap.5.xml:1287 msgid "" "It is recommend to set this option explicitly if \"ldap_pwd_policy = " "shadow\" is used to let SSSD know if the LDAP server will update " @@ -8212,12 +8243,12 @@ msgstr "" "SSSD måste uppdatera det." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1299 +#: sssd-ldap.5.xml:1301 msgid "ldap_access_filter (string)" msgstr "ldap_access_filter (sträng)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1302 +#: sssd-ldap.5.xml:1304 msgid "" "If using access_provider = ldap and ldap_access_order = filter (default), " "this option is mandatory. It specifies an LDAP search filter criteria that " @@ -8245,12 +8276,12 @@ msgstr "" "manvolnum> </citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1322 +#: sssd-ldap.5.xml:1324 msgid "Example:" msgstr "Exempel:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> -#: sssd-ldap.5.xml:1325 +#: sssd-ldap.5.xml:1327 #, no-wrap msgid "" "access_provider = ldap\n" @@ -8262,7 +8293,7 @@ msgstr "" " " #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1329 +#: sssd-ldap.5.xml:1331 msgid "" "This example means that access to this host is restricted to users whose " "employeeType attribute is set to \"admin\"." @@ -8271,7 +8302,7 @@ msgstr "" "användare vars attribut employeeType är satt till ”admin”." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1334 +#: sssd-ldap.5.xml:1336 msgid "" "Offline caching for this feature is limited to determining whether the " "user's last online login was granted access permission. If they were granted " @@ -8284,17 +8315,17 @@ msgstr "" "fortsätta ges åtkomst under frånkoppling, och vice versa." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1342 sssd-ldap.5.xml:1398 +#: sssd-ldap.5.xml:1344 sssd-ldap.5.xml:1400 msgid "Default: Empty" msgstr "Standard: Empty" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1348 +#: sssd-ldap.5.xml:1350 msgid "ldap_account_expire_policy (string)" msgstr "ldap_account_expire_policy (sträng)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1351 +#: sssd-ldap.5.xml:1353 msgid "" "With this option a client side evaluation of access control attributes can " "be enabled." @@ -8303,7 +8334,7 @@ msgstr "" "åtkomststyrningsattribut aktiveras." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1355 +#: sssd-ldap.5.xml:1357 msgid "" "Please note that it is always recommended to use server side access control, " "i.e. the LDAP server should deny the bind request with a suitable error code " @@ -8314,12 +8345,12 @@ msgstr "" "felkod även om lösenordet är korrekt." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1362 +#: sssd-ldap.5.xml:1364 msgid "The following values are allowed:" msgstr "Följande värden är tillåtna:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1365 +#: sssd-ldap.5.xml:1367 msgid "" "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to " "determine if the account is expired." @@ -8328,7 +8359,7 @@ msgstr "" "att avgöra om kontot har gått ut." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1370 +#: sssd-ldap.5.xml:1372 msgid "" "<emphasis>ad</emphasis>: use the value of the 32bit field " "ldap_user_ad_user_account_control and allow access if the second bit is not " @@ -8341,7 +8372,7 @@ msgstr "" "kontrolleras också." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1377 +#: sssd-ldap.5.xml:1379 msgid "" "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</" "emphasis>: use the value of ldap_ns_account_lock to check if access is " @@ -8352,7 +8383,7 @@ msgstr "" "tillåts eller inte." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1383 +#: sssd-ldap.5.xml:1385 msgid "" "<emphasis>nds</emphasis>: the values of " "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and " @@ -8364,7 +8395,7 @@ msgstr "" "för att avgöra om åtkomst tillåts. Om båda attributen saknas tillåts åtkomst." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1391 +#: sssd-ldap.5.xml:1393 msgid "" "Please note that the ldap_access_order configuration option <emphasis>must</" "emphasis> include <quote>expire</quote> in order for the " @@ -8375,23 +8406,23 @@ msgstr "" "ldap_account_expire_policy skall fungera." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1404 +#: sssd-ldap.5.xml:1406 msgid "ldap_access_order (string)" msgstr "ldap_access_order (sträng)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1407 sssd-ipa.5.xml:351 +#: sssd-ldap.5.xml:1409 sssd-ipa.5.xml:356 msgid "Comma separated list of access control options. Allowed values are:" msgstr "" "Kommaseparerad lista över åtkomststyrningsalternativ. Tillåtna värden är:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1411 +#: sssd-ldap.5.xml:1413 msgid "<emphasis>filter</emphasis>: use ldap_access_filter" msgstr "<emphasis>filter</emphasis>: använd ldap_access_filter" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1414 +#: sssd-ldap.5.xml:1416 msgid "" "<emphasis>lockout</emphasis>: use account locking. If set, this option " "denies access in case that ldap attribute 'pwdAccountLockedTime' is present " @@ -8406,7 +8437,7 @@ msgstr "" "fungera." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1424 +#: sssd-ldap.5.xml:1426 msgid "" "<emphasis> Please note that this option is superseded by the <quote>ppolicy</" "quote> option and might be removed in a future release. </emphasis>" @@ -8416,7 +8447,7 @@ msgstr "" "emphasis>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1431 +#: sssd-ldap.5.xml:1433 msgid "" "<emphasis>ppolicy</emphasis>: use account locking. If set, this option " "denies access in case that ldap attribute 'pwdAccountLockedTime' is present " @@ -8437,12 +8468,12 @@ msgstr "" "måste vara satt för att denna funktion skall fungera." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1448 +#: sssd-ldap.5.xml:1450 msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" msgstr "<emphasis>expire</emphasis>: använd ldap_account_expire_policy" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1452 sssd-ipa.5.xml:359 +#: sssd-ldap.5.xml:1454 sssd-ipa.5.xml:364 msgid "" "<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, " "pwd_expire_policy_renew: </emphasis> These options are useful if users are " @@ -8457,31 +8488,31 @@ msgstr "" "exempel SSH-nycklar." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1462 sssd-ipa.5.xml:369 +#: sssd-ldap.5.xml:1464 sssd-ipa.5.xml:374 msgid "" "The difference between these options is the action taken if user password is " "expired:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:1467 sssd-ipa.5.xml:374 +#: sssd-ldap.5.xml:1469 sssd-ipa.5.xml:379 msgid "pwd_expire_policy_reject - user is denied to log in," msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:1473 sssd-ipa.5.xml:380 +#: sssd-ldap.5.xml:1475 sssd-ipa.5.xml:385 msgid "pwd_expire_policy_warn - user is still able to log in," msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:1479 sssd-ipa.5.xml:386 +#: sssd-ldap.5.xml:1481 sssd-ipa.5.xml:391 msgid "" "pwd_expire_policy_renew - user is prompted to change their password " "immediately." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1487 +#: sssd-ldap.5.xml:1489 msgid "" "Please note that 'access_provider = ldap' must be set for this feature to " "work. Also 'ldap_pwd_policy' must be set to an appropriate password policy." @@ -8491,7 +8522,7 @@ msgstr "" "lämplig lösenordspolicy." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1492 +#: sssd-ldap.5.xml:1494 msgid "" "<emphasis>authorized_service</emphasis>: use the authorizedService attribute " "to determine access" @@ -8500,13 +8531,13 @@ msgstr "" "för att avgöra åtkomst" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1497 +#: sssd-ldap.5.xml:1499 msgid "<emphasis>host</emphasis>: use the host attribute to determine access" msgstr "" "<emphasis>host</emphasis>: använd attributet host för att avgöra åtkomst" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1501 +#: sssd-ldap.5.xml:1503 msgid "" "<emphasis>rhost</emphasis>: use the rhost attribute to determine whether " "remote host can access" @@ -8515,7 +8546,7 @@ msgstr "" "fjärrvärdar kan få åtkomst" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1505 +#: sssd-ldap.5.xml:1507 msgid "" "Please note, rhost field in pam is set by application, it is better to check " "what the application sends to pam, before enabling this access control option" @@ -8525,12 +8556,12 @@ msgstr "" "åtkomstkontroll aktiveras" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1510 +#: sssd-ldap.5.xml:1512 msgid "Default: filter" msgstr "Standard: filter" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1513 +#: sssd-ldap.5.xml:1515 msgid "" "Please note that it is a configuration error if a value is used more than " "once." @@ -8539,12 +8570,12 @@ msgstr "" "gång." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1520 +#: sssd-ldap.5.xml:1522 msgid "ldap_pwdlockout_dn (string)" msgstr "ldap_pwdlockout_dn (sträng)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1523 +#: sssd-ldap.5.xml:1525 msgid "" "This option specifies the DN of password policy entry on LDAP server. Please " "note that absence of this option in sssd.conf in case of enabled account " @@ -8557,22 +8588,22 @@ msgstr "" "LDAP-servern inte kan kontrolleras ordentligt." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1531 +#: sssd-ldap.5.xml:1533 msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com" msgstr "Exempel: cn=ppolicy,ou=policies,dc=example,dc=com" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1534 +#: sssd-ldap.5.xml:1536 msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base" msgstr "Standard: cn=ppolicy,ou=policies,$ldap_search_base" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1540 +#: sssd-ldap.5.xml:1542 msgid "ldap_deref (string)" msgstr "ldap_deref (sträng)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1543 +#: sssd-ldap.5.xml:1545 msgid "" "Specifies how alias dereferencing is done when performing a search. The " "following options are allowed:" @@ -8581,12 +8612,12 @@ msgstr "" "alternativ är tillåtna:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1548 +#: sssd-ldap.5.xml:1550 msgid "<emphasis>never</emphasis>: Aliases are never dereferenced." msgstr "<emphasis>never</emphasis>: Alias är aldrig derefererade." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1552 +#: sssd-ldap.5.xml:1554 msgid "" "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of " "the base object, but not in locating the base object of the search." @@ -8595,7 +8626,7 @@ msgstr "" "basobjektet, men inte vid lokalisering av basobjektet för sökningen." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1557 +#: sssd-ldap.5.xml:1559 msgid "" "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating " "the base object of the search." @@ -8604,7 +8635,7 @@ msgstr "" "basobjektet för sökningen." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1562 +#: sssd-ldap.5.xml:1564 msgid "" "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and " "in locating the base object of the search." @@ -8613,7 +8644,7 @@ msgstr "" "lokalisering av basobjektet för sökningen." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1567 +#: sssd-ldap.5.xml:1569 msgid "" "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP " "client libraries)" @@ -8622,12 +8653,12 @@ msgstr "" "klientbiblioteken)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1575 +#: sssd-ldap.5.xml:1577 msgid "ldap_rfc2307_fallback_to_local_users (boolean)" msgstr "ldap_rfc2307_fallback_to_local_users (boolean)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1578 +#: sssd-ldap.5.xml:1580 msgid "" "Allows to retain local users as members of an LDAP group for servers that " "use the RFC2307 schema." @@ -8636,7 +8667,7 @@ msgstr "" "servrar som använder schemat RFC2307." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1582 +#: sssd-ldap.5.xml:1584 msgid "" "In some environments where the RFC2307 schema is used, local users are made " "members of LDAP groups by adding their names to the memberUid attribute. " @@ -8653,7 +8684,7 @@ msgstr "" "via anrop av getpw*() eller initgroups()." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1593 +#: sssd-ldap.5.xml:1595 msgid "" "This option falls back to checking if local users are referenced, and caches " "them so that later initgroups() calls will augment the local users with the " @@ -8664,12 +8695,12 @@ msgstr "" "de lokala användarna med de extra LDAP-grupperna." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1605 sssd-ifp.5.xml:152 +#: sssd-ldap.5.xml:1607 sssd-ifp.5.xml:152 msgid "wildcard_limit (integer)" msgstr "wildcard_limit (heltal)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1608 +#: sssd-ldap.5.xml:1610 msgid "" "Specifies an upper limit on the number of entries that are downloaded during " "a wildcard lookup." @@ -8678,23 +8709,23 @@ msgstr "" "jokertecken." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1612 +#: sssd-ldap.5.xml:1614 msgid "At the moment, only the InfoPipe responder supports wildcard lookups." msgstr "" "För närvarande stödjer endast respondenten InfoPipe jokeruppslagningar." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1616 +#: sssd-ldap.5.xml:1618 msgid "Default: 1000 (often the size of one page)" msgstr "Standard: 1000 (ofta storleken på en sida)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1622 +#: sssd-ldap.5.xml:1624 msgid "ldap_library_debug_level (integer)" msgstr "ldap_library_debug_level (heltal)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1625 +#: sssd-ldap.5.xml:1627 msgid "" "Switches on libldap debugging with the given level. The libldap debug " "messages will be written independent of the general debug_level." @@ -8703,7 +8734,7 @@ msgstr "" "kommer skrivas oberoende av den allmänna debug_level." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1630 +#: sssd-ldap.5.xml:1632 msgid "" "OpenLDAP uses a bitmap to enable debugging for specific components, -1 will " "enable full debug output." @@ -8712,12 +8743,12 @@ msgstr "" "komponenter, -1 kommer aktivera fullständig felsökningsutmatning." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1635 +#: sssd-ldap.5.xml:1637 msgid "Default: 0 (libldap debugging disabled)" msgstr "Standard: 0 (libldap-felsökning avaktiverat)" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:51 +#: sssd-ldap.5.xml:52 msgid "" "All of the common configuration options that apply to SSSD domains also " "apply to LDAP domains. Refer to the <quote>DOMAIN SECTIONS</quote> section " @@ -8737,12 +8768,12 @@ msgstr "" "id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1645 +#: sssd-ldap.5.xml:1647 msgid "SUDO OPTIONS" msgstr "SUDOALTERNATIV" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1647 +#: sssd-ldap.5.xml:1649 msgid "" "The detailed instructions for configuration of sudo_provider are in the " "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " @@ -8753,12 +8784,12 @@ msgstr "" "<manvolnum>5</manvolnum> </citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1658 +#: sssd-ldap.5.xml:1660 msgid "ldap_sudo_full_refresh_interval (integer)" msgstr "ldap_sudo_full_refresh_interval (heltal)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1661 +#: sssd-ldap.5.xml:1663 msgid "" "How many seconds SSSD will wait between executing a full refresh of sudo " "rules (which downloads all rules that are stored on the server)." @@ -8768,7 +8799,7 @@ msgstr "" "servern)." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1666 +#: sssd-ldap.5.xml:1668 msgid "" "The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </" "emphasis>" @@ -8777,7 +8808,7 @@ msgstr "" "emphasis>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1671 +#: sssd-ldap.5.xml:1673 msgid "" "You can disable full refresh by setting this option to 0. However, either " "smart or full refresh must be enabled." @@ -8786,17 +8817,17 @@ msgstr "" "0. Dock måste antingen smart eller fullständig uppdatering aktiveras." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1676 +#: sssd-ldap.5.xml:1678 msgid "Default: 21600 (6 hours)" msgstr "Standard: 21600 (6 timmar)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1682 +#: sssd-ldap.5.xml:1684 msgid "ldap_sudo_smart_refresh_interval (integer)" msgstr "ldap_sudo_smart_refresh_interval (heltal)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1685 +#: sssd-ldap.5.xml:1687 msgid "" "How many seconds SSSD has to wait before executing a smart refresh of sudo " "rules (which downloads all rules that have USN higher than the highest " @@ -8807,7 +8838,7 @@ msgstr "" "USN-värde som för närvarande är känt av SSSD)." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1691 +#: sssd-ldap.5.xml:1693 msgid "" "If USN attributes are not supported by the server, the modifyTimestamp " "attribute is used instead." @@ -8816,7 +8847,7 @@ msgstr "" "istället." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1695 +#: sssd-ldap.5.xml:1697 msgid "" "<emphasis>Note:</emphasis> the highest USN value can be updated by three " "tasks: 1) By sudo full and smart refresh (if updated rules are found), 2) by " @@ -8832,7 +8863,7 @@ msgstr "" "<emphasis>ldap_connection_expire_timeout</emphasis>)." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1706 +#: sssd-ldap.5.xml:1708 msgid "" "You can disable smart refresh by setting this option to 0. However, either " "smart or full refresh must be enabled." @@ -8841,12 +8872,12 @@ msgstr "" "Dock måste antingen smart eller fullständig uppdatering aktiveras." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1717 +#: sssd-ldap.5.xml:1719 msgid "ldap_sudo_random_offset (integer)" msgstr "ldap_sudo_random_offset (heltal)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1720 +#: sssd-ldap.5.xml:1722 msgid "" "Random offset between 0 and configured value is added to smart and full " "refresh periods each time the periodic task is scheduled. The value is in " @@ -8857,7 +8888,7 @@ msgstr "" "schemaläggs. Värdet är i sekunder." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1726 +#: sssd-ldap.5.xml:1728 msgid "" "Note that this random offset is also applied on the first SSSD start which " "delays the first sudo rules refresh. This prolongs the time when the sudo " @@ -8868,17 +8899,17 @@ msgstr "" "tiden under vilken sudo-reglerna inte är tillgängliga för användning." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1732 +#: sssd-ldap.5.xml:1734 msgid "You can disable this offset by setting the value to 0." msgstr "Man kan avaktivera denna fördröjning genom att sätta värdet till 0." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1742 +#: sssd-ldap.5.xml:1744 msgid "ldap_sudo_use_host_filter (boolean)" msgstr "ldap_sudo_use_host_filter (boolean)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1745 +#: sssd-ldap.5.xml:1747 msgid "" "If true, SSSD will download only rules that are applicable to this machine " "(using the IPv4 or IPv6 host/network addresses and hostnames)." @@ -8887,12 +8918,12 @@ msgstr "" "(genom användning av IPv4- och IPv6-värd-/-nätverksadresser och värdnamn)." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1756 +#: sssd-ldap.5.xml:1758 msgid "ldap_sudo_hostnames (string)" msgstr "ldap_sudo_hostnames (sträng)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1759 +#: sssd-ldap.5.xml:1761 msgid "" "Space separated list of hostnames or fully qualified domain names that " "should be used to filter the rules." @@ -8901,7 +8932,7 @@ msgstr "" "domännamn som skall användas för att filtrera reglerna." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1764 +#: sssd-ldap.5.xml:1766 msgid "" "If this option is empty, SSSD will try to discover the hostname and the " "fully qualified domain name automatically." @@ -8910,8 +8941,8 @@ msgstr "" "fullständigt kvalificerade domännamnet automatiskt." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1769 sssd-ldap.5.xml:1792 sssd-ldap.5.xml:1810 -#: sssd-ldap.5.xml:1828 +#: sssd-ldap.5.xml:1771 sssd-ldap.5.xml:1794 sssd-ldap.5.xml:1812 +#: sssd-ldap.5.xml:1830 msgid "" "If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</" "emphasis> then this option has no effect." @@ -8920,17 +8951,17 @@ msgstr "" "emphasis> har detta alternativ ingen effekt." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1774 sssd-ldap.5.xml:1797 +#: sssd-ldap.5.xml:1776 sssd-ldap.5.xml:1799 msgid "Default: not specified" msgstr "Standard: inte angivet" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1780 +#: sssd-ldap.5.xml:1782 msgid "ldap_sudo_ip (string)" msgstr "ldap_sudo_ip (sträng)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1783 +#: sssd-ldap.5.xml:1785 msgid "" "Space separated list of IPv4 or IPv6 host/network addresses that should be " "used to filter the rules." @@ -8939,7 +8970,7 @@ msgstr "" "skall användas för att filtrera reglerna." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1788 +#: sssd-ldap.5.xml:1790 msgid "" "If this option is empty, SSSD will try to discover the addresses " "automatically." @@ -8948,12 +8979,12 @@ msgstr "" "automatiskt." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1803 +#: sssd-ldap.5.xml:1805 msgid "ldap_sudo_include_netgroups (boolean)" msgstr "ldap_sudo_include_netgroups (boolean)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1806 +#: sssd-ldap.5.xml:1808 msgid "" "If true then SSSD will download every rule that contains a netgroup in " "sudoHost attribute." @@ -8962,12 +8993,12 @@ msgstr "" "attributet sudoHost." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1821 +#: sssd-ldap.5.xml:1823 msgid "ldap_sudo_include_regexp (boolean)" msgstr "ldap_sudo_include_regexp (boolean)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1824 +#: sssd-ldap.5.xml:1826 msgid "" "If true then SSSD will download every rule that contains a wildcard in " "sudoHost attribute." @@ -8976,7 +9007,7 @@ msgstr "" "attributet sudoHost." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><note><para> -#: sssd-ldap.5.xml:1834 +#: sssd-ldap.5.xml:1836 msgid "" "Using wildcard is an operation that is very costly to evaluate on the LDAP " "server side!" @@ -8985,7 +9016,7 @@ msgstr "" "LDAP-serversidan!" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1846 +#: sssd-ldap.5.xml:1848 msgid "" "This manual page only describes attribute name mapping. For detailed " "explanation of sudo related attribute semantics, see <citerefentry> " @@ -8998,12 +9029,12 @@ msgstr "" "manvolnum> </citerefentry>" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1856 +#: sssd-ldap.5.xml:1858 msgid "AUTOFS OPTIONS" msgstr "AUTOFSALTERNATIV" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1858 +#: sssd-ldap.5.xml:1860 msgid "" "Some of the defaults for the parameters below are dependent on the LDAP " "schema." @@ -9011,47 +9042,47 @@ msgstr "" "Några av standardvärdena för parametrar nedan är beroende på LDAP-schemat." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1864 +#: sssd-ldap.5.xml:1866 msgid "ldap_autofs_map_master_name (string)" msgstr "ldap_autofs_map_master_name (sträng)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1867 +#: sssd-ldap.5.xml:1869 msgid "The name of the automount master map in LDAP." msgstr "Namnet på automount master-kartan i LDAP." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1870 +#: sssd-ldap.5.xml:1872 msgid "Default: auto.master" msgstr "Standard: auto.master" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1881 +#: sssd-ldap.5.xml:1883 msgid "ADVANCED OPTIONS" msgstr "AVANCERADE ALTERNATIV" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1888 +#: sssd-ldap.5.xml:1890 msgid "ldap_netgroup_search_base (string)" msgstr "ldap_netgroup_search_base (sträng)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1893 +#: sssd-ldap.5.xml:1895 msgid "ldap_user_search_base (string)" msgstr "ldap_user_search_base (sträng)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1898 +#: sssd-ldap.5.xml:1900 msgid "ldap_group_search_base (string)" msgstr "ldap_group_search_base (sträng)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><note> -#: sssd-ldap.5.xml:1903 +#: sssd-ldap.5.xml:1905 msgid "<note>" msgstr "<note>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para> -#: sssd-ldap.5.xml:1905 +#: sssd-ldap.5.xml:1907 msgid "" "If the option <quote>ldap_use_tokengroups</quote> is enabled, the searches " "against Active Directory will not be restricted and return all groups " @@ -9064,22 +9095,22 @@ msgstr "" "avaktivera denna funktion om gruppnamn inte visas korrekt." #. type: Content of: <reference><refentry><refsect1><para><variablelist> -#: sssd-ldap.5.xml:1912 +#: sssd-ldap.5.xml:1914 msgid "</note>" msgstr "</note>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1914 +#: sssd-ldap.5.xml:1916 msgid "ldap_sudo_search_base (string)" msgstr "ldap_sudo_search_base (sträng)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1919 +#: sssd-ldap.5.xml:1921 msgid "ldap_autofs_search_base (string)" msgstr "ldap_autofs_search_base (sträng)" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1883 +#: sssd-ldap.5.xml:1885 msgid "" "These options are supported by LDAP domains, but they should be used with " "caution. Please include them in your configuration only if you know what you " @@ -9092,14 +9123,14 @@ msgstr "" "type=\"variablelist\" id=\"1\"/>" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1934 sssd-simple.5.xml:131 sssd-ipa.5.xml:925 -#: sssd-ad.5.xml:1386 sssd-krb5.5.xml:483 sss_rpcidmapd.5.xml:98 +#: sssd-ldap.5.xml:1936 sssd-simple.5.xml:131 sssd-ipa.5.xml:930 +#: sssd-ad.5.xml:1391 sssd-krb5.5.xml:483 sss_rpcidmapd.5.xml:98 #: sssd-files.5.xml:155 sssd-session-recording.5.xml:176 msgid "EXAMPLE" msgstr "EXEMPEL" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1936 +#: sssd-ldap.5.xml:1938 msgid "" "The following example assumes that SSSD is correctly configured and LDAP is " "set to one of the domains in the <replaceable>[domains]</replaceable> " @@ -9109,7 +9140,7 @@ msgstr "" "till en av domänerna i avsnittet <replaceable>[domains]</replaceable>." #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ldap.5.xml:1942 +#: sssd-ldap.5.xml:1944 #, no-wrap msgid "" "[domain/LDAP]\n" @@ -9129,20 +9160,20 @@ msgstr "" "cache_credentials = true\n" #. type: Content of: <refsect1><refsect2><para> -#: sssd-ldap.5.xml:1941 sssd-ldap.5.xml:1959 sssd-simple.5.xml:139 -#: sssd-ipa.5.xml:933 sssd-ad.5.xml:1394 sssd-sudo.5.xml:56 sssd-krb5.5.xml:492 +#: sssd-ldap.5.xml:1943 sssd-ldap.5.xml:1961 sssd-simple.5.xml:139 +#: sssd-ipa.5.xml:938 sssd-ad.5.xml:1399 sssd-sudo.5.xml:56 sssd-krb5.5.xml:492 #: sssd-files.5.xml:162 sssd-files.5.xml:173 sssd-session-recording.5.xml:182 #: include/ldap_id_mapping.xml:105 msgid "<placeholder type=\"programlisting\" id=\"0\"/>" msgstr "<placeholder type=\"programlisting\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1953 +#: sssd-ldap.5.xml:1955 msgid "LDAP ACCESS FILTER EXAMPLE" msgstr "LDAP-ÅTKOMSTFILTEREXEMPEL" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1955 +#: sssd-ldap.5.xml:1957 msgid "" "The following example assumes that SSSD is correctly configured and to use " "the ldap_access_order=lockout." @@ -9151,7 +9182,7 @@ msgstr "" "ldap_access_order=lockout används." #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ldap.5.xml:1960 +#: sssd-ldap.5.xml:1962 #, no-wrap msgid "" "[domain/LDAP]\n" @@ -9177,13 +9208,13 @@ msgstr "" "cache_credentials = true\n" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1975 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148 -#: sssd-ad.5.xml:1409 sssd.8.xml:238 sss_seed.8.xml:163 +#: sssd-ldap.5.xml:1977 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148 +#: sssd-ad.5.xml:1414 sssd.8.xml:238 sss_seed.8.xml:163 msgid "NOTES" msgstr "NOTER" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1977 +#: sssd-ldap.5.xml:1979 msgid "" "The descriptions of some of the configuration options in this manual page " "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> " @@ -12091,12 +12122,12 @@ msgid "Example: dyndns_iface = em1, vnet1, vnet2" msgstr "Exempel: dyndns_iface = em1, vnet1, vnet2" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:204 sssd-ad.5.xml:1285 +#: sssd-ipa.5.xml:204 sssd-ad.5.xml:1290 msgid "dyndns_auth (string)" msgstr "dyndns_auth (sträng)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:207 sssd-ad.5.xml:1288 +#: sssd-ipa.5.xml:207 sssd-ad.5.xml:1293 msgid "" "Whether the nsupdate utility should use GSS-TSIG authentication for secure " "updates with the DNS server, insecure updates can be sent by setting this " @@ -12107,17 +12138,17 @@ msgstr "" "sätta detta alternativ till ”none”." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:213 sssd-ad.5.xml:1294 +#: sssd-ipa.5.xml:213 sssd-ad.5.xml:1299 msgid "Default: GSS-TSIG" msgstr "Standard: GSS-TSIG" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:219 sssd-ad.5.xml:1300 +#: sssd-ipa.5.xml:219 sssd-ad.5.xml:1305 msgid "dyndns_auth_ptr (string)" msgstr "dyndns_auth_ptr (sträng)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:222 sssd-ad.5.xml:1303 +#: sssd-ipa.5.xml:222 sssd-ad.5.xml:1308 msgid "" "Whether the nsupdate utility should use GSS-TSIG authentication for secure " "PTR updates with the DNS server, insecure updates can be sent by setting " @@ -12128,7 +12159,7 @@ msgstr "" "sätta detta alternativ till ”none”." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:228 sssd-ad.5.xml:1309 +#: sssd-ipa.5.xml:228 sssd-ad.5.xml:1314 msgid "Default: Same as dyndns_auth" msgstr "Standard: samma som dyndns_auth" @@ -12201,17 +12232,24 @@ msgstr "" "servern genererar PTR-posterna automatiskt när framåtposterna ändras." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:290 +#: sssd-ipa.5.xml:290 sssd-ad.5.xml:1266 +msgid "" +"Note that <emphasis>dyndns_update_per_family</emphasis> parameter does not " +"apply for PTR record updates. Those updates are always sent separately." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:295 msgid "Default: False (disabled)" msgstr "Standard: False (avaktiverat)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:296 sssd-ad.5.xml:1272 +#: sssd-ipa.5.xml:301 sssd-ad.5.xml:1277 msgid "dyndns_force_tcp (bool)" msgstr "dyndns_force_tcp (bool)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:299 sssd-ad.5.xml:1275 +#: sssd-ipa.5.xml:304 sssd-ad.5.xml:1280 msgid "" "Whether the nsupdate utility should default to using TCP for communicating " "with the DNS server." @@ -12220,17 +12258,17 @@ msgstr "" "med DNS-servern." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:303 sssd-ad.5.xml:1279 +#: sssd-ipa.5.xml:308 sssd-ad.5.xml:1284 msgid "Default: False (let nsupdate choose the protocol)" msgstr "Standard: False (låt nsupdate välja protokollet)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:309 sssd-ad.5.xml:1315 +#: sssd-ipa.5.xml:314 sssd-ad.5.xml:1320 msgid "dyndns_server (string)" msgstr "dyndns_server (sträng)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:312 sssd-ad.5.xml:1318 +#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1323 msgid "" "The DNS server to use when performing a DNS update. In most setups, it's " "recommended to leave this option unset." @@ -12239,7 +12277,7 @@ msgstr "" "flesta uppsättningar rekommenderas det att låta detta alternativ vara osatt." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1323 +#: sssd-ipa.5.xml:322 sssd-ad.5.xml:1328 msgid "" "Setting this option makes sense for environments where the DNS server is " "different from the identity server." @@ -12248,7 +12286,7 @@ msgstr "" "skild från identitetsservern." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:322 sssd-ad.5.xml:1328 +#: sssd-ipa.5.xml:327 sssd-ad.5.xml:1333 msgid "" "Please note that this option will be only used in fallback attempt when " "previous attempt using autodetected settings failed." @@ -12258,17 +12296,17 @@ msgstr "" "inställningar misslyckas." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:327 sssd-ad.5.xml:1333 +#: sssd-ipa.5.xml:332 sssd-ad.5.xml:1338 msgid "Default: None (let nsupdate choose the server)" msgstr "Standard: Ingen (låt nsupdate välja servern)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:333 sssd-ad.5.xml:1339 +#: sssd-ipa.5.xml:338 sssd-ad.5.xml:1344 msgid "dyndns_update_per_family (boolean)" msgstr "dyndns_update_per_family (boolean)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:336 sssd-ad.5.xml:1342 +#: sssd-ipa.5.xml:341 sssd-ad.5.xml:1347 msgid "" "DNS update is by default performed in two steps - IPv4 update and then IPv6 " "update. In some cases it might be desirable to perform IPv4 and IPv6 update " @@ -12279,21 +12317,21 @@ msgstr "" "och IPv6-uppdateringar i ett enda steg." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:348 +#: sssd-ipa.5.xml:353 #, fuzzy #| msgid "ldap_access_order (string)" msgid "ipa_access_order (string)" msgstr "ldap_access_order (sträng)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:355 +#: sssd-ipa.5.xml:360 #, fuzzy #| msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" msgid "<emphasis>expire</emphasis>: use IPA's account expiration policy." msgstr "<emphasis>expire</emphasis>: använd ldap_account_expire_policy" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:394 +#: sssd-ipa.5.xml:399 #, fuzzy #| msgid "" #| "Please note that 'access_provider = ldap' must be set for this feature to " @@ -12308,12 +12346,12 @@ msgstr "" "lämplig lösenordspolicy." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:401 +#: sssd-ipa.5.xml:406 msgid "ipa_deskprofile_search_base (string)" msgstr "ipa_deskprofile_search_base (sträng)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:404 +#: sssd-ipa.5.xml:409 msgid "" "Optional. Use the given string as search base for Desktop Profile related " "objects." @@ -12322,17 +12360,17 @@ msgstr "" "skrivbordsprofilrelaterade objekt." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:408 sssd-ipa.5.xml:435 +#: sssd-ipa.5.xml:413 sssd-ipa.5.xml:440 msgid "Default: Use base DN" msgstr "Standard: använd bas-DN" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:414 +#: sssd-ipa.5.xml:419 msgid "ipa_subid_ranges_search_base (string)" msgstr "ipa_subid_ranges_search_base (sträng)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:417 +#: sssd-ipa.5.xml:422 msgid "" "Optional. Use the given string as search base for subordinate ranges related " "objects." @@ -12341,92 +12379,92 @@ msgstr "" "underordningsintervallsrelaterade objekt." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:421 +#: sssd-ipa.5.xml:426 msgid "Default: the value of <emphasis>cn=subids,%basedn</emphasis>" msgstr "Standard: värdet på <emphasis>cn=subids,%basedn</emphasis>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:428 +#: sssd-ipa.5.xml:433 msgid "ipa_hbac_search_base (string)" msgstr "ipa_hbac_search_base (sträng)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:431 +#: sssd-ipa.5.xml:436 msgid "Optional. Use the given string as search base for HBAC related objects." msgstr "" "Frivillig. Använd den givna strängen som sökbas för HBAC-relaterade objekt." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:441 +#: sssd-ipa.5.xml:446 msgid "ipa_host_search_base (string)" msgstr "ipa_host_search_base (sträng)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:444 +#: sssd-ipa.5.xml:449 msgid "Deprecated. Use ldap_host_search_base instead." msgstr "Undanbedes. Använd ldap_host_search_base istället." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:450 +#: sssd-ipa.5.xml:455 msgid "ipa_selinux_search_base (string)" msgstr "ipa_selinux_search_base (sträng)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:453 +#: sssd-ipa.5.xml:458 msgid "Optional. Use the given string as search base for SELinux user maps." msgstr "" "Frivillig. Använd den givna strängen som en sökbas för SELinux-" "användaröversättningar." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:469 +#: sssd-ipa.5.xml:474 msgid "ipa_subdomains_search_base (string)" msgstr "ipa_subdomains_search_base (sträng)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:472 +#: sssd-ipa.5.xml:477 msgid "Optional. Use the given string as search base for trusted domains." msgstr "" "Frivillig. Använd den givna strängen som en sökbas för betrodda domäner." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:481 +#: sssd-ipa.5.xml:486 msgid "Default: the value of <emphasis>cn=trusts,%basedn</emphasis>" msgstr "Standard: värdet på <emphasis>cn=trusts,%basedn</emphasis>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:488 +#: sssd-ipa.5.xml:493 msgid "ipa_master_domain_search_base (string)" msgstr "ipa_master_domain_search_base (sträng)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:491 +#: sssd-ipa.5.xml:496 msgid "Optional. Use the given string as search base for master domain object." msgstr "" "Frivillig. Använd den givna strängen som en sökbas för huvuddomänobjekt." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:500 +#: sssd-ipa.5.xml:505 msgid "Default: the value of <emphasis>cn=ad,cn=etc,%basedn</emphasis>" msgstr "Standard: värdet av <emphasis>cn=ad,cn=etc,%basedn</emphasis>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:507 +#: sssd-ipa.5.xml:512 msgid "ipa_views_search_base (string)" msgstr "ipa_views_search_base (sträng)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:510 +#: sssd-ipa.5.xml:515 msgid "Optional. Use the given string as search base for views containers." msgstr "Frivillig. Använd den givna strängen som en sökbas för vybehållare." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:519 +#: sssd-ipa.5.xml:524 msgid "Default: the value of <emphasis>cn=views,cn=accounts,%basedn</emphasis>" msgstr "Standard: värdet av <emphasis>cn=views,cn=accounts,%basedn</emphasis>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:529 +#: sssd-ipa.5.xml:534 msgid "" "The name of the Kerberos realm. This is optional and defaults to the value " "of <quote>ipa_domain</quote>." @@ -12435,7 +12473,7 @@ msgstr "" "värdet av <quote>ipa_domain</quote>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:533 +#: sssd-ipa.5.xml:538 msgid "" "The name of the Kerberos realm has a special meaning in IPA - it is " "converted into the base DN to use for performing LDAP operations." @@ -12444,12 +12482,12 @@ msgstr "" "till bas-DN:en för att användas när LDAP-operationer utförs." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:541 sssd-ad.5.xml:1357 +#: sssd-ipa.5.xml:546 sssd-ad.5.xml:1362 msgid "krb5_confd_path (string)" msgstr "krb5_confd_path (sträng)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:544 sssd-ad.5.xml:1360 +#: sssd-ipa.5.xml:549 sssd-ad.5.xml:1365 msgid "" "Absolute path of a directory where SSSD should place Kerberos configuration " "snippets." @@ -12458,7 +12496,7 @@ msgstr "" "för Kerberos." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:548 sssd-ad.5.xml:1364 +#: sssd-ipa.5.xml:553 sssd-ad.5.xml:1369 msgid "" "To disable the creation of the configuration snippets set the parameter to " "'none'." @@ -12467,7 +12505,7 @@ msgstr "" "”none”." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:552 sssd-ad.5.xml:1368 +#: sssd-ipa.5.xml:557 sssd-ad.5.xml:1373 msgid "" "Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)" msgstr "" @@ -12475,12 +12513,12 @@ msgstr "" "katalog)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:559 +#: sssd-ipa.5.xml:564 msgid "ipa_deskprofile_refresh (integer)" msgstr "ipa_deskprofile_refresh (heltal)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:562 +#: sssd-ipa.5.xml:567 msgid "" "The amount of time between lookups of the Desktop Profile rules against the " "IPA server. This will reduce the latency and load on the IPA server if there " @@ -12491,17 +12529,17 @@ msgstr "" "görs många begäranden om skrivbordsprofiler under en kort tid." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:569 sssd-ipa.5.xml:599 sssd-ipa.5.xml:615 sssd-ad.5.xml:599 +#: sssd-ipa.5.xml:574 sssd-ipa.5.xml:604 sssd-ipa.5.xml:620 sssd-ad.5.xml:599 msgid "Default: 5 (seconds)" msgstr "Standard: 5 (sekunder)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:575 +#: sssd-ipa.5.xml:580 msgid "ipa_deskprofile_request_interval (integer)" msgstr "ipa_deskprofile_request_interval (heltal)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:578 +#: sssd-ipa.5.xml:583 msgid "" "The amount of time between lookups of the Desktop Profile rules against the " "IPA server in case the last request did not return any rule." @@ -12510,17 +12548,17 @@ msgstr "" "den senaste förfrågan inte returnerade någon regel." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:583 +#: sssd-ipa.5.xml:588 msgid "Default: 60 (minutes)" msgstr "Standard: 60 (minuter)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:589 +#: sssd-ipa.5.xml:594 msgid "ipa_hbac_refresh (integer)" msgstr "ipa_hbac_refresh (heltal)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:592 +#: sssd-ipa.5.xml:597 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server. " "This will reduce the latency and load on the IPA server if there are many " @@ -12531,12 +12569,12 @@ msgstr "" "begäranden om åtkomstkontroll under en kort tid." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:605 +#: sssd-ipa.5.xml:610 msgid "ipa_hbac_selinux (integer)" msgstr "ipa_hbac_selinux (heltal)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:608 +#: sssd-ipa.5.xml:613 msgid "" "The amount of time between lookups of the SELinux maps against the IPA " "server. This will reduce the latency and load on the IPA server if there are " @@ -12547,12 +12585,12 @@ msgstr "" "många begäranden om användarinloggningar under en kort tid." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:621 +#: sssd-ipa.5.xml:626 msgid "ipa_server_mode (boolean)" msgstr "ipa_server_mode (boolean)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:624 +#: sssd-ipa.5.xml:629 msgid "" "This option will be set by the IPA installer (ipa-server-install) " "automatically and denotes if SSSD is running on an IPA server or not." @@ -12561,7 +12599,7 @@ msgstr "" "och markerar om SSSD kör på en IPA-server eller inte." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:629 +#: sssd-ipa.5.xml:634 msgid "" "On an IPA server SSSD will lookup users and groups from trusted domains " "directly while on a client it will ask an IPA server." @@ -12570,7 +12608,7 @@ msgstr "" "domäner direkt medan på en klient kommer den att fråga en IPA-server." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:634 +#: sssd-ipa.5.xml:639 msgid "" "NOTE: There are currently some assumptions that must be met when SSSD is " "running on an IPA server." @@ -12579,7 +12617,7 @@ msgstr "" "kör på en IPA-server." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:639 +#: sssd-ipa.5.xml:644 msgid "" "The <quote>ipa_server</quote> option must be configured to point to the IPA " "server itself. This is already the default set by the IPA installer, so no " @@ -12590,7 +12628,7 @@ msgstr "" "installeraren, så det behövs inga manuella ändringar." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:648 +#: sssd-ipa.5.xml:653 msgid "" "The <quote>full_name_format</quote> option must not be tweaked to only print " "short names for users from trusted domains." @@ -12599,52 +12637,52 @@ msgstr "" "skriva korta namn på användare från betrodda domäner." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:663 +#: sssd-ipa.5.xml:668 msgid "ipa_automount_location (string)" msgstr "ipa_automount_location (sträng)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:666 +#: sssd-ipa.5.xml:671 msgid "The automounter location this IPA client will be using" msgstr "Automonteringsplatsen denna IPA-klient kommer använda" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:669 +#: sssd-ipa.5.xml:674 msgid "Default: The location named \"default\"" msgstr "Standard: platsen som heter ”default”" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd-ipa.5.xml:677 +#: sssd-ipa.5.xml:682 msgid "VIEWS AND OVERRIDES" msgstr "VYER OCH ÅSIDOSÄTTANDEN" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:686 +#: sssd-ipa.5.xml:691 msgid "ipa_view_class (string)" msgstr "ipa_view_class (sträng)" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:689 +#: sssd-ipa.5.xml:694 msgid "Objectclass of the view container." msgstr "Objektklass för vybehållaren." #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:692 +#: sssd-ipa.5.xml:697 msgid "Default: nsContainer" msgstr "Standard: nsContainer" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:698 +#: sssd-ipa.5.xml:703 msgid "ipa_view_name (string)" msgstr "ipa_view_name (sträng)" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:701 +#: sssd-ipa.5.xml:706 msgid "Name of the attribute holding the name of the view." msgstr "Namn på attributet som har namnet på vyn." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:705 sssd-ldap-attributes.5.xml:496 +#: sssd-ipa.5.xml:710 sssd-ldap-attributes.5.xml:496 #: sssd-ldap-attributes.5.xml:830 sssd-ldap-attributes.5.xml:911 #: sssd-ldap-attributes.5.xml:1008 sssd-ldap-attributes.5.xml:1066 #: sssd-ldap-attributes.5.xml:1224 sssd-ldap-attributes.5.xml:1269 @@ -12652,27 +12690,27 @@ msgid "Default: cn" msgstr "Standard: cn" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:711 +#: sssd-ipa.5.xml:716 msgid "ipa_override_object_class (string)" msgstr "ipa_override_object_class (sträng)" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:714 +#: sssd-ipa.5.xml:719 msgid "Objectclass of the override objects." msgstr "Objektklass för åsidosättande objekt." #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:717 +#: sssd-ipa.5.xml:722 msgid "Default: ipaOverrideAnchor" msgstr "Standard: ipaOverrideAnchor" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:723 +#: sssd-ipa.5.xml:728 msgid "ipa_anchor_uuid (string)" msgstr "ipa_anchor_uuid (sträng)" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:726 +#: sssd-ipa.5.xml:731 msgid "" "Name of the attribute containing the reference to the original object in a " "remote domain." @@ -12681,17 +12719,17 @@ msgstr "" "fjärrdomän." #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:730 +#: sssd-ipa.5.xml:735 msgid "Default: ipaAnchorUUID" msgstr "Standard: ipaAnchorUUID" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:736 +#: sssd-ipa.5.xml:741 msgid "ipa_user_override_object_class (string)" msgstr "ipa_user_override_object_class (sträng)" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:739 +#: sssd-ipa.5.xml:744 msgid "" "Name of the objectclass for user overrides. It is used to determine if the " "found override object is related to a user or a group." @@ -12701,57 +12739,57 @@ msgstr "" "eller en grupp." #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:744 +#: sssd-ipa.5.xml:749 msgid "User overrides can contain attributes given by" msgstr "Användaråsidosättanden kan innehålla attribut givna av" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:747 +#: sssd-ipa.5.xml:752 msgid "ldap_user_name" msgstr "ldap_user_name" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:750 +#: sssd-ipa.5.xml:755 msgid "ldap_user_uid_number" msgstr "ldap_user_uid_number" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:753 +#: sssd-ipa.5.xml:758 msgid "ldap_user_gid_number" msgstr "ldap_user_gid_number" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:756 +#: sssd-ipa.5.xml:761 msgid "ldap_user_gecos" msgstr "ldap_user_gecos" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:759 +#: sssd-ipa.5.xml:764 msgid "ldap_user_home_directory" msgstr "ldap_user_home_directory" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:762 +#: sssd-ipa.5.xml:767 msgid "ldap_user_shell" msgstr "ldap_user_shell" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:765 +#: sssd-ipa.5.xml:770 msgid "ldap_user_ssh_public_key" msgstr "ldap_user_ssh_public_key" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:770 +#: sssd-ipa.5.xml:775 msgid "Default: ipaUserOverride" msgstr "Standard: ipaUserOverride" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:776 +#: sssd-ipa.5.xml:781 msgid "ipa_group_override_object_class (string)" msgstr "ipa_group_override_object_class (sträng)" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:779 +#: sssd-ipa.5.xml:784 msgid "" "Name of the objectclass for group overrides. It is used to determine if the " "found override object is related to a user or a group." @@ -12761,27 +12799,27 @@ msgstr "" "grupp." #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:784 +#: sssd-ipa.5.xml:789 msgid "Group overrides can contain attributes given by" msgstr "Gruppåsidosättanden kan innehålla attribut givna av" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:787 +#: sssd-ipa.5.xml:792 msgid "ldap_group_name" msgstr "ldap_group_name" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:790 +#: sssd-ipa.5.xml:795 msgid "ldap_group_gid_number" msgstr "ldap_group_gid_number" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:795 +#: sssd-ipa.5.xml:800 msgid "Default: ipaGroupOverride" msgstr "Standard: ipaGroupOverride" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd-ipa.5.xml:679 +#: sssd-ipa.5.xml:684 msgid "" "SSSD can handle views and overrides which are offered by FreeIPA 4.1 and " "later version. Since all paths and objectclasses are fixed on the server " @@ -12796,12 +12834,12 @@ msgstr "" "standardvärden. <placeholder type=\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ipa.5.xml:807 +#: sssd-ipa.5.xml:812 msgid "SUBDOMAINS PROVIDER" msgstr "UNDERDOMÄNSLEVERANTÖR" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:809 +#: sssd-ipa.5.xml:814 msgid "" "The IPA subdomains provider behaves slightly differently if it is configured " "explicitly or implicitly." @@ -12810,7 +12848,7 @@ msgstr "" "explicit eller implicit." #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:813 +#: sssd-ipa.5.xml:818 msgid "" "If the option 'subdomains_provider = ipa' is found in the domain section of " "sssd.conf, the IPA subdomains provider is configured explicitly, and all " @@ -12821,7 +12859,7 @@ msgstr "" "av underdomäner skickas till IPA-servern om nödvändigt." #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:819 +#: sssd-ipa.5.xml:824 msgid "" "If the option 'subdomains_provider' is not set in the domain section of sssd." "conf but there is the option 'id_provider = ipa', the IPA subdomains " @@ -12840,12 +12878,12 @@ msgstr "" "blir uppkopplad aktiveras underdomänsleverantören igen." #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ipa.5.xml:830 +#: sssd-ipa.5.xml:835 msgid "TRUSTED DOMAINS CONFIGURATION" msgstr "KONFIGURATION AV BETRODDA DOMÄNER" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ipa.5.xml:838 +#: sssd-ipa.5.xml:843 #, no-wrap msgid "" "[domain/ipa.domain.com/ad.domain.com]\n" @@ -12855,7 +12893,7 @@ msgstr "" "ad_server = dc.ad.domain.com\n" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:832 +#: sssd-ipa.5.xml:837 msgid "" "Some configuration options can also be set for a trusted domain. A trusted " "domain configuration can be set using the trusted domain subsection as shown " @@ -12870,7 +12908,7 @@ msgstr "" "id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:843 +#: sssd-ipa.5.xml:848 msgid "" "For more details, see the <citerefentry> <refentrytitle>sssd.conf</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page." @@ -12879,7 +12917,7 @@ msgstr "" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:850 +#: sssd-ipa.5.xml:855 msgid "" "Different configuration options are tunable for a trusted domain depending " "on whether you are configuring SSSD on an IPA server or an IPA client." @@ -12888,61 +12926,61 @@ msgstr "" "på huruvida man konfigurerar SSSD på en IPA-server eller en IPA-klient." #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd-ipa.5.xml:855 +#: sssd-ipa.5.xml:860 msgid "OPTIONS TUNABLE ON IPA MASTERS" msgstr "ALTERNATIV ATT STÄLLA IN PÅ IPA-MASTRAR" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd-ipa.5.xml:857 +#: sssd-ipa.5.xml:862 msgid "" "The following options can be set in a subdomain section on an IPA master:" msgstr "" "Följande alternativ kan sättas i ett underdomänsavsnitt på en IPA-master:" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:861 sssd-ipa.5.xml:891 +#: sssd-ipa.5.xml:866 sssd-ipa.5.xml:896 msgid "ad_server" msgstr "ad_server" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:864 +#: sssd-ipa.5.xml:869 msgid "ad_backup_server" msgstr "ad_backup_server" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:867 sssd-ipa.5.xml:894 +#: sssd-ipa.5.xml:872 sssd-ipa.5.xml:899 msgid "ad_site" msgstr "ad_site" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:870 +#: sssd-ipa.5.xml:875 msgid "ldap_search_base" msgstr "ldap_search_base" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:873 +#: sssd-ipa.5.xml:878 msgid "ldap_user_search_base" msgstr "ldap_user_search_base" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:876 +#: sssd-ipa.5.xml:881 msgid "ldap_group_search_base" msgstr "ldap_group_search_base" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd-ipa.5.xml:885 +#: sssd-ipa.5.xml:890 msgid "OPTIONS TUNABLE ON IPA CLIENTS" msgstr "ALTERNATIV ATT STÄLLA IN PÅ IPA-KLIENTER" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd-ipa.5.xml:887 +#: sssd-ipa.5.xml:892 msgid "" "The following options can be set in a subdomain section on an IPA client:" msgstr "" "Följande alternativ kan sättas i ett underdomänsavsnitt på en IPA-klient:" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd-ipa.5.xml:899 +#: sssd-ipa.5.xml:904 msgid "" "Note that if both options are set, only <quote>ad_server</quote> is " "evaluated." @@ -12951,7 +12989,7 @@ msgstr "" "quote>." #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd-ipa.5.xml:903 +#: sssd-ipa.5.xml:908 msgid "" "Since any request for a user or a group identity from a trusted domain " "triggered from an IPA client is resolved by the IPA server, the " @@ -12974,7 +13012,7 @@ msgstr "" "<manvolnum>8</manvolnum> </citerefentry>." #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:927 +#: sssd-ipa.5.xml:932 msgid "" "The following example assumes that SSSD is correctly configured and example." "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " @@ -12985,7 +13023,7 @@ msgstr "" "exempel visar endast alternativ som är specifika för leverantören ipa." #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ipa.5.xml:934 +#: sssd-ipa.5.xml:939 #, no-wrap msgid "" "[domain/example.com]\n" @@ -14600,7 +14638,7 @@ msgstr "" "mindre än 60 ges kommer parametern endast anta det lägsta värdet." #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ad.5.xml:1388 +#: sssd-ad.5.xml:1393 msgid "" "The following example assumes that SSSD is correctly configured and example." "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " @@ -14611,7 +14649,7 @@ msgstr "" "exempel visar endast alternativ som är specifika för leverantören AD." #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ad.5.xml:1395 +#: sssd-ad.5.xml:1400 #, no-wrap msgid "" "[domain/EXAMPLE]\n" @@ -14635,7 +14673,7 @@ msgstr "" "ad_domain = example.com\n" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ad.5.xml:1415 +#: sssd-ad.5.xml:1420 #, no-wrap msgid "" "access_provider = ldap\n" @@ -14647,7 +14685,7 @@ msgstr "" "ldap_account_expire_policy = ad\n" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ad.5.xml:1411 +#: sssd-ad.5.xml:1416 msgid "" "The AD access control provider checks if the account is expired. It has the " "same effect as the following configuration of the LDAP provider: " @@ -14658,7 +14696,7 @@ msgstr "" "<placeholder type=\"programlisting\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ad.5.xml:1421 +#: sssd-ad.5.xml:1426 msgid "" "However, unless the <quote>ad</quote> access control provider is explicitly " "configured, the default access provider is <quote>permit</quote>. Please " @@ -14673,7 +14711,7 @@ msgstr "" "krypteringsdetaljer) manuellt." #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ad.5.xml:1429 +#: sssd-ad.5.xml:1434 msgid "" "When the autofs provider is set to <quote>ad</quote>, the RFC2307 schema " "attribute mapping (nisMap, nisObject, ...) is used, because these attributes " @@ -22713,6 +22751,13 @@ msgstr "" "Anger om värdens och användarens huvudman skall göras kanonisk. Denna " "funktion är tillgänglig med MIT Kerberos 1.7 och senare versioner." +#, fuzzy +#~| msgid "" +#~| "Determines if user credentials are also cached in the local LDB cache" +#~ msgid "" +#~ "Determines if user credentials are also cached in the local LDB cache." +#~ msgstr "Bestämmer om användarkreditiv också cachas i den lokala LDB-cachen" + #~ msgid "User credentials are stored in a SHA512 hash, not in plaintext" #~ msgstr "Användarkreditiv sparas i en SHA512-kontrollsumma, inte i klartext" diff --git a/src/man/po/tg.po b/src/man/po/tg.po index 4f5a324a804..0b507de197f 100644 --- a/src/man/po/tg.po +++ b/src/man/po/tg.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: sssd-docs 2.3.0\n" "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" -"POT-Creation-Date: 2023-09-07 11:47+0200\n" +"POT-Creation-Date: 2023-11-13 11:53+0100\n" "PO-Revision-Date: 2014-12-15 12:10-0500\n" "Last-Translator: Copied by Zanata <copied-by-zanata@zanata.org>\n" "Language-Team: Tajik (http://www.transifex.com/projects/p/sssd/language/" @@ -205,10 +205,10 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:136 sssd.conf.5.xml:173 sssd.conf.5.xml:358 #: sssd.conf.5.xml:714 sssd.conf.5.xml:729 sssd.conf.5.xml:952 -#: sssd.conf.5.xml:1070 sssd.conf.5.xml:2198 sssd-ldap.5.xml:1071 -#: sssd-ldap.5.xml:1174 sssd-ldap.5.xml:1243 sssd-ldap.5.xml:1750 -#: sssd-ldap.5.xml:1815 sssd-ipa.5.xml:342 sssd-ad.5.xml:252 sssd-ad.5.xml:366 -#: sssd-ad.5.xml:1200 sssd-ad.5.xml:1348 sssd-krb5.5.xml:358 +#: sssd.conf.5.xml:1070 sssd.conf.5.xml:2198 sssd-ldap.5.xml:1073 +#: sssd-ldap.5.xml:1176 sssd-ldap.5.xml:1245 sssd-ldap.5.xml:1752 +#: sssd-ldap.5.xml:1817 sssd-ipa.5.xml:347 sssd-ad.5.xml:252 sssd-ad.5.xml:366 +#: sssd-ad.5.xml:1200 sssd-ad.5.xml:1353 sssd-krb5.5.xml:358 msgid "Default: true" msgstr "Пешфарз: true" @@ -226,10 +226,10 @@ msgstr "" #. type: Content of: <variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:149 sssd.conf.5.xml:652 sssd.conf.5.xml:949 -#: sssd.conf.5.xml:2101 sssd.conf.5.xml:2168 sssd.conf.5.xml:4174 -#: sssd-ldap.5.xml:312 sssd-ldap.5.xml:917 sssd-ldap.5.xml:936 -#: sssd-ldap.5.xml:1146 sssd-ldap.5.xml:1599 sssd-ldap.5.xml:1839 -#: sssd-ipa.5.xml:152 sssd-ipa.5.xml:254 sssd-ipa.5.xml:657 sssd-ad.5.xml:1106 +#: sssd.conf.5.xml:2101 sssd.conf.5.xml:2168 sssd.conf.5.xml:4191 +#: sssd-ldap.5.xml:313 sssd-ldap.5.xml:919 sssd-ldap.5.xml:938 +#: sssd-ldap.5.xml:1148 sssd-ldap.5.xml:1601 sssd-ldap.5.xml:1841 +#: sssd-ipa.5.xml:152 sssd-ipa.5.xml:254 sssd-ipa.5.xml:662 sssd-ad.5.xml:1106 #: sssd-krb5.5.xml:268 sssd-krb5.5.xml:330 sssd-krb5.5.xml:432 #: include/krb5_options.xml:163 msgid "Default: false" @@ -263,8 +263,8 @@ msgid "" msgstr "" #. type: Content of: outside any tag (error?) -#: sssd.conf.5.xml:109 sssd.conf.5.xml:184 sssd-ldap.5.xml:1656 -#: sssd-ldap.5.xml:1862 sss-certmap.5.xml:645 sssd-systemtap.5.xml:82 +#: sssd.conf.5.xml:109 sssd.conf.5.xml:184 sssd-ldap.5.xml:1658 +#: sssd-ldap.5.xml:1864 sss-certmap.5.xml:645 sssd-systemtap.5.xml:82 #: sssd-systemtap.5.xml:143 sssd-systemtap.5.xml:236 sssd-systemtap.5.xml:274 #: sssd-systemtap.5.xml:330 sssd-ldap-attributes.5.xml:40 #: sssd-ldap-attributes.5.xml:659 sssd-ldap-attributes.5.xml:801 @@ -295,7 +295,7 @@ msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:196 sssd.conf.5.xml:1290 sssd.conf.5.xml:1767 -#: sssd.conf.5.xml:4190 sssd-ldap.5.xml:765 include/ldap_id_mapping.xml:270 +#: sssd.conf.5.xml:4207 sssd-ldap.5.xml:766 include/ldap_id_mapping.xml:270 msgid "Default: 10" msgstr "Пешфарз: 10" @@ -371,7 +371,7 @@ msgid "" msgstr "" #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:266 sssd.conf.5.xml:792 sssd.conf.5.xml:3709 +#: sssd.conf.5.xml:266 sssd.conf.5.xml:792 sssd.conf.5.xml:3716 #: include/failover.xml:100 msgid "Default: 3" msgstr "Пешфарз: 3" @@ -393,7 +393,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:287 sssd.conf.5.xml:3541 +#: sssd.conf.5.xml:287 sssd.conf.5.xml:3548 msgid "re_expression (string)" msgstr "" @@ -413,12 +413,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:304 sssd.conf.5.xml:3598 +#: sssd.conf.5.xml:304 sssd.conf.5.xml:3605 msgid "full_name_format (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:307 sssd.conf.5.xml:3601 +#: sssd.conf.5.xml:307 sssd.conf.5.xml:3608 msgid "" "A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</" "manvolnum> </citerefentry>-compatible format that describes how to compose a " @@ -426,39 +426,39 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:318 sssd.conf.5.xml:3612 +#: sssd.conf.5.xml:318 sssd.conf.5.xml:3619 msgid "%1$s" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:319 sssd.conf.5.xml:3613 +#: sssd.conf.5.xml:319 sssd.conf.5.xml:3620 msgid "user name" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:322 sssd.conf.5.xml:3616 +#: sssd.conf.5.xml:322 sssd.conf.5.xml:3623 msgid "%2$s" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:325 sssd.conf.5.xml:3619 +#: sssd.conf.5.xml:325 sssd.conf.5.xml:3626 msgid "domain name as specified in the SSSD config file." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:331 sssd.conf.5.xml:3625 +#: sssd.conf.5.xml:331 sssd.conf.5.xml:3632 msgid "%3$s" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:334 sssd.conf.5.xml:3628 +#: sssd.conf.5.xml:334 sssd.conf.5.xml:3635 msgid "" "domain flat name. Mostly usable for Active Directory domains, both directly " "configured or discovered via IPA trusts." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:315 sssd.conf.5.xml:3609 +#: sssd.conf.5.xml:315 sssd.conf.5.xml:3616 msgid "" "The following expansions are supported: <placeholder type=\"variablelist\" " "id=\"0\"/>" @@ -601,8 +601,8 @@ msgid "" msgstr "" #. type: Content of: <variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:468 sssd-ldap.5.xml:876 sssd-ldap.5.xml:888 -#: sssd-ldap.5.xml:980 sssd-ad.5.xml:920 sssd-ad.5.xml:995 sssd-krb5.5.xml:468 +#: sssd.conf.5.xml:468 sssd-ldap.5.xml:877 sssd-ldap.5.xml:889 +#: sssd-ldap.5.xml:982 sssd-ad.5.xml:920 sssd-ad.5.xml:995 sssd-krb5.5.xml:468 #: sssd-ldap-attributes.5.xml:470 sssd-ldap-attributes.5.xml:976 #: include/ldap_id_mapping.xml:211 include/ldap_id_mapping.xml:222 #: include/krb5_options.xml:148 @@ -872,7 +872,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:700 sssd.conf.5.xml:1791 sssd.conf.5.xml:4240 +#: sssd.conf.5.xml:700 sssd.conf.5.xml:1791 sssd.conf.5.xml:4257 #: sssd-ad.5.xml:187 sssd-ad.5.xml:327 sssd-ad.5.xml:341 msgid "Default: Not set" msgstr "" @@ -1053,7 +1053,7 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:858 sssd.conf.5.xml:1201 sssd.conf.5.xml:1584 -#: sssd.conf.5.xml:1880 sssd-ldap.5.xml:494 +#: sssd.conf.5.xml:1880 sssd-ldap.5.xml:495 msgid "Default: 60" msgstr "" @@ -1159,7 +1159,7 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:937 sssd.conf.5.xml:1214 sssd.conf.5.xml:2322 -#: sssd-ldap.5.xml:331 +#: sssd-ldap.5.xml:332 msgid "Default: 300" msgstr "" @@ -1528,7 +1528,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1240 sssd.conf.5.xml:2964 sssd-ldap.5.xml:548 +#: sssd.conf.5.xml:1240 sssd.conf.5.xml:2971 sssd-ldap.5.xml:549 msgid "Default: 8" msgstr "" @@ -1554,8 +1554,8 @@ msgid "" msgstr "" #. type: Content of: <variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1265 sssd.conf.5.xml:1317 sssd.conf.5.xml:3730 -#: sssd-ldap.5.xml:473 sssd-ldap.5.xml:525 include/failover.xml:116 +#: sssd.conf.5.xml:1265 sssd.conf.5.xml:1317 sssd.conf.5.xml:3737 +#: sssd-ldap.5.xml:474 sssd-ldap.5.xml:526 include/failover.xml:116 #: include/krb5_options.xml:11 msgid "Default: 6" msgstr "Пешфарз: 6" @@ -1866,7 +1866,7 @@ msgid "pam_pwd_expiration_warning (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1553 sssd.conf.5.xml:2988 +#: sssd.conf.5.xml:1553 sssd.conf.5.xml:2995 msgid "Display a warning N days before the password expires." msgstr "" @@ -1879,7 +1879,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1562 sssd.conf.5.xml:2991 +#: sssd.conf.5.xml:1562 sssd.conf.5.xml:2998 msgid "" "If zero is set, then this filter is not applied, i.e. if the expiration " "warning was received from backend server, it will automatically be displayed." @@ -1893,7 +1893,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1572 sssd.conf.5.xml:3977 sssd-ldap.5.xml:606 sssd.8.xml:79 +#: sssd.conf.5.xml:1572 sssd.conf.5.xml:3984 sssd-ldap.5.xml:607 sssd.8.xml:79 msgid "Default: 0" msgstr "Пешфарз: 0" @@ -1956,8 +1956,8 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1632 sssd.conf.5.xml:1657 sssd.conf.5.xml:1676 -#: sssd.conf.5.xml:1913 sssd.conf.5.xml:2733 sssd.conf.5.xml:3906 -#: sssd-ldap.5.xml:1207 +#: sssd.conf.5.xml:1913 sssd.conf.5.xml:2733 sssd.conf.5.xml:3913 +#: sssd-ldap.5.xml:1209 msgid "Default: none" msgstr "" @@ -2020,8 +2020,8 @@ msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1687 sssd.conf.5.xml:1698 sssd.conf.5.xml:1712 -#: sssd-ldap.5.xml:671 sssd-ldap.5.xml:692 sssd-ldap.5.xml:788 -#: sssd-ldap.5.xml:1293 sssd-ad.5.xml:505 sssd-ad.5.xml:581 sssd-ad.5.xml:1126 +#: sssd-ldap.5.xml:672 sssd-ldap.5.xml:693 sssd-ldap.5.xml:789 +#: sssd-ldap.5.xml:1295 sssd-ad.5.xml:505 sssd-ad.5.xml:581 sssd-ad.5.xml:1126 #: sssd-ad.5.xml:1175 include/ldap_id_mapping.xml:250 msgid "Default: False" msgstr "" @@ -2060,7 +2060,7 @@ msgid "The path to the certificate database." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1723 sssd.conf.5.xml:2248 sssd.conf.5.xml:4354 +#: sssd.conf.5.xml:1723 sssd.conf.5.xml:2248 sssd.conf.5.xml:4371 msgid "Default:" msgstr "" @@ -2326,7 +2326,7 @@ msgid "Default: no_session" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1950 sssd.conf.5.xml:4293 +#: sssd.conf.5.xml:1950 sssd.conf.5.xml:4310 msgid "pam_gssapi_services" msgstr "" @@ -2360,7 +2360,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1968 sssd.conf.5.xml:3900 +#: sssd.conf.5.xml:1968 sssd.conf.5.xml:3907 msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" @@ -2370,7 +2370,7 @@ msgid "Default: - (GSSAPI authentication is disabled)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1979 sssd.conf.5.xml:4294 +#: sssd.conf.5.xml:1979 sssd.conf.5.xml:4311 msgid "pam_gssapi_check_upn" msgstr "" @@ -2390,7 +2390,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1999 sssd-ad.5.xml:1266 sss_rpcidmapd.5.xml:76 +#: sssd.conf.5.xml:1999 sssd-ad.5.xml:1271 sss_rpcidmapd.5.xml:76 #: sssd-files.5.xml:145 msgid "Default: True" msgstr "" @@ -3149,7 +3149,7 @@ msgid "FALSE = No enumerations for this domain" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2669 sssd.conf.5.xml:2943 sssd.conf.5.xml:3120 +#: sssd.conf.5.xml:2669 sssd.conf.5.xml:2950 sssd.conf.5.xml:3127 msgid "Default: FALSE" msgstr "Пешфарз: FALSE" @@ -3418,7 +3418,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2922 sssd-ldap.5.xml:360 sssd-ldap.5.xml:1736 +#: sssd.conf.5.xml:2922 sssd-ldap.5.xml:361 sssd-ldap.5.xml:1738 #: sssd-ipa.5.xml:270 msgid "Default: 0 (disabled)" msgstr "" @@ -3430,11 +3430,17 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:2931 -msgid "Determines if user credentials are also cached in the local LDB cache." +msgid "" +"Determines if user credentials are also cached in the local LDB cache. The " +"cached credentials refer to passwords, which includes the first (long term) " +"factor of two-factor authentication, not other authentication mechanisms. " +"Passkey and Smartcard authentications are expected to work offline as long " +"as a successful online authentication is recorded in the cache without " +"additional configuration." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2935 +#: sssd.conf.5.xml:2942 msgid "" "Take a note that while credentials are stored as a salted SHA512 hash, this " "still potentially poses some security risk in case an attacker manages to " @@ -3443,12 +3449,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2949 +#: sssd.conf.5.xml:2956 msgid "cache_credentials_minimal_first_factor_length (int)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2952 +#: sssd.conf.5.xml:2959 msgid "" "If 2-Factor-Authentication (2FA) is used and credentials should be saved " "this value determines the minimal length the first authentication factor " @@ -3456,19 +3462,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2959 +#: sssd.conf.5.xml:2966 msgid "" "This should avoid that the short PINs of a PIN based 2FA scheme are saved in " "the cache which would make them easy targets for brute-force attacks." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2970 +#: sssd.conf.5.xml:2977 msgid "account_cache_expiration (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2973 +#: sssd.conf.5.xml:2980 msgid "" "Number of days entries are left in cache after last successful login before " "being removed during a cleanup of the cache. 0 means keep forever. The " @@ -3477,17 +3483,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2980 +#: sssd.conf.5.xml:2987 msgid "Default: 0 (unlimited)" msgstr "Пешфарз: 0 (номаҳдуд)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2985 +#: sssd.conf.5.xml:2992 msgid "pwd_expiration_warning (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2996 +#: sssd.conf.5.xml:3003 msgid "" "Please note that the backend server has to provide information about the " "expiration time of the password. If this information is missing, sssd " @@ -3496,28 +3502,28 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3003 +#: sssd.conf.5.xml:3010 msgid "Default: 7 (Kerberos), 0 (LDAP)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3009 +#: sssd.conf.5.xml:3016 msgid "id_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3012 +#: sssd.conf.5.xml:3019 msgid "" "The identification provider used for the domain. Supported ID providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3016 +#: sssd.conf.5.xml:3023 msgid "<quote>proxy</quote>: Support a legacy NSS provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3019 +#: sssd.conf.5.xml:3026 msgid "" "<quote>files</quote>: FILES provider. See <citerefentry> <refentrytitle>sssd-" "files</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more " @@ -3525,7 +3531,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3027 +#: sssd.conf.5.xml:3034 msgid "" "<quote>ldap</quote>: LDAP provider. See <citerefentry> <refentrytitle>sssd-" "ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more " @@ -3533,8 +3539,8 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3035 sssd.conf.5.xml:3146 sssd.conf.5.xml:3197 -#: sssd.conf.5.xml:3260 +#: sssd.conf.5.xml:3042 sssd.conf.5.xml:3153 sssd.conf.5.xml:3204 +#: sssd.conf.5.xml:3267 msgid "" "<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management " "provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> " @@ -3543,8 +3549,8 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3044 sssd.conf.5.xml:3155 sssd.conf.5.xml:3206 -#: sssd.conf.5.xml:3269 +#: sssd.conf.5.xml:3051 sssd.conf.5.xml:3162 sssd.conf.5.xml:3213 +#: sssd.conf.5.xml:3276 msgid "" "<quote>ad</quote>: Active Directory provider. See <citerefentry> " "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3552,19 +3558,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3055 +#: sssd.conf.5.xml:3062 msgid "use_fully_qualified_names (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3058 +#: sssd.conf.5.xml:3065 msgid "" "Use the full name and domain (as formatted by the domain's full_name_format) " "as the user's login name reported to NSS." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3063 +#: sssd.conf.5.xml:3070 msgid "" "If set to TRUE, all requests to this domain must use fully qualified names. " "For example, if used in LOCAL domain that contains a \"test\" user, " @@ -3573,7 +3579,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3071 +#: sssd.conf.5.xml:3078 msgid "" "NOTE: This option has no effect on netgroup lookups due to their tendency to " "include nested netgroups without qualified names. For netgroups, all domains " @@ -3581,24 +3587,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3078 +#: sssd.conf.5.xml:3085 msgid "" "Default: FALSE (TRUE for trusted domain/sub-domains or if " "default_domain_suffix is used)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3085 +#: sssd.conf.5.xml:3092 msgid "ignore_group_members (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3088 +#: sssd.conf.5.xml:3095 msgid "Do not return group members for group lookups." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3091 +#: sssd.conf.5.xml:3098 msgid "" "If set to TRUE, the group membership attribute is not requested from the " "ldap server, and group members are not returned when processing group lookup " @@ -3610,7 +3616,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3109 +#: sssd.conf.5.xml:3116 msgid "" "Enabling this option can also make access provider checks for group " "membership significantly faster, especially for groups containing many " @@ -3618,30 +3624,30 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3115 sssd.conf.5.xml:3822 sssd-ldap.5.xml:326 -#: sssd-ldap.5.xml:355 sssd-ldap.5.xml:408 sssd-ldap.5.xml:468 -#: sssd-ldap.5.xml:489 sssd-ldap.5.xml:520 sssd-ldap.5.xml:543 -#: sssd-ldap.5.xml:582 sssd-ldap.5.xml:601 sssd-ldap.5.xml:625 -#: sssd-ldap.5.xml:1051 sssd-ldap.5.xml:1084 +#: sssd.conf.5.xml:3122 sssd.conf.5.xml:3829 sssd-ldap.5.xml:327 +#: sssd-ldap.5.xml:356 sssd-ldap.5.xml:409 sssd-ldap.5.xml:469 +#: sssd-ldap.5.xml:490 sssd-ldap.5.xml:521 sssd-ldap.5.xml:544 +#: sssd-ldap.5.xml:583 sssd-ldap.5.xml:602 sssd-ldap.5.xml:626 +#: sssd-ldap.5.xml:1053 sssd-ldap.5.xml:1086 msgid "" "This option can be also set per subdomain or inherited via " "<emphasis>subdomain_inherit</emphasis>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3125 +#: sssd.conf.5.xml:3132 msgid "auth_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3128 +#: sssd.conf.5.xml:3135 msgid "" "The authentication provider used for the domain. Supported auth providers " "are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3132 sssd.conf.5.xml:3190 +#: sssd.conf.5.xml:3139 sssd.conf.5.xml:3197 msgid "" "<quote>ldap</quote> for native LDAP authentication. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3649,7 +3655,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3139 +#: sssd.conf.5.xml:3146 msgid "" "<quote>krb5</quote> for Kerberos authentication. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3657,30 +3663,30 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3163 +#: sssd.conf.5.xml:3170 msgid "" "<quote>proxy</quote> for relaying authentication to some other PAM target." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3166 +#: sssd.conf.5.xml:3173 msgid "<quote>none</quote> disables authentication explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3169 +#: sssd.conf.5.xml:3176 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can handle " "authentication requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3175 +#: sssd.conf.5.xml:3182 msgid "access_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3178 +#: sssd.conf.5.xml:3185 msgid "" "The access control provider used for the domain. There are two built-in " "access providers (in addition to any included in installed backends) " @@ -3688,19 +3694,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3184 +#: sssd.conf.5.xml:3191 msgid "" "<quote>permit</quote> always allow access. It's the only permitted access " "provider for a local domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3187 +#: sssd.conf.5.xml:3194 msgid "<quote>deny</quote> always deny access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3214 +#: sssd.conf.5.xml:3221 msgid "" "<quote>simple</quote> access control based on access or deny lists. See " "<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</" @@ -3709,7 +3715,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3221 +#: sssd.conf.5.xml:3228 msgid "" "<quote>krb5</quote>: .k5login based access control. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum></" @@ -3717,29 +3723,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3228 +#: sssd.conf.5.xml:3235 msgid "<quote>proxy</quote> for relaying access control to another PAM module." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3231 +#: sssd.conf.5.xml:3238 msgid "Default: <quote>permit</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3236 +#: sssd.conf.5.xml:3243 msgid "chpass_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3239 +#: sssd.conf.5.xml:3246 msgid "" "The provider which should handle change password operations for the domain. " "Supported change password providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3244 +#: sssd.conf.5.xml:3251 msgid "" "<quote>ldap</quote> to change a password stored in a LDAP server. See " "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" @@ -3747,7 +3753,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3252 +#: sssd.conf.5.xml:3259 msgid "" "<quote>krb5</quote> to change the Kerberos password. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3755,35 +3761,35 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3277 +#: sssd.conf.5.xml:3284 msgid "" "<quote>proxy</quote> for relaying password changes to some other PAM target." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3281 +#: sssd.conf.5.xml:3288 msgid "<quote>none</quote> disallows password changes explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3284 +#: sssd.conf.5.xml:3291 msgid "" "Default: <quote>auth_provider</quote> is used if it is set and can handle " "change password requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3291 +#: sssd.conf.5.xml:3298 msgid "sudo_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3294 +#: sssd.conf.5.xml:3301 msgid "The SUDO provider used for the domain. Supported SUDO providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3298 +#: sssd.conf.5.xml:3305 msgid "" "<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3791,32 +3797,32 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3306 +#: sssd.conf.5.xml:3313 msgid "" "<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default " "settings." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3310 +#: sssd.conf.5.xml:3317 msgid "" "<quote>ad</quote> the same as <quote>ldap</quote> but with AD default " "settings." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3314 +#: sssd.conf.5.xml:3321 msgid "<quote>none</quote> disables SUDO explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3317 sssd.conf.5.xml:3403 sssd.conf.5.xml:3473 -#: sssd.conf.5.xml:3498 sssd.conf.5.xml:3534 +#: sssd.conf.5.xml:3324 sssd.conf.5.xml:3410 sssd.conf.5.xml:3480 +#: sssd.conf.5.xml:3505 sssd.conf.5.xml:3541 msgid "Default: The value of <quote>id_provider</quote> is used if it is set." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3321 +#: sssd.conf.5.xml:3328 msgid "" "The detailed instructions for configuration of sudo_provider are in the " "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " @@ -3827,7 +3833,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3336 +#: sssd.conf.5.xml:3343 msgid "" "<emphasis>NOTE:</emphasis> Sudo rules are periodically downloaded in the " "background unless the sudo provider is explicitly disabled. Set " @@ -3836,12 +3842,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3346 +#: sssd.conf.5.xml:3353 msgid "selinux_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3349 +#: sssd.conf.5.xml:3356 msgid "" "The provider which should handle loading of selinux settings. Note that this " "provider will be called right after access provider ends. Supported selinux " @@ -3849,7 +3855,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3355 +#: sssd.conf.5.xml:3362 msgid "" "<quote>ipa</quote> to load selinux settings from an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" @@ -3857,31 +3863,31 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3363 +#: sssd.conf.5.xml:3370 msgid "<quote>none</quote> disallows fetching selinux settings explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3366 +#: sssd.conf.5.xml:3373 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can handle " "selinux loading requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3372 +#: sssd.conf.5.xml:3379 msgid "subdomains_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3375 +#: sssd.conf.5.xml:3382 msgid "" "The provider which should handle fetching of subdomains. This value should " "be always the same as id_provider. Supported subdomain providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3381 +#: sssd.conf.5.xml:3388 msgid "" "<quote>ipa</quote> to load a list of subdomains from an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" @@ -3889,7 +3895,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3390 +#: sssd.conf.5.xml:3397 msgid "" "<quote>ad</quote> to load a list of subdomains from an Active Directory " "server. See <citerefentry> <refentrytitle>sssd-ad</refentrytitle> " @@ -3898,17 +3904,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3399 +#: sssd.conf.5.xml:3406 msgid "<quote>none</quote> disallows fetching subdomains explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3409 +#: sssd.conf.5.xml:3416 msgid "session_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3412 +#: sssd.conf.5.xml:3419 msgid "" "The provider which configures and manages user session related tasks. The " "only user session task currently provided is the integration with Fleet " @@ -3916,43 +3922,43 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3419 +#: sssd.conf.5.xml:3426 msgid "<quote>ipa</quote> to allow performing user session related tasks." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3423 +#: sssd.conf.5.xml:3430 msgid "" "<quote>none</quote> does not perform any kind of user session related tasks." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3427 +#: sssd.conf.5.xml:3434 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can perform " "session related tasks." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3431 +#: sssd.conf.5.xml:3438 msgid "" "<emphasis>NOTE:</emphasis> In order to have this feature working as expected " "SSSD must be running as \"root\" and not as the unprivileged user." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3439 +#: sssd.conf.5.xml:3446 msgid "autofs_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3442 +#: sssd.conf.5.xml:3449 msgid "" "The autofs provider used for the domain. Supported autofs providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3446 +#: sssd.conf.5.xml:3453 msgid "" "<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3960,7 +3966,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3453 +#: sssd.conf.5.xml:3460 msgid "" "<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> " "<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3968,7 +3974,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3461 +#: sssd.conf.5.xml:3468 msgid "" "<quote>ad</quote> to load maps stored in an AD server. See <citerefentry> " "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3976,24 +3982,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3470 +#: sssd.conf.5.xml:3477 msgid "<quote>none</quote> disables autofs explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3480 +#: sssd.conf.5.xml:3487 msgid "hostid_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3483 +#: sssd.conf.5.xml:3490 msgid "" "The provider used for retrieving host identity information. Supported " "hostid providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3487 +#: sssd.conf.5.xml:3494 msgid "" "<quote>ipa</quote> to load host identity stored in an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" @@ -4001,31 +4007,31 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3495 +#: sssd.conf.5.xml:3502 msgid "<quote>none</quote> disables hostid explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3505 +#: sssd.conf.5.xml:3512 msgid "resolver_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3508 +#: sssd.conf.5.xml:3515 msgid "" "The provider which should handle hosts and networks lookups. Supported " "resolver providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3512 +#: sssd.conf.5.xml:3519 msgid "" "<quote>proxy</quote> to forward lookups to another NSS library. See " "<quote>proxy_resolver_lib_name</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3516 +#: sssd.conf.5.xml:3523 msgid "" "<quote>ldap</quote> to fetch hosts and networks stored in LDAP. See " "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" @@ -4033,7 +4039,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3523 +#: sssd.conf.5.xml:3530 msgid "" "<quote>ad</quote> to fetch hosts and networks stored in AD. See " "<citerefentry> <refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</" @@ -4042,12 +4048,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3531 +#: sssd.conf.5.xml:3538 msgid "<quote>none</quote> disallows fetching hosts and networks explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3544 +#: sssd.conf.5.xml:3551 msgid "" "Regular expression for this domain that describes how to parse the string " "containing user name and domain into these components. The \"domain\" can " @@ -4057,24 +4063,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3553 +#: sssd.conf.5.xml:3560 msgid "" "Default: <quote>^((?P<name>.+)@(?P<domain>[^@]*)|(?P<name>" "[^@]+))$</quote> which allows two different styles for user names:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:3558 sssd.conf.5.xml:3572 +#: sssd.conf.5.xml:3565 sssd.conf.5.xml:3579 msgid "username" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:3561 sssd.conf.5.xml:3575 +#: sssd.conf.5.xml:3568 sssd.conf.5.xml:3582 msgid "username@domain.name" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3566 +#: sssd.conf.5.xml:3573 msgid "" "Default for the AD and IPA provider: <quote>^(((?P<domain>[^\\\\]+)\\" "\\(?P<name>.+))|((?P<name>.+)@(?P<domain>[^@]+))|((?P<" @@ -4083,19 +4089,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:3578 +#: sssd.conf.5.xml:3585 msgid "domain\\username" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3581 +#: sssd.conf.5.xml:3588 msgid "" "While the first two correspond to the general default the third one is " "introduced to allow easy integration of users from Windows domains." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3586 +#: sssd.conf.5.xml:3593 msgid "" "The default re_expression uses the <quote>@</quote> character as a separator " "between the name and the domain. As a result of this setting the default " @@ -4105,89 +4111,89 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3638 +#: sssd.conf.5.xml:3645 msgid "Default: <quote>%1$s@%2$s</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3644 +#: sssd.conf.5.xml:3651 msgid "lookup_family_order (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3647 +#: sssd.conf.5.xml:3654 msgid "" "Provides the ability to select preferred address family to use when " "performing DNS lookups." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3651 +#: sssd.conf.5.xml:3658 msgid "Supported values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3654 +#: sssd.conf.5.xml:3661 msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3657 +#: sssd.conf.5.xml:3664 msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3660 +#: sssd.conf.5.xml:3667 msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3663 +#: sssd.conf.5.xml:3670 msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3666 +#: sssd.conf.5.xml:3673 msgid "Default: ipv4_first" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3672 +#: sssd.conf.5.xml:3679 msgid "dns_resolver_server_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3675 +#: sssd.conf.5.xml:3682 msgid "" "Defines the amount of time (in milliseconds) SSSD would try to talk to DNS " "server before trying next DNS server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3680 +#: sssd.conf.5.xml:3687 msgid "" "The AD provider will use this option for the CLDAP ping timeouts as well." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3684 sssd.conf.5.xml:3704 sssd.conf.5.xml:3725 +#: sssd.conf.5.xml:3691 sssd.conf.5.xml:3711 sssd.conf.5.xml:3732 msgid "" "Please see the section <quote>FAILOVER</quote> for more information about " "the service resolution." msgstr "" #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3689 sssd-ldap.5.xml:644 include/failover.xml:84 +#: sssd.conf.5.xml:3696 sssd-ldap.5.xml:645 include/failover.xml:84 msgid "Default: 1000" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3695 +#: sssd.conf.5.xml:3702 msgid "dns_resolver_op_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3698 +#: sssd.conf.5.xml:3705 msgid "" "Defines the amount of time (in seconds) to wait to resolve single DNS query " "(e.g. resolution of a hostname or an SRV record) before trying the next " @@ -4195,12 +4201,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3715 +#: sssd.conf.5.xml:3722 msgid "dns_resolver_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3718 +#: sssd.conf.5.xml:3725 msgid "" "Defines the amount of time (in seconds) to wait for a reply from the " "internal fail over service before assuming that the service is unreachable. " @@ -4209,12 +4215,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3736 +#: sssd.conf.5.xml:3743 msgid "dns_resolver_use_search_list (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3739 +#: sssd.conf.5.xml:3746 msgid "" "Normally, the DNS resolver searches the domain list defined in the " "\"search\" directive from the resolv.conf file. This can lead to delays in " @@ -4222,7 +4228,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3745 +#: sssd.conf.5.xml:3752 msgid "" "If fully qualified domain names (or _srv_) are used in the SSSD " "configuration, setting this option to FALSE can prevent unnecessary DNS " @@ -4230,69 +4236,69 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3751 +#: sssd.conf.5.xml:3758 msgid "Default: TRUE" msgstr "Пешфарз: TRUE" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3757 +#: sssd.conf.5.xml:3764 msgid "dns_discovery_domain (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3760 +#: sssd.conf.5.xml:3767 msgid "" "If service discovery is used in the back end, specifies the domain part of " "the service discovery DNS query." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3764 +#: sssd.conf.5.xml:3771 msgid "Default: Use the domain part of machine's hostname" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3770 +#: sssd.conf.5.xml:3777 msgid "override_gid (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3773 +#: sssd.conf.5.xml:3780 msgid "Override the primary GID value with the one specified." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3779 +#: sssd.conf.5.xml:3786 msgid "case_sensitive (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3786 +#: sssd.conf.5.xml:3793 msgid "True" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3789 +#: sssd.conf.5.xml:3796 msgid "Case sensitive. This value is invalid for AD provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3795 +#: sssd.conf.5.xml:3802 msgid "False" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3797 +#: sssd.conf.5.xml:3804 msgid "Case insensitive." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3801 +#: sssd.conf.5.xml:3808 msgid "Preserving" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3804 +#: sssd.conf.5.xml:3811 msgid "" "Same as False (case insensitive), but does not lowercase names in the result " "of NSS operations. Note that name aliases (and in case of services also " @@ -4300,31 +4306,31 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3812 +#: sssd.conf.5.xml:3819 msgid "" "If you want to set this value for trusted domain with IPA provider, you need " "to set it on both the client and SSSD on the server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3782 +#: sssd.conf.5.xml:3789 msgid "" "Treat user and group names as case sensitive. Possible option values are: " "<placeholder type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3827 +#: sssd.conf.5.xml:3834 msgid "Default: True (False for AD provider)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3833 +#: sssd.conf.5.xml:3840 msgid "subdomain_inherit (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3836 +#: sssd.conf.5.xml:3843 msgid "" "Specifies a list of configuration parameters that should be inherited by a " "subdomain. Please note that only selected parameters can be inherited. " @@ -4332,104 +4338,104 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3842 +#: sssd.conf.5.xml:3849 msgid "ldap_search_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3845 +#: sssd.conf.5.xml:3852 msgid "ldap_network_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3848 +#: sssd.conf.5.xml:3855 msgid "ldap_opt_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3851 +#: sssd.conf.5.xml:3858 msgid "ldap_offline_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3854 +#: sssd.conf.5.xml:3861 msgid "ldap_enumeration_refresh_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3857 +#: sssd.conf.5.xml:3864 msgid "ldap_enumeration_refresh_offset" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3860 +#: sssd.conf.5.xml:3867 msgid "ldap_purge_cache_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3863 +#: sssd.conf.5.xml:3870 msgid "ldap_purge_cache_offset" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3866 +#: sssd.conf.5.xml:3873 msgid "" "ldap_krb5_keytab (the value of krb5_keytab will be used if ldap_krb5_keytab " "is not set explicitly)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3870 +#: sssd.conf.5.xml:3877 msgid "ldap_krb5_ticket_lifetime" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3873 +#: sssd.conf.5.xml:3880 msgid "ldap_enumeration_search_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3876 +#: sssd.conf.5.xml:3883 msgid "ldap_connection_expire_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3879 +#: sssd.conf.5.xml:3886 msgid "ldap_connection_expire_offset" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3882 +#: sssd.conf.5.xml:3889 msgid "ldap_connection_idle_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3885 sssd-ldap.5.xml:400 +#: sssd.conf.5.xml:3892 sssd-ldap.5.xml:401 msgid "ldap_use_tokengroups" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3888 +#: sssd.conf.5.xml:3895 msgid "ldap_user_principal" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3891 +#: sssd.conf.5.xml:3898 msgid "ignore_group_members" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3894 +#: sssd.conf.5.xml:3901 msgid "auto_private_groups" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3897 +#: sssd.conf.5.xml:3904 msgid "case_sensitive" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:3902 +#: sssd.conf.5.xml:3909 #, no-wrap msgid "" "subdomain_inherit = ldap_purge_cache_timeout\n" @@ -4437,27 +4443,27 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3909 +#: sssd.conf.5.xml:3916 msgid "Note: This option only works with the IPA and AD provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3916 +#: sssd.conf.5.xml:3923 msgid "subdomain_homedir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3927 +#: sssd.conf.5.xml:3934 msgid "%F" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3928 +#: sssd.conf.5.xml:3935 msgid "flat (NetBIOS) name of a subdomain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3919 +#: sssd.conf.5.xml:3926 msgid "" "Use this homedir as default value for all subdomains within this domain in " "IPA AD trust. See <emphasis>override_homedir</emphasis> for info about " @@ -4467,34 +4473,34 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3933 +#: sssd.conf.5.xml:3940 msgid "" "The value can be overridden by <emphasis>override_homedir</emphasis> option." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3937 +#: sssd.conf.5.xml:3944 msgid "Default: <filename>/home/%d/%u</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3942 +#: sssd.conf.5.xml:3949 msgid "realmd_tags (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3945 +#: sssd.conf.5.xml:3952 msgid "" "Various tags stored by the realmd configuration service for this domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3951 +#: sssd.conf.5.xml:3958 msgid "cached_auth_timeout (int)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3954 +#: sssd.conf.5.xml:3961 msgid "" "Specifies time in seconds since last successful online authentication for " "which user will be authenticated using cached credentials while SSSD is in " @@ -4503,19 +4509,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3962 +#: sssd.conf.5.xml:3969 msgid "" "This option's value is inherited by all trusted domains. At the moment it is " "not possible to set a different value per trusted domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3967 +#: sssd.conf.5.xml:3974 msgid "Special value 0 implies that this feature is disabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3971 +#: sssd.conf.5.xml:3978 msgid "" "Please note that if <quote>cached_auth_timeout</quote> is longer than " "<quote>pam_id_timeout</quote> then the back end could be called to handle " @@ -4523,12 +4529,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3982 +#: sssd.conf.5.xml:3989 msgid "local_auth_policy (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3985 +#: sssd.conf.5.xml:3992 msgid "" "Local authentication methods policy. Some backends (i.e. LDAP, proxy " "provider) only support a password based authentication, while others can " @@ -4539,7 +4545,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3995 +#: sssd.conf.5.xml:4002 msgid "" "There are three possible values for this option: match, only, enable. " "<quote>match</quote> is used to match offline and online states for Kerberos " @@ -4550,8 +4556,17 @@ msgid "" "separated, such as <quote>enable:passkey, enable:smartcard</quote>" msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4014 +msgid "" +"Please note that if local Smartcard authentication is enabled and a " +"Smartcard is present, Smartcard authentication will be preferred over the " +"authentication methods supported by the backend. I.e. there will be a PIN " +"prompt instead of e.g. a password prompt." +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:4011 +#: sssd.conf.5.xml:4026 #, no-wrap msgid "" "[domain/shadowutils]\n" @@ -4562,7 +4577,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4007 +#: sssd.conf.5.xml:4022 msgid "" "The following configuration example allows local users to authenticate " "locally using any enabled method (i.e. smartcard, passkey). <placeholder " @@ -4570,36 +4585,36 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4019 +#: sssd.conf.5.xml:4034 msgid "This option is ignored for the files provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4022 +#: sssd.conf.5.xml:4037 #, fuzzy #| msgid "Default: 3" msgid "Default: match" msgstr "Пешфарз: 3" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4027 +#: sssd.conf.5.xml:4042 msgid "auto_private_groups (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4033 +#: sssd.conf.5.xml:4048 msgid "true" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4036 +#: sssd.conf.5.xml:4051 msgid "" "Create user's private group unconditionally from user's UID number. The GID " "number is ignored in this case." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4040 +#: sssd.conf.5.xml:4055 msgid "" "NOTE: Because the GID number and the user private group are inferred from " "the UID number, it is not supported to have multiple entries with the same " @@ -4608,24 +4623,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4049 +#: sssd.conf.5.xml:4064 msgid "false" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4052 +#: sssd.conf.5.xml:4067 msgid "" "Always use the user's primary GID number. The GID number must refer to a " "group object in the LDAP database." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4058 +#: sssd.conf.5.xml:4073 msgid "hybrid" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4061 +#: sssd.conf.5.xml:4076 msgid "" "A primary group is autogenerated for user entries whose UID and GID numbers " "have the same value and at the same time the GID number does not correspond " @@ -4635,14 +4650,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4074 +#: sssd.conf.5.xml:4089 msgid "" "If the UID and GID of a user are different, then the GID must correspond to " "a group entry, otherwise the GID is simply not resolvable." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4081 +#: sssd.conf.5.xml:4096 msgid "" "This feature is useful for environments that wish to stop maintaining a " "separate group objects for the user private groups, but also wish to retain " @@ -4650,21 +4665,21 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4030 +#: sssd.conf.5.xml:4045 msgid "" "This option takes any of three available values: <placeholder " "type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4093 +#: sssd.conf.5.xml:4108 msgid "" "For subdomains, the default value is False for subdomains that use assigned " "POSIX IDs and True for subdomains that use automatic ID-mapping." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:4101 +#: sssd.conf.5.xml:4116 #, no-wrap msgid "" "[domain/forest.domain/sub.domain]\n" @@ -4672,7 +4687,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:4107 +#: sssd.conf.5.xml:4122 #, no-wrap msgid "" "[domain/forest.domain]\n" @@ -4681,7 +4696,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4098 +#: sssd.conf.5.xml:4113 msgid "" "The value of auto_private_groups can either be set per subdomains in a " "subsection, for example: <placeholder type=\"programlisting\" id=\"0\"/> or " @@ -4698,29 +4713,30 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4122 +#: sssd.conf.5.xml:4137 msgid "proxy_pam_target (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4125 +#: sssd.conf.5.xml:4140 msgid "The proxy target PAM proxies to." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4128 +#: sssd.conf.5.xml:4143 msgid "" "Default: not set by default, you have to take an existing pam configuration " -"or create a new one and add the service name here." +"or create a new one and add the service name here. As an alternative you can " +"enable local authentication with the local_auth_policy option." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4136 +#: sssd.conf.5.xml:4153 msgid "proxy_lib_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4139 +#: sssd.conf.5.xml:4156 msgid "" "The name of the NSS library to use in proxy domains. The NSS functions " "searched for in the library are in the form of _nss_$(libName)_$(function), " @@ -4728,12 +4744,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4149 +#: sssd.conf.5.xml:4166 msgid "proxy_resolver_lib_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4152 +#: sssd.conf.5.xml:4169 msgid "" "The name of the NSS library to use for hosts and networks lookups in proxy " "domains. The NSS functions searched for in the library are in the form of " @@ -4741,12 +4757,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4163 +#: sssd.conf.5.xml:4180 msgid "proxy_fast_alias (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4166 +#: sssd.conf.5.xml:4183 msgid "" "When a user or group is looked up by name in the proxy provider, a second " "lookup by ID is performed to \"canonicalize\" the name in case the requested " @@ -4755,12 +4771,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4180 +#: sssd.conf.5.xml:4197 msgid "proxy_max_children (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4183 +#: sssd.conf.5.xml:4200 msgid "" "This option specifies the number of pre-forked proxy children. It is useful " "for high-load SSSD environments where sssd may run out of available child " @@ -4768,19 +4784,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4118 +#: sssd.conf.5.xml:4133 msgid "" "Options valid for proxy domains. <placeholder type=\"variablelist\" " "id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:4199 +#: sssd.conf.5.xml:4216 msgid "Application domains" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4201 +#: sssd.conf.5.xml:4218 msgid "" "SSSD, with its D-Bus interface (see <citerefentry> <refentrytitle>sssd-ifp</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry>) is appealing to " @@ -4797,7 +4813,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4221 +#: sssd.conf.5.xml:4238 msgid "" "Please note that the application domain must still be explicitly enabled in " "the <quote>domains</quote> parameter so that the lookup order between the " @@ -4805,17 +4821,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> -#: sssd.conf.5.xml:4227 +#: sssd.conf.5.xml:4244 msgid "Application domain parameters" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4229 +#: sssd.conf.5.xml:4246 msgid "inherit_from (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4232 +#: sssd.conf.5.xml:4249 msgid "" "The SSSD POSIX-type domain the application domain inherits all settings " "from. The application domain can moreover add its own settings to the " @@ -4824,7 +4840,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4246 +#: sssd.conf.5.xml:4263 msgid "" "The following example illustrates the use of an application domain. In this " "setup, the POSIX domain is connected to an LDAP server and is used by the OS " @@ -4834,7 +4850,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><programlisting> -#: sssd.conf.5.xml:4254 +#: sssd.conf.5.xml:4271 #, no-wrap msgid "" "[sssd]\n" @@ -4854,12 +4870,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4274 +#: sssd.conf.5.xml:4291 msgid "TRUSTED DOMAIN SECTION" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4276 +#: sssd.conf.5.xml:4293 msgid "" "Some options used in the domain section can also be used in the trusted " "domain section, that is, in a section called <quote>[domain/" @@ -4870,69 +4886,69 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4283 +#: sssd.conf.5.xml:4300 msgid "ldap_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4284 +#: sssd.conf.5.xml:4301 msgid "ldap_user_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4285 +#: sssd.conf.5.xml:4302 msgid "ldap_group_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4286 +#: sssd.conf.5.xml:4303 msgid "ldap_netgroup_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4287 +#: sssd.conf.5.xml:4304 msgid "ldap_service_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4288 +#: sssd.conf.5.xml:4305 msgid "ldap_sasl_mech," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4289 +#: sssd.conf.5.xml:4306 msgid "ad_server," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4290 +#: sssd.conf.5.xml:4307 msgid "ad_backup_server," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4291 +#: sssd.conf.5.xml:4308 msgid "ad_site," msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4292 sssd-ipa.5.xml:879 +#: sssd.conf.5.xml:4309 sssd-ipa.5.xml:884 msgid "use_fully_qualified_names" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4296 +#: sssd.conf.5.xml:4313 msgid "" "For more details about these options see their individual description in the " "manual page." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4302 +#: sssd.conf.5.xml:4319 msgid "CERTIFICATE MAPPING SECTION" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4304 +#: sssd.conf.5.xml:4321 msgid "" "To allow authentication with Smartcards and certificates SSSD must be able " "to map certificates to users. This can be done by adding the full " @@ -4945,7 +4961,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4318 +#: sssd.conf.5.xml:4335 msgid "" "To make the mapping more flexible mapping and matching rules were added to " "SSSD (see <citerefentry> <refentrytitle>sss-certmap</refentrytitle> " @@ -4953,7 +4969,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4327 +#: sssd.conf.5.xml:4344 msgid "" "A mapping and matching rule can be added to the SSSD configuration in a " "section on its own with a name like <quote>[certmap/" @@ -4962,55 +4978,55 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4334 +#: sssd.conf.5.xml:4351 msgid "matchrule (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4337 +#: sssd.conf.5.xml:4354 msgid "" "Only certificates from the Smartcard which matches this rule will be " "processed, all others are ignored." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4341 +#: sssd.conf.5.xml:4358 msgid "" "Default: KRB5:<EKU>clientAuth, i.e. only certificates which have the " "Extended Key Usage <quote>clientAuth</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4348 +#: sssd.conf.5.xml:4365 msgid "maprule (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4351 +#: sssd.conf.5.xml:4368 msgid "Defines how the user is found for a given certificate." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4357 +#: sssd.conf.5.xml:4374 msgid "" "LDAP:(userCertificate;binary={cert!bin}) for LDAP based providers like " "<quote>ldap</quote>, <quote>AD</quote> or <quote>ipa</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4363 +#: sssd.conf.5.xml:4380 msgid "" "The RULE_NAME for the <quote>files</quote> provider which tries to find a " "user with the same name." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4372 +#: sssd.conf.5.xml:4389 msgid "domains (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4375 +#: sssd.conf.5.xml:4392 msgid "" "Comma separated list of domain names the rule should be applied. By default " "a rule is only valid in the domain configured in sssd.conf. If the provider " @@ -5019,17 +5035,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4382 +#: sssd.conf.5.xml:4399 msgid "Default: the configured domain in sssd.conf" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4387 +#: sssd.conf.5.xml:4404 msgid "priority (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4390 +#: sssd.conf.5.xml:4407 msgid "" "Unsigned integer value defining the priority of the rule. The higher the " "number the lower the priority. <quote>0</quote> stands for the highest " @@ -5037,26 +5053,26 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4396 +#: sssd.conf.5.xml:4413 msgid "Default: the lowest priority" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4402 +#: sssd.conf.5.xml:4419 msgid "" "To make the configuration simple and reduce the amount of configuration " "options the <quote>files</quote> provider has some special properties:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4408 +#: sssd.conf.5.xml:4425 msgid "" "if maprule is not set the RULE_NAME name is assumed to be the name of the " "matching user" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4414 +#: sssd.conf.5.xml:4431 msgid "" "if a maprule is used both a single user name or a template like " "<quote>{subject_rfc822_name.short_name}</quote> must be in braces like e.g. " @@ -5065,17 +5081,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4423 +#: sssd.conf.5.xml:4440 msgid "the <quote>domains</quote> option is ignored" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4431 +#: sssd.conf.5.xml:4448 msgid "PROMPTING CONFIGURATION SECTION" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4433 +#: sssd.conf.5.xml:4450 msgid "" "If a special file (<filename>/var/lib/sss/pubconf/pam_preauth_available</" "filename>) exists SSSD's PAM module pam_sss will ask SSSD to figure out " @@ -5085,7 +5101,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4441 +#: sssd.conf.5.xml:4458 msgid "" "With the growing number of authentication methods and the possibility that " "there are multiple ones for a single user the heuristic used by pam_sss to " @@ -5094,59 +5110,59 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4453 +#: sssd.conf.5.xml:4470 msgid "[prompting/password]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4456 +#: sssd.conf.5.xml:4473 msgid "password_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4457 +#: sssd.conf.5.xml:4474 msgid "to change the string of the password prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4455 +#: sssd.conf.5.xml:4472 msgid "" "to configure password prompting, allowed options are: <placeholder " "type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4465 +#: sssd.conf.5.xml:4482 msgid "[prompting/2fa]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4469 +#: sssd.conf.5.xml:4486 msgid "first_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4470 +#: sssd.conf.5.xml:4487 msgid "to change the string of the prompt for the first factor" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4473 +#: sssd.conf.5.xml:4490 msgid "second_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4474 +#: sssd.conf.5.xml:4491 msgid "to change the string of the prompt for the second factor" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4477 +#: sssd.conf.5.xml:4494 msgid "single_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4478 +#: sssd.conf.5.xml:4495 msgid "" "boolean value, if True there will be only a single prompt using the value of " "first_prompt where it is expected that both factors are entered as a single " @@ -5155,7 +5171,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4467 +#: sssd.conf.5.xml:4484 msgid "" "to configure two-factor authentication prompting, allowed options are: " "<placeholder type=\"variablelist\" id=\"0\"/> If the second factor is " @@ -5164,17 +5180,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4495 +#: sssd.conf.5.xml:4512 msgid "[prompting/passkey]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4501 sssd-ad.5.xml:1021 +#: sssd.conf.5.xml:4518 sssd-ad.5.xml:1021 msgid "interactive" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4503 +#: sssd.conf.5.xml:4520 msgid "" "boolean value, if True prompt a message and wait before testing the presence " "of a passkey device. Recommended if your device doesn’t have a tactile " @@ -5182,46 +5198,46 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4511 +#: sssd.conf.5.xml:4528 msgid "interactive_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4513 +#: sssd.conf.5.xml:4530 msgid "to change the message of the interactive prompt." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4518 +#: sssd.conf.5.xml:4535 msgid "touch" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4520 +#: sssd.conf.5.xml:4537 msgid "" "boolean value, if True prompt a message to remind the user to touch the " "device." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4526 +#: sssd.conf.5.xml:4543 msgid "touch_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4528 +#: sssd.conf.5.xml:4545 msgid "to change the message of the touch prompt." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4497 +#: sssd.conf.5.xml:4514 msgid "" "to configure passkey authentication prompting, allowed options are: " "<placeholder type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4448 +#: sssd.conf.5.xml:4465 msgid "" "Each supported authentication method has its own configuration subsection " "under <quote>[prompting/...]</quote>. Currently there are: <placeholder " @@ -5230,7 +5246,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4539 +#: sssd.conf.5.xml:4556 msgid "" "It is possible to add a subsection for specific PAM services, e.g. " "<quote>[prompting/password/sshd]</quote> to individual change the prompting " @@ -5238,12 +5254,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4546 pam_sss_gss.8.xml:157 idmap_sss.8.xml:43 +#: sssd.conf.5.xml:4563 pam_sss_gss.8.xml:157 idmap_sss.8.xml:43 msgid "EXAMPLES" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4552 +#: sssd.conf.5.xml:4569 #, no-wrap msgid "" "[sssd]\n" @@ -5273,7 +5289,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4548 +#: sssd.conf.5.xml:4565 msgid "" "1. The following example shows a typical SSSD config. It does not describe " "configuration of the domains themselves - refer to documentation on " @@ -5282,7 +5298,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4585 +#: sssd.conf.5.xml:4602 #, no-wrap msgid "" "[domain/ipa.com/child.ad.com]\n" @@ -5290,7 +5306,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4579 +#: sssd.conf.5.xml:4596 msgid "" "2. The following example shows configuration of IPA AD trust where the AD " "forest consists of two domains in a parent-child structure. Suppose IPA " @@ -5301,7 +5317,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4596 +#: sssd.conf.5.xml:4613 #, no-wrap msgid "" "[certmap/my.domain/rule_name]\n" @@ -5312,7 +5328,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4590 +#: sssd.conf.5.xml:4607 msgid "" "3. The following example shows the configuration of a certificate mapping " "rule. It is valid for the configured domain <quote>my.domain</quote> and " @@ -5366,26 +5382,26 @@ msgid "" "LDAP back end supports id, auth, access and chpass providers. If you want to " "authenticate against an LDAP server either TLS/SSL or LDAPS is required. " "<command>sssd</command> <emphasis>does not</emphasis> support authentication " -"over an unencrypted channel. If the LDAP server is used only as an identity " -"provider, an encrypted channel is not needed. Please refer to " -"<quote>ldap_access_filter</quote> config option for more information about " -"using LDAP as an access provider." +"over an unencrypted channel. Even if the LDAP server is used only as an " +"identity provider, an encrypted channel is strongly recommended. Please " +"refer to <quote>ldap_access_filter</quote> config option for more " +"information about using LDAP as an access provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:82 sssd-ad.5.xml:130 +#: sssd-ldap.5.xml:50 sssd-simple.5.xml:69 sssd-ipa.5.xml:82 sssd-ad.5.xml:130 #: sssd-krb5.5.xml:63 sssd-ifp.5.xml:60 sssd-files.5.xml:77 #: sssd-session-recording.5.xml:58 sssd-kcm.8.xml:202 msgid "CONFIGURATION OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:66 +#: sssd-ldap.5.xml:67 msgid "ldap_uri, ldap_backup_uri (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:69 +#: sssd-ldap.5.xml:70 msgid "" "Specifies the comma-separated list of URIs of the LDAP servers to which SSSD " "should connect in the order of preference. Refer to the <quote>FAILOVER</" @@ -5395,33 +5411,33 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:76 +#: sssd-ldap.5.xml:77 msgid "The format of the URI must match the format defined in RFC 2732:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:79 +#: sssd-ldap.5.xml:80 msgid "ldap[s]://<host>[:port]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:82 +#: sssd-ldap.5.xml:83 msgid "" "For explicit IPv6 addresses, <host> must be enclosed in brackets []" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:85 +#: sssd-ldap.5.xml:86 msgid "example: ldap://[fc00::126:25]:389" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:91 +#: sssd-ldap.5.xml:92 msgid "ldap_chpass_uri, ldap_chpass_backup_uri (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:94 +#: sssd-ldap.5.xml:95 msgid "" "Specifies the comma-separated list of URIs of the LDAP servers to which SSSD " "should connect in the order of preference to change the password of a user. " @@ -5430,71 +5446,71 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:101 +#: sssd-ldap.5.xml:102 msgid "To enable service discovery ldap_chpass_dns_service_name must be set." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:105 +#: sssd-ldap.5.xml:106 msgid "Default: empty, i.e. ldap_uri is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:111 +#: sssd-ldap.5.xml:112 msgid "ldap_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:114 +#: sssd-ldap.5.xml:115 msgid "The default base DN to use for performing LDAP user operations." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:118 +#: sssd-ldap.5.xml:119 msgid "" "Starting with SSSD 1.7.0, SSSD supports multiple search bases using the " "syntax:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:122 +#: sssd-ldap.5.xml:123 msgid "search_base[?scope?[filter][?search_base?scope?[filter]]*]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:125 +#: sssd-ldap.5.xml:126 msgid "The scope can be one of \"base\", \"onelevel\" or \"subtree\"." msgstr "" #. type: Content of: <listitem><para> -#: sssd-ldap.5.xml:128 include/ldap_search_bases.xml:18 +#: sssd-ldap.5.xml:129 include/ldap_search_bases.xml:18 msgid "" "The filter must be a valid LDAP search filter as specified by http://www." "ietf.org/rfc/rfc2254.txt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:132 sssd-ad.5.xml:311 sss_override.8.xml:143 +#: sssd-ldap.5.xml:133 sssd-ad.5.xml:311 sss_override.8.xml:143 #: sss_override.8.xml:240 sssd-ldap-attributes.5.xml:453 msgid "Examples:" msgstr "Намунаҳо:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:135 +#: sssd-ldap.5.xml:136 msgid "" "ldap_search_base = dc=example,dc=com (which is equivalent to) " "ldap_search_base = dc=example,dc=com?subtree?" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:140 +#: sssd-ldap.5.xml:141 msgid "" "ldap_search_base = cn=host_specific,dc=example,dc=com?subtree?" "(host=thishost)?dc=example.com?subtree?" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:143 +#: sssd-ldap.5.xml:144 msgid "" "Note: It is unsupported to have multiple search bases which reference " "identically-named objects (for example, groups with the same name in two " @@ -5503,7 +5519,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:150 +#: sssd-ldap.5.xml:151 msgid "" "Default: If not set, the value of the defaultNamingContext or namingContexts " "attribute from the RootDSE of the LDAP server is used. If " @@ -5514,12 +5530,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:164 +#: sssd-ldap.5.xml:165 msgid "ldap_schema (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:167 +#: sssd-ldap.5.xml:168 msgid "" "Specifies the Schema Type in use on the target LDAP server. Depending on " "the selected schema, the default attribute names retrieved from the servers " @@ -5527,32 +5543,32 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:174 +#: sssd-ldap.5.xml:175 msgid "Four schema types are currently supported:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:178 +#: sssd-ldap.5.xml:179 msgid "rfc2307" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:183 +#: sssd-ldap.5.xml:184 msgid "rfc2307bis" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:188 +#: sssd-ldap.5.xml:189 msgid "IPA" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:193 +#: sssd-ldap.5.xml:194 msgid "AD" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:199 +#: sssd-ldap.5.xml:200 msgid "" "The main difference between these schema types is how group memberships are " "recorded in the server. With rfc2307, group members are listed by name in " @@ -5563,37 +5579,37 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:209 +#: sssd-ldap.5.xml:210 msgid "Default: rfc2307" msgstr "Пешфарз: rfc2307" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:215 +#: sssd-ldap.5.xml:216 msgid "ldap_pwmodify_mode (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:218 +#: sssd-ldap.5.xml:219 msgid "Specify the operation that is used to modify user password." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:222 +#: sssd-ldap.5.xml:223 msgid "Two modes are currently supported:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:226 +#: sssd-ldap.5.xml:227 msgid "exop - Password Modify Extended Operation (RFC 3062)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:232 +#: sssd-ldap.5.xml:233 msgid "ldap_modify - Direct modification of userPassword (not recommended)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:239 +#: sssd-ldap.5.xml:240 msgid "" "Note: First, a new connection is established to verify current password by " "binding as the user that requested password change. If successful, this " @@ -5602,74 +5618,74 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:247 +#: sssd-ldap.5.xml:248 msgid "Default: exop" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:253 +#: sssd-ldap.5.xml:254 msgid "ldap_default_bind_dn (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:256 +#: sssd-ldap.5.xml:257 msgid "The default bind DN to use for performing LDAP operations." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:263 +#: sssd-ldap.5.xml:264 msgid "ldap_default_authtok_type (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:266 +#: sssd-ldap.5.xml:267 msgid "The type of the authentication token of the default bind DN." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:270 +#: sssd-ldap.5.xml:271 msgid "The two mechanisms currently supported are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:273 +#: sssd-ldap.5.xml:274 msgid "password" msgstr "парол" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:276 +#: sssd-ldap.5.xml:277 msgid "obfuscated_password" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:279 +#: sssd-ldap.5.xml:280 msgid "Default: password" msgstr "Пешфарз: парол" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:282 +#: sssd-ldap.5.xml:283 msgid "" "See the <citerefentry> <refentrytitle>sss_obfuscate</refentrytitle> " "<manvolnum>8</manvolnum> </citerefentry> manual page for more information." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:293 +#: sssd-ldap.5.xml:294 msgid "ldap_default_authtok (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:296 +#: sssd-ldap.5.xml:297 msgid "The authentication token of the default bind DN." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:302 +#: sssd-ldap.5.xml:303 msgid "ldap_force_upper_case_realm (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:305 +#: sssd-ldap.5.xml:306 msgid "" "Some directory servers, for example Active Directory, might deliver the " "realm part of the UPN in lower case, which might cause the authentication to " @@ -5678,24 +5694,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:318 +#: sssd-ldap.5.xml:319 msgid "ldap_enumeration_refresh_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:321 +#: sssd-ldap.5.xml:322 msgid "" "Specifies how many seconds SSSD has to wait before refreshing its cache of " "enumerated records." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:337 +#: sssd-ldap.5.xml:338 msgid "ldap_purge_cache_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:340 +#: sssd-ldap.5.xml:341 msgid "" "Determine how often to check the cache for inactive entries (such as groups " "with no members and users who have never logged in) and remove them to save " @@ -5703,7 +5719,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:346 +#: sssd-ldap.5.xml:347 msgid "" "Setting this option to zero will disable the cache cleanup operation. Please " "note that if enumeration is enabled, the cleanup task is required in order " @@ -5712,12 +5728,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:366 +#: sssd-ldap.5.xml:367 msgid "ldap_group_nesting_level (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:369 +#: sssd-ldap.5.xml:370 msgid "" "If ldap_schema is set to a schema format that supports nested groups (e.g. " "RFC2307bis), then this option controls how many levels of nesting SSSD will " @@ -5725,7 +5741,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:376 +#: sssd-ldap.5.xml:377 msgid "" "Note: This option specifies the guaranteed level of nested groups to be " "processed for any lookup. However, nested groups beyond this limit " @@ -5735,7 +5751,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:385 +#: sssd-ldap.5.xml:386 msgid "" "If ldap_group_nesting_level is set to 0 then no nested groups are processed " "at all. However, when connected to Active-Directory Server 2008 and later " @@ -5745,67 +5761,67 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:394 +#: sssd-ldap.5.xml:395 msgid "Default: 2" msgstr "Пешфарз: 2" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:403 +#: sssd-ldap.5.xml:404 msgid "" "This options enables or disables use of Token-Groups attribute when " "performing initgroup for users from Active Directory Server 2008 and later." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:413 +#: sssd-ldap.5.xml:414 msgid "Default: True for AD and IPA otherwise False." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:419 +#: sssd-ldap.5.xml:420 msgid "ldap_host_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:422 +#: sssd-ldap.5.xml:423 msgid "Optional. Use the given string as search base for host objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:426 sssd-ipa.5.xml:457 sssd-ipa.5.xml:476 sssd-ipa.5.xml:495 -#: sssd-ipa.5.xml:514 +#: sssd-ldap.5.xml:427 sssd-ipa.5.xml:462 sssd-ipa.5.xml:481 sssd-ipa.5.xml:500 +#: sssd-ipa.5.xml:519 msgid "" "See <quote>ldap_search_base</quote> for information about configuring " "multiple search bases." msgstr "" #. type: Content of: <listitem><para> -#: sssd-ldap.5.xml:431 sssd-ipa.5.xml:462 include/ldap_search_bases.xml:27 +#: sssd-ldap.5.xml:432 sssd-ipa.5.xml:467 include/ldap_search_bases.xml:27 msgid "Default: the value of <emphasis>ldap_search_base</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:438 +#: sssd-ldap.5.xml:439 msgid "ldap_service_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:443 +#: sssd-ldap.5.xml:444 msgid "ldap_iphost_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:448 +#: sssd-ldap.5.xml:449 msgid "ldap_ipnetwork_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:453 +#: sssd-ldap.5.xml:454 msgid "ldap_search_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:456 +#: sssd-ldap.5.xml:457 msgid "" "Specifies the timeout (in seconds) that ldap searches are allowed to run " "before they are cancelled and cached results are returned (and offline mode " @@ -5813,7 +5829,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:462 +#: sssd-ldap.5.xml:463 msgid "" "Note: this option is subject to change in future versions of the SSSD. It " "will likely be replaced at some point by a series of timeouts for specific " @@ -5821,12 +5837,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:479 +#: sssd-ldap.5.xml:480 msgid "ldap_enumeration_search_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:482 +#: sssd-ldap.5.xml:483 msgid "" "Specifies the timeout (in seconds) that ldap searches for user and group " "enumerations are allowed to run before they are cancelled and cached results " @@ -5834,12 +5850,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:500 +#: sssd-ldap.5.xml:501 msgid "ldap_network_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:503 +#: sssd-ldap.5.xml:504 msgid "" "Specifies the timeout (in seconds) after which the <citerefentry> " "<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/" @@ -5850,12 +5866,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:531 +#: sssd-ldap.5.xml:532 msgid "ldap_opt_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:534 +#: sssd-ldap.5.xml:535 msgid "" "Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs " "will abort if no response is received. Also controls the timeout when " @@ -5864,12 +5880,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:554 +#: sssd-ldap.5.xml:555 msgid "ldap_connection_expire_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:557 +#: sssd-ldap.5.xml:558 msgid "" "Specifies a timeout (in seconds) that a connection to an LDAP server will be " "maintained. After this time, the connection will be re-established. If used " @@ -5878,7 +5894,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:565 +#: sssd-ldap.5.xml:566 msgid "" "If the connection is idle (not actively running an operation) within " "<emphasis>ldap_opt_timeout</emphasis> seconds of expiration, then it will be " @@ -5889,36 +5905,36 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:577 +#: sssd-ldap.5.xml:578 msgid "" "This timeout can be extended of a random value specified by " "<emphasis>ldap_connection_expire_offset</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:587 sssd-ldap.5.xml:630 sssd-ldap.5.xml:1711 +#: sssd-ldap.5.xml:588 sssd-ldap.5.xml:631 sssd-ldap.5.xml:1713 msgid "Default: 900 (15 minutes)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:593 +#: sssd-ldap.5.xml:594 msgid "ldap_connection_expire_offset (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:596 +#: sssd-ldap.5.xml:597 msgid "" "Random offset between 0 and configured value is added to " "<emphasis>ldap_connection_expire_timeout</emphasis>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:612 +#: sssd-ldap.5.xml:613 msgid "ldap_connection_idle_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:615 +#: sssd-ldap.5.xml:616 msgid "" "Specifies a timeout (in seconds) that an idle connection to an LDAP server " "will be maintained. If the connection is idle for more than this time then " @@ -5926,29 +5942,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:621 +#: sssd-ldap.5.xml:622 msgid "You can disable this timeout by setting the value to 0." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:636 +#: sssd-ldap.5.xml:637 msgid "ldap_page_size (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:639 +#: sssd-ldap.5.xml:640 msgid "" "Specify the number of records to retrieve from LDAP in a single request. " "Some LDAP servers enforce a maximum limit per-request." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:650 +#: sssd-ldap.5.xml:651 msgid "ldap_disable_paging (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:653 +#: sssd-ldap.5.xml:654 msgid "" "Disable the LDAP paging control. This option should be used if the LDAP " "server reports that it supports the LDAP paging control in its RootDSE but " @@ -5956,14 +5972,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:659 +#: sssd-ldap.5.xml:660 msgid "" "Example: OpenLDAP servers with the paging control module installed on the " "server but not enabled will report it in the RootDSE but be unable to use it." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:665 +#: sssd-ldap.5.xml:666 msgid "" "Example: 389 DS has a bug where it can only support a one paging control at " "a time on a single connection. On busy clients, this can result in some " @@ -5971,17 +5987,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:677 +#: sssd-ldap.5.xml:678 msgid "ldap_disable_range_retrieval (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:680 +#: sssd-ldap.5.xml:681 msgid "Disable Active Directory range retrieval." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:683 +#: sssd-ldap.5.xml:684 msgid "" "Active Directory limits the number of members to be retrieved in a single " "lookup using the MaxValRange policy (which defaults to 1500 members). If a " @@ -5991,12 +6007,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:698 +#: sssd-ldap.5.xml:699 msgid "ldap_sasl_minssf (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:701 +#: sssd-ldap.5.xml:702 msgid "" "When communicating with an LDAP server using SASL, specify the minimum " "security level necessary to establish the connection. The values of this " @@ -6004,17 +6020,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:707 sssd-ldap.5.xml:723 +#: sssd-ldap.5.xml:708 sssd-ldap.5.xml:724 msgid "Default: Use the system default (usually specified by ldap.conf)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:714 +#: sssd-ldap.5.xml:715 msgid "ldap_sasl_maxssf (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:717 +#: sssd-ldap.5.xml:718 msgid "" "When communicating with an LDAP server using SASL, specify the maximal " "security level necessary to establish the connection. The values of this " @@ -6022,12 +6038,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:730 +#: sssd-ldap.5.xml:731 msgid "ldap_deref_threshold (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:733 +#: sssd-ldap.5.xml:734 msgid "" "Specify the number of group members that must be missing from the internal " "cache in order to trigger a dereference lookup. If less members are missing, " @@ -6035,7 +6051,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:739 +#: sssd-ldap.5.xml:740 msgid "" "You can turn off dereference lookups completely by setting the value to 0. " "Please note that there are some codepaths in SSSD, like the IPA HBAC " @@ -6046,7 +6062,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:750 +#: sssd-ldap.5.xml:751 msgid "" "A dereference lookup is a means of fetching all group members in a single " "LDAP call. Different LDAP servers may implement different dereference " @@ -6055,7 +6071,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:758 +#: sssd-ldap.5.xml:759 msgid "" "<emphasis>Note:</emphasis> If any of the search bases specifies a search " "filter, then the dereference lookup performance enhancement will be disabled " @@ -6063,12 +6079,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:771 +#: sssd-ldap.5.xml:772 msgid "ldap_ignore_unreadable_references (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:774 +#: sssd-ldap.5.xml:775 msgid "" "Ignore unreadable LDAP entries referenced in group's member attribute. If " "this parameter is set to false an error will be returned and the operation " @@ -6076,7 +6092,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:781 +#: sssd-ldap.5.xml:782 msgid "" "This parameter may be useful when using the AD provider and the computer " "account that sssd uses to connect to AD does not have access to a particular " @@ -6084,26 +6100,26 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:794 +#: sssd-ldap.5.xml:795 msgid "ldap_tls_reqcert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:797 +#: sssd-ldap.5.xml:798 msgid "" "Specifies what checks to perform on server certificates in a TLS session, if " "any. It can be specified as one of the following values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:803 +#: sssd-ldap.5.xml:804 msgid "" "<emphasis>never</emphasis> = The client will not request or check any server " "certificate." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:807 +#: sssd-ldap.5.xml:808 msgid "" "<emphasis>allow</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -6111,7 +6127,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:814 +#: sssd-ldap.5.xml:815 msgid "" "<emphasis>try</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -6119,7 +6135,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:820 +#: sssd-ldap.5.xml:821 msgid "" "<emphasis>demand</emphasis> = The server certificate is requested. If no " "certificate is provided, or a bad certificate is provided, the session is " @@ -6127,41 +6143,41 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:826 +#: sssd-ldap.5.xml:827 msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:830 +#: sssd-ldap.5.xml:831 msgid "Default: hard" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:836 +#: sssd-ldap.5.xml:837 msgid "ldap_tls_cacert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:839 +#: sssd-ldap.5.xml:840 msgid "" "Specifies the file that contains certificates for all of the Certificate " "Authorities that <command>sssd</command> will recognize." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:844 sssd-ldap.5.xml:862 sssd-ldap.5.xml:903 +#: sssd-ldap.5.xml:845 sssd-ldap.5.xml:863 sssd-ldap.5.xml:904 msgid "" "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap." "conf</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:851 +#: sssd-ldap.5.xml:852 msgid "ldap_tls_cacertdir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:854 +#: sssd-ldap.5.xml:855 msgid "" "Specifies the path of a directory that contains Certificate Authority " "certificates in separate individual files. Typically the file names need to " @@ -6170,32 +6186,32 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:869 +#: sssd-ldap.5.xml:870 msgid "ldap_tls_cert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:872 +#: sssd-ldap.5.xml:873 msgid "Specifies the file that contains the certificate for the client's key." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:882 +#: sssd-ldap.5.xml:883 msgid "ldap_tls_key (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:885 +#: sssd-ldap.5.xml:886 msgid "Specifies the file that contains the client's key." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:894 +#: sssd-ldap.5.xml:895 msgid "ldap_tls_cipher_suite (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:897 +#: sssd-ldap.5.xml:898 msgid "" "Specifies acceptable cipher suites. Typically this is a colon separated " "list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> " @@ -6203,24 +6219,25 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:910 +#: sssd-ldap.5.xml:911 msgid "ldap_id_use_start_tls (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:913 +#: sssd-ldap.5.xml:914 msgid "" "Specifies that the id_provider connection must also use <systemitem " -"class=\"protocol\">tls</systemitem> to protect the channel." +"class=\"protocol\">tls</systemitem> to protect the channel. <emphasis>true</" +"emphasis> is strongly recommended for security reasons." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:923 +#: sssd-ldap.5.xml:925 msgid "ldap_id_mapping (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:926 +#: sssd-ldap.5.xml:928 msgid "" "Specifies that SSSD should attempt to map user and group IDs from the " "ldap_user_objectsid and ldap_group_objectsid attributes instead of relying " @@ -6228,17 +6245,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:932 +#: sssd-ldap.5.xml:934 msgid "Currently this feature supports only ActiveDirectory objectSID mapping." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:942 +#: sssd-ldap.5.xml:944 msgid "ldap_min_id, ldap_max_id (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:945 +#: sssd-ldap.5.xml:947 msgid "" "In contrast to the SID based ID mapping which is used if ldap_id_mapping is " "set to true the allowed ID range for ldap_user_uid_number and " @@ -6249,24 +6266,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:957 +#: sssd-ldap.5.xml:959 msgid "Default: not set (both options are set to 0)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:963 +#: sssd-ldap.5.xml:965 msgid "ldap_sasl_mech (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:966 +#: sssd-ldap.5.xml:968 msgid "" "Specify the SASL mechanism to use. Currently only GSSAPI and GSS-SPNEGO are " "tested and supported." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:970 +#: sssd-ldap.5.xml:972 msgid "" "If the backend supports sub-domains the value of ldap_sasl_mech is " "automatically inherited to the sub-domains. If a different value is needed " @@ -6277,12 +6294,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:986 +#: sssd-ldap.5.xml:988 msgid "ldap_sasl_authid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd-ldap.5.xml:998 +#: sssd-ldap.5.xml:1000 #, no-wrap msgid "" "hostname@REALM\n" @@ -6295,7 +6312,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:989 +#: sssd-ldap.5.xml:991 msgid "" "Specify the SASL authorization id to use. When GSSAPI/GSS-SPNEGO are used, " "this represents the Kerberos principal used for authentication to the " @@ -6307,17 +6324,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1009 +#: sssd-ldap.5.xml:1011 msgid "Default: host/hostname@REALM" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1015 +#: sssd-ldap.5.xml:1017 msgid "ldap_sasl_realm (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1018 +#: sssd-ldap.5.xml:1020 msgid "" "Specify the SASL realm to use. When not specified, this option defaults to " "the value of krb5_realm. If the ldap_sasl_authid contains the realm as " @@ -6325,49 +6342,49 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1024 +#: sssd-ldap.5.xml:1026 msgid "Default: the value of krb5_realm." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1030 +#: sssd-ldap.5.xml:1032 msgid "ldap_sasl_canonicalize (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1033 +#: sssd-ldap.5.xml:1035 msgid "" "If set to true, the LDAP library would perform a reverse lookup to " "canonicalize the host name during a SASL bind." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1038 +#: sssd-ldap.5.xml:1040 msgid "Default: false;" msgstr "Пешфарз: false;" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1044 +#: sssd-ldap.5.xml:1046 msgid "ldap_krb5_keytab (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1047 +#: sssd-ldap.5.xml:1049 msgid "Specify the keytab to use when using SASL/GSSAPI/GSS-SPNEGO." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1056 sssd-krb5.5.xml:247 +#: sssd-ldap.5.xml:1058 sssd-krb5.5.xml:247 msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1062 +#: sssd-ldap.5.xml:1064 msgid "ldap_krb5_init_creds (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1065 +#: sssd-ldap.5.xml:1067 msgid "" "Specifies that the id_provider should init Kerberos credentials (TGT). This " "action is performed only if SASL is used and the mechanism selected is " @@ -6375,28 +6392,28 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1077 +#: sssd-ldap.5.xml:1079 msgid "ldap_krb5_ticket_lifetime (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1080 +#: sssd-ldap.5.xml:1082 msgid "" "Specifies the lifetime in seconds of the TGT if GSSAPI or GSS-SPNEGO is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1089 sssd-ad.5.xml:1252 +#: sssd-ldap.5.xml:1091 sssd-ad.5.xml:1252 msgid "Default: 86400 (24 hours)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1095 sssd-krb5.5.xml:74 +#: sssd-ldap.5.xml:1097 sssd-krb5.5.xml:74 msgid "krb5_server, krb5_backup_server (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1098 +#: sssd-ldap.5.xml:1100 msgid "" "Specifies the comma-separated list of IP addresses or hostnames of the " "Kerberos servers to which SSSD should connect in the order of preference. " @@ -6408,7 +6425,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1110 sssd-krb5.5.xml:89 +#: sssd-ldap.5.xml:1112 sssd-krb5.5.xml:89 msgid "" "When using service discovery for KDC or kpasswd servers, SSSD first searches " "for DNS entries that specify _udp as the protocol and falls back to _tcp if " @@ -6416,7 +6433,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1115 sssd-krb5.5.xml:94 +#: sssd-ldap.5.xml:1117 sssd-krb5.5.xml:94 msgid "" "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. " "While the legacy name is recognized for the time being, users are advised to " @@ -6424,39 +6441,39 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1124 sssd-ipa.5.xml:526 sssd-krb5.5.xml:103 +#: sssd-ldap.5.xml:1126 sssd-ipa.5.xml:531 sssd-krb5.5.xml:103 msgid "krb5_realm (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1127 +#: sssd-ldap.5.xml:1129 msgid "Specify the Kerberos REALM (for SASL/GSSAPI/GSS-SPNEGO auth)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1131 +#: sssd-ldap.5.xml:1133 msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>" msgstr "" #. type: Content of: <variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1137 include/krb5_options.xml:154 +#: sssd-ldap.5.xml:1139 include/krb5_options.xml:154 msgid "krb5_canonicalize (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1140 +#: sssd-ldap.5.xml:1142 msgid "" "Specifies if the host principal should be canonicalized when connecting to " "LDAP server. This feature is available with MIT Kerberos >= 1.7" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1152 sssd-krb5.5.xml:336 +#: sssd-ldap.5.xml:1154 sssd-krb5.5.xml:336 msgid "krb5_use_kdcinfo (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1155 sssd-krb5.5.xml:339 +#: sssd-ldap.5.xml:1157 sssd-krb5.5.xml:339 msgid "" "Specifies if the SSSD should instruct the Kerberos libraries what realm and " "which KDCs to use. This option is on by default, if you disable it, you need " @@ -6466,7 +6483,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1166 sssd-krb5.5.xml:350 +#: sssd-ldap.5.xml:1168 sssd-krb5.5.xml:350 msgid "" "See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</" "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more " @@ -6474,26 +6491,26 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1180 +#: sssd-ldap.5.xml:1182 msgid "ldap_pwd_policy (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1183 +#: sssd-ldap.5.xml:1185 msgid "" "Select the policy to evaluate the password expiration on the client side. " "The following values are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1188 +#: sssd-ldap.5.xml:1190 msgid "" "<emphasis>none</emphasis> - No evaluation on the client side. This option " "cannot disable server-side password policies." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1193 +#: sssd-ldap.5.xml:1195 msgid "" "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</" "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to " @@ -6502,7 +6519,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1201 +#: sssd-ldap.5.xml:1203 msgid "" "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos " "to determine if the password has expired. Use chpass_provider=krb5 to update " @@ -6510,31 +6527,31 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1210 +#: sssd-ldap.5.xml:1212 msgid "" "<emphasis>Note</emphasis>: if a password policy is configured on server " "side, it always takes precedence over policy set with this option." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1218 +#: sssd-ldap.5.xml:1220 msgid "ldap_referrals (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1221 +#: sssd-ldap.5.xml:1223 msgid "Specifies whether automatic referral chasing should be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1225 +#: sssd-ldap.5.xml:1227 msgid "" "Please note that sssd only supports referral chasing when it is compiled " "with OpenLDAP version 2.4.13 or higher." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1230 +#: sssd-ldap.5.xml:1232 msgid "" "Chasing referrals may incur a performance penalty in environments that use " "them heavily, a notable example is Microsoft Active Directory. If your setup " @@ -6547,51 +6564,51 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1249 +#: sssd-ldap.5.xml:1251 msgid "ldap_dns_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1252 +#: sssd-ldap.5.xml:1254 msgid "Specifies the service name to use when service discovery is enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1256 +#: sssd-ldap.5.xml:1258 msgid "Default: ldap" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1262 +#: sssd-ldap.5.xml:1264 msgid "ldap_chpass_dns_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1265 +#: sssd-ldap.5.xml:1267 msgid "" "Specifies the service name to use to find an LDAP server which allows " "password changes when service discovery is enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1270 +#: sssd-ldap.5.xml:1272 msgid "Default: not set, i.e. service discovery is disabled" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1276 +#: sssd-ldap.5.xml:1278 msgid "ldap_chpass_update_last_change (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1279 +#: sssd-ldap.5.xml:1281 msgid "" "Specifies whether to update the ldap_user_shadow_last_change attribute with " "days since the Epoch after a password change operation." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1285 +#: sssd-ldap.5.xml:1287 msgid "" "It is recommend to set this option explicitly if \"ldap_pwd_policy = " "shadow\" is used to let SSSD know if the LDAP server will update " @@ -6600,12 +6617,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1299 +#: sssd-ldap.5.xml:1301 msgid "ldap_access_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1302 +#: sssd-ldap.5.xml:1304 msgid "" "If using access_provider = ldap and ldap_access_order = filter (default), " "this option is mandatory. It specifies an LDAP search filter criteria that " @@ -6621,12 +6638,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1322 +#: sssd-ldap.5.xml:1324 msgid "Example:" msgstr "Намуна:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> -#: sssd-ldap.5.xml:1325 +#: sssd-ldap.5.xml:1327 #, no-wrap msgid "" "access_provider = ldap\n" @@ -6635,14 +6652,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1329 +#: sssd-ldap.5.xml:1331 msgid "" "This example means that access to this host is restricted to users whose " "employeeType attribute is set to \"admin\"." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1334 +#: sssd-ldap.5.xml:1336 msgid "" "Offline caching for this feature is limited to determining whether the " "user's last online login was granted access permission. If they were granted " @@ -6651,24 +6668,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1342 sssd-ldap.5.xml:1398 +#: sssd-ldap.5.xml:1344 sssd-ldap.5.xml:1400 msgid "Default: Empty" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1348 +#: sssd-ldap.5.xml:1350 msgid "ldap_account_expire_policy (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1351 +#: sssd-ldap.5.xml:1353 msgid "" "With this option a client side evaluation of access control attributes can " "be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1355 +#: sssd-ldap.5.xml:1357 msgid "" "Please note that it is always recommended to use server side access control, " "i.e. the LDAP server should deny the bind request with a suitable error code " @@ -6676,19 +6693,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1362 +#: sssd-ldap.5.xml:1364 msgid "The following values are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1365 +#: sssd-ldap.5.xml:1367 msgid "" "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to " "determine if the account is expired." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1370 +#: sssd-ldap.5.xml:1372 msgid "" "<emphasis>ad</emphasis>: use the value of the 32bit field " "ldap_user_ad_user_account_control and allow access if the second bit is not " @@ -6697,7 +6714,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1377 +#: sssd-ldap.5.xml:1379 msgid "" "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</" "emphasis>: use the value of ldap_ns_account_lock to check if access is " @@ -6705,7 +6722,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1383 +#: sssd-ldap.5.xml:1385 msgid "" "<emphasis>nds</emphasis>: the values of " "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and " @@ -6714,7 +6731,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1391 +#: sssd-ldap.5.xml:1393 msgid "" "Please note that the ldap_access_order configuration option <emphasis>must</" "emphasis> include <quote>expire</quote> in order for the " @@ -6722,22 +6739,22 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1404 +#: sssd-ldap.5.xml:1406 msgid "ldap_access_order (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1407 sssd-ipa.5.xml:351 +#: sssd-ldap.5.xml:1409 sssd-ipa.5.xml:356 msgid "Comma separated list of access control options. Allowed values are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1411 +#: sssd-ldap.5.xml:1413 msgid "<emphasis>filter</emphasis>: use ldap_access_filter" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1414 +#: sssd-ldap.5.xml:1416 msgid "" "<emphasis>lockout</emphasis>: use account locking. If set, this option " "denies access in case that ldap attribute 'pwdAccountLockedTime' is present " @@ -6747,14 +6764,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1424 +#: sssd-ldap.5.xml:1426 msgid "" "<emphasis> Please note that this option is superseded by the <quote>ppolicy</" "quote> option and might be removed in a future release. </emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1431 +#: sssd-ldap.5.xml:1433 msgid "" "<emphasis>ppolicy</emphasis>: use account locking. If set, this option " "denies access in case that ldap attribute 'pwdAccountLockedTime' is present " @@ -6767,12 +6784,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1448 +#: sssd-ldap.5.xml:1450 msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1452 sssd-ipa.5.xml:359 +#: sssd-ldap.5.xml:1454 sssd-ipa.5.xml:364 msgid "" "<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, " "pwd_expire_policy_renew: </emphasis> These options are useful if users are " @@ -6782,81 +6799,81 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1462 sssd-ipa.5.xml:369 +#: sssd-ldap.5.xml:1464 sssd-ipa.5.xml:374 msgid "" "The difference between these options is the action taken if user password is " "expired:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:1467 sssd-ipa.5.xml:374 +#: sssd-ldap.5.xml:1469 sssd-ipa.5.xml:379 msgid "pwd_expire_policy_reject - user is denied to log in," msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:1473 sssd-ipa.5.xml:380 +#: sssd-ldap.5.xml:1475 sssd-ipa.5.xml:385 msgid "pwd_expire_policy_warn - user is still able to log in," msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:1479 sssd-ipa.5.xml:386 +#: sssd-ldap.5.xml:1481 sssd-ipa.5.xml:391 msgid "" "pwd_expire_policy_renew - user is prompted to change their password " "immediately." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1487 +#: sssd-ldap.5.xml:1489 msgid "" "Please note that 'access_provider = ldap' must be set for this feature to " "work. Also 'ldap_pwd_policy' must be set to an appropriate password policy." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1492 +#: sssd-ldap.5.xml:1494 msgid "" "<emphasis>authorized_service</emphasis>: use the authorizedService attribute " "to determine access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1497 +#: sssd-ldap.5.xml:1499 msgid "<emphasis>host</emphasis>: use the host attribute to determine access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1501 +#: sssd-ldap.5.xml:1503 msgid "" "<emphasis>rhost</emphasis>: use the rhost attribute to determine whether " "remote host can access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1505 +#: sssd-ldap.5.xml:1507 msgid "" "Please note, rhost field in pam is set by application, it is better to check " "what the application sends to pam, before enabling this access control option" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1510 +#: sssd-ldap.5.xml:1512 msgid "Default: filter" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1513 +#: sssd-ldap.5.xml:1515 msgid "" "Please note that it is a configuration error if a value is used more than " "once." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1520 +#: sssd-ldap.5.xml:1522 msgid "ldap_pwdlockout_dn (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1523 +#: sssd-ldap.5.xml:1525 msgid "" "This option specifies the DN of password policy entry on LDAP server. Please " "note that absence of this option in sssd.conf in case of enabled account " @@ -6865,74 +6882,74 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1531 +#: sssd-ldap.5.xml:1533 msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1534 +#: sssd-ldap.5.xml:1536 msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1540 +#: sssd-ldap.5.xml:1542 msgid "ldap_deref (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1543 +#: sssd-ldap.5.xml:1545 msgid "" "Specifies how alias dereferencing is done when performing a search. The " "following options are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1548 +#: sssd-ldap.5.xml:1550 msgid "<emphasis>never</emphasis>: Aliases are never dereferenced." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1552 +#: sssd-ldap.5.xml:1554 msgid "" "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of " "the base object, but not in locating the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1557 +#: sssd-ldap.5.xml:1559 msgid "" "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating " "the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1562 +#: sssd-ldap.5.xml:1564 msgid "" "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and " "in locating the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1567 +#: sssd-ldap.5.xml:1569 msgid "" "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP " "client libraries)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1575 +#: sssd-ldap.5.xml:1577 msgid "ldap_rfc2307_fallback_to_local_users (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1578 +#: sssd-ldap.5.xml:1580 msgid "" "Allows to retain local users as members of an LDAP group for servers that " "use the RFC2307 schema." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1582 +#: sssd-ldap.5.xml:1584 msgid "" "In some environments where the RFC2307 schema is used, local users are made " "members of LDAP groups by adding their names to the memberUid attribute. " @@ -6943,7 +6960,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1593 +#: sssd-ldap.5.xml:1595 msgid "" "This option falls back to checking if local users are referenced, and caches " "them so that later initgroups() calls will augment the local users with the " @@ -6951,53 +6968,53 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1605 sssd-ifp.5.xml:152 +#: sssd-ldap.5.xml:1607 sssd-ifp.5.xml:152 msgid "wildcard_limit (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1608 +#: sssd-ldap.5.xml:1610 msgid "" "Specifies an upper limit on the number of entries that are downloaded during " "a wildcard lookup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1612 +#: sssd-ldap.5.xml:1614 msgid "At the moment, only the InfoPipe responder supports wildcard lookups." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1616 +#: sssd-ldap.5.xml:1618 msgid "Default: 1000 (often the size of one page)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1622 +#: sssd-ldap.5.xml:1624 msgid "ldap_library_debug_level (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1625 +#: sssd-ldap.5.xml:1627 msgid "" "Switches on libldap debugging with the given level. The libldap debug " "messages will be written independent of the general debug_level." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1630 +#: sssd-ldap.5.xml:1632 msgid "" "OpenLDAP uses a bitmap to enable debugging for specific components, -1 will " "enable full debug output." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1635 +#: sssd-ldap.5.xml:1637 msgid "Default: 0 (libldap debugging disabled)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:51 +#: sssd-ldap.5.xml:52 msgid "" "All of the common configuration options that apply to SSSD domains also " "apply to LDAP domains. Refer to the <quote>DOMAIN SECTIONS</quote> section " @@ -7009,12 +7026,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1645 +#: sssd-ldap.5.xml:1647 msgid "SUDO OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1647 +#: sssd-ldap.5.xml:1649 msgid "" "The detailed instructions for configuration of sudo_provider are in the " "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " @@ -7022,43 +7039,43 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1658 +#: sssd-ldap.5.xml:1660 msgid "ldap_sudo_full_refresh_interval (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1661 +#: sssd-ldap.5.xml:1663 msgid "" "How many seconds SSSD will wait between executing a full refresh of sudo " "rules (which downloads all rules that are stored on the server)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1666 +#: sssd-ldap.5.xml:1668 msgid "" "The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </" "emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1671 +#: sssd-ldap.5.xml:1673 msgid "" "You can disable full refresh by setting this option to 0. However, either " "smart or full refresh must be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1676 +#: sssd-ldap.5.xml:1678 msgid "Default: 21600 (6 hours)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1682 +#: sssd-ldap.5.xml:1684 msgid "ldap_sudo_smart_refresh_interval (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1685 +#: sssd-ldap.5.xml:1687 msgid "" "How many seconds SSSD has to wait before executing a smart refresh of sudo " "rules (which downloads all rules that have USN higher than the highest " @@ -7066,14 +7083,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1691 +#: sssd-ldap.5.xml:1693 msgid "" "If USN attributes are not supported by the server, the modifyTimestamp " "attribute is used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1695 +#: sssd-ldap.5.xml:1697 msgid "" "<emphasis>Note:</emphasis> the highest USN value can be updated by three " "tasks: 1) By sudo full and smart refresh (if updated rules are found), 2) by " @@ -7083,19 +7100,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1706 +#: sssd-ldap.5.xml:1708 msgid "" "You can disable smart refresh by setting this option to 0. However, either " "smart or full refresh must be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1717 +#: sssd-ldap.5.xml:1719 msgid "ldap_sudo_random_offset (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1720 +#: sssd-ldap.5.xml:1722 msgid "" "Random offset between 0 and configured value is added to smart and full " "refresh periods each time the periodic task is scheduled. The value is in " @@ -7103,7 +7120,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1726 +#: sssd-ldap.5.xml:1728 msgid "" "Note that this random offset is also applied on the first SSSD start which " "delays the first sudo rules refresh. This prolongs the time when the sudo " @@ -7111,106 +7128,106 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1732 +#: sssd-ldap.5.xml:1734 msgid "You can disable this offset by setting the value to 0." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1742 +#: sssd-ldap.5.xml:1744 msgid "ldap_sudo_use_host_filter (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1745 +#: sssd-ldap.5.xml:1747 msgid "" "If true, SSSD will download only rules that are applicable to this machine " "(using the IPv4 or IPv6 host/network addresses and hostnames)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1756 +#: sssd-ldap.5.xml:1758 msgid "ldap_sudo_hostnames (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1759 +#: sssd-ldap.5.xml:1761 msgid "" "Space separated list of hostnames or fully qualified domain names that " "should be used to filter the rules." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1764 +#: sssd-ldap.5.xml:1766 msgid "" "If this option is empty, SSSD will try to discover the hostname and the " "fully qualified domain name automatically." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1769 sssd-ldap.5.xml:1792 sssd-ldap.5.xml:1810 -#: sssd-ldap.5.xml:1828 +#: sssd-ldap.5.xml:1771 sssd-ldap.5.xml:1794 sssd-ldap.5.xml:1812 +#: sssd-ldap.5.xml:1830 msgid "" "If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</" "emphasis> then this option has no effect." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1774 sssd-ldap.5.xml:1797 +#: sssd-ldap.5.xml:1776 sssd-ldap.5.xml:1799 msgid "Default: not specified" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1780 +#: sssd-ldap.5.xml:1782 msgid "ldap_sudo_ip (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1783 +#: sssd-ldap.5.xml:1785 msgid "" "Space separated list of IPv4 or IPv6 host/network addresses that should be " "used to filter the rules." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1788 +#: sssd-ldap.5.xml:1790 msgid "" "If this option is empty, SSSD will try to discover the addresses " "automatically." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1803 +#: sssd-ldap.5.xml:1805 msgid "ldap_sudo_include_netgroups (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1806 +#: sssd-ldap.5.xml:1808 msgid "" "If true then SSSD will download every rule that contains a netgroup in " "sudoHost attribute." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1821 +#: sssd-ldap.5.xml:1823 msgid "ldap_sudo_include_regexp (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1824 +#: sssd-ldap.5.xml:1826 msgid "" "If true then SSSD will download every rule that contains a wildcard in " "sudoHost attribute." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><note><para> -#: sssd-ldap.5.xml:1834 +#: sssd-ldap.5.xml:1836 msgid "" "Using wildcard is an operation that is very costly to evaluate on the LDAP " "server side!" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1846 +#: sssd-ldap.5.xml:1848 msgid "" "This manual page only describes attribute name mapping. For detailed " "explanation of sudo related attribute semantics, see <citerefentry> " @@ -7219,59 +7236,59 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1856 +#: sssd-ldap.5.xml:1858 msgid "AUTOFS OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1858 +#: sssd-ldap.5.xml:1860 msgid "" "Some of the defaults for the parameters below are dependent on the LDAP " "schema." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1864 +#: sssd-ldap.5.xml:1866 msgid "ldap_autofs_map_master_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1867 +#: sssd-ldap.5.xml:1869 msgid "The name of the automount master map in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1870 +#: sssd-ldap.5.xml:1872 msgid "Default: auto.master" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1881 +#: sssd-ldap.5.xml:1883 msgid "ADVANCED OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1888 +#: sssd-ldap.5.xml:1890 msgid "ldap_netgroup_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1893 +#: sssd-ldap.5.xml:1895 msgid "ldap_user_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1898 +#: sssd-ldap.5.xml:1900 msgid "ldap_group_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><note> -#: sssd-ldap.5.xml:1903 +#: sssd-ldap.5.xml:1905 msgid "<note>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para> -#: sssd-ldap.5.xml:1905 +#: sssd-ldap.5.xml:1907 msgid "" "If the option <quote>ldap_use_tokengroups</quote> is enabled, the searches " "against Active Directory will not be restricted and return all groups " @@ -7280,22 +7297,22 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist> -#: sssd-ldap.5.xml:1912 +#: sssd-ldap.5.xml:1914 msgid "</note>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1914 +#: sssd-ldap.5.xml:1916 msgid "ldap_sudo_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1919 +#: sssd-ldap.5.xml:1921 msgid "ldap_autofs_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1883 +#: sssd-ldap.5.xml:1885 msgid "" "These options are supported by LDAP domains, but they should be used with " "caution. Please include them in your configuration only if you know what you " @@ -7304,14 +7321,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1934 sssd-simple.5.xml:131 sssd-ipa.5.xml:925 -#: sssd-ad.5.xml:1386 sssd-krb5.5.xml:483 sss_rpcidmapd.5.xml:98 +#: sssd-ldap.5.xml:1936 sssd-simple.5.xml:131 sssd-ipa.5.xml:930 +#: sssd-ad.5.xml:1391 sssd-krb5.5.xml:483 sss_rpcidmapd.5.xml:98 #: sssd-files.5.xml:155 sssd-session-recording.5.xml:176 msgid "EXAMPLE" msgstr "НАМУНА" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1936 +#: sssd-ldap.5.xml:1938 msgid "" "The following example assumes that SSSD is correctly configured and LDAP is " "set to one of the domains in the <replaceable>[domains]</replaceable> " @@ -7319,7 +7336,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ldap.5.xml:1942 +#: sssd-ldap.5.xml:1944 #, no-wrap msgid "" "[domain/LDAP]\n" @@ -7332,27 +7349,27 @@ msgid "" msgstr "" #. type: Content of: <refsect1><refsect2><para> -#: sssd-ldap.5.xml:1941 sssd-ldap.5.xml:1959 sssd-simple.5.xml:139 -#: sssd-ipa.5.xml:933 sssd-ad.5.xml:1394 sssd-sudo.5.xml:56 sssd-krb5.5.xml:492 +#: sssd-ldap.5.xml:1943 sssd-ldap.5.xml:1961 sssd-simple.5.xml:139 +#: sssd-ipa.5.xml:938 sssd-ad.5.xml:1399 sssd-sudo.5.xml:56 sssd-krb5.5.xml:492 #: sssd-files.5.xml:162 sssd-files.5.xml:173 sssd-session-recording.5.xml:182 #: include/ldap_id_mapping.xml:105 msgid "<placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1953 +#: sssd-ldap.5.xml:1955 msgid "LDAP ACCESS FILTER EXAMPLE" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1955 +#: sssd-ldap.5.xml:1957 msgid "" "The following example assumes that SSSD is correctly configured and to use " "the ldap_access_order=lockout." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ldap.5.xml:1960 +#: sssd-ldap.5.xml:1962 #, no-wrap msgid "" "[domain/LDAP]\n" @@ -7368,13 +7385,13 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1975 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148 -#: sssd-ad.5.xml:1409 sssd.8.xml:238 sss_seed.8.xml:163 +#: sssd-ldap.5.xml:1977 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148 +#: sssd-ad.5.xml:1414 sssd.8.xml:238 sss_seed.8.xml:163 msgid "NOTES" msgstr "ЭЗОҲҲО" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1977 +#: sssd-ldap.5.xml:1979 msgid "" "The descriptions of some of the configuration options in this manual page " "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> " @@ -9703,12 +9720,12 @@ msgid "Example: dyndns_iface = em1, vnet1, vnet2" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:204 sssd-ad.5.xml:1285 +#: sssd-ipa.5.xml:204 sssd-ad.5.xml:1290 msgid "dyndns_auth (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:207 sssd-ad.5.xml:1288 +#: sssd-ipa.5.xml:207 sssd-ad.5.xml:1293 msgid "" "Whether the nsupdate utility should use GSS-TSIG authentication for secure " "updates with the DNS server, insecure updates can be sent by setting this " @@ -9716,17 +9733,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:213 sssd-ad.5.xml:1294 +#: sssd-ipa.5.xml:213 sssd-ad.5.xml:1299 msgid "Default: GSS-TSIG" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:219 sssd-ad.5.xml:1300 +#: sssd-ipa.5.xml:219 sssd-ad.5.xml:1305 msgid "dyndns_auth_ptr (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:222 sssd-ad.5.xml:1303 +#: sssd-ipa.5.xml:222 sssd-ad.5.xml:1308 msgid "" "Whether the nsupdate utility should use GSS-TSIG authentication for secure " "PTR updates with the DNS server, insecure updates can be sent by setting " @@ -9734,7 +9751,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:228 sssd-ad.5.xml:1309 +#: sssd-ipa.5.xml:228 sssd-ad.5.xml:1314 msgid "Default: Same as dyndns_auth" msgstr "" @@ -9793,65 +9810,72 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:290 +#: sssd-ipa.5.xml:290 sssd-ad.5.xml:1266 +msgid "" +"Note that <emphasis>dyndns_update_per_family</emphasis> parameter does not " +"apply for PTR record updates. Those updates are always sent separately." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:295 msgid "Default: False (disabled)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:296 sssd-ad.5.xml:1272 +#: sssd-ipa.5.xml:301 sssd-ad.5.xml:1277 msgid "dyndns_force_tcp (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:299 sssd-ad.5.xml:1275 +#: sssd-ipa.5.xml:304 sssd-ad.5.xml:1280 msgid "" "Whether the nsupdate utility should default to using TCP for communicating " "with the DNS server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:303 sssd-ad.5.xml:1279 +#: sssd-ipa.5.xml:308 sssd-ad.5.xml:1284 msgid "Default: False (let nsupdate choose the protocol)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:309 sssd-ad.5.xml:1315 +#: sssd-ipa.5.xml:314 sssd-ad.5.xml:1320 msgid "dyndns_server (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:312 sssd-ad.5.xml:1318 +#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1323 msgid "" "The DNS server to use when performing a DNS update. In most setups, it's " "recommended to leave this option unset." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1323 +#: sssd-ipa.5.xml:322 sssd-ad.5.xml:1328 msgid "" "Setting this option makes sense for environments where the DNS server is " "different from the identity server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:322 sssd-ad.5.xml:1328 +#: sssd-ipa.5.xml:327 sssd-ad.5.xml:1333 msgid "" "Please note that this option will be only used in fallback attempt when " "previous attempt using autodetected settings failed." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:327 sssd-ad.5.xml:1333 +#: sssd-ipa.5.xml:332 sssd-ad.5.xml:1338 msgid "Default: None (let nsupdate choose the server)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:333 sssd-ad.5.xml:1339 +#: sssd-ipa.5.xml:338 sssd-ad.5.xml:1344 msgid "dyndns_update_per_family (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:336 sssd-ad.5.xml:1342 +#: sssd-ipa.5.xml:341 sssd-ad.5.xml:1347 msgid "" "DNS update is by default performed in two steps - IPv4 update and then IPv6 " "update. In some cases it might be desirable to perform IPv4 and IPv6 update " @@ -9859,177 +9883,177 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:348 +#: sssd-ipa.5.xml:353 msgid "ipa_access_order (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:355 +#: sssd-ipa.5.xml:360 msgid "<emphasis>expire</emphasis>: use IPA's account expiration policy." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:394 +#: sssd-ipa.5.xml:399 msgid "" "Please note that 'access_provider = ipa' must be set for this feature to " "work." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:401 +#: sssd-ipa.5.xml:406 msgid "ipa_deskprofile_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:404 +#: sssd-ipa.5.xml:409 msgid "" "Optional. Use the given string as search base for Desktop Profile related " "objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:408 sssd-ipa.5.xml:435 +#: sssd-ipa.5.xml:413 sssd-ipa.5.xml:440 msgid "Default: Use base DN" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:414 +#: sssd-ipa.5.xml:419 msgid "ipa_subid_ranges_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:417 +#: sssd-ipa.5.xml:422 msgid "" "Optional. Use the given string as search base for subordinate ranges related " "objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:421 +#: sssd-ipa.5.xml:426 msgid "Default: the value of <emphasis>cn=subids,%basedn</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:428 +#: sssd-ipa.5.xml:433 msgid "ipa_hbac_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:431 +#: sssd-ipa.5.xml:436 msgid "Optional. Use the given string as search base for HBAC related objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:441 +#: sssd-ipa.5.xml:446 msgid "ipa_host_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:444 +#: sssd-ipa.5.xml:449 msgid "Deprecated. Use ldap_host_search_base instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:450 +#: sssd-ipa.5.xml:455 msgid "ipa_selinux_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:453 +#: sssd-ipa.5.xml:458 msgid "Optional. Use the given string as search base for SELinux user maps." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:469 +#: sssd-ipa.5.xml:474 msgid "ipa_subdomains_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:472 +#: sssd-ipa.5.xml:477 msgid "Optional. Use the given string as search base for trusted domains." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:481 +#: sssd-ipa.5.xml:486 msgid "Default: the value of <emphasis>cn=trusts,%basedn</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:488 +#: sssd-ipa.5.xml:493 msgid "ipa_master_domain_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:491 +#: sssd-ipa.5.xml:496 msgid "Optional. Use the given string as search base for master domain object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:500 +#: sssd-ipa.5.xml:505 msgid "Default: the value of <emphasis>cn=ad,cn=etc,%basedn</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:507 +#: sssd-ipa.5.xml:512 msgid "ipa_views_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:510 +#: sssd-ipa.5.xml:515 msgid "Optional. Use the given string as search base for views containers." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:519 +#: sssd-ipa.5.xml:524 msgid "Default: the value of <emphasis>cn=views,cn=accounts,%basedn</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:529 +#: sssd-ipa.5.xml:534 msgid "" "The name of the Kerberos realm. This is optional and defaults to the value " "of <quote>ipa_domain</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:533 +#: sssd-ipa.5.xml:538 msgid "" "The name of the Kerberos realm has a special meaning in IPA - it is " "converted into the base DN to use for performing LDAP operations." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:541 sssd-ad.5.xml:1357 +#: sssd-ipa.5.xml:546 sssd-ad.5.xml:1362 msgid "krb5_confd_path (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:544 sssd-ad.5.xml:1360 +#: sssd-ipa.5.xml:549 sssd-ad.5.xml:1365 msgid "" "Absolute path of a directory where SSSD should place Kerberos configuration " "snippets." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:548 sssd-ad.5.xml:1364 +#: sssd-ipa.5.xml:553 sssd-ad.5.xml:1369 msgid "" "To disable the creation of the configuration snippets set the parameter to " "'none'." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:552 sssd-ad.5.xml:1368 +#: sssd-ipa.5.xml:557 sssd-ad.5.xml:1373 msgid "" "Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:559 +#: sssd-ipa.5.xml:564 msgid "ipa_deskprofile_refresh (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:562 +#: sssd-ipa.5.xml:567 msgid "" "The amount of time between lookups of the Desktop Profile rules against the " "IPA server. This will reduce the latency and load on the IPA server if there " @@ -10037,34 +10061,34 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:569 sssd-ipa.5.xml:599 sssd-ipa.5.xml:615 sssd-ad.5.xml:599 +#: sssd-ipa.5.xml:574 sssd-ipa.5.xml:604 sssd-ipa.5.xml:620 sssd-ad.5.xml:599 msgid "Default: 5 (seconds)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:575 +#: sssd-ipa.5.xml:580 msgid "ipa_deskprofile_request_interval (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:578 +#: sssd-ipa.5.xml:583 msgid "" "The amount of time between lookups of the Desktop Profile rules against the " "IPA server in case the last request did not return any rule." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:583 +#: sssd-ipa.5.xml:588 msgid "Default: 60 (minutes)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:589 +#: sssd-ipa.5.xml:594 msgid "ipa_hbac_refresh (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:592 +#: sssd-ipa.5.xml:597 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server. " "This will reduce the latency and load on the IPA server if there are many " @@ -10072,12 +10096,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:605 +#: sssd-ipa.5.xml:610 msgid "ipa_hbac_selinux (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:608 +#: sssd-ipa.5.xml:613 msgid "" "The amount of time between lookups of the SELinux maps against the IPA " "server. This will reduce the latency and load on the IPA server if there are " @@ -10085,33 +10109,33 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:621 +#: sssd-ipa.5.xml:626 msgid "ipa_server_mode (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:624 +#: sssd-ipa.5.xml:629 msgid "" "This option will be set by the IPA installer (ipa-server-install) " "automatically and denotes if SSSD is running on an IPA server or not." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:629 +#: sssd-ipa.5.xml:634 msgid "" "On an IPA server SSSD will lookup users and groups from trusted domains " "directly while on a client it will ask an IPA server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:634 +#: sssd-ipa.5.xml:639 msgid "" "NOTE: There are currently some assumptions that must be met when SSSD is " "running on an IPA server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:639 +#: sssd-ipa.5.xml:644 msgid "" "The <quote>ipa_server</quote> option must be configured to point to the IPA " "server itself. This is already the default set by the IPA installer, so no " @@ -10119,59 +10143,59 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:648 +#: sssd-ipa.5.xml:653 msgid "" "The <quote>full_name_format</quote> option must not be tweaked to only print " "short names for users from trusted domains." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:663 +#: sssd-ipa.5.xml:668 msgid "ipa_automount_location (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:666 +#: sssd-ipa.5.xml:671 msgid "The automounter location this IPA client will be using" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:669 +#: sssd-ipa.5.xml:674 msgid "Default: The location named \"default\"" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd-ipa.5.xml:677 +#: sssd-ipa.5.xml:682 msgid "VIEWS AND OVERRIDES" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:686 +#: sssd-ipa.5.xml:691 msgid "ipa_view_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:689 +#: sssd-ipa.5.xml:694 msgid "Objectclass of the view container." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:692 +#: sssd-ipa.5.xml:697 msgid "Default: nsContainer" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:698 +#: sssd-ipa.5.xml:703 msgid "ipa_view_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:701 +#: sssd-ipa.5.xml:706 msgid "Name of the attribute holding the name of the view." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:705 sssd-ldap-attributes.5.xml:496 +#: sssd-ipa.5.xml:710 sssd-ldap-attributes.5.xml:496 #: sssd-ldap-attributes.5.xml:830 sssd-ldap-attributes.5.xml:911 #: sssd-ldap-attributes.5.xml:1008 sssd-ldap-attributes.5.xml:1066 #: sssd-ldap-attributes.5.xml:1224 sssd-ldap-attributes.5.xml:1269 @@ -10179,128 +10203,128 @@ msgid "Default: cn" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:711 +#: sssd-ipa.5.xml:716 msgid "ipa_override_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:714 +#: sssd-ipa.5.xml:719 msgid "Objectclass of the override objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:717 +#: sssd-ipa.5.xml:722 msgid "Default: ipaOverrideAnchor" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:723 +#: sssd-ipa.5.xml:728 msgid "ipa_anchor_uuid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:726 +#: sssd-ipa.5.xml:731 msgid "" "Name of the attribute containing the reference to the original object in a " "remote domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:730 +#: sssd-ipa.5.xml:735 msgid "Default: ipaAnchorUUID" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:736 +#: sssd-ipa.5.xml:741 msgid "ipa_user_override_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:739 +#: sssd-ipa.5.xml:744 msgid "" "Name of the objectclass for user overrides. It is used to determine if the " "found override object is related to a user or a group." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:744 +#: sssd-ipa.5.xml:749 msgid "User overrides can contain attributes given by" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:747 +#: sssd-ipa.5.xml:752 msgid "ldap_user_name" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:750 +#: sssd-ipa.5.xml:755 msgid "ldap_user_uid_number" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:753 +#: sssd-ipa.5.xml:758 msgid "ldap_user_gid_number" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:756 +#: sssd-ipa.5.xml:761 msgid "ldap_user_gecos" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:759 +#: sssd-ipa.5.xml:764 msgid "ldap_user_home_directory" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:762 +#: sssd-ipa.5.xml:767 msgid "ldap_user_shell" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:765 +#: sssd-ipa.5.xml:770 msgid "ldap_user_ssh_public_key" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:770 +#: sssd-ipa.5.xml:775 msgid "Default: ipaUserOverride" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:776 +#: sssd-ipa.5.xml:781 msgid "ipa_group_override_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:779 +#: sssd-ipa.5.xml:784 msgid "" "Name of the objectclass for group overrides. It is used to determine if the " "found override object is related to a user or a group." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:784 +#: sssd-ipa.5.xml:789 msgid "Group overrides can contain attributes given by" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:787 +#: sssd-ipa.5.xml:792 msgid "ldap_group_name" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:790 +#: sssd-ipa.5.xml:795 msgid "ldap_group_gid_number" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:795 +#: sssd-ipa.5.xml:800 msgid "Default: ipaGroupOverride" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd-ipa.5.xml:679 +#: sssd-ipa.5.xml:684 msgid "" "SSSD can handle views and overrides which are offered by FreeIPA 4.1 and " "later version. Since all paths and objectclasses are fixed on the server " @@ -10310,19 +10334,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ipa.5.xml:807 +#: sssd-ipa.5.xml:812 msgid "SUBDOMAINS PROVIDER" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:809 +#: sssd-ipa.5.xml:814 msgid "" "The IPA subdomains provider behaves slightly differently if it is configured " "explicitly or implicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:813 +#: sssd-ipa.5.xml:818 msgid "" "If the option 'subdomains_provider = ipa' is found in the domain section of " "sssd.conf, the IPA subdomains provider is configured explicitly, and all " @@ -10330,7 +10354,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:819 +#: sssd-ipa.5.xml:824 msgid "" "If the option 'subdomains_provider' is not set in the domain section of sssd." "conf but there is the option 'id_provider = ipa', the IPA subdomains " @@ -10342,12 +10366,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ipa.5.xml:830 +#: sssd-ipa.5.xml:835 msgid "TRUSTED DOMAINS CONFIGURATION" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ipa.5.xml:838 +#: sssd-ipa.5.xml:843 #, no-wrap msgid "" "[domain/ipa.domain.com/ad.domain.com]\n" @@ -10355,7 +10379,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:832 +#: sssd-ipa.5.xml:837 msgid "" "Some configuration options can also be set for a trusted domain. A trusted " "domain configuration can be set using the trusted domain subsection as shown " @@ -10365,80 +10389,80 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:843 +#: sssd-ipa.5.xml:848 msgid "" "For more details, see the <citerefentry> <refentrytitle>sssd.conf</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:850 +#: sssd-ipa.5.xml:855 msgid "" "Different configuration options are tunable for a trusted domain depending " "on whether you are configuring SSSD on an IPA server or an IPA client." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd-ipa.5.xml:855 +#: sssd-ipa.5.xml:860 msgid "OPTIONS TUNABLE ON IPA MASTERS" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd-ipa.5.xml:857 +#: sssd-ipa.5.xml:862 msgid "" "The following options can be set in a subdomain section on an IPA master:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:861 sssd-ipa.5.xml:891 +#: sssd-ipa.5.xml:866 sssd-ipa.5.xml:896 msgid "ad_server" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:864 +#: sssd-ipa.5.xml:869 msgid "ad_backup_server" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:867 sssd-ipa.5.xml:894 +#: sssd-ipa.5.xml:872 sssd-ipa.5.xml:899 msgid "ad_site" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:870 +#: sssd-ipa.5.xml:875 msgid "ldap_search_base" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:873 +#: sssd-ipa.5.xml:878 msgid "ldap_user_search_base" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:876 +#: sssd-ipa.5.xml:881 msgid "ldap_group_search_base" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd-ipa.5.xml:885 +#: sssd-ipa.5.xml:890 msgid "OPTIONS TUNABLE ON IPA CLIENTS" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd-ipa.5.xml:887 +#: sssd-ipa.5.xml:892 msgid "" "The following options can be set in a subdomain section on an IPA client:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd-ipa.5.xml:899 +#: sssd-ipa.5.xml:904 msgid "" "Note that if both options are set, only <quote>ad_server</quote> is " "evaluated." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd-ipa.5.xml:903 +#: sssd-ipa.5.xml:908 msgid "" "Since any request for a user or a group identity from a trusted domain " "triggered from an IPA client is resolved by the IPA server, the " @@ -10452,7 +10476,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:927 +#: sssd-ipa.5.xml:932 msgid "" "The following example assumes that SSSD is correctly configured and example." "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " @@ -10460,7 +10484,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ipa.5.xml:934 +#: sssd-ipa.5.xml:939 #, no-wrap msgid "" "[domain/example.com]\n" @@ -11654,7 +11678,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ad.5.xml:1388 +#: sssd-ad.5.xml:1393 msgid "" "The following example assumes that SSSD is correctly configured and example." "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " @@ -11662,7 +11686,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ad.5.xml:1395 +#: sssd-ad.5.xml:1400 #, no-wrap msgid "" "[domain/EXAMPLE]\n" @@ -11677,7 +11701,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ad.5.xml:1415 +#: sssd-ad.5.xml:1420 #, no-wrap msgid "" "access_provider = ldap\n" @@ -11686,7 +11710,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ad.5.xml:1411 +#: sssd-ad.5.xml:1416 msgid "" "The AD access control provider checks if the account is expired. It has the " "same effect as the following configuration of the LDAP provider: " @@ -11694,7 +11718,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ad.5.xml:1421 +#: sssd-ad.5.xml:1426 msgid "" "However, unless the <quote>ad</quote> access control provider is explicitly " "configured, the default access provider is <quote>permit</quote>. Please " @@ -11704,7 +11728,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ad.5.xml:1429 +#: sssd-ad.5.xml:1434 msgid "" "When the autofs provider is set to <quote>ad</quote>, the RFC2307 schema " "attribute mapping (nisMap, nisObject, ...) is used, because these attributes " diff --git a/src/man/po/uk.po b/src/man/po/uk.po index 873fc756ac2..ee35b33eac4 100644 --- a/src/man/po/uk.po +++ b/src/man/po/uk.po @@ -15,7 +15,7 @@ msgid "" msgstr "" "Project-Id-Version: sssd-docs 2.3.0\n" "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" -"POT-Creation-Date: 2023-09-07 11:47+0200\n" +"POT-Creation-Date: 2023-11-13 11:53+0100\n" "PO-Revision-Date: 2022-12-13 18:20+0000\n" "Last-Translator: Yuri Chornoivan <yurchor@ukr.net>\n" "Language-Team: Ukrainian <https://translate.fedoraproject.org/projects/sssd/" @@ -260,10 +260,10 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:136 sssd.conf.5.xml:173 sssd.conf.5.xml:358 #: sssd.conf.5.xml:714 sssd.conf.5.xml:729 sssd.conf.5.xml:952 -#: sssd.conf.5.xml:1070 sssd.conf.5.xml:2198 sssd-ldap.5.xml:1071 -#: sssd-ldap.5.xml:1174 sssd-ldap.5.xml:1243 sssd-ldap.5.xml:1750 -#: sssd-ldap.5.xml:1815 sssd-ipa.5.xml:342 sssd-ad.5.xml:252 sssd-ad.5.xml:366 -#: sssd-ad.5.xml:1200 sssd-ad.5.xml:1348 sssd-krb5.5.xml:358 +#: sssd.conf.5.xml:1070 sssd.conf.5.xml:2198 sssd-ldap.5.xml:1073 +#: sssd-ldap.5.xml:1176 sssd-ldap.5.xml:1245 sssd-ldap.5.xml:1752 +#: sssd-ldap.5.xml:1817 sssd-ipa.5.xml:347 sssd-ad.5.xml:252 sssd-ad.5.xml:366 +#: sssd-ad.5.xml:1200 sssd-ad.5.xml:1353 sssd-krb5.5.xml:358 msgid "Default: true" msgstr "Типове значення: true" @@ -284,10 +284,10 @@ msgstr "" #. type: Content of: <variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:149 sssd.conf.5.xml:652 sssd.conf.5.xml:949 -#: sssd.conf.5.xml:2101 sssd.conf.5.xml:2168 sssd.conf.5.xml:4174 -#: sssd-ldap.5.xml:312 sssd-ldap.5.xml:917 sssd-ldap.5.xml:936 -#: sssd-ldap.5.xml:1146 sssd-ldap.5.xml:1599 sssd-ldap.5.xml:1839 -#: sssd-ipa.5.xml:152 sssd-ipa.5.xml:254 sssd-ipa.5.xml:657 sssd-ad.5.xml:1106 +#: sssd.conf.5.xml:2101 sssd.conf.5.xml:2168 sssd.conf.5.xml:4191 +#: sssd-ldap.5.xml:313 sssd-ldap.5.xml:919 sssd-ldap.5.xml:938 +#: sssd-ldap.5.xml:1148 sssd-ldap.5.xml:1601 sssd-ldap.5.xml:1841 +#: sssd-ipa.5.xml:152 sssd-ipa.5.xml:254 sssd-ipa.5.xml:662 sssd-ad.5.xml:1106 #: sssd-krb5.5.xml:268 sssd-krb5.5.xml:330 sssd-krb5.5.xml:432 #: include/krb5_options.xml:163 msgid "Default: false" @@ -329,8 +329,8 @@ msgstr "" "встановлення цього значення не впливає на інші типи журналювання)." #. type: Content of: outside any tag (error?) -#: sssd.conf.5.xml:109 sssd.conf.5.xml:184 sssd-ldap.5.xml:1656 -#: sssd-ldap.5.xml:1862 sss-certmap.5.xml:645 sssd-systemtap.5.xml:82 +#: sssd.conf.5.xml:109 sssd.conf.5.xml:184 sssd-ldap.5.xml:1658 +#: sssd-ldap.5.xml:1864 sss-certmap.5.xml:645 sssd-systemtap.5.xml:82 #: sssd-systemtap.5.xml:143 sssd-systemtap.5.xml:236 sssd-systemtap.5.xml:274 #: sssd-systemtap.5.xml:330 sssd-ldap-attributes.5.xml:40 #: sssd-ldap-attributes.5.xml:659 sssd-ldap-attributes.5.xml:801 @@ -365,7 +365,7 @@ msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:196 sssd.conf.5.xml:1290 sssd.conf.5.xml:1767 -#: sssd.conf.5.xml:4190 sssd-ldap.5.xml:765 include/ldap_id_mapping.xml:270 +#: sssd.conf.5.xml:4207 sssd-ldap.5.xml:766 include/ldap_id_mapping.xml:270 msgid "Default: 10" msgstr "Типове значення: 10" @@ -458,7 +458,7 @@ msgstr "" "визнання подальших спроб безнадійними." #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:266 sssd.conf.5.xml:792 sssd.conf.5.xml:3709 +#: sssd.conf.5.xml:266 sssd.conf.5.xml:792 sssd.conf.5.xml:3716 #: include/failover.xml:100 msgid "Default: 3" msgstr "Типове значення: 3" @@ -487,7 +487,7 @@ msgstr "" "використовувати символ «/»." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:287 sssd.conf.5.xml:3541 +#: sssd.conf.5.xml:287 sssd.conf.5.xml:3548 msgid "re_expression (string)" msgstr "re_expression (рядок)" @@ -513,12 +513,12 @@ msgstr "" "ДОМЕНІВ." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:304 sssd.conf.5.xml:3598 +#: sssd.conf.5.xml:304 sssd.conf.5.xml:3605 msgid "full_name_format (string)" msgstr "full_name_format (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:307 sssd.conf.5.xml:3601 +#: sssd.conf.5.xml:307 sssd.conf.5.xml:3608 msgid "" "A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</" "manvolnum> </citerefentry>-compatible format that describes how to compose a " @@ -530,32 +530,32 @@ msgstr "" "домену." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:318 sssd.conf.5.xml:3612 +#: sssd.conf.5.xml:318 sssd.conf.5.xml:3619 msgid "%1$s" msgstr "%1$s" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:319 sssd.conf.5.xml:3613 +#: sssd.conf.5.xml:319 sssd.conf.5.xml:3620 msgid "user name" msgstr "ім’я користувача" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:322 sssd.conf.5.xml:3616 +#: sssd.conf.5.xml:322 sssd.conf.5.xml:3623 msgid "%2$s" msgstr "%2$s" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:325 sssd.conf.5.xml:3619 +#: sssd.conf.5.xml:325 sssd.conf.5.xml:3626 msgid "domain name as specified in the SSSD config file." msgstr "назва домену у форматі, вказаному у файлі налаштувань SSSD." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:331 sssd.conf.5.xml:3625 +#: sssd.conf.5.xml:331 sssd.conf.5.xml:3632 msgid "%3$s" msgstr "%3$s" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:334 sssd.conf.5.xml:3628 +#: sssd.conf.5.xml:334 sssd.conf.5.xml:3635 msgid "" "domain flat name. Mostly usable for Active Directory domains, both directly " "configured or discovered via IPA trusts." @@ -564,7 +564,7 @@ msgstr "" "Directory, налаштованих та автоматично виявлених за зв’язками довіри IPA." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:315 sssd.conf.5.xml:3609 +#: sssd.conf.5.xml:315 sssd.conf.5.xml:3616 msgid "" "The following expansions are supported: <placeholder type=\"variablelist\" " "id=\"0\"/>" @@ -775,8 +775,8 @@ msgstr "" "default_domain_suffix." #. type: Content of: <variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:468 sssd-ldap.5.xml:876 sssd-ldap.5.xml:888 -#: sssd-ldap.5.xml:980 sssd-ad.5.xml:920 sssd-ad.5.xml:995 sssd-krb5.5.xml:468 +#: sssd.conf.5.xml:468 sssd-ldap.5.xml:877 sssd-ldap.5.xml:889 +#: sssd-ldap.5.xml:982 sssd-ad.5.xml:920 sssd-ad.5.xml:995 sssd-krb5.5.xml:468 #: sssd-ldap-attributes.5.xml:470 sssd-ldap-attributes.5.xml:976 #: include/ldap_id_mapping.xml:211 include/ldap_id_mapping.xml:222 #: include/krb5_options.xml:148 @@ -1133,7 +1133,7 @@ msgstr "" "різних доменах можуть бути однаковими." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:700 sssd.conf.5.xml:1791 sssd.conf.5.xml:4240 +#: sssd.conf.5.xml:700 sssd.conf.5.xml:1791 sssd.conf.5.xml:4257 #: sssd-ad.5.xml:187 sssd-ad.5.xml:327 sssd-ad.5.xml:341 msgid "Default: Not set" msgstr "Типове значення: не встановлено" @@ -1367,7 +1367,7 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:858 sssd.conf.5.xml:1201 sssd.conf.5.xml:1584 -#: sssd.conf.5.xml:1880 sssd-ldap.5.xml:494 +#: sssd.conf.5.xml:1880 sssd-ldap.5.xml:495 msgid "Default: 60" msgstr "Типове значення: 60" @@ -1492,7 +1492,7 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:937 sssd.conf.5.xml:1214 sssd.conf.5.xml:2322 -#: sssd-ldap.5.xml:331 +#: sssd-ldap.5.xml:332 msgid "Default: 300" msgstr "Типове значення: 300" @@ -1952,7 +1952,7 @@ msgstr "" "для запитів passwd. Встановлення розміру 0 вимкне кеш у пам'яті для passwd." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1240 sssd.conf.5.xml:2964 sssd-ldap.5.xml:548 +#: sssd.conf.5.xml:1240 sssd.conf.5.xml:2971 sssd-ldap.5.xml:549 msgid "Default: 8" msgstr "Типове значення: 8" @@ -1982,8 +1982,8 @@ msgstr "" "для запитів group. Встановлення розміру 0 вимкне кеш у пам'яті для group." #. type: Content of: <variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1265 sssd.conf.5.xml:1317 sssd.conf.5.xml:3730 -#: sssd-ldap.5.xml:473 sssd-ldap.5.xml:525 include/failover.xml:116 +#: sssd.conf.5.xml:1265 sssd.conf.5.xml:1317 sssd.conf.5.xml:3737 +#: sssd-ldap.5.xml:474 sssd-ldap.5.xml:526 include/failover.xml:116 #: include/krb5_options.xml:11 msgid "Default: 6" msgstr "Типове значення: 6" @@ -2364,7 +2364,7 @@ msgid "pam_pwd_expiration_warning (integer)" msgstr "pam_pwd_expiration_warning (ціле число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1553 sssd.conf.5.xml:2988 +#: sssd.conf.5.xml:1553 sssd.conf.5.xml:2995 msgid "Display a warning N days before the password expires." msgstr "" "Показати попередження за вказану кількість днів перед завершенням дії пароля." @@ -2381,7 +2381,7 @@ msgstr "" "попередження." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1562 sssd.conf.5.xml:2991 +#: sssd.conf.5.xml:1562 sssd.conf.5.xml:2998 msgid "" "If zero is set, then this filter is not applied, i.e. if the expiration " "warning was received from backend server, it will automatically be displayed." @@ -2400,7 +2400,7 @@ msgstr "" "<emphasis>pwd_expiration_warning</emphasis> для окремого домену." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1572 sssd.conf.5.xml:3977 sssd-ldap.5.xml:606 sssd.8.xml:79 +#: sssd.conf.5.xml:1572 sssd.conf.5.xml:3984 sssd-ldap.5.xml:607 sssd.8.xml:79 msgid "Default: 0" msgstr "Типове значення: 0" @@ -2478,8 +2478,8 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1632 sssd.conf.5.xml:1657 sssd.conf.5.xml:1676 -#: sssd.conf.5.xml:1913 sssd.conf.5.xml:2733 sssd.conf.5.xml:3906 -#: sssd-ldap.5.xml:1207 +#: sssd.conf.5.xml:1913 sssd.conf.5.xml:2733 sssd.conf.5.xml:3913 +#: sssd-ldap.5.xml:1209 msgid "Default: none" msgstr "Типове значення: none" @@ -2555,8 +2555,8 @@ msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1687 sssd.conf.5.xml:1698 sssd.conf.5.xml:1712 -#: sssd-ldap.5.xml:671 sssd-ldap.5.xml:692 sssd-ldap.5.xml:788 -#: sssd-ldap.5.xml:1293 sssd-ad.5.xml:505 sssd-ad.5.xml:581 sssd-ad.5.xml:1126 +#: sssd-ldap.5.xml:672 sssd-ldap.5.xml:693 sssd-ldap.5.xml:789 +#: sssd-ldap.5.xml:1295 sssd-ad.5.xml:505 sssd-ad.5.xml:581 sssd-ad.5.xml:1126 #: sssd-ad.5.xml:1175 include/ldap_id_mapping.xml:250 msgid "Default: False" msgstr "Типове значення: False" @@ -2598,7 +2598,7 @@ msgid "The path to the certificate database." msgstr "Шлях до бази даних сертифікатів." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1723 sssd.conf.5.xml:2248 sssd.conf.5.xml:4354 +#: sssd.conf.5.xml:1723 sssd.conf.5.xml:2248 sssd.conf.5.xml:4371 msgid "Default:" msgstr "Типове значення:" @@ -2928,7 +2928,7 @@ msgid "Default: no_session" msgstr "Типове значення: no_session" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1950 sssd.conf.5.xml:4293 +#: sssd.conf.5.xml:1950 sssd.conf.5.xml:4310 msgid "pam_gssapi_services" msgstr "pam_gssapi_services" @@ -2972,7 +2972,7 @@ msgstr "" " " #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1968 sssd.conf.5.xml:3900 +#: sssd.conf.5.xml:1968 sssd.conf.5.xml:3907 msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>" msgstr "Приклад: <placeholder type=\"programlisting\" id=\"0\"/>" @@ -2982,7 +2982,7 @@ msgid "Default: - (GSSAPI authentication is disabled)" msgstr "Типове значення: - (розпізнавання за GSSAPI вимкнено)" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1979 sssd.conf.5.xml:4294 +#: sssd.conf.5.xml:1979 sssd.conf.5.xml:4311 msgid "pam_gssapi_check_upn" msgstr "pam_gssapi_check_upn" @@ -3008,7 +3008,7 @@ msgstr "" "зможуть отримати бажаний квиток служби." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1999 sssd-ad.5.xml:1266 sss_rpcidmapd.5.xml:76 +#: sssd.conf.5.xml:1999 sssd-ad.5.xml:1271 sss_rpcidmapd.5.xml:76 #: sssd-files.5.xml:145 msgid "Default: True" msgstr "Типове значення: True" @@ -3968,7 +3968,7 @@ msgid "FALSE = No enumerations for this domain" msgstr "FALSE = не використовувати нумерацію для цього домену" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2669 sssd.conf.5.xml:2943 sssd.conf.5.xml:3120 +#: sssd.conf.5.xml:2669 sssd.conf.5.xml:2950 sssd.conf.5.xml:3127 msgid "Default: FALSE" msgstr "Типове значення: FALSE" @@ -4307,7 +4307,7 @@ msgstr "" "чинність наявного кешу." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2922 sssd-ldap.5.xml:360 sssd-ldap.5.xml:1736 +#: sssd.conf.5.xml:2922 sssd-ldap.5.xml:361 sssd-ldap.5.xml:1738 #: sssd-ipa.5.xml:270 msgid "Default: 0 (disabled)" msgstr "Типове значення: 0 (вимкнено)" @@ -4319,16 +4319,17 @@ msgstr "cache_credentials (булеве значення)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:2931 -#, fuzzy -#| msgid "" -#| "Determines if user credentials are also cached in the local LDB cache" -msgid "Determines if user credentials are also cached in the local LDB cache." +msgid "" +"Determines if user credentials are also cached in the local LDB cache. The " +"cached credentials refer to passwords, which includes the first (long term) " +"factor of two-factor authentication, not other authentication mechanisms. " +"Passkey and Smartcard authentications are expected to work offline as long " +"as a successful online authentication is recorded in the cache without " +"additional configuration." msgstr "" -"Визначає, чи слід також кешувати реєстраційні дані користувача у локальному " -"кеші LDB" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2935 +#: sssd.conf.5.xml:2942 msgid "" "Take a note that while credentials are stored as a salted SHA512 hash, this " "still potentially poses some security risk in case an attacker manages to " @@ -4337,12 +4338,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2949 +#: sssd.conf.5.xml:2956 msgid "cache_credentials_minimal_first_factor_length (int)" msgstr "cache_credentials_minimal_first_factor_length (ціле число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2952 +#: sssd.conf.5.xml:2959 msgid "" "If 2-Factor-Authentication (2FA) is used and credentials should be saved " "this value determines the minimal length the first authentication factor " @@ -4354,7 +4355,7 @@ msgstr "" "контрольної суми SHA512 у кеші." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2959 +#: sssd.conf.5.xml:2966 msgid "" "This should avoid that the short PINs of a PIN based 2FA scheme are saved in " "the cache which would make them easy targets for brute-force attacks." @@ -4364,12 +4365,12 @@ msgstr "" "мішенню атак із перебиранням паролів." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2970 +#: sssd.conf.5.xml:2977 msgid "account_cache_expiration (integer)" msgstr "account_cache_expiration (ціле число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2973 +#: sssd.conf.5.xml:2980 msgid "" "Number of days entries are left in cache after last successful login before " "being removed during a cleanup of the cache. 0 means keep forever. The " @@ -4382,17 +4383,17 @@ msgstr "" "offline_credentials_expiration." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2980 +#: sssd.conf.5.xml:2987 msgid "Default: 0 (unlimited)" msgstr "Типове значення: 0 (без обмежень)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2985 +#: sssd.conf.5.xml:2992 msgid "pwd_expiration_warning (integer)" msgstr "pwd_expiration_warning (ціле число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2996 +#: sssd.conf.5.xml:3003 msgid "" "Please note that the backend server has to provide information about the " "expiration time of the password. If this information is missing, sssd " @@ -4405,17 +4406,17 @@ msgstr "" "даних розпізнавання." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3003 +#: sssd.conf.5.xml:3010 msgid "Default: 7 (Kerberos), 0 (LDAP)" msgstr "Типове значення: 7 (Kerberos), 0 (LDAP)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3009 +#: sssd.conf.5.xml:3016 msgid "id_provider (string)" msgstr "id_provider (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3012 +#: sssd.conf.5.xml:3019 msgid "" "The identification provider used for the domain. Supported ID providers are:" msgstr "" @@ -4423,12 +4424,12 @@ msgstr "" "Серед підтримуваних засобів такі:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3016 +#: sssd.conf.5.xml:3023 msgid "<quote>proxy</quote>: Support a legacy NSS provider." msgstr "«proxy»: підтримка застарілого модуля надання даних NSS." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3019 +#: sssd.conf.5.xml:3026 msgid "" "<quote>files</quote>: FILES provider. See <citerefentry> <refentrytitle>sssd-" "files</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more " @@ -4440,7 +4441,7 @@ msgstr "" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3027 +#: sssd.conf.5.xml:3034 msgid "" "<quote>ldap</quote>: LDAP provider. See <citerefentry> <refentrytitle>sssd-" "ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more " @@ -4451,8 +4452,8 @@ msgstr "" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3035 sssd.conf.5.xml:3146 sssd.conf.5.xml:3197 -#: sssd.conf.5.xml:3260 +#: sssd.conf.5.xml:3042 sssd.conf.5.xml:3153 sssd.conf.5.xml:3204 +#: sssd.conf.5.xml:3267 msgid "" "<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management " "provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> " @@ -4465,8 +4466,8 @@ msgstr "" "manvolnum> </citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3044 sssd.conf.5.xml:3155 sssd.conf.5.xml:3206 -#: sssd.conf.5.xml:3269 +#: sssd.conf.5.xml:3051 sssd.conf.5.xml:3162 sssd.conf.5.xml:3213 +#: sssd.conf.5.xml:3276 msgid "" "<quote>ad</quote>: Active Directory provider. See <citerefentry> " "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </" @@ -4478,12 +4479,12 @@ msgstr "" "citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3055 +#: sssd.conf.5.xml:3062 msgid "use_fully_qualified_names (bool)" msgstr "use_fully_qualified_names (булеве значення)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3058 +#: sssd.conf.5.xml:3065 msgid "" "Use the full name and domain (as formatted by the domain's full_name_format) " "as the user's login name reported to NSS." @@ -4493,7 +4494,7 @@ msgstr "" "NSS." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3063 +#: sssd.conf.5.xml:3070 msgid "" "If set to TRUE, all requests to this domain must use fully qualified names. " "For example, if used in LOCAL domain that contains a \"test\" user, " @@ -4506,7 +4507,7 @@ msgstr "" "не покаже користувача, а <command>getent passwd test@LOCAL</command> покаже." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3071 +#: sssd.conf.5.xml:3078 msgid "" "NOTE: This option has no effect on netgroup lookups due to their tendency to " "include nested netgroups without qualified names. For netgroups, all domains " @@ -4517,7 +4518,7 @@ msgstr "" "груп, якщо задано неповну назву, буде виконано пошук у всіх доменах." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3078 +#: sssd.conf.5.xml:3085 msgid "" "Default: FALSE (TRUE for trusted domain/sub-domains or if " "default_domain_suffix is used)" @@ -4526,17 +4527,17 @@ msgstr "" "використано default_domain_suffix)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3085 +#: sssd.conf.5.xml:3092 msgid "ignore_group_members (bool)" msgstr "ignore_group_members (булеве значення)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3088 +#: sssd.conf.5.xml:3095 msgid "Do not return group members for group lookups." msgstr "Не повертати записи учасників груп для пошуків груп." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3091 +#: sssd.conf.5.xml:3098 msgid "" "If set to TRUE, the group membership attribute is not requested from the " "ldap server, and group members are not returned when processing group lookup " @@ -4555,7 +4556,7 @@ msgstr "" "$groupname</quote> поверне запитану групу так, наче вона була порожня." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3109 +#: sssd.conf.5.xml:3116 msgid "" "Enabling this option can also make access provider checks for group " "membership significantly faster, especially for groups containing many " @@ -4566,11 +4567,11 @@ msgstr "" "учасників." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3115 sssd.conf.5.xml:3822 sssd-ldap.5.xml:326 -#: sssd-ldap.5.xml:355 sssd-ldap.5.xml:408 sssd-ldap.5.xml:468 -#: sssd-ldap.5.xml:489 sssd-ldap.5.xml:520 sssd-ldap.5.xml:543 -#: sssd-ldap.5.xml:582 sssd-ldap.5.xml:601 sssd-ldap.5.xml:625 -#: sssd-ldap.5.xml:1051 sssd-ldap.5.xml:1084 +#: sssd.conf.5.xml:3122 sssd.conf.5.xml:3829 sssd-ldap.5.xml:327 +#: sssd-ldap.5.xml:356 sssd-ldap.5.xml:409 sssd-ldap.5.xml:469 +#: sssd-ldap.5.xml:490 sssd-ldap.5.xml:521 sssd-ldap.5.xml:544 +#: sssd-ldap.5.xml:583 sssd-ldap.5.xml:602 sssd-ldap.5.xml:626 +#: sssd-ldap.5.xml:1053 sssd-ldap.5.xml:1086 msgid "" "This option can be also set per subdomain or inherited via " "<emphasis>subdomain_inherit</emphasis>." @@ -4579,12 +4580,12 @@ msgstr "" "успадковано за допомогою <emphasis>subdomain_inherit</emphasis>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3125 +#: sssd.conf.5.xml:3132 msgid "auth_provider (string)" msgstr "auth_provider (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3128 +#: sssd.conf.5.xml:3135 msgid "" "The authentication provider used for the domain. Supported auth providers " "are:" @@ -4593,7 +4594,7 @@ msgstr "" "служб розпізнавання:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3132 sssd.conf.5.xml:3190 +#: sssd.conf.5.xml:3139 sssd.conf.5.xml:3197 msgid "" "<quote>ldap</quote> for native LDAP authentication. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" @@ -4605,7 +4606,7 @@ msgstr "" "citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3139 +#: sssd.conf.5.xml:3146 msgid "" "<quote>krb5</quote> for Kerberos authentication. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" @@ -4617,18 +4618,18 @@ msgstr "" "citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3163 +#: sssd.conf.5.xml:3170 msgid "" "<quote>proxy</quote> for relaying authentication to some other PAM target." msgstr "<quote>proxy</quote> — трансльоване розпізнавання у іншій системі PAM." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3166 +#: sssd.conf.5.xml:3173 msgid "<quote>none</quote> disables authentication explicitly." msgstr "<quote>none</quote> — вимкнути розпізнавання повністю." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3169 +#: sssd.conf.5.xml:3176 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can handle " "authentication requests." @@ -4637,12 +4638,12 @@ msgstr "" "спосіб встановлено і можлива обробка запитів щодо розпізнавання." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3175 +#: sssd.conf.5.xml:3182 msgid "access_provider (string)" msgstr "access_provider (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3178 +#: sssd.conf.5.xml:3185 msgid "" "The access control provider used for the domain. There are two built-in " "access providers (in addition to any included in installed backends) " @@ -4653,7 +4654,7 @@ msgstr "" "Вбудованими програмами є:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3184 +#: sssd.conf.5.xml:3191 msgid "" "<quote>permit</quote> always allow access. It's the only permitted access " "provider for a local domain." @@ -4662,12 +4663,12 @@ msgstr "" "доступу для локального домену." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3187 +#: sssd.conf.5.xml:3194 msgid "<quote>deny</quote> always deny access." msgstr "<quote>deny</quote> — завжди забороняти доступ." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3214 +#: sssd.conf.5.xml:3221 msgid "" "<quote>simple</quote> access control based on access or deny lists. See " "<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</" @@ -4680,7 +4681,7 @@ msgstr "" "refentrytitle> <manvolnum>5</manvolnum></citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3221 +#: sssd.conf.5.xml:3228 msgid "" "<quote>krb5</quote>: .k5login based access control. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum></" @@ -4692,24 +4693,24 @@ msgstr "" "manvolnum> </citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3228 +#: sssd.conf.5.xml:3235 msgid "<quote>proxy</quote> for relaying access control to another PAM module." msgstr "" "<quote>proxy</quote> — для трансляції керування доступом до іншого модуля " "PAM." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3231 +#: sssd.conf.5.xml:3238 msgid "Default: <quote>permit</quote>" msgstr "Типове значення: <quote>permit</quote>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3236 +#: sssd.conf.5.xml:3243 msgid "chpass_provider (string)" msgstr "chpass_provider (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3239 +#: sssd.conf.5.xml:3246 msgid "" "The provider which should handle change password operations for the domain. " "Supported change password providers are:" @@ -4718,7 +4719,7 @@ msgstr "" "підтримку таких систем зміни паролів:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3244 +#: sssd.conf.5.xml:3251 msgid "" "<quote>ldap</quote> to change a password stored in a LDAP server. See " "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" @@ -4730,7 +4731,7 @@ msgstr "" "manvolnum> </citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3252 +#: sssd.conf.5.xml:3259 msgid "" "<quote>krb5</quote> to change the Kerberos password. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" @@ -4742,18 +4743,18 @@ msgstr "" "citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3277 +#: sssd.conf.5.xml:3284 msgid "" "<quote>proxy</quote> for relaying password changes to some other PAM target." msgstr "<quote>proxy</quote> — трансльована зміна пароля у іншій системі PAM." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3281 +#: sssd.conf.5.xml:3288 msgid "<quote>none</quote> disallows password changes explicitly." msgstr "<quote>none</quote> — явно вимкнути можливість зміни пароля." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3284 +#: sssd.conf.5.xml:3291 msgid "" "Default: <quote>auth_provider</quote> is used if it is set and can handle " "change password requests." @@ -4762,19 +4763,19 @@ msgstr "" "цього параметра і якщо система здатна обробляти запити щодо паролів." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3291 +#: sssd.conf.5.xml:3298 msgid "sudo_provider (string)" msgstr "sudo_provider (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3294 +#: sssd.conf.5.xml:3301 msgid "The SUDO provider used for the domain. Supported SUDO providers are:" msgstr "" "Служба SUDO, яку використано для цього домену. Серед підтримуваних служб " "SUDO:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3298 +#: sssd.conf.5.xml:3305 msgid "" "<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" @@ -4786,7 +4787,7 @@ msgstr "" "citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3306 +#: sssd.conf.5.xml:3313 msgid "" "<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default " "settings." @@ -4795,7 +4796,7 @@ msgstr "" "параметрами IPA." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3310 +#: sssd.conf.5.xml:3317 msgid "" "<quote>ad</quote> the same as <quote>ldap</quote> but with AD default " "settings." @@ -4804,20 +4805,20 @@ msgstr "" "параметрами AD." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3314 +#: sssd.conf.5.xml:3321 msgid "<quote>none</quote> disables SUDO explicitly." msgstr "<quote>none</quote> явним чином вимикає SUDO." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3317 sssd.conf.5.xml:3403 sssd.conf.5.xml:3473 -#: sssd.conf.5.xml:3498 sssd.conf.5.xml:3534 +#: sssd.conf.5.xml:3324 sssd.conf.5.xml:3410 sssd.conf.5.xml:3480 +#: sssd.conf.5.xml:3505 sssd.conf.5.xml:3541 msgid "Default: The value of <quote>id_provider</quote> is used if it is set." msgstr "" "Типове значення: використовується значення <quote>id_provider</quote>, якщо " "його встановлено." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3321 +#: sssd.conf.5.xml:3328 msgid "" "The detailed instructions for configuration of sudo_provider are in the " "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " @@ -4836,7 +4837,7 @@ msgstr "" "citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3336 +#: sssd.conf.5.xml:3343 msgid "" "<emphasis>NOTE:</emphasis> Sudo rules are periodically downloaded in the " "background unless the sudo provider is explicitly disabled. Set " @@ -4850,12 +4851,12 @@ msgstr "" "sudo у SSSD." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3346 +#: sssd.conf.5.xml:3353 msgid "selinux_provider (string)" msgstr "selinux_provider (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3349 +#: sssd.conf.5.xml:3356 msgid "" "The provider which should handle loading of selinux settings. Note that this " "provider will be called right after access provider ends. Supported selinux " @@ -4866,7 +4867,7 @@ msgstr "" "доступу. Передбачено підтримку таких засобів надання даних SELinux:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3355 +#: sssd.conf.5.xml:3362 msgid "" "<quote>ipa</quote> to load selinux settings from an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" @@ -4878,14 +4879,14 @@ msgstr "" "manvolnum> </citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3363 +#: sssd.conf.5.xml:3370 msgid "<quote>none</quote> disallows fetching selinux settings explicitly." msgstr "" "<quote>none</quote> явним чином забороняє отримання даних щодо параметрів " "SELinux." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3366 +#: sssd.conf.5.xml:3373 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can handle " "selinux loading requests." @@ -4894,12 +4895,12 @@ msgstr "" "спосіб встановлено і можлива обробка запитів щодо завантаження SELinux." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3372 +#: sssd.conf.5.xml:3379 msgid "subdomains_provider (string)" msgstr "subdomains_provider (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3375 +#: sssd.conf.5.xml:3382 msgid "" "The provider which should handle fetching of subdomains. This value should " "be always the same as id_provider. Supported subdomain providers are:" @@ -4909,7 +4910,7 @@ msgstr "" "підтримку таких засобів надання даних піддоменів:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3381 +#: sssd.conf.5.xml:3388 msgid "" "<quote>ipa</quote> to load a list of subdomains from an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" @@ -4921,7 +4922,7 @@ msgstr "" "manvolnum> </citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3390 +#: sssd.conf.5.xml:3397 msgid "" "<quote>ad</quote> to load a list of subdomains from an Active Directory " "server. See <citerefentry> <refentrytitle>sssd-ad</refentrytitle> " @@ -4934,17 +4935,17 @@ msgstr "" "налаштовування засобу надання даних AD." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3399 +#: sssd.conf.5.xml:3406 msgid "<quote>none</quote> disallows fetching subdomains explicitly." msgstr "<quote>none</quote> забороняє ячним чином отримання даних піддоменів." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3409 +#: sssd.conf.5.xml:3416 msgid "session_provider (string)" msgstr "session_provider (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3412 +#: sssd.conf.5.xml:3419 msgid "" "The provider which configures and manages user session related tasks. The " "only user session task currently provided is the integration with Fleet " @@ -4956,14 +4957,14 @@ msgstr "" "постачальники даних сеансів:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3419 +#: sssd.conf.5.xml:3426 msgid "<quote>ipa</quote> to allow performing user session related tasks." msgstr "" "<quote>ipa</quote>, щоб дозволити пов'язані із сеансами користувачів " "завдання." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3423 +#: sssd.conf.5.xml:3430 msgid "" "<quote>none</quote> does not perform any kind of user session related tasks." msgstr "" @@ -4971,7 +4972,7 @@ msgstr "" "користувачів завдань." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3427 +#: sssd.conf.5.xml:3434 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can perform " "session related tasks." @@ -4980,7 +4981,7 @@ msgstr "" "його встановлено і дозволено виконувати пов'язані із сеансами завдання." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3431 +#: sssd.conf.5.xml:3438 msgid "" "<emphasis>NOTE:</emphasis> In order to have this feature working as expected " "SSSD must be running as \"root\" and not as the unprivileged user." @@ -4990,12 +4991,12 @@ msgstr "" "непривілейованого користувача." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3439 +#: sssd.conf.5.xml:3446 msgid "autofs_provider (string)" msgstr "autofs_provider (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3442 +#: sssd.conf.5.xml:3449 msgid "" "The autofs provider used for the domain. Supported autofs providers are:" msgstr "" @@ -5003,7 +5004,7 @@ msgstr "" "autofs:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3446 +#: sssd.conf.5.xml:3453 msgid "" "<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" @@ -5015,7 +5016,7 @@ msgstr "" "citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3453 +#: sssd.conf.5.xml:3460 msgid "" "<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> " "<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </" @@ -5027,7 +5028,7 @@ msgstr "" "manvolnum> </citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3461 +#: sssd.conf.5.xml:3468 msgid "" "<quote>ad</quote> to load maps stored in an AD server. See <citerefentry> " "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </" @@ -5039,17 +5040,17 @@ msgstr "" "надання даних AD." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3470 +#: sssd.conf.5.xml:3477 msgid "<quote>none</quote> disables autofs explicitly." msgstr "<quote>none</quote> вимикає autofs повністю." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3480 +#: sssd.conf.5.xml:3487 msgid "hostid_provider (string)" msgstr "hostid_provider (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3483 +#: sssd.conf.5.xml:3490 msgid "" "The provider used for retrieving host identity information. Supported " "hostid providers are:" @@ -5058,7 +5059,7 @@ msgstr "" "вузла. Серед підтримуваних засобів надання hostid:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3487 +#: sssd.conf.5.xml:3494 msgid "" "<quote>ipa</quote> to load host identity stored in an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" @@ -5070,17 +5071,17 @@ msgstr "" "manvolnum> </citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3495 +#: sssd.conf.5.xml:3502 msgid "<quote>none</quote> disables hostid explicitly." msgstr "<quote>none</quote> вимикає hostid повністю." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3505 +#: sssd.conf.5.xml:3512 msgid "resolver_provider (string)" msgstr "resolver_provider (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3508 +#: sssd.conf.5.xml:3515 msgid "" "The provider which should handle hosts and networks lookups. Supported " "resolver providers are:" @@ -5089,7 +5090,7 @@ msgstr "" "підтримку таких надавачів даних для визначення:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3512 +#: sssd.conf.5.xml:3519 msgid "" "<quote>proxy</quote> to forward lookups to another NSS library. See " "<quote>proxy_resolver_lib_name</quote>" @@ -5098,7 +5099,7 @@ msgstr "" "Див. <quote>proxy_resolver_lib_name</quote>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3516 +#: sssd.conf.5.xml:3523 msgid "" "<quote>ldap</quote> to fetch hosts and networks stored in LDAP. See " "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" @@ -5110,7 +5111,7 @@ msgstr "" "manvolnum> </citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3523 +#: sssd.conf.5.xml:3530 msgid "" "<quote>ad</quote> to fetch hosts and networks stored in AD. See " "<citerefentry> <refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</" @@ -5123,13 +5124,13 @@ msgstr "" "налаштовування засобу надання даних AD." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3531 +#: sssd.conf.5.xml:3538 msgid "<quote>none</quote> disallows fetching hosts and networks explicitly." msgstr "" "<quote>none</quote> забороняє ячним чином отримання даних вузлів і мереж." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3544 +#: sssd.conf.5.xml:3551 msgid "" "Regular expression for this domain that describes how to parse the string " "containing user name and domain into these components. The \"domain\" can " @@ -5143,7 +5144,7 @@ msgstr "" "IPA та доменів Active Directory, простій назві (NetBIOS) домену." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3553 +#: sssd.conf.5.xml:3560 #, fuzzy #| msgid "" #| "Default for the AD and IPA provider: <quote>(((?P<domain>[^\\\\]+)\\" @@ -5160,17 +5161,17 @@ msgstr "" "різні стилі запису імен користувачів:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:3558 sssd.conf.5.xml:3572 +#: sssd.conf.5.xml:3565 sssd.conf.5.xml:3579 msgid "username" msgstr "користувач" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:3561 sssd.conf.5.xml:3575 +#: sssd.conf.5.xml:3568 sssd.conf.5.xml:3582 msgid "username@domain.name" msgstr "користувач@назва.домену" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3566 +#: sssd.conf.5.xml:3573 #, fuzzy #| msgid "" #| "Default for the AD and IPA provider: <quote>(((?P<domain>[^\\\\]+)\\" @@ -5189,12 +5190,12 @@ msgstr "" "різні стилі запису імен користувачів:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:3578 +#: sssd.conf.5.xml:3585 msgid "domain\\username" msgstr "домен\\користувач" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3581 +#: sssd.conf.5.xml:3588 msgid "" "While the first two correspond to the general default the third one is " "introduced to allow easy integration of users from Windows domains." @@ -5203,7 +5204,7 @@ msgstr "" "того, щоб полегшити інтеграцію користувачів з доменів Windows." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3586 +#: sssd.conf.5.xml:3593 msgid "" "The default re_expression uses the <quote>@</quote> character as a separator " "between the name and the domain. As a result of this setting the default " @@ -5213,17 +5214,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3638 +#: sssd.conf.5.xml:3645 msgid "Default: <quote>%1$s@%2$s</quote>." msgstr "Типове значення: <quote>%1$s@%2$s</quote>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3644 +#: sssd.conf.5.xml:3651 msgid "lookup_family_order (string)" msgstr "lookup_family_order (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3647 +#: sssd.conf.5.xml:3654 msgid "" "Provides the ability to select preferred address family to use when " "performing DNS lookups." @@ -5232,48 +5233,48 @@ msgstr "" "під час виконання пошуків у DNS." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3651 +#: sssd.conf.5.xml:3658 msgid "Supported values:" msgstr "Передбачено підтримку таких значень:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3654 +#: sssd.conf.5.xml:3661 msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6" msgstr "" "ipv4_first: спробувати визначити адресу у форматі IPv4, у разі невдачі " "спробувати формат IPv6" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3657 +#: sssd.conf.5.xml:3664 msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses." msgstr "" "ipv4_only: намагатися визначити назви вузлів лише у форматі адрес IPv4." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3660 +#: sssd.conf.5.xml:3667 msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4" msgstr "" "ipv6_first: спробувати визначити адресу у форматі IPv6, у разі невдачі " "спробувати формат IPv4" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3663 +#: sssd.conf.5.xml:3670 msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses." msgstr "" "ipv6_only: намагатися визначити назви вузлів лише у форматі адрес IPv6." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3666 +#: sssd.conf.5.xml:3673 msgid "Default: ipv4_first" msgstr "Типове значення: ipv4_first" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3672 +#: sssd.conf.5.xml:3679 msgid "dns_resolver_server_timeout (integer)" msgstr "dns_resolver_server_timeout (ціле число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3675 +#: sssd.conf.5.xml:3682 msgid "" "Defines the amount of time (in milliseconds) SSSD would try to talk to DNS " "server before trying next DNS server." @@ -5282,7 +5283,7 @@ msgstr "" "обмінятися даними із сервером DNS, перш ніж пробувати наступний сервер DNS." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3680 +#: sssd.conf.5.xml:3687 msgid "" "The AD provider will use this option for the CLDAP ping timeouts as well." msgstr "" @@ -5290,7 +5291,7 @@ msgstr "" "очікування на відгук на луна-імпульс CLDAP." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3684 sssd.conf.5.xml:3704 sssd.conf.5.xml:3725 +#: sssd.conf.5.xml:3691 sssd.conf.5.xml:3711 sssd.conf.5.xml:3732 msgid "" "Please see the section <quote>FAILOVER</quote> for more information about " "the service resolution." @@ -5299,17 +5300,17 @@ msgstr "" "більше про розв'язування питань, пов'язаних із службами." #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3689 sssd-ldap.5.xml:644 include/failover.xml:84 +#: sssd.conf.5.xml:3696 sssd-ldap.5.xml:645 include/failover.xml:84 msgid "Default: 1000" msgstr "Типове значення: 1000" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3695 +#: sssd.conf.5.xml:3702 msgid "dns_resolver_op_timeout (integer)" msgstr "dns_resolver_op_timeout (ціле число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3698 +#: sssd.conf.5.xml:3705 msgid "" "Defines the amount of time (in seconds) to wait to resolve single DNS query " "(e.g. resolution of a hostname or an SRV record) before trying the next " @@ -5321,12 +5322,12 @@ msgstr "" "наступного DNS." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3715 +#: sssd.conf.5.xml:3722 msgid "dns_resolver_timeout (integer)" msgstr "dns_resolver_timeout (ціле число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3718 +#: sssd.conf.5.xml:3725 msgid "" "Defines the amount of time (in seconds) to wait for a reply from the " "internal fail over service before assuming that the service is unreachable. " @@ -5339,12 +5340,12 @@ msgstr "" "роботу у автономному режимі." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3736 +#: sssd.conf.5.xml:3743 msgid "dns_resolver_use_search_list (bool)" msgstr "dns_resolver_use_search_list (булеве значення)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3739 +#: sssd.conf.5.xml:3746 msgid "" "Normally, the DNS resolver searches the domain list defined in the " "\"search\" directive from the resolv.conf file. This can lead to delays in " @@ -5355,7 +5356,7 @@ msgstr "" "затримок у середовищах, де DNS не налаштовано належним чином." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3745 +#: sssd.conf.5.xml:3752 msgid "" "If fully qualified domain names (or _srv_) are used in the SSSD " "configuration, setting this option to FALSE can prevent unnecessary DNS " @@ -5366,17 +5367,17 @@ msgstr "" "пошукам DNS у таких середовищах." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3751 +#: sssd.conf.5.xml:3758 msgid "Default: TRUE" msgstr "Типове значення: TRUE" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3757 +#: sssd.conf.5.xml:3764 msgid "dns_discovery_domain (string)" msgstr "dns_discovery_domain (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3760 +#: sssd.conf.5.xml:3767 msgid "" "If service discovery is used in the back end, specifies the domain part of " "the service discovery DNS query." @@ -5385,54 +5386,54 @@ msgstr "" "частину запиту визначення служб DNS." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3764 +#: sssd.conf.5.xml:3771 msgid "Default: Use the domain part of machine's hostname" msgstr "" "Типова поведінка: використовувати назву домену з назви вузла комп’ютера." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3770 +#: sssd.conf.5.xml:3777 msgid "override_gid (integer)" msgstr "override_gid (ціле число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3773 +#: sssd.conf.5.xml:3780 msgid "Override the primary GID value with the one specified." msgstr "Замірити значення основного GID на вказане." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3779 +#: sssd.conf.5.xml:3786 msgid "case_sensitive (string)" msgstr "case_sensitive (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3786 +#: sssd.conf.5.xml:3793 msgid "True" msgstr "True" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3789 +#: sssd.conf.5.xml:3796 msgid "Case sensitive. This value is invalid for AD provider." msgstr "" "Враховується регістр. Це значення є некоректним для засобу надання даних AD." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3795 +#: sssd.conf.5.xml:3802 msgid "False" msgstr "False" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3797 +#: sssd.conf.5.xml:3804 msgid "Case insensitive." msgstr "Без врахування регістру." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3801 +#: sssd.conf.5.xml:3808 msgid "Preserving" msgstr "Preserving" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3804 +#: sssd.conf.5.xml:3811 msgid "" "Same as False (case insensitive), but does not lowercase names in the result " "of NSS operations. Note that name aliases (and in case of services also " @@ -5444,7 +5445,7 @@ msgstr "" "буде переведено у нижній регістр." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3812 +#: sssd.conf.5.xml:3819 msgid "" "If you want to set this value for trusted domain with IPA provider, you need " "to set it on both the client and SSSD on the server." @@ -5453,7 +5454,7 @@ msgstr "" "даних IPA, вам доведеться встановити його на боці клієнта і SSSD на сервері." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3782 +#: sssd.conf.5.xml:3789 msgid "" "Treat user and group names as case sensitive. Possible option values are: " "<placeholder type=\"variablelist\" id=\"0\"/>" @@ -5462,17 +5463,17 @@ msgstr "" "значення: <placeholder type=\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3827 +#: sssd.conf.5.xml:3834 msgid "Default: True (False for AD provider)" msgstr "Типове значення: True (False для засобу надання даних AD)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3833 +#: sssd.conf.5.xml:3840 msgid "subdomain_inherit (string)" msgstr "subdomain_inherit (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3836 +#: sssd.conf.5.xml:3843 msgid "" "Specifies a list of configuration parameters that should be inherited by a " "subdomain. Please note that only selected parameters can be inherited. " @@ -5484,47 +5485,47 @@ msgstr "" "параметрів:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3842 +#: sssd.conf.5.xml:3849 msgid "ldap_search_timeout" msgstr "ldap_search_timeout" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3845 +#: sssd.conf.5.xml:3852 msgid "ldap_network_timeout" msgstr "ldap_network_timeout" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3848 +#: sssd.conf.5.xml:3855 msgid "ldap_opt_timeout" msgstr "ldap_opt_timeout" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3851 +#: sssd.conf.5.xml:3858 msgid "ldap_offline_timeout" msgstr "ldap_offline_timeout" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3854 +#: sssd.conf.5.xml:3861 msgid "ldap_enumeration_refresh_timeout" msgstr "ldap_enumeration_refresh_timeout" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3857 +#: sssd.conf.5.xml:3864 msgid "ldap_enumeration_refresh_offset" msgstr "ldap_enumeration_refresh_offset" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3860 +#: sssd.conf.5.xml:3867 msgid "ldap_purge_cache_timeout" msgstr "ldap_purge_cache_timeout" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3863 +#: sssd.conf.5.xml:3870 msgid "ldap_purge_cache_offset" msgstr "ldap_purge_cache_offset" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3866 +#: sssd.conf.5.xml:3873 msgid "" "ldap_krb5_keytab (the value of krb5_keytab will be used if ldap_krb5_keytab " "is not set explicitly)" @@ -5533,57 +5534,57 @@ msgstr "" "ldap_krb5_keytab не встановлено явним чином)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3870 +#: sssd.conf.5.xml:3877 msgid "ldap_krb5_ticket_lifetime" msgstr "ldap_krb5_ticket_lifetime" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3873 +#: sssd.conf.5.xml:3880 msgid "ldap_enumeration_search_timeout" msgstr "ldap_enumeration_search_timeout" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3876 +#: sssd.conf.5.xml:3883 msgid "ldap_connection_expire_timeout" msgstr "ldap_connection_expire_timeout" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3879 +#: sssd.conf.5.xml:3886 msgid "ldap_connection_expire_offset" msgstr "ldap_connection_expire_offset" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3882 +#: sssd.conf.5.xml:3889 msgid "ldap_connection_idle_timeout" msgstr "ldap_connection_idle_timeout" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3885 sssd-ldap.5.xml:400 +#: sssd.conf.5.xml:3892 sssd-ldap.5.xml:401 msgid "ldap_use_tokengroups" msgstr "ldap_use_tokengroups" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3888 +#: sssd.conf.5.xml:3895 msgid "ldap_user_principal" msgstr "ldap_user_principal" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3891 +#: sssd.conf.5.xml:3898 msgid "ignore_group_members" msgstr "ignore_group_members" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3894 +#: sssd.conf.5.xml:3901 msgid "auto_private_groups" msgstr "auto_private_groups" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3897 +#: sssd.conf.5.xml:3904 msgid "case_sensitive" msgstr "case_sensitive" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:3902 +#: sssd.conf.5.xml:3909 #, no-wrap msgid "" "subdomain_inherit = ldap_purge_cache_timeout\n" @@ -5593,28 +5594,28 @@ msgstr "" " " #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3909 +#: sssd.conf.5.xml:3916 msgid "Note: This option only works with the IPA and AD provider." msgstr "" "Зауваження: цей параметр працює лише для засобів надання даних IPA і AD." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3916 +#: sssd.conf.5.xml:3923 msgid "subdomain_homedir (string)" msgstr "subdomain_homedir (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3927 +#: sssd.conf.5.xml:3934 msgid "%F" msgstr "%F" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3928 +#: sssd.conf.5.xml:3935 msgid "flat (NetBIOS) name of a subdomain." msgstr "спрощена (NetBIOS) назва піддомену." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3919 +#: sssd.conf.5.xml:3926 msgid "" "Use this homedir as default value for all subdomains within this domain in " "IPA AD trust. See <emphasis>override_homedir</emphasis> for info about " @@ -5629,7 +5630,7 @@ msgstr "" "emphasis>. <placeholder type=\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3933 +#: sssd.conf.5.xml:3940 msgid "" "The value can be overridden by <emphasis>override_homedir</emphasis> option." msgstr "" @@ -5637,17 +5638,17 @@ msgstr "" "emphasis>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3937 +#: sssd.conf.5.xml:3944 msgid "Default: <filename>/home/%d/%u</filename>" msgstr "Типове значення: <filename>/home/%d/%u</filename>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3942 +#: sssd.conf.5.xml:3949 msgid "realmd_tags (string)" msgstr "realmd_tags (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3945 +#: sssd.conf.5.xml:3952 msgid "" "Various tags stored by the realmd configuration service for this domain." msgstr "" @@ -5655,12 +5656,12 @@ msgstr "" "домену." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3951 +#: sssd.conf.5.xml:3958 msgid "cached_auth_timeout (int)" msgstr "cached_auth_timeout (ціле число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3954 +#: sssd.conf.5.xml:3961 msgid "" "Specifies time in seconds since last successful online authentication for " "which user will be authenticated using cached credentials while SSSD is in " @@ -5674,7 +5675,7 @@ msgstr "" "розпізнавання." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3962 +#: sssd.conf.5.xml:3969 msgid "" "This option's value is inherited by all trusted domains. At the moment it is " "not possible to set a different value per trusted domain." @@ -5684,12 +5685,12 @@ msgstr "" "значення для різних довірених доменів." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3967 +#: sssd.conf.5.xml:3974 msgid "Special value 0 implies that this feature is disabled." msgstr "Спеціальне значення 0 означає, що цю можливість вимкнено." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3971 +#: sssd.conf.5.xml:3978 msgid "" "Please note that if <quote>cached_auth_timeout</quote> is longer than " "<quote>pam_id_timeout</quote> then the back end could be called to handle " @@ -5700,14 +5701,14 @@ msgstr "" "обробки <quote>initgroups</quote>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3982 +#: sssd.conf.5.xml:3989 #, fuzzy #| msgid "ldap_pwd_policy (string)" msgid "local_auth_policy (string)" msgstr "ldap_pwd_policy (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3985 +#: sssd.conf.5.xml:3992 msgid "" "Local authentication methods policy. Some backends (i.e. LDAP, proxy " "provider) only support a password based authentication, while others can " @@ -5718,7 +5719,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3995 +#: sssd.conf.5.xml:4002 msgid "" "There are three possible values for this option: match, only, enable. " "<quote>match</quote> is used to match offline and online states for Kerberos " @@ -5729,8 +5730,17 @@ msgid "" "separated, such as <quote>enable:passkey, enable:smartcard</quote>" msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4014 +msgid "" +"Please note that if local Smartcard authentication is enabled and a " +"Smartcard is present, Smartcard authentication will be preferred over the " +"authentication methods supported by the backend. I.e. there will be a PIN " +"prompt instead of e.g. a password prompt." +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:4011 +#: sssd.conf.5.xml:4026 #, no-wrap msgid "" "[domain/shadowutils]\n" @@ -5741,7 +5751,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4007 +#: sssd.conf.5.xml:4022 #, fuzzy #| msgid "" #| "The following example creates a container named 'mycontainer': " @@ -5755,31 +5765,31 @@ msgstr "" "<placeholder type=\"programlisting\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4019 +#: sssd.conf.5.xml:4034 #, fuzzy #| msgid "This option is not available in IPA provider." msgid "This option is ignored for the files provider." msgstr "Цим параметром не можна скористатися у надавачі даних IPA." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4022 +#: sssd.conf.5.xml:4037 #, fuzzy #| msgid "Default: mail" msgid "Default: match" msgstr "Типове значення: mail" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4027 +#: sssd.conf.5.xml:4042 msgid "auto_private_groups (string)" msgstr "auto_private_groups (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4033 +#: sssd.conf.5.xml:4048 msgid "true" msgstr "true" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4036 +#: sssd.conf.5.xml:4051 msgid "" "Create user's private group unconditionally from user's UID number. The GID " "number is ignored in this case." @@ -5788,7 +5798,7 @@ msgstr "" "користувача. У цьому випадку номер GID буде проігноровано." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4040 +#: sssd.conf.5.xml:4055 msgid "" "NOTE: Because the GID number and the user private group are inferred from " "the UID number, it is not supported to have multiple entries with the same " @@ -5801,12 +5811,12 @@ msgstr "" "примусово встановлює унікальність записів у просторі ідентифікаторів." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4049 +#: sssd.conf.5.xml:4064 msgid "false" msgstr "false" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4052 +#: sssd.conf.5.xml:4067 msgid "" "Always use the user's primary GID number. The GID number must refer to a " "group object in the LDAP database." @@ -5815,12 +5825,12 @@ msgstr "" "вказувати на об'єкт групи у базі даних LDAP." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4058 +#: sssd.conf.5.xml:4073 msgid "hybrid" msgstr "hybrid" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4061 +#: sssd.conf.5.xml:4076 msgid "" "A primary group is autogenerated for user entries whose UID and GID numbers " "have the same value and at the same time the GID number does not correspond " @@ -5835,7 +5845,7 @@ msgstr "" "цього користувача визначатиме цей об'єкт групи." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4074 +#: sssd.conf.5.xml:4089 msgid "" "If the UID and GID of a user are different, then the GID must correspond to " "a group entry, otherwise the GID is simply not resolvable." @@ -5844,7 +5854,7 @@ msgstr "" "групи, інакше надійне визначення GID буде просто неможливим." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4081 +#: sssd.conf.5.xml:4096 msgid "" "This feature is useful for environments that wish to stop maintaining a " "separate group objects for the user private groups, but also wish to retain " @@ -5855,7 +5865,7 @@ msgstr "" "збереженням наявних приватних груп для користувачів." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4030 +#: sssd.conf.5.xml:4045 msgid "" "This option takes any of three available values: <placeholder " "type=\"variablelist\" id=\"0\"/>" @@ -5864,7 +5874,7 @@ msgstr "" "type=\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4093 +#: sssd.conf.5.xml:4108 msgid "" "For subdomains, the default value is False for subdomains that use assigned " "POSIX IDs and True for subdomains that use automatic ID-mapping." @@ -5874,7 +5884,7 @@ msgstr "" "використовується автоматична прив'язка до ідентифікаторів." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:4101 +#: sssd.conf.5.xml:4116 #, no-wrap msgid "" "[domain/forest.domain/sub.domain]\n" @@ -5884,7 +5894,7 @@ msgstr "" "auto_private_groups = false\n" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:4107 +#: sssd.conf.5.xml:4122 #, no-wrap msgid "" "[domain/forest.domain]\n" @@ -5896,7 +5906,7 @@ msgstr "" "auto_private_groups = false\n" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4098 +#: sssd.conf.5.xml:4113 msgid "" "The value of auto_private_groups can either be set per subdomains in a " "subsection, for example: <placeholder type=\"programlisting\" id=\"0\"/> or " @@ -5921,31 +5931,36 @@ msgstr "" "quote> <placeholder type=\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4122 +#: sssd.conf.5.xml:4137 msgid "proxy_pam_target (string)" msgstr "proxy_pam_target (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4125 +#: sssd.conf.5.xml:4140 msgid "The proxy target PAM proxies to." msgstr "Комп’ютер, для якого виконує проксі-сервер PAM." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4128 +#: sssd.conf.5.xml:4143 +#, fuzzy +#| msgid "" +#| "Default: not set by default, you have to take an existing pam " +#| "configuration or create a new one and add the service name here." msgid "" "Default: not set by default, you have to take an existing pam configuration " -"or create a new one and add the service name here." +"or create a new one and add the service name here. As an alternative you can " +"enable local authentication with the local_auth_policy option." msgstr "" "Типове значення: типово не встановлено, вам слід скористатися вже створеними " "налаштуваннями pam або створити нові і тут додати назву служби." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4136 +#: sssd.conf.5.xml:4153 msgid "proxy_lib_name (string)" msgstr "proxy_lib_name (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4139 +#: sssd.conf.5.xml:4156 msgid "" "The name of the NSS library to use in proxy domains. The NSS functions " "searched for in the library are in the form of _nss_$(libName)_$(function), " @@ -5956,12 +5971,12 @@ msgstr "" "наприклад _nss_files_getpwent." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4149 +#: sssd.conf.5.xml:4166 msgid "proxy_resolver_lib_name (string)" msgstr "proxy_resolver_lib_name (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4152 +#: sssd.conf.5.xml:4169 msgid "" "The name of the NSS library to use for hosts and networks lookups in proxy " "domains. The NSS functions searched for in the library are in the form of " @@ -5972,12 +5987,12 @@ msgstr "" "_nss_$(назва_бібліотеки)_$(функція), наприклад _nss_dns_gethostbyname2_r." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4163 +#: sssd.conf.5.xml:4180 msgid "proxy_fast_alias (boolean)" msgstr "proxy_fast_alias (булеве значення)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4166 +#: sssd.conf.5.xml:4183 msgid "" "When a user or group is looked up by name in the proxy provider, a second " "lookup by ID is performed to \"canonicalize\" the name in case the requested " @@ -5992,12 +6007,12 @@ msgstr "" "у кеші, щоб пришвидшити надання результатів." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4180 +#: sssd.conf.5.xml:4197 msgid "proxy_max_children (integer)" msgstr "proxy_max_children (ціле число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4183 +#: sssd.conf.5.xml:4200 msgid "" "This option specifies the number of pre-forked proxy children. It is useful " "for high-load SSSD environments where sssd may run out of available child " @@ -6009,7 +6024,7 @@ msgstr "" "використання черги запитів." #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4118 +#: sssd.conf.5.xml:4133 msgid "" "Options valid for proxy domains. <placeholder type=\"variablelist\" " "id=\"0\"/>" @@ -6018,12 +6033,12 @@ msgstr "" "type=\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:4199 +#: sssd.conf.5.xml:4216 msgid "Application domains" msgstr "Домени програм (application)" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4201 +#: sssd.conf.5.xml:4218 msgid "" "SSSD, with its D-Bus interface (see <citerefentry> <refentrytitle>sssd-ifp</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry>) is appealing to " @@ -6051,7 +6066,7 @@ msgstr "" "який може успадковувати параметр з традиційного домену SSSD." #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4221 +#: sssd.conf.5.xml:4238 msgid "" "Please note that the application domain must still be explicitly enabled in " "the <quote>domains</quote> parameter so that the lookup order between the " @@ -6062,17 +6077,17 @@ msgstr "" "його доменом-близнюком у POSIX має бути встановлено належним чином." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> -#: sssd.conf.5.xml:4227 +#: sssd.conf.5.xml:4244 msgid "Application domain parameters" msgstr "Параметри доменів програм" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4229 +#: sssd.conf.5.xml:4246 msgid "inherit_from (string)" msgstr "inherit_from (рядок)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4232 +#: sssd.conf.5.xml:4249 msgid "" "The SSSD POSIX-type domain the application domain inherits all settings " "from. The application domain can moreover add its own settings to the " @@ -6084,7 +6099,7 @@ msgstr "" "розширюють або перевизначають параметри домену-<quote>близнюка</quote>." #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4246 +#: sssd.conf.5.xml:4263 msgid "" "The following example illustrates the use of an application domain. In this " "setup, the POSIX domain is connected to an LDAP server and is used by the OS " @@ -6099,7 +6114,7 @@ msgstr "" "у кеші і робить атрибут phone доступним через інтерфейс D-Bus." #. type: Content of: <reference><refentry><refsect1><refsect2><programlisting> -#: sssd.conf.5.xml:4254 +#: sssd.conf.5.xml:4271 #, no-wrap msgid "" "[sssd]\n" @@ -6133,12 +6148,12 @@ msgstr "" "ldap_user_extra_attrs = phone:telephoneNumber\n" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4274 +#: sssd.conf.5.xml:4291 msgid "TRUSTED DOMAIN SECTION" msgstr "РОЗДІЛ ДОВІРЕНИХ ДОМЕНІВ" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4276 +#: sssd.conf.5.xml:4293 msgid "" "Some options used in the domain section can also be used in the trusted " "domain section, that is, in a section called <quote>[domain/" @@ -6156,57 +6171,57 @@ msgstr "" "такі параметри:" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4283 +#: sssd.conf.5.xml:4300 msgid "ldap_search_base," msgstr "ldap_search_base," #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4284 +#: sssd.conf.5.xml:4301 msgid "ldap_user_search_base," msgstr "ldap_user_search_base," #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4285 +#: sssd.conf.5.xml:4302 msgid "ldap_group_search_base," msgstr "ldap_group_search_base," #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4286 +#: sssd.conf.5.xml:4303 msgid "ldap_netgroup_search_base," msgstr "ldap_netgroup_search_base," #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4287 +#: sssd.conf.5.xml:4304 msgid "ldap_service_search_base," msgstr "ldap_service_search_base," #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4288 +#: sssd.conf.5.xml:4305 msgid "ldap_sasl_mech," msgstr "ldap_sasl_mech," #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4289 +#: sssd.conf.5.xml:4306 msgid "ad_server," msgstr "ad_server," #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4290 +#: sssd.conf.5.xml:4307 msgid "ad_backup_server," msgstr "ad_backup_server," #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4291 +#: sssd.conf.5.xml:4308 msgid "ad_site," msgstr "ad_site," #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4292 sssd-ipa.5.xml:879 +#: sssd.conf.5.xml:4309 sssd-ipa.5.xml:884 msgid "use_fully_qualified_names" msgstr "use_fully_qualified_names" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4296 +#: sssd.conf.5.xml:4313 msgid "" "For more details about these options see their individual description in the " "manual page." @@ -6215,12 +6230,12 @@ msgstr "" "підручника." #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4302 +#: sssd.conf.5.xml:4319 msgid "CERTIFICATE MAPPING SECTION" msgstr "РОЗДІЛ ПРИВ'ЯЗКИ СЕРТИФІКАТІВ" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4304 +#: sssd.conf.5.xml:4321 msgid "" "To allow authentication with Smartcards and certificates SSSD must be able " "to map certificates to users. This can be done by adding the full " @@ -6243,7 +6258,7 @@ msgstr "" "використовують для розпізнавання PAM." #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4318 +#: sssd.conf.5.xml:4335 msgid "" "To make the mapping more flexible mapping and matching rules were added to " "SSSD (see <citerefentry> <refentrytitle>sss-certmap</refentrytitle> " @@ -6255,7 +6270,7 @@ msgstr "" "citerefentry>)." #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4327 +#: sssd.conf.5.xml:4344 msgid "" "A mapping and matching rule can be added to the SSSD configuration in a " "section on its own with a name like <quote>[certmap/" @@ -6268,12 +6283,12 @@ msgstr "" "replaceable>]</quote>. У цьому розділі можна використовувати такі параметри:" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4334 +#: sssd.conf.5.xml:4351 msgid "matchrule (string)" msgstr "matchrule (рядок)" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4337 +#: sssd.conf.5.xml:4354 msgid "" "Only certificates from the Smartcard which matches this rule will be " "processed, all others are ignored." @@ -6282,7 +6297,7 @@ msgstr "" "цьому правилу. Усі інші сертифікати буде проігноровано." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4341 +#: sssd.conf.5.xml:4358 msgid "" "Default: KRB5:<EKU>clientAuth, i.e. only certificates which have the " "Extended Key Usage <quote>clientAuth</quote>" @@ -6292,17 +6307,17 @@ msgstr "" "<quote>clientAuth</quote>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4348 +#: sssd.conf.5.xml:4365 msgid "maprule (string)" msgstr "maprule (рядок)" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4351 +#: sssd.conf.5.xml:4368 msgid "Defines how the user is found for a given certificate." msgstr "Визначає спосіб пошуку користувача для вказаного сертифіката." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4357 +#: sssd.conf.5.xml:4374 msgid "" "LDAP:(userCertificate;binary={cert!bin}) for LDAP based providers like " "<quote>ldap</quote>, <quote>AD</quote> or <quote>ipa</quote>." @@ -6311,7 +6326,7 @@ msgstr "" "даних, зокрема <quote>ldap</quote>, <quote>AD</quote> та <quote>ipa</quote>." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4363 +#: sssd.conf.5.xml:4380 msgid "" "The RULE_NAME for the <quote>files</quote> provider which tries to find a " "user with the same name." @@ -6320,12 +6335,12 @@ msgstr "" "запис користувача і такою самою назвою." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4372 +#: sssd.conf.5.xml:4389 msgid "domains (string)" msgstr "domains (рядок)" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4375 +#: sssd.conf.5.xml:4392 msgid "" "Comma separated list of domain names the rule should be applied. By default " "a rule is only valid in the domain configured in sssd.conf. If the provider " @@ -6338,17 +6353,17 @@ msgstr "" "параметр можна використати і для додавання правила до піддоменів." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4382 +#: sssd.conf.5.xml:4399 msgid "Default: the configured domain in sssd.conf" msgstr "Типове значення: домен, який налаштовано у sssd.conf" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4387 +#: sssd.conf.5.xml:4404 msgid "priority (integer)" msgstr "priority (ціле число)" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4390 +#: sssd.conf.5.xml:4407 msgid "" "Unsigned integer value defining the priority of the rule. The higher the " "number the lower the priority. <quote>0</quote> stands for the highest " @@ -6359,12 +6374,12 @@ msgstr "" "пріоритетність, а <quote>4294967295</quote> — найнижча." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4396 +#: sssd.conf.5.xml:4413 msgid "Default: the lowest priority" msgstr "Типове значення: найнижча пріоритетність" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4402 +#: sssd.conf.5.xml:4419 msgid "" "To make the configuration simple and reduce the amount of configuration " "options the <quote>files</quote> provider has some special properties:" @@ -6374,7 +6389,7 @@ msgstr "" "спеціальних властивостей:" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4408 +#: sssd.conf.5.xml:4425 msgid "" "if maprule is not set the RULE_NAME name is assumed to be the name of the " "matching user" @@ -6383,7 +6398,7 @@ msgstr "" "відповідного облікового запису користувача" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4414 +#: sssd.conf.5.xml:4431 msgid "" "if a maprule is used both a single user name or a template like " "<quote>{subject_rfc822_name.short_name}</quote> must be in braces like e.g. " @@ -6396,17 +6411,17 @@ msgstr "" "quote> або <quote>({назва_об'єкта_rfc822.коротка_назва})</quote>" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4423 +#: sssd.conf.5.xml:4440 msgid "the <quote>domains</quote> option is ignored" msgstr "параметр <quote>domains</quote> буде проігноровано" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4431 +#: sssd.conf.5.xml:4448 msgid "PROMPTING CONFIGURATION SECTION" msgstr "РОЗДІЛ НАЛАШТОВУВАННЯ ЗАПИТІВ" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4433 +#: sssd.conf.5.xml:4450 msgid "" "If a special file (<filename>/var/lib/sss/pubconf/pam_preauth_available</" "filename>) exists SSSD's PAM module pam_sss will ask SSSD to figure out " @@ -6422,7 +6437,7 @@ msgstr "" "реєстраційних даних." #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4441 +#: sssd.conf.5.xml:4458 msgid "" "With the growing number of authentication methods and the possibility that " "there are multiple ones for a single user the heuristic used by pam_sss to " @@ -6436,22 +6451,22 @@ msgstr "" "випадках мають забезпечити описані нижче параметри." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4453 +#: sssd.conf.5.xml:4470 msgid "[prompting/password]" msgstr "[prompting/password]" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4456 +#: sssd.conf.5.xml:4473 msgid "password_prompt" msgstr "password_prompt" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4457 +#: sssd.conf.5.xml:4474 msgid "to change the string of the password prompt" msgstr "для зміни рядка запиту пароля" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4455 +#: sssd.conf.5.xml:4472 msgid "" "to configure password prompting, allowed options are: <placeholder " "type=\"variablelist\" id=\"0\"/>" @@ -6460,37 +6475,37 @@ msgstr "" "type=\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4465 +#: sssd.conf.5.xml:4482 msgid "[prompting/2fa]" msgstr "[prompting/2fa]" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4469 +#: sssd.conf.5.xml:4486 msgid "first_prompt" msgstr "first_prompt" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4470 +#: sssd.conf.5.xml:4487 msgid "to change the string of the prompt for the first factor" msgstr "для зміни рядка запиту для першого фактора" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4473 +#: sssd.conf.5.xml:4490 msgid "second_prompt" msgstr "second_prompt" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4474 +#: sssd.conf.5.xml:4491 msgid "to change the string of the prompt for the second factor" msgstr "для зміни рядка запиту для другого фактора" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4477 +#: sssd.conf.5.xml:4494 msgid "single_prompt" msgstr "single_prompt" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4478 +#: sssd.conf.5.xml:4495 msgid "" "boolean value, if True there will be only a single prompt using the value of " "first_prompt where it is expected that both factors are entered as a single " @@ -6503,7 +6518,7 @@ msgstr "" "якщо другий фактор не є обов'язковим." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4467 +#: sssd.conf.5.xml:4484 msgid "" "to configure two-factor authentication prompting, allowed options are: " "<placeholder type=\"variablelist\" id=\"0\"/> If the second factor is " @@ -6516,19 +6531,19 @@ msgstr "" "паролем, або за двома факторами, має бути використано двокроковий запит." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4495 +#: sssd.conf.5.xml:4512 #, fuzzy #| msgid "[prompting/password]" msgid "[prompting/passkey]" msgstr "[prompting/password]" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4501 sssd-ad.5.xml:1021 +#: sssd.conf.5.xml:4518 sssd-ad.5.xml:1021 msgid "interactive" msgstr "interactive" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4503 +#: sssd.conf.5.xml:4520 msgid "" "boolean value, if True prompt a message and wait before testing the presence " "of a passkey device. Recommended if your device doesn’t have a tactile " @@ -6536,47 +6551,47 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4511 +#: sssd.conf.5.xml:4528 #, fuzzy #| msgid "interactive" msgid "interactive_prompt" msgstr "interactive" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4513 +#: sssd.conf.5.xml:4530 #, fuzzy #| msgid "to change the string of the password prompt" msgid "to change the message of the interactive prompt." msgstr "для зміни рядка запиту пароля" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4518 +#: sssd.conf.5.xml:4535 msgid "touch" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4520 +#: sssd.conf.5.xml:4537 msgid "" "boolean value, if True prompt a message to remind the user to touch the " "device." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4526 +#: sssd.conf.5.xml:4543 #, fuzzy #| msgid "first_prompt" msgid "touch_prompt" msgstr "first_prompt" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4528 +#: sssd.conf.5.xml:4545 #, fuzzy #| msgid "to change the string of the password prompt" msgid "to change the message of the touch prompt." msgstr "для зміни рядка запиту пароля" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4497 +#: sssd.conf.5.xml:4514 #, fuzzy #| msgid "" #| "to configure two-factor authentication prompting, allowed options are: " @@ -6589,7 +6604,7 @@ msgstr "" "параметри: <placeholder type=\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4448 +#: sssd.conf.5.xml:4465 #, fuzzy #| msgid "" #| "Each supported authentication method has its own configuration subsection " @@ -6608,7 +6623,7 @@ msgstr "" "type=\"variablelist\" id=\"1\"/>" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4539 +#: sssd.conf.5.xml:4556 msgid "" "It is possible to add a subsection for specific PAM services, e.g. " "<quote>[prompting/password/sshd]</quote> to individual change the prompting " @@ -6619,12 +6634,12 @@ msgstr "" "для цієї служби." #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4546 pam_sss_gss.8.xml:157 idmap_sss.8.xml:43 +#: sssd.conf.5.xml:4563 pam_sss_gss.8.xml:157 idmap_sss.8.xml:43 msgid "EXAMPLES" msgstr "ПРИКЛАДИ" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4552 +#: sssd.conf.5.xml:4569 #, no-wrap msgid "" "[sssd]\n" @@ -6678,7 +6693,7 @@ msgstr "" "enumerate = False\n" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4548 +#: sssd.conf.5.xml:4565 msgid "" "1. The following example shows a typical SSSD config. It does not describe " "configuration of the domains themselves - refer to documentation on " @@ -6691,7 +6706,7 @@ msgstr "" "type=\"programlisting\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4585 +#: sssd.conf.5.xml:4602 #, no-wrap msgid "" "[domain/ipa.com/child.ad.com]\n" @@ -6701,7 +6716,7 @@ msgstr "" "use_fully_qualified_names = false\n" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4579 +#: sssd.conf.5.xml:4596 msgid "" "2. The following example shows configuration of IPA AD trust where the AD " "forest consists of two domains in a parent-child structure. Suppose IPA " @@ -6718,7 +6733,7 @@ msgstr "" "type=\"programlisting\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4596 +#: sssd.conf.5.xml:4613 #, fuzzy, no-wrap #| msgid "" #| "[certmap/my.domain/rule_name]\n" @@ -6746,7 +6761,7 @@ msgstr "" "matchrule = <ISSUER>^CN=My-CA,DC=MY,DC=DOMAIN$<SUBJECT>^CN=User.Name,DC=MY,DC=DOMAIN$\n" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4590 +#: sssd.conf.5.xml:4607 #, fuzzy #| msgid "" #| "3. The following example shows the configuration for two certificate " @@ -6820,14 +6835,23 @@ msgstr "Ви можете налаштувати SSSD на використан #. type: Content of: <reference><refentry><refsect1><para> #: sssd-ldap.5.xml:38 +#, fuzzy +#| msgid "" +#| "LDAP back end supports id, auth, access and chpass providers. If you want " +#| "to authenticate against an LDAP server either TLS/SSL or LDAPS is " +#| "required. <command>sssd</command> <emphasis>does not</emphasis> support " +#| "authentication over an unencrypted channel. If the LDAP server is used " +#| "only as an identity provider, an encrypted channel is not needed. Please " +#| "refer to <quote>ldap_access_filter</quote> config option for more " +#| "information about using LDAP as an access provider." msgid "" "LDAP back end supports id, auth, access and chpass providers. If you want to " "authenticate against an LDAP server either TLS/SSL or LDAPS is required. " "<command>sssd</command> <emphasis>does not</emphasis> support authentication " -"over an unencrypted channel. If the LDAP server is used only as an identity " -"provider, an encrypted channel is not needed. Please refer to " -"<quote>ldap_access_filter</quote> config option for more information about " -"using LDAP as an access provider." +"over an unencrypted channel. Even if the LDAP server is used only as an " +"identity provider, an encrypted channel is strongly recommended. Please " +"refer to <quote>ldap_access_filter</quote> config option for more " +"information about using LDAP as an access provider." msgstr "" "У основному модулі LDAP передбачено підтримку засобів надання ідентифікатора " "(id), уповноважень (auth), доступу (access) та зміни паролів (chpass). Якщо " @@ -6840,19 +6864,19 @@ msgstr "" "більше про використання LDAP, як засобу керування доступом." #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:82 sssd-ad.5.xml:130 +#: sssd-ldap.5.xml:50 sssd-simple.5.xml:69 sssd-ipa.5.xml:82 sssd-ad.5.xml:130 #: sssd-krb5.5.xml:63 sssd-ifp.5.xml:60 sssd-files.5.xml:77 #: sssd-session-recording.5.xml:58 sssd-kcm.8.xml:202 msgid "CONFIGURATION OPTIONS" msgstr "ПАРАМЕТРИ НАЛАШТУВАННЯ" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:66 +#: sssd-ldap.5.xml:67 msgid "ldap_uri, ldap_backup_uri (string)" msgstr "ldap_uri, ldap_backup_uri (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:69 +#: sssd-ldap.5.xml:70 msgid "" "Specifies the comma-separated list of URIs of the LDAP servers to which SSSD " "should connect in the order of preference. Refer to the <quote>FAILOVER</" @@ -6867,34 +6891,34 @@ msgstr "" "служб. Докладніші відомості можна знайти у розділі «ПОШУК СЛУЖБ»." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:76 +#: sssd-ldap.5.xml:77 msgid "The format of the URI must match the format defined in RFC 2732:" msgstr "Формат адреси має відповідати формату, що визначається RFC 2732:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:79 +#: sssd-ldap.5.xml:80 msgid "ldap[s]://<host>[:port]" msgstr "ldap[s]://<вузол>[:порт]" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:82 +#: sssd-ldap.5.xml:83 msgid "" "For explicit IPv6 addresses, <host> must be enclosed in brackets []" msgstr "" "У явних адресах IPv6 <вузол> має бути вказано у квадратних дужках, []" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:85 +#: sssd-ldap.5.xml:86 msgid "example: ldap://[fc00::126:25]:389" msgstr "приклад: ldap://[fc00::126:25]:389" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:91 +#: sssd-ldap.5.xml:92 msgid "ldap_chpass_uri, ldap_chpass_backup_uri (string)" msgstr "ldap_chpass_uri, ldap_chpass_backup_uri (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:94 +#: sssd-ldap.5.xml:95 msgid "" "Specifies the comma-separated list of URIs of the LDAP servers to which SSSD " "should connect in the order of preference to change the password of a user. " @@ -6907,31 +6931,31 @@ msgstr "" "резервні ресурси та додаткові сервери." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:101 +#: sssd-ldap.5.xml:102 msgid "To enable service discovery ldap_chpass_dns_service_name must be set." msgstr "" "Для того, щоб уможливити визначення служб, слід встановити значення " "параметра ldap_chpass_dns_service_name." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:105 +#: sssd-ldap.5.xml:106 msgid "Default: empty, i.e. ldap_uri is used." msgstr "Типове значення: порожнє, тобто використовується ldap_uri." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:111 +#: sssd-ldap.5.xml:112 msgid "ldap_search_base (string)" msgstr "ldap_search_base (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:114 +#: sssd-ldap.5.xml:115 msgid "The default base DN to use for performing LDAP user operations." msgstr "" "Типова базова назва домену, яку слід використовувати для виконання дій від " "імені користувача LDAP." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:118 +#: sssd-ldap.5.xml:119 msgid "" "Starting with SSSD 1.7.0, SSSD supports multiple search bases using the " "syntax:" @@ -6940,19 +6964,19 @@ msgstr "" "основ для пошуку за допомогою таких синтаксичних конструкцій:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:122 +#: sssd-ldap.5.xml:123 msgid "search_base[?scope?[filter][?search_base?scope?[filter]]*]" msgstr "основа_пошуку[?діапазон?[фільтр][?основа_пошуку?діапазон?[фільтр]]*]" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:125 +#: sssd-ldap.5.xml:126 msgid "The scope can be one of \"base\", \"onelevel\" or \"subtree\"." msgstr "" "Діапазоном може бути одне зі значень, «base» (основа), «onelevel» (окремий " "рівень) або «subtree» (піддерево)." #. type: Content of: <listitem><para> -#: sssd-ldap.5.xml:128 include/ldap_search_bases.xml:18 +#: sssd-ldap.5.xml:129 include/ldap_search_bases.xml:18 msgid "" "The filter must be a valid LDAP search filter as specified by http://www." "ietf.org/rfc/rfc2254.txt" @@ -6961,13 +6985,13 @@ msgstr "" "специфікації http://www.ietf.org/rfc/rfc2254.txt" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:132 sssd-ad.5.xml:311 sss_override.8.xml:143 +#: sssd-ldap.5.xml:133 sssd-ad.5.xml:311 sss_override.8.xml:143 #: sss_override.8.xml:240 sssd-ldap-attributes.5.xml:453 msgid "Examples:" msgstr "Приклади:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:135 +#: sssd-ldap.5.xml:136 msgid "" "ldap_search_base = dc=example,dc=com (which is equivalent to) " "ldap_search_base = dc=example,dc=com?subtree?" @@ -6976,7 +7000,7 @@ msgstr "" "dc=example,dc=com?subtree?" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:140 +#: sssd-ldap.5.xml:141 msgid "" "ldap_search_base = cn=host_specific,dc=example,dc=com?subtree?" "(host=thishost)?dc=example.com?subtree?" @@ -6985,7 +7009,7 @@ msgstr "" "(host=thishost)?dc=example.com?subtree?" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:143 +#: sssd-ldap.5.xml:144 msgid "" "Note: It is unsupported to have multiple search bases which reference " "identically-named objects (for example, groups with the same name in two " @@ -6998,7 +7022,7 @@ msgstr "" "непередбачуваних результатів на клієнтських комп’ютерах." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:150 +#: sssd-ldap.5.xml:151 msgid "" "Default: If not set, the value of the defaultNamingContext or namingContexts " "attribute from the RootDSE of the LDAP server is used. If " @@ -7015,12 +7039,12 @@ msgstr "" "Підтримки визначення декількох значень не передбачено." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:164 +#: sssd-ldap.5.xml:165 msgid "ldap_schema (string)" msgstr "ldap_schema (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:167 +#: sssd-ldap.5.xml:168 msgid "" "Specifies the Schema Type in use on the target LDAP server. Depending on " "the selected schema, the default attribute names retrieved from the servers " @@ -7031,32 +7055,32 @@ msgstr "" "можуть бути різними. Спосіб обробки атрибутів також може бути різним." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:174 +#: sssd-ldap.5.xml:175 msgid "Four schema types are currently supported:" msgstr "У поточній версії передбачено підтримку чотирьох типів схем:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:178 +#: sssd-ldap.5.xml:179 msgid "rfc2307" msgstr "rfc2307" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:183 +#: sssd-ldap.5.xml:184 msgid "rfc2307bis" msgstr "rfc2307bis" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:188 +#: sssd-ldap.5.xml:189 msgid "IPA" msgstr "IPA" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:193 +#: sssd-ldap.5.xml:194 msgid "AD" msgstr "AD" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:199 +#: sssd-ldap.5.xml:200 msgid "" "The main difference between these schema types is how group memberships are " "recorded in the server. With rfc2307, group members are listed by name in " @@ -7074,38 +7098,38 @@ msgstr "" "Active Directory 2008r2." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:209 +#: sssd-ldap.5.xml:210 msgid "Default: rfc2307" msgstr "Типове значення: rfc2307" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:215 +#: sssd-ldap.5.xml:216 msgid "ldap_pwmodify_mode (string)" msgstr "ldap_pwmodify_mode (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:218 +#: sssd-ldap.5.xml:219 msgid "Specify the operation that is used to modify user password." msgstr "Визначає дію, яку буде здійснено для зміни пароля користувача." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:222 +#: sssd-ldap.5.xml:223 msgid "Two modes are currently supported:" msgstr "У поточній версії передбачено два режими:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:226 +#: sssd-ldap.5.xml:227 msgid "exop - Password Modify Extended Operation (RFC 3062)" msgstr "exop — розширена дія зі зміни пароля (RFC 3062)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:232 +#: sssd-ldap.5.xml:233 msgid "ldap_modify - Direct modification of userPassword (not recommended)." msgstr "" "ldap_modify — безпосереднє внесення змін до userPassword (не рекомендуємо)." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:239 +#: sssd-ldap.5.xml:240 msgid "" "Note: First, a new connection is established to verify current password by " "binding as the user that requested password change. If successful, this " @@ -7119,54 +7143,54 @@ msgstr "" "запису атрибута userPassword." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:247 +#: sssd-ldap.5.xml:248 msgid "Default: exop" msgstr "Типове значення: exop" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:253 +#: sssd-ldap.5.xml:254 msgid "ldap_default_bind_dn (string)" msgstr "ldap_default_bind_dn (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:256 +#: sssd-ldap.5.xml:257 msgid "The default bind DN to use for performing LDAP operations." msgstr "" "Типова назва домену прив’язки, яку слід використовувати для виконання дій " "LDAP." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:263 +#: sssd-ldap.5.xml:264 msgid "ldap_default_authtok_type (string)" msgstr "ldap_default_authtok_type (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:266 +#: sssd-ldap.5.xml:267 msgid "The type of the authentication token of the default bind DN." msgstr "Тип розпізнавання для типової назви сервера прив’язки." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:270 +#: sssd-ldap.5.xml:271 msgid "The two mechanisms currently supported are:" msgstr "У поточній версії передбачено підтримку двох механізмів:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:273 +#: sssd-ldap.5.xml:274 msgid "password" msgstr "password" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:276 +#: sssd-ldap.5.xml:277 msgid "obfuscated_password" msgstr "obfuscated_password" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:279 +#: sssd-ldap.5.xml:280 msgid "Default: password" msgstr "Типове значення: password" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:282 +#: sssd-ldap.5.xml:283 msgid "" "See the <citerefentry> <refentrytitle>sss_obfuscate</refentrytitle> " "<manvolnum>8</manvolnum> </citerefentry> manual page for more information." @@ -7176,22 +7200,22 @@ msgstr "" "manvolnum> </citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:293 +#: sssd-ldap.5.xml:294 msgid "ldap_default_authtok (string)" msgstr "ldap_default_authtok (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:296 +#: sssd-ldap.5.xml:297 msgid "The authentication token of the default bind DN." msgstr "Лексема розпізнавання типової назви сервера прив’язки." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:302 +#: sssd-ldap.5.xml:303 msgid "ldap_force_upper_case_realm (boolean)" msgstr "ldap_force_upper_case_realm (булеве значення)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:305 +#: sssd-ldap.5.xml:306 msgid "" "Some directory servers, for example Active Directory, might deliver the " "realm part of the UPN in lower case, which might cause the authentication to " @@ -7205,12 +7229,12 @@ msgstr "" "області у верхньому регістрі." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:318 +#: sssd-ldap.5.xml:319 msgid "ldap_enumeration_refresh_timeout (integer)" msgstr "ldap_enumeration_refresh_timeout (ціле число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:321 +#: sssd-ldap.5.xml:322 msgid "" "Specifies how many seconds SSSD has to wait before refreshing its cache of " "enumerated records." @@ -7219,12 +7243,12 @@ msgstr "" "свого кешу нумерованих записів." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:337 +#: sssd-ldap.5.xml:338 msgid "ldap_purge_cache_timeout (integer)" msgstr "ldap_purge_cache_timeout (ціле число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:340 +#: sssd-ldap.5.xml:341 msgid "" "Determine how often to check the cache for inactive entries (such as groups " "with no members and users who have never logged in) and remove them to save " @@ -7235,7 +7259,7 @@ msgstr "" "цих записів з метою економії місця." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:346 +#: sssd-ldap.5.xml:347 msgid "" "Setting this option to zero will disable the cache cleanup operation. Please " "note that if enumeration is enabled, the cleanup task is required in order " @@ -7249,12 +7273,12 @@ msgstr "" "кожні 3 години." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:366 +#: sssd-ldap.5.xml:367 msgid "ldap_group_nesting_level (integer)" msgstr "ldap_group_nesting_level (ціле число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:369 +#: sssd-ldap.5.xml:370 msgid "" "If ldap_schema is set to a schema format that supports nested groups (e.g. " "RFC2307bis), then this option controls how many levels of nesting SSSD will " @@ -7266,7 +7290,7 @@ msgstr "" "параметра буде проігноровано, якщо використано схему RFC2307." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:376 +#: sssd-ldap.5.xml:377 msgid "" "Note: This option specifies the guaranteed level of nested groups to be " "processed for any lookup. However, nested groups beyond this limit " @@ -7282,7 +7306,7 @@ msgstr "" "початкового пошуку, якщо запити щодо пошуку надходять повторно." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:385 +#: sssd-ldap.5.xml:386 msgid "" "If ldap_group_nesting_level is set to 0 then no nested groups are processed " "at all. However, when connected to Active-Directory Server 2008 and later " @@ -7298,12 +7322,12 @@ msgstr "" "обмеження вкладеності у групах." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:394 +#: sssd-ldap.5.xml:395 msgid "Default: 2" msgstr "Типове значення: 2" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:403 +#: sssd-ldap.5.xml:404 msgid "" "This options enables or disables use of Token-Groups attribute when " "performing initgroup for users from Active Directory Server 2008 and later." @@ -7313,24 +7337,24 @@ msgstr "" "Directory Server 2008 та новіших версій." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:413 +#: sssd-ldap.5.xml:414 msgid "Default: True for AD and IPA otherwise False." msgstr "Типове значення: True для AD і IPA, інакше False." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:419 +#: sssd-ldap.5.xml:420 msgid "ldap_host_search_base (string)" msgstr "ldap_host_search_base (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:422 +#: sssd-ldap.5.xml:423 msgid "Optional. Use the given string as search base for host objects." msgstr "" "Необов’язковий. Використати вказаний рядок як основу пошуку об’єктів вузлів." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:426 sssd-ipa.5.xml:457 sssd-ipa.5.xml:476 sssd-ipa.5.xml:495 -#: sssd-ipa.5.xml:514 +#: sssd-ldap.5.xml:427 sssd-ipa.5.xml:462 sssd-ipa.5.xml:481 sssd-ipa.5.xml:500 +#: sssd-ipa.5.xml:519 msgid "" "See <quote>ldap_search_base</quote> for information about configuring " "multiple search bases." @@ -7339,32 +7363,32 @@ msgstr "" "налаштування декількох основ пошуку." #. type: Content of: <listitem><para> -#: sssd-ldap.5.xml:431 sssd-ipa.5.xml:462 include/ldap_search_bases.xml:27 +#: sssd-ldap.5.xml:432 sssd-ipa.5.xml:467 include/ldap_search_bases.xml:27 msgid "Default: the value of <emphasis>ldap_search_base</emphasis>" msgstr "Типове значення: значення <emphasis>ldap_search_base</emphasis>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:438 +#: sssd-ldap.5.xml:439 msgid "ldap_service_search_base (string)" msgstr "ldap_service_search_base (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:443 +#: sssd-ldap.5.xml:444 msgid "ldap_iphost_search_base (string)" msgstr "ldap_iphost_search_base (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:448 +#: sssd-ldap.5.xml:449 msgid "ldap_ipnetwork_search_base (string)" msgstr "ldap_ipnetwork_search_base (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:453 +#: sssd-ldap.5.xml:454 msgid "ldap_search_timeout (integer)" msgstr "ldap_search_timeout (ціле число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:456 +#: sssd-ldap.5.xml:457 msgid "" "Specifies the timeout (in seconds) that ldap searches are allowed to run " "before they are cancelled and cached results are returned (and offline mode " @@ -7375,7 +7399,7 @@ msgstr "" "автономного режиму роботи)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:462 +#: sssd-ldap.5.xml:463 msgid "" "Note: this option is subject to change in future versions of the SSSD. It " "will likely be replaced at some point by a series of timeouts for specific " @@ -7386,12 +7410,12 @@ msgstr "" "окремих типів пошуків." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:479 +#: sssd-ldap.5.xml:480 msgid "ldap_enumeration_search_timeout (integer)" msgstr "ldap_enumeration_search_timeout (ціле число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:482 +#: sssd-ldap.5.xml:483 msgid "" "Specifies the timeout (in seconds) that ldap searches for user and group " "enumerations are allowed to run before they are cancelled and cached results " @@ -7402,12 +7426,12 @@ msgstr "" "кешованих даних (і переходом до автономного режиму роботи)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:500 +#: sssd-ldap.5.xml:501 msgid "ldap_network_timeout (integer)" msgstr "ldap_network_timeout (ціле число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:503 +#: sssd-ldap.5.xml:504 msgid "" "Specifies the timeout (in seconds) after which the <citerefentry> " "<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/" @@ -7424,12 +7448,12 @@ msgstr "" "citerefentry> повертається до стану бездіяльності." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:531 +#: sssd-ldap.5.xml:532 msgid "ldap_opt_timeout (integer)" msgstr "ldap_opt_timeout (ціле число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:534 +#: sssd-ldap.5.xml:535 msgid "" "Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs " "will abort if no response is received. Also controls the timeout when " @@ -7443,12 +7467,12 @@ msgstr "" "розширеної операції зі зміни пароля та дії StartTLS." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:554 +#: sssd-ldap.5.xml:555 msgid "ldap_connection_expire_timeout (integer)" msgstr "ldap_connection_expire_timeout (ціле значення)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:557 +#: sssd-ldap.5.xml:558 msgid "" "Specifies a timeout (in seconds) that a connection to an LDAP server will be " "maintained. After this time, the connection will be re-established. If used " @@ -7462,7 +7486,7 @@ msgstr "" "дії TGT)." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:565 +#: sssd-ldap.5.xml:566 msgid "" "If the connection is idle (not actively running an operation) within " "<emphasis>ldap_opt_timeout</emphasis> seconds of expiration, then it will be " @@ -7480,7 +7504,7 @@ msgstr "" "<emphasis>ldap_connection_expire_timeout <= ldap_opt_timout</emphasis>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:577 +#: sssd-ldap.5.xml:578 msgid "" "This timeout can be extended of a random value specified by " "<emphasis>ldap_connection_expire_offset</emphasis>" @@ -7489,17 +7513,17 @@ msgstr "" "параметром <emphasis>ldap_connection_expire_offset</emphasis>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:587 sssd-ldap.5.xml:630 sssd-ldap.5.xml:1711 +#: sssd-ldap.5.xml:588 sssd-ldap.5.xml:631 sssd-ldap.5.xml:1713 msgid "Default: 900 (15 minutes)" msgstr "Типове значення: 900 (15 хвилин)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:593 +#: sssd-ldap.5.xml:594 msgid "ldap_connection_expire_offset (integer)" msgstr "ldap_connection_expire_offset (ціле число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:596 +#: sssd-ldap.5.xml:597 msgid "" "Random offset between 0 and configured value is added to " "<emphasis>ldap_connection_expire_timeout</emphasis>." @@ -7508,12 +7532,12 @@ msgstr "" "<emphasis>ldap_connection_expire_timeout</emphasis>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:612 +#: sssd-ldap.5.xml:613 msgid "ldap_connection_idle_timeout (integer)" msgstr "ldap_connection_idle_timeout (ціле значення)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:615 +#: sssd-ldap.5.xml:616 msgid "" "Specifies a timeout (in seconds) that an idle connection to an LDAP server " "will be maintained. If the connection is idle for more than this time then " @@ -7524,17 +7548,17 @@ msgstr "" "бездіяльним понад цей час, з'єднання буде розірвано." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:621 +#: sssd-ldap.5.xml:622 msgid "You can disable this timeout by setting the value to 0." msgstr "Ви можете вимкнути цей час очікування, встановивши значення 0." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:636 +#: sssd-ldap.5.xml:637 msgid "ldap_page_size (integer)" msgstr "ldap_page_size (ціле число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:639 +#: sssd-ldap.5.xml:640 msgid "" "Specify the number of records to retrieve from LDAP in a single request. " "Some LDAP servers enforce a maximum limit per-request." @@ -7544,12 +7568,12 @@ msgstr "" "один запит." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:650 +#: sssd-ldap.5.xml:651 msgid "ldap_disable_paging (boolean)" msgstr "ldap_disable_paging (булеве значення)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:653 +#: sssd-ldap.5.xml:654 msgid "" "Disable the LDAP paging control. This option should be used if the LDAP " "server reports that it supports the LDAP paging control in its RootDSE but " @@ -7560,7 +7584,7 @@ msgstr "" "RootDSE, але цю підтримку не увімкнено або вона не працює належним чином." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:659 +#: sssd-ldap.5.xml:660 msgid "" "Example: OpenLDAP servers with the paging control module installed on the " "server but not enabled will report it in the RootDSE but be unable to use it." @@ -7570,7 +7594,7 @@ msgstr "" "підтримкою не можна скористатися." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:665 +#: sssd-ldap.5.xml:666 msgid "" "Example: 389 DS has a bug where it can only support a one paging control at " "a time on a single connection. On busy clients, this can result in some " @@ -7581,17 +7605,17 @@ msgstr "" "це може призвести до відмови у виконанні запитів." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:677 +#: sssd-ldap.5.xml:678 msgid "ldap_disable_range_retrieval (boolean)" msgstr "ldap_disable_range_retrieval (булеве значення)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:680 +#: sssd-ldap.5.xml:681 msgid "Disable Active Directory range retrieval." msgstr "Вимкнути отримання діапазону Active Directory." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:683 +#: sssd-ldap.5.xml:684 msgid "" "Active Directory limits the number of members to be retrieved in a single " "lookup using the MaxValRange policy (which defaults to 1500 members). If a " @@ -7607,12 +7631,12 @@ msgstr "" "буде представлено як такі, у яких немає учасників." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:698 +#: sssd-ldap.5.xml:699 msgid "ldap_sasl_minssf (integer)" msgstr "ldap_sasl_minssf (ціле значення)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:701 +#: sssd-ldap.5.xml:702 msgid "" "When communicating with an LDAP server using SASL, specify the minimum " "security level necessary to establish the connection. The values of this " @@ -7623,19 +7647,19 @@ msgstr "" "параметра визначається OpenLDAP." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:707 sssd-ldap.5.xml:723 +#: sssd-ldap.5.xml:708 sssd-ldap.5.xml:724 msgid "Default: Use the system default (usually specified by ldap.conf)" msgstr "" "Типове значення: типове для системи значення (зазвичай, визначається у ldap." "conf)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:714 +#: sssd-ldap.5.xml:715 msgid "ldap_sasl_maxssf (integer)" msgstr "ldap_sasl_maxssf (ціле число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:717 +#: sssd-ldap.5.xml:718 msgid "" "When communicating with an LDAP server using SASL, specify the maximal " "security level necessary to establish the connection. The values of this " @@ -7646,12 +7670,12 @@ msgstr "" "цього параметра визначається OpenLDAP." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:730 +#: sssd-ldap.5.xml:731 msgid "ldap_deref_threshold (integer)" msgstr "ldap_deref_threshold (ціле число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:733 +#: sssd-ldap.5.xml:734 msgid "" "Specify the number of group members that must be missing from the internal " "cache in order to trigger a dereference lookup. If less members are missing, " @@ -7663,7 +7687,7 @@ msgstr "" "виконуватиметься окремо." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:739 +#: sssd-ldap.5.xml:740 msgid "" "You can turn off dereference lookups completely by setting the value to 0. " "Please note that there are some codepaths in SSSD, like the IPA HBAC " @@ -7681,7 +7705,7 @@ msgstr "" "rootDSE." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:750 +#: sssd-ldap.5.xml:751 msgid "" "A dereference lookup is a means of fetching all group members in a single " "LDAP call. Different LDAP servers may implement different dereference " @@ -7694,7 +7718,7 @@ msgstr "" "OpenLDAP та Active Directory." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:758 +#: sssd-ldap.5.xml:759 msgid "" "<emphasis>Note:</emphasis> If any of the search bases specifies a search " "filter, then the dereference lookup performance enhancement will be disabled " @@ -7705,12 +7729,12 @@ msgstr "" "незалежно від використання цього параметра." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:771 +#: sssd-ldap.5.xml:772 msgid "ldap_ignore_unreadable_references (bool)" msgstr "ldap_ignore_unreadable_references (булеве значення)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:774 +#: sssd-ldap.5.xml:775 msgid "" "Ignore unreadable LDAP entries referenced in group's member attribute. If " "this parameter is set to false an error will be returned and the operation " @@ -7722,7 +7746,7 @@ msgstr "" "простого ігнорування непридатного до читання запису." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:781 +#: sssd-ldap.5.xml:782 msgid "" "This parameter may be useful when using the AD provider and the computer " "account that sssd uses to connect to AD does not have access to a particular " @@ -7734,12 +7758,12 @@ msgstr "" "міркувань безпеки." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:794 +#: sssd-ldap.5.xml:795 msgid "ldap_tls_reqcert (string)" msgstr "ldap_tls_reqcert (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:797 +#: sssd-ldap.5.xml:798 msgid "" "Specifies what checks to perform on server certificates in a TLS session, if " "any. It can be specified as one of the following values:" @@ -7749,7 +7773,7 @@ msgstr "" "таких значень:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:803 +#: sssd-ldap.5.xml:804 msgid "" "<emphasis>never</emphasis> = The client will not request or check any server " "certificate." @@ -7758,7 +7782,7 @@ msgstr "" "жодних сертифікатів сервера." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:807 +#: sssd-ldap.5.xml:808 msgid "" "<emphasis>allow</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -7770,7 +7794,7 @@ msgstr "" "режимі." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:814 +#: sssd-ldap.5.xml:815 msgid "" "<emphasis>try</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -7781,7 +7805,7 @@ msgstr "" "надано помилковий сертифікат, негайно перервати сеанс." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:820 +#: sssd-ldap.5.xml:821 msgid "" "<emphasis>demand</emphasis> = The server certificate is requested. If no " "certificate is provided, or a bad certificate is provided, the session is " @@ -7792,22 +7816,22 @@ msgstr "" "перервати сеанс." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:826 +#: sssd-ldap.5.xml:827 msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>" msgstr "<emphasis>hard</emphasis> = те саме, що і <quote>demand</quote>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:830 +#: sssd-ldap.5.xml:831 msgid "Default: hard" msgstr "Типове значення: hard" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:836 +#: sssd-ldap.5.xml:837 msgid "ldap_tls_cacert (string)" msgstr "ldap_tls_cacert (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:839 +#: sssd-ldap.5.xml:840 msgid "" "Specifies the file that contains certificates for all of the Certificate " "Authorities that <command>sssd</command> will recognize." @@ -7816,7 +7840,7 @@ msgstr "" "розпізнаються <command>sssd</command>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:844 sssd-ldap.5.xml:862 sssd-ldap.5.xml:903 +#: sssd-ldap.5.xml:845 sssd-ldap.5.xml:863 sssd-ldap.5.xml:904 msgid "" "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap." "conf</filename>" @@ -7825,12 +7849,12 @@ msgstr "" "у <filename>/etc/openldap/ldap.conf</filename>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:851 +#: sssd-ldap.5.xml:852 msgid "ldap_tls_cacertdir (string)" msgstr "ldap_tls_cacertdir (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:854 +#: sssd-ldap.5.xml:855 msgid "" "Specifies the path of a directory that contains Certificate Authority " "certificates in separate individual files. Typically the file names need to " @@ -7843,32 +7867,32 @@ msgstr "" "<command>cacertdir_rehash</command>, якщо ця програма є доступною." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:869 +#: sssd-ldap.5.xml:870 msgid "ldap_tls_cert (string)" msgstr "ldap_tls_cert (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:872 +#: sssd-ldap.5.xml:873 msgid "Specifies the file that contains the certificate for the client's key." msgstr "Визначає файл, який містить сертифікат для ключа клієнта." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:882 +#: sssd-ldap.5.xml:883 msgid "ldap_tls_key (string)" msgstr "ldap_tls_key (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:885 +#: sssd-ldap.5.xml:886 msgid "Specifies the file that contains the client's key." msgstr "Визначає файл, у якому міститься ключ клієнта." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:894 +#: sssd-ldap.5.xml:895 msgid "ldap_tls_cipher_suite (string)" msgstr "ldap_tls_cipher_suite (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:897 +#: sssd-ldap.5.xml:898 msgid "" "Specifies acceptable cipher suites. Typically this is a colon separated " "list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> " @@ -7880,26 +7904,31 @@ msgstr "" "<manvolnum>5</manvolnum></citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:910 +#: sssd-ldap.5.xml:911 msgid "ldap_id_use_start_tls (boolean)" msgstr "ldap_id_use_start_tls (булеве значення)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:913 +#: sssd-ldap.5.xml:914 +#, fuzzy +#| msgid "" +#| "Specifies that the id_provider connection must also use <systemitem " +#| "class=\"protocol\">tls</systemitem> to protect the channel." msgid "" "Specifies that the id_provider connection must also use <systemitem " -"class=\"protocol\">tls</systemitem> to protect the channel." +"class=\"protocol\">tls</systemitem> to protect the channel. <emphasis>true</" +"emphasis> is strongly recommended for security reasons." msgstr "" "Визначає, що з’єднання id_provider має також використовувати <systemitem " "class=\"protocol\">tls</systemitem> для захисту каналу." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:923 +#: sssd-ldap.5.xml:925 msgid "ldap_id_mapping (boolean)" msgstr "ldap_id_mapping (булеве значення)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:926 +#: sssd-ldap.5.xml:928 msgid "" "Specifies that SSSD should attempt to map user and group IDs from the " "ldap_user_objectsid and ldap_group_objectsid attributes instead of relying " @@ -7911,19 +7940,19 @@ msgstr "" "ldap_group_gid_number." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:932 +#: sssd-ldap.5.xml:934 msgid "Currently this feature supports only ActiveDirectory objectSID mapping." msgstr "" "У поточній версії у цій можливості передбачено підтримку лише встановлення " "відповідності objectSID у ActiveDirectory." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:942 +#: sssd-ldap.5.xml:944 msgid "ldap_min_id, ldap_max_id (integer)" msgstr "ldap_min_id, ldap_max_id (ціле число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:945 +#: sssd-ldap.5.xml:947 msgid "" "In contrast to the SID based ID mapping which is used if ldap_id_mapping is " "set to true the allowed ID range for ldap_user_uid_number and " @@ -7943,18 +7972,18 @@ msgstr "" "ідентифікаторів." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:957 +#: sssd-ldap.5.xml:959 msgid "Default: not set (both options are set to 0)" msgstr "" "Типове значення: не встановлено (обидва параметри встановлено у значення 0)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:963 +#: sssd-ldap.5.xml:965 msgid "ldap_sasl_mech (string)" msgstr "ldap_sasl_mech (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:966 +#: sssd-ldap.5.xml:968 msgid "" "Specify the SASL mechanism to use. Currently only GSSAPI and GSS-SPNEGO are " "tested and supported." @@ -7963,7 +7992,7 @@ msgstr "" "перевірено і передбачено підтримку лише механізмів GSSAPI та GSS-SPNEGO." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:970 +#: sssd-ldap.5.xml:972 msgid "" "If the backend supports sub-domains the value of ldap_sasl_mech is " "automatically inherited to the sub-domains. If a different value is needed " @@ -7981,12 +8010,12 @@ msgstr "" "manvolnum></citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:986 +#: sssd-ldap.5.xml:988 msgid "ldap_sasl_authid (string)" msgstr "ldap_sasl_authid (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd-ldap.5.xml:998 +#: sssd-ldap.5.xml:1000 #, no-wrap msgid "" "hostname@REALM\n" @@ -8006,7 +8035,7 @@ msgstr "" " " #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:989 +#: sssd-ldap.5.xml:991 msgid "" "Specify the SASL authorization id to use. When GSSAPI/GSS-SPNEGO are used, " "this represents the Kerberos principal used for authentication to the " @@ -8027,17 +8056,17 @@ msgstr "" "таблиці ключів." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1009 +#: sssd-ldap.5.xml:1011 msgid "Default: host/hostname@REALM" msgstr "Типове значення: вузол/назва_вузла@ОБЛАСТЬ" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1015 +#: sssd-ldap.5.xml:1017 msgid "ldap_sasl_realm (string)" msgstr "ldap_sasl_realm (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1018 +#: sssd-ldap.5.xml:1020 msgid "" "Specify the SASL realm to use. When not specified, this option defaults to " "the value of krb5_realm. If the ldap_sasl_authid contains the realm as " @@ -8049,17 +8078,17 @@ msgstr "" "проігноровано." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1024 +#: sssd-ldap.5.xml:1026 msgid "Default: the value of krb5_realm." msgstr "Типове значення: значення krb5_realm." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1030 +#: sssd-ldap.5.xml:1032 msgid "ldap_sasl_canonicalize (boolean)" msgstr "ldap_sasl_canonicalize (булеве значення)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1033 +#: sssd-ldap.5.xml:1035 msgid "" "If set to true, the LDAP library would perform a reverse lookup to " "canonicalize the host name during a SASL bind." @@ -8069,36 +8098,36 @@ msgstr "" "SASL." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1038 +#: sssd-ldap.5.xml:1040 msgid "Default: false;" msgstr "Типове значення: false;" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1044 +#: sssd-ldap.5.xml:1046 msgid "ldap_krb5_keytab (string)" msgstr "ldap_krb5_keytab (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1047 +#: sssd-ldap.5.xml:1049 msgid "Specify the keytab to use when using SASL/GSSAPI/GSS-SPNEGO." msgstr "" "Визначає таблицю ключів, яку слід використовувати разом з SASL/GSSAPI/GSS-" "SPNEGO." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1056 sssd-krb5.5.xml:247 +#: sssd-ldap.5.xml:1058 sssd-krb5.5.xml:247 msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>" msgstr "" "Типове значення: системна таблиця ключів, зазвичай <filename>/etc/krb5." "keytab</filename>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1062 +#: sssd-ldap.5.xml:1064 msgid "ldap_krb5_init_creds (boolean)" msgstr "ldap_krb5_init_creds (булеве значення)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1065 +#: sssd-ldap.5.xml:1067 msgid "" "Specifies that the id_provider should init Kerberos credentials (TGT). This " "action is performed only if SASL is used and the mechanism selected is " @@ -8109,12 +8138,12 @@ msgstr "" "механізм GSSAPI або GSS-SPNEGO." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1077 +#: sssd-ldap.5.xml:1079 msgid "ldap_krb5_ticket_lifetime (integer)" msgstr "ldap_krb5_ticket_lifetime (ціле число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1080 +#: sssd-ldap.5.xml:1082 msgid "" "Specifies the lifetime in seconds of the TGT if GSSAPI or GSS-SPNEGO is used." msgstr "" @@ -8122,17 +8151,17 @@ msgstr "" "SPNEGO." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1089 sssd-ad.5.xml:1252 +#: sssd-ldap.5.xml:1091 sssd-ad.5.xml:1252 msgid "Default: 86400 (24 hours)" msgstr "Типове значення: 86400 (24 години)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1095 sssd-krb5.5.xml:74 +#: sssd-ldap.5.xml:1097 sssd-krb5.5.xml:74 msgid "krb5_server, krb5_backup_server (string)" msgstr "krb5_server, krb5_backup_server (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1098 +#: sssd-ldap.5.xml:1100 msgid "" "Specifies the comma-separated list of IP addresses or hostnames of the " "Kerberos servers to which SSSD should connect in the order of preference. " @@ -8151,7 +8180,7 @@ msgstr "" "про виявлення служб можна дізнатися з розділу «ПОШУК СЛУЖБ»." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1110 sssd-krb5.5.xml:89 +#: sssd-ldap.5.xml:1112 sssd-krb5.5.xml:89 msgid "" "When using service discovery for KDC or kpasswd servers, SSSD first searches " "for DNS entries that specify _udp as the protocol and falls back to _tcp if " @@ -8163,7 +8192,7 @@ msgstr "" "вдасться знайти." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1115 sssd-krb5.5.xml:94 +#: sssd-ldap.5.xml:1117 sssd-krb5.5.xml:94 msgid "" "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. " "While the legacy name is recognized for the time being, users are advised to " @@ -8174,30 +8203,30 @@ msgstr "" "варто перейти на використання «krb5_server» у файлах налаштувань." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1124 sssd-ipa.5.xml:526 sssd-krb5.5.xml:103 +#: sssd-ldap.5.xml:1126 sssd-ipa.5.xml:531 sssd-krb5.5.xml:103 msgid "krb5_realm (string)" msgstr "krb5_realm (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1127 +#: sssd-ldap.5.xml:1129 msgid "Specify the Kerberos REALM (for SASL/GSSAPI/GSS-SPNEGO auth)." msgstr "" "Вказати область Kerberos (для розпізнавання за SASL/GSSAPI/GSS-SPNEGO)." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1131 +#: sssd-ldap.5.xml:1133 msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>" msgstr "" "Типове значення: типове значення системи, див. <filename>/etc/krb5.conf</" "filename>" #. type: Content of: <variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1137 include/krb5_options.xml:154 +#: sssd-ldap.5.xml:1139 include/krb5_options.xml:154 msgid "krb5_canonicalize (boolean)" msgstr "krb5_canonicalize (булеве значення)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1140 +#: sssd-ldap.5.xml:1142 msgid "" "Specifies if the host principal should be canonicalized when connecting to " "LDAP server. This feature is available with MIT Kerberos >= 1.7" @@ -8207,12 +8236,12 @@ msgstr "" "версії MIT Kerberos >= 1.7" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1152 sssd-krb5.5.xml:336 +#: sssd-ldap.5.xml:1154 sssd-krb5.5.xml:336 msgid "krb5_use_kdcinfo (boolean)" msgstr "krb5_use_kdcinfo (булеве значення)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1155 sssd-krb5.5.xml:339 +#: sssd-ldap.5.xml:1157 sssd-krb5.5.xml:339 msgid "" "Specifies if the SSSD should instruct the Kerberos libraries what realm and " "which KDCs to use. This option is on by default, if you disable it, you need " @@ -8227,7 +8256,7 @@ msgstr "" "<manvolnum>5</manvolnum> </citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1166 sssd-krb5.5.xml:350 +#: sssd-ldap.5.xml:1168 sssd-krb5.5.xml:350 msgid "" "See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</" "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more " @@ -8238,12 +8267,12 @@ msgstr "" "manvolnum> </citerefentry>, щоб дізнатися більше про додаток пошуку." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1180 +#: sssd-ldap.5.xml:1182 msgid "ldap_pwd_policy (string)" msgstr "ldap_pwd_policy (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1183 +#: sssd-ldap.5.xml:1185 msgid "" "Select the policy to evaluate the password expiration on the client side. " "The following values are allowed:" @@ -8252,7 +8281,7 @@ msgstr "" "використовувати такі значення:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1188 +#: sssd-ldap.5.xml:1190 msgid "" "<emphasis>none</emphasis> - No evaluation on the client side. This option " "cannot disable server-side password policies." @@ -8261,7 +8290,7 @@ msgstr "" "разі використання цього варіанта перевірку на боці сервера вимкнено не буде." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1193 +#: sssd-ldap.5.xml:1195 msgid "" "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</" "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to " @@ -8273,7 +8302,7 @@ msgstr "" "manvolnum></citerefentry> для визначення того, чи чинним є пароль." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1201 +#: sssd-ldap.5.xml:1203 msgid "" "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos " "to determine if the password has expired. Use chpass_provider=krb5 to update " @@ -8284,7 +8313,7 @@ msgstr "" "скористайтеся chpass_provider=krb5 для оновлення цих атрибутів." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1210 +#: sssd-ldap.5.xml:1212 msgid "" "<emphasis>Note</emphasis>: if a password policy is configured on server " "side, it always takes precedence over policy set with this option." @@ -8294,18 +8323,18 @@ msgstr "" "встановленими за допомогою цього параметра." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1218 +#: sssd-ldap.5.xml:1220 msgid "ldap_referrals (boolean)" msgstr "ldap_referrals (булеве значення)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1221 +#: sssd-ldap.5.xml:1223 msgid "Specifies whether automatic referral chasing should be enabled." msgstr "" "Визначає, чи має бути увімкнено автоматичне визначення напрямків пошуку." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1225 +#: sssd-ldap.5.xml:1227 msgid "" "Please note that sssd only supports referral chasing when it is compiled " "with OpenLDAP version 2.4.13 or higher." @@ -8314,7 +8343,7 @@ msgstr "" "з версією OpenLDAP 2.4.13 або новішою версією." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1230 +#: sssd-ldap.5.xml:1232 msgid "" "Chasing referrals may incur a performance penalty in environments that use " "them heavily, a notable example is Microsoft Active Directory. If your setup " @@ -8336,28 +8365,28 @@ msgstr "" "дані виявляться недоступними." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1249 +#: sssd-ldap.5.xml:1251 msgid "ldap_dns_service_name (string)" msgstr "ldap_dns_service_name (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1252 +#: sssd-ldap.5.xml:1254 msgid "Specifies the service name to use when service discovery is enabled." msgstr "" "Визначає назву служби, яку буде використано у разі вмикання визначення служб." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1256 +#: sssd-ldap.5.xml:1258 msgid "Default: ldap" msgstr "Типове значення: ldap" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1262 +#: sssd-ldap.5.xml:1264 msgid "ldap_chpass_dns_service_name (string)" msgstr "ldap_chpass_dns_service_name (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1265 +#: sssd-ldap.5.xml:1267 msgid "" "Specifies the service name to use to find an LDAP server which allows " "password changes when service discovery is enabled." @@ -8366,17 +8395,17 @@ msgstr "" "уможливлює зміну паролів, у разі вмикання визначення служб." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1270 +#: sssd-ldap.5.xml:1272 msgid "Default: not set, i.e. service discovery is disabled" msgstr "Типове значення: не встановлено, тобто пошук служб вимкнено" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1276 +#: sssd-ldap.5.xml:1278 msgid "ldap_chpass_update_last_change (bool)" msgstr "ldap_chpass_update_last_change (булеве значення)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1279 +#: sssd-ldap.5.xml:1281 msgid "" "Specifies whether to update the ldap_user_shadow_last_change attribute with " "days since the Epoch after a password change operation." @@ -8385,7 +8414,7 @@ msgstr "" "щодо кількості днів з часу виконання дії зі зміни пароля." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1285 +#: sssd-ldap.5.xml:1287 msgid "" "It is recommend to set this option explicitly if \"ldap_pwd_policy = " "shadow\" is used to let SSSD know if the LDAP server will update " @@ -8398,12 +8427,12 @@ msgstr "" "окремо." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1299 +#: sssd-ldap.5.xml:1301 msgid "ldap_access_filter (string)" msgstr "ldap_access_filter (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1302 +#: sssd-ldap.5.xml:1304 msgid "" "If using access_provider = ldap and ldap_access_order = filter (default), " "this option is mandatory. It specifies an LDAP search filter criteria that " @@ -8432,12 +8461,12 @@ msgstr "" "refentrytitle><manvolnum>5</manvolnum> </citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1322 +#: sssd-ldap.5.xml:1324 msgid "Example:" msgstr "Приклад:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> -#: sssd-ldap.5.xml:1325 +#: sssd-ldap.5.xml:1327 #, no-wrap msgid "" "access_provider = ldap\n" @@ -8449,7 +8478,7 @@ msgstr "" " " #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1329 +#: sssd-ldap.5.xml:1331 msgid "" "This example means that access to this host is restricted to users whose " "employeeType attribute is set to \"admin\"." @@ -8458,7 +8487,7 @@ msgstr "" "employeeType встановлено у значення «admin»." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1334 +#: sssd-ldap.5.xml:1336 msgid "" "Offline caching for this feature is limited to determining whether the " "user's last online login was granted access permission. If they were granted " @@ -8472,17 +8501,17 @@ msgstr "" "таких прав не було надано, у автономному режимі їх також не буде надано." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1342 sssd-ldap.5.xml:1398 +#: sssd-ldap.5.xml:1344 sssd-ldap.5.xml:1400 msgid "Default: Empty" msgstr "Типове значення: порожній рядок" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1348 +#: sssd-ldap.5.xml:1350 msgid "ldap_account_expire_policy (string)" msgstr "ldap_account_expire_policy (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1351 +#: sssd-ldap.5.xml:1353 msgid "" "With this option a client side evaluation of access control attributes can " "be enabled." @@ -8491,7 +8520,7 @@ msgstr "" "керування доступом на боці клієнта." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1355 +#: sssd-ldap.5.xml:1357 msgid "" "Please note that it is always recommended to use server side access control, " "i.e. the LDAP server should deny the bind request with a suitable error code " @@ -8502,12 +8531,12 @@ msgstr "" "з відповідним кодом помилки, навіть якщо вказано правильний пароль." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1362 +#: sssd-ldap.5.xml:1364 msgid "The following values are allowed:" msgstr "Можна використовувати такі значення:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1365 +#: sssd-ldap.5.xml:1367 msgid "" "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to " "determine if the account is expired." @@ -8516,7 +8545,7 @@ msgstr "" "визначити, чи завершено строк дії облікового запису." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1370 +#: sssd-ldap.5.xml:1372 msgid "" "<emphasis>ad</emphasis>: use the value of the 32bit field " "ldap_user_ad_user_account_control and allow access if the second bit is not " @@ -8529,7 +8558,7 @@ msgstr "" "Також буде перевірено, чи не вичерпано строк дії облікового запису." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1377 +#: sssd-ldap.5.xml:1379 msgid "" "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</" "emphasis>: use the value of ldap_ns_account_lock to check if access is " @@ -8540,7 +8569,7 @@ msgstr "" "ldap_ns_account_lock." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1383 +#: sssd-ldap.5.xml:1385 msgid "" "<emphasis>nds</emphasis>: the values of " "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and " @@ -8553,7 +8582,7 @@ msgstr "" "атрибутів, надати доступ." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1391 +#: sssd-ldap.5.xml:1393 msgid "" "Please note that the ldap_access_order configuration option <emphasis>must</" "emphasis> include <quote>expire</quote> in order for the " @@ -8564,24 +8593,24 @@ msgstr "" "користуватися параметром ldap_account_expire_policy." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1404 +#: sssd-ldap.5.xml:1406 msgid "ldap_access_order (string)" msgstr "ldap_access_order (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1407 sssd-ipa.5.xml:351 +#: sssd-ldap.5.xml:1409 sssd-ipa.5.xml:356 msgid "Comma separated list of access control options. Allowed values are:" msgstr "" "Список відокремлених комами параметрів керування доступом. Можливі значення " "списку:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1411 +#: sssd-ldap.5.xml:1413 msgid "<emphasis>filter</emphasis>: use ldap_access_filter" msgstr "<emphasis>filter</emphasis>: використовувати ldap_access_filter" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1414 +#: sssd-ldap.5.xml:1416 msgid "" "<emphasis>lockout</emphasis>: use account locking. If set, this option " "denies access in case that ldap attribute 'pwdAccountLockedTime' is present " @@ -8596,7 +8625,7 @@ msgstr "" "для працездатності цієї можливості слід встановити «access_provider = ldap»." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1424 +#: sssd-ldap.5.xml:1426 msgid "" "<emphasis> Please note that this option is superseded by the <quote>ppolicy</" "quote> option and might be removed in a future release. </emphasis>" @@ -8606,7 +8635,7 @@ msgstr "" "emphasis>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1431 +#: sssd-ldap.5.xml:1433 msgid "" "<emphasis>ppolicy</emphasis>: use account locking. If set, this option " "denies access in case that ldap attribute 'pwdAccountLockedTime' is present " @@ -8629,13 +8658,13 @@ msgstr "" "параметра слід встановити значення «access_provider = ldap»." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1448 +#: sssd-ldap.5.xml:1450 msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" msgstr "" "<emphasis>expire</emphasis>: використовувати ldap_account_expire_policy" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1452 sssd-ipa.5.xml:359 +#: sssd-ldap.5.xml:1454 sssd-ipa.5.xml:364 msgid "" "<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, " "pwd_expire_policy_renew: </emphasis> These options are useful if users are " @@ -8650,31 +8679,31 @@ msgstr "" "наприклад на ключах SSH." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1462 sssd-ipa.5.xml:369 +#: sssd-ldap.5.xml:1464 sssd-ipa.5.xml:374 msgid "" "The difference between these options is the action taken if user password is " "expired:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:1467 sssd-ipa.5.xml:374 +#: sssd-ldap.5.xml:1469 sssd-ipa.5.xml:379 msgid "pwd_expire_policy_reject - user is denied to log in," msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:1473 sssd-ipa.5.xml:380 +#: sssd-ldap.5.xml:1475 sssd-ipa.5.xml:385 msgid "pwd_expire_policy_warn - user is still able to log in," msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:1479 sssd-ipa.5.xml:386 +#: sssd-ldap.5.xml:1481 sssd-ipa.5.xml:391 msgid "" "pwd_expire_policy_renew - user is prompted to change their password " "immediately." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1487 +#: sssd-ldap.5.xml:1489 msgid "" "Please note that 'access_provider = ldap' must be set for this feature to " "work. Also 'ldap_pwd_policy' must be set to an appropriate password policy." @@ -8684,7 +8713,7 @@ msgstr "" "параметра «ldap_pwd_policy» відповідні правила поводження із паролями." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1492 +#: sssd-ldap.5.xml:1494 msgid "" "<emphasis>authorized_service</emphasis>: use the authorizedService attribute " "to determine access" @@ -8693,14 +8722,14 @@ msgstr "" "можливості доступу атрибут authorizedService" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1497 +#: sssd-ldap.5.xml:1499 msgid "<emphasis>host</emphasis>: use the host attribute to determine access" msgstr "" "<emphasis>host</emphasis>: за допомогою цього атрибута вузла можна визначити " "права доступу" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1501 +#: sssd-ldap.5.xml:1503 msgid "" "<emphasis>rhost</emphasis>: use the rhost attribute to determine whether " "remote host can access" @@ -8709,7 +8738,7 @@ msgstr "" "того, чи матиме віддалений вузол доступ" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1505 +#: sssd-ldap.5.xml:1507 msgid "" "Please note, rhost field in pam is set by application, it is better to check " "what the application sends to pam, before enabling this access control option" @@ -8719,12 +8748,12 @@ msgstr "" "керування доступом." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1510 +#: sssd-ldap.5.xml:1512 msgid "Default: filter" msgstr "Типове значення: filter" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1513 +#: sssd-ldap.5.xml:1515 msgid "" "Please note that it is a configuration error if a value is used more than " "once." @@ -8733,12 +8762,12 @@ msgstr "" "використано декілька разів." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1520 +#: sssd-ldap.5.xml:1522 msgid "ldap_pwdlockout_dn (string)" msgstr "ldap_pwdlockout_dn (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1523 +#: sssd-ldap.5.xml:1525 msgid "" "This option specifies the DN of password policy entry on LDAP server. Please " "note that absence of this option in sssd.conf in case of enabled account " @@ -8752,22 +8781,22 @@ msgstr "" "можна буде перевірити належним чином." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1531 +#: sssd-ldap.5.xml:1533 msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com" msgstr "Приклад: cn=ppolicy,ou=policies,dc=example,dc=com" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1534 +#: sssd-ldap.5.xml:1536 msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base" msgstr "Типове значення: cn=ppolicy,ou=policies,$ldap_search_base" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1540 +#: sssd-ldap.5.xml:1542 msgid "ldap_deref (string)" msgstr "ldap_deref (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1543 +#: sssd-ldap.5.xml:1545 msgid "" "Specifies how alias dereferencing is done when performing a search. The " "following options are allowed:" @@ -8776,13 +8805,13 @@ msgstr "" "пошуку. Можливі такі варіанти:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1548 +#: sssd-ldap.5.xml:1550 msgid "<emphasis>never</emphasis>: Aliases are never dereferenced." msgstr "" "<emphasis>never</emphasis>: ніколи не виконувати розіменування псевдонімів." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1552 +#: sssd-ldap.5.xml:1554 msgid "" "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of " "the base object, but not in locating the base object of the search." @@ -8792,7 +8821,7 @@ msgstr "" "пошуку." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1557 +#: sssd-ldap.5.xml:1559 msgid "" "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating " "the base object of the search." @@ -8801,7 +8830,7 @@ msgstr "" "під час визначення місця основного об’єкта пошуку." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1562 +#: sssd-ldap.5.xml:1564 msgid "" "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and " "in locating the base object of the search." @@ -8810,7 +8839,7 @@ msgstr "" "час пошуку, так і під час визначення місця основного об’єкта пошуку." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1567 +#: sssd-ldap.5.xml:1569 msgid "" "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP " "client libraries)" @@ -8819,12 +8848,12 @@ msgstr "" "сценарієм <emphasis>never</emphasis>)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1575 +#: sssd-ldap.5.xml:1577 msgid "ldap_rfc2307_fallback_to_local_users (boolean)" msgstr "ldap_rfc2307_fallback_to_local_users (булеве значення)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1578 +#: sssd-ldap.5.xml:1580 msgid "" "Allows to retain local users as members of an LDAP group for servers that " "use the RFC2307 schema." @@ -8833,7 +8862,7 @@ msgstr "" "серверів, у яких використовується схема RFC2307." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1582 +#: sssd-ldap.5.xml:1584 msgid "" "In some environments where the RFC2307 schema is used, local users are made " "members of LDAP groups by adding their names to the memberUid attribute. " @@ -8851,7 +8880,7 @@ msgstr "" "користувачів за допомогою виклику getpw*() або initgroups()." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1593 +#: sssd-ldap.5.xml:1595 msgid "" "This option falls back to checking if local users are referenced, and caches " "them so that later initgroups() calls will augment the local users with the " @@ -8863,12 +8892,12 @@ msgstr "" "групами LDAP." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1605 sssd-ifp.5.xml:152 +#: sssd-ldap.5.xml:1607 sssd-ifp.5.xml:152 msgid "wildcard_limit (integer)" msgstr "wildcard_limit (ціле число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1608 +#: sssd-ldap.5.xml:1610 msgid "" "Specifies an upper limit on the number of entries that are downloaded during " "a wildcard lookup." @@ -8877,24 +8906,24 @@ msgstr "" "пошуку з використанням символів-замінників." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1612 +#: sssd-ldap.5.xml:1614 msgid "At the moment, only the InfoPipe responder supports wildcard lookups." msgstr "" "У поточній версії пошук із використанням символів-замінників передбачено " "лише для відповідача InfoPipe." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1616 +#: sssd-ldap.5.xml:1618 msgid "Default: 1000 (often the size of one page)" msgstr "Типове значення: 1000 (часто розмір однієї сторінки)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1622 +#: sssd-ldap.5.xml:1624 msgid "ldap_library_debug_level (integer)" msgstr "ldap_library_debug_level (ціле число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1625 +#: sssd-ldap.5.xml:1627 msgid "" "Switches on libldap debugging with the given level. The libldap debug " "messages will be written independent of the general debug_level." @@ -8903,7 +8932,7 @@ msgstr "" "libldap буде записано незалежно від загального debug_level." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1630 +#: sssd-ldap.5.xml:1632 msgid "" "OpenLDAP uses a bitmap to enable debugging for specific components, -1 will " "enable full debug output." @@ -8912,12 +8941,12 @@ msgstr "" "компонентів, -1 увімкне повне виведення діагностичних даних." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1635 +#: sssd-ldap.5.xml:1637 msgid "Default: 0 (libldap debugging disabled)" msgstr "Типове значення: 0 (діагностику libldap вимкнено)" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:51 +#: sssd-ldap.5.xml:52 msgid "" "All of the common configuration options that apply to SSSD domains also " "apply to LDAP domains. Refer to the <quote>DOMAIN SECTIONS</quote> section " @@ -8937,12 +8966,12 @@ msgstr "" "id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1645 +#: sssd-ldap.5.xml:1647 msgid "SUDO OPTIONS" msgstr "ПАРАМЕТРИ SUDO" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1647 +#: sssd-ldap.5.xml:1649 msgid "" "The detailed instructions for configuration of sudo_provider are in the " "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " @@ -8953,12 +8982,12 @@ msgstr "" "<manvolnum>5</manvolnum> </citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1658 +#: sssd-ldap.5.xml:1660 msgid "ldap_sudo_full_refresh_interval (integer)" msgstr "ldap_sudo_full_refresh_interval (ціле число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1661 +#: sssd-ldap.5.xml:1663 msgid "" "How many seconds SSSD will wait between executing a full refresh of sudo " "rules (which downloads all rules that are stored on the server)." @@ -8968,7 +8997,7 @@ msgstr "" "набір правил, що зберігаються на сервері." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1666 +#: sssd-ldap.5.xml:1668 msgid "" "The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </" "emphasis>" @@ -8977,7 +9006,7 @@ msgstr "" "<emphasis>ldap_sudo_smart_refresh_interval </emphasis>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1671 +#: sssd-ldap.5.xml:1673 msgid "" "You can disable full refresh by setting this option to 0. However, either " "smart or full refresh must be enabled." @@ -8987,17 +9016,17 @@ msgstr "" "оновлення." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1676 +#: sssd-ldap.5.xml:1678 msgid "Default: 21600 (6 hours)" msgstr "Типове значення: 21600 (6 годин)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1682 +#: sssd-ldap.5.xml:1684 msgid "ldap_sudo_smart_refresh_interval (integer)" msgstr "ldap_sudo_smart_refresh_interval (ціле число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1685 +#: sssd-ldap.5.xml:1687 msgid "" "How many seconds SSSD has to wait before executing a smart refresh of sudo " "rules (which downloads all rules that have USN higher than the highest " @@ -9008,7 +9037,7 @@ msgstr "" "правил, USN яких перевищує найбільше значення сервера USN, яке відоме SSSD." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1691 +#: sssd-ldap.5.xml:1693 msgid "" "If USN attributes are not supported by the server, the modifyTimestamp " "attribute is used instead." @@ -9017,7 +9046,7 @@ msgstr "" "дані атрибута modifyTimestamp." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1695 +#: sssd-ldap.5.xml:1697 msgid "" "<emphasis>Note:</emphasis> the highest USN value can be updated by three " "tasks: 1) By sudo full and smart refresh (if updated rules are found), 2) by " @@ -9033,7 +9062,7 @@ msgstr "" "emphasis>)." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1706 +#: sssd-ldap.5.xml:1708 msgid "" "You can disable smart refresh by setting this option to 0. However, either " "smart or full refresh must be enabled." @@ -9043,12 +9072,12 @@ msgstr "" "оновлення." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1717 +#: sssd-ldap.5.xml:1719 msgid "ldap_sudo_random_offset (integer)" msgstr "ldap_sudo_random_offset (ціле число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1720 +#: sssd-ldap.5.xml:1722 msgid "" "Random offset between 0 and configured value is added to smart and full " "refresh periods each time the periodic task is scheduled. The value is in " @@ -9059,7 +9088,7 @@ msgstr "" "регулярного завдання. Значення у секундах." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1726 +#: sssd-ldap.5.xml:1728 msgid "" "Note that this random offset is also applied on the first SSSD start which " "delays the first sudo rules refresh. This prolongs the time when the sudo " @@ -9070,17 +9099,17 @@ msgstr "" "час, протягом якого правила sudo є недоступними для використання." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1732 +#: sssd-ldap.5.xml:1734 msgid "You can disable this offset by setting the value to 0." msgstr "Ви можете вимкнути цей зсув, встановивши значення 0." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1742 +#: sssd-ldap.5.xml:1744 msgid "ldap_sudo_use_host_filter (boolean)" msgstr "ldap_sudo_use_host_filter (булеве значення)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1745 +#: sssd-ldap.5.xml:1747 msgid "" "If true, SSSD will download only rules that are applicable to this machine " "(using the IPv4 or IPv6 host/network addresses and hostnames)." @@ -9090,12 +9119,12 @@ msgstr "" "назв вузлів)." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1756 +#: sssd-ldap.5.xml:1758 msgid "ldap_sudo_hostnames (string)" msgstr "ldap_sudo_hostnames (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1759 +#: sssd-ldap.5.xml:1761 msgid "" "Space separated list of hostnames or fully qualified domain names that " "should be used to filter the rules." @@ -9104,7 +9133,7 @@ msgstr "" "фільтрування списку правил." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1764 +#: sssd-ldap.5.xml:1766 msgid "" "If this option is empty, SSSD will try to discover the hostname and the " "fully qualified domain name automatically." @@ -9113,8 +9142,8 @@ msgstr "" "назву вузла та повну назву комп’ютера у домені у автоматичному режимі." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1769 sssd-ldap.5.xml:1792 sssd-ldap.5.xml:1810 -#: sssd-ldap.5.xml:1828 +#: sssd-ldap.5.xml:1771 sssd-ldap.5.xml:1794 sssd-ldap.5.xml:1812 +#: sssd-ldap.5.xml:1830 msgid "" "If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</" "emphasis> then this option has no effect." @@ -9123,17 +9152,17 @@ msgstr "" "<emphasis>false</emphasis>, цей параметр ні на що не впливатиме." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1774 sssd-ldap.5.xml:1797 +#: sssd-ldap.5.xml:1776 sssd-ldap.5.xml:1799 msgid "Default: not specified" msgstr "Типове значення: не вказано" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1780 +#: sssd-ldap.5.xml:1782 msgid "ldap_sudo_ip (string)" msgstr "ldap_sudo_ip (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1783 +#: sssd-ldap.5.xml:1785 msgid "" "Space separated list of IPv4 or IPv6 host/network addresses that should be " "used to filter the rules." @@ -9142,7 +9171,7 @@ msgstr "" "правил." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1788 +#: sssd-ldap.5.xml:1790 msgid "" "If this option is empty, SSSD will try to discover the addresses " "automatically." @@ -9151,12 +9180,12 @@ msgstr "" "адресу у автоматичному режимі." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1803 +#: sssd-ldap.5.xml:1805 msgid "ldap_sudo_include_netgroups (boolean)" msgstr "ldap_sudo_include_netgroups (булеве значення)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1806 +#: sssd-ldap.5.xml:1808 msgid "" "If true then SSSD will download every rule that contains a netgroup in " "sudoHost attribute." @@ -9165,12 +9194,12 @@ msgstr "" "мережеву групу (netgroup) у атрибуті sudoHost." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1821 +#: sssd-ldap.5.xml:1823 msgid "ldap_sudo_include_regexp (boolean)" msgstr "ldap_sudo_include_regexp (булеве значення)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1824 +#: sssd-ldap.5.xml:1826 msgid "" "If true then SSSD will download every rule that contains a wildcard in " "sudoHost attribute." @@ -9179,7 +9208,7 @@ msgstr "" "заміни у атрибуті sudoHost." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><note><para> -#: sssd-ldap.5.xml:1834 +#: sssd-ldap.5.xml:1836 msgid "" "Using wildcard is an operation that is very costly to evaluate on the LDAP " "server side!" @@ -9188,7 +9217,7 @@ msgstr "" "для сервера LDAP!" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1846 +#: sssd-ldap.5.xml:1848 msgid "" "This manual page only describes attribute name mapping. For detailed " "explanation of sudo related attribute semantics, see <citerefentry> " @@ -9201,12 +9230,12 @@ msgstr "" "refentrytitle><manvolnum>5</manvolnum> </citerefentry>." #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1856 +#: sssd-ldap.5.xml:1858 msgid "AUTOFS OPTIONS" msgstr "ПАРАМЕТРИ AUTOFS" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1858 +#: sssd-ldap.5.xml:1860 msgid "" "Some of the defaults for the parameters below are dependent on the LDAP " "schema." @@ -9215,47 +9244,47 @@ msgstr "" "LDAP." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1864 +#: sssd-ldap.5.xml:1866 msgid "ldap_autofs_map_master_name (string)" msgstr "ldap_autofs_map_master_name (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1867 +#: sssd-ldap.5.xml:1869 msgid "The name of the automount master map in LDAP." msgstr "Назва основної карти автоматичного монтування у LDAP." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1870 +#: sssd-ldap.5.xml:1872 msgid "Default: auto.master" msgstr "Типове значення: auto.master" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1881 +#: sssd-ldap.5.xml:1883 msgid "ADVANCED OPTIONS" msgstr "ДОДАТКОВІ ПАРАМЕТРИ" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1888 +#: sssd-ldap.5.xml:1890 msgid "ldap_netgroup_search_base (string)" msgstr "ldap_netgroup_search_base (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1893 +#: sssd-ldap.5.xml:1895 msgid "ldap_user_search_base (string)" msgstr "ldap_user_search_base (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1898 +#: sssd-ldap.5.xml:1900 msgid "ldap_group_search_base (string)" msgstr "ldap_group_search_base (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><note> -#: sssd-ldap.5.xml:1903 +#: sssd-ldap.5.xml:1905 msgid "<note>" msgstr "<note>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para> -#: sssd-ldap.5.xml:1905 +#: sssd-ldap.5.xml:1907 msgid "" "If the option <quote>ldap_use_tokengroups</quote> is enabled, the searches " "against Active Directory will not be restricted and return all groups " @@ -9268,22 +9297,22 @@ msgstr "" "груп показуються неправильно." #. type: Content of: <reference><refentry><refsect1><para><variablelist> -#: sssd-ldap.5.xml:1912 +#: sssd-ldap.5.xml:1914 msgid "</note>" msgstr "</note>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1914 +#: sssd-ldap.5.xml:1916 msgid "ldap_sudo_search_base (string)" msgstr "ldap_sudo_search_base (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1919 +#: sssd-ldap.5.xml:1921 msgid "ldap_autofs_search_base (string)" msgstr "ldap_autofs_search_base (рядок)" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1883 +#: sssd-ldap.5.xml:1885 msgid "" "These options are supported by LDAP domains, but they should be used with " "caution. Please include them in your configuration only if you know what you " @@ -9296,14 +9325,14 @@ msgstr "" "<placeholder type=\"variablelist\" id=\"1\"/>" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1934 sssd-simple.5.xml:131 sssd-ipa.5.xml:925 -#: sssd-ad.5.xml:1386 sssd-krb5.5.xml:483 sss_rpcidmapd.5.xml:98 +#: sssd-ldap.5.xml:1936 sssd-simple.5.xml:131 sssd-ipa.5.xml:930 +#: sssd-ad.5.xml:1391 sssd-krb5.5.xml:483 sss_rpcidmapd.5.xml:98 #: sssd-files.5.xml:155 sssd-session-recording.5.xml:176 msgid "EXAMPLE" msgstr "ПРИКЛАД" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1936 +#: sssd-ldap.5.xml:1938 msgid "" "The following example assumes that SSSD is correctly configured and LDAP is " "set to one of the domains in the <replaceable>[domains]</replaceable> " @@ -9314,7 +9343,7 @@ msgstr "" "<replaceable>[domains]</replaceable>." #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ldap.5.xml:1942 +#: sssd-ldap.5.xml:1944 #, no-wrap msgid "" "[domain/LDAP]\n" @@ -9334,20 +9363,20 @@ msgstr "" "cache_credentials = true\n" #. type: Content of: <refsect1><refsect2><para> -#: sssd-ldap.5.xml:1941 sssd-ldap.5.xml:1959 sssd-simple.5.xml:139 -#: sssd-ipa.5.xml:933 sssd-ad.5.xml:1394 sssd-sudo.5.xml:56 sssd-krb5.5.xml:492 +#: sssd-ldap.5.xml:1943 sssd-ldap.5.xml:1961 sssd-simple.5.xml:139 +#: sssd-ipa.5.xml:938 sssd-ad.5.xml:1399 sssd-sudo.5.xml:56 sssd-krb5.5.xml:492 #: sssd-files.5.xml:162 sssd-files.5.xml:173 sssd-session-recording.5.xml:182 #: include/ldap_id_mapping.xml:105 msgid "<placeholder type=\"programlisting\" id=\"0\"/>" msgstr "<placeholder type=\"programlisting\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1953 +#: sssd-ldap.5.xml:1955 msgid "LDAP ACCESS FILTER EXAMPLE" msgstr "ПРИКЛАД ФІЛЬТРА ДОСТУПУ LDAP" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1955 +#: sssd-ldap.5.xml:1957 msgid "" "The following example assumes that SSSD is correctly configured and to use " "the ldap_access_order=lockout." @@ -9356,7 +9385,7 @@ msgstr "" "чином і використано ldap_access_order=lockout." #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ldap.5.xml:1960 +#: sssd-ldap.5.xml:1962 #, no-wrap msgid "" "[domain/LDAP]\n" @@ -9382,13 +9411,13 @@ msgstr "" "cache_credentials = true\n" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1975 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148 -#: sssd-ad.5.xml:1409 sssd.8.xml:238 sss_seed.8.xml:163 +#: sssd-ldap.5.xml:1977 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148 +#: sssd-ad.5.xml:1414 sssd.8.xml:238 sss_seed.8.xml:163 msgid "NOTES" msgstr "ЗАУВАЖЕННЯ" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1977 +#: sssd-ldap.5.xml:1979 msgid "" "The descriptions of some of the configuration options in this manual page " "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> " @@ -12339,12 +12368,12 @@ msgid "Example: dyndns_iface = em1, vnet1, vnet2" msgstr "Приклад: dyndns_iface = em1, vnet1, vnet2" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:204 sssd-ad.5.xml:1285 +#: sssd-ipa.5.xml:204 sssd-ad.5.xml:1290 msgid "dyndns_auth (string)" msgstr "dyndns_auth (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:207 sssd-ad.5.xml:1288 +#: sssd-ipa.5.xml:207 sssd-ad.5.xml:1293 msgid "" "Whether the nsupdate utility should use GSS-TSIG authentication for secure " "updates with the DNS server, insecure updates can be sent by setting this " @@ -12355,17 +12384,17 @@ msgstr "" "можна надсилати встановленням для цього параметра значення «none»." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:213 sssd-ad.5.xml:1294 +#: sssd-ipa.5.xml:213 sssd-ad.5.xml:1299 msgid "Default: GSS-TSIG" msgstr "Типове значення: GSS-TSIG" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:219 sssd-ad.5.xml:1300 +#: sssd-ipa.5.xml:219 sssd-ad.5.xml:1305 msgid "dyndns_auth_ptr (string)" msgstr "dyndns_auth_ptr (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:222 sssd-ad.5.xml:1303 +#: sssd-ipa.5.xml:222 sssd-ad.5.xml:1308 msgid "" "Whether the nsupdate utility should use GSS-TSIG authentication for secure " "PTR updates with the DNS server, insecure updates can be sent by setting " @@ -12376,7 +12405,7 @@ msgstr "" "оновлення можна надсилати встановленням для цього параметра значення «none»." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:228 sssd-ad.5.xml:1309 +#: sssd-ipa.5.xml:228 sssd-ad.5.xml:1314 msgid "Default: Same as dyndns_auth" msgstr "Типове значення: те саме, що і dyndns_auth" @@ -12452,17 +12481,24 @@ msgstr "" "переспрямовування." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:290 +#: sssd-ipa.5.xml:290 sssd-ad.5.xml:1266 +msgid "" +"Note that <emphasis>dyndns_update_per_family</emphasis> parameter does not " +"apply for PTR record updates. Those updates are always sent separately." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:295 msgid "Default: False (disabled)" msgstr "Типове значення: False (вимкнено)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:296 sssd-ad.5.xml:1272 +#: sssd-ipa.5.xml:301 sssd-ad.5.xml:1277 msgid "dyndns_force_tcp (bool)" msgstr "dyndns_force_tcp (булеве значення)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:299 sssd-ad.5.xml:1275 +#: sssd-ipa.5.xml:304 sssd-ad.5.xml:1280 msgid "" "Whether the nsupdate utility should default to using TCP for communicating " "with the DNS server." @@ -12471,17 +12507,17 @@ msgstr "" "даними з сервером DNS." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:303 sssd-ad.5.xml:1279 +#: sssd-ipa.5.xml:308 sssd-ad.5.xml:1284 msgid "Default: False (let nsupdate choose the protocol)" msgstr "Типове значення: False (надати змогу nsupdate вибирати протокол)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:309 sssd-ad.5.xml:1315 +#: sssd-ipa.5.xml:314 sssd-ad.5.xml:1320 msgid "dyndns_server (string)" msgstr "dyndns_server (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:312 sssd-ad.5.xml:1318 +#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1323 msgid "" "The DNS server to use when performing a DNS update. In most setups, it's " "recommended to leave this option unset." @@ -12491,7 +12527,7 @@ msgstr "" "параметра." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1323 +#: sssd-ipa.5.xml:322 sssd-ad.5.xml:1328 msgid "" "Setting this option makes sense for environments where the DNS server is " "different from the identity server." @@ -12500,7 +12536,7 @@ msgstr "" "DNS відрізняється від сервера профілів." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:322 sssd-ad.5.xml:1328 +#: sssd-ipa.5.xml:327 sssd-ad.5.xml:1333 msgid "" "Please note that this option will be only used in fallback attempt when " "previous attempt using autodetected settings failed." @@ -12510,17 +12546,17 @@ msgstr "" "невдало." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:327 sssd-ad.5.xml:1333 +#: sssd-ipa.5.xml:332 sssd-ad.5.xml:1338 msgid "Default: None (let nsupdate choose the server)" msgstr "Типове значення: немає (надати nsupdate змогу вибирати сервер)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:333 sssd-ad.5.xml:1339 +#: sssd-ipa.5.xml:338 sssd-ad.5.xml:1344 msgid "dyndns_update_per_family (boolean)" msgstr "dyndns_update_per_family (булеве значення)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:336 sssd-ad.5.xml:1342 +#: sssd-ipa.5.xml:341 sssd-ad.5.xml:1347 msgid "" "DNS update is by default performed in two steps - IPv4 update and then IPv6 " "update. In some cases it might be desirable to perform IPv4 and IPv6 update " @@ -12530,14 +12566,14 @@ msgstr "" "оновлення IPv6. Іноді бажаним є виконання оновлення IPv4 і IPv6 за один крок." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:348 +#: sssd-ipa.5.xml:353 #, fuzzy #| msgid "ldap_access_order (string)" msgid "ipa_access_order (string)" msgstr "ldap_access_order (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:355 +#: sssd-ipa.5.xml:360 #, fuzzy #| msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" msgid "<emphasis>expire</emphasis>: use IPA's account expiration policy." @@ -12545,7 +12581,7 @@ msgstr "" "<emphasis>expire</emphasis>: використовувати ldap_account_expire_policy" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:394 +#: sssd-ipa.5.xml:399 #, fuzzy #| msgid "" #| "Please note that 'access_provider = ldap' must be set for this feature to " @@ -12560,12 +12596,12 @@ msgstr "" "параметра «ldap_pwd_policy» відповідні правила поводження із паролями." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:401 +#: sssd-ipa.5.xml:406 msgid "ipa_deskprofile_search_base (string)" msgstr "ipa_deskprofile_search_base (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:404 +#: sssd-ipa.5.xml:409 msgid "" "Optional. Use the given string as search base for Desktop Profile related " "objects." @@ -12574,17 +12610,17 @@ msgstr "" "профілями станції (Desktop Profile) об’єктів." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:408 sssd-ipa.5.xml:435 +#: sssd-ipa.5.xml:413 sssd-ipa.5.xml:440 msgid "Default: Use base DN" msgstr "Типове значення: використання базової назви домену" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:414 +#: sssd-ipa.5.xml:419 msgid "ipa_subid_ranges_search_base (string)" msgstr "ipa_subid_ranges_search_base (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:417 +#: sssd-ipa.5.xml:422 msgid "" "Optional. Use the given string as search base for subordinate ranges related " "objects." @@ -12593,98 +12629,98 @@ msgstr "" "підлеглими діапазонами об’єктів." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:421 +#: sssd-ipa.5.xml:426 msgid "Default: the value of <emphasis>cn=subids,%basedn</emphasis>" msgstr "Типове значення: значення <emphasis>cn=subids,%basedn</emphasis>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:428 +#: sssd-ipa.5.xml:433 msgid "ipa_hbac_search_base (string)" msgstr "ipa_hbac_search_base (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:431 +#: sssd-ipa.5.xml:436 msgid "Optional. Use the given string as search base for HBAC related objects." msgstr "" "Необов’язковий. Використати вказаний рядок як основу пошуку пов’язаних з " "HBAC об’єктів." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:441 +#: sssd-ipa.5.xml:446 msgid "ipa_host_search_base (string)" msgstr "ipa_host_search_base (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:444 +#: sssd-ipa.5.xml:449 msgid "Deprecated. Use ldap_host_search_base instead." msgstr "Застарілий. Скористайтеся замість нього ldap_host_search_base." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:450 +#: sssd-ipa.5.xml:455 msgid "ipa_selinux_search_base (string)" msgstr "ipa_selinux_search_base (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:453 +#: sssd-ipa.5.xml:458 msgid "Optional. Use the given string as search base for SELinux user maps." msgstr "" "Необов’язковий. Використати вказаний рядок як основу пошуку карт " "користувачів SELinux." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:469 +#: sssd-ipa.5.xml:474 msgid "ipa_subdomains_search_base (string)" msgstr "ipa_subdomains_search_base (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:472 +#: sssd-ipa.5.xml:477 msgid "Optional. Use the given string as search base for trusted domains." msgstr "" "Необов’язковий. Використати вказаний рядок як основу пошуку надійних доменів." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:481 +#: sssd-ipa.5.xml:486 msgid "Default: the value of <emphasis>cn=trusts,%basedn</emphasis>" msgstr "Типове значення: значення <emphasis>cn=trusts,%basedn</emphasis>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:488 +#: sssd-ipa.5.xml:493 msgid "ipa_master_domain_search_base (string)" msgstr "ipa_master_domain_search_base (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:491 +#: sssd-ipa.5.xml:496 msgid "Optional. Use the given string as search base for master domain object." msgstr "" "Необов’язковий. Використати вказаний рядок як основу пошуку основного " "об’єкта домену." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:500 +#: sssd-ipa.5.xml:505 msgid "Default: the value of <emphasis>cn=ad,cn=etc,%basedn</emphasis>" msgstr "" "Типове значення: значення виразу <emphasis>cn=ad,cn=etc,%basedn</emphasis>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:507 +#: sssd-ipa.5.xml:512 msgid "ipa_views_search_base (string)" msgstr "ipa_views_search_base (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:510 +#: sssd-ipa.5.xml:515 msgid "Optional. Use the given string as search base for views containers." msgstr "" "Необов’язковий. Використати вказаний рядок як основу пошуку контейнерів " "перегляду." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:519 +#: sssd-ipa.5.xml:524 msgid "Default: the value of <emphasis>cn=views,cn=accounts,%basedn</emphasis>" msgstr "" "Типове значення: значення <emphasis>cn=views,cn=accounts,%basedn</emphasis>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:529 +#: sssd-ipa.5.xml:534 msgid "" "The name of the Kerberos realm. This is optional and defaults to the value " "of <quote>ipa_domain</quote>." @@ -12693,7 +12729,7 @@ msgstr "" "«ipa_domain»." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:533 +#: sssd-ipa.5.xml:538 msgid "" "The name of the Kerberos realm has a special meaning in IPA - it is " "converted into the base DN to use for performing LDAP operations." @@ -12702,12 +12738,12 @@ msgstr "" "перетворено у основний DN для виконання дій LDAP." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:541 sssd-ad.5.xml:1357 +#: sssd-ipa.5.xml:546 sssd-ad.5.xml:1362 msgid "krb5_confd_path (string)" msgstr "krb5_confd_path (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:544 sssd-ad.5.xml:1360 +#: sssd-ipa.5.xml:549 sssd-ad.5.xml:1365 msgid "" "Absolute path of a directory where SSSD should place Kerberos configuration " "snippets." @@ -12716,7 +12752,7 @@ msgstr "" "налаштувань Kerberos." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:548 sssd-ad.5.xml:1364 +#: sssd-ipa.5.xml:553 sssd-ad.5.xml:1369 msgid "" "To disable the creation of the configuration snippets set the parameter to " "'none'." @@ -12725,7 +12761,7 @@ msgstr "" "значення «none»." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:552 sssd-ad.5.xml:1368 +#: sssd-ipa.5.xml:557 sssd-ad.5.xml:1373 msgid "" "Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)" msgstr "" @@ -12733,12 +12769,12 @@ msgstr "" "SSSD)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:559 +#: sssd-ipa.5.xml:564 msgid "ipa_deskprofile_refresh (integer)" msgstr "ipa_deskprofile_refresh (ціле число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:562 +#: sssd-ipa.5.xml:567 msgid "" "The amount of time between lookups of the Desktop Profile rules against the " "IPA server. This will reduce the latency and load on the IPA server if there " @@ -12750,17 +12786,17 @@ msgstr "" "щодо профілів станції." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:569 sssd-ipa.5.xml:599 sssd-ipa.5.xml:615 sssd-ad.5.xml:599 +#: sssd-ipa.5.xml:574 sssd-ipa.5.xml:604 sssd-ipa.5.xml:620 sssd-ad.5.xml:599 msgid "Default: 5 (seconds)" msgstr "Типове значення: 5 (секунд)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:575 +#: sssd-ipa.5.xml:580 msgid "ipa_deskprofile_request_interval (integer)" msgstr "ipa_deskprofile_request_interval (ціле число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:578 +#: sssd-ipa.5.xml:583 msgid "" "The amount of time between lookups of the Desktop Profile rules against the " "IPA server in case the last request did not return any rule." @@ -12769,17 +12805,17 @@ msgstr "" "останнім запитом не повернуто жодного правила." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:583 +#: sssd-ipa.5.xml:588 msgid "Default: 60 (minutes)" msgstr "Типове значення: 60 (хвилин)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:589 +#: sssd-ipa.5.xml:594 msgid "ipa_hbac_refresh (integer)" msgstr "ipa_hbac_refresh (ціле число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:592 +#: sssd-ipa.5.xml:597 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server. " "This will reduce the latency and load on the IPA server if there are many " @@ -12790,12 +12826,12 @@ msgstr "" "короткого періоду часу надходить багато запитів щодо керування доступом." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:605 +#: sssd-ipa.5.xml:610 msgid "ipa_hbac_selinux (integer)" msgstr "ipa_hbac_selinux (ціле число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:608 +#: sssd-ipa.5.xml:613 msgid "" "The amount of time between lookups of the SELinux maps against the IPA " "server. This will reduce the latency and load on the IPA server if there are " @@ -12807,12 +12843,12 @@ msgstr "" "користувача до системи." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:621 +#: sssd-ipa.5.xml:626 msgid "ipa_server_mode (boolean)" msgstr "ipa_server_mode (булеве значення)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:624 +#: sssd-ipa.5.xml:629 msgid "" "This option will be set by the IPA installer (ipa-server-install) " "automatically and denotes if SSSD is running on an IPA server or not." @@ -12821,7 +12857,7 @@ msgstr "" "автоматично, він визначає, чи запущено SSSD на сервері IPA." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:629 +#: sssd-ipa.5.xml:634 msgid "" "On an IPA server SSSD will lookup users and groups from trusted domains " "directly while on a client it will ask an IPA server." @@ -12830,7 +12866,7 @@ msgstr "" "безпосередньо, хоча на клієнті SSSD надсилатиме запит на сервер IPA." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:634 +#: sssd-ipa.5.xml:639 msgid "" "NOTE: There are currently some assumptions that must be met when SSSD is " "running on an IPA server." @@ -12839,7 +12875,7 @@ msgstr "" "працює на сервері IPA." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:639 +#: sssd-ipa.5.xml:644 msgid "" "The <quote>ipa_server</quote> option must be configured to point to the IPA " "server itself. This is already the default set by the IPA installer, so no " @@ -12850,7 +12886,7 @@ msgstr "" "зміни вручну є зайвими." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:648 +#: sssd-ipa.5.xml:653 msgid "" "The <quote>full_name_format</quote> option must not be tweaked to only print " "short names for users from trusted domains." @@ -12859,53 +12895,53 @@ msgstr "" "того, щоб лише виводити короткі імена користувачів з довірених доменів." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:663 +#: sssd-ipa.5.xml:668 msgid "ipa_automount_location (string)" msgstr "ipa_automount_location (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:666 +#: sssd-ipa.5.xml:671 msgid "The automounter location this IPA client will be using" msgstr "" "Адреса автоматичного монтування, яку буде використовувати цей клієнт IPA" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:669 +#: sssd-ipa.5.xml:674 msgid "Default: The location named \"default\"" msgstr "Типове значення: адреса з назвою \"default\"" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd-ipa.5.xml:677 +#: sssd-ipa.5.xml:682 msgid "VIEWS AND OVERRIDES" msgstr "ПЕРЕГЛЯДИ і ПЕРЕВИЗНАЧЕННЯ" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:686 +#: sssd-ipa.5.xml:691 msgid "ipa_view_class (string)" msgstr "ipa_view_class (рядок)" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:689 +#: sssd-ipa.5.xml:694 msgid "Objectclass of the view container." msgstr "Клас об’єктів для контейнерів перегляду." #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:692 +#: sssd-ipa.5.xml:697 msgid "Default: nsContainer" msgstr "Типове значення: nsContainer" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:698 +#: sssd-ipa.5.xml:703 msgid "ipa_view_name (string)" msgstr "ipa_view_name (рядок)" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:701 +#: sssd-ipa.5.xml:706 msgid "Name of the attribute holding the name of the view." msgstr "Назва атрибута, у якому зберігається назва перегляду." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:705 sssd-ldap-attributes.5.xml:496 +#: sssd-ipa.5.xml:710 sssd-ldap-attributes.5.xml:496 #: sssd-ldap-attributes.5.xml:830 sssd-ldap-attributes.5.xml:911 #: sssd-ldap-attributes.5.xml:1008 sssd-ldap-attributes.5.xml:1066 #: sssd-ldap-attributes.5.xml:1224 sssd-ldap-attributes.5.xml:1269 @@ -12913,27 +12949,27 @@ msgid "Default: cn" msgstr "Типове значення: cn" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:711 +#: sssd-ipa.5.xml:716 msgid "ipa_override_object_class (string)" msgstr "ipa_override_object_class (рядок)" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:714 +#: sssd-ipa.5.xml:719 msgid "Objectclass of the override objects." msgstr "Клас об’єктів для об’єктів перевизначення" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:717 +#: sssd-ipa.5.xml:722 msgid "Default: ipaOverrideAnchor" msgstr "Типове значення: ipaOverrideAnchor" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:723 +#: sssd-ipa.5.xml:728 msgid "ipa_anchor_uuid (string)" msgstr "ipa_anchor_uuid (рядок)" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:726 +#: sssd-ipa.5.xml:731 msgid "" "Name of the attribute containing the reference to the original object in a " "remote domain." @@ -12942,17 +12978,17 @@ msgstr "" "віддаленому домені." #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:730 +#: sssd-ipa.5.xml:735 msgid "Default: ipaAnchorUUID" msgstr "Типове значення: ipaAnchorUUID" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:736 +#: sssd-ipa.5.xml:741 msgid "ipa_user_override_object_class (string)" msgstr "ipa_user_override_object_class (рядок)" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:739 +#: sssd-ipa.5.xml:744 msgid "" "Name of the objectclass for user overrides. It is used to determine if the " "found override object is related to a user or a group." @@ -12962,57 +12998,57 @@ msgstr "" "або групою." #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:744 +#: sssd-ipa.5.xml:749 msgid "User overrides can contain attributes given by" msgstr "Перевизначення користувачів можуть містити атрибути, задані" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:747 +#: sssd-ipa.5.xml:752 msgid "ldap_user_name" msgstr "ldap_user_name" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:750 +#: sssd-ipa.5.xml:755 msgid "ldap_user_uid_number" msgstr "ldap_user_uid_number" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:753 +#: sssd-ipa.5.xml:758 msgid "ldap_user_gid_number" msgstr "ldap_user_gid_number" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:756 +#: sssd-ipa.5.xml:761 msgid "ldap_user_gecos" msgstr "ldap_user_gecos" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:759 +#: sssd-ipa.5.xml:764 msgid "ldap_user_home_directory" msgstr "ldap_user_home_directory" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:762 +#: sssd-ipa.5.xml:767 msgid "ldap_user_shell" msgstr "ldap_user_shell" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:765 +#: sssd-ipa.5.xml:770 msgid "ldap_user_ssh_public_key" msgstr "ldap_user_ssh_public_key" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:770 +#: sssd-ipa.5.xml:775 msgid "Default: ipaUserOverride" msgstr "Типове значення: ipaUserOverride" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:776 +#: sssd-ipa.5.xml:781 msgid "ipa_group_override_object_class (string)" msgstr "ipa_group_override_object_class (рядок)" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:779 +#: sssd-ipa.5.xml:784 msgid "" "Name of the objectclass for group overrides. It is used to determine if the " "found override object is related to a user or a group." @@ -13021,27 +13057,27 @@ msgstr "" "того, чи знайдений об’єкт перевизначення пов’язано з користувачем або групою." #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:784 +#: sssd-ipa.5.xml:789 msgid "Group overrides can contain attributes given by" msgstr "Перевизначення груп можуть містити атрибути, задані" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:787 +#: sssd-ipa.5.xml:792 msgid "ldap_group_name" msgstr "ldap_group_name" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:790 +#: sssd-ipa.5.xml:795 msgid "ldap_group_gid_number" msgstr "ldap_group_gid_number" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:795 +#: sssd-ipa.5.xml:800 msgid "Default: ipaGroupOverride" msgstr "Типове значення: ipaGroupOverride" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd-ipa.5.xml:679 +#: sssd-ipa.5.xml:684 msgid "" "SSSD can handle views and overrides which are offered by FreeIPA 4.1 and " "later version. Since all paths and objectclasses are fixed on the server " @@ -13056,12 +13092,12 @@ msgstr "" "значеннями. <placeholder type=\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ipa.5.xml:807 +#: sssd-ipa.5.xml:812 msgid "SUBDOMAINS PROVIDER" msgstr "СЛУЖБА ПІДДОМЕНІВ" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:809 +#: sssd-ipa.5.xml:814 msgid "" "The IPA subdomains provider behaves slightly differently if it is configured " "explicitly or implicitly." @@ -13070,7 +13106,7 @@ msgstr "" "спосіб його налаштовано: явний чи неявний." #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:813 +#: sssd-ipa.5.xml:818 msgid "" "If the option 'subdomains_provider = ipa' is found in the domain section of " "sssd.conf, the IPA subdomains provider is configured explicitly, and all " @@ -13082,7 +13118,7 @@ msgstr "" "якщо це потрібно." #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:819 +#: sssd-ipa.5.xml:824 msgid "" "If the option 'subdomains_provider' is not set in the domain section of sssd." "conf but there is the option 'id_provider = ipa', the IPA subdomains " @@ -13102,12 +13138,12 @@ msgstr "" "даних піддоменів буде знову увімкнено." #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ipa.5.xml:830 +#: sssd-ipa.5.xml:835 msgid "TRUSTED DOMAINS CONFIGURATION" msgstr "НАЛАШТОВУВАННЯ ДОВІРЕНИХ ДОМЕНІВ" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ipa.5.xml:838 +#: sssd-ipa.5.xml:843 #, no-wrap msgid "" "[domain/ipa.domain.com/ad.domain.com]\n" @@ -13117,7 +13153,7 @@ msgstr "" "ad_server = dc.ad.domain.com\n" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:832 +#: sssd-ipa.5.xml:837 msgid "" "Some configuration options can also be set for a trusted domain. A trusted " "domain configuration can be set using the trusted domain subsection as shown " @@ -13132,7 +13168,7 @@ msgstr "" "батьківському домені. <placeholder type=\"programlisting\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:843 +#: sssd-ipa.5.xml:848 msgid "" "For more details, see the <citerefentry> <refentrytitle>sssd.conf</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page." @@ -13142,7 +13178,7 @@ msgstr "" "manvolnum> </citerefentry>." #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:850 +#: sssd-ipa.5.xml:855 msgid "" "Different configuration options are tunable for a trusted domain depending " "on whether you are configuring SSSD on an IPA server or an IPA client." @@ -13151,60 +13187,60 @@ msgstr "" "як ви налаштували SSSD на сервері IPA або клієнт IPA." #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd-ipa.5.xml:855 +#: sssd-ipa.5.xml:860 msgid "OPTIONS TUNABLE ON IPA MASTERS" msgstr "ПАРАМЕТРИ, ЯКІ МОЖНА НАЛАШТУВАТИ НА ОСНОВНИХ СЕРВЕРАХ IPA" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd-ipa.5.xml:857 +#: sssd-ipa.5.xml:862 msgid "" "The following options can be set in a subdomain section on an IPA master:" msgstr "" "У розділі піддомену на основному сервері IPA можна вказати такі параметри:" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:861 sssd-ipa.5.xml:891 +#: sssd-ipa.5.xml:866 sssd-ipa.5.xml:896 msgid "ad_server" msgstr "ad_server" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:864 +#: sssd-ipa.5.xml:869 msgid "ad_backup_server" msgstr "ad_backup_server" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:867 sssd-ipa.5.xml:894 +#: sssd-ipa.5.xml:872 sssd-ipa.5.xml:899 msgid "ad_site" msgstr "ad_site" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:870 +#: sssd-ipa.5.xml:875 msgid "ldap_search_base" msgstr "ldap_search_base" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:873 +#: sssd-ipa.5.xml:878 msgid "ldap_user_search_base" msgstr "ldap_user_search_base" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:876 +#: sssd-ipa.5.xml:881 msgid "ldap_group_search_base" msgstr "ldap_group_search_base" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd-ipa.5.xml:885 +#: sssd-ipa.5.xml:890 msgid "OPTIONS TUNABLE ON IPA CLIENTS" msgstr "ПАРАМЕТРИ, ЯКІ МОЖНА НАЛАШТУВАТИ НА КЛІЄНТАХ IPA" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd-ipa.5.xml:887 +#: sssd-ipa.5.xml:892 msgid "" "The following options can be set in a subdomain section on an IPA client:" msgstr "У розділі піддомену на клієнті IPA можна вказати такі параметри:" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd-ipa.5.xml:899 +#: sssd-ipa.5.xml:904 msgid "" "Note that if both options are set, only <quote>ad_server</quote> is " "evaluated." @@ -13213,7 +13249,7 @@ msgstr "" "<quote>ad_server</quote>." #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd-ipa.5.xml:903 +#: sssd-ipa.5.xml:908 msgid "" "Since any request for a user or a group identity from a trusted domain " "triggered from an IPA client is resolved by the IPA server, the " @@ -13236,7 +13272,7 @@ msgstr "" "manvolnum> </citerefentry>, щоб дізнатися більше про додаток пошуку Kerberos." #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:927 +#: sssd-ipa.5.xml:932 msgid "" "The following example assumes that SSSD is correctly configured and example." "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " @@ -13248,7 +13284,7 @@ msgstr "" "ipa." #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ipa.5.xml:934 +#: sssd-ipa.5.xml:939 #, no-wrap msgid "" "[domain/example.com]\n" @@ -14894,7 +14930,7 @@ msgstr "" "значення." #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ad.5.xml:1388 +#: sssd-ad.5.xml:1393 msgid "" "The following example assumes that SSSD is correctly configured and example." "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " @@ -14905,7 +14941,7 @@ msgstr "" "У прикладі продемонстровано лише параметри доступу, специфічні для засобу AD." #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ad.5.xml:1395 +#: sssd-ad.5.xml:1400 #, no-wrap msgid "" "[domain/EXAMPLE]\n" @@ -14929,7 +14965,7 @@ msgstr "" "ad_domain = example.com\n" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ad.5.xml:1415 +#: sssd-ad.5.xml:1420 #, no-wrap msgid "" "access_provider = ldap\n" @@ -14941,7 +14977,7 @@ msgstr "" "ldap_account_expire_policy = ad\n" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ad.5.xml:1411 +#: sssd-ad.5.xml:1416 msgid "" "The AD access control provider checks if the account is expired. It has the " "same effect as the following configuration of the LDAP provider: " @@ -14953,7 +14989,7 @@ msgstr "" "id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ad.5.xml:1421 +#: sssd-ad.5.xml:1426 msgid "" "However, unless the <quote>ad</quote> access control provider is explicitly " "configured, the default access provider is <quote>permit</quote>. Please " @@ -14968,7 +15004,7 @@ msgstr "" "шифрування) вручну." #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ad.5.xml:1429 +#: sssd-ad.5.xml:1434 msgid "" "When the autofs provider is set to <quote>ad</quote>, the RFC2307 schema " "attribute mapping (nisMap, nisObject, ...) is used, because these attributes " @@ -23158,6 +23194,15 @@ msgstr "" "Визначає, чи слід перетворювати реєстраційний запис вузла і користувача у " "канонічну форму. Цю можливість передбачено з версії MIT Kerberos 1.7." +#, fuzzy +#~| msgid "" +#~| "Determines if user credentials are also cached in the local LDB cache" +#~ msgid "" +#~ "Determines if user credentials are also cached in the local LDB cache." +#~ msgstr "" +#~ "Визначає, чи слід також кешувати реєстраційні дані користувача у " +#~ "локальному кеші LDB" + #~ msgid "User credentials are stored in a SHA512 hash, not in plaintext" #~ msgstr "" #~ "Реєстраційні дані користувача зберігаються у форматі хешу SHA512, а не у " diff --git a/src/man/po/zh_CN.po b/src/man/po/zh_CN.po index c6bf97afb57..e5cecb1c6ac 100644 --- a/src/man/po/zh_CN.po +++ b/src/man/po/zh_CN.po @@ -9,7 +9,7 @@ msgid "" msgstr "" "Project-Id-Version: sssd-docs 2.3.0\n" "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" -"POT-Creation-Date: 2023-09-07 11:47+0200\n" +"POT-Creation-Date: 2023-11-13 11:53+0100\n" "PO-Revision-Date: 2020-07-22 07:51-0400\n" "Last-Translator: Copied by Zanata <copied-by-zanata@zanata.org>\n" "Language-Team: Chinese (China) (http://www.transifex.com/projects/p/sssd/" @@ -207,10 +207,10 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:136 sssd.conf.5.xml:173 sssd.conf.5.xml:358 #: sssd.conf.5.xml:714 sssd.conf.5.xml:729 sssd.conf.5.xml:952 -#: sssd.conf.5.xml:1070 sssd.conf.5.xml:2198 sssd-ldap.5.xml:1071 -#: sssd-ldap.5.xml:1174 sssd-ldap.5.xml:1243 sssd-ldap.5.xml:1750 -#: sssd-ldap.5.xml:1815 sssd-ipa.5.xml:342 sssd-ad.5.xml:252 sssd-ad.5.xml:366 -#: sssd-ad.5.xml:1200 sssd-ad.5.xml:1348 sssd-krb5.5.xml:358 +#: sssd.conf.5.xml:1070 sssd.conf.5.xml:2198 sssd-ldap.5.xml:1073 +#: sssd-ldap.5.xml:1176 sssd-ldap.5.xml:1245 sssd-ldap.5.xml:1752 +#: sssd-ldap.5.xml:1817 sssd-ipa.5.xml:347 sssd-ad.5.xml:252 sssd-ad.5.xml:366 +#: sssd-ad.5.xml:1200 sssd-ad.5.xml:1353 sssd-krb5.5.xml:358 msgid "Default: true" msgstr "" @@ -228,10 +228,10 @@ msgstr "" #. type: Content of: <variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:149 sssd.conf.5.xml:652 sssd.conf.5.xml:949 -#: sssd.conf.5.xml:2101 sssd.conf.5.xml:2168 sssd.conf.5.xml:4174 -#: sssd-ldap.5.xml:312 sssd-ldap.5.xml:917 sssd-ldap.5.xml:936 -#: sssd-ldap.5.xml:1146 sssd-ldap.5.xml:1599 sssd-ldap.5.xml:1839 -#: sssd-ipa.5.xml:152 sssd-ipa.5.xml:254 sssd-ipa.5.xml:657 sssd-ad.5.xml:1106 +#: sssd.conf.5.xml:2101 sssd.conf.5.xml:2168 sssd.conf.5.xml:4191 +#: sssd-ldap.5.xml:313 sssd-ldap.5.xml:919 sssd-ldap.5.xml:938 +#: sssd-ldap.5.xml:1148 sssd-ldap.5.xml:1601 sssd-ldap.5.xml:1841 +#: sssd-ipa.5.xml:152 sssd-ipa.5.xml:254 sssd-ipa.5.xml:662 sssd-ad.5.xml:1106 #: sssd-krb5.5.xml:268 sssd-krb5.5.xml:330 sssd-krb5.5.xml:432 #: include/krb5_options.xml:163 msgid "Default: false" @@ -265,8 +265,8 @@ msgid "" msgstr "" #. type: Content of: outside any tag (error?) -#: sssd.conf.5.xml:109 sssd.conf.5.xml:184 sssd-ldap.5.xml:1656 -#: sssd-ldap.5.xml:1862 sss-certmap.5.xml:645 sssd-systemtap.5.xml:82 +#: sssd.conf.5.xml:109 sssd.conf.5.xml:184 sssd-ldap.5.xml:1658 +#: sssd-ldap.5.xml:1864 sss-certmap.5.xml:645 sssd-systemtap.5.xml:82 #: sssd-systemtap.5.xml:143 sssd-systemtap.5.xml:236 sssd-systemtap.5.xml:274 #: sssd-systemtap.5.xml:330 sssd-ldap-attributes.5.xml:40 #: sssd-ldap-attributes.5.xml:659 sssd-ldap-attributes.5.xml:801 @@ -297,7 +297,7 @@ msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:196 sssd.conf.5.xml:1290 sssd.conf.5.xml:1767 -#: sssd.conf.5.xml:4190 sssd-ldap.5.xml:765 include/ldap_id_mapping.xml:270 +#: sssd.conf.5.xml:4207 sssd-ldap.5.xml:766 include/ldap_id_mapping.xml:270 msgid "Default: 10" msgstr "" @@ -373,7 +373,7 @@ msgid "" msgstr "" #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:266 sssd.conf.5.xml:792 sssd.conf.5.xml:3709 +#: sssd.conf.5.xml:266 sssd.conf.5.xml:792 sssd.conf.5.xml:3716 #: include/failover.xml:100 msgid "Default: 3" msgstr "默认: 3" @@ -395,7 +395,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:287 sssd.conf.5.xml:3541 +#: sssd.conf.5.xml:287 sssd.conf.5.xml:3548 msgid "re_expression (string)" msgstr "" @@ -415,12 +415,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:304 sssd.conf.5.xml:3598 +#: sssd.conf.5.xml:304 sssd.conf.5.xml:3605 msgid "full_name_format (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:307 sssd.conf.5.xml:3601 +#: sssd.conf.5.xml:307 sssd.conf.5.xml:3608 msgid "" "A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</" "manvolnum> </citerefentry>-compatible format that describes how to compose a " @@ -428,39 +428,39 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:318 sssd.conf.5.xml:3612 +#: sssd.conf.5.xml:318 sssd.conf.5.xml:3619 msgid "%1$s" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:319 sssd.conf.5.xml:3613 +#: sssd.conf.5.xml:319 sssd.conf.5.xml:3620 msgid "user name" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:322 sssd.conf.5.xml:3616 +#: sssd.conf.5.xml:322 sssd.conf.5.xml:3623 msgid "%2$s" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:325 sssd.conf.5.xml:3619 +#: sssd.conf.5.xml:325 sssd.conf.5.xml:3626 msgid "domain name as specified in the SSSD config file." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:331 sssd.conf.5.xml:3625 +#: sssd.conf.5.xml:331 sssd.conf.5.xml:3632 msgid "%3$s" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:334 sssd.conf.5.xml:3628 +#: sssd.conf.5.xml:334 sssd.conf.5.xml:3635 msgid "" "domain flat name. Mostly usable for Active Directory domains, both directly " "configured or discovered via IPA trusts." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:315 sssd.conf.5.xml:3609 +#: sssd.conf.5.xml:315 sssd.conf.5.xml:3616 msgid "" "The following expansions are supported: <placeholder type=\"variablelist\" " "id=\"0\"/>" @@ -603,8 +603,8 @@ msgid "" msgstr "" #. type: Content of: <variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:468 sssd-ldap.5.xml:876 sssd-ldap.5.xml:888 -#: sssd-ldap.5.xml:980 sssd-ad.5.xml:920 sssd-ad.5.xml:995 sssd-krb5.5.xml:468 +#: sssd.conf.5.xml:468 sssd-ldap.5.xml:877 sssd-ldap.5.xml:889 +#: sssd-ldap.5.xml:982 sssd-ad.5.xml:920 sssd-ad.5.xml:995 sssd-krb5.5.xml:468 #: sssd-ldap-attributes.5.xml:470 sssd-ldap-attributes.5.xml:976 #: include/ldap_id_mapping.xml:211 include/ldap_id_mapping.xml:222 #: include/krb5_options.xml:148 @@ -874,7 +874,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:700 sssd.conf.5.xml:1791 sssd.conf.5.xml:4240 +#: sssd.conf.5.xml:700 sssd.conf.5.xml:1791 sssd.conf.5.xml:4257 #: sssd-ad.5.xml:187 sssd-ad.5.xml:327 sssd-ad.5.xml:341 msgid "Default: Not set" msgstr "" @@ -1055,7 +1055,7 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:858 sssd.conf.5.xml:1201 sssd.conf.5.xml:1584 -#: sssd.conf.5.xml:1880 sssd-ldap.5.xml:494 +#: sssd.conf.5.xml:1880 sssd-ldap.5.xml:495 msgid "Default: 60" msgstr "" @@ -1161,7 +1161,7 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:937 sssd.conf.5.xml:1214 sssd.conf.5.xml:2322 -#: sssd-ldap.5.xml:331 +#: sssd-ldap.5.xml:332 msgid "Default: 300" msgstr "" @@ -1530,7 +1530,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1240 sssd.conf.5.xml:2964 sssd-ldap.5.xml:548 +#: sssd.conf.5.xml:1240 sssd.conf.5.xml:2971 sssd-ldap.5.xml:549 msgid "Default: 8" msgstr "" @@ -1556,8 +1556,8 @@ msgid "" msgstr "" #. type: Content of: <variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1265 sssd.conf.5.xml:1317 sssd.conf.5.xml:3730 -#: sssd-ldap.5.xml:473 sssd-ldap.5.xml:525 include/failover.xml:116 +#: sssd.conf.5.xml:1265 sssd.conf.5.xml:1317 sssd.conf.5.xml:3737 +#: sssd-ldap.5.xml:474 sssd-ldap.5.xml:526 include/failover.xml:116 #: include/krb5_options.xml:11 msgid "Default: 6" msgstr "" @@ -1866,7 +1866,7 @@ msgid "pam_pwd_expiration_warning (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1553 sssd.conf.5.xml:2988 +#: sssd.conf.5.xml:1553 sssd.conf.5.xml:2995 msgid "Display a warning N days before the password expires." msgstr "" @@ -1879,7 +1879,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1562 sssd.conf.5.xml:2991 +#: sssd.conf.5.xml:1562 sssd.conf.5.xml:2998 msgid "" "If zero is set, then this filter is not applied, i.e. if the expiration " "warning was received from backend server, it will automatically be displayed." @@ -1893,7 +1893,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1572 sssd.conf.5.xml:3977 sssd-ldap.5.xml:606 sssd.8.xml:79 +#: sssd.conf.5.xml:1572 sssd.conf.5.xml:3984 sssd-ldap.5.xml:607 sssd.8.xml:79 msgid "Default: 0" msgstr "" @@ -1956,8 +1956,8 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1632 sssd.conf.5.xml:1657 sssd.conf.5.xml:1676 -#: sssd.conf.5.xml:1913 sssd.conf.5.xml:2733 sssd.conf.5.xml:3906 -#: sssd-ldap.5.xml:1207 +#: sssd.conf.5.xml:1913 sssd.conf.5.xml:2733 sssd.conf.5.xml:3913 +#: sssd-ldap.5.xml:1209 msgid "Default: none" msgstr "" @@ -2020,8 +2020,8 @@ msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:1687 sssd.conf.5.xml:1698 sssd.conf.5.xml:1712 -#: sssd-ldap.5.xml:671 sssd-ldap.5.xml:692 sssd-ldap.5.xml:788 -#: sssd-ldap.5.xml:1293 sssd-ad.5.xml:505 sssd-ad.5.xml:581 sssd-ad.5.xml:1126 +#: sssd-ldap.5.xml:672 sssd-ldap.5.xml:693 sssd-ldap.5.xml:789 +#: sssd-ldap.5.xml:1295 sssd-ad.5.xml:505 sssd-ad.5.xml:581 sssd-ad.5.xml:1126 #: sssd-ad.5.xml:1175 include/ldap_id_mapping.xml:250 msgid "Default: False" msgstr "" @@ -2060,7 +2060,7 @@ msgid "The path to the certificate database." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1723 sssd.conf.5.xml:2248 sssd.conf.5.xml:4354 +#: sssd.conf.5.xml:1723 sssd.conf.5.xml:2248 sssd.conf.5.xml:4371 msgid "Default:" msgstr "" @@ -2326,7 +2326,7 @@ msgid "Default: no_session" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1950 sssd.conf.5.xml:4293 +#: sssd.conf.5.xml:1950 sssd.conf.5.xml:4310 msgid "pam_gssapi_services" msgstr "" @@ -2360,7 +2360,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1968 sssd.conf.5.xml:3900 +#: sssd.conf.5.xml:1968 sssd.conf.5.xml:3907 msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" @@ -2370,7 +2370,7 @@ msgid "Default: - (GSSAPI authentication is disabled)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1979 sssd.conf.5.xml:4294 +#: sssd.conf.5.xml:1979 sssd.conf.5.xml:4311 msgid "pam_gssapi_check_upn" msgstr "" @@ -2390,7 +2390,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1999 sssd-ad.5.xml:1266 sss_rpcidmapd.5.xml:76 +#: sssd.conf.5.xml:1999 sssd-ad.5.xml:1271 sss_rpcidmapd.5.xml:76 #: sssd-files.5.xml:145 msgid "Default: True" msgstr "" @@ -3149,7 +3149,7 @@ msgid "FALSE = No enumerations for this domain" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2669 sssd.conf.5.xml:2943 sssd.conf.5.xml:3120 +#: sssd.conf.5.xml:2669 sssd.conf.5.xml:2950 sssd.conf.5.xml:3127 msgid "Default: FALSE" msgstr "" @@ -3418,7 +3418,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2922 sssd-ldap.5.xml:360 sssd-ldap.5.xml:1736 +#: sssd.conf.5.xml:2922 sssd-ldap.5.xml:361 sssd-ldap.5.xml:1738 #: sssd-ipa.5.xml:270 msgid "Default: 0 (disabled)" msgstr "" @@ -3430,11 +3430,17 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:2931 -msgid "Determines if user credentials are also cached in the local LDB cache." +msgid "" +"Determines if user credentials are also cached in the local LDB cache. The " +"cached credentials refer to passwords, which includes the first (long term) " +"factor of two-factor authentication, not other authentication mechanisms. " +"Passkey and Smartcard authentications are expected to work offline as long " +"as a successful online authentication is recorded in the cache without " +"additional configuration." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2935 +#: sssd.conf.5.xml:2942 msgid "" "Take a note that while credentials are stored as a salted SHA512 hash, this " "still potentially poses some security risk in case an attacker manages to " @@ -3443,12 +3449,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2949 +#: sssd.conf.5.xml:2956 msgid "cache_credentials_minimal_first_factor_length (int)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2952 +#: sssd.conf.5.xml:2959 msgid "" "If 2-Factor-Authentication (2FA) is used and credentials should be saved " "this value determines the minimal length the first authentication factor " @@ -3456,19 +3462,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2959 +#: sssd.conf.5.xml:2966 msgid "" "This should avoid that the short PINs of a PIN based 2FA scheme are saved in " "the cache which would make them easy targets for brute-force attacks." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2970 +#: sssd.conf.5.xml:2977 msgid "account_cache_expiration (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2973 +#: sssd.conf.5.xml:2980 msgid "" "Number of days entries are left in cache after last successful login before " "being removed during a cleanup of the cache. 0 means keep forever. The " @@ -3477,17 +3483,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2980 +#: sssd.conf.5.xml:2987 msgid "Default: 0 (unlimited)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:2985 +#: sssd.conf.5.xml:2992 msgid "pwd_expiration_warning (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:2996 +#: sssd.conf.5.xml:3003 msgid "" "Please note that the backend server has to provide information about the " "expiration time of the password. If this information is missing, sssd " @@ -3496,28 +3502,28 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3003 +#: sssd.conf.5.xml:3010 msgid "Default: 7 (Kerberos), 0 (LDAP)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3009 +#: sssd.conf.5.xml:3016 msgid "id_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3012 +#: sssd.conf.5.xml:3019 msgid "" "The identification provider used for the domain. Supported ID providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3016 +#: sssd.conf.5.xml:3023 msgid "<quote>proxy</quote>: Support a legacy NSS provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3019 +#: sssd.conf.5.xml:3026 msgid "" "<quote>files</quote>: FILES provider. See <citerefentry> <refentrytitle>sssd-" "files</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more " @@ -3525,7 +3531,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3027 +#: sssd.conf.5.xml:3034 msgid "" "<quote>ldap</quote>: LDAP provider. See <citerefentry> <refentrytitle>sssd-" "ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more " @@ -3533,8 +3539,8 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3035 sssd.conf.5.xml:3146 sssd.conf.5.xml:3197 -#: sssd.conf.5.xml:3260 +#: sssd.conf.5.xml:3042 sssd.conf.5.xml:3153 sssd.conf.5.xml:3204 +#: sssd.conf.5.xml:3267 msgid "" "<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management " "provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> " @@ -3543,8 +3549,8 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3044 sssd.conf.5.xml:3155 sssd.conf.5.xml:3206 -#: sssd.conf.5.xml:3269 +#: sssd.conf.5.xml:3051 sssd.conf.5.xml:3162 sssd.conf.5.xml:3213 +#: sssd.conf.5.xml:3276 msgid "" "<quote>ad</quote>: Active Directory provider. See <citerefentry> " "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3552,19 +3558,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3055 +#: sssd.conf.5.xml:3062 msgid "use_fully_qualified_names (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3058 +#: sssd.conf.5.xml:3065 msgid "" "Use the full name and domain (as formatted by the domain's full_name_format) " "as the user's login name reported to NSS." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3063 +#: sssd.conf.5.xml:3070 msgid "" "If set to TRUE, all requests to this domain must use fully qualified names. " "For example, if used in LOCAL domain that contains a \"test\" user, " @@ -3573,7 +3579,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3071 +#: sssd.conf.5.xml:3078 msgid "" "NOTE: This option has no effect on netgroup lookups due to their tendency to " "include nested netgroups without qualified names. For netgroups, all domains " @@ -3581,24 +3587,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3078 +#: sssd.conf.5.xml:3085 msgid "" "Default: FALSE (TRUE for trusted domain/sub-domains or if " "default_domain_suffix is used)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3085 +#: sssd.conf.5.xml:3092 msgid "ignore_group_members (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3088 +#: sssd.conf.5.xml:3095 msgid "Do not return group members for group lookups." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3091 +#: sssd.conf.5.xml:3098 msgid "" "If set to TRUE, the group membership attribute is not requested from the " "ldap server, and group members are not returned when processing group lookup " @@ -3610,7 +3616,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3109 +#: sssd.conf.5.xml:3116 msgid "" "Enabling this option can also make access provider checks for group " "membership significantly faster, especially for groups containing many " @@ -3618,30 +3624,30 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3115 sssd.conf.5.xml:3822 sssd-ldap.5.xml:326 -#: sssd-ldap.5.xml:355 sssd-ldap.5.xml:408 sssd-ldap.5.xml:468 -#: sssd-ldap.5.xml:489 sssd-ldap.5.xml:520 sssd-ldap.5.xml:543 -#: sssd-ldap.5.xml:582 sssd-ldap.5.xml:601 sssd-ldap.5.xml:625 -#: sssd-ldap.5.xml:1051 sssd-ldap.5.xml:1084 +#: sssd.conf.5.xml:3122 sssd.conf.5.xml:3829 sssd-ldap.5.xml:327 +#: sssd-ldap.5.xml:356 sssd-ldap.5.xml:409 sssd-ldap.5.xml:469 +#: sssd-ldap.5.xml:490 sssd-ldap.5.xml:521 sssd-ldap.5.xml:544 +#: sssd-ldap.5.xml:583 sssd-ldap.5.xml:602 sssd-ldap.5.xml:626 +#: sssd-ldap.5.xml:1053 sssd-ldap.5.xml:1086 msgid "" "This option can be also set per subdomain or inherited via " "<emphasis>subdomain_inherit</emphasis>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3125 +#: sssd.conf.5.xml:3132 msgid "auth_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3128 +#: sssd.conf.5.xml:3135 msgid "" "The authentication provider used for the domain. Supported auth providers " "are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3132 sssd.conf.5.xml:3190 +#: sssd.conf.5.xml:3139 sssd.conf.5.xml:3197 msgid "" "<quote>ldap</quote> for native LDAP authentication. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3649,7 +3655,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3139 +#: sssd.conf.5.xml:3146 msgid "" "<quote>krb5</quote> for Kerberos authentication. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3657,30 +3663,30 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3163 +#: sssd.conf.5.xml:3170 msgid "" "<quote>proxy</quote> for relaying authentication to some other PAM target." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3166 +#: sssd.conf.5.xml:3173 msgid "<quote>none</quote> disables authentication explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3169 +#: sssd.conf.5.xml:3176 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can handle " "authentication requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3175 +#: sssd.conf.5.xml:3182 msgid "access_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3178 +#: sssd.conf.5.xml:3185 msgid "" "The access control provider used for the domain. There are two built-in " "access providers (in addition to any included in installed backends) " @@ -3688,19 +3694,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3184 +#: sssd.conf.5.xml:3191 msgid "" "<quote>permit</quote> always allow access. It's the only permitted access " "provider for a local domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3187 +#: sssd.conf.5.xml:3194 msgid "<quote>deny</quote> always deny access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3214 +#: sssd.conf.5.xml:3221 msgid "" "<quote>simple</quote> access control based on access or deny lists. See " "<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</" @@ -3709,7 +3715,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3221 +#: sssd.conf.5.xml:3228 msgid "" "<quote>krb5</quote>: .k5login based access control. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum></" @@ -3717,29 +3723,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3228 +#: sssd.conf.5.xml:3235 msgid "<quote>proxy</quote> for relaying access control to another PAM module." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3231 +#: sssd.conf.5.xml:3238 msgid "Default: <quote>permit</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3236 +#: sssd.conf.5.xml:3243 msgid "chpass_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3239 +#: sssd.conf.5.xml:3246 msgid "" "The provider which should handle change password operations for the domain. " "Supported change password providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3244 +#: sssd.conf.5.xml:3251 msgid "" "<quote>ldap</quote> to change a password stored in a LDAP server. See " "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" @@ -3747,7 +3753,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3252 +#: sssd.conf.5.xml:3259 msgid "" "<quote>krb5</quote> to change the Kerberos password. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3755,35 +3761,35 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3277 +#: sssd.conf.5.xml:3284 msgid "" "<quote>proxy</quote> for relaying password changes to some other PAM target." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3281 +#: sssd.conf.5.xml:3288 msgid "<quote>none</quote> disallows password changes explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3284 +#: sssd.conf.5.xml:3291 msgid "" "Default: <quote>auth_provider</quote> is used if it is set and can handle " "change password requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3291 +#: sssd.conf.5.xml:3298 msgid "sudo_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3294 +#: sssd.conf.5.xml:3301 msgid "The SUDO provider used for the domain. Supported SUDO providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3298 +#: sssd.conf.5.xml:3305 msgid "" "<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3791,32 +3797,32 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3306 +#: sssd.conf.5.xml:3313 msgid "" "<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default " "settings." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3310 +#: sssd.conf.5.xml:3317 msgid "" "<quote>ad</quote> the same as <quote>ldap</quote> but with AD default " "settings." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3314 +#: sssd.conf.5.xml:3321 msgid "<quote>none</quote> disables SUDO explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3317 sssd.conf.5.xml:3403 sssd.conf.5.xml:3473 -#: sssd.conf.5.xml:3498 sssd.conf.5.xml:3534 +#: sssd.conf.5.xml:3324 sssd.conf.5.xml:3410 sssd.conf.5.xml:3480 +#: sssd.conf.5.xml:3505 sssd.conf.5.xml:3541 msgid "Default: The value of <quote>id_provider</quote> is used if it is set." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3321 +#: sssd.conf.5.xml:3328 msgid "" "The detailed instructions for configuration of sudo_provider are in the " "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " @@ -3827,7 +3833,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3336 +#: sssd.conf.5.xml:3343 msgid "" "<emphasis>NOTE:</emphasis> Sudo rules are periodically downloaded in the " "background unless the sudo provider is explicitly disabled. Set " @@ -3836,12 +3842,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3346 +#: sssd.conf.5.xml:3353 msgid "selinux_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3349 +#: sssd.conf.5.xml:3356 msgid "" "The provider which should handle loading of selinux settings. Note that this " "provider will be called right after access provider ends. Supported selinux " @@ -3849,7 +3855,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3355 +#: sssd.conf.5.xml:3362 msgid "" "<quote>ipa</quote> to load selinux settings from an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" @@ -3857,31 +3863,31 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3363 +#: sssd.conf.5.xml:3370 msgid "<quote>none</quote> disallows fetching selinux settings explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3366 +#: sssd.conf.5.xml:3373 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can handle " "selinux loading requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3372 +#: sssd.conf.5.xml:3379 msgid "subdomains_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3375 +#: sssd.conf.5.xml:3382 msgid "" "The provider which should handle fetching of subdomains. This value should " "be always the same as id_provider. Supported subdomain providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3381 +#: sssd.conf.5.xml:3388 msgid "" "<quote>ipa</quote> to load a list of subdomains from an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" @@ -3889,7 +3895,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3390 +#: sssd.conf.5.xml:3397 msgid "" "<quote>ad</quote> to load a list of subdomains from an Active Directory " "server. See <citerefentry> <refentrytitle>sssd-ad</refentrytitle> " @@ -3898,17 +3904,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3399 +#: sssd.conf.5.xml:3406 msgid "<quote>none</quote> disallows fetching subdomains explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3409 +#: sssd.conf.5.xml:3416 msgid "session_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3412 +#: sssd.conf.5.xml:3419 msgid "" "The provider which configures and manages user session related tasks. The " "only user session task currently provided is the integration with Fleet " @@ -3916,43 +3922,43 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3419 +#: sssd.conf.5.xml:3426 msgid "<quote>ipa</quote> to allow performing user session related tasks." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3423 +#: sssd.conf.5.xml:3430 msgid "" "<quote>none</quote> does not perform any kind of user session related tasks." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3427 +#: sssd.conf.5.xml:3434 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can perform " "session related tasks." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3431 +#: sssd.conf.5.xml:3438 msgid "" "<emphasis>NOTE:</emphasis> In order to have this feature working as expected " "SSSD must be running as \"root\" and not as the unprivileged user." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3439 +#: sssd.conf.5.xml:3446 msgid "autofs_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3442 +#: sssd.conf.5.xml:3449 msgid "" "The autofs provider used for the domain. Supported autofs providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3446 +#: sssd.conf.5.xml:3453 msgid "" "<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3960,7 +3966,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3453 +#: sssd.conf.5.xml:3460 msgid "" "<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> " "<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3968,7 +3974,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3461 +#: sssd.conf.5.xml:3468 msgid "" "<quote>ad</quote> to load maps stored in an AD server. See <citerefentry> " "<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </" @@ -3976,24 +3982,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3470 +#: sssd.conf.5.xml:3477 msgid "<quote>none</quote> disables autofs explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3480 +#: sssd.conf.5.xml:3487 msgid "hostid_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3483 +#: sssd.conf.5.xml:3490 msgid "" "The provider used for retrieving host identity information. Supported " "hostid providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3487 +#: sssd.conf.5.xml:3494 msgid "" "<quote>ipa</quote> to load host identity stored in an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" @@ -4001,31 +4007,31 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3495 +#: sssd.conf.5.xml:3502 msgid "<quote>none</quote> disables hostid explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3505 +#: sssd.conf.5.xml:3512 msgid "resolver_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3508 +#: sssd.conf.5.xml:3515 msgid "" "The provider which should handle hosts and networks lookups. Supported " "resolver providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3512 +#: sssd.conf.5.xml:3519 msgid "" "<quote>proxy</quote> to forward lookups to another NSS library. See " "<quote>proxy_resolver_lib_name</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3516 +#: sssd.conf.5.xml:3523 msgid "" "<quote>ldap</quote> to fetch hosts and networks stored in LDAP. See " "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" @@ -4033,7 +4039,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3523 +#: sssd.conf.5.xml:3530 msgid "" "<quote>ad</quote> to fetch hosts and networks stored in AD. See " "<citerefentry> <refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</" @@ -4042,12 +4048,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3531 +#: sssd.conf.5.xml:3538 msgid "<quote>none</quote> disallows fetching hosts and networks explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3544 +#: sssd.conf.5.xml:3551 msgid "" "Regular expression for this domain that describes how to parse the string " "containing user name and domain into these components. The \"domain\" can " @@ -4057,24 +4063,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3553 +#: sssd.conf.5.xml:3560 msgid "" "Default: <quote>^((?P<name>.+)@(?P<domain>[^@]*)|(?P<name>" "[^@]+))$</quote> which allows two different styles for user names:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:3558 sssd.conf.5.xml:3572 +#: sssd.conf.5.xml:3565 sssd.conf.5.xml:3579 msgid "username" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:3561 sssd.conf.5.xml:3575 +#: sssd.conf.5.xml:3568 sssd.conf.5.xml:3582 msgid "username@domain.name" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3566 +#: sssd.conf.5.xml:3573 msgid "" "Default for the AD and IPA provider: <quote>^(((?P<domain>[^\\\\]+)\\" "\\(?P<name>.+))|((?P<name>.+)@(?P<domain>[^@]+))|((?P<" @@ -4083,19 +4089,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:3578 +#: sssd.conf.5.xml:3585 msgid "domain\\username" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3581 +#: sssd.conf.5.xml:3588 msgid "" "While the first two correspond to the general default the third one is " "introduced to allow easy integration of users from Windows domains." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3586 +#: sssd.conf.5.xml:3593 msgid "" "The default re_expression uses the <quote>@</quote> character as a separator " "between the name and the domain. As a result of this setting the default " @@ -4105,89 +4111,89 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3638 +#: sssd.conf.5.xml:3645 msgid "Default: <quote>%1$s@%2$s</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3644 +#: sssd.conf.5.xml:3651 msgid "lookup_family_order (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3647 +#: sssd.conf.5.xml:3654 msgid "" "Provides the ability to select preferred address family to use when " "performing DNS lookups." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3651 +#: sssd.conf.5.xml:3658 msgid "Supported values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3654 +#: sssd.conf.5.xml:3661 msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3657 +#: sssd.conf.5.xml:3664 msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3660 +#: sssd.conf.5.xml:3667 msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3663 +#: sssd.conf.5.xml:3670 msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3666 +#: sssd.conf.5.xml:3673 msgid "Default: ipv4_first" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3672 +#: sssd.conf.5.xml:3679 msgid "dns_resolver_server_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3675 +#: sssd.conf.5.xml:3682 msgid "" "Defines the amount of time (in milliseconds) SSSD would try to talk to DNS " "server before trying next DNS server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3680 +#: sssd.conf.5.xml:3687 msgid "" "The AD provider will use this option for the CLDAP ping timeouts as well." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3684 sssd.conf.5.xml:3704 sssd.conf.5.xml:3725 +#: sssd.conf.5.xml:3691 sssd.conf.5.xml:3711 sssd.conf.5.xml:3732 msgid "" "Please see the section <quote>FAILOVER</quote> for more information about " "the service resolution." msgstr "" #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3689 sssd-ldap.5.xml:644 include/failover.xml:84 +#: sssd.conf.5.xml:3696 sssd-ldap.5.xml:645 include/failover.xml:84 msgid "Default: 1000" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3695 +#: sssd.conf.5.xml:3702 msgid "dns_resolver_op_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3698 +#: sssd.conf.5.xml:3705 msgid "" "Defines the amount of time (in seconds) to wait to resolve single DNS query " "(e.g. resolution of a hostname or an SRV record) before trying the next " @@ -4195,12 +4201,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3715 +#: sssd.conf.5.xml:3722 msgid "dns_resolver_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3718 +#: sssd.conf.5.xml:3725 msgid "" "Defines the amount of time (in seconds) to wait for a reply from the " "internal fail over service before assuming that the service is unreachable. " @@ -4209,12 +4215,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3736 +#: sssd.conf.5.xml:3743 msgid "dns_resolver_use_search_list (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3739 +#: sssd.conf.5.xml:3746 msgid "" "Normally, the DNS resolver searches the domain list defined in the " "\"search\" directive from the resolv.conf file. This can lead to delays in " @@ -4222,7 +4228,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3745 +#: sssd.conf.5.xml:3752 msgid "" "If fully qualified domain names (or _srv_) are used in the SSSD " "configuration, setting this option to FALSE can prevent unnecessary DNS " @@ -4230,71 +4236,71 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3751 +#: sssd.conf.5.xml:3758 #, fuzzy #| msgid "Default: 3" msgid "Default: TRUE" msgstr "默认: 3" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3757 +#: sssd.conf.5.xml:3764 msgid "dns_discovery_domain (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3760 +#: sssd.conf.5.xml:3767 msgid "" "If service discovery is used in the back end, specifies the domain part of " "the service discovery DNS query." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3764 +#: sssd.conf.5.xml:3771 msgid "Default: Use the domain part of machine's hostname" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3770 +#: sssd.conf.5.xml:3777 msgid "override_gid (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3773 +#: sssd.conf.5.xml:3780 msgid "Override the primary GID value with the one specified." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3779 +#: sssd.conf.5.xml:3786 msgid "case_sensitive (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3786 +#: sssd.conf.5.xml:3793 msgid "True" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3789 +#: sssd.conf.5.xml:3796 msgid "Case sensitive. This value is invalid for AD provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3795 +#: sssd.conf.5.xml:3802 msgid "False" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3797 +#: sssd.conf.5.xml:3804 msgid "Case insensitive." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3801 +#: sssd.conf.5.xml:3808 msgid "Preserving" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3804 +#: sssd.conf.5.xml:3811 msgid "" "Same as False (case insensitive), but does not lowercase names in the result " "of NSS operations. Note that name aliases (and in case of services also " @@ -4302,31 +4308,31 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3812 +#: sssd.conf.5.xml:3819 msgid "" "If you want to set this value for trusted domain with IPA provider, you need " "to set it on both the client and SSSD on the server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3782 +#: sssd.conf.5.xml:3789 msgid "" "Treat user and group names as case sensitive. Possible option values are: " "<placeholder type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3827 +#: sssd.conf.5.xml:3834 msgid "Default: True (False for AD provider)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3833 +#: sssd.conf.5.xml:3840 msgid "subdomain_inherit (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3836 +#: sssd.conf.5.xml:3843 msgid "" "Specifies a list of configuration parameters that should be inherited by a " "subdomain. Please note that only selected parameters can be inherited. " @@ -4334,104 +4340,104 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3842 +#: sssd.conf.5.xml:3849 msgid "ldap_search_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3845 +#: sssd.conf.5.xml:3852 msgid "ldap_network_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3848 +#: sssd.conf.5.xml:3855 msgid "ldap_opt_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3851 +#: sssd.conf.5.xml:3858 msgid "ldap_offline_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3854 +#: sssd.conf.5.xml:3861 msgid "ldap_enumeration_refresh_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3857 +#: sssd.conf.5.xml:3864 msgid "ldap_enumeration_refresh_offset" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3860 +#: sssd.conf.5.xml:3867 msgid "ldap_purge_cache_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3863 +#: sssd.conf.5.xml:3870 msgid "ldap_purge_cache_offset" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3866 +#: sssd.conf.5.xml:3873 msgid "" "ldap_krb5_keytab (the value of krb5_keytab will be used if ldap_krb5_keytab " "is not set explicitly)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3870 +#: sssd.conf.5.xml:3877 msgid "ldap_krb5_ticket_lifetime" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3873 +#: sssd.conf.5.xml:3880 msgid "ldap_enumeration_search_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3876 +#: sssd.conf.5.xml:3883 msgid "ldap_connection_expire_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3879 +#: sssd.conf.5.xml:3886 msgid "ldap_connection_expire_offset" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3882 +#: sssd.conf.5.xml:3889 msgid "ldap_connection_idle_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3885 sssd-ldap.5.xml:400 +#: sssd.conf.5.xml:3892 sssd-ldap.5.xml:401 msgid "ldap_use_tokengroups" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3888 +#: sssd.conf.5.xml:3895 msgid "ldap_user_principal" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3891 +#: sssd.conf.5.xml:3898 msgid "ignore_group_members" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3894 +#: sssd.conf.5.xml:3901 msgid "auto_private_groups" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3897 +#: sssd.conf.5.xml:3904 msgid "case_sensitive" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:3902 +#: sssd.conf.5.xml:3909 #, no-wrap msgid "" "subdomain_inherit = ldap_purge_cache_timeout\n" @@ -4439,27 +4445,27 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3909 +#: sssd.conf.5.xml:3916 msgid "Note: This option only works with the IPA and AD provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3916 +#: sssd.conf.5.xml:3923 msgid "subdomain_homedir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3927 +#: sssd.conf.5.xml:3934 msgid "%F" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3928 +#: sssd.conf.5.xml:3935 msgid "flat (NetBIOS) name of a subdomain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3919 +#: sssd.conf.5.xml:3926 msgid "" "Use this homedir as default value for all subdomains within this domain in " "IPA AD trust. See <emphasis>override_homedir</emphasis> for info about " @@ -4469,34 +4475,34 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3933 +#: sssd.conf.5.xml:3940 msgid "" "The value can be overridden by <emphasis>override_homedir</emphasis> option." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3937 +#: sssd.conf.5.xml:3944 msgid "Default: <filename>/home/%d/%u</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3942 +#: sssd.conf.5.xml:3949 msgid "realmd_tags (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3945 +#: sssd.conf.5.xml:3952 msgid "" "Various tags stored by the realmd configuration service for this domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3951 +#: sssd.conf.5.xml:3958 msgid "cached_auth_timeout (int)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3954 +#: sssd.conf.5.xml:3961 msgid "" "Specifies time in seconds since last successful online authentication for " "which user will be authenticated using cached credentials while SSSD is in " @@ -4505,19 +4511,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3962 +#: sssd.conf.5.xml:3969 msgid "" "This option's value is inherited by all trusted domains. At the moment it is " "not possible to set a different value per trusted domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3967 +#: sssd.conf.5.xml:3974 msgid "Special value 0 implies that this feature is disabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3971 +#: sssd.conf.5.xml:3978 msgid "" "Please note that if <quote>cached_auth_timeout</quote> is longer than " "<quote>pam_id_timeout</quote> then the back end could be called to handle " @@ -4525,12 +4531,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:3982 +#: sssd.conf.5.xml:3989 msgid "local_auth_policy (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3985 +#: sssd.conf.5.xml:3992 msgid "" "Local authentication methods policy. Some backends (i.e. LDAP, proxy " "provider) only support a password based authentication, while others can " @@ -4541,7 +4547,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:3995 +#: sssd.conf.5.xml:4002 msgid "" "There are three possible values for this option: match, only, enable. " "<quote>match</quote> is used to match offline and online states for Kerberos " @@ -4552,8 +4558,17 @@ msgid "" "separated, such as <quote>enable:passkey, enable:smartcard</quote>" msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:4014 +msgid "" +"Please note that if local Smartcard authentication is enabled and a " +"Smartcard is present, Smartcard authentication will be preferred over the " +"authentication methods supported by the backend. I.e. there will be a PIN " +"prompt instead of e.g. a password prompt." +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:4011 +#: sssd.conf.5.xml:4026 #, no-wrap msgid "" "[domain/shadowutils]\n" @@ -4564,7 +4579,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4007 +#: sssd.conf.5.xml:4022 msgid "" "The following configuration example allows local users to authenticate " "locally using any enabled method (i.e. smartcard, passkey). <placeholder " @@ -4572,36 +4587,36 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4019 +#: sssd.conf.5.xml:4034 msgid "This option is ignored for the files provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4022 +#: sssd.conf.5.xml:4037 #, fuzzy #| msgid "Default: 3" msgid "Default: match" msgstr "默认: 3" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4027 +#: sssd.conf.5.xml:4042 msgid "auto_private_groups (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4033 +#: sssd.conf.5.xml:4048 msgid "true" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4036 +#: sssd.conf.5.xml:4051 msgid "" "Create user's private group unconditionally from user's UID number. The GID " "number is ignored in this case." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4040 +#: sssd.conf.5.xml:4055 msgid "" "NOTE: Because the GID number and the user private group are inferred from " "the UID number, it is not supported to have multiple entries with the same " @@ -4610,24 +4625,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4049 +#: sssd.conf.5.xml:4064 msgid "false" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4052 +#: sssd.conf.5.xml:4067 msgid "" "Always use the user's primary GID number. The GID number must refer to a " "group object in the LDAP database." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4058 +#: sssd.conf.5.xml:4073 msgid "hybrid" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4061 +#: sssd.conf.5.xml:4076 msgid "" "A primary group is autogenerated for user entries whose UID and GID numbers " "have the same value and at the same time the GID number does not correspond " @@ -4637,14 +4652,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4074 +#: sssd.conf.5.xml:4089 msgid "" "If the UID and GID of a user are different, then the GID must correspond to " "a group entry, otherwise the GID is simply not resolvable." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4081 +#: sssd.conf.5.xml:4096 msgid "" "This feature is useful for environments that wish to stop maintaining a " "separate group objects for the user private groups, but also wish to retain " @@ -4652,21 +4667,21 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4030 +#: sssd.conf.5.xml:4045 msgid "" "This option takes any of three available values: <placeholder " "type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4093 +#: sssd.conf.5.xml:4108 msgid "" "For subdomains, the default value is False for subdomains that use assigned " "POSIX IDs and True for subdomains that use automatic ID-mapping." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:4101 +#: sssd.conf.5.xml:4116 #, no-wrap msgid "" "[domain/forest.domain/sub.domain]\n" @@ -4674,7 +4689,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:4107 +#: sssd.conf.5.xml:4122 #, no-wrap msgid "" "[domain/forest.domain]\n" @@ -4683,7 +4698,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4098 +#: sssd.conf.5.xml:4113 msgid "" "The value of auto_private_groups can either be set per subdomains in a " "subsection, for example: <placeholder type=\"programlisting\" id=\"0\"/> or " @@ -4700,29 +4715,30 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4122 +#: sssd.conf.5.xml:4137 msgid "proxy_pam_target (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4125 +#: sssd.conf.5.xml:4140 msgid "The proxy target PAM proxies to." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4128 +#: sssd.conf.5.xml:4143 msgid "" "Default: not set by default, you have to take an existing pam configuration " -"or create a new one and add the service name here." +"or create a new one and add the service name here. As an alternative you can " +"enable local authentication with the local_auth_policy option." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4136 +#: sssd.conf.5.xml:4153 msgid "proxy_lib_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4139 +#: sssd.conf.5.xml:4156 msgid "" "The name of the NSS library to use in proxy domains. The NSS functions " "searched for in the library are in the form of _nss_$(libName)_$(function), " @@ -4730,12 +4746,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4149 +#: sssd.conf.5.xml:4166 msgid "proxy_resolver_lib_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4152 +#: sssd.conf.5.xml:4169 msgid "" "The name of the NSS library to use for hosts and networks lookups in proxy " "domains. The NSS functions searched for in the library are in the form of " @@ -4743,12 +4759,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4163 +#: sssd.conf.5.xml:4180 msgid "proxy_fast_alias (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4166 +#: sssd.conf.5.xml:4183 msgid "" "When a user or group is looked up by name in the proxy provider, a second " "lookup by ID is performed to \"canonicalize\" the name in case the requested " @@ -4757,12 +4773,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4180 +#: sssd.conf.5.xml:4197 msgid "proxy_max_children (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4183 +#: sssd.conf.5.xml:4200 msgid "" "This option specifies the number of pre-forked proxy children. It is useful " "for high-load SSSD environments where sssd may run out of available child " @@ -4770,19 +4786,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4118 +#: sssd.conf.5.xml:4133 msgid "" "Options valid for proxy domains. <placeholder type=\"variablelist\" " "id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:4199 +#: sssd.conf.5.xml:4216 msgid "Application domains" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4201 +#: sssd.conf.5.xml:4218 msgid "" "SSSD, with its D-Bus interface (see <citerefentry> <refentrytitle>sssd-ifp</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry>) is appealing to " @@ -4799,7 +4815,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4221 +#: sssd.conf.5.xml:4238 msgid "" "Please note that the application domain must still be explicitly enabled in " "the <quote>domains</quote> parameter so that the lookup order between the " @@ -4807,17 +4823,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> -#: sssd.conf.5.xml:4227 +#: sssd.conf.5.xml:4244 msgid "Application domain parameters" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4229 +#: sssd.conf.5.xml:4246 msgid "inherit_from (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4232 +#: sssd.conf.5.xml:4249 msgid "" "The SSSD POSIX-type domain the application domain inherits all settings " "from. The application domain can moreover add its own settings to the " @@ -4826,7 +4842,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4246 +#: sssd.conf.5.xml:4263 msgid "" "The following example illustrates the use of an application domain. In this " "setup, the POSIX domain is connected to an LDAP server and is used by the OS " @@ -4836,7 +4852,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><programlisting> -#: sssd.conf.5.xml:4254 +#: sssd.conf.5.xml:4271 #, no-wrap msgid "" "[sssd]\n" @@ -4856,12 +4872,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4274 +#: sssd.conf.5.xml:4291 msgid "TRUSTED DOMAIN SECTION" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4276 +#: sssd.conf.5.xml:4293 msgid "" "Some options used in the domain section can also be used in the trusted " "domain section, that is, in a section called <quote>[domain/" @@ -4872,69 +4888,69 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4283 +#: sssd.conf.5.xml:4300 msgid "ldap_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4284 +#: sssd.conf.5.xml:4301 msgid "ldap_user_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4285 +#: sssd.conf.5.xml:4302 msgid "ldap_group_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4286 +#: sssd.conf.5.xml:4303 msgid "ldap_netgroup_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4287 +#: sssd.conf.5.xml:4304 msgid "ldap_service_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4288 +#: sssd.conf.5.xml:4305 msgid "ldap_sasl_mech," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4289 +#: sssd.conf.5.xml:4306 msgid "ad_server," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4290 +#: sssd.conf.5.xml:4307 msgid "ad_backup_server," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4291 +#: sssd.conf.5.xml:4308 msgid "ad_site," msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4292 sssd-ipa.5.xml:879 +#: sssd.conf.5.xml:4309 sssd-ipa.5.xml:884 msgid "use_fully_qualified_names" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4296 +#: sssd.conf.5.xml:4313 msgid "" "For more details about these options see their individual description in the " "manual page." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4302 +#: sssd.conf.5.xml:4319 msgid "CERTIFICATE MAPPING SECTION" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4304 +#: sssd.conf.5.xml:4321 msgid "" "To allow authentication with Smartcards and certificates SSSD must be able " "to map certificates to users. This can be done by adding the full " @@ -4947,7 +4963,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4318 +#: sssd.conf.5.xml:4335 msgid "" "To make the mapping more flexible mapping and matching rules were added to " "SSSD (see <citerefentry> <refentrytitle>sss-certmap</refentrytitle> " @@ -4955,7 +4971,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4327 +#: sssd.conf.5.xml:4344 msgid "" "A mapping and matching rule can be added to the SSSD configuration in a " "section on its own with a name like <quote>[certmap/" @@ -4964,55 +4980,55 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4334 +#: sssd.conf.5.xml:4351 msgid "matchrule (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4337 +#: sssd.conf.5.xml:4354 msgid "" "Only certificates from the Smartcard which matches this rule will be " "processed, all others are ignored." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4341 +#: sssd.conf.5.xml:4358 msgid "" "Default: KRB5:<EKU>clientAuth, i.e. only certificates which have the " "Extended Key Usage <quote>clientAuth</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4348 +#: sssd.conf.5.xml:4365 msgid "maprule (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4351 +#: sssd.conf.5.xml:4368 msgid "Defines how the user is found for a given certificate." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4357 +#: sssd.conf.5.xml:4374 msgid "" "LDAP:(userCertificate;binary={cert!bin}) for LDAP based providers like " "<quote>ldap</quote>, <quote>AD</quote> or <quote>ipa</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4363 +#: sssd.conf.5.xml:4380 msgid "" "The RULE_NAME for the <quote>files</quote> provider which tries to find a " "user with the same name." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4372 +#: sssd.conf.5.xml:4389 msgid "domains (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4375 +#: sssd.conf.5.xml:4392 msgid "" "Comma separated list of domain names the rule should be applied. By default " "a rule is only valid in the domain configured in sssd.conf. If the provider " @@ -5021,17 +5037,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4382 +#: sssd.conf.5.xml:4399 msgid "Default: the configured domain in sssd.conf" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4387 +#: sssd.conf.5.xml:4404 msgid "priority (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4390 +#: sssd.conf.5.xml:4407 msgid "" "Unsigned integer value defining the priority of the rule. The higher the " "number the lower the priority. <quote>0</quote> stands for the highest " @@ -5039,26 +5055,26 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4396 +#: sssd.conf.5.xml:4413 msgid "Default: the lowest priority" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4402 +#: sssd.conf.5.xml:4419 msgid "" "To make the configuration simple and reduce the amount of configuration " "options the <quote>files</quote> provider has some special properties:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4408 +#: sssd.conf.5.xml:4425 msgid "" "if maprule is not set the RULE_NAME name is assumed to be the name of the " "matching user" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4414 +#: sssd.conf.5.xml:4431 msgid "" "if a maprule is used both a single user name or a template like " "<quote>{subject_rfc822_name.short_name}</quote> must be in braces like e.g. " @@ -5067,17 +5083,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4423 +#: sssd.conf.5.xml:4440 msgid "the <quote>domains</quote> option is ignored" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4431 +#: sssd.conf.5.xml:4448 msgid "PROMPTING CONFIGURATION SECTION" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4433 +#: sssd.conf.5.xml:4450 msgid "" "If a special file (<filename>/var/lib/sss/pubconf/pam_preauth_available</" "filename>) exists SSSD's PAM module pam_sss will ask SSSD to figure out " @@ -5087,7 +5103,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4441 +#: sssd.conf.5.xml:4458 msgid "" "With the growing number of authentication methods and the possibility that " "there are multiple ones for a single user the heuristic used by pam_sss to " @@ -5096,59 +5112,59 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4453 +#: sssd.conf.5.xml:4470 msgid "[prompting/password]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4456 +#: sssd.conf.5.xml:4473 msgid "password_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4457 +#: sssd.conf.5.xml:4474 msgid "to change the string of the password prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4455 +#: sssd.conf.5.xml:4472 msgid "" "to configure password prompting, allowed options are: <placeholder " "type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4465 +#: sssd.conf.5.xml:4482 msgid "[prompting/2fa]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4469 +#: sssd.conf.5.xml:4486 msgid "first_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4470 +#: sssd.conf.5.xml:4487 msgid "to change the string of the prompt for the first factor" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4473 +#: sssd.conf.5.xml:4490 msgid "second_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4474 +#: sssd.conf.5.xml:4491 msgid "to change the string of the prompt for the second factor" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4477 +#: sssd.conf.5.xml:4494 msgid "single_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4478 +#: sssd.conf.5.xml:4495 msgid "" "boolean value, if True there will be only a single prompt using the value of " "first_prompt where it is expected that both factors are entered as a single " @@ -5157,7 +5173,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4467 +#: sssd.conf.5.xml:4484 msgid "" "to configure two-factor authentication prompting, allowed options are: " "<placeholder type=\"variablelist\" id=\"0\"/> If the second factor is " @@ -5166,17 +5182,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4495 +#: sssd.conf.5.xml:4512 msgid "[prompting/passkey]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4501 sssd-ad.5.xml:1021 +#: sssd.conf.5.xml:4518 sssd-ad.5.xml:1021 msgid "interactive" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4503 +#: sssd.conf.5.xml:4520 msgid "" "boolean value, if True prompt a message and wait before testing the presence " "of a passkey device. Recommended if your device doesn’t have a tactile " @@ -5184,46 +5200,46 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4511 +#: sssd.conf.5.xml:4528 msgid "interactive_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4513 +#: sssd.conf.5.xml:4530 msgid "to change the message of the interactive prompt." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4518 +#: sssd.conf.5.xml:4535 msgid "touch" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4520 +#: sssd.conf.5.xml:4537 msgid "" "boolean value, if True prompt a message to remind the user to touch the " "device." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4526 +#: sssd.conf.5.xml:4543 msgid "touch_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4528 +#: sssd.conf.5.xml:4545 msgid "to change the message of the touch prompt." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4497 +#: sssd.conf.5.xml:4514 msgid "" "to configure passkey authentication prompting, allowed options are: " "<placeholder type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4448 +#: sssd.conf.5.xml:4465 msgid "" "Each supported authentication method has its own configuration subsection " "under <quote>[prompting/...]</quote>. Currently there are: <placeholder " @@ -5232,7 +5248,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4539 +#: sssd.conf.5.xml:4556 msgid "" "It is possible to add a subsection for specific PAM services, e.g. " "<quote>[prompting/password/sshd]</quote> to individual change the prompting " @@ -5240,12 +5256,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4546 pam_sss_gss.8.xml:157 idmap_sss.8.xml:43 +#: sssd.conf.5.xml:4563 pam_sss_gss.8.xml:157 idmap_sss.8.xml:43 msgid "EXAMPLES" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4552 +#: sssd.conf.5.xml:4569 #, no-wrap msgid "" "[sssd]\n" @@ -5275,7 +5291,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4548 +#: sssd.conf.5.xml:4565 msgid "" "1. The following example shows a typical SSSD config. It does not describe " "configuration of the domains themselves - refer to documentation on " @@ -5284,7 +5300,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4585 +#: sssd.conf.5.xml:4602 #, no-wrap msgid "" "[domain/ipa.com/child.ad.com]\n" @@ -5292,7 +5308,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4579 +#: sssd.conf.5.xml:4596 msgid "" "2. The following example shows configuration of IPA AD trust where the AD " "forest consists of two domains in a parent-child structure. Suppose IPA " @@ -5303,7 +5319,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4596 +#: sssd.conf.5.xml:4613 #, no-wrap msgid "" "[certmap/my.domain/rule_name]\n" @@ -5314,7 +5330,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4590 +#: sssd.conf.5.xml:4607 msgid "" "3. The following example shows the configuration of a certificate mapping " "rule. It is valid for the configured domain <quote>my.domain</quote> and " @@ -5368,26 +5384,26 @@ msgid "" "LDAP back end supports id, auth, access and chpass providers. If you want to " "authenticate against an LDAP server either TLS/SSL or LDAPS is required. " "<command>sssd</command> <emphasis>does not</emphasis> support authentication " -"over an unencrypted channel. If the LDAP server is used only as an identity " -"provider, an encrypted channel is not needed. Please refer to " -"<quote>ldap_access_filter</quote> config option for more information about " -"using LDAP as an access provider." +"over an unencrypted channel. Even if the LDAP server is used only as an " +"identity provider, an encrypted channel is strongly recommended. Please " +"refer to <quote>ldap_access_filter</quote> config option for more " +"information about using LDAP as an access provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:82 sssd-ad.5.xml:130 +#: sssd-ldap.5.xml:50 sssd-simple.5.xml:69 sssd-ipa.5.xml:82 sssd-ad.5.xml:130 #: sssd-krb5.5.xml:63 sssd-ifp.5.xml:60 sssd-files.5.xml:77 #: sssd-session-recording.5.xml:58 sssd-kcm.8.xml:202 msgid "CONFIGURATION OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:66 +#: sssd-ldap.5.xml:67 msgid "ldap_uri, ldap_backup_uri (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:69 +#: sssd-ldap.5.xml:70 msgid "" "Specifies the comma-separated list of URIs of the LDAP servers to which SSSD " "should connect in the order of preference. Refer to the <quote>FAILOVER</" @@ -5397,33 +5413,33 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:76 +#: sssd-ldap.5.xml:77 msgid "The format of the URI must match the format defined in RFC 2732:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:79 +#: sssd-ldap.5.xml:80 msgid "ldap[s]://<host>[:port]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:82 +#: sssd-ldap.5.xml:83 msgid "" "For explicit IPv6 addresses, <host> must be enclosed in brackets []" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:85 +#: sssd-ldap.5.xml:86 msgid "example: ldap://[fc00::126:25]:389" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:91 +#: sssd-ldap.5.xml:92 msgid "ldap_chpass_uri, ldap_chpass_backup_uri (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:94 +#: sssd-ldap.5.xml:95 msgid "" "Specifies the comma-separated list of URIs of the LDAP servers to which SSSD " "should connect in the order of preference to change the password of a user. " @@ -5432,71 +5448,71 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:101 +#: sssd-ldap.5.xml:102 msgid "To enable service discovery ldap_chpass_dns_service_name must be set." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:105 +#: sssd-ldap.5.xml:106 msgid "Default: empty, i.e. ldap_uri is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:111 +#: sssd-ldap.5.xml:112 msgid "ldap_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:114 +#: sssd-ldap.5.xml:115 msgid "The default base DN to use for performing LDAP user operations." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:118 +#: sssd-ldap.5.xml:119 msgid "" "Starting with SSSD 1.7.0, SSSD supports multiple search bases using the " "syntax:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:122 +#: sssd-ldap.5.xml:123 msgid "search_base[?scope?[filter][?search_base?scope?[filter]]*]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:125 +#: sssd-ldap.5.xml:126 msgid "The scope can be one of \"base\", \"onelevel\" or \"subtree\"." msgstr "" #. type: Content of: <listitem><para> -#: sssd-ldap.5.xml:128 include/ldap_search_bases.xml:18 +#: sssd-ldap.5.xml:129 include/ldap_search_bases.xml:18 msgid "" "The filter must be a valid LDAP search filter as specified by http://www." "ietf.org/rfc/rfc2254.txt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:132 sssd-ad.5.xml:311 sss_override.8.xml:143 +#: sssd-ldap.5.xml:133 sssd-ad.5.xml:311 sss_override.8.xml:143 #: sss_override.8.xml:240 sssd-ldap-attributes.5.xml:453 msgid "Examples:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:135 +#: sssd-ldap.5.xml:136 msgid "" "ldap_search_base = dc=example,dc=com (which is equivalent to) " "ldap_search_base = dc=example,dc=com?subtree?" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:140 +#: sssd-ldap.5.xml:141 msgid "" "ldap_search_base = cn=host_specific,dc=example,dc=com?subtree?" "(host=thishost)?dc=example.com?subtree?" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:143 +#: sssd-ldap.5.xml:144 msgid "" "Note: It is unsupported to have multiple search bases which reference " "identically-named objects (for example, groups with the same name in two " @@ -5505,7 +5521,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:150 +#: sssd-ldap.5.xml:151 msgid "" "Default: If not set, the value of the defaultNamingContext or namingContexts " "attribute from the RootDSE of the LDAP server is used. If " @@ -5516,12 +5532,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:164 +#: sssd-ldap.5.xml:165 msgid "ldap_schema (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:167 +#: sssd-ldap.5.xml:168 msgid "" "Specifies the Schema Type in use on the target LDAP server. Depending on " "the selected schema, the default attribute names retrieved from the servers " @@ -5529,32 +5545,32 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:174 +#: sssd-ldap.5.xml:175 msgid "Four schema types are currently supported:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:178 +#: sssd-ldap.5.xml:179 msgid "rfc2307" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:183 +#: sssd-ldap.5.xml:184 msgid "rfc2307bis" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:188 +#: sssd-ldap.5.xml:189 msgid "IPA" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:193 +#: sssd-ldap.5.xml:194 msgid "AD" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:199 +#: sssd-ldap.5.xml:200 msgid "" "The main difference between these schema types is how group memberships are " "recorded in the server. With rfc2307, group members are listed by name in " @@ -5565,37 +5581,37 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:209 +#: sssd-ldap.5.xml:210 msgid "Default: rfc2307" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:215 +#: sssd-ldap.5.xml:216 msgid "ldap_pwmodify_mode (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:218 +#: sssd-ldap.5.xml:219 msgid "Specify the operation that is used to modify user password." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:222 +#: sssd-ldap.5.xml:223 msgid "Two modes are currently supported:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:226 +#: sssd-ldap.5.xml:227 msgid "exop - Password Modify Extended Operation (RFC 3062)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:232 +#: sssd-ldap.5.xml:233 msgid "ldap_modify - Direct modification of userPassword (not recommended)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:239 +#: sssd-ldap.5.xml:240 msgid "" "Note: First, a new connection is established to verify current password by " "binding as the user that requested password change. If successful, this " @@ -5604,74 +5620,74 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:247 +#: sssd-ldap.5.xml:248 msgid "Default: exop" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:253 +#: sssd-ldap.5.xml:254 msgid "ldap_default_bind_dn (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:256 +#: sssd-ldap.5.xml:257 msgid "The default bind DN to use for performing LDAP operations." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:263 +#: sssd-ldap.5.xml:264 msgid "ldap_default_authtok_type (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:266 +#: sssd-ldap.5.xml:267 msgid "The type of the authentication token of the default bind DN." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:270 +#: sssd-ldap.5.xml:271 msgid "The two mechanisms currently supported are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:273 +#: sssd-ldap.5.xml:274 msgid "password" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:276 +#: sssd-ldap.5.xml:277 msgid "obfuscated_password" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:279 +#: sssd-ldap.5.xml:280 msgid "Default: password" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:282 +#: sssd-ldap.5.xml:283 msgid "" "See the <citerefentry> <refentrytitle>sss_obfuscate</refentrytitle> " "<manvolnum>8</manvolnum> </citerefentry> manual page for more information." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:293 +#: sssd-ldap.5.xml:294 msgid "ldap_default_authtok (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:296 +#: sssd-ldap.5.xml:297 msgid "The authentication token of the default bind DN." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:302 +#: sssd-ldap.5.xml:303 msgid "ldap_force_upper_case_realm (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:305 +#: sssd-ldap.5.xml:306 msgid "" "Some directory servers, for example Active Directory, might deliver the " "realm part of the UPN in lower case, which might cause the authentication to " @@ -5680,24 +5696,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:318 +#: sssd-ldap.5.xml:319 msgid "ldap_enumeration_refresh_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:321 +#: sssd-ldap.5.xml:322 msgid "" "Specifies how many seconds SSSD has to wait before refreshing its cache of " "enumerated records." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:337 +#: sssd-ldap.5.xml:338 msgid "ldap_purge_cache_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:340 +#: sssd-ldap.5.xml:341 msgid "" "Determine how often to check the cache for inactive entries (such as groups " "with no members and users who have never logged in) and remove them to save " @@ -5705,7 +5721,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:346 +#: sssd-ldap.5.xml:347 msgid "" "Setting this option to zero will disable the cache cleanup operation. Please " "note that if enumeration is enabled, the cleanup task is required in order " @@ -5714,12 +5730,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:366 +#: sssd-ldap.5.xml:367 msgid "ldap_group_nesting_level (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:369 +#: sssd-ldap.5.xml:370 msgid "" "If ldap_schema is set to a schema format that supports nested groups (e.g. " "RFC2307bis), then this option controls how many levels of nesting SSSD will " @@ -5727,7 +5743,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:376 +#: sssd-ldap.5.xml:377 msgid "" "Note: This option specifies the guaranteed level of nested groups to be " "processed for any lookup. However, nested groups beyond this limit " @@ -5737,7 +5753,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:385 +#: sssd-ldap.5.xml:386 msgid "" "If ldap_group_nesting_level is set to 0 then no nested groups are processed " "at all. However, when connected to Active-Directory Server 2008 and later " @@ -5747,67 +5763,67 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:394 +#: sssd-ldap.5.xml:395 msgid "Default: 2" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:403 +#: sssd-ldap.5.xml:404 msgid "" "This options enables or disables use of Token-Groups attribute when " "performing initgroup for users from Active Directory Server 2008 and later." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:413 +#: sssd-ldap.5.xml:414 msgid "Default: True for AD and IPA otherwise False." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:419 +#: sssd-ldap.5.xml:420 msgid "ldap_host_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:422 +#: sssd-ldap.5.xml:423 msgid "Optional. Use the given string as search base for host objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:426 sssd-ipa.5.xml:457 sssd-ipa.5.xml:476 sssd-ipa.5.xml:495 -#: sssd-ipa.5.xml:514 +#: sssd-ldap.5.xml:427 sssd-ipa.5.xml:462 sssd-ipa.5.xml:481 sssd-ipa.5.xml:500 +#: sssd-ipa.5.xml:519 msgid "" "See <quote>ldap_search_base</quote> for information about configuring " "multiple search bases." msgstr "" #. type: Content of: <listitem><para> -#: sssd-ldap.5.xml:431 sssd-ipa.5.xml:462 include/ldap_search_bases.xml:27 +#: sssd-ldap.5.xml:432 sssd-ipa.5.xml:467 include/ldap_search_bases.xml:27 msgid "Default: the value of <emphasis>ldap_search_base</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:438 +#: sssd-ldap.5.xml:439 msgid "ldap_service_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:443 +#: sssd-ldap.5.xml:444 msgid "ldap_iphost_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:448 +#: sssd-ldap.5.xml:449 msgid "ldap_ipnetwork_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:453 +#: sssd-ldap.5.xml:454 msgid "ldap_search_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:456 +#: sssd-ldap.5.xml:457 msgid "" "Specifies the timeout (in seconds) that ldap searches are allowed to run " "before they are cancelled and cached results are returned (and offline mode " @@ -5815,7 +5831,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:462 +#: sssd-ldap.5.xml:463 msgid "" "Note: this option is subject to change in future versions of the SSSD. It " "will likely be replaced at some point by a series of timeouts for specific " @@ -5823,12 +5839,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:479 +#: sssd-ldap.5.xml:480 msgid "ldap_enumeration_search_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:482 +#: sssd-ldap.5.xml:483 msgid "" "Specifies the timeout (in seconds) that ldap searches for user and group " "enumerations are allowed to run before they are cancelled and cached results " @@ -5836,12 +5852,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:500 +#: sssd-ldap.5.xml:501 msgid "ldap_network_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:503 +#: sssd-ldap.5.xml:504 msgid "" "Specifies the timeout (in seconds) after which the <citerefentry> " "<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/" @@ -5852,12 +5868,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:531 +#: sssd-ldap.5.xml:532 msgid "ldap_opt_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:534 +#: sssd-ldap.5.xml:535 msgid "" "Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs " "will abort if no response is received. Also controls the timeout when " @@ -5866,12 +5882,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:554 +#: sssd-ldap.5.xml:555 msgid "ldap_connection_expire_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:557 +#: sssd-ldap.5.xml:558 msgid "" "Specifies a timeout (in seconds) that a connection to an LDAP server will be " "maintained. After this time, the connection will be re-established. If used " @@ -5880,7 +5896,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:565 +#: sssd-ldap.5.xml:566 msgid "" "If the connection is idle (not actively running an operation) within " "<emphasis>ldap_opt_timeout</emphasis> seconds of expiration, then it will be " @@ -5891,36 +5907,36 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:577 +#: sssd-ldap.5.xml:578 msgid "" "This timeout can be extended of a random value specified by " "<emphasis>ldap_connection_expire_offset</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:587 sssd-ldap.5.xml:630 sssd-ldap.5.xml:1711 +#: sssd-ldap.5.xml:588 sssd-ldap.5.xml:631 sssd-ldap.5.xml:1713 msgid "Default: 900 (15 minutes)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:593 +#: sssd-ldap.5.xml:594 msgid "ldap_connection_expire_offset (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:596 +#: sssd-ldap.5.xml:597 msgid "" "Random offset between 0 and configured value is added to " "<emphasis>ldap_connection_expire_timeout</emphasis>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:612 +#: sssd-ldap.5.xml:613 msgid "ldap_connection_idle_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:615 +#: sssd-ldap.5.xml:616 msgid "" "Specifies a timeout (in seconds) that an idle connection to an LDAP server " "will be maintained. If the connection is idle for more than this time then " @@ -5928,29 +5944,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:621 +#: sssd-ldap.5.xml:622 msgid "You can disable this timeout by setting the value to 0." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:636 +#: sssd-ldap.5.xml:637 msgid "ldap_page_size (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:639 +#: sssd-ldap.5.xml:640 msgid "" "Specify the number of records to retrieve from LDAP in a single request. " "Some LDAP servers enforce a maximum limit per-request." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:650 +#: sssd-ldap.5.xml:651 msgid "ldap_disable_paging (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:653 +#: sssd-ldap.5.xml:654 msgid "" "Disable the LDAP paging control. This option should be used if the LDAP " "server reports that it supports the LDAP paging control in its RootDSE but " @@ -5958,14 +5974,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:659 +#: sssd-ldap.5.xml:660 msgid "" "Example: OpenLDAP servers with the paging control module installed on the " "server but not enabled will report it in the RootDSE but be unable to use it." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:665 +#: sssd-ldap.5.xml:666 msgid "" "Example: 389 DS has a bug where it can only support a one paging control at " "a time on a single connection. On busy clients, this can result in some " @@ -5973,17 +5989,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:677 +#: sssd-ldap.5.xml:678 msgid "ldap_disable_range_retrieval (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:680 +#: sssd-ldap.5.xml:681 msgid "Disable Active Directory range retrieval." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:683 +#: sssd-ldap.5.xml:684 msgid "" "Active Directory limits the number of members to be retrieved in a single " "lookup using the MaxValRange policy (which defaults to 1500 members). If a " @@ -5993,12 +6009,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:698 +#: sssd-ldap.5.xml:699 msgid "ldap_sasl_minssf (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:701 +#: sssd-ldap.5.xml:702 msgid "" "When communicating with an LDAP server using SASL, specify the minimum " "security level necessary to establish the connection. The values of this " @@ -6006,17 +6022,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:707 sssd-ldap.5.xml:723 +#: sssd-ldap.5.xml:708 sssd-ldap.5.xml:724 msgid "Default: Use the system default (usually specified by ldap.conf)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:714 +#: sssd-ldap.5.xml:715 msgid "ldap_sasl_maxssf (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:717 +#: sssd-ldap.5.xml:718 msgid "" "When communicating with an LDAP server using SASL, specify the maximal " "security level necessary to establish the connection. The values of this " @@ -6024,12 +6040,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:730 +#: sssd-ldap.5.xml:731 msgid "ldap_deref_threshold (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:733 +#: sssd-ldap.5.xml:734 msgid "" "Specify the number of group members that must be missing from the internal " "cache in order to trigger a dereference lookup. If less members are missing, " @@ -6037,7 +6053,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:739 +#: sssd-ldap.5.xml:740 msgid "" "You can turn off dereference lookups completely by setting the value to 0. " "Please note that there are some codepaths in SSSD, like the IPA HBAC " @@ -6048,7 +6064,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:750 +#: sssd-ldap.5.xml:751 msgid "" "A dereference lookup is a means of fetching all group members in a single " "LDAP call. Different LDAP servers may implement different dereference " @@ -6057,7 +6073,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:758 +#: sssd-ldap.5.xml:759 msgid "" "<emphasis>Note:</emphasis> If any of the search bases specifies a search " "filter, then the dereference lookup performance enhancement will be disabled " @@ -6065,12 +6081,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:771 +#: sssd-ldap.5.xml:772 msgid "ldap_ignore_unreadable_references (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:774 +#: sssd-ldap.5.xml:775 msgid "" "Ignore unreadable LDAP entries referenced in group's member attribute. If " "this parameter is set to false an error will be returned and the operation " @@ -6078,7 +6094,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:781 +#: sssd-ldap.5.xml:782 msgid "" "This parameter may be useful when using the AD provider and the computer " "account that sssd uses to connect to AD does not have access to a particular " @@ -6086,26 +6102,26 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:794 +#: sssd-ldap.5.xml:795 msgid "ldap_tls_reqcert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:797 +#: sssd-ldap.5.xml:798 msgid "" "Specifies what checks to perform on server certificates in a TLS session, if " "any. It can be specified as one of the following values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:803 +#: sssd-ldap.5.xml:804 msgid "" "<emphasis>never</emphasis> = The client will not request or check any server " "certificate." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:807 +#: sssd-ldap.5.xml:808 msgid "" "<emphasis>allow</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -6113,7 +6129,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:814 +#: sssd-ldap.5.xml:815 msgid "" "<emphasis>try</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -6121,7 +6137,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:820 +#: sssd-ldap.5.xml:821 msgid "" "<emphasis>demand</emphasis> = The server certificate is requested. If no " "certificate is provided, or a bad certificate is provided, the session is " @@ -6129,41 +6145,41 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:826 +#: sssd-ldap.5.xml:827 msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:830 +#: sssd-ldap.5.xml:831 msgid "Default: hard" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:836 +#: sssd-ldap.5.xml:837 msgid "ldap_tls_cacert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:839 +#: sssd-ldap.5.xml:840 msgid "" "Specifies the file that contains certificates for all of the Certificate " "Authorities that <command>sssd</command> will recognize." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:844 sssd-ldap.5.xml:862 sssd-ldap.5.xml:903 +#: sssd-ldap.5.xml:845 sssd-ldap.5.xml:863 sssd-ldap.5.xml:904 msgid "" "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap." "conf</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:851 +#: sssd-ldap.5.xml:852 msgid "ldap_tls_cacertdir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:854 +#: sssd-ldap.5.xml:855 msgid "" "Specifies the path of a directory that contains Certificate Authority " "certificates in separate individual files. Typically the file names need to " @@ -6172,32 +6188,32 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:869 +#: sssd-ldap.5.xml:870 msgid "ldap_tls_cert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:872 +#: sssd-ldap.5.xml:873 msgid "Specifies the file that contains the certificate for the client's key." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:882 +#: sssd-ldap.5.xml:883 msgid "ldap_tls_key (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:885 +#: sssd-ldap.5.xml:886 msgid "Specifies the file that contains the client's key." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:894 +#: sssd-ldap.5.xml:895 msgid "ldap_tls_cipher_suite (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:897 +#: sssd-ldap.5.xml:898 msgid "" "Specifies acceptable cipher suites. Typically this is a colon separated " "list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> " @@ -6205,24 +6221,25 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:910 +#: sssd-ldap.5.xml:911 msgid "ldap_id_use_start_tls (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:913 +#: sssd-ldap.5.xml:914 msgid "" "Specifies that the id_provider connection must also use <systemitem " -"class=\"protocol\">tls</systemitem> to protect the channel." +"class=\"protocol\">tls</systemitem> to protect the channel. <emphasis>true</" +"emphasis> is strongly recommended for security reasons." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:923 +#: sssd-ldap.5.xml:925 msgid "ldap_id_mapping (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:926 +#: sssd-ldap.5.xml:928 msgid "" "Specifies that SSSD should attempt to map user and group IDs from the " "ldap_user_objectsid and ldap_group_objectsid attributes instead of relying " @@ -6230,17 +6247,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:932 +#: sssd-ldap.5.xml:934 msgid "Currently this feature supports only ActiveDirectory objectSID mapping." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:942 +#: sssd-ldap.5.xml:944 msgid "ldap_min_id, ldap_max_id (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:945 +#: sssd-ldap.5.xml:947 msgid "" "In contrast to the SID based ID mapping which is used if ldap_id_mapping is " "set to true the allowed ID range for ldap_user_uid_number and " @@ -6251,24 +6268,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:957 +#: sssd-ldap.5.xml:959 msgid "Default: not set (both options are set to 0)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:963 +#: sssd-ldap.5.xml:965 msgid "ldap_sasl_mech (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:966 +#: sssd-ldap.5.xml:968 msgid "" "Specify the SASL mechanism to use. Currently only GSSAPI and GSS-SPNEGO are " "tested and supported." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:970 +#: sssd-ldap.5.xml:972 msgid "" "If the backend supports sub-domains the value of ldap_sasl_mech is " "automatically inherited to the sub-domains. If a different value is needed " @@ -6279,12 +6296,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:986 +#: sssd-ldap.5.xml:988 msgid "ldap_sasl_authid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd-ldap.5.xml:998 +#: sssd-ldap.5.xml:1000 #, no-wrap msgid "" "hostname@REALM\n" @@ -6297,7 +6314,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:989 +#: sssd-ldap.5.xml:991 msgid "" "Specify the SASL authorization id to use. When GSSAPI/GSS-SPNEGO are used, " "this represents the Kerberos principal used for authentication to the " @@ -6309,17 +6326,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1009 +#: sssd-ldap.5.xml:1011 msgid "Default: host/hostname@REALM" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1015 +#: sssd-ldap.5.xml:1017 msgid "ldap_sasl_realm (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1018 +#: sssd-ldap.5.xml:1020 msgid "" "Specify the SASL realm to use. When not specified, this option defaults to " "the value of krb5_realm. If the ldap_sasl_authid contains the realm as " @@ -6327,49 +6344,49 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1024 +#: sssd-ldap.5.xml:1026 msgid "Default: the value of krb5_realm." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1030 +#: sssd-ldap.5.xml:1032 msgid "ldap_sasl_canonicalize (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1033 +#: sssd-ldap.5.xml:1035 msgid "" "If set to true, the LDAP library would perform a reverse lookup to " "canonicalize the host name during a SASL bind." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1038 +#: sssd-ldap.5.xml:1040 msgid "Default: false;" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1044 +#: sssd-ldap.5.xml:1046 msgid "ldap_krb5_keytab (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1047 +#: sssd-ldap.5.xml:1049 msgid "Specify the keytab to use when using SASL/GSSAPI/GSS-SPNEGO." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1056 sssd-krb5.5.xml:247 +#: sssd-ldap.5.xml:1058 sssd-krb5.5.xml:247 msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1062 +#: sssd-ldap.5.xml:1064 msgid "ldap_krb5_init_creds (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1065 +#: sssd-ldap.5.xml:1067 msgid "" "Specifies that the id_provider should init Kerberos credentials (TGT). This " "action is performed only if SASL is used and the mechanism selected is " @@ -6377,28 +6394,28 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1077 +#: sssd-ldap.5.xml:1079 msgid "ldap_krb5_ticket_lifetime (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1080 +#: sssd-ldap.5.xml:1082 msgid "" "Specifies the lifetime in seconds of the TGT if GSSAPI or GSS-SPNEGO is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1089 sssd-ad.5.xml:1252 +#: sssd-ldap.5.xml:1091 sssd-ad.5.xml:1252 msgid "Default: 86400 (24 hours)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1095 sssd-krb5.5.xml:74 +#: sssd-ldap.5.xml:1097 sssd-krb5.5.xml:74 msgid "krb5_server, krb5_backup_server (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1098 +#: sssd-ldap.5.xml:1100 msgid "" "Specifies the comma-separated list of IP addresses or hostnames of the " "Kerberos servers to which SSSD should connect in the order of preference. " @@ -6410,7 +6427,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1110 sssd-krb5.5.xml:89 +#: sssd-ldap.5.xml:1112 sssd-krb5.5.xml:89 msgid "" "When using service discovery for KDC or kpasswd servers, SSSD first searches " "for DNS entries that specify _udp as the protocol and falls back to _tcp if " @@ -6418,7 +6435,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1115 sssd-krb5.5.xml:94 +#: sssd-ldap.5.xml:1117 sssd-krb5.5.xml:94 msgid "" "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. " "While the legacy name is recognized for the time being, users are advised to " @@ -6426,39 +6443,39 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1124 sssd-ipa.5.xml:526 sssd-krb5.5.xml:103 +#: sssd-ldap.5.xml:1126 sssd-ipa.5.xml:531 sssd-krb5.5.xml:103 msgid "krb5_realm (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1127 +#: sssd-ldap.5.xml:1129 msgid "Specify the Kerberos REALM (for SASL/GSSAPI/GSS-SPNEGO auth)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1131 +#: sssd-ldap.5.xml:1133 msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>" msgstr "" #. type: Content of: <variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1137 include/krb5_options.xml:154 +#: sssd-ldap.5.xml:1139 include/krb5_options.xml:154 msgid "krb5_canonicalize (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1140 +#: sssd-ldap.5.xml:1142 msgid "" "Specifies if the host principal should be canonicalized when connecting to " "LDAP server. This feature is available with MIT Kerberos >= 1.7" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1152 sssd-krb5.5.xml:336 +#: sssd-ldap.5.xml:1154 sssd-krb5.5.xml:336 msgid "krb5_use_kdcinfo (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1155 sssd-krb5.5.xml:339 +#: sssd-ldap.5.xml:1157 sssd-krb5.5.xml:339 msgid "" "Specifies if the SSSD should instruct the Kerberos libraries what realm and " "which KDCs to use. This option is on by default, if you disable it, you need " @@ -6468,7 +6485,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1166 sssd-krb5.5.xml:350 +#: sssd-ldap.5.xml:1168 sssd-krb5.5.xml:350 msgid "" "See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</" "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more " @@ -6476,26 +6493,26 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1180 +#: sssd-ldap.5.xml:1182 msgid "ldap_pwd_policy (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1183 +#: sssd-ldap.5.xml:1185 msgid "" "Select the policy to evaluate the password expiration on the client side. " "The following values are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1188 +#: sssd-ldap.5.xml:1190 msgid "" "<emphasis>none</emphasis> - No evaluation on the client side. This option " "cannot disable server-side password policies." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1193 +#: sssd-ldap.5.xml:1195 msgid "" "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</" "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to " @@ -6504,7 +6521,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1201 +#: sssd-ldap.5.xml:1203 msgid "" "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos " "to determine if the password has expired. Use chpass_provider=krb5 to update " @@ -6512,31 +6529,31 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1210 +#: sssd-ldap.5.xml:1212 msgid "" "<emphasis>Note</emphasis>: if a password policy is configured on server " "side, it always takes precedence over policy set with this option." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1218 +#: sssd-ldap.5.xml:1220 msgid "ldap_referrals (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1221 +#: sssd-ldap.5.xml:1223 msgid "Specifies whether automatic referral chasing should be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1225 +#: sssd-ldap.5.xml:1227 msgid "" "Please note that sssd only supports referral chasing when it is compiled " "with OpenLDAP version 2.4.13 or higher." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1230 +#: sssd-ldap.5.xml:1232 msgid "" "Chasing referrals may incur a performance penalty in environments that use " "them heavily, a notable example is Microsoft Active Directory. If your setup " @@ -6549,51 +6566,51 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1249 +#: sssd-ldap.5.xml:1251 msgid "ldap_dns_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1252 +#: sssd-ldap.5.xml:1254 msgid "Specifies the service name to use when service discovery is enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1256 +#: sssd-ldap.5.xml:1258 msgid "Default: ldap" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1262 +#: sssd-ldap.5.xml:1264 msgid "ldap_chpass_dns_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1265 +#: sssd-ldap.5.xml:1267 msgid "" "Specifies the service name to use to find an LDAP server which allows " "password changes when service discovery is enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1270 +#: sssd-ldap.5.xml:1272 msgid "Default: not set, i.e. service discovery is disabled" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1276 +#: sssd-ldap.5.xml:1278 msgid "ldap_chpass_update_last_change (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1279 +#: sssd-ldap.5.xml:1281 msgid "" "Specifies whether to update the ldap_user_shadow_last_change attribute with " "days since the Epoch after a password change operation." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1285 +#: sssd-ldap.5.xml:1287 msgid "" "It is recommend to set this option explicitly if \"ldap_pwd_policy = " "shadow\" is used to let SSSD know if the LDAP server will update " @@ -6602,12 +6619,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1299 +#: sssd-ldap.5.xml:1301 msgid "ldap_access_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1302 +#: sssd-ldap.5.xml:1304 msgid "" "If using access_provider = ldap and ldap_access_order = filter (default), " "this option is mandatory. It specifies an LDAP search filter criteria that " @@ -6623,12 +6640,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1322 +#: sssd-ldap.5.xml:1324 msgid "Example:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> -#: sssd-ldap.5.xml:1325 +#: sssd-ldap.5.xml:1327 #, no-wrap msgid "" "access_provider = ldap\n" @@ -6637,14 +6654,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1329 +#: sssd-ldap.5.xml:1331 msgid "" "This example means that access to this host is restricted to users whose " "employeeType attribute is set to \"admin\"." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1334 +#: sssd-ldap.5.xml:1336 msgid "" "Offline caching for this feature is limited to determining whether the " "user's last online login was granted access permission. If they were granted " @@ -6653,24 +6670,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1342 sssd-ldap.5.xml:1398 +#: sssd-ldap.5.xml:1344 sssd-ldap.5.xml:1400 msgid "Default: Empty" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1348 +#: sssd-ldap.5.xml:1350 msgid "ldap_account_expire_policy (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1351 +#: sssd-ldap.5.xml:1353 msgid "" "With this option a client side evaluation of access control attributes can " "be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1355 +#: sssd-ldap.5.xml:1357 msgid "" "Please note that it is always recommended to use server side access control, " "i.e. the LDAP server should deny the bind request with a suitable error code " @@ -6678,19 +6695,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1362 +#: sssd-ldap.5.xml:1364 msgid "The following values are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1365 +#: sssd-ldap.5.xml:1367 msgid "" "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to " "determine if the account is expired." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1370 +#: sssd-ldap.5.xml:1372 msgid "" "<emphasis>ad</emphasis>: use the value of the 32bit field " "ldap_user_ad_user_account_control and allow access if the second bit is not " @@ -6699,7 +6716,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1377 +#: sssd-ldap.5.xml:1379 msgid "" "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</" "emphasis>: use the value of ldap_ns_account_lock to check if access is " @@ -6707,7 +6724,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1383 +#: sssd-ldap.5.xml:1385 msgid "" "<emphasis>nds</emphasis>: the values of " "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and " @@ -6716,7 +6733,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1391 +#: sssd-ldap.5.xml:1393 msgid "" "Please note that the ldap_access_order configuration option <emphasis>must</" "emphasis> include <quote>expire</quote> in order for the " @@ -6724,22 +6741,22 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1404 +#: sssd-ldap.5.xml:1406 msgid "ldap_access_order (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1407 sssd-ipa.5.xml:351 +#: sssd-ldap.5.xml:1409 sssd-ipa.5.xml:356 msgid "Comma separated list of access control options. Allowed values are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1411 +#: sssd-ldap.5.xml:1413 msgid "<emphasis>filter</emphasis>: use ldap_access_filter" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1414 +#: sssd-ldap.5.xml:1416 msgid "" "<emphasis>lockout</emphasis>: use account locking. If set, this option " "denies access in case that ldap attribute 'pwdAccountLockedTime' is present " @@ -6749,14 +6766,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1424 +#: sssd-ldap.5.xml:1426 msgid "" "<emphasis> Please note that this option is superseded by the <quote>ppolicy</" "quote> option and might be removed in a future release. </emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1431 +#: sssd-ldap.5.xml:1433 msgid "" "<emphasis>ppolicy</emphasis>: use account locking. If set, this option " "denies access in case that ldap attribute 'pwdAccountLockedTime' is present " @@ -6769,12 +6786,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1448 +#: sssd-ldap.5.xml:1450 msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1452 sssd-ipa.5.xml:359 +#: sssd-ldap.5.xml:1454 sssd-ipa.5.xml:364 msgid "" "<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, " "pwd_expire_policy_renew: </emphasis> These options are useful if users are " @@ -6784,81 +6801,81 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1462 sssd-ipa.5.xml:369 +#: sssd-ldap.5.xml:1464 sssd-ipa.5.xml:374 msgid "" "The difference between these options is the action taken if user password is " "expired:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:1467 sssd-ipa.5.xml:374 +#: sssd-ldap.5.xml:1469 sssd-ipa.5.xml:379 msgid "pwd_expire_policy_reject - user is denied to log in," msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:1473 sssd-ipa.5.xml:380 +#: sssd-ldap.5.xml:1475 sssd-ipa.5.xml:385 msgid "pwd_expire_policy_warn - user is still able to log in," msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ldap.5.xml:1479 sssd-ipa.5.xml:386 +#: sssd-ldap.5.xml:1481 sssd-ipa.5.xml:391 msgid "" "pwd_expire_policy_renew - user is prompted to change their password " "immediately." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1487 +#: sssd-ldap.5.xml:1489 msgid "" "Please note that 'access_provider = ldap' must be set for this feature to " "work. Also 'ldap_pwd_policy' must be set to an appropriate password policy." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1492 +#: sssd-ldap.5.xml:1494 msgid "" "<emphasis>authorized_service</emphasis>: use the authorizedService attribute " "to determine access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1497 +#: sssd-ldap.5.xml:1499 msgid "<emphasis>host</emphasis>: use the host attribute to determine access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1501 +#: sssd-ldap.5.xml:1503 msgid "" "<emphasis>rhost</emphasis>: use the rhost attribute to determine whether " "remote host can access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1505 +#: sssd-ldap.5.xml:1507 msgid "" "Please note, rhost field in pam is set by application, it is better to check " "what the application sends to pam, before enabling this access control option" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1510 +#: sssd-ldap.5.xml:1512 msgid "Default: filter" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1513 +#: sssd-ldap.5.xml:1515 msgid "" "Please note that it is a configuration error if a value is used more than " "once." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1520 +#: sssd-ldap.5.xml:1522 msgid "ldap_pwdlockout_dn (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1523 +#: sssd-ldap.5.xml:1525 msgid "" "This option specifies the DN of password policy entry on LDAP server. Please " "note that absence of this option in sssd.conf in case of enabled account " @@ -6867,74 +6884,74 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1531 +#: sssd-ldap.5.xml:1533 msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1534 +#: sssd-ldap.5.xml:1536 msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1540 +#: sssd-ldap.5.xml:1542 msgid "ldap_deref (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1543 +#: sssd-ldap.5.xml:1545 msgid "" "Specifies how alias dereferencing is done when performing a search. The " "following options are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1548 +#: sssd-ldap.5.xml:1550 msgid "<emphasis>never</emphasis>: Aliases are never dereferenced." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1552 +#: sssd-ldap.5.xml:1554 msgid "" "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of " "the base object, but not in locating the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1557 +#: sssd-ldap.5.xml:1559 msgid "" "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating " "the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1562 +#: sssd-ldap.5.xml:1564 msgid "" "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and " "in locating the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1567 +#: sssd-ldap.5.xml:1569 msgid "" "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP " "client libraries)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1575 +#: sssd-ldap.5.xml:1577 msgid "ldap_rfc2307_fallback_to_local_users (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1578 +#: sssd-ldap.5.xml:1580 msgid "" "Allows to retain local users as members of an LDAP group for servers that " "use the RFC2307 schema." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1582 +#: sssd-ldap.5.xml:1584 msgid "" "In some environments where the RFC2307 schema is used, local users are made " "members of LDAP groups by adding their names to the memberUid attribute. " @@ -6945,7 +6962,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1593 +#: sssd-ldap.5.xml:1595 msgid "" "This option falls back to checking if local users are referenced, and caches " "them so that later initgroups() calls will augment the local users with the " @@ -6953,53 +6970,53 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1605 sssd-ifp.5.xml:152 +#: sssd-ldap.5.xml:1607 sssd-ifp.5.xml:152 msgid "wildcard_limit (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1608 +#: sssd-ldap.5.xml:1610 msgid "" "Specifies an upper limit on the number of entries that are downloaded during " "a wildcard lookup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1612 +#: sssd-ldap.5.xml:1614 msgid "At the moment, only the InfoPipe responder supports wildcard lookups." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1616 +#: sssd-ldap.5.xml:1618 msgid "Default: 1000 (often the size of one page)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1622 +#: sssd-ldap.5.xml:1624 msgid "ldap_library_debug_level (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1625 +#: sssd-ldap.5.xml:1627 msgid "" "Switches on libldap debugging with the given level. The libldap debug " "messages will be written independent of the general debug_level." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1630 +#: sssd-ldap.5.xml:1632 msgid "" "OpenLDAP uses a bitmap to enable debugging for specific components, -1 will " "enable full debug output." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1635 +#: sssd-ldap.5.xml:1637 msgid "Default: 0 (libldap debugging disabled)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:51 +#: sssd-ldap.5.xml:52 msgid "" "All of the common configuration options that apply to SSSD domains also " "apply to LDAP domains. Refer to the <quote>DOMAIN SECTIONS</quote> section " @@ -7011,12 +7028,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1645 +#: sssd-ldap.5.xml:1647 msgid "SUDO OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1647 +#: sssd-ldap.5.xml:1649 msgid "" "The detailed instructions for configuration of sudo_provider are in the " "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> " @@ -7024,43 +7041,43 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1658 +#: sssd-ldap.5.xml:1660 msgid "ldap_sudo_full_refresh_interval (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1661 +#: sssd-ldap.5.xml:1663 msgid "" "How many seconds SSSD will wait between executing a full refresh of sudo " "rules (which downloads all rules that are stored on the server)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1666 +#: sssd-ldap.5.xml:1668 msgid "" "The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </" "emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1671 +#: sssd-ldap.5.xml:1673 msgid "" "You can disable full refresh by setting this option to 0. However, either " "smart or full refresh must be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1676 +#: sssd-ldap.5.xml:1678 msgid "Default: 21600 (6 hours)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1682 +#: sssd-ldap.5.xml:1684 msgid "ldap_sudo_smart_refresh_interval (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1685 +#: sssd-ldap.5.xml:1687 msgid "" "How many seconds SSSD has to wait before executing a smart refresh of sudo " "rules (which downloads all rules that have USN higher than the highest " @@ -7068,14 +7085,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1691 +#: sssd-ldap.5.xml:1693 msgid "" "If USN attributes are not supported by the server, the modifyTimestamp " "attribute is used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1695 +#: sssd-ldap.5.xml:1697 msgid "" "<emphasis>Note:</emphasis> the highest USN value can be updated by three " "tasks: 1) By sudo full and smart refresh (if updated rules are found), 2) by " @@ -7085,19 +7102,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1706 +#: sssd-ldap.5.xml:1708 msgid "" "You can disable smart refresh by setting this option to 0. However, either " "smart or full refresh must be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1717 +#: sssd-ldap.5.xml:1719 msgid "ldap_sudo_random_offset (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1720 +#: sssd-ldap.5.xml:1722 msgid "" "Random offset between 0 and configured value is added to smart and full " "refresh periods each time the periodic task is scheduled. The value is in " @@ -7105,7 +7122,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1726 +#: sssd-ldap.5.xml:1728 msgid "" "Note that this random offset is also applied on the first SSSD start which " "delays the first sudo rules refresh. This prolongs the time when the sudo " @@ -7113,106 +7130,106 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1732 +#: sssd-ldap.5.xml:1734 msgid "You can disable this offset by setting the value to 0." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1742 +#: sssd-ldap.5.xml:1744 msgid "ldap_sudo_use_host_filter (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1745 +#: sssd-ldap.5.xml:1747 msgid "" "If true, SSSD will download only rules that are applicable to this machine " "(using the IPv4 or IPv6 host/network addresses and hostnames)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1756 +#: sssd-ldap.5.xml:1758 msgid "ldap_sudo_hostnames (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1759 +#: sssd-ldap.5.xml:1761 msgid "" "Space separated list of hostnames or fully qualified domain names that " "should be used to filter the rules." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1764 +#: sssd-ldap.5.xml:1766 msgid "" "If this option is empty, SSSD will try to discover the hostname and the " "fully qualified domain name automatically." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1769 sssd-ldap.5.xml:1792 sssd-ldap.5.xml:1810 -#: sssd-ldap.5.xml:1828 +#: sssd-ldap.5.xml:1771 sssd-ldap.5.xml:1794 sssd-ldap.5.xml:1812 +#: sssd-ldap.5.xml:1830 msgid "" "If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</" "emphasis> then this option has no effect." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1774 sssd-ldap.5.xml:1797 +#: sssd-ldap.5.xml:1776 sssd-ldap.5.xml:1799 msgid "Default: not specified" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1780 +#: sssd-ldap.5.xml:1782 msgid "ldap_sudo_ip (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1783 +#: sssd-ldap.5.xml:1785 msgid "" "Space separated list of IPv4 or IPv6 host/network addresses that should be " "used to filter the rules." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1788 +#: sssd-ldap.5.xml:1790 msgid "" "If this option is empty, SSSD will try to discover the addresses " "automatically." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1803 +#: sssd-ldap.5.xml:1805 msgid "ldap_sudo_include_netgroups (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1806 +#: sssd-ldap.5.xml:1808 msgid "" "If true then SSSD will download every rule that contains a netgroup in " "sudoHost attribute." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1821 +#: sssd-ldap.5.xml:1823 msgid "ldap_sudo_include_regexp (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1824 +#: sssd-ldap.5.xml:1826 msgid "" "If true then SSSD will download every rule that contains a wildcard in " "sudoHost attribute." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><note><para> -#: sssd-ldap.5.xml:1834 +#: sssd-ldap.5.xml:1836 msgid "" "Using wildcard is an operation that is very costly to evaluate on the LDAP " "server side!" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1846 +#: sssd-ldap.5.xml:1848 msgid "" "This manual page only describes attribute name mapping. For detailed " "explanation of sudo related attribute semantics, see <citerefentry> " @@ -7221,59 +7238,59 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1856 +#: sssd-ldap.5.xml:1858 msgid "AUTOFS OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1858 +#: sssd-ldap.5.xml:1860 msgid "" "Some of the defaults for the parameters below are dependent on the LDAP " "schema." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1864 +#: sssd-ldap.5.xml:1866 msgid "ldap_autofs_map_master_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1867 +#: sssd-ldap.5.xml:1869 msgid "The name of the automount master map in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1870 +#: sssd-ldap.5.xml:1872 msgid "Default: auto.master" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1881 +#: sssd-ldap.5.xml:1883 msgid "ADVANCED OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1888 +#: sssd-ldap.5.xml:1890 msgid "ldap_netgroup_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1893 +#: sssd-ldap.5.xml:1895 msgid "ldap_user_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1898 +#: sssd-ldap.5.xml:1900 msgid "ldap_group_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><note> -#: sssd-ldap.5.xml:1903 +#: sssd-ldap.5.xml:1905 msgid "<note>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para> -#: sssd-ldap.5.xml:1905 +#: sssd-ldap.5.xml:1907 msgid "" "If the option <quote>ldap_use_tokengroups</quote> is enabled, the searches " "against Active Directory will not be restricted and return all groups " @@ -7282,22 +7299,22 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist> -#: sssd-ldap.5.xml:1912 +#: sssd-ldap.5.xml:1914 msgid "</note>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1914 +#: sssd-ldap.5.xml:1916 msgid "ldap_sudo_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1919 +#: sssd-ldap.5.xml:1921 msgid "ldap_autofs_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1883 +#: sssd-ldap.5.xml:1885 msgid "" "These options are supported by LDAP domains, but they should be used with " "caution. Please include them in your configuration only if you know what you " @@ -7306,14 +7323,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1934 sssd-simple.5.xml:131 sssd-ipa.5.xml:925 -#: sssd-ad.5.xml:1386 sssd-krb5.5.xml:483 sss_rpcidmapd.5.xml:98 +#: sssd-ldap.5.xml:1936 sssd-simple.5.xml:131 sssd-ipa.5.xml:930 +#: sssd-ad.5.xml:1391 sssd-krb5.5.xml:483 sss_rpcidmapd.5.xml:98 #: sssd-files.5.xml:155 sssd-session-recording.5.xml:176 msgid "EXAMPLE" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1936 +#: sssd-ldap.5.xml:1938 msgid "" "The following example assumes that SSSD is correctly configured and LDAP is " "set to one of the domains in the <replaceable>[domains]</replaceable> " @@ -7321,7 +7338,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ldap.5.xml:1942 +#: sssd-ldap.5.xml:1944 #, no-wrap msgid "" "[domain/LDAP]\n" @@ -7334,27 +7351,27 @@ msgid "" msgstr "" #. type: Content of: <refsect1><refsect2><para> -#: sssd-ldap.5.xml:1941 sssd-ldap.5.xml:1959 sssd-simple.5.xml:139 -#: sssd-ipa.5.xml:933 sssd-ad.5.xml:1394 sssd-sudo.5.xml:56 sssd-krb5.5.xml:492 +#: sssd-ldap.5.xml:1943 sssd-ldap.5.xml:1961 sssd-simple.5.xml:139 +#: sssd-ipa.5.xml:938 sssd-ad.5.xml:1399 sssd-sudo.5.xml:56 sssd-krb5.5.xml:492 #: sssd-files.5.xml:162 sssd-files.5.xml:173 sssd-session-recording.5.xml:182 #: include/ldap_id_mapping.xml:105 msgid "<placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1953 +#: sssd-ldap.5.xml:1955 msgid "LDAP ACCESS FILTER EXAMPLE" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1955 +#: sssd-ldap.5.xml:1957 msgid "" "The following example assumes that SSSD is correctly configured and to use " "the ldap_access_order=lockout." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ldap.5.xml:1960 +#: sssd-ldap.5.xml:1962 #, no-wrap msgid "" "[domain/LDAP]\n" @@ -7370,13 +7387,13 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1975 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148 -#: sssd-ad.5.xml:1409 sssd.8.xml:238 sss_seed.8.xml:163 +#: sssd-ldap.5.xml:1977 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148 +#: sssd-ad.5.xml:1414 sssd.8.xml:238 sss_seed.8.xml:163 msgid "NOTES" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1977 +#: sssd-ldap.5.xml:1979 msgid "" "The descriptions of some of the configuration options in this manual page " "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> " @@ -9705,12 +9722,12 @@ msgid "Example: dyndns_iface = em1, vnet1, vnet2" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:204 sssd-ad.5.xml:1285 +#: sssd-ipa.5.xml:204 sssd-ad.5.xml:1290 msgid "dyndns_auth (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:207 sssd-ad.5.xml:1288 +#: sssd-ipa.5.xml:207 sssd-ad.5.xml:1293 msgid "" "Whether the nsupdate utility should use GSS-TSIG authentication for secure " "updates with the DNS server, insecure updates can be sent by setting this " @@ -9718,17 +9735,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:213 sssd-ad.5.xml:1294 +#: sssd-ipa.5.xml:213 sssd-ad.5.xml:1299 msgid "Default: GSS-TSIG" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:219 sssd-ad.5.xml:1300 +#: sssd-ipa.5.xml:219 sssd-ad.5.xml:1305 msgid "dyndns_auth_ptr (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:222 sssd-ad.5.xml:1303 +#: sssd-ipa.5.xml:222 sssd-ad.5.xml:1308 msgid "" "Whether the nsupdate utility should use GSS-TSIG authentication for secure " "PTR updates with the DNS server, insecure updates can be sent by setting " @@ -9736,7 +9753,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:228 sssd-ad.5.xml:1309 +#: sssd-ipa.5.xml:228 sssd-ad.5.xml:1314 msgid "Default: Same as dyndns_auth" msgstr "" @@ -9795,65 +9812,72 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:290 +#: sssd-ipa.5.xml:290 sssd-ad.5.xml:1266 +msgid "" +"Note that <emphasis>dyndns_update_per_family</emphasis> parameter does not " +"apply for PTR record updates. Those updates are always sent separately." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:295 msgid "Default: False (disabled)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:296 sssd-ad.5.xml:1272 +#: sssd-ipa.5.xml:301 sssd-ad.5.xml:1277 msgid "dyndns_force_tcp (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:299 sssd-ad.5.xml:1275 +#: sssd-ipa.5.xml:304 sssd-ad.5.xml:1280 msgid "" "Whether the nsupdate utility should default to using TCP for communicating " "with the DNS server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:303 sssd-ad.5.xml:1279 +#: sssd-ipa.5.xml:308 sssd-ad.5.xml:1284 msgid "Default: False (let nsupdate choose the protocol)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:309 sssd-ad.5.xml:1315 +#: sssd-ipa.5.xml:314 sssd-ad.5.xml:1320 msgid "dyndns_server (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:312 sssd-ad.5.xml:1318 +#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1323 msgid "" "The DNS server to use when performing a DNS update. In most setups, it's " "recommended to leave this option unset." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1323 +#: sssd-ipa.5.xml:322 sssd-ad.5.xml:1328 msgid "" "Setting this option makes sense for environments where the DNS server is " "different from the identity server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:322 sssd-ad.5.xml:1328 +#: sssd-ipa.5.xml:327 sssd-ad.5.xml:1333 msgid "" "Please note that this option will be only used in fallback attempt when " "previous attempt using autodetected settings failed." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:327 sssd-ad.5.xml:1333 +#: sssd-ipa.5.xml:332 sssd-ad.5.xml:1338 msgid "Default: None (let nsupdate choose the server)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:333 sssd-ad.5.xml:1339 +#: sssd-ipa.5.xml:338 sssd-ad.5.xml:1344 msgid "dyndns_update_per_family (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:336 sssd-ad.5.xml:1342 +#: sssd-ipa.5.xml:341 sssd-ad.5.xml:1347 msgid "" "DNS update is by default performed in two steps - IPv4 update and then IPv6 " "update. In some cases it might be desirable to perform IPv4 and IPv6 update " @@ -9861,177 +9885,177 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:348 +#: sssd-ipa.5.xml:353 msgid "ipa_access_order (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:355 +#: sssd-ipa.5.xml:360 msgid "<emphasis>expire</emphasis>: use IPA's account expiration policy." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:394 +#: sssd-ipa.5.xml:399 msgid "" "Please note that 'access_provider = ipa' must be set for this feature to " "work." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:401 +#: sssd-ipa.5.xml:406 msgid "ipa_deskprofile_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:404 +#: sssd-ipa.5.xml:409 msgid "" "Optional. Use the given string as search base for Desktop Profile related " "objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:408 sssd-ipa.5.xml:435 +#: sssd-ipa.5.xml:413 sssd-ipa.5.xml:440 msgid "Default: Use base DN" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:414 +#: sssd-ipa.5.xml:419 msgid "ipa_subid_ranges_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:417 +#: sssd-ipa.5.xml:422 msgid "" "Optional. Use the given string as search base for subordinate ranges related " "objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:421 +#: sssd-ipa.5.xml:426 msgid "Default: the value of <emphasis>cn=subids,%basedn</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:428 +#: sssd-ipa.5.xml:433 msgid "ipa_hbac_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:431 +#: sssd-ipa.5.xml:436 msgid "Optional. Use the given string as search base for HBAC related objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:441 +#: sssd-ipa.5.xml:446 msgid "ipa_host_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:444 +#: sssd-ipa.5.xml:449 msgid "Deprecated. Use ldap_host_search_base instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:450 +#: sssd-ipa.5.xml:455 msgid "ipa_selinux_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:453 +#: sssd-ipa.5.xml:458 msgid "Optional. Use the given string as search base for SELinux user maps." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:469 +#: sssd-ipa.5.xml:474 msgid "ipa_subdomains_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:472 +#: sssd-ipa.5.xml:477 msgid "Optional. Use the given string as search base for trusted domains." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:481 +#: sssd-ipa.5.xml:486 msgid "Default: the value of <emphasis>cn=trusts,%basedn</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:488 +#: sssd-ipa.5.xml:493 msgid "ipa_master_domain_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:491 +#: sssd-ipa.5.xml:496 msgid "Optional. Use the given string as search base for master domain object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:500 +#: sssd-ipa.5.xml:505 msgid "Default: the value of <emphasis>cn=ad,cn=etc,%basedn</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:507 +#: sssd-ipa.5.xml:512 msgid "ipa_views_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:510 +#: sssd-ipa.5.xml:515 msgid "Optional. Use the given string as search base for views containers." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:519 +#: sssd-ipa.5.xml:524 msgid "Default: the value of <emphasis>cn=views,cn=accounts,%basedn</emphasis>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:529 +#: sssd-ipa.5.xml:534 msgid "" "The name of the Kerberos realm. This is optional and defaults to the value " "of <quote>ipa_domain</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:533 +#: sssd-ipa.5.xml:538 msgid "" "The name of the Kerberos realm has a special meaning in IPA - it is " "converted into the base DN to use for performing LDAP operations." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:541 sssd-ad.5.xml:1357 +#: sssd-ipa.5.xml:546 sssd-ad.5.xml:1362 msgid "krb5_confd_path (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:544 sssd-ad.5.xml:1360 +#: sssd-ipa.5.xml:549 sssd-ad.5.xml:1365 msgid "" "Absolute path of a directory where SSSD should place Kerberos configuration " "snippets." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:548 sssd-ad.5.xml:1364 +#: sssd-ipa.5.xml:553 sssd-ad.5.xml:1369 msgid "" "To disable the creation of the configuration snippets set the parameter to " "'none'." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:552 sssd-ad.5.xml:1368 +#: sssd-ipa.5.xml:557 sssd-ad.5.xml:1373 msgid "" "Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:559 +#: sssd-ipa.5.xml:564 msgid "ipa_deskprofile_refresh (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:562 +#: sssd-ipa.5.xml:567 msgid "" "The amount of time between lookups of the Desktop Profile rules against the " "IPA server. This will reduce the latency and load on the IPA server if there " @@ -10039,34 +10063,34 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:569 sssd-ipa.5.xml:599 sssd-ipa.5.xml:615 sssd-ad.5.xml:599 +#: sssd-ipa.5.xml:574 sssd-ipa.5.xml:604 sssd-ipa.5.xml:620 sssd-ad.5.xml:599 msgid "Default: 5 (seconds)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:575 +#: sssd-ipa.5.xml:580 msgid "ipa_deskprofile_request_interval (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:578 +#: sssd-ipa.5.xml:583 msgid "" "The amount of time between lookups of the Desktop Profile rules against the " "IPA server in case the last request did not return any rule." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:583 +#: sssd-ipa.5.xml:588 msgid "Default: 60 (minutes)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:589 +#: sssd-ipa.5.xml:594 msgid "ipa_hbac_refresh (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:592 +#: sssd-ipa.5.xml:597 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server. " "This will reduce the latency and load on the IPA server if there are many " @@ -10074,12 +10098,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:605 +#: sssd-ipa.5.xml:610 msgid "ipa_hbac_selinux (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:608 +#: sssd-ipa.5.xml:613 msgid "" "The amount of time between lookups of the SELinux maps against the IPA " "server. This will reduce the latency and load on the IPA server if there are " @@ -10087,33 +10111,33 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:621 +#: sssd-ipa.5.xml:626 msgid "ipa_server_mode (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:624 +#: sssd-ipa.5.xml:629 msgid "" "This option will be set by the IPA installer (ipa-server-install) " "automatically and denotes if SSSD is running on an IPA server or not." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:629 +#: sssd-ipa.5.xml:634 msgid "" "On an IPA server SSSD will lookup users and groups from trusted domains " "directly while on a client it will ask an IPA server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:634 +#: sssd-ipa.5.xml:639 msgid "" "NOTE: There are currently some assumptions that must be met when SSSD is " "running on an IPA server." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:639 +#: sssd-ipa.5.xml:644 msgid "" "The <quote>ipa_server</quote> option must be configured to point to the IPA " "server itself. This is already the default set by the IPA installer, so no " @@ -10121,59 +10145,59 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:648 +#: sssd-ipa.5.xml:653 msgid "" "The <quote>full_name_format</quote> option must not be tweaked to only print " "short names for users from trusted domains." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:663 +#: sssd-ipa.5.xml:668 msgid "ipa_automount_location (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:666 +#: sssd-ipa.5.xml:671 msgid "The automounter location this IPA client will be using" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:669 +#: sssd-ipa.5.xml:674 msgid "Default: The location named \"default\"" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd-ipa.5.xml:677 +#: sssd-ipa.5.xml:682 msgid "VIEWS AND OVERRIDES" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:686 +#: sssd-ipa.5.xml:691 msgid "ipa_view_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:689 +#: sssd-ipa.5.xml:694 msgid "Objectclass of the view container." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:692 +#: sssd-ipa.5.xml:697 msgid "Default: nsContainer" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:698 +#: sssd-ipa.5.xml:703 msgid "ipa_view_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:701 +#: sssd-ipa.5.xml:706 msgid "Name of the attribute holding the name of the view." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:705 sssd-ldap-attributes.5.xml:496 +#: sssd-ipa.5.xml:710 sssd-ldap-attributes.5.xml:496 #: sssd-ldap-attributes.5.xml:830 sssd-ldap-attributes.5.xml:911 #: sssd-ldap-attributes.5.xml:1008 sssd-ldap-attributes.5.xml:1066 #: sssd-ldap-attributes.5.xml:1224 sssd-ldap-attributes.5.xml:1269 @@ -10181,128 +10205,128 @@ msgid "Default: cn" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:711 +#: sssd-ipa.5.xml:716 msgid "ipa_override_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:714 +#: sssd-ipa.5.xml:719 msgid "Objectclass of the override objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:717 +#: sssd-ipa.5.xml:722 msgid "Default: ipaOverrideAnchor" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:723 +#: sssd-ipa.5.xml:728 msgid "ipa_anchor_uuid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:726 +#: sssd-ipa.5.xml:731 msgid "" "Name of the attribute containing the reference to the original object in a " "remote domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:730 +#: sssd-ipa.5.xml:735 msgid "Default: ipaAnchorUUID" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:736 +#: sssd-ipa.5.xml:741 msgid "ipa_user_override_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:739 +#: sssd-ipa.5.xml:744 msgid "" "Name of the objectclass for user overrides. It is used to determine if the " "found override object is related to a user or a group." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:744 +#: sssd-ipa.5.xml:749 msgid "User overrides can contain attributes given by" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:747 +#: sssd-ipa.5.xml:752 msgid "ldap_user_name" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:750 +#: sssd-ipa.5.xml:755 msgid "ldap_user_uid_number" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:753 +#: sssd-ipa.5.xml:758 msgid "ldap_user_gid_number" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:756 +#: sssd-ipa.5.xml:761 msgid "ldap_user_gecos" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:759 +#: sssd-ipa.5.xml:764 msgid "ldap_user_home_directory" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:762 +#: sssd-ipa.5.xml:767 msgid "ldap_user_shell" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:765 +#: sssd-ipa.5.xml:770 msgid "ldap_user_ssh_public_key" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:770 +#: sssd-ipa.5.xml:775 msgid "Default: ipaUserOverride" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:776 +#: sssd-ipa.5.xml:781 msgid "ipa_group_override_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:779 +#: sssd-ipa.5.xml:784 msgid "" "Name of the objectclass for group overrides. It is used to determine if the " "found override object is related to a user or a group." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:784 +#: sssd-ipa.5.xml:789 msgid "Group overrides can contain attributes given by" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:787 +#: sssd-ipa.5.xml:792 msgid "ldap_group_name" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:790 +#: sssd-ipa.5.xml:795 msgid "ldap_group_gid_number" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:795 +#: sssd-ipa.5.xml:800 msgid "Default: ipaGroupOverride" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd-ipa.5.xml:679 +#: sssd-ipa.5.xml:684 msgid "" "SSSD can handle views and overrides which are offered by FreeIPA 4.1 and " "later version. Since all paths and objectclasses are fixed on the server " @@ -10312,19 +10336,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ipa.5.xml:807 +#: sssd-ipa.5.xml:812 msgid "SUBDOMAINS PROVIDER" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:809 +#: sssd-ipa.5.xml:814 msgid "" "The IPA subdomains provider behaves slightly differently if it is configured " "explicitly or implicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:813 +#: sssd-ipa.5.xml:818 msgid "" "If the option 'subdomains_provider = ipa' is found in the domain section of " "sssd.conf, the IPA subdomains provider is configured explicitly, and all " @@ -10332,7 +10356,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:819 +#: sssd-ipa.5.xml:824 msgid "" "If the option 'subdomains_provider' is not set in the domain section of sssd." "conf but there is the option 'id_provider = ipa', the IPA subdomains " @@ -10344,12 +10368,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ipa.5.xml:830 +#: sssd-ipa.5.xml:835 msgid "TRUSTED DOMAINS CONFIGURATION" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ipa.5.xml:838 +#: sssd-ipa.5.xml:843 #, no-wrap msgid "" "[domain/ipa.domain.com/ad.domain.com]\n" @@ -10357,7 +10381,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:832 +#: sssd-ipa.5.xml:837 msgid "" "Some configuration options can also be set for a trusted domain. A trusted " "domain configuration can be set using the trusted domain subsection as shown " @@ -10367,80 +10391,80 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:843 +#: sssd-ipa.5.xml:848 msgid "" "For more details, see the <citerefentry> <refentrytitle>sssd.conf</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page." msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:850 +#: sssd-ipa.5.xml:855 msgid "" "Different configuration options are tunable for a trusted domain depending " "on whether you are configuring SSSD on an IPA server or an IPA client." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd-ipa.5.xml:855 +#: sssd-ipa.5.xml:860 msgid "OPTIONS TUNABLE ON IPA MASTERS" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd-ipa.5.xml:857 +#: sssd-ipa.5.xml:862 msgid "" "The following options can be set in a subdomain section on an IPA master:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:861 sssd-ipa.5.xml:891 +#: sssd-ipa.5.xml:866 sssd-ipa.5.xml:896 msgid "ad_server" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:864 +#: sssd-ipa.5.xml:869 msgid "ad_backup_server" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:867 sssd-ipa.5.xml:894 +#: sssd-ipa.5.xml:872 sssd-ipa.5.xml:899 msgid "ad_site" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:870 +#: sssd-ipa.5.xml:875 msgid "ldap_search_base" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:873 +#: sssd-ipa.5.xml:878 msgid "ldap_user_search_base" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd-ipa.5.xml:876 +#: sssd-ipa.5.xml:881 msgid "ldap_group_search_base" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd-ipa.5.xml:885 +#: sssd-ipa.5.xml:890 msgid "OPTIONS TUNABLE ON IPA CLIENTS" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd-ipa.5.xml:887 +#: sssd-ipa.5.xml:892 msgid "" "The following options can be set in a subdomain section on an IPA client:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd-ipa.5.xml:899 +#: sssd-ipa.5.xml:904 msgid "" "Note that if both options are set, only <quote>ad_server</quote> is " "evaluated." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd-ipa.5.xml:903 +#: sssd-ipa.5.xml:908 msgid "" "Since any request for a user or a group identity from a trusted domain " "triggered from an IPA client is resolved by the IPA server, the " @@ -10454,7 +10478,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:927 +#: sssd-ipa.5.xml:932 msgid "" "The following example assumes that SSSD is correctly configured and example." "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " @@ -10462,7 +10486,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ipa.5.xml:934 +#: sssd-ipa.5.xml:939 #, no-wrap msgid "" "[domain/example.com]\n" @@ -11656,7 +11680,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ad.5.xml:1388 +#: sssd-ad.5.xml:1393 msgid "" "The following example assumes that SSSD is correctly configured and example." "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " @@ -11664,7 +11688,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ad.5.xml:1395 +#: sssd-ad.5.xml:1400 #, no-wrap msgid "" "[domain/EXAMPLE]\n" @@ -11679,7 +11703,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ad.5.xml:1415 +#: sssd-ad.5.xml:1420 #, no-wrap msgid "" "access_provider = ldap\n" @@ -11688,7 +11712,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ad.5.xml:1411 +#: sssd-ad.5.xml:1416 msgid "" "The AD access control provider checks if the account is expired. It has the " "same effect as the following configuration of the LDAP provider: " @@ -11696,7 +11720,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ad.5.xml:1421 +#: sssd-ad.5.xml:1426 msgid "" "However, unless the <quote>ad</quote> access control provider is explicitly " "configured, the default access provider is <quote>permit</quote>. Please " @@ -11706,7 +11730,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ad.5.xml:1429 +#: sssd-ad.5.xml:1434 msgid "" "When the autofs provider is set to <quote>ad</quote>, the RFC2307 schema " "attribute mapping (nisMap, nisObject, ...) is used, because these attributes " From ee2e0cd9bce728c1cd4d53dcd6ce0ed9f962847c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com> Date: Mon, 13 Nov 2023 11:55:21 +0100 Subject: [PATCH 203/280] Release sssd-2.9.3 --- version.m4 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/version.m4 b/version.m4 index fc6ee2b6d28..ae324cc0184 100644 --- a/version.m4 +++ b/version.m4 @@ -1,5 +1,5 @@ # Primary version number -m4_define([VERSION_NUMBER], [2.9.2]) +m4_define([VERSION_NUMBER], [2.9.3]) # If the PRERELEASE_VERSION_NUMBER is set, we'll append # it to the release tag when creating an RPM or SRPM From ba7b99383bd9b6a16bc42aebc9cba65534251d60 Mon Sep 17 00:00:00 2001 From: Iker Pedrosa <ipedrosa@redhat.com> Date: Fri, 27 Oct 2023 12:28:12 +0200 Subject: [PATCH 204/280] CI: clean configure.sh MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Support for Fedora 36-, RHEL/CentOS 6 and 7 in master branch ended, so let's remove them. In addition, Python2 support only exists in RHEL/Centos 8, so make only those two dstributions use `python2-bindings`. Finally, include RHEL/CentOS 10 for configurable features. Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com> Reviewed-by: Alexey Tikhonov <atikhono@redhat.com> Reviewed-by: Pavel Březina <pbrezina@redhat.com> (cherry picked from commit 3edc04d17fbfa520f5522293e861227f5119e15f) --- contrib/ci/configure.sh | 44 ++++++++++++----------------------------- 1 file changed, 13 insertions(+), 31 deletions(-) diff --git a/contrib/ci/configure.sh b/contrib/ci/configure.sh index 258d956a3fb..e61351c2481 100644 --- a/contrib/ci/configure.sh +++ b/contrib/ci/configure.sh @@ -29,54 +29,34 @@ declare -a CONFIGURE_ARG_LIST=( "--enable-ldb-version-check" "--with-syslog=journald" "--enable-systemtap" - "--with-python2-bindings" ) -if [[ "$DISTRO_BRANCH" == -redhat-redhatenterprise*-6.*- || - "$DISTRO_BRANCH" == -redhat-centos-6.*- ]]; then +if [[ "$DISTRO_BRANCH" == -redhat-centos-8*- || + "$DISTRO_BRANCH" == -redhat-redhatenterprise*-8.*- ]]; then CONFIGURE_ARG_LIST+=( - "--with-smb-idmap-interface-version=5" - "--disable-cifs-idmap-plugin" - "--with-syslog=syslog" - "--without-python3-bindings" - "--without-kcm" + "--with-python2-bindings" ) -fi - -if [[ "$DISTRO_BRANCH" == -redhat-fedora-2[0-2]* ]]; then +else CONFIGURE_ARG_LIST+=( - "--without-kcm" + "--without-python2-bindings" ) fi -if [[ "$DISTRO_BRANCH" == -redhat-redhatenterprise*-7.*- || - "$DISTRO_BRANCH" == -redhat-centos-7.*- ]]; then - CONFIGURE_ARG_LIST+=( - "--without-python3-bindings" - ) -fi # Different versions of Debian might need different versions here but this is # sufficient to make the CI work if [[ "$DISTRO_BRANCH" == -debian-* ]]; then CONFIGURE_ARG_LIST+=( - "--without-python2-bindings" "--with-smb-idmap-interface-version=5" ) fi -if [[ "$DISTRO_BRANCH" == -redhat-fedora-4[0-9]* || - "$DISTRO_BRANCH" == -redhat-fedora-3[2-9]* || - "$DISTRO_BRANCH" == -redhat-centos*-9*- || - "$DISTRO_BRANCH" == -redhat-redhatenterprise*-9.*- ]]; then - CONFIGURE_ARG_LIST+=( - "--without-python2-bindings" - ) -fi - -if [[ "$DISTRO_BRANCH" == -redhat-fedora-3[5-9]* || - "$DISTRO_BRANCH" == -redhat-redhatenterprise*-9.*- ]]; then +if [[ "$DISTRO_BRANCH" == -redhat-fedora-* || + "$DISTRO_BRANCH" == -redhat-centos-9*- || + "$DISTRO_BRANCH" == -redhat-centos-10*- || + "$DISTRO_BRANCH" == -redhat-redhatenterprise*-9.*- || + "$DISTRO_BRANCH" == -redhat-redhatenterprise*-10.*- ]]; then CONFIGURE_ARG_LIST+=( "--with-subid" ) @@ -84,7 +64,9 @@ fi if [[ "$DISTRO_BRANCH" == -redhat-fedora-* || "$DISTRO_BRANCH" == -redhat-centos-9*- || - "$DISTRO_BRANCH" == -redhat-centos-10*- ]]; then + "$DISTRO_BRANCH" == -redhat-centos-10*- || + "$DISTRO_BRANCH" == -redhat-redhatenterprise*-9.*- || + "$DISTRO_BRANCH" == -redhat-redhatenterprise*-10.*- ]]; then CONFIGURE_ARG_LIST+=( "--with-passkey" ) From 31617400ee055611253d26a06b1dd2db2da84ee7 Mon Sep 17 00:00:00 2001 From: Iker Pedrosa <ipedrosa@redhat.com> Date: Fri, 27 Oct 2023 12:34:55 +0200 Subject: [PATCH 205/280] CI: clean distro.sh MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Support for Fedora 36- in master branch ended, so let's remove them. Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com> Reviewed-by: Alexey Tikhonov <atikhono@redhat.com> Reviewed-by: Pavel Březina <pbrezina@redhat.com> (cherry picked from commit 39a0de22daa8b95feb280427876732bcbbb22583) --- contrib/ci/distro.sh | 12 +----------- 1 file changed, 1 insertion(+), 11 deletions(-) diff --git a/contrib/ci/distro.sh b/contrib/ci/distro.sh index 182f7c0d1b0..3ac2611b640 100644 --- a/contrib/ci/distro.sh +++ b/contrib/ci/distro.sh @@ -51,17 +51,7 @@ function distro_pkg_install() { declare prompt=$'Need root permissions to install packages.\n' prompt+="Enter sudo password for $USER: " - if [[ "$DISTRO_BRANCH" == -redhat-fedora-2[2-5]* ]]; then - # TODO switch fedora to DNF once - # https://bugzilla.redhat.com/show_bug.cgi?id=1215208 is fixed - [ $# != 0 ] && sudo -p "$prompt" \ - yum-deprecated --assumeyes install -- "$@" |& - # Pass input to output, fail if a missing package is reported - awk 'BEGIN {s=0} - /^No package .* available.$/ {s=1} - {print} - END {exit s}' - elif [[ "$DISTRO_BRANCH" == -redhat-fedora-* ]]; then + if [[ "$DISTRO_BRANCH" == -redhat-fedora-* ]]; then [ $# != 0 ] && sudo -p "$prompt" \ /usr/bin/dnf --assumeyes --best \ --setopt=install_weak_deps=False \ From 52acc39402fc3e001e5f446b625983848ab9ef16 Mon Sep 17 00:00:00 2001 From: Iker Pedrosa <ipedrosa@redhat.com> Date: Fri, 27 Oct 2023 12:38:53 +0200 Subject: [PATCH 206/280] CI: clean deps.sh MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Support for Fedora 36- in master branch ended, so let's remove them. Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com> Reviewed-by: Alexey Tikhonov <atikhono@redhat.com> Reviewed-by: Pavel Březina <pbrezina@redhat.com> (cherry picked from commit 05ea3f1bec1b1b51e5248c6276ada7870cf03fdc) --- contrib/ci/deps.sh | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/contrib/ci/deps.sh b/contrib/ci/deps.sh index 16d3aff8a7a..f6f50185866 100644 --- a/contrib/ci/deps.sh +++ b/contrib/ci/deps.sh @@ -48,8 +48,7 @@ if [[ "$DISTRO_BRANCH" == -redhat-* ]]; then libunistring-devel ) - if [[ "$DISTRO_BRANCH" == -redhat-fedora-31* || - "$DISTRO_BRANCH" == -redhat-redhatenterprise*-8.*- || + if [[ "$DISTRO_BRANCH" == -redhat-redhatenterprise*-8.*- || "$DISTRO_BRANCH" == -redhat-centos*-8*- ]]; then DEPS_LIST+=( python2 @@ -59,7 +58,7 @@ if [[ "$DISTRO_BRANCH" == -redhat-* ]]; then fi if [[ "$DISTRO_BRANCH" == -redhat-fedora-4[0-9]* || - "$DISTRO_BRANCH" == -redhat-fedora-3[1-9]* || + "$DISTRO_BRANCH" == -redhat-fedora-3[7-9]* || "$DISTRO_BRANCH" == -redhat-redhatenterprise*-8.*- || "$DISTRO_BRANCH" == -redhat-redhatenterprise*-9.*- || "$DISTRO_BRANCH" == -redhat-centos*-8*- || From 776f6e19805b712710125e26b1c734d8481b0035 Mon Sep 17 00:00:00 2001 From: Iker Pedrosa <ipedrosa@redhat.com> Date: Mon, 6 Nov 2023 11:45:36 +0100 Subject: [PATCH 207/280] CI: upload cwrap logs MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com> Reviewed-by: Alexey Tikhonov <atikhono@redhat.com> Reviewed-by: Pavel Březina <pbrezina@redhat.com> (cherry picked from commit 292ef326b4a181d061c59a15fc7819feb8118313) --- .github/workflows/ci.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 38e36f64954..4bef4504415 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -124,6 +124,7 @@ jobs: ./sssd/ci-build-debug/ci-*.log ./sssd/ci-build-debug/test-suite.log ./sssd/ci-build-debug/ci-mock-result/*.log + ./sssd/ci-build-debug/src/tests/cwrap/test-suite.log - name: Upload valgrind artifacts if: always() From fd414aae8faaae50d7cd951551d44b7154c5f4e2 Mon Sep 17 00:00:00 2001 From: Jakub Vavra <jvavra@redhat.com> Date: Thu, 2 Mar 2023 14:35:20 +0100 Subject: [PATCH 208/280] Tests: Add a test for bz1900973 kcm delete expired tickets Reviewed-by: Alejandro Lopez <allopez@redhat.com> Reviewed-by: Dan Lavu <dlavu@redhat.com> Reviewed-by: Justin Stephenson <jstephen@redhat.com> (cherry picked from commit 0f1a6e350584924fd9f18aceae20d04c54bdd845) --- src/tests/multihost/alltests/test_kcm.py | 76 ++++++++++++++++++++++++ 1 file changed, 76 insertions(+) diff --git a/src/tests/multihost/alltests/test_kcm.py b/src/tests/multihost/alltests/test_kcm.py index cbc5f666708..4a081cd8b1d 100644 --- a/src/tests/multihost/alltests/test_kcm.py +++ b/src/tests/multihost/alltests/test_kcm.py @@ -115,3 +115,79 @@ def test_kcm_check_socket_path(self, multihost, backupsssdconf): "and.sssd.conf...some_path.kcm.socket..don't.match" find = re.compile(r'%s' % msg) assert find.search(log) + + @pytest.mark.tier1_2 + def test_expired_tickets(self, multihost, backupsssdconf): + """ + :title: IDM-SSSD-TC: kcm_provider: Expired tickets are removed + :id: db532785-a00f-4be9-b413-592e0550fe9c + :requirement: sssd-kcm does not appear to expire Kerberos tickets (RFE: sssd_kcm + should have the option to automatically delete the expired tickets) + :setup: + 1. Configure short ticket lifetime in krb5. + 2. Create a user. + 3. Cleanup all ticket caches + :steps: + 1. Create about 64 tickets for user + 2. Try to create 65th ticket + 3. Wait for them to expire + 4. Try to create about 10 more tickets + 5. Check the sssd kcm log + :expectedresults: + 1. Tickets are created + 2. Ticket is not created + 3. Tickets are expired + 4. New tickets are created + 5. Log contains a message about deleting expired credentials + :customerscenario: True + :bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1900973 + """ + client = sssdTools(multihost.client[0]) + client.sssd_conf('kcm', {'debug_level': '9'}) + multihost.client[0].service_sssd('restart') + + sssdTools(multihost.client[0]).clear_sssd_cache() + # Setup short ticker validity (60s) in krb5.conf using ticket_lifetime + backup_krb5 = 'cp -rf /etc/krb5.conf /etc/krb5.conf.bak' + restore_krb5 = 'mv /etc/krb5.conf.bak /etc/krb5.conf ; ' \ + 'restorecon -Rv /etc/krb5.conf' + edit_krb5_conf = 'sed -i "s/ticket_lifetime.*/ticket_lifetime = ' \ + '60/" /etc/krb5.conf' + multihost.client[0].run_command(backup_krb5, raiseonerr=False) + multihost.client[0].run_command(edit_krb5_conf, raiseonerr=False) + multihost.client[0].run_command("systemctl restart sssd-kcm") + multihost.client[0].run_command("> /var/log/sssd/sssd_kcm.log") + multihost.client[0].run_command("kdestroy -A", raiseonerr=False) + for i in range(1, 65): + multihost.client[0].run_command( + f"kinit -c KCM:0:12345{i} foo1", + stdin_text="Secret123", + raiseonerr=False + ) + # This credential should not be created due to secrets being full now. + cmd_fail = multihost.client[0].run_command( + "kinit -c KCM:0:666666 foo1", + stdin_text="Secret123", + raiseonerr=False + ) + log_str_1 = multihost.client[0].get_file_contents( + "/var/log/sssd/sssd_kcm.log").decode('utf-8') + # Wait for secrets to expire. + time.sleep(120) + multihost.client[0].run_command("date; klist -l", raiseonerr=False) + fail_count = 0 + for i in range(65, 75): + cmd = multihost.client[0].run_command( + f"kinit -c KCM:0:12345{i} foo1", + stdin_text="Secret123", + raiseonerr=False + ) + fail_count += cmd.returncode + log_str = multihost.client[0].get_file_contents( + "/var/log/sssd/sssd_kcm.log").decode('utf-8') + multihost.client[0].run_command(restore_krb5, raiseonerr=False) + multihost.client[0].run_command("kdestroy -A", raiseonerr=False) + assert fail_count == 0, f"At least one kinit failed. Failures: {fail_count}." + assert cmd_fail.returncode != 0, "kinit succeeded but should have failed." + assert "The maximum number of stored secrets has been reached" in log_str_1 + assert "Removing the oldest expired credential" in log_str From f394acee8fefff4bce581c34d8abb1a2bdc521df Mon Sep 17 00:00:00 2001 From: Alexey Tikhonov <atikhono@redhat.com> Date: Mon, 13 Nov 2023 18:30:36 +0100 Subject: [PATCH 209/280] SPEC: 'sssd-proxy' requires 'libsss_certmap.so' MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Resolves following rpminspect warning: ``` Subpackage sssd-proxy carries 'Requires: libsss_certmap.so.0()(64bit)' which comes from subpackage libsss_certmap but does not carry an explicit package version requirement. Please add 'Requires: libsss_certmap = %{version}-%{release}' to the spec file to avoid the need to test interoperability between various combinations of old and new subpackages. ``` Reviewed-by: Tomáš Halman <thalman@redhat.com> (cherry picked from commit 3eae4cc5282e4b76454b358e986da0757bb81d7f) --- contrib/sssd.spec.in | 1 + 1 file changed, 1 insertion(+) diff --git a/contrib/sssd.spec.in b/contrib/sssd.spec.in index 21de6154fc0..c5d2fa0ff25 100644 --- a/contrib/sssd.spec.in +++ b/contrib/sssd.spec.in @@ -356,6 +356,7 @@ identity data from and authenticate against an Active Directory server. Summary: The proxy back end of the SSSD License: GPLv3+ Requires: sssd-common = %{version}-%{release} +Requires: libsss_certmap = %{version}-%{release} %description proxy Provides the proxy back end which can be used to wrap an existing NSS and/or From 4b4564c3876dc1cee85f10b31acaa1a5c75656a9 Mon Sep 17 00:00:00 2001 From: Alexey Tikhonov <atikhono@redhat.com> Date: Mon, 13 Nov 2023 12:34:20 +0100 Subject: [PATCH 210/280] UTIL: use proper specifier for 'DEBUG_CHAIN_ID_FMT_*' MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Resolves: https://github.com/SSSD/sssd/issues/6790 Reviewed-by: Justin Stephenson <jstephen@redhat.com> Reviewed-by: Tomáš Halman <thalman@redhat.com> (cherry picked from commit 2617dcfd6376e0bb0a44cc15b11f0e6531c33960) --- src/util/util.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/util/util.h b/src/util/util.h index e0e122cee38..f3a4926931a 100644 --- a/src/util/util.h +++ b/src/util/util.h @@ -188,8 +188,8 @@ void sss_log(int priority, const char *format, ...) SSS_ATTRIBUTE_PRINTF(2, 3); void sss_log_ext(int priority, int facility, const char *format, ...) SSS_ATTRIBUTE_PRINTF(3, 4); /* from server.c */ -#define DEBUG_CHAIN_ID_FMT_RID "[RID#%lu] %s" -#define DEBUG_CHAIN_ID_FMT_CID "[CID#%lu] %s" +#define DEBUG_CHAIN_ID_FMT_RID "[RID#%"PRIu64"] %s" +#define DEBUG_CHAIN_ID_FMT_CID "[CID#%"PRIu64"] %s" struct main_context { struct tevent_context *event_ctx; From 1e2af0d158fed0940e73496aa96b05f4dfba911c Mon Sep 17 00:00:00 2001 From: Alexey Tikhonov <atikhono@redhat.com> Date: Tue, 14 Nov 2023 13:16:07 +0100 Subject: [PATCH 211/280] Don't provide 'uint64_t' as POPT_ARG_LONG. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sizes might not match on some platforms. Resolves: https://github.com/SSSD/sssd/issues/6790 Reviewed-by: Justin Stephenson <jstephen@redhat.com> Reviewed-by: Tomáš Halman <thalman@redhat.com> (cherry picked from commit 098bf64a03e5e7c054bd0e40717484d45c93d031) --- src/p11_child/p11_child_common.c | 4 ++-- src/providers/ad/ad_gpo_child.c | 4 ++-- src/providers/ipa/selinux_child.c | 4 ++-- src/providers/krb5/krb5_child.c | 4 ++-- src/providers/proxy/proxy_child.c | 2 +- 5 files changed, 9 insertions(+), 9 deletions(-) diff --git a/src/p11_child/p11_child_common.c b/src/p11_child/p11_child_common.c index e49d1e20182..5eab9b063d4 100644 --- a/src/p11_child/p11_child_common.c +++ b/src/p11_child/p11_child_common.c @@ -164,7 +164,7 @@ int main(int argc, const char *argv[]) char *key_id = NULL; char *label = NULL; char *cert_b64 = NULL; - uint64_t chain_id = 0; + long chain_id = 0; bool wait_for_card = false; char *uri = NULL; @@ -325,7 +325,7 @@ int main(int argc, const char *argv[]) } sss_chain_id_set_format(DEBUG_CHAIN_ID_FMT_CID); - sss_chain_id_set(chain_id); + sss_chain_id_set((uint64_t)chain_id); DEBUG_INIT(debug_level, opt_logger); diff --git a/src/providers/ad/ad_gpo_child.c b/src/providers/ad/ad_gpo_child.c index 630a08c5b73..2f2807bec2d 100644 --- a/src/providers/ad/ad_gpo_child.c +++ b/src/providers/ad/ad_gpo_child.c @@ -659,7 +659,7 @@ main(int argc, const char *argv[]) poptContext pc; int dumpable = 1; int debug_fd = -1; - uint64_t chain_id; + long chain_id = 0; const char *opt_logger = NULL; errno_t ret; int sysvol_gpt_version = -1; @@ -718,7 +718,7 @@ main(int argc, const char *argv[]) } sss_chain_id_set_format(DEBUG_CHAIN_ID_FMT_RID); - sss_chain_id_set(chain_id); + sss_chain_id_set((uint64_t)chain_id); DEBUG_INIT(debug_level, opt_logger); diff --git a/src/providers/ipa/selinux_child.c b/src/providers/ipa/selinux_child.c index 8ca1bd1fcea..063bea44d21 100644 --- a/src/providers/ipa/selinux_child.c +++ b/src/providers/ipa/selinux_child.c @@ -220,7 +220,7 @@ int main(int argc, const char *argv[]) bool needs_update; const char *username; const char *opt_logger = NULL; - uint64_t chain_id; + long chain_id; struct poptOption long_options[] = { POPT_AUTOHELP @@ -269,7 +269,7 @@ int main(int argc, const char *argv[]) } sss_chain_id_set_format(DEBUG_CHAIN_ID_FMT_RID); - sss_chain_id_set(chain_id); + sss_chain_id_set((uint64_t)chain_id); DEBUG_INIT(debug_level, opt_logger); diff --git a/src/providers/krb5/krb5_child.c b/src/providers/krb5/krb5_child.c index 710fd756763..704f6508224 100644 --- a/src/providers/krb5/krb5_child.c +++ b/src/providers/krb5/krb5_child.c @@ -4015,7 +4015,7 @@ int main(int argc, const char *argv[]) krb5_error_code kerr; uid_t fast_uid = 0; gid_t fast_gid = 0; - uint64_t chain_id = 0; + long chain_id = 0; struct cli_opts cli_opts = { 0 }; int sss_creds_password = 0; long dummy_long = 0; @@ -4111,7 +4111,7 @@ int main(int argc, const char *argv[]) } sss_chain_id_set_format(DEBUG_CHAIN_ID_FMT_RID); - sss_chain_id_set(chain_id); + sss_chain_id_set((uint64_t)chain_id); DEBUG_INIT(debug_level, opt_logger); diff --git a/src/providers/proxy/proxy_child.c b/src/providers/proxy/proxy_child.c index fada1e6861d..dad65e79be7 100644 --- a/src/providers/proxy/proxy_child.c +++ b/src/providers/proxy/proxy_child.c @@ -552,7 +552,7 @@ int main(int argc, const char *argv[]) debug_log_file = talloc_asprintf(NULL, "proxy_child_%s", domain); if (!debug_log_file) return 2; - sss_chain_id_set(chain_id); + sss_chain_id_set((uint64_t)chain_id); DEBUG_INIT(debug_level, opt_logger); From b536e4b3b94abb870d666e16636820369793f035 Mon Sep 17 00:00:00 2001 From: Dan Lavu <dlavu@redhat.com> Date: Wed, 13 Sep 2023 13:29:25 -0400 Subject: [PATCH 212/280] tests: consolidation, refactoring and organizing, renaming of some tests MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - added markers to pytest.ini - added markers to tests - consolidated two sssctl test files into one, sssctl_config_check.py and sssctl.py - renamed test_id.py, to test_identity.py, just to match the marker groups - renamed the test cases in test_identity.py to be more readable - renamed test_ldap_extra_attrs.py to test_schema.py , after looking at the tests, its testing the schema attributes - appended test_shadow.py to test_ldap.py , tests shadowlastchange = 0 in LDAP Reviewed-by: Jakub Vávra <jvavra@redhat.com> Reviewed-by: Pavel Březina <pbrezina@redhat.com> Reviewed-by: Scott Poore <spoore@redhat.com> (cherry picked from commit 92e85f1a135c89bca17cbd8c7efe8562d2c5beca) --- .../basic/test_sssctl_config_check.py | 6 +- src/tests/system/pytest.ini | 2 +- .../tests/{test_id.py => test_identity.py} | 26 ++-- src/tests/system/tests/test_ldap.py | 38 ++++++ ...est_ldap_extra_attrs.py => test_schema.py} | 4 +- src/tests/system/tests/test_shadow.py | 50 ------- src/tests/system/tests/test_sssctl.py | 88 ++++++++++++- .../system/tests/test_sssctl_config_check.py | 123 ------------------ 8 files changed, 144 insertions(+), 193 deletions(-) rename src/tests/system/tests/{test_id.py => test_identity.py} (93%) rename src/tests/system/tests/{test_ldap_extra_attrs.py => test_schema.py} (91%) delete mode 100644 src/tests/system/tests/test_shadow.py delete mode 100644 src/tests/system/tests/test_sssctl_config_check.py diff --git a/src/tests/multihost/basic/test_sssctl_config_check.py b/src/tests/multihost/basic/test_sssctl_config_check.py index f70967e6056..1de2e958d9a 100644 --- a/src/tests/multihost/basic/test_sssctl_config_check.py +++ b/src/tests/multihost/basic/test_sssctl_config_check.py @@ -13,7 +13,7 @@ class TestSssctlConfigCheck(object): - @pytest.mark.converted('test_sssctl_config_check.py', 'test_sssctl_config_check__typo_option_name') + @pytest.mark.converted('test_sssctl.py', 'test_sssctl__typo_option_name') def test_verify_typo_option_name(self, multihost): """ :title: sssctl: Verify typos in option name (not value) @@ -44,7 +44,7 @@ def test_verify_typo_option_name(self, multihost): multihost.master[0].run_command(['/bin/cp', '-a', cfgput, cfgget], raiseonerr=False) - @pytest.mark.converted('test_sssctl_config_check.py', 'test_sssctl_config_check__typo_domain_name') + @pytest.mark.converted('test_sssctl.py', 'test_sssctl__typo_domain_name') def test_verify_typo_domain_name(self, multihost): """ :title: sssctl: Verify typos in domain name of configuration file @@ -74,7 +74,7 @@ def test_verify_typo_domain_name(self, multihost): multihost.master[0].run_command(['/bin/cp', '-a', cfgput, cfgget], raiseonerr=False) - @pytest.mark.converted('test_sssctl_config_check.py', 'test_sssctl_config_check__misplaced_option') + @pytest.mark.converted('test_sssctl.py', 'test_sssctl__misplaced_option') def test_misplaced_option(self, multihost): """ :title: sssctl: Verify misplace options in default configuration file diff --git a/src/tests/system/pytest.ini b/src/tests/system/pytest.ini index 1f0d2c7d363..e7fe2714414 100644 --- a/src/tests/system/pytest.ini +++ b/src/tests/system/pytest.ini @@ -1,3 +1,4 @@ +# For marker descriptions please look at https://tests.sssd.io/en/latest/marks.html [pytest] addopts = --strict-markers testpaths = tests @@ -13,4 +14,3 @@ markers = tools: ticket_tools = bz,gh,jira -# For marker descriptions please look at https://tests.sssd.io/en/latest/marks.html diff --git a/src/tests/system/tests/test_id.py b/src/tests/system/tests/test_identity.py similarity index 93% rename from src/tests/system/tests/test_id.py rename to src/tests/system/tests/test_identity.py index 8ee34b6f729..f09d5bb61fd 100644 --- a/src/tests/system/tests/test_id.py +++ b/src/tests/system/tests/test_identity.py @@ -1,5 +1,5 @@ """ -SSSD Client identification +SSSD Client identity Lookups :requirement: IDM-SSSD-REQ: Client side performance improvements """ @@ -14,7 +14,7 @@ @pytest.mark.importance("critical") @pytest.mark.topology(KnownTopologyGroup.AnyProvider) -def test_id__getpwnam(client: Client, provider: GenericProvider): +def test_identity__lookup_username_with_id(client: Client, provider: GenericProvider): """ :title: Resolve user by name with id :setup: @@ -47,7 +47,7 @@ def test_id__getpwnam(client: Client, provider: GenericProvider): @pytest.mark.importance("critical") @pytest.mark.topology(KnownTopologyGroup.AnyProvider) -def test_id__getpwuid(client: Client, provider: GenericProvider): +def test_identity__lookup_uid_with_id(client: Client, provider: GenericProvider): """ :title: Resolve user by uid with id :setup: @@ -80,7 +80,7 @@ def test_id__getpwuid(client: Client, provider: GenericProvider): @pytest.mark.importance("critical") @pytest.mark.topology(KnownTopologyGroup.AnyProvider) -def test_id__getgrnam(client: Client, provider: GenericProvider): +def test_identity__lookup_groupname_with_getent(client: Client, provider: GenericProvider): """ :title: Resolve group by name with getent.group :setup: @@ -113,7 +113,7 @@ def test_id__getgrnam(client: Client, provider: GenericProvider): @pytest.mark.importance("critical") @pytest.mark.topology(KnownTopologyGroup.AnyProvider) -def test_id__getgrgid(client: Client, provider: GenericProvider): +def test_identity__lookup_gid_with_getent(client: Client, provider: GenericProvider): """ :title: Resolve group with by gid with getent.group :setup: @@ -146,7 +146,7 @@ def test_id__getgrgid(client: Client, provider: GenericProvider): @pytest.mark.importance("critical") @pytest.mark.topology(KnownTopologyGroup.AnyProvider) -def test_id__getent_passwd(client: Client, provider: GenericProvider): +def test_identity__lookup_user_with_getent(client: Client, provider: GenericProvider): """ :title: Resolve user with getent.passwd :setup: @@ -188,7 +188,7 @@ def test_id__getent_passwd(client: Client, provider: GenericProvider): @pytest.mark.importance("critical") @pytest.mark.topology(KnownTopologyGroup.AnyProvider) -def test_id__getent_group(client: Client, provider: GenericProvider): +def test_identity__lookup_user_by_group_with_getent(client: Client, provider: GenericProvider): """ :title: Resolve user with getent.group :setup: @@ -228,7 +228,7 @@ def test_id__getent_group(client: Client, provider: GenericProvider): @pytest.mark.importance("critical") @pytest.mark.topology(KnownTopologyGroup.AnyProvider) -def test_id__membership_by_group_name(client: Client, provider: GenericProvider): +def test_identity__lookup_group_membership_by_username_with_id(client: Client, provider: GenericProvider): """ :title: Check membership of user by group name with id :setup: @@ -261,7 +261,7 @@ def test_id__membership_by_group_name(client: Client, provider: GenericProvider) @pytest.mark.importance("critical") @pytest.mark.topology(KnownTopologyGroup.AnyProvider) -def test_id__membership_by_group_id(client: Client, provider: GenericProvider): +def test_identity__lookup_group_membership_by_group_with_id(client: Client, provider: GenericProvider): """ :title: Check membership of user by gid with id :setup: @@ -295,7 +295,7 @@ def test_id__membership_by_group_id(client: Client, provider: GenericProvider): @pytest.mark.importance("critical") @pytest.mark.topology(KnownTopologyGroup.AnyProvider) -def test_id__initgroups(client: Client, provider: GenericProvider): +def test_identity__lookup_initgroups_with_getent(client: Client, provider: GenericProvider): """ :title: Check initgroups of user :setup: @@ -334,7 +334,7 @@ def test_id__initgroups(client: Client, provider: GenericProvider): @pytest.mark.importance("critical") @pytest.mark.topology(KnownTopologyGroup.AnyProvider) -def test_id__getpwnam_fully_qualified_names(client: Client, provider: GenericProvider): +def test_identity__lookup_users_with_fully_qualified_name(client: Client, provider: GenericProvider): """ :title: Resolve user when 'use_fully_qualified_names' is 'true' :setup: @@ -377,7 +377,7 @@ def test_id__getpwnam_fully_qualified_names(client: Client, provider: GenericPro @pytest.mark.importance("critical") @pytest.mark.topology(KnownTopologyGroup.AnyProvider) -def test_id__case_insensitive(client: Client, provider: GenericProvider): +def test_identity__lookup_users_when_case_insensitive(client: Client, provider: GenericProvider): """ :title: Search user with case insensitive name when 'case_sensitive' is 'false' :setup: @@ -422,7 +422,7 @@ def test_id__case_insensitive(client: Client, provider: GenericProvider): @pytest.mark.importance("critical") @pytest.mark.topology(KnownTopologyGroup.AnyProvider) -def test_id__fq_names_case_insensitive(client: Client, provider: GenericProvider): +def test_identity__lookup_users_fully_qualified_name_and_case_insensitive(client: Client, provider: GenericProvider): """ :title: Search user with fq case insensitive name when 'case_sensitive' is 'false' and 'use_fully_qualified_names' is 'true' diff --git a/src/tests/system/tests/test_ldap.py b/src/tests/system/tests/test_ldap.py index 0c31963ff67..5ae7f1876a7 100644 --- a/src/tests/system/tests/test_ldap.py +++ b/src/tests/system/tests/test_ldap.py @@ -188,3 +188,41 @@ def test_ldap__user_with_whitespace(client: Client, ldap: LDAP): result = client.tools.id(" user1") assert result is None, "User ' user1' was found, not expected" + + +@pytest.mark.importance("high") +@pytest.mark.authentication +@pytest.mark.ticket(bz=1507035) +@pytest.mark.topology(KnownTopology.LDAP) +@pytest.mark.parametrize("method", ["su", "ssh"]) +def test_ldap__password_change(client: Client, ldap: LDAP, method: str): + """ + :title: Change password with shadow ldap password policy + :setup: + 1. Allow user to change its own password in LDAP + 2. Create LDAP user "tuser" with shadowLastChange = 0 + 3. Set ldap_pwd_policy to "shadow" + 4. Set ldap_chpass_update_last_change to "True" + 5. Start SSSD + :steps: + 1. Autheticate as "tuser" with old password + 2. Autheticate as "tuser" with new password + :expectedresults: + 1. Password was expired and new password was expected and provided + 2. Authentication with new password was successful + :customerscenario: True + """ + ldap.aci.add('(targetattr="userpassword")(version 3.0; acl "pwp test"; allow (all) userdn="ldap:///self";)') + ldap.user("tuser").add( + uid=999011, gid=999011, shadowMin=0, shadowMax=99999, shadowWarning=7, shadowLastChange=0, password="Secret123" + ) + + client.sssd.domain["ldap_pwd_policy"] = "shadow" + client.sssd.domain["ldap_chpass_update_last_change"] = "True" + client.sssd.start() + + # Password is expired, change it + assert client.auth.parametrize(method).password_expired("tuser", "Secret123", "Redhat@321") + + # Authenticate with new password + assert client.auth.parametrize(method).password("tuser", "Redhat@321") diff --git a/src/tests/system/tests/test_ldap_extra_attrs.py b/src/tests/system/tests/test_schema.py similarity index 91% rename from src/tests/system/tests/test_ldap_extra_attrs.py rename to src/tests/system/tests/test_schema.py index cf3e6ce097a..4a49e2d5def 100644 --- a/src/tests/system/tests/test_ldap_extra_attrs.py +++ b/src/tests/system/tests/test_schema.py @@ -1,5 +1,5 @@ """ -ldap_user_extra_attrs tests. +schema tests. :requirement: ldap_extra_attrs """ @@ -17,7 +17,7 @@ @pytest.mark.ticket(gh=4153, bz=1362023) @pytest.mark.topology(KnownTopologyGroup.AnyProvider) @pytest.mark.parametrize("attrs", ["mail, firstname:givenname, lastname:sn", "given_email:mail"]) -def test_ldap_extra_attrs__filled(client: Client, provider: GenericProvider, attrs: str): +def test_schema__ldap_extra_attrs_filled(client: Client, provider: GenericProvider, attrs: str): """ :title: SSSD starts correctly when ldap_user_extra_attrs is filled :setup: diff --git a/src/tests/system/tests/test_shadow.py b/src/tests/system/tests/test_shadow.py deleted file mode 100644 index 018a0f21835..00000000000 --- a/src/tests/system/tests/test_shadow.py +++ /dev/null @@ -1,50 +0,0 @@ -""" -LDAP Shadow attributes tests. - -:requirement: IDM-SSSD-REQ : LDAP Provider -""" - -from __future__ import annotations - -import pytest -from sssd_test_framework.roles.client import Client -from sssd_test_framework.roles.ldap import LDAP -from sssd_test_framework.topology import KnownTopology - - -@pytest.mark.importance("high") -@pytest.mark.schema -@pytest.mark.ticket(bz=1507035) -@pytest.mark.topology(KnownTopology.LDAP) -@pytest.mark.parametrize("method", ["su", "ssh"]) -def test_shadow__password_change(client: Client, ldap: LDAP, method: str): - """ - :title: Change password with shadow ldap password policy - :setup: - 1. Allow user to change its own password in LDAP - 2. Create LDAP user "tuser" with shadowLastChange = 0 - 3. Set ldap_pwd_policy to "shadow" - 4. Set ldap_chpass_update_last_change to "True" - 5. Start SSSD - :steps: - 1. Autheticate as "tuser" with old password - 2. Autheticate as "tuser" with new password - :expectedresults: - 1. Password was expired and new password was expected and provided - 2. Authentication with new password was successful - :customerscenario: True - """ - ldap.aci.add('(targetattr="userpassword")(version 3.0; acl "pwp test"; allow (all) userdn="ldap:///self";)') - ldap.user("tuser").add( - uid=999011, gid=999011, shadowMin=0, shadowMax=99999, shadowWarning=7, shadowLastChange=0, password="Secret123" - ) - - client.sssd.domain["ldap_pwd_policy"] = "shadow" - client.sssd.domain["ldap_chpass_update_last_change"] = "True" - client.sssd.start() - - # Password is expired, change it - assert client.auth.parametrize(method).password_expired("tuser", "Secret123", "Redhat@321") - - # Authenticate with new password - assert client.auth.parametrize(method).password("tuser", "Redhat@321") diff --git a/src/tests/system/tests/test_sssctl.py b/src/tests/system/tests/test_sssctl.py index 6a2135dbe9b..60b3eb3eabd 100644 --- a/src/tests/system/tests/test_sssctl.py +++ b/src/tests/system/tests/test_sssctl.py @@ -6,7 +6,10 @@ from __future__ import annotations +import re + import pytest +from pytest_mh.ssh import SSHProcessError from sssd_test_framework.roles.client import Client from sssd_test_framework.roles.ldap import LDAP from sssd_test_framework.topology import KnownTopology @@ -29,7 +32,7 @@ def test_sssctl__check_id_provider(client: Client): 2. Successfully get the error message. :customerscenario: False """ - # create sssd.conf and start the sssd, with deafult configuration with a LDAP server. + # create sssd.conf and start the sssd, with default configuration with a LDAP server. client.sssd.start() # remove id_provider parameter from domain section. @@ -183,3 +186,86 @@ def test_sssctl__reset_cached_timestamps(client: Client, ldap: LDAP): res1 = client.tools.getent.group("group1") assert res1 is not None assert "user1" not in res1.members + + +@pytest.mark.importance("high") +@pytest.mark.tools +@pytest.mark.topology(KnownTopology.Client) +def test_sssctl__check_typo_option_name(client: Client): + """ + :title: sssctl config-check detects mistyped option name + :setup: + 1. Add wrong_option to domain section + 2. Start SSSD, without config check + :steps: + 1. Call sssctl config-check + 2. Check error message + :expectedresults: + 1. config-check detects an error in config + 2. Error message is properly set + :customerscenario: False + """ + client.sssd.common.local() + client.sssd.dom("test")["wrong_option"] = "true" + + client.sssd.start(check_config=False) + + result = client.sssctl.config_check() + assert result.rc != 0, "Config-check did not detect misconfigured config" + + pattern = re.compile(r"Attribute 'wrong_option' is not allowed.*") + assert pattern.search(result.stdout), "Wrong error message was returned" + + +@pytest.mark.importance("high") +@pytest.mark.tools +@pytest.mark.topology(KnownTopology.Client) +def test_sssctl__check_typo_domain_name(client: Client): + """ + :title: sssctl config-check detects mistyped domain name + :setup: + 1. Create mistyped domain ("domain/") + 2. Start SSSD + :steps: + 1. Call sssctl config-check, implicitly + 2. Check error message + :expectedresults: + 1. config-check detects an error in config + 2. Error message is properly set + :customerscenario: False + """ + client.sssd.dom("")["debug_level"] = "9" + + with pytest.raises(SSHProcessError) as ex: + client.sssd.start(raise_on_error=True, check_config=True) + + assert ex.match(r"Section \[domain\/\] is not allowed. Check for typos.*"), "Wrong error message was returned" + + +@pytest.mark.importance("high") +@pytest.mark.tools +@pytest.mark.topology(KnownTopology.Client) +def test_sssctl__check_misplaced_option(client: Client): + """ + :title: sssctl config-check detects misplaced option + :setup: + 1. In domain set "services" to "nss, pam" + 2. Start SSSD, without config check + :steps: + 1. Call sssctl config-check + 2. Check error message + :expectedresults: + 1. config-check detects an error in config + 2. Error message is properly set + :customerscenario: False + """ + client.sssd.common.local() + client.sssd.dom("test")["services"] = "nss, pam" + + client.sssd.start(check_config=False) + + result = client.sssctl.config_check() + assert result.rc != 0, "Config-check did not detect misconfigured config" + + pattern = re.compile(r".Attribute 'services' is not allowed in section .*") + assert pattern.search(result.stdout), "Wrong error message was returned" diff --git a/src/tests/system/tests/test_sssctl_config_check.py b/src/tests/system/tests/test_sssctl_config_check.py deleted file mode 100644 index b1b5faa0743..00000000000 --- a/src/tests/system/tests/test_sssctl_config_check.py +++ /dev/null @@ -1,123 +0,0 @@ -""" -sssctl config-check Test Cases - -:requirement: IDM-SSSD-REQ: Status utility -""" - -from __future__ import annotations - -import re - -import pytest -from pytest_mh.ssh import SSHProcessError -from sssd_test_framework.roles.client import Client -from sssd_test_framework.topology import KnownTopology - - -@pytest.mark.importance("high") -@pytest.mark.tools -@pytest.mark.topology(KnownTopology.Client) -def test_sssctl_config_check__typo_option_name(client: Client): - """ - :title: sssctl config-check detects mistyped option name - :setup: - 1. Add wrong_option to domain section - 2. Start SSSD, without config check - :steps: - 1. Call sssctl config-check - 2. Check error message - :expectedresults: - 1. config-check detects an error in config - 2. Error message is properly set - :customerscenario: False - """ - client.sssd.common.local() - client.sssd.dom("test")["wrong_option"] = "true" - - client.sssd.start(check_config=False) - - result = client.sssctl.config_check() - assert result.rc != 0, "Config-check did not detect misconfigured config" - - pattern = re.compile(r"Attribute 'wrong_option' is not allowed.*") - assert pattern.search(result.stdout), "Wrong error message was returned" - - -@pytest.mark.importance("high") -@pytest.mark.tools -@pytest.mark.topology(KnownTopology.Client) -def test_sssctl_config_check__typo_domain_name(client: Client): - """ - :title: sssctl config-check detects mistyped domain name - :setup: - 1. Create mistyped domain ("domain/") - 2. Start SSSD - :steps: - 1. Call sssctl config-check, implicitly - 2. Check error message - :expectedresults: - 1. config-check detects an error in config - 2. Error message is properly set - :customerscenario: False - """ - client.sssd.dom("")["debug_level"] = "9" - - with pytest.raises(SSHProcessError) as ex: - client.sssd.start(raise_on_error=True, check_config=True) - - assert ex.match(r"Section \[domain\/\] is not allowed. Check for typos.*"), "Wrong error message was returned" - - -@pytest.mark.importance("high") -@pytest.mark.tools -@pytest.mark.topology(KnownTopology.Client) -def test_sssctl_config_check__misplaced_option(client: Client): - """ - :title: sssctl config-check detects misplaced option - :setup: - 1. In domain set "services" to "nss, pam" - 2. Start SSSD, without config check - :steps: - 1. Call sssctl config-check - 2. Check error message - :expectedresults: - 1. config-check detects an error in config - 2. Error message is properly set - :customerscenario: False - """ - client.sssd.common.local() - client.sssd.dom("test")["services"] = "nss, pam" - - client.sssd.start(check_config=False) - - result = client.sssctl.config_check() - assert result.rc != 0, "Config-check did not detect misconfigured config" - - pattern = re.compile(r".Attribute 'services' is not allowed in section .*") - assert pattern.search(result.stdout), "Wrong error message was returned" - - -@pytest.mark.topology(KnownTopology.Client) -def test_sssctl_config_check__typo_option_value(client: Client): - """ - :title: sssctl config-check detects incorrect value - :setup: - 1. In local domain set "id_provider" to wrong value - 2. Apply config without config check - :steps: - 1. Call sssctl config-check - 2. Check error message - :expectedresults: - 1. config-check detects an error in config - 2. Error message is properly set - :customerscenario: False - """ - client.sssd.common.local() - client.sssd.dom("local")["id_provider"] = "wrong value" - client.sssd.config_apply(check_config=False) - - result = client.sssctl.config_check() - assert result.rc != 0, "Config-check did not detect misconfigured config" - assert ( - "Attribute 'id_provider' in section 'domain/local' has an invalid value: wrong value" in result.stdout_lines[1] - ) From 469ddcbf64333ede2312bf44bbca6eca417fd206 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Alejandro=20L=C3=B3pez?= <allopez@redhat.com> Date: Fri, 10 Nov 2023 14:07:49 +0100 Subject: [PATCH 213/280] LOGROTATE: logrotate should also signal sssd_kcm MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit sssd_kcm is not registered with SSSD's monitor, so it is not signaled when it must restart the log. Adding this command will directly signal sssd_kcm (in addition to the monitor). If sssd_kcm is also running in one or more containers, they will also receive the signal. Because only the log files in the host where rotated, the instances in the containers will go on using the same log files. Nothing will happen except for the "Received SIGHUP. Rotating logfiles." message in the log files. If we want to avoid this, we should implement a PID file. Reviewed-by: Sumit Bose <sbose@redhat.com> Reviewed-by: Tomáš Halman <thalman@redhat.com> (cherry picked from commit 230e7757a7805c7c530d0914936f353882bd504e) --- contrib/sssd.spec.in | 1 + src/examples/logrotate | 3 ++- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/contrib/sssd.spec.in b/contrib/sssd.spec.in index c5d2fa0ff25..03171a87233 100644 --- a/contrib/sssd.spec.in +++ b/contrib/sssd.spec.in @@ -72,6 +72,7 @@ Requires: sssd-krb5 = %{version}-%{release} Requires: sssd-ldap = %{version}-%{release} Requires: sssd-proxy = %{version}-%{release} Suggests: logrotate +Suggests: procps-ng Suggests: python3-sssdconfig = %{version}-%{release} Suggests: sssd-dbus = %{version}-%{release} diff --git a/src/examples/logrotate b/src/examples/logrotate index ecf0c610287..6e769451ce5 100644 --- a/src/examples/logrotate +++ b/src/examples/logrotate @@ -7,6 +7,7 @@ compress delaycompress postrotate - /bin/kill -HUP `cat /var/run/sssd.pid 2>/dev/null` 2> /dev/null || true + /bin/kill -HUP `cat /var/run/sssd.pid 2>/dev/null` 2> /dev/null || true + /bin/pkill -HUP sssd_kcm 2> /dev/null || true endscript } From 8c83234518e9c9b98dad557f124d926448820d5e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Alejandro=20L=C3=B3pez?= <allopez@redhat.com> Date: Fri, 3 Nov 2023 11:13:49 +0100 Subject: [PATCH 214/280] KCM: Replace a hard-coded constant by a macro MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The per-UID quota is internally increased by 2. This value is no longer hard-coded but replaced by the KCM_MAX_UID_EXTRA_SECRETS macro. Reviewed-by: Alexey Tikhonov <atikhono@redhat.com> Reviewed-by: Tomáš Halman <thalman@redhat.com> (cherry picked from commit c73b7eb801ed14892e34cd8e810678220785edf5) --- src/responder/kcm/kcmsrv_ccache_secdb.c | 8 +------- src/responder/kcm/secrets/secrets.c | 4 ++-- src/responder/kcm/secrets/secrets.h | 8 ++++++++ 3 files changed, 11 insertions(+), 9 deletions(-) diff --git a/src/responder/kcm/kcmsrv_ccache_secdb.c b/src/responder/kcm/kcmsrv_ccache_secdb.c index 875eb3c900e..ff5e6e24c38 100644 --- a/src/responder/kcm/kcmsrv_ccache_secdb.c +++ b/src/responder/kcm/kcmsrv_ccache_secdb.c @@ -531,13 +531,7 @@ static errno_t ccdb_secdb_init(struct kcm_ccdb *db, } if (kcm_quota->max_uid_secrets > 0) { - /* Even cn=default is considered a secret that adds up to - * the quota. To avoid off-by-one-confusion, increase - * the quota by two to 1) account for the cn=default object - * and 2) always allow writing to cn=defaults even if we - * are exactly at the quota limit - */ - kcm_quota->max_uid_secrets += 2; + kcm_quota->max_uid_secrets += KCM_MAX_UID_EXTRA_SECRETS; } ret = sss_sec_init(db, kcm_quota, &secdb->sctx); diff --git a/src/responder/kcm/secrets/secrets.c b/src/responder/kcm/secrets/secrets.c index 8f32c63e934..a37edcc2a51 100644 --- a/src/responder/kcm/secrets/secrets.c +++ b/src/responder/kcm/secrets/secrets.c @@ -381,12 +381,12 @@ static int local_db_check_peruid_number_of_secrets(TALLOC_CTX *mem_ctx, ret = local_db_remove_oldest_expired_secret(res, req); if (ret != EOK) { if (ret == ERR_NO_MATCHING_CREDS) { - /* max_uid_secrets is incremented by 2 for internal entries. */ + /* max_uid_secrets is incremented for internal entries. */ DEBUG(SSSDBG_OP_FAILURE, "Cannot store any more secrets for this client (basedn %s) " "as the maximum allowed limit (%d) has been reached\n", ldb_dn_get_linearized(cli_basedn), - req->quota->max_uid_secrets - 2); + req->quota->max_uid_secrets - KCM_MAX_UID_EXTRA_SECRETS); ret = ERR_SEC_INVALID_TOO_MANY_SECRETS; } goto done; diff --git a/src/responder/kcm/secrets/secrets.h b/src/responder/kcm/secrets/secrets.h index 00963aa7c01..537f6c9a7a8 100644 --- a/src/responder/kcm/secrets/secrets.h +++ b/src/responder/kcm/secrets/secrets.h @@ -40,6 +40,14 @@ #define DEFAULT_SEC_KCM_MAX_UID_SECRETS 64 #define DEFAULT_SEC_KCM_MAX_PAYLOAD_SIZE 65536 +/* Even cn=default is considered a secret that adds up to + * the quota. To avoid off-by-one-confusion, increase + * the quota by two to 1) account for the cn=default object + * and 2) always allow writing to cn=defaults even if we + * are exactly at the quota limit + */ +#define KCM_MAX_UID_EXTRA_SECRETS 2 + struct sss_sec_ctx; struct sss_sec_req; From 855d04656d69c4381e4e16ae481ed82c231205a2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Alejandro=20L=C3=B3pez?= <allopez@redhat.com> Date: Fri, 3 Nov 2023 15:31:46 +0100 Subject: [PATCH 215/280] KCM: Fixed a wrong check MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The pointer to the newly allocated iobuffer is stored into state->op_ctx->reply but the check for NULL is done on state->reply, which we already know is not NULL because it was checked before and not modified after that. Reviewed-by: Alexey Tikhonov <atikhono@redhat.com> Reviewed-by: Tomáš Halman <thalman@redhat.com> (cherry picked from commit 3cba6d1153c102f9596335db28cc017e8338e868) --- src/responder/kcm/kcmsrv_ops.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/responder/kcm/kcmsrv_ops.c b/src/responder/kcm/kcmsrv_ops.c index 33d7cd506ea..dab96b486b6 100644 --- a/src/responder/kcm/kcmsrv_ops.c +++ b/src/responder/kcm/kcmsrv_ops.c @@ -161,7 +161,7 @@ struct tevent_req *kcm_cmd_send(TALLOC_CTX *mem_ctx, state, KCM_REPLY_MAX - 2*sizeof(uint32_t), KCM_REPLY_MAX - 2*sizeof(uint32_t)); - if (state->reply == NULL) { + if (state->op_ctx->reply == NULL) { ret = ENOMEM; goto immediate; } From 14e7d7c038b11c527c308305b6afca4ae45b4417 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Alejandro=20L=C3=B3pez?= <allopez@redhat.com> Date: Mon, 13 Nov 2023 16:58:49 +0100 Subject: [PATCH 216/280] KCM: Remove unused cc_be_type from struct kcm_ccdb MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This field is never set and never used. Let's remove it. Reviewed-by: Alexey Tikhonov <atikhono@redhat.com> Reviewed-by: Tomáš Halman <thalman@redhat.com> (cherry picked from commit 126920546e38f9df6c1c1bda95f0bcd6991cb722) --- src/responder/kcm/kcmsrv_ccache_pvt.h | 1 - 1 file changed, 1 deletion(-) diff --git a/src/responder/kcm/kcmsrv_ccache_pvt.h b/src/responder/kcm/kcmsrv_ccache_pvt.h index 0cc24c2b8cd..9d5afed1d53 100644 --- a/src/responder/kcm/kcmsrv_ccache_pvt.h +++ b/src/responder/kcm/kcmsrv_ccache_pvt.h @@ -41,7 +41,6 @@ struct kcm_cred { }; struct kcm_ccdb { - enum kcm_ccdb_be cc_be_type; struct tevent_context *ev; void *db_handle; From 3e740a256598897f4479ac3ca02cfcf6166e54b6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Alejandro=20L=C3=B3pez?= <allopez@redhat.com> Date: Mon, 13 Nov 2023 17:17:26 +0100 Subject: [PATCH 217/280] KCM: When freeing the client, check that it is not NULL. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit `cc-> client` could be NULL. Reviewed-by: Alexey Tikhonov <atikhono@redhat.com> Reviewed-by: Tomáš Halman <thalman@redhat.com> (cherry picked from commit 2eb67afc014878108a555fd0ac41bef954a2a962) --- src/responder/kcm/kcmsrv_ccache.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/responder/kcm/kcmsrv_ccache.c b/src/responder/kcm/kcmsrv_ccache.c index b63fc70afa3..26360f2232b 100644 --- a/src/responder/kcm/kcmsrv_ccache.c +++ b/src/responder/kcm/kcmsrv_ccache.c @@ -40,7 +40,9 @@ static int kcm_cc_destructor(struct kcm_ccache *cc) return 0; } - krb5_free_principal(NULL, cc->client); + if (cc->client != NULL) { + krb5_free_principal(NULL, cc->client); + } return 0; } From a5c96e29069cf0c4ae56f95e8e29ce36820437bf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Alejandro=20L=C3=B3pez?= <allopez@redhat.com> Date: Fri, 3 Nov 2023 17:54:09 +0100 Subject: [PATCH 218/280] KCM: sss_iobuf_init_empty() shall not zero memory MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit sss_iobuf_init_empty() and related functions zero the allocated memory even though it is not needed. Most of the time, all the fields in the structures will be set to non-zero values. In these cases zeroing the is useless and we stop doing it. Only in two cases, some pointers were being left unmodified, so they are now being manually set to NULL. Resolves: https://github.com/SSSD/sssd/issues/7014 Reviewed-by: Alexey Tikhonov <atikhono@redhat.com> Reviewed-by: Tomáš Halman <thalman@redhat.com> (cherry picked from commit edb63cde4fcfa1089e8f39c5d0b6f1e0c184ea0d) --- src/responder/kcm/kcmsrv_ccache.c | 1 - src/util/sss_iobuf.c | 4 +--- src/util/sss_iobuf.h | 4 ++++ 3 files changed, 5 insertions(+), 4 deletions(-) diff --git a/src/responder/kcm/kcmsrv_ccache.c b/src/responder/kcm/kcmsrv_ccache.c index 26360f2232b..0c5c925cceb 100644 --- a/src/responder/kcm/kcmsrv_ccache.c +++ b/src/responder/kcm/kcmsrv_ccache.c @@ -233,7 +233,6 @@ struct kcm_cred *kcm_cred_new(TALLOC_CTX *mem_ctx, if (kcreds == NULL) { return NULL; } - uuid_copy(kcreds->uuid, uuid); kcreds->cred_blob = talloc_steal(kcreds, cred_blob); return kcreds; diff --git a/src/util/sss_iobuf.c b/src/util/sss_iobuf.c index 3056a7b0db3..bd8d2f3a28f 100644 --- a/src/util/sss_iobuf.c +++ b/src/util/sss_iobuf.c @@ -30,7 +30,7 @@ struct sss_iobuf *sss_iobuf_init_empty(TALLOC_CTX *mem_ctx, return NULL; } - buf = talloc_zero_array(iobuf, uint8_t, size); + buf = talloc_array(iobuf, uint8_t, size); if (buf == NULL) { talloc_free(iobuf); return NULL; @@ -43,7 +43,6 @@ struct sss_iobuf *sss_iobuf_init_empty(TALLOC_CTX *mem_ctx, iobuf->data = buf; iobuf->size = size; iobuf->capacity = capacity; - iobuf->dp = 0; return iobuf; } @@ -80,7 +79,6 @@ struct sss_iobuf *sss_iobuf_init_steal(TALLOC_CTX *mem_ctx, iobuf->data = talloc_steal(iobuf, data); iobuf->size = size; iobuf->capacity = size; - iobuf->dp = 0; return iobuf; } diff --git a/src/util/sss_iobuf.h b/src/util/sss_iobuf.h index 159fbc0b9ff..01f0f45c8b3 100644 --- a/src/util/sss_iobuf.h +++ b/src/util/sss_iobuf.h @@ -23,6 +23,8 @@ struct sss_iobuf; * Use 0 for an 'unlimited' buffer that will grow * until SIZE_MAX/2. * + * @warning The allocated data storage will not be zeroed. + * * @return The newly created buffer on success or NULL on an error. * */ @@ -44,6 +46,8 @@ struct sss_iobuf *sss_iobuf_init_empty(TALLOC_CTX *mem_ctx, * data is copied into the iobuf-owned buffer. * @param[in] size The size of the data buffer * + * @warning The allocated data storage will not be zeroed. + * * @return The newly created buffer on success or NULL on an error. */ struct sss_iobuf *sss_iobuf_init_readonly(TALLOC_CTX *mem_ctx, From 78d0a97dee344201345dfabfc71e2cfc82ddc490 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Alejandro=20L=C3=B3pez?= <allopez@redhat.com> Date: Fri, 3 Nov 2023 18:03:39 +0100 Subject: [PATCH 219/280] KCM: Reduce the amount of memory allocated for the packages MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Some packages are being allocated to their maximum size, even though all that memory is not required. When the amount of memory needed is not know, We reduce the amount of memory allocated to the initial size defined by the KCM_PACKET_INITIAL_SIZE macro. The existing KCM_REPLY_MAX was replaced by KCM_PACKET_MAX_SIZE. Resolves: https://github.com/SSSD/sssd/issues/7014 Reviewed-by: Alexey Tikhonov <atikhono@redhat.com> Reviewed-by: Tomáš Halman <thalman@redhat.com> (cherry picked from commit fe6c35addee2cfd0c32021e4b079eec7575ca90c) --- src/responder/kcm/kcmsrv_cmd.c | 5 ----- src/responder/kcm/kcmsrv_ops.c | 15 +++++---------- src/responder/kcm/kcmsrv_ops.h | 13 +++++++++++++ 3 files changed, 18 insertions(+), 15 deletions(-) diff --git a/src/responder/kcm/kcmsrv_cmd.c b/src/responder/kcm/kcmsrv_cmd.c index 9b27bbdcc48..39da50a92ca 100644 --- a/src/responder/kcm/kcmsrv_cmd.c +++ b/src/responder/kcm/kcmsrv_cmd.c @@ -34,11 +34,6 @@ /* The return code is 32bits */ #define KCM_RETCODE_SIZE 4 -/* The maximum length of a request or reply as defined by the RPC - * protocol. This is the same constant size as MIT KRB5 uses - */ -#define KCM_PACKET_MAX_SIZE 10*1024*1024 - /* KCM operation, its raw input and raw output and result */ struct kcm_op_io { struct kcm_op *op; diff --git a/src/responder/kcm/kcmsrv_ops.c b/src/responder/kcm/kcmsrv_ops.c index dab96b486b6..8935a7932b0 100644 --- a/src/responder/kcm/kcmsrv_ops.c +++ b/src/responder/kcm/kcmsrv_ops.c @@ -32,11 +32,6 @@ #include "responder/kcm/kcmsrv_ops.h" #include "responder/kcm/kcmsrv_ccache.h" -/* This limit comes from: - * https://github.com/krb5/krb5/blob/master/src/lib/krb5/ccache/cc_kcm.c#L53 - */ -#define KCM_REPLY_MAX 10*1024*1024 - struct kcm_op_ctx { struct kcm_resp_ctx *kcm_data; struct kcm_conn_data *conn_data; @@ -114,8 +109,8 @@ struct tevent_req *kcm_cmd_send(TALLOC_CTX *mem_ctx, DEBUG(SSSDBG_TRACE_LIBS, "%zu bytes on KCM input\n", input->length); state->reply = sss_iobuf_init_empty(state, - KCM_REPLY_MAX, - KCM_REPLY_MAX); + KCM_PACKET_INITIAL_SIZE, + KCM_PACKET_MAX_SIZE); if (state->reply == NULL) { ret = ENOMEM; goto immediate; @@ -159,8 +154,8 @@ struct tevent_req *kcm_cmd_send(TALLOC_CTX *mem_ctx, */ state->op_ctx->reply = sss_iobuf_init_empty( state, - KCM_REPLY_MAX - 2*sizeof(uint32_t), - KCM_REPLY_MAX - 2*sizeof(uint32_t)); + KCM_PACKET_INITIAL_SIZE, + KCM_PACKET_MAX_SIZE - 2*sizeof(uint32_t)); if (state->op_ctx->reply == NULL) { ret = ENOMEM; goto immediate; @@ -879,7 +874,7 @@ static struct tevent_req *kcm_op_store_send(TALLOC_CTX *mem_ctx, DEBUG(SSSDBG_TRACE_LIBS, "Storing credentials for %s\n", name); creds_len = sss_iobuf_get_size(op_ctx->input) - strlen(name) -1; - if (creds_len > KCM_REPLY_MAX) { + if (creds_len > KCM_PACKET_MAX_SIZE) { /* Protects against underflows and in general adds sanity */ ret = E2BIG; goto immediate; diff --git a/src/responder/kcm/kcmsrv_ops.h b/src/responder/kcm/kcmsrv_ops.h index ab6c13791ba..5d803527e6d 100644 --- a/src/responder/kcm/kcmsrv_ops.h +++ b/src/responder/kcm/kcmsrv_ops.h @@ -29,6 +29,19 @@ #include "util/sss_iobuf.h" #include "responder/kcm/kcmsrv_pvt.h" +/* The initial packet size, which can later be grown up to KCM_PACKET_MAX_SIZE. + * The initial size is a trade off that is expected to best serve most of the + * cases (typical credentials size). + */ +#define KCM_PACKET_INITIAL_SIZE 4096 + +/* The maximum length of a request or reply as defined by the RPC + * protocol. This is the same constant size as MIT KRB5 uses + * This limit comes from: + * https://github.com/krb5/krb5/blob/c20251dafd6120fa08c76b19315cb9deb1a1b24e/src/lib/krb5/ccache/cc_kcm.c#L54 + */ +#define KCM_PACKET_MAX_SIZE 10*1024*1024 + struct kcm_op; struct kcm_op *kcm_get_opt(uint16_t opcode); const char *kcm_opt_name(struct kcm_op *op); From 60fde9d55cad8c6be016f9bced46980f12c24b8d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Alejandro=20L=C3=B3pez?= <allopez@redhat.com> Date: Tue, 7 Nov 2023 12:06:37 +0100 Subject: [PATCH 220/280] KCM: Do not zero memory when not need. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit A few more cases where memory is allocated and zeroed when it is not required. Reviewed-by: Alexey Tikhonov <atikhono@redhat.com> Reviewed-by: Tomáš Halman <thalman@redhat.com> (cherry picked from commit b4f9f63bd74722c543c7d2f3695f0d2351eba4c3) --- src/responder/kcm/kcmsrv_ccache.c | 4 ++-- src/responder/kcm/kcmsrv_ccache_binary.c | 2 +- src/responder/kcm/kcmsrv_cmd.c | 4 ++-- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/src/responder/kcm/kcmsrv_ccache.c b/src/responder/kcm/kcmsrv_ccache.c index 0c5c925cceb..6e4ea64e013 100644 --- a/src/responder/kcm/kcmsrv_ccache.c +++ b/src/responder/kcm/kcmsrv_ccache.c @@ -411,7 +411,7 @@ krb5_creds **kcm_cc_unmarshal(TALLOC_CTX *mem_ctx, count++; } - cred_list = talloc_zero_array(tmp_ctx, krb5_creds *, count + 1); + cred_list = talloc_array(tmp_ctx, krb5_creds *, count + 1); for (cred = kcm_cc_get_cred(cc); cred != NULL; cred = kcm_cc_next_cred(cred), i++) { cred_list[i] = kcm_cred_to_krb5(krb_context, cred); @@ -513,7 +513,7 @@ struct kcm_ccdb *kcm_ccdb_init(TALLOC_CTX *mem_ctx, ccdb->ops = &ccdb_secdb_ops; break; default: - DEBUG(SSSDBG_CRIT_FAILURE, "Unknown ccache database\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Unknown ccache database backend\n"); break; } diff --git a/src/responder/kcm/kcmsrv_ccache_binary.c b/src/responder/kcm/kcmsrv_ccache_binary.c index 3f89c4a3583..cc4191a1161 100644 --- a/src/responder/kcm/kcmsrv_ccache_binary.c +++ b/src/responder/kcm/kcmsrv_ccache_binary.c @@ -201,7 +201,7 @@ static errno_t bin_to_princ(TALLOC_CTX *mem_ctx, return ret; } - princ->data = talloc_zero_array(princ, krb5_data, princ->length); + princ->data = talloc_array(princ, krb5_data, princ->length); if (princ->length > 0 && princ->data == NULL) { return ENOMEM; } diff --git a/src/responder/kcm/kcmsrv_cmd.c b/src/responder/kcm/kcmsrv_cmd.c index 39da50a92ca..1f60d1a1425 100644 --- a/src/responder/kcm/kcmsrv_cmd.c +++ b/src/responder/kcm/kcmsrv_cmd.c @@ -275,7 +275,7 @@ static errno_t kcm_output_construct(TALLOC_CTX *mem_ctx, SAFEALIGN_SETMEM_UINT32(repbuf->rcbuf, 0, &c); if (replen > 0) { - rep = talloc_zero_array(mem_ctx, uint8_t, replen); + rep = talloc_array(mem_ctx, uint8_t, replen); if (rep == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, "Failed to allocate memory for the message\n"); @@ -437,7 +437,7 @@ static errno_t kcm_recv_data(TALLOC_CTX *mem_ctx, return E2BIG; } - msg = talloc_zero_array(mem_ctx, uint8_t, msglen); + msg = talloc_array(mem_ctx, uint8_t, msglen); if (msg == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, "Failed to allocate memory for the message\n"); From c5d04578837370239f1be4cadc02f0d10aa89853 Mon Sep 17 00:00:00 2001 From: Patrik Rosecky <prosecky@redhat.com> Date: Wed, 26 Jul 2023 12:04:04 +0200 Subject: [PATCH 221/280] Tests: converted alltests/test_default_debug_level MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com> Reviewed-by: Jakub Vávra <jvavra@redhat.com> (cherry picked from commit e9189052a46d28e6397686c28d744d5e45f1f72d) --- .../alltests/test_default_debug_level.py | 6 + .../system/tests/test_default_debug_level.py | 173 ++++++++++++++++++ 2 files changed, 179 insertions(+) create mode 100644 src/tests/system/tests/test_default_debug_level.py diff --git a/src/tests/multihost/alltests/test_default_debug_level.py b/src/tests/multihost/alltests/test_default_debug_level.py index 616d67c4477..ede9f205f14 100644 --- a/src/tests/multihost/alltests/test_default_debug_level.py +++ b/src/tests/multihost/alltests/test_default_debug_level.py @@ -20,6 +20,7 @@ @pytest.mark.defaultdebuglevel class TestDefaultDebugLevel(object): """ Check sssd default debug level """ + @pytest.mark.converted('test_default_debug_level.py', 'test_default_debug_level__check') @pytest.mark.tier1_4 def test_0001_check_default_debug_level(self, multihost, backupsssdconf): """ @@ -62,6 +63,7 @@ def test_0001_check_default_debug_level(self, multihost, backupsssdconf): debug_str1 = pattern2.search(log_single_line) assert debug_str1.group() == '(0x3f7c0)' + @pytest.mark.converted('test_default_debug_level.py', 'test_default_debug_level__check_with_login') @pytest.mark.tier1_4 def test_0002_check_default_level_with_auth(self, multihost, backupsssdconf): @@ -109,6 +111,7 @@ def test_0002_check_default_level_with_auth(self, multihost, assert ssh, f'{user} is not able to login' assert alog_size.stdout_text == blog_size.stdout_text + @pytest.mark.converted('test_default_debug_level.py', 'test_default_debug_level__fatal_and_critical_failures') @pytest.mark.tier2 def test_0003_bz1893159(self, multihost, backupsssdconf): """ @@ -149,6 +152,7 @@ def test_0003_bz1893159(self, multihost, backupsssdconf): if not find1.search(log_str) and not find2.search(log_str): assert False + @pytest.mark.converted('test_default_debug_level.py', 'test_default_debug_level__cannot_load_sssd_config') @pytest.mark.tier1_4 def test_0004_bz1893159(self, multihost, backupsssdconf): """ @@ -177,6 +181,7 @@ def test_0004_bz1893159(self, multihost, backupsssdconf): pattern = re.compile(r'SSSD couldn\'t load the configuration database') assert pattern.search(log_str) + @pytest.mark.converted('test_default_debug_level.py', 'test_default_debug_level__nonexisting_ldap_server') @pytest.mark.tier1_4 def test_bz1893159(self, multihost, backupsssdconf): """ @@ -204,6 +209,7 @@ def test_bz1893159(self, multihost, backupsssdconf): #check what is logged at default debug_level(2) assert find.search(log_str) + @pytest.mark.converted('test_default_debug_level.py', 'test_default_debug_level__sbus') @pytest.mark.tier1_4 def test_0005_bz1915319(self, multihost, backupsssdconf): """ diff --git a/src/tests/system/tests/test_default_debug_level.py b/src/tests/system/tests/test_default_debug_level.py new file mode 100644 index 00000000000..29fa9308a9f --- /dev/null +++ b/src/tests/system/tests/test_default_debug_level.py @@ -0,0 +1,173 @@ +""" +Automation for default debug level + +:requirement: SSSD - Default debug level +""" + +from __future__ import annotations + +import pytest +from sssd_test_framework.roles.client import Client +from sssd_test_framework.topology import KnownTopology + + +@pytest.mark.topology(KnownTopology.Client) +def test_default_debug_level__check(client: Client): + """ + :title: Check default debug level when sssd started successfully + :setup: + 1. Clear logs and cache + 2. Start SSSD with default debug level + :steps: + 1. Check log files + :expectedresults: + 1. "Starting with debug level = 0x0070" is in each file and + if log contains more than one line, log message with number "0x3f7c0" is stored + :customerscenario: False + """ + client.sssd.common.local() + client.sssd.default_domain = "local" + + client.sssd.clear(db=True, memcache=True, logs=True, config=False) + client.sssd.start(debug_level=None) + + for file in [client.sssd.logs.monitor, client.sssd.logs.domain(), client.sssd.logs.nss, client.sssd.logs.pam]: + log_str = client.fs.read(file) + assert "Starting with debug level = 0x0070" in log_str, f"Log file has wrong format: {log_str}" + + if len(log_str.split("\n")) > 1: + assert "(0x3f7c0)" in log_str, f"Log file has wrong format: {log_str}" + + +@pytest.mark.topology(KnownTopology.Client) +def test_default_debug_level__check_with_login(client: Client): + """ + :title: Successful login with default debug level doesn't generate any logs + :setup: + 1. Add local user, set its password + 2. Add fallback_homedir (generates extra logs on user auth if not specified) + 3. Clear cache and logs + :steps: + 1. Start SSSD with default debug level + 2. Authenticate with user + 3. Check that logs were not generated + :expectedresults: + 1. SSSD started successfully + 2. User is authenticated + 3. Diff of copy and logs is empty + :customerscenario: False + """ + + client.local.user("user1").add(password="Secret123") + client.sssd.common.local() + client.sssd.default_domain = "local" + client.sssd.domain["fallback_homedir"] = "/home/%%u" + + client.sssd.clear(db=True, memcache=True, logs=True, config=False) + client.sssd.start(debug_level=None) + + client.fs.copy("/var/log/sssd", "/tmp/copy") + assert client.auth.ssh.password("user1", "Secret123"), "Authentication failed" + assert not client.host.ssh.run("diff /var/log/sssd /tmp/copy").stdout, "Debug messages were generated" + + +@pytest.mark.ticket(bz=1893159) +@pytest.mark.topology(KnownTopology.Client) +def test_default_debug_level__fatal_and_critical_failures(client: Client): + """ + :title: Check that messages with levels 0 and 1 are logged for fatal or critical failures + :setup: + 1. Start SSSD with default debug level (config file is created) + 2. Restrict sssd.conf permissions + :steps: + 1. Restart sssd + 2. Check logs + :expectedresults: + 1. SSSD failed to start + 2. Fatal failures (level 0) and Critical failures (level 1) are in log file + :customerscenario: True + """ + client.sssd.common.local() + client.sssd.default_domain = "local" + client.sssd.start(debug_level=None) + client.fs.chmod(mode="444", path="/etc/sssd/sssd.conf") + + assert ( + client.sssd.restart(debug_level=None, raise_on_error=False, apply_config=False).rc != 0 + ), "SSSD started successfully, which is not expected" + + log_str = client.fs.read(client.sssd.logs.monitor) + assert "0x0010" in log_str, "Fatal failures were not found in log" + assert "0x0020" in log_str, "Critical failures were not found in log" + + +@pytest.mark.ticket(bz=1893159) +@pytest.mark.topology(KnownTopology.Client) +def test_default_debug_level__cannot_load_sssd_config(client: Client): + """ + :title: Check that messages with level 2 are logged when SSSD can't load config + :setup: + 1. Set 'domains' to 'non_existing_domain' in sssd section + :steps: + 1. Try to start SSSD with default debug level + 2. Check logs + :expectedresults: + 1. SSSD failed to start + 2. Correct error message is in log file + :customerscenario: True + """ + client.sssd.sssd["domains"] = "non_existing_domain" + assert ( + client.sssd.start(debug_level=None, raise_on_error=False).rc != 0 + ), "SSSD started successfully, which is not expected" + assert "SSSD couldn't load the configuration database" in client.fs.read(client.sssd.logs.monitor) + + +@pytest.mark.ticket(bz=1893159) +@pytest.mark.topology(KnownTopology.LDAP) +def test_default_debug_level__nonexisting_ldap_server(client: Client): + """ + :title: Check that messages with level 2 are logged when LDAP server doesn't exist + :setup: + 1. Set ldap_uri to a non-existing ldap-server + 2. Start sssd with default debug level + 3. Enable ifp responder + :steps: + 1. Check logs + 2. Check default domain status + :expectedresults: + 1. Domain logs should contain a log related to 'going offline' + 2. LDAP is not connected + :customerscenario: True + """ + client.sssd.domain["ldap_uri"] = "ldap://typo.invalid" + client.sssd.enable_responder("ifp") + client.sssd.start(debug_level=None, raise_on_error=False) + + logs = client.fs.read(client.sssd.logs.domain()) + assert "Failed to connect, going offline" in logs, "String was not found in the logs" + + assert client.sssd.default_domain, "default_domain is None" + res = client.sssctl.domain_status(client.sssd.default_domain) + assert "LDAP: not connected" in res.stdout + + +@pytest.mark.ticket(bz=1915319) +@pytest.mark.topology(KnownTopology.Client) +def test_default_debug_level__sbus(client: Client): + """ + :title: SBUS doesn't trigger failure message at modules startup + :setup: + 1. Start sssd with default debug level + :steps: + 1. Check logs + :expectedresults: + 1. "Unable to remove key" is not in the logs + :customerscenario: True + """ + client.sssd.common.local() + client.sssd.default_domain = "local" + client.sssd.start(debug_level=None) + + for file in [client.sssd.logs.monitor, client.sssd.logs.domain(), client.sssd.logs.nss, client.sssd.logs.pam]: + assert "Unable to remove key" not in client.fs.read(file), f"'Unable to remove key' was found in file: {file}" From ff520020c6c576fc670679a7f63940cf3beef85a Mon Sep 17 00:00:00 2001 From: Sumit Bose <sbose@redhat.com> Date: Tue, 28 Nov 2023 12:38:43 +0100 Subject: [PATCH 222/280] ci: make valgrind suppression more relaxed for test_ipa_subdomains_server MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Reviewed-by: Alexey Tikhonov <atikhono@redhat.com> Reviewed-by: Tomáš Halman <thalman@redhat.com> (cherry picked from commit e9e6d80e20fbf82c8b48ca4edbe2996018f7f7cd) --- contrib/ci/sssd.supp | 2 -- 1 file changed, 2 deletions(-) diff --git a/contrib/ci/sssd.supp b/contrib/ci/sssd.supp index 720e7333947..5d86049b705 100644 --- a/contrib/ci/sssd.supp +++ b/contrib/ci/sssd.supp @@ -171,8 +171,6 @@ fun:be_res_init fun:be_init_failover fun:test_ipa_server_create_trusts_setup - ... - fun:_cmocka_run_group_tests } # Leaks in bash if p11_child returns and error because due to libtool the From e03921e4be0516fcbc6b7ccb80967914eb28efb3 Mon Sep 17 00:00:00 2001 From: Sumit Bose <sbose@redhat.com> Date: Thu, 26 Oct 2023 14:09:48 +0200 Subject: [PATCH 223/280] nssidmap: fix sss_nss_getgrouplist_timeout() with empty secondary group list MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit sss_nss_getgrouplist_timeout() is intended as a replacement for getgrouplist() which only gets secondary groups from SSSD. Currently it returns an ENOENT error if there are no secondary groups returned by SSSD. However, as with getgrouplist(), there is the second parameter which expects a single GID which will be added to the result. This means that sss_nss_getgrouplist_timeout() will always return at least this GID as a result and an ENOENT error does not make sense. With this patch sss_nss_getgrouplist_timeout() will not return an error anymore if there are no secondary groups but just a result with the single GID from the second parameter. Reviewed-by: Alejandro López <allopez@redhat.com> Reviewed-by: Tomáš Halman <thalman@redhat.com> (cherry picked from commit cffe6e09c6b4cd8afa049365bbd432ace5d2a9d9) --- src/sss_client/idmap/sss_nss_ex.c | 5 ++-- src/tests/cmocka/sss_nss_idmap-tests.c | 32 ++++++++++++++++++++++++++ 2 files changed, 35 insertions(+), 2 deletions(-) diff --git a/src/sss_client/idmap/sss_nss_ex.c b/src/sss_client/idmap/sss_nss_ex.c index b5230d6b71d..24e2a6be917 100644 --- a/src/sss_client/idmap/sss_nss_ex.c +++ b/src/sss_client/idmap/sss_nss_ex.c @@ -241,8 +241,9 @@ static int sss_get_ex(struct nss_input *inp, uint32_t flags, /* Get number of results from repbuf. */ SAFEALIGN_COPY_UINT32(&num_results, repbuf, NULL); - /* no results if not found */ - if (num_results == 0) { + /* no results if not found, INITGR requests are handled separately */ + if (num_results == 0 && inp->cmd != SSS_NSS_INITGR + && inp->cmd != SSS_NSS_INITGR_EX) { ret = ENOENT; goto out; } diff --git a/src/tests/cmocka/sss_nss_idmap-tests.c b/src/tests/cmocka/sss_nss_idmap-tests.c index 880bab0e586..30b24a57eaa 100644 --- a/src/tests/cmocka/sss_nss_idmap-tests.c +++ b/src/tests/cmocka/sss_nss_idmap-tests.c @@ -30,6 +30,7 @@ #include "util/util.h" #include "util/sss_endian.h" +#define IPA_389DS_PLUGIN_HELPER_CALLS 1 #include "sss_client/idmap/sss_nss_idmap.h" #include "tests/cmocka/common_mock.h" @@ -50,6 +51,8 @@ uint8_t buf3[] = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x uint8_t buf4[] = {0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 't', 'e', 's', 't', 'x'}; uint8_t buf_orig1[] = {0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 'k', 'e', 'y', 0x00, 'v', 'a', 'l', 'u', 'e', 0x00}; + +uint8_t buf_initgr[] = {0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xde, 0x00, 0x00, 0x00}; #elif (__BYTE_ORDER == __BIG_ENDIAN) uint8_t buf1[] = {0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 't', 'e', 's', 't', 0x00}; uint8_t buf2[] = {0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 't', 'e', 's', 't', 0x00}; @@ -57,10 +60,14 @@ uint8_t buf3[] = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x uint8_t buf4[] = {0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 't', 'e', 's', 't', 'x'}; uint8_t buf_orig1[] = {0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 'k', 'e', 'y', 0x00, 'v', 'a', 'l', 'u', 'e', 0x00}; + +uint8_t buf_initgr[] = {0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xde}; #else #error "unknow endianess" #endif +uint8_t buf_initgr_no_gr[] = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}; + enum nss_status __wrap_sss_nss_make_request_timeout(enum sss_cli_command cmd, struct sss_cli_req_data *rd, int timeout, @@ -148,12 +155,37 @@ void test_getorigbyname(void **state) sss_nss_free_kv(kv_list); } +void test_sss_nss_getgrouplist_timeout(void **state) +{ + int ret; + gid_t groups[10]; + int ngroups = sizeof(groups); + struct sss_nss_make_request_test_data d = {buf_initgr, sizeof(buf_initgr), 0, NSS_STATUS_SUCCESS}; + + will_return(__wrap_sss_nss_make_request_timeout, &d); + ret = sss_nss_getgrouplist_timeout("test", 111, groups, &ngroups, 0, 0); + assert_int_equal(ret, EOK); + assert_int_equal(ngroups, 2); + assert_int_equal(groups[0], 111); + assert_int_equal(groups[1], 222); + + d.repbuf = buf_initgr_no_gr; + d.replen = sizeof(buf_initgr_no_gr); + + will_return(__wrap_sss_nss_make_request_timeout, &d); + ret = sss_nss_getgrouplist_timeout("test", 111, groups, &ngroups, 0, 0); + assert_int_equal(ret, EOK); + assert_int_equal(ngroups, 1); + assert_int_equal(groups[0], 111); +} + int main(int argc, const char *argv[]) { const struct CMUnitTest tests[] = { cmocka_unit_test(test_getsidbyname), cmocka_unit_test(test_getorigbyname), + cmocka_unit_test(test_sss_nss_getgrouplist_timeout), }; return cmocka_run_group_tests(tests, NULL, NULL); From 9a6ff9e7b082189023a79771857d8f56a0c5cac0 Mon Sep 17 00:00:00 2001 From: Sumit Bose <sbose@redhat.com> Date: Mon, 27 Nov 2023 18:51:09 +0100 Subject: [PATCH 224/280] pam: fix Smartcard auth with files provider It is expected that the files provider ignores the local_auth_policy option and supports Smartcard authentication by default. Reviewed-by: Alexey Tikhonov <atikhono@redhat.com> Reviewed-by: Justin Stephenson <jstephen@redhat.com> (cherry picked from commit 5e7cd889d6b2554e822370d2c962791d00f26278) --- src/man/sssd.conf.5.xml | 4 +++- src/responder/pam/pamsrv_cmd.c | 10 ++++++++++ src/tests/intg/test_pam_responder.py | 4 +++- 3 files changed, 16 insertions(+), 2 deletions(-) diff --git a/src/man/sssd.conf.5.xml b/src/man/sssd.conf.5.xml index 5a76a35980f..6de37b0a823 100644 --- a/src/man/sssd.conf.5.xml +++ b/src/man/sssd.conf.5.xml @@ -4031,7 +4031,9 @@ local_auth_policy = only </programlisting> </para> <para condition="with_files_provider"> - This option is ignored for the files provider. + It is expected that the <quote>files</quote> + provider ignores the local_auth_policy option and + supports Smartcard authentication by default. </para> <para> Default: match diff --git a/src/responder/pam/pamsrv_cmd.c b/src/responder/pam/pamsrv_cmd.c index 1b625e08a6a..c23ea7ba417 100644 --- a/src/responder/pam/pamsrv_cmd.c +++ b/src/responder/pam/pamsrv_cmd.c @@ -949,6 +949,16 @@ static errno_t pam_eval_local_auth_policy(TALLOC_CTX *mem_ctx, char **opts; size_t c; +#ifdef BUILD_FILES_PROVIDER + if (is_files_provider(preq->domain)) { + *_sc_allow = true; + *_passkey_allow = false; + *_local_policy = NULL; + + return EOK; + } +#endif + tmp_ctx = talloc_new(NULL); if (tmp_ctx == NULL) { return ENOMEM; diff --git a/src/tests/intg/test_pam_responder.py b/src/tests/intg/test_pam_responder.py index 81fffd11818..1fc3937e6f4 100644 --- a/src/tests/intg/test_pam_responder.py +++ b/src/tests/intg/test_pam_responder.py @@ -40,7 +40,7 @@ def provider_list(): if os.environ['FILES_PROVIDER'] == "enabled": - return ('files', 'proxy') + return ('files', 'files_with_policy', 'proxy') else: # The comma is required to indicate a list with the string 'proxy' as # only item, without it the string 'proxy' will be interpreted as list @@ -51,6 +51,8 @@ def provider_list(): class provider_switch: def __init__(self, p): if p == 'files': + self.p = "id_provider = files\nfallback_to_nss = False\n" + elif p == 'files_with_policy': self.p = "id_provider = files\nfallback_to_nss = False\nlocal_auth_policy = enable:smartcard\n" elif p == 'proxy': self.p = "id_provider = proxy\nlocal_auth_policy = only\nproxy_lib_name = call\n" From a8928a9adf1b527f0b455a1d8913ae7a136bb47f Mon Sep 17 00:00:00 2001 From: Madhuri Upadhye <mupadhye@redhat.com> Date: Fri, 12 May 2023 12:34:26 +0530 Subject: [PATCH 225/280] tests: add passkey tests for authentication failures MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Test cases are as follows: 4. Check auth deny for incorrect pin for LDAP, IPA, Ad and Samba. 5. Check auth deny for incorrect passkey mapping for LDAP, IPA, AD and Samba. 6. Check auth of user when server is not resolvable for IPA, LDAP, AD and Samba. Signed-off-by: Madhuri Upadhye <mupadhye@redhat.com> Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com> Reviewed-by: Jakub Vávra <jvavra@redhat.com> (cherry picked from commit f4c9d6efd6492ca32679aff1897b3d2593b9455d) --- .../passkey-mapping.ad | 1 + .../passkey-mapping.ipa | 1 + .../passkey-mapping.ldap | 1 + .../passkey-mapping.samba | 1 + .../umockdev.script.ad | 8 + .../umockdev.script.ipa | 8 + .../umockdev.script.ldap | 8 + .../umockdev.script.samba | 8 + .../passkey-mapping.ad | 1 + .../passkey-mapping.ipa | 1 + .../passkey-mapping.ldap | 1 + .../passkey-mapping.samba | 1 + .../umockdev.script.ad | 12 ++ .../umockdev.script.ipa | 12 ++ .../umockdev.script.ldap | 12 ++ .../umockdev.script.samba | 12 ++ .../passkey-mapping.ad | 1 + .../passkey-mapping.ipa | 1 + .../passkey-mapping.ldap | 1 + .../passkey-mapping.samba | 1 + .../umockdev.script.ad | 19 +++ .../umockdev.script.ipa | 22 +++ .../umockdev.script.ldap | 21 +++ .../umockdev.script.samba | 24 +++ src/tests/system/tests/test_passkey.py | 144 +++++++++++++++++- 25 files changed, 318 insertions(+), 4 deletions(-) create mode 100644 src/tests/system/data/test_passkey/test_passkey__su_fail_mapping/passkey-mapping.ad create mode 100644 src/tests/system/data/test_passkey/test_passkey__su_fail_mapping/passkey-mapping.ipa create mode 100644 src/tests/system/data/test_passkey/test_passkey__su_fail_mapping/passkey-mapping.ldap create mode 100644 src/tests/system/data/test_passkey/test_passkey__su_fail_mapping/passkey-mapping.samba create mode 100644 src/tests/system/data/test_passkey/test_passkey__su_fail_mapping/umockdev.script.ad create mode 100644 src/tests/system/data/test_passkey/test_passkey__su_fail_mapping/umockdev.script.ipa create mode 100644 src/tests/system/data/test_passkey/test_passkey__su_fail_mapping/umockdev.script.ldap create mode 100644 src/tests/system/data/test_passkey/test_passkey__su_fail_mapping/umockdev.script.samba create mode 100644 src/tests/system/data/test_passkey/test_passkey__su_fail_pin/passkey-mapping.ad create mode 100644 src/tests/system/data/test_passkey/test_passkey__su_fail_pin/passkey-mapping.ipa create mode 100644 src/tests/system/data/test_passkey/test_passkey__su_fail_pin/passkey-mapping.ldap create mode 100644 src/tests/system/data/test_passkey/test_passkey__su_fail_pin/passkey-mapping.samba create mode 100644 src/tests/system/data/test_passkey/test_passkey__su_fail_pin/umockdev.script.ad create mode 100644 src/tests/system/data/test_passkey/test_passkey__su_fail_pin/umockdev.script.ipa create mode 100644 src/tests/system/data/test_passkey/test_passkey__su_fail_pin/umockdev.script.ldap create mode 100644 src/tests/system/data/test_passkey/test_passkey__su_fail_pin/umockdev.script.samba create mode 100644 src/tests/system/data/test_passkey/test_passkey__su_srv_not_resolvable/passkey-mapping.ad create mode 100644 src/tests/system/data/test_passkey/test_passkey__su_srv_not_resolvable/passkey-mapping.ipa create mode 100644 src/tests/system/data/test_passkey/test_passkey__su_srv_not_resolvable/passkey-mapping.ldap create mode 100644 src/tests/system/data/test_passkey/test_passkey__su_srv_not_resolvable/passkey-mapping.samba create mode 100644 src/tests/system/data/test_passkey/test_passkey__su_srv_not_resolvable/umockdev.script.ad create mode 100644 src/tests/system/data/test_passkey/test_passkey__su_srv_not_resolvable/umockdev.script.ipa create mode 100644 src/tests/system/data/test_passkey/test_passkey__su_srv_not_resolvable/umockdev.script.ldap create mode 100644 src/tests/system/data/test_passkey/test_passkey__su_srv_not_resolvable/umockdev.script.samba diff --git a/src/tests/system/data/test_passkey/test_passkey__su_fail_mapping/passkey-mapping.ad b/src/tests/system/data/test_passkey/test_passkey__su_fail_mapping/passkey-mapping.ad new file mode 100644 index 00000000000..d3fd8436e84 --- /dev/null +++ b/src/tests/system/data/test_passkey/test_passkey__su_fail_mapping/passkey-mapping.ad @@ -0,0 +1 @@ +passkey:oducA9WSTrzBHX2gUKylRNl2PD2XCb4a7V0XJOtahqIX7wGcAugflvrVjbWG2JPTsLlVf+j/dmia7SNIVhK5AA==,MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEGEa7EktmUw4AOR6Y6r1W2zxXptQh3YaDNdvQEifZ3NpgRosVv+GS85uR3h6Ed1E7FtgfugwsZYeR8+9+GM6h8g== diff --git a/src/tests/system/data/test_passkey/test_passkey__su_fail_mapping/passkey-mapping.ipa b/src/tests/system/data/test_passkey/test_passkey__su_fail_mapping/passkey-mapping.ipa new file mode 100644 index 00000000000..d3fd8436e84 --- /dev/null +++ b/src/tests/system/data/test_passkey/test_passkey__su_fail_mapping/passkey-mapping.ipa @@ -0,0 +1 @@ +passkey:oducA9WSTrzBHX2gUKylRNl2PD2XCb4a7V0XJOtahqIX7wGcAugflvrVjbWG2JPTsLlVf+j/dmia7SNIVhK5AA==,MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEGEa7EktmUw4AOR6Y6r1W2zxXptQh3YaDNdvQEifZ3NpgRosVv+GS85uR3h6Ed1E7FtgfugwsZYeR8+9+GM6h8g== diff --git a/src/tests/system/data/test_passkey/test_passkey__su_fail_mapping/passkey-mapping.ldap b/src/tests/system/data/test_passkey/test_passkey__su_fail_mapping/passkey-mapping.ldap new file mode 100644 index 00000000000..e537dabdbcb --- /dev/null +++ b/src/tests/system/data/test_passkey/test_passkey__su_fail_mapping/passkey-mapping.ldap @@ -0,0 +1 @@ +passkey:aEgemlnC6a/WOoEZ8qU1YMwsTW9+uwmMsJnrgOXwTID0qIBHirzHp6d+e1d3WBhcSf7t9Ji8fl3AdSPtlbdN5Q==,MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAENwDQHwyZmnYaUEp0UNqqnw0tGOGnqOMBGdds6O3+JKbmmJGTn0vo7sKNNcDWDsFhJFU/RLWXmHXglxSo+yw9iQ== diff --git a/src/tests/system/data/test_passkey/test_passkey__su_fail_mapping/passkey-mapping.samba b/src/tests/system/data/test_passkey/test_passkey__su_fail_mapping/passkey-mapping.samba new file mode 100644 index 00000000000..e537dabdbcb --- /dev/null +++ b/src/tests/system/data/test_passkey/test_passkey__su_fail_mapping/passkey-mapping.samba @@ -0,0 +1 @@ +passkey:aEgemlnC6a/WOoEZ8qU1YMwsTW9+uwmMsJnrgOXwTID0qIBHirzHp6d+e1d3WBhcSf7t9Ji8fl3AdSPtlbdN5Q==,MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAENwDQHwyZmnYaUEp0UNqqnw0tGOGnqOMBGdds6O3+JKbmmJGTn0vo7sKNNcDWDsFhJFU/RLWXmHXglxSo+yw9iQ== diff --git a/src/tests/system/data/test_passkey/test_passkey__su_fail_mapping/umockdev.script.ad b/src/tests/system/data/test_passkey/test_passkey__su_fail_mapping/umockdev.script.ad new file mode 100644 index 00000000000..3f04d19aec5 --- /dev/null +++ b/src/tests/system/data/test_passkey/test_passkey__su_fail_mapping/umockdev.script.ad @@ -0,0 +1,8 @@ +d 0 /dev/hidraw1 + +w 4 ^@^@^H^A^A^A^A^A^A^A^A^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 3 ^@^Q^A^A^A^A^A^A^A^A^[.^B^E^D^C^E^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 3 ^@^[.^@^A^D^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 2 ^[.^@^@^AfU2F_V2hFIDO_2_0lFIDO_2_1_PRE^BkcredProtectkhmac-secr^[.^@et^CP/W^SG^VZ *^DbrkbupdplaticlientPinucredentialM^[.^AgmtPreview^E^Y^D^F^B^A^G^H^H^X^Icnfccusb^Jcalg&dtypejpublic-key^[.^Bcalg'dtypejpublic-key^M^D^N^Z^@^E^D^C^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 4 ^@^[.^@^B^Agad.test^BX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^CbidX@ۜ^@^[.^@^CՒN^]}PDv<=^I^Z]^W$Z^W^A^B^_ՍؓӰUvh#HV^R^@^[.^A^@dtypejpublic-key^Ebup^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 7 ^[.^@^A.^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ \ No newline at end of file diff --git a/src/tests/system/data/test_passkey/test_passkey__su_fail_mapping/umockdev.script.ipa b/src/tests/system/data/test_passkey/test_passkey__su_fail_mapping/umockdev.script.ipa new file mode 100644 index 00000000000..8f1039f7cc1 --- /dev/null +++ b/src/tests/system/data/test_passkey/test_passkey__su_fail_mapping/umockdev.script.ipa @@ -0,0 +1,8 @@ +d 0 /dev/hidraw1 + +w 5 ^@^@^H^A^A^A^A^A^A^A^A^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 2 ^@^Q^A^A^A^A^A^A^A^A^L^B^E^D^C^E^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 2 ^@^LҐ^@^A^D^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 2 ^LҐ^@^@^AfU2F_V2hFIDO_2_0lFIDO_2_1_PRE^BkcredProtectkhmac-secr^L^@et^CP/W^SG^VZ *^DbrkbupdplaticlientPinucredentialM^L^AgmtPreview^E^Y^D^F^B^A^G^H^H^X^Icnfccusb^Jcalg&dtypejpublic-key^L^Bcalg'dtypejpublic-key^M^D^N^Z^@^E^D^C^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 1 ^@^LҐ^@^B^Ahipa.test^BX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^CbidX@^@^L^@^CՒN^]}PDv<=^I^Z]^W$Z^W^A^B^_ՍؓӰUvh#HV^@^L^A^R^@dtypejpublic-key^Ebup^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 6 ^LҐ^@^A.^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ \ No newline at end of file diff --git a/src/tests/system/data/test_passkey/test_passkey__su_fail_mapping/umockdev.script.ldap b/src/tests/system/data/test_passkey/test_passkey__su_fail_mapping/umockdev.script.ldap new file mode 100644 index 00000000000..4d9aa650c51 --- /dev/null +++ b/src/tests/system/data/test_passkey/test_passkey__su_fail_mapping/umockdev.script.ldap @@ -0,0 +1,8 @@ +d 0 /dev/hidraw1 + +w 4 ^@^@^H^A^A^A^A^A^A^A^A^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 3 ^@^Q^A^A^A^A^A^A^A^A^B^E^D^C^E^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 1 ^@^@^A^D^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 2 ^@^@^AfU2F_V2hFIDO_2_0lFIDO_2_1_PRE^BkcredProtectkhmac-secr^@et^CP/W^SG^VZ *^DbrkbupdplaticlientPinucredentialM^AgmtPreview^E^Y^D^F^B^A^G^H^H^X^Icnfccusb^Jcalg&dtypejpublic-key^Bcalg'dtypejpublic-key^M^D^N^Z^@^E^D^C^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 2 ^@^@^B^Adtest^BX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^CbidX@hH^^Y^@^@:^Y5`,Mo~^ILGǧ~{WwX^X\I~]u#핷Md^@^Atypejpublic-key^Ebup^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 7 ^@^A.^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ \ No newline at end of file diff --git a/src/tests/system/data/test_passkey/test_passkey__su_fail_mapping/umockdev.script.samba b/src/tests/system/data/test_passkey/test_passkey__su_fail_mapping/umockdev.script.samba new file mode 100644 index 00000000000..dfff5d24fb5 --- /dev/null +++ b/src/tests/system/data/test_passkey/test_passkey__su_fail_mapping/umockdev.script.samba @@ -0,0 +1,8 @@ +d 0 /dev/hidraw1 + +w 2 ^@^@^H^A^A^A^A^A^A^A^A^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 3 ^@^Q^A^A^A^A^A^A^A^A+W^B^E^D^C^E^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 1 ^@+W^@^A^D^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 3 +W^@^@^AfU2F_V2hFIDO_2_0lFIDO_2_1_PRE^BkcredProtectkhmac-secr+W^@et^CP/W^SG^VZ *^DbrkbupdplaticlientPinucredentialM+W^AgmtPreview^E^Y^D^F^B^A^G^H^H^X^Icnfccusb^Jcalg&dtypejpublic-key+W^Bcalg'dtypejpublic-key^M^D^N^Z^@^E^D^C^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 4 ^@+W^@^B^Ajsamba.test^BX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^CbidX@^@+W^@hH^^Y:^Y5`,Mo~^ILGǧ~{WwX^X\I~]u#^@+W^A핷Mdtypejpublic-key^Ebup^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 7 +W^@^A.^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ \ No newline at end of file diff --git a/src/tests/system/data/test_passkey/test_passkey__su_fail_pin/passkey-mapping.ad b/src/tests/system/data/test_passkey/test_passkey__su_fail_pin/passkey-mapping.ad new file mode 100644 index 00000000000..1091d550c1f --- /dev/null +++ b/src/tests/system/data/test_passkey/test_passkey__su_fail_pin/passkey-mapping.ad @@ -0,0 +1 @@ +passkey:KyF+ut3E2PHwuaQK/7fXo5ffpgp8IB1R+8WybEXhg9x9/Gl4T08CV5sT3FhaAN3HVJ3Jxren3mcg5fgwlKSlWA==,MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEO2opNUQmqFOGg5s7ONAvwuipDEnSVjqbuKAUS5wBgM8W5tUQACnIs3mNXoriBVNn4kfoyBy3lVHCNxiPh97IgA== diff --git a/src/tests/system/data/test_passkey/test_passkey__su_fail_pin/passkey-mapping.ipa b/src/tests/system/data/test_passkey/test_passkey__su_fail_pin/passkey-mapping.ipa new file mode 100644 index 00000000000..915689bd654 --- /dev/null +++ b/src/tests/system/data/test_passkey/test_passkey__su_fail_pin/passkey-mapping.ipa @@ -0,0 +1 @@ +passkey:NUZMRUXIb/W8Ij1GqwCDHSCWxt/SxWxckwtQjLYi/X6Y1qZFB+HI8WO6khzAjzsz248kHbaeAf9qfmqfCky1Jg==,MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIasAa8ogjPCKXeA4KY3t0W3xBRmG+E4D+MNoRIAJrYuNLSYtAcOL7DCbIfgc+7c5Y4Mh/FzoEyeumKGYMoyTfg== diff --git a/src/tests/system/data/test_passkey/test_passkey__su_fail_pin/passkey-mapping.ldap b/src/tests/system/data/test_passkey/test_passkey__su_fail_pin/passkey-mapping.ldap new file mode 100644 index 00000000000..82d76d9b590 --- /dev/null +++ b/src/tests/system/data/test_passkey/test_passkey__su_fail_pin/passkey-mapping.ldap @@ -0,0 +1 @@ +passkey:mQEUTWdtDJPELQNTDdxXNHlfIO1qXFf0LVZjWEfyDALFzvLZ4e4XD5bemqq+o3ThrzT6k1I1n3Z2N00GvLSmjQ==,MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEqk7K5VAI7Evr4ar8X82L/sxm/Bnm5Ti31xnLfGO0BipwHucw8+/wT4+6T9j5gdMwZKUcXR4BILpmULEyrcZUfw== diff --git a/src/tests/system/data/test_passkey/test_passkey__su_fail_pin/passkey-mapping.samba b/src/tests/system/data/test_passkey/test_passkey__su_fail_pin/passkey-mapping.samba new file mode 100644 index 00000000000..7c59d41c14b --- /dev/null +++ b/src/tests/system/data/test_passkey/test_passkey__su_fail_pin/passkey-mapping.samba @@ -0,0 +1 @@ +passkey:8Pob9IlseyKTRqxWtSB+4+nQmX/AioWH851f8u700UZhllaColWx5vCjfBBKuLORLKjbuW8OxCsSWFcPAUMvdA==,MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAElOYokAR0Co/jZYxMDOywmZgQKJFvTRyPj19XRhZndOt7+QEqCFgwYt73XxQakVrWyO+TNQbhTMp3Q5saz3s0hA== diff --git a/src/tests/system/data/test_passkey/test_passkey__su_fail_pin/umockdev.script.ad b/src/tests/system/data/test_passkey/test_passkey__su_fail_pin/umockdev.script.ad new file mode 100644 index 00000000000..4283810b71d --- /dev/null +++ b/src/tests/system/data/test_passkey/test_passkey__su_fail_pin/umockdev.script.ad @@ -0,0 +1,12 @@ +d 0 /dev/hidraw1 + +w 3 ^@^@^H^A^A^A^A^A^A^A^A^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 3 ^@^Q^A^A^A^A^A^A^A^A^H;^B^E^D^C^E^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 1 ^@^H;^@^A^D^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 3 ^H;^@^@^AfU2F_V2hFIDO_2_0lFIDO_2_1_PRE^BkcredProtectkhmac-secr^H;^@et^CP/W^SG^VZ *^DbrkbupdplaticlientPinucredentialM^H;^AgmtPreview^E^Y^D^F^B^A^G^H^H^X^Icnfccusb^Jcalg&dtypejpublic-key^H;^Bcalg'dtypejpublic-key^M^D^N^Z^@^E^D^C^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 1 ^@^H;^@^B^Agad.test^BX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^CbidX@+!~^@^H;^@^Jףߦ^J| ^]QŲlE}ixOO^BW^SXZ^@TƷg 0^@^H;^AXdtypejpublic-key^Ebup^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 82 ^H;^@^@^AbidX@+!~^Jףߦ^J| ^]QŲlE}ixOO^BW^SXZ^@^H;^@TƷg 0Xdtypejpublic-key^BX%fCȣ܀ɽ5~^G^A-YD^H;^AA,K!^@^@^@^@^N^CXF0D^B w'G9?^_H^O_.LӜوx".^Ps*^L^B e<X^H;^BrbEe3ª{^EM^@tTK^@a^W^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 7 ^@^H;^@^F^F^A^B^B^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 3 ^H;^@Q^@^A^A^B^C8^X ^A!X tV~EWpC~$z>Gqu|^W^Iw"X A^H;^@n^L}~2P浐^G|^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 7 ^@^H;^@x^F^A^B^B^E^C^A^B^C8^X ^A!X 3B1ˠ^S^\^Ev,^P<Rij,Q\b"X [^M^J^@^H;^@G85Q\^\^U^EQ!^FX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^AV^`ϊ32^D\^@^H;^A^Vpcx^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 315 ^H;^@^A1^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ \ No newline at end of file diff --git a/src/tests/system/data/test_passkey/test_passkey__su_fail_pin/umockdev.script.ipa b/src/tests/system/data/test_passkey/test_passkey__su_fail_pin/umockdev.script.ipa new file mode 100644 index 00000000000..46fee2c38a2 --- /dev/null +++ b/src/tests/system/data/test_passkey/test_passkey__su_fail_pin/umockdev.script.ipa @@ -0,0 +1,12 @@ +d 0 /dev/hidraw1 + +w 3 ^@^@^H^A^A^A^A^A^A^A^A^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 2 ^@^Q^A^A^A^A^A^A^A^A%^B^E^D^C^E^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 2 ^@%^@^A^D^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 2 %^@^@^AfU2F_V2hFIDO_2_0lFIDO_2_1_PRE^BkcredProtectkhmac-secr%^@et^CP/W^SG^VZ *^DbrkbupdplaticlientPinucredentialM%^AgmtPreview^E^Y^D^F^B^A^G^H^H^X^Icnfccusb^Jcalg&dtypejpublic-key%^Bcalg'dtypejpublic-key^M^D^N^Z^@^E^D^C^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 2 ^@%^@^B^Ahipa.test^BX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^CbidX@5F^@%^@LEEo"=F^@^] l\^KP"~֦E^Gc^\;3ۏ$^]^Aj~j^J^@%^AL&dtypejpublic-key^Ebup^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 83 %^@^@^AbidX@5FLEEo"=F^@^] l\^KP"~֦E^Gc^\;3%^@ۏ$^]^Aj~j^JL&dtypejpublic-key^BX%^@|Dږ^Qx??d^Q/N4/o%^AC}.[^@^@^@^@D^CXG0E^B ^U^DWq^RDB^IU0@^C*2^[mi^N渘^B!^@ȗ%^B^Qk^Zцm^^^_^[8^Klv^L]^Qj^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 7 ^@%^@^F^F^A^B^B^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 2 %^@Q^@^A^A^B^C8^X ^A!X Zlf/@j^D^Nr3Qnޜ^VɄLix4ޤ"X t^A^L%^@^_w^G^KzD^O^V^\gX^KۨeW^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 6 ^@%^@x^F^A^B^B^E^C^A^B^C8^X ^A!X 3B1ˠ^S^\^Ev,^P<Rij,Q\b"X [^M^J^@%^@G85Q\^\^U^EQ!^FX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^AiZ^C?^PR11^@%^A^P^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 314 %^@^A1^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ \ No newline at end of file diff --git a/src/tests/system/data/test_passkey/test_passkey__su_fail_pin/umockdev.script.ldap b/src/tests/system/data/test_passkey/test_passkey__su_fail_pin/umockdev.script.ldap new file mode 100644 index 00000000000..bba0c2e1679 --- /dev/null +++ b/src/tests/system/data/test_passkey/test_passkey__su_fail_pin/umockdev.script.ldap @@ -0,0 +1,12 @@ +d 0 /dev/hidraw1 + +w 3 ^@^@^H^A^A^A^A^A^A^A^A^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 3 ^@^Q^A^A^A^A^A^A^A^A^B^E^D^C^E^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 1 ^@^@^A^D^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 3 ^@^@^AfU2F_V2hFIDO_2_0lFIDO_2_1_PRE^BkcredProtectkhmac-secr^@et^CP/W^SG^VZ *^DbrkbupdplaticlientPinucredentialM^AgmtPreview^E^Y^D^F^B^A^G^H^H^X^Icnfccusb^Jcalg&dtypejpublic-key^Bcalg'dtypejpublic-key^M^D^N^Z^@^E^D^C^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 1 ^@^@^B^Adtest^BX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^CbidX@^A^TMgm^@^@^L-^CS^MW4y_ j\W-VcXG^L^B^W^Oޚt4R5vv7M^Fd^@^Atypejpublic-key^Ebup^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 83 ^@^@^AbidX@^A^TMgm^L-^CS^MW4y_ j\W-VcXG^L^B^W^Oޚtᗘ^@4R5vv7M^Fdtypejpublic-key^BX%ЁL}e/Z^UO^[+^K,^A]l^U^J^H^@^@^@^@^Q^CXG0E^B ^BgR+X[6E]@^J;q0Q$^I^A;Y^B!^@T }^Bx7G^^8^]^I/վ$"^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 5 ^@^@^F^F^A^B^B^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 3 ^@Q^@^A^A^B^C8^X ^A!X ^A^`5'K<:^R^RP'rI2?^^ɘ^GgEs"X Zb^FNe^@e^X0W^L^G)>)=0M^J^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 5 ^@^@x^F^A^B^B^E^C^A^B^C8^X ^A!X 3B1ˠ^S^\^Ev,^P<Rij,Q\b"X [^M^J^@^@G85Q\^\^U^EQ!^FX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^AZ^\^K_߹^Y^@^A^M^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 315 ^@^A1^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ \ No newline at end of file diff --git a/src/tests/system/data/test_passkey/test_passkey__su_fail_pin/umockdev.script.samba b/src/tests/system/data/test_passkey/test_passkey__su_fail_pin/umockdev.script.samba new file mode 100644 index 00000000000..35306317d6a --- /dev/null +++ b/src/tests/system/data/test_passkey/test_passkey__su_fail_pin/umockdev.script.samba @@ -0,0 +1,12 @@ +d 0 /dev/hidraw1 + +w 3 ^@^@^H^A^A^A^A^A^A^A^A^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 3 ^@^Q^A^A^A^A^A^A^A^A^\k^B^E^D^C^E^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 1 ^@^\k^@^A^D^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 3 ^\k^@^@^AfU2F_V2hFIDO_2_0lFIDO_2_1_PRE^BkcredProtectkhmac-secr^\k^@et^CP/W^SG^VZ *^DbrkbupdplaticlientPinucredentialM^\k^AgmtPreview^E^Y^D^F^B^A^G^H^H^X^Icnfccusb^Jcalg&dtypejpublic-key^\k^Bcalg'dtypejpublic-key^M^D^N^Z^@^E^D^C^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 1 ^@^\k^@^B^Ajsamba.test^BX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^CbidX@^@^\k^@^[l{"FV ~Й_FaVU|^PJ,۹o^N+^RXW^@^\k^A^O^AC/tdtypejpublic-key^Ebup^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 83 ^\k^@^@^AbidX@^[l{"FV ~Й_FaVU|^PJ^\k^@,۹o^N+^RXW^O^AC/tdtypejpublic-key^BX% ^S@^_n1n;Qm\<ִ>^\k^A`^_W^@^@^@^@^S^CXH0F^B!^@ݟD^D#yZ^WmT^`^`'/^X^B!^@@^\k^BGȰ^\nL}^Wi]~$^Q応-L^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 7 ^@^\k^@^F^F^A^B^B^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 3 ^\k^@Q^@^A^A^B^C8^X ^A!X ^H&I0n<?^A^GxD|'b ^_4Ӏ+k"X d.R6{/^\k^@^P:e^E@^C[^LI^H^M&^E^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 7 ^@^\k^@x^F^A^B^B^E^C^A^B^C8^X ^A!X 3B1ˠ^S^\^Ev,^P<Rij,Q\b"X [^M^J^@^\k^@G85Q\^\^U^EQ!^FX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^P=>^Rr^@^\k^A^Y^V7^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 315 ^\k^@^A1^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ \ No newline at end of file diff --git a/src/tests/system/data/test_passkey/test_passkey__su_srv_not_resolvable/passkey-mapping.ad b/src/tests/system/data/test_passkey/test_passkey__su_srv_not_resolvable/passkey-mapping.ad new file mode 100644 index 00000000000..09d9143aa26 --- /dev/null +++ b/src/tests/system/data/test_passkey/test_passkey__su_srv_not_resolvable/passkey-mapping.ad @@ -0,0 +1 @@ +passkey:gTCY4fqy2IkM6hfMpU338SCmA5YpDpggvE/XQzwbv37wlyYVlkbLRSmBtaq9c72pWYgICpP2pQ4nHRSFL2EnWg==,MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEOtoQygv+wabIV8/48bdy5d0Wx9+q3kMrgd1buJVaM5XZqccQIC8CGr2pE3dPui9HgDiXrMH9Jp0W37hzHkoN0Q== diff --git a/src/tests/system/data/test_passkey/test_passkey__su_srv_not_resolvable/passkey-mapping.ipa b/src/tests/system/data/test_passkey/test_passkey__su_srv_not_resolvable/passkey-mapping.ipa new file mode 100644 index 00000000000..e529e2ee905 --- /dev/null +++ b/src/tests/system/data/test_passkey/test_passkey__su_srv_not_resolvable/passkey-mapping.ipa @@ -0,0 +1 @@ +passkey:NUZMRUXIb/W8Ij1GqwCDHSCWxt/SxWxckwtQjLYi/X6Y1qZFB+HI8WO6khzAjzsz248kHbaeAf9qfmqfCky1Jg==,MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIasAa8ogjPCKXeA4KY3t0W3xBRmG+E4D+MNoRIAJrYuNLSYtAcOL7DCbIfgc+7c5Y4Mh/FzoEyeumKGYMoyTfg== \ No newline at end of file diff --git a/src/tests/system/data/test_passkey/test_passkey__su_srv_not_resolvable/passkey-mapping.ldap b/src/tests/system/data/test_passkey/test_passkey__su_srv_not_resolvable/passkey-mapping.ldap new file mode 100644 index 00000000000..27dbfd9af40 --- /dev/null +++ b/src/tests/system/data/test_passkey/test_passkey__su_srv_not_resolvable/passkey-mapping.ldap @@ -0,0 +1 @@ +passkey:mQEUTWdtDJPELQNTDdxXNHlfIO1qXFf0LVZjWEfyDALFzvLZ4e4XD5bemqq+o3ThrzT6k1I1n3Z2N00GvLSmjQ==,MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEqk7K5VAI7Evr4ar8X82L/sxm/Bnm5Ti31xnLfGO0BipwHucw8+/wT4+6T9j5gdMwZKUcXR4BILpmULEyrcZUfw== \ No newline at end of file diff --git a/src/tests/system/data/test_passkey/test_passkey__su_srv_not_resolvable/passkey-mapping.samba b/src/tests/system/data/test_passkey/test_passkey__su_srv_not_resolvable/passkey-mapping.samba new file mode 100644 index 00000000000..dcb10169614 --- /dev/null +++ b/src/tests/system/data/test_passkey/test_passkey__su_srv_not_resolvable/passkey-mapping.samba @@ -0,0 +1 @@ +passkey:hC0IJlIg4qam+vV70L15N1a8xVgha+0S6G7Z8HgHmIgB9lKqxbMhd0PRdEgMbhLDr7wSKIGXLqz+SDL0SWwmMA==,MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEWSie9EywMxDpJFfZ0BxSTj6clviNWvRKTpBXS34TW+CtZnbYRBVmWTFX15gcNtyLI+tObWR0jcYmIoJGFy4oEQ== diff --git a/src/tests/system/data/test_passkey/test_passkey__su_srv_not_resolvable/umockdev.script.ad b/src/tests/system/data/test_passkey/test_passkey__su_srv_not_resolvable/umockdev.script.ad new file mode 100644 index 00000000000..35230af49bc --- /dev/null +++ b/src/tests/system/data/test_passkey/test_passkey__su_srv_not_resolvable/umockdev.script.ad @@ -0,0 +1,19 @@ +d 0 /dev/hidraw1 + +w 4 ^@^@^H^A^A^A^A^A^A^A^A^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 2 ^@^Q^A^A^A^A^A^A^A^A^Y^Zo^B^E^D^C^E^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 1 ^@^Y^Zo^@^A^D^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 3 ^Y^Zo^@^@^AfU2F_V2hFIDO_2_0lFIDO_2_1_PRE^BkcredProtectkhmac-secr^Y^Zo^@et^CP/W^SG^VZ *^DbrkbupdplaticlientPinucredentialM^Y^Zo^AgmtPreview^E^Y^D^F^B^A^G^H^H^X^Icnfccusb^Jcalg&dtypejpublic-key^Y^Zo^Bcalg'dtypejpublic-key^M^D^N^Z^@^E^D^C^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 2 ^@^Y^Zo^@^B^Agad.test^BX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^CbidX@0^@^Y^Zo^@؉^L^W̥M ^C)^N OC<^[~&^UFE)sY^H^J^N'^]^T/a^@^Y^Zo^A'Zdtypejpublic-key^Ebup^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 82 ^Y^Zo^@^@^AbidX@0؉^L^W̥M ^C)^N OC<^[~&^UFE)s^Y^Zo^@Y^H^J^N'^]^T/a'Zdtypejpublic-key^BX%fCȣ܀ɽ5~^G^A-YD^Y^Zo^AA,K!^@^@^@^@^I^CXG0E^B!^@m\^C!t:Ý|^^QS#l=^J^B z'ǯ^Y^Zo^B[?^\[^R^FCB_>p^Te%õpj^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 5 ^@^Y^Zo^@^F^F^A^B^B^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 3 ^Y^Zo^@Q^@^A^A^B^C8^X ^A!X 44^X^K0@g(^T^OZQ7^Do"X &i^\df^Y^Zo^@^O^_^O^L*U.^Y1`oAw^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 5 ^@^Y^Zo^@x^F^A^B^B^E^C^A^B^C8^X ^A!X 3B1ˠ^S^\^Ev,^P<Rij,Q\b"X [^M^J^@^Y^Zo^@G85Q\^\^U^EQ!^FX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^AB@DM^@&ʺ^@^Y^Zo^Aژ^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 79 ^Y^Zo^@5^@^BX0$Q^B^G1_`dr^M3kZ^JDyQѫ"-^Q L^J^Ro^^'^@^@^@^@ +w 4 ^@^Y^Zo^@^B^Agad.test^BX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^CbidX@0^@^Y^Zo^@؉^L^W̥M ^C)^N OC<^[~&^UFE)sY^H^J^N'^]^T/a^@^Y^Zo^A'Zdtypejpublic-key^Ebup^FX ]uր^V)e&$r^@*k>^@^Y^Zo^B^G^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 244 ^Y^Zo^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 ^Y^Zo^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 290 ^Y^Zo^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 ^Y^Zo^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 ^Y^Zo^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 ^Y^Zo^@^A^A^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^Y^Zo^@^@^AbidX@0؉^L^W̥M ^C)^N OC<^[~&^UFE)s^Y^Zo^@Y^H^J^N'^]^T/a'Zdtypejpublic-key^BX%fCȣ܀ɽ5~^G^A-YD^Y^Zo^AA,K!^E^@^@^@^M^CXF0D^B CpQl^S];[(Ei#{"BY^Uܥ^B^B ;']>^Y^Zo^B^A^F^]?u;࿙^U߄9^O^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ \ No newline at end of file diff --git a/src/tests/system/data/test_passkey/test_passkey__su_srv_not_resolvable/umockdev.script.ipa b/src/tests/system/data/test_passkey/test_passkey__su_srv_not_resolvable/umockdev.script.ipa new file mode 100644 index 00000000000..1bc651a4465 --- /dev/null +++ b/src/tests/system/data/test_passkey/test_passkey__su_srv_not_resolvable/umockdev.script.ipa @@ -0,0 +1,22 @@ +d 0 /dev/hidraw1 + +w 3 ^@^@^H^A^A^A^A^A^A^A^A^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 3 ^@^Q^A^A^A^A^A^A^A^Ap^B^E^D^C^E^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 1 ^@p^@^A^D^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 3 p^@^@^AfU2F_V2hFIDO_2_0lFIDO_2_1_PRE^BkcredProtectkhmac-secrp^@et^CP/W^SG^VZ *^DbrkbupdplaticlientPinucredentialMp^AgmtPreview^E^Y^D^F^B^A^G^H^H^X^Icnfccusb^Jcalg&dtypejpublic-keyp^Bcalg'dtypejpublic-key^M^D^N^Z^@^E^D^C^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 1 ^@p^@^B^Ahipa.test^BX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^CbidX@5F^@p^@LEEo"=F^@^] l\^KP"~֦E^Gc^\;3ۏ$^]^Aj~j^J^@p^AL&dtypejpublic-key^Ebup^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 83 p^@^@^AbidX@5FLEEo"=F^@^] l\^KP"~֦E^Gc^\;3p^@ۏ$^]^Aj~j^JL&dtypejpublic-key^BX%^@|Dږ^Qx??d^Q/N4/op^AC}.[^@^@^@^@^X^CXG0E^B!^@m$^MJ*;\^V=tjx9cа,^B kYp^B^_^GnrT": *^L^Rwr]!Zxf^C^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 5 ^@p^@^F^F^A^B^B^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 3 p^@Q^@^A^A^B^C8^X ^A!X ^_9;^CEBQ&(W3h^]F^A%"X ^^s5p^@o6^@izdF m+35^P^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 5 ^@p^@x^F^A^B^B^E^C^A^B^C8^X ^A!X 3B1ˠ^S^\^Ev,^P<Rij,Q\b"X [^M^J^@p^@G85Q\^\^U^EQ!^FX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A2asչ^T"tw^@p^Aq^K^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 79 p^@5^@^BX0޺^Y<l^Qűk^B^A^`^Z^G^^^Fcޞ^Si^J^Erߨ]^@^@^@^@ +w 1 ^@p^@^B^Ahipa.test^BX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^CbidX@5F^@p^@LEEo"=F^@^] l\^KP"~֦E^Gc^\;3ۏ$^]^Aj~j^J^@p^AL&dtypejpublic-key^Ebup^FX ȎRJs>7DB1f_о*^@p^BL^G^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 285 p^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 290 p^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 p^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 p^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 p^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 290 p^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 p^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 p^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 174 p^@^@^AbidX@5FLEEo"=F^@^] l\^KP"~֦E^Gc^\;3p^@ۏ$^]^Aj~j^JL&dtypejpublic-key^BX%^@|Dږ^Qx??d^Q/N4/op^AC}.[^E^@^@^@^\^CXG0E^B Eo]Wk%^H$-^W^BR^`x^P׀^B!^@ёqp^Bu9\^ZKR&>/͎[`t,^^eg^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ \ No newline at end of file diff --git a/src/tests/system/data/test_passkey/test_passkey__su_srv_not_resolvable/umockdev.script.ldap b/src/tests/system/data/test_passkey/test_passkey__su_srv_not_resolvable/umockdev.script.ldap new file mode 100644 index 00000000000..db026662951 --- /dev/null +++ b/src/tests/system/data/test_passkey/test_passkey__su_srv_not_resolvable/umockdev.script.ldap @@ -0,0 +1,21 @@ +d 0 /dev/hidraw1 + +w 4 ^@^@^H^A^A^A^A^A^A^A^A^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 2 ^@^Q^A^A^A^A^A^A^A^A^S=^B^E^D^C^E^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 2 ^@^S=^@^A^D^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 2 ^S=^@^@^AfU2F_V2hFIDO_2_0lFIDO_2_1_PRE^BkcredProtectkhmac-secr^S=^@et^CP/W^SG^VZ *^DbrkbupdplaticlientPinucredentialM^S=^AgmtPreview^E^Y^D^F^B^A^G^H^H^X^Icnfccusb^Jcalg&dtypejpublic-key^S=^Bcalg'dtypejpublic-key^M^D^N^Z^@^E^D^C^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 2 ^@^S=^@^B^Adtest^BX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^CbidX@^A^TMgm^@^S=^@^L-^CS^MW4y_ j\W-VcXG^L^B^W^Oޚt4R5vv7M^Fd^@^S=^Atypejpublic-key^Ebup^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 82 ^S=^@^@^AbidX@^A^TMgm^L-^CS^MW4y_ j\W-VcXG^L^B^W^Oޚt^S=^@4R5vv7M^Fdtypejpublic-key^BX%ЁL}e/Z^UO^[+^K,^S=^A]l^U^J^H^@^@^@^@^C^CXH0F^B!^@9}K:N^M^PraX^D^CxM^B!^@z^A^S=^B􊲳^P+q^@^P|^XM$Fw^]6P3^[wq^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 6 ^@^S=^@^F^F^A^B^B^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 2 ^S=^@Q^@^A^A^B^C8^X ^A!X H^GTd^Aڒ8X^T<IEiwֹI^Y^I^IFsܺ"X <^AHS^S=^@6^N9^JU@^\k)W^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 6 ^@^S=^@x^F^A^B^B^E^C^A^B^C8^X ^A!X 3B1ˠ^S^\^Ev,^P<Rij,Q\b"X [^M^J^@^S=^@G85Q\^\^U^EQ!^FX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^AoYqgNu'^T^@^S=^A^U^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 78 ^S=^@5^@^BX0RC^_K*"+f^`z;XO@"MM3\L$Ή^K+M^@^@^@^@ +w 2 ^@^S=^@^B^Adtest^BX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^CbidX@^A^TMgm^@^S=^@^L-^CS^MW4y_ j\W-VcXG^L^B^W^Oޚt4R5vv7M^Fd^@^S=^Atypejpublic-key^Ebup^FX ('^H(rZf2>֞{^_uLd^S^G^B^@ +r 240 ^S=^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 ^S=^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 290 ^S=^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 ^S=^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 ^S=^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 ^S=^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 290 ^S=^@^A^A^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 28 ^S=^@^@^AbidX@^A^TMgm^L-^CS^MW4y_ j\W-VcXG^L^B^W^Oޚt^S=^@4R5vv7M^Fdtypejpublic-key^BX%ЁL}e/Z^UO^[+^K,^S=^A]l^U^J^H^E^@^@^@^G^CXF0D^B j8^M\:H^O@%qt(^\/Ǻ~$$!>;^B u^S=^B{9AbF6^Xs5^K*ywv^L^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ \ No newline at end of file diff --git a/src/tests/system/data/test_passkey/test_passkey__su_srv_not_resolvable/umockdev.script.samba b/src/tests/system/data/test_passkey/test_passkey__su_srv_not_resolvable/umockdev.script.samba new file mode 100644 index 00000000000..c0e02fac1ba --- /dev/null +++ b/src/tests/system/data/test_passkey/test_passkey__su_srv_not_resolvable/umockdev.script.samba @@ -0,0 +1,24 @@ +d 0 /dev/hidraw1 + +w 4 ^@^@^H^A^A^A^A^A^A^A^A^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 2 ^@^Q^A^A^A^A^A^A^A^Aj^J^B^E^D^C^E^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 2 ^@j^Jː^@^A^D^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 3 j^Jː^@^@^AfU2F_V2hFIDO_2_0lFIDO_2_1_PRE^BkcredProtectkhmac-secrj^J^@et^CP/W^SG^VZ *^DbrkbupdplaticlientPinucredentialMj^J^AgmtPreview^E^Y^D^F^B^A^G^H^H^X^Icnfccusb^Jcalg&dtypejpublic-keyj^J^Bcalg'dtypejpublic-key^M^D^N^Z^@^E^D^C^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 1 ^@j^Jː^@^B^Ajsamba.test^BX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^CbidX@^@j^J^@-^H&R ⦦{нy7VX!k^Rnx^G^ARų!wCtH^Ln^Rï^R(.H2^@j^J^AIl&0dtypejpublic-key^Ebup^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 82 j^Jː^@^@^AbidX@-^H&R ⦦{нy7VX!k^Rnx^G^ARų!wCtH^Ln^Rj^J^@^R(.H2Il&0dtypejpublic-key^BX% ^S@^_n1n;Qm\<ִ>j^J^A`^_W^@^@^@^@^I^CXF0D^B ^R^Q@^XvGB[9j+^C$^P/^V^Qdy^`^Bs7^B )<j^J^B^V) ]^An^@'^`<^AM+f^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 7 ^@j^Jː^@^F^F^A^B^B^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 3 j^Jː^@Q^@^A^A^B^C8^X ^A!X nUȯQR"^Mt^B{mp^S!@0"X VM^`^V/j^J^@ڝ^D{g\#ղR8^B^P=!^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 6 ^@j^Jː^@x^F^A^B^B^E^C^A^B^C8^X ^A!X 3B1ˠ^S^\^Ev,^P<Rij,Q\b"X [^M^J^@j^J^@G85Q\^\^U^EQ!^FX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^Sֽq&^@j^J^A"ɇ^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 78 j^Jː^@5^@^BX0d^Td^_l^]RLw^[^EӉ^^/Be^H+s%]^@^@^@^@ +w 2 ^@j^Jː^@^B^Ajsamba.test^BX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^CbidX@^@j^J^@-^H&R ⦦{нy7VX!k^Rnx^G^ARų!wCtH^Ln^Rï^R(.H2^@j^J^AIl&0dtypejpublic-key^Ebup^FX {RJ;^U4h^S^LT^]z^@j^J^B^\^G^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 220 j^J˻^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 291 j^J˻^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 j^J˻^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 287 j^J˻^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 j^J˻^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 j^J˻^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 291 j^J˻^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 287 j^J˻^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 289 j^J˻^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 287 j^J˻^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 246 j^Jː^@^@^AbidX@-^H&R ⦦{нy7VX!k^Rnx^G^ARų!wCtH^Ln^Rj^J^@^R(.H2Il&0dtypejpublic-key^BX% ^S@^_n1n;Qm\<ִ>j^J^A`^_W^E^@^@^@^L^CXF0D^B `Wo%^Q&-?g{^B_<@^V3@/l^B I^I&j^J^BH,\DW^^pEKb^Y%^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ \ No newline at end of file diff --git a/src/tests/system/tests/test_passkey.py b/src/tests/system/tests/test_passkey.py index ad784c5282d..f1a891e4d55 100644 --- a/src/tests/system/tests/test_passkey.py +++ b/src/tests/system/tests/test_passkey.py @@ -2,6 +2,12 @@ Passkey Tests. :requirement: passkey + +The passkey solution only enables to authenticate in a system where the +FIDO2 key is connected physically.This could be su login, the GUI, +or even ssh<user>@localhost. +Here, passkey support is tested with su, tests are running with +umockdev, not with a physical key. """ from __future__ import annotations @@ -25,7 +31,7 @@ def test_passkey__register__sssctl(client: Client, moduledatadir: str, testdatad 1. Use sssctl to register a FIDO2 key. 2. Check the output. :expectedresults: - 1. New key is registered + 1. New key is registered. 2. Output contains key mapping data. :customerscenario: False """ @@ -78,14 +84,82 @@ def test_passkey__register__ipa(ipa: IPA, moduledatadir: str, testdatadir: str): @pytest.mark.builtwith(client="passkey", provider="passkey") def test_passkey__su(client: Client, provider: GenericProvider, moduledatadir: str, testdatadir: str): """ - :title: Check authentication of user with LDAP, IPA, AD and Samba + :title: Check su authentication of user with LDAP, IPA, AD and Samba :setup: 1. Add a user in LDAP, IPA, AD and Samba with passkey_mapping. 2. Setup SSSD client with FIDO and umockdev, start SSSD service. :steps: - 1. Check authentication of the user. + 1. Check su authentication of the user. + :expectedresults: + 1. User su authenticates successfully. + :customerscenario: False + """ + suffix = type(provider).__name__.lower() + + if suffix == "ldap": + client.sssd.domain["local_auth_policy"] = "only" + + with open(f"{testdatadir}/passkey-mapping.{suffix}") as f: + provider.user("user1").add().passkey_add(f.read().strip()) + + client.sssd.start() + + assert client.auth.su.passkey( + username="user1", + pin=123456, + device=f"{moduledatadir}/umockdev.device", + ioctl=f"{moduledatadir}/umockdev.ioctl", + script=f"{testdatadir}/umockdev.script.{suffix}", + ) + + +@pytest.mark.importance("high") +@pytest.mark.topology(KnownTopologyGroup.AnyProvider) +@pytest.mark.builtwith(client="passkey", provider="passkey") +def test_passkey__su_fail_pin(client: Client, provider: GenericProvider, moduledatadir: str, testdatadir: str): + """ + :title: Check su authentication deny of user with LDAP, IPA, AD and Samba with incorrect pin + :setup: + 1. Add a LDAP, IPA, AD and Samba user with passkey_mapping. + 2. Setup SSSD client with FIDO and umockdev, start SSSD service. + :steps: + 1. Check su authentication of the user with incorrect PIN. + :expectedresults: + 1. User failed to su authenticate. + :customerscenario: False + """ + suffix = type(provider).__name__.lower() + + if suffix == "ldap": + client.sssd.domain["local_auth_policy"] = "only" + + with open(f"{testdatadir}/passkey-mapping.{suffix}") as f: + provider.user("user1").add().passkey_add(f.read().strip()) + + client.sssd.start() + + assert not client.auth.su.passkey( + username="user1", + pin=67890, + device=f"{moduledatadir}/umockdev.device", + ioctl=f"{moduledatadir}/umockdev.ioctl", + script=f"{testdatadir}/umockdev.script.{suffix}", + ) + + +@pytest.mark.importance("critical") +@pytest.mark.topology(KnownTopologyGroup.AnyProvider) +@pytest.mark.builtwith(client="passkey", provider="passkey") +def test_passkey__su_fail_mapping(client: Client, provider: GenericProvider, moduledatadir: str, testdatadir: str): + """ + :title: Check su authentication deny of user with LDAP, IPA, AD and Samba with incorrect mapping + :setup: + 1. Add a LDAP, IPA, AD and Samba user with passkey_mapping. + 2. Setup SSSD client with FIDO and umockdev, start SSSD service. + :steps: + 1. Check su authentication of the user with incorrect passkey mapping. :expectedresults: - 1. User authenticates successfully. + 1. User failed to su authenticate. :customerscenario: False """ suffix = type(provider).__name__.lower() @@ -93,11 +167,73 @@ def test_passkey__su(client: Client, provider: GenericProvider, moduledatadir: s if suffix == "ldap": client.sssd.domain["local_auth_policy"] = "only" + # Here, we are using passkey-mapping from the other FIDO2 key. + with open(f"{testdatadir}/passkey-mapping.{suffix}") as f: provider.user("user1").add().passkey_add(f.read().strip()) client.sssd.start() + assert not client.auth.su.passkey( + username="user1", + pin=123456, + device=f"{moduledatadir}/umockdev.device", + ioctl=f"{moduledatadir}/umockdev.ioctl", + script=f"{testdatadir}/umockdev.script.{suffix}", + ) + + +@pytest.mark.importance("high") +@pytest.mark.topology(KnownTopologyGroup.AnyProvider) +@pytest.mark.builtwith(client="passkey", provider="passkey") +def test_passkey__su_srv_not_resolvable( + client: Client, provider: GenericProvider, moduledatadir: str, testdatadir: str +): + """ + :title: Check su authentication of a user with LDAP, IPA, AD and Samba when server is not resolvable + :setup: + 1. Add a LDAP, IPA, AD and Samba user with passkey_mapping. + 2. Setup SSSD client with FIDO and umockdev, start SSSD service. + :steps: + 1. Check su authentication of the user. + 2. Update the server url and restart the sssd service to reflect the changes. + 3. Check su authentication of the user. + :expectedresults: + 1. User su authenticates successfully. + 2. Successfully update the sssd.conf and restarted the sssd service. + 3. User su authenticates successfully due to cached data. + :customerscenario: False + """ + suffix = type(provider).__name__.lower() + if suffix == "ipa": + server_url = "ipa_server" + elif suffix == "ldap": + server_url = "ldap_uri" + client.sssd.domain["local_auth_policy"] = "only" + elif suffix == "samba" or "ad": + server_url = "ad_server" + else: + assert False, "provider not found" + + with open(f"{testdatadir}/passkey-mapping.{suffix}") as f: + provider.user("user1").add().passkey_add(f.read().strip()) + + client.sssd.start() + + # First time check authentication to cache the user + assert client.auth.su.passkey( + username="user1", + pin=123456, + device=f"{moduledatadir}/umockdev.device", + ioctl=f"{moduledatadir}/umockdev.ioctl", + script=f"{testdatadir}/umockdev.script.{suffix}", + ) + + # Here we are making server/backend offline but not deleting cache and logs. + client.sssd.config.remove_option("domain/test", server_url) + client.sssd.domain[server_url] = "ldap://new.server.test" + client.sssd.start() + assert client.auth.su.passkey( username="user1", pin=123456, From be5399c15bd96998f20573c36bd7603b6a5694f5 Mon Sep 17 00:00:00 2001 From: Sumit Bose <sbose@redhat.com> Date: Wed, 22 Nov 2023 16:10:54 +0100 Subject: [PATCH 226/280] sssctl: do not require root for user-checks MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit There is no requirement for root to run the test and if the user does not has the needed privileges to access the related services this is good as a test result as well. Additionally at least pam_chauthtok() behaves differently when being called as root compared to an ordinary user. Reviewed-by: Alejandro López <allopez@redhat.com> Reviewed-by: Alexey Tikhonov <atikhono@redhat.com> (cherry picked from commit 8ff7fdc127dafb8d4d98231e0f7d43af89f8595b) --- src/tools/sssctl/sssctl.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/tools/sssctl/sssctl.c b/src/tools/sssctl/sssctl.c index 04c41aa9af4..85d0d0925f4 100644 --- a/src/tools/sssctl/sssctl.c +++ b/src/tools/sssctl/sssctl.c @@ -317,7 +317,7 @@ int main(int argc, const char **argv) SSS_TOOL_DELIMITER("SSSD Status:"), SSS_TOOL_COMMAND("domain-list", "List available domains", 0, sssctl_domain_list), SSS_TOOL_COMMAND("domain-status", "Print information about domain", 0, sssctl_domain_status), - SSS_TOOL_COMMAND("user-checks", "Print information about a user and check authentication", 0, sssctl_user_checks), + SSS_TOOL_COMMAND_FLAGS("user-checks", "Print information about a user and check authentication", 0, sssctl_user_checks, SSS_TOOL_FLAG_SKIP_CMD_INIT|SSS_TOOL_FLAG_SKIP_ROOT_CHECK), SSS_TOOL_COMMAND("access-report", "Generate access report for a domain", 0, sssctl_access_report), SSS_TOOL_DELIMITER("Information about cached content:"), SSS_TOOL_COMMAND("user-show", "Information about cached user", 0, sssctl_user_show), From e44ad324227ca884bb70850731f0fbb6d5149951 Mon Sep 17 00:00:00 2001 From: Jakub Vavra <jvavra@redhat.com> Date: Tue, 14 Nov 2023 16:07:53 +0100 Subject: [PATCH 227/280] Tests: Add a test for kcm log rotation SSSD-5687 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Ticket: https://issues.redhat.com/browse/SSSD-5687 Reviewed-by: Alejandro López <allopez@redhat.com> Reviewed-by: Anuj Borah <aborah@redhat.com> (cherry picked from commit 38db355aa1b0b8f370e8eba2001bbdf58a9d7d77) --- src/tests/multihost/alltests/test_kcm.py | 45 ++++++++++++++++++++++++ 1 file changed, 45 insertions(+) diff --git a/src/tests/multihost/alltests/test_kcm.py b/src/tests/multihost/alltests/test_kcm.py index 4a081cd8b1d..99bd351c9a7 100644 --- a/src/tests/multihost/alltests/test_kcm.py +++ b/src/tests/multihost/alltests/test_kcm.py @@ -191,3 +191,48 @@ def test_expired_tickets(self, multihost, backupsssdconf): assert cmd_fail.returncode != 0, "kinit succeeded but should have failed." assert "The maximum number of stored secrets has been reached" in log_str_1 assert "Removing the oldest expired credential" in log_str + + @pytest.mark.tier1_2 + @staticmethod + def test_kcm_logrotate(multihost, backupsssdconf): + """ + :title: IDM-SSSD-TC: sssd_kcm.log is rotated with other sssd logs + :id: 9ac9a11c-c176-431b-b690-03181f014c25 + :setup: + 1. Create a user. + :steps: + 1. Create a ticket for a user and collect kcm log file + 2. Initiate logrotate for sssd and collect the sssd kcm log + 3. Swich off sssd-kcm service and initiate logrotate + 4. Swich off sssd service and initiate logrotate + :expectedresults: + 1. Ticket is created + 2. Log file size is lower that in step 1. + 3. Logrotate does not fail. + 4. Logrotate does not fail. + :customerscenario: True + :bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2176768 + """ + client = sssdTools(multihost.client[0]) + client.sssd_conf('kcm', {'debug_level': '9'}) + sssdTools(multihost.client[0]).clear_sssd_cache() + client.service_ctrl('restart', 'sssd-kcm') + kinit = multihost.client[0].run_command( + "kinit -c KCM:0:666666 foo1", + stdin_text="Secret123", + raiseonerr=False + ) + log_str_len_start = len(multihost.client[0].get_file_contents( + "/var/log/sssd/sssd_kcm.log").decode('utf-8')) + multihost.client[0].run_command("logrotate -f /etc/logrotate.d/sssd") + time.sleep(20) + log_str_len_end = len(multihost.client[0].get_file_contents( + "/var/log/sssd/sssd_kcm.log").decode('utf-8')) + client.service_ctrl('stop', 'sssd-kcm') + logrotate_kcm = multihost.client[0].run_command("logrotate -f /etc/logrotate.d/sssd") + multihost.client[0].service_sssd('stop') + logrotate_sssd = multihost.client[0].run_command("logrotate -f /etc/logrotate.d/sssd") + assert kinit.returncode == 0, "kinit failed." + assert log_str_len_start > log_str_len_end, "Log was not rotated!" + assert logrotate_kcm.returncode == 0, "Logrotation error when sssd-kcm is stopped!" + assert logrotate_sssd.returncode == 0, "Logrotation error when sssd is stopped!" From 2bc72a2b730eca1435c4e50e2fa36229dac179a7 Mon Sep 17 00:00:00 2001 From: Patrik Rosecky <prosecky@redhat.com> Date: Thu, 2 Nov 2023 15:06:36 +0100 Subject: [PATCH 228/280] Tests: alltests/test_autoprivategroup.py converted to system/test_auto_private_groups.py MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Reviewed-by: Jakub Vávra <jvavra@redhat.com> Reviewed-by: Tomáš Halman <thalman@redhat.com> (cherry picked from commit a5f636bb4c90dc6077ebe0bbc50ae166d39ecf24) --- .../alltests/test_autoprivategroup.py | 14 +----- .../system/tests/test_auto_private_groups.py | 48 +++++++++++++++++++ 2 files changed, 50 insertions(+), 12 deletions(-) create mode 100644 src/tests/system/tests/test_auto_private_groups.py diff --git a/src/tests/multihost/alltests/test_autoprivategroup.py b/src/tests/multihost/alltests/test_autoprivategroup.py index 416763808d9..e551a145aa1 100644 --- a/src/tests/multihost/alltests/test_autoprivategroup.py +++ b/src/tests/multihost/alltests/test_autoprivategroup.py @@ -18,6 +18,7 @@ 'create_posix_usersgroups_autoprivategroups') @pytest.mark.autoprivategroup class TestAutoPrivateGroups(object): + @pytest.mark.converted('test_auto_private_groups.py', 'test_auto_private_groups__hybrid') @pytest.mark.tier1 def test_0001_bz1695577(self, multihost, backupsssdconf): """ @@ -29,13 +30,7 @@ def test_0001_bz1695577(self, multihost, backupsssdconf): tools = sssdTools(multihost.client[0]) apg = {'auto_private_groups': 'hybrid'} tools.sssd_conf('domain/%s' % (ds_instance_name), apg) - section = "sssd" - """ - enable_files_domain = false is a workaround - Remove that once original bz fixes it""" - sssd_params = {'enable_files_domain': 'False'} tools.remove_sss_cache('/var/lib/sss/db') - tools.sssd_conf(section, sssd_params) multihost.client[0].service_sssd('start') for i in range(9): lkup = 'id foobar%d@%s' % (i, ds_instance_name) @@ -47,6 +42,7 @@ def test_0001_bz1695577(self, multihost, backupsssdconf): output = cmd.stdout_text.split(':') assert int(output[2]) == int(output[3]) + @pytest.mark.converted('test_auto_private_groups.py', 'test_auto_private_groups__hybrid') @pytest.mark.tier1 def test_0002_bz1695577(self, multihost, backupsssdconf): """ @@ -58,13 +54,7 @@ def test_0002_bz1695577(self, multihost, backupsssdconf): tools = sssdTools(multihost.client[0]) apg = {'auto_private_groups': 'hybrid'} tools.sssd_conf('domain/%s' % (ds_instance_name), apg) - section = "sssd" - """ - enable_files_domain = false is a workaround - Remove that once original bz fixes it""" - sssd_params = {'enable_files_domain': 'False'} tools.remove_sss_cache('/var/lib/sss/db') - tools.sssd_conf(section, sssd_params) multihost.client[0].service_sssd('start') lkup = 'getent passwd foobar11@%s' % (ds_instance_name) cmd = multihost.client[0].run_command(lkup, raiseonerr=False) diff --git a/src/tests/system/tests/test_auto_private_groups.py b/src/tests/system/tests/test_auto_private_groups.py new file mode 100644 index 00000000000..643c1dafb56 --- /dev/null +++ b/src/tests/system/tests/test_auto_private_groups.py @@ -0,0 +1,48 @@ +""" +Automation of auto private groups + +:requirement: IDM-SSSD-REQ: SSSD can automatically create\ + user private groups for users +""" + +from __future__ import annotations + +import pytest +from sssd_test_framework.roles.client import Client +from sssd_test_framework.roles.generic import GenericProvider +from sssd_test_framework.topology import KnownTopologyGroup + + +@pytest.mark.ticket(bz=1695577) +@pytest.mark.topology(KnownTopologyGroup.AnyProvider) +def test_auto_private_groups__hybrid(client: Client, provider: GenericProvider): + """ + :title: auto_private_groups set to hybrid + :setup: + 1. Add user "user_same" with uid equals to gid + 2. Add user "user_different" with uid not equals to gid + 3. Set auto_private_groups in sssd.conf to hybrid and turn of ldap_id_mapping + 4. Start SSSD + :steps: + 1. getent passwd "user_same" + 2. getent passwd "user_different" + :expectedresults: + 1. Uid equals to gid + 2. Uid does not equal to gid + :customerscenario: True + """ + provider.user("user_same").add(uid=111111, gid=111111) + provider.user("user_different").add(uid=111111, gid=100000) + + client.sssd.domain["auto_private_groups"] = "hybrid" + client.sssd.domain["ldap_id_mapping"] = "false" + + client.sssd.start() + + result = client.tools.getent.passwd("user_same@test") + assert result, "getent passwd failed on user_same" + assert result.uid == result.gid, "gid and uid for user_same are not same" + + result = client.tools.getent.passwd("user_different@test") + assert result, "getent passwd failed on user_different" + assert result.uid != result.gid, "gid and uid for user_different are same" From 35bcb91b6641f6fdc1f1c39386b241c2f7559f7e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com> Date: Tue, 14 Nov 2023 11:26:44 +0100 Subject: [PATCH 229/280] ad: do not print backtrace if SSSD domain name is not the same as DNS name MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Reviewed-by: Alexey Tikhonov <atikhono@redhat.com> Reviewed-by: Tomáš Halman <thalman@redhat.com> (cherry picked from commit 76d3b5a45bff7a473613504414e8f913f2929800) --- src/providers/ad/ad_domain_info.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/providers/ad/ad_domain_info.c b/src/providers/ad/ad_domain_info.c index 9583c74b972..6338d412d5b 100644 --- a/src/providers/ad/ad_domain_info.c +++ b/src/providers/ad/ad_domain_info.c @@ -225,7 +225,7 @@ ad_domain_info_send(TALLOC_CTX *mem_ctx, * the list if no matching domain was found since it is most probably * related to the configured domain. */ if (state->sdom == NULL) { - DEBUG(SSSDBG_OP_FAILURE, "No internal domain data found for [%s], " + DEBUG(SSSDBG_TRACE_FUNC, "No internal domain data found for [%s], " "falling back to first domain.\n", state->dom_name); state->sdom = state->opts->sdom; From eabeb3a73d854f0d5b4c0dfd4c3caf74ad519234 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com> Date: Tue, 14 Nov 2023 11:27:32 +0100 Subject: [PATCH 230/280] ad: do not print backtrace if SOM is missing in GPO MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This is expected on empty GPOs and we just skip the element. Therefore we should not print backtrace. Reviewed-by: Alexey Tikhonov <atikhono@redhat.com> Reviewed-by: Tomáš Halman <thalman@redhat.com> (cherry picked from commit 3e976dc6a7a5785d5ea657dd050709eb04889748) --- src/providers/ad/ad_gpo.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/providers/ad/ad_gpo.c b/src/providers/ad/ad_gpo.c index 44e9cbb2735..b119aa37767 100644 --- a/src/providers/ad/ad_gpo.c +++ b/src/providers/ad/ad_gpo.c @@ -3435,7 +3435,7 @@ ad_gpo_get_som_attrs_done(struct tevent_req *subreq) goto done; } if ((num_results < 1) || (results == NULL)) { - DEBUG(SSSDBG_OP_FAILURE, "no attrs found for SOM; try next SOM.\n"); + DEBUG(SSSDBG_FUNC_DATA, "no attrs found for SOM; try next SOM.\n"); state->som_index++; ret = ad_gpo_get_som_attrs_step(req); goto done; @@ -3456,7 +3456,7 @@ ad_gpo_get_som_attrs_done(struct tevent_req *subreq) } if ((ret == ENOENT) || (el->num_values == 0)) { - DEBUG(SSSDBG_OP_FAILURE, "no attrs found for SOM; try next SOM\n"); + DEBUG(SSSDBG_FUNC_DATA, "gpLink attr not found or has no values\n"); state->som_index++; ret = ad_gpo_get_som_attrs_step(req); goto done; From d02874beb452eb31bc1c813ffeeb848a562eda18 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com> Date: Tue, 5 Dec 2023 11:59:42 +0100 Subject: [PATCH 231/280] tests: adapt to new firewall API The firewall API was redesigned in order to make it more flexible and start supporting outbound rules as well. Blocking all communication to given host using an outbound rules is less prone to errors since it does not depend on specific ports. Reviewed-by: Dan Lavu <dlavu@redhat.com> Reviewed-by: Justin Stephenson <jstephen@redhat.com> (cherry picked from commit 0f9611cdc6c0bef30d1762f9665a973c31b59fd3) --- src/tests/system/tests/test_authentication.py | 8 ++++---- src/tests/system/tests/test_autofs.py | 4 ++-- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/src/tests/system/tests/test_authentication.py b/src/tests/system/tests/test_authentication.py index bf30c180f54..46341f05173 100644 --- a/src/tests/system/tests/test_authentication.py +++ b/src/tests/system/tests/test_authentication.py @@ -49,14 +49,14 @@ def test_authentication__offline_login(client: Client, provider: GenericProvider :steps: 1. Authenticate user with wrong password 2. Authenticate user with correct password - 3. Make server offline (by removing firewall rules for LDAP, KDC and Global Catalog ports) + 3. Make server offline (by blocking traffic to the provider) 4. Bring SSSD offline explicitly 5. Offline authentication of user with correct password 6. Offline authentication of user with wrong password :expectedresults: 1. User is not authenticated 2. User is authenticated - 3. Firewall rules dropped + 3. Firewall rule added, traffic is dropped. 4. SSSD is offline 5. Offline authentication is successful 6. Offline authentication is not successful @@ -75,8 +75,8 @@ def test_authentication__offline_login(client: Client, provider: GenericProvider assert not client.auth.parametrize(method).password(user, wrong), "login with wrong password succeeded" assert client.auth.parametrize(method).password(user, correct), "login with correct password failed" - # Block KDC, LDAP and Global Catalog ports. - provider.firewall.drop([88, 389, 3268]) + # Block provider. + client.firewall.outbound.reject_host(provider) # There might be active connections that are not terminated by creating firewall rule. # We need to terminated it by bringing SSSD to offline state explicitly. diff --git a/src/tests/system/tests/test_autofs.py b/src/tests/system/tests/test_autofs.py index c756b9a2e27..dacb0bcfd4c 100644 --- a/src/tests/system/tests/test_autofs.py +++ b/src/tests/system/tests/test_autofs.py @@ -67,7 +67,7 @@ def test_autofs__propagate_offline__single_domain(client: Client, provider: Gene """ :title: Autofs propagates offline status if a domain is offline :setup: - 1. Block LDAP port on the provider + 1. Block traffic to the provider 2. Enable autofs responder 3. Start SSSD 4. Reload autofs daemon @@ -78,7 +78,7 @@ def test_autofs__propagate_offline__single_domain(client: Client, provider: Gene :customerscenario: False """ # Render the provider offline - provider.firewall.drop(389) + client.firewall.outbound.reject_host(provider) # Start SSSD client.sssd.common.autofs() From f4908728ff2ee18e980bea369581d35f061951d7 Mon Sep 17 00:00:00 2001 From: Justin Stephenson <jstephen@redhat.com> Date: Wed, 1 Nov 2023 14:43:02 -0400 Subject: [PATCH 232/280] passkey: Add krb5 preauthentication prompt support MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Reviewed-by: Dan Lavu <dlavu@redhat.com> Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com> Reviewed-by: Pavel Březina <pbrezina@redhat.com> (cherry picked from commit 60fdacfd88247ca4cd7f69e77c51749285c3e89b) --- src/krb5_plugin/passkey/passkey.h | 7 + src/krb5_plugin/passkey/passkey_clpreauth.c | 176 +++++++++++++++++++- src/krb5_plugin/passkey/passkey_utils.c | 40 +++++ 3 files changed, 217 insertions(+), 6 deletions(-) diff --git a/src/krb5_plugin/passkey/passkey.h b/src/krb5_plugin/passkey/passkey.h index 4c143b48db8..0f36d5da1af 100644 --- a/src/krb5_plugin/passkey/passkey.h +++ b/src/krb5_plugin/passkey/passkey.h @@ -34,6 +34,9 @@ #define SSSD_PASSKEY_QUESTION "passkey" #define SSSD_PASSKEY_PREFIX "passkey " #define SSSD_PASSKEY_REPLY_STATE "ipa_otpd state" +#define SSSD_PASSKEY_PROMPT "Insert your passkey device, then press ENTER" +#define SSSD_PASSKEY_PIN_PROMPT "Enter PIN" +#define SSSD_PASSKEY_CHILD SSSD_LIBEXEC_PATH"/passkey_child" struct sss_passkey_config { char **indicators; @@ -100,4 +103,8 @@ sss_passkey_message_decode_padata(krb5_pa_data *padata); krb5_pa_data ** sss_passkey_message_encode_padata_array(const struct sss_passkey_message *data); +krb5_error_code +sss_passkey_concat_credentials(char **creds, + char **_creds_str); + #endif /* _PASSKEY_H_ */ diff --git a/src/krb5_plugin/passkey/passkey_clpreauth.c b/src/krb5_plugin/passkey/passkey_clpreauth.c index e49aeb7b5ce..345b8b85c0e 100644 --- a/src/krb5_plugin/passkey/passkey_clpreauth.c +++ b/src/krb5_plugin/passkey/passkey_clpreauth.c @@ -23,19 +23,48 @@ #include <errno.h> #include <stdlib.h> #include <string.h> +#include <stdio.h> +#include <sys/wait.h> +#include <unistd.h> #include <krb5/clpreauth_plugin.h> #include "krb5_plugin/common/radius_clpreauth.h" #include "passkey.h" +#include "util/child_common.h" + static krb5_error_code sss_passkeycl_prompt(krb5_context context, krb5_prompter_fct prompter, void *prompter_data, struct sss_passkey_message *message, + const char *prompt_txt, + char *prompt_answer, + int answer_len, krb5_data *_reply) { - return ENOTSUP; + krb5_error_code ret; + krb5_prompt prompt; + char *prompt_str; + int aret; + + _reply->magic = 0; + _reply->length = answer_len; + _reply->data = prompt_answer; + + aret = asprintf(&prompt_str, "%s", prompt_txt); + if (aret < 0) { + return ENOMEM; + } + + prompt.reply = _reply; + prompt.prompt = prompt_str; + prompt.hidden = 1; + + ret = (*prompter)(context, prompter_data, NULL, NULL, 1, &prompt); + free(prompt_str); + + return ret; } static krb5_error_code @@ -123,6 +152,97 @@ sss_passkeycl_prep_questions(krb5_context context, return ret; } +static krb5_error_code +sss_passkeycl_exec_child(struct sss_passkey_challenge *data, + char *pin, + uint8_t **_reply) +{ + int pipe_to_child[2]; + int pipe_to_parent[2]; + pid_t cpid; + char *args[10] = {NULL}; + int arg_c = 0; + int size; + uint8_t *buf; + int ret = 0; + char *result_creds; + + buf = malloc(CHILD_MSG_CHUNK); + if (buf == NULL) { + ret = ENOMEM; + return ret; + } + + ret = sss_passkey_concat_credentials(data->credential_id_list, + &result_creds); + if (ret != 0) { + ret = ENOMEM; + goto done; + } + + args[arg_c++] = discard_const(SSSD_PASSKEY_CHILD); + args[arg_c++] = discard_const("--get-assert"); + args[arg_c++] = discard_const("--domain"); + args[arg_c++] = data->domain; + args[arg_c++] = discard_const("--key-handle"); + args[arg_c++] = discard_const(result_creds); + args[arg_c++] = discard_const("--cryptographic-challenge"); + args[arg_c++] = data->cryptographic_challenge; + args[arg_c++] = NULL; + + ret = pipe(pipe_to_child); + if (ret == -1) { + ret = ENOMEM; + goto done; + } + + ret = pipe(pipe_to_parent); + if (ret == -1) { + ret = ENOMEM; + goto done; + } + + cpid = fork(); + /* Child */ + if (cpid == 0) { + close(pipe_to_child[1]); + dup2(pipe_to_child[0], STDIN_FILENO); + + close(pipe_to_parent[0]); + dup2(pipe_to_parent[1], STDOUT_FILENO); + + execv(SSSD_PASSKEY_CHILD, args); + exit(EXIT_FAILURE); + /* Parent - write PIN to child and read output + * back from child */ + } else { + close(pipe_to_child[0]); + close(pipe_to_parent[1]); + + write(pipe_to_child[1], pin, strlen(pin)); + close(pipe_to_child[1]); + + size = read(pipe_to_parent[0], buf, CHILD_MSG_CHUNK); + if (size == -1) { + ret = ENOMEM; + goto done; + } + + close(pipe_to_parent[0]); + wait(NULL); + } + + *_reply = buf; + +done: + if (ret != 0) { + free(buf); + } + + free(result_creds); + return ret; +} + static krb5_error_code sss_passkeycl_process(krb5_context context, krb5_clpreauth_moddata moddata, @@ -144,7 +264,13 @@ sss_passkeycl_process(krb5_context context, krb5_data user_reply; struct sss_passkey_message *input_message = NULL; struct sss_passkey_message *reply_message = NULL; + struct sss_passkey_message *reply_msg = NULL; + enum sss_passkey_phase phase; + const char *state; char prompt_answer[255] = {0}; + int answer_len; + const char *prompt_reply = NULL; + uint8_t *reply = NULL; const char *answer; input_message = sss_passkey_message_decode_padata(pa_data); @@ -163,15 +289,46 @@ sss_passkeycl_process(krb5_context context, answer = cb->get_responder_answer(context, rock, SSSD_PASSKEY_QUESTION); /* Call prompter if we have no answer to present a prompt. */ if (answer == NULL) { - user_reply.magic = 0; - user_reply.length = sizeof(prompt_answer) / sizeof(char); - user_reply.data = prompt_answer; + /* Interactive prompt */ + answer_len = sizeof(prompt_answer) / sizeof(char); ret = sss_passkeycl_prompt(context, prompter, prompter_data, - input_message, &user_reply); + input_message, SSSD_PASSKEY_PROMPT, + prompt_answer, answer_len, + &user_reply); + if (ret != 0) { + goto done; + } + + /* Prompt for PIN */ + if (input_message->data.challenge->user_verification == 1) { + ret = sss_passkeycl_prompt(context, prompter, prompter_data, + input_message, SSSD_PASSKEY_PIN_PROMPT, + prompt_answer, answer_len, + &user_reply); + if (ret != 0) { + goto done; + } + } + + ret = sss_passkeycl_exec_child(input_message->data.challenge, prompt_answer, &reply); if (ret != 0) { goto done; } + + phase = SSS_PASSKEY_PHASE_REPLY; + state = SSSD_PASSKEY_REPLY_STATE; + reply_msg = sss_passkey_message_from_reply_json(phase, state, (char *)reply); + if (reply_msg == NULL) { + ret = ENOMEM; + goto done; + } + + prompt_reply = sss_passkey_message_encode(reply_msg); + if (prompt_reply == NULL) { + ret = ENOMEM; + goto done; + } } /* Use FAST armor key as response key. */ @@ -181,7 +338,11 @@ sss_passkeycl_process(krb5_context context, } /* Encode the answer into the pa_data output. */ - reply_message = sss_passkey_message_decode(answer); + if (prompt_reply != NULL) { + reply_message = sss_passkey_message_decode(prompt_reply); + } else { + reply_message = sss_passkey_message_decode(answer); + } if (reply_message == NULL) { ret = ENOMEM; goto done; @@ -201,6 +362,9 @@ sss_passkeycl_process(krb5_context context, done: sss_passkey_message_free(reply_message); sss_passkey_message_free(input_message); + if (reply != NULL) { + free(reply); + } return ret; } diff --git a/src/krb5_plugin/passkey/passkey_utils.c b/src/krb5_plugin/passkey/passkey_utils.c index c41b9c00e72..74a9694621d 100644 --- a/src/krb5_plugin/passkey/passkey_utils.c +++ b/src/krb5_plugin/passkey/passkey_utils.c @@ -595,3 +595,43 @@ sss_passkey_message_encode_padata_array(const struct sss_passkey_message *data) return sss_radius_encode_padata_array(SSSD_PASSKEY_PADATA, (sss_radius_message_encode_fn)sss_passkey_message_encode, data); } + +krb5_error_code +sss_passkey_concat_credentials(char **creds, + char **_creds_str) +{ + krb5_error_code ret; + char *result_creds = NULL; + char *tmp_creds = NULL; + size_t creds_len = 0; + + result_creds = strdup(creds[0]); + if (result_creds == NULL) { + ret = ENOENT; + goto done; + } + + creds_len += strlen(creds[0] + 1); + + for (int i = 1; creds[i] != NULL; i++) { + strcat(result_creds, ","); + creds_len += strlen(creds[i]) + 1; + + tmp_creds = realloc(result_creds, creds_len); + if (tmp_creds == NULL) { + ret = ENOMEM; + free(result_creds); + goto done; + } + + result_creds = tmp_creds; + + strncat(result_creds, creds[i], creds_len); + } + + *_creds_str = result_creds; + + ret = 0; +done: + return ret; +} From 6959dc6aadbe77edc3d0915ae006848309c20662 Mon Sep 17 00:00:00 2001 From: Alexey Tikhonov <atikhono@redhat.com> Date: Thu, 7 Dec 2023 09:47:25 +0100 Subject: [PATCH 233/280] DP: reduce log level in case a responder asks for unknown domain Since 9358a74d3a56c738890353aaf6bc956bfe72df99 a domain might be skipped by 'ad_enabled_domains' option Reviewed-by: Sumit Bose <sbose@redhat.com> (cherry picked from commit 39cd0baa06742b349ed763aa40ea4de366e80f1a) --- src/providers/data_provider/dp_request.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/providers/data_provider/dp_request.c b/src/providers/data_provider/dp_request.c index df2db26662b..9c0fcf1f522 100644 --- a/src/providers/data_provider/dp_request.c +++ b/src/providers/data_provider/dp_request.c @@ -204,7 +204,8 @@ dp_req_new(TALLOC_CTX *mem_ctx, if (domainname != NULL) { dp_req->domain = find_domain_by_name(be_ctx->domain, domainname, true); if (dp_req->domain == NULL) { - DEBUG(SSSDBG_CRIT_FAILURE, "Unknown domain: %s\n", domainname); + /* domain might be skipped by 'ad_enabled_domains' option */ + DEBUG(SSSDBG_CONF_SETTINGS, "Unknown domain: %s\n", domainname); return ERR_DOMAIN_NOT_FOUND; } } From 66bd91d500142cad5f6a4294c478f204d71eeb9e Mon Sep 17 00:00:00 2001 From: Patrik Rosecky <prosecky@redhat.com> Date: Thu, 5 Oct 2023 09:04:59 +0200 Subject: [PATCH 234/280] Tests: alltests/test_ldap_extra_attrs.py converted to system/tests/test_schema.py MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Reviewed-by: Justin Stephenson <jstephen@redhat.com> Reviewed-by: Pavel Březina <pbrezina@redhat.com> (cherry picked from commit c2360811d5a65e0438eb4a26e4f7e8148e631a8a) --- .../alltests/test_ldap_extra_attrs.py | 4 + src/tests/system/tests/test_schema.py | 143 +++++++++++++++++- 2 files changed, 146 insertions(+), 1 deletion(-) diff --git a/src/tests/multihost/alltests/test_ldap_extra_attrs.py b/src/tests/multihost/alltests/test_ldap_extra_attrs.py index e2d32da2891..8fffa40fb0a 100644 --- a/src/tests/multihost/alltests/test_ldap_extra_attrs.py +++ b/src/tests/multihost/alltests/test_ldap_extra_attrs.py @@ -76,6 +76,7 @@ def test_0002_givenmail(self, multihost): assert result is not None @pytest.mark.tier1 + @pytest.mark.converted('test_schema.py', 'test_schema__ldap_extra_attrs_check_ldb') def test_0003_checkldb(self, multihost): """ :title: IDM-SSSD-TC: ldap_extra_attrs: Verify recently added @@ -112,6 +113,7 @@ def test_0003_checkldb(self, multihost): assert result is not None @pytest.mark.tier1 + @pytest.mark.converted('test_schema.py', 'test_schema__ldap_extra_attrs_negative_cache') def test_0004_negativecache(self, multihost): """ :title: IDM-SSSD-TC: ldap_extra_attrs: Check whether, not added @@ -141,6 +143,7 @@ def test_0004_negativecache(self, multihost): assert result is None @pytest.mark.tier1 + @pytest.mark.converted('test_schema.py', 'test_schema__ldap_extra_attrs_extra_email') def test_0005_ldapextraattrs(self, multihost): """ :title: IDM-SSSD-TC: ldap_extra_attrs: Check sssd should start with @@ -178,6 +181,7 @@ def test_0005_ldapextraattrs(self, multihost): assert result is not None @pytest.mark.tier1 + @pytest.mark.converted('test_schema.py', 'test_schema__ldap_extra_attrs_ifp') def test_0006_bz1667252(self, multihost): """ :title: ifp: crash when requesting extra attributes diff --git a/src/tests/system/tests/test_schema.py b/src/tests/system/tests/test_schema.py index 4a49e2d5def..42a6715d598 100644 --- a/src/tests/system/tests/test_schema.py +++ b/src/tests/system/tests/test_schema.py @@ -9,7 +9,8 @@ import pytest from sssd_test_framework.roles.client import Client from sssd_test_framework.roles.generic import GenericProvider -from sssd_test_framework.topology import KnownTopologyGroup +from sssd_test_framework.roles.ldap import LDAP +from sssd_test_framework.topology import KnownTopology, KnownTopologyGroup @pytest.mark.importance("high") @@ -42,3 +43,143 @@ def test_schema__ldap_extra_attrs_filled(client: Client, provider: GenericProvid result = client.tools.getent.passwd("tuser") assert result is not None assert result.name == "tuser" + + +@pytest.mark.topology(KnownTopologyGroup.AnyProvider) +def test_schema__ldap_extra_attrs_check_ldb(client: Client, provider: GenericProvider): + """ + :title: Recently added extra attributes should be in cache db along with their value + :setup: + 1. Create new user "user1" + 2. Add "description:gecos, userID:uidNumber, shell:loginShell, groupID:gidNumber" to ldap_user_extra_attrs + 3. Add "ldap_id_mapping" to domain config, to ensure correct ids on all topologies + 4. Start SSSD + :steps: + 1. Run "getent passwd user1" to store user attributes to cache + 2. Run ldbsearch command + :expectedresults: + 1. User is found + 2. Result has correct values + :customerscenario: True + """ + provider.user("user1").add(gid=111111, uid=100110, gecos="gecos user1", shell="/bin/sh", home="/home/user1") + client.sssd.domain[ + "ldap_user_extra_attrs" + ] = "description:gecos, userID:uidNumber, shell:loginShell, groupID:gidNumber" + client.sssd.domain["ldap_id_mapping"] = "false" + client.sssd.start() + + result = client.tools.getent.passwd("user1") + assert result is not None, "getent passwd user1 failed" + + search = client.ldb.search( + f"/var/lib/sss/db/cache_{client.sssd.default_domain}.ldb", f"cn=users,cn={client.sssd.default_domain},cn=sysdb" + ) + + user_dict = search["name=user1@test,cn=users,cn=test,cn=sysdb"] + assert user_dict["description"] == ["gecos user1"], "attribute 'description' was not correct" + assert user_dict["shell"] == ["/bin/sh"], "attribute 'shell' was not correct" + assert user_dict["userID"] == ["100110"], "attribute 'userID' was not correct" + assert user_dict["groupID"] == ["111111"], "attribute 'groupID' was not correct" + + +@pytest.mark.topology(KnownTopologyGroup.AnyProvider) +def test_schema__ldap_extra_attrs_negative_cache(client: Client, provider: GenericProvider): + """ + :title: When extra attribute of user is added but not assigned, it is neither cached nor displayed + :setup: + 1. Create new user "user1" + 2. Add "number:telephonenumber" to ldap_user_extra_attrs + 3. Start SSSD + :steps: + 1. Run "getent passwd user1" to store user to cache + 2. Run ldbsearch command + :expectedresults: + 1. User is found + 2. "number" is not in the output + :customerscenario: False + """ + provider.user("user1").add() + + client.sssd.domain["ldap_user_extra_attrs"] = "number:telephonenumber" + + client.sssd.start() + + result = client.tools.getent.passwd("user1") + assert result is not None, "User is not found" + assert result.name == "user1", "User has wrong name" + + search = client.ldb.search( + f"/var/lib/sss/db/cache_{client.sssd.default_domain}.ldb", f"cn=users,cn={client.sssd.default_domain},cn=sysdb" + ) + + user_dict = search["name=user1@test,cn=users,cn=test,cn=sysdb"] + with pytest.raises(KeyError): + user_dict["number"] + + +@pytest.mark.topology(KnownTopology.LDAP) +def test_schema__ldap_extra_attrs_extra_email(client: Client, ldap: LDAP): + """ + :title: SSSD starts with ldap_user_email and ldap_user_extra_attrs and checks cached attributes + :setup: + 1. Create new user "user1", set them mail and gecos + 2. Edit config - ldap_user_extra_attrs = "email:mail, description:gecos" and ldap_user_email = "mail" + 3. Start SSSD + :steps: + 1. Run "getent passwd user1" to store user to cache + 2. Run ldbsearch command to get cached info + :expectedresults: + 1. User is found + 2. "mail" and "email" are in the output with correct value + :customerscenario: False + """ + ldap.user("user1").add(gecos="gecos1", mail="user1@example.test") + + client.sssd.domain["ldap_user_email"] = "mail" + client.sssd.domain["ldap_user_extra_attrs"] = "email:mail, description:gecos" + client.sssd.sssd["services"] = "nss, pam, ifp" + client.sssd.start() + + result = client.tools.getent.passwd("user1") + assert result is not None, "User is not found" + assert result.name == "user1", "User has wrong name" + + search = client.ldb.search( + f"/var/lib/sss/db/cache_{client.sssd.default_domain}.ldb", f"cn=users,cn={client.sssd.default_domain},cn=sysdb" + ) + + user_dict = search["name=user1@test,cn=users,cn=test,cn=sysdb"] + assert user_dict["description"] == ["gecos1"], "attribute 'descripion' was not correct" + assert user_dict["mail"] == ["user1@example.test"], "attribute 'mail' was not correct" + assert user_dict["email"] == ["user1@example.test"], "attribute 'email' was not correct" + + +@pytest.mark.ticket(bz=1667252) +@pytest.mark.topology(KnownTopologyGroup.AnyProvider) +def test_schema__ldap_extra_attrs_ifp(client: Client, provider: GenericProvider): + """ + :title: ifp do not crash when requesting extra attributes + :setup: + 1. Create new user "user1" + 2. Configure 'test' ldap user extra attribute + 3. Start SSSD + :steps: + 1. Run "sssctl user-checks user1" + 2. Check SSSD status + :expectedresults: + 1. Command succeeded + 2. Checked successfully + :customerscenario: True + """ + provider.user("user1").add() + client.sssd.sssd["services"] = "nss, pam, ifp" + client.sssd.domain["ldap_user_extra_attrs"] = "test:homeDirectory" + client.sssd.ifp["user_attributes"] = "+test" + client.sssd.start() + + result = client.sssctl.user_checks("user1") + assert result.rc == 0, "sssctl user-checks command failed" + + result = client.sssd.svc.status("sssd") + assert result.rc == 0, "service status sssd failed" From f6faf123199ec241024677a8247f951d06c94a51 Mon Sep 17 00:00:00 2001 From: Alexey Tikhonov <atikhono@redhat.com> Date: Fri, 8 Dec 2023 13:15:19 +0100 Subject: [PATCH 235/280] LOGS: added missing new line Reviewed-by: Justin Stephenson <jstephen@redhat.com> (cherry picked from commit 97c05c4e3cf5f6af6bf080ceb70bff772db556db) --- src/providers/ipa/ipa_subdomains.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/providers/ipa/ipa_subdomains.c b/src/providers/ipa/ipa_subdomains.c index 51ff30c38a3..075f6f47066 100644 --- a/src/providers/ipa/ipa_subdomains.c +++ b/src/providers/ipa/ipa_subdomains.c @@ -2795,7 +2795,7 @@ static void ipa_subdomains_refresh_passkey_done(struct tevent_req *subreq) "[%d]: %s\n", ret, sss_strerror(ret)); /* Not good, but let's try to continue with other server side options */ DEBUG(SSSDBG_IMPORTANT_INFO, "Passkey feature is not configured " - "on IPA server"); + "on IPA server\n"); } #endif /* BUILD_PASSKEY */ From 4d01e11d44f1a0f899c2fc53765f36e1e2d5bd50 Mon Sep 17 00:00:00 2001 From: Justin Stephenson <jstephen@redhat.com> Date: Fri, 1 Dec 2023 09:08:47 -0500 Subject: [PATCH 236/280] passkey: Skip processing non-passkey mapping data In the AD case, the user altSecurityIdentities attribute can store passkey, smartcard, or ssh public key mapping data. Check to ensure we are handling passkey data before continuing in PAM passkey processing. :relnote: Fixes a crash when PAM passkey processing incorrectly handles non-passkey data. Resolves: https://github.com/SSSD/sssd/issues/7061 Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com> Reviewed-by: Sumit Bose <sbose@redhat.com> (cherry picked from commit 6ed1eff44f8cad2e1c1d07cd4d3731b3d143dd9b) --- src/responder/pam/pamsrv_passkey.c | 21 ++++++++++- src/tests/cmocka/test_pam_srv.c | 60 ++++++++++++++++++++++++++++++ 2 files changed, 80 insertions(+), 1 deletion(-) diff --git a/src/responder/pam/pamsrv_passkey.c b/src/responder/pam/pamsrv_passkey.c index da509677331..112584096c7 100644 --- a/src/responder/pam/pamsrv_passkey.c +++ b/src/responder/pam/pamsrv_passkey.c @@ -489,6 +489,22 @@ errno_t process_passkey_data(TALLOC_CTX *mem_ctx, goto done; } + /* This attribute may contain other mapping data unrelated to passkey. In that case + * let's omit it. For example, AD user altSecurityIdentities may store ssh public key + * or smart card mapping data */ + ret = split_on_separator(tmp_ctx, (const char *) el->values[0].data, ':', true, true, + &mappings, NULL); + if (ret != EOK) { + DEBUG(SSSDBG_OP_FAILURE, "Incorrectly formatted passkey data [%d]: %s\n", + ret, sss_strerror(ret)); + ret = ENOENT; + goto done; + } else if (strcasecmp(mappings[0], "passkey") != 0) { + DEBUG(SSSDBG_TRACE_FUNC, "Mapping data found is not passkey related\n"); + ret = ENOENT; + goto done; + } + kh_mappings = talloc_zero_array(tmp_ctx, const char *, el->num_values + 1); if (kh_mappings == NULL) { DEBUG(SSSDBG_OP_FAILURE, "talloc_zero_array failed.\n"); @@ -624,7 +640,10 @@ void pam_passkey_get_user_done(struct tevent_req *req) /* Get passkey data */ DEBUG(SSSDBG_TRACE_ALL, "Processing passkey data\n"); ret = process_passkey_data(pk_data, result->msgs[0], domain_name, pk_data); - if (ret == ENOENT) { + if (ret != EOK) { + DEBUG(SSSDBG_OP_FAILURE, + "process_passkey_data failed: [%d]: %s\n", + ret, sss_strerror(ret)); goto done; } diff --git a/src/tests/cmocka/test_pam_srv.c b/src/tests/cmocka/test_pam_srv.c index 6578a7cdab9..faa434328fd 100644 --- a/src/tests/cmocka/test_pam_srv.c +++ b/src/tests/cmocka/test_pam_srv.c @@ -99,6 +99,15 @@ "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEEKhSQWMPgAUcz4d7Fjz2hZK7QUlnAttuEW5Xr" \ "xD06VBaQvIRYJT7e6wM+vFU4z+uQgU9B5ERbgMiBVe99rBL9w==" +#define SSSD_TEST_PUBKEY \ + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCa+l8uZ6Q5G58PVMe1na7NrOMTzo2wOZfFwo" \ + "0fM3RbvfAdlz/wsGwln2+EXA19FiXu/nNj4EwYGP9hymKuYaXzpq40k0VbhEL1v/qzXQvuKZgN" \ + "x42vxi7NITaaAXuYj8OZQsZTvv+xgkREZmhQ6YqEjTJ0JzpD9fj8Gf8Mgn8pdsb/ZODLMAwEKt" \ + "Q2DaWqH5jCqzoGEJlRl+kRbnrHc+RQrmj7NnY1voEJNrmzCyJFH5awZyBl/ZdbvpnwCKnVEleB" \ + "FULrOIfJ9lc/QMmURCMa6RfW5CFrxdtjUwiIxfMiHe+zUY5T9L0Q6FWnlfNz/63Xdcrw1Gc90O" \ + "CZKcqf/4P9N5flGSGSfiO5fD8gCCJ0c3WhxSVMREDP3ibKDsz8yhw2OuyGcfRo4nnchxy9G703" \ + "1m2t9rUXc12eS1EKGJiPiT9IuTQ9nCG2PslkqR+KUMiYoS9MqTsAj9HhuTMkFhcYFyufxFmt/S" \ + "4rIqVwmP8lY4GwwJwOnZwNLj/I2HwC+pk= testuser@fedora.test.local" int no_cleanup; @@ -4403,6 +4412,55 @@ void test_pam_passkey_auth(void **state) assert_int_equal(ret, EOK); } +void test_pam_passkey_bad_mapping(void **state) +{ + int ret; + struct sysdb_attrs *attrs; + const char *pubkey = SSSD_TEST_PUBKEY; + size_t pk_size; + const char *user_verification = "on"; + + set_passkey_auth_param(pam_test_ctx->pctx); + + /* Add user verification attribute */ + ret = sysdb_domain_update_passkey_user_verification( + pam_test_ctx->tctx->dom->sysdb, + pam_test_ctx->tctx->dom->name, + user_verification); + assert_int_equal(ret, EOK); + + mock_input_pam_passkey(pam_test_ctx, "pamuser", "1234", NULL, + NULL, SSSD_TEST_PASSKEY); + mock_parse_inp("pamuser", NULL, EOK); + + will_return(__wrap_sss_packet_get_cmd, SSS_PAM_AUTHENTICATE); + will_return(__wrap_sss_packet_get_body, WRAP_CALL_REAL); + + /* Add the test invalid pubkey data for this user */ + pk_size = strlen(pubkey) + 1; + + attrs = sysdb_new_attrs(pam_test_ctx); + assert_non_null(attrs); + + ret = sysdb_attrs_add_mem(attrs, SYSDB_USER_PASSKEY, pubkey, pk_size); + assert_int_equal(ret, EOK); + + ret = sysdb_set_user_attr(pam_test_ctx->tctx->dom, + pam_test_ctx->pam_user_fqdn, + attrs, + LDB_FLAG_MOD_ADD); + assert_int_equal(ret, EOK); + + pam_test_ctx->exp_pam_status = PAM_SUCCESS; + set_cmd_cb(test_pam_passkey_auth_check); + ret = sss_cmd_execute(pam_test_ctx->cctx, SSS_PAM_AUTHENTICATE, + pam_test_ctx->pam_cmds); + assert_int_equal(ret, EOK); + + ret = test_ev_loop(pam_test_ctx->tctx); + assert_int_equal(ret, EOK); +} + void test_pam_passkey_auth_send(void **state) { @@ -4630,6 +4688,8 @@ int main(int argc, const char *argv[]) pam_test_setup_passkey, pam_test_teardown), cmocka_unit_test_setup_teardown(test_pam_passkey_auth, pam_test_setup_passkey, pam_test_teardown), + cmocka_unit_test_setup_teardown(test_pam_passkey_bad_mapping, + pam_test_setup_passkey, pam_test_teardown), cmocka_unit_test_setup_teardown(test_pam_passkey_auth_send, pam_test_setup_passkey, pam_test_teardown), cmocka_unit_test_setup_teardown(test_pam_prompting_passkey_interactive, From 1cffe5bca0948308e906556f6191faacf98936f6 Mon Sep 17 00:00:00 2001 From: Jakub Vavra <jvavra@redhat.com> Date: Tue, 20 Jun 2023 13:22:12 +0200 Subject: [PATCH 237/280] Tests: Fix tokengroups tests. Reviewed-by: Anuj Borah <aborah@redhat.com> (cherry picked from commit ff8f248b0a773d3d6ef1091543fa8c4342ddd410) --- .../multihost/ad/test_adparameters_ported.py | 57 +++++++++++-------- 1 file changed, 33 insertions(+), 24 deletions(-) diff --git a/src/tests/multihost/ad/test_adparameters_ported.py b/src/tests/multihost/ad/test_adparameters_ported.py index 86fc2dcdf19..c848cc9c5ba 100644 --- a/src/tests/multihost/ad/test_adparameters_ported.py +++ b/src/tests/multihost/ad/test_adparameters_ported.py @@ -61,24 +61,28 @@ def change_client_hostname(session_multihost, request): cmd = session_multihost.client[0].run_command('hostname', raiseonerr=False) old_hostname = cmd.stdout_text.rstrip() ad_domain = session_multihost.ad[0].domainname - try: - new_hostname = session_multihost.client[0].external_hostname. \ - split('.')[0] - except (KeyError, AttributeError): - new_hostname = old_hostname.split('.')[0] - if new_hostname.startswith('ci-'): - new_hostname = new_hostname[3:] - new_hostname = new_hostname[:15] + "." + ad_domain + new_hostname = "client0." + ad_domain + # Temporary way of changing hostname session_multihost.client[0].run_command( f'hostname {new_hostname}', raiseonerr=False ) + # Permanent way of changing hostname + session_multihost.client[0].run_command( + f'hostnamectl set-hostname {new_hostname}', raiseonerr=False + ) + def restore(): """ Restore hostname """ + # Temporary way of changing hostname session_multihost.client[0].run_command( f'hostname {old_hostname}', raiseonerr=False ) + # Permanent way of changing hostname + session_multihost.client[0].run_command( + f'hostnamectl set-hostname {old_hostname}', raiseonerr=False + ) request.addfinalizer(restore) @@ -2217,7 +2221,6 @@ def test_0028_ad_parameters_nested_in_nonposix_group( """ adjoin(membersw='adcli') client = sssdTools(multihost.client[0], multihost.ad[0]) - # Create AD user with posix attributes (aduser, adgroup) = create_aduser_group # Configure sssd to enable logging @@ -2225,17 +2228,16 @@ def test_0028_ad_parameters_nested_in_nonposix_group( sssd_params = { 'id_provider': 'ldap', 'ldap_schema': 'ad', - 'ldap_id_use_start_tls': 'False', 'ldap_default_bind_dn': f'CN=administrator,CN=Users' f',{multihost.ad[0].domain_basedn_entry}', - 'ldap_default_authtok_type': 'password', - 'ldap_default_authtok': f'{multihost.ad[0].ssh_password}', + 'use_fully_qualified_names': 'false', + 'ldap_id_use_start_tls': 'True', + 'ldap_tls_cacert': '/etc/openldap/certs/ad_cert.pem', + 'ldap_uri': f'ldaps://{multihost.ad[0].sys_hostname}', + 'ldap_default_authtok': multihost.ad[0].ssh_password, 'ldap_referrals': 'false', - 'debug_level': '9', - 'use_fully_qualified_names': 'False', - 'cache_credentials': 'True', - 'krb5_store_password_if_offline': 'True', - 'fallback_homedir': '/home/%d/%u', + 'ldap_id_mapping': 'True', + 'fallback_homedir': '/home/%d/%u' } client.sssd_conf(dom_section, sssd_params) @@ -2251,6 +2253,8 @@ def test_0028_ad_parameters_nested_in_nonposix_group( # Clear cache and restart SSSD client.clear_sssd_cache() + time.sleep(60) + # Search for the AD user usr_cmd = multihost.client[0].run_command( f'id {aduser}', raiseonerr=False) @@ -2294,13 +2298,14 @@ def test_0029_ad_parameters_tokengroups_with_ldap( sssd_params = { 'id_provider': 'ldap', 'ldap_schema': 'ad', - 'ldap_id_use_start_tls': 'False', + 'ldap_id_use_start_tls': 'True', + 'ldap_tls_cacert': '/etc/openldap/certs/ad_cert.pem', + 'ldap_uri': f'ldaps://{multihost.ad[0].sys_hostname}', + 'ldap_default_authtok': multihost.ad[0].ssh_password, 'ldap_default_bind_dn': f'CN=administrator,CN=Users' f',{multihost.ad[0].domain_basedn_entry}', - 'ldap_default_authtok_type': 'password', - 'ldap_default_authtok': f'{multihost.ad[0].ssh_password}', - 'ldap_referrals': 'false', 'debug_level': '9', + 'ldap_referrals': 'false', 'use_fully_qualified_names': 'True', 'cache_credentials': 'True', 'krb5_store_password_if_offline': 'True', @@ -2310,6 +2315,8 @@ def test_0029_ad_parameters_tokengroups_with_ldap( # Clear cache and restart SSSD client.clear_sssd_cache() + time.sleep(60) + # Search for the AD user usr_cmd = multihost.client[0].run_command( f'id {aduser}@{ad_domain}', raiseonerr=False) @@ -2377,11 +2384,12 @@ def test_0030_ad_parameters_tokengroups_searchbase( sssd_params = { 'id_provider': 'ldap', 'ldap_schema': 'ad', - 'ldap_id_use_start_tls': 'False', + 'ldap_id_use_start_tls': 'True', + 'ldap_tls_cacert': '/etc/openldap/certs/ad_cert.pem', + 'ldap_uri': f'ldaps://{multihost.ad[0].sys_hostname}', + 'ldap_default_authtok': multihost.ad[0].ssh_password, 'ldap_default_bind_dn': f'CN=administrator,CN=Users' f',{multihost.ad[0].domain_basedn_entry}', - 'ldap_default_authtok_type': 'password', - 'ldap_default_authtok': f'{multihost.ad[0].ssh_password}', 'ldap_referrals': 'false', 'debug_level': '9', 'use_fully_qualified_names': 'True', @@ -2394,6 +2402,7 @@ def test_0030_ad_parameters_tokengroups_searchbase( client.sssd_conf(dom_section, sssd_params) # Clear cache and restart SSSD client.clear_sssd_cache() + time.sleep(60) # Search for the AD user usr_cmd = multihost.client[0].run_command( From 9f406d427a81bd75bd50ec61132fa527f2abb453 Mon Sep 17 00:00:00 2001 From: Jakub Vavra <jvavra@redhat.com> Date: Tue, 28 Nov 2023 14:22:55 +0100 Subject: [PATCH 238/280] Tests: Retry realm join as it is flaky on multiarch setups Reviewed-by: Madhuri Upadhye <mupadhye@redhat.com> (cherry picked from commit df1b74546f95ab4adb4c69a5d3e23daba1d961b3) --- .../multihost/sssd/testlib/common/utils.py | 41 +++++++++++++------ 1 file changed, 28 insertions(+), 13 deletions(-) diff --git a/src/tests/multihost/sssd/testlib/common/utils.py b/src/tests/multihost/sssd/testlib/common/utils.py index fd11c7f050e..e8a0a11761a 100644 --- a/src/tests/multihost/sssd/testlib/common/utils.py +++ b/src/tests/multihost/sssd/testlib/common/utils.py @@ -415,20 +415,33 @@ def realm_join(self, domainname, admin_password, realm_cmd += f' --user-principal=host/{hostname}@{ad_realm}' print(realm_cmd) - cmd = self.multihost.run_command(realm_cmd, stdin_text=admin_password, - raiseonerr=False) - if cmd.returncode == 124: - # When the command fails, there is still realmd running that might - # be doing something so we stop it so the following realm leave - # is not stuck on "realm: Already running another action". - self.service_ctrl('stop', 'realmd') - raise SSSDException(f"realm join timed out! {cmd.stderr_text}") - elif cmd.returncode != 0: + # When AD is on a diffent network that client this is not + # quite reliable so we retry + for _ in range(5): + cmd = self.multihost.run_command( + realm_cmd, stdin_text=admin_password, raiseonerr=False) + if cmd.returncode == 0: + break + elif cmd.returncode == 124: # Timeout occured + # When the command fails, there is still realmd running + # that might be doing something so we stop it so + # the following realm leave is not stuck on + # "realm: Already running another action". + print("WARNING: realm join timed out, retrying!") + self.service_ctrl('stop', 'realmd') + else: + # other error + print("realm join failed!") + if "realm: Already joined to this domain" in cmd.stderr_text: + print("Already joined to realm.") + break + time.sleep(30) + else: self.multihost.run_command("cat /etc/krb5.conf", raiseonerr=False) self.multihost.run_command("resolvectl dns", raiseonerr=False) raise SSSDException("Error: %s" % cmd.stderr_text) - else: - return cmd.stderr_text + return cmd.returncode == 0 + def realm_leave(self, domainname, raiseonerr=True): """ Leave system from AD/IPA Domain @@ -439,9 +452,11 @@ def realm_leave(self, domainname, raiseonerr=True): else raises Exception :Exception: Raises SSSDException """ - + # When we do not want to raise exception we also do not want to see + # the output as it is probably a pre-emptive realm leave before + # joining again and the error in log is misleading. cmd = self.multihost.run_command( - f'realm leave {domainname} -v', raiseonerr=False) + f'realm leave {domainname} -v', log_stdout=raiseonerr, raiseonerr=False) if cmd.returncode != 0 and raiseonerr: raise SSSDException("Error: %s", cmd.stderr_text) elif cmd.returncode != 0: From cbd479d76aafbfe48ba89b21866147107d8c7a19 Mon Sep 17 00:00:00 2001 From: Jakub Vavra <jvavra@redhat.com> Date: Fri, 15 Dec 2023 13:21:12 +0100 Subject: [PATCH 239/280] Tests: Change path to keytabs to reflect whole domain in them Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com> Reviewed-by: Madhuri Upadhye <mupadhye@redhat.com> (cherry picked from commit a5270f898c6d22141033b9d9e735c09d65a0a83f) --- src/tests/system/mhc.yaml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/src/tests/system/mhc.yaml b/src/tests/system/mhc.yaml index d0e021d7f97..d59d3cf40d7 100644 --- a/src/tests/system/mhc.yaml +++ b/src/tests/system/mhc.yaml @@ -23,8 +23,8 @@ domains: config: client: ipa_domain: ipa.test - krb5_keytab: /enrollment/ipa.keytab - ldap_krb5_keytab: /enrollment/ipa.keytab + krb5_keytab: /enrollment/ipa.test.keytab + ldap_krb5_keytab: /enrollment/ipa.test.keytab - hostname: dc.ad.test role: ad @@ -38,8 +38,8 @@ domains: bindpw: vagrant client: ad_domain: ad.test - krb5_keytab: /enrollment/ad.keytab - ldap_krb5_keytab: /enrollment/ad.keytab + krb5_keytab: /enrollment/ad.test.keytab + ldap_krb5_keytab: /enrollment/ad.test.keytab - hostname: dc.samba.test role: samba @@ -48,8 +48,8 @@ domains: bindpw: Secret123 client: ad_domain: samba.test - krb5_keytab: /enrollment/samba.keytab - ldap_krb5_keytab: /enrollment/samba.keytab + krb5_keytab: /enrollment/samba.test.keytab + ldap_krb5_keytab: /enrollment/samba.test.keytab - hostname: nfs.test role: nfs From 0ae9238340126b8e35675e9c0c15023fcf2231be Mon Sep 17 00:00:00 2001 From: Jakub Vavra <jvavra@redhat.com> Date: Thu, 16 Nov 2023 12:20:15 +0100 Subject: [PATCH 240/280] Tests: Add importance and ticket to multihost Reviewed-by: Scott Poore <spoore@redhat.com> (cherry picked from commit 5fb0a9ddcacd85525a1a96e0611198e239f8f895) --- src/tests/multihost/ad/conftest.py | 2 ++ src/tests/multihost/admultidomain/conftest.py | 2 ++ src/tests/multihost/adsites/conftest.py | 2 ++ src/tests/multihost/alltests/conftest.py | 2 ++ src/tests/multihost/basic/conftest.py | 2 ++ src/tests/multihost/ipa/conftest.py | 2 ++ src/tests/multihost/requirements.txt | 2 ++ 7 files changed, 14 insertions(+) diff --git a/src/tests/multihost/ad/conftest.py b/src/tests/multihost/ad/conftest.py index ccafd102b96..889d6cf098b 100644 --- a/src/tests/multihost/ad/conftest.py +++ b/src/tests/multihost/ad/conftest.py @@ -16,6 +16,8 @@ pytest_plugins = ( 'sssd.testlib.common.fixtures', + 'pytest_importance', + 'pytest_ticket', ) diff --git a/src/tests/multihost/admultidomain/conftest.py b/src/tests/multihost/admultidomain/conftest.py index 2d007b4113b..2fb216d4b80 100644 --- a/src/tests/multihost/admultidomain/conftest.py +++ b/src/tests/multihost/admultidomain/conftest.py @@ -10,6 +10,8 @@ pytest_plugins = ( 'sssd.testlib.common.fixtures', + 'pytest_importance', + 'pytest_ticket', ) diff --git a/src/tests/multihost/adsites/conftest.py b/src/tests/multihost/adsites/conftest.py index 2be0951cdea..e9ab703b1db 100644 --- a/src/tests/multihost/adsites/conftest.py +++ b/src/tests/multihost/adsites/conftest.py @@ -13,6 +13,8 @@ pytest_plugins = ( 'sssd.testlib.common.fixtures', + 'pytest_importance', + 'pytest_ticket', ) diff --git a/src/tests/multihost/alltests/conftest.py b/src/tests/multihost/alltests/conftest.py index 97454560877..0f1e5474db0 100644 --- a/src/tests/multihost/alltests/conftest.py +++ b/src/tests/multihost/alltests/conftest.py @@ -20,6 +20,8 @@ pytest_plugins = ( 'sssd.testlib.common.fixtures', + 'pytest_importance', + 'pytest_ticket', ) diff --git a/src/tests/multihost/basic/conftest.py b/src/tests/multihost/basic/conftest.py index dcedcc1d99a..de3318fb3c1 100644 --- a/src/tests/multihost/basic/conftest.py +++ b/src/tests/multihost/basic/conftest.py @@ -18,6 +18,8 @@ pytest_plugins = ( 'sssd.testlib.common.fixtures', + 'pytest_importance', + 'pytest_ticket', ) diff --git a/src/tests/multihost/ipa/conftest.py b/src/tests/multihost/ipa/conftest.py index a33815e65d3..adc382aca32 100644 --- a/src/tests/multihost/ipa/conftest.py +++ b/src/tests/multihost/ipa/conftest.py @@ -15,6 +15,8 @@ pytest_plugins = ( 'sssd.testlib.common.fixtures', + 'pytest_importance', + 'pytest_ticket', ) diff --git a/src/tests/multihost/requirements.txt b/src/tests/multihost/requirements.txt index c5f8139a767..c6e30a37092 100644 --- a/src/tests/multihost/requirements.txt +++ b/src/tests/multihost/requirements.txt @@ -5,3 +5,5 @@ python-ldap PyYAML pymmh3 ssh2-python +git+https://github.com/next-actions/pytest-importance +git+https://github.com/next-actions/pytest-ticket From 854edfb002c149ce171636f2e6319cd7bc416e31 Mon Sep 17 00:00:00 2001 From: Jakub Vavra <jvavra@redhat.com> Date: Wed, 20 Dec 2023 12:34:41 +0100 Subject: [PATCH 241/280] Tests: Revert change of retun type of realm_join I looks like realm join return value was parsed in one place so I am reverting the mishap change of the return type. Reviewed-by: Anuj Borah <aborah@redhat.com> Reviewed-by: Shridhar Gadekar <sgadekar@redhat.com> (cherry picked from commit b66035f3d60eea4289206d0b30c3058d18149cb4) --- src/tests/multihost/sssd/testlib/common/utils.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/tests/multihost/sssd/testlib/common/utils.py b/src/tests/multihost/sssd/testlib/common/utils.py index e8a0a11761a..f57787a1d3c 100644 --- a/src/tests/multihost/sssd/testlib/common/utils.py +++ b/src/tests/multihost/sssd/testlib/common/utils.py @@ -440,7 +440,7 @@ def realm_join(self, domainname, admin_password, self.multihost.run_command("cat /etc/krb5.conf", raiseonerr=False) self.multihost.run_command("resolvectl dns", raiseonerr=False) raise SSSDException("Error: %s" % cmd.stderr_text) - return cmd.returncode == 0 + return cmd.stderr_text def realm_leave(self, domainname, raiseonerr=True): From 033f3db098c8e9ab99b1b249c716bd416dd20887 Mon Sep 17 00:00:00 2001 From: Andre Boscatto <andreboscatto@gmail.com> Date: Fri, 15 Dec 2023 13:42:49 +0100 Subject: [PATCH 242/280] man: fix wrong product name Resolves: https://github.com/SSSD/sssd/issues/7094 Reviewed-by: Alexey Tikhonov <atikhono@redhat.com> Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com> (cherry picked from commit 9abcaf90580346ee15ea9f08ec40ce0f5a805cd4) --- src/man/sssd.conf.5.xml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/man/sssd.conf.5.xml b/src/man/sssd.conf.5.xml index 6de37b0a823..e7a8cbd9a40 100644 --- a/src/man/sssd.conf.5.xml +++ b/src/man/sssd.conf.5.xml @@ -3039,7 +3039,7 @@ pam_gssapi_indicators_map = sudo:pkinit, sudo-i:pkinit configuring LDAP. </para> <para> - <quote>ipa</quote>: FreeIPA and Red Hat Enterprise + <quote>ipa</quote>: FreeIPA and Red Hat Identity Management provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> @@ -3150,7 +3150,7 @@ pam_gssapi_indicators_map = sudo:pkinit, sudo-i:pkinit </citerefentry> for more information on configuring Kerberos. </para> <para> - <quote>ipa</quote>: FreeIPA and Red Hat Enterprise + <quote>ipa</quote>: FreeIPA and Red Hat Identity Management provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> @@ -3201,7 +3201,7 @@ pam_gssapi_indicators_map = sudo:pkinit, sudo-i:pkinit </citerefentry> for more information on configuring LDAP. </para> <para> - <quote>ipa</quote>: FreeIPA and Red Hat Enterprise + <quote>ipa</quote>: FreeIPA and Red Hat Identity Management provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> @@ -3264,7 +3264,7 @@ pam_gssapi_indicators_map = sudo:pkinit, sudo-i:pkinit </citerefentry> for more information on configuring Kerberos. </para> <para> - <quote>ipa</quote>: FreeIPA and Red Hat Enterprise + <quote>ipa</quote>: FreeIPA and Red Hat Identity Management provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> From 02c18320458eaae5faec05cc27139ebf5b35ac7c Mon Sep 17 00:00:00 2001 From: Justin Stephenson <jstephen@redhat.com> Date: Fri, 8 Dec 2023 14:45:34 -0500 Subject: [PATCH 243/280] Passkey: Fix coverity memory overrun error Fix for: CID 336599: Memory - corruptions (OVERRUN) Overrunning dynamic array "result_creds" by passing it to a function that accesses it at byte "creds_len". Reviewed-by: Alexey Tikhonov <atikhono@redhat.com> Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com> (cherry picked from commit 1d33bde42aa747e18c4ab8f202ec1053fd9ab6a0) --- src/krb5_plugin/passkey/passkey_utils.c | 37 ++++++++++++++++--------- 1 file changed, 24 insertions(+), 13 deletions(-) diff --git a/src/krb5_plugin/passkey/passkey_utils.c b/src/krb5_plugin/passkey/passkey_utils.c index 74a9694621d..e73da97c53b 100644 --- a/src/krb5_plugin/passkey/passkey_utils.c +++ b/src/krb5_plugin/passkey/passkey_utils.c @@ -602,31 +602,42 @@ sss_passkey_concat_credentials(char **creds, { krb5_error_code ret; char *result_creds = NULL; - char *tmp_creds = NULL; - size_t creds_len = 0; + size_t total_sz = 0; + size_t len = 0; + int rc = 0; + + for (int i = 0; creds[i] != NULL; i++) { + total_sz += strlen(creds[i]); + if (i > 0) { + /* separating comma in resulting creds string */ + total_sz++; + } + } - result_creds = strdup(creds[0]); + result_creds = malloc(total_sz + 1); if (result_creds == NULL) { - ret = ENOENT; + ret = ENOMEM; goto done; } - creds_len += strlen(creds[0] + 1); + len = strlen(creds[0]); - for (int i = 1; creds[i] != NULL; i++) { - strcat(result_creds, ","); - creds_len += strlen(creds[i]) + 1; + rc = snprintf(result_creds, len + 1, "%s", creds[0]); + if (rc < 0 || rc > len) { + ret = ENOMEM; + free(result_creds); + goto done; + } - tmp_creds = realloc(result_creds, creds_len); - if (tmp_creds == NULL) { + for (int i = 1; creds[i] != NULL; i++) { + rc = snprintf(result_creds + len, total_sz - len + 1, ",%s", creds[i]); + if (rc < 0 || rc > total_sz - len) { ret = ENOMEM; free(result_creds); goto done; } - result_creds = tmp_creds; - - strncat(result_creds, creds[i], creds_len); + len += rc; } *_creds_str = result_creds; From f5e3bb391d1317104f1b32553c9b1065ee380b92 Mon Sep 17 00:00:00 2001 From: Justin Stephenson <jstephen@redhat.com> Date: Mon, 11 Dec 2023 10:42:53 -0500 Subject: [PATCH 244/280] Passkey: Fix coverity RESOURCE_LEAK Fix for: CID 470374: Resource leaks (RESOURCE_LEAK) Variable "prompt_reply" going out of scope leaks the storage it points to. Reviewed-by: Alexey Tikhonov <atikhono@redhat.com> Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com> (cherry picked from commit a134074c2ecea50d6ccee80e969b436887c5ef68) --- src/krb5_plugin/passkey/passkey_clpreauth.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/krb5_plugin/passkey/passkey_clpreauth.c b/src/krb5_plugin/passkey/passkey_clpreauth.c index 345b8b85c0e..4acf7145889 100644 --- a/src/krb5_plugin/passkey/passkey_clpreauth.c +++ b/src/krb5_plugin/passkey/passkey_clpreauth.c @@ -269,7 +269,7 @@ sss_passkeycl_process(krb5_context context, const char *state; char prompt_answer[255] = {0}; int answer_len; - const char *prompt_reply = NULL; + char *prompt_reply = NULL; uint8_t *reply = NULL; const char *answer; @@ -362,9 +362,9 @@ sss_passkeycl_process(krb5_context context, done: sss_passkey_message_free(reply_message); sss_passkey_message_free(input_message); - if (reply != NULL) { - free(reply); - } + free(reply); + free(prompt_reply); + return ret; } From 51f90318be5b9bbbabd1c34101c7b882c3c0aac3 Mon Sep 17 00:00:00 2001 From: Justin Stephenson <jstephen@redhat.com> Date: Tue, 12 Dec 2023 08:33:18 -0500 Subject: [PATCH 245/280] Passkey: Fix valgrind error and missing free ==367086== Conditional jump or move depends on uninitialised value(s) ==367086== at 0x12BF1A31: string_get (load.c:894) ==367086== by 0x12BF291D: stream_get.part.0 (load.c:158) ==367086== by 0x12BF3182: UnknownInlinedFun (load.c:154) ==367086== by 0x12BF3182: UnknownInlinedFun (load.c:227) ==367086== by 0x12BF3182: lex_scan.isra.0 (load.c:573) ==367086== by 0x12BF7F6A: parse_json (load.c:868) ==367086== by 0x12BF80C8: json_loads (load.c:920) ==367086== by 0x12BDDFD9: sss_passkey_message_from_reply_json (passkey_utils.c:544) ==367086== by 0x12BDCA76: sss_passkeycl_process (passkey_clpreauth.c:321) ==367086== by 0x4906215: UnknownInlinedFun (preauth2.c:352) ==367086== by 0x4906215: UnknownInlinedFun (preauth2.c:679) ==367086== by 0x4906215: k5_preauth (preauth2.c:1018) ==367086== by 0x48F9489: UnknownInlinedFun (get_in_tkt.c:1351) ==367086== by 0x48F9489: UnknownInlinedFun (get_in_tkt.c:1912) ==367086== by 0x48F9489: krb5_init_creds_step (get_in_tkt.c:1868) ==367086== by 0x48FA43A: k5_init_creds_get (get_in_tkt.c:564) ==367086== by 0x48FB3EB: k5_get_init_creds (get_in_tkt.c:1978) ==367086== by 0x48FB817: krb5_get_init_creds_password (gic_pwd.c:210) Reviewed-by: Alexey Tikhonov <atikhono@redhat.com> Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com> (cherry picked from commit 22d35690b6379a59b1bdfc5c20812b792e76af02) --- src/krb5_plugin/passkey/passkey_clpreauth.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/krb5_plugin/passkey/passkey_clpreauth.c b/src/krb5_plugin/passkey/passkey_clpreauth.c index 4acf7145889..d2dfe6fe15d 100644 --- a/src/krb5_plugin/passkey/passkey_clpreauth.c +++ b/src/krb5_plugin/passkey/passkey_clpreauth.c @@ -167,7 +167,7 @@ sss_passkeycl_exec_child(struct sss_passkey_challenge *data, int ret = 0; char *result_creds; - buf = malloc(CHILD_MSG_CHUNK); + buf = calloc(1, CHILD_MSG_CHUNK); if (buf == NULL) { ret = ENOMEM; return ret; @@ -361,6 +361,7 @@ sss_passkeycl_process(krb5_context context, done: sss_passkey_message_free(reply_message); + sss_passkey_message_free(reply_msg); sss_passkey_message_free(input_message); free(reply); free(prompt_reply); From 160738ee8e4eaf59cf81eae13fa65a4b53700c0d Mon Sep 17 00:00:00 2001 From: Alexey Tikhonov <atikhono@redhat.com> Date: Fri, 8 Dec 2023 19:02:24 +0100 Subject: [PATCH 246/280] SSS_CLIENT: MC: in case mem-cache file validation fails, MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit don't return anything but EINVAL, because `_nss_sss_*()` functions can have a special handling for other error codes (for ERANGE in particular). Reviewed-by: Alejandro López <allopez@redhat.com> Reviewed-by: Sumit Bose <sbose@redhat.com> Reviewed-by: Tomáš Halman <thalman@redhat.com> (cherry picked from commit 958a5e25c447dc502e8f8fbecf3253e62f92b0b2) --- src/sss_client/nss_mc_common.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/sss_client/nss_mc_common.c b/src/sss_client/nss_mc_common.c index e227c0bae36..37119fa8d39 100644 --- a/src/sss_client/nss_mc_common.c +++ b/src/sss_client/nss_mc_common.c @@ -79,17 +79,17 @@ static errno_t sss_nss_mc_validate(struct sss_cli_mc_ctx *ctx) } if (fstat(ctx->fd, &fdstat) == -1) { - return errno; + return EINVAL; } /* Memcache was removed. */ if (fdstat.st_nlink == 0) { - return ENOENT; + return EINVAL; } /* Invalid size. */ if (fdstat.st_size != ctx->mmap_size) { - return ERANGE; + return EINVAL; } return EOK; From a186224d6e1ce0c91507df58fec424209a307fe3 Mon Sep 17 00:00:00 2001 From: Alexey Tikhonov <atikhono@redhat.com> Date: Fri, 15 Dec 2023 14:52:51 +0100 Subject: [PATCH 247/280] SSS_CLIENT: check if mem-cache fd was hijacked MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Real life example would be: https://github.com/TigerVNC/tigervnc/blob/effd854bfd19654fa67ff3d39514a91a246b8ae6/unix/xserver/hw/vnc/xvnc.c#L369 - TigerVNC unconditionally overwrites fd=3 Resolves: https://github.com/SSSD/sssd/issues/6986 Reviewed-by: Alejandro López <allopez@redhat.com> Reviewed-by: Sumit Bose <sbose@redhat.com> Reviewed-by: Tomáš Halman <thalman@redhat.com> (cherry picked from commit 0344c41aca0d6fcaa33e081ed77297607e48ced4) --- src/sss_client/nss_mc.h | 6 ++++-- src/sss_client/nss_mc_common.c | 10 ++++++++++ 2 files changed, 14 insertions(+), 2 deletions(-) diff --git a/src/sss_client/nss_mc.h b/src/sss_client/nss_mc.h index 9ab2736fa6b..646861ba522 100644 --- a/src/sss_client/nss_mc.h +++ b/src/sss_client/nss_mc.h @@ -53,6 +53,8 @@ struct sss_cli_mc_ctx { pthread_mutex_t *mutex; #endif int fd; + ino_t fd_inode; + dev_t fd_device; uint32_t seed; /* seed from the tables header */ @@ -69,9 +71,9 @@ struct sss_cli_mc_ctx { }; #if HAVE_PTHREAD -#define SSS_CLI_MC_CTX_INITIALIZER(mtx) {UNINITIALIZED, (mtx), -1, 0, NULL, 0, NULL, 0, NULL, 0, 0} +#define SSS_CLI_MC_CTX_INITIALIZER(mtx) {UNINITIALIZED, (mtx), -1, 0, 0, 0, NULL, 0, NULL, 0, NULL, 0, 0} #else -#define SSS_CLI_MC_CTX_INITIALIZER {UNINITIALIZED, -1, 0, NULL, 0, NULL, 0, NULL, 0, 0} +#define SSS_CLI_MC_CTX_INITIALIZER {UNINITIALIZED, -1, 0, 0, 0, NULL, 0, NULL, 0, NULL, 0, 0} #endif errno_t sss_nss_mc_get_ctx(const char *name, struct sss_cli_mc_ctx *ctx); diff --git a/src/sss_client/nss_mc_common.c b/src/sss_client/nss_mc_common.c index 37119fa8d39..17683ac0e5e 100644 --- a/src/sss_client/nss_mc_common.c +++ b/src/sss_client/nss_mc_common.c @@ -87,6 +87,12 @@ static errno_t sss_nss_mc_validate(struct sss_cli_mc_ctx *ctx) return EINVAL; } + /* FD was hijacked */ + if ((fdstat.st_dev != ctx->fd_device) || (fdstat.st_ino != ctx->fd_inode)) { + ctx->fd = -1; /* don't ruin app even if it's misbehaving */ + return EINVAL; + } + /* Invalid size. */ if (fdstat.st_size != ctx->mmap_size) { return EINVAL; @@ -161,6 +167,8 @@ static void sss_nss_mc_destroy_ctx(struct sss_cli_mc_ctx *ctx) close(ctx->fd); } ctx->fd = -1; + ctx->fd_inode = 0; + ctx->fd_device = 0; ctx->seed = 0; ctx->data_table = NULL; @@ -202,6 +210,8 @@ static errno_t sss_nss_mc_init_ctx(const char *name, ret = EIO; goto done; } + ctx->fd_inode = fdstat.st_ino; + ctx->fd_device = fdstat.st_dev; if (fdstat.st_size < MC_HEADER_SIZE) { ret = ENOMEM; From abb146e1487598c0e4fa2cdc826b7388db46f9bc Mon Sep 17 00:00:00 2001 From: Alexey Tikhonov <atikhono@redhat.com> Date: Wed, 20 Dec 2023 09:43:48 +0100 Subject: [PATCH 248/280] SSS_CLIENT: check if reponder socket was hijacked MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Real life example would be: https://github.com/TigerVNC/tigervnc/blob/effd854bfd19654fa67ff3d39514a91a246b8ae6/unix/xserver/hw/vnc/xvnc.c#L369 - TigerVNC unconditionally overwrites fd=3 Reviewed-by: Alejandro López <allopez@redhat.com> Reviewed-by: Sumit Bose <sbose@redhat.com> Reviewed-by: Tomáš Halman <thalman@redhat.com> (cherry picked from commit 2bcfb7f9238c27025e99e6445e9ba799e0bde7b8) --- src/sss_client/common.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/src/sss_client/common.c b/src/sss_client/common.c index 1075af94196..702d0597d11 100644 --- a/src/sss_client/common.c +++ b/src/sss_client/common.c @@ -746,6 +746,16 @@ static enum sss_status sss_cli_check_socket(int *errnop, myself_ino = myself_sb.st_ino; } + /* check if the socket has been hijacked */ + if (sss_cli_sd_get() != -1) { + ret = fstat(sss_cli_sd_get(), &mypid_sb); + if ((ret != 0) || (!S_ISSOCK(mypid_sb.st_mode)) + || (mypid_sb.st_dev != sss_cli_sb->st_dev) + || (mypid_sb.st_ino != sss_cli_sb->st_ino)) { + sss_cli_sd_set(-1); /* don't ruin app even if it's misbehaving */ + } + } + /* check if the socket has been closed on the other side */ if (sss_cli_sd_get() != -1) { struct pollfd pfd; From 8bf25b6cd4483eebd1d77c6f0ec5ae28376b349e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com> Date: Thu, 7 Dec 2023 15:39:07 +0100 Subject: [PATCH 249/280] scripts: sign tarball with sssd project key ... also switch to gpg2. Reviewed-by: Alexey Tikhonov <atikhono@redhat.com> Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com> (cherry picked from commit 2e75d735e963dc1f5399648a804c9ccc89721261) --- scripts/release.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/release.sh b/scripts/release.sh index 02a1e2f3b2c..607086794f7 100755 --- a/scripts/release.sh +++ b/scripts/release.sh @@ -25,5 +25,5 @@ make dist-gzip || exit 1 # also builds docs popd mv sssd-${version}/sssd-${version}.tar.gz . -gpg --detach-sign --armor sssd-${version}.tar.gz +gpg2 --default-key C13CD07FFB2DB1408E457A3CD3D21B2910CF6759 --detach-sign --armor sssd-${version}.tar.gz From 5c224730acdd1dbc99010435a03052c24da1f960 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com> Date: Thu, 7 Dec 2023 15:40:37 +0100 Subject: [PATCH 250/280] scripts: create checksum file for release tarball Reviewed-by: Alexey Tikhonov <atikhono@redhat.com> Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com> (cherry picked from commit c7a6e62d1a8f0c3a9424ad01555b24c0f67b4251) --- scripts/release.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/release.sh b/scripts/release.sh index 607086794f7..54509f89d51 100755 --- a/scripts/release.sh +++ b/scripts/release.sh @@ -26,4 +26,4 @@ popd mv sssd-${version}/sssd-${version}.tar.gz . gpg2 --default-key C13CD07FFB2DB1408E457A3CD3D21B2910CF6759 --detach-sign --armor sssd-${version}.tar.gz - +sha256sum sssd-${version}.tar.gz > sssd-${version}.tar.gz.sha256sum From 46f4161e89074ad72a92d344c8157ed37fe93321 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Alejandro=20L=C3=B3pez?= <allopez@redhat.com> Date: Mon, 18 Dec 2023 11:37:29 +0100 Subject: [PATCH 251/280] KCM: Fix a memory "leak" When an operation is processed, a buffer is allocated for the reply and its parent is the client context (struct cli_ctx). This buffer is not explicitly freed but it is released when the client context is freed. With each operation a new buffer is allocated and the previous one gets "lost." This is not an actual leak because the lost buffers are released by talloc once the client context is freed, when the connection is closed. But on long-lived connections this can consume a large amount of memory before the connection is closed. To solve this, the request context (struct kcm_req_ctx) is the new parent of the buffer. The request is freed as soon as the operation is completed and no buffer gets lost. Resolves: https://github.com/SSSD/sssd/issues/7072 Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com> Reviewed-by: Sumit Bose <sbose@redhat.com> (cherry picked from commit cbae6855320b53f3f2bdc0e11c5a9c8eb84daf87) --- src/responder/kcm/kcmsrv_cmd.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/responder/kcm/kcmsrv_cmd.c b/src/responder/kcm/kcmsrv_cmd.c index 1f60d1a1425..9c37e3cf095 100644 --- a/src/responder/kcm/kcmsrv_cmd.c +++ b/src/responder/kcm/kcmsrv_cmd.c @@ -350,7 +350,7 @@ static void kcm_send_reply(struct kcm_req_ctx *req_ctx) cctx = req_ctx->cctx; - ret = kcm_output_construct(cctx, &req_ctx->op_io, &req_ctx->repbuf); + ret = kcm_output_construct(req_ctx, &req_ctx->op_io, &req_ctx->repbuf); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, "Cannot construct the reply buffer, terminating client\n"); From 8a78c75abf3c536292455d85891b2d2e6e0a92d5 Mon Sep 17 00:00:00 2001 From: Patrik Rosecky <prosecky@redhat.com> Date: Thu, 9 Nov 2023 11:15:29 +0100 Subject: [PATCH 252/280] Tests: multihost/test_sssctl_analyzer.py converted to system/test_sssctl_analyze.py MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Reviewed-by: Jakub Vávra <jvavra@redhat.com> Reviewed-by: Justin Stephenson <jstephen@redhat.com> (cherry picked from commit 543eda1953652494c594ce1f4bf1ed0ca6ac1b42) --- .../alltests/test_sssctl_analyzer.py | 12 +- src/tests/system/tests/test_sssctl_analyze.py | 282 ++++++++++++++++++ 2 files changed, 291 insertions(+), 3 deletions(-) create mode 100644 src/tests/system/tests/test_sssctl_analyze.py diff --git a/src/tests/multihost/alltests/test_sssctl_analyzer.py b/src/tests/multihost/alltests/test_sssctl_analyzer.py index 487f97bed7b..e2ed20770e5 100644 --- a/src/tests/multihost/alltests/test_sssctl_analyzer.py +++ b/src/tests/multihost/alltests/test_sssctl_analyzer.py @@ -34,6 +34,7 @@ def analyze(multihost, req_arg, op_arg=None): @pytest.mark.tier1_4 class TestSssctlAnalyze(object): """ sssctl analyze test suite """ + @pytest.mark.converted('test_sssctl_analyze.py', 'test_sssctl_analyze__list') def test_analyze_list(self, multihost, backupsssdconf): """ :title: sssctl analyze list to show captured nss related @@ -74,7 +75,7 @@ def test_analyze_list(self, multihost, backupsssdconf): multihost.client[0].run_command(i_cmd, raiseonerr=False) for act_op in ['list', 'list -v']: _, stdout = analyze(multihost, act_op) - assert all(ptn in stdout for ptn in ['id', 'getent']) + assert all(ptn in stdout for ptn in [' id', 'getent']) tools.clear_sssd_cache() g_cmd = f'getent passwd foo1@{ds_instance_name}' multihost.client[0].run_command(g_cmd, raiseonerr=False) @@ -82,6 +83,7 @@ def test_analyze_list(self, multihost, backupsssdconf): _, stdout = analyze(multihost, act_op) assert all(ptn in stdout for ptn in ['CID #1', 'getent']) + @pytest.mark.converted('test_sssctl_analyze.py', 'test_sssctl_analyze__non_default_log_location') def test_analyze_diff_log_location(self, multihost, backupsssdconf): """ :title: sssctl analyze able to parse sssd logs from non-default @@ -136,9 +138,10 @@ def test_analyze_diff_log_location(self, multihost, backupsssdconf): assert pam_auth in stdout for act_op in ['list', 'list -v']: _, stdout = analyze(multihost, act_op, log_dir) - assert 'id' in stdout - assert 'sshd' or 'auditd' in stdout + assert ' id' in stdout + assert 'sshd' in stdout or 'auditd' in stdout + @pytest.mark.converted('test_sssctl_analyze.py', 'test_sssctl_analyze__pam_logs') def test_analyze_pam_logs(self, multihost, backupsssdconf): """ :title: sssctl analyze to parse pam requests from logs @@ -177,6 +180,7 @@ def test_analyze_pam_logs(self, multihost, backupsssdconf): for pam_auth in pam_cmds: assert pam_auth in stdout + @pytest.mark.converted('test_sssctl_analyze.py', 'test_sssctl_analyze__tevent_id') def test_analyze_tevent_id(self, multihost, backupsssdconf): """ :title: sssctl analyze to parse tevent chain IDs from logs @@ -210,6 +214,7 @@ def test_analyze_tevent_id(self, multihost, backupsssdconf): _, stdout = analyze(multihost, 'show 1 --pam') assert all(ptn in stdout for ptn in ['RID#', user]) + @pytest.mark.converted('test_sssctl_analyze.py', 'test_sssctl_analyze__parse_child_logs') def test_analyze_parse_child_logs(self, multihost, backupsssdconf): """ :title: sssctl analyze to parse child logs from logs @@ -257,6 +262,7 @@ def test_analyze_parse_child_logs(self, multihost, backupsssdconf): _, stdout = analyze(multihost, 'show --pam --child 1') assert re.findall(r"RID#[0-9]*] Received error code", stdout) + @pytest.mark.converted('test_sssctl_analyze.py', 'test_sssctl_analyze__root_privileges') @staticmethod def test_non_root_privileged(multihost, localusers): """ diff --git a/src/tests/system/tests/test_sssctl_analyze.py b/src/tests/system/tests/test_sssctl_analyze.py new file mode 100644 index 00000000000..0d2b372848d --- /dev/null +++ b/src/tests/system/tests/test_sssctl_analyze.py @@ -0,0 +1,282 @@ +""" +Automation tests for sssctl analyze + +:requirement: sssctl analyze +""" + +from __future__ import annotations + +import time + +import pytest +from pytest_mh.ssh import SSHAuthenticationError +from sssd_test_framework.roles.client import Client +from sssd_test_framework.roles.ldap import LDAP +from sssd_test_framework.topology import KnownTopology + + +@pytest.mark.tools +@pytest.mark.ticket(bz=1294670) +@pytest.mark.topology(KnownTopology.LDAP) +def test_sssctl_analyze__list(client: Client, ldap: LDAP): + """ + :title: "sssctl analyze request list" show captured nss related requests from sssd log + :setup: + 1. Add user and group + 2. Enable debug_level to 9 in the 'nss', 'pam' and domain section + 3. Start SSSD + :steps: + 1. Call id user1 and getent group group1 + 2. Call sssctl analyze request list, also with -v + 3. Find "getent" and " id" in result + 4. Clear cache + 5. Call getent passwd user + 6. Call sssctl analyze request list, also with -v + 7. Find "CID #1" and "getent" in result + :expectedresults: + 1. Called successfully, information is stored in logs + 2. Called successfully + 3. Strings found + 4. Cache cleared + 5. Called successfully + 6. Called successfully + 7. Strings found + :customerscenario: True + """ + ldap.user("user1").add() + ldap.group("group1").add() + client.sssd.nss["debug_level"] = "9" + client.sssd.pam["debug_level"] = "9" + client.sssd.domain["debug_level"] = "9" + client.sssd.start() + + assert client.tools.getent.group("group1"), "getent group1 failed" + assert client.tools.id("user1"), "id user1 failed" + + res = client.sssctl.analyze_request("list") + assert res.rc == 0, "sssctl analyze call failed" + assert "getent" in res.stdout, "'getent' not found in analyze list output" + assert " id" in res.stdout or "coreutils" in res.stdout, "' id' or 'coreutils' not found in analyze list output" + res = client.sssctl.analyze_request("list -v") + assert res.rc == 0, "sssctl analyze call failed" + assert "getent" in res.stdout, "'getent' not found in analyze list -v output" + assert " id" in res.stdout or "coreutils" in res.stdout, "' id' or 'coreutils' not found in analyze list -v output" + + client.sssd.stop() + client.sssd.clear(db=True, memcache=True, logs=True) + client.sssd.start() + + assert client.tools.getent.passwd("user1") + res = client.sssctl.analyze_request("list") + assert res.rc == 0, "sssctl analyze call failed" + assert "CID #1" in res.stdout, "CID #1 not found in analyze list -v output" + assert "getent" in res.stdout, "getent not found in analyze list -v output" + res = client.sssctl.analyze_request("list -v") + assert res.rc == 0, "sssctl analyze call failed" + assert "CID #1" in res.stdout, "CID #1 not found in analyze list -v output" + assert "getent" in res.stdout, "getent not found in analyze list -v output" + + +@pytest.mark.tools +@pytest.mark.ticket(bz=1294670, gh=6298) +@pytest.mark.topology(KnownTopology.LDAP) +def test_sssctl_analyze__non_default_log_location(client: Client, ldap: LDAP): + """ + :title: "sssctl analyze" parse sssd logs from non-default location when SSSD is not running + :setup: + 1. Add user + 2. Enable debug_level to 9 in the 'nss', 'pam' and domain section + 3. Start SSSD + :steps: + 1. Call id user1 and login user via ssh + 2. Copy sssd logs to diferent location + 3. Stop sssd and remove config, logs and cache + 4. sssctl analyze --logdir PATH parse logs from PATH location + :expectedresults: + 1. Information is stored in logs + 2. Copied successfully + 3. Stopped and cleared successfully + 4. Output is correct + :customerscenario: True + """ + ldap.user("user1").add(password="Secret123") + client.sssd.nss["debug_level"] = "9" + client.sssd.pam["debug_level"] = "9" + client.sssd.domain["debug_level"] = "9" + client.sssd.start() + + assert client.tools.id("user1@test"), "call 'id user1@test' failed" + client.ssh("user1", "Secret123").connect() + + client.fs.copy("/var/log/sssd", "/tmp/copy/") + client.sssd.stop() + client.sssd.clear(config=True, logs=True) + + res = client.sssctl.analyze_request(command="show 1 --pam", logdir="/tmp/copy/") + assert "SSS_PAM_AUTHENTICATE" in res.stdout + assert "SSS_PAM_ACCT_MGMT" in res.stdout + assert "SSS_PAM_SETCRED" in res.stdout + + res = client.sssctl.analyze_request(command="list", logdir="/tmp/copy/") + assert " id" in res.stdout or "coreutils" in res.stdout, "' id' or 'coreutils' not found in analyze list output" + assert "sshd" in res.stdout or "coreutils" in res.stdout, "sshd or coreutils not found in output" + + res = client.sssctl.analyze_request(command="list -v", logdir="/tmp/copy/") + assert " id" in res.stdout or "coreutils" in res.stdout, "' id' or 'coreutils' not found in analyze list -v output" + assert "sshd" in res.stdout or "coreutils" in res.stdout, "sshd or coreutils not found in output" + + +@pytest.mark.tools +@pytest.mark.ticket(bz=1294670) +@pytest.mark.topology(KnownTopology.LDAP) +def test_sssctl_analyze__pam_logs(client: Client, ldap: LDAP): + """ + :title: "sssctl analyze" to parse pam authentication requests from logs + :setup: + 1. Add user + 2. Enable debug_level to 9 in the 'nss', 'pam' and domain section + 3. Start SSSD + 4. Log in as user via ssh + :steps: + 1. sssctl analyze with --pam option + 2. Result of command is login related + :expectedresults: + 1. Called successfully + 2. Output is login related + :customerscenario: True + """ + ldap.user("user1").add() + client.sssd.nss["debug_level"] = "9" + client.sssd.pam["debug_level"] = "9" + client.sssd.start() + + client.ssh("user1", "Secret123").connect() + + result = client.sssctl.analyze_request("show 1 --pam") + assert result.rc == 0 + assert "CID #1" in result.stdout + + assert "SSS_PAM_AUTHENTICATE" in result.stdout + assert "SSS_PAM_ACCT_MGMT" in result.stdout + assert "SSS_PAM_SETCRED" in result.stdout + + +@pytest.mark.tools +@pytest.mark.ticket(bz=2013259) +@pytest.mark.topology(KnownTopology.LDAP) +def test_sssctl_analyze__tevent_id(client: Client, ldap: LDAP): + """ + :title: "sssctl analyze" to parse tevent chain IDs from logs + :setup: + 1. Add user + 2. Enable debug_level to 9 in the 'nss', 'pam' and domain section + 3. Start SSSD + 4. Log in as user via ssh + :steps: + 1. Call sssctl analyze request show 1 --pam + 2. Confirm tevent chain IDs(RID) is showing in logs + :expectedresults: + 1. Called successfully + 2. Output is correct + :customerscenario: True + """ + ldap.user("user1").add() + client.sssd.nss["debug_level"] = "9" + client.sssd.pam["debug_level"] = "9" + client.sssd.domain["debug_level"] = "9" + client.sssd.start() + + client.ssh("user1", "Secret123").connect() + + result = client.sssctl.analyze_request("show 1 --pam") + assert result.rc == 0 + assert "RID#" in result.stdout, "RID# was not found in the output" + assert "user1@test" in result.stdout, "user1@test was not found in the output" + + +@pytest.mark.tools +@pytest.mark.ticket(bz=2013260) +@pytest.mark.topology(KnownTopology.LDAP) +def test_sssctl_analyze__parse_child_logs(client: Client, ldap: LDAP): + """ + :title: "sssctl analyze" to parse child logs + :setup: + 1. Add user + 2. Enable debug_level to 9 in the 'nss', 'pam' and domain section + 3. Start SSSD + :steps: + 1. Log in as user via ssh + 2. Call sssctl analyze to check logs + 3. Clear cache and restart SSSD + 4. Log in as user via ssh with wrong password + 5. Call sssctl analyze to check logs + :expectedresults: + 1. Logged in successfully + 2. Logs contain login related logs + 3. Succesfully + 4. Failed to login + 5. Logs contain info about failed login + :customerscenario: True + """ + ldap.user("user1").add() + client.sssd.nss["debug_level"] = "9" + client.sssd.pam["debug_level"] = "9" + client.sssd.domain["debug_level"] = "9" + client.sssd.start() + + client.ssh("user1", "Secret123").connect() + + result = client.sssctl.analyze_request("show --pam --child 1") + assert result.rc == 0 + assert "user1@test" in result.stdout + assert "SSS_PAM_AUTHENTICATE" in result.stdout + + client.sssd.stop() + client.sssd.clear(db=True, memcache=True, logs=True) + client.sssd.start() + time.sleep(5) + + with pytest.raises(SSHAuthenticationError): + client.ssh("user1", "Wrong").connect() + result = client.sssctl.analyze_request("show --pam --child 1") + assert ( + "Authentication failure to the client" in result.stdout + ), "'Authentication failure to the client' was not found" + + +@pytest.mark.tools +@pytest.mark.ticket(bz=[2142960, 2142794, 2142961]) +@pytest.mark.topology(KnownTopology.LDAP) +def test_sssctl_analyze__root_privileges(client: Client, ldap: LDAP): + """ + :title: "sssctl analyze" command does not require "root" privileges + :setup: + 1. Add user with proper password + 2. Start SSSD + 3. Fetch information about user + 4. Copy logs to different location + 5. Change ownership of copied file to user + :steps: + 1. Call "sssctl analyze --logdir /tmp/copy request show 1" as root + 2. Call "sssctl analyze --logdir /tmp/copy request show 1" as user + 3. Check that outputs match + 4. Username is stored in outputs + :expectedresults: + 1. Called successfully + 2. Called successfully + 3. Outputs are the same + 4. Username is stored in outputs + :customerscenario: True + """ + ldap.user("user1").add(password="Secret123") + client.sssd.start() + client.tools.id("user1") + client.fs.copy("/var/log/sssd", "/tmp/copy/") + client.fs.chown("/tmp/copy", "user1", args=["--recursive"]) + + result_root = client.sssctl.analyze_request(command="show 1", logdir="/tmp/copy") + result_user = client.ssh("user1", "Secret123").run("sssctl analyze --logdir /tmp/copy request show 1") + assert result_root.rc == 0, "sssctl analyze call failed as root" + assert result_user.rc == 0, "sssctl analyze call failed as user1" + assert result_root.stdout == result_user.stdout, "the outputs are different" + assert "user1" in result_user.stdout, "user1 is not in the outputs" From 5a2256cbab41a63fdfce4de2b3c73c8bc82af95d Mon Sep 17 00:00:00 2001 From: Jakub Vavra <jvavra@redhat.com> Date: Thu, 7 Dec 2023 10:20:46 +0100 Subject: [PATCH 253/280] Tests: Add a plugin for a per-test logging Add a pytest plugin to remove / duplicate test log from console and put it into a stand-alone per-test log files. Reviewed-by: Scott Poore <spoore@redhat.com> (cherry picked from commit 9d6caaed3a804978186338c896ce120aa258fffd) --- src/tests/multihost/ad/conftest.py | 1 + src/tests/multihost/admultidomain/conftest.py | 1 + src/tests/multihost/adsites/conftest.py | 1 + src/tests/multihost/alltests/conftest.py | 1 + src/tests/multihost/basic/conftest.py | 1 + src/tests/multihost/ipa/conftest.py | 1 + .../sssd/testlib/common/custom_log.py | 101 ++++++++++++++++++ 7 files changed, 107 insertions(+) create mode 100644 src/tests/multihost/sssd/testlib/common/custom_log.py diff --git a/src/tests/multihost/ad/conftest.py b/src/tests/multihost/ad/conftest.py index 889d6cf098b..e45590ee618 100644 --- a/src/tests/multihost/ad/conftest.py +++ b/src/tests/multihost/ad/conftest.py @@ -18,6 +18,7 @@ 'sssd.testlib.common.fixtures', 'pytest_importance', 'pytest_ticket', + 'sssd.testlib.common.custom_log', ) diff --git a/src/tests/multihost/admultidomain/conftest.py b/src/tests/multihost/admultidomain/conftest.py index 2fb216d4b80..0a8fb4a7c40 100644 --- a/src/tests/multihost/admultidomain/conftest.py +++ b/src/tests/multihost/admultidomain/conftest.py @@ -12,6 +12,7 @@ 'sssd.testlib.common.fixtures', 'pytest_importance', 'pytest_ticket', + 'sssd.testlib.common.custom_log', ) diff --git a/src/tests/multihost/adsites/conftest.py b/src/tests/multihost/adsites/conftest.py index e9ab703b1db..cd2615b4a2d 100644 --- a/src/tests/multihost/adsites/conftest.py +++ b/src/tests/multihost/adsites/conftest.py @@ -15,6 +15,7 @@ 'sssd.testlib.common.fixtures', 'pytest_importance', 'pytest_ticket', + 'sssd.testlib.common.custom_log', ) diff --git a/src/tests/multihost/alltests/conftest.py b/src/tests/multihost/alltests/conftest.py index 0f1e5474db0..ce3edaa3054 100644 --- a/src/tests/multihost/alltests/conftest.py +++ b/src/tests/multihost/alltests/conftest.py @@ -22,6 +22,7 @@ 'sssd.testlib.common.fixtures', 'pytest_importance', 'pytest_ticket', + 'sssd.testlib.common.custom_log', ) diff --git a/src/tests/multihost/basic/conftest.py b/src/tests/multihost/basic/conftest.py index de3318fb3c1..8856fa36002 100644 --- a/src/tests/multihost/basic/conftest.py +++ b/src/tests/multihost/basic/conftest.py @@ -20,6 +20,7 @@ 'sssd.testlib.common.fixtures', 'pytest_importance', 'pytest_ticket', + 'sssd.testlib.common.custom_log', ) diff --git a/src/tests/multihost/ipa/conftest.py b/src/tests/multihost/ipa/conftest.py index adc382aca32..d3a568132bd 100644 --- a/src/tests/multihost/ipa/conftest.py +++ b/src/tests/multihost/ipa/conftest.py @@ -17,6 +17,7 @@ 'sssd.testlib.common.fixtures', 'pytest_importance', 'pytest_ticket', + 'sssd.testlib.common.custom_log', ) diff --git a/src/tests/multihost/sssd/testlib/common/custom_log.py b/src/tests/multihost/sssd/testlib/common/custom_log.py new file mode 100644 index 00000000000..91015f4bef1 --- /dev/null +++ b/src/tests/multihost/sssd/testlib/common/custom_log.py @@ -0,0 +1,101 @@ +from __future__ import annotations +import os +from collections import defaultdict + +import pytest + + +@pytest.hookimpl(tryfirst=True) +def pytest_configure(config: pytest.Config) -> None: + p = CustomLogPlugin(config) + config.pluginmanager.register(p, 'custom_log_plugin') + + +class CustomLogPlugin: + """ + Custom log class to dulicate or remove log from console + and place it inside per-test log files + """ + def __init__(self, config: pytest.Config) -> None: + self.config: pytest.Config = config + self.log_per_test: str = config.getoption("log_per_test") + self.tests = defaultdict(dict) + if self.log_per_test not in ["never", "duplicate"]: + self.config.option.showlocals = True + self.config.option.reportchars = 'a' + self.config.option.tbstyle = 'line' + self.config.option.showcapture = 'no' + self.config.option.capture = 'fd' + + def _write_log(self, test: str, phases: list = None) -> None: + """ + Write log for test, possibly only selected + phases can be written. + """ + if not phases: + _phases = ["setup", "call", "teardown"] + else: + _phases = phases + tr = self.tests[test] + test_name = test.split("::")[-1] + test_name = test_name.translate( + str.maketrans('":<>|*? [', "---------", "]()")) + logdir = os.path.join(os.path.dirname(self.config.option.log_file), + 'logs') + os.makedirs(logdir, exist_ok=True) + logpath = os.path.join(logdir, f'{test_name}.log') + with open(logpath, 'a+') as f: + for phase in _phases: + if phase not in tr: + # We do not fail on missing phase as 'call' + # could be missing when setup failed. + continue + f.write(f"\nPHASE: {phase.upper()} for {test_name}" + f"... [{tr[phase].outcome.upper()}]\n") + if tr[phase].capstdout: + f.write(f"\n=== {test_name} {phase.upper()} OUT ===\n") + f.write(tr[phase].capstdout) + if tr[phase].capstderr: + f.write(f"\n=== {test_name} {phase.upper()} ERR ===\n") + f.write(tr[phase].capstderr) + if tr[phase].caplog: + f.write(f"\n=== {test_name} {phase.upper()} LOG ===\n") + f.write(tr[phase].caplog) + if tr[phase].longreprtext: + f.write(f"'\n=== {test_name} {phase.upper()} INFO ===\n") + f.write(tr[phase].longreprtext) + + def pytest_runtest_logreport(self, report: pytest.TestReport) -> None: + """ + Hook called on finished test setup, call and teardown + """ + self.tests[report.nodeid][report.when] = report + if self.log_per_test == 'always': + # When we write log always we can write it for each phase + # This might help when some phase gets stuck. + self._write_log(report.nodeid, phases=[report.when]) + elif report.when == 'teardown': + # When writing on-failure we need to wait for teardown to decide + test = self.tests[report.nodeid] + if test['setup'].outcome == 'failed' or\ + test['call'].outcome == 'failed' or\ + test['teardown'].outcome == 'failed': + self._write_log(report.nodeid) + + +def pytest_addoption(parser: pytest.Parser) -> None: + """ + Pytest hook: add command line options. + """ + parser.addoption( + "--log-per-test", + action="store", + default="on-failure", + nargs="?", + choices=["never", "on-failure", "always", "duplicate"], + help="Create per-test logfile. 'never': Log everything to console. " + "'duplicate': Log to console and on-failure also to file. " + "'always': Keep console clean and always log to file. " + "'on-failure': Keep console clean and log to file only on " + "a failure. (default: %(default)s)", + ) From 852b9e0c54d13fc48ecf186a378782a5b9046b36 Mon Sep 17 00:00:00 2001 From: Patrik Rosecky <prosecky@redhat.com> Date: Mon, 11 Dec 2023 10:59:31 +0100 Subject: [PATCH 254/280] Tests: alltests/test_config_validation converted MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Reviewed-by: Justin Stephenson <jstephen@redhat.com> Reviewed-by: Tomáš Halman <thalman@redhat.com> (cherry picked from commit d3a2bd0870e2267ebaaf32dab03ab5707be6483c) --- .../alltests/test_config_validation.py | 32 + .../basic/test_sssctl_config_check.py | 2 +- src/tests/system/tests/test_sssctl.py | 689 +++++++++++++++++- 3 files changed, 715 insertions(+), 8 deletions(-) diff --git a/src/tests/multihost/alltests/test_config_validation.py b/src/tests/multihost/alltests/test_config_validation.py index 95f2ea99bb8..0cda3bebc84 100644 --- a/src/tests/multihost/alltests/test_config_validation.py +++ b/src/tests/multihost/alltests/test_config_validation.py @@ -22,6 +22,7 @@ class TestConfigValidation(object): """ SSSD Config Validation """ @pytest.mark.tier1 + @pytest.mark.converted('test_sssctl.py', 'test_sssctl__check_typo_option_name') def test_0001_searchbase(self, multihost, backupsssdconf): """ :title: IDM-SSSD-TC: Configuration validation: Verify typos in option @@ -41,6 +42,7 @@ def test_0001_searchbase(self, multihost, backupsssdconf): assert log_1.search(cmd.stdout_text) @pytest.mark.tier1 + @pytest.mark.converted('test_sssctl.py', 'test_sssctl__check_typo_domain_name') def test_0002_domainname(self, multihost, backupsssdconf): """ :title: IDM-SSSD-TC: Configuration validation: Verify typos in domain @@ -58,6 +60,7 @@ def test_0002_domainname(self, multihost, backupsssdconf): assert log_1.search(cmd.stdout_text) @pytest.mark.tier1 + @pytest.mark.converted('test_sssctl.py', 'test_sssctl__check_invalid_option_name_in_snippet') def test_0003_snippetfile(self, multihost, backupsssdconf): """ :title: IDM-SSSD-TC: Configuration validation: Verify typos in option @@ -79,6 +82,7 @@ def test_0003_snippetfile(self, multihost, backupsssdconf): multihost.client[0].run_command(rm_snippet_file, raiseonerr=False) @pytest.mark.tier1 + @pytest.mark.converted('test_sssctl.py', 'test_sssctl__check_invalid_domain_name_in_snippet') def test_0004_snippetfile(self, multihost, backupsssdconf): """ :title: IDM-SSSD-TC: Configuration validation: Verify typos in domain @@ -100,6 +104,7 @@ def test_0004_snippetfile(self, multihost, backupsssdconf): multihost.client[0].run_command(rm_snippet_file, raiseonerr=False) @pytest.mark.tier1 + @pytest.mark.converted('test_sssctl.py', 'test_sssctl__check_misplaced_option') def test_0005_misplaced(self, multihost, backupsssdconf): """ :title: IDM-SSSD-TC: Configuration validation: Verify misplaced @@ -119,6 +124,7 @@ def test_0005_misplaced(self, multihost, backupsssdconf): assert log.search(cmd.stdout_text) @pytest.mark.tier1 + @pytest.mark.converted('test_sssctl.py', 'test_sssctl__check_typo_option_name') def test_0006_sameerrors(self, multihost, backupsssdconf): """ :title: IDM-SSSD-TC: Configuration validation: Verify same error when @@ -140,6 +146,7 @@ def test_0006_sameerrors(self, multihost, backupsssdconf): assert log_1.search(cmd.stdout_text) @pytest.mark.tier1 + @pytest.mark.converted('test_sssctl.py', 'test_sssctl__missing_equal_sign') def test_0007_equalsign(self, multihost, backupsssdconf): """ :title: IDM-SSSD-TC: Configuration validation: No equal sign between @@ -157,6 +164,7 @@ def test_0007_equalsign(self, multihost, backupsssdconf): print(log.search(cmd.stderr_text)) @pytest.mark.tier1 + @pytest.mark.converted('test_sssctl.py', 'test_sssctl__special_character_option_name') def test_0008_specialcharacter(self, multihost, backupsssdconf): """ :title: IDM-SSSD-TC: Configuration validation: Option name contains @@ -175,6 +183,7 @@ def test_0008_specialcharacter(self, multihost, backupsssdconf): assert log_1.search(cmd.stdout_text) @pytest.mark.tier1 + @pytest.mark.converted('test_sssctl.py', 'test_sssctl__check_typo_domain_name') def test_0009_sectionname(self, multihost, backupsssdconf): """ :title: IDM-SSSD-TC: Configuration validation: Verify typos in @@ -194,6 +203,7 @@ def test_0009_sectionname(self, multihost, backupsssdconf): assert log_1.search(cmd.stdout_text) @pytest.mark.tier1 + @pytest.mark.converted('test_sssctl.py', 'test_sssctl__special_character_section_name') def test_0010_splcharacters(self, multihost, backupsssdconf): """ :title: IDM-SSSD-TC: Configuration validation: Verify typos @@ -213,6 +223,7 @@ def test_0010_splcharacters(self, multihost, backupsssdconf): assert log_1.search(cmd.stdout_text) @pytest.mark.tier1 + @pytest.mark.converted('test_sssctl.py', 'test_sssctl__special_character_domain_name') def test_0011_splcharacters(self, multihost, backupsssdconf): """ :title: IDM-SSSD-TC: Configuration validation: Verify typos (special @@ -232,6 +243,7 @@ def test_0011_splcharacters(self, multihost, backupsssdconf): assert log_1.search(cmd.stdout_text) @pytest.mark.tier1 + @pytest.mark.converted('test_sssctl.py', 'test_sssctl__forward_slash_missing') def test_0012_forwardslash(self, multihost, backupsssdconf): """ :title: IDM-SSSD-TC: Configuration validation: Forward slash is not @@ -250,6 +262,7 @@ def test_0012_forwardslash(self, multihost, backupsssdconf): assert log_1.search(cmd.stdout_text) @pytest.mark.tier1 + @pytest.mark.converted('test_sssctl.py', 'test_sssctl__sssd_section_name_typo') def test_0013_sectiontypos(self, multihost, backupsssdconf): """ :title: IDM-SSSD-TC: Configuration validation: @@ -267,6 +280,7 @@ def test_0013_sectiontypos(self, multihost, backupsssdconf): assert log_1.search(cmd.stdout_text) @pytest.mark.tier1 + @pytest.mark.converted('test_sssctl.py', 'test_sssctl__pam_section_name_typo') def test_0014_pamsection(self, multihost, backupsssdconf): """ :title: IDM-SSSD-TC: Configuration validation: Typos in pam section @@ -283,6 +297,7 @@ def test_0014_pamsection(self, multihost, backupsssdconf): assert log.search(cmd.stdout_text) @pytest.mark.tier1 + @pytest.mark.converted('test_sssctl.py', 'test_sssctl__nss_section_name_typo') def test_0015_nsssection(self, multihost, backupsssdconf): """ :title: IDM-SSSD-TC: Configuration validation: Typos in nss section @@ -299,6 +314,7 @@ def test_0015_nsssection(self, multihost, backupsssdconf): assert log.search(cmd.stdout_text) @pytest.mark.tier1 + @pytest.mark.converted('test_sssctl.py', 'test_sssctl__verify_permission') def test_0016_verifypermission(self, multihost): """ :title: IDM-SSSD-TC: Configuration validation: Verify the permission @@ -317,6 +333,7 @@ def test_0016_verifypermission(self, multihost): multihost.client[0].run_command(restore_mod, raiseonerr=False) @pytest.mark.tier1 + @pytest.mark.converted('test_sssctl.py', 'test_sssctl__verify_ownership') def test_0017_verifyownership(self, multihost): """ :title: IDM-SSSD-TC: Configuration validation: Verify the ownership @@ -344,6 +361,7 @@ def test_0017_verifyownership(self, multihost): multihost.client[0].run_command(restore_chown, raiseonerr=False) @pytest.mark.tier1 + @pytest.mark.converted('test_sssctl.py', 'test_sssctl__verify_missing_closing_bracket') def test_0018_closingbrackets(self, multihost, backupsssdconf): """ :title: IDM-SSSD-TC: Configuration validation: Verify the closing @@ -361,6 +379,7 @@ def test_0018_closingbrackets(self, multihost, backupsssdconf): assert log_1.search(cmd.stderr_text) @pytest.mark.tier1 + @pytest.mark.converted('test_sssctl.py', 'test_sssctl__verify_missing_opening_bracket') def test_0019_openingbracket(self, multihost, backupsssdconf): """ :title: IDM-SSSD-TC: Configuration validation: Check starting square @@ -378,6 +397,7 @@ def test_0019_openingbracket(self, multihost, backupsssdconf): log_1 = re.compile(r'.Equal\ssign\sis\smissing.*') assert log_1.search(cmd.stderr_text) +# Useless? @pytest.mark.tier1 def test_0020_fatalerror(self, multihost, backupsssdconf): """ @@ -401,6 +421,7 @@ def test_0020_fatalerror(self, multihost, backupsssdconf): assert log.search(cmd.stdout_text) @pytest.mark.tier1 + @pytest.mark.converted('test_sssctl.py', 'test_sssctl__verify_typo_in_config_with_two_domains') def test_0021_twodomain(self, multihost, multidomain_sssd): """ :title: IDM-SSSD-TC: Configuration validation: Verify typo in option @@ -422,6 +443,7 @@ def test_0021_twodomain(self, multihost, multidomain_sssd): multihost.client[0].run_command(restore) @pytest.mark.tier1 + @pytest.mark.converted('test_sssctl.py', 'test_sssctl__config_does_not_exist') def test_0022_fatalerror(self, multihost, backupsssdconf): """ :title: IDM-SSSD-TC: Configuration validation: No sssctl commands can @@ -436,6 +458,7 @@ def test_0022_fatalerror(self, multihost, backupsssdconf): assert cmd.returncode == 1 and log.search(cmd.stdout_text) @pytest.mark.tier1 + @pytest.mark.converted('test_sssctl.py', 'test_sssctl__check_ldap_host_object_class_in_domain') def test_0023_checkldaphostobjectdomain(self, multihost, backupsssdconf): """ :title: IDM-SSSD-TC: Configuration validation: Check @@ -452,6 +475,7 @@ def test_0023_checkldaphostobjectdomain(self, multihost, backupsssdconf): assert cmd.returncode == 0 @pytest.mark.tier1 + @pytest.mark.converted('test_sssctl.py', 'test_sssctl__check_ldap_host_object_class_in_sssd') def test_0024_checkldaphostobjectsssd(self, multihost, backupsssdconf): """ :title: IDM-SSSD-TC: Configuration validation: Check @@ -471,6 +495,7 @@ def test_0024_checkldaphostobjectsssd(self, multihost, backupsssdconf): assert log.search(cmd.stdout_text) @pytest.mark.tier1 + @pytest.mark.converted('test_sssctl.py', 'test_sssctl__enabling_2FA') def test_0025_check2FA(self, multihost, backupsssdconf): """ :title: IDM-SSSD-TC: Configuration validation: Check false @@ -496,6 +521,7 @@ def test_0025_check2FA(self, multihost, backupsssdconf): assert cmd.returncode == 0 @pytest.mark.tier1 + @pytest.mark.converted('test_sssctl.py', 'test_sssctl__auto_private_groups_in_child_domain') def test_0026_checkchilddomain(self, multihost, backupsssdconf): """ :title: IDM-SSSD-TC: Configuration validation: sssctl config-check @@ -517,6 +543,7 @@ def test_0026_checkchilddomain(self, multihost, backupsssdconf): assert cmd.returncode == 0 @pytest.mark.tier1 + @pytest.mark.converted('test_sssctl.py', 'test_sssctl__non_default_config_location_snippet_directory') def test_0027_bz1723273(self, multihost, backupsssdconf): """ :title: IDM-SSSD-TC: Configuration merging: sssctl config-check @@ -537,6 +564,8 @@ def test_0027_bz1723273(self, multihost, backupsssdconf): sssctl_check.returncode == 1 @pytest.mark.tier1 + @pytest.mark.converted('test_sssctl.py', 'test_sssctl__non_default_config_location_permission') + @pytest.mark.converted('test_sssctl.py', 'test_sssctl__non_default_config_location_ownership') def test_0028_bz1723273(self, multihost, backupsssdconf): """ :title: IDM-SSSD-TC: Configuration merging: sssctl config-check @@ -560,6 +589,7 @@ def test_0028_bz1723273(self, multihost, backupsssdconf): sssctl_check.returncode == 1 @pytest.mark.tier1 + @pytest.mark.converted('test_sssctl.py', 'test_sssctl__non_default_config_location_option_name_typo') def test_0029_bz1723273(self, multihost, backupsssdconf): """ :title: IDM-SSSD-TC: Configuration validation: Verify typos in option @@ -586,6 +616,7 @@ def test_0029_bz1723273(self, multihost, backupsssdconf): and sssctl_check.returncode == 1 @pytest.mark.tier1 + @pytest.mark.converted('test_sssctl.py', 'test_sssctl__non_default_config_location_snippet_is_present') def test_0030_bz1723273(self, multihost, backupsssdconf): """ :title: IDM-SSSD-TC: Configuration validation: Does not complain @@ -611,6 +642,7 @@ def test_0030_bz1723273(self, multihost, backupsssdconf): and sssctl_check.returncode == 1 @pytest.mark.tier1 + @pytest.mark.converted('test_sssctl.py', 'test_sssctl__non_existing_snippet') def test_0031_bz1723273(self, multihost, backupsssdconf): """ :title: IDM-SSSD-TC: Configuration validation: complains about non diff --git a/src/tests/multihost/basic/test_sssctl_config_check.py b/src/tests/multihost/basic/test_sssctl_config_check.py index 1de2e958d9a..1ada5c762d8 100644 --- a/src/tests/multihost/basic/test_sssctl_config_check.py +++ b/src/tests/multihost/basic/test_sssctl_config_check.py @@ -13,7 +13,7 @@ class TestSssctlConfigCheck(object): - @pytest.mark.converted('test_sssctl.py', 'test_sssctl__typo_option_name') + @pytest.mark.converted('test_sssctl.py', 'test_sssctl__check_typo_option_name') def test_verify_typo_option_name(self, multihost): """ :title: sssctl: Verify typos in option name (not value) diff --git a/src/tests/system/tests/test_sssctl.py b/src/tests/system/tests/test_sssctl.py index 60b3eb3eabd..c575c941d8a 100644 --- a/src/tests/system/tests/test_sssctl.py +++ b/src/tests/system/tests/test_sssctl.py @@ -196,7 +196,7 @@ def test_sssctl__check_typo_option_name(client: Client): :title: sssctl config-check detects mistyped option name :setup: 1. Add wrong_option to domain section - 2. Start SSSD, without config check + 2. Apply config :steps: 1. Call sssctl config-check 2. Check error message @@ -207,14 +207,11 @@ def test_sssctl__check_typo_option_name(client: Client): """ client.sssd.common.local() client.sssd.dom("test")["wrong_option"] = "true" - - client.sssd.start(check_config=False) + client.sssd.config_apply(check_config=False) result = client.sssctl.config_check() - assert result.rc != 0, "Config-check did not detect misconfigured config" - - pattern = re.compile(r"Attribute 'wrong_option' is not allowed.*") - assert pattern.search(result.stdout), "Wrong error message was returned" + assert result.rc != 0, "Config-check did not detect misconfigured config, when SSSD is running" + assert "Attribute 'wrong_option' is not allowed" in result.stdout, "Wrong error message was returned" @pytest.mark.importance("high") @@ -269,3 +266,681 @@ def test_sssctl__check_misplaced_option(client: Client): pattern = re.compile(r".Attribute 'services' is not allowed in section .*") assert pattern.search(result.stdout), "Wrong error message was returned" + + +@pytest.mark.tools +@pytest.mark.topology(KnownTopology.Client) +def test_sssctl__check_invalid_option_name_in_snippet(client: Client): + """ + :title: sssctl config-check detects invalid option name in snippet + :setup: + 1. Create new conf snippet with invalid option name + :steps: + 1. Call sssctl config-check + 2. Check error message + :expectedresults: + 1. config-check detects an error in config snippet + 2. Error message is properly set + :customerscenario: False + """ + client.sssd.common.local() + client.fs.write("/etc/sssd/conf.d/01_snippet.conf", "[domain/local]\ninvalid_option = True", mode="600") + + result = client.sssctl.config_check() + assert result.rc != 0, "Config-check did not detect misconfigured config snippet" + assert "Attribute 'invalid_option' is not allowed" in result.stdout, "Wrong error message was returned" + + +@pytest.mark.tools +@pytest.mark.topology(KnownTopology.Client) +def test_sssctl__check_invalid_domain_name_in_snippet(client: Client): + """ + :title: sssctl config-check detects invalid domain name in snippet + :setup: + 1. Create new conf snippet with invalid domain name + :steps: + 1. Call sssctl config-check + 2. Check error message + :expectedresults: + 1. config-check detects an error in config snippet + 2. Error message is properly set + :customerscenario: False + """ + client.sssd.common.local() + client.fs.write("/etc/sssd/conf.d/01_snippet.conf", "[invalid/local]\ninvalid_option = True", mode="600") + + result = client.sssctl.config_check() + assert result.rc != 0, "Config-check did not detect misconfigured config snippet" + assert "Section [invalid/local] is not allowed" in result.stdout, "Wrong error message was returned" + + +@pytest.mark.tools +@pytest.mark.topology(KnownTopology.Client) +def test_sssctl__missing_equal_sign(client: Client): + """ + :title: sssctl config-check detects missing equals sign + :setup: + 1. Start SSSD, so default config is autimatically created + 2. Edit config file so "=" is missing + :steps: + 1. Call sssctl config-check + 2. Check error message + :expectedresults: + 1. config-check detects an error + 2. Error messages are properly set + :customerscenario: False + """ + client.sssd.common.local() + client.sssd.start() + conf = re.sub("id_provider = ", "id_provider ", client.fs.read("/etc/sssd/sssd.conf")) + client.fs.write("/etc/sssd/sssd.conf", conf, mode="600") + + result = client.sssctl.config_check() + assert result.rc != 0, "Config-check did not detect misconfigured config" + assert "Equal sign is missing" in result.stderr, "Wrong error message on stderr" + + +@pytest.mark.tools +@pytest.mark.topology(KnownTopology.Client) +def test_sssctl__special_character_option_name(client: Client): + """ + :title: option name contains special character + :setup: + 1. Start SSSD, so default config is autimatically created + 2. Edit config file in a way that it contains special character + :steps: + 1. Call sssctl config-check + 2. Check error message + :expectedresults: + 1. config-check detects an error + 2. Error message is properly set + :customerscenario: False + """ + client.sssd.common.local() + client.sssd.start() + conf = re.sub("id_provider", "id_@provider", client.fs.read("/etc/sssd/sssd.conf")) + client.fs.write("/etc/sssd/sssd.conf", conf, mode="600") + + result = client.sssctl.config_check() + assert result.rc != 0, "Config-check did not detect misconfigured config" + assert "Attribute 'id_@provider' is not allowed in section" in result.stdout, "Wrong error message on stdout" + + +@pytest.mark.tools +@pytest.mark.topology(KnownTopology.Client) +def test_sssctl__special_character_section_name(client: Client): + """ + :title: section name contains special character + :setup: + 1. Start SSSD, so default config is autimatically created + 2. Edit config file in a way that it contains special character + :steps: + 1. Call sssctl config-check + 2. Check error message + :expectedresults: + 1. config-check detects an error + 2. Error message is properly set + :customerscenario: False + """ + client.sssd.common.local() + client.sssd.start() + conf = re.sub("domain/", "d$main/", client.fs.read("/etc/sssd/sssd.conf")) + client.fs.write("/etc/sssd/sssd.conf", conf, mode="600") + + result = client.sssctl.config_check() + assert result.rc != 0, "Config-check did not detect misconfigured config" + assert "Section [d$main/local] is not allowed" in result.stdout, "Wrong error message on stdout" + + +@pytest.mark.tools +@pytest.mark.topology(KnownTopology.Client) +def test_sssctl__special_character_domain_name(client: Client): + """ + :title: domain name contains special character + :setup: + 1. Start SSSD, so default config is autimatically created + 2. Edit config file in a way that it contains special character + :steps: + 1. Call sssctl config-check + 2. Check error message + :expectedresults: + 1. config-check detects an error + 2. Error message is properly set + :customerscenario: False + """ + client.sssd.common.local() + client.sssd.start() + conf = re.sub("domain/local", "domain/local@", client.fs.read("/etc/sssd/sssd.conf")) + client.fs.write("/etc/sssd/sssd.conf", conf, mode="600") + + result = client.sssctl.config_check() + assert result.rc != 0, "Config-check did not detect misconfigured config" + assert "Section [domain/local@] is not allowed" in result.stdout, "Wrong error message on stdout" + + +@pytest.mark.tools +@pytest.mark.topology(KnownTopology.Client) +def test_sssctl__forward_slash_missing(client: Client): + """ + :title: Forward slash is not present between domain name and section name + :setup: + 1. Start SSSD, so default config is autimatically created + 2. Edit config file in a way that forward slash is missing in section name + :steps: + 1. Call sssctl config-check + 2. Check error message + :expectedresults: + 1. config-check detects an error + 2. Error message is properly set + :customerscenario: False + """ + client.sssd.common.local() + client.sssd.start() + conf = re.sub("domain/local", "domainlocal", client.fs.read("/etc/sssd/sssd.conf")) + client.fs.write("/etc/sssd/sssd.conf", conf, mode="600") + + result = client.sssctl.config_check() + assert result.rc != 0, "Config-check did not detect misconfigured config" + assert "Section [domainlocal] is not allowed" in result.stdout, "Wrong error message on stdout" + + +@pytest.mark.tools +@pytest.mark.topology(KnownTopology.Client) +def test_sssctl__sssd_section_name_typo(client: Client): + """ + :title: Typo in sssd section name + :setup: + 1. Start SSSD, so default config is autimatically created + 2. Edit config file in a way that there is typo in sssd section name + :steps: + 1. Call sssctl config-check + 2. Check error message + :expectedresults: + 1. config-check detects an error + 2. Error message is properly set + :customerscenario: False + """ + client.sssd.common.local() + client.sssd.start() + conf = re.sub(".sssd.", "[sssdx]", client.fs.read("/etc/sssd/sssd.conf")) + client.fs.write("/etc/sssd/sssd.conf", conf, mode="600") + + result = client.sssctl.config_check() + assert result.rc != 0, "Config-check did not detect misconfigured config" + assert "Section [sssdx] is not allowed" in result.stdout, "Wrong error message on stdout" + + +@pytest.mark.tools +@pytest.mark.topology(KnownTopology.Client) +def test_sssctl__pam_section_name_typo(client: Client): + """ + :title: Typo in pam section name + :setup: + 1. Start SSSD, so default config is autimatically created + 2. Edit config file in a way that there is typo in sssd section name + :steps: + 1. Call sssctl config-check + 2. Check error message + :expectedresults: + 1. config-check detects an error + 2. Error message is properly set + :customerscenario: False + """ + client.sssd.common.local() + client.sssd.start() + conf = re.sub(".pam.", "[pamx]", client.fs.read("/etc/sssd/sssd.conf")) + client.fs.write("/etc/sssd/sssd.conf", conf, mode="600") + + result = client.sssctl.config_check() + assert result.rc != 0, "Config-check did not detect misconfigured config" + assert "Section [pamx] is not allowed" in result.stdout, "Wrong error message on stdout" + + +@pytest.mark.tools +@pytest.mark.topology(KnownTopology.Client) +def test_sssctl__nss_section_name_typo(client: Client): + """ + :title: Typo in nss section name + :setup: + 1. Start SSSD, so default config is autimatically created + 2. Edit config file in a way that there is typo in sssd section name + :steps: + 1. Call sssctl config-check + 2. Check error message + :expectedresults: + 1. config-check detects an error + 2. Error message is properly set + :customerscenario: False + """ + client.sssd.common.local() + client.sssd.start() + conf = re.sub(".nss.", "[nssx]", client.fs.read("/etc/sssd/sssd.conf")) + client.fs.write("/etc/sssd/sssd.conf", conf, mode="600") + + result = client.sssctl.config_check() + assert result.rc != 0, "Config-check did not detect misconfigured config" + assert "Section [nssx] is not allowed" in result.stdout, "Wrong error message on stdout" + + +@pytest.mark.tools +@pytest.mark.topology(KnownTopology.Client) +def test_sssctl__verify_permission(client: Client): + """ + :title: Verify the permission of default configuration file + :setup: + 1. Start SSSD, so default config is autimatically created + 2. Change permission of default config file + :steps: + 1. Call sssctl config-check + 2. Check error message + :expectedresults: + 1. config-check detects an error + 2. Error message is properly set + :customerscenario: False + """ + client.sssd.common.local() + client.sssd.start() + client.fs.chmod("0777", "/etc/sssd/sssd.conf") + result = client.sssctl.config_check() + assert result.rc != 0, "Config-check did not detect misconfigured config" + assert "File ownership and permissions check failed" in result.stdout, "Wrong error message on stdout" + + +@pytest.mark.tools +@pytest.mark.topology(KnownTopology.Client) +def test_sssctl__verify_ownership(client: Client): + """ + :title: Verify the ownership of default configuration file + :setup: + 1. Start SSSD, so default config is autimatically created + 2. Change ownership of default config file + :steps: + 1. Call sssctl config-check + 2. Check error message + :expectedresults: + 1. config-check detects an error + 2. Error message is properly set + :customerscenario: False + """ + client.local.user("user1").add() + client.local.group("group1").add() + client.sssd.common.local() + client.sssd.start() + client.fs.chown("/etc/sssd/sssd.conf", "user1", "group1") + result = client.sssctl.config_check() + assert result.rc != 0, "Config-check did not detect misconfigured config" + assert "File ownership and permissions check failed" in result.stdout, "Wrong error message on stdout" + + +@pytest.mark.tools +@pytest.mark.topology(KnownTopology.Client) +def test_sssctl__verify_missing_closing_bracket(client: Client): + """ + :title: Missing closing bracket in sssd section name + :setup: + 1. Start SSSD, so default config is autimatically created + 2. Edit config file in a way that there is missing closing bracket + :steps: + 1. Call sssctl config-check + 2. Check error message + :expectedresults: + 1. config-check detects an error + 2. Error message is properly set + :customerscenario: False + """ + client.sssd.common.local() + client.sssd.start() + conf = re.sub(".nss.", "[nssx", client.fs.read("/etc/sssd/sssd.conf")) + client.fs.write("/etc/sssd/sssd.conf", conf, mode="600") + + result = client.sssctl.config_check() + assert result.rc != 0, "Config-check did not detect misconfigured config" + assert "No closing bracket" in result.stderr, "Wrong error message on stderr" + + +@pytest.mark.tools +@pytest.mark.topology(KnownTopology.Client) +def test_sssctl__verify_missing_opening_bracket(client: Client): + """ + :title: Missing opening bracket in domain name + :setup: + 1. Start SSSD, so default config is autimatically created + 2. Edit config file in a way that there is missing opening bracket + :steps: + 1. Call sssctl config-check + 2. Check error message + :expectedresults: + 1. config-check detects an error + 2. Error message is properly set + :customerscenario: False + """ + client.sssd.common.local() + client.sssd.start() + conf = re.sub(".domain/local.", "domain/local]", client.fs.read("/etc/sssd/sssd.conf")) + client.fs.write("/etc/sssd/sssd.conf", conf, mode="600") + + result = client.sssctl.config_check() + assert result.rc != 0, "Config-check did not detect misconfigured config" + assert "Equal sign is missing" in result.stderr, "Wrong error message on stderr" + assert "Failed to parse configuration" in result.stderr, "Wrong error message on stderr" + + +@pytest.mark.tools +@pytest.mark.topology(KnownTopology.Client) +def test_sssctl__verify_typo_in_config_with_two_domains(client: Client): + """ + :title: Verify typo in option name with multiple domains in default configuration file + :setup: + 1. Configure two ldap domains + 2. Make typo in both domains + :steps: + 1. Call sssctl config-check + 2. Check error message + :expectedresults: + 1. config-check detects an error + 2. Error messages are properly set + :customerscenario: False + """ + client.sssd.common.local() + client.sssd.dom("ldap1")["ldap_ri"] = "ldaps://invalid" + client.sssd.dom("ldap1")["id_provider"] = "ldap" + client.sssd.dom("ldap2")["ldap_ri"] = "ldaps://invalid" + client.sssd.dom("ldap2")["id_provider"] = "ldap" + client.sssd.sssd["domains"] = "ldap1, ldap2" + client.sssd.config_apply(check_config=False) + + res = client.sssctl.config_check() + assert res.rc != 0, "Config-check did not detect misconfigured config" + assert "Issues identified by validators: 2" in res.stdout, "Wrong number of issues found by validators" + assert "Attribute 'ldap_ri' is not allowed in section 'domain/ldap1'" in res.stdout, "Wrong error message" + assert "Attribute 'ldap_ri' is not allowed in section 'domain/ldap2'" in res.stdout, "Wrong error message" + + +@pytest.mark.tools +@pytest.mark.topology(KnownTopology.Client) +def test_sssctl__config_does_not_exist(client: Client): + """ + :title: sssctl detects missing config + :setup: + 1. Start SSSD, so default config is automatically created + 2. Remove config + :steps: + 1. Call sssctl config-check + 2. Check error message + :expectedresults: + 1. config-check detects an error + 2. Error message is properly set + :customerscenario: False + """ + client.sssd.common.local() + client.sssd.start() + client.fs.rm("/etc/sssd/sssd.conf") + + result = client.sssctl.config_check() + assert result.rc != 0, "Config-check did not detect misconfigured config" + assert "File /etc/sssd/sssd.conf does not exist" in result.stdout, "Wrong error message on stdout" + + +@pytest.mark.tools +@pytest.mark.ticket(bz=1677994) +@pytest.mark.topology(KnownTopology.Client) +def test_sssctl__check_ldap_host_object_class_in_domain(client: Client): + """ + :title: sssctl config-check allow ldap_host_object_class in domain section + :setup: + 1. Add ldap_host_object_class to local domain section + 2. Start SSSD + :steps: + 1. Call sssctl config-check + :expectedresults: + 1. config-check succeed + :customerscenario: True + """ + client.sssd.default_domain = "local" + client.sssd.common.local() + client.sssd.domain["ldap_host_object_class"] = "ipService" + client.sssd.start(check_config=False) + + result = client.sssctl.config_check() + assert result.rc == 0, "Config-check failed" + + +@pytest.mark.tools +@pytest.mark.ticket(bz=1677994) +@pytest.mark.topology(KnownTopology.Client) +def test_sssctl__check_ldap_host_object_class_in_sssd(client: Client): + """ + :title: sssctl config-check do not allow ldap_host_object_class in sssd section + :setup: + 1. Add ldap_host_object_class to sssd section + 2. Start SSSD + :steps: + 1. Call sssctl config-check + :expectedresults: + 1. config-check succeed + :customerscenario: True + """ + client.sssd.common.local() + client.sssd.sssd["ldap_host_object_class"] = "ipService" + client.sssd.start(check_config=False) + + result = client.sssctl.config_check() + assert result.rc != 0, "Config-check did not detect misconfigured config" + assert ( + "Attribute 'ldap_host_object_class' is not allowed in section 'sssd'" in result.stdout + ), "Wrong error message on stdout" + + +@pytest.mark.tools +@pytest.mark.ticket(bz=1856861) +@pytest.mark.topology(KnownTopology.Client) +def test_sssctl__enabling_2FA(client: Client): + """ + :title: False warnings are logged in sssd.log file after enabling 2FA prompting + :setup: + 1. Enable Two factor authentication + 2. Start SSSD + :steps: + 1. Call sssctl config-check + :expectedresults: + 1. config-check succeed + :customerscenario: True + """ + client.sssd.common.local() + client.sssd.section("prompting/2fa/sshd")["first_prompt"] = "Enter OTP Token Value:" + client.sssd.section("prompting/2fa/sshd")["single_prompt"] = "True" + + client.sssd.section("prompting/2fa")["first_prompt"] = "prompt1" + client.sssd.section("prompting/2fa")["second_prompt"] = "prompt2" + client.sssd.section("prompting/2fa")["single_prompt"] = "True" + + client.sssd.start(check_config=False) + result = client.sssctl.config_check() + assert result.rc == 0, "Config-check failed" + + +@pytest.mark.tools +@pytest.mark.ticket(bz=1791892) +@pytest.mark.topology(KnownTopology.Client) +def test_sssctl__auto_private_groups_in_child_domain(client: Client): + """ + :title: sssctl config-check detects false positive when auto_private_groups is enabled or disabled in child domains + :setup: + 1. Enable auto_private_groups in child domain + 2. Disable auto_private_groups in second child domain + 3. Start SSSD + :steps: + 1. Call sssctl config-check + :expectedresults: + 1. config-check succeed + :customerscenario: True + """ + client.sssd.common.local() + client.sssd.sssd["domains"] = "td5f4f77.com" + client.sssd.subdom("td5f4f77.com", "one5f4f77.td5f4f77.com")["auto_private_groups"] = "True" + client.sssd.subdom("td5f4f77.com", "two5f4f77.td5f4f77.com")["auto_private_groups"] = "False" + + client.sssd.start(check_config=False, debug_level=None) + result = client.sssctl.config_check() + assert result.rc == 0, "Config-check failed" + + +@pytest.mark.tools +@pytest.mark.ticket(bz=1723273) +@pytest.mark.topology(KnownTopology.Client) +def test_sssctl__non_default_config_location_snippet_directory(client: Client): + """ + :title: sssctl config-check complains about non existing snippet directory when config is non default + :setup: + 1. Copy sssd.conf file to different directory + :steps: + 1. Call sssctl config-check on that different directory + 2. Check error message + :expectedresults: + 1. config-check failed + 2. Error message is properly set + :customerscenario: True + """ + client.sssd.common.local() + client.sssd.config_apply() + client.fs.mkdir("/tmp/test/") + client.fs.copy("/etc/sssd/sssd.conf", "/tmp/test/") + + result = client.sssctl.config_check(config="/tmp/test/sssd.conf") + assert result.rc != 0, "Config-check successfully finished" + assert "Directory /tmp/test/conf.d does not exist" in result.stdout, "Wrong error message on stdout" + + +@pytest.mark.tools +@pytest.mark.ticket(bz=1723273) +@pytest.mark.topology(KnownTopology.Client) +def test_sssctl__non_default_config_location_permission(client: Client): + """ + :title: sssctl config-check complains about proper permission when config is non default + :setup: + 1. Copy sssd.conf file to different directory and set it wrong permission + :steps: + 1. Call sssctl config-check on that different directory + 2. Check error message + :expectedresults: + 1. config-check failed + 2. Error message is properly set + :customerscenario: True + """ + client.sssd.common.local() + client.sssd.config_apply() + client.fs.mkdir("/tmp/test/") + client.fs.copy("/etc/sssd/sssd.conf", "/tmp/test/sssd.conf", mode="777") + + result = client.sssctl.config_check(config="/tmp/test/sssd.conf") + assert result.rc != 0, "Config-check successfully finished" + assert "File ownership and permissions check failed" in result.stdout, "Wrong error message on stdout" + + +@pytest.mark.tools +@pytest.mark.ticket(bz=1723273) +@pytest.mark.topology(KnownTopology.Client) +def test_sssctl__non_default_config_location_ownership(client: Client): + """ + :title: sssctl config-check complains about proper ownership when config is non default + :setup: + 1. Copy sssd.conf file to different directory and set it wrong ownership + :steps: + 1. Call sssctl config-check on that different directory + 2. Check error message + :expectedresults: + 1. config-check failed + 2. Error message is properly set + :customerscenario: True + """ + client.local.user("user1").add() + client.sssd.common.local() + client.sssd.config_apply() + client.fs.mkdir("/tmp/test/") + client.fs.copy("/etc/sssd/sssd.conf", "/tmp/test/sssd.conf", user="user1") + + result = client.sssctl.config_check(config="/tmp/test/sssd.conf") + assert result.rc != 0, "Config-check successfully finished" + assert "File ownership and permissions check failed" in result.stdout, "Wrong error message on stdout" + + +@pytest.mark.tools +@pytest.mark.ticket(bz=1723273) +@pytest.mark.topology(KnownTopology.Client) +def test_sssctl__non_default_config_location_option_name_typo(client: Client): + """ + :title: sssctl config-check detects typo in option name when config is non default + :setup: + 1. Copy sssd.conf file to different directory and mistype option name + :steps: + 1. Call sssctl config-check on that different directory + 2. Check error message + :expectedresults: + 1. config-check failed + 2. Error message is properly set + :customerscenario: True + """ + client.sssd.common.local() + client.sssd.default_domain = "local" + client.sssd.domain["search_base"] = "True" + client.sssd.config_apply(check_config=False) + + client.fs.mkdir("/tmp/test/") + client.fs.copy("/etc/sssd/sssd.conf", "/tmp/test/") + + result = client.sssctl.config_check(config="/tmp/test/sssd.conf") + assert result.rc != 0, "Config-check successfully finished" + assert ( + "Attribute 'search_base' is not allowed in section 'domain/local'" in result.stdout + ), "Wrong error message on stdout" + + +@pytest.mark.tools +@pytest.mark.ticket(bz=1723273) +@pytest.mark.topology(KnownTopology.Client) +def test_sssctl__non_default_config_location_snippet_is_present(client: Client): + """ + :title: sssctl config-check does not complain about missing snippet directory after adding with proper permission + :setup: + 1. Copy sssd.conf file to different directory and create conf.d directory + :steps: + 1. Call sssctl config-check on that different directory + 2. Check error message + :expectedresults: + 1. config-check failed + 2. Error message is properly set + :customerscenario: True + """ + client.sssd.common.local() + client.sssd.config_apply(check_config=False) + + client.fs.mkdir("/tmp/test/") + client.fs.mkdir("/tmp/test/conf.d", mode="700") + client.fs.copy("/etc/sssd/sssd.conf", "/tmp/test/") + + result = client.sssctl.config_check(config="/tmp/test/sssd.conf") + assert result.rc == 0, "Config-check failed" + assert "Directory /tmp/test/conf.d does not exist" not in result.stdout, "Wrong error message on stdout" + + +@pytest.mark.tools +@pytest.mark.ticket(bz=1723273) +@pytest.mark.topology(KnownTopology.Client) +def test_sssctl__non_existing_snippet(client: Client): + """ + :title: sssctl config-check detects non existing snippet directory + :setup: + 1. Start SSSD, so default config is autimatically created + :steps: + 1. Call sssctl config-check with non existing snippet + 2. Check error message + :expectedresults: + 1. config-check failed + 2. Error message is properly set + :customerscenario: True + """ + client.sssd.common.local() + client.sssd.start() + result = client.sssctl.config_check(snippet="/does/not/exist") + assert result.rc != 0, "Config-check successfully finished" + assert "Directory /does/not/exist does not exist" in result.stdout, "Wrong error message on stdout" From bd9cf6f4dbd8332f8067cba94d5626b247499a03 Mon Sep 17 00:00:00 2001 From: Patrik Rosecky <prosecky@redhat.com> Date: Mon, 23 Oct 2023 15:00:05 +0200 Subject: [PATCH 255/280] Tests: alltests/test_offline.py converted Reviewed-by: Dan Lavu <dlavu@redhat.com> Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com> (cherry picked from commit ea7de588dcf1272dd7284925333b08829adae806) --- src/tests/multihost/alltests/test_offline.py | 16 ++-- src/tests/system/tests/test_offline.py | 92 ++++++++++++++++++++ 2 files changed, 103 insertions(+), 5 deletions(-) create mode 100644 src/tests/system/tests/test_offline.py diff --git a/src/tests/multihost/alltests/test_offline.py b/src/tests/multihost/alltests/test_offline.py index 9243bf8bf34..3f003a675a6 100644 --- a/src/tests/multihost/alltests/test_offline.py +++ b/src/tests/multihost/alltests/test_offline.py @@ -20,6 +20,7 @@ class TestOffline(object): """ This is test case class for ldap offline suite """ + @pytest.mark.converted('test_offline.py', 'test_offline__ldap_log_to_syslog') @pytest.mark.tier1 def test_0001_bz1416150(self, multihost, backupsssdconf): """ @@ -58,6 +59,7 @@ def test_0001_bz1416150(self, multihost, backupsssdconf): else: pytest.fail("Failed to start sssd") + @pytest.mark.converted('test_offline.py', 'test_offline__ldap_network_timeout_parameters_shown_in_logs') @pytest.mark.tier1_2 def test_0002_bz1928648(self, multihost, backupsssdconf): """ @@ -102,11 +104,15 @@ def test_0002_bz1928648(self, multihost, backupsssdconf): assert block_ip.returncode == 0 user = 'foo1@example1' time.sleep(5) - with pytest.raises(Exception): - check_login_client(multihost, user, 'Secret123') - multihost.client[0].run_command(f"iptables " - f"-D OUTPUT -d " - f"{hostname} -j DROP") + try: + with pytest.raises(Exception): + check_login_client(multihost, user, 'Secret123') + except (Exception) as e: + pytest.fail(e) + finally: + multihost.client[0].run_command(f"iptables " + f"-D OUTPUT -d " + f"{hostname} -j DROP") it_cat = "cat /var/log/sssd/sssd_example1.log" cat_read = multihost.client[0].run_command(it_cat) for i in ['ldap_opt_timeout', diff --git a/src/tests/system/tests/test_offline.py b/src/tests/system/tests/test_offline.py new file mode 100644 index 00000000000..d8ae60b86e2 --- /dev/null +++ b/src/tests/system/tests/test_offline.py @@ -0,0 +1,92 @@ +""" +Automation of offline tests + +:requirement: offline +""" + +from __future__ import annotations + +import time + +import pytest +from sssd_test_framework.roles.client import Client +from sssd_test_framework.roles.ldap import LDAP +from sssd_test_framework.topology import KnownTopology + + +@pytest.mark.ticket(bz=1416150) +@pytest.mark.topology(KnownTopology.LDAP) +def test_offline__ldap_log_to_syslog(client: Client): + """ + :title: Log to syslog when sssd cannot contact servers goes offline + :setup: + 1. Set an invalid hostname uri and disable the offset to refresh sudo rules + 2. Start SSSD + :steps: + 1. Check domain status for default domain + 2. Clear journal and restart SSSD + 3. Check journalctl + :expectedresults: + 1. Domain is offline + 2. Succeed + 3. "Backend is offline" found + :customerscenario: True + """ + client.sssd.domain["ldap_uri"] = "ldaps://typo.invalid" + client.sssd.domain["ldap_sudo_random_offset"] = "0" + client.sssd.start() + assert client.sssd.default_domain is not None, "Failed to load default domain" + status = client.sssctl.domain_status(client.sssd.default_domain) + assert "Offline" in status.stdout or "Unable to get online status" in status.stderr, "Domain is not offline" + + client.journald.clear() + client.sssd.restart() + time.sleep(1) + + log = client.journald.journalctl(grep="Backend is offline", unit="sssd") + assert log.rc == 0, "'Backend is offline' is not logged" + + +@pytest.mark.importance("medium") +@pytest.mark.ticket(bz=1928648) +@pytest.mark.topology(KnownTopology.LDAP) +def test_offline__ldap_network_timeout_parameters_shown_in_logs(client: Client, ldap: LDAP): + """ + :title: Each timeout setting is properly logged in logs + :setup: + 1. Add user + 2. Start SSSD + :steps: + 1. Check that "Setting 6 seconds timeout [ldap_network_timeout] for connecting" is in logs + 2. Fetch information about user + 3. Block LDAP traffic + 4. Connect user over SSH + 5. Logs should contain following timeout parameters + - ldap_opt_timeout + - ldap_search_timeout + - ldap_network_timeout + - dns_resolver_timeout + :expectedresults: + 1. Timeout setting is stored in logs + 2. User is found + 3. LDAP traffic is blocked + 4. User is unable to connect + 5. The timeout parameters are in the logs + :customerscenario: True + """ + ldap.user("user1").add(password="Secret123") + client.sssd.start() + + log = client.fs.read(f"/var/log/sssd/sssd_{client.sssd.default_domain}.log") + assert "Setting 6 seconds timeout [ldap_network_timeout] for connecting" in log + + assert client.tools.id("user1") is not None + + client.firewall.outbound.drop_host(ldap) + + with pytest.raises(Exception): + client.ssh("user1", "Secret123").connect() + + log = client.fs.read(f"/var/log/sssd/sssd_{client.sssd.default_domain}.log") + for timeout in ["ldap_opt_timeout", "ldap_search_timeout", "ldap_network_timeout", "dns_resolver_timeout"]: + assert timeout in log, f"Value '{timeout}' not found in logs" From 80d5a34fe96343999e2ce6f198b79bd7b1a4f483 Mon Sep 17 00:00:00 2001 From: Madhuri Upadhye <mupadhye@redhat.com> Date: Fri, 29 Sep 2023 20:27:26 +0530 Subject: [PATCH 256/280] Tests: Add passkey test cases for following scenario Test cases are as follows: 7. Check offline authentication of a user with LDAP, IPA, AD and Samba 8. Fetch user from cache for LDAP, IPA, AD and Samba server 9. Check authentication of user when multiple keys added for same user with LDAP, IPA, AD and Samba server. 10. Check authentication of user when same key added for multiple user with LDAP, IPA, AD and Samba server. Signed-off-by: Madhuri Upadhye <mupadhye@redhat.com> Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com> Reviewed-by: Justin Stephenson <jstephen@redhat.com> Reviewed-by: Scott Poore <spoore@redhat.com> (cherry picked from commit 173f31148c1d3d0493ad620521414ab076d0623c) --- .../passkey-mapping.ad | 1 + .../passkey-mapping.ipa | 1 + .../passkey-mapping.ldap | 1 + .../passkey-mapping.samba | 1 + .../umockdev.script.ad | 19 ++ .../umockdev.script.ipa | 22 +++ .../umockdev.script.ldap | 21 +++ .../umockdev.script.samba | 19 ++ .../passkey-mapping.ad1 | 1 + .../passkey-mapping.ad2 | 1 + .../passkey-mapping.ad3 | 1 + .../passkey-mapping.ad4 | 1 + .../passkey-mapping.ipa1 | 1 + .../passkey-mapping.ipa2 | 1 + .../passkey-mapping.ipa3 | 1 + .../passkey-mapping.ipa4 | 1 + .../passkey-mapping.ldap1 | 1 + .../passkey-mapping.ldap2 | 1 + .../passkey-mapping.ldap3 | 1 + .../passkey-mapping.ldap4 | 1 + .../passkey-mapping.samba1 | 1 + .../passkey-mapping.samba2 | 1 + .../passkey-mapping.samba3 | 1 + .../passkey-mapping.samba4 | 1 + .../umockdev.script.ad | 21 +++ .../umockdev.script.ipa | 21 +++ .../umockdev.script.ldap | 23 +++ .../umockdev.script.samba | 20 +++ .../passkey-mapping.ad | 1 + .../passkey-mapping.ipa | 1 + .../passkey-mapping.ldap | 1 + .../passkey-mapping.samba | 1 + .../umockdev.script.ad.user1 | 21 +++ .../umockdev.script.ad.user2 | 18 ++ .../umockdev.script.ad.user3 | 20 +++ .../umockdev.script.ipa.user1 | 22 +++ .../umockdev.script.ipa.user2 | 23 +++ .../umockdev.script.ipa.user3 | 21 +++ .../umockdev.script.ldap.user1 | 21 +++ .../umockdev.script.ldap.user2 | 20 +++ .../umockdev.script.ldap.user3 | 20 +++ .../umockdev.script.samba.user1 | 22 +++ .../umockdev.script.samba.user2 | 19 ++ .../umockdev.script.samba.user3 | 18 ++ .../passkey-mapping.ad | 1 + .../passkey-mapping.ipa | 1 + .../passkey-mapping.ldap | 1 + .../passkey-mapping.samba | 1 + .../umockdev.script.ad | 19 ++ .../umockdev.script.ipa | 22 +++ .../umockdev.script.ldap | 21 +++ .../umockdev.script.samba | 19 ++ src/tests/system/tests/test_passkey.py | 170 ++++++++++++++++++ 53 files changed, 690 insertions(+) create mode 100644 src/tests/system/data/test_passkey/test_passkey__offline_su/passkey-mapping.ad create mode 100644 src/tests/system/data/test_passkey/test_passkey__offline_su/passkey-mapping.ipa create mode 100644 src/tests/system/data/test_passkey/test_passkey__offline_su/passkey-mapping.ldap create mode 100644 src/tests/system/data/test_passkey/test_passkey__offline_su/passkey-mapping.samba create mode 100644 src/tests/system/data/test_passkey/test_passkey__offline_su/umockdev.script.ad create mode 100644 src/tests/system/data/test_passkey/test_passkey__offline_su/umockdev.script.ipa create mode 100644 src/tests/system/data/test_passkey/test_passkey__offline_su/umockdev.script.ldap create mode 100644 src/tests/system/data/test_passkey/test_passkey__offline_su/umockdev.script.samba create mode 100644 src/tests/system/data/test_passkey/test_passkey__su_multi_keys_for_same_user/passkey-mapping.ad1 create mode 100644 src/tests/system/data/test_passkey/test_passkey__su_multi_keys_for_same_user/passkey-mapping.ad2 create mode 100644 src/tests/system/data/test_passkey/test_passkey__su_multi_keys_for_same_user/passkey-mapping.ad3 create mode 100644 src/tests/system/data/test_passkey/test_passkey__su_multi_keys_for_same_user/passkey-mapping.ad4 create mode 100644 src/tests/system/data/test_passkey/test_passkey__su_multi_keys_for_same_user/passkey-mapping.ipa1 create mode 100644 src/tests/system/data/test_passkey/test_passkey__su_multi_keys_for_same_user/passkey-mapping.ipa2 create mode 100644 src/tests/system/data/test_passkey/test_passkey__su_multi_keys_for_same_user/passkey-mapping.ipa3 create mode 100644 src/tests/system/data/test_passkey/test_passkey__su_multi_keys_for_same_user/passkey-mapping.ipa4 create mode 100644 src/tests/system/data/test_passkey/test_passkey__su_multi_keys_for_same_user/passkey-mapping.ldap1 create mode 100644 src/tests/system/data/test_passkey/test_passkey__su_multi_keys_for_same_user/passkey-mapping.ldap2 create mode 100644 src/tests/system/data/test_passkey/test_passkey__su_multi_keys_for_same_user/passkey-mapping.ldap3 create mode 100644 src/tests/system/data/test_passkey/test_passkey__su_multi_keys_for_same_user/passkey-mapping.ldap4 create mode 100644 src/tests/system/data/test_passkey/test_passkey__su_multi_keys_for_same_user/passkey-mapping.samba1 create mode 100644 src/tests/system/data/test_passkey/test_passkey__su_multi_keys_for_same_user/passkey-mapping.samba2 create mode 100644 src/tests/system/data/test_passkey/test_passkey__su_multi_keys_for_same_user/passkey-mapping.samba3 create mode 100644 src/tests/system/data/test_passkey/test_passkey__su_multi_keys_for_same_user/passkey-mapping.samba4 create mode 100644 src/tests/system/data/test_passkey/test_passkey__su_multi_keys_for_same_user/umockdev.script.ad create mode 100755 src/tests/system/data/test_passkey/test_passkey__su_multi_keys_for_same_user/umockdev.script.ipa create mode 100644 src/tests/system/data/test_passkey/test_passkey__su_multi_keys_for_same_user/umockdev.script.ldap create mode 100644 src/tests/system/data/test_passkey/test_passkey__su_multi_keys_for_same_user/umockdev.script.samba create mode 100644 src/tests/system/data/test_passkey/test_passkey__su_same_key_for_multi_user/passkey-mapping.ad create mode 100644 src/tests/system/data/test_passkey/test_passkey__su_same_key_for_multi_user/passkey-mapping.ipa create mode 100644 src/tests/system/data/test_passkey/test_passkey__su_same_key_for_multi_user/passkey-mapping.ldap create mode 100644 src/tests/system/data/test_passkey/test_passkey__su_same_key_for_multi_user/passkey-mapping.samba create mode 100644 src/tests/system/data/test_passkey/test_passkey__su_same_key_for_multi_user/umockdev.script.ad.user1 create mode 100644 src/tests/system/data/test_passkey/test_passkey__su_same_key_for_multi_user/umockdev.script.ad.user2 create mode 100644 src/tests/system/data/test_passkey/test_passkey__su_same_key_for_multi_user/umockdev.script.ad.user3 create mode 100644 src/tests/system/data/test_passkey/test_passkey__su_same_key_for_multi_user/umockdev.script.ipa.user1 create mode 100644 src/tests/system/data/test_passkey/test_passkey__su_same_key_for_multi_user/umockdev.script.ipa.user2 create mode 100644 src/tests/system/data/test_passkey/test_passkey__su_same_key_for_multi_user/umockdev.script.ipa.user3 create mode 100644 src/tests/system/data/test_passkey/test_passkey__su_same_key_for_multi_user/umockdev.script.ldap.user1 create mode 100644 src/tests/system/data/test_passkey/test_passkey__su_same_key_for_multi_user/umockdev.script.ldap.user2 create mode 100644 src/tests/system/data/test_passkey/test_passkey__su_same_key_for_multi_user/umockdev.script.ldap.user3 create mode 100644 src/tests/system/data/test_passkey/test_passkey__su_same_key_for_multi_user/umockdev.script.samba.user1 create mode 100644 src/tests/system/data/test_passkey/test_passkey__su_same_key_for_multi_user/umockdev.script.samba.user2 create mode 100644 src/tests/system/data/test_passkey/test_passkey__su_same_key_for_multi_user/umockdev.script.samba.user3 create mode 100644 src/tests/system/data/test_passkey/test_passkey__user_fetch_from_cache/passkey-mapping.ad create mode 100644 src/tests/system/data/test_passkey/test_passkey__user_fetch_from_cache/passkey-mapping.ipa create mode 100644 src/tests/system/data/test_passkey/test_passkey__user_fetch_from_cache/passkey-mapping.ldap create mode 100644 src/tests/system/data/test_passkey/test_passkey__user_fetch_from_cache/passkey-mapping.samba create mode 100644 src/tests/system/data/test_passkey/test_passkey__user_fetch_from_cache/umockdev.script.ad create mode 100644 src/tests/system/data/test_passkey/test_passkey__user_fetch_from_cache/umockdev.script.ipa create mode 100644 src/tests/system/data/test_passkey/test_passkey__user_fetch_from_cache/umockdev.script.ldap create mode 100644 src/tests/system/data/test_passkey/test_passkey__user_fetch_from_cache/umockdev.script.samba diff --git a/src/tests/system/data/test_passkey/test_passkey__offline_su/passkey-mapping.ad b/src/tests/system/data/test_passkey/test_passkey__offline_su/passkey-mapping.ad new file mode 100644 index 00000000000..58f3e1045d6 --- /dev/null +++ b/src/tests/system/data/test_passkey/test_passkey__offline_su/passkey-mapping.ad @@ -0,0 +1 @@ +passkey:Wp075+YqPw9bn3UhyNUa1u0wu8I982JVRxR/cd3KRplwD12NweMI15fMSTclruHiTPdi7i7y9IRGbTRtDWPt4w==,MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEh+6kmCDkIaUiHUx1SobhNo7jP6wUJCBocQP9jxhpM/uBRKNXWUUKNMJwiOp0Nkj/OeSP2xdtLNazs4KEPBk15A== diff --git a/src/tests/system/data/test_passkey/test_passkey__offline_su/passkey-mapping.ipa b/src/tests/system/data/test_passkey/test_passkey__offline_su/passkey-mapping.ipa new file mode 100644 index 00000000000..915689bd654 --- /dev/null +++ b/src/tests/system/data/test_passkey/test_passkey__offline_su/passkey-mapping.ipa @@ -0,0 +1 @@ +passkey:NUZMRUXIb/W8Ij1GqwCDHSCWxt/SxWxckwtQjLYi/X6Y1qZFB+HI8WO6khzAjzsz248kHbaeAf9qfmqfCky1Jg==,MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIasAa8ogjPCKXeA4KY3t0W3xBRmG+E4D+MNoRIAJrYuNLSYtAcOL7DCbIfgc+7c5Y4Mh/FzoEyeumKGYMoyTfg== diff --git a/src/tests/system/data/test_passkey/test_passkey__offline_su/passkey-mapping.ldap b/src/tests/system/data/test_passkey/test_passkey__offline_su/passkey-mapping.ldap new file mode 100644 index 00000000000..82d76d9b590 --- /dev/null +++ b/src/tests/system/data/test_passkey/test_passkey__offline_su/passkey-mapping.ldap @@ -0,0 +1 @@ +passkey:mQEUTWdtDJPELQNTDdxXNHlfIO1qXFf0LVZjWEfyDALFzvLZ4e4XD5bemqq+o3ThrzT6k1I1n3Z2N00GvLSmjQ==,MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEqk7K5VAI7Evr4ar8X82L/sxm/Bnm5Ti31xnLfGO0BipwHucw8+/wT4+6T9j5gdMwZKUcXR4BILpmULEyrcZUfw== diff --git a/src/tests/system/data/test_passkey/test_passkey__offline_su/passkey-mapping.samba b/src/tests/system/data/test_passkey/test_passkey__offline_su/passkey-mapping.samba new file mode 100644 index 00000000000..f602626971f --- /dev/null +++ b/src/tests/system/data/test_passkey/test_passkey__offline_su/passkey-mapping.samba @@ -0,0 +1 @@ +passkey:xYBuvCazxVg5VJ/D2yRI2/3ji86a+yft0W2S/BOF/pIZcwaxJLP1bZjWN7oJa3PP8p2N26yG2Erd90yIGOXocQ==,MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEC1cAEJJW5SVDrCL62BYgtilv4DgkeiEXpNrdsMRk5+Iv5ddP6lgMH5hD98ddFlJX/YhEXdty6UibztVmgO7asQ== diff --git a/src/tests/system/data/test_passkey/test_passkey__offline_su/umockdev.script.ad b/src/tests/system/data/test_passkey/test_passkey__offline_su/umockdev.script.ad new file mode 100644 index 00000000000..e9864e7f2da --- /dev/null +++ b/src/tests/system/data/test_passkey/test_passkey__offline_su/umockdev.script.ad @@ -0,0 +1,19 @@ +d 0 /dev/hidraw1 + +w 4 ^@^@^H^A^A^A^A^A^A^A^A^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 3 ^@^Q^A^A^A^A^A^A^A^A^B^E^D^C^E^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 1 ^@^@^A^D^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 3 ^@^@^AfU2F_V2hFIDO_2_0lFIDO_2_1_PRE^BkcredProtectkhmac-secr^@et^CP/W^SG^VZ *^DbrkbupdplaticlientPinucredentialM^AgmtPreview^E^Y^D^F^B^A^G^H^H^X^Icnfccusb^Jcalg&dtypejpublic-key^Bcalg'dtypejpublic-key^M^D^N^Z^@^E^D^C^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 1 ^@^@^B^Agad.test^BX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^CbidX@Z;^@^@*?^O[u!^Z0=bUG^TqFp^O]^HחI7%Lb.Fm4m^Mc^@^Adtypejpublic-key^Ebup^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 83 ^@^@^AbidX@Z;*?^O[u!^Z0=bUG^TqFp^O]^HחI7%^@Lb.Fm4m^Mcdtypejpublic-key^BX%fCȣ܀ɽ5~^G^A-YD^AA,K!^@^@^@^@^T^CXG0E^B t.F^^^]^AG^U@]/<*r^On^Z^B!^@^KX^B4ߚ>nut^Z^EXWn^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 8 ^@^@^F^F^A^B^B^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 2 ^@Q^@^A^A^B^C8^X ^A!X <H*!Ó^M!^S[;s1c^Z%^H"X _^K^NE<^@^Et[v^WG'ħS^[^E^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 5 ^@^@x^F^A^B^B^E^C^A^B^C8^X ^A!X 3B1ˠ^S^\^Ev,^P<Rij,Q\b"X [^M^J^@^@G85Q\^\^U^EQ!^FX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^Avz^IRZ^@^Ak^[+^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 79 ^@5^@^BX0k*|e^OK^S^QyЇkC@^R6mo!^QOfQ.^@^@^@^@ +w 1 ^@^@^B^Agad.test^BX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^CbidX@Z;^@^@*?^O[u!^Z0=bUG^TqFp^O]^HחI7%Lb.Fm4m^Mc^@^Adtypejpublic-key^Ebup^FX 2^N^Czf^R^@^PZ^L^A:K^IUhT^A><I^@^B^G^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 251 ^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 ^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 ^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 290 ^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 ^@^A^A^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 52 ^@^@^AbidX@Z;*?^O[u!^Z0=bUG^TqFp^O]^HחI7%^@Lb.Fm4m^Mcdtypejpublic-key^BX%fCȣ܀ɽ5~^G^A-YD^AA,K!^E^@^@^@^X^CXF0D^B ^N^A^Zb;u.^S^_v}v{^K'Y{^B 4^H^BɩXû^DAe3A'bU_^M`[Ay^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ \ No newline at end of file diff --git a/src/tests/system/data/test_passkey/test_passkey__offline_su/umockdev.script.ipa b/src/tests/system/data/test_passkey/test_passkey__offline_su/umockdev.script.ipa new file mode 100644 index 00000000000..1bc651a4465 --- /dev/null +++ b/src/tests/system/data/test_passkey/test_passkey__offline_su/umockdev.script.ipa @@ -0,0 +1,22 @@ +d 0 /dev/hidraw1 + +w 3 ^@^@^H^A^A^A^A^A^A^A^A^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 3 ^@^Q^A^A^A^A^A^A^A^Ap^B^E^D^C^E^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 1 ^@p^@^A^D^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 3 p^@^@^AfU2F_V2hFIDO_2_0lFIDO_2_1_PRE^BkcredProtectkhmac-secrp^@et^CP/W^SG^VZ *^DbrkbupdplaticlientPinucredentialMp^AgmtPreview^E^Y^D^F^B^A^G^H^H^X^Icnfccusb^Jcalg&dtypejpublic-keyp^Bcalg'dtypejpublic-key^M^D^N^Z^@^E^D^C^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 1 ^@p^@^B^Ahipa.test^BX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^CbidX@5F^@p^@LEEo"=F^@^] l\^KP"~֦E^Gc^\;3ۏ$^]^Aj~j^J^@p^AL&dtypejpublic-key^Ebup^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 83 p^@^@^AbidX@5FLEEo"=F^@^] l\^KP"~֦E^Gc^\;3p^@ۏ$^]^Aj~j^JL&dtypejpublic-key^BX%^@|Dږ^Qx??d^Q/N4/op^AC}.[^@^@^@^@^X^CXG0E^B!^@m$^MJ*;\^V=tjx9cа,^B kYp^B^_^GnrT": *^L^Rwr]!Zxf^C^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 5 ^@p^@^F^F^A^B^B^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 3 p^@Q^@^A^A^B^C8^X ^A!X ^_9;^CEBQ&(W3h^]F^A%"X ^^s5p^@o6^@izdF m+35^P^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 5 ^@p^@x^F^A^B^B^E^C^A^B^C8^X ^A!X 3B1ˠ^S^\^Ev,^P<Rij,Q\b"X [^M^J^@p^@G85Q\^\^U^EQ!^FX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A2asչ^T"tw^@p^Aq^K^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 79 p^@5^@^BX0޺^Y<l^Qűk^B^A^`^Z^G^^^Fcޞ^Si^J^Erߨ]^@^@^@^@ +w 1 ^@p^@^B^Ahipa.test^BX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^CbidX@5F^@p^@LEEo"=F^@^] l\^KP"~֦E^Gc^\;3ۏ$^]^Aj~j^J^@p^AL&dtypejpublic-key^Ebup^FX ȎRJs>7DB1f_о*^@p^BL^G^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 285 p^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 290 p^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 p^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 p^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 p^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 290 p^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 p^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 p^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 174 p^@^@^AbidX@5FLEEo"=F^@^] l\^KP"~֦E^Gc^\;3p^@ۏ$^]^Aj~j^JL&dtypejpublic-key^BX%^@|Dږ^Qx??d^Q/N4/op^AC}.[^E^@^@^@^\^CXG0E^B Eo]Wk%^H$-^W^BR^`x^P׀^B!^@ёqp^Bu9\^ZKR&>/͎[`t,^^eg^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ \ No newline at end of file diff --git a/src/tests/system/data/test_passkey/test_passkey__offline_su/umockdev.script.ldap b/src/tests/system/data/test_passkey/test_passkey__offline_su/umockdev.script.ldap new file mode 100644 index 00000000000..db026662951 --- /dev/null +++ b/src/tests/system/data/test_passkey/test_passkey__offline_su/umockdev.script.ldap @@ -0,0 +1,21 @@ +d 0 /dev/hidraw1 + +w 4 ^@^@^H^A^A^A^A^A^A^A^A^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 2 ^@^Q^A^A^A^A^A^A^A^A^S=^B^E^D^C^E^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 2 ^@^S=^@^A^D^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 2 ^S=^@^@^AfU2F_V2hFIDO_2_0lFIDO_2_1_PRE^BkcredProtectkhmac-secr^S=^@et^CP/W^SG^VZ *^DbrkbupdplaticlientPinucredentialM^S=^AgmtPreview^E^Y^D^F^B^A^G^H^H^X^Icnfccusb^Jcalg&dtypejpublic-key^S=^Bcalg'dtypejpublic-key^M^D^N^Z^@^E^D^C^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 2 ^@^S=^@^B^Adtest^BX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^CbidX@^A^TMgm^@^S=^@^L-^CS^MW4y_ j\W-VcXG^L^B^W^Oޚt4R5vv7M^Fd^@^S=^Atypejpublic-key^Ebup^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 82 ^S=^@^@^AbidX@^A^TMgm^L-^CS^MW4y_ j\W-VcXG^L^B^W^Oޚt^S=^@4R5vv7M^Fdtypejpublic-key^BX%ЁL}e/Z^UO^[+^K,^S=^A]l^U^J^H^@^@^@^@^C^CXH0F^B!^@9}K:N^M^PraX^D^CxM^B!^@z^A^S=^B􊲳^P+q^@^P|^XM$Fw^]6P3^[wq^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 6 ^@^S=^@^F^F^A^B^B^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 2 ^S=^@Q^@^A^A^B^C8^X ^A!X H^GTd^Aڒ8X^T<IEiwֹI^Y^I^IFsܺ"X <^AHS^S=^@6^N9^JU@^\k)W^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 6 ^@^S=^@x^F^A^B^B^E^C^A^B^C8^X ^A!X 3B1ˠ^S^\^Ev,^P<Rij,Q\b"X [^M^J^@^S=^@G85Q\^\^U^EQ!^FX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^AoYqgNu'^T^@^S=^A^U^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 78 ^S=^@5^@^BX0RC^_K*"+f^`z;XO@"MM3\L$Ή^K+M^@^@^@^@ +w 2 ^@^S=^@^B^Adtest^BX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^CbidX@^A^TMgm^@^S=^@^L-^CS^MW4y_ j\W-VcXG^L^B^W^Oޚt4R5vv7M^Fd^@^S=^Atypejpublic-key^Ebup^FX ('^H(rZf2>֞{^_uLd^S^G^B^@ +r 240 ^S=^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 ^S=^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 290 ^S=^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 ^S=^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 ^S=^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 ^S=^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 290 ^S=^@^A^A^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 28 ^S=^@^@^AbidX@^A^TMgm^L-^CS^MW4y_ j\W-VcXG^L^B^W^Oޚt^S=^@4R5vv7M^Fdtypejpublic-key^BX%ЁL}e/Z^UO^[+^K,^S=^A]l^U^J^H^E^@^@^@^G^CXF0D^B j8^M\:H^O@%qt(^\/Ǻ~$$!>;^B u^S=^B{9AbF6^Xs5^K*ywv^L^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ \ No newline at end of file diff --git a/src/tests/system/data/test_passkey/test_passkey__offline_su/umockdev.script.samba b/src/tests/system/data/test_passkey/test_passkey__offline_su/umockdev.script.samba new file mode 100644 index 00000000000..4c0b6e23e92 --- /dev/null +++ b/src/tests/system/data/test_passkey/test_passkey__offline_su/umockdev.script.samba @@ -0,0 +1,19 @@ +d 0 /dev/hidraw1 + +w 1 ^@^@^H^A^A^A^A^A^A^A^A^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 2 ^@^Q^A^A^A^A^A^A^A^An5^B^E^D^C^E^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 2 ^@n5Ő^@^A^D^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 2 n5Ő^@^@^AfU2F_V2hFIDO_2_0lFIDO_2_1_PRE^BkcredProtectkhmac-secrn5^@et^CP/W^SG^VZ *^DbrkbupdplaticlientPinucredentialMn5^AgmtPreview^E^Y^D^F^B^A^G^H^H^X^Icnfccusb^Jcalg&dtypejpublic-keyn5^Bcalg'dtypejpublic-key^M^D^N^Z^@^E^D^C^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 2 ^@n5Ő^@^B^Ajsamba.test^BX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^CbidX@^@n5^@ŀn&X9T$HΚ'm^S^Ys^F$m7^Iks۬JL^@n5^A^Xqdtypejpublic-key^Ebup^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 82 n5Ő^@^@^AbidX@ŀn&X9T$HΚ'm^S^Ys^F$m7^Iksn5^@۬JL^Xqdtypejpublic-key^BX% ^S@^_n1n;Qm\<ִ>n5^A`^_W^@^@^@^@C^CXG0E^B ^]^TM^]^W4yZ٢@ޝ^@^B!^@(^HSn5^B^EV^]+^X3YW3C7HD^D$^\^D^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 4 ^@n5Ő^@^F^F^A^B^B^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 2 n5Ő^@Q^@^A^A^B^C8^X ^A!X $xܰXy,ҟ^E@~$h@^P"X }^V%^Ovpn5^@iu\E^M'^@@Υj.0bZ^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 4 ^@n5Ő^@x^F^A^B^B^E^C^A^B^C8^X ^A!X 3B1ˠ^S^\^Ev,^P<Rij,Q\b"X [^M^J^@n5^@G85Q\^\^U^EQ!^FX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^NV-Q^P^K^@n5^Ap^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 79 n5Ő^@5^@^BX0^L[{cHUK^@M^Rƫ^[gY[`b,u^F;1jBۀ^OŶ_^@^@^@^@ +w 3 ^@n5Ő^@^B^Ajsamba.test^BX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^CbidX@^@n5^@ŀn&X9T$HΚ'm^S^Ys^F$m7^Iks۬JL +w 10 ^@n5^A^Xqdtypejpublic-key^Ebup^FX ^R~GؿB_],pSvA3*^Ut^@n5^B4^G^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 246 n5Ż^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 289 n5Ż^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 287 n5Ż^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 289 n5Ż^@^A^A^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 75 n5Ő^@^@^AbidX@ŀn&X9T$HΚ'm^S^Ys^F$m7^Iksn5^@۬JL^Xqdtypejpublic-key^BX% ^S@^_n1n;Qm\<ִ>n5^A`^_W^E^@^@^@F^CXH0F^B!^@/2^_1,,0^ABd^FKZ@m^B!^@^S&n5^BO|FoзN$<ˣ!W\^V^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ \ No newline at end of file diff --git a/src/tests/system/data/test_passkey/test_passkey__su_multi_keys_for_same_user/passkey-mapping.ad1 b/src/tests/system/data/test_passkey/test_passkey__su_multi_keys_for_same_user/passkey-mapping.ad1 new file mode 100644 index 00000000000..a411c2b97c8 --- /dev/null +++ b/src/tests/system/data/test_passkey/test_passkey__su_multi_keys_for_same_user/passkey-mapping.ad1 @@ -0,0 +1 @@ +passkey:1hbrFvTCY5pyyHlhVGrC+ryZOwKZ9LCvhcHEDZ3iltArBk4BFWKaGF7GfL7VE1KropJu2YwhF6LHpqBikYtEgw==,MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEvoPSzcCec/g1E9RoEwk+RFNUJE5WdB1sAQVJ6w2zM7VDFK2RjR5hHzm1/Gft3W5v6Rm1ZRt3A9X6blXD9OJQMw== diff --git a/src/tests/system/data/test_passkey/test_passkey__su_multi_keys_for_same_user/passkey-mapping.ad2 b/src/tests/system/data/test_passkey/test_passkey__su_multi_keys_for_same_user/passkey-mapping.ad2 new file mode 100644 index 00000000000..2e3f380d89d --- /dev/null +++ b/src/tests/system/data/test_passkey/test_passkey__su_multi_keys_for_same_user/passkey-mapping.ad2 @@ -0,0 +1 @@ +passkey:vtlqF1GClIosPT2JwThEJpeiyKYG5s5BknfBMvPlL2WmaAE93kFYVoRosBJlQyGt5grIWdU/w85QQ/udYicdlw==,MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEj5ie6RrNxHKiXeEvr6NwxXfXA3X0QVkM8QdrKA2GK7r6YZa06i/a48cLYwl5CUJquGs10vDsnet2b/aMduFp4Q== diff --git a/src/tests/system/data/test_passkey/test_passkey__su_multi_keys_for_same_user/passkey-mapping.ad3 b/src/tests/system/data/test_passkey/test_passkey__su_multi_keys_for_same_user/passkey-mapping.ad3 new file mode 100644 index 00000000000..c7b7d782cc7 --- /dev/null +++ b/src/tests/system/data/test_passkey/test_passkey__su_multi_keys_for_same_user/passkey-mapping.ad3 @@ -0,0 +1 @@ +passkey:xhb+fmoQjEuMuqsK+t/Yz1rX/m8WsHPTQO+gxBp6Augh9RNUAruJNeXiUo6YrqTFxuX6I5PvYQFftRA0SiOpKA==,MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEMCkQaZqDSJqH0jWR2YcNa6R1oO2oFxgx1rXEwI62MTX9u5gCHU/7AFESysigYAREndy6Q90SFdjwT0FiJPU/GA== diff --git a/src/tests/system/data/test_passkey/test_passkey__su_multi_keys_for_same_user/passkey-mapping.ad4 b/src/tests/system/data/test_passkey/test_passkey__su_multi_keys_for_same_user/passkey-mapping.ad4 new file mode 100644 index 00000000000..c2a145be159 --- /dev/null +++ b/src/tests/system/data/test_passkey/test_passkey__su_multi_keys_for_same_user/passkey-mapping.ad4 @@ -0,0 +1 @@ +passkey:Tx7ILJ+5p8u1FOr7iLxDtHb4NyEuIQjNYoRdRm2T/wnnLYTAvbOp3m/WovSK+WZq7Q1vCMxP3kyCsnjvKZ7SLA==,MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEunLPnHH0MM0ZSsywgetlhK+bNvrsPHcFbQAAsbH6lPyLctonKoEfUgFNSKEwn20xyuSTQGjaU10hjFXxLiiMQw== diff --git a/src/tests/system/data/test_passkey/test_passkey__su_multi_keys_for_same_user/passkey-mapping.ipa1 b/src/tests/system/data/test_passkey/test_passkey__su_multi_keys_for_same_user/passkey-mapping.ipa1 new file mode 100644 index 00000000000..c7e7ee55bab --- /dev/null +++ b/src/tests/system/data/test_passkey/test_passkey__su_multi_keys_for_same_user/passkey-mapping.ipa1 @@ -0,0 +1 @@ +passkey:BbFJ9t3sqGzjNThFWFqgMxENvQIb203cgSM2qb52Zc7xCTvoWQtsa9/vjFbukvGOx6fMw1lgMVQOqceKhYARww==,MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEoq4Ypq4a5+MWdhf8x+m5BK783Wp/E4TokMF1rQOME9SJX3oXJAxaZj1ltdFwmeIajfZkkVMndvr4uVRhYHLEUw== diff --git a/src/tests/system/data/test_passkey/test_passkey__su_multi_keys_for_same_user/passkey-mapping.ipa2 b/src/tests/system/data/test_passkey/test_passkey__su_multi_keys_for_same_user/passkey-mapping.ipa2 new file mode 100644 index 00000000000..589424cbb49 --- /dev/null +++ b/src/tests/system/data/test_passkey/test_passkey__su_multi_keys_for_same_user/passkey-mapping.ipa2 @@ -0,0 +1 @@ +passkey:CZILjGtoM2QVR4JQcr8Rs/fV939N4TIvQbyHlLVAuuUDPB2SAHq4MhCosJ628Hj5JOzvJ2tDqsT228IDPHjQ3Q==,MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEGEM4RU0wiFBk0mx+xDYan97xMXOe9w6GrCZ3hzbnDdTDVvUjU8ITLv4IEdUghYI+e1EP0srcFF3Z3VKojP1t/w== diff --git a/src/tests/system/data/test_passkey/test_passkey__su_multi_keys_for_same_user/passkey-mapping.ipa3 b/src/tests/system/data/test_passkey/test_passkey__su_multi_keys_for_same_user/passkey-mapping.ipa3 new file mode 100644 index 00000000000..57addf77b33 --- /dev/null +++ b/src/tests/system/data/test_passkey/test_passkey__su_multi_keys_for_same_user/passkey-mapping.ipa3 @@ -0,0 +1 @@ +passkey:l+9XFbZokx64BYVVnna+s18EBmCj00r1gKq2KWD1N5tl3AGhnNvmYiZBJ01yGt9MSB1PcJeBcqVniUVxN9TU1A==,MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEpjeVVT75Kfs4JBgZLb/1xqnx4wWeHCrc5PyTjgo6xHdXr8jHZmXQbZZ8U0991WNYpG5UeB/CpzpSVFgUlz5r7A== diff --git a/src/tests/system/data/test_passkey/test_passkey__su_multi_keys_for_same_user/passkey-mapping.ipa4 b/src/tests/system/data/test_passkey/test_passkey__su_multi_keys_for_same_user/passkey-mapping.ipa4 new file mode 100644 index 00000000000..2adac9f3895 --- /dev/null +++ b/src/tests/system/data/test_passkey/test_passkey__su_multi_keys_for_same_user/passkey-mapping.ipa4 @@ -0,0 +1 @@ +passkey:kwWDXUF6ZZmO/xgy+kJxYjkJwwwDUlaCTpzST6vouQMzUwx2ZhtIzZjE6lRG7xnjEDj4MpZVeVEy8NHCvadWxA==,MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEC5P88x4OIdS7umZisF21C9r52b6Vq8gp7wzWlyWLNAcCh9xwcNo9SDGH759B8FGSxf//1i9nZpxpYw5i2PNQIg== diff --git a/src/tests/system/data/test_passkey/test_passkey__su_multi_keys_for_same_user/passkey-mapping.ldap1 b/src/tests/system/data/test_passkey/test_passkey__su_multi_keys_for_same_user/passkey-mapping.ldap1 new file mode 100644 index 00000000000..9fe12215365 --- /dev/null +++ b/src/tests/system/data/test_passkey/test_passkey__su_multi_keys_for_same_user/passkey-mapping.ldap1 @@ -0,0 +1 @@ +passkey:oLMjVFZWhUPYM3qQJ/OOuCNdstU3IDRQhN/NHlUjIGYupVm2MCHfmR6uQzUv2S95IV38HuQSobbmpxgo1pun9Q==,MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEyWSxPheJsdR3upRoanRKPMuEQ18mht1aHKE84uKWOTLucmPtyl241ILqLeMEN7qOATkHGZO7uJ7MvIlv/4wG3Q== diff --git a/src/tests/system/data/test_passkey/test_passkey__su_multi_keys_for_same_user/passkey-mapping.ldap2 b/src/tests/system/data/test_passkey/test_passkey__su_multi_keys_for_same_user/passkey-mapping.ldap2 new file mode 100644 index 00000000000..1d64a12a1b8 --- /dev/null +++ b/src/tests/system/data/test_passkey/test_passkey__su_multi_keys_for_same_user/passkey-mapping.ldap2 @@ -0,0 +1 @@ +passkey:+p2T3BlIuhVexBjpSKBgklXNP5iqvqaVaZ7YUPGyisR2UjlGi+Iu+WjojQ8NwG3GAOynSkgN62t9lTs7uE7Fyg==,MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEC+Kr3Cj+F5x+s7cU69lEXft1K8xF4tajI6XA7SlZP1ABc4zSIkSA+zUFaYnj5ioCr13FwQBi9orwsUw+HAt8hQ== diff --git a/src/tests/system/data/test_passkey/test_passkey__su_multi_keys_for_same_user/passkey-mapping.ldap3 b/src/tests/system/data/test_passkey/test_passkey__su_multi_keys_for_same_user/passkey-mapping.ldap3 new file mode 100644 index 00000000000..ca2f9529ece --- /dev/null +++ b/src/tests/system/data/test_passkey/test_passkey__su_multi_keys_for_same_user/passkey-mapping.ldap3 @@ -0,0 +1 @@ +passkey:CtFMuaoAS3uQdNWK46+hqosqNle0p+jtkW0NzqPX6uGslW6wf4NJqID45B+yDKGlr9zbab67mhz628Bo+wjKPw==,MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEwlsjesyr3AJnSgtkS79NS554rwebuscI14Z6YepvUfgorEm3xV2N9Wa0QMXrHAWRb1A6QhQViMiV2sjYqnlQLA== diff --git a/src/tests/system/data/test_passkey/test_passkey__su_multi_keys_for_same_user/passkey-mapping.ldap4 b/src/tests/system/data/test_passkey/test_passkey__su_multi_keys_for_same_user/passkey-mapping.ldap4 new file mode 100644 index 00000000000..338ffd8ad7b --- /dev/null +++ b/src/tests/system/data/test_passkey/test_passkey__su_multi_keys_for_same_user/passkey-mapping.ldap4 @@ -0,0 +1 @@ +passkey:GGCyvyO388Ri6FDJNeQ3yFYYC4/KUHZVD12D4vIIPYgGySXcYTJN7K+7KGFBg0wXo+poX81SIV3UPSxEndjeeA==,MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE15xtRy9X3nGnWVPaHiaHLQJvDXS2tyX4367wgsoclDMuKAD0MgYcWJ8k99WUE/IihRyw4Cmx0XnFmb30/PFurg== diff --git a/src/tests/system/data/test_passkey/test_passkey__su_multi_keys_for_same_user/passkey-mapping.samba1 b/src/tests/system/data/test_passkey/test_passkey__su_multi_keys_for_same_user/passkey-mapping.samba1 new file mode 100644 index 00000000000..785c94d4b32 --- /dev/null +++ b/src/tests/system/data/test_passkey/test_passkey__su_multi_keys_for_same_user/passkey-mapping.samba1 @@ -0,0 +1 @@ +passkey:EXNvfDS6VwdjcL0QRvbzC4LyQYAlyIMj4mYWZVjrq3g4x10nz+RYnfw9pf11RzjjPIdz5E5rM4PWBEGhR5fTSQ==,MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEJW8+L4Q/NnRbvbidmv4WdXzHKbUCom3KzFQyDNhx38WG/m3gyUdj15SIbEBt927fE5+cC3bNZ482JO9BQ1qZgQ== diff --git a/src/tests/system/data/test_passkey/test_passkey__su_multi_keys_for_same_user/passkey-mapping.samba2 b/src/tests/system/data/test_passkey/test_passkey__su_multi_keys_for_same_user/passkey-mapping.samba2 new file mode 100644 index 00000000000..233d4051820 --- /dev/null +++ b/src/tests/system/data/test_passkey/test_passkey__su_multi_keys_for_same_user/passkey-mapping.samba2 @@ -0,0 +1 @@ +passkey:Kkp0yoBWRUeVzvZRe91OSc455lsI5k6NlGujfXlFjZo85Dge1E9sGC76TbKRVlfF0ET2fsdqdOJVUrW7kOAL4Q==,MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE7lUQT19LPesNelWnNh2J89YCYXGl8uraXuqAh0A0hFnjk5y1XTgwFGdcBKXZqBcf+wFBCk4Wbc4V/WJgUn7sgQ== diff --git a/src/tests/system/data/test_passkey/test_passkey__su_multi_keys_for_same_user/passkey-mapping.samba3 b/src/tests/system/data/test_passkey/test_passkey__su_multi_keys_for_same_user/passkey-mapping.samba3 new file mode 100644 index 00000000000..83273a05679 --- /dev/null +++ b/src/tests/system/data/test_passkey/test_passkey__su_multi_keys_for_same_user/passkey-mapping.samba3 @@ -0,0 +1 @@ +passkey:GrnhXL9VajTEyQMR3/CqAkdDqqyDjLdaM88SjX2nyhKsRwu6HoqU3phY17N2p0uXaQYhH5T3DsAiL+ThCPMzcg==,MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEP9l6fpn66o2sWeb4f8m0+2Piu1niblr3d6z/n0UrwI+9hdu2hKAElzAlbXTRt0wEnLH1RCJF+3HAP3krcxInLQ== diff --git a/src/tests/system/data/test_passkey/test_passkey__su_multi_keys_for_same_user/passkey-mapping.samba4 b/src/tests/system/data/test_passkey/test_passkey__su_multi_keys_for_same_user/passkey-mapping.samba4 new file mode 100644 index 00000000000..ce18c59859f --- /dev/null +++ b/src/tests/system/data/test_passkey/test_passkey__su_multi_keys_for_same_user/passkey-mapping.samba4 @@ -0,0 +1 @@ +passkey:kPSz0igg9//JrepGbKXuve2rU+X+f0KvZ3HcdcxrQWda93Xk0DxioZa5UIc9LBcrlMRQg7XQreahcWfcFLT8OA==,MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAETpVf4BzIw6+1FU0/WBgMWrLOn7YylfnpHDCT6iyL+fFbjvyuKokzJPYMew1qEsFyKTxiWmS9CRywG8nZKqCLCQ== diff --git a/src/tests/system/data/test_passkey/test_passkey__su_multi_keys_for_same_user/umockdev.script.ad b/src/tests/system/data/test_passkey/test_passkey__su_multi_keys_for_same_user/umockdev.script.ad new file mode 100644 index 00000000000..b07444bf4b1 --- /dev/null +++ b/src/tests/system/data/test_passkey/test_passkey__su_multi_keys_for_same_user/umockdev.script.ad @@ -0,0 +1,21 @@ +d 0 /dev/hidraw1 + +w 4 ^@^@^H^A^A^A^A^A^A^A^A^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 2 ^@^Q^A^A^A^A^A^A^A^AZ^A^B^E^D^C^E^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 2 ^@Z^A^@^A^D^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 2 Z^A^@^@^AfU2F_V2hFIDO_2_0lFIDO_2_1_PRE^BkcredProtectkhmac-secrZ^A^@et^CP/W^SG^VZ *^DbrkbupdplaticlientPinucredentialMZ^A^AgmtPreview^E^Y^D^F^B^A^G^H^H^X^Icnfccusb^Jcalg&dtypejpublic-keyZ^A^Bcalg'dtypejpublic-key^M^D^N^Z^@^E^D^C^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 2 ^@Z^A^@^B^Agad.test^BX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^CbidX@O^^^@Z^A^@,˵^TCv7!.!^Hb]Fm^I-o֢fj^Mo^HOLx)^@Z^A^A,dtypejpublic-key^Ebup^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 83 Z^A^@^@^AbidX@O^^,˵^TCv7!.!^Hb]Fm^I-o֢fjZ^A^@^Mo^HOLx),dtypejpublic-key^BX%fCȣ܀ɽ5~^G^A-YDZ^A^AA,K!^@^@^@^@^K^CXG0E^B gTn]60+^R+|6^Z^ZZ}^L1^^V^IS^B!^@^]Z^A^B:N~P8wj%?ӷ^TP^N^J^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 6 ^@Z^A^@^F^F^A^B^B^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 2 Z^A^@Q^@^A^A^B^C8^X ^A!X #^X^@80:R^K;^Pi^YR+\"X ]X^X,}Z^A^@y^M.i^BX7^M#^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 9 ^@Z^A^@x^F^A^B^B^E^C^A^B^C8^X ^A!X 3B1ˠ^S^\^Ev,^P<Rij,Q\b"X [^M^J^@Z^A^@G85Q\^\^U^EQ!^FX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A%}9&S/|^@Z^A^A^^^ZSz^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 78 Z^A^@5^@^BX0T^_y5:('^N95^_Eec2^K^S^O<^^r#^J^I'^@^@^@^@ +w 2 ^@Z^A^@^B^Agad.test^BX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^CbidX@O^^^@Z^A^@,˵^TCv7!.!^Hb]Fm^I-o֢fj^Mo^HOLx)^@Z^A^A,dtypejpublic-key^Ebup^FX wTWoC!={@Q7}O'66'^@Z^A^B^G^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 274 Z^A^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 Z^A^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 291 Z^A^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 Z^A^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 Z^A^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 Z^A^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 289 Z^A^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 78 Z^A^@^@^AbidX@O^^,˵^TCv7!.!^Hb]Fm^I-o֢fjZ^A^@^Mo^HOLx),dtypejpublic-key^BX%fCȣ܀ɽ5~^G^A-YDZ^A^AA,K!^E^@^@^@^N^CXH0F^B!^@^Vt]u{p$Ծ^J,?5^GMeab5^B!^@Z^A^B^[<^GGc~JSP^L7^M^P^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ \ No newline at end of file diff --git a/src/tests/system/data/test_passkey/test_passkey__su_multi_keys_for_same_user/umockdev.script.ipa b/src/tests/system/data/test_passkey/test_passkey__su_multi_keys_for_same_user/umockdev.script.ipa new file mode 100755 index 00000000000..9ac4f1a1873 --- /dev/null +++ b/src/tests/system/data/test_passkey/test_passkey__su_multi_keys_for_same_user/umockdev.script.ipa @@ -0,0 +1,21 @@ +d 0 /dev/hidraw1 + +w 4 ^@^@^H^A^A^A^A^A^A^A^A^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 2 ^@^Q^A^A^A^A^A^A^A^A'L^B^E^D^C^E^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 2 ^@'L^@^A^D^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 3 'L^@^@^AfU2F_V2hFIDO_2_0lFIDO_2_1_PRE^BkcredProtectkhmac-secr'L^@et^CP/W^SG^VZ *^DbrkbupdplaticlientPinucredentialM'L^AgmtPreview^E^Y^D^F^B^A^G^H^H^X^Icnfccusb^Jcalg&dtypejpublic-key'L^Bcalg'dtypejpublic-key^M^D^N^Z^@^E^D^C^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 1 ^@'L^@^B^Ahipa.test^BX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^CbidX@^E^@'L^@Il58EXZ3^Q^M^B^[M܁#6ve^I;Y^KlkVǧY`1T^NNJ^@'L^A^Qdtypejpublic-key^Ebup^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 83 'L^@^@^AbidX@^EIl58EXZ3^Q^M^B^[M܁#6ve^I;Y^KlkV'L^@ǧY`1T^NNJ^Qdtypejpublic-key^BX%^@|Dږ^Qx??d^Q/N4/o'L^AC}.[^@^@^@^@^]^CXG0E^B!^@^B%_n^Jyy^Cz12*9^B t^Y''L^B)UXZ1jaХ^KiF^A^`Y^O+^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 7 ^@'L^@^F^F^A^B^B^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 3 'L^@Q^@^A^A^B^C8^X ^A!X #^X^@80:R^K;^Pi^YR+\"X ]X^X,}'L^@y^M.i^BX7^M#^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 5 ^@'L^@x^F^A^B^B^E^C^A^B^C8^X ^A!X 3B1ˠ^S^\^Ev,^P<Rij,Q\b"X [^M^J^@'L^@G85Q\^\^U^EQ!^FX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A%}9&S/|^@'L^A^^^ZSz^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 81 'L^@5^@^BX0;!Jmb4GJ0u;als^^@gp^Q`^]^XLl5^@^@^@^@ +w 1 ^@'L^@^B^Ahipa.test^BX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^CbidX@^E^@'L^@Il58EXZ3^Q^M^B^[M܁#6ve^I;Y^KlkVǧY`1T^NNJ^@'L^A^Qdtypejpublic-key^Ebup^FX wTWoC!={@Q7}O'66^@'L^B'^G^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 207 'L^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 290 'L^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 'L^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 'L^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 'L^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 'L^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 290 'L^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 148 'L^@^@^AbidX@^EIl58EXZ3^Q^M^B^[M܁#6ve^I;Y^KlkV'L^@ǧY`1T^NNJ^Qdtypejpublic-key^BX%^@|Dږ^Qx??d^Q/N4/o'L^AC}.[^E^@^@^@^_^CXG0E^B r_a"1[?kLF^I*h^B!^@^U'L^BjZ-^]^`M73It8;r6$W^L^H^L^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ \ No newline at end of file diff --git a/src/tests/system/data/test_passkey/test_passkey__su_multi_keys_for_same_user/umockdev.script.ldap b/src/tests/system/data/test_passkey/test_passkey__su_multi_keys_for_same_user/umockdev.script.ldap new file mode 100644 index 00000000000..2ecea3a4298 --- /dev/null +++ b/src/tests/system/data/test_passkey/test_passkey__su_multi_keys_for_same_user/umockdev.script.ldap @@ -0,0 +1,23 @@ +d 0 /dev/hidraw1 + +w 4 ^@^@^H^A^A^A^A^A^A^A^A^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 2 ^@^Q^A^A^A^A^A^A^A^A^FX^B^E^D^C^E^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 2 ^@^FX^@^A^D^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 2 ^FX^@^@^AfU2F_V2hFIDO_2_0lFIDO_2_1_PRE^BkcredProtectkhmac-secr^FX^@et^CP/W^SG^VZ *^DbrkbupdplaticlientPinucredentialM^FX^AgmtPreview^E^Y^D^F^B^A^G^H^H^X^Icnfccusb^Jcalg&dtypejpublic-key^FX^Bcalg'dtypejpublic-key^M^D^N^Z^@^E^D^C^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 2 ^@^FX^@^B^Adtest^BX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^CbidX@#TVV^@^FX^@C3z'#]7 4P^^U# f.Y0!ߙ^^C5//y!]^^^R^X(֛d^@^FX^Atypejpublic-key^Ebup^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 82 ^FX^@^@^AbidX@#TVVC3z'#]7 4P^^U# f.Y0!ߙ^^C5//y^FX^@!]^^^R^X(֛dtypejpublic-key^BX%ЁL}e/Z^UO^[+^K,^FX^A]l^U^J^H^@^@^@^@^Z^CXG0E^B ^@^K^^6s^W^_tH$6B@^B$E8X^B!^@u^FX^B?^`'^Bb:rlb^[HP^_^]p^A$m^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 8 ^@^FX^@^F^F^A^B^B^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 3 ^FX^@Q^@^A^A^B^C8^X ^A!X ^TOig^Yy#:H^DkC4QZ2"X ڕl&^FX^@z~׉:t.םv^G^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 8 ^@^FX^@x^F^A^B^B^E^C^A^B^C8^X ^A!X 3B1ˠ^S^\^Ev,^P<Rij,Q\b"X [^M^J^@^FX^@G85Q\^\^U^EQ!^FX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A] ݨO6!^@^FX^Aҋ:^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 78 ^FX^@5^@^BX0^TT$^PeZ砣W^M/^M\gBe^A^]ZCk^_4u^@^@^@^@ +w 2 ^@^FX^@^B^Adtest^BX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^CbidX@#TVV^@^FX^@C3z'#]7 4P^^U# f.Y0!ߙ^^C5//y!]^^^R^X(֛d^@^FX^Atypejpublic-key^Ebup^FX H>0$^H`^[4:^B~?|7]2y^@,&^G^B^@ +r 224 ^FX^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 289 ^FX^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 ^FX^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 290 ^FX^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 287 ^FX^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 289 ^FX^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 289 ^FX^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 289 ^FX^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 287 ^FX^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 247 ^FX^@^@^AbidX@#TVVC3z'#]7 4P^^U# f.Y0!ߙ^^C5//y^FX^@!]^^^R^X(֛dtypejpublic-key^BX%ЁL}e/Z^UO^[+^K,^FX^A]l^U^J^H^E^@^@^@^^^CXG0E^B ^Dq)qFlb@Z^_%RY^B^N<^B!^@m.^FX^BؙM^`I:^`^F1^Ht^K\9'ȁ^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ \ No newline at end of file diff --git a/src/tests/system/data/test_passkey/test_passkey__su_multi_keys_for_same_user/umockdev.script.samba b/src/tests/system/data/test_passkey/test_passkey__su_multi_keys_for_same_user/umockdev.script.samba new file mode 100644 index 00000000000..9ecebaa57d5 --- /dev/null +++ b/src/tests/system/data/test_passkey/test_passkey__su_multi_keys_for_same_user/umockdev.script.samba @@ -0,0 +1,20 @@ +d 0 /dev/hidraw1 + +w 3 ^@^@^H^A^A^A^A^A^A^A^A^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 3 ^@^Q^A^A^A^A^A^A^A^AC^B^E^D^C^E^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 2 ^@C^@^A^D^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 2 C^@^@^AfU2F_V2hFIDO_2_0lFIDO_2_1_PRE^BkcredProtectkhmac-secrC^@et^CP/W^SG^VZ *^DbrkbupdplaticlientPinucredentialMC^AgmtPreview^E^Y^D^F^B^A^G^H^H^X^Icnfccusb^Jcalg&dtypejpublic-keyC^Bcalg'dtypejpublic-key^M^D^N^Z^@^E^D^C^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 1 ^@C^@^B^Ajsamba.test^BX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^CbidX@^@C^@^Qso|4W^Gcp^PF^KA%ȃ#f^VeXx8]'X=uG8<sNk3^DA^@C^AGIdtypejpublic-key^Ebup^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 82 C^@^@^AbidX@^Qso|4W^Gcp^PF^KA%ȃ#f^VeXx8]'X=uG8㶼C^@<sNk3^DAGIdtypejpublic-key^BX% ^S@^_n1n;Qm\<ִ>C^A`^_W^@^@^@^@^R^CXH0F^B!^@I-)^[Y'Ӟ@^U^]Y^YJ!޺_s^Q^B!^@µC^BT$/IWb:NQN?V^VR^J4Q^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 5 ^@C^@^F^F^A^B^B^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 3 C^@Q^@^A^A^B^C8^X ^A!X ⇡E^X׈@7KDBM^GuE^Ax^H!"X %$؃$^`C^@O{įD^]۷"^SARB1^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 5 ^@C^@x^F^A^B^B^E^C^A^B^C8^X ^A!X 3B1ˠ^S^\^Ev,^P<Rij,Q\b"X [^M^J^@C^@G85Q\^\^U^EQ!^FX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A|`'^@C^A։L^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 81 C^@5^@^BX0^XpC-U󒻎HƷ&uF@.%^EwCt^C^Uku^@^@^@^@ +w 1 ^@C^@^B^Ajsamba.test^BX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^CbidX@^@C^@^Qso|4W^Gcp^PF^KA%ȃ#f^VeXx8]'X=uG8<sNk3^DA^@C^AGIdtypejpublic-key^Ebup^FX wTWoC!={@Q7}O'^@C^B66'^G^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 273 C^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 C^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 287 C^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 289 C^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 C^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 289 C^@^A^A^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 29 C^@^@^AbidX@^Qso|4W^Gcp^PF^KA%ȃ#f^VeXx8]'X=uG8㶼C^@<sNk3^DAGIdtypejpublic-key^BX% ^S@^_n1n;Qm\<ִ>C^A`^_W^E^@^@^@^V^CXH0F^B!^@#Oq^BN6nօ*\-NNT^B!^@^@C^BV^Bg^EV^^v|&}^P^Jd~^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ \ No newline at end of file diff --git a/src/tests/system/data/test_passkey/test_passkey__su_same_key_for_multi_user/passkey-mapping.ad b/src/tests/system/data/test_passkey/test_passkey__su_same_key_for_multi_user/passkey-mapping.ad new file mode 100644 index 00000000000..14742dc7858 --- /dev/null +++ b/src/tests/system/data/test_passkey/test_passkey__su_same_key_for_multi_user/passkey-mapping.ad @@ -0,0 +1 @@ +passkey:1b8LadTPgg5ft9rO7rwKKnVHykg/C+HdYZafbjo+nRzJT6rSrUQy6cFNJtrtlT1aQlE2RG8CGtyUnwDe5PmI7w==,MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEseg+c9fRrg1HSKLjLfHSCa5XvOXupKMRVyPIANvNeGZUlzFmPnQHGCOdV67P+LwiwMy826OxfyteV8mQ3AaT1A== diff --git a/src/tests/system/data/test_passkey/test_passkey__su_same_key_for_multi_user/passkey-mapping.ipa b/src/tests/system/data/test_passkey/test_passkey__su_same_key_for_multi_user/passkey-mapping.ipa new file mode 100644 index 00000000000..da9d6745ab4 --- /dev/null +++ b/src/tests/system/data/test_passkey/test_passkey__su_same_key_for_multi_user/passkey-mapping.ipa @@ -0,0 +1 @@ +passkey:+0qQO2Y9yDMOeh3c/H+F4TiD0Jzy0TCxnwgEN2zmGxzAvdQN0ioR3PWq0YwC9MnjgsQjaSUA5clqRPbsFHM31Q==,MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEmpRP/x6b2o2HB9wBRb+epX8h8OYtGsHbL2g+hoIgH0u0o+sv7aeyyuEkqy5rHtdxBc756K3NeNDO1bM0Gfmlrw== diff --git a/src/tests/system/data/test_passkey/test_passkey__su_same_key_for_multi_user/passkey-mapping.ldap b/src/tests/system/data/test_passkey/test_passkey__su_same_key_for_multi_user/passkey-mapping.ldap new file mode 100644 index 00000000000..34d8008e3b0 --- /dev/null +++ b/src/tests/system/data/test_passkey/test_passkey__su_same_key_for_multi_user/passkey-mapping.ldap @@ -0,0 +1 @@ +passkey:rJ1wNQ6Wvwk+Qte7maBHZSc/Qd5rkzxG3TmbjDjSoLyULWtE6J0rPNSsMTAkxGC6oNF6ckjGz1UlB/NaCc01rw==,MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEJu80c+2oC6TN22PttrC10j5I+vkmBaqGXHvhIjot5HHbswUu6SDKD7K2VUoyMlnhsgGonkDv9vBJ91+jSAHbqg== diff --git a/src/tests/system/data/test_passkey/test_passkey__su_same_key_for_multi_user/passkey-mapping.samba b/src/tests/system/data/test_passkey/test_passkey__su_same_key_for_multi_user/passkey-mapping.samba new file mode 100644 index 00000000000..86c0ceb2f8f --- /dev/null +++ b/src/tests/system/data/test_passkey/test_passkey__su_same_key_for_multi_user/passkey-mapping.samba @@ -0,0 +1 @@ +passkey:WMYc/aX/9haCFPMZ2wjX05yzBUWFHdbpGXOcNH3gHobNDpmc76auqV3XGos8lRHtQLYM7DU2noCJGoceT9yU0Q==,MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAETnTygfwhlcxipOKQtHIio5AzXvTGWxgQiGf/+tCGEVADuZlL+atxqPF6KUVJW0Xd6Ap0ZySiF78Vhs9c/E7/Mw== diff --git a/src/tests/system/data/test_passkey/test_passkey__su_same_key_for_multi_user/umockdev.script.ad.user1 b/src/tests/system/data/test_passkey/test_passkey__su_same_key_for_multi_user/umockdev.script.ad.user1 new file mode 100644 index 00000000000..22e9c14b10d --- /dev/null +++ b/src/tests/system/data/test_passkey/test_passkey__su_same_key_for_multi_user/umockdev.script.ad.user1 @@ -0,0 +1,21 @@ +d 0 /dev/hidraw1 + +w 4 ^@^@^H^A^A^A^A^A^A^A^A^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 2 ^@^Q^A^A^A^A^A^A^A^ANy4^B^E^D^C^E^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 2 ^@Ny4^@^A^D^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 2 Ny4^@^@^AfU2F_V2hFIDO_2_0lFIDO_2_1_PRE^BkcredProtectkhmac-secrNy4^@et^CP/W^SG^VZ *^DbrkbupdplaticlientPinucredentialMNy4^AgmtPreview^E^Y^D^F^B^A^G^H^H^X^Icnfccusb^Jcalg&dtypejpublic-keyNy4^Bcalg'dtypejpublic-key^M^D^N^Z^@^E^D^C^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 2 ^@Ny4^@^B^Agad.test^BX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^CbidX@տ^K^@Ny4^@iς^N_^J*uGH?^Kan:>^\OҭD2M&=ZBQ6Do^B^Zܔ^@^@Ny4^Adtypejpublic-key^Ebup^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 83 Ny4^@^@^AbidX@տ^Kiς^N_^J*uGH?^Kan:>^\OҭD2M&=ZNy4^@BQ6Do^B^Zܔ^@dtypejpublic-key^BX%fCȣ܀ɽ5~^G^A-YDNy4^AA,K!^@^@^@^@^G^CXG0E^B ^R^P!^G#ۛIT8'>^Rs8m7^L^Z^E%^B!^@̠BNy4^BjvP|\^`^^QnD"6>^V-^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 8 ^@Ny4^@^F^F^A^B^B^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 2 Ny4^@Q^@^A^A^B^C8^X ^A!X n^O^Y^D[T)^]^NBopaK"X =^R/^UNy4^@UJA;;^P"c^GZ^[^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 7 ^@Ny4^@x^F^A^B^B^E^C^A^B^C8^X ^A!X 3B1ˠ^S^\^Ev,^P<Rij,Q\b"X [^M^J^@Ny4^@G85Q\^\^U^EQ!^FX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^ZY>^@Ny4^Az^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 79 Ny4^@5^@^BX0M^A`^W^C^T^J1G^@(^A^C^ZΊ}c:^]^E^_|^@^@^@^@ +w 3 ^@Ny4^@^B^Agad.test^BX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^CbidX@տ^K^@Ny4^@iς^N_^J*uGH?^Kan:>^\OҭD2M&=ZBQ6Do^B^Zܔ^@^@Ny4^Adtypejpublic-key^Ebup^FX ^A^F}5WTGylg%}^R_^Dї c^@Ny4^B^G^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 204 Ny4^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 Ny4^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 Ny4^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 289 Ny4^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 289 Ny4^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 Ny4^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 Ny4^@^A^A^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 76 Ny4^@^@^AbidX@տ^Kiς^N_^J*uGH?^Kan:>^\OҭD2M&=ZNy4^@BQ6Do^B^Zܔ^@dtypejpublic-key^BX%fCȣ܀ɽ5~^G^A-YDNy4^AA,K!^E^@^@^@^K^CXG0E^B!^@^[*G%Ir^B^JQR^Pm^S^V^B^B ^B^JNy4^Bɐ؂ҡ͵劻Ψ|"{<^B氋^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ \ No newline at end of file diff --git a/src/tests/system/data/test_passkey/test_passkey__su_same_key_for_multi_user/umockdev.script.ad.user2 b/src/tests/system/data/test_passkey/test_passkey__su_same_key_for_multi_user/umockdev.script.ad.user2 new file mode 100644 index 00000000000..e72e148f0f0 --- /dev/null +++ b/src/tests/system/data/test_passkey/test_passkey__su_same_key_for_multi_user/umockdev.script.ad.user2 @@ -0,0 +1,18 @@ +d 0 /dev/hidraw1 + +w 3 ^@^@^H^A^A^A^A^A^A^A^A^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 2 ^@^Q^A^A^A^A^A^A^A^A{^B^E^D^C^E^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 2 ^@{^@^A^D^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 2 {^@^@^AfU2F_V2hFIDO_2_0lFIDO_2_1_PRE^BkcredProtectkhmac-secr{^@et^CP/W^SG^VZ *^DbrkbupdplaticlientPinucredentialM{^AgmtPreview^E^Y^D^F^B^A^G^H^H^X^Icnfccusb^Jcalg&dtypejpublic-key{^Bcalg'dtypejpublic-key^M^D^N^Z^@^E^D^C^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 2 ^@{^@^B^Agad.test^BX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^CbidX@տ^K^@{^@iς^N_^J*uGH?^Kan:>^\OҭD2M&=ZBQ6Do^B^Zܔ^@^@{^Adtypejpublic-key^Ebup^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 83 {^@^@^AbidX@տ^Kiς^N_^J*uGH?^Kan:>^\OҭD2M&=Z{^@BQ6Do^B^Zܔ^@dtypejpublic-key^BX%fCȣ܀ɽ5~^G^A-YD{^AA,K!^@^@^@^@^M^CXG0E^B!^@׼9;#(sWp42v^OpX^U_6R^B b^J{^Bs^P.PwI<qҒ^Kgf^N^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 8 ^@{^@^F^F^A^B^B^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 2 {^@Q^@^A^A^B^C8^X ^A!X n^O^Y^D[T)^]^NBopaK"X =^R/^U{^@UJA;;^P"c^GZ^[^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 7 ^@{^@x^F^A^B^B^E^C^A^B^C8^X ^A!X 3B1ˠ^S^\^Ev,^P<Rij,Q\b"X [^M^J^@{^@G85Q\^\^U^EQ!^FX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^ZY>^@{^Az^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 79 {^@5^@^BX0@gw$#+C^Oe^P^Tqk]Ţ2V^\^A\^F^WCeH&T^@^@^@^@ +w 3 ^@{^@^B^Agad.test^BX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^CbidX@տ^K^@{^@iς^N_^J*uGH?^Kan:>^\OҭD2M&=ZBQ6Do^B^Zܔ^@^@{^Adtypejpublic-key^Ebup^FX ^A^F}5WTGylg%}^R_^Dї c^@{^B^G^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 221 {^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 287 {^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 290 {^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 {^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 78 {^@^@^AbidX@տ^Kiς^N_^J*uGH?^Kan:>^\OҭD2M&=Z{^@BQ6Do^B^Zܔ^@dtypejpublic-key^BX%fCȣ܀ɽ5~^G^A-YD{^AA,K!^E^@^@^@^O^CXG0E^B p^XAh(Cz^`ڨF^Y.[S)\W^R^X^B!^@/^Z{^BoX^I,2¶j+֍^`y^I􇴫^Q^P^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ \ No newline at end of file diff --git a/src/tests/system/data/test_passkey/test_passkey__su_same_key_for_multi_user/umockdev.script.ad.user3 b/src/tests/system/data/test_passkey/test_passkey__su_same_key_for_multi_user/umockdev.script.ad.user3 new file mode 100644 index 00000000000..a50f4cae572 --- /dev/null +++ b/src/tests/system/data/test_passkey/test_passkey__su_same_key_for_multi_user/umockdev.script.ad.user3 @@ -0,0 +1,20 @@ +d 0 /dev/hidraw1 + +w 3 ^@^@^H^A^A^A^A^A^A^A^A^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 3 ^@^Q^A^A^A^A^A^A^A^A9H^N^B^E^D^C^E^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 1 ^@9H^N^@^A^D^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 3 9H^N^@^@^AfU2F_V2hFIDO_2_0lFIDO_2_1_PRE^BkcredProtectkhmac-secr9H^N^@et^CP/W^SG^VZ *^DbrkbupdplaticlientPinucredentialM9H^N^AgmtPreview^E^Y^D^F^B^A^G^H^H^X^Icnfccusb^Jcalg&dtypejpublic-key9H^N^Bcalg'dtypejpublic-key^M^D^N^Z^@^E^D^C^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 5 ^@9H^N^@^B^Agad.test^BX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^CbidX@տ^K^@9H^N^@iς^N_^J*uGH?^Kan:>^\OҭD2M&=ZBQ6Do^B^Zܔ^@^@9H^N^Adtypejpublic-key^Ebup^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 83 9H^N^@^@^AbidX@տ^Kiς^N_^J*uGH?^Kan:>^\OҭD2M&=Z9H^N^@BQ6Do^B^Zܔ^@dtypejpublic-key^BX%fCȣ܀ɽ5~^G^A-YD9H^N^AA,K!^@^@^@^@^P^CXH0F^B!^@^[^M^Hg؄+Q<˦;tFb^B!^@ڇ9H^N^Bl-^^sT^@C=}suf^Mk^Z7.^Y_|^IG^Q6^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 7 ^@9H^N^@^F^F^A^B^B^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 3 9H^N^@Q^@^A^A^B^C8^X ^A!X n^O^Y^D[T)^]^NBopaK"X =^R/^U9H^N^@UJA;;^P"c^GZ^[^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 7 ^@9H^N^@x^F^A^B^B^E^C^A^B^C8^X ^A!X 3B1ˠ^S^\^Ev,^P<Rij,Q\b"X [^M^J^@9H^N^@G85Q\^\^U^EQ!^FX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^ZY>^@9H^N^Az^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 79 9H^N^@5^@^BX0^F6{Ƶ(5^C^K^P{DNҁ%w~^XkK^Ub^ZW^@^@^@^@ +w 1 ^@9H^N^@^B^Agad.test^BX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^CbidX@տ^K^@9H^N^@iς^N_^J*uGH?^Kan:>^\OҭD2M&=ZBQ6Do^B^Zܔ^@^@9H^N^Adtypejpublic-key^Ebup^FX ^A^F}5WTGylg%}^R_^Dї c^@9H^N^B^G^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 259 9H^N^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 9H^N^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 9H^N^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 9H^N^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 9H^N^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 290 9H^N^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 268 9H^N^@^@^AbidX@տ^Kiς^N_^J*uGH?^Kan:>^\OҭD2M&=Z9H^N^@BQ6Do^B^Zܔ^@dtypejpublic-key^BX%fCȣ܀ɽ5~^G^A-YD9H^N^AA,K!^E^@^@^@^R^CXF0D^B ^V^C^DNnD)P^C3c|^Fd?D6Y^Ds^B ^Ca^\^N9H^N^B4_$J^S^]Rq׆x@^Vy8L^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ \ No newline at end of file diff --git a/src/tests/system/data/test_passkey/test_passkey__su_same_key_for_multi_user/umockdev.script.ipa.user1 b/src/tests/system/data/test_passkey/test_passkey__su_same_key_for_multi_user/umockdev.script.ipa.user1 new file mode 100644 index 00000000000..6d55fdb1fb6 --- /dev/null +++ b/src/tests/system/data/test_passkey/test_passkey__su_same_key_for_multi_user/umockdev.script.ipa.user1 @@ -0,0 +1,22 @@ +d 0 /dev/hidraw1 + +w 4 ^@^@^H^A^A^A^A^A^A^A^A^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 2 ^@^Q^A^A^A^A^A^A^A^A$^B^E^D^C^E^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 1 ^@$^@^A^D^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 3 $^@^@^AfU2F_V2hFIDO_2_0lFIDO_2_1_PRE^BkcredProtectkhmac-secr$^@et^CP/W^SG^VZ *^DbrkbupdplaticlientPinucredentialM$^AgmtPreview^E^Y^D^F^B^A^G^H^H^X^Icnfccusb^Jcalg&dtypejpublic-key$^Bcalg'dtypejpublic-key^M^D^N^Z^@^E^D^C^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 1 ^@$^@^B^Ahipa.test^BX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^CbidX@J^@$^@;f=3^Nz^]8М0^H^D7l^[^\^M*^Qь^B#i%^@jD^T^@$^As7dtypejpublic-key^Ebup^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 82 $^@^@^AbidX@J;f=3^Nz^]8М0^H^D7l^[^\^M*^Qь^B$^@#i%^@jD^Ts7dtypejpublic-key^BX%^@|Dږ^Qx??d^Q/N4/o$^AC}.[^@^@^@^@^W^CXG0E^B "*^`^Uɛ^_^FEyp.^K^Tܼ;^Z^B!^@a9Ԡ$^BT{}VZ^H{y^XN>[_Ц^E^D^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 8 ^@$^@^F^F^A^B^B^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 2 $^@Q^@^A^A^B^C8^X ^A!X ^TOig^Yy#:H^DkC4QZ2"X ڕl&֠$^@z~׉:t.םv^G^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 7 ^@$^@x^F^A^B^B^E^C^A^B^C8^X ^A!X 3B1ˠ^S^\^Ev,^P<Rij,Q\b"X [^M^J^@$^@G85Q\^\^U^EQ!^FX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A] ݨO6!^@$^Aҋ:^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 79 $^@5^@^BX0!=P[<\M^LC'^`%^L^Y^WI(Qi]^In‡%C#^@^@^@^@ +w 1 ^@$^@^B^Ahipa.test^BX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^CbidX@J^@$^@;f=3^Nz^]8М0^H^D7l^[^\^M*^Qь^B#i%^@jD^T^@$^As7dtypejpublic-key^Ebup^FX H>0$^H`^[4:^B~?|7]2y^@,^@$^B&^G^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 295 $^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 $^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 $^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 291 $^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 287 $^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 $^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 $^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 $^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 290 $^@^A^A^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@$^@^@^AbidX@J;f=3^Nz^]8М0^H^D7l^[^\^M*^Qь^B$^@#i%^@jD^Ts7dtypejpublic-key^BX%^@|Dږ^Qx??d^Q/N4/o$^AC}.[^E^@^@^@^Y^CXF0D^B ="U=$^[^F^N$^AA^HsF0ۢ^B W^AP$^Bw^XtJn5^Y%^K> Iw^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ \ No newline at end of file diff --git a/src/tests/system/data/test_passkey/test_passkey__su_same_key_for_multi_user/umockdev.script.ipa.user2 b/src/tests/system/data/test_passkey/test_passkey__su_same_key_for_multi_user/umockdev.script.ipa.user2 new file mode 100644 index 00000000000..0dd6f4109a4 --- /dev/null +++ b/src/tests/system/data/test_passkey/test_passkey__su_same_key_for_multi_user/umockdev.script.ipa.user2 @@ -0,0 +1,23 @@ +d 0 /dev/hidraw1 + +w 4 ^@^@^H^A^A^A^A^A^A^A^A^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 3 ^@^Q^A^A^A^A^A^A^A^AK^B^E^D^C^E^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 1 ^@K^@^A^D^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 3 K^@^@^AfU2F_V2hFIDO_2_0lFIDO_2_1_PRE^BkcredProtectkhmac-secrK^@et^CP/W^SG^VZ *^DbrkbupdplaticlientPinucredentialMK^AgmtPreview^E^Y^D^F^B^A^G^H^H^X^Icnfccusb^Jcalg&dtypejpublic-keyK^Bcalg'dtypejpublic-key^M^D^N^Z^@^E^D^C^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 1 ^@K^@^B^Ahipa.test^BX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^CbidX@J^@K^@;f=3^Nz^]8М0^H^D7l^[^\^M*^Qь^B#i%^@jD^T^@K^As7dtypejpublic-key^Ebup^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 83 K^@^@^AbidX@J;f=3^Nz^]8М0^H^D7l^[^\^M*^Qь^BK^@#i%^@jD^Ts7dtypejpublic-key^BX%^@|Dږ^Qx??d^Q/N4/oK^AC}.[^@^@^@^@^\^CXG0E^B (ba4^L^XrB_o1Ԋ^AJ^E9^N[^_!^W^B!^@s^D*K^B$^N^H^[)^[I^X'p^Y0^I]<j)^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 8 ^@K^@^F^F^A^B^B^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 2 K^@Q^@^A^A^B^C8^X ^A!X ^TOig^Yy#:H^DkC4QZ2"X ڕl&ֵK^@z~׉:t.םv^G^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 7 ^@K^@x^F^A^B^B^E^C^A^B^C8^X ^A!X 3B1ˠ^S^\^Ev,^P<Rij,Q\b"X [^M^J^@K^@G85Q\^\^U^EQ!^FX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A] ݨO6!^@K^Aҋ:^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 79 K^@5^@^BX0UɠٽiMv,raP),^F'^OE9gC6}Ni^U^@^@^@^@ +w 3 ^@K^@^B^Ahipa.test^BX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^CbidX@J^@K^@;f=3^Nz^]8М0^H^D7l^[^\^M*^Qь^B#i%^@jD^T^@K^As7dtypejpublic-key^Ebup^FX H>0$^H`^[4:^B~?|7]2y^@,^@K^B&^G^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 231 K^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 K^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 K^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 K^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 K^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 290 K^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 K^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 K^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 K^@^A^A^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 54 K^@^@^AbidX@J;f=3^Nz^]8М0^H^D7l^[^\^M*^Qь^BK^@#i%^@jD^Ts7dtypejpublic-key^BX%^@|Dږ^Qx??d^Q/N4/oK^AC}.[^E^@^@^@^^^CXF0D^B Wp^_rJNJS^_^Y"&}w$^_^B #+ᏵK^B>^Co^_U^]m^X^ID^LяǺI9%^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ \ No newline at end of file diff --git a/src/tests/system/data/test_passkey/test_passkey__su_same_key_for_multi_user/umockdev.script.ipa.user3 b/src/tests/system/data/test_passkey/test_passkey__su_same_key_for_multi_user/umockdev.script.ipa.user3 new file mode 100644 index 00000000000..c4761f29517 --- /dev/null +++ b/src/tests/system/data/test_passkey/test_passkey__su_same_key_for_multi_user/umockdev.script.ipa.user3 @@ -0,0 +1,21 @@ +d 0 /dev/hidraw1 + +w 4 ^@^@^H^A^A^A^A^A^A^A^A^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 2 ^@^Q^A^A^A^A^A^A^A^A^O^B^E^D^C^E^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 1 ^@^O^@^A^D^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 3 ^O^@^@^AfU2F_V2hFIDO_2_0lFIDO_2_1_PRE^BkcredProtectkhmac-secr^O^@et^CP/W^SG^VZ *^DbrkbupdplaticlientPinucredentialM^O^AgmtPreview^E^Y^D^F^B^A^G^H^H^X^Icnfccusb^Jcalg&dtypejpublic-key^O^Bcalg'dtypejpublic-key^M^D^N^Z^@^E^D^C^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 1 ^@^O^@^B^Ahipa.test^BX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^CbidX@J^@^O^@;f=3^Nz^]8М0^H^D7l^[^\^M*^Qь^B#i%^@jD^T^@^O^As7dtypejpublic-key^Ebup^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 82 ^O^@^@^AbidX@J;f=3^Nz^]8М0^H^D7l^[^\^M*^Qь^B^O^@#i%^@jD^Ts7dtypejpublic-key^BX%^@|Dږ^Qx??d^Q/N4/o^O^AC}.[^@^@^@^@ ^CXF0D^B cL"^Pht}W^]WI0^O[c$^B ^D1^]^O^B^M^P{w +^V^R^`KlI^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 5 ^@^O^@^F^F^A^B^B^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 3 ^O^@Q^@^A^A^B^C8^X ^A!X ^TOig^Yy#:H^DkC4QZ2"X ڕl&^O^@z~׉:t.םv^G^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 7 ^@^O^@x^F^A^B^B^E^C^A^B^C8^X ^A!X 3B1ˠ^S^\^Ev,^P<Rij,Q\b"X [^M^J^@^O^@G85Q\^\^U^EQ!^FX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A] ݨO6!^@^O^Aҋ:^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 79 ^O^@5^@^BX0fGt:i^URJ^M`@^WjώD*Tk^U^]^FV^FFRm^SR^@^@^@^@ +w 4 ^@^O^@^B^Ahipa.test^BX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^CbidX@J^@^O^@;f=3^Nz^]8М0^H^D7l^[^\^M*^Qь^B#i%^@jD^T^@^O^As7dtypejpublic-key^Ebup^FX H>0$^H`^[4:^B~?|7]2y^@,^@^O^B&^G^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 202 ^O^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 ^O^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 290 ^O^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 289 ^O^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 287 ^O^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 ^O^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 289 ^O^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 173 ^O^@^@^AbidX@J;f=3^Nz^]8М0^H^D7l^[^\^M*^Qь^B^O^@#i%^@jD^Ts7dtypejpublic-key^BX%^@|Dږ^Qx??d^Q/N4/o^O^AC}.[^E^@^@^@#^CXF0D^B <p^I=7^K^VJe^W^H^W?v^ITf^B +'^W^O^B^K=C2^Pz?jzhK^H^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ \ No newline at end of file diff --git a/src/tests/system/data/test_passkey/test_passkey__su_same_key_for_multi_user/umockdev.script.ldap.user1 b/src/tests/system/data/test_passkey/test_passkey__su_same_key_for_multi_user/umockdev.script.ldap.user1 new file mode 100644 index 00000000000..14f5bd96b8a --- /dev/null +++ b/src/tests/system/data/test_passkey/test_passkey__su_same_key_for_multi_user/umockdev.script.ldap.user1 @@ -0,0 +1,21 @@ +d 0 /dev/hidraw1 + +w 2 ^@^@^H^A^A^A^A^A^A^A^A^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 3 ^@^Q^A^A^A^A^A^A^A^AHqeH^B^E^D^C^E^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 1 ^@HqeH^@^A^D^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 3 HqeH^@^@^AfU2F_V2hFIDO_2_0lFIDO_2_1_PRE^BkcredProtectkhmac-secrHqeH^@et^CP/W^SG^VZ *^DbrkbupdplaticlientPinucredentialMHqeH^AgmtPreview^E^Y^D^F^B^A^G^H^H^X^Icnfccusb^Jcalg&dtypejpublic-keyHqeH^Bcalg'dtypejpublic-key^M^D^N^Z^@^E^D^C^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 1 ^@HqeH^@^B^Adtest^BX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^CbidX@p5^N^@HqeH^@^I>B׻Ge'?Ak<F98Ҡ-kD+<Ԭ10$`zrHU%^GZ^I5d^@HqeH^Atypejpublic-key^Ebup^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 83 HqeH^@^@^AbidX@p5^N^I>B׻Ge'?Ak<F98Ҡ-kD+<Ԭ10$`HqeH^@zrHU%^GZ^I5dtypejpublic-key^BX%ЁL}e/Z^UO^[+^K,HqeH^A]l^U^J^H^@^@^@^@^F^CXG0E^B ]#^W^Jǂ^INPWu\GD"ڈ^Z^B!^@^RHqeH^BTnx]^E/^]^Km魩^N}^F*W^C^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 7 ^@HqeH^@^F^F^A^B^B^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 3 HqeH^@Q^@^A^A^B^C8^X ^A!X E$^\^O:d^\v~U^S}q۾^MN^^L^X"X :^PHqeH^@>X_^E$^]^G+^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 7 ^@HqeH^@x^F^A^B^B^E^C^A^B^C8^X ^A!X 3B1ˠ^S^\^Ev,^P<Rij,Q\b"X [^M^J^@HqeH^@G85Q\^\^U^EQ!^FX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A8u^JD^]9^@HqeH^A}^`0^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 79 HqeH^@5^@^BX0|Ê^B£uI^Nuy|^^^\7^OǕK\8#Z^D1^A=^@^@^@^@ +w 1 ^@HqeH^@^B^Adtest^BX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^CbidX@p5^N^@HqeH^@^I>B׻Ge'?Ak<F98Ҡ-kD+<Ԭ10$`zrHU%^GZ^I5d^@HqeH^Atypejpublic-key^Ebup^FX ^A^F}5WTGylg%}^R_^Dї c^G^B^@ +r 287 HqeH^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 HqeH^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 HqeH^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 HqeH^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 HqeH^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 290 HqeH^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 HqeH^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 244 HqeH^@^@^AbidX@p5^N^I>B׻Ge'?Ak<F98Ҡ-kD+<Ԭ10$`HqeH^@zrHU%^GZ^I5dtypejpublic-key^BX%ЁL}e/Z^UO^[+^K,HqeH^A]l^U^J^H^E^@^@^@^I^CXF0D^B G^N.ݼr5^YiH@XeȔN^@^F^E$"0^B ^_'^H^`HqeH^B<Xs^M!(+{cVc͑^KƂ^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ \ No newline at end of file diff --git a/src/tests/system/data/test_passkey/test_passkey__su_same_key_for_multi_user/umockdev.script.ldap.user2 b/src/tests/system/data/test_passkey/test_passkey__su_same_key_for_multi_user/umockdev.script.ldap.user2 new file mode 100644 index 00000000000..a01452bce79 --- /dev/null +++ b/src/tests/system/data/test_passkey/test_passkey__su_same_key_for_multi_user/umockdev.script.ldap.user2 @@ -0,0 +1,20 @@ +d 0 /dev/hidraw1 + +w 3 ^@^@^H^A^A^A^A^A^A^A^A^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 3 ^@^Q^A^A^A^A^A^A^A^A|++^B^E^D^C^E^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 1 ^@|++^@^A^D^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 3 |++^@^@^AfU2F_V2hFIDO_2_0lFIDO_2_1_PRE^BkcredProtectkhmac-secr|++^@et^CP/W^SG^VZ *^DbrkbupdplaticlientPinucredentialM|++^AgmtPreview^E^Y^D^F^B^A^G^H^H^X^Icnfccusb^Jcalg&dtypejpublic-key|++^Bcalg'dtypejpublic-key^M^D^N^Z^@^E^D^C^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 1 ^@|++^@^B^Adtest^BX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^CbidX@p5^N^@|++^@^I>B׻Ge'?Ak<F98Ҡ-kD+<Ԭ10$`zrHU%^GZ^I5d^@|++^Atypejpublic-key^Ebup^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 83 |++^@^@^AbidX@p5^N^I>B׻Ge'?Ak<F98Ҡ-kD+<Ԭ10$`|++^@zrHU%^GZ^I5dtypejpublic-key^BX%ЁL}e/Z^UO^[+^K,|++^A]l^U^J^H^@^@^@^@^M^CXG0E^B =&onW,F`ͺ@C^U^^)}}^B!^@[^B|++^B^N>R?M^Z7|P^S^YQ^^jy#Jo^Q^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 7 ^@|++^@^F^F^A^B^B^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 3 |++^@Q^@^A^A^B^C8^X ^A!X E$^\^O:d^\v~U^S}q۾^MN^^L^X"X :^P|++^@>X_^E$^]^G+^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 7 ^@|++^@x^F^A^B^B^E^C^A^B^C8^X ^A!X 3B1ˠ^S^\^Ev,^P<Rij,Q\b"X [^M^J^@|++^@G85Q\^\^U^EQ!^FX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A8u^JD^]9^@|++^A}^`0^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 79 |++^@5^@^BX0i׃`)^AzUgJp봳^O^^^_䉼6ƒt~^W~^Q^XR8Cd??F^H^@^@^@^@ +w 1 ^@|++^@^B^Adtest^BX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^CbidX@p5^N^@|++^@^I>B׻Ge'?Ak<F98Ҡ-kD+<Ԭ10$`zrHU%^GZ^I5d^@|++^Atypejpublic-key^Ebup^FX ^A^F}5WTGylg%}^R_^Dї c^G^B^@ +r 243 |++^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 |++^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 290 |++^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 |++^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 |++^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 |++^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 150 |++^@^@^AbidX@p5^N^I>B׻Ge'?Ak<F98Ҡ-kD+<Ԭ10$`|++^@zrHU%^GZ^I5dtypejpublic-key^BX%ЁL}e/Z^UO^[+^K,|++^A]l^U^J^H^E^@^@^@^P^CXG0E^B p:^\C~q[^Z&^TLg>^B!^@|++^ByJ{>Tֆ^FF^\^@;Xf^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ \ No newline at end of file diff --git a/src/tests/system/data/test_passkey/test_passkey__su_same_key_for_multi_user/umockdev.script.ldap.user3 b/src/tests/system/data/test_passkey/test_passkey__su_same_key_for_multi_user/umockdev.script.ldap.user3 new file mode 100644 index 00000000000..e4530f667b2 --- /dev/null +++ b/src/tests/system/data/test_passkey/test_passkey__su_same_key_for_multi_user/umockdev.script.ldap.user3 @@ -0,0 +1,20 @@ +d 0 /dev/hidraw1 + +w 4 ^@^@^H^A^A^A^A^A^A^A^A^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 2 ^@^Q^A^A^A^A^A^A^A^AS^\^B^E^D^C^E^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 2 ^@S^\^@^A^D^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 2 S^\^@^@^AfU2F_V2hFIDO_2_0lFIDO_2_1_PRE^BkcredProtectkhmac-secrS^\^@et^CP/W^SG^VZ *^DbrkbupdplaticlientPinucredentialMS^\^AgmtPreview^E^Y^D^F^B^A^G^H^H^X^Icnfccusb^Jcalg&dtypejpublic-keyS^\^Bcalg'dtypejpublic-key^M^D^N^Z^@^E^D^C^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 3 ^@S^\^@^B^Adtest^BX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^CbidX@p5^N^@S^\^@^I>B׻Ge'?Ak<F98Ҡ-kD+<Ԭ10$`zrHU%^GZ^I5d^@S^\^Atypejpublic-key^Ebup^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 82 S^\^@^@^AbidX@p5^N^I>B׻Ge'?Ak<F98Ҡ-kD+<Ԭ10$`S^\^@zrHU%^GZ^I5dtypejpublic-key^BX%ЁL}e/Z^UO^[+^K,S^\^A]l^U^J^H^@^@^@^@^T^CXG0E^B ^DS^G^QM;+'^YOvJ=:}=^B!^@^Z٧S^\^Bpoe^JmG_G^GL^Q>fqZ^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 8 ^@S^\^@^F^F^A^B^B^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 2 S^\^@Q^@^A^A^B^C8^X ^A!X E$^\^O:d^\v~U^S}q۾^MN^^L^X"X :^PS^\^@>X_^E$^]^G+^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 6 ^@S^\^@x^F^A^B^B^E^C^A^B^C8^X ^A!X 3B1ˠ^S^\^Ev,^P<Rij,Q\b"X [^M^J^@S^\^@G85Q\^\^U^EQ!^FX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A8u^JD^]9^@S^\^A}^`0^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 78 S^\^@5^@^BX0SUS;ʛ^G^G^P^NF-6Y^Fs^]t0k^U}mߛ+^J^@^@^@^@ +w 2 ^@S^\^@^B^Adtest^BX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^CbidX@p5^N^@S^\^@^I>B׻Ge'?Ak<F98Ҡ-kD+<Ԭ10$`zrHU%^GZ^I5d^@S^\^Atypejpublic-key^Ebup^FX ^A^F}5WTGylg%}^R_^Dї c^G^B^@ +r 203 S^\^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 287 S^\^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 291 S^\^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 S^\^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 287 S^\^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 289 S^\^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 125 S^\^@^@^AbidX@p5^N^I>B׻Ge'?Ak<F98Ҡ-kD+<Ԭ10$`S^\^@zrHU%^GZ^I5dtypejpublic-key^BX%ЁL}e/Z^UO^[+^K,S^\^A]l^U^J^H^E^@^@^@^U^CXG0E^B t^Srih3^]t^H^E^[^E^N^To{E^F^B!^@˰pS^\^B^\j]^T,n^V ^CiuK\^A^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ \ No newline at end of file diff --git a/src/tests/system/data/test_passkey/test_passkey__su_same_key_for_multi_user/umockdev.script.samba.user1 b/src/tests/system/data/test_passkey/test_passkey__su_same_key_for_multi_user/umockdev.script.samba.user1 new file mode 100644 index 00000000000..11b7860ca47 --- /dev/null +++ b/src/tests/system/data/test_passkey/test_passkey__su_same_key_for_multi_user/umockdev.script.samba.user1 @@ -0,0 +1,22 @@ +d 0 /dev/hidraw1 + +w 3 ^@^@^H^A^A^A^A^A^A^A^A^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 3 ^@^Q^A^A^A^A^A^A^A^A'N^B^E^D^C^E^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 1 ^@'NԐ^@^A^D^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 3 'NԐ^@^@^AfU2F_V2hFIDO_2_0lFIDO_2_1_PRE^BkcredProtectkhmac-secr'N^@et^CP/W^SG^VZ *^DbrkbupdplaticlientPinucredentialM'N^AgmtPreview^E^Y^D^F^B^A^G^H^H^X^Icnfccusb^Jcalg&dtypejpublic-key'N^Bcalg'dtypejpublic-key^M^D^N^Z^@^E^D^C^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 1 ^@'NԐ^@^B^Ajsamba.test^BX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^CbidX@^@'N^@X^\^V^T^Y^HӜ^EE^]^Ys4}^^^N瑩]^Z<^Q@^L56^Z^@'N^A^^Oܔdtypejpublic-key^Ebup^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 83 'NԐ^@^@^AbidX@X^\^V^T^Y^HӜ^EE^]^Ys4}^^^N瑩]^Z<^Q'N^@@^L56^Z^^Oܔdtypejpublic-key^BX% ^S@^_n1n;Qm\<ִ>'N^A`^_W^@^@^@^@^J^CXG0E^B L4.&7.^K։t^L^@[=q;^FB^E^_:%^B!^@_'N^BN^\jaϾXl^F^_٥̟0+^E^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 7 ^@'NԐ^@^F^F^A^B^B^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 3 'NԐ^@Q^@^A^A^B^C8^X ^A!X n^O^Y^D[T)^]^NBopaK"X =^R/^U'N^@UJA;;^P"c^GZ^[^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 7 ^@'NԐ^@x^F^A^B^B^E^C^A^B^C8^X ^A!X 3B1ˠ^S^\^Ev,^P<Rij,Q\b"X [^M^J^@'N^@G85Q\^\^U^EQ!^FX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^ZY>^@'N^Az^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 79 'NԐ^@5^@^BX0^G^L^BZ1m'sZgkDh^V^Q-^TS^WD^@^@^@^@ +w 1 ^@'NԐ^@^B^Ajsamba.test^BX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^CbidX@^@'N^@X^\^V^T^Y^HӜ^EE^]^Ys4}^^^N瑩]^Z<^Q@^L56^Z^@'N^A^^Oܔdtypejpublic-key^Ebup^FX ^A^F}5WTGylg%}^R_^Dї ^@'N^Bc^G^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 211 'NԻ^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 'NԻ^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 'NԻ^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 'NԻ^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 290 'NԻ^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 'NԻ^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 'NԻ^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 'NԻ^@^A^A^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 28 'NԐ^@^@^AbidX@X^\^V^T^Y^HӜ^EE^]^Ys4}^^^N瑩]^Z<^Q'N^@@^L56^Z^^Oܔdtypejpublic-key^BX% ^S@^_n1n;Qm\<ִ>'N^A`^_W^E^@^@^@^L^CXG0E^B ^FI^KYoTI%^]OrN|^RZx>&^B!^@:'N^BIҢ&^Otl^F_y.^A2^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ \ No newline at end of file diff --git a/src/tests/system/data/test_passkey/test_passkey__su_same_key_for_multi_user/umockdev.script.samba.user2 b/src/tests/system/data/test_passkey/test_passkey__su_same_key_for_multi_user/umockdev.script.samba.user2 new file mode 100644 index 00000000000..f9e2a6a99b0 --- /dev/null +++ b/src/tests/system/data/test_passkey/test_passkey__su_same_key_for_multi_user/umockdev.script.samba.user2 @@ -0,0 +1,19 @@ +d 0 /dev/hidraw1 + +w 4 ^@^@^H^A^A^A^A^A^A^A^A^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 3 ^@^Q^A^A^A^A^A^A^A^A5ގ^B^E^D^C^E^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 1 ^@5ގ^@^A^D^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 2 5ގ^@^@^AfU2F_V2hFIDO_2_0lFIDO_2_1_PRE^BkcredProtectkhmac-secr5ގ^@et^CP/W^SG^VZ *^DbrkbupdplaticlientPinucredentialM5ގ^AgmtPreview^E^Y^D^F^B^A^G^H^H^X^Icnfccusb^Jcalg&dtypejpublic-key5ގ^Bcalg'dtypejpublic-key^M^D^N^Z^@^E^D^C^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 1 ^@5ގ^@^B^Ajsamba.test^BX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^CbidX@^@5ގ^@X^\^V^T^Y^HӜ^EE^]^Ys4}^^^N瑩]^Z<^Q@^L56^Z^@5ގ^A^^Oܔdtypejpublic-key^Ebup^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 82 5ގ^@^@^AbidX@X^\^V^T^Y^HӜ^EE^]^Ys4}^^^N瑩]^Z<^Q5ގ^@@^L56^Z^^Oܔdtypejpublic-key^BX% ^S@^_n1n;Qm\<ִ>5ގ^A`^_W^@^@^@^@^M^CXH0F^B!^@hP^J-^PgS\ƩI^E8t^]^B^P#^\^B!^@ډ^Y5ގ^BIppz4E"^D^X91^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 6 ^@5ގ^@^F^F^A^B^B^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 2 5ގ^@Q^@^A^A^B^C8^X ^A!X n^O^Y^D[T)^]^NBopaK"X =^R/^U5ގ^@UJA;;^P"c^GZ^[^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 6 ^@5ގ^@x^F^A^B^B^E^C^A^B^C8^X ^A!X 3B1ˠ^S^\^Ev,^P<Rij,Q\b"X [^M^J^@5ގ^@G85Q\^\^U^EQ!^FX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^ZY>^@5ގ^Az^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 79 5ގ^@5^@^BX0n^DlҵRJ^_D^R^X^PT;s!7u^Ae?/q*N$Q#^@k^@^@^@^@ +w 1 ^@5ގ^@^B^Ajsamba.test^BX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^CbidX@^@5ގ^@X^\^V^T^Y^HӜ^EE^]^Ys4}^^^N瑩]^Z<^Q@^L56^Z^@5ގ^A^^Oܔdtypejpublic-key^Ebup^FX ^A^F}5WTGylg%}^R_^Dї ^@5ގ^Bc^G^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 245 5ގ^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 5ގ^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 5ގ^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 5ގ^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 289 5ގ^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 196 5ގ^@^@^AbidX@X^\^V^T^Y^HӜ^EE^]^Ys4}^^^N瑩]^Z<^Q5ގ^@@^L56^Z^^Oܔdtypejpublic-key^BX% ^S@^_n1n;Qm\<ִ>5ގ^A`^_W^E^@^@^@^P^CXH0F^B!^@<^A^Xëwta-^E{c}^\>^Tr]CgPU^B!^@;^@5ގ^B^Ke^F^L^S#dEv%0^KIB%mx^I^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ \ No newline at end of file diff --git a/src/tests/system/data/test_passkey/test_passkey__su_same_key_for_multi_user/umockdev.script.samba.user3 b/src/tests/system/data/test_passkey/test_passkey__su_same_key_for_multi_user/umockdev.script.samba.user3 new file mode 100644 index 00000000000..67b9ac30848 --- /dev/null +++ b/src/tests/system/data/test_passkey/test_passkey__su_same_key_for_multi_user/umockdev.script.samba.user3 @@ -0,0 +1,18 @@ +d 0 /dev/hidraw1 + +w 2 ^@^@^H^A^A^A^A^A^A^A^A^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 3 ^@^Q^A^A^A^A^A^A^A^Al^TD^B^E^D^C^E^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 1 ^@l^TD^@^A^D^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 3 l^TD^@^@^AfU2F_V2hFIDO_2_0lFIDO_2_1_PRE^BkcredProtectkhmac-secrl^TD^@et^CP/W^SG^VZ *^DbrkbupdplaticlientPinucredentialMl^TD^AgmtPreview^E^Y^D^F^B^A^G^H^H^X^Icnfccusb^Jcalg&dtypejpublic-keyl^TD^Bcalg'dtypejpublic-key^M^D^N^Z^@^E^D^C^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 1 ^@l^TD^@^B^Ajsamba.test^BX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^CbidX@^@l^TD^@X^\^V^T^Y^HӜ^EE^]^Ys4}^^^N瑩]^Z<^Q@^L56^Z^@l^TD^A^^Oܔdtypejpublic-key^Ebup^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 83 l^TD^@^@^AbidX@X^\^V^T^Y^HӜ^EE^]^Ys4}^^^N瑩]^Z<^Ql^TD^@@^L56^Z^^Oܔdtypejpublic-key^BX% ^S@^_n1n;Qm\<ִ>l^TD^A`^_W^@^@^@^@^Q^CXG0E^B "pɟ"msT.ο\^`8?g^R[5^J^B!^@l^TD^Bt"[^C^CRWe^L)%^N7B^UI~^L@-ֺ^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 7 ^@l^TD^@^F^F^A^B^B^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 3 l^TD^@Q^@^A^A^B^C8^X ^A!X n^O^Y^D[T)^]^NBopaK"X =^R/^Ul^TD^@UJA;;^P"c^GZ^[^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 7 ^@l^TD^@x^F^A^B^B^E^C^A^B^C8^X ^A!X 3B1ˠ^S^\^Ev,^P<Rij,Q\b"X [^M^J^@l^TD^@G85Q\^\^U^EQ!^FX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^ZY>^@l^TD^Az^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 79 l^TD^@5^@^BX0^Q^Kj^A;l^Ff3+HP^QǺ^^A^C]^C[.ǰL<FhkiA^RA5^@^@^@^@ +w 1 ^@l^TD^@^B^Ajsamba.test^BX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^CbidX@^@l^TD^@X^\^V^T^Y^HӜ^EE^]^Ys4}^^^N瑩]^Z<^Q@^L56^Z^@l^TD^A^^Oܔdtypejpublic-key^Ebup^FX ^A^F}5WTGylg%}^R_^Dї ^@l^TD^Bc^G^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 245 l^TD^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 l^TD^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 l^TD^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 290 l^TD^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 244 l^TD^@^@^AbidX@X^\^V^T^Y^HӜ^EE^]^Ys4}^^^N瑩]^Z<^Ql^TD^@@^L56^Z^^Oܔdtypejpublic-key^BX% ^S@^_n1n;Qm\<ִ>l^TD^A`^_W^E^@^@^@^T^CXG0E^B J^Mc7>^_:^Gh>^F^LN)^\0^B!^@U\l^TD^BJC^J`Wj^Nw^Jmo^I^CL^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ \ No newline at end of file diff --git a/src/tests/system/data/test_passkey/test_passkey__user_fetch_from_cache/passkey-mapping.ad b/src/tests/system/data/test_passkey/test_passkey__user_fetch_from_cache/passkey-mapping.ad new file mode 100644 index 00000000000..58f3e1045d6 --- /dev/null +++ b/src/tests/system/data/test_passkey/test_passkey__user_fetch_from_cache/passkey-mapping.ad @@ -0,0 +1 @@ +passkey:Wp075+YqPw9bn3UhyNUa1u0wu8I982JVRxR/cd3KRplwD12NweMI15fMSTclruHiTPdi7i7y9IRGbTRtDWPt4w==,MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEh+6kmCDkIaUiHUx1SobhNo7jP6wUJCBocQP9jxhpM/uBRKNXWUUKNMJwiOp0Nkj/OeSP2xdtLNazs4KEPBk15A== diff --git a/src/tests/system/data/test_passkey/test_passkey__user_fetch_from_cache/passkey-mapping.ipa b/src/tests/system/data/test_passkey/test_passkey__user_fetch_from_cache/passkey-mapping.ipa new file mode 100644 index 00000000000..915689bd654 --- /dev/null +++ b/src/tests/system/data/test_passkey/test_passkey__user_fetch_from_cache/passkey-mapping.ipa @@ -0,0 +1 @@ +passkey:NUZMRUXIb/W8Ij1GqwCDHSCWxt/SxWxckwtQjLYi/X6Y1qZFB+HI8WO6khzAjzsz248kHbaeAf9qfmqfCky1Jg==,MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIasAa8ogjPCKXeA4KY3t0W3xBRmG+E4D+MNoRIAJrYuNLSYtAcOL7DCbIfgc+7c5Y4Mh/FzoEyeumKGYMoyTfg== diff --git a/src/tests/system/data/test_passkey/test_passkey__user_fetch_from_cache/passkey-mapping.ldap b/src/tests/system/data/test_passkey/test_passkey__user_fetch_from_cache/passkey-mapping.ldap new file mode 100644 index 00000000000..82d76d9b590 --- /dev/null +++ b/src/tests/system/data/test_passkey/test_passkey__user_fetch_from_cache/passkey-mapping.ldap @@ -0,0 +1 @@ +passkey:mQEUTWdtDJPELQNTDdxXNHlfIO1qXFf0LVZjWEfyDALFzvLZ4e4XD5bemqq+o3ThrzT6k1I1n3Z2N00GvLSmjQ==,MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEqk7K5VAI7Evr4ar8X82L/sxm/Bnm5Ti31xnLfGO0BipwHucw8+/wT4+6T9j5gdMwZKUcXR4BILpmULEyrcZUfw== diff --git a/src/tests/system/data/test_passkey/test_passkey__user_fetch_from_cache/passkey-mapping.samba b/src/tests/system/data/test_passkey/test_passkey__user_fetch_from_cache/passkey-mapping.samba new file mode 100644 index 00000000000..f602626971f --- /dev/null +++ b/src/tests/system/data/test_passkey/test_passkey__user_fetch_from_cache/passkey-mapping.samba @@ -0,0 +1 @@ +passkey:xYBuvCazxVg5VJ/D2yRI2/3ji86a+yft0W2S/BOF/pIZcwaxJLP1bZjWN7oJa3PP8p2N26yG2Erd90yIGOXocQ==,MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEC1cAEJJW5SVDrCL62BYgtilv4DgkeiEXpNrdsMRk5+Iv5ddP6lgMH5hD98ddFlJX/YhEXdty6UibztVmgO7asQ== diff --git a/src/tests/system/data/test_passkey/test_passkey__user_fetch_from_cache/umockdev.script.ad b/src/tests/system/data/test_passkey/test_passkey__user_fetch_from_cache/umockdev.script.ad new file mode 100644 index 00000000000..e9864e7f2da --- /dev/null +++ b/src/tests/system/data/test_passkey/test_passkey__user_fetch_from_cache/umockdev.script.ad @@ -0,0 +1,19 @@ +d 0 /dev/hidraw1 + +w 4 ^@^@^H^A^A^A^A^A^A^A^A^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 3 ^@^Q^A^A^A^A^A^A^A^A^B^E^D^C^E^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 1 ^@^@^A^D^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 3 ^@^@^AfU2F_V2hFIDO_2_0lFIDO_2_1_PRE^BkcredProtectkhmac-secr^@et^CP/W^SG^VZ *^DbrkbupdplaticlientPinucredentialM^AgmtPreview^E^Y^D^F^B^A^G^H^H^X^Icnfccusb^Jcalg&dtypejpublic-key^Bcalg'dtypejpublic-key^M^D^N^Z^@^E^D^C^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 1 ^@^@^B^Agad.test^BX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^CbidX@Z;^@^@*?^O[u!^Z0=bUG^TqFp^O]^HחI7%Lb.Fm4m^Mc^@^Adtypejpublic-key^Ebup^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 83 ^@^@^AbidX@Z;*?^O[u!^Z0=bUG^TqFp^O]^HחI7%^@Lb.Fm4m^Mcdtypejpublic-key^BX%fCȣ܀ɽ5~^G^A-YD^AA,K!^@^@^@^@^T^CXG0E^B t.F^^^]^AG^U@]/<*r^On^Z^B!^@^KX^B4ߚ>nut^Z^EXWn^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 8 ^@^@^F^F^A^B^B^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 2 ^@Q^@^A^A^B^C8^X ^A!X <H*!Ó^M!^S[;s1c^Z%^H"X _^K^NE<^@^Et[v^WG'ħS^[^E^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 5 ^@^@x^F^A^B^B^E^C^A^B^C8^X ^A!X 3B1ˠ^S^\^Ev,^P<Rij,Q\b"X [^M^J^@^@G85Q\^\^U^EQ!^FX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^Avz^IRZ^@^Ak^[+^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 79 ^@5^@^BX0k*|e^OK^S^QyЇkC@^R6mo!^QOfQ.^@^@^@^@ +w 1 ^@^@^B^Agad.test^BX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^CbidX@Z;^@^@*?^O[u!^Z0=bUG^TqFp^O]^HחI7%Lb.Fm4m^Mc^@^Adtypejpublic-key^Ebup^FX 2^N^Czf^R^@^PZ^L^A:K^IUhT^A><I^@^B^G^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 251 ^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 ^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 ^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 290 ^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 ^@^A^A^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 52 ^@^@^AbidX@Z;*?^O[u!^Z0=bUG^TqFp^O]^HחI7%^@Lb.Fm4m^Mcdtypejpublic-key^BX%fCȣ܀ɽ5~^G^A-YD^AA,K!^E^@^@^@^X^CXF0D^B ^N^A^Zb;u.^S^_v}v{^K'Y{^B 4^H^BɩXû^DAe3A'bU_^M`[Ay^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ \ No newline at end of file diff --git a/src/tests/system/data/test_passkey/test_passkey__user_fetch_from_cache/umockdev.script.ipa b/src/tests/system/data/test_passkey/test_passkey__user_fetch_from_cache/umockdev.script.ipa new file mode 100644 index 00000000000..1bc651a4465 --- /dev/null +++ b/src/tests/system/data/test_passkey/test_passkey__user_fetch_from_cache/umockdev.script.ipa @@ -0,0 +1,22 @@ +d 0 /dev/hidraw1 + +w 3 ^@^@^H^A^A^A^A^A^A^A^A^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 3 ^@^Q^A^A^A^A^A^A^A^Ap^B^E^D^C^E^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 1 ^@p^@^A^D^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 3 p^@^@^AfU2F_V2hFIDO_2_0lFIDO_2_1_PRE^BkcredProtectkhmac-secrp^@et^CP/W^SG^VZ *^DbrkbupdplaticlientPinucredentialMp^AgmtPreview^E^Y^D^F^B^A^G^H^H^X^Icnfccusb^Jcalg&dtypejpublic-keyp^Bcalg'dtypejpublic-key^M^D^N^Z^@^E^D^C^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 1 ^@p^@^B^Ahipa.test^BX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^CbidX@5F^@p^@LEEo"=F^@^] l\^KP"~֦E^Gc^\;3ۏ$^]^Aj~j^J^@p^AL&dtypejpublic-key^Ebup^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 83 p^@^@^AbidX@5FLEEo"=F^@^] l\^KP"~֦E^Gc^\;3p^@ۏ$^]^Aj~j^JL&dtypejpublic-key^BX%^@|Dږ^Qx??d^Q/N4/op^AC}.[^@^@^@^@^X^CXG0E^B!^@m$^MJ*;\^V=tjx9cа,^B kYp^B^_^GnrT": *^L^Rwr]!Zxf^C^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 5 ^@p^@^F^F^A^B^B^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 3 p^@Q^@^A^A^B^C8^X ^A!X ^_9;^CEBQ&(W3h^]F^A%"X ^^s5p^@o6^@izdF m+35^P^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 5 ^@p^@x^F^A^B^B^E^C^A^B^C8^X ^A!X 3B1ˠ^S^\^Ev,^P<Rij,Q\b"X [^M^J^@p^@G85Q\^\^U^EQ!^FX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A2asչ^T"tw^@p^Aq^K^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 79 p^@5^@^BX0޺^Y<l^Qűk^B^A^`^Z^G^^^Fcޞ^Si^J^Erߨ]^@^@^@^@ +w 1 ^@p^@^B^Ahipa.test^BX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^CbidX@5F^@p^@LEEo"=F^@^] l\^KP"~֦E^Gc^\;3ۏ$^]^Aj~j^J^@p^AL&dtypejpublic-key^Ebup^FX ȎRJs>7DB1f_о*^@p^BL^G^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 285 p^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 290 p^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 p^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 p^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 p^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 290 p^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 p^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 p^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 174 p^@^@^AbidX@5FLEEo"=F^@^] l\^KP"~֦E^Gc^\;3p^@ۏ$^]^Aj~j^JL&dtypejpublic-key^BX%^@|Dږ^Qx??d^Q/N4/op^AC}.[^E^@^@^@^\^CXG0E^B Eo]Wk%^H$-^W^BR^`x^P׀^B!^@ёqp^Bu9\^ZKR&>/͎[`t,^^eg^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ \ No newline at end of file diff --git a/src/tests/system/data/test_passkey/test_passkey__user_fetch_from_cache/umockdev.script.ldap b/src/tests/system/data/test_passkey/test_passkey__user_fetch_from_cache/umockdev.script.ldap new file mode 100644 index 00000000000..db026662951 --- /dev/null +++ b/src/tests/system/data/test_passkey/test_passkey__user_fetch_from_cache/umockdev.script.ldap @@ -0,0 +1,21 @@ +d 0 /dev/hidraw1 + +w 4 ^@^@^H^A^A^A^A^A^A^A^A^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 2 ^@^Q^A^A^A^A^A^A^A^A^S=^B^E^D^C^E^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 2 ^@^S=^@^A^D^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 2 ^S=^@^@^AfU2F_V2hFIDO_2_0lFIDO_2_1_PRE^BkcredProtectkhmac-secr^S=^@et^CP/W^SG^VZ *^DbrkbupdplaticlientPinucredentialM^S=^AgmtPreview^E^Y^D^F^B^A^G^H^H^X^Icnfccusb^Jcalg&dtypejpublic-key^S=^Bcalg'dtypejpublic-key^M^D^N^Z^@^E^D^C^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 2 ^@^S=^@^B^Adtest^BX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^CbidX@^A^TMgm^@^S=^@^L-^CS^MW4y_ j\W-VcXG^L^B^W^Oޚt4R5vv7M^Fd^@^S=^Atypejpublic-key^Ebup^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 82 ^S=^@^@^AbidX@^A^TMgm^L-^CS^MW4y_ j\W-VcXG^L^B^W^Oޚt^S=^@4R5vv7M^Fdtypejpublic-key^BX%ЁL}e/Z^UO^[+^K,^S=^A]l^U^J^H^@^@^@^@^C^CXH0F^B!^@9}K:N^M^PraX^D^CxM^B!^@z^A^S=^B􊲳^P+q^@^P|^XM$Fw^]6P3^[wq^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 6 ^@^S=^@^F^F^A^B^B^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 2 ^S=^@Q^@^A^A^B^C8^X ^A!X H^GTd^Aڒ8X^T<IEiwֹI^Y^I^IFsܺ"X <^AHS^S=^@6^N9^JU@^\k)W^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 6 ^@^S=^@x^F^A^B^B^E^C^A^B^C8^X ^A!X 3B1ˠ^S^\^Ev,^P<Rij,Q\b"X [^M^J^@^S=^@G85Q\^\^U^EQ!^FX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^AoYqgNu'^T^@^S=^A^U^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 78 ^S=^@5^@^BX0RC^_K*"+f^`z;XO@"MM3\L$Ή^K+M^@^@^@^@ +w 2 ^@^S=^@^B^Adtest^BX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^CbidX@^A^TMgm^@^S=^@^L-^CS^MW4y_ j\W-VcXG^L^B^W^Oޚt4R5vv7M^Fd^@^S=^Atypejpublic-key^Ebup^FX ('^H(rZf2>֞{^_uLd^S^G^B^@ +r 240 ^S=^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 ^S=^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 290 ^S=^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 ^S=^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 ^S=^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 288 ^S=^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 290 ^S=^@^A^A^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 28 ^S=^@^@^AbidX@^A^TMgm^L-^CS^MW4y_ j\W-VcXG^L^B^W^Oޚt^S=^@4R5vv7M^Fdtypejpublic-key^BX%ЁL}e/Z^UO^[+^K,^S=^A]l^U^J^H^E^@^@^@^G^CXF0D^B j8^M\:H^O@%qt(^\/Ǻ~$$!>;^B u^S=^B{9AbF6^Xs5^K*ywv^L^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ \ No newline at end of file diff --git a/src/tests/system/data/test_passkey/test_passkey__user_fetch_from_cache/umockdev.script.samba b/src/tests/system/data/test_passkey/test_passkey__user_fetch_from_cache/umockdev.script.samba new file mode 100644 index 00000000000..4c0b6e23e92 --- /dev/null +++ b/src/tests/system/data/test_passkey/test_passkey__user_fetch_from_cache/umockdev.script.samba @@ -0,0 +1,19 @@ +d 0 /dev/hidraw1 + +w 1 ^@^@^H^A^A^A^A^A^A^A^A^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 2 ^@^Q^A^A^A^A^A^A^A^An5^B^E^D^C^E^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 2 ^@n5Ő^@^A^D^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 2 n5Ő^@^@^AfU2F_V2hFIDO_2_0lFIDO_2_1_PRE^BkcredProtectkhmac-secrn5^@et^CP/W^SG^VZ *^DbrkbupdplaticlientPinucredentialMn5^AgmtPreview^E^Y^D^F^B^A^G^H^H^X^Icnfccusb^Jcalg&dtypejpublic-keyn5^Bcalg'dtypejpublic-key^M^D^N^Z^@^E^D^C^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 2 ^@n5Ő^@^B^Ajsamba.test^BX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^CbidX@^@n5^@ŀn&X9T$HΚ'm^S^Ys^F$m7^Iks۬JL^@n5^A^Xqdtypejpublic-key^Ebup^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 82 n5Ő^@^@^AbidX@ŀn&X9T$HΚ'm^S^Ys^F$m7^Iksn5^@۬JL^Xqdtypejpublic-key^BX% ^S@^_n1n;Qm\<ִ>n5^A`^_W^@^@^@^@C^CXG0E^B ^]^TM^]^W4yZ٢@ޝ^@^B!^@(^HSn5^B^EV^]+^X3YW3C7HD^D$^\^D^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 4 ^@n5Ő^@^F^F^A^B^B^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 2 n5Ő^@Q^@^A^A^B^C8^X ^A!X $xܰXy,ҟ^E@~$h@^P"X }^V%^Ovpn5^@iu\E^M'^@@Υj.0bZ^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +w 4 ^@n5Ő^@x^F^A^B^B^E^C^A^B^C8^X ^A!X 3B1ˠ^S^\^Ev,^P<Rij,Q\b"X [^M^J^@n5^@G85Q\^\^U^EQ!^FX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^NV-Q^P^K^@n5^Ap^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 79 n5Ő^@5^@^BX0^L[{cHUK^@M^Rƫ^[gY[`b,u^F;1jBۀ^OŶ_^@^@^@^@ +w 3 ^@n5Ő^@^B^Ajsamba.test^BX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^CbidX@^@n5^@ŀn&X9T$HΚ'm^S^Ys^F$m7^Iks۬JL +w 10 ^@n5^A^Xqdtypejpublic-key^Ebup^FX ^R~GؿB_],pSvA3*^Ut^@n5^B4^G^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 246 n5Ż^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 289 n5Ż^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 287 n5Ż^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 289 n5Ż^@^A^A^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ +r 75 n5Ő^@^@^AbidX@ŀn&X9T$HΚ'm^S^Ys^F$m7^Iksn5^@۬JL^Xqdtypejpublic-key^BX% ^S@^_n1n;Qm\<ִ>n5^A`^_W^E^@^@^@F^CXH0F^B!^@/2^_1,,0^ABd^FKZ@m^B!^@^S&n5^BO|FoзN$<ˣ!W\^V^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ \ No newline at end of file diff --git a/src/tests/system/tests/test_passkey.py b/src/tests/system/tests/test_passkey.py index f1a891e4d55..3ce26a68a38 100644 --- a/src/tests/system/tests/test_passkey.py +++ b/src/tests/system/tests/test_passkey.py @@ -241,3 +241,173 @@ def test_passkey__su_srv_not_resolvable( ioctl=f"{moduledatadir}/umockdev.ioctl", script=f"{testdatadir}/umockdev.script.{suffix}", ) + + +@pytest.mark.importance("high") +@pytest.mark.topology(KnownTopologyGroup.AnyProvider) +@pytest.mark.builtwith(client="passkey", provider="passkey") +def test_passkey__offline_su(client: Client, provider: GenericProvider, moduledatadir: str, testdatadir: str): + """ + :title: Check offline su authentication of a user with LDAP, IPA, AD and Samba + :setup: + 1. Add a LDAP, IPA, AD and Samba user with passkey_mapping. + 2. Setup SSSD client with FIDO and umockdev, start SSSD service. + :steps: + 1. Check su authentication of the user. + 2. Make server offline (by blocking traffic to the provider). + 3. Bring SSSD offline explicitly. + 4. Check su offline authentication of the user. + :expectedresults: + 1. User su authenticated successfully. + 2. Firewall rule added, traffic is dropped. + 3. SSSD is offline. + 4. Offline su authentication is successful. + :customerscenario: False + """ + suffix = type(provider).__name__.lower() + + with open(f"{testdatadir}/passkey-mapping.{suffix}") as f: + provider.user("user1").add().passkey_add(f.read().strip()) + + if suffix == "ldap": + client.sssd.domain["local_auth_policy"] = "only" + + client.sssd.start() + + # First time check authentication to cache the user + assert client.auth.su.passkey( + username="user1", + pin=123456, + device=f"{moduledatadir}/umockdev.device", + ioctl=f"{moduledatadir}/umockdev.ioctl", + script=f"{testdatadir}/umockdev.script.{suffix}", + ) + + # Render the provider offline + client.firewall.outbound.reject_host(provider) + + # There might be active connections that are not terminated by creating firewall rule. + # We need to terminated it by bringing SSSD to offline state explicitly. + client.sssd.bring_offline() + + assert client.auth.su.passkey( + username="user1", + pin=123456, + device=f"{moduledatadir}/umockdev.device", + ioctl=f"{moduledatadir}/umockdev.ioctl", + script=f"{testdatadir}/umockdev.script.{suffix}", + ) + + +@pytest.mark.importance("high") +@pytest.mark.topology(KnownTopologyGroup.AnyProvider) +@pytest.mark.builtwith(client="passkey", provider="passkey") +def test_passkey__user_fetch_from_cache( + client: Client, provider: GenericProvider, moduledatadir: str, testdatadir: str +): + """ + :title: Fetch a user from cache for LDAP, IPA, AD and Samba server + :setup: + 1. Add a user in LDAP, IPA, AD and Samba with passkey_mapping. + 2. Setup SSSD client with FIDO and umockdev, start SSSD service. + :steps: + 1. Check a user lookup. + 2. Check a user from cache using ldbsearch command. + :expectedresults: + 1. A user looked up successfully. + 2. Successfully get the user from ldbsearch command. + :customerscenario: False + """ + + suffix = type(provider).__name__.lower() + + with open(f"{testdatadir}/passkey-mapping.{suffix}") as f: + provider.user("user1").add().passkey_add(f.read().strip()) + + client.sssd.start() + + result = client.tools.id("user1") + output = client.ldb.search( + path="/var/lib/sss/db/cache_test.ldb", basedn="name=user1@test,cn=users,cn=test,cn=sysdb", filter="userPasskey" + ) + assert result is not None + assert output["name=user1@test,cn=users,cn=test,cn=sysdb"] is not None + assert "name=user1@test,cn=users,cn=test,cn=sysdb" in output.keys(), "user not find in cache" + assert "userPasskey" in (list(output.values())[0].keys()), "passkey mapping is not found in cache" + + +@pytest.mark.importance("high") +@pytest.mark.topology(KnownTopologyGroup.AnyProvider) +@pytest.mark.builtwith(client="passkey", provider="passkey") +def test_passkey__su_multi_keys_for_same_user( + client: Client, provider: GenericProvider, moduledatadir: str, testdatadir: str +): + """ + :title: Check su authentication of user when multiple keys added for same user with + LDAP, IPA, AD and Samba server. + :setup: + 1. Add a user with multiple mappings of passkey in LDAP, IPA, AD and Samba with passkey_mapping. + 2. Setup SSSD client with FIDO and umockdev, start SSSD service. + :steps: + 1. Check su authentication of the user. + :expectedresults: + 1. User su authenticates successfully. + :customerscenario: False + """ + suffix = type(provider).__name__.lower() + user_add = provider.user("user1").add() + + if suffix == "ldap": + client.sssd.domain["local_auth_policy"] = "only" + + for n in range(1, 5): + with open(f"{testdatadir}/passkey-mapping.{suffix}{n}") as f: + user_add.passkey_add(f.read().strip()) + + client.sssd.start() + + assert client.auth.su.passkey( + username="user1", + pin=123456, + device=f"{moduledatadir}/umockdev.device", + ioctl=f"{moduledatadir}/umockdev.ioctl", + script=f"{testdatadir}/umockdev.script.{suffix}", + ) + + +@pytest.mark.importance("high") +@pytest.mark.topology(KnownTopologyGroup.AnyProvider) +@pytest.mark.builtwith(client="passkey", provider="passkey") +def test_passkey__su_same_key_for_multi_user( + client: Client, provider: GenericProvider, moduledatadir: str, testdatadir: str +): + """ + :title: Check su authentication of user when same key added for multiple user with LDAP, IPA, AD and Samba server. + :setup: + 1. Add three users with same passkey mapping in LDAP, IPA, AD and Samba with passkey_mapping. + 2. Setup SSSD client with FIDO and umockdev, start SSSD service. + :steps: + 1. Check su authentication of the user1, user2 and user3. + :expectedresults: + 1. User1, user2 and user3 su authenticates successfully with same mapping. + :customerscenario: False + """ + suffix = type(provider).__name__.lower() + + if suffix == "ldap": + client.sssd.domain["local_auth_policy"] = "only" + + client.sssd.start() + + for user in ["user1", "user2", "user3"]: + user_add = provider.user(user).add() + with open(f"{testdatadir}/passkey-mapping.{suffix}") as f: + user_add.passkey_add(f.read().strip()) + + assert client.auth.su.passkey( + username=user, + pin=123456, + device=f"{moduledatadir}/umockdev.device", + ioctl=f"{moduledatadir}/umockdev.ioctl", + script=f"{testdatadir}/umockdev.script.{suffix}.{user}", + ) From a33931562af5dcbf908d05d1b864b5bf2e547184 Mon Sep 17 00:00:00 2001 From: Tomas Halman <thalman@redhat.com> Date: Tue, 14 Nov 2023 11:07:04 +0100 Subject: [PATCH 257/280] Handle child-domain group membership In AD, a user from a domain can be a member of a group that is from a child of the domain. The old code did not account for this and created a cache object with incorrect DNs when ldap_use_tokengoups is set to False. This patch looks up the correct domain before saving group and membership attributes. Resolves: https://github.com/SSSD/sssd/issues/7084 Reviewed-by: Dan Lavu <dlavu@redhat.com> Reviewed-by: Sumit Bose <sbose@redhat.com> (cherry picked from commit 830a2e3d6abf337448f60541da66260d381fbe32) --- Makefile.am | 9 ++- src/db/sysdb_ops.c | 13 +++- src/providers/ldap/sdap.c | 62 ++++++++++++++++--- src/providers/ldap/sdap.h | 2 + src/providers/ldap/sdap_async_groups.c | 2 + src/providers/ldap/sdap_async_initgroups.c | 23 ++++++- src/providers/ldap/sdap_async_initgroups_ad.c | 2 + 7 files changed, 98 insertions(+), 15 deletions(-) diff --git a/Makefile.am b/Makefile.am index 5b7158eeab0..66f3141d10c 100644 --- a/Makefile.am +++ b/Makefile.am @@ -2348,7 +2348,10 @@ ipa_ldap_opt_tests_LDADD = \ $(LDB_LIBS) \ $(SSSD_INTERNAL_LTLIBS) \ $(OPENLDAP_LIBS) \ - libsss_test_common.la + libsss_test_common.la \ + libsss_ldap_common.la \ + libdlopen_test_providers.la \ + $(NULL) ad_ldap_opt_tests_SOURCES = \ src/providers/ldap/ldap_opts.c \ @@ -2910,6 +2913,8 @@ nestedgroups_tests_LDADD = \ $(SSSD_INTERNAL_LTLIBS) \ libsss_idmap.la \ libsss_test_common.la \ + libsss_ldap_common.la \ + libdlopen_test_providers.la \ $(NULL) if BUILD_SYSTEMTAP nestedgroups_tests_LDADD += stap_generated_probes.lo @@ -3156,6 +3161,8 @@ sdap_tests_LDADD = \ $(SSSD_INTERNAL_LTLIBS) \ $(OPENLDAP_LIBS) \ libsss_test_common.la \ + libsss_ldap_common.la \ + libdlopen_test_providers.la \ $(NULL) if BUILD_IFP diff --git a/src/db/sysdb_ops.c b/src/db/sysdb_ops.c index 7a3c002130f..3331d46877f 100644 --- a/src/db/sysdb_ops.c +++ b/src/db/sysdb_ops.c @@ -2980,6 +2980,7 @@ sysdb_group_membership_mod(struct sss_domain_info *domain, struct ldb_dn *member_dn; char *member_domname; struct sss_domain_info *member_dom; + struct sss_domain_info *group_dom; int ret; TALLOC_CTX *tmp_ctx = talloc_new(NULL); if (!tmp_ctx) { @@ -3019,7 +3020,17 @@ sysdb_group_membership_mod(struct sss_domain_info *domain, } if (!is_dn) { - group_dn = sysdb_group_dn(tmp_ctx, domain, group); + /* To create a correct DN we have to check if the group belongs to */ + /* child domain */ + group_dom = find_domain_by_object_name(domain, group); + if (group_dom == NULL) { + DEBUG(SSSDBG_OP_FAILURE, + "The right (sub)domain for the group [%s] was not found\n", + group); + ret = EINVAL; + goto done; + } + group_dn = sysdb_group_dn(tmp_ctx, group_dom, group); } else { group_dn = ldb_dn_new(tmp_ctx, domain->sysdb->ldb, group); } diff --git a/src/providers/ldap/sdap.c b/src/providers/ldap/sdap.c index 232cb43c98e..f5637c5fbf5 100644 --- a/src/providers/ldap/sdap.c +++ b/src/providers/ldap/sdap.c @@ -1843,7 +1843,9 @@ errno_t sdap_get_primary_name(const char *attr_name, static errno_t sdap_get_primary_fqdn(TALLOC_CTX *mem_ctx, + struct sdap_idmap_ctx *idmap_ctx, const char *attr_name, + const char *sid_attr_name, struct sysdb_attrs *attrs, struct sss_domain_info *dom, const char **_primary_fqdn) @@ -1852,6 +1854,8 @@ sdap_get_primary_fqdn(TALLOC_CTX *mem_ctx, const char *shortname = NULL; const char *primary_fqdn = NULL; TALLOC_CTX *tmp_ctx; + char *sid_str = NULL; + struct sss_domain_info *subdomain = NULL; tmp_ctx = talloc_new(NULL); if (tmp_ctx == NULL) { @@ -1863,6 +1867,25 @@ sdap_get_primary_fqdn(TALLOC_CTX *mem_ctx, goto done; } + /* In AD scenarion, the object can be from subdomain - identify it by SID */ + if (sid_attr_name != NULL) { + ret = sdap_attrs_get_sid_str(tmp_ctx, + idmap_ctx, + attrs, + sid_attr_name, + &sid_str); + + if (ret == EOK) { + DEBUG(SSSDBG_TRACE_INTERNAL, "Group has objectSID [%s]\n", sid_str); + subdomain = find_domain_by_sid(dom, sid_str); + talloc_free(sid_str); + if (subdomain != NULL) { + dom = subdomain; + } + } + DEBUG(SSSDBG_TRACE_INTERNAL, "Group has name [%s]\n", dom->name); + } + primary_fqdn = sss_create_internal_fqname(tmp_ctx, shortname, dom->name); if (primary_fqdn == NULL) { ret = ENOMEM; @@ -1883,7 +1906,9 @@ errno_t sdap_get_user_primary_name(TALLOC_CTX *memctx, const char **_user_name) { return sdap_get_primary_fqdn(memctx, + opts->idmap_ctx, opts->user_map[SDAP_AT_USER_NAME].name, + opts->group_map[SDAP_AT_USER_OBJECTSID].name, attrs, dom, _user_name); } @@ -1894,7 +1919,9 @@ errno_t sdap_get_group_primary_name(TALLOC_CTX *memctx, const char **_group_name) { return sdap_get_primary_fqdn(memctx, + opts->idmap_ctx, opts->group_map[SDAP_AT_GROUP_NAME].name, + opts->group_map[SDAP_AT_GROUP_OBJECTSID].name, attrs, dom, _group_name); } @@ -1913,6 +1940,8 @@ _sdap_get_primary_name_list(struct sss_domain_info *domain, size_t attr_count, const char *ldap_attr, bool qualify_names, + const char *sid_attr, + struct sdap_idmap_ctx *idmap_ctx, char ***name_list) { errno_t ret; @@ -1928,17 +1957,28 @@ _sdap_get_primary_name_list(struct sss_domain_info *domain, j = 0; for (i = 0; i < attr_count; i++) { - ret = sdap_get_primary_name(ldap_attr, attr_list[i], &name); - if (ret != EOK) { - DEBUG(SSSDBG_CRIT_FAILURE, "Could not determine primary name\n"); - /* Skip and continue. Don't advance 'j' */ - continue; - } - if (qualify_names == false) { + ret = sdap_get_primary_name(ldap_attr, attr_list[i], &name); + if (ret != EOK) { + DEBUG(SSSDBG_CRIT_FAILURE, "Could not determine primary name\n"); + /* Skip and continue. Don't advance 'j' */ + continue; + } list[j] = talloc_strdup(list, name); } else { - list[j] = sss_create_internal_fqname(list, name, domain->name); + ret = sdap_get_primary_fqdn(mem_ctx, + idmap_ctx, + ldap_attr, + sid_attr, + attr_list[i], + domain, + &name); + if (ret != EOK) { + DEBUG(SSSDBG_CRIT_FAILURE, "Could not determine primary fqdn name\n"); + /* Skip and continue. Don't advance 'j' */ + continue; + } + list[j] = talloc_strdup(list, name); } if (!list[j]) { ret = ENOMEM; @@ -1970,7 +2010,7 @@ errno_t sdap_get_primary_name_list(struct sss_domain_info *domain, char ***name_list) { return _sdap_get_primary_name_list(domain, mem_ctx, attr_list, attr_count, - ldap_attr, false, name_list); + ldap_attr, false, NULL, NULL, name_list); } errno_t sdap_get_primary_fqdn_list(struct sss_domain_info *domain, @@ -1978,10 +2018,12 @@ errno_t sdap_get_primary_fqdn_list(struct sss_domain_info *domain, struct sysdb_attrs **attr_list, size_t attr_count, const char *ldap_attr, + const char *sid_attr, + struct sdap_idmap_ctx *idmap_ctx, char ***name_list) { return _sdap_get_primary_name_list(domain, mem_ctx, attr_list, attr_count, - ldap_attr, true, name_list); + ldap_attr, true, sid_attr, idmap_ctx, name_list); } diff --git a/src/providers/ldap/sdap.h b/src/providers/ldap/sdap.h index 678bf76701e..161bc5c269f 100644 --- a/src/providers/ldap/sdap.h +++ b/src/providers/ldap/sdap.h @@ -707,6 +707,8 @@ errno_t sdap_get_primary_fqdn_list(struct sss_domain_info *domain, struct sysdb_attrs **attr_list, size_t attr_count, const char *ldap_attr, + const char *sid_attr, + struct sdap_idmap_ctx *idmap_ctx, char ***name_list); errno_t sdap_set_config_options_with_rootdse(struct sysdb_attrs *rootdse, diff --git a/src/providers/ldap/sdap_async_groups.c b/src/providers/ldap/sdap_async_groups.c index 405260d1848..f36e5c5837a 100644 --- a/src/providers/ldap/sdap_async_groups.c +++ b/src/providers/ldap/sdap_async_groups.c @@ -2002,6 +2002,8 @@ static void sdap_get_groups_process(struct tevent_req *subreq) ret = sdap_get_primary_fqdn_list(state->dom, state, state->groups, state->count, state->opts->group_map[SDAP_AT_GROUP_NAME].name, + state->opts->group_map[SDAP_AT_GROUP_OBJECTSID].name, + state->opts->idmap_ctx, &sysdb_groupnamelist); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, diff --git a/src/providers/ldap/sdap_async_initgroups.c b/src/providers/ldap/sdap_async_initgroups.c index c4842989bd5..4c8538e8a55 100644 --- a/src/providers/ldap/sdap_async_initgroups.c +++ b/src/providers/ldap/sdap_async_initgroups.c @@ -53,6 +53,7 @@ errno_t sdap_add_incomplete_groups(struct sysdb_ctx *sysdb, char *sid_str = NULL; bool use_id_mapping; bool need_filter; + struct sss_domain_info *subdomain; /* There are no groups in LDAP but we should add user to groups?? */ if (ldap_groups_count == 0) return EOK; @@ -68,7 +69,11 @@ errno_t sdap_add_incomplete_groups(struct sysdb_ctx *sysdb, mi = 0; for (i=0; sysdb_groupnames[i]; i++) { - ret = sysdb_search_group_by_name(tmp_ctx, domain, sysdb_groupnames[i], NULL, + subdomain = find_domain_by_object_name(domain, sysdb_groupnames[i]); + if (subdomain == NULL) { + subdomain = domain; + } + ret = sysdb_search_group_by_name(tmp_ctx, subdomain, sysdb_groupnames[i], NULL, &msg); if (ret == EOK) { continue; @@ -222,7 +227,11 @@ errno_t sdap_add_incomplete_groups(struct sysdb_ctx *sysdb, DEBUG(SSSDBG_TRACE_INTERNAL, "Adding fake group %s to sysdb\n", groupname); - ret = sysdb_add_incomplete_group(domain, groupname, gid, + subdomain = find_domain_by_object_name(domain, groupname); + if (subdomain == NULL) { + subdomain = domain; + } + ret = sysdb_add_incomplete_group(subdomain, groupname, gid, original_dn, sid_str, uuid, posix, now); if (ret == ERR_GID_DUPLICATED) { @@ -233,7 +242,7 @@ errno_t sdap_add_incomplete_groups(struct sysdb_ctx *sysdb, * removed from the memory cache */ ret = sdap_handle_id_collision_for_incomplete_groups( - opts->dp, domain, groupname, gid, + opts->dp, subdomain, groupname, gid, original_dn, sid_str, uuid, posix, now); } @@ -667,6 +676,8 @@ sdap_nested_groups_store(struct sysdb_ctx *sysdb, if (count > 0) { ret = sdap_get_primary_fqdn_list(domain, tmp_ctx, groups, count, opts->group_map[SDAP_AT_GROUP_NAME].name, + opts->group_map[SDAP_AT_GROUP_OBJECTSID].name, + opts->idmap_ctx, &groupnamelist); if (ret != EOK) { DEBUG(SSSDBG_MINOR_FAILURE, @@ -1447,6 +1458,8 @@ sdap_initgr_nested_get_membership_diff(TALLOC_CTX *mem_ctx, ret = sdap_get_primary_fqdn_list(dom, tmp_ctx, ldap_parentlist, parents_count, opts->group_map[SDAP_AT_GROUP_NAME].name, + opts->group_map[SDAP_AT_GROUP_OBJECTSID].name, + opts->idmap_ctx, &ldap_parent_names_list); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, @@ -2105,6 +2118,8 @@ rfc2307bis_group_memberships_build(hash_entry_t *item, void *user_data) ret = sdap_get_primary_fqdn_list(mstate->dom, tmp_ctx, group->ldap_parents, group->parents_count, mstate->opts->group_map[SDAP_AT_GROUP_NAME].name, + mstate->opts->group_map[SDAP_AT_GROUP_OBJECTSID].name, + mstate->opts->idmap_ctx, &ldap_parents_names_list); if (ret != EOK) { goto done; @@ -2169,6 +2184,8 @@ errno_t save_rfc2307bis_user_memberships( ret = sdap_get_primary_fqdn_list(state->dom, tmp_ctx, state->direct_groups, state->num_direct_parents, state->opts->group_map[SDAP_AT_GROUP_NAME].name, + state->opts->group_map[SDAP_AT_GROUP_OBJECTSID].name, + state->opts->idmap_ctx, &ldap_grouplist); if (ret != EOK) { goto error; diff --git a/src/providers/ldap/sdap_async_initgroups_ad.c b/src/providers/ldap/sdap_async_initgroups_ad.c index efd83d2dac8..bb18f35dc3f 100644 --- a/src/providers/ldap/sdap_async_initgroups_ad.c +++ b/src/providers/ldap/sdap_async_initgroups_ad.c @@ -1333,6 +1333,8 @@ sdap_ad_get_domain_local_groups_parse_parents(TALLOC_CTX *mem_ctx, ret = sdap_get_primary_fqdn_list(dom, tmp_ctx, gr->ldap_parents, gr->parents_count, opts->group_map[SDAP_AT_GROUP_NAME].name, + opts->group_map[SDAP_AT_GROUP_OBJECTSID].name, + opts->idmap_ctx, &groupnamelist); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, "sysdb_attrs_primary_fqdn_list failed.\n"); From 98d8bedd106ae42c94fcae6339e864e7c613b0d3 Mon Sep 17 00:00:00 2001 From: Alexey Tikhonov <atikhono@redhat.com> Date: Thu, 4 Jan 2024 18:14:24 +0100 Subject: [PATCH 258/280] DEBUG: added missing new line Reviewed-by: Andre Boscatto <aboscatt@redhat.com> (cherry picked from commit 4cdb41751c95cd88b8398fe4f86e025c4c507970) --- src/providers/ipa/ipa_subdomains_ext_groups.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/providers/ipa/ipa_subdomains_ext_groups.c b/src/providers/ipa/ipa_subdomains_ext_groups.c index b352b754d99..b385c2f2728 100644 --- a/src/providers/ipa/ipa_subdomains_ext_groups.c +++ b/src/providers/ipa/ipa_subdomains_ext_groups.c @@ -985,7 +985,7 @@ search_user_or_group_by_sid_str(TALLOC_CTX *mem_ctx, break; case ENOENT: DEBUG(SSSDBG_TRACE_FUNC, - "Could not find %s in sysdb", sid_str); + "Could not find %s in sysdb\n", sid_str); break; default: DEBUG(SSSDBG_OP_FAILURE, From 936b828161810bef53525d72291cf029ad3ce317 Mon Sep 17 00:00:00 2001 From: Sumit Bose <sbose@redhat.com> Date: Fri, 3 Nov 2023 18:43:13 +0100 Subject: [PATCH 259/280] LDAP: make groups_by_user_send/recv public MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Resolves: https://github.com/SSSD/sssd/issues/5708 Reviewed-by: Justin Stephenson <jstephen@redhat.com> Reviewed-by: Tomáš Halman <thalman@redhat.com> (cherry picked from commit 9b73614c49aeb3cfc3208dba5f472354086180b5) --- src/providers/ldap/ldap_common.h | 12 ++++++++++++ src/providers/ldap/ldap_id.c | 18 +++++++++--------- 2 files changed, 21 insertions(+), 9 deletions(-) diff --git a/src/providers/ldap/ldap_common.h b/src/providers/ldap/ldap_common.h index 1b35cbd2081..6df7b3df444 100644 --- a/src/providers/ldap/ldap_common.h +++ b/src/providers/ldap/ldap_common.h @@ -298,6 +298,18 @@ struct tevent_req *groups_get_send(TALLOC_CTX *memctx, bool no_members); int groups_get_recv(struct tevent_req *req, int *dp_error_out, int *sdap_ret); +struct tevent_req *groups_by_user_send(TALLOC_CTX *memctx, + struct tevent_context *ev, + struct sdap_id_ctx *ctx, + struct sdap_domain *sdom, + struct sdap_id_conn_ctx *conn, + const char *filter_value, + int filter_type, + const char *extra_value, + bool noexist_delete); + +int groups_by_user_recv(struct tevent_req *req, int *dp_error_out, int *sdap_ret); + struct tevent_req *ldap_netgroup_get_send(TALLOC_CTX *memctx, struct tevent_context *ev, struct sdap_id_ctx *ctx, diff --git a/src/providers/ldap/ldap_id.c b/src/providers/ldap/ldap_id.c index a60aed0686f..fb81a179377 100644 --- a/src/providers/ldap/ldap_id.c +++ b/src/providers/ldap/ldap_id.c @@ -1151,15 +1151,15 @@ static int groups_by_user_retry(struct tevent_req *req); static void groups_by_user_connect_done(struct tevent_req *subreq); static void groups_by_user_done(struct tevent_req *subreq); -static struct tevent_req *groups_by_user_send(TALLOC_CTX *memctx, - struct tevent_context *ev, - struct sdap_id_ctx *ctx, - struct sdap_domain *sdom, - struct sdap_id_conn_ctx *conn, - const char *filter_value, - int filter_type, - const char *extra_value, - bool noexist_delete) +struct tevent_req *groups_by_user_send(TALLOC_CTX *memctx, + struct tevent_context *ev, + struct sdap_id_ctx *ctx, + struct sdap_domain *sdom, + struct sdap_id_conn_ctx *conn, + const char *filter_value, + int filter_type, + const char *extra_value, + bool noexist_delete) { struct tevent_req *req; struct groups_by_user_state *state; From 09dcc73ed4d8db8f30df27bfc7df68bf0a48de11 Mon Sep 17 00:00:00 2001 From: Sumit Bose <sbose@redhat.com> Date: Mon, 6 Nov 2023 18:17:28 +0100 Subject: [PATCH 260/280] ad: gpo evalute host groups MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit With this patch the group-memberships of the client running SSSD are included in the evaluation of the security filtering. Similar as in AD the host object is more or less handled as a user object which allows to skip some code dedicated to computers only. Resolves: https://github.com/SSSD/sssd/issues/5708 Reviewed-by: Justin Stephenson <jstephen@redhat.com> Reviewed-by: Tomáš Halman <thalman@redhat.com> (cherry picked from commit c02e09afe9610d872121708893db8a21fb201b12) --- src/providers/ad/ad_gpo.c | 332 +++++++++++---------------------- src/tests/cmocka/test_ad_gpo.c | 25 ++- 2 files changed, 134 insertions(+), 223 deletions(-) diff --git a/src/providers/ad/ad_gpo.c b/src/providers/ad/ad_gpo.c index b119aa37767..1c731b222b7 100644 --- a/src/providers/ad/ad_gpo.c +++ b/src/providers/ad/ad_gpo.c @@ -661,6 +661,8 @@ ad_gpo_ace_includes_client_sid(const char *user_sid, const char *host_sid, const char **group_sids, int group_size, + const char **host_group_sids, + int host_group_size, struct dom_sid ace_dom_sid, struct sss_idmap_ctx *idmap_ctx, bool *_included) @@ -718,6 +720,22 @@ ad_gpo_ace_includes_client_sid(const char *user_sid, } } + for (i = 0; i < host_group_size; i++) { + err = sss_idmap_sid_to_smb_sid(idmap_ctx, host_group_sids[i], &group_dom_sid); + if (err != IDMAP_SUCCESS) { + DEBUG(SSSDBG_CRIT_FAILURE, + "sss_idmap_sid_to_smb_sid() failed for group_sid '%s': %d\n", + group_sids[i], err); + return EFAULT; + } + included = ad_gpo_dom_sid_equal(&ace_dom_sid, group_dom_sid); + sss_idmap_free_smb_sid(idmap_ctx, group_dom_sid); + if (included) { + *_included = true; + return EOK; + } + } + *_included = false; return EOK; } @@ -770,7 +788,9 @@ static enum ace_eval_agp_status ad_gpo_evaluate_ace(struct security_ace *ace, const char *user_sid, const char *host_sid, const char **group_sids, - int group_size) + int group_size, + const char **host_group_sids, + int host_group_size) { bool included = false; int ret = 0; @@ -782,9 +802,9 @@ static enum ace_eval_agp_status ad_gpo_evaluate_ace(struct security_ace *ace, } ret = ad_gpo_ace_includes_client_sid(user_sid, host_sid, group_sids, - group_size, ace->trustee, idmap_ctx, - &included); - + group_size, host_group_sids, + host_group_size, ace->trustee, + idmap_ctx, &included); if (ret != EOK) { return AD_GPO_ACE_DENIED; } @@ -844,6 +864,8 @@ static errno_t ad_gpo_simple_evaluate_ace(struct security_ace *ace, const char *host_sid, const char **group_sids, int group_size, + const char **host_group_sids, + int host_group_size, uint32_t *_gpo_access_granted_status, uint32_t *_gpo_access_denied_status) { @@ -856,6 +878,7 @@ static errno_t ad_gpo_simple_evaluate_ace(struct security_ace *ace, } ret = ad_gpo_ace_includes_client_sid(user_sid, host_sid, group_sids, group_size, + host_group_sids, host_group_size, ace->trustee, idmap_ctx, &included); if (ret != EOK || !included) { @@ -895,6 +918,8 @@ static errno_t ad_gpo_evaluate_dacl(struct security_acl *dacl, const char *host_sid, const char **group_sids, int group_size, + const char **host_group_sids, + int host_group_size, bool *_dacl_access_allowed) { uint32_t num_aces = 0; @@ -931,6 +956,7 @@ static errno_t ad_gpo_evaluate_dacl(struct security_acl *dacl, ret = ad_gpo_simple_evaluate_ace(ace, idmap_ctx, user_sid, host_sid, group_sids, group_size, + host_group_sids, host_group_size, &access_granted_status, &access_denied_status); @@ -963,7 +989,8 @@ static errno_t ad_gpo_evaluate_dacl(struct security_acl *dacl, } ace_status = ad_gpo_evaluate_ace(ace, idmap_ctx, user_sid, host_sid, - group_sids, group_size); + group_sids, group_size, + host_group_sids, host_group_size); switch (ace_status) { case AD_GPO_ACE_NEUTRAL: @@ -1016,8 +1043,9 @@ static errno_t ad_gpo_evaluate_dacl(struct security_acl *dacl, static errno_t ad_gpo_filter_gpos_by_dacl(TALLOC_CTX *mem_ctx, const char *user, - const char *host_sid, + const char *host_fqdn, struct sss_domain_info *domain, + struct sss_domain_info *host_domain, struct sss_idmap_ctx *idmap_ctx, struct gp_gpo **candidate_gpos, int num_candidate_gpos, @@ -1033,6 +1061,9 @@ ad_gpo_filter_gpos_by_dacl(TALLOC_CTX *mem_ctx, const char *user_sid = NULL; const char **group_sids = NULL; int group_size = 0; + const char *host_sid = NULL; + const char **host_group_sids = NULL; + int host_group_size = 0; int gpo_dn_idx = 0; bool access_allowed = false; struct gp_gpo **dacl_filtered_gpos = NULL; @@ -1052,6 +1083,15 @@ ad_gpo_filter_gpos_by_dacl(TALLOC_CTX *mem_ctx, goto done; } + ret = ad_gpo_get_sids(tmp_ctx, host_fqdn, host_domain, &host_sid, + &host_group_sids, &host_group_size); + if (ret != EOK) { + ret = ERR_NO_SIDS; + DEBUG(SSSDBG_OP_FAILURE, + "Unable to retrieve host SIDs: [%d](%s)\n", ret, sss_strerror(ret)); + goto done; + } + dacl_filtered_gpos = talloc_array(tmp_ctx, struct gp_gpo *, num_candidate_gpos + 1); @@ -1096,7 +1136,8 @@ ad_gpo_filter_gpos_by_dacl(TALLOC_CTX *mem_ctx, if ((sd->type & SEC_DESC_DACL_PRESENT) && (dacl != NULL)) { ret = ad_gpo_evaluate_dacl(dacl, idmap_ctx, user_sid, host_sid, - group_sids, group_size, &access_allowed); + group_sids, group_size, host_group_sids, + host_group_size, &access_allowed); if (ret != EOK) { DEBUG(SSSDBG_MINOR_FAILURE, "Could not determine if GPO is applicable\n"); @@ -1773,6 +1814,8 @@ struct ad_gpo_access_state { int timeout; struct sss_domain_info *user_domain; struct sss_domain_info *host_domain; + const char *host_sam_account_name; + char *host_fqdn; const char *user; int gpo_timeout_option; const char *ad_hostname; @@ -1793,7 +1836,6 @@ static void ad_gpo_process_gpo_done(struct tevent_req *subreq); static errno_t ad_gpo_cse_step(struct tevent_req *req); static void ad_gpo_cse_done(struct tevent_req *subreq); -static void ad_gpo_get_host_sid_retrieval_done(struct tevent_req *subreq); struct tevent_req * ad_gpo_access_send(TALLOC_CTX *mem_ctx, @@ -1967,15 +2009,11 @@ ad_gpo_connect_done(struct tevent_req *subreq) { struct tevent_req *req; struct ad_gpo_access_state *state; - char *filter; - const char *sam_account_name; - char *domain_dn; int dp_error; errno_t ret; char *server_uri; LDAPURLDesc *lud; - - const char *attrs[] = {AD_AT_DN, AD_AT_UAC, NULL}; + struct sdap_domain *sdom; req = tevent_req_callback_data(subreq, struct tevent_req); state = tevent_req_data(req, struct ad_gpo_access_state); @@ -2041,47 +2079,40 @@ ad_gpo_connect_done(struct tevent_req *subreq) /* SDAP_SASL_AUTHID contains the name used for kinit and SASL bind which * in the AD case is the NetBIOS name. */ - sam_account_name = dp_opt_get_string(state->opts->basic, SDAP_SASL_AUTHID); - if (sam_account_name == NULL) { + state->host_sam_account_name = dp_opt_get_string(state->opts->basic, + SDAP_SASL_AUTHID); + if (state->host_sam_account_name == NULL) { ret = ENOMEM; goto done; } - DEBUG(SSSDBG_TRACE_FUNC, "sam_account_name is %s\n", sam_account_name); + DEBUG(SSSDBG_TRACE_FUNC, "sam_account_name is %s\n", + state->host_sam_account_name); - /* Convert the domain name into domain DN */ - ret = domain_to_basedn(state, state->ad_domain, &domain_dn); - if (ret != EOK) { + state->host_fqdn = sss_create_internal_fqname(state, state->host_sam_account_name, + state->host_domain->name); + if (state->host_fqdn == NULL) { DEBUG(SSSDBG_OP_FAILURE, - "Cannot convert domain name [%s] to base DN [%d]: %s\n", - state->ad_domain, ret, sss_strerror(ret)); - goto done; - } - - /* SDAP_OC_USER objectclass covers both users and computers */ - filter = talloc_asprintf(state, - "(&(objectclass=%s)(%s=%s))", - state->opts->user_map[SDAP_OC_USER].name, - AD_AT_SAMACCOUNTNAME, - sam_account_name); - if (filter == NULL) { + "Failed to create fully-qualified host name.\n"); ret = ENOMEM; goto done; } - subreq = sdap_get_generic_send(state, state->ev, state->opts, - sdap_id_op_handle(state->sdap_op), - domain_dn, LDAP_SCOPE_SUBTREE, - filter, attrs, NULL, 0, - state->timeout, - false); - - if (subreq == NULL) { - DEBUG(SSSDBG_OP_FAILURE, "sdap_get_generic_send failed.\n"); + /* AD handle computers the same as users */ + sdom = sdap_domain_get(state->access_ctx->ad_id_ctx->sdap_id_ctx->opts, + state->host_domain); + if (sdom == NULL) { ret = EIO; goto done; } + subreq = groups_by_user_send(state, state->ev, + state->access_ctx->ad_id_ctx->sdap_id_ctx, + sdom, state->conn, + state->host_fqdn, + BE_FILTER_NAME, + NULL, + true); tevent_req_set_callback(subreq, ad_gpo_target_dn_retrieval_done, req); ret = EOK; @@ -2100,22 +2131,20 @@ ad_gpo_target_dn_retrieval_done(struct tevent_req *subreq) struct ad_gpo_access_state *state; int ret; int dp_error; - size_t reply_count; - struct sysdb_attrs **reply; + int sdap_ret; const char *target_dn = NULL; uint32_t uac; - const char *attrs[] = {AD_AT_SID, NULL}; - struct ldb_message *msg; - static const char *host_attrs[] = { SYSDB_SID_STR, NULL }; + static const char *host_attrs[] = { SYSDB_ORIG_DN, SYSDB_AD_USER_ACCOUNT_CONTROL, SYSDB_SID_STR, NULL }; + struct ldb_result *res = NULL; + const char *tmp = NULL; + char *endptr; req = tevent_req_callback_data(subreq, struct tevent_req); state = tevent_req_data(req, struct ad_gpo_access_state); - ret = sdap_get_generic_recv(subreq, state, - &reply_count, &reply); + ret = groups_by_user_recv(subreq, &dp_error, &sdap_ret); talloc_zfree(subreq); if (ret != EOK) { - ret = sdap_id_op_done(state->sdap_op, ret, &dp_error); - if (ret == EAGAIN && dp_error == DP_ERR_OFFLINE) { + if (sdap_ret == EAGAIN && dp_error == DP_ERR_OFFLINE) { DEBUG(SSSDBG_TRACE_FUNC, "Preparing for offline operation.\n"); ret = process_offline_gpos(state, state->user, @@ -2144,27 +2173,25 @@ ad_gpo_target_dn_retrieval_done(struct tevent_req *subreq) goto done; } - /* make sure there is only one non-NULL reply returned */ - - if (reply_count < 1) { - DEBUG(SSSDBG_OP_FAILURE, "No DN retrieved for policy target.\n"); - ret = ENOENT; - goto done; - } else if (reply_count > 1) { - DEBUG(SSSDBG_OP_FAILURE, "Multiple replies for policy target\n"); - ret = ERR_INTERNAL; + ret = sysdb_get_user_attr(state, state->host_domain, + state->host_fqdn, + host_attrs, &res); + if (ret != EOK) { + DEBUG(SSSDBG_OP_FAILURE, "Failed to read host attributes.\n"); goto done; - } else if (reply == NULL) { - DEBUG(SSSDBG_OP_FAILURE, "reply_count is 1, but reply is NULL\n"); - ret = ERR_INTERNAL; + } + if (res->count != 1) { + DEBUG(SSSDBG_OP_FAILURE, "Unexpected number [%d] of results searching " + "for [%s], expected 1.\n", res->count, + state->host_sam_account_name); + ret = EINVAL; goto done; } - /* reply[0] holds requested attributes of single reply */ - ret = sysdb_attrs_get_string(reply[0], AD_AT_DN, &target_dn); - if (ret != EOK) { + target_dn = ldb_msg_find_attr_as_string(res->msgs[0], SYSDB_ORIG_DN, NULL); + if (target_dn == NULL) { DEBUG(SSSDBG_OP_FAILURE, - "sysdb_attrs_get_string failed: [%d](%s)\n", + "ldb_msg_find_attr_as_string failed: [%d](%s)\n", ret, sss_strerror(ret)); goto done; } @@ -2174,14 +2201,29 @@ ad_gpo_target_dn_retrieval_done(struct tevent_req *subreq) goto done; } - ret = sysdb_attrs_get_uint32_t(reply[0], AD_AT_UAC, &uac); - if (ret != EOK) { + tmp = ldb_msg_find_attr_as_string(res->msgs[0], SYSDB_AD_USER_ACCOUNT_CONTROL, + NULL); + if (tmp == NULL) { DEBUG(SSSDBG_OP_FAILURE, - "sysdb_attrs_get_uint32_t failed: [%d](%s)\n", + "ldb_msg_find_attr_as_string failed: [%d](%s)\n", ret, sss_strerror(ret)); goto done; } + uac = strtouint32(tmp, &endptr, 10); + if (errno != 0) { + ret = errno; + DEBUG(SSSDBG_OP_FAILURE, "Failed to convert UAC [%s] into uint32_t.\n", + tmp); + goto done; + } + if (*endptr != '\0') { + ret = EINVAL; + DEBUG(SSSDBG_OP_FAILURE, "UAC [%s] is not a pure numerical value.\n", + tmp); + goto done; + } + /* we only support computer policy targets, not users */ if (!(uac & UAC_WORKSTATION_TRUST_ACCOUNT || uac & UAC_SERVER_TRUST_ACCOUNT)) { @@ -2192,36 +2234,8 @@ ad_gpo_target_dn_retrieval_done(struct tevent_req *subreq) goto done; } - /* Check if computer exists in cache */ - ret = sysdb_get_computer(state, state->user_domain, state->ad_hostname, - host_attrs, &msg); - if (ret == ENOENT) { - /* The computer is not in cache so query LDAP server */ - subreq = sdap_get_generic_send(state, state->ev, state->opts, - sdap_id_op_handle(state->sdap_op), - state->target_dn, LDAP_SCOPE_BASE, - "(&)", attrs, NULL, 0, - state->timeout, - false); - - if (subreq == NULL) { - DEBUG(SSSDBG_OP_FAILURE, "sdap_get_generic_send failed.\n"); - ret = ENOMEM; - goto done; - } - - tevent_req_set_callback(subreq, ad_gpo_get_host_sid_retrieval_done, req); - return; - } else if (ret != EOK) { - ret = sdap_id_op_done(state->sdap_op, ret, &dp_error); - goto done; - } - - /* The computer exists in the cache, there is no need to query LDAP. - * Store the retrieved host sid from cache in the state to avoid querying - * the cache again in ad_gpo_get_sids. - */ - state->host_sid = ldb_msg_find_attr_as_string(msg, SYSDB_SID_STR, NULL); + state->host_sid = ldb_msg_find_attr_as_string(res->msgs[0], SYSDB_SID_STR, + NULL); talloc_steal(state, state->host_sid); subreq = ad_gpo_process_som_send(state, @@ -2251,125 +2265,6 @@ ad_gpo_target_dn_retrieval_done(struct tevent_req *subreq) } -enum ndr_err_code -ndr_pull_dom_sid(struct ndr_pull *ndr, - int ndr_flags, - struct dom_sid *r); - -static void ad_gpo_get_host_sid_retrieval_done(struct tevent_req *subreq) -{ - struct tevent_req *req; - struct ad_gpo_access_state *state; - int ret; - int dp_error; - size_t reply_count; - struct sysdb_attrs **reply; - struct ldb_message_element *el = NULL; - enum ndr_err_code ndr_err; - struct dom_sid host_sid; - char *sid_str; - - req = tevent_req_callback_data(subreq, struct tevent_req); - state = tevent_req_data(req, struct ad_gpo_access_state); - - ret = sdap_get_generic_recv(subreq, state, - &reply_count, &reply); - talloc_zfree(subreq); - - if (ret != EOK) { - ret = sdap_id_op_done(state->sdap_op, ret, &dp_error); - - DEBUG(SSSDBG_OP_FAILURE, - "sdap_get_generic_recv failed: [%d](%s)\n", - ret, sss_strerror(ret)); - ret = ENOENT; - tevent_req_error(req, ret); - return; - } - - if (reply_count == 0 || !reply) { - DEBUG(SSSDBG_OP_FAILURE, - "sdap_get_generic_recv failed to receive host sid\n"); - ret = EIO; - goto done; - } - - /* reply[0] holds the requested attribute */ - ret = sysdb_attrs_get_el(reply[0], AD_AT_SID, &el); - if (ret != EOK) { - DEBUG(SSSDBG_OP_FAILURE, - "sysdb_attrs_get_el failed: [%d](%s)\n", - ret, sss_strerror(ret)); - goto done; - } - if (el->num_values != 1) { - DEBUG(SSSDBG_OP_FAILURE, - "ad_gpo_get_host_sid_retrieval_done failed: sid not present\n"); - ret = EIO; - goto done; - } - - /* parse the dom_sid from the ldb blob */ - ndr_err = ndr_pull_struct_blob_all((DATA_BLOB*)&(el->values[0]), - subreq, &host_sid, - (ndr_pull_flags_fn_t)ndr_pull_dom_sid); - if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { - DEBUG(SSSDBG_OP_FAILURE, - "ndr_pull_struct_blob_all failed: [%d]\n", - ndr_err); - ret = EIO; - goto done; - } - - /* Convert the dom_sid to a sid string */ - ret = sss_idmap_smb_sid_to_sid(state->opts->idmap_ctx->map, - &host_sid, &sid_str); - if (ret != EOK) { - DEBUG(SSSDBG_OP_FAILURE, - "sss_idmap_smb_sid_to_sid failed: [%d](%s)\n", - ret, sss_strerror(ret)); - goto done; - } - state->host_sid = talloc_steal(state, sid_str); - - /* Put the sid string in the sysdb */ - ret = sysdb_set_computer(subreq, state->user_domain, - state->ad_hostname, state->host_sid, - state->user_domain->computer_timeout, - time(NULL)); - if (ret != EOK) { - DEBUG(SSSDBG_OP_FAILURE, - "sysdb_set_computer failed: [%d](%s)\n", - ret, sss_strerror(ret)); - goto done; - } - - subreq = ad_gpo_process_som_send(state, - state->ev, - state->conn, - state->ldb_ctx, - state->sdap_op, - state->opts, - state->access_ctx->ad_options, - state->timeout, - state->target_dn, - state->ad_domain); - if (subreq == NULL) { - ret = ENOMEM; - goto done; - } - - tevent_req_set_callback(subreq, ad_gpo_process_som_done, req); - - ret = EOK; - - done: - - if (ret != EOK) { - tevent_req_error(req, ret); - } -} - static void ad_gpo_process_som_done(struct tevent_req *subreq) { @@ -2487,8 +2382,9 @@ ad_gpo_process_gpo_done(struct tevent_req *subreq) goto done; } - ret = ad_gpo_filter_gpos_by_dacl(state, state->user, state->host_sid, + ret = ad_gpo_filter_gpos_by_dacl(state, state->user, state->host_fqdn, state->user_domain, + state->host_domain, state->opts->idmap_ctx->map, candidate_gpos, num_candidate_gpos, &state->dacl_filtered_gpos, diff --git a/src/tests/cmocka/test_ad_gpo.c b/src/tests/cmocka/test_ad_gpo.c index 8660b051071..d49f6c54c2d 100644 --- a/src/tests/cmocka/test_ad_gpo.c +++ b/src/tests/cmocka/test_ad_gpo.c @@ -270,6 +270,8 @@ static void test_ad_gpo_ace_includes_client_sid(const char *user_sid, const char *host_sid, const char **group_sids, int group_size, + const char **host_group_sids, + int host_group_size, struct dom_sid ace_dom_sid, bool expected) { @@ -288,8 +290,9 @@ static void test_ad_gpo_ace_includes_client_sid(const char *user_sid, assert_int_equal(err, IDMAP_SUCCESS); ret = ad_gpo_ace_includes_client_sid(user_sid, host_sid, group_sids, - group_size, ace_dom_sid, idmap_ctx, - &includes_client_sid); + group_size, host_group_sids, + host_group_size, ace_dom_sid, + idmap_ctx, &includes_client_sid); talloc_free(idmap_ctx); assert_int_equal(ret, EOK); @@ -312,8 +315,12 @@ void test_ad_gpo_ace_includes_client_sid_true(void **state) const char *group_sids[] = {"S-1-5-21-2-3-4", "S-1-5-21-2-3-5"}; + int host_group_size = 0; + const char *host_group_sids[] = { NULL }; + test_ad_gpo_ace_includes_client_sid(user_sid, host_sid, group_sids, - group_size, ace_dom_sid, true); + group_size, host_group_sids, + host_group_size, ace_dom_sid, true); } void test_ad_gpo_ace_includes_client_sid_false(void **state) @@ -328,8 +335,12 @@ void test_ad_gpo_ace_includes_client_sid_false(void **state) const char *group_sids[] = {"S-1-5-21-2-3-5", "S-1-5-21-2-3-6"}; + int host_group_size = 0; + const char *host_group_sids[] = { NULL }; + test_ad_gpo_ace_includes_client_sid(user_sid, host_sid, group_sids, - group_size, ace_dom_sid, false); + group_size, host_group_sids, + host_group_size, ace_dom_sid, false); } void test_ad_gpo_ace_includes_host_sid_true(void **state) @@ -343,8 +354,12 @@ void test_ad_gpo_ace_includes_host_sid_true(void **state) int group_size = 0; const char *group_sids[] = {}; + int host_group_size = 0; + const char *host_group_sids[] = { NULL }; + test_ad_gpo_ace_includes_client_sid(user_sid, host_sid, group_sids, - group_size, ace_dom_sid, true); + group_size, host_group_sids, + host_group_size, ace_dom_sid, true); } uint8_t test_sid_data[] = { From dda0f2e0b0288b5516409c3ee6548ecc5f4ff407 Mon Sep 17 00:00:00 2001 From: Sumit Bose <sbose@redhat.com> Date: Fri, 17 Nov 2023 19:09:05 +0100 Subject: [PATCH 261/280] sysdb: remove sysdb_computer.[ch] MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The related calls are not needed anymore. Resolves: https://github.com/SSSD/sssd/issues/5708 Reviewed-by: Justin Stephenson <jstephen@redhat.com> Reviewed-by: Tomáš Halman <thalman@redhat.com> (cherry picked from commit ff23e7e2879f94a907d05b615dbdb547aaa2e542) --- Makefile.am | 2 - src/db/sysdb_computer.c | 185 -------------------------------------- src/db/sysdb_computer.h | 51 ----------- src/providers/ad/ad_gpo.c | 1 - 4 files changed, 239 deletions(-) delete mode 100644 src/db/sysdb_computer.c delete mode 100644 src/db/sysdb_computer.h diff --git a/Makefile.am b/Makefile.am index 66f3141d10c..f0b072fdbc5 100644 --- a/Makefile.am +++ b/Makefile.am @@ -810,7 +810,6 @@ dist_noinst_HEADERS = \ src/db/sysdb_subid.h \ src/db/sysdb_domain_resolution_order.h \ src/db/sysdb_passkey_user_verification.h \ - src/db/sysdb_computer.h \ src/db/sysdb_iphosts.h \ src/db/sysdb_ipnetworks.h \ src/confdb/confdb.h \ @@ -1249,7 +1248,6 @@ libsss_util_la_SOURCES = \ src/db/sysdb_iphosts.c \ src/db/sysdb_ipnetworks.c \ src/util/sss_pam_data.c \ - src/db/sysdb_computer.c \ src/db/sysdb_subid.c \ src/util/util.c \ src/util/util_ext.c \ diff --git a/src/db/sysdb_computer.c b/src/db/sysdb_computer.c deleted file mode 100644 index 9fcaf5a7c3b..00000000000 --- a/src/db/sysdb_computer.c +++ /dev/null @@ -1,185 +0,0 @@ -/* - SSSD - - Authors: - Samuel Cabrero <scabrero@suse.com> - David Mulder <dmulder@suse.com> - - Copyright (C) 2019 SUSE LINUX GmbH, Nuernberg, Germany. - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see <http://www.gnu.org/licenses/>. -*/ - -#include <arpa/inet.h> - -#include "db/sysdb.h" -#include "db/sysdb_private.h" -#include "db/sysdb_computer.h" - -static errno_t -sysdb_search_computer(TALLOC_CTX *mem_ctx, - struct sss_domain_info *domain, - const char *filter, - const char **attrs, - size_t *_num_hosts, - struct ldb_message ***_hosts) -{ - errno_t ret; - TALLOC_CTX *tmp_ctx; - struct ldb_message **results; - size_t num_results; - - tmp_ctx = talloc_new(NULL); - if (!tmp_ctx) { - return ENOMEM; - } - - ret = sysdb_search_custom(tmp_ctx, domain, filter, - COMPUTERS_SUBDIR, attrs, - &num_results, &results); - if (ret != EOK && ret != ENOENT) { - DEBUG(SSSDBG_CRIT_FAILURE, - "Error looking up host [%d]: %s\n", - ret, strerror(ret)); - goto done; - } else if (ret == ENOENT) { - DEBUG(SSSDBG_TRACE_FUNC, "No such host\n"); - *_hosts = NULL; - *_num_hosts = 0; - goto done; - } - - *_hosts = talloc_steal(mem_ctx, results); - *_num_hosts = num_results; - ret = EOK; - -done: - talloc_free(tmp_ctx); - - return ret; -} - -int -sysdb_get_computer(TALLOC_CTX *mem_ctx, - struct sss_domain_info *domain, - const char *computer_name, - const char **attrs, - struct ldb_message **_computer) -{ - TALLOC_CTX *tmp_ctx; - errno_t ret; - const char *filter; - struct ldb_message **hosts; - size_t num_hosts; - - tmp_ctx = talloc_new(NULL); - if (!tmp_ctx) { - return ENOMEM; - } - - filter = talloc_asprintf(tmp_ctx, SYSDB_COMP_FILTER, computer_name); - if (!filter) { - ret = ENOMEM; - goto done; - } - - ret = sysdb_search_computer(tmp_ctx, domain, filter, attrs, - &num_hosts, &hosts); - if (ret != EOK) { - goto done; - } - - if (num_hosts != 1) { - ret = EINVAL; - DEBUG(SSSDBG_CRIT_FAILURE, - "Did not find a single host with name %s\n", computer_name); - goto done; - } - - *_computer = talloc_steal(mem_ctx, hosts[0]); - ret = EOK; - -done: - talloc_free(tmp_ctx); - - return ret; -} - -int -sysdb_set_computer(TALLOC_CTX *mem_ctx, - struct sss_domain_info *domain, - const char *computer_name, - const char *sid_str, - int cache_timeout, - time_t now) -{ - TALLOC_CTX *tmp_ctx; - int ret; - struct sysdb_attrs *attrs; - - tmp_ctx = talloc_new(NULL); - if (!tmp_ctx) { - return ENOMEM; - } - - attrs = sysdb_new_attrs(tmp_ctx); - if (!attrs) { - ret = ENOMEM; - goto done; - } - - ret = sysdb_attrs_add_string(attrs, SYSDB_SID_STR, sid_str); - if (ret) goto done; - - ret = sysdb_attrs_add_string(attrs, SYSDB_OBJECTCLASS, SYSDB_COMPUTER_CLASS); - if (ret) goto done; - - ret = sysdb_attrs_add_string(attrs, SYSDB_NAME, computer_name); - if (ret) goto done; - - /* creation time */ - ret = sysdb_attrs_add_time_t(attrs, SYSDB_CREATE_TIME, now); - if (ret) goto done; - - /* Set a cache expire time. There is a periodic task that cleans up - * expired entries from the cache even when enumeration is disabled */ - ret = sysdb_attrs_add_time_t(attrs, SYSDB_CACHE_EXPIRE, - cache_timeout ? (now + cache_timeout) : 0); - if (ret != EOK) { - DEBUG(SSSDBG_OP_FAILURE, "Could not set sysdb cache expire [%d]: %s\n", - ret, strerror(ret)); - goto done; - } - - ret = sysdb_store_custom(domain, computer_name, COMPUTERS_SUBDIR, attrs); - if (ret) goto done; - - /* FIXME As a future improvement we have to extend domain enumeration. - * When 'enumerate = true' for a domain, sssd starts a periodic task - * that brings all users and groups to the cache, cleaning up - * stale objects after each run. If enumeration is disabled, the cleanup - * task for expired entries is started instead. - * - * We have to extend the enumeration task to fetch 'computer' - * objects as well (see ad_id_enumeration_send, the entry point of the - * enumeration task for the id provider). - */ -done: - if (ret) { - DEBUG(SSSDBG_TRACE_FUNC, "Error: %d (%s)\n", ret, strerror(ret)); - } - talloc_zfree(tmp_ctx); - - return ret; -} diff --git a/src/db/sysdb_computer.h b/src/db/sysdb_computer.h deleted file mode 100644 index 4be67fdf519..00000000000 --- a/src/db/sysdb_computer.h +++ /dev/null @@ -1,51 +0,0 @@ -/* - SSSD - - Authors: - Samuel Cabrero <scabrero@suse.com> - David Mulder <dmulder@suse.com> - - Copyright (C) 2019 SUSE LINUX GmbH, Nuernberg, Germany. - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see <http://www.gnu.org/licenses/>. -*/ - -#ifndef SYSDB_COMPUTERS_H_ -#define SYSDB_COMPUTERS_H_ - -#include "db/sysdb.h" - -#define COMPUTERS_SUBDIR "computers" -#define SYSDB_COMPUTER_CLASS "computer" -#define SYSDB_COMPUTERS_CONTAINER "cn="COMPUTERS_SUBDIR -#define SYSDB_TMPL_COMPUTER_BASE SYSDB_COMPUTERS_CONTAINER","SYSDB_DOM_BASE -#define SYSDB_TMPL_COMPUTER SYSDB_NAME"=%s,"SYSDB_TMPL_COMPUTER_BASE -#define SYSDB_COMP_FILTER "(&("SYSDB_NAME"=%s)("SYSDB_OBJECTCLASS"="SYSDB_COMPUTER_CLASS"))" - -int -sysdb_get_computer(TALLOC_CTX *mem_ctx, - struct sss_domain_info *domain, - const char *computer_name, - const char **attrs, - struct ldb_message **computer); - -int -sysdb_set_computer(TALLOC_CTX *mem_ctx, - struct sss_domain_info *domain, - const char *computer_name, - const char *sid_str, - int cache_timeout, - time_t now); - -#endif /* SYSDB_COMPUTERS_H_ */ diff --git a/src/providers/ad/ad_gpo.c b/src/providers/ad/ad_gpo.c index 1c731b222b7..f78f17f7b45 100644 --- a/src/providers/ad/ad_gpo.c +++ b/src/providers/ad/ad_gpo.c @@ -53,7 +53,6 @@ #include "util/sss_chain_id.h" #include <ndr.h> #include <gen_ndr/security.h> -#include <db/sysdb_computer.h> /* == gpo-ldap constants =================================================== */ From f5ce7c1dae2725df54a36e79ac06d1b48da54f5d Mon Sep 17 00:00:00 2001 From: Sumit Bose <sbose@redhat.com> Date: Tue, 9 Jan 2024 11:14:42 +0100 Subject: [PATCH 262/280] sdap: add set_non_posix parameter MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This patch adds a new parameter set_non_posix to the user and group lookup calls. Currently the domain type is used to determine if the search should be restricted to POSIX objects or not. The new option allows to drop this restriction explicitly to look up non-POSIX objects. Resolves: https://github.com/SSSD/sssd/issues/5708 Reviewed-by: Justin Stephenson <jstephen@redhat.com> Reviewed-by: Tomáš Halman <thalman@redhat.com> (cherry picked from commit 5f63d9bfc71b271844db1ee122172630be1afed0) --- src/providers/ad/ad_gpo.c | 1 + src/providers/ipa/ipa_subdomains_ext_groups.c | 2 +- src/providers/ldap/ldap_common.h | 6 ++- src/providers/ldap/ldap_id.c | 38 +++++++++++-------- src/providers/ldap/sdap_async.h | 3 +- src/providers/ldap/sdap_async_initgroups.c | 9 +++-- src/providers/ldap/sdap_async_initgroups_ad.c | 2 +- src/providers/ldap/sdap_async_users.c | 9 +++-- src/providers/ldap/sdap_users.h | 3 +- 9 files changed, 44 insertions(+), 29 deletions(-) diff --git a/src/providers/ad/ad_gpo.c b/src/providers/ad/ad_gpo.c index f78f17f7b45..336d475d193 100644 --- a/src/providers/ad/ad_gpo.c +++ b/src/providers/ad/ad_gpo.c @@ -2111,6 +2111,7 @@ ad_gpo_connect_done(struct tevent_req *subreq) state->host_fqdn, BE_FILTER_NAME, NULL, + true, true); tevent_req_set_callback(subreq, ad_gpo_target_dn_retrieval_done, req); diff --git a/src/providers/ipa/ipa_subdomains_ext_groups.c b/src/providers/ipa/ipa_subdomains_ext_groups.c index b385c2f2728..f4f84749a2d 100644 --- a/src/providers/ipa/ipa_subdomains_ext_groups.c +++ b/src/providers/ipa/ipa_subdomains_ext_groups.c @@ -883,7 +883,7 @@ static void ipa_add_ad_memberships_get_next(struct tevent_req *req) state->sdap_id_ctx->conn, fq_name, BE_FILTER_NAME, - false, false); + false, false, false); if (subreq == NULL) { DEBUG(SSSDBG_OP_FAILURE, "groups_get_send failed.\n"); ret = ENOMEM; diff --git a/src/providers/ldap/ldap_common.h b/src/providers/ldap/ldap_common.h index 6df7b3df444..7159d635641 100644 --- a/src/providers/ldap/ldap_common.h +++ b/src/providers/ldap/ldap_common.h @@ -295,7 +295,8 @@ struct tevent_req *groups_get_send(TALLOC_CTX *memctx, const char *name, int filter_type, bool noexist_delete, - bool no_members); + bool no_members, + bool set_non_posix); int groups_get_recv(struct tevent_req *req, int *dp_error_out, int *sdap_ret); struct tevent_req *groups_by_user_send(TALLOC_CTX *memctx, @@ -306,7 +307,8 @@ struct tevent_req *groups_by_user_send(TALLOC_CTX *memctx, const char *filter_value, int filter_type, const char *extra_value, - bool noexist_delete); + bool noexist_delete, + bool set_non_posix); int groups_by_user_recv(struct tevent_req *req, int *dp_error_out, int *sdap_ret); diff --git a/src/providers/ldap/ldap_id.c b/src/providers/ldap/ldap_id.c index fb81a179377..da54816bdf9 100644 --- a/src/providers/ldap/ldap_id.c +++ b/src/providers/ldap/ldap_id.c @@ -165,7 +165,8 @@ struct tevent_req *users_get_send(TALLOC_CTX *memctx, const char *filter_value, int filter_type, const char *extra_value, - bool noexist_delete) + bool noexist_delete, + bool set_non_posix) { struct tevent_req *req; struct users_get_state *state; @@ -202,7 +203,7 @@ struct tevent_req *users_get_send(TALLOC_CTX *memctx, state->filter_value = filter_value; state->filter_type = filter_type; - if (state->domain->type == DOM_TYPE_APPLICATION) { + if (state->domain->type == DOM_TYPE_APPLICATION || set_non_posix) { state->non_posix = true; } @@ -582,7 +583,8 @@ static void users_get_done(struct tevent_req *subreq) ret = sdap_fallback_local_user(state, state->shortname, uid, &usr_attrs); if (ret == EOK) { ret = sdap_save_user(state, state->ctx->opts, state->domain, - usr_attrs[0], NULL, NULL, 0); + usr_attrs[0], NULL, NULL, 0, + state->non_posix); } } } @@ -665,7 +667,8 @@ struct tevent_req *groups_get_send(TALLOC_CTX *memctx, const char *filter_value, int filter_type, bool noexist_delete, - bool no_members) + bool no_members, + bool set_non_posix) { struct tevent_req *req; struct groups_get_state *state; @@ -703,7 +706,7 @@ struct tevent_req *groups_get_send(TALLOC_CTX *memctx, state->filter_value = filter_value; state->filter_type = filter_type; - if (state->domain->type == DOM_TYPE_APPLICATION) { + if (state->domain->type == DOM_TYPE_APPLICATION || set_non_posix) { state->non_posix = true; } @@ -991,7 +994,8 @@ static void groups_get_done(struct tevent_req *subreq) state->filter_value, state->filter_type, NULL, - state->noexist_delete); + state->noexist_delete, + false); if (subreq == NULL) { tevent_req_error(req, ENOMEM); return; @@ -1159,7 +1163,8 @@ struct tevent_req *groups_by_user_send(TALLOC_CTX *memctx, const char *filter_value, int filter_type, const char *extra_value, - bool noexist_delete) + bool noexist_delete, + bool set_non_posix) { struct tevent_req *req; struct groups_by_user_state *state; @@ -1188,7 +1193,7 @@ struct tevent_req *groups_by_user_send(TALLOC_CTX *memctx, state->domain = sdom->dom; state->sysdb = sdom->dom->sysdb; - if (state->domain->type == DOM_TYPE_APPLICATION) { + if (state->domain->type == DOM_TYPE_APPLICATION || set_non_posix) { state->non_posix = true; } @@ -1252,7 +1257,8 @@ static void groups_by_user_connect_done(struct tevent_req *subreq) state->filter_value, state->filter_type, state->extra_value, - state->attrs); + state->attrs, + state->non_posix); if (!subreq) { tevent_req_error(req, ENOMEM); return; @@ -1421,7 +1427,8 @@ sdap_handle_acct_req_send(TALLOC_CTX *mem_ctx, ar->filter_value, ar->filter_type, ar->extra_value, - noexist_delete); + noexist_delete, + false); break; case BE_REQ_GROUP: /* group */ @@ -1429,7 +1436,7 @@ sdap_handle_acct_req_send(TALLOC_CTX *mem_ctx, sdom, conn, ar->filter_value, ar->filter_type, - noexist_delete, false); + noexist_delete, false, false); break; case BE_REQ_INITGROUPS: /* init groups for user */ @@ -1446,7 +1453,7 @@ sdap_handle_acct_req_send(TALLOC_CTX *mem_ctx, ar->filter_value, ar->filter_type, ar->extra_value, - noexist_delete); + noexist_delete, false); break; case BE_REQ_SUBID_RANGES: @@ -1545,7 +1552,8 @@ sdap_handle_acct_req_send(TALLOC_CTX *mem_ctx, ar->filter_value, ar->filter_type, ar->extra_value, - noexist_delete); + noexist_delete, + false); break; default: /*fail*/ @@ -1741,7 +1749,7 @@ static struct tevent_req *get_user_and_group_send(TALLOC_CTX *memctx, subreq = groups_get_send(req, state->ev, state->id_ctx, state->sdom, state->conn, state->filter_val, state->filter_type, - state->noexist_delete, false); + state->noexist_delete, false, false); if (subreq == NULL) { DEBUG(SSSDBG_OP_FAILURE, "groups_get_send failed.\n"); ret = ENOMEM; @@ -1795,7 +1803,7 @@ static void get_user_and_group_groups_done(struct tevent_req *subreq) subreq = users_get_send(req, state->ev, state->id_ctx, state->sdom, user_conn, state->filter_val, state->filter_type, NULL, - state->noexist_delete); + state->noexist_delete, false); if (subreq == NULL) { DEBUG(SSSDBG_OP_FAILURE, "users_get_send failed.\n"); tevent_req_error(req, ENOMEM); diff --git a/src/providers/ldap/sdap_async.h b/src/providers/ldap/sdap_async.h index a7b0f691283..5458d21f10c 100644 --- a/src/providers/ldap/sdap_async.h +++ b/src/providers/ldap/sdap_async.h @@ -161,7 +161,8 @@ struct tevent_req *sdap_get_initgr_send(TALLOC_CTX *memctx, const char *name, int filter_type, const char *extra_value, - const char **grp_attrs); + const char **grp_attrs, + bool set_non_posix); int sdap_get_initgr_recv(struct tevent_req *req); struct tevent_req *sdap_exop_modify_passwd_send(TALLOC_CTX *memctx, diff --git a/src/providers/ldap/sdap_async_initgroups.c b/src/providers/ldap/sdap_async_initgroups.c index 4c8538e8a55..97be594a389 100644 --- a/src/providers/ldap/sdap_async_initgroups.c +++ b/src/providers/ldap/sdap_async_initgroups.c @@ -2735,7 +2735,8 @@ struct tevent_req *sdap_get_initgr_send(TALLOC_CTX *memctx, const char *filter_value, int filter_type, const char *extra_value, - const char **grp_attrs) + const char **grp_attrs, + bool set_non_posix) { struct tevent_req *req; struct sdap_get_initgr_state *state; @@ -2771,7 +2772,7 @@ struct tevent_req *sdap_get_initgr_send(TALLOC_CTX *memctx, goto done; } - if (state->dom->type == DOM_TYPE_APPLICATION) { + if (state->dom->type == DOM_TYPE_APPLICATION || set_non_posix) { state->non_posix = true; } @@ -3099,7 +3100,7 @@ static void sdap_get_initgr_user(struct tevent_req *subreq) DEBUG(SSSDBG_TRACE_ALL, "Storing the user\n"); ret = sdap_save_user(state, state->opts, state->dom, state->orig_user, - NULL, NULL, 0); + NULL, NULL, 0, state->non_posix); if (ret) { goto fail; } @@ -3435,7 +3436,7 @@ static void sdap_get_initgr_done(struct tevent_req *subreq) subreq = groups_get_send(req, state->ev, state->id_ctx, state->id_ctx->opts->sdom, state->conn, gid, BE_FILTER_IDNUM, false, - false); + false, false); if (!subreq) { ret = ENOMEM; goto done; diff --git a/src/providers/ldap/sdap_async_initgroups_ad.c b/src/providers/ldap/sdap_async_initgroups_ad.c index bb18f35dc3f..fb80c92429d 100644 --- a/src/providers/ldap/sdap_async_initgroups_ad.c +++ b/src/providers/ldap/sdap_async_initgroups_ad.c @@ -346,7 +346,7 @@ static errno_t sdap_ad_resolve_sids_step(struct tevent_req *req) subreq = groups_get_send(state, state->ev, state->id_ctx, sdap_domain, state->conn, state->current_sid, - BE_FILTER_SECID, false, true); + BE_FILTER_SECID, false, true, false); if (subreq == NULL) { return ENOMEM; } diff --git a/src/providers/ldap/sdap_async_users.c b/src/providers/ldap/sdap_async_users.c index 9dcb59e233a..728295d9dfa 100644 --- a/src/providers/ldap/sdap_async_users.c +++ b/src/providers/ldap/sdap_async_users.c @@ -175,7 +175,8 @@ int sdap_save_user(TALLOC_CTX *memctx, struct sysdb_attrs *attrs, struct sysdb_attrs *mapped_attrs, char **_usn_value, - time_t now) + time_t now, + bool set_non_posix) { struct ldb_message_element *el; int ret; @@ -352,7 +353,7 @@ int sdap_save_user(TALLOC_CTX *memctx, ret = sysdb_attrs_get_uint32_t(attrs, opts->user_map[SDAP_AT_USER_UID].sys_name, &uid); - if (ret == ENOENT && dom->type == DOM_TYPE_APPLICATION) { + if (ret == ENOENT && (dom->type == DOM_TYPE_APPLICATION || set_non_posix)) { DEBUG(SSSDBG_TRACE_INTERNAL, "Marking object as non-POSIX and setting ID=0!\n"); ret = sdap_set_non_posix_flag(user_attrs, @@ -450,7 +451,7 @@ int sdap_save_user(TALLOC_CTX *memctx, ret = sysdb_attrs_get_uint32_t(attrs, opts->user_map[SDAP_AT_USER_GID].sys_name, &gid); - if (ret == ENOENT && dom->type == DOM_TYPE_APPLICATION) { + if (ret == ENOENT && (dom->type == DOM_TYPE_APPLICATION || set_non_posix)) { DEBUG(SSSDBG_TRACE_INTERNAL, "Marking object as non-POSIX and setting ID=0!\n"); ret = sdap_set_non_posix_flag(attrs, @@ -696,7 +697,7 @@ int sdap_save_users(TALLOC_CTX *memctx, usn_value = NULL; ret = sdap_save_user(tmpctx, opts, dom, users[i], mapped_attrs, - &usn_value, now); + &usn_value, now, false); /* Do not fail completely on errors. * Just report the failure to save and go on */ diff --git a/src/providers/ldap/sdap_users.h b/src/providers/ldap/sdap_users.h index a6d088a6d71..74284cd0acb 100644 --- a/src/providers/ldap/sdap_users.h +++ b/src/providers/ldap/sdap_users.h @@ -36,6 +36,7 @@ int sdap_save_user(TALLOC_CTX *memctx, struct sysdb_attrs *attrs, struct sysdb_attrs *mapped_attrs, char **_usn_value, - time_t now); + time_t now, + bool set_non_posix); #endif /* _SDAP_USERS_H_ */ From 05de56d0cac65c12708d1b4a974109d2266b689c Mon Sep 17 00:00:00 2001 From: Tomas Halman <thalman@redhat.com> Date: Thu, 31 Aug 2023 10:43:36 +0200 Subject: [PATCH 263/280] GPO evaluation of primary group When we are evaluating GPO the SID of user's primary group is not returned in the list. This patch converts the value of origPrimaryGroupGidNumber attribute back to SID and that SID is added to the list of SIDs before evaluating the GPO rules. Reviewed-by: Dan Lavu <dlavu@redhat.com> Reviewed-by: Sumit Bose <sbose@redhat.com> (cherry picked from commit ecb0c6370dbab8fdcb3cdfa3495a38319c8e5266) --- src/providers/ad/ad_gpo.c | 101 ++++++++++++++++++++++++++++++++++---- 1 file changed, 91 insertions(+), 10 deletions(-) diff --git a/src/providers/ad/ad_gpo.c b/src/providers/ad/ad_gpo.c index 336d475d193..94959c36b46 100644 --- a/src/providers/ad/ad_gpo.c +++ b/src/providers/ad/ad_gpo.c @@ -563,6 +563,63 @@ ad_gpo_dom_sid_equal(const struct dom_sid *sid1, const struct dom_sid *sid2) return true; } +/* + * This function retrieves the SID of the group with given gid. + */ +static char * +ad_gpo_get_primary_group_sid(TALLOC_CTX *mem_ctx, + gid_t gid, + struct sss_domain_info *domain, + struct sss_idmap_ctx *idmap_ctx) +{ + char *idmap_sid = NULL; + const char *cache_sid; + char *result; + const char *attrs[] = { + SYSDB_SID_STR, + NULL + }; + struct ldb_message *msg; + int ret; + + if (gid == 0) { + return NULL; + } + + ret = sss_idmap_unix_to_sid(idmap_ctx, gid, &idmap_sid); + if (ret == EOK) { + result = talloc_strdup(mem_ctx, idmap_sid); + sss_idmap_free_sid(idmap_ctx, idmap_sid); + if (result == NULL) { + DEBUG(SSSDBG_OP_FAILURE, "Out of memory while getting SID of the group\n"); + } + return result; + } + + if (ret == IDMAP_EXTERNAL) { + /* no ID mapping in this domain, search for the group object and get sid there */ + ret = sysdb_search_group_by_gid(mem_ctx, domain, gid, attrs, &msg); + if (ret != EOK) { + DEBUG(SSSDBG_OP_FAILURE, "Search for group '%"SPRIgid"' failded with error '%d'\n", gid, ret); + return NULL; + } + + cache_sid = ldb_msg_find_attr_as_string(msg, SYSDB_SID_STR, NULL); + if (cache_sid == NULL) { + DEBUG(SSSDBG_OP_FAILURE, "Failed to get SID attribute of the group '%"SPRIgid"'\n", gid); + return NULL; + } + + result = talloc_strdup(mem_ctx, cache_sid); + if (result == NULL) { + DEBUG(SSSDBG_OP_FAILURE, "Out of memory while getting group SID\n"); + } + return result; + } + + DEBUG(SSSDBG_OP_FAILURE, "Failed to get SID of primary the group '%"SPRIgid"'\n", gid); + return NULL; +} /* * This function retrieves the SIDs corresponding to the input user and returns @@ -577,6 +634,7 @@ static errno_t ad_gpo_get_sids(TALLOC_CTX *mem_ctx, const char *user, struct sss_domain_info *domain, + struct sss_idmap_ctx *idmap_ctx, const char **_user_sid, const char ***_group_sids, int *_group_size) @@ -589,6 +647,8 @@ ad_gpo_get_sids(TALLOC_CTX *mem_ctx, const char *user_sid = NULL; const char *group_sid = NULL; const char **group_sids = NULL; + gid_t orig_gid = 0; + char *orig_gid_sid = NULL; tmp_ctx = talloc_new(NULL); if (tmp_ctx == NULL) { @@ -613,10 +673,21 @@ ad_gpo_get_sids(TALLOC_CTX *mem_ctx, } user_sid = ldb_msg_find_attr_as_string(res->msgs[0], SYSDB_SID_STR, NULL); + + /* if there is origPrimaryGroupGidNumber, it's SID must be added to list */ + orig_gid = ldb_msg_find_attr_as_uint64(res->msgs[0], + SYSDB_PRIMARY_GROUP_GIDNUM, + 0); + orig_gid_sid = ad_gpo_get_primary_group_sid(tmp_ctx, + orig_gid, + domain, + idmap_ctx); + DEBUG(SSSDBG_TRACE_INTERNAL, "SID of the primary group with gid '%"SPRIgid"' is '%s'\n", orig_gid, orig_gid_sid); + num_group_sids = (res->count) - 1; - /* include space for AD_AUTHENTICATED_USERS_SID and NULL */ - group_sids = talloc_array(tmp_ctx, const char *, num_group_sids + 1 + 1); + /* include space for AD_AUTHENTICATED_USERS_SID, original GID sid and NULL */ + group_sids = talloc_array(tmp_ctx, const char *, num_group_sids + 3); if (group_sids == NULL) { ret = ENOMEM; goto done; @@ -639,9 +710,12 @@ ad_gpo_get_sids(TALLOC_CTX *mem_ctx, } } group_sids[i++] = talloc_strdup(group_sids, AD_AUTHENTICATED_USERS_SID); + if (orig_gid_sid != NULL) { + group_sids[i++] = orig_gid_sid; + } group_sids[i] = NULL; - *_group_size = num_group_sids + 1; + *_group_size = i; *_group_sids = talloc_steal(mem_ctx, group_sids); *_user_sid = talloc_steal(mem_ctx, user_sid); ret = EOK; @@ -1073,7 +1147,7 @@ ad_gpo_filter_gpos_by_dacl(TALLOC_CTX *mem_ctx, goto done; } - ret = ad_gpo_get_sids(tmp_ctx, user, domain, &user_sid, + ret = ad_gpo_get_sids(tmp_ctx, user, domain, idmap_ctx, &user_sid, &group_sids, &group_size); if (ret != EOK) { ret = ERR_NO_SIDS; @@ -1082,7 +1156,7 @@ ad_gpo_filter_gpos_by_dacl(TALLOC_CTX *mem_ctx, goto done; } - ret = ad_gpo_get_sids(tmp_ctx, host_fqdn, host_domain, &host_sid, + ret = ad_gpo_get_sids(tmp_ctx, host_fqdn, host_domain, idmap_ctx, &host_sid, &host_group_sids, &host_group_size); if (ret != EOK) { ret = ERR_NO_SIDS; @@ -1582,6 +1656,7 @@ ad_gpo_access_check(TALLOC_CTX *mem_ctx, const char *user, bool gpo_implicit_deny, struct sss_domain_info *domain, + struct sss_idmap_ctx *idmap_ctx, char **allowed_sids, int allowed_size, char **denied_sids, @@ -1608,7 +1683,7 @@ ad_gpo_access_check(TALLOC_CTX *mem_ctx, DEBUG(SSSDBG_TRACE_FUNC, " denied_sids[%d] = %s\n", j, denied_sids[j]); } - ret = ad_gpo_get_sids(mem_ctx, user, domain, &user_sid, + ret = ad_gpo_get_sids(mem_ctx, user, domain, idmap_ctx, &user_sid, &group_sids, &group_size); if (ret != EOK) { ret = ERR_NO_SIDS; @@ -1746,7 +1821,8 @@ ad_gpo_perform_hbac_processing(TALLOC_CTX *mem_ctx, const char *user, bool gpo_implicit_deny, struct sss_domain_info *user_domain, - struct sss_domain_info *host_domain) + struct sss_domain_info *host_domain, + struct sss_idmap_ctx *idmap_ctx) { int ret; const char *allow_key = NULL; @@ -1783,7 +1859,7 @@ ad_gpo_perform_hbac_processing(TALLOC_CTX *mem_ctx, /* perform access check with the final resultant allow_sids and deny_sids */ ret = ad_gpo_access_check(mem_ctx, gpo_mode, gpo_map_type, user, - gpo_implicit_deny, user_domain, + gpo_implicit_deny, user_domain, idmap_ctx, allow_sids, allow_size, deny_sids, deny_size); if (ret != EOK) { @@ -1978,6 +2054,7 @@ process_offline_gpos(TALLOC_CTX *mem_ctx, enum gpo_access_control_mode gpo_mode, struct sss_domain_info *user_domain, struct sss_domain_info *host_domain, + struct sss_idmap_ctx *idmap_ctx, enum gpo_map_type gpo_map_type) { @@ -1989,7 +2066,8 @@ process_offline_gpos(TALLOC_CTX *mem_ctx, user, gpo_implicit_deny, user_domain, - host_domain); + host_domain, + idmap_ctx); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, "HBAC processing failed: [%d](%s}\n", ret, sss_strerror(ret)); @@ -2034,6 +2112,7 @@ ad_gpo_connect_done(struct tevent_req *subreq) state->gpo_mode, state->user_domain, state->host_domain, + state->opts->idmap_ctx->map, state->gpo_map_type); if (ret == EOK) { @@ -2152,6 +2231,7 @@ ad_gpo_target_dn_retrieval_done(struct tevent_req *subreq) state->gpo_mode, state->user_domain, state->host_domain, + state->opts->idmap_ctx->map, state->gpo_map_type); if (ret == EOK) { @@ -2681,7 +2761,8 @@ ad_gpo_cse_done(struct tevent_req *subreq) state->user, state->gpo_implicit_deny, state->user_domain, - state->host_domain); + state->host_domain, + state->opts->idmap_ctx->map); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, "HBAC processing failed: [%d](%s}\n", ret, sss_strerror(ret)); From cb64d47b27b6e25b2b2c0ab04ac24d4c17673b0e Mon Sep 17 00:00:00 2001 From: Dan Lavu <dlavu@redhat.com> Date: Thu, 11 Jan 2024 21:19:51 -0500 Subject: [PATCH 264/280] tests: updating poor assertion in dyndns Reviewed-by: Dan Lavu <dlavu@redhat.com> (cherry picked from commit 90eca38eca804b89bf76fec443f9a2f2ac420695) --- src/tests/multihost/ad/test_dyndns.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/tests/multihost/ad/test_dyndns.py b/src/tests/multihost/ad/test_dyndns.py index ab6e080c0f3..ae58d081152 100644 --- a/src/tests/multihost/ad/test_dyndns.py +++ b/src/tests/multihost/ad/test_dyndns.py @@ -228,7 +228,7 @@ def test_0004_check_dyndns_iface_with_existing_interfaces( assert dns.find_a(hostname, extra_ip) assert dns.find_ptr(hostname, extra_ip) - assert ip not in dns.print_zone(domain) + assert not dns.find_ptr(hostname, ip) @staticmethod @pytest.mark.c_ares From c054fc007bdcb65f77cd8ae9b44efa4ac367428f Mon Sep 17 00:00:00 2001 From: aborah <aborah@redhat.com> Date: Wed, 10 Jan 2024 15:04:44 +0530 Subject: [PATCH 265/280] Tests: Fix ipa test for gating. Error: remote username contains invalid characters Reviewed-by: Madhuri Upadhye <mupadhye@redhat.com> (cherry picked from commit 23087669ef9826fbba9e3e6b379f2b0bb86c9820) --- src/tests/multihost/ipa/test_misc.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/tests/multihost/ipa/test_misc.py b/src/tests/multihost/ipa/test_misc.py index a495e0ed170..705eac09cad 100644 --- a/src/tests/multihost/ipa/test_misc.py +++ b/src/tests/multihost/ipa/test_misc.py @@ -469,7 +469,7 @@ def check_hostname_hash(hash_value=None): multihost.client[0].run_command(r"rm -rf /var/lib/sss/pubconf" r"/known_hosts") multihost.client[0].service_sssd("start") - cmd = f"ssh -l -q foobar0@{server_host} echo 'login successful'" + cmd = f"ssh foobar0@{server_host} echo 'login successful'" multihost.client[0].run_command(cmd, stdin_text="Secret123", raiseonerr=False) known_hosts = multihost.client[0].run_command(r"cat /var/lib/sss" From 1c5a11fc26a07291519e3a3169841dbfe04aea9d Mon Sep 17 00:00:00 2001 From: Dan Lavu <dlavu@redhat.com> Date: Tue, 21 Nov 2023 15:02:17 -0500 Subject: [PATCH 266/280] tests: adding background refresh tests to the new framework MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Reviewed-by: Dan Lavu <dlavu@redhat.com> Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com> Reviewed-by: Tomáš Halman <thalman@redhat.com> (cherry picked from commit c6d216fb74108d798f9ef5b804c87b3654ab1c30) --- src/tests/system/tests/test_sss_cache.py | 70 +++++++++++++++++++++++- 1 file changed, 69 insertions(+), 1 deletion(-) diff --git a/src/tests/system/tests/test_sss_cache.py b/src/tests/system/tests/test_sss_cache.py index 88f0a93a295..f972f3dcba4 100644 --- a/src/tests/system/tests/test_sss_cache.py +++ b/src/tests/system/tests/test_sss_cache.py @@ -6,10 +6,13 @@ from __future__ import annotations +import time + import pytest from pytest_mh.ssh import SSHProcessError from sssd_test_framework.roles.client import Client -from sssd_test_framework.topology import KnownTopology +from sssd_test_framework.roles.generic import GenericProvider +from sssd_test_framework.topology import KnownTopology, KnownTopologyGroup @pytest.mark.ticket(bz=1661182) @@ -43,3 +46,68 @@ def test_sss_cache__cache_expire_message(client: Client): for cmd in ("sss_cache -U", "sss_cache -G", "sss_cache -E", "sss_cache --user=nonexisting"): res = client.host.ssh.run(cmd) assert "No domains configured, fatal error!" not in res.stdout + + +@pytest.mark.importance("critical") +@pytest.mark.cache +@pytest.mark.topology(KnownTopologyGroup.AnyProvider) +def test_sss_cache__background_refresh(client: Client, provider: GenericProvider): + """ + :title: Ensuring ldb cache data is refreshed correctly + :setup: + 1. Create provider user + 2. Create provider group + 3. Create provider netgroup + 4. Configure SSSD and set 'entry_cache_timeout' to 1 and 'refresh_expired_interval' to 2 + 5. Restart SSSD + 6. Populate the cache by performing 'getent' on the user, group and netgroup + :steps: + 1. Search for user, group and netgroup lastUpdate and dataExpireTimestamp in the ldb database + 2. Wait 5 seconds and search for all timestamp in the cache again + :expectedresults: + 1. The 'dataExpireTimestamp' value equals the 'lastUpdate + entry_cache_timeout' value + 2. User, group and netgroup 'lastUpdate' timestamp value has been refreshed + :customerscenario: False + """ + user = provider.user("test_user").add() + provider.group("test_group").add().add_member(user) + provider.netgroup("test_netgroup").add().add_member(user=user) + + domain = client.sssd.default_domain + entry_cache_timeout = 1 + refresh_expired_interval = 2 + + client.sssd.domain["entry_cache_timeout"] = str(entry_cache_timeout) + client.sssd.domain["refresh_expired_interval"] = str(refresh_expired_interval) + + client.sssd.restart() + client.tools.getent.passwd(f"test_user@{domain}") + client.tools.getent.group(f"test_group@{domain}") + client.tools.getent.netgroup(f"test_netgroup@{domain}") + + ldb_cache = f"/var/lib/sss/db/cache_{domain}.ldb" + ldb_suffix = f"cn={domain},cn=sysdb" + + last_update: list[int] = [] + expire_time: list[int] = [] + + for i in [f"test_user@{domain}", f"test_group@{domain}", "test_netgroup"]: + result = client.ldb.search(ldb_cache, ldb_suffix, filter=f"name={i}") + for k, v in result.items(): + for y in v.items(): + if y[0] == "lastUpdate": + last_update = last_update + [(int(y[1][0]))] + if y[0] == "dataExpireTimestamp": + expire_time = expire_time + [(int(y[1][0]))] + + for m, n in enumerate(last_update): + assert last_update[m] + entry_cache_timeout == expire_time[m] + + time.sleep(5) + + for s, t in enumerate([f"test_user@{domain}", f"test_group@{domain}", "test_netgroup"]): + result = client.ldb.search(ldb_cache, ldb_suffix, filter=f"name={t}") + for k, v in result.items(): + for y in v.items(): + if y[0] == "lastUpdate": + assert last_update[s] <= (int(y[1][0])) From eecd41831034c9b0289fd645f122dc0cd187bff7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com> Date: Fri, 12 Jan 2024 13:05:07 +0100 Subject: [PATCH 267/280] pot: update pot files --- po/bg.po | 18 +-- po/ca.po | 18 +-- po/cs.po | 18 +-- po/de.po | 18 +-- po/es.po | 18 +-- po/eu.po | 18 +-- po/fi.po | 18 +-- po/fr.po | 18 +-- po/hu.po | 18 +-- po/id.po | 18 +-- po/it.po | 18 +-- po/ja.po | 18 +-- po/ka.po | 18 +-- po/ko.po | 18 +-- po/nb.po | 18 +-- po/nl.po | 18 +-- po/pl.po | 18 +-- po/pt.po | 18 +-- po/pt_BR.po | 18 +-- po/ru.po | 18 +-- po/sssd.pot | 18 +-- po/sv.po | 18 +-- po/tg.po | 18 +-- po/tr.po | 18 +-- po/uk.po | 18 +-- po/zh_CN.po | 18 +-- po/zh_TW.po | 18 +-- src/man/po/br.po | 233 ++++++++++++++++++------------------ src/man/po/ca.po | 252 ++++++++++++++++++++------------------- src/man/po/cs.po | 233 ++++++++++++++++++------------------ src/man/po/de.po | 248 ++++++++++++++++++++------------------ src/man/po/es.po | 248 ++++++++++++++++++++------------------ src/man/po/eu.po | 233 ++++++++++++++++++------------------ src/man/po/fi.po | 233 ++++++++++++++++++------------------ src/man/po/fr.po | 248 ++++++++++++++++++++------------------ src/man/po/ja.po | 248 ++++++++++++++++++++------------------ src/man/po/lv.po | 233 ++++++++++++++++++------------------ src/man/po/nl.po | 233 ++++++++++++++++++------------------ src/man/po/pt.po | 233 ++++++++++++++++++------------------ src/man/po/pt_BR.po | 233 ++++++++++++++++++------------------ src/man/po/ru.po | 248 ++++++++++++++++++++------------------ src/man/po/sssd-docs.pot | 232 +++++++++++++++++------------------ src/man/po/sv.po | 248 ++++++++++++++++++++------------------ src/man/po/tg.po | 233 ++++++++++++++++++------------------ src/man/po/uk.po | 248 ++++++++++++++++++++------------------ src/man/po/zh_CN.po | 233 ++++++++++++++++++------------------ 46 files changed, 2565 insertions(+), 2471 deletions(-) diff --git a/po/bg.po b/po/bg.po index 0c450ad69e1..69aed022aa6 100644 --- a/po/bg.po +++ b/po/bg.po @@ -8,7 +8,7 @@ msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" -"POT-Creation-Date: 2023-11-13 11:54+0100\n" +"POT-Creation-Date: 2024-01-12 13:01+0100\n" "PO-Revision-Date: 2014-12-14 11:44-0500\n" "Last-Translator: Copied by Zanata <copied-by-zanata@zanata.org>\n" "Language-Team: Bulgarian (http://www.transifex.com/projects/p/sssd/language/" @@ -1960,35 +1960,35 @@ msgstr "" msgid "Domain of the information provider (mandatory)" msgstr "" -#: src/sss_client/common.c:1169 +#: src/sss_client/common.c:1179 msgid "Privileged socket has wrong ownership or permissions." msgstr "" -#: src/sss_client/common.c:1172 +#: src/sss_client/common.c:1182 msgid "Public socket has wrong ownership or permissions." msgstr "" -#: src/sss_client/common.c:1175 +#: src/sss_client/common.c:1185 msgid "Unexpected format of the server credential message." msgstr "" -#: src/sss_client/common.c:1178 +#: src/sss_client/common.c:1188 msgid "SSSD is not run by root." msgstr "SSSD не е стартиран като root." -#: src/sss_client/common.c:1181 +#: src/sss_client/common.c:1191 msgid "SSSD socket does not exist." msgstr "" -#: src/sss_client/common.c:1184 +#: src/sss_client/common.c:1194 msgid "Cannot get stat of SSSD socket." msgstr "" -#: src/sss_client/common.c:1189 +#: src/sss_client/common.c:1199 msgid "An error occurred, but no description can be found." msgstr "Възникнала е грешка, но не може да се намери описание." -#: src/sss_client/common.c:1195 +#: src/sss_client/common.c:1205 msgid "Unexpected error while looking for an error description" msgstr "Неочаквана грешка при търсене на описание на грешка" diff --git a/po/ca.po b/po/ca.po index b10e618a4ee..6186f1a6b26 100644 --- a/po/ca.po +++ b/po/ca.po @@ -14,7 +14,7 @@ msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" -"POT-Creation-Date: 2023-11-13 11:54+0100\n" +"POT-Creation-Date: 2024-01-12 13:01+0100\n" "PO-Revision-Date: 2017-10-15 03:02-0400\n" "Last-Translator: Robert Antoni Buj Gelonch <rbuj@fedoraproject.org>\n" "Language-Team: Catalan (http://www.transifex.com/projects/p/sssd/language/" @@ -2080,35 +2080,35 @@ msgstr "" msgid "Domain of the information provider (mandatory)" msgstr "Domini del proveïdor d'informació (obligatori)" -#: src/sss_client/common.c:1169 +#: src/sss_client/common.c:1179 msgid "Privileged socket has wrong ownership or permissions." msgstr "El sòcol amb privilegis té malament els permisos o el propietari." -#: src/sss_client/common.c:1172 +#: src/sss_client/common.c:1182 msgid "Public socket has wrong ownership or permissions." msgstr "El sòcol públic té malament els permisos o el propietari." -#: src/sss_client/common.c:1175 +#: src/sss_client/common.c:1185 msgid "Unexpected format of the server credential message." msgstr "Format inesperat del missatge de les credencials del servidor." -#: src/sss_client/common.c:1178 +#: src/sss_client/common.c:1188 msgid "SSSD is not run by root." msgstr "L'SSSD no s'està executant com a root." -#: src/sss_client/common.c:1181 +#: src/sss_client/common.c:1191 msgid "SSSD socket does not exist." msgstr "" -#: src/sss_client/common.c:1184 +#: src/sss_client/common.c:1194 msgid "Cannot get stat of SSSD socket." msgstr "" -#: src/sss_client/common.c:1189 +#: src/sss_client/common.c:1199 msgid "An error occurred, but no description can be found." msgstr "S'ha produït un error però no s'ha pogut trobar cap descripció." -#: src/sss_client/common.c:1195 +#: src/sss_client/common.c:1205 msgid "Unexpected error while looking for an error description" msgstr "Error inesperat en cercar una descripció de l'error" diff --git a/po/cs.po b/po/cs.po index d12eb5b5d08..e21bce82d5c 100644 --- a/po/cs.po +++ b/po/cs.po @@ -6,7 +6,7 @@ msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" -"POT-Creation-Date: 2023-11-13 11:54+0100\n" +"POT-Creation-Date: 2024-01-12 13:01+0100\n" "PO-Revision-Date: 2023-04-08 20:20+0000\n" "Last-Translator: Pavel Borecki <pavel.borecki@gmail.com>\n" "Language-Team: Czech <https://translate.fedoraproject.org/projects/sssd/sssd-" @@ -2112,35 +2112,35 @@ msgstr "set_debug_file_from_fd se nezdařilo.\n" msgid "Domain of the information provider (mandatory)" msgstr "Doména poskytovatele informace (povinné)" -#: src/sss_client/common.c:1169 +#: src/sss_client/common.c:1179 msgid "Privileged socket has wrong ownership or permissions." msgstr "Privilegovaný soket má nesprávné vlastnictví nebo oprávnění." -#: src/sss_client/common.c:1172 +#: src/sss_client/common.c:1182 msgid "Public socket has wrong ownership or permissions." msgstr "Veřejný soket má chybné vlastnictví nebo oprávnění." -#: src/sss_client/common.c:1175 +#: src/sss_client/common.c:1185 msgid "Unexpected format of the server credential message." msgstr "Neočekávaný formát zprávy o pověřeních serveru." -#: src/sss_client/common.c:1178 +#: src/sss_client/common.c:1188 msgid "SSSD is not run by root." msgstr "SSSD není spouštěno správcem." -#: src/sss_client/common.c:1181 +#: src/sss_client/common.c:1191 msgid "SSSD socket does not exist." msgstr "SSSD soket neexistuje." -#: src/sss_client/common.c:1184 +#: src/sss_client/common.c:1194 msgid "Cannot get stat of SSSD socket." msgstr "Nedaří se získat stav SSSD soketu." -#: src/sss_client/common.c:1189 +#: src/sss_client/common.c:1199 msgid "An error occurred, but no description can be found." msgstr "Došlo k chybě, ale nedaří se najít popis." -#: src/sss_client/common.c:1195 +#: src/sss_client/common.c:1205 msgid "Unexpected error while looking for an error description" msgstr "Neočekávaná chyba při hledání popisu chyby" diff --git a/po/de.po b/po/de.po index 94d3514bd1a..1fcd93567ce 100644 --- a/po/de.po +++ b/po/de.po @@ -13,7 +13,7 @@ msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" -"POT-Creation-Date: 2023-11-13 11:54+0100\n" +"POT-Creation-Date: 2024-01-12 13:01+0100\n" "PO-Revision-Date: 2022-07-01 09:40+0000\n" "Last-Translator: Joachim Philipp <joachim.philipp@gmail.com>\n" "Language-Team: German <https://translate.fedoraproject.org/projects/sssd/" @@ -2062,36 +2062,36 @@ msgstr "" msgid "Domain of the information provider (mandatory)" msgstr "Domain des Informationsanbieters (obligatorisch)" -#: src/sss_client/common.c:1169 +#: src/sss_client/common.c:1179 msgid "Privileged socket has wrong ownership or permissions." msgstr "Privilegierter Socket hat falsche Eigentums- oder Zugriffsrechte." -#: src/sss_client/common.c:1172 +#: src/sss_client/common.c:1182 msgid "Public socket has wrong ownership or permissions." msgstr "Öffentlicher Socket hat falsche Eigentums- oder Zugriffsrechte." -#: src/sss_client/common.c:1175 +#: src/sss_client/common.c:1185 msgid "Unexpected format of the server credential message." msgstr "Unerwartetes Format der Server-Anmeldenachricht." -#: src/sss_client/common.c:1178 +#: src/sss_client/common.c:1188 msgid "SSSD is not run by root." msgstr "SSSD wird nicht durch Root ausgeführt." -#: src/sss_client/common.c:1181 +#: src/sss_client/common.c:1191 msgid "SSSD socket does not exist." msgstr "" -#: src/sss_client/common.c:1184 +#: src/sss_client/common.c:1194 msgid "Cannot get stat of SSSD socket." msgstr "" -#: src/sss_client/common.c:1189 +#: src/sss_client/common.c:1199 msgid "An error occurred, but no description can be found." msgstr "" "Ein Fehler ist aufgetreten, aber es kann keine Beschreibung gefunden werden." -#: src/sss_client/common.c:1195 +#: src/sss_client/common.c:1205 msgid "Unexpected error while looking for an error description" msgstr "Unerwarteter Fehler beim Suchen nach einer Fehlerbeschreibung" diff --git a/po/es.po b/po/es.po index 9aea29314df..8f64697300a 100644 --- a/po/es.po +++ b/po/es.po @@ -18,7 +18,7 @@ msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" -"POT-Creation-Date: 2023-11-13 11:54+0100\n" +"POT-Creation-Date: 2024-01-12 13:01+0100\n" "PO-Revision-Date: 2022-09-11 10:19+0000\n" "Last-Translator: Emilio Herrera <ehespinosa57@gmail.com>\n" "Language-Team: Spanish <https://translate.fedoraproject.org/projects/sssd/" @@ -2176,35 +2176,35 @@ msgstr "set_debug_file_from_fd falló.\n" msgid "Domain of the information provider (mandatory)" msgstr "Dominio del proveedor de información (obligatorio)" -#: src/sss_client/common.c:1169 +#: src/sss_client/common.c:1179 msgid "Privileged socket has wrong ownership or permissions." msgstr "El zócalo privilegiado posee permisos o pertenencia equivocados." -#: src/sss_client/common.c:1172 +#: src/sss_client/common.c:1182 msgid "Public socket has wrong ownership or permissions." msgstr "El zócalo público posee permisos o pertenencia equivocados." -#: src/sss_client/common.c:1175 +#: src/sss_client/common.c:1185 msgid "Unexpected format of the server credential message." msgstr "Formato no esperado del mensaje de la credencial del servidor." -#: src/sss_client/common.c:1178 +#: src/sss_client/common.c:1188 msgid "SSSD is not run by root." msgstr "SSSD no está siendo ejecutado por el usuario root." -#: src/sss_client/common.c:1181 +#: src/sss_client/common.c:1191 msgid "SSSD socket does not exist." msgstr "El socket SSSD no existe." -#: src/sss_client/common.c:1184 +#: src/sss_client/common.c:1194 msgid "Cannot get stat of SSSD socket." msgstr "No se pueden obtener estadísticas del socket SSSD." -#: src/sss_client/common.c:1189 +#: src/sss_client/common.c:1199 msgid "An error occurred, but no description can be found." msgstr "Ha ocurrido un error, pero no se ha podido encontrar una descripción." -#: src/sss_client/common.c:1195 +#: src/sss_client/common.c:1205 msgid "Unexpected error while looking for an error description" msgstr "" "Ha ocurrido un error no esperado mientras se buscaba la descripción del error" diff --git a/po/eu.po b/po/eu.po index 5f21b085df6..dc3073b061b 100644 --- a/po/eu.po +++ b/po/eu.po @@ -8,7 +8,7 @@ msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" -"POT-Creation-Date: 2023-11-13 11:54+0100\n" +"POT-Creation-Date: 2024-01-12 13:01+0100\n" "PO-Revision-Date: 2014-12-14 11:45-0500\n" "Last-Translator: Copied by Zanata <copied-by-zanata@zanata.org>\n" "Language-Team: Basque (http://www.transifex.com/projects/p/sssd/language/" @@ -1953,35 +1953,35 @@ msgstr "" msgid "Domain of the information provider (mandatory)" msgstr "" -#: src/sss_client/common.c:1169 +#: src/sss_client/common.c:1179 msgid "Privileged socket has wrong ownership or permissions." msgstr "" -#: src/sss_client/common.c:1172 +#: src/sss_client/common.c:1182 msgid "Public socket has wrong ownership or permissions." msgstr "" -#: src/sss_client/common.c:1175 +#: src/sss_client/common.c:1185 msgid "Unexpected format of the server credential message." msgstr "" -#: src/sss_client/common.c:1178 +#: src/sss_client/common.c:1188 msgid "SSSD is not run by root." msgstr "" -#: src/sss_client/common.c:1181 +#: src/sss_client/common.c:1191 msgid "SSSD socket does not exist." msgstr "" -#: src/sss_client/common.c:1184 +#: src/sss_client/common.c:1194 msgid "Cannot get stat of SSSD socket." msgstr "" -#: src/sss_client/common.c:1189 +#: src/sss_client/common.c:1199 msgid "An error occurred, but no description can be found." msgstr "" -#: src/sss_client/common.c:1195 +#: src/sss_client/common.c:1205 msgid "Unexpected error while looking for an error description" msgstr "" diff --git a/po/fi.po b/po/fi.po index 9ed775f169d..3aaaaef3818 100644 --- a/po/fi.po +++ b/po/fi.po @@ -6,7 +6,7 @@ msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" -"POT-Creation-Date: 2023-11-13 11:54+0100\n" +"POT-Creation-Date: 2024-01-12 13:01+0100\n" "PO-Revision-Date: 2023-02-26 20:20+0000\n" "Last-Translator: Jan Kuparinen <copper_fin@hotmail.com>\n" "Language-Team: Finnish <https://translate.fedoraproject.org/projects/sssd/" @@ -1972,35 +1972,35 @@ msgstr "" msgid "Domain of the information provider (mandatory)" msgstr "" -#: src/sss_client/common.c:1169 +#: src/sss_client/common.c:1179 msgid "Privileged socket has wrong ownership or permissions." msgstr "" -#: src/sss_client/common.c:1172 +#: src/sss_client/common.c:1182 msgid "Public socket has wrong ownership or permissions." msgstr "" -#: src/sss_client/common.c:1175 +#: src/sss_client/common.c:1185 msgid "Unexpected format of the server credential message." msgstr "" -#: src/sss_client/common.c:1178 +#: src/sss_client/common.c:1188 msgid "SSSD is not run by root." msgstr "" -#: src/sss_client/common.c:1181 +#: src/sss_client/common.c:1191 msgid "SSSD socket does not exist." msgstr "" -#: src/sss_client/common.c:1184 +#: src/sss_client/common.c:1194 msgid "Cannot get stat of SSSD socket." msgstr "" -#: src/sss_client/common.c:1189 +#: src/sss_client/common.c:1199 msgid "An error occurred, but no description can be found." msgstr "" -#: src/sss_client/common.c:1195 +#: src/sss_client/common.c:1205 msgid "Unexpected error while looking for an error description" msgstr "" diff --git a/po/fr.po b/po/fr.po index 22302709d0e..3cb7c14eda9 100644 --- a/po/fr.po +++ b/po/fr.po @@ -18,7 +18,7 @@ msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" -"POT-Creation-Date: 2023-11-13 11:54+0100\n" +"POT-Creation-Date: 2024-01-12 13:01+0100\n" "PO-Revision-Date: 2023-06-10 12:20+0000\n" "Last-Translator: Ludek Janda <ljanda@redhat.com>\n" "Language-Team: French <https://translate.fedoraproject.org/projects/sssd/" @@ -2187,37 +2187,37 @@ msgstr "Échec de set_debug_file_from_fd.\n" msgid "Domain of the information provider (mandatory)" msgstr "Domaine du fournisseur d'informations (obligatoire)" -#: src/sss_client/common.c:1169 +#: src/sss_client/common.c:1179 msgid "Privileged socket has wrong ownership or permissions." msgstr "" "Le socket privilégié a de mauvaises permissions ou un mauvais propriétaire." -#: src/sss_client/common.c:1172 +#: src/sss_client/common.c:1182 msgid "Public socket has wrong ownership or permissions." msgstr "" "Le socket public a de mauvaises permissions ou un mauvais propriétaire." -#: src/sss_client/common.c:1175 +#: src/sss_client/common.c:1185 msgid "Unexpected format of the server credential message." msgstr "Le message du serveur de crédits a un format inattendu." -#: src/sss_client/common.c:1178 +#: src/sss_client/common.c:1188 msgid "SSSD is not run by root." msgstr "SSSD n'est pas démarré par root." -#: src/sss_client/common.c:1181 +#: src/sss_client/common.c:1191 msgid "SSSD socket does not exist." msgstr "La socket SSSD n'existe pas." -#: src/sss_client/common.c:1184 +#: src/sss_client/common.c:1194 msgid "Cannot get stat of SSSD socket." msgstr "Impossible d'obtenir le stat du socket SSSD." -#: src/sss_client/common.c:1189 +#: src/sss_client/common.c:1199 msgid "An error occurred, but no description can be found." msgstr "Une erreur est survenue mais aucune description n'est trouvée." -#: src/sss_client/common.c:1195 +#: src/sss_client/common.c:1205 msgid "Unexpected error while looking for an error description" msgstr "Erreur inattendue lors de la recherche de la description de l'erreur" diff --git a/po/hu.po b/po/hu.po index 72d77eb509d..8b2ba9b56e7 100644 --- a/po/hu.po +++ b/po/hu.po @@ -10,7 +10,7 @@ msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" -"POT-Creation-Date: 2023-11-13 11:54+0100\n" +"POT-Creation-Date: 2024-01-12 13:01+0100\n" "PO-Revision-Date: 2014-12-14 11:45-0500\n" "Last-Translator: Copied by Zanata <copied-by-zanata@zanata.org>\n" "Language-Team: Hungarian (http://www.transifex.com/projects/p/sssd/language/" @@ -1956,35 +1956,35 @@ msgstr "" msgid "Domain of the information provider (mandatory)" msgstr "" -#: src/sss_client/common.c:1169 +#: src/sss_client/common.c:1179 msgid "Privileged socket has wrong ownership or permissions." msgstr "" -#: src/sss_client/common.c:1172 +#: src/sss_client/common.c:1182 msgid "Public socket has wrong ownership or permissions." msgstr "" -#: src/sss_client/common.c:1175 +#: src/sss_client/common.c:1185 msgid "Unexpected format of the server credential message." msgstr "" -#: src/sss_client/common.c:1178 +#: src/sss_client/common.c:1188 msgid "SSSD is not run by root." msgstr "Az SSSD nem root-ként fut." -#: src/sss_client/common.c:1181 +#: src/sss_client/common.c:1191 msgid "SSSD socket does not exist." msgstr "" -#: src/sss_client/common.c:1184 +#: src/sss_client/common.c:1194 msgid "Cannot get stat of SSSD socket." msgstr "" -#: src/sss_client/common.c:1189 +#: src/sss_client/common.c:1199 msgid "An error occurred, but no description can be found." msgstr "Hiba lépett fel, de nem érhetőek el részletek." -#: src/sss_client/common.c:1195 +#: src/sss_client/common.c:1205 msgid "Unexpected error while looking for an error description" msgstr "" diff --git a/po/id.po b/po/id.po index 0e2a11efde1..b037617ac4a 100644 --- a/po/id.po +++ b/po/id.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" -"POT-Creation-Date: 2023-11-13 11:54+0100\n" +"POT-Creation-Date: 2024-01-12 13:01+0100\n" "PO-Revision-Date: 2014-12-14 11:46-0500\n" "Last-Translator: Copied by Zanata <copied-by-zanata@zanata.org>\n" "Language-Team: Indonesian (http://www.transifex.com/projects/p/sssd/language/" @@ -1953,35 +1953,35 @@ msgstr "" msgid "Domain of the information provider (mandatory)" msgstr "" -#: src/sss_client/common.c:1169 +#: src/sss_client/common.c:1179 msgid "Privileged socket has wrong ownership or permissions." msgstr "" -#: src/sss_client/common.c:1172 +#: src/sss_client/common.c:1182 msgid "Public socket has wrong ownership or permissions." msgstr "" -#: src/sss_client/common.c:1175 +#: src/sss_client/common.c:1185 msgid "Unexpected format of the server credential message." msgstr "" -#: src/sss_client/common.c:1178 +#: src/sss_client/common.c:1188 msgid "SSSD is not run by root." msgstr "" -#: src/sss_client/common.c:1181 +#: src/sss_client/common.c:1191 msgid "SSSD socket does not exist." msgstr "" -#: src/sss_client/common.c:1184 +#: src/sss_client/common.c:1194 msgid "Cannot get stat of SSSD socket." msgstr "" -#: src/sss_client/common.c:1189 +#: src/sss_client/common.c:1199 msgid "An error occurred, but no description can be found." msgstr "" -#: src/sss_client/common.c:1195 +#: src/sss_client/common.c:1205 msgid "Unexpected error while looking for an error description" msgstr "" diff --git a/po/it.po b/po/it.po index 4b5ca16f7ad..441e4605c59 100644 --- a/po/it.po +++ b/po/it.po @@ -9,7 +9,7 @@ msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" -"POT-Creation-Date: 2023-11-13 11:54+0100\n" +"POT-Creation-Date: 2024-01-12 13:01+0100\n" "PO-Revision-Date: 2020-09-15 08:29+0000\n" "Last-Translator: Milo Casagrande <milo@milo.name>\n" "Language-Team: Italian <https://translate.fedoraproject.org/projects/sssd/" @@ -1973,35 +1973,35 @@ msgstr "" msgid "Domain of the information provider (mandatory)" msgstr "Dominio del provider di informazioni (obbligatorio)" -#: src/sss_client/common.c:1169 +#: src/sss_client/common.c:1179 msgid "Privileged socket has wrong ownership or permissions." msgstr "Il socket privilegiato ha permessi o propritario non validi." -#: src/sss_client/common.c:1172 +#: src/sss_client/common.c:1182 msgid "Public socket has wrong ownership or permissions." msgstr "Il socket pubblico ha permessi o propritario non validi." -#: src/sss_client/common.c:1175 +#: src/sss_client/common.c:1185 msgid "Unexpected format of the server credential message." msgstr "" -#: src/sss_client/common.c:1178 +#: src/sss_client/common.c:1188 msgid "SSSD is not run by root." msgstr "SSSD non è eseguito da root." -#: src/sss_client/common.c:1181 +#: src/sss_client/common.c:1191 msgid "SSSD socket does not exist." msgstr "" -#: src/sss_client/common.c:1184 +#: src/sss_client/common.c:1194 msgid "Cannot get stat of SSSD socket." msgstr "" -#: src/sss_client/common.c:1189 +#: src/sss_client/common.c:1199 msgid "An error occurred, but no description can be found." msgstr "" -#: src/sss_client/common.c:1195 +#: src/sss_client/common.c:1205 msgid "Unexpected error while looking for an error description" msgstr "" diff --git a/po/ja.po b/po/ja.po index 0a370b0c380..05a2c2adbd8 100644 --- a/po/ja.po +++ b/po/ja.po @@ -14,7 +14,7 @@ msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" -"POT-Creation-Date: 2023-11-13 11:54+0100\n" +"POT-Creation-Date: 2024-01-12 13:01+0100\n" "PO-Revision-Date: 2023-06-10 12:20+0000\n" "Last-Translator: Ludek Janda <ljanda@redhat.com>\n" "Language-Team: Japanese <https://translate.fedoraproject.org/projects/sssd/" @@ -2051,35 +2051,35 @@ msgstr "set_debug_file_from_fd は失敗しました。\n" msgid "Domain of the information provider (mandatory)" msgstr "情報プロバイダーのドメイン (必須)" -#: src/sss_client/common.c:1169 +#: src/sss_client/common.c:1179 msgid "Privileged socket has wrong ownership or permissions." msgstr "特権ソケットの所有者またはパーミッションが誤っています。" -#: src/sss_client/common.c:1172 +#: src/sss_client/common.c:1182 msgid "Public socket has wrong ownership or permissions." msgstr "公開ソケットの所有者またはパーミッションが誤っています。" -#: src/sss_client/common.c:1175 +#: src/sss_client/common.c:1185 msgid "Unexpected format of the server credential message." msgstr "サーバーのクレデンシャルメッセージの予期しない形式です。" -#: src/sss_client/common.c:1178 +#: src/sss_client/common.c:1188 msgid "SSSD is not run by root." msgstr "SSSD は root により実行されません。" -#: src/sss_client/common.c:1181 +#: src/sss_client/common.c:1191 msgid "SSSD socket does not exist." msgstr "SSSD ソケットは存在しません。" -#: src/sss_client/common.c:1184 +#: src/sss_client/common.c:1194 msgid "Cannot get stat of SSSD socket." msgstr "SSSD ソケットの統計を取得できません。" -#: src/sss_client/common.c:1189 +#: src/sss_client/common.c:1199 msgid "An error occurred, but no description can be found." msgstr "エラーが発生しましたが、説明がありませんでした。" -#: src/sss_client/common.c:1195 +#: src/sss_client/common.c:1205 msgid "Unexpected error while looking for an error description" msgstr "エラーの説明を検索中に予期しないエラーが発生しました" diff --git a/po/ka.po b/po/ka.po index 2cddb232ed2..7eab11cbb83 100644 --- a/po/ka.po +++ b/po/ka.po @@ -6,7 +6,7 @@ msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" -"POT-Creation-Date: 2023-11-13 11:54+0100\n" +"POT-Creation-Date: 2024-01-12 13:01+0100\n" "PO-Revision-Date: 2023-09-18 03:54+0000\n" "Last-Translator: Temuri Doghonadze <temuri.doghonadze@gmail.com>\n" "Language-Team: Georgian <https://translate.fedoraproject.org/projects/sssd/" @@ -1951,35 +1951,35 @@ msgstr "" msgid "Domain of the information provider (mandatory)" msgstr "" -#: src/sss_client/common.c:1169 +#: src/sss_client/common.c:1179 msgid "Privileged socket has wrong ownership or permissions." msgstr "" -#: src/sss_client/common.c:1172 +#: src/sss_client/common.c:1182 msgid "Public socket has wrong ownership or permissions." msgstr "" -#: src/sss_client/common.c:1175 +#: src/sss_client/common.c:1185 msgid "Unexpected format of the server credential message." msgstr "" -#: src/sss_client/common.c:1178 +#: src/sss_client/common.c:1188 msgid "SSSD is not run by root." msgstr "" -#: src/sss_client/common.c:1181 +#: src/sss_client/common.c:1191 msgid "SSSD socket does not exist." msgstr "" -#: src/sss_client/common.c:1184 +#: src/sss_client/common.c:1194 msgid "Cannot get stat of SSSD socket." msgstr "" -#: src/sss_client/common.c:1189 +#: src/sss_client/common.c:1199 msgid "An error occurred, but no description can be found." msgstr "" -#: src/sss_client/common.c:1195 +#: src/sss_client/common.c:1205 msgid "Unexpected error while looking for an error description" msgstr "" diff --git a/po/ko.po b/po/ko.po index b8b30929d52..d6fa8e42d07 100644 --- a/po/ko.po +++ b/po/ko.po @@ -10,7 +10,7 @@ msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" -"POT-Creation-Date: 2023-11-13 11:54+0100\n" +"POT-Creation-Date: 2024-01-12 13:01+0100\n" "PO-Revision-Date: 2023-09-18 03:54+0000\n" "Last-Translator: 김인수 <simmon@nplob.com>\n" "Language-Team: Korean <https://translate.fedoraproject.org/projects/sssd/" @@ -2022,35 +2022,35 @@ msgstr "set_debug_file_from_fd가 실패했습니다.\n" msgid "Domain of the information provider (mandatory)" msgstr "정보 공급자의 도메인 (필수)" -#: src/sss_client/common.c:1169 +#: src/sss_client/common.c:1179 msgid "Privileged socket has wrong ownership or permissions." msgstr "권한 있는 소켓에 잘못된 소유권 또는 권한이 있습니다." -#: src/sss_client/common.c:1172 +#: src/sss_client/common.c:1182 msgid "Public socket has wrong ownership or permissions." msgstr "공용 소켓에 잘못된 소유권 또는 권한이 있습니다." -#: src/sss_client/common.c:1175 +#: src/sss_client/common.c:1185 msgid "Unexpected format of the server credential message." msgstr "서버 인증 정보 메시지의 예기치 않은 형식입니다." -#: src/sss_client/common.c:1178 +#: src/sss_client/common.c:1188 msgid "SSSD is not run by root." msgstr "SSSD는 루트에 의해 실행되지 않습니다." -#: src/sss_client/common.c:1181 +#: src/sss_client/common.c:1191 msgid "SSSD socket does not exist." msgstr "SSSD 소켓이 존재하지 않습니다." -#: src/sss_client/common.c:1184 +#: src/sss_client/common.c:1194 msgid "Cannot get stat of SSSD socket." msgstr "SSSD 소켓 통계를 가져올 수 없습니다." -#: src/sss_client/common.c:1189 +#: src/sss_client/common.c:1199 msgid "An error occurred, but no description can be found." msgstr "오류가 발생했지만 설명을 찾을 수 없습니다." -#: src/sss_client/common.c:1195 +#: src/sss_client/common.c:1205 msgid "Unexpected error while looking for an error description" msgstr "오류 설명을 찾는 동안 예기치 않은 오류 발생" diff --git a/po/nb.po b/po/nb.po index 6c1495c8e52..aad063d4560 100644 --- a/po/nb.po +++ b/po/nb.po @@ -8,7 +8,7 @@ msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" -"POT-Creation-Date: 2023-11-13 11:54+0100\n" +"POT-Creation-Date: 2024-01-12 13:01+0100\n" "PO-Revision-Date: 2014-12-14 11:46-0500\n" "Last-Translator: Copied by Zanata <copied-by-zanata@zanata.org>\n" "Language-Team: Norwegian Bokmål (http://www.transifex.com/projects/p/sssd/" @@ -1953,35 +1953,35 @@ msgstr "" msgid "Domain of the information provider (mandatory)" msgstr "" -#: src/sss_client/common.c:1169 +#: src/sss_client/common.c:1179 msgid "Privileged socket has wrong ownership or permissions." msgstr "" -#: src/sss_client/common.c:1172 +#: src/sss_client/common.c:1182 msgid "Public socket has wrong ownership or permissions." msgstr "" -#: src/sss_client/common.c:1175 +#: src/sss_client/common.c:1185 msgid "Unexpected format of the server credential message." msgstr "" -#: src/sss_client/common.c:1178 +#: src/sss_client/common.c:1188 msgid "SSSD is not run by root." msgstr "" -#: src/sss_client/common.c:1181 +#: src/sss_client/common.c:1191 msgid "SSSD socket does not exist." msgstr "" -#: src/sss_client/common.c:1184 +#: src/sss_client/common.c:1194 msgid "Cannot get stat of SSSD socket." msgstr "" -#: src/sss_client/common.c:1189 +#: src/sss_client/common.c:1199 msgid "An error occurred, but no description can be found." msgstr "" -#: src/sss_client/common.c:1195 +#: src/sss_client/common.c:1205 msgid "Unexpected error while looking for an error description" msgstr "" diff --git a/po/nl.po b/po/nl.po index bd985cf1de3..e6f201b86da 100644 --- a/po/nl.po +++ b/po/nl.po @@ -13,7 +13,7 @@ msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" -"POT-Creation-Date: 2023-11-13 11:54+0100\n" +"POT-Creation-Date: 2024-01-12 13:01+0100\n" "PO-Revision-Date: 2014-12-14 11:47-0500\n" "Last-Translator: Copied by Zanata <copied-by-zanata@zanata.org>\n" "Language-Team: Dutch (http://www.transifex.com/projects/p/sssd/language/" @@ -2029,36 +2029,36 @@ msgstr "" msgid "Domain of the information provider (mandatory)" msgstr "Domein voor de informatie provider (verplicht)" -#: src/sss_client/common.c:1169 +#: src/sss_client/common.c:1179 msgid "Privileged socket has wrong ownership or permissions." msgstr "Socket met privileges heeft verkeerde rechten of eigendom." -#: src/sss_client/common.c:1172 +#: src/sss_client/common.c:1182 msgid "Public socket has wrong ownership or permissions." msgstr "Publiek socket heeft verkeerde rechten of eigendom." -#: src/sss_client/common.c:1175 +#: src/sss_client/common.c:1185 msgid "Unexpected format of the server credential message." msgstr "Onverwacht formaat van het inloggegevensbericht van de server." -#: src/sss_client/common.c:1178 +#: src/sss_client/common.c:1188 msgid "SSSD is not run by root." msgstr "SSSD wordt niet door root gestart." -#: src/sss_client/common.c:1181 +#: src/sss_client/common.c:1191 msgid "SSSD socket does not exist." msgstr "" -#: src/sss_client/common.c:1184 +#: src/sss_client/common.c:1194 msgid "Cannot get stat of SSSD socket." msgstr "" -#: src/sss_client/common.c:1189 +#: src/sss_client/common.c:1199 msgid "An error occurred, but no description can be found." msgstr "" "Er is een fout opgetreden, maar er kan geen omschrijving gevonden worden." -#: src/sss_client/common.c:1195 +#: src/sss_client/common.c:1205 msgid "Unexpected error while looking for an error description" msgstr "Onverwachtte fout bij het opzoeken van een omschrijving" diff --git a/po/pl.po b/po/pl.po index c3fdfc18913..e33926174f0 100644 --- a/po/pl.po +++ b/po/pl.po @@ -15,7 +15,7 @@ msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" -"POT-Creation-Date: 2023-11-13 11:54+0100\n" +"POT-Creation-Date: 2024-01-12 13:01+0100\n" "PO-Revision-Date: 2023-09-18 03:54+0000\n" "Last-Translator: Piotr Drąg <piotrdrag@gmail.com>\n" "Language-Team: Polish <https://translate.fedoraproject.org/projects/sssd/" @@ -2116,35 +2116,35 @@ msgstr "set_debug_file_from_fd się nie powiodło.\n" msgid "Domain of the information provider (mandatory)" msgstr "Domena dostawcy informacji (wymagane)" -#: src/sss_client/common.c:1169 +#: src/sss_client/common.c:1179 msgid "Privileged socket has wrong ownership or permissions." msgstr "Uprawnione gniazdo ma błędnego właściciela lub uprawnienia." -#: src/sss_client/common.c:1172 +#: src/sss_client/common.c:1182 msgid "Public socket has wrong ownership or permissions." msgstr "Publiczne gniazdo ma błędnego właściciela lub uprawnienia." -#: src/sss_client/common.c:1175 +#: src/sss_client/common.c:1185 msgid "Unexpected format of the server credential message." msgstr "Nieoczekiwany format komunikatu uwierzytelniającego serwera." -#: src/sss_client/common.c:1178 +#: src/sss_client/common.c:1188 msgid "SSSD is not run by root." msgstr "SSSD nie zostało uruchomione w trybie roota." -#: src/sss_client/common.c:1181 +#: src/sss_client/common.c:1191 msgid "SSSD socket does not exist." msgstr "Gniazdo SSSD nie istnieje." -#: src/sss_client/common.c:1184 +#: src/sss_client/common.c:1194 msgid "Cannot get stat of SSSD socket." msgstr "Nie można wykonać „stat” na gnieździe SSSD." -#: src/sss_client/common.c:1189 +#: src/sss_client/common.c:1199 msgid "An error occurred, but no description can be found." msgstr "Wystąpił błąd, ale nie odnaleziono jego opisu." -#: src/sss_client/common.c:1195 +#: src/sss_client/common.c:1205 msgid "Unexpected error while looking for an error description" msgstr "Nieoczekiwany błąd podczas wyszukiwania opisu błędu" diff --git a/po/pt.po b/po/pt.po index c61b2f7288d..c2a3bfc9186 100644 --- a/po/pt.po +++ b/po/pt.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" -"POT-Creation-Date: 2023-11-13 11:54+0100\n" +"POT-Creation-Date: 2024-01-12 13:01+0100\n" "PO-Revision-Date: 2014-12-14 11:47-0500\n" "Last-Translator: Copied by Zanata <copied-by-zanata@zanata.org>\n" "Language-Team: Portuguese (http://www.transifex.com/projects/p/sssd/language/" @@ -1966,35 +1966,35 @@ msgstr "" msgid "Domain of the information provider (mandatory)" msgstr "Domínio do fornecedor de informação (obrigatório)" -#: src/sss_client/common.c:1169 +#: src/sss_client/common.c:1179 msgid "Privileged socket has wrong ownership or permissions." msgstr "" -#: src/sss_client/common.c:1172 +#: src/sss_client/common.c:1182 msgid "Public socket has wrong ownership or permissions." msgstr "" -#: src/sss_client/common.c:1175 +#: src/sss_client/common.c:1185 msgid "Unexpected format of the server credential message." msgstr "" -#: src/sss_client/common.c:1178 +#: src/sss_client/common.c:1188 msgid "SSSD is not run by root." msgstr "" -#: src/sss_client/common.c:1181 +#: src/sss_client/common.c:1191 msgid "SSSD socket does not exist." msgstr "" -#: src/sss_client/common.c:1184 +#: src/sss_client/common.c:1194 msgid "Cannot get stat of SSSD socket." msgstr "" -#: src/sss_client/common.c:1189 +#: src/sss_client/common.c:1199 msgid "An error occurred, but no description can be found." msgstr "" -#: src/sss_client/common.c:1195 +#: src/sss_client/common.c:1205 msgid "Unexpected error while looking for an error description" msgstr "" diff --git a/po/pt_BR.po b/po/pt_BR.po index 504e1affb7d..30fa446d830 100644 --- a/po/pt_BR.po +++ b/po/pt_BR.po @@ -3,7 +3,7 @@ msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" -"POT-Creation-Date: 2023-11-13 11:54+0100\n" +"POT-Creation-Date: 2024-01-12 13:01+0100\n" "PO-Revision-Date: 2015-10-27 08:15-0400\n" "Last-Translator: Marco Aurélio Krause <ouesten@me.com>\n" "Language-Team: Portuguese (Brazil)\n" @@ -1947,35 +1947,35 @@ msgstr "" msgid "Domain of the information provider (mandatory)" msgstr "" -#: src/sss_client/common.c:1169 +#: src/sss_client/common.c:1179 msgid "Privileged socket has wrong ownership or permissions." msgstr "" -#: src/sss_client/common.c:1172 +#: src/sss_client/common.c:1182 msgid "Public socket has wrong ownership or permissions." msgstr "" -#: src/sss_client/common.c:1175 +#: src/sss_client/common.c:1185 msgid "Unexpected format of the server credential message." msgstr "" -#: src/sss_client/common.c:1178 +#: src/sss_client/common.c:1188 msgid "SSSD is not run by root." msgstr "" -#: src/sss_client/common.c:1181 +#: src/sss_client/common.c:1191 msgid "SSSD socket does not exist." msgstr "" -#: src/sss_client/common.c:1184 +#: src/sss_client/common.c:1194 msgid "Cannot get stat of SSSD socket." msgstr "" -#: src/sss_client/common.c:1189 +#: src/sss_client/common.c:1199 msgid "An error occurred, but no description can be found." msgstr "" -#: src/sss_client/common.c:1195 +#: src/sss_client/common.c:1205 msgid "Unexpected error while looking for an error description" msgstr "" diff --git a/po/ru.po b/po/ru.po index 8bde701e22f..f1314439647 100644 --- a/po/ru.po +++ b/po/ru.po @@ -12,7 +12,7 @@ msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" -"POT-Creation-Date: 2023-11-13 11:54+0100\n" +"POT-Creation-Date: 2024-01-12 13:01+0100\n" "PO-Revision-Date: 2023-09-18 03:54+0000\n" "Last-Translator: Elena Mishina <lepata@basealt.ru>\n" "Language-Team: Russian <https://translate.fedoraproject.org/projects/sssd/" @@ -2161,37 +2161,37 @@ msgstr "Ошибка set_debug_file_from_fd.\n" msgid "Domain of the information provider (mandatory)" msgstr "Домен поставщика информации (обязательный)" -#: src/sss_client/common.c:1169 +#: src/sss_client/common.c:1179 msgid "Privileged socket has wrong ownership or permissions." msgstr "" "Для привилегированного сокета установлен неверный владелец или права доступа." -#: src/sss_client/common.c:1172 +#: src/sss_client/common.c:1182 msgid "Public socket has wrong ownership or permissions." msgstr "" "Для общедоступного сокета установлен неверный владелец или права доступа." -#: src/sss_client/common.c:1175 +#: src/sss_client/common.c:1185 msgid "Unexpected format of the server credential message." msgstr "Некорректный формат сообщения об учётных данных сервера." -#: src/sss_client/common.c:1178 +#: src/sss_client/common.c:1188 msgid "SSSD is not run by root." msgstr "Запуск SSSD выполнен не от имени пользователя root." -#: src/sss_client/common.c:1181 +#: src/sss_client/common.c:1191 msgid "SSSD socket does not exist." msgstr "Сокет SSSD не существует." -#: src/sss_client/common.c:1184 +#: src/sss_client/common.c:1194 msgid "Cannot get stat of SSSD socket." msgstr "Не удалось получить статистику сокета SSSD." -#: src/sss_client/common.c:1189 +#: src/sss_client/common.c:1199 msgid "An error occurred, but no description can be found." msgstr "Произошла ошибка, но не удалось найти её описание." -#: src/sss_client/common.c:1195 +#: src/sss_client/common.c:1205 msgid "Unexpected error while looking for an error description" msgstr "Непредвиденная ошибка при поиске описания ошибки" diff --git a/po/sssd.pot b/po/sssd.pot index 52760586230..9727fad5e67 100644 --- a/po/sssd.pot +++ b/po/sssd.pot @@ -8,7 +8,7 @@ msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" -"POT-Creation-Date: 2023-11-13 11:54+0100\n" +"POT-Creation-Date: 2024-01-12 13:01+0100\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" "Language-Team: LANGUAGE <LL@li.org>\n" @@ -1950,35 +1950,35 @@ msgstr "" msgid "Domain of the information provider (mandatory)" msgstr "" -#: src/sss_client/common.c:1169 +#: src/sss_client/common.c:1179 msgid "Privileged socket has wrong ownership or permissions." msgstr "" -#: src/sss_client/common.c:1172 +#: src/sss_client/common.c:1182 msgid "Public socket has wrong ownership or permissions." msgstr "" -#: src/sss_client/common.c:1175 +#: src/sss_client/common.c:1185 msgid "Unexpected format of the server credential message." msgstr "" -#: src/sss_client/common.c:1178 +#: src/sss_client/common.c:1188 msgid "SSSD is not run by root." msgstr "" -#: src/sss_client/common.c:1181 +#: src/sss_client/common.c:1191 msgid "SSSD socket does not exist." msgstr "" -#: src/sss_client/common.c:1184 +#: src/sss_client/common.c:1194 msgid "Cannot get stat of SSSD socket." msgstr "" -#: src/sss_client/common.c:1189 +#: src/sss_client/common.c:1199 msgid "An error occurred, but no description can be found." msgstr "" -#: src/sss_client/common.c:1195 +#: src/sss_client/common.c:1205 msgid "Unexpected error while looking for an error description" msgstr "" diff --git a/po/sv.po b/po/sv.po index 92955c025e5..d63f89a8fee 100644 --- a/po/sv.po +++ b/po/sv.po @@ -13,7 +13,7 @@ msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" -"POT-Creation-Date: 2023-11-13 11:54+0100\n" +"POT-Creation-Date: 2024-01-12 13:01+0100\n" "PO-Revision-Date: 2023-08-30 14:21+0000\n" "Last-Translator: Göran Uddeborg <goeran@uddeborg.se>\n" "Language-Team: Swedish <https://translate.fedoraproject.org/projects/sssd/" @@ -2090,35 +2090,35 @@ msgstr "set_debug_file_from_fd misslyckades.\n" msgid "Domain of the information provider (mandatory)" msgstr "Domän för informationsleverantören (obligatoriskt)" -#: src/sss_client/common.c:1169 +#: src/sss_client/common.c:1179 msgid "Privileged socket has wrong ownership or permissions." msgstr "Privilegierat uttag (socket) har fel ägarskap eller rättigheter." -#: src/sss_client/common.c:1172 +#: src/sss_client/common.c:1182 msgid "Public socket has wrong ownership or permissions." msgstr "Publikt uttag (socket) har fel ägarskap eller rättigheter." -#: src/sss_client/common.c:1175 +#: src/sss_client/common.c:1185 msgid "Unexpected format of the server credential message." msgstr "Oväntat format på serverns kreditivmeddelande." -#: src/sss_client/common.c:1178 +#: src/sss_client/common.c:1188 msgid "SSSD is not run by root." msgstr "SSSD körs inte av root." -#: src/sss_client/common.c:1181 +#: src/sss_client/common.c:1191 msgid "SSSD socket does not exist." msgstr "SSSD-uttaget finns inte." -#: src/sss_client/common.c:1184 +#: src/sss_client/common.c:1194 msgid "Cannot get stat of SSSD socket." msgstr "Kan inte ta status på SSSD-uttaget." -#: src/sss_client/common.c:1189 +#: src/sss_client/common.c:1199 msgid "An error occurred, but no description can be found." msgstr "Ett fel uppstod, men ingen beskrivning kan hittas." -#: src/sss_client/common.c:1195 +#: src/sss_client/common.c:1205 msgid "Unexpected error while looking for an error description" msgstr "Oväntat fel vid sökning efter ett felmeddelande" diff --git a/po/tg.po b/po/tg.po index bd91f81054f..47ae4c89f08 100644 --- a/po/tg.po +++ b/po/tg.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" -"POT-Creation-Date: 2023-11-13 11:54+0100\n" +"POT-Creation-Date: 2024-01-12 13:01+0100\n" "PO-Revision-Date: 2014-12-14 11:48-0500\n" "Last-Translator: Copied by Zanata <copied-by-zanata@zanata.org>\n" "Language-Team: Tajik (http://www.transifex.com/projects/p/sssd/language/" @@ -1952,35 +1952,35 @@ msgstr "" msgid "Domain of the information provider (mandatory)" msgstr "" -#: src/sss_client/common.c:1169 +#: src/sss_client/common.c:1179 msgid "Privileged socket has wrong ownership or permissions." msgstr "" -#: src/sss_client/common.c:1172 +#: src/sss_client/common.c:1182 msgid "Public socket has wrong ownership or permissions." msgstr "" -#: src/sss_client/common.c:1175 +#: src/sss_client/common.c:1185 msgid "Unexpected format of the server credential message." msgstr "" -#: src/sss_client/common.c:1178 +#: src/sss_client/common.c:1188 msgid "SSSD is not run by root." msgstr "" -#: src/sss_client/common.c:1181 +#: src/sss_client/common.c:1191 msgid "SSSD socket does not exist." msgstr "" -#: src/sss_client/common.c:1184 +#: src/sss_client/common.c:1194 msgid "Cannot get stat of SSSD socket." msgstr "" -#: src/sss_client/common.c:1189 +#: src/sss_client/common.c:1199 msgid "An error occurred, but no description can be found." msgstr "" -#: src/sss_client/common.c:1195 +#: src/sss_client/common.c:1205 msgid "Unexpected error while looking for an error description" msgstr "" diff --git a/po/tr.po b/po/tr.po index d1f6e7b5c31..dcb91b83734 100644 --- a/po/tr.po +++ b/po/tr.po @@ -10,7 +10,7 @@ msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" -"POT-Creation-Date: 2023-11-13 11:54+0100\n" +"POT-Creation-Date: 2024-01-12 13:01+0100\n" "PO-Revision-Date: 2023-06-04 04:20+0000\n" "Last-Translator: Kemal Oktay Aktoğan <oktay@e.email>\n" "Language-Team: Turkish <https://translate.fedoraproject.org/projects/sssd/" @@ -2135,36 +2135,36 @@ msgstr "set_debug_file_from_fd başarısız oldu.\n" msgid "Domain of the information provider (mandatory)" msgstr "Bilgi sağlayıcısının etki alanı (zorunlu)" -#: src/sss_client/common.c:1169 +#: src/sss_client/common.c:1179 msgid "Privileged socket has wrong ownership or permissions." msgstr "" "Ayrıcalıklı yuva(privileged socket) yanlış sahiplik veya izinlere sahip." -#: src/sss_client/common.c:1172 +#: src/sss_client/common.c:1182 msgid "Public socket has wrong ownership or permissions." msgstr "Ortak yuva(public socket) yanlış sahiplik veya izinlere sahip." -#: src/sss_client/common.c:1175 +#: src/sss_client/common.c:1185 msgid "Unexpected format of the server credential message." msgstr "Sunucu kimlik bilgisi iletisinin beklenmeyen biçimi." -#: src/sss_client/common.c:1178 +#: src/sss_client/common.c:1188 msgid "SSSD is not run by root." msgstr "SSSD yetkili kullanıcı(root) tarafından çalıştırılmaz." -#: src/sss_client/common.c:1181 +#: src/sss_client/common.c:1191 msgid "SSSD socket does not exist." msgstr "SSSD yuvası(socket) mevcut değil." -#: src/sss_client/common.c:1184 +#: src/sss_client/common.c:1194 msgid "Cannot get stat of SSSD socket." msgstr "SSSD yuvasının(socket) istatistiği alınamıyor." -#: src/sss_client/common.c:1189 +#: src/sss_client/common.c:1199 msgid "An error occurred, but no description can be found." msgstr "Bir hata oluştu, ancak açıklama bulunamadı." -#: src/sss_client/common.c:1195 +#: src/sss_client/common.c:1205 msgid "Unexpected error while looking for an error description" msgstr "Hata açıklaması aranırken beklenmeyen hata" diff --git a/po/uk.po b/po/uk.po index 64cd35003a6..aee0ac9d4a9 100644 --- a/po/uk.po +++ b/po/uk.po @@ -15,7 +15,7 @@ msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" -"POT-Creation-Date: 2023-11-13 11:54+0100\n" +"POT-Creation-Date: 2024-01-12 13:01+0100\n" "PO-Revision-Date: 2023-06-02 05:50+0000\n" "Last-Translator: Yuri Chornoivan <yurchor@ukr.net>\n" "Language-Team: Ukrainian <https://translate.fedoraproject.org/projects/sssd/" @@ -2184,35 +2184,35 @@ msgstr "Помилка set_debug_file_from_fd.\n" msgid "Domain of the information provider (mandatory)" msgstr "Домен надання відомостей (обов’язковий)" -#: src/sss_client/common.c:1169 +#: src/sss_client/common.c:1179 msgid "Privileged socket has wrong ownership or permissions." msgstr "У привілейованого сокета помилковий власник або права доступу." -#: src/sss_client/common.c:1172 +#: src/sss_client/common.c:1182 msgid "Public socket has wrong ownership or permissions." msgstr "У відкритого сокета помилковий власник або права доступу." -#: src/sss_client/common.c:1175 +#: src/sss_client/common.c:1185 msgid "Unexpected format of the server credential message." msgstr "Некоректний формат повідомлення щодо реєстраційних даних сервера." -#: src/sss_client/common.c:1178 +#: src/sss_client/common.c:1188 msgid "SSSD is not run by root." msgstr "SSSD запущено не від імені користувача root." -#: src/sss_client/common.c:1181 +#: src/sss_client/common.c:1191 msgid "SSSD socket does not exist." msgstr "Сокета SSSD не існує." -#: src/sss_client/common.c:1184 +#: src/sss_client/common.c:1194 msgid "Cannot get stat of SSSD socket." msgstr "Не вдалося отримати статистику щодо сокета SSSD." -#: src/sss_client/common.c:1189 +#: src/sss_client/common.c:1199 msgid "An error occurred, but no description can be found." msgstr "Сталася помилка, але не вдалося знайти її опису." -#: src/sss_client/common.c:1195 +#: src/sss_client/common.c:1205 msgid "Unexpected error while looking for an error description" msgstr "Неочікувана помилка під час пошуку опису помилки" diff --git a/po/zh_CN.po b/po/zh_CN.po index 3eec2555526..aa3b0e3fb63 100644 --- a/po/zh_CN.po +++ b/po/zh_CN.po @@ -13,7 +13,7 @@ msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" -"POT-Creation-Date: 2023-11-13 11:54+0100\n" +"POT-Creation-Date: 2024-01-12 13:01+0100\n" "PO-Revision-Date: 2023-07-24 17:20+0000\n" "Last-Translator: Funda Wang <fundawang@yeah.net>\n" "Language-Team: Chinese (Simplified) <https://translate.fedoraproject.org/" @@ -1995,35 +1995,35 @@ msgstr "set_debug_file_from_fd 失败。\n" msgid "Domain of the information provider (mandatory)" msgstr "信息提供者的域(强制)" -#: src/sss_client/common.c:1169 +#: src/sss_client/common.c:1179 msgid "Privileged socket has wrong ownership or permissions." msgstr "特权套接字有错误的所有权或权限。" -#: src/sss_client/common.c:1172 +#: src/sss_client/common.c:1182 msgid "Public socket has wrong ownership or permissions." msgstr "公共套接字有错误的所有权或权限。" -#: src/sss_client/common.c:1175 +#: src/sss_client/common.c:1185 msgid "Unexpected format of the server credential message." msgstr "服务器凭证消息的格式异常。" -#: src/sss_client/common.c:1178 +#: src/sss_client/common.c:1188 msgid "SSSD is not run by root." msgstr "SSSD 没有由 root 运行。" -#: src/sss_client/common.c:1181 +#: src/sss_client/common.c:1191 msgid "SSSD socket does not exist." msgstr "SSSD socket 不存在。" -#: src/sss_client/common.c:1184 +#: src/sss_client/common.c:1194 msgid "Cannot get stat of SSSD socket." msgstr "无法获取 SSSD socket 的统计数据。" -#: src/sss_client/common.c:1189 +#: src/sss_client/common.c:1199 msgid "An error occurred, but no description can be found." msgstr "发生错误,但找不到描述信息。" -#: src/sss_client/common.c:1195 +#: src/sss_client/common.c:1205 msgid "Unexpected error while looking for an error description" msgstr "查找错误说明时出现意外错误" diff --git a/po/zh_TW.po b/po/zh_TW.po index 60c87f4bf86..27e5c6f7191 100644 --- a/po/zh_TW.po +++ b/po/zh_TW.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" -"POT-Creation-Date: 2023-11-13 11:54+0100\n" +"POT-Creation-Date: 2024-01-12 13:01+0100\n" "PO-Revision-Date: 2014-12-14 11:50-0500\n" "Last-Translator: Copied by Zanata <copied-by-zanata@zanata.org>\n" "Language-Team: Chinese (Taiwan) (http://www.transifex.com/projects/p/sssd/" @@ -1954,35 +1954,35 @@ msgstr "" msgid "Domain of the information provider (mandatory)" msgstr "" -#: src/sss_client/common.c:1169 +#: src/sss_client/common.c:1179 msgid "Privileged socket has wrong ownership or permissions." msgstr "" -#: src/sss_client/common.c:1172 +#: src/sss_client/common.c:1182 msgid "Public socket has wrong ownership or permissions." msgstr "" -#: src/sss_client/common.c:1175 +#: src/sss_client/common.c:1185 msgid "Unexpected format of the server credential message." msgstr "" -#: src/sss_client/common.c:1178 +#: src/sss_client/common.c:1188 msgid "SSSD is not run by root." msgstr "" -#: src/sss_client/common.c:1181 +#: src/sss_client/common.c:1191 msgid "SSSD socket does not exist." msgstr "" -#: src/sss_client/common.c:1184 +#: src/sss_client/common.c:1194 msgid "Cannot get stat of SSSD socket." msgstr "" -#: src/sss_client/common.c:1189 +#: src/sss_client/common.c:1199 msgid "An error occurred, but no description can be found." msgstr "" -#: src/sss_client/common.c:1195 +#: src/sss_client/common.c:1205 msgid "Unexpected error while looking for an error description" msgstr "" diff --git a/src/man/po/br.po b/src/man/po/br.po index 13e09ccd931..b2f780083e8 100644 --- a/src/man/po/br.po +++ b/src/man/po/br.po @@ -8,7 +8,7 @@ msgid "" msgstr "" "Project-Id-Version: sssd-docs 2.3.0\n" "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" -"POT-Creation-Date: 2023-11-13 11:53+0100\n" +"POT-Creation-Date: 2024-01-12 13:00+0100\n" "PO-Revision-Date: 2014-12-14 11:51-0500\n" "Last-Translator: Copied by Zanata <copied-by-zanata@zanata.org>\n" "Language-Team: Breton (http://www.transifex.com/projects/p/sssd/language/" @@ -227,7 +227,7 @@ msgstr "" #. type: Content of: <variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:149 sssd.conf.5.xml:652 sssd.conf.5.xml:949 -#: sssd.conf.5.xml:2101 sssd.conf.5.xml:2168 sssd.conf.5.xml:4191 +#: sssd.conf.5.xml:2101 sssd.conf.5.xml:2168 sssd.conf.5.xml:4193 #: sssd-ldap.5.xml:313 sssd-ldap.5.xml:919 sssd-ldap.5.xml:938 #: sssd-ldap.5.xml:1148 sssd-ldap.5.xml:1601 sssd-ldap.5.xml:1841 #: sssd-ipa.5.xml:152 sssd-ipa.5.xml:254 sssd-ipa.5.xml:662 sssd-ad.5.xml:1106 @@ -296,7 +296,7 @@ msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:196 sssd.conf.5.xml:1290 sssd.conf.5.xml:1767 -#: sssd.conf.5.xml:4207 sssd-ldap.5.xml:766 include/ldap_id_mapping.xml:270 +#: sssd.conf.5.xml:4209 sssd-ldap.5.xml:766 include/ldap_id_mapping.xml:270 msgid "Default: 10" msgstr "" @@ -873,7 +873,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:700 sssd.conf.5.xml:1791 sssd.conf.5.xml:4257 +#: sssd.conf.5.xml:700 sssd.conf.5.xml:1791 sssd.conf.5.xml:4259 #: sssd-ad.5.xml:187 sssd-ad.5.xml:327 sssd-ad.5.xml:341 msgid "Default: Not set" msgstr "" @@ -2067,7 +2067,7 @@ msgid "The path to the certificate database." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1723 sssd.conf.5.xml:2248 sssd.conf.5.xml:4371 +#: sssd.conf.5.xml:1723 sssd.conf.5.xml:2248 sssd.conf.5.xml:4373 msgid "Default:" msgstr "" @@ -2335,7 +2335,7 @@ msgid "Default: no_session" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1950 sssd.conf.5.xml:4310 +#: sssd.conf.5.xml:1950 sssd.conf.5.xml:4312 msgid "pam_gssapi_services" msgstr "" @@ -2379,7 +2379,7 @@ msgid "Default: - (GSSAPI authentication is disabled)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1979 sssd.conf.5.xml:4311 +#: sssd.conf.5.xml:1979 sssd.conf.5.xml:4313 msgid "pam_gssapi_check_upn" msgstr "" @@ -3557,10 +3557,9 @@ msgstr "" #: sssd.conf.5.xml:3042 sssd.conf.5.xml:3153 sssd.conf.5.xml:3204 #: sssd.conf.5.xml:3267 msgid "" -"<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management " -"provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> " -"<manvolnum>5</manvolnum> </citerefentry> for more information on configuring " -"FreeIPA." +"<quote>ipa</quote>: FreeIPA and Red Hat Identity Management provider. See " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring FreeIPA." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> @@ -4605,35 +4604,37 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:4034 -msgid "This option is ignored for the files provider." +msgid "" +"It is expected that the <quote>files</quote> provider ignores the " +"local_auth_policy option and supports Smartcard authentication by default." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4037 +#: sssd.conf.5.xml:4039 #, fuzzy #| msgid "Default: 3" msgid "Default: match" msgstr "Dre ziouer : 3" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4042 +#: sssd.conf.5.xml:4044 msgid "auto_private_groups (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4048 +#: sssd.conf.5.xml:4050 msgid "true" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4051 +#: sssd.conf.5.xml:4053 msgid "" "Create user's private group unconditionally from user's UID number. The GID " "number is ignored in this case." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4055 +#: sssd.conf.5.xml:4057 msgid "" "NOTE: Because the GID number and the user private group are inferred from " "the UID number, it is not supported to have multiple entries with the same " @@ -4642,24 +4643,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4064 +#: sssd.conf.5.xml:4066 msgid "false" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4067 +#: sssd.conf.5.xml:4069 msgid "" "Always use the user's primary GID number. The GID number must refer to a " "group object in the LDAP database." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4073 +#: sssd.conf.5.xml:4075 msgid "hybrid" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4076 +#: sssd.conf.5.xml:4078 msgid "" "A primary group is autogenerated for user entries whose UID and GID numbers " "have the same value and at the same time the GID number does not correspond " @@ -4669,14 +4670,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4089 +#: sssd.conf.5.xml:4091 msgid "" "If the UID and GID of a user are different, then the GID must correspond to " "a group entry, otherwise the GID is simply not resolvable." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4096 +#: sssd.conf.5.xml:4098 msgid "" "This feature is useful for environments that wish to stop maintaining a " "separate group objects for the user private groups, but also wish to retain " @@ -4684,21 +4685,21 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4045 +#: sssd.conf.5.xml:4047 msgid "" "This option takes any of three available values: <placeholder " "type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4108 +#: sssd.conf.5.xml:4110 msgid "" "For subdomains, the default value is False for subdomains that use assigned " "POSIX IDs and True for subdomains that use automatic ID-mapping." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:4116 +#: sssd.conf.5.xml:4118 #, no-wrap msgid "" "[domain/forest.domain/sub.domain]\n" @@ -4706,7 +4707,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:4122 +#: sssd.conf.5.xml:4124 #, no-wrap msgid "" "[domain/forest.domain]\n" @@ -4715,7 +4716,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4113 +#: sssd.conf.5.xml:4115 msgid "" "The value of auto_private_groups can either be set per subdomains in a " "subsection, for example: <placeholder type=\"programlisting\" id=\"0\"/> or " @@ -4732,17 +4733,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4137 +#: sssd.conf.5.xml:4139 msgid "proxy_pam_target (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4140 +#: sssd.conf.5.xml:4142 msgid "The proxy target PAM proxies to." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4143 +#: sssd.conf.5.xml:4145 msgid "" "Default: not set by default, you have to take an existing pam configuration " "or create a new one and add the service name here. As an alternative you can " @@ -4750,12 +4751,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4153 +#: sssd.conf.5.xml:4155 msgid "proxy_lib_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4156 +#: sssd.conf.5.xml:4158 msgid "" "The name of the NSS library to use in proxy domains. The NSS functions " "searched for in the library are in the form of _nss_$(libName)_$(function), " @@ -4763,12 +4764,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4166 +#: sssd.conf.5.xml:4168 msgid "proxy_resolver_lib_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4169 +#: sssd.conf.5.xml:4171 msgid "" "The name of the NSS library to use for hosts and networks lookups in proxy " "domains. The NSS functions searched for in the library are in the form of " @@ -4776,12 +4777,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4180 +#: sssd.conf.5.xml:4182 msgid "proxy_fast_alias (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4183 +#: sssd.conf.5.xml:4185 msgid "" "When a user or group is looked up by name in the proxy provider, a second " "lookup by ID is performed to \"canonicalize\" the name in case the requested " @@ -4790,12 +4791,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4197 +#: sssd.conf.5.xml:4199 msgid "proxy_max_children (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4200 +#: sssd.conf.5.xml:4202 msgid "" "This option specifies the number of pre-forked proxy children. It is useful " "for high-load SSSD environments where sssd may run out of available child " @@ -4803,19 +4804,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4133 +#: sssd.conf.5.xml:4135 msgid "" "Options valid for proxy domains. <placeholder type=\"variablelist\" " "id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:4216 +#: sssd.conf.5.xml:4218 msgid "Application domains" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4218 +#: sssd.conf.5.xml:4220 msgid "" "SSSD, with its D-Bus interface (see <citerefentry> <refentrytitle>sssd-ifp</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry>) is appealing to " @@ -4832,7 +4833,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4238 +#: sssd.conf.5.xml:4240 msgid "" "Please note that the application domain must still be explicitly enabled in " "the <quote>domains</quote> parameter so that the lookup order between the " @@ -4840,17 +4841,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> -#: sssd.conf.5.xml:4244 +#: sssd.conf.5.xml:4246 msgid "Application domain parameters" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4246 +#: sssd.conf.5.xml:4248 msgid "inherit_from (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4249 +#: sssd.conf.5.xml:4251 msgid "" "The SSSD POSIX-type domain the application domain inherits all settings " "from. The application domain can moreover add its own settings to the " @@ -4859,7 +4860,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4263 +#: sssd.conf.5.xml:4265 msgid "" "The following example illustrates the use of an application domain. In this " "setup, the POSIX domain is connected to an LDAP server and is used by the OS " @@ -4869,7 +4870,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><programlisting> -#: sssd.conf.5.xml:4271 +#: sssd.conf.5.xml:4273 #, no-wrap msgid "" "[sssd]\n" @@ -4889,12 +4890,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4291 +#: sssd.conf.5.xml:4293 msgid "TRUSTED DOMAIN SECTION" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4293 +#: sssd.conf.5.xml:4295 msgid "" "Some options used in the domain section can also be used in the trusted " "domain section, that is, in a section called <quote>[domain/" @@ -4905,69 +4906,69 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4300 +#: sssd.conf.5.xml:4302 msgid "ldap_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4301 +#: sssd.conf.5.xml:4303 msgid "ldap_user_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4302 +#: sssd.conf.5.xml:4304 msgid "ldap_group_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4303 +#: sssd.conf.5.xml:4305 msgid "ldap_netgroup_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4304 +#: sssd.conf.5.xml:4306 msgid "ldap_service_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4305 +#: sssd.conf.5.xml:4307 msgid "ldap_sasl_mech," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4306 +#: sssd.conf.5.xml:4308 msgid "ad_server," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4307 +#: sssd.conf.5.xml:4309 msgid "ad_backup_server," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4308 +#: sssd.conf.5.xml:4310 msgid "ad_site," msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4309 sssd-ipa.5.xml:884 +#: sssd.conf.5.xml:4311 sssd-ipa.5.xml:884 msgid "use_fully_qualified_names" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4313 +#: sssd.conf.5.xml:4315 msgid "" "For more details about these options see their individual description in the " "manual page." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4319 +#: sssd.conf.5.xml:4321 msgid "CERTIFICATE MAPPING SECTION" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4321 +#: sssd.conf.5.xml:4323 msgid "" "To allow authentication with Smartcards and certificates SSSD must be able " "to map certificates to users. This can be done by adding the full " @@ -4980,7 +4981,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4335 +#: sssd.conf.5.xml:4337 msgid "" "To make the mapping more flexible mapping and matching rules were added to " "SSSD (see <citerefentry> <refentrytitle>sss-certmap</refentrytitle> " @@ -4988,7 +4989,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4344 +#: sssd.conf.5.xml:4346 msgid "" "A mapping and matching rule can be added to the SSSD configuration in a " "section on its own with a name like <quote>[certmap/" @@ -4997,55 +4998,55 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4351 +#: sssd.conf.5.xml:4353 msgid "matchrule (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4354 +#: sssd.conf.5.xml:4356 msgid "" "Only certificates from the Smartcard which matches this rule will be " "processed, all others are ignored." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4358 +#: sssd.conf.5.xml:4360 msgid "" "Default: KRB5:<EKU>clientAuth, i.e. only certificates which have the " "Extended Key Usage <quote>clientAuth</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4365 +#: sssd.conf.5.xml:4367 msgid "maprule (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4368 +#: sssd.conf.5.xml:4370 msgid "Defines how the user is found for a given certificate." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4374 +#: sssd.conf.5.xml:4376 msgid "" "LDAP:(userCertificate;binary={cert!bin}) for LDAP based providers like " "<quote>ldap</quote>, <quote>AD</quote> or <quote>ipa</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4380 +#: sssd.conf.5.xml:4382 msgid "" "The RULE_NAME for the <quote>files</quote> provider which tries to find a " "user with the same name." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4389 +#: sssd.conf.5.xml:4391 msgid "domains (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4392 +#: sssd.conf.5.xml:4394 msgid "" "Comma separated list of domain names the rule should be applied. By default " "a rule is only valid in the domain configured in sssd.conf. If the provider " @@ -5054,17 +5055,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4399 +#: sssd.conf.5.xml:4401 msgid "Default: the configured domain in sssd.conf" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4404 +#: sssd.conf.5.xml:4406 msgid "priority (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4407 +#: sssd.conf.5.xml:4409 msgid "" "Unsigned integer value defining the priority of the rule. The higher the " "number the lower the priority. <quote>0</quote> stands for the highest " @@ -5072,26 +5073,26 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4413 +#: sssd.conf.5.xml:4415 msgid "Default: the lowest priority" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4419 +#: sssd.conf.5.xml:4421 msgid "" "To make the configuration simple and reduce the amount of configuration " "options the <quote>files</quote> provider has some special properties:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4425 +#: sssd.conf.5.xml:4427 msgid "" "if maprule is not set the RULE_NAME name is assumed to be the name of the " "matching user" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4431 +#: sssd.conf.5.xml:4433 msgid "" "if a maprule is used both a single user name or a template like " "<quote>{subject_rfc822_name.short_name}</quote> must be in braces like e.g. " @@ -5100,17 +5101,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4440 +#: sssd.conf.5.xml:4442 msgid "the <quote>domains</quote> option is ignored" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4448 +#: sssd.conf.5.xml:4450 msgid "PROMPTING CONFIGURATION SECTION" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4450 +#: sssd.conf.5.xml:4452 msgid "" "If a special file (<filename>/var/lib/sss/pubconf/pam_preauth_available</" "filename>) exists SSSD's PAM module pam_sss will ask SSSD to figure out " @@ -5120,7 +5121,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4458 +#: sssd.conf.5.xml:4460 msgid "" "With the growing number of authentication methods and the possibility that " "there are multiple ones for a single user the heuristic used by pam_sss to " @@ -5129,59 +5130,59 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4470 +#: sssd.conf.5.xml:4472 msgid "[prompting/password]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4473 +#: sssd.conf.5.xml:4475 msgid "password_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4474 +#: sssd.conf.5.xml:4476 msgid "to change the string of the password prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4472 +#: sssd.conf.5.xml:4474 msgid "" "to configure password prompting, allowed options are: <placeholder " "type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4482 +#: sssd.conf.5.xml:4484 msgid "[prompting/2fa]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4486 +#: sssd.conf.5.xml:4488 msgid "first_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4487 +#: sssd.conf.5.xml:4489 msgid "to change the string of the prompt for the first factor" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4490 +#: sssd.conf.5.xml:4492 msgid "second_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4491 +#: sssd.conf.5.xml:4493 msgid "to change the string of the prompt for the second factor" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4494 +#: sssd.conf.5.xml:4496 msgid "single_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4495 +#: sssd.conf.5.xml:4497 msgid "" "boolean value, if True there will be only a single prompt using the value of " "first_prompt where it is expected that both factors are entered as a single " @@ -5190,7 +5191,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4484 +#: sssd.conf.5.xml:4486 msgid "" "to configure two-factor authentication prompting, allowed options are: " "<placeholder type=\"variablelist\" id=\"0\"/> If the second factor is " @@ -5199,17 +5200,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4512 +#: sssd.conf.5.xml:4514 msgid "[prompting/passkey]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4518 sssd-ad.5.xml:1021 +#: sssd.conf.5.xml:4520 sssd-ad.5.xml:1021 msgid "interactive" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4520 +#: sssd.conf.5.xml:4522 msgid "" "boolean value, if True prompt a message and wait before testing the presence " "of a passkey device. Recommended if your device doesn’t have a tactile " @@ -5217,46 +5218,46 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4528 +#: sssd.conf.5.xml:4530 msgid "interactive_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4530 +#: sssd.conf.5.xml:4532 msgid "to change the message of the interactive prompt." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4535 +#: sssd.conf.5.xml:4537 msgid "touch" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4537 +#: sssd.conf.5.xml:4539 msgid "" "boolean value, if True prompt a message to remind the user to touch the " "device." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4543 +#: sssd.conf.5.xml:4545 msgid "touch_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4545 +#: sssd.conf.5.xml:4547 msgid "to change the message of the touch prompt." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4514 +#: sssd.conf.5.xml:4516 msgid "" "to configure passkey authentication prompting, allowed options are: " "<placeholder type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4465 +#: sssd.conf.5.xml:4467 msgid "" "Each supported authentication method has its own configuration subsection " "under <quote>[prompting/...]</quote>. Currently there are: <placeholder " @@ -5265,7 +5266,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4556 +#: sssd.conf.5.xml:4558 msgid "" "It is possible to add a subsection for specific PAM services, e.g. " "<quote>[prompting/password/sshd]</quote> to individual change the prompting " @@ -5273,12 +5274,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4563 pam_sss_gss.8.xml:157 idmap_sss.8.xml:43 +#: sssd.conf.5.xml:4565 pam_sss_gss.8.xml:157 idmap_sss.8.xml:43 msgid "EXAMPLES" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4569 +#: sssd.conf.5.xml:4571 #, no-wrap msgid "" "[sssd]\n" @@ -5308,7 +5309,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4565 +#: sssd.conf.5.xml:4567 msgid "" "1. The following example shows a typical SSSD config. It does not describe " "configuration of the domains themselves - refer to documentation on " @@ -5317,7 +5318,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4602 +#: sssd.conf.5.xml:4604 #, no-wrap msgid "" "[domain/ipa.com/child.ad.com]\n" @@ -5325,7 +5326,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4596 +#: sssd.conf.5.xml:4598 msgid "" "2. The following example shows configuration of IPA AD trust where the AD " "forest consists of two domains in a parent-child structure. Suppose IPA " @@ -5336,7 +5337,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4613 +#: sssd.conf.5.xml:4615 #, no-wrap msgid "" "[certmap/my.domain/rule_name]\n" @@ -5347,7 +5348,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4607 +#: sssd.conf.5.xml:4609 msgid "" "3. The following example shows the configuration of a certificate mapping " "rule. It is valid for the configured domain <quote>my.domain</quote> and " diff --git a/src/man/po/ca.po b/src/man/po/ca.po index 212a0bc644d..45f2e263381 100644 --- a/src/man/po/ca.po +++ b/src/man/po/ca.po @@ -14,7 +14,7 @@ msgid "" msgstr "" "Project-Id-Version: sssd-docs 2.3.0\n" "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" -"POT-Creation-Date: 2023-11-13 11:53+0100\n" +"POT-Creation-Date: 2024-01-12 13:00+0100\n" "PO-Revision-Date: 2015-10-18 04:13-0400\n" "Last-Translator: Robert Antoni Buj Gelonch <rbuj@fedoraproject.org>\n" "Language-Team: Catalan (http://www.transifex.com/projects/p/sssd/language/" @@ -256,7 +256,7 @@ msgstr "" #. type: Content of: <variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:149 sssd.conf.5.xml:652 sssd.conf.5.xml:949 -#: sssd.conf.5.xml:2101 sssd.conf.5.xml:2168 sssd.conf.5.xml:4191 +#: sssd.conf.5.xml:2101 sssd.conf.5.xml:2168 sssd.conf.5.xml:4193 #: sssd-ldap.5.xml:313 sssd-ldap.5.xml:919 sssd-ldap.5.xml:938 #: sssd-ldap.5.xml:1148 sssd-ldap.5.xml:1601 sssd-ldap.5.xml:1841 #: sssd-ipa.5.xml:152 sssd-ipa.5.xml:254 sssd-ipa.5.xml:662 sssd-ad.5.xml:1106 @@ -327,7 +327,7 @@ msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:196 sssd.conf.5.xml:1290 sssd.conf.5.xml:1767 -#: sssd.conf.5.xml:4207 sssd-ldap.5.xml:766 include/ldap_id_mapping.xml:270 +#: sssd.conf.5.xml:4209 sssd-ldap.5.xml:766 include/ldap_id_mapping.xml:270 msgid "Default: 10" msgstr "Per defecte: 10" @@ -952,7 +952,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:700 sssd.conf.5.xml:1791 sssd.conf.5.xml:4257 +#: sssd.conf.5.xml:700 sssd.conf.5.xml:1791 sssd.conf.5.xml:4259 #: sssd-ad.5.xml:187 sssd-ad.5.xml:327 sssd-ad.5.xml:341 msgid "Default: Not set" msgstr "Per defecte: Sense establir" @@ -2243,7 +2243,7 @@ msgid "The path to the certificate database." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1723 sssd.conf.5.xml:2248 sssd.conf.5.xml:4371 +#: sssd.conf.5.xml:1723 sssd.conf.5.xml:2248 sssd.conf.5.xml:4373 msgid "Default:" msgstr "" @@ -2518,7 +2518,7 @@ msgid "Default: no_session" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1950 sssd.conf.5.xml:4310 +#: sssd.conf.5.xml:1950 sssd.conf.5.xml:4312 #, fuzzy #| msgid "ad_gpo_map_service (string)" msgid "pam_gssapi_services" @@ -2572,7 +2572,7 @@ msgid "Default: - (GSSAPI authentication is disabled)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1979 sssd.conf.5.xml:4311 +#: sssd.conf.5.xml:1979 sssd.conf.5.xml:4313 msgid "pam_gssapi_check_upn" msgstr "" @@ -3797,12 +3797,19 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:3042 sssd.conf.5.xml:3153 sssd.conf.5.xml:3204 #: sssd.conf.5.xml:3267 +#, fuzzy +#| msgid "" +#| "<quote>ldap</quote> for native LDAP authentication. See <citerefentry> " +#| "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +#| "citerefentry> for more information on configuring LDAP." msgid "" -"<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management " -"provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> " -"<manvolnum>5</manvolnum> </citerefentry> for more information on configuring " -"FreeIPA." +"<quote>ipa</quote>: FreeIPA and Red Hat Identity Management provider. See " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring FreeIPA." msgstr "" +"<quote>ldap</quote> per autenticació nativa LDAP. Vegeu " +"<citerefentry><refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" +"manvolnum></citerefentry> per a més informació sobre configuració d'LDAP." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:3051 sssd.conf.5.xml:3162 sssd.conf.5.xml:3213 @@ -4926,39 +4933,37 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:4034 -#, fuzzy -#| msgid "These options can be used to configure the InfoPipe responder." -msgid "This option is ignored for the files provider." +msgid "" +"It is expected that the <quote>files</quote> provider ignores the " +"local_auth_policy option and supports Smartcard authentication by default." msgstr "" -"Es poden utilitzar aquestes opcions per configurar el contestador de " -"l'InfoPipe." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4037 +#: sssd.conf.5.xml:4039 #, fuzzy #| msgid "Default: cn" msgid "Default: match" msgstr "Per defecte: cn" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4042 +#: sssd.conf.5.xml:4044 msgid "auto_private_groups (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4048 +#: sssd.conf.5.xml:4050 msgid "true" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4051 +#: sssd.conf.5.xml:4053 msgid "" "Create user's private group unconditionally from user's UID number. The GID " "number is ignored in this case." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4055 +#: sssd.conf.5.xml:4057 msgid "" "NOTE: Because the GID number and the user private group are inferred from " "the UID number, it is not supported to have multiple entries with the same " @@ -4967,24 +4972,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4064 +#: sssd.conf.5.xml:4066 msgid "false" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4067 +#: sssd.conf.5.xml:4069 msgid "" "Always use the user's primary GID number. The GID number must refer to a " "group object in the LDAP database." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4073 +#: sssd.conf.5.xml:4075 msgid "hybrid" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4076 +#: sssd.conf.5.xml:4078 msgid "" "A primary group is autogenerated for user entries whose UID and GID numbers " "have the same value and at the same time the GID number does not correspond " @@ -4994,14 +4999,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4089 +#: sssd.conf.5.xml:4091 msgid "" "If the UID and GID of a user are different, then the GID must correspond to " "a group entry, otherwise the GID is simply not resolvable." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4096 +#: sssd.conf.5.xml:4098 msgid "" "This feature is useful for environments that wish to stop maintaining a " "separate group objects for the user private groups, but also wish to retain " @@ -5009,21 +5014,21 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4045 +#: sssd.conf.5.xml:4047 msgid "" "This option takes any of three available values: <placeholder " "type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4108 +#: sssd.conf.5.xml:4110 msgid "" "For subdomains, the default value is False for subdomains that use assigned " "POSIX IDs and True for subdomains that use automatic ID-mapping." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:4116 +#: sssd.conf.5.xml:4118 #, no-wrap msgid "" "[domain/forest.domain/sub.domain]\n" @@ -5031,7 +5036,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:4122 +#: sssd.conf.5.xml:4124 #, no-wrap msgid "" "[domain/forest.domain]\n" @@ -5040,7 +5045,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4113 +#: sssd.conf.5.xml:4115 msgid "" "The value of auto_private_groups can either be set per subdomains in a " "subsection, for example: <placeholder type=\"programlisting\" id=\"0\"/> or " @@ -5060,17 +5065,17 @@ msgstr "" "replaceable>]</quote> <placeholder type=\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4137 +#: sssd.conf.5.xml:4139 msgid "proxy_pam_target (string)" msgstr "proxy_pam_target (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4140 +#: sssd.conf.5.xml:4142 msgid "The proxy target PAM proxies to." msgstr "El servidor intermediari on reenvia PAM." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4143 +#: sssd.conf.5.xml:4145 #, fuzzy #| msgid "" #| "Default: not set by default, you have to take an existing pam " @@ -5084,12 +5089,12 @@ msgstr "" "de pam existent o crear-ne una de nova i afegir aquí el nom del servei." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4153 +#: sssd.conf.5.xml:4155 msgid "proxy_lib_name (string)" msgstr "proxy_lib_name (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4156 +#: sssd.conf.5.xml:4158 msgid "" "The name of the NSS library to use in proxy domains. The NSS functions " "searched for in the library are in the form of _nss_$(libName)_$(function), " @@ -5100,12 +5105,12 @@ msgstr "" "format _nss_$(libName)_$(function), per exemple _nss_files_getpwent." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4166 +#: sssd.conf.5.xml:4168 msgid "proxy_resolver_lib_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4169 +#: sssd.conf.5.xml:4171 msgid "" "The name of the NSS library to use for hosts and networks lookups in proxy " "domains. The NSS functions searched for in the library are in the form of " @@ -5113,12 +5118,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4180 +#: sssd.conf.5.xml:4182 msgid "proxy_fast_alias (boolean)" msgstr "proxy_fast_alias (booleà)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4183 +#: sssd.conf.5.xml:4185 msgid "" "When a user or group is looked up by name in the proxy provider, a second " "lookup by ID is performed to \"canonicalize\" the name in case the requested " @@ -5127,12 +5132,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4197 +#: sssd.conf.5.xml:4199 msgid "proxy_max_children (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4200 +#: sssd.conf.5.xml:4202 msgid "" "This option specifies the number of pre-forked proxy children. It is useful " "for high-load SSSD environments where sssd may run out of available child " @@ -5140,7 +5145,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4133 +#: sssd.conf.5.xml:4135 msgid "" "Options valid for proxy domains. <placeholder type=\"variablelist\" " "id=\"0\"/>" @@ -5149,12 +5154,12 @@ msgstr "" "type=\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:4216 +#: sssd.conf.5.xml:4218 msgid "Application domains" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4218 +#: sssd.conf.5.xml:4220 msgid "" "SSSD, with its D-Bus interface (see <citerefentry> <refentrytitle>sssd-ifp</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry>) is appealing to " @@ -5171,7 +5176,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4238 +#: sssd.conf.5.xml:4240 msgid "" "Please note that the application domain must still be explicitly enabled in " "the <quote>domains</quote> parameter so that the lookup order between the " @@ -5179,17 +5184,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> -#: sssd.conf.5.xml:4244 +#: sssd.conf.5.xml:4246 msgid "Application domain parameters" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4246 +#: sssd.conf.5.xml:4248 msgid "inherit_from (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4249 +#: sssd.conf.5.xml:4251 msgid "" "The SSSD POSIX-type domain the application domain inherits all settings " "from. The application domain can moreover add its own settings to the " @@ -5198,7 +5203,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4263 +#: sssd.conf.5.xml:4265 msgid "" "The following example illustrates the use of an application domain. In this " "setup, the POSIX domain is connected to an LDAP server and is used by the OS " @@ -5208,7 +5213,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><programlisting> -#: sssd.conf.5.xml:4271 +#: sssd.conf.5.xml:4273 #, no-wrap msgid "" "[sssd]\n" @@ -5228,12 +5233,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4291 +#: sssd.conf.5.xml:4293 msgid "TRUSTED DOMAIN SECTION" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4293 +#: sssd.conf.5.xml:4295 msgid "" "Some options used in the domain section can also be used in the trusted " "domain section, that is, in a section called <quote>[domain/" @@ -5244,69 +5249,69 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4300 +#: sssd.conf.5.xml:4302 msgid "ldap_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4301 +#: sssd.conf.5.xml:4303 msgid "ldap_user_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4302 +#: sssd.conf.5.xml:4304 msgid "ldap_group_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4303 +#: sssd.conf.5.xml:4305 msgid "ldap_netgroup_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4304 +#: sssd.conf.5.xml:4306 msgid "ldap_service_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4305 +#: sssd.conf.5.xml:4307 msgid "ldap_sasl_mech," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4306 +#: sssd.conf.5.xml:4308 msgid "ad_server," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4307 +#: sssd.conf.5.xml:4309 msgid "ad_backup_server," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4308 +#: sssd.conf.5.xml:4310 msgid "ad_site," msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4309 sssd-ipa.5.xml:884 +#: sssd.conf.5.xml:4311 sssd-ipa.5.xml:884 msgid "use_fully_qualified_names" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4313 +#: sssd.conf.5.xml:4315 msgid "" "For more details about these options see their individual description in the " "manual page." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4319 +#: sssd.conf.5.xml:4321 msgid "CERTIFICATE MAPPING SECTION" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4321 +#: sssd.conf.5.xml:4323 msgid "" "To allow authentication with Smartcards and certificates SSSD must be able " "to map certificates to users. This can be done by adding the full " @@ -5319,7 +5324,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4335 +#: sssd.conf.5.xml:4337 msgid "" "To make the mapping more flexible mapping and matching rules were added to " "SSSD (see <citerefentry> <refentrytitle>sss-certmap</refentrytitle> " @@ -5327,7 +5332,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4344 +#: sssd.conf.5.xml:4346 msgid "" "A mapping and matching rule can be added to the SSSD configuration in a " "section on its own with a name like <quote>[certmap/" @@ -5336,55 +5341,55 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4351 +#: sssd.conf.5.xml:4353 msgid "matchrule (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4354 +#: sssd.conf.5.xml:4356 msgid "" "Only certificates from the Smartcard which matches this rule will be " "processed, all others are ignored." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4358 +#: sssd.conf.5.xml:4360 msgid "" "Default: KRB5:<EKU>clientAuth, i.e. only certificates which have the " "Extended Key Usage <quote>clientAuth</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4365 +#: sssd.conf.5.xml:4367 msgid "maprule (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4368 +#: sssd.conf.5.xml:4370 msgid "Defines how the user is found for a given certificate." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4374 +#: sssd.conf.5.xml:4376 msgid "" "LDAP:(userCertificate;binary={cert!bin}) for LDAP based providers like " "<quote>ldap</quote>, <quote>AD</quote> or <quote>ipa</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4380 +#: sssd.conf.5.xml:4382 msgid "" "The RULE_NAME for the <quote>files</quote> provider which tries to find a " "user with the same name." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4389 +#: sssd.conf.5.xml:4391 msgid "domains (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4392 +#: sssd.conf.5.xml:4394 msgid "" "Comma separated list of domain names the rule should be applied. By default " "a rule is only valid in the domain configured in sssd.conf. If the provider " @@ -5393,17 +5398,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4399 +#: sssd.conf.5.xml:4401 msgid "Default: the configured domain in sssd.conf" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4404 +#: sssd.conf.5.xml:4406 msgid "priority (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4407 +#: sssd.conf.5.xml:4409 msgid "" "Unsigned integer value defining the priority of the rule. The higher the " "number the lower the priority. <quote>0</quote> stands for the highest " @@ -5411,26 +5416,26 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4413 +#: sssd.conf.5.xml:4415 msgid "Default: the lowest priority" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4419 +#: sssd.conf.5.xml:4421 msgid "" "To make the configuration simple and reduce the amount of configuration " "options the <quote>files</quote> provider has some special properties:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4425 +#: sssd.conf.5.xml:4427 msgid "" "if maprule is not set the RULE_NAME name is assumed to be the name of the " "matching user" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4431 +#: sssd.conf.5.xml:4433 msgid "" "if a maprule is used both a single user name or a template like " "<quote>{subject_rfc822_name.short_name}</quote> must be in braces like e.g. " @@ -5439,17 +5444,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4440 +#: sssd.conf.5.xml:4442 msgid "the <quote>domains</quote> option is ignored" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4448 +#: sssd.conf.5.xml:4450 msgid "PROMPTING CONFIGURATION SECTION" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4450 +#: sssd.conf.5.xml:4452 msgid "" "If a special file (<filename>/var/lib/sss/pubconf/pam_preauth_available</" "filename>) exists SSSD's PAM module pam_sss will ask SSSD to figure out " @@ -5459,7 +5464,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4458 +#: sssd.conf.5.xml:4460 msgid "" "With the growing number of authentication methods and the possibility that " "there are multiple ones for a single user the heuristic used by pam_sss to " @@ -5468,59 +5473,59 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4470 +#: sssd.conf.5.xml:4472 msgid "[prompting/password]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4473 +#: sssd.conf.5.xml:4475 msgid "password_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4474 +#: sssd.conf.5.xml:4476 msgid "to change the string of the password prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4472 +#: sssd.conf.5.xml:4474 msgid "" "to configure password prompting, allowed options are: <placeholder " "type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4482 +#: sssd.conf.5.xml:4484 msgid "[prompting/2fa]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4486 +#: sssd.conf.5.xml:4488 msgid "first_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4487 +#: sssd.conf.5.xml:4489 msgid "to change the string of the prompt for the first factor" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4490 +#: sssd.conf.5.xml:4492 msgid "second_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4491 +#: sssd.conf.5.xml:4493 msgid "to change the string of the prompt for the second factor" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4494 +#: sssd.conf.5.xml:4496 msgid "single_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4495 +#: sssd.conf.5.xml:4497 msgid "" "boolean value, if True there will be only a single prompt using the value of " "first_prompt where it is expected that both factors are entered as a single " @@ -5529,7 +5534,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4484 +#: sssd.conf.5.xml:4486 msgid "" "to configure two-factor authentication prompting, allowed options are: " "<placeholder type=\"variablelist\" id=\"0\"/> If the second factor is " @@ -5538,17 +5543,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4512 +#: sssd.conf.5.xml:4514 msgid "[prompting/passkey]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4518 sssd-ad.5.xml:1021 +#: sssd.conf.5.xml:4520 sssd-ad.5.xml:1021 msgid "interactive" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4520 +#: sssd.conf.5.xml:4522 msgid "" "boolean value, if True prompt a message and wait before testing the presence " "of a passkey device. Recommended if your device doesn’t have a tactile " @@ -5556,39 +5561,39 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4528 +#: sssd.conf.5.xml:4530 msgid "interactive_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4530 +#: sssd.conf.5.xml:4532 msgid "to change the message of the interactive prompt." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4535 +#: sssd.conf.5.xml:4537 msgid "touch" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4537 +#: sssd.conf.5.xml:4539 msgid "" "boolean value, if True prompt a message to remind the user to touch the " "device." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4543 +#: sssd.conf.5.xml:4545 msgid "touch_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4545 +#: sssd.conf.5.xml:4547 msgid "to change the message of the touch prompt." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4514 +#: sssd.conf.5.xml:4516 #, fuzzy #| msgid "" #| "The following expansions are supported: <placeholder " @@ -5601,7 +5606,7 @@ msgstr "" "id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4465 +#: sssd.conf.5.xml:4467 msgid "" "Each supported authentication method has its own configuration subsection " "under <quote>[prompting/...]</quote>. Currently there are: <placeholder " @@ -5610,7 +5615,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4556 +#: sssd.conf.5.xml:4558 msgid "" "It is possible to add a subsection for specific PAM services, e.g. " "<quote>[prompting/password/sshd]</quote> to individual change the prompting " @@ -5618,12 +5623,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4563 pam_sss_gss.8.xml:157 idmap_sss.8.xml:43 +#: sssd.conf.5.xml:4565 pam_sss_gss.8.xml:157 idmap_sss.8.xml:43 msgid "EXAMPLES" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4569 +#: sssd.conf.5.xml:4571 #, no-wrap msgid "" "[sssd]\n" @@ -5677,7 +5682,7 @@ msgstr "" "enumerate = False\n" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4565 +#: sssd.conf.5.xml:4567 msgid "" "1. The following example shows a typical SSSD config. It does not describe " "configuration of the domains themselves - refer to documentation on " @@ -5686,7 +5691,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4602 +#: sssd.conf.5.xml:4604 #, no-wrap msgid "" "[domain/ipa.com/child.ad.com]\n" @@ -5694,7 +5699,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4596 +#: sssd.conf.5.xml:4598 msgid "" "2. The following example shows configuration of IPA AD trust where the AD " "forest consists of two domains in a parent-child structure. Suppose IPA " @@ -5705,7 +5710,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4613 +#: sssd.conf.5.xml:4615 #, no-wrap msgid "" "[certmap/my.domain/rule_name]\n" @@ -5716,7 +5721,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4607 +#: sssd.conf.5.xml:4609 msgid "" "3. The following example shows the configuration of a certificate mapping " "rule. It is valid for the configured domain <quote>my.domain</quote> and " @@ -19325,6 +19330,13 @@ msgid "" "feature is available with MIT Kerberos 1.7 and later versions." msgstr "" +#, fuzzy +#~| msgid "These options can be used to configure the InfoPipe responder." +#~ msgid "This option is ignored for the files provider." +#~ msgstr "" +#~ "Es poden utilitzar aquestes opcions per configurar el contestador de " +#~ "l'InfoPipe." + #, fuzzy #~| msgid "" #~| "Determines if user credentials are also cached in the local LDB cache" diff --git a/src/man/po/cs.po b/src/man/po/cs.po index a414edc0e10..d9646b5b5bf 100644 --- a/src/man/po/cs.po +++ b/src/man/po/cs.po @@ -10,7 +10,7 @@ msgid "" msgstr "" "Project-Id-Version: sssd-docs 2.3.0\n" "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" -"POT-Creation-Date: 2023-11-13 11:53+0100\n" +"POT-Creation-Date: 2024-01-12 13:00+0100\n" "PO-Revision-Date: 2022-05-20 09:18+0000\n" "Last-Translator: Pavel Borecki <pavel.borecki@gmail.com>\n" "Language-Team: Czech <https://translate.fedoraproject.org/projects/sssd/sssd-" @@ -245,7 +245,7 @@ msgstr "" #. type: Content of: <variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:149 sssd.conf.5.xml:652 sssd.conf.5.xml:949 -#: sssd.conf.5.xml:2101 sssd.conf.5.xml:2168 sssd.conf.5.xml:4191 +#: sssd.conf.5.xml:2101 sssd.conf.5.xml:2168 sssd.conf.5.xml:4193 #: sssd-ldap.5.xml:313 sssd-ldap.5.xml:919 sssd-ldap.5.xml:938 #: sssd-ldap.5.xml:1148 sssd-ldap.5.xml:1601 sssd-ldap.5.xml:1841 #: sssd-ipa.5.xml:152 sssd-ipa.5.xml:254 sssd-ipa.5.xml:662 sssd-ad.5.xml:1106 @@ -314,7 +314,7 @@ msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:196 sssd.conf.5.xml:1290 sssd.conf.5.xml:1767 -#: sssd.conf.5.xml:4207 sssd-ldap.5.xml:766 include/ldap_id_mapping.xml:270 +#: sssd.conf.5.xml:4209 sssd-ldap.5.xml:766 include/ldap_id_mapping.xml:270 msgid "Default: 10" msgstr "" @@ -897,7 +897,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:700 sssd.conf.5.xml:1791 sssd.conf.5.xml:4257 +#: sssd.conf.5.xml:700 sssd.conf.5.xml:1791 sssd.conf.5.xml:4259 #: sssd-ad.5.xml:187 sssd-ad.5.xml:327 sssd-ad.5.xml:341 msgid "Default: Not set" msgstr "" @@ -2096,7 +2096,7 @@ msgid "The path to the certificate database." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1723 sssd.conf.5.xml:2248 sssd.conf.5.xml:4371 +#: sssd.conf.5.xml:1723 sssd.conf.5.xml:2248 sssd.conf.5.xml:4373 msgid "Default:" msgstr "" @@ -2364,7 +2364,7 @@ msgid "Default: no_session" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1950 sssd.conf.5.xml:4310 +#: sssd.conf.5.xml:1950 sssd.conf.5.xml:4312 msgid "pam_gssapi_services" msgstr "" @@ -2408,7 +2408,7 @@ msgid "Default: - (GSSAPI authentication is disabled)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1979 sssd.conf.5.xml:4311 +#: sssd.conf.5.xml:1979 sssd.conf.5.xml:4313 msgid "pam_gssapi_check_upn" msgstr "" @@ -3598,10 +3598,9 @@ msgstr "" #: sssd.conf.5.xml:3042 sssd.conf.5.xml:3153 sssd.conf.5.xml:3204 #: sssd.conf.5.xml:3267 msgid "" -"<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management " -"provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> " -"<manvolnum>5</manvolnum> </citerefentry> for more information on configuring " -"FreeIPA." +"<quote>ipa</quote>: FreeIPA and Red Hat Identity Management provider. See " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring FreeIPA." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> @@ -4670,35 +4669,37 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:4034 -msgid "This option is ignored for the files provider." +msgid "" +"It is expected that the <quote>files</quote> provider ignores the " +"local_auth_policy option and supports Smartcard authentication by default." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4037 +#: sssd.conf.5.xml:4039 #, fuzzy #| msgid "Default: 3" msgid "Default: match" msgstr "Výchozí: 3" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4042 +#: sssd.conf.5.xml:4044 msgid "auto_private_groups (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4048 +#: sssd.conf.5.xml:4050 msgid "true" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4051 +#: sssd.conf.5.xml:4053 msgid "" "Create user's private group unconditionally from user's UID number. The GID " "number is ignored in this case." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4055 +#: sssd.conf.5.xml:4057 msgid "" "NOTE: Because the GID number and the user private group are inferred from " "the UID number, it is not supported to have multiple entries with the same " @@ -4707,24 +4708,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4064 +#: sssd.conf.5.xml:4066 msgid "false" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4067 +#: sssd.conf.5.xml:4069 msgid "" "Always use the user's primary GID number. The GID number must refer to a " "group object in the LDAP database." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4073 +#: sssd.conf.5.xml:4075 msgid "hybrid" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4076 +#: sssd.conf.5.xml:4078 msgid "" "A primary group is autogenerated for user entries whose UID and GID numbers " "have the same value and at the same time the GID number does not correspond " @@ -4734,14 +4735,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4089 +#: sssd.conf.5.xml:4091 msgid "" "If the UID and GID of a user are different, then the GID must correspond to " "a group entry, otherwise the GID is simply not resolvable." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4096 +#: sssd.conf.5.xml:4098 msgid "" "This feature is useful for environments that wish to stop maintaining a " "separate group objects for the user private groups, but also wish to retain " @@ -4749,21 +4750,21 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4045 +#: sssd.conf.5.xml:4047 msgid "" "This option takes any of three available values: <placeholder " "type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4108 +#: sssd.conf.5.xml:4110 msgid "" "For subdomains, the default value is False for subdomains that use assigned " "POSIX IDs and True for subdomains that use automatic ID-mapping." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:4116 +#: sssd.conf.5.xml:4118 #, no-wrap msgid "" "[domain/forest.domain/sub.domain]\n" @@ -4771,7 +4772,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:4122 +#: sssd.conf.5.xml:4124 #, no-wrap msgid "" "[domain/forest.domain]\n" @@ -4780,7 +4781,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4113 +#: sssd.conf.5.xml:4115 msgid "" "The value of auto_private_groups can either be set per subdomains in a " "subsection, for example: <placeholder type=\"programlisting\" id=\"0\"/> or " @@ -4797,17 +4798,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4137 +#: sssd.conf.5.xml:4139 msgid "proxy_pam_target (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4140 +#: sssd.conf.5.xml:4142 msgid "The proxy target PAM proxies to." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4143 +#: sssd.conf.5.xml:4145 msgid "" "Default: not set by default, you have to take an existing pam configuration " "or create a new one and add the service name here. As an alternative you can " @@ -4815,12 +4816,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4153 +#: sssd.conf.5.xml:4155 msgid "proxy_lib_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4156 +#: sssd.conf.5.xml:4158 msgid "" "The name of the NSS library to use in proxy domains. The NSS functions " "searched for in the library are in the form of _nss_$(libName)_$(function), " @@ -4828,12 +4829,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4166 +#: sssd.conf.5.xml:4168 msgid "proxy_resolver_lib_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4169 +#: sssd.conf.5.xml:4171 msgid "" "The name of the NSS library to use for hosts and networks lookups in proxy " "domains. The NSS functions searched for in the library are in the form of " @@ -4841,12 +4842,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4180 +#: sssd.conf.5.xml:4182 msgid "proxy_fast_alias (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4183 +#: sssd.conf.5.xml:4185 msgid "" "When a user or group is looked up by name in the proxy provider, a second " "lookup by ID is performed to \"canonicalize\" the name in case the requested " @@ -4855,12 +4856,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4197 +#: sssd.conf.5.xml:4199 msgid "proxy_max_children (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4200 +#: sssd.conf.5.xml:4202 msgid "" "This option specifies the number of pre-forked proxy children. It is useful " "for high-load SSSD environments where sssd may run out of available child " @@ -4868,19 +4869,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4133 +#: sssd.conf.5.xml:4135 msgid "" "Options valid for proxy domains. <placeholder type=\"variablelist\" " "id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:4216 +#: sssd.conf.5.xml:4218 msgid "Application domains" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4218 +#: sssd.conf.5.xml:4220 msgid "" "SSSD, with its D-Bus interface (see <citerefentry> <refentrytitle>sssd-ifp</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry>) is appealing to " @@ -4897,7 +4898,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4238 +#: sssd.conf.5.xml:4240 msgid "" "Please note that the application domain must still be explicitly enabled in " "the <quote>domains</quote> parameter so that the lookup order between the " @@ -4905,17 +4906,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> -#: sssd.conf.5.xml:4244 +#: sssd.conf.5.xml:4246 msgid "Application domain parameters" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4246 +#: sssd.conf.5.xml:4248 msgid "inherit_from (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4249 +#: sssd.conf.5.xml:4251 msgid "" "The SSSD POSIX-type domain the application domain inherits all settings " "from. The application domain can moreover add its own settings to the " @@ -4924,7 +4925,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4263 +#: sssd.conf.5.xml:4265 msgid "" "The following example illustrates the use of an application domain. In this " "setup, the POSIX domain is connected to an LDAP server and is used by the OS " @@ -4934,7 +4935,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><programlisting> -#: sssd.conf.5.xml:4271 +#: sssd.conf.5.xml:4273 #, no-wrap msgid "" "[sssd]\n" @@ -4954,12 +4955,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4291 +#: sssd.conf.5.xml:4293 msgid "TRUSTED DOMAIN SECTION" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4293 +#: sssd.conf.5.xml:4295 msgid "" "Some options used in the domain section can also be used in the trusted " "domain section, that is, in a section called <quote>[domain/" @@ -4970,69 +4971,69 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4300 +#: sssd.conf.5.xml:4302 msgid "ldap_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4301 +#: sssd.conf.5.xml:4303 msgid "ldap_user_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4302 +#: sssd.conf.5.xml:4304 msgid "ldap_group_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4303 +#: sssd.conf.5.xml:4305 msgid "ldap_netgroup_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4304 +#: sssd.conf.5.xml:4306 msgid "ldap_service_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4305 +#: sssd.conf.5.xml:4307 msgid "ldap_sasl_mech," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4306 +#: sssd.conf.5.xml:4308 msgid "ad_server," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4307 +#: sssd.conf.5.xml:4309 msgid "ad_backup_server," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4308 +#: sssd.conf.5.xml:4310 msgid "ad_site," msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4309 sssd-ipa.5.xml:884 +#: sssd.conf.5.xml:4311 sssd-ipa.5.xml:884 msgid "use_fully_qualified_names" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4313 +#: sssd.conf.5.xml:4315 msgid "" "For more details about these options see their individual description in the " "manual page." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4319 +#: sssd.conf.5.xml:4321 msgid "CERTIFICATE MAPPING SECTION" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4321 +#: sssd.conf.5.xml:4323 msgid "" "To allow authentication with Smartcards and certificates SSSD must be able " "to map certificates to users. This can be done by adding the full " @@ -5045,7 +5046,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4335 +#: sssd.conf.5.xml:4337 msgid "" "To make the mapping more flexible mapping and matching rules were added to " "SSSD (see <citerefentry> <refentrytitle>sss-certmap</refentrytitle> " @@ -5053,7 +5054,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4344 +#: sssd.conf.5.xml:4346 msgid "" "A mapping and matching rule can be added to the SSSD configuration in a " "section on its own with a name like <quote>[certmap/" @@ -5062,55 +5063,55 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4351 +#: sssd.conf.5.xml:4353 msgid "matchrule (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4354 +#: sssd.conf.5.xml:4356 msgid "" "Only certificates from the Smartcard which matches this rule will be " "processed, all others are ignored." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4358 +#: sssd.conf.5.xml:4360 msgid "" "Default: KRB5:<EKU>clientAuth, i.e. only certificates which have the " "Extended Key Usage <quote>clientAuth</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4365 +#: sssd.conf.5.xml:4367 msgid "maprule (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4368 +#: sssd.conf.5.xml:4370 msgid "Defines how the user is found for a given certificate." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4374 +#: sssd.conf.5.xml:4376 msgid "" "LDAP:(userCertificate;binary={cert!bin}) for LDAP based providers like " "<quote>ldap</quote>, <quote>AD</quote> or <quote>ipa</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4380 +#: sssd.conf.5.xml:4382 msgid "" "The RULE_NAME for the <quote>files</quote> provider which tries to find a " "user with the same name." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4389 +#: sssd.conf.5.xml:4391 msgid "domains (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4392 +#: sssd.conf.5.xml:4394 msgid "" "Comma separated list of domain names the rule should be applied. By default " "a rule is only valid in the domain configured in sssd.conf. If the provider " @@ -5119,17 +5120,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4399 +#: sssd.conf.5.xml:4401 msgid "Default: the configured domain in sssd.conf" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4404 +#: sssd.conf.5.xml:4406 msgid "priority (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4407 +#: sssd.conf.5.xml:4409 msgid "" "Unsigned integer value defining the priority of the rule. The higher the " "number the lower the priority. <quote>0</quote> stands for the highest " @@ -5137,26 +5138,26 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4413 +#: sssd.conf.5.xml:4415 msgid "Default: the lowest priority" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4419 +#: sssd.conf.5.xml:4421 msgid "" "To make the configuration simple and reduce the amount of configuration " "options the <quote>files</quote> provider has some special properties:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4425 +#: sssd.conf.5.xml:4427 msgid "" "if maprule is not set the RULE_NAME name is assumed to be the name of the " "matching user" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4431 +#: sssd.conf.5.xml:4433 msgid "" "if a maprule is used both a single user name or a template like " "<quote>{subject_rfc822_name.short_name}</quote> must be in braces like e.g. " @@ -5165,17 +5166,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4440 +#: sssd.conf.5.xml:4442 msgid "the <quote>domains</quote> option is ignored" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4448 +#: sssd.conf.5.xml:4450 msgid "PROMPTING CONFIGURATION SECTION" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4450 +#: sssd.conf.5.xml:4452 msgid "" "If a special file (<filename>/var/lib/sss/pubconf/pam_preauth_available</" "filename>) exists SSSD's PAM module pam_sss will ask SSSD to figure out " @@ -5185,7 +5186,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4458 +#: sssd.conf.5.xml:4460 msgid "" "With the growing number of authentication methods and the possibility that " "there are multiple ones for a single user the heuristic used by pam_sss to " @@ -5194,59 +5195,59 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4470 +#: sssd.conf.5.xml:4472 msgid "[prompting/password]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4473 +#: sssd.conf.5.xml:4475 msgid "password_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4474 +#: sssd.conf.5.xml:4476 msgid "to change the string of the password prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4472 +#: sssd.conf.5.xml:4474 msgid "" "to configure password prompting, allowed options are: <placeholder " "type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4482 +#: sssd.conf.5.xml:4484 msgid "[prompting/2fa]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4486 +#: sssd.conf.5.xml:4488 msgid "first_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4487 +#: sssd.conf.5.xml:4489 msgid "to change the string of the prompt for the first factor" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4490 +#: sssd.conf.5.xml:4492 msgid "second_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4491 +#: sssd.conf.5.xml:4493 msgid "to change the string of the prompt for the second factor" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4494 +#: sssd.conf.5.xml:4496 msgid "single_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4495 +#: sssd.conf.5.xml:4497 msgid "" "boolean value, if True there will be only a single prompt using the value of " "first_prompt where it is expected that both factors are entered as a single " @@ -5255,7 +5256,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4484 +#: sssd.conf.5.xml:4486 msgid "" "to configure two-factor authentication prompting, allowed options are: " "<placeholder type=\"variablelist\" id=\"0\"/> If the second factor is " @@ -5264,17 +5265,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4512 +#: sssd.conf.5.xml:4514 msgid "[prompting/passkey]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4518 sssd-ad.5.xml:1021 +#: sssd.conf.5.xml:4520 sssd-ad.5.xml:1021 msgid "interactive" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4520 +#: sssd.conf.5.xml:4522 msgid "" "boolean value, if True prompt a message and wait before testing the presence " "of a passkey device. Recommended if your device doesn’t have a tactile " @@ -5282,46 +5283,46 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4528 +#: sssd.conf.5.xml:4530 msgid "interactive_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4530 +#: sssd.conf.5.xml:4532 msgid "to change the message of the interactive prompt." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4535 +#: sssd.conf.5.xml:4537 msgid "touch" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4537 +#: sssd.conf.5.xml:4539 msgid "" "boolean value, if True prompt a message to remind the user to touch the " "device." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4543 +#: sssd.conf.5.xml:4545 msgid "touch_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4545 +#: sssd.conf.5.xml:4547 msgid "to change the message of the touch prompt." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4514 +#: sssd.conf.5.xml:4516 msgid "" "to configure passkey authentication prompting, allowed options are: " "<placeholder type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4465 +#: sssd.conf.5.xml:4467 msgid "" "Each supported authentication method has its own configuration subsection " "under <quote>[prompting/...]</quote>. Currently there are: <placeholder " @@ -5330,7 +5331,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4556 +#: sssd.conf.5.xml:4558 msgid "" "It is possible to add a subsection for specific PAM services, e.g. " "<quote>[prompting/password/sshd]</quote> to individual change the prompting " @@ -5338,12 +5339,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4563 pam_sss_gss.8.xml:157 idmap_sss.8.xml:43 +#: sssd.conf.5.xml:4565 pam_sss_gss.8.xml:157 idmap_sss.8.xml:43 msgid "EXAMPLES" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4569 +#: sssd.conf.5.xml:4571 #, no-wrap msgid "" "[sssd]\n" @@ -5373,7 +5374,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4565 +#: sssd.conf.5.xml:4567 msgid "" "1. The following example shows a typical SSSD config. It does not describe " "configuration of the domains themselves - refer to documentation on " @@ -5382,7 +5383,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4602 +#: sssd.conf.5.xml:4604 #, no-wrap msgid "" "[domain/ipa.com/child.ad.com]\n" @@ -5390,7 +5391,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4596 +#: sssd.conf.5.xml:4598 msgid "" "2. The following example shows configuration of IPA AD trust where the AD " "forest consists of two domains in a parent-child structure. Suppose IPA " @@ -5401,7 +5402,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4613 +#: sssd.conf.5.xml:4615 #, no-wrap msgid "" "[certmap/my.domain/rule_name]\n" @@ -5412,7 +5413,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4607 +#: sssd.conf.5.xml:4609 msgid "" "3. The following example shows the configuration of a certificate mapping " "rule. It is valid for the configured domain <quote>my.domain</quote> and " diff --git a/src/man/po/de.po b/src/man/po/de.po index 3c2af091a55..81afc72dd35 100644 --- a/src/man/po/de.po +++ b/src/man/po/de.po @@ -10,7 +10,7 @@ msgid "" msgstr "" "Project-Id-Version: sssd-docs 2.3.0\n" "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" -"POT-Creation-Date: 2023-11-13 11:53+0100\n" +"POT-Creation-Date: 2024-01-12 13:00+0100\n" "PO-Revision-Date: 2021-02-02 14:40+0000\n" "Last-Translator: Sumit Bose <sbose@redhat.com>\n" "Language-Team: German <https://translate.fedoraproject.org/projects/sssd/" @@ -241,7 +241,7 @@ msgstr "" #. type: Content of: <variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:149 sssd.conf.5.xml:652 sssd.conf.5.xml:949 -#: sssd.conf.5.xml:2101 sssd.conf.5.xml:2168 sssd.conf.5.xml:4191 +#: sssd.conf.5.xml:2101 sssd.conf.5.xml:2168 sssd.conf.5.xml:4193 #: sssd-ldap.5.xml:313 sssd-ldap.5.xml:919 sssd-ldap.5.xml:938 #: sssd-ldap.5.xml:1148 sssd-ldap.5.xml:1601 sssd-ldap.5.xml:1841 #: sssd-ipa.5.xml:152 sssd-ipa.5.xml:254 sssd-ipa.5.xml:662 sssd-ad.5.xml:1106 @@ -312,7 +312,7 @@ msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:196 sssd.conf.5.xml:1290 sssd.conf.5.xml:1767 -#: sssd.conf.5.xml:4207 sssd-ldap.5.xml:766 include/ldap_id_mapping.xml:270 +#: sssd.conf.5.xml:4209 sssd-ldap.5.xml:766 include/ldap_id_mapping.xml:270 msgid "Default: 10" msgstr "Voreinstellung: 10" @@ -937,7 +937,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:700 sssd.conf.5.xml:1791 sssd.conf.5.xml:4257 +#: sssd.conf.5.xml:700 sssd.conf.5.xml:1791 sssd.conf.5.xml:4259 #: sssd-ad.5.xml:187 sssd-ad.5.xml:327 sssd-ad.5.xml:341 msgid "Default: Not set" msgstr "Voreinstellung: Nicht gesetzt" @@ -2267,7 +2267,7 @@ msgid "The path to the certificate database." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1723 sssd.conf.5.xml:2248 sssd.conf.5.xml:4371 +#: sssd.conf.5.xml:1723 sssd.conf.5.xml:2248 sssd.conf.5.xml:4373 msgid "Default:" msgstr "" @@ -2542,7 +2542,7 @@ msgid "Default: no_session" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1950 sssd.conf.5.xml:4310 +#: sssd.conf.5.xml:1950 sssd.conf.5.xml:4312 msgid "pam_gssapi_services" msgstr "" @@ -2593,7 +2593,7 @@ msgid "Default: - (GSSAPI authentication is disabled)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1979 sssd.conf.5.xml:4311 +#: sssd.conf.5.xml:1979 sssd.conf.5.xml:4313 msgid "pam_gssapi_check_upn" msgstr "" @@ -3883,11 +3883,16 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:3042 sssd.conf.5.xml:3153 sssd.conf.5.xml:3204 #: sssd.conf.5.xml:3267 +#, fuzzy +#| msgid "" +#| "<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management " +#| "provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> " +#| "<manvolnum>5</manvolnum> </citerefentry> for more information on " +#| "configuring FreeIPA." msgid "" -"<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management " -"provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> " -"<manvolnum>5</manvolnum> </citerefentry> for more information on configuring " -"FreeIPA." +"<quote>ipa</quote>: FreeIPA and Red Hat Identity Management provider. See " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring FreeIPA." msgstr "" "»ipa«: Anbieter von FreeIPA und Red Hat Enterprise Identity Management. " "Weitere Informationen über die Konfiguration von FreeIPA finden Sie unter " @@ -5106,37 +5111,37 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:4034 -#, fuzzy -#| msgid "This option is not available in IPA provider." -msgid "This option is ignored for the files provider." -msgstr "Diese Option ist für IPA-Anbieter nicht verfügbar." +msgid "" +"It is expected that the <quote>files</quote> provider ignores the " +"local_auth_policy option and supports Smartcard authentication by default." +msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4037 +#: sssd.conf.5.xml:4039 #, fuzzy #| msgid "Default: cn" msgid "Default: match" msgstr "Voreinstellung: cn" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4042 +#: sssd.conf.5.xml:4044 msgid "auto_private_groups (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4048 +#: sssd.conf.5.xml:4050 msgid "true" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4051 +#: sssd.conf.5.xml:4053 msgid "" "Create user's private group unconditionally from user's UID number. The GID " "number is ignored in this case." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4055 +#: sssd.conf.5.xml:4057 msgid "" "NOTE: Because the GID number and the user private group are inferred from " "the UID number, it is not supported to have multiple entries with the same " @@ -5145,24 +5150,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4064 +#: sssd.conf.5.xml:4066 msgid "false" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4067 +#: sssd.conf.5.xml:4069 msgid "" "Always use the user's primary GID number. The GID number must refer to a " "group object in the LDAP database." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4073 +#: sssd.conf.5.xml:4075 msgid "hybrid" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4076 +#: sssd.conf.5.xml:4078 msgid "" "A primary group is autogenerated for user entries whose UID and GID numbers " "have the same value and at the same time the GID number does not correspond " @@ -5172,14 +5177,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4089 +#: sssd.conf.5.xml:4091 msgid "" "If the UID and GID of a user are different, then the GID must correspond to " "a group entry, otherwise the GID is simply not resolvable." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4096 +#: sssd.conf.5.xml:4098 msgid "" "This feature is useful for environments that wish to stop maintaining a " "separate group objects for the user private groups, but also wish to retain " @@ -5187,21 +5192,21 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4045 +#: sssd.conf.5.xml:4047 msgid "" "This option takes any of three available values: <placeholder " "type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4108 +#: sssd.conf.5.xml:4110 msgid "" "For subdomains, the default value is False for subdomains that use assigned " "POSIX IDs and True for subdomains that use automatic ID-mapping." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:4116 +#: sssd.conf.5.xml:4118 #, no-wrap msgid "" "[domain/forest.domain/sub.domain]\n" @@ -5209,7 +5214,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:4122 +#: sssd.conf.5.xml:4124 #, no-wrap msgid "" "[domain/forest.domain]\n" @@ -5218,7 +5223,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4113 +#: sssd.conf.5.xml:4115 msgid "" "The value of auto_private_groups can either be set per subdomains in a " "subsection, for example: <placeholder type=\"programlisting\" id=\"0\"/> or " @@ -5239,17 +5244,17 @@ msgstr "" "type=\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4137 +#: sssd.conf.5.xml:4139 msgid "proxy_pam_target (string)" msgstr "proxy_pam_target (Zeichenkette)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4140 +#: sssd.conf.5.xml:4142 msgid "The proxy target PAM proxies to." msgstr "das Proxy-Ziel, an das PAM weiterleitet" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4143 +#: sssd.conf.5.xml:4145 #, fuzzy #| msgid "" #| "Default: not set by default, you have to take an existing pam " @@ -5264,12 +5269,12 @@ msgstr "" "hinzufügen." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4153 +#: sssd.conf.5.xml:4155 msgid "proxy_lib_name (string)" msgstr "proxy_lib_name (Zeichenkette)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4156 +#: sssd.conf.5.xml:4158 msgid "" "The name of the NSS library to use in proxy domains. The NSS functions " "searched for in the library are in the form of _nss_$(libName)_$(function), " @@ -5280,12 +5285,12 @@ msgstr "" "»_nss_$(libName)_$(function)«, zum Beispiel »_nss_files_getpwent«." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4166 +#: sssd.conf.5.xml:4168 msgid "proxy_resolver_lib_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4169 +#: sssd.conf.5.xml:4171 msgid "" "The name of the NSS library to use for hosts and networks lookups in proxy " "domains. The NSS functions searched for in the library are in the form of " @@ -5293,12 +5298,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4180 +#: sssd.conf.5.xml:4182 msgid "proxy_fast_alias (boolean)" msgstr "proxy_fast_alias (Boolesch)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4183 +#: sssd.conf.5.xml:4185 msgid "" "When a user or group is looked up by name in the proxy provider, a second " "lookup by ID is performed to \"canonicalize\" the name in case the requested " @@ -5312,12 +5317,12 @@ msgstr "" "veranlassen, die ID im Zwischenspeicher nachzuschlagen." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4197 +#: sssd.conf.5.xml:4199 msgid "proxy_max_children (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4200 +#: sssd.conf.5.xml:4202 msgid "" "This option specifies the number of pre-forked proxy children. It is useful " "for high-load SSSD environments where sssd may run out of available child " @@ -5325,7 +5330,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4133 +#: sssd.conf.5.xml:4135 msgid "" "Options valid for proxy domains. <placeholder type=\"variablelist\" " "id=\"0\"/>" @@ -5334,12 +5339,12 @@ msgstr "" "id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:4216 +#: sssd.conf.5.xml:4218 msgid "Application domains" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4218 +#: sssd.conf.5.xml:4220 msgid "" "SSSD, with its D-Bus interface (see <citerefentry> <refentrytitle>sssd-ifp</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry>) is appealing to " @@ -5356,7 +5361,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4238 +#: sssd.conf.5.xml:4240 msgid "" "Please note that the application domain must still be explicitly enabled in " "the <quote>domains</quote> parameter so that the lookup order between the " @@ -5364,17 +5369,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> -#: sssd.conf.5.xml:4244 +#: sssd.conf.5.xml:4246 msgid "Application domain parameters" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4246 +#: sssd.conf.5.xml:4248 msgid "inherit_from (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4249 +#: sssd.conf.5.xml:4251 msgid "" "The SSSD POSIX-type domain the application domain inherits all settings " "from. The application domain can moreover add its own settings to the " @@ -5383,7 +5388,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4263 +#: sssd.conf.5.xml:4265 msgid "" "The following example illustrates the use of an application domain. In this " "setup, the POSIX domain is connected to an LDAP server and is used by the OS " @@ -5393,7 +5398,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><programlisting> -#: sssd.conf.5.xml:4271 +#: sssd.conf.5.xml:4273 #, no-wrap msgid "" "[sssd]\n" @@ -5413,12 +5418,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4291 +#: sssd.conf.5.xml:4293 msgid "TRUSTED DOMAIN SECTION" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4293 +#: sssd.conf.5.xml:4295 msgid "" "Some options used in the domain section can also be used in the trusted " "domain section, that is, in a section called <quote>[domain/" @@ -5429,69 +5434,69 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4300 +#: sssd.conf.5.xml:4302 msgid "ldap_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4301 +#: sssd.conf.5.xml:4303 msgid "ldap_user_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4302 +#: sssd.conf.5.xml:4304 msgid "ldap_group_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4303 +#: sssd.conf.5.xml:4305 msgid "ldap_netgroup_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4304 +#: sssd.conf.5.xml:4306 msgid "ldap_service_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4305 +#: sssd.conf.5.xml:4307 msgid "ldap_sasl_mech," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4306 +#: sssd.conf.5.xml:4308 msgid "ad_server," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4307 +#: sssd.conf.5.xml:4309 msgid "ad_backup_server," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4308 +#: sssd.conf.5.xml:4310 msgid "ad_site," msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4309 sssd-ipa.5.xml:884 +#: sssd.conf.5.xml:4311 sssd-ipa.5.xml:884 msgid "use_fully_qualified_names" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4313 +#: sssd.conf.5.xml:4315 msgid "" "For more details about these options see their individual description in the " "manual page." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4319 +#: sssd.conf.5.xml:4321 msgid "CERTIFICATE MAPPING SECTION" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4321 +#: sssd.conf.5.xml:4323 msgid "" "To allow authentication with Smartcards and certificates SSSD must be able " "to map certificates to users. This can be done by adding the full " @@ -5504,7 +5509,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4335 +#: sssd.conf.5.xml:4337 msgid "" "To make the mapping more flexible mapping and matching rules were added to " "SSSD (see <citerefentry> <refentrytitle>sss-certmap</refentrytitle> " @@ -5512,7 +5517,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4344 +#: sssd.conf.5.xml:4346 msgid "" "A mapping and matching rule can be added to the SSSD configuration in a " "section on its own with a name like <quote>[certmap/" @@ -5521,55 +5526,55 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4351 +#: sssd.conf.5.xml:4353 msgid "matchrule (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4354 +#: sssd.conf.5.xml:4356 msgid "" "Only certificates from the Smartcard which matches this rule will be " "processed, all others are ignored." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4358 +#: sssd.conf.5.xml:4360 msgid "" "Default: KRB5:<EKU>clientAuth, i.e. only certificates which have the " "Extended Key Usage <quote>clientAuth</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4365 +#: sssd.conf.5.xml:4367 msgid "maprule (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4368 +#: sssd.conf.5.xml:4370 msgid "Defines how the user is found for a given certificate." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4374 +#: sssd.conf.5.xml:4376 msgid "" "LDAP:(userCertificate;binary={cert!bin}) for LDAP based providers like " "<quote>ldap</quote>, <quote>AD</quote> or <quote>ipa</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4380 +#: sssd.conf.5.xml:4382 msgid "" "The RULE_NAME for the <quote>files</quote> provider which tries to find a " "user with the same name." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4389 +#: sssd.conf.5.xml:4391 msgid "domains (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4392 +#: sssd.conf.5.xml:4394 msgid "" "Comma separated list of domain names the rule should be applied. By default " "a rule is only valid in the domain configured in sssd.conf. If the provider " @@ -5578,17 +5583,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4399 +#: sssd.conf.5.xml:4401 msgid "Default: the configured domain in sssd.conf" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4404 +#: sssd.conf.5.xml:4406 msgid "priority (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4407 +#: sssd.conf.5.xml:4409 msgid "" "Unsigned integer value defining the priority of the rule. The higher the " "number the lower the priority. <quote>0</quote> stands for the highest " @@ -5596,26 +5601,26 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4413 +#: sssd.conf.5.xml:4415 msgid "Default: the lowest priority" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4419 +#: sssd.conf.5.xml:4421 msgid "" "To make the configuration simple and reduce the amount of configuration " "options the <quote>files</quote> provider has some special properties:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4425 +#: sssd.conf.5.xml:4427 msgid "" "if maprule is not set the RULE_NAME name is assumed to be the name of the " "matching user" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4431 +#: sssd.conf.5.xml:4433 msgid "" "if a maprule is used both a single user name or a template like " "<quote>{subject_rfc822_name.short_name}</quote> must be in braces like e.g. " @@ -5624,17 +5629,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4440 +#: sssd.conf.5.xml:4442 msgid "the <quote>domains</quote> option is ignored" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4448 +#: sssd.conf.5.xml:4450 msgid "PROMPTING CONFIGURATION SECTION" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4450 +#: sssd.conf.5.xml:4452 msgid "" "If a special file (<filename>/var/lib/sss/pubconf/pam_preauth_available</" "filename>) exists SSSD's PAM module pam_sss will ask SSSD to figure out " @@ -5644,7 +5649,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4458 +#: sssd.conf.5.xml:4460 msgid "" "With the growing number of authentication methods and the possibility that " "there are multiple ones for a single user the heuristic used by pam_sss to " @@ -5653,59 +5658,59 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4470 +#: sssd.conf.5.xml:4472 msgid "[prompting/password]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4473 +#: sssd.conf.5.xml:4475 msgid "password_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4474 +#: sssd.conf.5.xml:4476 msgid "to change the string of the password prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4472 +#: sssd.conf.5.xml:4474 msgid "" "to configure password prompting, allowed options are: <placeholder " "type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4482 +#: sssd.conf.5.xml:4484 msgid "[prompting/2fa]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4486 +#: sssd.conf.5.xml:4488 msgid "first_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4487 +#: sssd.conf.5.xml:4489 msgid "to change the string of the prompt for the first factor" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4490 +#: sssd.conf.5.xml:4492 msgid "second_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4491 +#: sssd.conf.5.xml:4493 msgid "to change the string of the prompt for the second factor" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4494 +#: sssd.conf.5.xml:4496 msgid "single_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4495 +#: sssd.conf.5.xml:4497 msgid "" "boolean value, if True there will be only a single prompt using the value of " "first_prompt where it is expected that both factors are entered as a single " @@ -5714,7 +5719,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4484 +#: sssd.conf.5.xml:4486 msgid "" "to configure two-factor authentication prompting, allowed options are: " "<placeholder type=\"variablelist\" id=\"0\"/> If the second factor is " @@ -5723,17 +5728,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4512 +#: sssd.conf.5.xml:4514 msgid "[prompting/passkey]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4518 sssd-ad.5.xml:1021 +#: sssd.conf.5.xml:4520 sssd-ad.5.xml:1021 msgid "interactive" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4520 +#: sssd.conf.5.xml:4522 msgid "" "boolean value, if True prompt a message and wait before testing the presence " "of a passkey device. Recommended if your device doesn’t have a tactile " @@ -5741,39 +5746,39 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4528 +#: sssd.conf.5.xml:4530 msgid "interactive_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4530 +#: sssd.conf.5.xml:4532 msgid "to change the message of the interactive prompt." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4535 +#: sssd.conf.5.xml:4537 msgid "touch" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4537 +#: sssd.conf.5.xml:4539 msgid "" "boolean value, if True prompt a message to remind the user to touch the " "device." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4543 +#: sssd.conf.5.xml:4545 msgid "touch_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4545 +#: sssd.conf.5.xml:4547 msgid "to change the message of the touch prompt." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4514 +#: sssd.conf.5.xml:4516 #, fuzzy #| msgid "" #| "The following expansions are supported: <placeholder " @@ -5786,7 +5791,7 @@ msgstr "" "type=\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4465 +#: sssd.conf.5.xml:4467 msgid "" "Each supported authentication method has its own configuration subsection " "under <quote>[prompting/...]</quote>. Currently there are: <placeholder " @@ -5795,7 +5800,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4556 +#: sssd.conf.5.xml:4558 msgid "" "It is possible to add a subsection for specific PAM services, e.g. " "<quote>[prompting/password/sshd]</quote> to individual change the prompting " @@ -5803,12 +5808,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4563 pam_sss_gss.8.xml:157 idmap_sss.8.xml:43 +#: sssd.conf.5.xml:4565 pam_sss_gss.8.xml:157 idmap_sss.8.xml:43 msgid "EXAMPLES" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4569 +#: sssd.conf.5.xml:4571 #, no-wrap msgid "" "[sssd]\n" @@ -5862,7 +5867,7 @@ msgstr "" "enumerate = False\n" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4565 +#: sssd.conf.5.xml:4567 msgid "" "1. The following example shows a typical SSSD config. It does not describe " "configuration of the domains themselves - refer to documentation on " @@ -5871,7 +5876,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4602 +#: sssd.conf.5.xml:4604 #, no-wrap msgid "" "[domain/ipa.com/child.ad.com]\n" @@ -5879,7 +5884,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4596 +#: sssd.conf.5.xml:4598 msgid "" "2. The following example shows configuration of IPA AD trust where the AD " "forest consists of two domains in a parent-child structure. Suppose IPA " @@ -5890,7 +5895,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4613 +#: sssd.conf.5.xml:4615 #, no-wrap msgid "" "[certmap/my.domain/rule_name]\n" @@ -5901,7 +5906,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4607 +#: sssd.conf.5.xml:4609 msgid "" "3. The following example shows the configuration of a certificate mapping " "rule. It is valid for the configured domain <quote>my.domain</quote> and " @@ -20359,6 +20364,11 @@ msgstr "" "werden sollen. Diese Funktionalität ist mit MIT-Kerberos 1.7 und neueren " "Versionen verfügbar." +#, fuzzy +#~| msgid "This option is not available in IPA provider." +#~ msgid "This option is ignored for the files provider." +#~ msgstr "Diese Option ist für IPA-Anbieter nicht verfügbar." + #, fuzzy #~| msgid "" #~| "Determines if user credentials are also cached in the local LDB cache" diff --git a/src/man/po/es.po b/src/man/po/es.po index 90bff60c085..36bf95b91ff 100644 --- a/src/man/po/es.po +++ b/src/man/po/es.po @@ -18,7 +18,7 @@ msgid "" msgstr "" "Project-Id-Version: sssd-docs 2.3.0\n" "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" -"POT-Creation-Date: 2023-11-13 11:53+0100\n" +"POT-Creation-Date: 2024-01-12 13:00+0100\n" "PO-Revision-Date: 2021-10-27 15:05+0000\n" "Last-Translator: Emilio Herrera <ehespinosa57@gmail.com>\n" "Language-Team: Spanish <https://translate.fedoraproject.org/projects/sssd/" @@ -286,7 +286,7 @@ msgstr "" #. type: Content of: <variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:149 sssd.conf.5.xml:652 sssd.conf.5.xml:949 -#: sssd.conf.5.xml:2101 sssd.conf.5.xml:2168 sssd.conf.5.xml:4191 +#: sssd.conf.5.xml:2101 sssd.conf.5.xml:2168 sssd.conf.5.xml:4193 #: sssd-ldap.5.xml:313 sssd-ldap.5.xml:919 sssd-ldap.5.xml:938 #: sssd-ldap.5.xml:1148 sssd-ldap.5.xml:1601 sssd-ldap.5.xml:1841 #: sssd-ipa.5.xml:152 sssd-ipa.5.xml:254 sssd-ipa.5.xml:662 sssd-ad.5.xml:1106 @@ -365,7 +365,7 @@ msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:196 sssd.conf.5.xml:1290 sssd.conf.5.xml:1767 -#: sssd.conf.5.xml:4207 sssd-ldap.5.xml:766 include/ldap_id_mapping.xml:270 +#: sssd.conf.5.xml:4209 sssd-ldap.5.xml:766 include/ldap_id_mapping.xml:270 msgid "Default: 10" msgstr "Predeterminado: 10" @@ -1132,7 +1132,7 @@ msgstr "" "casos donde los nombres de usuarios se deben compartir entre dominios." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:700 sssd.conf.5.xml:1791 sssd.conf.5.xml:4257 +#: sssd.conf.5.xml:700 sssd.conf.5.xml:1791 sssd.conf.5.xml:4259 #: sssd-ad.5.xml:187 sssd-ad.5.xml:327 sssd-ad.5.xml:341 msgid "Default: Not set" msgstr "Por defecto: No definido" @@ -2590,7 +2590,7 @@ msgid "The path to the certificate database." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1723 sssd.conf.5.xml:2248 sssd.conf.5.xml:4371 +#: sssd.conf.5.xml:1723 sssd.conf.5.xml:2248 sssd.conf.5.xml:4373 msgid "Default:" msgstr "Predeterminado:" @@ -2921,7 +2921,7 @@ msgid "Default: no_session" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1950 sssd.conf.5.xml:4310 +#: sssd.conf.5.xml:1950 sssd.conf.5.xml:4312 #, fuzzy #| msgid "pam_app_services (string)" msgid "pam_gssapi_services" @@ -2974,7 +2974,7 @@ msgid "Default: - (GSSAPI authentication is disabled)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1979 sssd.conf.5.xml:4311 +#: sssd.conf.5.xml:1979 sssd.conf.5.xml:4313 msgid "pam_gssapi_check_upn" msgstr "" @@ -4358,11 +4358,16 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:3042 sssd.conf.5.xml:3153 sssd.conf.5.xml:3204 #: sssd.conf.5.xml:3267 +#, fuzzy +#| msgid "" +#| "<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management " +#| "provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> " +#| "<manvolnum>5</manvolnum> </citerefentry> for more information on " +#| "configuring FreeIPA." msgid "" -"<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management " -"provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> " -"<manvolnum>5</manvolnum> </citerefentry> for more information on configuring " -"FreeIPA." +"<quote>ipa</quote>: FreeIPA and Red Hat Identity Management provider. See " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring FreeIPA." msgstr "" "<quote>ipa</quote>: Proveedor FreeIPA y Red Hat Enterprise Identity " "Management. Vea <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> " @@ -5662,30 +5667,30 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:4034 -#, fuzzy -#| msgid "This option is not available in IPA provider." -msgid "This option is ignored for the files provider." -msgstr "Esta opción no está disponible en el proveedor IPA." +msgid "" +"It is expected that the <quote>files</quote> provider ignores the " +"local_auth_policy option and supports Smartcard authentication by default." +msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4037 +#: sssd.conf.5.xml:4039 #, fuzzy #| msgid "Default: mail" msgid "Default: match" msgstr "Predeterminado: mail" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4042 +#: sssd.conf.5.xml:4044 msgid "auto_private_groups (string)" msgstr "auto_private_groups (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4048 +#: sssd.conf.5.xml:4050 msgid "true" msgstr "true" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4051 +#: sssd.conf.5.xml:4053 msgid "" "Create user's private group unconditionally from user's UID number. The GID " "number is ignored in this case." @@ -5694,7 +5699,7 @@ msgstr "" "usuario. El número GID se ignora en este caso." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4055 +#: sssd.conf.5.xml:4057 msgid "" "NOTE: Because the GID number and the user private group are inferred from " "the UID number, it is not supported to have multiple entries with the same " @@ -5707,12 +5712,12 @@ msgstr "" "unicidad den el espacio de ID." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4064 +#: sssd.conf.5.xml:4066 msgid "false" msgstr "false" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4067 +#: sssd.conf.5.xml:4069 msgid "" "Always use the user's primary GID number. The GID number must refer to a " "group object in the LDAP database." @@ -5721,12 +5726,12 @@ msgstr "" "a un objeto grupo en las base de datos LDAP." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4073 +#: sssd.conf.5.xml:4075 msgid "hybrid" msgstr "hybrid" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4076 +#: sssd.conf.5.xml:4078 msgid "" "A primary group is autogenerated for user entries whose UID and GID numbers " "have the same value and at the same time the GID number does not correspond " @@ -5741,7 +5746,7 @@ msgstr "" "grupo, el GID primario del usuario se resuelve al de ese objeto grupo." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4089 +#: sssd.conf.5.xml:4091 msgid "" "If the UID and GID of a user are different, then the GID must correspond to " "a group entry, otherwise the GID is simply not resolvable." @@ -5750,7 +5755,7 @@ msgstr "" "una entrada de grupo, de otro modo el GID simplemente no se puede resolver." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4096 +#: sssd.conf.5.xml:4098 msgid "" "This feature is useful for environments that wish to stop maintaining a " "separate group objects for the user private groups, but also wish to retain " @@ -5761,7 +5766,7 @@ msgstr "" "también desea retener los grupos privados existentes del usuario." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4045 +#: sssd.conf.5.xml:4047 msgid "" "This option takes any of three available values: <placeholder " "type=\"variablelist\" id=\"0\"/>" @@ -5770,7 +5775,7 @@ msgstr "" "type=\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4108 +#: sssd.conf.5.xml:4110 msgid "" "For subdomains, the default value is False for subdomains that use assigned " "POSIX IDs and True for subdomains that use automatic ID-mapping." @@ -5779,7 +5784,7 @@ msgstr "" "POSIX IDs asignados y True para subdominios que usan mapeo de ID automático." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:4116 +#: sssd.conf.5.xml:4118 #, no-wrap msgid "" "[domain/forest.domain/sub.domain]\n" @@ -5789,7 +5794,7 @@ msgstr "" "auto_private_groups = false\n" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:4122 +#: sssd.conf.5.xml:4124 #, no-wrap msgid "" "[domain/forest.domain]\n" @@ -5801,7 +5806,7 @@ msgstr "" "auto_private_groups = false\n" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4113 +#: sssd.conf.5.xml:4115 msgid "" "The value of auto_private_groups can either be set per subdomains in a " "subsection, for example: <placeholder type=\"programlisting\" id=\"0\"/> or " @@ -5827,17 +5832,17 @@ msgstr "" "id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4137 +#: sssd.conf.5.xml:4139 msgid "proxy_pam_target (string)" msgstr "proxy_pam_target (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4140 +#: sssd.conf.5.xml:4142 msgid "The proxy target PAM proxies to." msgstr "El proxy de destino PAM próximo a." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4143 +#: sssd.conf.5.xml:4145 #, fuzzy #| msgid "" #| "Default: not set by default, you have to take an existing pam " @@ -5851,12 +5856,12 @@ msgstr "" "pam existente o crear una nueva y añadir el nombre de servicio aquí." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4153 +#: sssd.conf.5.xml:4155 msgid "proxy_lib_name (string)" msgstr "proxy_lib_name (cadena)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4156 +#: sssd.conf.5.xml:4158 msgid "" "The name of the NSS library to use in proxy domains. The NSS functions " "searched for in the library are in the form of _nss_$(libName)_$(function), " @@ -5867,12 +5872,12 @@ msgstr "" "_nss_$(libName)_$(function), por ejemplo _nss_files_getpwent." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4166 +#: sssd.conf.5.xml:4168 msgid "proxy_resolver_lib_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4169 +#: sssd.conf.5.xml:4171 msgid "" "The name of the NSS library to use for hosts and networks lookups in proxy " "domains. The NSS functions searched for in the library are in the form of " @@ -5880,12 +5885,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4180 +#: sssd.conf.5.xml:4182 msgid "proxy_fast_alias (boolean)" msgstr "proxy_fast_alias (booleano)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4183 +#: sssd.conf.5.xml:4185 msgid "" "When a user or group is looked up by name in the proxy provider, a second " "lookup by ID is performed to \"canonicalize\" the name in case the requested " @@ -5899,12 +5904,12 @@ msgstr "" "razones de rendimiento." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4197 +#: sssd.conf.5.xml:4199 msgid "proxy_max_children (integer)" msgstr "proxy_max_children (entero)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4200 +#: sssd.conf.5.xml:4202 msgid "" "This option specifies the number of pre-forked proxy children. It is useful " "for high-load SSSD environments where sssd may run out of available child " @@ -5916,7 +5921,7 @@ msgstr "" "son encoladas." #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4133 +#: sssd.conf.5.xml:4135 msgid "" "Options valid for proxy domains. <placeholder type=\"variablelist\" " "id=\"0\"/>" @@ -5925,12 +5930,12 @@ msgstr "" "id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:4216 +#: sssd.conf.5.xml:4218 msgid "Application domains" msgstr "Dominios de aplicaciones" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4218 +#: sssd.conf.5.xml:4220 msgid "" "SSSD, with its D-Bus interface (see <citerefentry> <refentrytitle>sssd-ifp</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry>) is appealing to " @@ -5959,7 +5964,7 @@ msgstr "" "que opcionalmente herede ajustes de un dominio SSSD tradicional." #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4238 +#: sssd.conf.5.xml:4240 msgid "" "Please note that the application domain must still be explicitly enabled in " "the <quote>domains</quote> parameter so that the lookup order between the " @@ -5971,17 +5976,17 @@ msgstr "" "establecido correctamente." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> -#: sssd.conf.5.xml:4244 +#: sssd.conf.5.xml:4246 msgid "Application domain parameters" msgstr "Parámetros de dominio de aplicación" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4246 +#: sssd.conf.5.xml:4248 msgid "inherit_from (string)" msgstr "inherit_from (cadena)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4249 +#: sssd.conf.5.xml:4251 msgid "" "The SSSD POSIX-type domain the application domain inherits all settings " "from. The application domain can moreover add its own settings to the " @@ -5994,7 +5999,7 @@ msgstr "" "<quote>hermano</quote>." #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4263 +#: sssd.conf.5.xml:4265 msgid "" "The following example illustrates the use of an application domain. In this " "setup, the POSIX domain is connected to an LDAP server and is used by the OS " @@ -6009,7 +6014,7 @@ msgstr "" "cache y hace al atributo phone alcanzable a través del interfaz D-Bus." #. type: Content of: <reference><refentry><refsect1><refsect2><programlisting> -#: sssd.conf.5.xml:4271 +#: sssd.conf.5.xml:4273 #, no-wrap msgid "" "[sssd]\n" @@ -6043,12 +6048,12 @@ msgstr "" "ldap_user_extra_attrs = phone:telephoneNumber\n" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4291 +#: sssd.conf.5.xml:4293 msgid "TRUSTED DOMAIN SECTION" msgstr "SECCIÓN DE DOMINIO DE CONFIANZA" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4293 +#: sssd.conf.5.xml:4295 msgid "" "Some options used in the domain section can also be used in the trusted " "domain section, that is, in a section called <quote>[domain/" @@ -6065,57 +6070,57 @@ msgstr "" "soportadas en la sección de dominio de confianza son:" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4300 +#: sssd.conf.5.xml:4302 msgid "ldap_search_base," msgstr "ldap_search_base," #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4301 +#: sssd.conf.5.xml:4303 msgid "ldap_user_search_base," msgstr "ldap_user_search_base," #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4302 +#: sssd.conf.5.xml:4304 msgid "ldap_group_search_base," msgstr "ldap_group_search_base," #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4303 +#: sssd.conf.5.xml:4305 msgid "ldap_netgroup_search_base," msgstr "ldap_netgroup_search_base," #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4304 +#: sssd.conf.5.xml:4306 msgid "ldap_service_search_base," msgstr "ldap_service_search_base," #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4305 +#: sssd.conf.5.xml:4307 msgid "ldap_sasl_mech," msgstr "ldap_sasl_mech," #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4306 +#: sssd.conf.5.xml:4308 msgid "ad_server," msgstr "ad_server," #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4307 +#: sssd.conf.5.xml:4309 msgid "ad_backup_server," msgstr "ad_backup_server," #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4308 +#: sssd.conf.5.xml:4310 msgid "ad_site," msgstr "ad_site," #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4309 sssd-ipa.5.xml:884 +#: sssd.conf.5.xml:4311 sssd-ipa.5.xml:884 msgid "use_fully_qualified_names" msgstr "use_fully_qualified_names" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4313 +#: sssd.conf.5.xml:4315 msgid "" "For more details about these options see their individual description in the " "manual page." @@ -6124,12 +6129,12 @@ msgstr "" "página de manual." #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4319 +#: sssd.conf.5.xml:4321 msgid "CERTIFICATE MAPPING SECTION" msgstr "SECCIÓN DE MAPEO DEL CERTIFICADO" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4321 +#: sssd.conf.5.xml:4323 msgid "" "To allow authentication with Smartcards and certificates SSSD must be able " "to map certificates to users. This can be done by adding the full " @@ -6151,7 +6156,7 @@ msgstr "" "usan autenticación PAM." #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4335 +#: sssd.conf.5.xml:4337 msgid "" "To make the mapping more flexible mapping and matching rules were added to " "SSSD (see <citerefentry> <refentrytitle>sss-certmap</refentrytitle> " @@ -6163,7 +6168,7 @@ msgstr "" "citerefentry>)." #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4344 +#: sssd.conf.5.xml:4346 msgid "" "A mapping and matching rule can be added to the SSSD configuration in a " "section on its own with a name like <quote>[certmap/" @@ -6177,12 +6182,12 @@ msgstr "" "opciones:" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4351 +#: sssd.conf.5.xml:4353 msgid "matchrule (string)" msgstr "matchrule (cadena)" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4354 +#: sssd.conf.5.xml:4356 msgid "" "Only certificates from the Smartcard which matches this rule will be " "processed, all others are ignored." @@ -6191,7 +6196,7 @@ msgstr "" "procesados, los demás son ignorados." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4358 +#: sssd.conf.5.xml:4360 msgid "" "Default: KRB5:<EKU>clientAuth, i.e. only certificates which have the " "Extended Key Usage <quote>clientAuth</quote>" @@ -6200,17 +6205,17 @@ msgstr "" "tengan Extended Key Usage <quote>clientAuth</quote>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4365 +#: sssd.conf.5.xml:4367 msgid "maprule (string)" msgstr "maprule (cadena)" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4368 +#: sssd.conf.5.xml:4370 msgid "Defines how the user is found for a given certificate." msgstr "Define como se encuentra un usuario desde un certificado dado." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4374 +#: sssd.conf.5.xml:4376 msgid "" "LDAP:(userCertificate;binary={cert!bin}) for LDAP based providers like " "<quote>ldap</quote>, <quote>AD</quote> or <quote>ipa</quote>." @@ -6219,7 +6224,7 @@ msgstr "" "como <quote>ldap</quote>, <quote>AD</quote> o <quote>ipa</quote>." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4380 +#: sssd.conf.5.xml:4382 msgid "" "The RULE_NAME for the <quote>files</quote> provider which tries to find a " "user with the same name." @@ -6228,12 +6233,12 @@ msgstr "" "encontrar un usuario con el mismo nombre." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4389 +#: sssd.conf.5.xml:4391 msgid "domains (string)" msgstr "domains (cadena)" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4392 +#: sssd.conf.5.xml:4394 msgid "" "Comma separated list of domain names the rule should be applied. By default " "a rule is only valid in the domain configured in sssd.conf. If the provider " @@ -6246,17 +6251,17 @@ msgstr "" "usada para añadir la regla a los subdominios también." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4399 +#: sssd.conf.5.xml:4401 msgid "Default: the configured domain in sssd.conf" msgstr "Predetermiado: el dominio configurado en sssd.conf" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4404 +#: sssd.conf.5.xml:4406 msgid "priority (integer)" msgstr "priority (entero)" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4407 +#: sssd.conf.5.xml:4409 msgid "" "Unsigned integer value defining the priority of the rule. The higher the " "number the lower the priority. <quote>0</quote> stands for the highest " @@ -6267,12 +6272,12 @@ msgstr "" "más alte mientras que <quote>4294967295</quote> es la más baja." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4413 +#: sssd.conf.5.xml:4415 msgid "Default: the lowest priority" msgstr "Predeterminado: la prioridad más baja" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4419 +#: sssd.conf.5.xml:4421 msgid "" "To make the configuration simple and reduce the amount of configuration " "options the <quote>files</quote> provider has some special properties:" @@ -6282,7 +6287,7 @@ msgstr "" "propiedades especiales:" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4425 +#: sssd.conf.5.xml:4427 msgid "" "if maprule is not set the RULE_NAME name is assumed to be the name of the " "matching user" @@ -6291,7 +6296,7 @@ msgstr "" "usuario coincidente" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4431 +#: sssd.conf.5.xml:4433 msgid "" "if a maprule is used both a single user name or a template like " "<quote>{subject_rfc822_name.short_name}</quote> must be in braces like e.g. " @@ -6304,17 +6309,17 @@ msgstr "" "short_name})</quote>" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4440 +#: sssd.conf.5.xml:4442 msgid "the <quote>domains</quote> option is ignored" msgstr "la opción <quote>domains</quote> es ignorada" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4448 +#: sssd.conf.5.xml:4450 msgid "PROMPTING CONFIGURATION SECTION" msgstr "SECCIÓN DE CONFIGURACIÓN INICIAL" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4450 +#: sssd.conf.5.xml:4452 msgid "" "If a special file (<filename>/var/lib/sss/pubconf/pam_preauth_available</" "filename>) exists SSSD's PAM module pam_sss will ask SSSD to figure out " @@ -6329,7 +6334,7 @@ msgstr "" "al usuario las credenciales apropiadas." #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4458 +#: sssd.conf.5.xml:4460 msgid "" "With the growing number of authentication methods and the possibility that " "there are multiple ones for a single user the heuristic used by pam_sss to " @@ -6342,22 +6347,22 @@ msgstr "" "Las siguientes opciones deberían suministrar una mejor flexibilidad aquí." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4470 +#: sssd.conf.5.xml:4472 msgid "[prompting/password]" msgstr "[prompting/password]" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4473 +#: sssd.conf.5.xml:4475 msgid "password_prompt" msgstr "password_prompt" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4474 +#: sssd.conf.5.xml:4476 msgid "to change the string of the password prompt" msgstr "cambiar la cadena de solicitud de contraseña" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4472 +#: sssd.conf.5.xml:4474 msgid "" "to configure password prompting, allowed options are: <placeholder " "type=\"variablelist\" id=\"0\"/>" @@ -6366,37 +6371,37 @@ msgstr "" "<placeholder type=\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4482 +#: sssd.conf.5.xml:4484 msgid "[prompting/2fa]" msgstr "[prompting/2fa]" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4486 +#: sssd.conf.5.xml:4488 msgid "first_prompt" msgstr "first_prompt" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4487 +#: sssd.conf.5.xml:4489 msgid "to change the string of the prompt for the first factor" msgstr "para cambiar la cadena de la solicitud del primer factor" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4490 +#: sssd.conf.5.xml:4492 msgid "second_prompt" msgstr "second_prompt" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4491 +#: sssd.conf.5.xml:4493 msgid "to change the string of the prompt for the second factor" msgstr "para cambiar la cadena de la solicitud para el segundo factor" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4494 +#: sssd.conf.5.xml:4496 msgid "single_prompt" msgstr "single_prompt" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4495 +#: sssd.conf.5.xml:4497 #, fuzzy #| msgid "" #| "boolean value, if True there will be only a single prompt using the value " @@ -6413,7 +6418,7 @@ msgstr "" "única cadena" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4484 +#: sssd.conf.5.xml:4486 msgid "" "to configure two-factor authentication prompting, allowed options are: " "<placeholder type=\"variablelist\" id=\"0\"/> If the second factor is " @@ -6422,19 +6427,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4512 +#: sssd.conf.5.xml:4514 #, fuzzy #| msgid "[prompting/password]" msgid "[prompting/passkey]" msgstr "[prompting/password]" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4518 sssd-ad.5.xml:1021 +#: sssd.conf.5.xml:4520 sssd-ad.5.xml:1021 msgid "interactive" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4520 +#: sssd.conf.5.xml:4522 msgid "" "boolean value, if True prompt a message and wait before testing the presence " "of a passkey device. Recommended if your device doesn’t have a tactile " @@ -6442,47 +6447,47 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4528 +#: sssd.conf.5.xml:4530 #, fuzzy #| msgid "first_prompt" msgid "interactive_prompt" msgstr "first_prompt" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4530 +#: sssd.conf.5.xml:4532 #, fuzzy #| msgid "to change the string of the password prompt" msgid "to change the message of the interactive prompt." msgstr "cambiar la cadena de solicitud de contraseña" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4535 +#: sssd.conf.5.xml:4537 msgid "touch" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4537 +#: sssd.conf.5.xml:4539 msgid "" "boolean value, if True prompt a message to remind the user to touch the " "device." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4543 +#: sssd.conf.5.xml:4545 #, fuzzy #| msgid "first_prompt" msgid "touch_prompt" msgstr "first_prompt" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4545 +#: sssd.conf.5.xml:4547 #, fuzzy #| msgid "to change the string of the password prompt" msgid "to change the message of the touch prompt." msgstr "cambiar la cadena de solicitud de contraseña" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4514 +#: sssd.conf.5.xml:4516 #, fuzzy #| msgid "" #| "to configure two-factor authentication prompting, allowed options are: " @@ -6495,7 +6500,7 @@ msgstr "" "permitidas son: <placeholder type=\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4465 +#: sssd.conf.5.xml:4467 #, fuzzy #| msgid "" #| "Each supported authentication method has its own configuration subsection " @@ -6514,7 +6519,7 @@ msgstr "" "type=\"variablelist\" id=\"1\"/>" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4556 +#: sssd.conf.5.xml:4558 msgid "" "It is possible to add a subsection for specific PAM services, e.g. " "<quote>[prompting/password/sshd]</quote> to individual change the prompting " @@ -6525,12 +6530,12 @@ msgstr "" "pregunta para este servicio." #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4563 pam_sss_gss.8.xml:157 idmap_sss.8.xml:43 +#: sssd.conf.5.xml:4565 pam_sss_gss.8.xml:157 idmap_sss.8.xml:43 msgid "EXAMPLES" msgstr "EJEMPLOS" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4569 +#: sssd.conf.5.xml:4571 #, no-wrap msgid "" "[sssd]\n" @@ -6584,7 +6589,7 @@ msgstr "" "enumerate = False\n" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4565 +#: sssd.conf.5.xml:4567 msgid "" "1. The following example shows a typical SSSD config. It does not describe " "configuration of the domains themselves - refer to documentation on " @@ -6597,7 +6602,7 @@ msgstr "" "type=\"programlisting\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4602 +#: sssd.conf.5.xml:4604 #, no-wrap msgid "" "[domain/ipa.com/child.ad.com]\n" @@ -6607,7 +6612,7 @@ msgstr "" "use_fully_qualified_names = false\n" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4596 +#: sssd.conf.5.xml:4598 msgid "" "2. The following example shows configuration of IPA AD trust where the AD " "forest consists of two domains in a parent-child structure. Suppose IPA " @@ -6624,7 +6629,7 @@ msgstr "" "type=\"programlisting\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4613 +#: sssd.conf.5.xml:4615 #, fuzzy, no-wrap #| msgid "" #| "[certmap/my.domain/rule_name]\n" @@ -6652,7 +6657,7 @@ msgstr "" "matchrule = <ISSUER>^CN=My-CA,DC=MY,DC=DOMAIN$<SUBJECT>^CN=User.Name,DC=MY,DC=DOMAIN$\n" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4607 +#: sssd.conf.5.xml:4609 #, fuzzy #| msgid "" #| "3. The following example shows the configuration for two certificate " @@ -21588,6 +21593,11 @@ msgid "" "feature is available with MIT Kerberos 1.7 and later versions." msgstr "" +#, fuzzy +#~| msgid "This option is not available in IPA provider." +#~ msgid "This option is ignored for the files provider." +#~ msgstr "Esta opción no está disponible en el proveedor IPA." + #, fuzzy #~| msgid "" #~| "Determines if user credentials are also cached in the local LDB cache" diff --git a/src/man/po/eu.po b/src/man/po/eu.po index 46c34bcc5f0..0d3a52dd409 100644 --- a/src/man/po/eu.po +++ b/src/man/po/eu.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: sssd-docs 2.3.0\n" "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" -"POT-Creation-Date: 2023-11-13 11:53+0100\n" +"POT-Creation-Date: 2024-01-12 13:00+0100\n" "PO-Revision-Date: 2014-12-14 11:55-0500\n" "Last-Translator: Copied by Zanata <copied-by-zanata@zanata.org>\n" "Language-Team: Basque (http://www.transifex.com/projects/p/sssd/language/" @@ -226,7 +226,7 @@ msgstr "" #. type: Content of: <variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:149 sssd.conf.5.xml:652 sssd.conf.5.xml:949 -#: sssd.conf.5.xml:2101 sssd.conf.5.xml:2168 sssd.conf.5.xml:4191 +#: sssd.conf.5.xml:2101 sssd.conf.5.xml:2168 sssd.conf.5.xml:4193 #: sssd-ldap.5.xml:313 sssd-ldap.5.xml:919 sssd-ldap.5.xml:938 #: sssd-ldap.5.xml:1148 sssd-ldap.5.xml:1601 sssd-ldap.5.xml:1841 #: sssd-ipa.5.xml:152 sssd-ipa.5.xml:254 sssd-ipa.5.xml:662 sssd-ad.5.xml:1106 @@ -295,7 +295,7 @@ msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:196 sssd.conf.5.xml:1290 sssd.conf.5.xml:1767 -#: sssd.conf.5.xml:4207 sssd-ldap.5.xml:766 include/ldap_id_mapping.xml:270 +#: sssd.conf.5.xml:4209 sssd-ldap.5.xml:766 include/ldap_id_mapping.xml:270 msgid "Default: 10" msgstr "" @@ -872,7 +872,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:700 sssd.conf.5.xml:1791 sssd.conf.5.xml:4257 +#: sssd.conf.5.xml:700 sssd.conf.5.xml:1791 sssd.conf.5.xml:4259 #: sssd-ad.5.xml:187 sssd-ad.5.xml:327 sssd-ad.5.xml:341 msgid "Default: Not set" msgstr "" @@ -2052,7 +2052,7 @@ msgid "The path to the certificate database." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1723 sssd.conf.5.xml:2248 sssd.conf.5.xml:4371 +#: sssd.conf.5.xml:1723 sssd.conf.5.xml:2248 sssd.conf.5.xml:4373 msgid "Default:" msgstr "" @@ -2318,7 +2318,7 @@ msgid "Default: no_session" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1950 sssd.conf.5.xml:4310 +#: sssd.conf.5.xml:1950 sssd.conf.5.xml:4312 msgid "pam_gssapi_services" msgstr "" @@ -2362,7 +2362,7 @@ msgid "Default: - (GSSAPI authentication is disabled)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1979 sssd.conf.5.xml:4311 +#: sssd.conf.5.xml:1979 sssd.conf.5.xml:4313 msgid "pam_gssapi_check_upn" msgstr "" @@ -3534,10 +3534,9 @@ msgstr "" #: sssd.conf.5.xml:3042 sssd.conf.5.xml:3153 sssd.conf.5.xml:3204 #: sssd.conf.5.xml:3267 msgid "" -"<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management " -"provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> " -"<manvolnum>5</manvolnum> </citerefentry> for more information on configuring " -"FreeIPA." +"<quote>ipa</quote>: FreeIPA and Red Hat Identity Management provider. See " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring FreeIPA." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> @@ -4578,33 +4577,35 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:4034 -msgid "This option is ignored for the files provider." +msgid "" +"It is expected that the <quote>files</quote> provider ignores the " +"local_auth_policy option and supports Smartcard authentication by default." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4037 +#: sssd.conf.5.xml:4039 msgid "Default: match" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4042 +#: sssd.conf.5.xml:4044 msgid "auto_private_groups (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4048 +#: sssd.conf.5.xml:4050 msgid "true" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4051 +#: sssd.conf.5.xml:4053 msgid "" "Create user's private group unconditionally from user's UID number. The GID " "number is ignored in this case." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4055 +#: sssd.conf.5.xml:4057 msgid "" "NOTE: Because the GID number and the user private group are inferred from " "the UID number, it is not supported to have multiple entries with the same " @@ -4613,24 +4614,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4064 +#: sssd.conf.5.xml:4066 msgid "false" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4067 +#: sssd.conf.5.xml:4069 msgid "" "Always use the user's primary GID number. The GID number must refer to a " "group object in the LDAP database." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4073 +#: sssd.conf.5.xml:4075 msgid "hybrid" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4076 +#: sssd.conf.5.xml:4078 msgid "" "A primary group is autogenerated for user entries whose UID and GID numbers " "have the same value and at the same time the GID number does not correspond " @@ -4640,14 +4641,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4089 +#: sssd.conf.5.xml:4091 msgid "" "If the UID and GID of a user are different, then the GID must correspond to " "a group entry, otherwise the GID is simply not resolvable." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4096 +#: sssd.conf.5.xml:4098 msgid "" "This feature is useful for environments that wish to stop maintaining a " "separate group objects for the user private groups, but also wish to retain " @@ -4655,21 +4656,21 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4045 +#: sssd.conf.5.xml:4047 msgid "" "This option takes any of three available values: <placeholder " "type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4108 +#: sssd.conf.5.xml:4110 msgid "" "For subdomains, the default value is False for subdomains that use assigned " "POSIX IDs and True for subdomains that use automatic ID-mapping." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:4116 +#: sssd.conf.5.xml:4118 #, no-wrap msgid "" "[domain/forest.domain/sub.domain]\n" @@ -4677,7 +4678,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:4122 +#: sssd.conf.5.xml:4124 #, no-wrap msgid "" "[domain/forest.domain]\n" @@ -4686,7 +4687,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4113 +#: sssd.conf.5.xml:4115 msgid "" "The value of auto_private_groups can either be set per subdomains in a " "subsection, for example: <placeholder type=\"programlisting\" id=\"0\"/> or " @@ -4703,17 +4704,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4137 +#: sssd.conf.5.xml:4139 msgid "proxy_pam_target (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4140 +#: sssd.conf.5.xml:4142 msgid "The proxy target PAM proxies to." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4143 +#: sssd.conf.5.xml:4145 msgid "" "Default: not set by default, you have to take an existing pam configuration " "or create a new one and add the service name here. As an alternative you can " @@ -4721,12 +4722,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4153 +#: sssd.conf.5.xml:4155 msgid "proxy_lib_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4156 +#: sssd.conf.5.xml:4158 msgid "" "The name of the NSS library to use in proxy domains. The NSS functions " "searched for in the library are in the form of _nss_$(libName)_$(function), " @@ -4734,12 +4735,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4166 +#: sssd.conf.5.xml:4168 msgid "proxy_resolver_lib_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4169 +#: sssd.conf.5.xml:4171 msgid "" "The name of the NSS library to use for hosts and networks lookups in proxy " "domains. The NSS functions searched for in the library are in the form of " @@ -4747,12 +4748,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4180 +#: sssd.conf.5.xml:4182 msgid "proxy_fast_alias (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4183 +#: sssd.conf.5.xml:4185 msgid "" "When a user or group is looked up by name in the proxy provider, a second " "lookup by ID is performed to \"canonicalize\" the name in case the requested " @@ -4761,12 +4762,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4197 +#: sssd.conf.5.xml:4199 msgid "proxy_max_children (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4200 +#: sssd.conf.5.xml:4202 msgid "" "This option specifies the number of pre-forked proxy children. It is useful " "for high-load SSSD environments where sssd may run out of available child " @@ -4774,19 +4775,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4133 +#: sssd.conf.5.xml:4135 msgid "" "Options valid for proxy domains. <placeholder type=\"variablelist\" " "id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:4216 +#: sssd.conf.5.xml:4218 msgid "Application domains" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4218 +#: sssd.conf.5.xml:4220 msgid "" "SSSD, with its D-Bus interface (see <citerefentry> <refentrytitle>sssd-ifp</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry>) is appealing to " @@ -4803,7 +4804,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4238 +#: sssd.conf.5.xml:4240 msgid "" "Please note that the application domain must still be explicitly enabled in " "the <quote>domains</quote> parameter so that the lookup order between the " @@ -4811,17 +4812,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> -#: sssd.conf.5.xml:4244 +#: sssd.conf.5.xml:4246 msgid "Application domain parameters" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4246 +#: sssd.conf.5.xml:4248 msgid "inherit_from (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4249 +#: sssd.conf.5.xml:4251 msgid "" "The SSSD POSIX-type domain the application domain inherits all settings " "from. The application domain can moreover add its own settings to the " @@ -4830,7 +4831,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4263 +#: sssd.conf.5.xml:4265 msgid "" "The following example illustrates the use of an application domain. In this " "setup, the POSIX domain is connected to an LDAP server and is used by the OS " @@ -4840,7 +4841,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><programlisting> -#: sssd.conf.5.xml:4271 +#: sssd.conf.5.xml:4273 #, no-wrap msgid "" "[sssd]\n" @@ -4860,12 +4861,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4291 +#: sssd.conf.5.xml:4293 msgid "TRUSTED DOMAIN SECTION" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4293 +#: sssd.conf.5.xml:4295 msgid "" "Some options used in the domain section can also be used in the trusted " "domain section, that is, in a section called <quote>[domain/" @@ -4876,69 +4877,69 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4300 +#: sssd.conf.5.xml:4302 msgid "ldap_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4301 +#: sssd.conf.5.xml:4303 msgid "ldap_user_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4302 +#: sssd.conf.5.xml:4304 msgid "ldap_group_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4303 +#: sssd.conf.5.xml:4305 msgid "ldap_netgroup_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4304 +#: sssd.conf.5.xml:4306 msgid "ldap_service_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4305 +#: sssd.conf.5.xml:4307 msgid "ldap_sasl_mech," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4306 +#: sssd.conf.5.xml:4308 msgid "ad_server," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4307 +#: sssd.conf.5.xml:4309 msgid "ad_backup_server," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4308 +#: sssd.conf.5.xml:4310 msgid "ad_site," msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4309 sssd-ipa.5.xml:884 +#: sssd.conf.5.xml:4311 sssd-ipa.5.xml:884 msgid "use_fully_qualified_names" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4313 +#: sssd.conf.5.xml:4315 msgid "" "For more details about these options see their individual description in the " "manual page." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4319 +#: sssd.conf.5.xml:4321 msgid "CERTIFICATE MAPPING SECTION" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4321 +#: sssd.conf.5.xml:4323 msgid "" "To allow authentication with Smartcards and certificates SSSD must be able " "to map certificates to users. This can be done by adding the full " @@ -4951,7 +4952,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4335 +#: sssd.conf.5.xml:4337 msgid "" "To make the mapping more flexible mapping and matching rules were added to " "SSSD (see <citerefentry> <refentrytitle>sss-certmap</refentrytitle> " @@ -4959,7 +4960,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4344 +#: sssd.conf.5.xml:4346 msgid "" "A mapping and matching rule can be added to the SSSD configuration in a " "section on its own with a name like <quote>[certmap/" @@ -4968,55 +4969,55 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4351 +#: sssd.conf.5.xml:4353 msgid "matchrule (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4354 +#: sssd.conf.5.xml:4356 msgid "" "Only certificates from the Smartcard which matches this rule will be " "processed, all others are ignored." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4358 +#: sssd.conf.5.xml:4360 msgid "" "Default: KRB5:<EKU>clientAuth, i.e. only certificates which have the " "Extended Key Usage <quote>clientAuth</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4365 +#: sssd.conf.5.xml:4367 msgid "maprule (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4368 +#: sssd.conf.5.xml:4370 msgid "Defines how the user is found for a given certificate." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4374 +#: sssd.conf.5.xml:4376 msgid "" "LDAP:(userCertificate;binary={cert!bin}) for LDAP based providers like " "<quote>ldap</quote>, <quote>AD</quote> or <quote>ipa</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4380 +#: sssd.conf.5.xml:4382 msgid "" "The RULE_NAME for the <quote>files</quote> provider which tries to find a " "user with the same name." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4389 +#: sssd.conf.5.xml:4391 msgid "domains (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4392 +#: sssd.conf.5.xml:4394 msgid "" "Comma separated list of domain names the rule should be applied. By default " "a rule is only valid in the domain configured in sssd.conf. If the provider " @@ -5025,17 +5026,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4399 +#: sssd.conf.5.xml:4401 msgid "Default: the configured domain in sssd.conf" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4404 +#: sssd.conf.5.xml:4406 msgid "priority (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4407 +#: sssd.conf.5.xml:4409 msgid "" "Unsigned integer value defining the priority of the rule. The higher the " "number the lower the priority. <quote>0</quote> stands for the highest " @@ -5043,26 +5044,26 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4413 +#: sssd.conf.5.xml:4415 msgid "Default: the lowest priority" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4419 +#: sssd.conf.5.xml:4421 msgid "" "To make the configuration simple and reduce the amount of configuration " "options the <quote>files</quote> provider has some special properties:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4425 +#: sssd.conf.5.xml:4427 msgid "" "if maprule is not set the RULE_NAME name is assumed to be the name of the " "matching user" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4431 +#: sssd.conf.5.xml:4433 msgid "" "if a maprule is used both a single user name or a template like " "<quote>{subject_rfc822_name.short_name}</quote> must be in braces like e.g. " @@ -5071,17 +5072,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4440 +#: sssd.conf.5.xml:4442 msgid "the <quote>domains</quote> option is ignored" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4448 +#: sssd.conf.5.xml:4450 msgid "PROMPTING CONFIGURATION SECTION" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4450 +#: sssd.conf.5.xml:4452 msgid "" "If a special file (<filename>/var/lib/sss/pubconf/pam_preauth_available</" "filename>) exists SSSD's PAM module pam_sss will ask SSSD to figure out " @@ -5091,7 +5092,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4458 +#: sssd.conf.5.xml:4460 msgid "" "With the growing number of authentication methods and the possibility that " "there are multiple ones for a single user the heuristic used by pam_sss to " @@ -5100,59 +5101,59 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4470 +#: sssd.conf.5.xml:4472 msgid "[prompting/password]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4473 +#: sssd.conf.5.xml:4475 msgid "password_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4474 +#: sssd.conf.5.xml:4476 msgid "to change the string of the password prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4472 +#: sssd.conf.5.xml:4474 msgid "" "to configure password prompting, allowed options are: <placeholder " "type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4482 +#: sssd.conf.5.xml:4484 msgid "[prompting/2fa]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4486 +#: sssd.conf.5.xml:4488 msgid "first_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4487 +#: sssd.conf.5.xml:4489 msgid "to change the string of the prompt for the first factor" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4490 +#: sssd.conf.5.xml:4492 msgid "second_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4491 +#: sssd.conf.5.xml:4493 msgid "to change the string of the prompt for the second factor" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4494 +#: sssd.conf.5.xml:4496 msgid "single_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4495 +#: sssd.conf.5.xml:4497 msgid "" "boolean value, if True there will be only a single prompt using the value of " "first_prompt where it is expected that both factors are entered as a single " @@ -5161,7 +5162,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4484 +#: sssd.conf.5.xml:4486 msgid "" "to configure two-factor authentication prompting, allowed options are: " "<placeholder type=\"variablelist\" id=\"0\"/> If the second factor is " @@ -5170,17 +5171,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4512 +#: sssd.conf.5.xml:4514 msgid "[prompting/passkey]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4518 sssd-ad.5.xml:1021 +#: sssd.conf.5.xml:4520 sssd-ad.5.xml:1021 msgid "interactive" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4520 +#: sssd.conf.5.xml:4522 msgid "" "boolean value, if True prompt a message and wait before testing the presence " "of a passkey device. Recommended if your device doesn’t have a tactile " @@ -5188,46 +5189,46 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4528 +#: sssd.conf.5.xml:4530 msgid "interactive_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4530 +#: sssd.conf.5.xml:4532 msgid "to change the message of the interactive prompt." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4535 +#: sssd.conf.5.xml:4537 msgid "touch" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4537 +#: sssd.conf.5.xml:4539 msgid "" "boolean value, if True prompt a message to remind the user to touch the " "device." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4543 +#: sssd.conf.5.xml:4545 msgid "touch_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4545 +#: sssd.conf.5.xml:4547 msgid "to change the message of the touch prompt." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4514 +#: sssd.conf.5.xml:4516 msgid "" "to configure passkey authentication prompting, allowed options are: " "<placeholder type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4465 +#: sssd.conf.5.xml:4467 msgid "" "Each supported authentication method has its own configuration subsection " "under <quote>[prompting/...]</quote>. Currently there are: <placeholder " @@ -5236,7 +5237,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4556 +#: sssd.conf.5.xml:4558 msgid "" "It is possible to add a subsection for specific PAM services, e.g. " "<quote>[prompting/password/sshd]</quote> to individual change the prompting " @@ -5244,12 +5245,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4563 pam_sss_gss.8.xml:157 idmap_sss.8.xml:43 +#: sssd.conf.5.xml:4565 pam_sss_gss.8.xml:157 idmap_sss.8.xml:43 msgid "EXAMPLES" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4569 +#: sssd.conf.5.xml:4571 #, no-wrap msgid "" "[sssd]\n" @@ -5279,7 +5280,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4565 +#: sssd.conf.5.xml:4567 msgid "" "1. The following example shows a typical SSSD config. It does not describe " "configuration of the domains themselves - refer to documentation on " @@ -5288,7 +5289,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4602 +#: sssd.conf.5.xml:4604 #, no-wrap msgid "" "[domain/ipa.com/child.ad.com]\n" @@ -5296,7 +5297,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4596 +#: sssd.conf.5.xml:4598 msgid "" "2. The following example shows configuration of IPA AD trust where the AD " "forest consists of two domains in a parent-child structure. Suppose IPA " @@ -5307,7 +5308,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4613 +#: sssd.conf.5.xml:4615 #, no-wrap msgid "" "[certmap/my.domain/rule_name]\n" @@ -5318,7 +5319,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4607 +#: sssd.conf.5.xml:4609 msgid "" "3. The following example shows the configuration of a certificate mapping " "rule. It is valid for the configured domain <quote>my.domain</quote> and " diff --git a/src/man/po/fi.po b/src/man/po/fi.po index 04ef609fd1a..c4d7f56c373 100644 --- a/src/man/po/fi.po +++ b/src/man/po/fi.po @@ -3,7 +3,7 @@ msgid "" msgstr "" "Project-Id-Version: sssd-docs 2.3.0\n" "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" -"POT-Creation-Date: 2023-11-13 11:53+0100\n" +"POT-Creation-Date: 2024-01-12 13:00+0100\n" "PO-Revision-Date: 2022-03-20 19:16+0000\n" "Last-Translator: Jan Kuparinen <copper_fin@hotmail.com>\n" "Language-Team: Finnish <https://translate.fedoraproject.org/projects/sssd/" @@ -222,7 +222,7 @@ msgstr "" #. type: Content of: <variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:149 sssd.conf.5.xml:652 sssd.conf.5.xml:949 -#: sssd.conf.5.xml:2101 sssd.conf.5.xml:2168 sssd.conf.5.xml:4191 +#: sssd.conf.5.xml:2101 sssd.conf.5.xml:2168 sssd.conf.5.xml:4193 #: sssd-ldap.5.xml:313 sssd-ldap.5.xml:919 sssd-ldap.5.xml:938 #: sssd-ldap.5.xml:1148 sssd-ldap.5.xml:1601 sssd-ldap.5.xml:1841 #: sssd-ipa.5.xml:152 sssd-ipa.5.xml:254 sssd-ipa.5.xml:662 sssd-ad.5.xml:1106 @@ -291,7 +291,7 @@ msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:196 sssd.conf.5.xml:1290 sssd.conf.5.xml:1767 -#: sssd.conf.5.xml:4207 sssd-ldap.5.xml:766 include/ldap_id_mapping.xml:270 +#: sssd.conf.5.xml:4209 sssd-ldap.5.xml:766 include/ldap_id_mapping.xml:270 msgid "Default: 10" msgstr "" @@ -874,7 +874,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:700 sssd.conf.5.xml:1791 sssd.conf.5.xml:4257 +#: sssd.conf.5.xml:700 sssd.conf.5.xml:1791 sssd.conf.5.xml:4259 #: sssd-ad.5.xml:187 sssd-ad.5.xml:327 sssd-ad.5.xml:341 msgid "Default: Not set" msgstr "Oletus: ei asetettu" @@ -2056,7 +2056,7 @@ msgid "The path to the certificate database." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1723 sssd.conf.5.xml:2248 sssd.conf.5.xml:4371 +#: sssd.conf.5.xml:1723 sssd.conf.5.xml:2248 sssd.conf.5.xml:4373 msgid "Default:" msgstr "Oletus:" @@ -2326,7 +2326,7 @@ msgid "Default: no_session" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1950 sssd.conf.5.xml:4310 +#: sssd.conf.5.xml:1950 sssd.conf.5.xml:4312 msgid "pam_gssapi_services" msgstr "" @@ -2372,7 +2372,7 @@ msgid "Default: - (GSSAPI authentication is disabled)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1979 sssd.conf.5.xml:4311 +#: sssd.conf.5.xml:1979 sssd.conf.5.xml:4313 msgid "pam_gssapi_check_upn" msgstr "" @@ -3546,10 +3546,9 @@ msgstr "" #: sssd.conf.5.xml:3042 sssd.conf.5.xml:3153 sssd.conf.5.xml:3204 #: sssd.conf.5.xml:3267 msgid "" -"<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management " -"provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> " -"<manvolnum>5</manvolnum> </citerefentry> for more information on configuring " -"FreeIPA." +"<quote>ipa</quote>: FreeIPA and Red Hat Identity Management provider. See " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring FreeIPA." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> @@ -4618,35 +4617,37 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:4034 -msgid "This option is ignored for the files provider." +msgid "" +"It is expected that the <quote>files</quote> provider ignores the " +"local_auth_policy option and supports Smartcard authentication by default." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4037 +#: sssd.conf.5.xml:4039 #, fuzzy #| msgid "Default: true" msgid "Default: match" msgstr "Oletus:tosi" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4042 +#: sssd.conf.5.xml:4044 msgid "auto_private_groups (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4048 +#: sssd.conf.5.xml:4050 msgid "true" msgstr "tosi" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4051 +#: sssd.conf.5.xml:4053 msgid "" "Create user's private group unconditionally from user's UID number. The GID " "number is ignored in this case." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4055 +#: sssd.conf.5.xml:4057 msgid "" "NOTE: Because the GID number and the user private group are inferred from " "the UID number, it is not supported to have multiple entries with the same " @@ -4655,24 +4656,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4064 +#: sssd.conf.5.xml:4066 msgid "false" msgstr "epätosi" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4067 +#: sssd.conf.5.xml:4069 msgid "" "Always use the user's primary GID number. The GID number must refer to a " "group object in the LDAP database." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4073 +#: sssd.conf.5.xml:4075 msgid "hybrid" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4076 +#: sssd.conf.5.xml:4078 msgid "" "A primary group is autogenerated for user entries whose UID and GID numbers " "have the same value and at the same time the GID number does not correspond " @@ -4682,14 +4683,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4089 +#: sssd.conf.5.xml:4091 msgid "" "If the UID and GID of a user are different, then the GID must correspond to " "a group entry, otherwise the GID is simply not resolvable." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4096 +#: sssd.conf.5.xml:4098 msgid "" "This feature is useful for environments that wish to stop maintaining a " "separate group objects for the user private groups, but also wish to retain " @@ -4697,21 +4698,21 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4045 +#: sssd.conf.5.xml:4047 msgid "" "This option takes any of three available values: <placeholder " "type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4108 +#: sssd.conf.5.xml:4110 msgid "" "For subdomains, the default value is False for subdomains that use assigned " "POSIX IDs and True for subdomains that use automatic ID-mapping." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:4116 +#: sssd.conf.5.xml:4118 #, no-wrap msgid "" "[domain/forest.domain/sub.domain]\n" @@ -4719,7 +4720,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:4122 +#: sssd.conf.5.xml:4124 #, no-wrap msgid "" "[domain/forest.domain]\n" @@ -4728,7 +4729,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4113 +#: sssd.conf.5.xml:4115 msgid "" "The value of auto_private_groups can either be set per subdomains in a " "subsection, for example: <placeholder type=\"programlisting\" id=\"0\"/> or " @@ -4745,17 +4746,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4137 +#: sssd.conf.5.xml:4139 msgid "proxy_pam_target (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4140 +#: sssd.conf.5.xml:4142 msgid "The proxy target PAM proxies to." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4143 +#: sssd.conf.5.xml:4145 msgid "" "Default: not set by default, you have to take an existing pam configuration " "or create a new one and add the service name here. As an alternative you can " @@ -4763,12 +4764,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4153 +#: sssd.conf.5.xml:4155 msgid "proxy_lib_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4156 +#: sssd.conf.5.xml:4158 msgid "" "The name of the NSS library to use in proxy domains. The NSS functions " "searched for in the library are in the form of _nss_$(libName)_$(function), " @@ -4776,12 +4777,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4166 +#: sssd.conf.5.xml:4168 msgid "proxy_resolver_lib_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4169 +#: sssd.conf.5.xml:4171 msgid "" "The name of the NSS library to use for hosts and networks lookups in proxy " "domains. The NSS functions searched for in the library are in the form of " @@ -4789,12 +4790,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4180 +#: sssd.conf.5.xml:4182 msgid "proxy_fast_alias (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4183 +#: sssd.conf.5.xml:4185 msgid "" "When a user or group is looked up by name in the proxy provider, a second " "lookup by ID is performed to \"canonicalize\" the name in case the requested " @@ -4803,12 +4804,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4197 +#: sssd.conf.5.xml:4199 msgid "proxy_max_children (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4200 +#: sssd.conf.5.xml:4202 msgid "" "This option specifies the number of pre-forked proxy children. It is useful " "for high-load SSSD environments where sssd may run out of available child " @@ -4816,19 +4817,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4133 +#: sssd.conf.5.xml:4135 msgid "" "Options valid for proxy domains. <placeholder type=\"variablelist\" " "id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:4216 +#: sssd.conf.5.xml:4218 msgid "Application domains" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4218 +#: sssd.conf.5.xml:4220 msgid "" "SSSD, with its D-Bus interface (see <citerefentry> <refentrytitle>sssd-ifp</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry>) is appealing to " @@ -4845,7 +4846,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4238 +#: sssd.conf.5.xml:4240 msgid "" "Please note that the application domain must still be explicitly enabled in " "the <quote>domains</quote> parameter so that the lookup order between the " @@ -4853,17 +4854,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> -#: sssd.conf.5.xml:4244 +#: sssd.conf.5.xml:4246 msgid "Application domain parameters" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4246 +#: sssd.conf.5.xml:4248 msgid "inherit_from (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4249 +#: sssd.conf.5.xml:4251 msgid "" "The SSSD POSIX-type domain the application domain inherits all settings " "from. The application domain can moreover add its own settings to the " @@ -4872,7 +4873,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4263 +#: sssd.conf.5.xml:4265 msgid "" "The following example illustrates the use of an application domain. In this " "setup, the POSIX domain is connected to an LDAP server and is used by the OS " @@ -4882,7 +4883,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><programlisting> -#: sssd.conf.5.xml:4271 +#: sssd.conf.5.xml:4273 #, no-wrap msgid "" "[sssd]\n" @@ -4902,12 +4903,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4291 +#: sssd.conf.5.xml:4293 msgid "TRUSTED DOMAIN SECTION" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4293 +#: sssd.conf.5.xml:4295 msgid "" "Some options used in the domain section can also be used in the trusted " "domain section, that is, in a section called <quote>[domain/" @@ -4918,69 +4919,69 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4300 +#: sssd.conf.5.xml:4302 msgid "ldap_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4301 +#: sssd.conf.5.xml:4303 msgid "ldap_user_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4302 +#: sssd.conf.5.xml:4304 msgid "ldap_group_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4303 +#: sssd.conf.5.xml:4305 msgid "ldap_netgroup_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4304 +#: sssd.conf.5.xml:4306 msgid "ldap_service_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4305 +#: sssd.conf.5.xml:4307 msgid "ldap_sasl_mech," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4306 +#: sssd.conf.5.xml:4308 msgid "ad_server," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4307 +#: sssd.conf.5.xml:4309 msgid "ad_backup_server," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4308 +#: sssd.conf.5.xml:4310 msgid "ad_site," msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4309 sssd-ipa.5.xml:884 +#: sssd.conf.5.xml:4311 sssd-ipa.5.xml:884 msgid "use_fully_qualified_names" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4313 +#: sssd.conf.5.xml:4315 msgid "" "For more details about these options see their individual description in the " "manual page." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4319 +#: sssd.conf.5.xml:4321 msgid "CERTIFICATE MAPPING SECTION" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4321 +#: sssd.conf.5.xml:4323 msgid "" "To allow authentication with Smartcards and certificates SSSD must be able " "to map certificates to users. This can be done by adding the full " @@ -4993,7 +4994,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4335 +#: sssd.conf.5.xml:4337 msgid "" "To make the mapping more flexible mapping and matching rules were added to " "SSSD (see <citerefentry> <refentrytitle>sss-certmap</refentrytitle> " @@ -5001,7 +5002,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4344 +#: sssd.conf.5.xml:4346 msgid "" "A mapping and matching rule can be added to the SSSD configuration in a " "section on its own with a name like <quote>[certmap/" @@ -5010,55 +5011,55 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4351 +#: sssd.conf.5.xml:4353 msgid "matchrule (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4354 +#: sssd.conf.5.xml:4356 msgid "" "Only certificates from the Smartcard which matches this rule will be " "processed, all others are ignored." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4358 +#: sssd.conf.5.xml:4360 msgid "" "Default: KRB5:<EKU>clientAuth, i.e. only certificates which have the " "Extended Key Usage <quote>clientAuth</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4365 +#: sssd.conf.5.xml:4367 msgid "maprule (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4368 +#: sssd.conf.5.xml:4370 msgid "Defines how the user is found for a given certificate." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4374 +#: sssd.conf.5.xml:4376 msgid "" "LDAP:(userCertificate;binary={cert!bin}) for LDAP based providers like " "<quote>ldap</quote>, <quote>AD</quote> or <quote>ipa</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4380 +#: sssd.conf.5.xml:4382 msgid "" "The RULE_NAME for the <quote>files</quote> provider which tries to find a " "user with the same name." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4389 +#: sssd.conf.5.xml:4391 msgid "domains (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4392 +#: sssd.conf.5.xml:4394 msgid "" "Comma separated list of domain names the rule should be applied. By default " "a rule is only valid in the domain configured in sssd.conf. If the provider " @@ -5067,17 +5068,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4399 +#: sssd.conf.5.xml:4401 msgid "Default: the configured domain in sssd.conf" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4404 +#: sssd.conf.5.xml:4406 msgid "priority (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4407 +#: sssd.conf.5.xml:4409 msgid "" "Unsigned integer value defining the priority of the rule. The higher the " "number the lower the priority. <quote>0</quote> stands for the highest " @@ -5085,26 +5086,26 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4413 +#: sssd.conf.5.xml:4415 msgid "Default: the lowest priority" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4419 +#: sssd.conf.5.xml:4421 msgid "" "To make the configuration simple and reduce the amount of configuration " "options the <quote>files</quote> provider has some special properties:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4425 +#: sssd.conf.5.xml:4427 msgid "" "if maprule is not set the RULE_NAME name is assumed to be the name of the " "matching user" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4431 +#: sssd.conf.5.xml:4433 msgid "" "if a maprule is used both a single user name or a template like " "<quote>{subject_rfc822_name.short_name}</quote> must be in braces like e.g. " @@ -5113,17 +5114,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4440 +#: sssd.conf.5.xml:4442 msgid "the <quote>domains</quote> option is ignored" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4448 +#: sssd.conf.5.xml:4450 msgid "PROMPTING CONFIGURATION SECTION" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4450 +#: sssd.conf.5.xml:4452 msgid "" "If a special file (<filename>/var/lib/sss/pubconf/pam_preauth_available</" "filename>) exists SSSD's PAM module pam_sss will ask SSSD to figure out " @@ -5133,7 +5134,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4458 +#: sssd.conf.5.xml:4460 msgid "" "With the growing number of authentication methods and the possibility that " "there are multiple ones for a single user the heuristic used by pam_sss to " @@ -5142,59 +5143,59 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4470 +#: sssd.conf.5.xml:4472 msgid "[prompting/password]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4473 +#: sssd.conf.5.xml:4475 msgid "password_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4474 +#: sssd.conf.5.xml:4476 msgid "to change the string of the password prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4472 +#: sssd.conf.5.xml:4474 msgid "" "to configure password prompting, allowed options are: <placeholder " "type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4482 +#: sssd.conf.5.xml:4484 msgid "[prompting/2fa]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4486 +#: sssd.conf.5.xml:4488 msgid "first_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4487 +#: sssd.conf.5.xml:4489 msgid "to change the string of the prompt for the first factor" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4490 +#: sssd.conf.5.xml:4492 msgid "second_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4491 +#: sssd.conf.5.xml:4493 msgid "to change the string of the prompt for the second factor" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4494 +#: sssd.conf.5.xml:4496 msgid "single_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4495 +#: sssd.conf.5.xml:4497 msgid "" "boolean value, if True there will be only a single prompt using the value of " "first_prompt where it is expected that both factors are entered as a single " @@ -5203,7 +5204,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4484 +#: sssd.conf.5.xml:4486 msgid "" "to configure two-factor authentication prompting, allowed options are: " "<placeholder type=\"variablelist\" id=\"0\"/> If the second factor is " @@ -5212,17 +5213,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4512 +#: sssd.conf.5.xml:4514 msgid "[prompting/passkey]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4518 sssd-ad.5.xml:1021 +#: sssd.conf.5.xml:4520 sssd-ad.5.xml:1021 msgid "interactive" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4520 +#: sssd.conf.5.xml:4522 msgid "" "boolean value, if True prompt a message and wait before testing the presence " "of a passkey device. Recommended if your device doesn’t have a tactile " @@ -5230,46 +5231,46 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4528 +#: sssd.conf.5.xml:4530 msgid "interactive_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4530 +#: sssd.conf.5.xml:4532 msgid "to change the message of the interactive prompt." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4535 +#: sssd.conf.5.xml:4537 msgid "touch" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4537 +#: sssd.conf.5.xml:4539 msgid "" "boolean value, if True prompt a message to remind the user to touch the " "device." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4543 +#: sssd.conf.5.xml:4545 msgid "touch_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4545 +#: sssd.conf.5.xml:4547 msgid "to change the message of the touch prompt." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4514 +#: sssd.conf.5.xml:4516 msgid "" "to configure passkey authentication prompting, allowed options are: " "<placeholder type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4465 +#: sssd.conf.5.xml:4467 msgid "" "Each supported authentication method has its own configuration subsection " "under <quote>[prompting/...]</quote>. Currently there are: <placeholder " @@ -5278,7 +5279,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4556 +#: sssd.conf.5.xml:4558 msgid "" "It is possible to add a subsection for specific PAM services, e.g. " "<quote>[prompting/password/sshd]</quote> to individual change the prompting " @@ -5286,12 +5287,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4563 pam_sss_gss.8.xml:157 idmap_sss.8.xml:43 +#: sssd.conf.5.xml:4565 pam_sss_gss.8.xml:157 idmap_sss.8.xml:43 msgid "EXAMPLES" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4569 +#: sssd.conf.5.xml:4571 #, no-wrap msgid "" "[sssd]\n" @@ -5321,7 +5322,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4565 +#: sssd.conf.5.xml:4567 msgid "" "1. The following example shows a typical SSSD config. It does not describe " "configuration of the domains themselves - refer to documentation on " @@ -5330,7 +5331,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4602 +#: sssd.conf.5.xml:4604 #, no-wrap msgid "" "[domain/ipa.com/child.ad.com]\n" @@ -5338,7 +5339,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4596 +#: sssd.conf.5.xml:4598 msgid "" "2. The following example shows configuration of IPA AD trust where the AD " "forest consists of two domains in a parent-child structure. Suppose IPA " @@ -5349,7 +5350,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4613 +#: sssd.conf.5.xml:4615 #, no-wrap msgid "" "[certmap/my.domain/rule_name]\n" @@ -5360,7 +5361,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4607 +#: sssd.conf.5.xml:4609 msgid "" "3. The following example shows the configuration of a certificate mapping " "rule. It is valid for the configured domain <quote>my.domain</quote> and " diff --git a/src/man/po/fr.po b/src/man/po/fr.po index cedfbf8ea15..a19c03f038a 100644 --- a/src/man/po/fr.po +++ b/src/man/po/fr.po @@ -17,7 +17,7 @@ msgid "" msgstr "" "Project-Id-Version: sssd-docs 2.3.0\n" "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" -"POT-Creation-Date: 2023-11-13 11:53+0100\n" +"POT-Creation-Date: 2024-01-12 13:00+0100\n" "PO-Revision-Date: 2020-07-22 07:49-0400\n" "Last-Translator: Copied by Zanata <copied-by-zanata@zanata.org>\n" "Language-Team: French (http://www.transifex.com/projects/p/sssd/language/" @@ -260,7 +260,7 @@ msgstr "" #. type: Content of: <variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:149 sssd.conf.5.xml:652 sssd.conf.5.xml:949 -#: sssd.conf.5.xml:2101 sssd.conf.5.xml:2168 sssd.conf.5.xml:4191 +#: sssd.conf.5.xml:2101 sssd.conf.5.xml:2168 sssd.conf.5.xml:4193 #: sssd-ldap.5.xml:313 sssd-ldap.5.xml:919 sssd-ldap.5.xml:938 #: sssd-ldap.5.xml:1148 sssd-ldap.5.xml:1601 sssd-ldap.5.xml:1841 #: sssd-ipa.5.xml:152 sssd-ipa.5.xml:254 sssd-ipa.5.xml:662 sssd-ad.5.xml:1106 @@ -331,7 +331,7 @@ msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:196 sssd.conf.5.xml:1290 sssd.conf.5.xml:1767 -#: sssd.conf.5.xml:4207 sssd-ldap.5.xml:766 include/ldap_id_mapping.xml:270 +#: sssd.conf.5.xml:4209 sssd-ldap.5.xml:766 include/ldap_id_mapping.xml:270 msgid "Default: 10" msgstr "Par défaut : 10" @@ -964,7 +964,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:700 sssd.conf.5.xml:1791 sssd.conf.5.xml:4257 +#: sssd.conf.5.xml:700 sssd.conf.5.xml:1791 sssd.conf.5.xml:4259 #: sssd-ad.5.xml:187 sssd-ad.5.xml:327 sssd-ad.5.xml:341 msgid "Default: Not set" msgstr "Par défaut : non défini" @@ -2306,7 +2306,7 @@ msgid "The path to the certificate database." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1723 sssd.conf.5.xml:2248 sssd.conf.5.xml:4371 +#: sssd.conf.5.xml:1723 sssd.conf.5.xml:2248 sssd.conf.5.xml:4373 msgid "Default:" msgstr "" @@ -2581,7 +2581,7 @@ msgid "Default: no_session" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1950 sssd.conf.5.xml:4310 +#: sssd.conf.5.xml:1950 sssd.conf.5.xml:4312 #, fuzzy #| msgid "ad_gpo_map_service (string)" msgid "pam_gssapi_services" @@ -2635,7 +2635,7 @@ msgid "Default: - (GSSAPI authentication is disabled)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1979 sssd.conf.5.xml:4311 +#: sssd.conf.5.xml:1979 sssd.conf.5.xml:4313 msgid "pam_gssapi_check_upn" msgstr "" @@ -3919,11 +3919,16 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:3042 sssd.conf.5.xml:3153 sssd.conf.5.xml:3204 #: sssd.conf.5.xml:3267 +#, fuzzy +#| msgid "" +#| "<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management " +#| "provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> " +#| "<manvolnum>5</manvolnum> </citerefentry> for more information on " +#| "configuring FreeIPA." msgid "" -"<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management " -"provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> " -"<manvolnum>5</manvolnum> </citerefentry> for more information on configuring " -"FreeIPA." +"<quote>ipa</quote>: FreeIPA and Red Hat Identity Management provider. See " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring FreeIPA." msgstr "" "<quote>ipa</quote> : fournisseur FreeIPA et Red Hat Enterprise Identity " "Management. Cf. <citerefentry><refentrytitle>sssd-ipa</refentrytitle> " @@ -5162,37 +5167,37 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:4034 -#, fuzzy -#| msgid "This option is not available in IPA provider." -msgid "This option is ignored for the files provider." -msgstr "Cette option n'est pas disponible dans le fournisseur IPA." +msgid "" +"It is expected that the <quote>files</quote> provider ignores the " +"local_auth_policy option and supports Smartcard authentication by default." +msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4037 +#: sssd.conf.5.xml:4039 #, fuzzy #| msgid "Default: cn" msgid "Default: match" msgstr "Par défaut : cn" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4042 +#: sssd.conf.5.xml:4044 msgid "auto_private_groups (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4048 +#: sssd.conf.5.xml:4050 msgid "true" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4051 +#: sssd.conf.5.xml:4053 msgid "" "Create user's private group unconditionally from user's UID number. The GID " "number is ignored in this case." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4055 +#: sssd.conf.5.xml:4057 msgid "" "NOTE: Because the GID number and the user private group are inferred from " "the UID number, it is not supported to have multiple entries with the same " @@ -5201,24 +5206,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4064 +#: sssd.conf.5.xml:4066 msgid "false" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4067 +#: sssd.conf.5.xml:4069 msgid "" "Always use the user's primary GID number. The GID number must refer to a " "group object in the LDAP database." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4073 +#: sssd.conf.5.xml:4075 msgid "hybrid" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4076 +#: sssd.conf.5.xml:4078 msgid "" "A primary group is autogenerated for user entries whose UID and GID numbers " "have the same value and at the same time the GID number does not correspond " @@ -5228,14 +5233,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4089 +#: sssd.conf.5.xml:4091 msgid "" "If the UID and GID of a user are different, then the GID must correspond to " "a group entry, otherwise the GID is simply not resolvable." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4096 +#: sssd.conf.5.xml:4098 msgid "" "This feature is useful for environments that wish to stop maintaining a " "separate group objects for the user private groups, but also wish to retain " @@ -5243,21 +5248,21 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4045 +#: sssd.conf.5.xml:4047 msgid "" "This option takes any of three available values: <placeholder " "type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4108 +#: sssd.conf.5.xml:4110 msgid "" "For subdomains, the default value is False for subdomains that use assigned " "POSIX IDs and True for subdomains that use automatic ID-mapping." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:4116 +#: sssd.conf.5.xml:4118 #, no-wrap msgid "" "[domain/forest.domain/sub.domain]\n" @@ -5265,7 +5270,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:4122 +#: sssd.conf.5.xml:4124 #, no-wrap msgid "" "[domain/forest.domain]\n" @@ -5274,7 +5279,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4113 +#: sssd.conf.5.xml:4115 msgid "" "The value of auto_private_groups can either be set per subdomains in a " "subsection, for example: <placeholder type=\"programlisting\" id=\"0\"/> or " @@ -5295,17 +5300,17 @@ msgstr "" "id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4137 +#: sssd.conf.5.xml:4139 msgid "proxy_pam_target (string)" msgstr "proxy_pam_target (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4140 +#: sssd.conf.5.xml:4142 msgid "The proxy target PAM proxies to." msgstr "Le proxy cible duquel PAM devient mandataire." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4143 +#: sssd.conf.5.xml:4145 #, fuzzy #| msgid "" #| "Default: not set by default, you have to take an existing pam " @@ -5319,12 +5324,12 @@ msgstr "" "ou en créer une nouvelle et ajouter le nom de service ici." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4153 +#: sssd.conf.5.xml:4155 msgid "proxy_lib_name (string)" msgstr "proxy_lib_name (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4156 +#: sssd.conf.5.xml:4158 msgid "" "The name of the NSS library to use in proxy domains. The NSS functions " "searched for in the library are in the form of _nss_$(libName)_$(function), " @@ -5335,12 +5340,12 @@ msgstr "" "_nss_$(libName)_$(function), par exemple _nss_files_getpwent." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4166 +#: sssd.conf.5.xml:4168 msgid "proxy_resolver_lib_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4169 +#: sssd.conf.5.xml:4171 msgid "" "The name of the NSS library to use for hosts and networks lookups in proxy " "domains. The NSS functions searched for in the library are in the form of " @@ -5348,12 +5353,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4180 +#: sssd.conf.5.xml:4182 msgid "proxy_fast_alias (boolean)" msgstr "proxy_fast_alias (boolean)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4183 +#: sssd.conf.5.xml:4185 msgid "" "When a user or group is looked up by name in the proxy provider, a second " "lookup by ID is performed to \"canonicalize\" the name in case the requested " @@ -5367,12 +5372,12 @@ msgstr "" "afin d'améliorer les performances." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4197 +#: sssd.conf.5.xml:4199 msgid "proxy_max_children (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4200 +#: sssd.conf.5.xml:4202 msgid "" "This option specifies the number of pre-forked proxy children. It is useful " "for high-load SSSD environments where sssd may run out of available child " @@ -5380,7 +5385,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4133 +#: sssd.conf.5.xml:4135 msgid "" "Options valid for proxy domains. <placeholder type=\"variablelist\" " "id=\"0\"/>" @@ -5389,12 +5394,12 @@ msgstr "" "id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:4216 +#: sssd.conf.5.xml:4218 msgid "Application domains" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4218 +#: sssd.conf.5.xml:4220 msgid "" "SSSD, with its D-Bus interface (see <citerefentry> <refentrytitle>sssd-ifp</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry>) is appealing to " @@ -5411,7 +5416,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4238 +#: sssd.conf.5.xml:4240 msgid "" "Please note that the application domain must still be explicitly enabled in " "the <quote>domains</quote> parameter so that the lookup order between the " @@ -5419,17 +5424,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> -#: sssd.conf.5.xml:4244 +#: sssd.conf.5.xml:4246 msgid "Application domain parameters" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4246 +#: sssd.conf.5.xml:4248 msgid "inherit_from (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4249 +#: sssd.conf.5.xml:4251 msgid "" "The SSSD POSIX-type domain the application domain inherits all settings " "from. The application domain can moreover add its own settings to the " @@ -5438,7 +5443,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4263 +#: sssd.conf.5.xml:4265 msgid "" "The following example illustrates the use of an application domain. In this " "setup, the POSIX domain is connected to an LDAP server and is used by the OS " @@ -5448,7 +5453,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><programlisting> -#: sssd.conf.5.xml:4271 +#: sssd.conf.5.xml:4273 #, no-wrap msgid "" "[sssd]\n" @@ -5468,12 +5473,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4291 +#: sssd.conf.5.xml:4293 msgid "TRUSTED DOMAIN SECTION" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4293 +#: sssd.conf.5.xml:4295 msgid "" "Some options used in the domain section can also be used in the trusted " "domain section, that is, in a section called <quote>[domain/" @@ -5484,69 +5489,69 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4300 +#: sssd.conf.5.xml:4302 msgid "ldap_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4301 +#: sssd.conf.5.xml:4303 msgid "ldap_user_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4302 +#: sssd.conf.5.xml:4304 msgid "ldap_group_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4303 +#: sssd.conf.5.xml:4305 msgid "ldap_netgroup_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4304 +#: sssd.conf.5.xml:4306 msgid "ldap_service_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4305 +#: sssd.conf.5.xml:4307 msgid "ldap_sasl_mech," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4306 +#: sssd.conf.5.xml:4308 msgid "ad_server," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4307 +#: sssd.conf.5.xml:4309 msgid "ad_backup_server," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4308 +#: sssd.conf.5.xml:4310 msgid "ad_site," msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4309 sssd-ipa.5.xml:884 +#: sssd.conf.5.xml:4311 sssd-ipa.5.xml:884 msgid "use_fully_qualified_names" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4313 +#: sssd.conf.5.xml:4315 msgid "" "For more details about these options see their individual description in the " "manual page." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4319 +#: sssd.conf.5.xml:4321 msgid "CERTIFICATE MAPPING SECTION" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4321 +#: sssd.conf.5.xml:4323 msgid "" "To allow authentication with Smartcards and certificates SSSD must be able " "to map certificates to users. This can be done by adding the full " @@ -5559,7 +5564,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4335 +#: sssd.conf.5.xml:4337 msgid "" "To make the mapping more flexible mapping and matching rules were added to " "SSSD (see <citerefentry> <refentrytitle>sss-certmap</refentrytitle> " @@ -5567,7 +5572,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4344 +#: sssd.conf.5.xml:4346 msgid "" "A mapping and matching rule can be added to the SSSD configuration in a " "section on its own with a name like <quote>[certmap/" @@ -5576,55 +5581,55 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4351 +#: sssd.conf.5.xml:4353 msgid "matchrule (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4354 +#: sssd.conf.5.xml:4356 msgid "" "Only certificates from the Smartcard which matches this rule will be " "processed, all others are ignored." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4358 +#: sssd.conf.5.xml:4360 msgid "" "Default: KRB5:<EKU>clientAuth, i.e. only certificates which have the " "Extended Key Usage <quote>clientAuth</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4365 +#: sssd.conf.5.xml:4367 msgid "maprule (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4368 +#: sssd.conf.5.xml:4370 msgid "Defines how the user is found for a given certificate." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4374 +#: sssd.conf.5.xml:4376 msgid "" "LDAP:(userCertificate;binary={cert!bin}) for LDAP based providers like " "<quote>ldap</quote>, <quote>AD</quote> or <quote>ipa</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4380 +#: sssd.conf.5.xml:4382 msgid "" "The RULE_NAME for the <quote>files</quote> provider which tries to find a " "user with the same name." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4389 +#: sssd.conf.5.xml:4391 msgid "domains (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4392 +#: sssd.conf.5.xml:4394 msgid "" "Comma separated list of domain names the rule should be applied. By default " "a rule is only valid in the domain configured in sssd.conf. If the provider " @@ -5633,17 +5638,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4399 +#: sssd.conf.5.xml:4401 msgid "Default: the configured domain in sssd.conf" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4404 +#: sssd.conf.5.xml:4406 msgid "priority (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4407 +#: sssd.conf.5.xml:4409 msgid "" "Unsigned integer value defining the priority of the rule. The higher the " "number the lower the priority. <quote>0</quote> stands for the highest " @@ -5651,26 +5656,26 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4413 +#: sssd.conf.5.xml:4415 msgid "Default: the lowest priority" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4419 +#: sssd.conf.5.xml:4421 msgid "" "To make the configuration simple and reduce the amount of configuration " "options the <quote>files</quote> provider has some special properties:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4425 +#: sssd.conf.5.xml:4427 msgid "" "if maprule is not set the RULE_NAME name is assumed to be the name of the " "matching user" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4431 +#: sssd.conf.5.xml:4433 msgid "" "if a maprule is used both a single user name or a template like " "<quote>{subject_rfc822_name.short_name}</quote> must be in braces like e.g. " @@ -5679,17 +5684,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4440 +#: sssd.conf.5.xml:4442 msgid "the <quote>domains</quote> option is ignored" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4448 +#: sssd.conf.5.xml:4450 msgid "PROMPTING CONFIGURATION SECTION" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4450 +#: sssd.conf.5.xml:4452 msgid "" "If a special file (<filename>/var/lib/sss/pubconf/pam_preauth_available</" "filename>) exists SSSD's PAM module pam_sss will ask SSSD to figure out " @@ -5699,7 +5704,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4458 +#: sssd.conf.5.xml:4460 msgid "" "With the growing number of authentication methods and the possibility that " "there are multiple ones for a single user the heuristic used by pam_sss to " @@ -5708,59 +5713,59 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4470 +#: sssd.conf.5.xml:4472 msgid "[prompting/password]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4473 +#: sssd.conf.5.xml:4475 msgid "password_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4474 +#: sssd.conf.5.xml:4476 msgid "to change the string of the password prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4472 +#: sssd.conf.5.xml:4474 msgid "" "to configure password prompting, allowed options are: <placeholder " "type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4482 +#: sssd.conf.5.xml:4484 msgid "[prompting/2fa]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4486 +#: sssd.conf.5.xml:4488 msgid "first_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4487 +#: sssd.conf.5.xml:4489 msgid "to change the string of the prompt for the first factor" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4490 +#: sssd.conf.5.xml:4492 msgid "second_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4491 +#: sssd.conf.5.xml:4493 msgid "to change the string of the prompt for the second factor" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4494 +#: sssd.conf.5.xml:4496 msgid "single_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4495 +#: sssd.conf.5.xml:4497 msgid "" "boolean value, if True there will be only a single prompt using the value of " "first_prompt where it is expected that both factors are entered as a single " @@ -5769,7 +5774,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4484 +#: sssd.conf.5.xml:4486 msgid "" "to configure two-factor authentication prompting, allowed options are: " "<placeholder type=\"variablelist\" id=\"0\"/> If the second factor is " @@ -5778,17 +5783,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4512 +#: sssd.conf.5.xml:4514 msgid "[prompting/passkey]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4518 sssd-ad.5.xml:1021 +#: sssd.conf.5.xml:4520 sssd-ad.5.xml:1021 msgid "interactive" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4520 +#: sssd.conf.5.xml:4522 msgid "" "boolean value, if True prompt a message and wait before testing the presence " "of a passkey device. Recommended if your device doesn’t have a tactile " @@ -5796,39 +5801,39 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4528 +#: sssd.conf.5.xml:4530 msgid "interactive_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4530 +#: sssd.conf.5.xml:4532 msgid "to change the message of the interactive prompt." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4535 +#: sssd.conf.5.xml:4537 msgid "touch" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4537 +#: sssd.conf.5.xml:4539 msgid "" "boolean value, if True prompt a message to remind the user to touch the " "device." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4543 +#: sssd.conf.5.xml:4545 msgid "touch_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4545 +#: sssd.conf.5.xml:4547 msgid "to change the message of the touch prompt." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4514 +#: sssd.conf.5.xml:4516 #, fuzzy #| msgid "" #| "The following expansions are supported: <placeholder " @@ -5841,7 +5846,7 @@ msgstr "" "type=\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4465 +#: sssd.conf.5.xml:4467 msgid "" "Each supported authentication method has its own configuration subsection " "under <quote>[prompting/...]</quote>. Currently there are: <placeholder " @@ -5850,7 +5855,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4556 +#: sssd.conf.5.xml:4558 msgid "" "It is possible to add a subsection for specific PAM services, e.g. " "<quote>[prompting/password/sshd]</quote> to individual change the prompting " @@ -5858,12 +5863,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4563 pam_sss_gss.8.xml:157 idmap_sss.8.xml:43 +#: sssd.conf.5.xml:4565 pam_sss_gss.8.xml:157 idmap_sss.8.xml:43 msgid "EXAMPLES" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4569 +#: sssd.conf.5.xml:4571 #, no-wrap msgid "" "[sssd]\n" @@ -5917,7 +5922,7 @@ msgstr "" "enumerate = False\n" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4565 +#: sssd.conf.5.xml:4567 msgid "" "1. The following example shows a typical SSSD config. It does not describe " "configuration of the domains themselves - refer to documentation on " @@ -5926,7 +5931,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4602 +#: sssd.conf.5.xml:4604 #, no-wrap msgid "" "[domain/ipa.com/child.ad.com]\n" @@ -5934,7 +5939,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4596 +#: sssd.conf.5.xml:4598 msgid "" "2. The following example shows configuration of IPA AD trust where the AD " "forest consists of two domains in a parent-child structure. Suppose IPA " @@ -5945,7 +5950,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4613 +#: sssd.conf.5.xml:4615 #, no-wrap msgid "" "[certmap/my.domain/rule_name]\n" @@ -5956,7 +5961,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4607 +#: sssd.conf.5.xml:4609 msgid "" "3. The following example shows the configuration of a certificate mapping " "rule. It is valid for the configured domain <quote>my.domain</quote> and " @@ -20238,6 +20243,11 @@ msgstr "" "rendus canoniques. Cette fonctionnalité est disponible avec MIT Kerberos 1.7 " "et versions suivantes." +#, fuzzy +#~| msgid "This option is not available in IPA provider." +#~ msgid "This option is ignored for the files provider." +#~ msgstr "Cette option n'est pas disponible dans le fournisseur IPA." + #, fuzzy #~| msgid "" #~| "Determines if user credentials are also cached in the local LDB cache" diff --git a/src/man/po/ja.po b/src/man/po/ja.po index 9d17fa99a2f..5ae596c81f2 100644 --- a/src/man/po/ja.po +++ b/src/man/po/ja.po @@ -12,7 +12,7 @@ msgid "" msgstr "" "Project-Id-Version: sssd-docs 2.3.0\n" "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" -"POT-Creation-Date: 2023-11-13 11:53+0100\n" +"POT-Creation-Date: 2024-01-12 13:00+0100\n" "PO-Revision-Date: 2021-07-20 07:04+0000\n" "Last-Translator: Ludek Janda <ljanda@redhat.com>\n" "Language-Team: Japanese <https://translate.fedoraproject.org/projects/sssd/" @@ -241,7 +241,7 @@ msgstr "" #. type: Content of: <variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:149 sssd.conf.5.xml:652 sssd.conf.5.xml:949 -#: sssd.conf.5.xml:2101 sssd.conf.5.xml:2168 sssd.conf.5.xml:4191 +#: sssd.conf.5.xml:2101 sssd.conf.5.xml:2168 sssd.conf.5.xml:4193 #: sssd-ldap.5.xml:313 sssd-ldap.5.xml:919 sssd-ldap.5.xml:938 #: sssd-ldap.5.xml:1148 sssd-ldap.5.xml:1601 sssd-ldap.5.xml:1841 #: sssd-ipa.5.xml:152 sssd-ipa.5.xml:254 sssd-ipa.5.xml:662 sssd-ad.5.xml:1106 @@ -312,7 +312,7 @@ msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:196 sssd.conf.5.xml:1290 sssd.conf.5.xml:1767 -#: sssd.conf.5.xml:4207 sssd-ldap.5.xml:766 include/ldap_id_mapping.xml:270 +#: sssd.conf.5.xml:4209 sssd-ldap.5.xml:766 include/ldap_id_mapping.xml:270 msgid "Default: 10" msgstr "初期値: 10" @@ -921,7 +921,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:700 sssd.conf.5.xml:1791 sssd.conf.5.xml:4257 +#: sssd.conf.5.xml:700 sssd.conf.5.xml:1791 sssd.conf.5.xml:4259 #: sssd-ad.5.xml:187 sssd-ad.5.xml:327 sssd-ad.5.xml:341 msgid "Default: Not set" msgstr "" @@ -2210,7 +2210,7 @@ msgid "The path to the certificate database." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1723 sssd.conf.5.xml:2248 sssd.conf.5.xml:4371 +#: sssd.conf.5.xml:1723 sssd.conf.5.xml:2248 sssd.conf.5.xml:4373 msgid "Default:" msgstr "" @@ -2485,7 +2485,7 @@ msgid "Default: no_session" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1950 sssd.conf.5.xml:4310 +#: sssd.conf.5.xml:1950 sssd.conf.5.xml:4312 msgid "pam_gssapi_services" msgstr "" @@ -2536,7 +2536,7 @@ msgid "Default: - (GSSAPI authentication is disabled)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1979 sssd.conf.5.xml:4311 +#: sssd.conf.5.xml:1979 sssd.conf.5.xml:4313 msgid "pam_gssapi_check_upn" msgstr "" @@ -3770,11 +3770,16 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:3042 sssd.conf.5.xml:3153 sssd.conf.5.xml:3204 #: sssd.conf.5.xml:3267 +#, fuzzy +#| msgid "" +#| "<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management " +#| "provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> " +#| "<manvolnum>5</manvolnum> </citerefentry> for more information on " +#| "configuring FreeIPA." msgid "" -"<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management " -"provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> " -"<manvolnum>5</manvolnum> </citerefentry> for more information on configuring " -"FreeIPA." +"<quote>ipa</quote>: FreeIPA and Red Hat Identity Management provider. See " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring FreeIPA." msgstr "" "<quote>ipa</quote>: FreeIPA および Red Hat Enterprise Identity Management プ" "ロバイダー。FreeIPA の設定に関する詳細は <citerefentry> <refentrytitle>sssd-" @@ -4923,37 +4928,37 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:4034 -#, fuzzy -#| msgid "This option is not available in IPA provider." -msgid "This option is ignored for the files provider." -msgstr "このオプションは IPA プロバイダーにおいて利用可能ではありません。" +msgid "" +"It is expected that the <quote>files</quote> provider ignores the " +"local_auth_policy option and supports Smartcard authentication by default." +msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4037 +#: sssd.conf.5.xml:4039 #, fuzzy #| msgid "Default: cn" msgid "Default: match" msgstr "初期値: cn" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4042 +#: sssd.conf.5.xml:4044 msgid "auto_private_groups (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4048 +#: sssd.conf.5.xml:4050 msgid "true" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4051 +#: sssd.conf.5.xml:4053 msgid "" "Create user's private group unconditionally from user's UID number. The GID " "number is ignored in this case." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4055 +#: sssd.conf.5.xml:4057 msgid "" "NOTE: Because the GID number and the user private group are inferred from " "the UID number, it is not supported to have multiple entries with the same " @@ -4962,24 +4967,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4064 +#: sssd.conf.5.xml:4066 msgid "false" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4067 +#: sssd.conf.5.xml:4069 msgid "" "Always use the user's primary GID number. The GID number must refer to a " "group object in the LDAP database." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4073 +#: sssd.conf.5.xml:4075 msgid "hybrid" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4076 +#: sssd.conf.5.xml:4078 msgid "" "A primary group is autogenerated for user entries whose UID and GID numbers " "have the same value and at the same time the GID number does not correspond " @@ -4989,14 +4994,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4089 +#: sssd.conf.5.xml:4091 msgid "" "If the UID and GID of a user are different, then the GID must correspond to " "a group entry, otherwise the GID is simply not resolvable." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4096 +#: sssd.conf.5.xml:4098 msgid "" "This feature is useful for environments that wish to stop maintaining a " "separate group objects for the user private groups, but also wish to retain " @@ -5004,21 +5009,21 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4045 +#: sssd.conf.5.xml:4047 msgid "" "This option takes any of three available values: <placeholder " "type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4108 +#: sssd.conf.5.xml:4110 msgid "" "For subdomains, the default value is False for subdomains that use assigned " "POSIX IDs and True for subdomains that use automatic ID-mapping." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:4116 +#: sssd.conf.5.xml:4118 #, no-wrap msgid "" "[domain/forest.domain/sub.domain]\n" @@ -5026,7 +5031,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:4122 +#: sssd.conf.5.xml:4124 #, no-wrap msgid "" "[domain/forest.domain]\n" @@ -5035,7 +5040,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4113 +#: sssd.conf.5.xml:4115 msgid "" "The value of auto_private_groups can either be set per subdomains in a " "subsection, for example: <placeholder type=\"programlisting\" id=\"0\"/> or " @@ -5055,17 +5060,17 @@ msgstr "" "type=\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4137 +#: sssd.conf.5.xml:4139 msgid "proxy_pam_target (string)" msgstr "proxy_pam_target (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4140 +#: sssd.conf.5.xml:4142 msgid "The proxy target PAM proxies to." msgstr "中継するプロキシターゲット PAM です。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4143 +#: sssd.conf.5.xml:4145 #, fuzzy #| msgid "" #| "Default: not set by default, you have to take an existing pam " @@ -5079,12 +5084,12 @@ msgstr "" "をここに追加する必要があります。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4153 +#: sssd.conf.5.xml:4155 msgid "proxy_lib_name (string)" msgstr "proxy_lib_name (文字列)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4156 +#: sssd.conf.5.xml:4158 msgid "" "The name of the NSS library to use in proxy domains. The NSS functions " "searched for in the library are in the form of _nss_$(libName)_$(function), " @@ -5095,12 +5100,12 @@ msgstr "" "_nss_files_getpwent です。" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4166 +#: sssd.conf.5.xml:4168 msgid "proxy_resolver_lib_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4169 +#: sssd.conf.5.xml:4171 msgid "" "The name of the NSS library to use for hosts and networks lookups in proxy " "domains. The NSS functions searched for in the library are in the form of " @@ -5108,12 +5113,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4180 +#: sssd.conf.5.xml:4182 msgid "proxy_fast_alias (boolean)" msgstr "proxy_fast_alias (論理値)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4183 +#: sssd.conf.5.xml:4185 msgid "" "When a user or group is looked up by name in the proxy provider, a second " "lookup by ID is performed to \"canonicalize\" the name in case the requested " @@ -5122,12 +5127,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4197 +#: sssd.conf.5.xml:4199 msgid "proxy_max_children (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4200 +#: sssd.conf.5.xml:4202 msgid "" "This option specifies the number of pre-forked proxy children. It is useful " "for high-load SSSD environments where sssd may run out of available child " @@ -5135,7 +5140,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4133 +#: sssd.conf.5.xml:4135 msgid "" "Options valid for proxy domains. <placeholder type=\"variablelist\" " "id=\"0\"/>" @@ -5144,12 +5149,12 @@ msgstr "" "type=\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:4216 +#: sssd.conf.5.xml:4218 msgid "Application domains" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4218 +#: sssd.conf.5.xml:4220 msgid "" "SSSD, with its D-Bus interface (see <citerefentry> <refentrytitle>sssd-ifp</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry>) is appealing to " @@ -5166,7 +5171,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4238 +#: sssd.conf.5.xml:4240 msgid "" "Please note that the application domain must still be explicitly enabled in " "the <quote>domains</quote> parameter so that the lookup order between the " @@ -5174,17 +5179,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> -#: sssd.conf.5.xml:4244 +#: sssd.conf.5.xml:4246 msgid "Application domain parameters" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4246 +#: sssd.conf.5.xml:4248 msgid "inherit_from (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4249 +#: sssd.conf.5.xml:4251 msgid "" "The SSSD POSIX-type domain the application domain inherits all settings " "from. The application domain can moreover add its own settings to the " @@ -5193,7 +5198,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4263 +#: sssd.conf.5.xml:4265 msgid "" "The following example illustrates the use of an application domain. In this " "setup, the POSIX domain is connected to an LDAP server and is used by the OS " @@ -5203,7 +5208,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><programlisting> -#: sssd.conf.5.xml:4271 +#: sssd.conf.5.xml:4273 #, no-wrap msgid "" "[sssd]\n" @@ -5223,12 +5228,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4291 +#: sssd.conf.5.xml:4293 msgid "TRUSTED DOMAIN SECTION" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4293 +#: sssd.conf.5.xml:4295 msgid "" "Some options used in the domain section can also be used in the trusted " "domain section, that is, in a section called <quote>[domain/" @@ -5239,69 +5244,69 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4300 +#: sssd.conf.5.xml:4302 msgid "ldap_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4301 +#: sssd.conf.5.xml:4303 msgid "ldap_user_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4302 +#: sssd.conf.5.xml:4304 msgid "ldap_group_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4303 +#: sssd.conf.5.xml:4305 msgid "ldap_netgroup_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4304 +#: sssd.conf.5.xml:4306 msgid "ldap_service_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4305 +#: sssd.conf.5.xml:4307 msgid "ldap_sasl_mech," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4306 +#: sssd.conf.5.xml:4308 msgid "ad_server," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4307 +#: sssd.conf.5.xml:4309 msgid "ad_backup_server," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4308 +#: sssd.conf.5.xml:4310 msgid "ad_site," msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4309 sssd-ipa.5.xml:884 +#: sssd.conf.5.xml:4311 sssd-ipa.5.xml:884 msgid "use_fully_qualified_names" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4313 +#: sssd.conf.5.xml:4315 msgid "" "For more details about these options see their individual description in the " "manual page." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4319 +#: sssd.conf.5.xml:4321 msgid "CERTIFICATE MAPPING SECTION" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4321 +#: sssd.conf.5.xml:4323 msgid "" "To allow authentication with Smartcards and certificates SSSD must be able " "to map certificates to users. This can be done by adding the full " @@ -5314,7 +5319,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4335 +#: sssd.conf.5.xml:4337 msgid "" "To make the mapping more flexible mapping and matching rules were added to " "SSSD (see <citerefentry> <refentrytitle>sss-certmap</refentrytitle> " @@ -5322,7 +5327,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4344 +#: sssd.conf.5.xml:4346 msgid "" "A mapping and matching rule can be added to the SSSD configuration in a " "section on its own with a name like <quote>[certmap/" @@ -5331,55 +5336,55 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4351 +#: sssd.conf.5.xml:4353 msgid "matchrule (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4354 +#: sssd.conf.5.xml:4356 msgid "" "Only certificates from the Smartcard which matches this rule will be " "processed, all others are ignored." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4358 +#: sssd.conf.5.xml:4360 msgid "" "Default: KRB5:<EKU>clientAuth, i.e. only certificates which have the " "Extended Key Usage <quote>clientAuth</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4365 +#: sssd.conf.5.xml:4367 msgid "maprule (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4368 +#: sssd.conf.5.xml:4370 msgid "Defines how the user is found for a given certificate." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4374 +#: sssd.conf.5.xml:4376 msgid "" "LDAP:(userCertificate;binary={cert!bin}) for LDAP based providers like " "<quote>ldap</quote>, <quote>AD</quote> or <quote>ipa</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4380 +#: sssd.conf.5.xml:4382 msgid "" "The RULE_NAME for the <quote>files</quote> provider which tries to find a " "user with the same name." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4389 +#: sssd.conf.5.xml:4391 msgid "domains (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4392 +#: sssd.conf.5.xml:4394 msgid "" "Comma separated list of domain names the rule should be applied. By default " "a rule is only valid in the domain configured in sssd.conf. If the provider " @@ -5388,17 +5393,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4399 +#: sssd.conf.5.xml:4401 msgid "Default: the configured domain in sssd.conf" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4404 +#: sssd.conf.5.xml:4406 msgid "priority (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4407 +#: sssd.conf.5.xml:4409 msgid "" "Unsigned integer value defining the priority of the rule. The higher the " "number the lower the priority. <quote>0</quote> stands for the highest " @@ -5406,26 +5411,26 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4413 +#: sssd.conf.5.xml:4415 msgid "Default: the lowest priority" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4419 +#: sssd.conf.5.xml:4421 msgid "" "To make the configuration simple and reduce the amount of configuration " "options the <quote>files</quote> provider has some special properties:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4425 +#: sssd.conf.5.xml:4427 msgid "" "if maprule is not set the RULE_NAME name is assumed to be the name of the " "matching user" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4431 +#: sssd.conf.5.xml:4433 msgid "" "if a maprule is used both a single user name or a template like " "<quote>{subject_rfc822_name.short_name}</quote> must be in braces like e.g. " @@ -5434,17 +5439,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4440 +#: sssd.conf.5.xml:4442 msgid "the <quote>domains</quote> option is ignored" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4448 +#: sssd.conf.5.xml:4450 msgid "PROMPTING CONFIGURATION SECTION" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4450 +#: sssd.conf.5.xml:4452 msgid "" "If a special file (<filename>/var/lib/sss/pubconf/pam_preauth_available</" "filename>) exists SSSD's PAM module pam_sss will ask SSSD to figure out " @@ -5454,7 +5459,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4458 +#: sssd.conf.5.xml:4460 msgid "" "With the growing number of authentication methods and the possibility that " "there are multiple ones for a single user the heuristic used by pam_sss to " @@ -5463,59 +5468,59 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4470 +#: sssd.conf.5.xml:4472 msgid "[prompting/password]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4473 +#: sssd.conf.5.xml:4475 msgid "password_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4474 +#: sssd.conf.5.xml:4476 msgid "to change the string of the password prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4472 +#: sssd.conf.5.xml:4474 msgid "" "to configure password prompting, allowed options are: <placeholder " "type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4482 +#: sssd.conf.5.xml:4484 msgid "[prompting/2fa]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4486 +#: sssd.conf.5.xml:4488 msgid "first_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4487 +#: sssd.conf.5.xml:4489 msgid "to change the string of the prompt for the first factor" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4490 +#: sssd.conf.5.xml:4492 msgid "second_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4491 +#: sssd.conf.5.xml:4493 msgid "to change the string of the prompt for the second factor" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4494 +#: sssd.conf.5.xml:4496 msgid "single_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4495 +#: sssd.conf.5.xml:4497 msgid "" "boolean value, if True there will be only a single prompt using the value of " "first_prompt where it is expected that both factors are entered as a single " @@ -5524,7 +5529,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4484 +#: sssd.conf.5.xml:4486 msgid "" "to configure two-factor authentication prompting, allowed options are: " "<placeholder type=\"variablelist\" id=\"0\"/> If the second factor is " @@ -5533,17 +5538,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4512 +#: sssd.conf.5.xml:4514 msgid "[prompting/passkey]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4518 sssd-ad.5.xml:1021 +#: sssd.conf.5.xml:4520 sssd-ad.5.xml:1021 msgid "interactive" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4520 +#: sssd.conf.5.xml:4522 msgid "" "boolean value, if True prompt a message and wait before testing the presence " "of a passkey device. Recommended if your device doesn’t have a tactile " @@ -5551,39 +5556,39 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4528 +#: sssd.conf.5.xml:4530 msgid "interactive_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4530 +#: sssd.conf.5.xml:4532 msgid "to change the message of the interactive prompt." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4535 +#: sssd.conf.5.xml:4537 msgid "touch" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4537 +#: sssd.conf.5.xml:4539 msgid "" "boolean value, if True prompt a message to remind the user to touch the " "device." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4543 +#: sssd.conf.5.xml:4545 msgid "touch_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4545 +#: sssd.conf.5.xml:4547 msgid "to change the message of the touch prompt." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4514 +#: sssd.conf.5.xml:4516 #, fuzzy #| msgid "" #| "The following expansions are supported: <placeholder " @@ -5596,7 +5601,7 @@ msgstr "" "id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4465 +#: sssd.conf.5.xml:4467 msgid "" "Each supported authentication method has its own configuration subsection " "under <quote>[prompting/...]</quote>. Currently there are: <placeholder " @@ -5605,7 +5610,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4556 +#: sssd.conf.5.xml:4558 msgid "" "It is possible to add a subsection for specific PAM services, e.g. " "<quote>[prompting/password/sshd]</quote> to individual change the prompting " @@ -5613,12 +5618,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4563 pam_sss_gss.8.xml:157 idmap_sss.8.xml:43 +#: sssd.conf.5.xml:4565 pam_sss_gss.8.xml:157 idmap_sss.8.xml:43 msgid "EXAMPLES" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4569 +#: sssd.conf.5.xml:4571 #, no-wrap msgid "" "[sssd]\n" @@ -5672,7 +5677,7 @@ msgstr "" "enumerate = False\n" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4565 +#: sssd.conf.5.xml:4567 msgid "" "1. The following example shows a typical SSSD config. It does not describe " "configuration of the domains themselves - refer to documentation on " @@ -5681,7 +5686,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4602 +#: sssd.conf.5.xml:4604 #, no-wrap msgid "" "[domain/ipa.com/child.ad.com]\n" @@ -5689,7 +5694,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4596 +#: sssd.conf.5.xml:4598 msgid "" "2. The following example shows configuration of IPA AD trust where the AD " "forest consists of two domains in a parent-child structure. Suppose IPA " @@ -5700,7 +5705,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4613 +#: sssd.conf.5.xml:4615 #, no-wrap msgid "" "[certmap/my.domain/rule_name]\n" @@ -5711,7 +5716,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4607 +#: sssd.conf.5.xml:4609 msgid "" "3. The following example shows the configuration of a certificate mapping " "rule. It is valid for the configured domain <quote>my.domain</quote> and " @@ -19310,6 +19315,11 @@ msgstr "" "ホストとユーザーのプリンシパルが正規化されるかどうかを指定します。この機能は " "MIT Kerberos 1.7 およびそれ以降で利用可能です。" +#, fuzzy +#~| msgid "This option is not available in IPA provider." +#~ msgid "This option is ignored for the files provider." +#~ msgstr "このオプションは IPA プロバイダーにおいて利用可能ではありません。" + #, fuzzy #~| msgid "" #~| "Determines if user credentials are also cached in the local LDB cache" diff --git a/src/man/po/lv.po b/src/man/po/lv.po index 21d992070f6..b136611a469 100644 --- a/src/man/po/lv.po +++ b/src/man/po/lv.po @@ -9,7 +9,7 @@ msgid "" msgstr "" "Project-Id-Version: sssd-docs 2.3.0\n" "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" -"POT-Creation-Date: 2023-11-13 11:53+0100\n" +"POT-Creation-Date: 2024-01-12 13:00+0100\n" "PO-Revision-Date: 2014-12-15 12:00-0500\n" "Last-Translator: Copied by Zanata <copied-by-zanata@zanata.org>\n" "Language-Team: Latvian (http://www.transifex.com/projects/p/sssd/language/" @@ -229,7 +229,7 @@ msgstr "" #. type: Content of: <variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:149 sssd.conf.5.xml:652 sssd.conf.5.xml:949 -#: sssd.conf.5.xml:2101 sssd.conf.5.xml:2168 sssd.conf.5.xml:4191 +#: sssd.conf.5.xml:2101 sssd.conf.5.xml:2168 sssd.conf.5.xml:4193 #: sssd-ldap.5.xml:313 sssd-ldap.5.xml:919 sssd-ldap.5.xml:938 #: sssd-ldap.5.xml:1148 sssd-ldap.5.xml:1601 sssd-ldap.5.xml:1841 #: sssd-ipa.5.xml:152 sssd-ipa.5.xml:254 sssd-ipa.5.xml:662 sssd-ad.5.xml:1106 @@ -298,7 +298,7 @@ msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:196 sssd.conf.5.xml:1290 sssd.conf.5.xml:1767 -#: sssd.conf.5.xml:4207 sssd-ldap.5.xml:766 include/ldap_id_mapping.xml:270 +#: sssd.conf.5.xml:4209 sssd-ldap.5.xml:766 include/ldap_id_mapping.xml:270 msgid "Default: 10" msgstr "Noklusējuma: 10" @@ -875,7 +875,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:700 sssd.conf.5.xml:1791 sssd.conf.5.xml:4257 +#: sssd.conf.5.xml:700 sssd.conf.5.xml:1791 sssd.conf.5.xml:4259 #: sssd-ad.5.xml:187 sssd-ad.5.xml:327 sssd-ad.5.xml:341 msgid "Default: Not set" msgstr "" @@ -2073,7 +2073,7 @@ msgid "The path to the certificate database." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1723 sssd.conf.5.xml:2248 sssd.conf.5.xml:4371 +#: sssd.conf.5.xml:1723 sssd.conf.5.xml:2248 sssd.conf.5.xml:4373 msgid "Default:" msgstr "" @@ -2341,7 +2341,7 @@ msgid "Default: no_session" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1950 sssd.conf.5.xml:4310 +#: sssd.conf.5.xml:1950 sssd.conf.5.xml:4312 msgid "pam_gssapi_services" msgstr "" @@ -2385,7 +2385,7 @@ msgid "Default: - (GSSAPI authentication is disabled)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1979 sssd.conf.5.xml:4311 +#: sssd.conf.5.xml:1979 sssd.conf.5.xml:4313 msgid "pam_gssapi_check_upn" msgstr "" @@ -3557,10 +3557,9 @@ msgstr "" #: sssd.conf.5.xml:3042 sssd.conf.5.xml:3153 sssd.conf.5.xml:3204 #: sssd.conf.5.xml:3267 msgid "" -"<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management " -"provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> " -"<manvolnum>5</manvolnum> </citerefentry> for more information on configuring " -"FreeIPA." +"<quote>ipa</quote>: FreeIPA and Red Hat Identity Management provider. See " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring FreeIPA." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> @@ -4619,35 +4618,37 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:4034 -msgid "This option is ignored for the files provider." +msgid "" +"It is expected that the <quote>files</quote> provider ignores the " +"local_auth_policy option and supports Smartcard authentication by default." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4037 +#: sssd.conf.5.xml:4039 #, fuzzy #| msgid "Default: 6" msgid "Default: match" msgstr "Noklusējuma: 6" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4042 +#: sssd.conf.5.xml:4044 msgid "auto_private_groups (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4048 +#: sssd.conf.5.xml:4050 msgid "true" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4051 +#: sssd.conf.5.xml:4053 msgid "" "Create user's private group unconditionally from user's UID number. The GID " "number is ignored in this case." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4055 +#: sssd.conf.5.xml:4057 msgid "" "NOTE: Because the GID number and the user private group are inferred from " "the UID number, it is not supported to have multiple entries with the same " @@ -4656,24 +4657,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4064 +#: sssd.conf.5.xml:4066 msgid "false" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4067 +#: sssd.conf.5.xml:4069 msgid "" "Always use the user's primary GID number. The GID number must refer to a " "group object in the LDAP database." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4073 +#: sssd.conf.5.xml:4075 msgid "hybrid" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4076 +#: sssd.conf.5.xml:4078 msgid "" "A primary group is autogenerated for user entries whose UID and GID numbers " "have the same value and at the same time the GID number does not correspond " @@ -4683,14 +4684,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4089 +#: sssd.conf.5.xml:4091 msgid "" "If the UID and GID of a user are different, then the GID must correspond to " "a group entry, otherwise the GID is simply not resolvable." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4096 +#: sssd.conf.5.xml:4098 msgid "" "This feature is useful for environments that wish to stop maintaining a " "separate group objects for the user private groups, but also wish to retain " @@ -4698,21 +4699,21 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4045 +#: sssd.conf.5.xml:4047 msgid "" "This option takes any of three available values: <placeholder " "type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4108 +#: sssd.conf.5.xml:4110 msgid "" "For subdomains, the default value is False for subdomains that use assigned " "POSIX IDs and True for subdomains that use automatic ID-mapping." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:4116 +#: sssd.conf.5.xml:4118 #, no-wrap msgid "" "[domain/forest.domain/sub.domain]\n" @@ -4720,7 +4721,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:4122 +#: sssd.conf.5.xml:4124 #, no-wrap msgid "" "[domain/forest.domain]\n" @@ -4729,7 +4730,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4113 +#: sssd.conf.5.xml:4115 msgid "" "The value of auto_private_groups can either be set per subdomains in a " "subsection, for example: <placeholder type=\"programlisting\" id=\"0\"/> or " @@ -4746,17 +4747,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4137 +#: sssd.conf.5.xml:4139 msgid "proxy_pam_target (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4140 +#: sssd.conf.5.xml:4142 msgid "The proxy target PAM proxies to." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4143 +#: sssd.conf.5.xml:4145 msgid "" "Default: not set by default, you have to take an existing pam configuration " "or create a new one and add the service name here. As an alternative you can " @@ -4764,12 +4765,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4153 +#: sssd.conf.5.xml:4155 msgid "proxy_lib_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4156 +#: sssd.conf.5.xml:4158 msgid "" "The name of the NSS library to use in proxy domains. The NSS functions " "searched for in the library are in the form of _nss_$(libName)_$(function), " @@ -4777,12 +4778,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4166 +#: sssd.conf.5.xml:4168 msgid "proxy_resolver_lib_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4169 +#: sssd.conf.5.xml:4171 msgid "" "The name of the NSS library to use for hosts and networks lookups in proxy " "domains. The NSS functions searched for in the library are in the form of " @@ -4790,12 +4791,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4180 +#: sssd.conf.5.xml:4182 msgid "proxy_fast_alias (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4183 +#: sssd.conf.5.xml:4185 msgid "" "When a user or group is looked up by name in the proxy provider, a second " "lookup by ID is performed to \"canonicalize\" the name in case the requested " @@ -4804,12 +4805,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4197 +#: sssd.conf.5.xml:4199 msgid "proxy_max_children (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4200 +#: sssd.conf.5.xml:4202 msgid "" "This option specifies the number of pre-forked proxy children. It is useful " "for high-load SSSD environments where sssd may run out of available child " @@ -4817,19 +4818,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4133 +#: sssd.conf.5.xml:4135 msgid "" "Options valid for proxy domains. <placeholder type=\"variablelist\" " "id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:4216 +#: sssd.conf.5.xml:4218 msgid "Application domains" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4218 +#: sssd.conf.5.xml:4220 msgid "" "SSSD, with its D-Bus interface (see <citerefentry> <refentrytitle>sssd-ifp</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry>) is appealing to " @@ -4846,7 +4847,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4238 +#: sssd.conf.5.xml:4240 msgid "" "Please note that the application domain must still be explicitly enabled in " "the <quote>domains</quote> parameter so that the lookup order between the " @@ -4854,17 +4855,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> -#: sssd.conf.5.xml:4244 +#: sssd.conf.5.xml:4246 msgid "Application domain parameters" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4246 +#: sssd.conf.5.xml:4248 msgid "inherit_from (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4249 +#: sssd.conf.5.xml:4251 msgid "" "The SSSD POSIX-type domain the application domain inherits all settings " "from. The application domain can moreover add its own settings to the " @@ -4873,7 +4874,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4263 +#: sssd.conf.5.xml:4265 msgid "" "The following example illustrates the use of an application domain. In this " "setup, the POSIX domain is connected to an LDAP server and is used by the OS " @@ -4883,7 +4884,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><programlisting> -#: sssd.conf.5.xml:4271 +#: sssd.conf.5.xml:4273 #, no-wrap msgid "" "[sssd]\n" @@ -4903,12 +4904,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4291 +#: sssd.conf.5.xml:4293 msgid "TRUSTED DOMAIN SECTION" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4293 +#: sssd.conf.5.xml:4295 msgid "" "Some options used in the domain section can also be used in the trusted " "domain section, that is, in a section called <quote>[domain/" @@ -4919,69 +4920,69 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4300 +#: sssd.conf.5.xml:4302 msgid "ldap_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4301 +#: sssd.conf.5.xml:4303 msgid "ldap_user_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4302 +#: sssd.conf.5.xml:4304 msgid "ldap_group_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4303 +#: sssd.conf.5.xml:4305 msgid "ldap_netgroup_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4304 +#: sssd.conf.5.xml:4306 msgid "ldap_service_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4305 +#: sssd.conf.5.xml:4307 msgid "ldap_sasl_mech," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4306 +#: sssd.conf.5.xml:4308 msgid "ad_server," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4307 +#: sssd.conf.5.xml:4309 msgid "ad_backup_server," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4308 +#: sssd.conf.5.xml:4310 msgid "ad_site," msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4309 sssd-ipa.5.xml:884 +#: sssd.conf.5.xml:4311 sssd-ipa.5.xml:884 msgid "use_fully_qualified_names" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4313 +#: sssd.conf.5.xml:4315 msgid "" "For more details about these options see their individual description in the " "manual page." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4319 +#: sssd.conf.5.xml:4321 msgid "CERTIFICATE MAPPING SECTION" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4321 +#: sssd.conf.5.xml:4323 msgid "" "To allow authentication with Smartcards and certificates SSSD must be able " "to map certificates to users. This can be done by adding the full " @@ -4994,7 +4995,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4335 +#: sssd.conf.5.xml:4337 msgid "" "To make the mapping more flexible mapping and matching rules were added to " "SSSD (see <citerefentry> <refentrytitle>sss-certmap</refentrytitle> " @@ -5002,7 +5003,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4344 +#: sssd.conf.5.xml:4346 msgid "" "A mapping and matching rule can be added to the SSSD configuration in a " "section on its own with a name like <quote>[certmap/" @@ -5011,55 +5012,55 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4351 +#: sssd.conf.5.xml:4353 msgid "matchrule (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4354 +#: sssd.conf.5.xml:4356 msgid "" "Only certificates from the Smartcard which matches this rule will be " "processed, all others are ignored." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4358 +#: sssd.conf.5.xml:4360 msgid "" "Default: KRB5:<EKU>clientAuth, i.e. only certificates which have the " "Extended Key Usage <quote>clientAuth</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4365 +#: sssd.conf.5.xml:4367 msgid "maprule (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4368 +#: sssd.conf.5.xml:4370 msgid "Defines how the user is found for a given certificate." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4374 +#: sssd.conf.5.xml:4376 msgid "" "LDAP:(userCertificate;binary={cert!bin}) for LDAP based providers like " "<quote>ldap</quote>, <quote>AD</quote> or <quote>ipa</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4380 +#: sssd.conf.5.xml:4382 msgid "" "The RULE_NAME for the <quote>files</quote> provider which tries to find a " "user with the same name." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4389 +#: sssd.conf.5.xml:4391 msgid "domains (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4392 +#: sssd.conf.5.xml:4394 msgid "" "Comma separated list of domain names the rule should be applied. By default " "a rule is only valid in the domain configured in sssd.conf. If the provider " @@ -5068,17 +5069,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4399 +#: sssd.conf.5.xml:4401 msgid "Default: the configured domain in sssd.conf" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4404 +#: sssd.conf.5.xml:4406 msgid "priority (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4407 +#: sssd.conf.5.xml:4409 msgid "" "Unsigned integer value defining the priority of the rule. The higher the " "number the lower the priority. <quote>0</quote> stands for the highest " @@ -5086,26 +5087,26 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4413 +#: sssd.conf.5.xml:4415 msgid "Default: the lowest priority" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4419 +#: sssd.conf.5.xml:4421 msgid "" "To make the configuration simple and reduce the amount of configuration " "options the <quote>files</quote> provider has some special properties:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4425 +#: sssd.conf.5.xml:4427 msgid "" "if maprule is not set the RULE_NAME name is assumed to be the name of the " "matching user" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4431 +#: sssd.conf.5.xml:4433 msgid "" "if a maprule is used both a single user name or a template like " "<quote>{subject_rfc822_name.short_name}</quote> must be in braces like e.g. " @@ -5114,17 +5115,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4440 +#: sssd.conf.5.xml:4442 msgid "the <quote>domains</quote> option is ignored" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4448 +#: sssd.conf.5.xml:4450 msgid "PROMPTING CONFIGURATION SECTION" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4450 +#: sssd.conf.5.xml:4452 msgid "" "If a special file (<filename>/var/lib/sss/pubconf/pam_preauth_available</" "filename>) exists SSSD's PAM module pam_sss will ask SSSD to figure out " @@ -5134,7 +5135,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4458 +#: sssd.conf.5.xml:4460 msgid "" "With the growing number of authentication methods and the possibility that " "there are multiple ones for a single user the heuristic used by pam_sss to " @@ -5143,59 +5144,59 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4470 +#: sssd.conf.5.xml:4472 msgid "[prompting/password]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4473 +#: sssd.conf.5.xml:4475 msgid "password_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4474 +#: sssd.conf.5.xml:4476 msgid "to change the string of the password prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4472 +#: sssd.conf.5.xml:4474 msgid "" "to configure password prompting, allowed options are: <placeholder " "type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4482 +#: sssd.conf.5.xml:4484 msgid "[prompting/2fa]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4486 +#: sssd.conf.5.xml:4488 msgid "first_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4487 +#: sssd.conf.5.xml:4489 msgid "to change the string of the prompt for the first factor" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4490 +#: sssd.conf.5.xml:4492 msgid "second_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4491 +#: sssd.conf.5.xml:4493 msgid "to change the string of the prompt for the second factor" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4494 +#: sssd.conf.5.xml:4496 msgid "single_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4495 +#: sssd.conf.5.xml:4497 msgid "" "boolean value, if True there will be only a single prompt using the value of " "first_prompt where it is expected that both factors are entered as a single " @@ -5204,7 +5205,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4484 +#: sssd.conf.5.xml:4486 msgid "" "to configure two-factor authentication prompting, allowed options are: " "<placeholder type=\"variablelist\" id=\"0\"/> If the second factor is " @@ -5213,17 +5214,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4512 +#: sssd.conf.5.xml:4514 msgid "[prompting/passkey]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4518 sssd-ad.5.xml:1021 +#: sssd.conf.5.xml:4520 sssd-ad.5.xml:1021 msgid "interactive" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4520 +#: sssd.conf.5.xml:4522 msgid "" "boolean value, if True prompt a message and wait before testing the presence " "of a passkey device. Recommended if your device doesn’t have a tactile " @@ -5231,46 +5232,46 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4528 +#: sssd.conf.5.xml:4530 msgid "interactive_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4530 +#: sssd.conf.5.xml:4532 msgid "to change the message of the interactive prompt." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4535 +#: sssd.conf.5.xml:4537 msgid "touch" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4537 +#: sssd.conf.5.xml:4539 msgid "" "boolean value, if True prompt a message to remind the user to touch the " "device." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4543 +#: sssd.conf.5.xml:4545 msgid "touch_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4545 +#: sssd.conf.5.xml:4547 msgid "to change the message of the touch prompt." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4514 +#: sssd.conf.5.xml:4516 msgid "" "to configure passkey authentication prompting, allowed options are: " "<placeholder type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4465 +#: sssd.conf.5.xml:4467 msgid "" "Each supported authentication method has its own configuration subsection " "under <quote>[prompting/...]</quote>. Currently there are: <placeholder " @@ -5279,7 +5280,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4556 +#: sssd.conf.5.xml:4558 msgid "" "It is possible to add a subsection for specific PAM services, e.g. " "<quote>[prompting/password/sshd]</quote> to individual change the prompting " @@ -5287,12 +5288,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4563 pam_sss_gss.8.xml:157 idmap_sss.8.xml:43 +#: sssd.conf.5.xml:4565 pam_sss_gss.8.xml:157 idmap_sss.8.xml:43 msgid "EXAMPLES" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4569 +#: sssd.conf.5.xml:4571 #, no-wrap msgid "" "[sssd]\n" @@ -5322,7 +5323,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4565 +#: sssd.conf.5.xml:4567 msgid "" "1. The following example shows a typical SSSD config. It does not describe " "configuration of the domains themselves - refer to documentation on " @@ -5331,7 +5332,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4602 +#: sssd.conf.5.xml:4604 #, no-wrap msgid "" "[domain/ipa.com/child.ad.com]\n" @@ -5339,7 +5340,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4596 +#: sssd.conf.5.xml:4598 msgid "" "2. The following example shows configuration of IPA AD trust where the AD " "forest consists of two domains in a parent-child structure. Suppose IPA " @@ -5350,7 +5351,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4613 +#: sssd.conf.5.xml:4615 #, no-wrap msgid "" "[certmap/my.domain/rule_name]\n" @@ -5361,7 +5362,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4607 +#: sssd.conf.5.xml:4609 msgid "" "3. The following example shows the configuration of a certificate mapping " "rule. It is valid for the configured domain <quote>my.domain</quote> and " diff --git a/src/man/po/nl.po b/src/man/po/nl.po index 4c1b15c5afd..d0333c00fd9 100644 --- a/src/man/po/nl.po +++ b/src/man/po/nl.po @@ -8,7 +8,7 @@ msgid "" msgstr "" "Project-Id-Version: sssd-docs 2.3.0\n" "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" -"POT-Creation-Date: 2023-11-13 11:53+0100\n" +"POT-Creation-Date: 2024-01-12 13:00+0100\n" "PO-Revision-Date: 2014-12-15 12:02-0500\n" "Last-Translator: Copied by Zanata <copied-by-zanata@zanata.org>\n" "Language-Team: Dutch (http://www.transifex.com/projects/p/sssd/language/" @@ -238,7 +238,7 @@ msgstr "" #. type: Content of: <variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:149 sssd.conf.5.xml:652 sssd.conf.5.xml:949 -#: sssd.conf.5.xml:2101 sssd.conf.5.xml:2168 sssd.conf.5.xml:4191 +#: sssd.conf.5.xml:2101 sssd.conf.5.xml:2168 sssd.conf.5.xml:4193 #: sssd-ldap.5.xml:313 sssd-ldap.5.xml:919 sssd-ldap.5.xml:938 #: sssd-ldap.5.xml:1148 sssd-ldap.5.xml:1601 sssd-ldap.5.xml:1841 #: sssd-ipa.5.xml:152 sssd-ipa.5.xml:254 sssd-ipa.5.xml:662 sssd-ad.5.xml:1106 @@ -309,7 +309,7 @@ msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:196 sssd.conf.5.xml:1290 sssd.conf.5.xml:1767 -#: sssd.conf.5.xml:4207 sssd-ldap.5.xml:766 include/ldap_id_mapping.xml:270 +#: sssd.conf.5.xml:4209 sssd-ldap.5.xml:766 include/ldap_id_mapping.xml:270 msgid "Default: 10" msgstr "" @@ -900,7 +900,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:700 sssd.conf.5.xml:1791 sssd.conf.5.xml:4257 +#: sssd.conf.5.xml:700 sssd.conf.5.xml:1791 sssd.conf.5.xml:4259 #: sssd-ad.5.xml:187 sssd-ad.5.xml:327 sssd-ad.5.xml:341 msgid "Default: Not set" msgstr "" @@ -2110,7 +2110,7 @@ msgid "The path to the certificate database." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1723 sssd.conf.5.xml:2248 sssd.conf.5.xml:4371 +#: sssd.conf.5.xml:1723 sssd.conf.5.xml:2248 sssd.conf.5.xml:4373 msgid "Default:" msgstr "" @@ -2380,7 +2380,7 @@ msgid "Default: no_session" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1950 sssd.conf.5.xml:4310 +#: sssd.conf.5.xml:1950 sssd.conf.5.xml:4312 msgid "pam_gssapi_services" msgstr "" @@ -2424,7 +2424,7 @@ msgid "Default: - (GSSAPI authentication is disabled)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1979 sssd.conf.5.xml:4311 +#: sssd.conf.5.xml:1979 sssd.conf.5.xml:4313 msgid "pam_gssapi_check_upn" msgstr "" @@ -3600,10 +3600,9 @@ msgstr "" #: sssd.conf.5.xml:3042 sssd.conf.5.xml:3153 sssd.conf.5.xml:3204 #: sssd.conf.5.xml:3267 msgid "" -"<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management " -"provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> " -"<manvolnum>5</manvolnum> </citerefentry> for more information on configuring " -"FreeIPA." +"<quote>ipa</quote>: FreeIPA and Red Hat Identity Management provider. See " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring FreeIPA." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> @@ -4664,35 +4663,37 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:4034 -msgid "This option is ignored for the files provider." +msgid "" +"It is expected that the <quote>files</quote> provider ignores the " +"local_auth_policy option and supports Smartcard authentication by default." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4037 +#: sssd.conf.5.xml:4039 #, fuzzy #| msgid "Default: 3" msgid "Default: match" msgstr "Standaard: 3" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4042 +#: sssd.conf.5.xml:4044 msgid "auto_private_groups (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4048 +#: sssd.conf.5.xml:4050 msgid "true" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4051 +#: sssd.conf.5.xml:4053 msgid "" "Create user's private group unconditionally from user's UID number. The GID " "number is ignored in this case." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4055 +#: sssd.conf.5.xml:4057 msgid "" "NOTE: Because the GID number and the user private group are inferred from " "the UID number, it is not supported to have multiple entries with the same " @@ -4701,24 +4702,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4064 +#: sssd.conf.5.xml:4066 msgid "false" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4067 +#: sssd.conf.5.xml:4069 msgid "" "Always use the user's primary GID number. The GID number must refer to a " "group object in the LDAP database." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4073 +#: sssd.conf.5.xml:4075 msgid "hybrid" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4076 +#: sssd.conf.5.xml:4078 msgid "" "A primary group is autogenerated for user entries whose UID and GID numbers " "have the same value and at the same time the GID number does not correspond " @@ -4728,14 +4729,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4089 +#: sssd.conf.5.xml:4091 msgid "" "If the UID and GID of a user are different, then the GID must correspond to " "a group entry, otherwise the GID is simply not resolvable." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4096 +#: sssd.conf.5.xml:4098 msgid "" "This feature is useful for environments that wish to stop maintaining a " "separate group objects for the user private groups, but also wish to retain " @@ -4743,21 +4744,21 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4045 +#: sssd.conf.5.xml:4047 msgid "" "This option takes any of three available values: <placeholder " "type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4108 +#: sssd.conf.5.xml:4110 msgid "" "For subdomains, the default value is False for subdomains that use assigned " "POSIX IDs and True for subdomains that use automatic ID-mapping." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:4116 +#: sssd.conf.5.xml:4118 #, no-wrap msgid "" "[domain/forest.domain/sub.domain]\n" @@ -4765,7 +4766,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:4122 +#: sssd.conf.5.xml:4124 #, no-wrap msgid "" "[domain/forest.domain]\n" @@ -4774,7 +4775,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4113 +#: sssd.conf.5.xml:4115 msgid "" "The value of auto_private_groups can either be set per subdomains in a " "subsection, for example: <placeholder type=\"programlisting\" id=\"0\"/> or " @@ -4791,17 +4792,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4137 +#: sssd.conf.5.xml:4139 msgid "proxy_pam_target (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4140 +#: sssd.conf.5.xml:4142 msgid "The proxy target PAM proxies to." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4143 +#: sssd.conf.5.xml:4145 msgid "" "Default: not set by default, you have to take an existing pam configuration " "or create a new one and add the service name here. As an alternative you can " @@ -4809,12 +4810,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4153 +#: sssd.conf.5.xml:4155 msgid "proxy_lib_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4156 +#: sssd.conf.5.xml:4158 msgid "" "The name of the NSS library to use in proxy domains. The NSS functions " "searched for in the library are in the form of _nss_$(libName)_$(function), " @@ -4822,12 +4823,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4166 +#: sssd.conf.5.xml:4168 msgid "proxy_resolver_lib_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4169 +#: sssd.conf.5.xml:4171 msgid "" "The name of the NSS library to use for hosts and networks lookups in proxy " "domains. The NSS functions searched for in the library are in the form of " @@ -4835,12 +4836,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4180 +#: sssd.conf.5.xml:4182 msgid "proxy_fast_alias (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4183 +#: sssd.conf.5.xml:4185 msgid "" "When a user or group is looked up by name in the proxy provider, a second " "lookup by ID is performed to \"canonicalize\" the name in case the requested " @@ -4849,12 +4850,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4197 +#: sssd.conf.5.xml:4199 msgid "proxy_max_children (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4200 +#: sssd.conf.5.xml:4202 msgid "" "This option specifies the number of pre-forked proxy children. It is useful " "for high-load SSSD environments where sssd may run out of available child " @@ -4862,19 +4863,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4133 +#: sssd.conf.5.xml:4135 msgid "" "Options valid for proxy domains. <placeholder type=\"variablelist\" " "id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:4216 +#: sssd.conf.5.xml:4218 msgid "Application domains" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4218 +#: sssd.conf.5.xml:4220 msgid "" "SSSD, with its D-Bus interface (see <citerefentry> <refentrytitle>sssd-ifp</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry>) is appealing to " @@ -4891,7 +4892,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4238 +#: sssd.conf.5.xml:4240 msgid "" "Please note that the application domain must still be explicitly enabled in " "the <quote>domains</quote> parameter so that the lookup order between the " @@ -4899,17 +4900,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> -#: sssd.conf.5.xml:4244 +#: sssd.conf.5.xml:4246 msgid "Application domain parameters" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4246 +#: sssd.conf.5.xml:4248 msgid "inherit_from (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4249 +#: sssd.conf.5.xml:4251 msgid "" "The SSSD POSIX-type domain the application domain inherits all settings " "from. The application domain can moreover add its own settings to the " @@ -4918,7 +4919,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4263 +#: sssd.conf.5.xml:4265 msgid "" "The following example illustrates the use of an application domain. In this " "setup, the POSIX domain is connected to an LDAP server and is used by the OS " @@ -4928,7 +4929,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><programlisting> -#: sssd.conf.5.xml:4271 +#: sssd.conf.5.xml:4273 #, no-wrap msgid "" "[sssd]\n" @@ -4948,12 +4949,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4291 +#: sssd.conf.5.xml:4293 msgid "TRUSTED DOMAIN SECTION" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4293 +#: sssd.conf.5.xml:4295 msgid "" "Some options used in the domain section can also be used in the trusted " "domain section, that is, in a section called <quote>[domain/" @@ -4964,69 +4965,69 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4300 +#: sssd.conf.5.xml:4302 msgid "ldap_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4301 +#: sssd.conf.5.xml:4303 msgid "ldap_user_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4302 +#: sssd.conf.5.xml:4304 msgid "ldap_group_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4303 +#: sssd.conf.5.xml:4305 msgid "ldap_netgroup_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4304 +#: sssd.conf.5.xml:4306 msgid "ldap_service_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4305 +#: sssd.conf.5.xml:4307 msgid "ldap_sasl_mech," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4306 +#: sssd.conf.5.xml:4308 msgid "ad_server," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4307 +#: sssd.conf.5.xml:4309 msgid "ad_backup_server," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4308 +#: sssd.conf.5.xml:4310 msgid "ad_site," msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4309 sssd-ipa.5.xml:884 +#: sssd.conf.5.xml:4311 sssd-ipa.5.xml:884 msgid "use_fully_qualified_names" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4313 +#: sssd.conf.5.xml:4315 msgid "" "For more details about these options see their individual description in the " "manual page." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4319 +#: sssd.conf.5.xml:4321 msgid "CERTIFICATE MAPPING SECTION" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4321 +#: sssd.conf.5.xml:4323 msgid "" "To allow authentication with Smartcards and certificates SSSD must be able " "to map certificates to users. This can be done by adding the full " @@ -5039,7 +5040,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4335 +#: sssd.conf.5.xml:4337 msgid "" "To make the mapping more flexible mapping and matching rules were added to " "SSSD (see <citerefentry> <refentrytitle>sss-certmap</refentrytitle> " @@ -5047,7 +5048,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4344 +#: sssd.conf.5.xml:4346 msgid "" "A mapping and matching rule can be added to the SSSD configuration in a " "section on its own with a name like <quote>[certmap/" @@ -5056,55 +5057,55 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4351 +#: sssd.conf.5.xml:4353 msgid "matchrule (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4354 +#: sssd.conf.5.xml:4356 msgid "" "Only certificates from the Smartcard which matches this rule will be " "processed, all others are ignored." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4358 +#: sssd.conf.5.xml:4360 msgid "" "Default: KRB5:<EKU>clientAuth, i.e. only certificates which have the " "Extended Key Usage <quote>clientAuth</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4365 +#: sssd.conf.5.xml:4367 msgid "maprule (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4368 +#: sssd.conf.5.xml:4370 msgid "Defines how the user is found for a given certificate." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4374 +#: sssd.conf.5.xml:4376 msgid "" "LDAP:(userCertificate;binary={cert!bin}) for LDAP based providers like " "<quote>ldap</quote>, <quote>AD</quote> or <quote>ipa</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4380 +#: sssd.conf.5.xml:4382 msgid "" "The RULE_NAME for the <quote>files</quote> provider which tries to find a " "user with the same name." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4389 +#: sssd.conf.5.xml:4391 msgid "domains (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4392 +#: sssd.conf.5.xml:4394 msgid "" "Comma separated list of domain names the rule should be applied. By default " "a rule is only valid in the domain configured in sssd.conf. If the provider " @@ -5113,17 +5114,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4399 +#: sssd.conf.5.xml:4401 msgid "Default: the configured domain in sssd.conf" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4404 +#: sssd.conf.5.xml:4406 msgid "priority (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4407 +#: sssd.conf.5.xml:4409 msgid "" "Unsigned integer value defining the priority of the rule. The higher the " "number the lower the priority. <quote>0</quote> stands for the highest " @@ -5131,26 +5132,26 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4413 +#: sssd.conf.5.xml:4415 msgid "Default: the lowest priority" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4419 +#: sssd.conf.5.xml:4421 msgid "" "To make the configuration simple and reduce the amount of configuration " "options the <quote>files</quote> provider has some special properties:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4425 +#: sssd.conf.5.xml:4427 msgid "" "if maprule is not set the RULE_NAME name is assumed to be the name of the " "matching user" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4431 +#: sssd.conf.5.xml:4433 msgid "" "if a maprule is used both a single user name or a template like " "<quote>{subject_rfc822_name.short_name}</quote> must be in braces like e.g. " @@ -5159,17 +5160,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4440 +#: sssd.conf.5.xml:4442 msgid "the <quote>domains</quote> option is ignored" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4448 +#: sssd.conf.5.xml:4450 msgid "PROMPTING CONFIGURATION SECTION" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4450 +#: sssd.conf.5.xml:4452 msgid "" "If a special file (<filename>/var/lib/sss/pubconf/pam_preauth_available</" "filename>) exists SSSD's PAM module pam_sss will ask SSSD to figure out " @@ -5179,7 +5180,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4458 +#: sssd.conf.5.xml:4460 msgid "" "With the growing number of authentication methods and the possibility that " "there are multiple ones for a single user the heuristic used by pam_sss to " @@ -5188,59 +5189,59 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4470 +#: sssd.conf.5.xml:4472 msgid "[prompting/password]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4473 +#: sssd.conf.5.xml:4475 msgid "password_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4474 +#: sssd.conf.5.xml:4476 msgid "to change the string of the password prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4472 +#: sssd.conf.5.xml:4474 msgid "" "to configure password prompting, allowed options are: <placeholder " "type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4482 +#: sssd.conf.5.xml:4484 msgid "[prompting/2fa]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4486 +#: sssd.conf.5.xml:4488 msgid "first_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4487 +#: sssd.conf.5.xml:4489 msgid "to change the string of the prompt for the first factor" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4490 +#: sssd.conf.5.xml:4492 msgid "second_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4491 +#: sssd.conf.5.xml:4493 msgid "to change the string of the prompt for the second factor" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4494 +#: sssd.conf.5.xml:4496 msgid "single_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4495 +#: sssd.conf.5.xml:4497 msgid "" "boolean value, if True there will be only a single prompt using the value of " "first_prompt where it is expected that both factors are entered as a single " @@ -5249,7 +5250,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4484 +#: sssd.conf.5.xml:4486 msgid "" "to configure two-factor authentication prompting, allowed options are: " "<placeholder type=\"variablelist\" id=\"0\"/> If the second factor is " @@ -5258,17 +5259,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4512 +#: sssd.conf.5.xml:4514 msgid "[prompting/passkey]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4518 sssd-ad.5.xml:1021 +#: sssd.conf.5.xml:4520 sssd-ad.5.xml:1021 msgid "interactive" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4520 +#: sssd.conf.5.xml:4522 msgid "" "boolean value, if True prompt a message and wait before testing the presence " "of a passkey device. Recommended if your device doesn’t have a tactile " @@ -5276,46 +5277,46 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4528 +#: sssd.conf.5.xml:4530 msgid "interactive_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4530 +#: sssd.conf.5.xml:4532 msgid "to change the message of the interactive prompt." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4535 +#: sssd.conf.5.xml:4537 msgid "touch" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4537 +#: sssd.conf.5.xml:4539 msgid "" "boolean value, if True prompt a message to remind the user to touch the " "device." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4543 +#: sssd.conf.5.xml:4545 msgid "touch_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4545 +#: sssd.conf.5.xml:4547 msgid "to change the message of the touch prompt." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4514 +#: sssd.conf.5.xml:4516 msgid "" "to configure passkey authentication prompting, allowed options are: " "<placeholder type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4465 +#: sssd.conf.5.xml:4467 msgid "" "Each supported authentication method has its own configuration subsection " "under <quote>[prompting/...]</quote>. Currently there are: <placeholder " @@ -5324,7 +5325,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4556 +#: sssd.conf.5.xml:4558 msgid "" "It is possible to add a subsection for specific PAM services, e.g. " "<quote>[prompting/password/sshd]</quote> to individual change the prompting " @@ -5332,12 +5333,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4563 pam_sss_gss.8.xml:157 idmap_sss.8.xml:43 +#: sssd.conf.5.xml:4565 pam_sss_gss.8.xml:157 idmap_sss.8.xml:43 msgid "EXAMPLES" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4569 +#: sssd.conf.5.xml:4571 #, no-wrap msgid "" "[sssd]\n" @@ -5367,7 +5368,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4565 +#: sssd.conf.5.xml:4567 msgid "" "1. The following example shows a typical SSSD config. It does not describe " "configuration of the domains themselves - refer to documentation on " @@ -5376,7 +5377,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4602 +#: sssd.conf.5.xml:4604 #, no-wrap msgid "" "[domain/ipa.com/child.ad.com]\n" @@ -5384,7 +5385,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4596 +#: sssd.conf.5.xml:4598 msgid "" "2. The following example shows configuration of IPA AD trust where the AD " "forest consists of two domains in a parent-child structure. Suppose IPA " @@ -5395,7 +5396,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4613 +#: sssd.conf.5.xml:4615 #, no-wrap msgid "" "[certmap/my.domain/rule_name]\n" @@ -5406,7 +5407,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4607 +#: sssd.conf.5.xml:4609 msgid "" "3. The following example shows the configuration of a certificate mapping " "rule. It is valid for the configured domain <quote>my.domain</quote> and " diff --git a/src/man/po/pt.po b/src/man/po/pt.po index f64447b3ef8..d2ae946bec2 100644 --- a/src/man/po/pt.po +++ b/src/man/po/pt.po @@ -8,7 +8,7 @@ msgid "" msgstr "" "Project-Id-Version: sssd-docs 2.3.0\n" "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" -"POT-Creation-Date: 2023-11-13 11:53+0100\n" +"POT-Creation-Date: 2024-01-12 13:00+0100\n" "PO-Revision-Date: 2014-12-15 12:05-0500\n" "Last-Translator: Copied by Zanata <copied-by-zanata@zanata.org>\n" "Language-Team: Portuguese (http://www.transifex.com/projects/p/sssd/language/" @@ -233,7 +233,7 @@ msgstr "" #. type: Content of: <variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:149 sssd.conf.5.xml:652 sssd.conf.5.xml:949 -#: sssd.conf.5.xml:2101 sssd.conf.5.xml:2168 sssd.conf.5.xml:4191 +#: sssd.conf.5.xml:2101 sssd.conf.5.xml:2168 sssd.conf.5.xml:4193 #: sssd-ldap.5.xml:313 sssd-ldap.5.xml:919 sssd-ldap.5.xml:938 #: sssd-ldap.5.xml:1148 sssd-ldap.5.xml:1601 sssd-ldap.5.xml:1841 #: sssd-ipa.5.xml:152 sssd-ipa.5.xml:254 sssd-ipa.5.xml:662 sssd-ad.5.xml:1106 @@ -304,7 +304,7 @@ msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:196 sssd.conf.5.xml:1290 sssd.conf.5.xml:1767 -#: sssd.conf.5.xml:4207 sssd-ldap.5.xml:766 include/ldap_id_mapping.xml:270 +#: sssd.conf.5.xml:4209 sssd-ldap.5.xml:766 include/ldap_id_mapping.xml:270 msgid "Default: 10" msgstr "Padrão: 10" @@ -885,7 +885,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:700 sssd.conf.5.xml:1791 sssd.conf.5.xml:4257 +#: sssd.conf.5.xml:700 sssd.conf.5.xml:1791 sssd.conf.5.xml:4259 #: sssd-ad.5.xml:187 sssd-ad.5.xml:327 sssd-ad.5.xml:341 msgid "Default: Not set" msgstr "" @@ -2097,7 +2097,7 @@ msgid "The path to the certificate database." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1723 sssd.conf.5.xml:2248 sssd.conf.5.xml:4371 +#: sssd.conf.5.xml:1723 sssd.conf.5.xml:2248 sssd.conf.5.xml:4373 msgid "Default:" msgstr "" @@ -2367,7 +2367,7 @@ msgid "Default: no_session" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1950 sssd.conf.5.xml:4310 +#: sssd.conf.5.xml:1950 sssd.conf.5.xml:4312 msgid "pam_gssapi_services" msgstr "" @@ -2411,7 +2411,7 @@ msgid "Default: - (GSSAPI authentication is disabled)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1979 sssd.conf.5.xml:4311 +#: sssd.conf.5.xml:1979 sssd.conf.5.xml:4313 msgid "pam_gssapi_check_upn" msgstr "" @@ -3593,10 +3593,9 @@ msgstr "" #: sssd.conf.5.xml:3042 sssd.conf.5.xml:3153 sssd.conf.5.xml:3204 #: sssd.conf.5.xml:3267 msgid "" -"<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management " -"provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> " -"<manvolnum>5</manvolnum> </citerefentry> for more information on configuring " -"FreeIPA." +"<quote>ipa</quote>: FreeIPA and Red Hat Identity Management provider. See " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring FreeIPA." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> @@ -4667,35 +4666,37 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:4034 -msgid "This option is ignored for the files provider." +msgid "" +"It is expected that the <quote>files</quote> provider ignores the " +"local_auth_policy option and supports Smartcard authentication by default." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4037 +#: sssd.conf.5.xml:4039 #, fuzzy #| msgid "Default: cn" msgid "Default: match" msgstr "Padrão: NC" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4042 +#: sssd.conf.5.xml:4044 msgid "auto_private_groups (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4048 +#: sssd.conf.5.xml:4050 msgid "true" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4051 +#: sssd.conf.5.xml:4053 msgid "" "Create user's private group unconditionally from user's UID number. The GID " "number is ignored in this case." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4055 +#: sssd.conf.5.xml:4057 msgid "" "NOTE: Because the GID number and the user private group are inferred from " "the UID number, it is not supported to have multiple entries with the same " @@ -4704,24 +4705,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4064 +#: sssd.conf.5.xml:4066 msgid "false" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4067 +#: sssd.conf.5.xml:4069 msgid "" "Always use the user's primary GID number. The GID number must refer to a " "group object in the LDAP database." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4073 +#: sssd.conf.5.xml:4075 msgid "hybrid" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4076 +#: sssd.conf.5.xml:4078 msgid "" "A primary group is autogenerated for user entries whose UID and GID numbers " "have the same value and at the same time the GID number does not correspond " @@ -4731,14 +4732,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4089 +#: sssd.conf.5.xml:4091 msgid "" "If the UID and GID of a user are different, then the GID must correspond to " "a group entry, otherwise the GID is simply not resolvable." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4096 +#: sssd.conf.5.xml:4098 msgid "" "This feature is useful for environments that wish to stop maintaining a " "separate group objects for the user private groups, but also wish to retain " @@ -4746,21 +4747,21 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4045 +#: sssd.conf.5.xml:4047 msgid "" "This option takes any of three available values: <placeholder " "type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4108 +#: sssd.conf.5.xml:4110 msgid "" "For subdomains, the default value is False for subdomains that use assigned " "POSIX IDs and True for subdomains that use automatic ID-mapping." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:4116 +#: sssd.conf.5.xml:4118 #, no-wrap msgid "" "[domain/forest.domain/sub.domain]\n" @@ -4768,7 +4769,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:4122 +#: sssd.conf.5.xml:4124 #, no-wrap msgid "" "[domain/forest.domain]\n" @@ -4777,7 +4778,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4113 +#: sssd.conf.5.xml:4115 msgid "" "The value of auto_private_groups can either be set per subdomains in a " "subsection, for example: <placeholder type=\"programlisting\" id=\"0\"/> or " @@ -4794,17 +4795,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4137 +#: sssd.conf.5.xml:4139 msgid "proxy_pam_target (string)" msgstr "proxy_pam_target (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4140 +#: sssd.conf.5.xml:4142 msgid "The proxy target PAM proxies to." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4143 +#: sssd.conf.5.xml:4145 msgid "" "Default: not set by default, you have to take an existing pam configuration " "or create a new one and add the service name here. As an alternative you can " @@ -4812,12 +4813,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4153 +#: sssd.conf.5.xml:4155 msgid "proxy_lib_name (string)" msgstr "proxy_lib_name (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4156 +#: sssd.conf.5.xml:4158 msgid "" "The name of the NSS library to use in proxy domains. The NSS functions " "searched for in the library are in the form of _nss_$(libName)_$(function), " @@ -4825,12 +4826,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4166 +#: sssd.conf.5.xml:4168 msgid "proxy_resolver_lib_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4169 +#: sssd.conf.5.xml:4171 msgid "" "The name of the NSS library to use for hosts and networks lookups in proxy " "domains. The NSS functions searched for in the library are in the form of " @@ -4838,12 +4839,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4180 +#: sssd.conf.5.xml:4182 msgid "proxy_fast_alias (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4183 +#: sssd.conf.5.xml:4185 msgid "" "When a user or group is looked up by name in the proxy provider, a second " "lookup by ID is performed to \"canonicalize\" the name in case the requested " @@ -4852,12 +4853,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4197 +#: sssd.conf.5.xml:4199 msgid "proxy_max_children (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4200 +#: sssd.conf.5.xml:4202 msgid "" "This option specifies the number of pre-forked proxy children. It is useful " "for high-load SSSD environments where sssd may run out of available child " @@ -4865,19 +4866,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4133 +#: sssd.conf.5.xml:4135 msgid "" "Options valid for proxy domains. <placeholder type=\"variablelist\" " "id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:4216 +#: sssd.conf.5.xml:4218 msgid "Application domains" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4218 +#: sssd.conf.5.xml:4220 msgid "" "SSSD, with its D-Bus interface (see <citerefentry> <refentrytitle>sssd-ifp</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry>) is appealing to " @@ -4894,7 +4895,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4238 +#: sssd.conf.5.xml:4240 msgid "" "Please note that the application domain must still be explicitly enabled in " "the <quote>domains</quote> parameter so that the lookup order between the " @@ -4902,17 +4903,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> -#: sssd.conf.5.xml:4244 +#: sssd.conf.5.xml:4246 msgid "Application domain parameters" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4246 +#: sssd.conf.5.xml:4248 msgid "inherit_from (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4249 +#: sssd.conf.5.xml:4251 msgid "" "The SSSD POSIX-type domain the application domain inherits all settings " "from. The application domain can moreover add its own settings to the " @@ -4921,7 +4922,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4263 +#: sssd.conf.5.xml:4265 msgid "" "The following example illustrates the use of an application domain. In this " "setup, the POSIX domain is connected to an LDAP server and is used by the OS " @@ -4931,7 +4932,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><programlisting> -#: sssd.conf.5.xml:4271 +#: sssd.conf.5.xml:4273 #, no-wrap msgid "" "[sssd]\n" @@ -4951,12 +4952,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4291 +#: sssd.conf.5.xml:4293 msgid "TRUSTED DOMAIN SECTION" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4293 +#: sssd.conf.5.xml:4295 msgid "" "Some options used in the domain section can also be used in the trusted " "domain section, that is, in a section called <quote>[domain/" @@ -4967,69 +4968,69 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4300 +#: sssd.conf.5.xml:4302 msgid "ldap_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4301 +#: sssd.conf.5.xml:4303 msgid "ldap_user_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4302 +#: sssd.conf.5.xml:4304 msgid "ldap_group_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4303 +#: sssd.conf.5.xml:4305 msgid "ldap_netgroup_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4304 +#: sssd.conf.5.xml:4306 msgid "ldap_service_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4305 +#: sssd.conf.5.xml:4307 msgid "ldap_sasl_mech," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4306 +#: sssd.conf.5.xml:4308 msgid "ad_server," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4307 +#: sssd.conf.5.xml:4309 msgid "ad_backup_server," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4308 +#: sssd.conf.5.xml:4310 msgid "ad_site," msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4309 sssd-ipa.5.xml:884 +#: sssd.conf.5.xml:4311 sssd-ipa.5.xml:884 msgid "use_fully_qualified_names" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4313 +#: sssd.conf.5.xml:4315 msgid "" "For more details about these options see their individual description in the " "manual page." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4319 +#: sssd.conf.5.xml:4321 msgid "CERTIFICATE MAPPING SECTION" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4321 +#: sssd.conf.5.xml:4323 msgid "" "To allow authentication with Smartcards and certificates SSSD must be able " "to map certificates to users. This can be done by adding the full " @@ -5042,7 +5043,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4335 +#: sssd.conf.5.xml:4337 msgid "" "To make the mapping more flexible mapping and matching rules were added to " "SSSD (see <citerefentry> <refentrytitle>sss-certmap</refentrytitle> " @@ -5050,7 +5051,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4344 +#: sssd.conf.5.xml:4346 msgid "" "A mapping and matching rule can be added to the SSSD configuration in a " "section on its own with a name like <quote>[certmap/" @@ -5059,55 +5060,55 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4351 +#: sssd.conf.5.xml:4353 msgid "matchrule (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4354 +#: sssd.conf.5.xml:4356 msgid "" "Only certificates from the Smartcard which matches this rule will be " "processed, all others are ignored." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4358 +#: sssd.conf.5.xml:4360 msgid "" "Default: KRB5:<EKU>clientAuth, i.e. only certificates which have the " "Extended Key Usage <quote>clientAuth</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4365 +#: sssd.conf.5.xml:4367 msgid "maprule (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4368 +#: sssd.conf.5.xml:4370 msgid "Defines how the user is found for a given certificate." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4374 +#: sssd.conf.5.xml:4376 msgid "" "LDAP:(userCertificate;binary={cert!bin}) for LDAP based providers like " "<quote>ldap</quote>, <quote>AD</quote> or <quote>ipa</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4380 +#: sssd.conf.5.xml:4382 msgid "" "The RULE_NAME for the <quote>files</quote> provider which tries to find a " "user with the same name." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4389 +#: sssd.conf.5.xml:4391 msgid "domains (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4392 +#: sssd.conf.5.xml:4394 msgid "" "Comma separated list of domain names the rule should be applied. By default " "a rule is only valid in the domain configured in sssd.conf. If the provider " @@ -5116,17 +5117,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4399 +#: sssd.conf.5.xml:4401 msgid "Default: the configured domain in sssd.conf" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4404 +#: sssd.conf.5.xml:4406 msgid "priority (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4407 +#: sssd.conf.5.xml:4409 msgid "" "Unsigned integer value defining the priority of the rule. The higher the " "number the lower the priority. <quote>0</quote> stands for the highest " @@ -5134,26 +5135,26 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4413 +#: sssd.conf.5.xml:4415 msgid "Default: the lowest priority" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4419 +#: sssd.conf.5.xml:4421 msgid "" "To make the configuration simple and reduce the amount of configuration " "options the <quote>files</quote> provider has some special properties:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4425 +#: sssd.conf.5.xml:4427 msgid "" "if maprule is not set the RULE_NAME name is assumed to be the name of the " "matching user" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4431 +#: sssd.conf.5.xml:4433 msgid "" "if a maprule is used both a single user name or a template like " "<quote>{subject_rfc822_name.short_name}</quote> must be in braces like e.g. " @@ -5162,17 +5163,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4440 +#: sssd.conf.5.xml:4442 msgid "the <quote>domains</quote> option is ignored" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4448 +#: sssd.conf.5.xml:4450 msgid "PROMPTING CONFIGURATION SECTION" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4450 +#: sssd.conf.5.xml:4452 msgid "" "If a special file (<filename>/var/lib/sss/pubconf/pam_preauth_available</" "filename>) exists SSSD's PAM module pam_sss will ask SSSD to figure out " @@ -5182,7 +5183,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4458 +#: sssd.conf.5.xml:4460 msgid "" "With the growing number of authentication methods and the possibility that " "there are multiple ones for a single user the heuristic used by pam_sss to " @@ -5191,59 +5192,59 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4470 +#: sssd.conf.5.xml:4472 msgid "[prompting/password]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4473 +#: sssd.conf.5.xml:4475 msgid "password_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4474 +#: sssd.conf.5.xml:4476 msgid "to change the string of the password prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4472 +#: sssd.conf.5.xml:4474 msgid "" "to configure password prompting, allowed options are: <placeholder " "type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4482 +#: sssd.conf.5.xml:4484 msgid "[prompting/2fa]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4486 +#: sssd.conf.5.xml:4488 msgid "first_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4487 +#: sssd.conf.5.xml:4489 msgid "to change the string of the prompt for the first factor" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4490 +#: sssd.conf.5.xml:4492 msgid "second_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4491 +#: sssd.conf.5.xml:4493 msgid "to change the string of the prompt for the second factor" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4494 +#: sssd.conf.5.xml:4496 msgid "single_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4495 +#: sssd.conf.5.xml:4497 msgid "" "boolean value, if True there will be only a single prompt using the value of " "first_prompt where it is expected that both factors are entered as a single " @@ -5252,7 +5253,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4484 +#: sssd.conf.5.xml:4486 msgid "" "to configure two-factor authentication prompting, allowed options are: " "<placeholder type=\"variablelist\" id=\"0\"/> If the second factor is " @@ -5261,17 +5262,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4512 +#: sssd.conf.5.xml:4514 msgid "[prompting/passkey]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4518 sssd-ad.5.xml:1021 +#: sssd.conf.5.xml:4520 sssd-ad.5.xml:1021 msgid "interactive" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4520 +#: sssd.conf.5.xml:4522 msgid "" "boolean value, if True prompt a message and wait before testing the presence " "of a passkey device. Recommended if your device doesn’t have a tactile " @@ -5279,46 +5280,46 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4528 +#: sssd.conf.5.xml:4530 msgid "interactive_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4530 +#: sssd.conf.5.xml:4532 msgid "to change the message of the interactive prompt." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4535 +#: sssd.conf.5.xml:4537 msgid "touch" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4537 +#: sssd.conf.5.xml:4539 msgid "" "boolean value, if True prompt a message to remind the user to touch the " "device." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4543 +#: sssd.conf.5.xml:4545 msgid "touch_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4545 +#: sssd.conf.5.xml:4547 msgid "to change the message of the touch prompt." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4514 +#: sssd.conf.5.xml:4516 msgid "" "to configure passkey authentication prompting, allowed options are: " "<placeholder type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4465 +#: sssd.conf.5.xml:4467 msgid "" "Each supported authentication method has its own configuration subsection " "under <quote>[prompting/...]</quote>. Currently there are: <placeholder " @@ -5327,7 +5328,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4556 +#: sssd.conf.5.xml:4558 msgid "" "It is possible to add a subsection for specific PAM services, e.g. " "<quote>[prompting/password/sshd]</quote> to individual change the prompting " @@ -5335,12 +5336,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4563 pam_sss_gss.8.xml:157 idmap_sss.8.xml:43 +#: sssd.conf.5.xml:4565 pam_sss_gss.8.xml:157 idmap_sss.8.xml:43 msgid "EXAMPLES" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4569 +#: sssd.conf.5.xml:4571 #, no-wrap msgid "" "[sssd]\n" @@ -5394,7 +5395,7 @@ msgstr "" "enumerate = False\n" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4565 +#: sssd.conf.5.xml:4567 msgid "" "1. The following example shows a typical SSSD config. It does not describe " "configuration of the domains themselves - refer to documentation on " @@ -5403,7 +5404,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4602 +#: sssd.conf.5.xml:4604 #, no-wrap msgid "" "[domain/ipa.com/child.ad.com]\n" @@ -5411,7 +5412,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4596 +#: sssd.conf.5.xml:4598 msgid "" "2. The following example shows configuration of IPA AD trust where the AD " "forest consists of two domains in a parent-child structure. Suppose IPA " @@ -5422,7 +5423,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4613 +#: sssd.conf.5.xml:4615 #, no-wrap msgid "" "[certmap/my.domain/rule_name]\n" @@ -5433,7 +5434,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4607 +#: sssd.conf.5.xml:4609 msgid "" "3. The following example shows the configuration of a certificate mapping " "rule. It is valid for the configured domain <quote>my.domain</quote> and " diff --git a/src/man/po/pt_BR.po b/src/man/po/pt_BR.po index 376eb909e43..1eaea8e4a50 100644 --- a/src/man/po/pt_BR.po +++ b/src/man/po/pt_BR.po @@ -4,7 +4,7 @@ msgid "" msgstr "" "Project-Id-Version: sssd-docs 2.3.0\n" "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" -"POT-Creation-Date: 2023-11-13 11:53+0100\n" +"POT-Creation-Date: 2024-01-12 13:00+0100\n" "PO-Revision-Date: 2017-01-29 10:11-0500\n" "Last-Translator: Rodrigo de Araujo Sousa Fonseca " "<rodrigodearaujo@fedoraproject.org>\n" @@ -223,7 +223,7 @@ msgstr "" #. type: Content of: <variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:149 sssd.conf.5.xml:652 sssd.conf.5.xml:949 -#: sssd.conf.5.xml:2101 sssd.conf.5.xml:2168 sssd.conf.5.xml:4191 +#: sssd.conf.5.xml:2101 sssd.conf.5.xml:2168 sssd.conf.5.xml:4193 #: sssd-ldap.5.xml:313 sssd-ldap.5.xml:919 sssd-ldap.5.xml:938 #: sssd-ldap.5.xml:1148 sssd-ldap.5.xml:1601 sssd-ldap.5.xml:1841 #: sssd-ipa.5.xml:152 sssd-ipa.5.xml:254 sssd-ipa.5.xml:662 sssd-ad.5.xml:1106 @@ -292,7 +292,7 @@ msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:196 sssd.conf.5.xml:1290 sssd.conf.5.xml:1767 -#: sssd.conf.5.xml:4207 sssd-ldap.5.xml:766 include/ldap_id_mapping.xml:270 +#: sssd.conf.5.xml:4209 sssd-ldap.5.xml:766 include/ldap_id_mapping.xml:270 msgid "Default: 10" msgstr "" @@ -869,7 +869,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:700 sssd.conf.5.xml:1791 sssd.conf.5.xml:4257 +#: sssd.conf.5.xml:700 sssd.conf.5.xml:1791 sssd.conf.5.xml:4259 #: sssd-ad.5.xml:187 sssd-ad.5.xml:327 sssd-ad.5.xml:341 msgid "Default: Not set" msgstr "" @@ -2049,7 +2049,7 @@ msgid "The path to the certificate database." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1723 sssd.conf.5.xml:2248 sssd.conf.5.xml:4371 +#: sssd.conf.5.xml:1723 sssd.conf.5.xml:2248 sssd.conf.5.xml:4373 msgid "Default:" msgstr "" @@ -2315,7 +2315,7 @@ msgid "Default: no_session" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1950 sssd.conf.5.xml:4310 +#: sssd.conf.5.xml:1950 sssd.conf.5.xml:4312 msgid "pam_gssapi_services" msgstr "" @@ -2359,7 +2359,7 @@ msgid "Default: - (GSSAPI authentication is disabled)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1979 sssd.conf.5.xml:4311 +#: sssd.conf.5.xml:1979 sssd.conf.5.xml:4313 msgid "pam_gssapi_check_upn" msgstr "" @@ -3531,10 +3531,9 @@ msgstr "" #: sssd.conf.5.xml:3042 sssd.conf.5.xml:3153 sssd.conf.5.xml:3204 #: sssd.conf.5.xml:3267 msgid "" -"<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management " -"provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> " -"<manvolnum>5</manvolnum> </citerefentry> for more information on configuring " -"FreeIPA." +"<quote>ipa</quote>: FreeIPA and Red Hat Identity Management provider. See " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring FreeIPA." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> @@ -4575,33 +4574,35 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:4034 -msgid "This option is ignored for the files provider." +msgid "" +"It is expected that the <quote>files</quote> provider ignores the " +"local_auth_policy option and supports Smartcard authentication by default." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4037 +#: sssd.conf.5.xml:4039 msgid "Default: match" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4042 +#: sssd.conf.5.xml:4044 msgid "auto_private_groups (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4048 +#: sssd.conf.5.xml:4050 msgid "true" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4051 +#: sssd.conf.5.xml:4053 msgid "" "Create user's private group unconditionally from user's UID number. The GID " "number is ignored in this case." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4055 +#: sssd.conf.5.xml:4057 msgid "" "NOTE: Because the GID number and the user private group are inferred from " "the UID number, it is not supported to have multiple entries with the same " @@ -4610,24 +4611,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4064 +#: sssd.conf.5.xml:4066 msgid "false" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4067 +#: sssd.conf.5.xml:4069 msgid "" "Always use the user's primary GID number. The GID number must refer to a " "group object in the LDAP database." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4073 +#: sssd.conf.5.xml:4075 msgid "hybrid" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4076 +#: sssd.conf.5.xml:4078 msgid "" "A primary group is autogenerated for user entries whose UID and GID numbers " "have the same value and at the same time the GID number does not correspond " @@ -4637,14 +4638,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4089 +#: sssd.conf.5.xml:4091 msgid "" "If the UID and GID of a user are different, then the GID must correspond to " "a group entry, otherwise the GID is simply not resolvable." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4096 +#: sssd.conf.5.xml:4098 msgid "" "This feature is useful for environments that wish to stop maintaining a " "separate group objects for the user private groups, but also wish to retain " @@ -4652,21 +4653,21 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4045 +#: sssd.conf.5.xml:4047 msgid "" "This option takes any of three available values: <placeholder " "type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4108 +#: sssd.conf.5.xml:4110 msgid "" "For subdomains, the default value is False for subdomains that use assigned " "POSIX IDs and True for subdomains that use automatic ID-mapping." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:4116 +#: sssd.conf.5.xml:4118 #, no-wrap msgid "" "[domain/forest.domain/sub.domain]\n" @@ -4674,7 +4675,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:4122 +#: sssd.conf.5.xml:4124 #, no-wrap msgid "" "[domain/forest.domain]\n" @@ -4683,7 +4684,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4113 +#: sssd.conf.5.xml:4115 msgid "" "The value of auto_private_groups can either be set per subdomains in a " "subsection, for example: <placeholder type=\"programlisting\" id=\"0\"/> or " @@ -4700,17 +4701,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4137 +#: sssd.conf.5.xml:4139 msgid "proxy_pam_target (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4140 +#: sssd.conf.5.xml:4142 msgid "The proxy target PAM proxies to." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4143 +#: sssd.conf.5.xml:4145 msgid "" "Default: not set by default, you have to take an existing pam configuration " "or create a new one and add the service name here. As an alternative you can " @@ -4718,12 +4719,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4153 +#: sssd.conf.5.xml:4155 msgid "proxy_lib_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4156 +#: sssd.conf.5.xml:4158 msgid "" "The name of the NSS library to use in proxy domains. The NSS functions " "searched for in the library are in the form of _nss_$(libName)_$(function), " @@ -4731,12 +4732,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4166 +#: sssd.conf.5.xml:4168 msgid "proxy_resolver_lib_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4169 +#: sssd.conf.5.xml:4171 msgid "" "The name of the NSS library to use for hosts and networks lookups in proxy " "domains. The NSS functions searched for in the library are in the form of " @@ -4744,12 +4745,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4180 +#: sssd.conf.5.xml:4182 msgid "proxy_fast_alias (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4183 +#: sssd.conf.5.xml:4185 msgid "" "When a user or group is looked up by name in the proxy provider, a second " "lookup by ID is performed to \"canonicalize\" the name in case the requested " @@ -4758,12 +4759,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4197 +#: sssd.conf.5.xml:4199 msgid "proxy_max_children (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4200 +#: sssd.conf.5.xml:4202 msgid "" "This option specifies the number of pre-forked proxy children. It is useful " "for high-load SSSD environments where sssd may run out of available child " @@ -4771,19 +4772,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4133 +#: sssd.conf.5.xml:4135 msgid "" "Options valid for proxy domains. <placeholder type=\"variablelist\" " "id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:4216 +#: sssd.conf.5.xml:4218 msgid "Application domains" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4218 +#: sssd.conf.5.xml:4220 msgid "" "SSSD, with its D-Bus interface (see <citerefentry> <refentrytitle>sssd-ifp</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry>) is appealing to " @@ -4800,7 +4801,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4238 +#: sssd.conf.5.xml:4240 msgid "" "Please note that the application domain must still be explicitly enabled in " "the <quote>domains</quote> parameter so that the lookup order between the " @@ -4808,17 +4809,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> -#: sssd.conf.5.xml:4244 +#: sssd.conf.5.xml:4246 msgid "Application domain parameters" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4246 +#: sssd.conf.5.xml:4248 msgid "inherit_from (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4249 +#: sssd.conf.5.xml:4251 msgid "" "The SSSD POSIX-type domain the application domain inherits all settings " "from. The application domain can moreover add its own settings to the " @@ -4827,7 +4828,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4263 +#: sssd.conf.5.xml:4265 msgid "" "The following example illustrates the use of an application domain. In this " "setup, the POSIX domain is connected to an LDAP server and is used by the OS " @@ -4837,7 +4838,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><programlisting> -#: sssd.conf.5.xml:4271 +#: sssd.conf.5.xml:4273 #, no-wrap msgid "" "[sssd]\n" @@ -4857,12 +4858,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4291 +#: sssd.conf.5.xml:4293 msgid "TRUSTED DOMAIN SECTION" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4293 +#: sssd.conf.5.xml:4295 msgid "" "Some options used in the domain section can also be used in the trusted " "domain section, that is, in a section called <quote>[domain/" @@ -4873,69 +4874,69 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4300 +#: sssd.conf.5.xml:4302 msgid "ldap_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4301 +#: sssd.conf.5.xml:4303 msgid "ldap_user_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4302 +#: sssd.conf.5.xml:4304 msgid "ldap_group_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4303 +#: sssd.conf.5.xml:4305 msgid "ldap_netgroup_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4304 +#: sssd.conf.5.xml:4306 msgid "ldap_service_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4305 +#: sssd.conf.5.xml:4307 msgid "ldap_sasl_mech," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4306 +#: sssd.conf.5.xml:4308 msgid "ad_server," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4307 +#: sssd.conf.5.xml:4309 msgid "ad_backup_server," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4308 +#: sssd.conf.5.xml:4310 msgid "ad_site," msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4309 sssd-ipa.5.xml:884 +#: sssd.conf.5.xml:4311 sssd-ipa.5.xml:884 msgid "use_fully_qualified_names" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4313 +#: sssd.conf.5.xml:4315 msgid "" "For more details about these options see their individual description in the " "manual page." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4319 +#: sssd.conf.5.xml:4321 msgid "CERTIFICATE MAPPING SECTION" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4321 +#: sssd.conf.5.xml:4323 msgid "" "To allow authentication with Smartcards and certificates SSSD must be able " "to map certificates to users. This can be done by adding the full " @@ -4948,7 +4949,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4335 +#: sssd.conf.5.xml:4337 msgid "" "To make the mapping more flexible mapping and matching rules were added to " "SSSD (see <citerefentry> <refentrytitle>sss-certmap</refentrytitle> " @@ -4956,7 +4957,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4344 +#: sssd.conf.5.xml:4346 msgid "" "A mapping and matching rule can be added to the SSSD configuration in a " "section on its own with a name like <quote>[certmap/" @@ -4965,55 +4966,55 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4351 +#: sssd.conf.5.xml:4353 msgid "matchrule (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4354 +#: sssd.conf.5.xml:4356 msgid "" "Only certificates from the Smartcard which matches this rule will be " "processed, all others are ignored." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4358 +#: sssd.conf.5.xml:4360 msgid "" "Default: KRB5:<EKU>clientAuth, i.e. only certificates which have the " "Extended Key Usage <quote>clientAuth</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4365 +#: sssd.conf.5.xml:4367 msgid "maprule (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4368 +#: sssd.conf.5.xml:4370 msgid "Defines how the user is found for a given certificate." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4374 +#: sssd.conf.5.xml:4376 msgid "" "LDAP:(userCertificate;binary={cert!bin}) for LDAP based providers like " "<quote>ldap</quote>, <quote>AD</quote> or <quote>ipa</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4380 +#: sssd.conf.5.xml:4382 msgid "" "The RULE_NAME for the <quote>files</quote> provider which tries to find a " "user with the same name." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4389 +#: sssd.conf.5.xml:4391 msgid "domains (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4392 +#: sssd.conf.5.xml:4394 msgid "" "Comma separated list of domain names the rule should be applied. By default " "a rule is only valid in the domain configured in sssd.conf. If the provider " @@ -5022,17 +5023,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4399 +#: sssd.conf.5.xml:4401 msgid "Default: the configured domain in sssd.conf" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4404 +#: sssd.conf.5.xml:4406 msgid "priority (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4407 +#: sssd.conf.5.xml:4409 msgid "" "Unsigned integer value defining the priority of the rule. The higher the " "number the lower the priority. <quote>0</quote> stands for the highest " @@ -5040,26 +5041,26 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4413 +#: sssd.conf.5.xml:4415 msgid "Default: the lowest priority" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4419 +#: sssd.conf.5.xml:4421 msgid "" "To make the configuration simple and reduce the amount of configuration " "options the <quote>files</quote> provider has some special properties:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4425 +#: sssd.conf.5.xml:4427 msgid "" "if maprule is not set the RULE_NAME name is assumed to be the name of the " "matching user" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4431 +#: sssd.conf.5.xml:4433 msgid "" "if a maprule is used both a single user name or a template like " "<quote>{subject_rfc822_name.short_name}</quote> must be in braces like e.g. " @@ -5068,17 +5069,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4440 +#: sssd.conf.5.xml:4442 msgid "the <quote>domains</quote> option is ignored" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4448 +#: sssd.conf.5.xml:4450 msgid "PROMPTING CONFIGURATION SECTION" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4450 +#: sssd.conf.5.xml:4452 msgid "" "If a special file (<filename>/var/lib/sss/pubconf/pam_preauth_available</" "filename>) exists SSSD's PAM module pam_sss will ask SSSD to figure out " @@ -5088,7 +5089,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4458 +#: sssd.conf.5.xml:4460 msgid "" "With the growing number of authentication methods and the possibility that " "there are multiple ones for a single user the heuristic used by pam_sss to " @@ -5097,59 +5098,59 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4470 +#: sssd.conf.5.xml:4472 msgid "[prompting/password]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4473 +#: sssd.conf.5.xml:4475 msgid "password_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4474 +#: sssd.conf.5.xml:4476 msgid "to change the string of the password prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4472 +#: sssd.conf.5.xml:4474 msgid "" "to configure password prompting, allowed options are: <placeholder " "type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4482 +#: sssd.conf.5.xml:4484 msgid "[prompting/2fa]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4486 +#: sssd.conf.5.xml:4488 msgid "first_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4487 +#: sssd.conf.5.xml:4489 msgid "to change the string of the prompt for the first factor" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4490 +#: sssd.conf.5.xml:4492 msgid "second_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4491 +#: sssd.conf.5.xml:4493 msgid "to change the string of the prompt for the second factor" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4494 +#: sssd.conf.5.xml:4496 msgid "single_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4495 +#: sssd.conf.5.xml:4497 msgid "" "boolean value, if True there will be only a single prompt using the value of " "first_prompt where it is expected that both factors are entered as a single " @@ -5158,7 +5159,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4484 +#: sssd.conf.5.xml:4486 msgid "" "to configure two-factor authentication prompting, allowed options are: " "<placeholder type=\"variablelist\" id=\"0\"/> If the second factor is " @@ -5167,17 +5168,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4512 +#: sssd.conf.5.xml:4514 msgid "[prompting/passkey]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4518 sssd-ad.5.xml:1021 +#: sssd.conf.5.xml:4520 sssd-ad.5.xml:1021 msgid "interactive" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4520 +#: sssd.conf.5.xml:4522 msgid "" "boolean value, if True prompt a message and wait before testing the presence " "of a passkey device. Recommended if your device doesn’t have a tactile " @@ -5185,46 +5186,46 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4528 +#: sssd.conf.5.xml:4530 msgid "interactive_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4530 +#: sssd.conf.5.xml:4532 msgid "to change the message of the interactive prompt." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4535 +#: sssd.conf.5.xml:4537 msgid "touch" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4537 +#: sssd.conf.5.xml:4539 msgid "" "boolean value, if True prompt a message to remind the user to touch the " "device." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4543 +#: sssd.conf.5.xml:4545 msgid "touch_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4545 +#: sssd.conf.5.xml:4547 msgid "to change the message of the touch prompt." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4514 +#: sssd.conf.5.xml:4516 msgid "" "to configure passkey authentication prompting, allowed options are: " "<placeholder type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4465 +#: sssd.conf.5.xml:4467 msgid "" "Each supported authentication method has its own configuration subsection " "under <quote>[prompting/...]</quote>. Currently there are: <placeholder " @@ -5233,7 +5234,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4556 +#: sssd.conf.5.xml:4558 msgid "" "It is possible to add a subsection for specific PAM services, e.g. " "<quote>[prompting/password/sshd]</quote> to individual change the prompting " @@ -5241,12 +5242,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4563 pam_sss_gss.8.xml:157 idmap_sss.8.xml:43 +#: sssd.conf.5.xml:4565 pam_sss_gss.8.xml:157 idmap_sss.8.xml:43 msgid "EXAMPLES" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4569 +#: sssd.conf.5.xml:4571 #, no-wrap msgid "" "[sssd]\n" @@ -5276,7 +5277,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4565 +#: sssd.conf.5.xml:4567 msgid "" "1. The following example shows a typical SSSD config. It does not describe " "configuration of the domains themselves - refer to documentation on " @@ -5285,7 +5286,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4602 +#: sssd.conf.5.xml:4604 #, no-wrap msgid "" "[domain/ipa.com/child.ad.com]\n" @@ -5293,7 +5294,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4596 +#: sssd.conf.5.xml:4598 msgid "" "2. The following example shows configuration of IPA AD trust where the AD " "forest consists of two domains in a parent-child structure. Suppose IPA " @@ -5304,7 +5305,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4613 +#: sssd.conf.5.xml:4615 #, no-wrap msgid "" "[certmap/my.domain/rule_name]\n" @@ -5315,7 +5316,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4607 +#: sssd.conf.5.xml:4609 msgid "" "3. The following example shows the configuration of a certificate mapping " "rule. It is valid for the configured domain <quote>my.domain</quote> and " diff --git a/src/man/po/ru.po b/src/man/po/ru.po index 85c4a57d472..6c3f3e45176 100644 --- a/src/man/po/ru.po +++ b/src/man/po/ru.po @@ -8,7 +8,7 @@ msgid "" msgstr "" "Project-Id-Version: sssd-docs 2.3.0\n" "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" -"POT-Creation-Date: 2023-11-13 11:53+0100\n" +"POT-Creation-Date: 2024-01-12 13:00+0100\n" "PO-Revision-Date: 2022-12-14 19:20+0000\n" "Last-Translator: Elena Mishina <lepata@basealt.ru>\n" "Language-Team: Russian <https://translate.fedoraproject.org/projects/sssd/" @@ -277,7 +277,7 @@ msgstr "" #. type: Content of: <variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:149 sssd.conf.5.xml:652 sssd.conf.5.xml:949 -#: sssd.conf.5.xml:2101 sssd.conf.5.xml:2168 sssd.conf.5.xml:4191 +#: sssd.conf.5.xml:2101 sssd.conf.5.xml:2168 sssd.conf.5.xml:4193 #: sssd-ldap.5.xml:313 sssd-ldap.5.xml:919 sssd-ldap.5.xml:938 #: sssd-ldap.5.xml:1148 sssd-ldap.5.xml:1601 sssd-ldap.5.xml:1841 #: sssd-ipa.5.xml:152 sssd-ipa.5.xml:254 sssd-ipa.5.xml:662 sssd-ad.5.xml:1106 @@ -358,7 +358,7 @@ msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:196 sssd.conf.5.xml:1290 sssd.conf.5.xml:1767 -#: sssd.conf.5.xml:4207 sssd-ldap.5.xml:766 include/ldap_id_mapping.xml:270 +#: sssd.conf.5.xml:4209 sssd-ldap.5.xml:766 include/ldap_id_mapping.xml:270 msgid "Default: 10" msgstr "По умолчанию: 10" @@ -1124,7 +1124,7 @@ msgstr "" "пользователей в разных доменах могут быть одинаковыми." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:700 sssd.conf.5.xml:1791 sssd.conf.5.xml:4257 +#: sssd.conf.5.xml:700 sssd.conf.5.xml:1791 sssd.conf.5.xml:4259 #: sssd-ad.5.xml:187 sssd-ad.5.xml:327 sssd-ad.5.xml:341 msgid "Default: Not set" msgstr "По умолчанию: не задано" @@ -2584,7 +2584,7 @@ msgid "The path to the certificate database." msgstr "Путь к базе данных сертификатов." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1723 sssd.conf.5.xml:2248 sssd.conf.5.xml:4371 +#: sssd.conf.5.xml:1723 sssd.conf.5.xml:2248 sssd.conf.5.xml:4373 msgid "Default:" msgstr "По умолчанию:" @@ -2912,7 +2912,7 @@ msgid "Default: no_session" msgstr "По умолчанию: no_session" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1950 sssd.conf.5.xml:4310 +#: sssd.conf.5.xml:1950 sssd.conf.5.xml:4312 msgid "pam_gssapi_services" msgstr "pam_gssapi_services" @@ -2966,7 +2966,7 @@ msgid "Default: - (GSSAPI authentication is disabled)" msgstr "По умолчанию: - (проверка подлинности с помощью GSSAPI отключена)" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1979 sssd.conf.5.xml:4311 +#: sssd.conf.5.xml:1979 sssd.conf.5.xml:4313 msgid "pam_gssapi_check_upn" msgstr "pam_gssapi_check_upn" @@ -4445,11 +4445,16 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:3042 sssd.conf.5.xml:3153 sssd.conf.5.xml:3204 #: sssd.conf.5.xml:3267 +#, fuzzy +#| msgid "" +#| "<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management " +#| "provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> " +#| "<manvolnum>5</manvolnum> </citerefentry> for more information on " +#| "configuring FreeIPA." msgid "" -"<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management " -"provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> " -"<manvolnum>5</manvolnum> </citerefentry> for more information on configuring " -"FreeIPA." +"<quote>ipa</quote>: FreeIPA and Red Hat Identity Management provider. See " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring FreeIPA." msgstr "" "<quote>ipa</quote>: поставщик данных FreeIPA и Red Hat Enterprise Identity " "Management. Дополнительные сведения о настройке FreeIPA: <citerefentry> " @@ -5746,30 +5751,30 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:4034 -#, fuzzy -#| msgid "This option is not available in IPA provider." -msgid "This option is ignored for the files provider." -msgstr "Этот параметр недоступен в поставщике данных IPA." +msgid "" +"It is expected that the <quote>files</quote> provider ignores the " +"local_auth_policy option and supports Smartcard authentication by default." +msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4037 +#: sssd.conf.5.xml:4039 #, fuzzy #| msgid "Default: mail" msgid "Default: match" msgstr "По умолчанию: mail" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4042 +#: sssd.conf.5.xml:4044 msgid "auto_private_groups (string)" msgstr "auto_private_groups (строка)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4048 +#: sssd.conf.5.xml:4050 msgid "true" msgstr "true" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4051 +#: sssd.conf.5.xml:4053 msgid "" "Create user's private group unconditionally from user's UID number. The GID " "number is ignored in this case." @@ -5778,7 +5783,7 @@ msgstr "" "UID пользователя. Номер GID в этом случае игнорируется." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4055 +#: sssd.conf.5.xml:4057 msgid "" "NOTE: Because the GID number and the user private group are inferred from " "the UID number, it is not supported to have multiple entries with the same " @@ -5792,12 +5797,12 @@ msgstr "" "пространстве идентификаторов." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4064 +#: sssd.conf.5.xml:4066 msgid "false" msgstr "false" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4067 +#: sssd.conf.5.xml:4069 msgid "" "Always use the user's primary GID number. The GID number must refer to a " "group object in the LDAP database." @@ -5806,12 +5811,12 @@ msgstr "" "ссылаться на объект группы в базе данных LDAP." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4073 +#: sssd.conf.5.xml:4075 msgid "hybrid" msgstr "hybrid" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4076 +#: sssd.conf.5.xml:4078 msgid "" "A primary group is autogenerated for user entries whose UID and GID numbers " "have the same value and at the same time the GID number does not correspond " @@ -5826,7 +5831,7 @@ msgstr "" "основной GID этого пользователя разрешается в этот объект группы." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4089 +#: sssd.conf.5.xml:4091 msgid "" "If the UID and GID of a user are different, then the GID must correspond to " "a group entry, otherwise the GID is simply not resolvable." @@ -5835,7 +5840,7 @@ msgstr "" "группы; в ином случае GID просто будет невозможно разрешить." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4096 +#: sssd.conf.5.xml:4098 msgid "" "This feature is useful for environments that wish to stop maintaining a " "separate group objects for the user private groups, but also wish to retain " @@ -5846,7 +5851,7 @@ msgstr "" "сохранить существующие закрытые группы пользователей." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4045 +#: sssd.conf.5.xml:4047 msgid "" "This option takes any of three available values: <placeholder " "type=\"variablelist\" id=\"0\"/>" @@ -5855,7 +5860,7 @@ msgstr "" "type=\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4108 +#: sssd.conf.5.xml:4110 msgid "" "For subdomains, the default value is False for subdomains that use assigned " "POSIX IDs and True for subdomains that use automatic ID-mapping." @@ -5865,7 +5870,7 @@ msgstr "" "поддоменов, которые используют автоматическое сопоставление идентификаторов." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:4116 +#: sssd.conf.5.xml:4118 #, no-wrap msgid "" "[domain/forest.domain/sub.domain]\n" @@ -5875,7 +5880,7 @@ msgstr "" "auto_private_groups = false\n" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:4122 +#: sssd.conf.5.xml:4124 #, no-wrap msgid "" "[domain/forest.domain]\n" @@ -5887,7 +5892,7 @@ msgstr "" "auto_private_groups = false\n" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4113 +#: sssd.conf.5.xml:4115 msgid "" "The value of auto_private_groups can either be set per subdomains in a " "subsection, for example: <placeholder type=\"programlisting\" id=\"0\"/> or " @@ -5912,17 +5917,17 @@ msgstr "" "replaceable>]</quote> <placeholder type=\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4137 +#: sssd.conf.5.xml:4139 msgid "proxy_pam_target (string)" msgstr "proxy_pam_target (строка)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4140 +#: sssd.conf.5.xml:4142 msgid "The proxy target PAM proxies to." msgstr "Цель, которой пересылает данные прокси PAM." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4143 +#: sssd.conf.5.xml:4145 #, fuzzy #| msgid "" #| "Default: not set by default, you have to take an existing pam " @@ -5936,12 +5941,12 @@ msgstr "" "конфигурацией PAM или создать новую и добавить здесь имя службы." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4153 +#: sssd.conf.5.xml:4155 msgid "proxy_lib_name (string)" msgstr "proxy_lib_name (строка)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4156 +#: sssd.conf.5.xml:4158 msgid "" "The name of the NSS library to use in proxy domains. The NSS functions " "searched for in the library are in the form of _nss_$(libName)_$(function), " @@ -5952,12 +5957,12 @@ msgstr "" "_nss_$(libName)_$(function), например: _nss_files_getpwent." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4166 +#: sssd.conf.5.xml:4168 msgid "proxy_resolver_lib_name (string)" msgstr "proxy_resolver_lib_name (строка)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4169 +#: sssd.conf.5.xml:4171 msgid "" "The name of the NSS library to use for hosts and networks lookups in proxy " "domains. The NSS functions searched for in the library are in the form of " @@ -5968,12 +5973,12 @@ msgstr "" "вид _nss_$(libName)_$(function), например: _nss_dns_gethostbyname2_r." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4180 +#: sssd.conf.5.xml:4182 msgid "proxy_fast_alias (boolean)" msgstr "proxy_fast_alias (логическое значение)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4183 +#: sssd.conf.5.xml:4185 msgid "" "When a user or group is looked up by name in the proxy provider, a second " "lookup by ID is performed to \"canonicalize\" the name in case the requested " @@ -5987,12 +5992,12 @@ msgstr "" "идентификатора в кэше в целях ускорения предоставления результатов." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4197 +#: sssd.conf.5.xml:4199 msgid "proxy_max_children (integer)" msgstr "proxy_max_children (целое число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4200 +#: sssd.conf.5.xml:4202 msgid "" "This option specifies the number of pre-forked proxy children. It is useful " "for high-load SSSD environments where sssd may run out of available child " @@ -6004,7 +6009,7 @@ msgstr "" "постановки запросов в очередь." #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4133 +#: sssd.conf.5.xml:4135 msgid "" "Options valid for proxy domains. <placeholder type=\"variablelist\" " "id=\"0\"/>" @@ -6013,12 +6018,12 @@ msgstr "" "<placeholder type=\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:4216 +#: sssd.conf.5.xml:4218 msgid "Application domains" msgstr "Домены приложений" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4218 +#: sssd.conf.5.xml:4220 msgid "" "SSSD, with its D-Bus interface (see <citerefentry> <refentrytitle>sssd-ifp</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry>) is appealing to " @@ -6047,7 +6052,7 @@ msgstr "" "традиционного домена SSSD." #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4238 +#: sssd.conf.5.xml:4240 msgid "" "Please note that the application domain must still be explicitly enabled in " "the <quote>domains</quote> parameter so that the lookup order between the " @@ -6058,17 +6063,17 @@ msgstr "" "порядок поиска для домена приложений и его родственного домена POSIX." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> -#: sssd.conf.5.xml:4244 +#: sssd.conf.5.xml:4246 msgid "Application domain parameters" msgstr "Параметры доменов приложений" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4246 +#: sssd.conf.5.xml:4248 msgid "inherit_from (string)" msgstr "inherit_from (строка)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4249 +#: sssd.conf.5.xml:4251 msgid "" "The SSSD POSIX-type domain the application domain inherits all settings " "from. The application domain can moreover add its own settings to the " @@ -6081,7 +6086,7 @@ msgstr "" "<quote>родственного</quote> домена." #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4263 +#: sssd.conf.5.xml:4265 msgid "" "The following example illustrates the use of an application domain. In this " "setup, the POSIX domain is connected to an LDAP server and is used by the OS " @@ -6096,7 +6101,7 @@ msgstr "" "атрибут phone доступным через интерфейс D-Bus." #. type: Content of: <reference><refentry><refsect1><refsect2><programlisting> -#: sssd.conf.5.xml:4271 +#: sssd.conf.5.xml:4273 #, no-wrap msgid "" "[sssd]\n" @@ -6130,12 +6135,12 @@ msgstr "" "ldap_user_extra_attrs = phone:telephoneNumber\n" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4291 +#: sssd.conf.5.xml:4293 msgid "TRUSTED DOMAIN SECTION" msgstr "РАЗДЕЛ ДОВЕРЕННЫХ ДОМЕНОВ" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4293 +#: sssd.conf.5.xml:4295 msgid "" "Some options used in the domain section can also be used in the trusted " "domain section, that is, in a section called <quote>[domain/" @@ -6153,57 +6158,57 @@ msgstr "" "поддерживаются следующие параметры:" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4300 +#: sssd.conf.5.xml:4302 msgid "ldap_search_base," msgstr "ldap_search_base," #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4301 +#: sssd.conf.5.xml:4303 msgid "ldap_user_search_base," msgstr "ldap_user_search_base," #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4302 +#: sssd.conf.5.xml:4304 msgid "ldap_group_search_base," msgstr "ldap_group_search_base," #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4303 +#: sssd.conf.5.xml:4305 msgid "ldap_netgroup_search_base," msgstr "ldap_netgroup_search_base," #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4304 +#: sssd.conf.5.xml:4306 msgid "ldap_service_search_base," msgstr "ldap_service_search_base," #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4305 +#: sssd.conf.5.xml:4307 msgid "ldap_sasl_mech," msgstr "ldap_sasl_mech," #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4306 +#: sssd.conf.5.xml:4308 msgid "ad_server," msgstr "ad_server," #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4307 +#: sssd.conf.5.xml:4309 msgid "ad_backup_server," msgstr "ad_backup_server," #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4308 +#: sssd.conf.5.xml:4310 msgid "ad_site," msgstr "ad_site," #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4309 sssd-ipa.5.xml:884 +#: sssd.conf.5.xml:4311 sssd-ipa.5.xml:884 msgid "use_fully_qualified_names" msgstr "use_fully_qualified_names" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4313 +#: sssd.conf.5.xml:4315 msgid "" "For more details about these options see their individual description in the " "manual page." @@ -6212,12 +6217,12 @@ msgstr "" "справочной странице." #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4319 +#: sssd.conf.5.xml:4321 msgid "CERTIFICATE MAPPING SECTION" msgstr "РАЗДЕЛ СОПОСТАВЛЕНИЯ СЕРТИФИКАТОВ" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4321 +#: sssd.conf.5.xml:4323 msgid "" "To allow authentication with Smartcards and certificates SSSD must be able " "to map certificates to users. This can be done by adding the full " @@ -6240,7 +6245,7 @@ msgstr "" "проверки подлинности." #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4335 +#: sssd.conf.5.xml:4337 msgid "" "To make the mapping more flexible mapping and matching rules were added to " "SSSD (see <citerefentry> <refentrytitle>sss-certmap</refentrytitle> " @@ -6251,7 +6256,7 @@ msgstr "" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry>)." #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4344 +#: sssd.conf.5.xml:4346 msgid "" "A mapping and matching rule can be added to the SSSD configuration in a " "section on its own with a name like <quote>[certmap/" @@ -6264,12 +6269,12 @@ msgstr "" "replaceable>]</quote>. В этом разделе допустимы следующие параметры:" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4351 +#: sssd.conf.5.xml:4353 msgid "matchrule (string)" msgstr "matchrule (строка)" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4354 +#: sssd.conf.5.xml:4356 msgid "" "Only certificates from the Smartcard which matches this rule will be " "processed, all others are ignored." @@ -6278,7 +6283,7 @@ msgstr "" "соответствуют этому правилу. Все остальные будут игнорироваться." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4358 +#: sssd.conf.5.xml:4360 msgid "" "Default: KRB5:<EKU>clientAuth, i.e. only certificates which have the " "Extended Key Usage <quote>clientAuth</quote>" @@ -6288,17 +6293,17 @@ msgstr "" "<quote>clientAuth</quote>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4365 +#: sssd.conf.5.xml:4367 msgid "maprule (string)" msgstr "maprule (строка)" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4368 +#: sssd.conf.5.xml:4370 msgid "Defines how the user is found for a given certificate." msgstr "Определяет способ поиска пользователя для указанного сертификата." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4374 +#: sssd.conf.5.xml:4376 msgid "" "LDAP:(userCertificate;binary={cert!bin}) for LDAP based providers like " "<quote>ldap</quote>, <quote>AD</quote> or <quote>ipa</quote>." @@ -6308,7 +6313,7 @@ msgstr "" "quote>." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4380 +#: sssd.conf.5.xml:4382 msgid "" "The RULE_NAME for the <quote>files</quote> provider which tries to find a " "user with the same name." @@ -6317,12 +6322,12 @@ msgstr "" "пользователя с таким же именем." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4389 +#: sssd.conf.5.xml:4391 msgid "domains (string)" msgstr "domains (строка)" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4392 +#: sssd.conf.5.xml:4394 msgid "" "Comma separated list of domain names the rule should be applied. By default " "a rule is only valid in the domain configured in sssd.conf. If the provider " @@ -6335,17 +6340,17 @@ msgstr "" "параметра можно добавить правило также и в поддомены." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4399 +#: sssd.conf.5.xml:4401 msgid "Default: the configured domain in sssd.conf" msgstr "По умолчанию: настроенный домен в sssd.conf" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4404 +#: sssd.conf.5.xml:4406 msgid "priority (integer)" msgstr "priority (целое число)" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4407 +#: sssd.conf.5.xml:4409 msgid "" "Unsigned integer value defining the priority of the rule. The higher the " "number the lower the priority. <quote>0</quote> stands for the highest " @@ -6356,12 +6361,12 @@ msgstr "" "приоритет, а <quote>4294967295</quote> — самый низкий." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4413 +#: sssd.conf.5.xml:4415 msgid "Default: the lowest priority" msgstr "По умолчанию: самый низкий приоритет" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4419 +#: sssd.conf.5.xml:4421 msgid "" "To make the configuration simple and reduce the amount of configuration " "options the <quote>files</quote> provider has some special properties:" @@ -6371,7 +6376,7 @@ msgstr "" "свойства:" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4425 +#: sssd.conf.5.xml:4427 msgid "" "if maprule is not set the RULE_NAME name is assumed to be the name of the " "matching user" @@ -6380,7 +6385,7 @@ msgstr "" "RULE_NAME" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4431 +#: sssd.conf.5.xml:4433 msgid "" "if a maprule is used both a single user name or a template like " "<quote>{subject_rfc822_name.short_name}</quote> must be in braces like e.g. " @@ -6393,17 +6398,17 @@ msgstr "" "<quote>({subject_rfc822_name.short_name})</quote>" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4440 +#: sssd.conf.5.xml:4442 msgid "the <quote>domains</quote> option is ignored" msgstr "параметр <quote>domains</quote> игнорируется" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4448 +#: sssd.conf.5.xml:4450 msgid "PROMPTING CONFIGURATION SECTION" msgstr "РАЗДЕЛ НАСТРОЙКИ ЗАПРОСОВ" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4450 +#: sssd.conf.5.xml:4452 msgid "" "If a special file (<filename>/var/lib/sss/pubconf/pam_preauth_available</" "filename>) exists SSSD's PAM module pam_sss will ask SSSD to figure out " @@ -6418,7 +6423,7 @@ msgstr "" "запросит у пользователя соответствующие учётные данные." #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4458 +#: sssd.conf.5.xml:4460 msgid "" "With the growing number of authentication methods and the possibility that " "there are multiple ones for a single user the heuristic used by pam_sss to " @@ -6431,22 +6436,22 @@ msgstr "" "Следующие параметры обеспечивают более гибкую настройку." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4470 +#: sssd.conf.5.xml:4472 msgid "[prompting/password]" msgstr "[prompting/password]" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4473 +#: sssd.conf.5.xml:4475 msgid "password_prompt" msgstr "password_prompt" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4474 +#: sssd.conf.5.xml:4476 msgid "to change the string of the password prompt" msgstr "изменить строку запроса пароля" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4472 +#: sssd.conf.5.xml:4474 msgid "" "to configure password prompting, allowed options are: <placeholder " "type=\"variablelist\" id=\"0\"/>" @@ -6455,37 +6460,37 @@ msgstr "" "type=\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4482 +#: sssd.conf.5.xml:4484 msgid "[prompting/2fa]" msgstr "[prompting/2fa]" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4486 +#: sssd.conf.5.xml:4488 msgid "first_prompt" msgstr "first_prompt" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4487 +#: sssd.conf.5.xml:4489 msgid "to change the string of the prompt for the first factor" msgstr "изменить строку запроса первого фактора" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4490 +#: sssd.conf.5.xml:4492 msgid "second_prompt" msgstr "second_prompt" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4491 +#: sssd.conf.5.xml:4493 msgid "to change the string of the prompt for the second factor" msgstr "изменить строку запроса второго фактора" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4494 +#: sssd.conf.5.xml:4496 msgid "single_prompt" msgstr "single_prompt" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4495 +#: sssd.conf.5.xml:4497 msgid "" "boolean value, if True there will be only a single prompt using the value of " "first_prompt where it is expected that both factors are entered as a single " @@ -6498,7 +6503,7 @@ msgstr "" "фактора, даже если второй фактор является необязательным." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4484 +#: sssd.conf.5.xml:4486 msgid "" "to configure two-factor authentication prompting, allowed options are: " "<placeholder type=\"variablelist\" id=\"0\"/> If the second factor is " @@ -6511,19 +6516,19 @@ msgstr "" "пароль, либо оба фактора, следует использовать двухэтапный запрос." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4512 +#: sssd.conf.5.xml:4514 #, fuzzy #| msgid "[prompting/password]" msgid "[prompting/passkey]" msgstr "[prompting/password]" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4518 sssd-ad.5.xml:1021 +#: sssd.conf.5.xml:4520 sssd-ad.5.xml:1021 msgid "interactive" msgstr "interactive" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4520 +#: sssd.conf.5.xml:4522 msgid "" "boolean value, if True prompt a message and wait before testing the presence " "of a passkey device. Recommended if your device doesn’t have a tactile " @@ -6531,47 +6536,47 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4528 +#: sssd.conf.5.xml:4530 #, fuzzy #| msgid "interactive" msgid "interactive_prompt" msgstr "interactive" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4530 +#: sssd.conf.5.xml:4532 #, fuzzy #| msgid "to change the string of the password prompt" msgid "to change the message of the interactive prompt." msgstr "изменить строку запроса пароля" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4535 +#: sssd.conf.5.xml:4537 msgid "touch" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4537 +#: sssd.conf.5.xml:4539 msgid "" "boolean value, if True prompt a message to remind the user to touch the " "device." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4543 +#: sssd.conf.5.xml:4545 #, fuzzy #| msgid "first_prompt" msgid "touch_prompt" msgstr "first_prompt" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4545 +#: sssd.conf.5.xml:4547 #, fuzzy #| msgid "to change the string of the password prompt" msgid "to change the message of the touch prompt." msgstr "изменить строку запроса пароля" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4514 +#: sssd.conf.5.xml:4516 #, fuzzy #| msgid "" #| "to configure password prompting, allowed options are: <placeholder " @@ -6584,7 +6589,7 @@ msgstr "" "type=\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4465 +#: sssd.conf.5.xml:4467 #, fuzzy #| msgid "" #| "Each supported authentication method has its own configuration subsection " @@ -6603,7 +6608,7 @@ msgstr "" "<placeholder type=\"variablelist\" id=\"1\"/>" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4556 +#: sssd.conf.5.xml:4558 msgid "" "It is possible to add a subsection for specific PAM services, e.g. " "<quote>[prompting/password/sshd]</quote> to individual change the prompting " @@ -6614,12 +6619,12 @@ msgstr "" "конкретно для этой службы." #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4563 pam_sss_gss.8.xml:157 idmap_sss.8.xml:43 +#: sssd.conf.5.xml:4565 pam_sss_gss.8.xml:157 idmap_sss.8.xml:43 msgid "EXAMPLES" msgstr "ПРИМЕРЫ" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4569 +#: sssd.conf.5.xml:4571 #, no-wrap msgid "" "[sssd]\n" @@ -6673,7 +6678,7 @@ msgstr "" "enumerate = False\n" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4565 +#: sssd.conf.5.xml:4567 msgid "" "1. The following example shows a typical SSSD config. It does not describe " "configuration of the domains themselves - refer to documentation on " @@ -6685,7 +6690,7 @@ msgstr "" "документации. <placeholder type=\"programlisting\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4602 +#: sssd.conf.5.xml:4604 #, no-wrap msgid "" "[domain/ipa.com/child.ad.com]\n" @@ -6695,7 +6700,7 @@ msgstr "" "use_fully_qualified_names = false\n" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4596 +#: sssd.conf.5.xml:4598 msgid "" "2. The following example shows configuration of IPA AD trust where the AD " "forest consists of two domains in a parent-child structure. Suppose IPA " @@ -6712,7 +6717,7 @@ msgstr "" "type=\"programlisting\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4613 +#: sssd.conf.5.xml:4615 #, fuzzy, no-wrap #| msgid "" #| "[certmap/my.domain/rule_name]\n" @@ -6740,7 +6745,7 @@ msgstr "" "matchrule = <ISSUER>^CN=My-CA,DC=MY,DC=DOMAIN$<SUBJECT>^CN=User.Name,DC=MY,DC=DOMAIN$\n" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4607 +#: sssd.conf.5.xml:4609 #, fuzzy #| msgid "" #| "3. The following example shows the configuration for two certificate " @@ -23160,6 +23165,11 @@ msgstr "" "узла и участника-пользователя. Эта возможность доступна в MIT Kerberos 1.7 и " "выше." +#, fuzzy +#~| msgid "This option is not available in IPA provider." +#~ msgid "This option is ignored for the files provider." +#~ msgstr "Этот параметр недоступен в поставщике данных IPA." + #, fuzzy #~| msgid "" #~| "Determines if user credentials are also cached in the local LDB cache" diff --git a/src/man/po/sssd-docs.pot b/src/man/po/sssd-docs.pot index 92bceb9d5f2..4775e7c800b 100644 --- a/src/man/po/sssd-docs.pot +++ b/src/man/po/sssd-docs.pot @@ -6,9 +6,9 @@ #, fuzzy msgid "" msgstr "" -"Project-Id-Version: sssd-docs 2.9.2\n" +"Project-Id-Version: sssd-docs 2.9.3\n" "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" -"POT-Creation-Date: 2023-11-13 11:53+0100\n" +"POT-Creation-Date: 2024-01-12 13:00+0100\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" "Language-Team: LANGUAGE <LL@li.org>\n" @@ -224,7 +224,7 @@ msgstr "" #. type: Content of: <variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:149 sssd.conf.5.xml:652 sssd.conf.5.xml:949 -#: sssd.conf.5.xml:2101 sssd.conf.5.xml:2168 sssd.conf.5.xml:4191 +#: sssd.conf.5.xml:2101 sssd.conf.5.xml:2168 sssd.conf.5.xml:4193 #: sssd-ldap.5.xml:313 sssd-ldap.5.xml:919 sssd-ldap.5.xml:938 #: sssd-ldap.5.xml:1148 sssd-ldap.5.xml:1601 sssd-ldap.5.xml:1841 #: sssd-ipa.5.xml:152 sssd-ipa.5.xml:254 sssd-ipa.5.xml:662 sssd-ad.5.xml:1106 @@ -293,7 +293,7 @@ msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:196 sssd.conf.5.xml:1290 sssd.conf.5.xml:1767 -#: sssd.conf.5.xml:4207 sssd-ldap.5.xml:766 include/ldap_id_mapping.xml:270 +#: sssd.conf.5.xml:4209 sssd-ldap.5.xml:766 include/ldap_id_mapping.xml:270 msgid "Default: 10" msgstr "" @@ -872,7 +872,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:700 sssd.conf.5.xml:1791 sssd.conf.5.xml:4257 +#: sssd.conf.5.xml:700 sssd.conf.5.xml:1791 sssd.conf.5.xml:4259 #: sssd-ad.5.xml:187 sssd-ad.5.xml:327 sssd-ad.5.xml:341 msgid "Default: Not set" msgstr "" @@ -2053,7 +2053,7 @@ msgid "The path to the certificate database." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1723 sssd.conf.5.xml:2248 sssd.conf.5.xml:4371 +#: sssd.conf.5.xml:1723 sssd.conf.5.xml:2248 sssd.conf.5.xml:4373 msgid "Default:" msgstr "" @@ -2318,7 +2318,7 @@ msgid "Default: no_session" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1950 sssd.conf.5.xml:4310 +#: sssd.conf.5.xml:1950 sssd.conf.5.xml:4312 msgid "pam_gssapi_services" msgstr "" @@ -2363,7 +2363,7 @@ msgid "Default: - (GSSAPI authentication is disabled)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1979 sssd.conf.5.xml:4311 +#: sssd.conf.5.xml:1979 sssd.conf.5.xml:4313 msgid "pam_gssapi_check_upn" msgstr "" @@ -3541,8 +3541,8 @@ msgstr "" #: sssd.conf.5.xml:3042 sssd.conf.5.xml:3153 sssd.conf.5.xml:3204 #: sssd.conf.5.xml:3267 msgid "" -"<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management " -"provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> " +"<quote>ipa</quote>: FreeIPA and Red Hat Identity Management provider. See " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> " "<manvolnum>5</manvolnum> </citerefentry> for more information on configuring " "FreeIPA." msgstr "" @@ -4584,33 +4584,35 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:4034 -msgid "This option is ignored for the files provider." +msgid "" +"It is expected that the <quote>files</quote> provider ignores the " +"local_auth_policy option and supports Smartcard authentication by default." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4037 +#: sssd.conf.5.xml:4039 msgid "Default: match" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4042 +#: sssd.conf.5.xml:4044 msgid "auto_private_groups (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4048 +#: sssd.conf.5.xml:4050 msgid "true" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4051 +#: sssd.conf.5.xml:4053 msgid "" "Create user's private group unconditionally from user's UID number. The GID " "number is ignored in this case." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4055 +#: sssd.conf.5.xml:4057 msgid "" "NOTE: Because the GID number and the user private group are inferred from " "the UID number, it is not supported to have multiple entries with the same " @@ -4619,24 +4621,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4064 +#: sssd.conf.5.xml:4066 msgid "false" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4067 +#: sssd.conf.5.xml:4069 msgid "" "Always use the user's primary GID number. The GID number must refer to a " "group object in the LDAP database." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4073 +#: sssd.conf.5.xml:4075 msgid "hybrid" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4076 +#: sssd.conf.5.xml:4078 msgid "" "A primary group is autogenerated for user entries whose UID and GID numbers " "have the same value and at the same time the GID number does not correspond " @@ -4646,14 +4648,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4089 +#: sssd.conf.5.xml:4091 msgid "" "If the UID and GID of a user are different, then the GID must correspond to " "a group entry, otherwise the GID is simply not resolvable." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4096 +#: sssd.conf.5.xml:4098 msgid "" "This feature is useful for environments that wish to stop maintaining a " "separate group objects for the user private groups, but also wish to retain " @@ -4661,21 +4663,21 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4045 +#: sssd.conf.5.xml:4047 msgid "" "This option takes any of three available values: <placeholder " "type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4108 +#: sssd.conf.5.xml:4110 msgid "" "For subdomains, the default value is False for subdomains that use assigned " "POSIX IDs and True for subdomains that use automatic ID-mapping." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:4116 +#: sssd.conf.5.xml:4118 #, no-wrap msgid "" "[domain/forest.domain/sub.domain]\n" @@ -4683,7 +4685,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:4122 +#: sssd.conf.5.xml:4124 #, no-wrap msgid "" "[domain/forest.domain]\n" @@ -4692,7 +4694,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4113 +#: sssd.conf.5.xml:4115 msgid "" "The value of auto_private_groups can either be set per subdomains in a " "subsection, for example: <placeholder type=\"programlisting\" id=\"0\"/> or " @@ -4710,17 +4712,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4137 +#: sssd.conf.5.xml:4139 msgid "proxy_pam_target (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4140 +#: sssd.conf.5.xml:4142 msgid "The proxy target PAM proxies to." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4143 +#: sssd.conf.5.xml:4145 msgid "" "Default: not set by default, you have to take an existing pam configuration " "or create a new one and add the service name here. As an alternative you can " @@ -4728,12 +4730,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4153 +#: sssd.conf.5.xml:4155 msgid "proxy_lib_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4156 +#: sssd.conf.5.xml:4158 msgid "" "The name of the NSS library to use in proxy domains. The NSS functions " "searched for in the library are in the form of _nss_$(libName)_$(function), " @@ -4741,12 +4743,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4166 +#: sssd.conf.5.xml:4168 msgid "proxy_resolver_lib_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4169 +#: sssd.conf.5.xml:4171 msgid "" "The name of the NSS library to use for hosts and networks lookups in proxy " "domains. The NSS functions searched for in the library are in the form of " @@ -4754,12 +4756,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4180 +#: sssd.conf.5.xml:4182 msgid "proxy_fast_alias (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4183 +#: sssd.conf.5.xml:4185 msgid "" "When a user or group is looked up by name in the proxy provider, a second " "lookup by ID is performed to \"canonicalize\" the name in case the requested " @@ -4768,12 +4770,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4197 +#: sssd.conf.5.xml:4199 msgid "proxy_max_children (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4200 +#: sssd.conf.5.xml:4202 msgid "" "This option specifies the number of pre-forked proxy children. It is useful " "for high-load SSSD environments where sssd may run out of available child " @@ -4781,19 +4783,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4133 +#: sssd.conf.5.xml:4135 msgid "" "Options valid for proxy domains. <placeholder type=\"variablelist\" " "id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:4216 +#: sssd.conf.5.xml:4218 msgid "Application domains" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4218 +#: sssd.conf.5.xml:4220 msgid "" "SSSD, with its D-Bus interface (see <citerefentry> " "<refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</manvolnum> " @@ -4811,7 +4813,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4238 +#: sssd.conf.5.xml:4240 msgid "" "Please note that the application domain must still be explicitly enabled in " "the <quote>domains</quote> parameter so that the lookup order between the " @@ -4819,17 +4821,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> -#: sssd.conf.5.xml:4244 +#: sssd.conf.5.xml:4246 msgid "Application domain parameters" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4246 +#: sssd.conf.5.xml:4248 msgid "inherit_from (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4249 +#: sssd.conf.5.xml:4251 msgid "" "The SSSD POSIX-type domain the application domain inherits all settings " "from. The application domain can moreover add its own settings to the " @@ -4838,7 +4840,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4263 +#: sssd.conf.5.xml:4265 msgid "" "The following example illustrates the use of an application domain. In this " "setup, the POSIX domain is connected to an LDAP server and is used by the OS " @@ -4848,7 +4850,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><programlisting> -#: sssd.conf.5.xml:4271 +#: sssd.conf.5.xml:4273 #, no-wrap msgid "" "[sssd]\n" @@ -4868,12 +4870,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4291 +#: sssd.conf.5.xml:4293 msgid "TRUSTED DOMAIN SECTION" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4293 +#: sssd.conf.5.xml:4295 msgid "" "Some options used in the domain section can also be used in the trusted " "domain section, that is, in a section called " @@ -4884,69 +4886,69 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4300 +#: sssd.conf.5.xml:4302 msgid "ldap_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4301 +#: sssd.conf.5.xml:4303 msgid "ldap_user_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4302 +#: sssd.conf.5.xml:4304 msgid "ldap_group_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4303 +#: sssd.conf.5.xml:4305 msgid "ldap_netgroup_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4304 +#: sssd.conf.5.xml:4306 msgid "ldap_service_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4305 +#: sssd.conf.5.xml:4307 msgid "ldap_sasl_mech," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4306 +#: sssd.conf.5.xml:4308 msgid "ad_server," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4307 +#: sssd.conf.5.xml:4309 msgid "ad_backup_server," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4308 +#: sssd.conf.5.xml:4310 msgid "ad_site," msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4309 sssd-ipa.5.xml:884 +#: sssd.conf.5.xml:4311 sssd-ipa.5.xml:884 msgid "use_fully_qualified_names" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4313 +#: sssd.conf.5.xml:4315 msgid "" "For more details about these options see their individual description in the " "manual page." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4319 +#: sssd.conf.5.xml:4321 msgid "CERTIFICATE MAPPING SECTION" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4321 +#: sssd.conf.5.xml:4323 msgid "" "To allow authentication with Smartcards and certificates SSSD must be able " "to map certificates to users. This can be done by adding the full " @@ -4960,7 +4962,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4335 +#: sssd.conf.5.xml:4337 msgid "" "To make the mapping more flexible mapping and matching rules were added to " "SSSD (see <citerefentry> <refentrytitle>sss-certmap</refentrytitle> " @@ -4968,7 +4970,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4344 +#: sssd.conf.5.xml:4346 msgid "" "A mapping and matching rule can be added to the SSSD configuration in a " "section on its own with a name like " @@ -4977,55 +4979,55 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4351 +#: sssd.conf.5.xml:4353 msgid "matchrule (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4354 +#: sssd.conf.5.xml:4356 msgid "" "Only certificates from the Smartcard which matches this rule will be " "processed, all others are ignored." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4358 +#: sssd.conf.5.xml:4360 msgid "" "Default: KRB5:<EKU>clientAuth, i.e. only certificates which have the " "Extended Key Usage <quote>clientAuth</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4365 +#: sssd.conf.5.xml:4367 msgid "maprule (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4368 +#: sssd.conf.5.xml:4370 msgid "Defines how the user is found for a given certificate." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4374 +#: sssd.conf.5.xml:4376 msgid "" "LDAP:(userCertificate;binary={cert!bin}) for LDAP based providers like " "<quote>ldap</quote>, <quote>AD</quote> or <quote>ipa</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4380 +#: sssd.conf.5.xml:4382 msgid "" "The RULE_NAME for the <quote>files</quote> provider which tries to find a " "user with the same name." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4389 +#: sssd.conf.5.xml:4391 msgid "domains (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4392 +#: sssd.conf.5.xml:4394 msgid "" "Comma separated list of domain names the rule should be applied. By default " "a rule is only valid in the domain configured in sssd.conf. If the provider " @@ -5034,17 +5036,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4399 +#: sssd.conf.5.xml:4401 msgid "Default: the configured domain in sssd.conf" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4404 +#: sssd.conf.5.xml:4406 msgid "priority (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4407 +#: sssd.conf.5.xml:4409 msgid "" "Unsigned integer value defining the priority of the rule. The higher the " "number the lower the priority. <quote>0</quote> stands for the highest " @@ -5052,26 +5054,26 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4413 +#: sssd.conf.5.xml:4415 msgid "Default: the lowest priority" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4419 +#: sssd.conf.5.xml:4421 msgid "" "To make the configuration simple and reduce the amount of configuration " "options the <quote>files</quote> provider has some special properties:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4425 +#: sssd.conf.5.xml:4427 msgid "" "if maprule is not set the RULE_NAME name is assumed to be the name of the " "matching user" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4431 +#: sssd.conf.5.xml:4433 msgid "" "if a maprule is used both a single user name or a template like " "<quote>{subject_rfc822_name.short_name}</quote> must be in braces like " @@ -5080,17 +5082,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4440 +#: sssd.conf.5.xml:4442 msgid "the <quote>domains</quote> option is ignored" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4448 +#: sssd.conf.5.xml:4450 msgid "PROMPTING CONFIGURATION SECTION" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4450 +#: sssd.conf.5.xml:4452 msgid "" "If a special file " "(<filename>/var/lib/sss/pubconf/pam_preauth_available</filename>) exists " @@ -5100,7 +5102,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4458 +#: sssd.conf.5.xml:4460 msgid "" "With the growing number of authentication methods and the possibility that " "there are multiple ones for a single user the heuristic used by pam_sss to " @@ -5109,59 +5111,59 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4470 +#: sssd.conf.5.xml:4472 msgid "[prompting/password]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4473 +#: sssd.conf.5.xml:4475 msgid "password_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4474 +#: sssd.conf.5.xml:4476 msgid "to change the string of the password prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4472 +#: sssd.conf.5.xml:4474 msgid "" "to configure password prompting, allowed options are: <placeholder " "type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4482 +#: sssd.conf.5.xml:4484 msgid "[prompting/2fa]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4486 +#: sssd.conf.5.xml:4488 msgid "first_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4487 +#: sssd.conf.5.xml:4489 msgid "to change the string of the prompt for the first factor" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4490 +#: sssd.conf.5.xml:4492 msgid "second_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4491 +#: sssd.conf.5.xml:4493 msgid "to change the string of the prompt for the second factor" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4494 +#: sssd.conf.5.xml:4496 msgid "single_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4495 +#: sssd.conf.5.xml:4497 msgid "" "boolean value, if True there will be only a single prompt using the value of " "first_prompt where it is expected that both factors are entered as a single " @@ -5170,7 +5172,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4484 +#: sssd.conf.5.xml:4486 msgid "" "to configure two-factor authentication prompting, allowed options are: " "<placeholder type=\"variablelist\" id=\"0\"/> If the second factor is " @@ -5179,17 +5181,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4512 +#: sssd.conf.5.xml:4514 msgid "[prompting/passkey]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4518 sssd-ad.5.xml:1021 +#: sssd.conf.5.xml:4520 sssd-ad.5.xml:1021 msgid "interactive" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4520 +#: sssd.conf.5.xml:4522 msgid "" "boolean value, if True prompt a message and wait before testing the presence " "of a passkey device. Recommended if your device doesn’t have a tactile " @@ -5197,46 +5199,46 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4528 +#: sssd.conf.5.xml:4530 msgid "interactive_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4530 +#: sssd.conf.5.xml:4532 msgid "to change the message of the interactive prompt." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4535 +#: sssd.conf.5.xml:4537 msgid "touch" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4537 +#: sssd.conf.5.xml:4539 msgid "" "boolean value, if True prompt a message to remind the user to touch the " "device." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4543 +#: sssd.conf.5.xml:4545 msgid "touch_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4545 +#: sssd.conf.5.xml:4547 msgid "to change the message of the touch prompt." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4514 +#: sssd.conf.5.xml:4516 msgid "" "to configure passkey authentication prompting, allowed options are: " "<placeholder type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4465 +#: sssd.conf.5.xml:4467 msgid "" "Each supported authentication method has its own configuration subsection " "under <quote>[prompting/...]</quote>. Currently there are: <placeholder " @@ -5245,7 +5247,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4556 +#: sssd.conf.5.xml:4558 msgid "" "It is possible to add a subsection for specific PAM services, " "e.g. <quote>[prompting/password/sshd]</quote> to individual change the " @@ -5253,12 +5255,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4563 pam_sss_gss.8.xml:157 idmap_sss.8.xml:43 +#: sssd.conf.5.xml:4565 pam_sss_gss.8.xml:157 idmap_sss.8.xml:43 msgid "EXAMPLES" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4569 +#: sssd.conf.5.xml:4571 #, no-wrap msgid "" "[sssd]\n" @@ -5288,7 +5290,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4565 +#: sssd.conf.5.xml:4567 msgid "" "1. The following example shows a typical SSSD config. It does not describe " "configuration of the domains themselves - refer to documentation on " @@ -5297,7 +5299,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4602 +#: sssd.conf.5.xml:4604 #, no-wrap msgid "" "[domain/ipa.com/child.ad.com]\n" @@ -5305,7 +5307,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4596 +#: sssd.conf.5.xml:4598 msgid "" "2. The following example shows configuration of IPA AD trust where the AD " "forest consists of two domains in a parent-child structure. Suppose IPA " @@ -5316,7 +5318,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4613 +#: sssd.conf.5.xml:4615 #, no-wrap msgid "" "[certmap/my.domain/rule_name]\n" @@ -5327,7 +5329,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4607 +#: sssd.conf.5.xml:4609 msgid "" "3. The following example shows the configuration of a certificate mapping " "rule. It is valid for the configured domain <quote>my.domain</quote> and " diff --git a/src/man/po/sv.po b/src/man/po/sv.po index f9fb3070d4d..ff51320c8e5 100644 --- a/src/man/po/sv.po +++ b/src/man/po/sv.po @@ -6,7 +6,7 @@ msgid "" msgstr "" "Project-Id-Version: sssd-docs 2.3.0\n" "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" -"POT-Creation-Date: 2023-11-13 11:53+0100\n" +"POT-Creation-Date: 2024-01-12 13:00+0100\n" "PO-Revision-Date: 2023-02-15 14:20+0000\n" "Last-Translator: Göran Uddeborg <goeran@uddeborg.se>\n" "Language-Team: Swedish <https://translate.fedoraproject.org/projects/sssd/" @@ -267,7 +267,7 @@ msgstr "" #. type: Content of: <variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:149 sssd.conf.5.xml:652 sssd.conf.5.xml:949 -#: sssd.conf.5.xml:2101 sssd.conf.5.xml:2168 sssd.conf.5.xml:4191 +#: sssd.conf.5.xml:2101 sssd.conf.5.xml:2168 sssd.conf.5.xml:4193 #: sssd-ldap.5.xml:313 sssd-ldap.5.xml:919 sssd-ldap.5.xml:938 #: sssd-ldap.5.xml:1148 sssd-ldap.5.xml:1601 sssd-ldap.5.xml:1841 #: sssd-ipa.5.xml:152 sssd-ipa.5.xml:254 sssd-ipa.5.xml:662 sssd-ad.5.xml:1106 @@ -346,7 +346,7 @@ msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:196 sssd.conf.5.xml:1290 sssd.conf.5.xml:1767 -#: sssd.conf.5.xml:4207 sssd-ldap.5.xml:766 include/ldap_id_mapping.xml:270 +#: sssd.conf.5.xml:4209 sssd-ldap.5.xml:766 include/ldap_id_mapping.xml:270 msgid "Default: 10" msgstr "Standard: 10" @@ -1098,7 +1098,7 @@ msgstr "" "användarnamn kan överlappa mellan domäner." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:700 sssd.conf.5.xml:1791 sssd.conf.5.xml:4257 +#: sssd.conf.5.xml:700 sssd.conf.5.xml:1791 sssd.conf.5.xml:4259 #: sssd-ad.5.xml:187 sssd-ad.5.xml:327 sssd-ad.5.xml:341 msgid "Default: Not set" msgstr "Standard: inte satt" @@ -2531,7 +2531,7 @@ msgid "The path to the certificate database." msgstr "Sökvägen till certifikatdatabasen." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1723 sssd.conf.5.xml:2248 sssd.conf.5.xml:4371 +#: sssd.conf.5.xml:1723 sssd.conf.5.xml:2248 sssd.conf.5.xml:4373 msgid "Default:" msgstr "Standard:" @@ -2852,7 +2852,7 @@ msgid "Default: no_session" msgstr "Standard: no_session" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1950 sssd.conf.5.xml:4310 +#: sssd.conf.5.xml:1950 sssd.conf.5.xml:4312 msgid "pam_gssapi_services" msgstr "pam_gssapi_services" @@ -2905,7 +2905,7 @@ msgid "Default: - (GSSAPI authentication is disabled)" msgstr "Standard: - (GSSAPI-autentisering är avaktiverat)" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1979 sssd.conf.5.xml:4311 +#: sssd.conf.5.xml:1979 sssd.conf.5.xml:4313 msgid "pam_gssapi_check_upn" msgstr "pam_gssapi_check_upn" @@ -4354,11 +4354,16 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:3042 sssd.conf.5.xml:3153 sssd.conf.5.xml:3204 #: sssd.conf.5.xml:3267 +#, fuzzy +#| msgid "" +#| "<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management " +#| "provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> " +#| "<manvolnum>5</manvolnum> </citerefentry> for more information on " +#| "configuring FreeIPA." msgid "" -"<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management " -"provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> " -"<manvolnum>5</manvolnum> </citerefentry> for more information on configuring " -"FreeIPA." +"<quote>ipa</quote>: FreeIPA and Red Hat Identity Management provider. See " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring FreeIPA." msgstr "" "<quote>ipa</quote>: Leverantören FreeIPA och Red Hat Enterprise Identity " "Management. Se <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> " @@ -5638,30 +5643,30 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:4034 -#, fuzzy -#| msgid "This option is not available in IPA provider." -msgid "This option is ignored for the files provider." -msgstr "Detta alternativ är inte tillgängligt i IPA-leverantören." +msgid "" +"It is expected that the <quote>files</quote> provider ignores the " +"local_auth_policy option and supports Smartcard authentication by default." +msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4037 +#: sssd.conf.5.xml:4039 #, fuzzy #| msgid "Default: mail" msgid "Default: match" msgstr "Standard: mail" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4042 +#: sssd.conf.5.xml:4044 msgid "auto_private_groups (string)" msgstr "auto_private_groups (sträng)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4048 +#: sssd.conf.5.xml:4050 msgid "true" msgstr "true" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4051 +#: sssd.conf.5.xml:4053 msgid "" "Create user's private group unconditionally from user's UID number. The GID " "number is ignored in this case." @@ -5670,7 +5675,7 @@ msgstr "" "GID-numret ignoreras i detta läge." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4055 +#: sssd.conf.5.xml:4057 msgid "" "NOTE: Because the GID number and the user private group are inferred from " "the UID number, it is not supported to have multiple entries with the same " @@ -5683,12 +5688,12 @@ msgstr "" "framtvingar unika nummer över hela ID-rymden." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4064 +#: sssd.conf.5.xml:4066 msgid "false" msgstr "false" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4067 +#: sssd.conf.5.xml:4069 msgid "" "Always use the user's primary GID number. The GID number must refer to a " "group object in the LDAP database." @@ -5697,12 +5702,12 @@ msgstr "" "ett gruppobjekt i LDAP-databasen." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4073 +#: sssd.conf.5.xml:4075 msgid "hybrid" msgstr "hybrid" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4076 +#: sssd.conf.5.xml:4078 msgid "" "A primary group is autogenerated for user entries whose UID and GID numbers " "have the same value and at the same time the GID number does not correspond " @@ -5717,7 +5722,7 @@ msgstr "" "upp till det gruppobjektet." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4089 +#: sssd.conf.5.xml:4091 msgid "" "If the UID and GID of a user are different, then the GID must correspond to " "a group entry, otherwise the GID is simply not resolvable." @@ -5726,7 +5731,7 @@ msgstr "" "kan GID:t helt enkelt inte slås upp." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4096 +#: sssd.conf.5.xml:4098 msgid "" "This feature is useful for environments that wish to stop maintaining a " "separate group objects for the user private groups, but also wish to retain " @@ -5737,7 +5742,7 @@ msgstr "" "befintliga användarnas privata grupper." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4045 +#: sssd.conf.5.xml:4047 msgid "" "This option takes any of three available values: <placeholder " "type=\"variablelist\" id=\"0\"/>" @@ -5746,7 +5751,7 @@ msgstr "" "type=\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4108 +#: sssd.conf.5.xml:4110 msgid "" "For subdomains, the default value is False for subdomains that use assigned " "POSIX IDs and True for subdomains that use automatic ID-mapping." @@ -5756,7 +5761,7 @@ msgstr "" "översättning." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:4116 +#: sssd.conf.5.xml:4118 #, no-wrap msgid "" "[domain/forest.domain/sub.domain]\n" @@ -5766,7 +5771,7 @@ msgstr "" "auto_private_groups = false\n" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:4122 +#: sssd.conf.5.xml:4124 #, no-wrap msgid "" "[domain/forest.domain]\n" @@ -5778,7 +5783,7 @@ msgstr "" "auto_private_groups = false\n" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4113 +#: sssd.conf.5.xml:4115 msgid "" "The value of auto_private_groups can either be set per subdomains in a " "subsection, for example: <placeholder type=\"programlisting\" id=\"0\"/> or " @@ -5803,17 +5808,17 @@ msgstr "" "replaceable>]</quote> <placeholder type=\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4137 +#: sssd.conf.5.xml:4139 msgid "proxy_pam_target (string)" msgstr "proxy_pam_target (sträng)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4140 +#: sssd.conf.5.xml:4142 msgid "The proxy target PAM proxies to." msgstr "Proxymålet PAM är en proxy för." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4143 +#: sssd.conf.5.xml:4145 #, fuzzy #| msgid "" #| "Default: not set by default, you have to take an existing pam " @@ -5827,12 +5832,12 @@ msgstr "" "eller skapa en ny och lägga till tjänstenamnet här." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4153 +#: sssd.conf.5.xml:4155 msgid "proxy_lib_name (string)" msgstr "proxy_lib_name (sträng)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4156 +#: sssd.conf.5.xml:4158 msgid "" "The name of the NSS library to use in proxy domains. The NSS functions " "searched for in the library are in the form of _nss_$(libName)_$(function), " @@ -5843,12 +5848,12 @@ msgstr "" "exempel _nss_files_getpwent." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4166 +#: sssd.conf.5.xml:4168 msgid "proxy_resolver_lib_name (string)" msgstr "proxy_resolver_lib_name (sträng)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4169 +#: sssd.conf.5.xml:4171 msgid "" "The name of the NSS library to use for hosts and networks lookups in proxy " "domains. The NSS functions searched for in the library are in the form of " @@ -5859,12 +5864,12 @@ msgstr "" "_nss_$(libName)_$(function), till exempel _nss_dns_gethostbyname2_r." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4180 +#: sssd.conf.5.xml:4182 msgid "proxy_fast_alias (boolean)" msgstr "proxy_fast_alias (boolean)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4183 +#: sssd.conf.5.xml:4185 msgid "" "When a user or group is looked up by name in the proxy provider, a second " "lookup by ID is performed to \"canonicalize\" the name in case the requested " @@ -5877,12 +5882,12 @@ msgstr "" "SSSD att utföra ID-uppslagningen från cachen av prestandaskäl." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4197 +#: sssd.conf.5.xml:4199 msgid "proxy_max_children (integer)" msgstr "proxy_max_children (heltal)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4200 +#: sssd.conf.5.xml:4202 msgid "" "This option specifies the number of pre-forked proxy children. It is useful " "for high-load SSSD environments where sssd may run out of available child " @@ -5894,7 +5899,7 @@ msgstr "" "begäranden skulle köas upp." #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4133 +#: sssd.conf.5.xml:4135 msgid "" "Options valid for proxy domains. <placeholder type=\"variablelist\" " "id=\"0\"/>" @@ -5903,12 +5908,12 @@ msgstr "" "id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:4216 +#: sssd.conf.5.xml:4218 msgid "Application domains" msgstr "Programdomäner" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4218 +#: sssd.conf.5.xml:4220 msgid "" "SSSD, with its D-Bus interface (see <citerefentry> <refentrytitle>sssd-ifp</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry>) is appealing to " @@ -5937,7 +5942,7 @@ msgstr "" "traditionell SSSD-domän." #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4238 +#: sssd.conf.5.xml:4240 msgid "" "Please note that the application domain must still be explicitly enabled in " "the <quote>domains</quote> parameter so that the lookup order between the " @@ -5948,17 +5953,17 @@ msgstr "" "programdomänen och dess POSIX-syskondomän sätts korrekt." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> -#: sssd.conf.5.xml:4244 +#: sssd.conf.5.xml:4246 msgid "Application domain parameters" msgstr "Programdomänparametrar" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4246 +#: sssd.conf.5.xml:4248 msgid "inherit_from (string)" msgstr "inherit_from (sträng)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4249 +#: sssd.conf.5.xml:4251 msgid "" "The SSSD POSIX-type domain the application domain inherits all settings " "from. The application domain can moreover add its own settings to the " @@ -5971,7 +5976,7 @@ msgstr "" "quote>domänens inställningar." #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4263 +#: sssd.conf.5.xml:4265 msgid "" "The following example illustrates the use of an application domain. In this " "setup, the POSIX domain is connected to an LDAP server and is used by the OS " @@ -5986,7 +5991,7 @@ msgstr "" "attributet telefon nåbart via D-Bus-gränssnittet." #. type: Content of: <reference><refentry><refsect1><refsect2><programlisting> -#: sssd.conf.5.xml:4271 +#: sssd.conf.5.xml:4273 #, no-wrap msgid "" "[sssd]\n" @@ -6020,12 +6025,12 @@ msgstr "" "ldap_user_extra_attrs = telefon:telephoneNumber\n" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4291 +#: sssd.conf.5.xml:4293 msgid "TRUSTED DOMAIN SECTION" msgstr "SEKTIONEN BETRODDA DOMÄNER" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4293 +#: sssd.conf.5.xml:4295 msgid "" "Some options used in the domain section can also be used in the trusted " "domain section, that is, in a section called <quote>[domain/" @@ -6042,57 +6047,57 @@ msgstr "" "alternativ i sektionen för betrodda domäner är:" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4300 +#: sssd.conf.5.xml:4302 msgid "ldap_search_base," msgstr "ldap_search_base," #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4301 +#: sssd.conf.5.xml:4303 msgid "ldap_user_search_base," msgstr "ldap_user_search_base," #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4302 +#: sssd.conf.5.xml:4304 msgid "ldap_group_search_base," msgstr "ldap_group_search_base," #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4303 +#: sssd.conf.5.xml:4305 msgid "ldap_netgroup_search_base," msgstr "ldap_netgroup_search_base," #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4304 +#: sssd.conf.5.xml:4306 msgid "ldap_service_search_base," msgstr "ldap_service_search_base," #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4305 +#: sssd.conf.5.xml:4307 msgid "ldap_sasl_mech," msgstr "ldap_sasl_mech," #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4306 +#: sssd.conf.5.xml:4308 msgid "ad_server," msgstr "ad_server," #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4307 +#: sssd.conf.5.xml:4309 msgid "ad_backup_server," msgstr "ad_backup_server," #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4308 +#: sssd.conf.5.xml:4310 msgid "ad_site," msgstr "ad_site," #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4309 sssd-ipa.5.xml:884 +#: sssd.conf.5.xml:4311 sssd-ipa.5.xml:884 msgid "use_fully_qualified_names" msgstr "use_fully_qualified_names" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4313 +#: sssd.conf.5.xml:4315 msgid "" "For more details about these options see their individual description in the " "manual page." @@ -6101,12 +6106,12 @@ msgstr "" "manualsidan." #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4319 +#: sssd.conf.5.xml:4321 msgid "CERTIFICATE MAPPING SECTION" msgstr "CERTIFIKATSMAPPNINGSSEKTION" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4321 +#: sssd.conf.5.xml:4323 msgid "" "To allow authentication with Smartcards and certificates SSSD must be able " "to map certificates to users. This can be done by adding the full " @@ -6128,7 +6133,7 @@ msgstr "" "fallet när lokala tjänster använder PAM för autentisering." #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4335 +#: sssd.conf.5.xml:4337 msgid "" "To make the mapping more flexible mapping and matching rules were added to " "SSSD (see <citerefentry> <refentrytitle>sss-certmap</refentrytitle> " @@ -6140,7 +6145,7 @@ msgstr "" "detaljer)." #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4344 +#: sssd.conf.5.xml:4346 msgid "" "A mapping and matching rule can be added to the SSSD configuration in a " "section on its own with a name like <quote>[certmap/" @@ -6153,12 +6158,12 @@ msgstr "" "replaceable>]</quote>. I denna sektion är följande alternativ tillåtna:" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4351 +#: sssd.conf.5.xml:4353 msgid "matchrule (string)" msgstr "matchrule (sträng)" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4354 +#: sssd.conf.5.xml:4356 msgid "" "Only certificates from the Smartcard which matches this rule will be " "processed, all others are ignored." @@ -6167,7 +6172,7 @@ msgstr "" "alla andra ignoreras." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4358 +#: sssd.conf.5.xml:4360 msgid "" "Default: KRB5:<EKU>clientAuth, i.e. only certificates which have the " "Extended Key Usage <quote>clientAuth</quote>" @@ -6176,17 +6181,17 @@ msgstr "" "Extended Key Usage <quote>clientAuth</quote>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4365 +#: sssd.conf.5.xml:4367 msgid "maprule (string)" msgstr "maprule (sträng)" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4368 +#: sssd.conf.5.xml:4370 msgid "Defines how the user is found for a given certificate." msgstr "Definierar hur användaren hittas för ett givet certifikat." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4374 +#: sssd.conf.5.xml:4376 msgid "" "LDAP:(userCertificate;binary={cert!bin}) for LDAP based providers like " "<quote>ldap</quote>, <quote>AD</quote> or <quote>ipa</quote>." @@ -6195,7 +6200,7 @@ msgstr "" "<quote>ldap</quote>, <quote>AD</quote> eller <quote>ipa</quote>." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4380 +#: sssd.conf.5.xml:4382 msgid "" "The RULE_NAME for the <quote>files</quote> provider which tries to find a " "user with the same name." @@ -6204,12 +6209,12 @@ msgstr "" "användare med samma namn." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4389 +#: sssd.conf.5.xml:4391 msgid "domains (string)" msgstr "domains (sträng)" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4392 +#: sssd.conf.5.xml:4394 msgid "" "Comma separated list of domain names the rule should be applied. By default " "a rule is only valid in the domain configured in sssd.conf. If the provider " @@ -6222,17 +6227,17 @@ msgstr "" "lägga till regeln till underdomäner också." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4399 +#: sssd.conf.5.xml:4401 msgid "Default: the configured domain in sssd.conf" msgstr "Standard: den konfigurerade domänen i sssd.conf" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4404 +#: sssd.conf.5.xml:4406 msgid "priority (integer)" msgstr "priority (heltal)" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4407 +#: sssd.conf.5.xml:4409 msgid "" "Unsigned integer value defining the priority of the rule. The higher the " "number the lower the priority. <quote>0</quote> stands for the highest " @@ -6243,12 +6248,12 @@ msgstr "" "prioriteten medan <quote>4294967295</quote> är den lägsta." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4413 +#: sssd.conf.5.xml:4415 msgid "Default: the lowest priority" msgstr "Standard: den lägsta prioriteten" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4419 +#: sssd.conf.5.xml:4421 msgid "" "To make the configuration simple and reduce the amount of configuration " "options the <quote>files</quote> provider has some special properties:" @@ -6258,7 +6263,7 @@ msgstr "" "speciella egenskaper:" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4425 +#: sssd.conf.5.xml:4427 msgid "" "if maprule is not set the RULE_NAME name is assumed to be the name of the " "matching user" @@ -6267,7 +6272,7 @@ msgstr "" "användaren" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4431 +#: sssd.conf.5.xml:4433 msgid "" "if a maprule is used both a single user name or a template like " "<quote>{subject_rfc822_name.short_name}</quote> must be in braces like e.g. " @@ -6280,17 +6285,17 @@ msgstr "" "short_name})</quote>" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4440 +#: sssd.conf.5.xml:4442 msgid "the <quote>domains</quote> option is ignored" msgstr "alternativet <quote>domains</quote> ignoreras" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4448 +#: sssd.conf.5.xml:4450 msgid "PROMPTING CONFIGURATION SECTION" msgstr "SEKTIONEN FÖR FRÅGEKONFIGURATION" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4450 +#: sssd.conf.5.xml:4452 msgid "" "If a special file (<filename>/var/lib/sss/pubconf/pam_preauth_available</" "filename>) exists SSSD's PAM module pam_sss will ask SSSD to figure out " @@ -6305,7 +6310,7 @@ msgstr "" "tillämpliga kreditiv." #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4458 +#: sssd.conf.5.xml:4460 msgid "" "With the growing number of authentication methods and the possibility that " "there are multiple ones for a single user the heuristic used by pam_sss to " @@ -6318,22 +6323,22 @@ msgstr "" "användarfall. Följande alternativ bör ge en bättre flexibilitet här." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4470 +#: sssd.conf.5.xml:4472 msgid "[prompting/password]" msgstr "[prompting/password]" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4473 +#: sssd.conf.5.xml:4475 msgid "password_prompt" msgstr "password_prompt" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4474 +#: sssd.conf.5.xml:4476 msgid "to change the string of the password prompt" msgstr "för att ändra strängen i lösenordsfrågan" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4472 +#: sssd.conf.5.xml:4474 msgid "" "to configure password prompting, allowed options are: <placeholder " "type=\"variablelist\" id=\"0\"/>" @@ -6342,37 +6347,37 @@ msgstr "" "type=\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4482 +#: sssd.conf.5.xml:4484 msgid "[prompting/2fa]" msgstr "[prompting/2fa]" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4486 +#: sssd.conf.5.xml:4488 msgid "first_prompt" msgstr "first_prompt" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4487 +#: sssd.conf.5.xml:4489 msgid "to change the string of the prompt for the first factor" msgstr "för att ändra strängen som frågar efter den första faktorn" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4490 +#: sssd.conf.5.xml:4492 msgid "second_prompt" msgstr "second_prompt" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4491 +#: sssd.conf.5.xml:4493 msgid "to change the string of the prompt for the second factor" msgstr "för att ändra strängen som frågar efter den andra faktorn" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4494 +#: sssd.conf.5.xml:4496 msgid "single_prompt" msgstr "single_prompt" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4495 +#: sssd.conf.5.xml:4497 msgid "" "boolean value, if True there will be only a single prompt using the value of " "first_prompt where it is expected that both factors are entered as a single " @@ -6385,7 +6390,7 @@ msgstr "" "faktorn är frivillig." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4484 +#: sssd.conf.5.xml:4486 msgid "" "to configure two-factor authentication prompting, allowed options are: " "<placeholder type=\"variablelist\" id=\"0\"/> If the second factor is " @@ -6398,19 +6403,19 @@ msgstr "" "med lösenordet eller med båda faktorerna måste tvåstegsförfrågan användas." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4512 +#: sssd.conf.5.xml:4514 #, fuzzy #| msgid "[prompting/password]" msgid "[prompting/passkey]" msgstr "[prompting/password]" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4518 sssd-ad.5.xml:1021 +#: sssd.conf.5.xml:4520 sssd-ad.5.xml:1021 msgid "interactive" msgstr "interactive" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4520 +#: sssd.conf.5.xml:4522 msgid "" "boolean value, if True prompt a message and wait before testing the presence " "of a passkey device. Recommended if your device doesn’t have a tactile " @@ -6418,47 +6423,47 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4528 +#: sssd.conf.5.xml:4530 #, fuzzy #| msgid "interactive" msgid "interactive_prompt" msgstr "interactive" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4530 +#: sssd.conf.5.xml:4532 #, fuzzy #| msgid "to change the string of the password prompt" msgid "to change the message of the interactive prompt." msgstr "för att ändra strängen i lösenordsfrågan" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4535 +#: sssd.conf.5.xml:4537 msgid "touch" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4537 +#: sssd.conf.5.xml:4539 msgid "" "boolean value, if True prompt a message to remind the user to touch the " "device." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4543 +#: sssd.conf.5.xml:4545 #, fuzzy #| msgid "first_prompt" msgid "touch_prompt" msgstr "first_prompt" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4545 +#: sssd.conf.5.xml:4547 #, fuzzy #| msgid "to change the string of the password prompt" msgid "to change the message of the touch prompt." msgstr "för att ändra strängen i lösenordsfrågan" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4514 +#: sssd.conf.5.xml:4516 #, fuzzy #| msgid "" #| "to configure two-factor authentication prompting, allowed options are: " @@ -6471,7 +6476,7 @@ msgstr "" "alternativen: <placeholder type=\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4465 +#: sssd.conf.5.xml:4467 #, fuzzy #| msgid "" #| "Each supported authentication method has its own configuration subsection " @@ -6490,7 +6495,7 @@ msgstr "" ">" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4556 +#: sssd.conf.5.xml:4558 msgid "" "It is possible to add a subsection for specific PAM services, e.g. " "<quote>[prompting/password/sshd]</quote> to individual change the prompting " @@ -6501,12 +6506,12 @@ msgstr "" "enskilt för denna tjänst." #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4563 pam_sss_gss.8.xml:157 idmap_sss.8.xml:43 +#: sssd.conf.5.xml:4565 pam_sss_gss.8.xml:157 idmap_sss.8.xml:43 msgid "EXAMPLES" msgstr "EXEMPEL" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4569 +#: sssd.conf.5.xml:4571 #, no-wrap msgid "" "[sssd]\n" @@ -6560,7 +6565,7 @@ msgstr "" "enumerate = False\n" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4565 +#: sssd.conf.5.xml:4567 msgid "" "1. The following example shows a typical SSSD config. It does not describe " "configuration of the domains themselves - refer to documentation on " @@ -6572,7 +6577,7 @@ msgstr "" "domäner för fler detaljer. <placeholder type=\"programlisting\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4602 +#: sssd.conf.5.xml:4604 #, no-wrap msgid "" "[domain/ipa.com/child.ad.com]\n" @@ -6582,7 +6587,7 @@ msgstr "" "use_fully_qualified_names = false\n" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4596 +#: sssd.conf.5.xml:4598 msgid "" "2. The following example shows configuration of IPA AD trust where the AD " "forest consists of two domains in a parent-child structure. Suppose IPA " @@ -6598,7 +6603,7 @@ msgstr "" "type=\"programlisting\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4613 +#: sssd.conf.5.xml:4615 #, fuzzy, no-wrap #| msgid "" #| "[certmap/my.domain/rule_name]\n" @@ -6626,7 +6631,7 @@ msgstr "" "matchrule = <ISSUER>^CN=My-CA,DC=MIN,DC=DOMÄN$<SUBJECT>^CN=User.Name,DC=MIN,DC=DOMÄN$\n" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4607 +#: sssd.conf.5.xml:4609 #, fuzzy #| msgid "" #| "3. The following example shows the configuration for two certificate " @@ -22751,6 +22756,11 @@ msgstr "" "Anger om värdens och användarens huvudman skall göras kanonisk. Denna " "funktion är tillgänglig med MIT Kerberos 1.7 och senare versioner." +#, fuzzy +#~| msgid "This option is not available in IPA provider." +#~ msgid "This option is ignored for the files provider." +#~ msgstr "Detta alternativ är inte tillgängligt i IPA-leverantören." + #, fuzzy #~| msgid "" #~| "Determines if user credentials are also cached in the local LDB cache" diff --git a/src/man/po/tg.po b/src/man/po/tg.po index 0b507de197f..e4dc18d039a 100644 --- a/src/man/po/tg.po +++ b/src/man/po/tg.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: sssd-docs 2.3.0\n" "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" -"POT-Creation-Date: 2023-11-13 11:53+0100\n" +"POT-Creation-Date: 2024-01-12 13:00+0100\n" "PO-Revision-Date: 2014-12-15 12:10-0500\n" "Last-Translator: Copied by Zanata <copied-by-zanata@zanata.org>\n" "Language-Team: Tajik (http://www.transifex.com/projects/p/sssd/language/" @@ -226,7 +226,7 @@ msgstr "" #. type: Content of: <variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:149 sssd.conf.5.xml:652 sssd.conf.5.xml:949 -#: sssd.conf.5.xml:2101 sssd.conf.5.xml:2168 sssd.conf.5.xml:4191 +#: sssd.conf.5.xml:2101 sssd.conf.5.xml:2168 sssd.conf.5.xml:4193 #: sssd-ldap.5.xml:313 sssd-ldap.5.xml:919 sssd-ldap.5.xml:938 #: sssd-ldap.5.xml:1148 sssd-ldap.5.xml:1601 sssd-ldap.5.xml:1841 #: sssd-ipa.5.xml:152 sssd-ipa.5.xml:254 sssd-ipa.5.xml:662 sssd-ad.5.xml:1106 @@ -295,7 +295,7 @@ msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:196 sssd.conf.5.xml:1290 sssd.conf.5.xml:1767 -#: sssd.conf.5.xml:4207 sssd-ldap.5.xml:766 include/ldap_id_mapping.xml:270 +#: sssd.conf.5.xml:4209 sssd-ldap.5.xml:766 include/ldap_id_mapping.xml:270 msgid "Default: 10" msgstr "Пешфарз: 10" @@ -872,7 +872,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:700 sssd.conf.5.xml:1791 sssd.conf.5.xml:4257 +#: sssd.conf.5.xml:700 sssd.conf.5.xml:1791 sssd.conf.5.xml:4259 #: sssd-ad.5.xml:187 sssd-ad.5.xml:327 sssd-ad.5.xml:341 msgid "Default: Not set" msgstr "" @@ -2060,7 +2060,7 @@ msgid "The path to the certificate database." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1723 sssd.conf.5.xml:2248 sssd.conf.5.xml:4371 +#: sssd.conf.5.xml:1723 sssd.conf.5.xml:2248 sssd.conf.5.xml:4373 msgid "Default:" msgstr "" @@ -2326,7 +2326,7 @@ msgid "Default: no_session" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1950 sssd.conf.5.xml:4310 +#: sssd.conf.5.xml:1950 sssd.conf.5.xml:4312 msgid "pam_gssapi_services" msgstr "" @@ -2370,7 +2370,7 @@ msgid "Default: - (GSSAPI authentication is disabled)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1979 sssd.conf.5.xml:4311 +#: sssd.conf.5.xml:1979 sssd.conf.5.xml:4313 msgid "pam_gssapi_check_upn" msgstr "" @@ -3542,10 +3542,9 @@ msgstr "" #: sssd.conf.5.xml:3042 sssd.conf.5.xml:3153 sssd.conf.5.xml:3204 #: sssd.conf.5.xml:3267 msgid "" -"<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management " -"provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> " -"<manvolnum>5</manvolnum> </citerefentry> for more information on configuring " -"FreeIPA." +"<quote>ipa</quote>: FreeIPA and Red Hat Identity Management provider. See " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring FreeIPA." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> @@ -4586,35 +4585,37 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:4034 -msgid "This option is ignored for the files provider." +msgid "" +"It is expected that the <quote>files</quote> provider ignores the " +"local_auth_policy option and supports Smartcard authentication by default." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4037 +#: sssd.conf.5.xml:4039 #, fuzzy #| msgid "Default: 3" msgid "Default: match" msgstr "Пешфарз: 3" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4042 +#: sssd.conf.5.xml:4044 msgid "auto_private_groups (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4048 +#: sssd.conf.5.xml:4050 msgid "true" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4051 +#: sssd.conf.5.xml:4053 msgid "" "Create user's private group unconditionally from user's UID number. The GID " "number is ignored in this case." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4055 +#: sssd.conf.5.xml:4057 msgid "" "NOTE: Because the GID number and the user private group are inferred from " "the UID number, it is not supported to have multiple entries with the same " @@ -4623,24 +4624,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4064 +#: sssd.conf.5.xml:4066 msgid "false" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4067 +#: sssd.conf.5.xml:4069 msgid "" "Always use the user's primary GID number. The GID number must refer to a " "group object in the LDAP database." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4073 +#: sssd.conf.5.xml:4075 msgid "hybrid" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4076 +#: sssd.conf.5.xml:4078 msgid "" "A primary group is autogenerated for user entries whose UID and GID numbers " "have the same value and at the same time the GID number does not correspond " @@ -4650,14 +4651,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4089 +#: sssd.conf.5.xml:4091 msgid "" "If the UID and GID of a user are different, then the GID must correspond to " "a group entry, otherwise the GID is simply not resolvable." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4096 +#: sssd.conf.5.xml:4098 msgid "" "This feature is useful for environments that wish to stop maintaining a " "separate group objects for the user private groups, but also wish to retain " @@ -4665,21 +4666,21 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4045 +#: sssd.conf.5.xml:4047 msgid "" "This option takes any of three available values: <placeholder " "type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4108 +#: sssd.conf.5.xml:4110 msgid "" "For subdomains, the default value is False for subdomains that use assigned " "POSIX IDs and True for subdomains that use automatic ID-mapping." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:4116 +#: sssd.conf.5.xml:4118 #, no-wrap msgid "" "[domain/forest.domain/sub.domain]\n" @@ -4687,7 +4688,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:4122 +#: sssd.conf.5.xml:4124 #, no-wrap msgid "" "[domain/forest.domain]\n" @@ -4696,7 +4697,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4113 +#: sssd.conf.5.xml:4115 msgid "" "The value of auto_private_groups can either be set per subdomains in a " "subsection, for example: <placeholder type=\"programlisting\" id=\"0\"/> or " @@ -4713,17 +4714,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4137 +#: sssd.conf.5.xml:4139 msgid "proxy_pam_target (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4140 +#: sssd.conf.5.xml:4142 msgid "The proxy target PAM proxies to." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4143 +#: sssd.conf.5.xml:4145 msgid "" "Default: not set by default, you have to take an existing pam configuration " "or create a new one and add the service name here. As an alternative you can " @@ -4731,12 +4732,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4153 +#: sssd.conf.5.xml:4155 msgid "proxy_lib_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4156 +#: sssd.conf.5.xml:4158 msgid "" "The name of the NSS library to use in proxy domains. The NSS functions " "searched for in the library are in the form of _nss_$(libName)_$(function), " @@ -4744,12 +4745,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4166 +#: sssd.conf.5.xml:4168 msgid "proxy_resolver_lib_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4169 +#: sssd.conf.5.xml:4171 msgid "" "The name of the NSS library to use for hosts and networks lookups in proxy " "domains. The NSS functions searched for in the library are in the form of " @@ -4757,12 +4758,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4180 +#: sssd.conf.5.xml:4182 msgid "proxy_fast_alias (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4183 +#: sssd.conf.5.xml:4185 msgid "" "When a user or group is looked up by name in the proxy provider, a second " "lookup by ID is performed to \"canonicalize\" the name in case the requested " @@ -4771,12 +4772,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4197 +#: sssd.conf.5.xml:4199 msgid "proxy_max_children (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4200 +#: sssd.conf.5.xml:4202 msgid "" "This option specifies the number of pre-forked proxy children. It is useful " "for high-load SSSD environments where sssd may run out of available child " @@ -4784,19 +4785,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4133 +#: sssd.conf.5.xml:4135 msgid "" "Options valid for proxy domains. <placeholder type=\"variablelist\" " "id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:4216 +#: sssd.conf.5.xml:4218 msgid "Application domains" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4218 +#: sssd.conf.5.xml:4220 msgid "" "SSSD, with its D-Bus interface (see <citerefentry> <refentrytitle>sssd-ifp</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry>) is appealing to " @@ -4813,7 +4814,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4238 +#: sssd.conf.5.xml:4240 msgid "" "Please note that the application domain must still be explicitly enabled in " "the <quote>domains</quote> parameter so that the lookup order between the " @@ -4821,17 +4822,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> -#: sssd.conf.5.xml:4244 +#: sssd.conf.5.xml:4246 msgid "Application domain parameters" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4246 +#: sssd.conf.5.xml:4248 msgid "inherit_from (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4249 +#: sssd.conf.5.xml:4251 msgid "" "The SSSD POSIX-type domain the application domain inherits all settings " "from. The application domain can moreover add its own settings to the " @@ -4840,7 +4841,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4263 +#: sssd.conf.5.xml:4265 msgid "" "The following example illustrates the use of an application domain. In this " "setup, the POSIX domain is connected to an LDAP server and is used by the OS " @@ -4850,7 +4851,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><programlisting> -#: sssd.conf.5.xml:4271 +#: sssd.conf.5.xml:4273 #, no-wrap msgid "" "[sssd]\n" @@ -4870,12 +4871,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4291 +#: sssd.conf.5.xml:4293 msgid "TRUSTED DOMAIN SECTION" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4293 +#: sssd.conf.5.xml:4295 msgid "" "Some options used in the domain section can also be used in the trusted " "domain section, that is, in a section called <quote>[domain/" @@ -4886,69 +4887,69 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4300 +#: sssd.conf.5.xml:4302 msgid "ldap_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4301 +#: sssd.conf.5.xml:4303 msgid "ldap_user_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4302 +#: sssd.conf.5.xml:4304 msgid "ldap_group_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4303 +#: sssd.conf.5.xml:4305 msgid "ldap_netgroup_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4304 +#: sssd.conf.5.xml:4306 msgid "ldap_service_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4305 +#: sssd.conf.5.xml:4307 msgid "ldap_sasl_mech," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4306 +#: sssd.conf.5.xml:4308 msgid "ad_server," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4307 +#: sssd.conf.5.xml:4309 msgid "ad_backup_server," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4308 +#: sssd.conf.5.xml:4310 msgid "ad_site," msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4309 sssd-ipa.5.xml:884 +#: sssd.conf.5.xml:4311 sssd-ipa.5.xml:884 msgid "use_fully_qualified_names" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4313 +#: sssd.conf.5.xml:4315 msgid "" "For more details about these options see their individual description in the " "manual page." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4319 +#: sssd.conf.5.xml:4321 msgid "CERTIFICATE MAPPING SECTION" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4321 +#: sssd.conf.5.xml:4323 msgid "" "To allow authentication with Smartcards and certificates SSSD must be able " "to map certificates to users. This can be done by adding the full " @@ -4961,7 +4962,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4335 +#: sssd.conf.5.xml:4337 msgid "" "To make the mapping more flexible mapping and matching rules were added to " "SSSD (see <citerefentry> <refentrytitle>sss-certmap</refentrytitle> " @@ -4969,7 +4970,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4344 +#: sssd.conf.5.xml:4346 msgid "" "A mapping and matching rule can be added to the SSSD configuration in a " "section on its own with a name like <quote>[certmap/" @@ -4978,55 +4979,55 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4351 +#: sssd.conf.5.xml:4353 msgid "matchrule (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4354 +#: sssd.conf.5.xml:4356 msgid "" "Only certificates from the Smartcard which matches this rule will be " "processed, all others are ignored." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4358 +#: sssd.conf.5.xml:4360 msgid "" "Default: KRB5:<EKU>clientAuth, i.e. only certificates which have the " "Extended Key Usage <quote>clientAuth</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4365 +#: sssd.conf.5.xml:4367 msgid "maprule (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4368 +#: sssd.conf.5.xml:4370 msgid "Defines how the user is found for a given certificate." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4374 +#: sssd.conf.5.xml:4376 msgid "" "LDAP:(userCertificate;binary={cert!bin}) for LDAP based providers like " "<quote>ldap</quote>, <quote>AD</quote> or <quote>ipa</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4380 +#: sssd.conf.5.xml:4382 msgid "" "The RULE_NAME for the <quote>files</quote> provider which tries to find a " "user with the same name." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4389 +#: sssd.conf.5.xml:4391 msgid "domains (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4392 +#: sssd.conf.5.xml:4394 msgid "" "Comma separated list of domain names the rule should be applied. By default " "a rule is only valid in the domain configured in sssd.conf. If the provider " @@ -5035,17 +5036,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4399 +#: sssd.conf.5.xml:4401 msgid "Default: the configured domain in sssd.conf" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4404 +#: sssd.conf.5.xml:4406 msgid "priority (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4407 +#: sssd.conf.5.xml:4409 msgid "" "Unsigned integer value defining the priority of the rule. The higher the " "number the lower the priority. <quote>0</quote> stands for the highest " @@ -5053,26 +5054,26 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4413 +#: sssd.conf.5.xml:4415 msgid "Default: the lowest priority" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4419 +#: sssd.conf.5.xml:4421 msgid "" "To make the configuration simple and reduce the amount of configuration " "options the <quote>files</quote> provider has some special properties:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4425 +#: sssd.conf.5.xml:4427 msgid "" "if maprule is not set the RULE_NAME name is assumed to be the name of the " "matching user" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4431 +#: sssd.conf.5.xml:4433 msgid "" "if a maprule is used both a single user name or a template like " "<quote>{subject_rfc822_name.short_name}</quote> must be in braces like e.g. " @@ -5081,17 +5082,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4440 +#: sssd.conf.5.xml:4442 msgid "the <quote>domains</quote> option is ignored" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4448 +#: sssd.conf.5.xml:4450 msgid "PROMPTING CONFIGURATION SECTION" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4450 +#: sssd.conf.5.xml:4452 msgid "" "If a special file (<filename>/var/lib/sss/pubconf/pam_preauth_available</" "filename>) exists SSSD's PAM module pam_sss will ask SSSD to figure out " @@ -5101,7 +5102,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4458 +#: sssd.conf.5.xml:4460 msgid "" "With the growing number of authentication methods and the possibility that " "there are multiple ones for a single user the heuristic used by pam_sss to " @@ -5110,59 +5111,59 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4470 +#: sssd.conf.5.xml:4472 msgid "[prompting/password]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4473 +#: sssd.conf.5.xml:4475 msgid "password_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4474 +#: sssd.conf.5.xml:4476 msgid "to change the string of the password prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4472 +#: sssd.conf.5.xml:4474 msgid "" "to configure password prompting, allowed options are: <placeholder " "type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4482 +#: sssd.conf.5.xml:4484 msgid "[prompting/2fa]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4486 +#: sssd.conf.5.xml:4488 msgid "first_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4487 +#: sssd.conf.5.xml:4489 msgid "to change the string of the prompt for the first factor" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4490 +#: sssd.conf.5.xml:4492 msgid "second_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4491 +#: sssd.conf.5.xml:4493 msgid "to change the string of the prompt for the second factor" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4494 +#: sssd.conf.5.xml:4496 msgid "single_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4495 +#: sssd.conf.5.xml:4497 msgid "" "boolean value, if True there will be only a single prompt using the value of " "first_prompt where it is expected that both factors are entered as a single " @@ -5171,7 +5172,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4484 +#: sssd.conf.5.xml:4486 msgid "" "to configure two-factor authentication prompting, allowed options are: " "<placeholder type=\"variablelist\" id=\"0\"/> If the second factor is " @@ -5180,17 +5181,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4512 +#: sssd.conf.5.xml:4514 msgid "[prompting/passkey]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4518 sssd-ad.5.xml:1021 +#: sssd.conf.5.xml:4520 sssd-ad.5.xml:1021 msgid "interactive" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4520 +#: sssd.conf.5.xml:4522 msgid "" "boolean value, if True prompt a message and wait before testing the presence " "of a passkey device. Recommended if your device doesn’t have a tactile " @@ -5198,46 +5199,46 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4528 +#: sssd.conf.5.xml:4530 msgid "interactive_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4530 +#: sssd.conf.5.xml:4532 msgid "to change the message of the interactive prompt." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4535 +#: sssd.conf.5.xml:4537 msgid "touch" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4537 +#: sssd.conf.5.xml:4539 msgid "" "boolean value, if True prompt a message to remind the user to touch the " "device." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4543 +#: sssd.conf.5.xml:4545 msgid "touch_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4545 +#: sssd.conf.5.xml:4547 msgid "to change the message of the touch prompt." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4514 +#: sssd.conf.5.xml:4516 msgid "" "to configure passkey authentication prompting, allowed options are: " "<placeholder type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4465 +#: sssd.conf.5.xml:4467 msgid "" "Each supported authentication method has its own configuration subsection " "under <quote>[prompting/...]</quote>. Currently there are: <placeholder " @@ -5246,7 +5247,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4556 +#: sssd.conf.5.xml:4558 msgid "" "It is possible to add a subsection for specific PAM services, e.g. " "<quote>[prompting/password/sshd]</quote> to individual change the prompting " @@ -5254,12 +5255,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4563 pam_sss_gss.8.xml:157 idmap_sss.8.xml:43 +#: sssd.conf.5.xml:4565 pam_sss_gss.8.xml:157 idmap_sss.8.xml:43 msgid "EXAMPLES" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4569 +#: sssd.conf.5.xml:4571 #, no-wrap msgid "" "[sssd]\n" @@ -5289,7 +5290,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4565 +#: sssd.conf.5.xml:4567 msgid "" "1. The following example shows a typical SSSD config. It does not describe " "configuration of the domains themselves - refer to documentation on " @@ -5298,7 +5299,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4602 +#: sssd.conf.5.xml:4604 #, no-wrap msgid "" "[domain/ipa.com/child.ad.com]\n" @@ -5306,7 +5307,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4596 +#: sssd.conf.5.xml:4598 msgid "" "2. The following example shows configuration of IPA AD trust where the AD " "forest consists of two domains in a parent-child structure. Suppose IPA " @@ -5317,7 +5318,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4613 +#: sssd.conf.5.xml:4615 #, no-wrap msgid "" "[certmap/my.domain/rule_name]\n" @@ -5328,7 +5329,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4607 +#: sssd.conf.5.xml:4609 msgid "" "3. The following example shows the configuration of a certificate mapping " "rule. It is valid for the configured domain <quote>my.domain</quote> and " diff --git a/src/man/po/uk.po b/src/man/po/uk.po index ee35b33eac4..d771cc877d0 100644 --- a/src/man/po/uk.po +++ b/src/man/po/uk.po @@ -15,7 +15,7 @@ msgid "" msgstr "" "Project-Id-Version: sssd-docs 2.3.0\n" "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" -"POT-Creation-Date: 2023-11-13 11:53+0100\n" +"POT-Creation-Date: 2024-01-12 13:00+0100\n" "PO-Revision-Date: 2022-12-13 18:20+0000\n" "Last-Translator: Yuri Chornoivan <yurchor@ukr.net>\n" "Language-Team: Ukrainian <https://translate.fedoraproject.org/projects/sssd/" @@ -284,7 +284,7 @@ msgstr "" #. type: Content of: <variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:149 sssd.conf.5.xml:652 sssd.conf.5.xml:949 -#: sssd.conf.5.xml:2101 sssd.conf.5.xml:2168 sssd.conf.5.xml:4191 +#: sssd.conf.5.xml:2101 sssd.conf.5.xml:2168 sssd.conf.5.xml:4193 #: sssd-ldap.5.xml:313 sssd-ldap.5.xml:919 sssd-ldap.5.xml:938 #: sssd-ldap.5.xml:1148 sssd-ldap.5.xml:1601 sssd-ldap.5.xml:1841 #: sssd-ipa.5.xml:152 sssd-ipa.5.xml:254 sssd-ipa.5.xml:662 sssd-ad.5.xml:1106 @@ -365,7 +365,7 @@ msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:196 sssd.conf.5.xml:1290 sssd.conf.5.xml:1767 -#: sssd.conf.5.xml:4207 sssd-ldap.5.xml:766 include/ldap_id_mapping.xml:270 +#: sssd.conf.5.xml:4209 sssd-ldap.5.xml:766 include/ldap_id_mapping.xml:270 msgid "Default: 10" msgstr "Типове значення: 10" @@ -1133,7 +1133,7 @@ msgstr "" "різних доменах можуть бути однаковими." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:700 sssd.conf.5.xml:1791 sssd.conf.5.xml:4257 +#: sssd.conf.5.xml:700 sssd.conf.5.xml:1791 sssd.conf.5.xml:4259 #: sssd-ad.5.xml:187 sssd-ad.5.xml:327 sssd-ad.5.xml:341 msgid "Default: Not set" msgstr "Типове значення: не встановлено" @@ -2598,7 +2598,7 @@ msgid "The path to the certificate database." msgstr "Шлях до бази даних сертифікатів." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1723 sssd.conf.5.xml:2248 sssd.conf.5.xml:4371 +#: sssd.conf.5.xml:1723 sssd.conf.5.xml:2248 sssd.conf.5.xml:4373 msgid "Default:" msgstr "Типове значення:" @@ -2928,7 +2928,7 @@ msgid "Default: no_session" msgstr "Типове значення: no_session" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1950 sssd.conf.5.xml:4310 +#: sssd.conf.5.xml:1950 sssd.conf.5.xml:4312 msgid "pam_gssapi_services" msgstr "pam_gssapi_services" @@ -2982,7 +2982,7 @@ msgid "Default: - (GSSAPI authentication is disabled)" msgstr "Типове значення: - (розпізнавання за GSSAPI вимкнено)" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1979 sssd.conf.5.xml:4311 +#: sssd.conf.5.xml:1979 sssd.conf.5.xml:4313 msgid "pam_gssapi_check_upn" msgstr "pam_gssapi_check_upn" @@ -4454,11 +4454,16 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:3042 sssd.conf.5.xml:3153 sssd.conf.5.xml:3204 #: sssd.conf.5.xml:3267 +#, fuzzy +#| msgid "" +#| "<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management " +#| "provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> " +#| "<manvolnum>5</manvolnum> </citerefentry> for more information on " +#| "configuring FreeIPA." msgid "" -"<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management " -"provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> " -"<manvolnum>5</manvolnum> </citerefentry> for more information on configuring " -"FreeIPA." +"<quote>ipa</quote>: FreeIPA and Red Hat Identity Management provider. See " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring FreeIPA." msgstr "" "<quote>ipa</quote>: засіб FreeIPA та керування профілями Red Hat Enterprise. " "Докладніші відомості щодо налаштовування IPA викладено у довіднику з " @@ -5766,30 +5771,30 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:4034 -#, fuzzy -#| msgid "This option is not available in IPA provider." -msgid "This option is ignored for the files provider." -msgstr "Цим параметром не можна скористатися у надавачі даних IPA." +msgid "" +"It is expected that the <quote>files</quote> provider ignores the " +"local_auth_policy option and supports Smartcard authentication by default." +msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4037 +#: sssd.conf.5.xml:4039 #, fuzzy #| msgid "Default: mail" msgid "Default: match" msgstr "Типове значення: mail" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4042 +#: sssd.conf.5.xml:4044 msgid "auto_private_groups (string)" msgstr "auto_private_groups (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4048 +#: sssd.conf.5.xml:4050 msgid "true" msgstr "true" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4051 +#: sssd.conf.5.xml:4053 msgid "" "Create user's private group unconditionally from user's UID number. The GID " "number is ignored in this case." @@ -5798,7 +5803,7 @@ msgstr "" "користувача. У цьому випадку номер GID буде проігноровано." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4055 +#: sssd.conf.5.xml:4057 msgid "" "NOTE: Because the GID number and the user private group are inferred from " "the UID number, it is not supported to have multiple entries with the same " @@ -5811,12 +5816,12 @@ msgstr "" "примусово встановлює унікальність записів у просторі ідентифікаторів." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4064 +#: sssd.conf.5.xml:4066 msgid "false" msgstr "false" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4067 +#: sssd.conf.5.xml:4069 msgid "" "Always use the user's primary GID number. The GID number must refer to a " "group object in the LDAP database." @@ -5825,12 +5830,12 @@ msgstr "" "вказувати на об'єкт групи у базі даних LDAP." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4073 +#: sssd.conf.5.xml:4075 msgid "hybrid" msgstr "hybrid" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4076 +#: sssd.conf.5.xml:4078 msgid "" "A primary group is autogenerated for user entries whose UID and GID numbers " "have the same value and at the same time the GID number does not correspond " @@ -5845,7 +5850,7 @@ msgstr "" "цього користувача визначатиме цей об'єкт групи." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4089 +#: sssd.conf.5.xml:4091 msgid "" "If the UID and GID of a user are different, then the GID must correspond to " "a group entry, otherwise the GID is simply not resolvable." @@ -5854,7 +5859,7 @@ msgstr "" "групи, інакше надійне визначення GID буде просто неможливим." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4096 +#: sssd.conf.5.xml:4098 msgid "" "This feature is useful for environments that wish to stop maintaining a " "separate group objects for the user private groups, but also wish to retain " @@ -5865,7 +5870,7 @@ msgstr "" "збереженням наявних приватних груп для користувачів." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4045 +#: sssd.conf.5.xml:4047 msgid "" "This option takes any of three available values: <placeholder " "type=\"variablelist\" id=\"0\"/>" @@ -5874,7 +5879,7 @@ msgstr "" "type=\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4108 +#: sssd.conf.5.xml:4110 msgid "" "For subdomains, the default value is False for subdomains that use assigned " "POSIX IDs and True for subdomains that use automatic ID-mapping." @@ -5884,7 +5889,7 @@ msgstr "" "використовується автоматична прив'язка до ідентифікаторів." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:4116 +#: sssd.conf.5.xml:4118 #, no-wrap msgid "" "[domain/forest.domain/sub.domain]\n" @@ -5894,7 +5899,7 @@ msgstr "" "auto_private_groups = false\n" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:4122 +#: sssd.conf.5.xml:4124 #, no-wrap msgid "" "[domain/forest.domain]\n" @@ -5906,7 +5911,7 @@ msgstr "" "auto_private_groups = false\n" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4113 +#: sssd.conf.5.xml:4115 msgid "" "The value of auto_private_groups can either be set per subdomains in a " "subsection, for example: <placeholder type=\"programlisting\" id=\"0\"/> or " @@ -5931,17 +5936,17 @@ msgstr "" "quote> <placeholder type=\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4137 +#: sssd.conf.5.xml:4139 msgid "proxy_pam_target (string)" msgstr "proxy_pam_target (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4140 +#: sssd.conf.5.xml:4142 msgid "The proxy target PAM proxies to." msgstr "Комп’ютер, для якого виконує проксі-сервер PAM." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4143 +#: sssd.conf.5.xml:4145 #, fuzzy #| msgid "" #| "Default: not set by default, you have to take an existing pam " @@ -5955,12 +5960,12 @@ msgstr "" "налаштуваннями pam або створити нові і тут додати назву служби." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4153 +#: sssd.conf.5.xml:4155 msgid "proxy_lib_name (string)" msgstr "proxy_lib_name (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4156 +#: sssd.conf.5.xml:4158 msgid "" "The name of the NSS library to use in proxy domains. The NSS functions " "searched for in the library are in the form of _nss_$(libName)_$(function), " @@ -5971,12 +5976,12 @@ msgstr "" "наприклад _nss_files_getpwent." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4166 +#: sssd.conf.5.xml:4168 msgid "proxy_resolver_lib_name (string)" msgstr "proxy_resolver_lib_name (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4169 +#: sssd.conf.5.xml:4171 msgid "" "The name of the NSS library to use for hosts and networks lookups in proxy " "domains. The NSS functions searched for in the library are in the form of " @@ -5987,12 +5992,12 @@ msgstr "" "_nss_$(назва_бібліотеки)_$(функція), наприклад _nss_dns_gethostbyname2_r." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4180 +#: sssd.conf.5.xml:4182 msgid "proxy_fast_alias (boolean)" msgstr "proxy_fast_alias (булеве значення)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4183 +#: sssd.conf.5.xml:4185 msgid "" "When a user or group is looked up by name in the proxy provider, a second " "lookup by ID is performed to \"canonicalize\" the name in case the requested " @@ -6007,12 +6012,12 @@ msgstr "" "у кеші, щоб пришвидшити надання результатів." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4197 +#: sssd.conf.5.xml:4199 msgid "proxy_max_children (integer)" msgstr "proxy_max_children (ціле число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4200 +#: sssd.conf.5.xml:4202 msgid "" "This option specifies the number of pre-forked proxy children. It is useful " "for high-load SSSD environments where sssd may run out of available child " @@ -6024,7 +6029,7 @@ msgstr "" "використання черги запитів." #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4133 +#: sssd.conf.5.xml:4135 msgid "" "Options valid for proxy domains. <placeholder type=\"variablelist\" " "id=\"0\"/>" @@ -6033,12 +6038,12 @@ msgstr "" "type=\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:4216 +#: sssd.conf.5.xml:4218 msgid "Application domains" msgstr "Домени програм (application)" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4218 +#: sssd.conf.5.xml:4220 msgid "" "SSSD, with its D-Bus interface (see <citerefentry> <refentrytitle>sssd-ifp</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry>) is appealing to " @@ -6066,7 +6071,7 @@ msgstr "" "який може успадковувати параметр з традиційного домену SSSD." #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4238 +#: sssd.conf.5.xml:4240 msgid "" "Please note that the application domain must still be explicitly enabled in " "the <quote>domains</quote> parameter so that the lookup order between the " @@ -6077,17 +6082,17 @@ msgstr "" "його доменом-близнюком у POSIX має бути встановлено належним чином." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> -#: sssd.conf.5.xml:4244 +#: sssd.conf.5.xml:4246 msgid "Application domain parameters" msgstr "Параметри доменів програм" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4246 +#: sssd.conf.5.xml:4248 msgid "inherit_from (string)" msgstr "inherit_from (рядок)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4249 +#: sssd.conf.5.xml:4251 msgid "" "The SSSD POSIX-type domain the application domain inherits all settings " "from. The application domain can moreover add its own settings to the " @@ -6099,7 +6104,7 @@ msgstr "" "розширюють або перевизначають параметри домену-<quote>близнюка</quote>." #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4263 +#: sssd.conf.5.xml:4265 msgid "" "The following example illustrates the use of an application domain. In this " "setup, the POSIX domain is connected to an LDAP server and is used by the OS " @@ -6114,7 +6119,7 @@ msgstr "" "у кеші і робить атрибут phone доступним через інтерфейс D-Bus." #. type: Content of: <reference><refentry><refsect1><refsect2><programlisting> -#: sssd.conf.5.xml:4271 +#: sssd.conf.5.xml:4273 #, no-wrap msgid "" "[sssd]\n" @@ -6148,12 +6153,12 @@ msgstr "" "ldap_user_extra_attrs = phone:telephoneNumber\n" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4291 +#: sssd.conf.5.xml:4293 msgid "TRUSTED DOMAIN SECTION" msgstr "РОЗДІЛ ДОВІРЕНИХ ДОМЕНІВ" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4293 +#: sssd.conf.5.xml:4295 msgid "" "Some options used in the domain section can also be used in the trusted " "domain section, that is, in a section called <quote>[domain/" @@ -6171,57 +6176,57 @@ msgstr "" "такі параметри:" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4300 +#: sssd.conf.5.xml:4302 msgid "ldap_search_base," msgstr "ldap_search_base," #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4301 +#: sssd.conf.5.xml:4303 msgid "ldap_user_search_base," msgstr "ldap_user_search_base," #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4302 +#: sssd.conf.5.xml:4304 msgid "ldap_group_search_base," msgstr "ldap_group_search_base," #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4303 +#: sssd.conf.5.xml:4305 msgid "ldap_netgroup_search_base," msgstr "ldap_netgroup_search_base," #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4304 +#: sssd.conf.5.xml:4306 msgid "ldap_service_search_base," msgstr "ldap_service_search_base," #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4305 +#: sssd.conf.5.xml:4307 msgid "ldap_sasl_mech," msgstr "ldap_sasl_mech," #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4306 +#: sssd.conf.5.xml:4308 msgid "ad_server," msgstr "ad_server," #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4307 +#: sssd.conf.5.xml:4309 msgid "ad_backup_server," msgstr "ad_backup_server," #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4308 +#: sssd.conf.5.xml:4310 msgid "ad_site," msgstr "ad_site," #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4309 sssd-ipa.5.xml:884 +#: sssd.conf.5.xml:4311 sssd-ipa.5.xml:884 msgid "use_fully_qualified_names" msgstr "use_fully_qualified_names" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4313 +#: sssd.conf.5.xml:4315 msgid "" "For more details about these options see their individual description in the " "manual page." @@ -6230,12 +6235,12 @@ msgstr "" "підручника." #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4319 +#: sssd.conf.5.xml:4321 msgid "CERTIFICATE MAPPING SECTION" msgstr "РОЗДІЛ ПРИВ'ЯЗКИ СЕРТИФІКАТІВ" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4321 +#: sssd.conf.5.xml:4323 msgid "" "To allow authentication with Smartcards and certificates SSSD must be able " "to map certificates to users. This can be done by adding the full " @@ -6258,7 +6263,7 @@ msgstr "" "використовують для розпізнавання PAM." #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4335 +#: sssd.conf.5.xml:4337 msgid "" "To make the mapping more flexible mapping and matching rules were added to " "SSSD (see <citerefentry> <refentrytitle>sss-certmap</refentrytitle> " @@ -6270,7 +6275,7 @@ msgstr "" "citerefentry>)." #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4344 +#: sssd.conf.5.xml:4346 msgid "" "A mapping and matching rule can be added to the SSSD configuration in a " "section on its own with a name like <quote>[certmap/" @@ -6283,12 +6288,12 @@ msgstr "" "replaceable>]</quote>. У цьому розділі можна використовувати такі параметри:" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4351 +#: sssd.conf.5.xml:4353 msgid "matchrule (string)" msgstr "matchrule (рядок)" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4354 +#: sssd.conf.5.xml:4356 msgid "" "Only certificates from the Smartcard which matches this rule will be " "processed, all others are ignored." @@ -6297,7 +6302,7 @@ msgstr "" "цьому правилу. Усі інші сертифікати буде проігноровано." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4358 +#: sssd.conf.5.xml:4360 msgid "" "Default: KRB5:<EKU>clientAuth, i.e. only certificates which have the " "Extended Key Usage <quote>clientAuth</quote>" @@ -6307,17 +6312,17 @@ msgstr "" "<quote>clientAuth</quote>" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4365 +#: sssd.conf.5.xml:4367 msgid "maprule (string)" msgstr "maprule (рядок)" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4368 +#: sssd.conf.5.xml:4370 msgid "Defines how the user is found for a given certificate." msgstr "Визначає спосіб пошуку користувача для вказаного сертифіката." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4374 +#: sssd.conf.5.xml:4376 msgid "" "LDAP:(userCertificate;binary={cert!bin}) for LDAP based providers like " "<quote>ldap</quote>, <quote>AD</quote> or <quote>ipa</quote>." @@ -6326,7 +6331,7 @@ msgstr "" "даних, зокрема <quote>ldap</quote>, <quote>AD</quote> та <quote>ipa</quote>." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4380 +#: sssd.conf.5.xml:4382 msgid "" "The RULE_NAME for the <quote>files</quote> provider which tries to find a " "user with the same name." @@ -6335,12 +6340,12 @@ msgstr "" "запис користувача і такою самою назвою." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4389 +#: sssd.conf.5.xml:4391 msgid "domains (string)" msgstr "domains (рядок)" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4392 +#: sssd.conf.5.xml:4394 msgid "" "Comma separated list of domain names the rule should be applied. By default " "a rule is only valid in the domain configured in sssd.conf. If the provider " @@ -6353,17 +6358,17 @@ msgstr "" "параметр можна використати і для додавання правила до піддоменів." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4399 +#: sssd.conf.5.xml:4401 msgid "Default: the configured domain in sssd.conf" msgstr "Типове значення: домен, який налаштовано у sssd.conf" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4404 +#: sssd.conf.5.xml:4406 msgid "priority (integer)" msgstr "priority (ціле число)" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4407 +#: sssd.conf.5.xml:4409 msgid "" "Unsigned integer value defining the priority of the rule. The higher the " "number the lower the priority. <quote>0</quote> stands for the highest " @@ -6374,12 +6379,12 @@ msgstr "" "пріоритетність, а <quote>4294967295</quote> — найнижча." #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4413 +#: sssd.conf.5.xml:4415 msgid "Default: the lowest priority" msgstr "Типове значення: найнижча пріоритетність" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4419 +#: sssd.conf.5.xml:4421 msgid "" "To make the configuration simple and reduce the amount of configuration " "options the <quote>files</quote> provider has some special properties:" @@ -6389,7 +6394,7 @@ msgstr "" "спеціальних властивостей:" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4425 +#: sssd.conf.5.xml:4427 msgid "" "if maprule is not set the RULE_NAME name is assumed to be the name of the " "matching user" @@ -6398,7 +6403,7 @@ msgstr "" "відповідного облікового запису користувача" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4431 +#: sssd.conf.5.xml:4433 msgid "" "if a maprule is used both a single user name or a template like " "<quote>{subject_rfc822_name.short_name}</quote> must be in braces like e.g. " @@ -6411,17 +6416,17 @@ msgstr "" "quote> або <quote>({назва_об'єкта_rfc822.коротка_назва})</quote>" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4440 +#: sssd.conf.5.xml:4442 msgid "the <quote>domains</quote> option is ignored" msgstr "параметр <quote>domains</quote> буде проігноровано" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4448 +#: sssd.conf.5.xml:4450 msgid "PROMPTING CONFIGURATION SECTION" msgstr "РОЗДІЛ НАЛАШТОВУВАННЯ ЗАПИТІВ" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4450 +#: sssd.conf.5.xml:4452 msgid "" "If a special file (<filename>/var/lib/sss/pubconf/pam_preauth_available</" "filename>) exists SSSD's PAM module pam_sss will ask SSSD to figure out " @@ -6437,7 +6442,7 @@ msgstr "" "реєстраційних даних." #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4458 +#: sssd.conf.5.xml:4460 msgid "" "With the growing number of authentication methods and the possibility that " "there are multiple ones for a single user the heuristic used by pam_sss to " @@ -6451,22 +6456,22 @@ msgstr "" "випадках мають забезпечити описані нижче параметри." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4470 +#: sssd.conf.5.xml:4472 msgid "[prompting/password]" msgstr "[prompting/password]" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4473 +#: sssd.conf.5.xml:4475 msgid "password_prompt" msgstr "password_prompt" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4474 +#: sssd.conf.5.xml:4476 msgid "to change the string of the password prompt" msgstr "для зміни рядка запиту пароля" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4472 +#: sssd.conf.5.xml:4474 msgid "" "to configure password prompting, allowed options are: <placeholder " "type=\"variablelist\" id=\"0\"/>" @@ -6475,37 +6480,37 @@ msgstr "" "type=\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4482 +#: sssd.conf.5.xml:4484 msgid "[prompting/2fa]" msgstr "[prompting/2fa]" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4486 +#: sssd.conf.5.xml:4488 msgid "first_prompt" msgstr "first_prompt" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4487 +#: sssd.conf.5.xml:4489 msgid "to change the string of the prompt for the first factor" msgstr "для зміни рядка запиту для першого фактора" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4490 +#: sssd.conf.5.xml:4492 msgid "second_prompt" msgstr "second_prompt" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4491 +#: sssd.conf.5.xml:4493 msgid "to change the string of the prompt for the second factor" msgstr "для зміни рядка запиту для другого фактора" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4494 +#: sssd.conf.5.xml:4496 msgid "single_prompt" msgstr "single_prompt" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4495 +#: sssd.conf.5.xml:4497 msgid "" "boolean value, if True there will be only a single prompt using the value of " "first_prompt where it is expected that both factors are entered as a single " @@ -6518,7 +6523,7 @@ msgstr "" "якщо другий фактор не є обов'язковим." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4484 +#: sssd.conf.5.xml:4486 msgid "" "to configure two-factor authentication prompting, allowed options are: " "<placeholder type=\"variablelist\" id=\"0\"/> If the second factor is " @@ -6531,19 +6536,19 @@ msgstr "" "паролем, або за двома факторами, має бути використано двокроковий запит." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4512 +#: sssd.conf.5.xml:4514 #, fuzzy #| msgid "[prompting/password]" msgid "[prompting/passkey]" msgstr "[prompting/password]" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4518 sssd-ad.5.xml:1021 +#: sssd.conf.5.xml:4520 sssd-ad.5.xml:1021 msgid "interactive" msgstr "interactive" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4520 +#: sssd.conf.5.xml:4522 msgid "" "boolean value, if True prompt a message and wait before testing the presence " "of a passkey device. Recommended if your device doesn’t have a tactile " @@ -6551,47 +6556,47 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4528 +#: sssd.conf.5.xml:4530 #, fuzzy #| msgid "interactive" msgid "interactive_prompt" msgstr "interactive" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4530 +#: sssd.conf.5.xml:4532 #, fuzzy #| msgid "to change the string of the password prompt" msgid "to change the message of the interactive prompt." msgstr "для зміни рядка запиту пароля" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4535 +#: sssd.conf.5.xml:4537 msgid "touch" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4537 +#: sssd.conf.5.xml:4539 msgid "" "boolean value, if True prompt a message to remind the user to touch the " "device." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4543 +#: sssd.conf.5.xml:4545 #, fuzzy #| msgid "first_prompt" msgid "touch_prompt" msgstr "first_prompt" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4545 +#: sssd.conf.5.xml:4547 #, fuzzy #| msgid "to change the string of the password prompt" msgid "to change the message of the touch prompt." msgstr "для зміни рядка запиту пароля" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4514 +#: sssd.conf.5.xml:4516 #, fuzzy #| msgid "" #| "to configure two-factor authentication prompting, allowed options are: " @@ -6604,7 +6609,7 @@ msgstr "" "параметри: <placeholder type=\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4465 +#: sssd.conf.5.xml:4467 #, fuzzy #| msgid "" #| "Each supported authentication method has its own configuration subsection " @@ -6623,7 +6628,7 @@ msgstr "" "type=\"variablelist\" id=\"1\"/>" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4556 +#: sssd.conf.5.xml:4558 msgid "" "It is possible to add a subsection for specific PAM services, e.g. " "<quote>[prompting/password/sshd]</quote> to individual change the prompting " @@ -6634,12 +6639,12 @@ msgstr "" "для цієї служби." #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4563 pam_sss_gss.8.xml:157 idmap_sss.8.xml:43 +#: sssd.conf.5.xml:4565 pam_sss_gss.8.xml:157 idmap_sss.8.xml:43 msgid "EXAMPLES" msgstr "ПРИКЛАДИ" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4569 +#: sssd.conf.5.xml:4571 #, no-wrap msgid "" "[sssd]\n" @@ -6693,7 +6698,7 @@ msgstr "" "enumerate = False\n" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4565 +#: sssd.conf.5.xml:4567 msgid "" "1. The following example shows a typical SSSD config. It does not describe " "configuration of the domains themselves - refer to documentation on " @@ -6706,7 +6711,7 @@ msgstr "" "type=\"programlisting\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4602 +#: sssd.conf.5.xml:4604 #, no-wrap msgid "" "[domain/ipa.com/child.ad.com]\n" @@ -6716,7 +6721,7 @@ msgstr "" "use_fully_qualified_names = false\n" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4596 +#: sssd.conf.5.xml:4598 msgid "" "2. The following example shows configuration of IPA AD trust where the AD " "forest consists of two domains in a parent-child structure. Suppose IPA " @@ -6733,7 +6738,7 @@ msgstr "" "type=\"programlisting\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4613 +#: sssd.conf.5.xml:4615 #, fuzzy, no-wrap #| msgid "" #| "[certmap/my.domain/rule_name]\n" @@ -6761,7 +6766,7 @@ msgstr "" "matchrule = <ISSUER>^CN=My-CA,DC=MY,DC=DOMAIN$<SUBJECT>^CN=User.Name,DC=MY,DC=DOMAIN$\n" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4607 +#: sssd.conf.5.xml:4609 #, fuzzy #| msgid "" #| "3. The following example shows the configuration for two certificate " @@ -23194,6 +23199,11 @@ msgstr "" "Визначає, чи слід перетворювати реєстраційний запис вузла і користувача у " "канонічну форму. Цю можливість передбачено з версії MIT Kerberos 1.7." +#, fuzzy +#~| msgid "This option is not available in IPA provider." +#~ msgid "This option is ignored for the files provider." +#~ msgstr "Цим параметром не можна скористатися у надавачі даних IPA." + #, fuzzy #~| msgid "" #~| "Determines if user credentials are also cached in the local LDB cache" diff --git a/src/man/po/zh_CN.po b/src/man/po/zh_CN.po index e5cecb1c6ac..f2ff3206e7d 100644 --- a/src/man/po/zh_CN.po +++ b/src/man/po/zh_CN.po @@ -9,7 +9,7 @@ msgid "" msgstr "" "Project-Id-Version: sssd-docs 2.3.0\n" "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" -"POT-Creation-Date: 2023-11-13 11:53+0100\n" +"POT-Creation-Date: 2024-01-12 13:00+0100\n" "PO-Revision-Date: 2020-07-22 07:51-0400\n" "Last-Translator: Copied by Zanata <copied-by-zanata@zanata.org>\n" "Language-Team: Chinese (China) (http://www.transifex.com/projects/p/sssd/" @@ -228,7 +228,7 @@ msgstr "" #. type: Content of: <variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:149 sssd.conf.5.xml:652 sssd.conf.5.xml:949 -#: sssd.conf.5.xml:2101 sssd.conf.5.xml:2168 sssd.conf.5.xml:4191 +#: sssd.conf.5.xml:2101 sssd.conf.5.xml:2168 sssd.conf.5.xml:4193 #: sssd-ldap.5.xml:313 sssd-ldap.5.xml:919 sssd-ldap.5.xml:938 #: sssd-ldap.5.xml:1148 sssd-ldap.5.xml:1601 sssd-ldap.5.xml:1841 #: sssd-ipa.5.xml:152 sssd-ipa.5.xml:254 sssd-ipa.5.xml:662 sssd-ad.5.xml:1106 @@ -297,7 +297,7 @@ msgstr "" #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:196 sssd.conf.5.xml:1290 sssd.conf.5.xml:1767 -#: sssd.conf.5.xml:4207 sssd-ldap.5.xml:766 include/ldap_id_mapping.xml:270 +#: sssd.conf.5.xml:4209 sssd-ldap.5.xml:766 include/ldap_id_mapping.xml:270 msgid "Default: 10" msgstr "" @@ -874,7 +874,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:700 sssd.conf.5.xml:1791 sssd.conf.5.xml:4257 +#: sssd.conf.5.xml:700 sssd.conf.5.xml:1791 sssd.conf.5.xml:4259 #: sssd-ad.5.xml:187 sssd-ad.5.xml:327 sssd-ad.5.xml:341 msgid "Default: Not set" msgstr "" @@ -2060,7 +2060,7 @@ msgid "The path to the certificate database." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1723 sssd.conf.5.xml:2248 sssd.conf.5.xml:4371 +#: sssd.conf.5.xml:1723 sssd.conf.5.xml:2248 sssd.conf.5.xml:4373 msgid "Default:" msgstr "" @@ -2326,7 +2326,7 @@ msgid "Default: no_session" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1950 sssd.conf.5.xml:4310 +#: sssd.conf.5.xml:1950 sssd.conf.5.xml:4312 msgid "pam_gssapi_services" msgstr "" @@ -2370,7 +2370,7 @@ msgid "Default: - (GSSAPI authentication is disabled)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1979 sssd.conf.5.xml:4311 +#: sssd.conf.5.xml:1979 sssd.conf.5.xml:4313 msgid "pam_gssapi_check_upn" msgstr "" @@ -3542,10 +3542,9 @@ msgstr "" #: sssd.conf.5.xml:3042 sssd.conf.5.xml:3153 sssd.conf.5.xml:3204 #: sssd.conf.5.xml:3267 msgid "" -"<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management " -"provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> " -"<manvolnum>5</manvolnum> </citerefentry> for more information on configuring " -"FreeIPA." +"<quote>ipa</quote>: FreeIPA and Red Hat Identity Management provider. See " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring FreeIPA." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> @@ -4588,35 +4587,37 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:4034 -msgid "This option is ignored for the files provider." +msgid "" +"It is expected that the <quote>files</quote> provider ignores the " +"local_auth_policy option and supports Smartcard authentication by default." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4037 +#: sssd.conf.5.xml:4039 #, fuzzy #| msgid "Default: 3" msgid "Default: match" msgstr "默认: 3" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4042 +#: sssd.conf.5.xml:4044 msgid "auto_private_groups (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4048 +#: sssd.conf.5.xml:4050 msgid "true" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4051 +#: sssd.conf.5.xml:4053 msgid "" "Create user's private group unconditionally from user's UID number. The GID " "number is ignored in this case." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4055 +#: sssd.conf.5.xml:4057 msgid "" "NOTE: Because the GID number and the user private group are inferred from " "the UID number, it is not supported to have multiple entries with the same " @@ -4625,24 +4626,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4064 +#: sssd.conf.5.xml:4066 msgid "false" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4067 +#: sssd.conf.5.xml:4069 msgid "" "Always use the user's primary GID number. The GID number must refer to a " "group object in the LDAP database." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4073 +#: sssd.conf.5.xml:4075 msgid "hybrid" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4076 +#: sssd.conf.5.xml:4078 msgid "" "A primary group is autogenerated for user entries whose UID and GID numbers " "have the same value and at the same time the GID number does not correspond " @@ -4652,14 +4653,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4089 +#: sssd.conf.5.xml:4091 msgid "" "If the UID and GID of a user are different, then the GID must correspond to " "a group entry, otherwise the GID is simply not resolvable." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4096 +#: sssd.conf.5.xml:4098 msgid "" "This feature is useful for environments that wish to stop maintaining a " "separate group objects for the user private groups, but also wish to retain " @@ -4667,21 +4668,21 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4045 +#: sssd.conf.5.xml:4047 msgid "" "This option takes any of three available values: <placeholder " "type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4108 +#: sssd.conf.5.xml:4110 msgid "" "For subdomains, the default value is False for subdomains that use assigned " "POSIX IDs and True for subdomains that use automatic ID-mapping." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:4116 +#: sssd.conf.5.xml:4118 #, no-wrap msgid "" "[domain/forest.domain/sub.domain]\n" @@ -4689,7 +4690,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting> -#: sssd.conf.5.xml:4122 +#: sssd.conf.5.xml:4124 #, no-wrap msgid "" "[domain/forest.domain]\n" @@ -4698,7 +4699,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4113 +#: sssd.conf.5.xml:4115 msgid "" "The value of auto_private_groups can either be set per subdomains in a " "subsection, for example: <placeholder type=\"programlisting\" id=\"0\"/> or " @@ -4715,17 +4716,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4137 +#: sssd.conf.5.xml:4139 msgid "proxy_pam_target (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4140 +#: sssd.conf.5.xml:4142 msgid "The proxy target PAM proxies to." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4143 +#: sssd.conf.5.xml:4145 msgid "" "Default: not set by default, you have to take an existing pam configuration " "or create a new one and add the service name here. As an alternative you can " @@ -4733,12 +4734,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4153 +#: sssd.conf.5.xml:4155 msgid "proxy_lib_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4156 +#: sssd.conf.5.xml:4158 msgid "" "The name of the NSS library to use in proxy domains. The NSS functions " "searched for in the library are in the form of _nss_$(libName)_$(function), " @@ -4746,12 +4747,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4166 +#: sssd.conf.5.xml:4168 msgid "proxy_resolver_lib_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4169 +#: sssd.conf.5.xml:4171 msgid "" "The name of the NSS library to use for hosts and networks lookups in proxy " "domains. The NSS functions searched for in the library are in the form of " @@ -4759,12 +4760,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4180 +#: sssd.conf.5.xml:4182 msgid "proxy_fast_alias (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4183 +#: sssd.conf.5.xml:4185 msgid "" "When a user or group is looked up by name in the proxy provider, a second " "lookup by ID is performed to \"canonicalize\" the name in case the requested " @@ -4773,12 +4774,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4197 +#: sssd.conf.5.xml:4199 msgid "proxy_max_children (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4200 +#: sssd.conf.5.xml:4202 msgid "" "This option specifies the number of pre-forked proxy children. It is useful " "for high-load SSSD environments where sssd may run out of available child " @@ -4786,19 +4787,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4133 +#: sssd.conf.5.xml:4135 msgid "" "Options valid for proxy domains. <placeholder type=\"variablelist\" " "id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:4216 +#: sssd.conf.5.xml:4218 msgid "Application domains" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4218 +#: sssd.conf.5.xml:4220 msgid "" "SSSD, with its D-Bus interface (see <citerefentry> <refentrytitle>sssd-ifp</" "refentrytitle> <manvolnum>5</manvolnum> </citerefentry>) is appealing to " @@ -4815,7 +4816,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4238 +#: sssd.conf.5.xml:4240 msgid "" "Please note that the application domain must still be explicitly enabled in " "the <quote>domains</quote> parameter so that the lookup order between the " @@ -4823,17 +4824,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> -#: sssd.conf.5.xml:4244 +#: sssd.conf.5.xml:4246 msgid "Application domain parameters" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4246 +#: sssd.conf.5.xml:4248 msgid "inherit_from (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4249 +#: sssd.conf.5.xml:4251 msgid "" "The SSSD POSIX-type domain the application domain inherits all settings " "from. The application domain can moreover add its own settings to the " @@ -4842,7 +4843,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:4263 +#: sssd.conf.5.xml:4265 msgid "" "The following example illustrates the use of an application domain. In this " "setup, the POSIX domain is connected to an LDAP server and is used by the OS " @@ -4852,7 +4853,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><programlisting> -#: sssd.conf.5.xml:4271 +#: sssd.conf.5.xml:4273 #, no-wrap msgid "" "[sssd]\n" @@ -4872,12 +4873,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4291 +#: sssd.conf.5.xml:4293 msgid "TRUSTED DOMAIN SECTION" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4293 +#: sssd.conf.5.xml:4295 msgid "" "Some options used in the domain section can also be used in the trusted " "domain section, that is, in a section called <quote>[domain/" @@ -4888,69 +4889,69 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4300 +#: sssd.conf.5.xml:4302 msgid "ldap_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4301 +#: sssd.conf.5.xml:4303 msgid "ldap_user_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4302 +#: sssd.conf.5.xml:4304 msgid "ldap_group_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4303 +#: sssd.conf.5.xml:4305 msgid "ldap_netgroup_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4304 +#: sssd.conf.5.xml:4306 msgid "ldap_service_search_base," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4305 +#: sssd.conf.5.xml:4307 msgid "ldap_sasl_mech," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4306 +#: sssd.conf.5.xml:4308 msgid "ad_server," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4307 +#: sssd.conf.5.xml:4309 msgid "ad_backup_server," msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4308 +#: sssd.conf.5.xml:4310 msgid "ad_site," msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4309 sssd-ipa.5.xml:884 +#: sssd.conf.5.xml:4311 sssd-ipa.5.xml:884 msgid "use_fully_qualified_names" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4313 +#: sssd.conf.5.xml:4315 msgid "" "For more details about these options see their individual description in the " "manual page." msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4319 +#: sssd.conf.5.xml:4321 msgid "CERTIFICATE MAPPING SECTION" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4321 +#: sssd.conf.5.xml:4323 msgid "" "To allow authentication with Smartcards and certificates SSSD must be able " "to map certificates to users. This can be done by adding the full " @@ -4963,7 +4964,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4335 +#: sssd.conf.5.xml:4337 msgid "" "To make the mapping more flexible mapping and matching rules were added to " "SSSD (see <citerefentry> <refentrytitle>sss-certmap</refentrytitle> " @@ -4971,7 +4972,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4344 +#: sssd.conf.5.xml:4346 msgid "" "A mapping and matching rule can be added to the SSSD configuration in a " "section on its own with a name like <quote>[certmap/" @@ -4980,55 +4981,55 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4351 +#: sssd.conf.5.xml:4353 msgid "matchrule (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4354 +#: sssd.conf.5.xml:4356 msgid "" "Only certificates from the Smartcard which matches this rule will be " "processed, all others are ignored." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4358 +#: sssd.conf.5.xml:4360 msgid "" "Default: KRB5:<EKU>clientAuth, i.e. only certificates which have the " "Extended Key Usage <quote>clientAuth</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4365 +#: sssd.conf.5.xml:4367 msgid "maprule (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4368 +#: sssd.conf.5.xml:4370 msgid "Defines how the user is found for a given certificate." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4374 +#: sssd.conf.5.xml:4376 msgid "" "LDAP:(userCertificate;binary={cert!bin}) for LDAP based providers like " "<quote>ldap</quote>, <quote>AD</quote> or <quote>ipa</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4380 +#: sssd.conf.5.xml:4382 msgid "" "The RULE_NAME for the <quote>files</quote> provider which tries to find a " "user with the same name." msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4389 +#: sssd.conf.5.xml:4391 msgid "domains (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4392 +#: sssd.conf.5.xml:4394 msgid "" "Comma separated list of domain names the rule should be applied. By default " "a rule is only valid in the domain configured in sssd.conf. If the provider " @@ -5037,17 +5038,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4399 +#: sssd.conf.5.xml:4401 msgid "Default: the configured domain in sssd.conf" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4404 +#: sssd.conf.5.xml:4406 msgid "priority (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4407 +#: sssd.conf.5.xml:4409 msgid "" "Unsigned integer value defining the priority of the rule. The higher the " "number the lower the priority. <quote>0</quote> stands for the highest " @@ -5055,26 +5056,26 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4413 +#: sssd.conf.5.xml:4415 msgid "Default: the lowest priority" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4419 +#: sssd.conf.5.xml:4421 msgid "" "To make the configuration simple and reduce the amount of configuration " "options the <quote>files</quote> provider has some special properties:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4425 +#: sssd.conf.5.xml:4427 msgid "" "if maprule is not set the RULE_NAME name is assumed to be the name of the " "matching user" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4431 +#: sssd.conf.5.xml:4433 msgid "" "if a maprule is used both a single user name or a template like " "<quote>{subject_rfc822_name.short_name}</quote> must be in braces like e.g. " @@ -5083,17 +5084,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4440 +#: sssd.conf.5.xml:4442 msgid "the <quote>domains</quote> option is ignored" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4448 +#: sssd.conf.5.xml:4450 msgid "PROMPTING CONFIGURATION SECTION" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4450 +#: sssd.conf.5.xml:4452 msgid "" "If a special file (<filename>/var/lib/sss/pubconf/pam_preauth_available</" "filename>) exists SSSD's PAM module pam_sss will ask SSSD to figure out " @@ -5103,7 +5104,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4458 +#: sssd.conf.5.xml:4460 msgid "" "With the growing number of authentication methods and the possibility that " "there are multiple ones for a single user the heuristic used by pam_sss to " @@ -5112,59 +5113,59 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4470 +#: sssd.conf.5.xml:4472 msgid "[prompting/password]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4473 +#: sssd.conf.5.xml:4475 msgid "password_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4474 +#: sssd.conf.5.xml:4476 msgid "to change the string of the password prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4472 +#: sssd.conf.5.xml:4474 msgid "" "to configure password prompting, allowed options are: <placeholder " "type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4482 +#: sssd.conf.5.xml:4484 msgid "[prompting/2fa]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4486 +#: sssd.conf.5.xml:4488 msgid "first_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4487 +#: sssd.conf.5.xml:4489 msgid "to change the string of the prompt for the first factor" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4490 +#: sssd.conf.5.xml:4492 msgid "second_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4491 +#: sssd.conf.5.xml:4493 msgid "to change the string of the prompt for the second factor" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4494 +#: sssd.conf.5.xml:4496 msgid "single_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4495 +#: sssd.conf.5.xml:4497 msgid "" "boolean value, if True there will be only a single prompt using the value of " "first_prompt where it is expected that both factors are entered as a single " @@ -5173,7 +5174,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4484 +#: sssd.conf.5.xml:4486 msgid "" "to configure two-factor authentication prompting, allowed options are: " "<placeholder type=\"variablelist\" id=\"0\"/> If the second factor is " @@ -5182,17 +5183,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4512 +#: sssd.conf.5.xml:4514 msgid "[prompting/passkey]" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para> -#: sssd.conf.5.xml:4518 sssd-ad.5.xml:1021 +#: sssd.conf.5.xml:4520 sssd-ad.5.xml:1021 msgid "interactive" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4520 +#: sssd.conf.5.xml:4522 msgid "" "boolean value, if True prompt a message and wait before testing the presence " "of a passkey device. Recommended if your device doesn’t have a tactile " @@ -5200,46 +5201,46 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4528 +#: sssd.conf.5.xml:4530 msgid "interactive_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4530 +#: sssd.conf.5.xml:4532 msgid "to change the message of the interactive prompt." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4535 +#: sssd.conf.5.xml:4537 msgid "touch" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4537 +#: sssd.conf.5.xml:4539 msgid "" "boolean value, if True prompt a message to remind the user to touch the " "device." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:4543 +#: sssd.conf.5.xml:4545 msgid "touch_prompt" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4545 +#: sssd.conf.5.xml:4547 msgid "to change the message of the touch prompt." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:4514 +#: sssd.conf.5.xml:4516 msgid "" "to configure passkey authentication prompting, allowed options are: " "<placeholder type=\"variablelist\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4465 +#: sssd.conf.5.xml:4467 msgid "" "Each supported authentication method has its own configuration subsection " "under <quote>[prompting/...]</quote>. Currently there are: <placeholder " @@ -5248,7 +5249,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4556 +#: sssd.conf.5.xml:4558 msgid "" "It is possible to add a subsection for specific PAM services, e.g. " "<quote>[prompting/password/sshd]</quote> to individual change the prompting " @@ -5256,12 +5257,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:4563 pam_sss_gss.8.xml:157 idmap_sss.8.xml:43 +#: sssd.conf.5.xml:4565 pam_sss_gss.8.xml:157 idmap_sss.8.xml:43 msgid "EXAMPLES" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4569 +#: sssd.conf.5.xml:4571 #, no-wrap msgid "" "[sssd]\n" @@ -5291,7 +5292,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4565 +#: sssd.conf.5.xml:4567 msgid "" "1. The following example shows a typical SSSD config. It does not describe " "configuration of the domains themselves - refer to documentation on " @@ -5300,7 +5301,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4602 +#: sssd.conf.5.xml:4604 #, no-wrap msgid "" "[domain/ipa.com/child.ad.com]\n" @@ -5308,7 +5309,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4596 +#: sssd.conf.5.xml:4598 msgid "" "2. The following example shows configuration of IPA AD trust where the AD " "forest consists of two domains in a parent-child structure. Suppose IPA " @@ -5319,7 +5320,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:4613 +#: sssd.conf.5.xml:4615 #, no-wrap msgid "" "[certmap/my.domain/rule_name]\n" @@ -5330,7 +5331,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:4607 +#: sssd.conf.5.xml:4609 msgid "" "3. The following example shows the configuration of a certificate mapping " "rule. It is valid for the configured domain <quote>my.domain</quote> and " From 02d3f214ba5e95e228427594bfef4366fb38a635 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com> Date: Fri, 12 Jan 2024 13:05:40 +0100 Subject: [PATCH 268/280] Release sssd-2.9.4 --- version.m4 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/version.m4 b/version.m4 index ae324cc0184..d371e185813 100644 --- a/version.m4 +++ b/version.m4 @@ -1,5 +1,5 @@ # Primary version number -m4_define([VERSION_NUMBER], [2.9.3]) +m4_define([VERSION_NUMBER], [2.9.4]) # If the PRERELEASE_VERSION_NUMBER is set, we'll append # it to the release tag when creating an RPM or SRPM From b1e8c210c3eadedf8359d9650f4515e6565b5999 Mon Sep 17 00:00:00 2001 From: shridhargadekar <shridhar.always@gmail.com> Date: Sat, 13 Jan 2024 23:52:13 +0530 Subject: [PATCH 269/280] Test: Dropping the assertion of ssh from analyzer list minor edit Reviewed-by: Anuj Borah <aborah@redhat.com> (cherry picked from commit 2b222dd30f442d98bd1d9b308bdb60bf37a0b319) --- src/tests/multihost/alltests/test_sssctl_analyzer.py | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/src/tests/multihost/alltests/test_sssctl_analyzer.py b/src/tests/multihost/alltests/test_sssctl_analyzer.py index e2ed20770e5..8b1b0dd7716 100644 --- a/src/tests/multihost/alltests/test_sssctl_analyzer.py +++ b/src/tests/multihost/alltests/test_sssctl_analyzer.py @@ -138,8 +138,10 @@ def test_analyze_diff_log_location(self, multihost, backupsssdconf): assert pam_auth in stdout for act_op in ['list', 'list -v']: _, stdout = analyze(multihost, act_op, log_dir) - assert ' id' in stdout - assert 'sshd' in stdout or 'auditd' in stdout + assert 'id' in stdout + for act_op in ['list --pam', 'list -v --pam']: + _, stdout = analyze(multihost, act_op, log_dir) + assert 'sshd' in stdout @pytest.mark.converted('test_sssctl_analyze.py', 'test_sssctl_analyze__pam_logs') def test_analyze_pam_logs(self, multihost, backupsssdconf): From 9490f2565e6ccdc5368adbf40e34e72d717e0f7a Mon Sep 17 00:00:00 2001 From: Jakub Vavra <jvavra@redhat.com> Date: Fri, 12 Jan 2024 12:31:46 +0100 Subject: [PATCH 270/280] Tests: Add single retry for realm leave Reviewed-by: Shridhar Gadekar <sgadekar@redhat.com> (cherry picked from commit 684d18b4b6803e2e397d2c72f45cb860ef9c89bc) --- src/tests/multihost/sssd/testlib/common/utils.py | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/src/tests/multihost/sssd/testlib/common/utils.py b/src/tests/multihost/sssd/testlib/common/utils.py index f57787a1d3c..e90ef642e06 100644 --- a/src/tests/multihost/sssd/testlib/common/utils.py +++ b/src/tests/multihost/sssd/testlib/common/utils.py @@ -457,6 +457,11 @@ def realm_leave(self, domainname, raiseonerr=True): # joining again and the error in log is misleading. cmd = self.multihost.run_command( f'realm leave {domainname} -v', log_stdout=raiseonerr, raiseonerr=False) + if cmd.returncode != 0 and "realm: Couldn't connect to realm service" in cmd.stderr_text: + print("WARNING: realm leave timed out, retrying!") + self.service_ctrl('restart', 'realmd') + cmd = self.multihost.run_command( + f'realm leave {domainname} -v', log_stdout=raiseonerr, raiseonerr=False) if cmd.returncode != 0 and raiseonerr: raise SSSDException("Error: %s", cmd.stderr_text) elif cmd.returncode != 0: From bfcb2727552b0807e2a074d9bd2cc867c768639b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 1 Jan 2024 22:52:43 +0000 Subject: [PATCH 271/280] build(deps): bump actions/download-artifact from 3 to 4 Bumps [actions/download-artifact](https://github.com/actions/download-artifact) from 3 to 4. - [Release notes](https://github.com/actions/download-artifact/releases) - [Commits](https://github.com/actions/download-artifact/compare/v3...v4) Reviewed-by: Justin Stephenson <jstephen@redhat.com> (cherry picked from commit 3922f4d79b2b3ab0c77ec89989dece896df67274) --- .github/workflows/copr_build.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/copr_build.yml b/.github/workflows/copr_build.yml index 47f6b85ecbd..86d54682c9e 100644 --- a/.github/workflows/copr_build.yml +++ b/.github/workflows/copr_build.yml @@ -117,7 +117,7 @@ jobs: uses: actions/checkout@v4 - name: Downlooad source rpm - uses: actions/download-artifact@v3 + uses: actions/download-artifact@v4 with: name: ${{ needs.prepare.outputs.srpm }} path: . From 32390d0bd0417fe76caafa6f4df22b4894501dc3 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 1 Jan 2024 22:52:32 +0000 Subject: [PATCH 272/280] build(deps): bump github/codeql-action from 2 to 3 Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2 to 3. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/v2...v3) Reviewed-by: Justin Stephenson <jstephen@redhat.com> (cherry picked from commit f5f5d83f78544785fbd11d39133ceedcb9f59f5d) --- .github/workflows/static-code-analysis.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/static-code-analysis.yml b/.github/workflows/static-code-analysis.yml index ec27ed2fe34..9de7353cd33 100644 --- a/.github/workflows/static-code-analysis.yml +++ b/.github/workflows/static-code-analysis.yml @@ -24,7 +24,7 @@ jobs: uses: ./.github/actions/install-dependencies - name: Initialize CodeQL - uses: github/codeql-action/init@v2 + uses: github/codeql-action/init@v3 with: languages: cpp, python queries: +security-and-quality @@ -49,7 +49,7 @@ jobs: if-no-files-found: ignore - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v2 + uses: github/codeql-action/analyze@v3 python-system-tests: runs-on: ubuntu-latest From aa63f77770ce7390f708eefd2f855f5ed6822cee Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 1 Jan 2024 22:52:20 +0000 Subject: [PATCH 273/280] build(deps): bump actions/upload-artifact from 3 to 4 Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 3 to 4. - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/v3...v4) Reviewed-by: Justin Stephenson <jstephen@redhat.com> (cherry picked from commit 35ef26b627c8ec8737689ab4044fb6b2836e460f) --- .github/workflows/analyze-target.yml | 2 +- .github/workflows/ci.yml | 10 +++++----- .github/workflows/copr_build.yml | 2 +- .github/workflows/static-code-analysis.yml | 2 +- 4 files changed, 8 insertions(+), 8 deletions(-) diff --git a/.github/workflows/analyze-target.yml b/.github/workflows/analyze-target.yml index e452ea67c04..c185fa6f75c 100644 --- a/.github/workflows/analyze-target.yml +++ b/.github/workflows/analyze-target.yml @@ -76,7 +76,7 @@ jobs: - name: Upload artifacts if: always() - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 with: if-no-files-found: ignore name: covscan diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 4bef4504415..9b38ea62531 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -45,7 +45,7 @@ jobs: source ../contrib/fedora/bashrc_sssd make distcheck - - uses: actions/upload-artifact@v3 + - uses: actions/upload-artifact@v4 if: always() with: name: build @@ -115,7 +115,7 @@ jobs: - name: Upload main artifacts if: always() - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 with: if-no-files-found: ignore name: ${{ matrix.tag }}-intgcheck @@ -128,7 +128,7 @@ jobs: - name: Upload valgrind artifacts if: always() - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 with: if-no-files-found: ignore name: ${{ matrix.tag }}-intgcheck-valgrind @@ -238,7 +238,7 @@ jobs: - name: Upload artifacts if: always() - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 with: if-no-files-found: ignore name: ${{ matrix.tag }}-multihost @@ -401,7 +401,7 @@ jobs: - name: Upload artifacts if: always() - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 with: if-no-files-found: ignore name: ${{ matrix.tag }}-system diff --git a/.github/workflows/copr_build.yml b/.github/workflows/copr_build.yml index 86d54682c9e..e0b5ef35e4e 100644 --- a/.github/workflows/copr_build.yml +++ b/.github/workflows/copr_build.yml @@ -53,7 +53,7 @@ jobs: version: 9.${{ env.COPR_PROJECT }} - name: Upload source rpm as an artifact - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 with: name: ${{ steps.srpm.outputs.file }} path: ${{ steps.srpm.outputs.path }} diff --git a/.github/workflows/static-code-analysis.yml b/.github/workflows/static-code-analysis.yml index 9de7353cd33..d84a1237169 100644 --- a/.github/workflows/static-code-analysis.yml +++ b/.github/workflows/static-code-analysis.yml @@ -39,7 +39,7 @@ jobs: make -j$PROCESSORS - name: Upload configuration artifacts - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 if: always() with: name: codeql-build From 50077c3255177fe1b01837fbe31a7f8fd47dee74 Mon Sep 17 00:00:00 2001 From: Sumit Bose <sbose@redhat.com> Date: Thu, 18 Jan 2024 13:08:17 +0100 Subject: [PATCH 274/280] pam: fix SC auth with multiple certs and missing login name While introducing the local_auth_policy option a quite specific use-case was not covered correctly. If there are multiple matching certificates on the Smartcard, 'local_auth_policy = only' is set and GDM's Smartcard mode was used for login, i.e. there is no user name given and the user has to be derived from the certificate used for login, authentication failed. The main reason for the failure is that in this case the Smartcard interaction and the user mapping has to be done first to determine the user before local_auth_policy is evaluated. As a result when checking if the authentication can be finished the request was in an unexpected state because the indicator for local Smartcard authentication was not enabled. Resolves: https://github.com/SSSD/sssd/issues/7109 Reviewed-by: Justin Stephenson <jstephen@redhat.com> Reviewed-by: Scott Poore <spoore@redhat.com> (cherry picked from commit 44ec3e4638b0c6f7f45a3390a28c2e8745d52bc3) --- src/responder/pam/pamsrv.h | 10 ++++ src/responder/pam/pamsrv_cmd.c | 17 +++++-- src/tests/intg/Makefile.am | 2 + src/tests/intg/test_pam_responder.py | 74 +++++++++++++++++++++++++++- 4 files changed, 96 insertions(+), 7 deletions(-) diff --git a/src/responder/pam/pamsrv.h b/src/responder/pam/pamsrv.h index 7013a8edd66..61883618944 100644 --- a/src/responder/pam/pamsrv.h +++ b/src/responder/pam/pamsrv.h @@ -93,7 +93,17 @@ struct pam_auth_req { struct ldb_message *user_obj; struct cert_auth_info *cert_list; struct cert_auth_info *current_cert; + /* Switched to 'true' if the backend indicates that it cannot handle + * Smartcard authentication, but Smartcard authentication is + * possible and local Smartcard authentication is allowed. */ bool cert_auth_local; + /* Switched to 'true' if authentication (not pre-authentication) was + * started without a login name and the name had to be lookup up with the + * certificate used for authentication. Since reading the certificate from + * the Smartcard already involves the PIN validation in this case there + * would be no need for an additional Smartcard interaction if only local + * Smartcard authentication is possible. */ + bool initial_cert_auth_successful; bool passkey_data_exists; uint32_t client_id_num; diff --git a/src/responder/pam/pamsrv_cmd.c b/src/responder/pam/pamsrv_cmd.c index c23ea7ba417..a7c18173358 100644 --- a/src/responder/pam/pamsrv_cmd.c +++ b/src/responder/pam/pamsrv_cmd.c @@ -2200,8 +2200,8 @@ static void pam_forwarder_lookup_by_cert_done(struct tevent_req *req) ret = ENOENT; goto done; } - - if (cert_count > 1) { + /* Multiple certificates are only expected during pre-auth */ + if (cert_count > 1 && preq->pd->cmd == SSS_PAM_PREAUTH) { for (preq->current_cert = preq->cert_list; preq->current_cert != NULL; preq->current_cert = sss_cai_get_next(preq->current_cert)) { @@ -2285,7 +2285,9 @@ static void pam_forwarder_lookup_by_cert_done(struct tevent_req *req) } /* If logon_name was not given during authentication add a - * SSS_PAM_CERT_INFO message to send the name to the caller. */ + * SSS_PAM_CERT_INFO message to send the name to the caller. + * Additionally initial_cert_auth_successful is set to + * indicate that the user is already authenticated. */ if (preq->pd->cmd == SSS_PAM_AUTHENTICATE && preq->pd->logon_name == NULL) { ret = add_pam_cert_response(preq->pd, @@ -2297,6 +2299,8 @@ static void pam_forwarder_lookup_by_cert_done(struct tevent_req *req) preq->pd->pam_status = PAM_AUTHINFO_UNAVAIL; goto done; } + + preq->initial_cert_auth_successful = true; } /* cert_user will be returned to the PAM client as user name, so @@ -2851,12 +2855,15 @@ static void pam_dom_forwarder(struct pam_auth_req *preq) if (found) { if (local_policy != NULL && strcasecmp(local_policy, "only") == 0) { talloc_free(tmp_ctx); - DEBUG(SSSDBG_IMPORTANT_INFO, "Local auth only set, skipping online auth\n"); + DEBUG(SSSDBG_IMPORTANT_INFO, + "Local auth only set and matching certificate was found, " + "skipping online auth\n"); if (preq->pd->cmd == SSS_PAM_PREAUTH) { preq->pd->pam_status = PAM_SUCCESS; } else if (preq->pd->cmd == SSS_PAM_AUTHENTICATE && IS_SC_AUTHTOK(preq->pd->authtok) - && preq->cert_auth_local) { + && (preq->cert_auth_local + || preq->initial_cert_auth_successful)) { preq->pd->pam_status = PAM_SUCCESS; preq->callback = pam_reply; } diff --git a/src/tests/intg/Makefile.am b/src/tests/intg/Makefile.am index 3866d3ca63c..0cfd268dce7 100644 --- a/src/tests/intg/Makefile.am +++ b/src/tests/intg/Makefile.am @@ -199,6 +199,7 @@ clean-local: PAM_CERT_DB_PATH="$(abs_builddir)/../test_CA/SSSD_test_CA.pem" SOFTHSM2_CONF="$(abs_builddir)/../test_CA/softhsm2_one.conf" +SOFTHSM2_TWO_CONF="$(abs_builddir)/../test_CA/softhsm2_two.conf" intgcheck-installed: config.py passwd group pam_sss_service pam_sss_alt_service pam_sss_sc_required pam_sss_try_sc pam_sss_allow_missing_name pam_sss_domains sss_netgroup_thread_test pipepath="$(DESTDIR)$(pipepath)"; \ @@ -233,6 +234,7 @@ intgcheck-installed: config.py passwd group pam_sss_service pam_sss_alt_service PAM_CERT_DB_PATH=$(PAM_CERT_DB_PATH) \ ABS_SRCDIR=$(abs_srcdir) \ SOFTHSM2_CONF=$(SOFTHSM2_CONF) \ + SOFTHSM2_TWO_CONF=$(SOFTHSM2_TWO_CONF) \ KCM_RENEW=$(KCM_RENEW) \ FILES_PROVIDER=$(FILES_PROVIDER) \ DBUS_SOCK_DIR="$(DESTDIR)$(runstatedir)/dbus/" \ diff --git a/src/tests/intg/test_pam_responder.py b/src/tests/intg/test_pam_responder.py index 1fc3937e6f4..0fbf8065e49 100644 --- a/src/tests/intg/test_pam_responder.py +++ b/src/tests/intg/test_pam_responder.py @@ -168,7 +168,7 @@ def format_pam_cert_auth_conf(config, provider): {provider.p} [certmap/auth_only/user1] - matchrule = <SUBJECT>.*CN=SSSD test cert 0001.* + matchrule = <SUBJECT>.*CN=SSSD test cert 000[12].* """).format(**locals()) @@ -201,7 +201,7 @@ def format_pam_cert_auth_conf_name_format(config, provider): {provider.p} [certmap/auth_only/user1] - matchrule = <SUBJECT>.*CN=SSSD test cert 0001.* + matchrule = <SUBJECT>.*CN=SSSD test cert 000[12].* """).format(**locals()) @@ -380,6 +380,28 @@ def simple_pam_cert_auth_no_cert(request, passwd_ops_setup): return None +@pytest.fixture +def simple_pam_cert_auth_two_certs(request, passwd_ops_setup): + """Setup SSSD with pam_cert_auth=True""" + config.PAM_CERT_DB_PATH = os.environ['PAM_CERT_DB_PATH'] + + old_softhsm2_conf = os.environ['SOFTHSM2_CONF'] + softhsm2_two_conf = os.environ['SOFTHSM2_TWO_CONF'] + os.environ['SOFTHSM2_CONF'] = softhsm2_two_conf + + conf = format_pam_cert_auth_conf(config, provider_switch(request.param)) + create_conf_fixture(request, conf) + create_sssd_fixture(request) + + os.environ['SOFTHSM2_CONF'] = old_softhsm2_conf + + passwd_ops_setup.useradd(**USER1) + passwd_ops_setup.useradd(**USER2) + sync_files_provider(USER2['name']) + + return None + + @pytest.fixture def simple_pam_cert_auth_name_format(request, passwd_ops_setup): """Setup SSSD with pam_cert_auth=True and full_name_format""" @@ -522,6 +544,54 @@ def test_sc_auth(simple_pam_cert_auth, env_for_sssctl): assert err.find("pam_authenticate for user [user1]: Success") != -1 +@pytest.mark.parametrize('simple_pam_cert_auth_two_certs', provider_list(), indirect=True) +def test_sc_auth_two(simple_pam_cert_auth_two_certs, env_for_sssctl): + + sssctl = subprocess.Popen(["sssctl", "user-checks", "user1", + "--action=auth", "--service=pam_sss_service"], + universal_newlines=True, + env=env_for_sssctl, stdin=subprocess.PIPE, + stdout=subprocess.PIPE, stderr=subprocess.PIPE) + + try: + out, err = sssctl.communicate(input="2\n123456") + except Exception: + sssctl.kill() + out, err = sssctl.communicate() + + sssctl.stdin.close() + sssctl.stdout.close() + + if sssctl.wait() != 0: + raise Exception("sssctl failed") + + assert err.find("pam_authenticate for user [user1]: Success") != -1 + + +@pytest.mark.parametrize('simple_pam_cert_auth_two_certs', provider_list(), indirect=True) +def test_sc_auth_two_missing_name(simple_pam_cert_auth_two_certs, env_for_sssctl): + + sssctl = subprocess.Popen(["sssctl", "user-checks", "", + "--action=auth", "--service=pam_sss_allow_missing_name"], + universal_newlines=True, + env=env_for_sssctl, stdin=subprocess.PIPE, + stdout=subprocess.PIPE, stderr=subprocess.PIPE) + + try: + out, err = sssctl.communicate(input="2\n123456") + except Exception: + sssctl.kill() + out, err = sssctl.communicate() + + sssctl.stdin.close() + sssctl.stdout.close() + + if sssctl.wait() != 0: + raise Exception("sssctl failed") + + assert err.find("pam_authenticate for user [user1]: Success") != -1 + + @pytest.mark.parametrize('simple_pam_cert_auth', ['proxy_password'], indirect=True) def test_sc_proxy_password_fallback(simple_pam_cert_auth, env_for_sssctl): """ From 1815037472660174dea227077b109a1257da35f9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com> Date: Tue, 23 Jan 2024 13:22:58 +0100 Subject: [PATCH 275/280] krb5_child: fix order of calloc arguments ``` /shared/workspace/sssd/src/providers/krb5/krb5_child.c: In function _create_empty_cred_: /shared/workspace/sssd/src/providers/krb5/krb5_child.c:1317:26: error: _calloc_ sizes specified with _sizeof_ in the earlier argument and not in the later argument [-Werror=calloc-transposed-args] 1317 | cred = calloc(sizeof(krb5_creds), 1); | ^~~~~~~~~~ /shared/workspace/sssd/src/providers/krb5/krb5_child.c:1317:26: note: earlier argument should specify number of elements, later size of each element ``` Reviewed-by: Alexey Tikhonov <atikhono@redhat.com> (cherry picked from commit 7076c5bb2a8a8346a1094993179085a098bf67b6) --- src/providers/krb5/krb5_child.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/providers/krb5/krb5_child.c b/src/providers/krb5/krb5_child.c index 704f6508224..5c21c91516b 100644 --- a/src/providers/krb5/krb5_child.c +++ b/src/providers/krb5/krb5_child.c @@ -1314,7 +1314,7 @@ static krb5_error_code create_empty_cred(krb5_context ctx, krb5_principal princ, krb5_creds *cred = NULL; krb5_data *krb5_realm; - cred = calloc(sizeof(krb5_creds), 1); + cred = calloc(1, sizeof(krb5_creds)); if (cred == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, "calloc failed.\n"); return ENOMEM; From 33bb96feeee5d3d93cacc237b86464a99f1b4950 Mon Sep 17 00:00:00 2001 From: Andre Boscatto <andreboscatto@gmail.com> Date: Wed, 17 Jan 2024 21:26:03 +0100 Subject: [PATCH 276/280] man: improving documentation about username and email Resolves: https://github.com/SSSD/sssd/issues/7136 Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com> Reviewed-by: Justin Stephenson <jstephen@redhat.com> (cherry picked from commit b3124173d8b33b3cea275f1cc08e1a202d7ba72c) --- src/man/sssd-ldap-attributes.5.xml | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/src/man/sssd-ldap-attributes.5.xml b/src/man/sssd-ldap-attributes.5.xml index 5e0a32eeefc..7de32499b02 100644 --- a/src/man/sssd-ldap-attributes.5.xml +++ b/src/man/sssd-ldap-attributes.5.xml @@ -626,10 +626,12 @@ Note: If an email address of a user conflicts with an email address or fully qualified name of another user, then SSSD will not be able to serve those - users properly. If for some reason several users - need to share the same email address then set - this option to a nonexistent attribute name in - order to disable user lookup/login by email. + users properly. This option allows users to login by + (1) username, and (2) e-mail address. + If for some reason several users need to share + the same email address then set this option to + a nonexistent attribute name in order to disable + user lookup/login by email. </para> <para> Default: mail From 33cce2910dfea2aa2d7fb25efb502a2339c99bff Mon Sep 17 00:00:00 2001 From: Jakub Vavra <jvavra@redhat.com> Date: Tue, 23 Jan 2024 13:14:15 +0100 Subject: [PATCH 277/280] Tests: Set ciphers for kerberos MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Reviewed-by: Tomáš Halman <thalman@redhat.com> (cherry picked from commit 2fa6ec2cc6f33db28397859b1d901c41be3194fe) --- .../multihost/sssd/testlib/common/libkrb5.py | 15 ++++++++++----- src/tests/multihost/sssd/testlib/common/utils.py | 14 ++++++++++++++ 2 files changed, 24 insertions(+), 5 deletions(-) diff --git a/src/tests/multihost/sssd/testlib/common/libkrb5.py b/src/tests/multihost/sssd/testlib/common/libkrb5.py index 40fc4243736..5e8a838f753 100644 --- a/src/tests/multihost/sssd/testlib/common/libkrb5.py +++ b/src/tests/multihost/sssd/testlib/common/libkrb5.py @@ -33,17 +33,22 @@ def __init__(self, multihost, krb_realm=None): self.krb_acl_file = '%s/kadm5.acl' % (self.krb5_kdc_data_dir) self.admin_keytab = '%s/kadm5.keytab' % (self.krb5_kdc_data_dir) self.kdc_conf = '%s/kdc.conf' % (self.krb5_kdc_data_dir) + self.ciphers = "aes256-cts-hmac-sha384-192:normal "\ + "aes128-cts-hmac-sha256-128:normal "\ + "aes256-cts-hmac-sha1-96:normal "\ + "aes128-cts-hmac-sha1-96:normal" def _config_krb5kdc(self): """ Configure kdc.conf and kadm5.acl :param: None :return str: Return Kerberos kdc.conf file path """ - realm_def = """ { - acl_file = %s - admin_keytab = %s - } """ % (self.krb_acl_file, - self.admin_keytab) + + realm_def = f""" {{ + acl_file = {self.krb_acl_file} + admin_keytab = {self.admin_keytab} + supported_enctypes = {self.ciphers} + }}""" config = ConfigParser.RawConfigParser() config.optionxform = str config.add_section('kdcdefaults') diff --git a/src/tests/multihost/sssd/testlib/common/utils.py b/src/tests/multihost/sssd/testlib/common/utils.py index e90ef642e06..e400698fa26 100644 --- a/src/tests/multihost/sssd/testlib/common/utils.py +++ b/src/tests/multihost/sssd/testlib/common/utils.py @@ -882,6 +882,20 @@ def config_etckrb5(self, realm, krb5_server=None): "edwards25519") krb5config.set("libdefaults", "default_ccache_name", "KEYRING:persistent:%{uid}") + krb5config.set( + "libdefaults", "default_tgs_enctypes", + "aes256-cts-hmac-sha384-192 aes256-cts-hmac-sha1-96 " + "aes128-cts-hmac-sha256-128 aes128-cts-hmac-sha1-96 " + "aes256-cts des3-cbc-sha1 arcfour-hmac des-cbc-md5 " + "des-cbc-crc" + ) + krb5config.set( + "libdefaults", "default_tkt_enctypes", + "aes256-cts-hmac-sha384-192 aes256-cts-hmac-sha1-96 " + "aes128-cts-hmac-sha256-128 aes128-cts-hmac-sha1-96 " + "aes256-cts des3-cbc-sha1 arcfour-hmac des-cbc-md5 " + "des-cbc-crc" + ) krb5config.add_section("realms") krb5config.set("realms", "%s" % realm.upper(), realm_def) krb5config.add_section("domain_realm") From ae2f5e91fa8169c3d0676eba576a2425b719171f Mon Sep 17 00:00:00 2001 From: Jakub Vavra <jvavra@redhat.com> Date: Tue, 23 Jan 2024 14:24:07 +0100 Subject: [PATCH 278/280] Tests: Add pytest.ini with marker converted to basic suite Fix "PytestUnknownMarkWarning: Unknown pytest.mark.converted - is this a typo?" Reviewed-by: Scott Poore <spoore@redhat.com> (cherry picked from commit ef581c971e04c7e7698a2f402ba7b961ccee9892) --- src/tests/multihost/basic/pytest.ini | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 src/tests/multihost/basic/pytest.ini diff --git a/src/tests/multihost/basic/pytest.ini b/src/tests/multihost/basic/pytest.ini new file mode 100644 index 00000000000..d65ce07a35b --- /dev/null +++ b/src/tests/multihost/basic/pytest.ini @@ -0,0 +1,3 @@ +[pytest] +markers = + converted: Tests that are already converted to the new framework. From 28c41415acd21a617de808a340032ace8aa209cd Mon Sep 17 00:00:00 2001 From: Jakub Vavra <jvavra@redhat.com> Date: Wed, 24 Jan 2024 13:23:47 +0100 Subject: [PATCH 279/280] Tests: Fix OsError in test_kcm_debug_level_set Resolve "OSError: File '/var/log/sssd/sssd_kcm.log' could not be read" ba catching and handling this exception as well. Reviewed-by: Shridhar Gadekar <sgadekar@redhat.com> (cherry picked from commit 998503210b2644dda35091ce87531d3ee31a94b4) --- src/tests/multihost/basic/test_kcm.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/tests/multihost/basic/test_kcm.py b/src/tests/multihost/basic/test_kcm.py index 8f527f6b81d..53c34e6d5f0 100644 --- a/src/tests/multihost/basic/test_kcm.py +++ b/src/tests/multihost/basic/test_kcm.py @@ -39,7 +39,7 @@ def _kcm_log_length(self, multihost): try: multihost.master[0].transport.get_file(kcm_log_file, local_kcm_log_file) - except FileNotFoundError: + except (FileNotFoundError, OSError): return 0 nlines = sum(1 for line in open(local_kcm_log_file)) From 3d9aebc04bae9af73a87512f754a68665d10c421 Mon Sep 17 00:00:00 2001 From: lisa <liswang@redhat.com> Date: Thu, 25 Jan 2024 18:44:49 -0500 Subject: [PATCH 280/280] add ad tests --- src/tests/system/tests/test_identity.py | 41 ++++++++++++++++++++++++- 1 file changed, 40 insertions(+), 1 deletion(-) diff --git a/src/tests/system/tests/test_identity.py b/src/tests/system/tests/test_identity.py index f09d5bb61fd..164f5050602 100644 --- a/src/tests/system/tests/test_identity.py +++ b/src/tests/system/tests/test_identity.py @@ -8,7 +8,7 @@ import pytest from sssd_test_framework.roles.client import Client -from sssd_test_framework.roles.generic import GenericProvider +from sssd_test_framework.roles.generic import GenericProvider, GenericADProvider from sssd_test_framework.topology import KnownTopologyGroup @@ -476,3 +476,42 @@ def test_identity__lookup_users_fully_qualified_name_and_case_insensitive(client result = client.tools.id(name) assert result is not None, f"User {name} was not found using id" assert result.memberof([103, 1003]), f"User {name} is member of wrong groups" + + +@pytest.mark.importance("critical") +@pytest.mark.authentication +@pytest.mark.topology(KnownTopologyGroup.AnyAD) +def test_identity__lookup_user_posix_and_non_posix(client: Client, provider: GenericADProvider): + """ + :title: with ldap provider idmapping is disabled + :setup: + 1. Configure ldap_provider with idmapping disabled + :steps: + 1. Fetch non-posix users and groups information + 2. Fetch posix users and groups information + 3. Log in as a posix-user + :expectedresults: + 1. Non-posix user and group should not be returned + 2. POSIX user and group information should be returned + 3. POSIX user should be able to log in + :customerscenario: False + """ + + u1 = provider.user("posix_user").add(uid=10001, gid=20001, password="Secret123", + gecos='User for tests', + shell='/bin/bash') + provider.group("posix_group").add(gid=20001).add_member(u1) + + u2 = provider.user("nonposix_user").add(password="Secret123") + provider.group("nonposix_group").add().add_member(u2) + + client.sssd.domain["ldap_id_mapping"] = "false" + client.sssd.start() + + assert client.auth.ssh.password("posix_user", "Secret123"), 'ssh login failed for posix-user' + + assert client.tools.getent.group("posix_group"), 'posix-group is not returned by sssd' + assert client.tools.getent.passwd("posix_user"), 'posix-user is not returned by sssd' + + assert client.tools.getent.group("nonposix_group") is None, 'non-posix group is returned by sssd, it should not be' + assert client.tools.getent.passwd("nonposix_user") is None, 'non-posix user is returned by sssd, it should not be' \ No newline at end of file